8f43c229b1
Passing the Mdm::Task down the chain
...
when reporting hosts from an Mdm::Task we need to pass the task all
the way down. this wasnt done for the metasploit import format.
2014-04-25 11:15:39 -05:00
f94d1f6546
Refactors firefox js usage into a mixin.
2014-04-24 15:09:48 -05:00
e556997bf7
Land #3269 (Pro) fix report import issue
2014-04-24 08:27:06 -05:00
ec1f7d644c
Support deprecation information from constants
2014-04-23 23:03:02 -04:00
7d801e3acc
Land #3200 , goodbye LORCON modules :(
2014-04-18 12:32:22 -05:00
2ed7a739c3
New reports in new exports can now import
...
MSP-9783
* Extracted import_report from monstrous import_msf_collateral;
simplified and clarified approach
* Updated report_report: includes all attrs provided vs subset, provides
more helpful error message
* Added report_artifact: adds child artifact for reports, handles
various troublesome cases
* Tested on all report types with a legion of option variants
2014-04-16 15:15:47 -05:00
7a4e12976c
First little bit at Bug 8498
...
[FixRM #8489 ] rhost/rport modification
2014-04-15 18:20:16 -05:00
9db01770ec
Add custom rhost/rport, remove editorializing desc
...
Verification:
````
resource (./a.rc)> run
[*] Connecting to FTP server ....
[*] FTP recv: "220 ProFTPD 1.3.3a Server (My FTP server)
[*] Connected to target FTP server.
[*] Authenticating as anonymous with password mozilla@example.com...
[*] FTP send: "USER anonymous\r\n"
[*] FTP recv: "331 Anonymous login ok, send your complete email address
as your password\r\n"
````
...etc.
2014-04-14 21:46:05 -05:00
c537aebf0f
Land #3228 , JtR colon Seperation
2014-04-14 11:19:16 -05:00
91293fd0db
Allow vhost to be maybe opts['rhost']
...
This enables passing rhost and rport directly to send_request_cgi
without having to monkey with the datastore.
See #8498
2014-04-10 16:47:49 -05:00
3109f42a55
Merge release back into master
2014-04-11 15:07:16 -05:00
2f2692f4bf
Bump version to 4.9.2
2014-04-10 17:45:42 -05:00
80faaf86d8
Add a link to explain about unmet exploit requirements
2014-04-10 14:01:16 -05:00
95399b0de7
Don't try to be too helpful
...
John cares not one whit how many colons are in a hash line, only that
there are enough for the format (at least 2 for regular /etc/passwd, at
least 3 for NTLM, etc). So there is no simple way to programmatically
determine whether a password had a colon or there was just an extra on
the end of the original hash line.
[MSP-9778]
See #2515
2014-04-09 19:24:26 -05:00
062175128b
Update @Meatballs and @FireFart in authors.rb
2014-04-09 10:46:10 -05:00
ae3ead6ef9
Land #2107 Post Enum Domain Users
2014-04-09 11:32:12 +01:00
eab938c7b4
Get rid of requires, too
2014-04-07 16:39:19 -05:00
17ddbccc34
Remove the broken lorcon module set
...
None of the lorcon / lorcon2 modules have been functional for a long
time, due to the lack of a "Lorcon" gem. It's unclear where it went.
I'm happy to include it and get these working again, but until someone
comes up with some functional code (hint: 'gem install' doesn't work) I
don't see any reason to keep shipping these.
Is there some trick people are doing to make these work? As far as I can
see, they are broken by default.
````
msf auxiliary(wifun) > show options
Module options (auxiliary/dos/wifi/wifun):
Name Current Setting Required Description
---- --------------- -------- -----------
CHANNEL 11 yes The initial channel
DRIVER autodetect yes The name of the wireless driver
for lorcon
INTERFACE wlan0 yes The name of the wireless
interface
msf auxiliary(wifun) > run
[*] The Lorcon2 module is not available: cannot load such file --
Lorcon2
[-] Auxiliary failed: RuntimeError Lorcon2 not available
[-] Call stack:
[-]
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/lorcon2.rb:67:in
`open_wifi'
[-]
/home/todb/git/rapid7/metasploit-framework/modules/auxiliary/dos/wifi/wifun.rb:29:in
`run'
[*] Auxiliary module execution completed
````
2014-04-07 16:37:10 -05:00
4bf6481242
Added regex option to validate options
2014-04-02 23:51:33 +02:00
577bd7c855
Land #3146 , @wchen-r7's flash version detection code
2014-04-02 15:13:41 -05:00
a71fcaeefd
add comments on change description call
2014-04-02 20:33:09 +01:00
bc4cb3febf
Add DCERPC catch exception
2014-04-02 20:33:09 +01:00
4a575d57ab
Try to fix Meatballs1 suggestions : optional service_description change call
2014-04-02 20:33:09 +01:00
5334f2657e
Fix a bug for backwards compatibility
2014-04-02 20:33:08 +01:00
631a7b9c48
Adapt to new psexec mixin (first try :D)
2014-04-02 20:33:08 +01:00
5a448d9f2d
Fix ActiveRecord::ConnectionNotEstablished
...
[SeeRM #8780 ]
2014-04-02 00:54:39 -05:00
8fd4f50081
Fix NameError for "r" in Msf::Auxiliary::Nmap
...
Wasn't in scope.
2014-04-01 17:35:20 -05:00
f9a7cfaa67
Land #3168 , EICAR payload encoding
2014-04-01 09:17:10 -05:00
42c7b85b86
Don't EICAR every time. That would be bad.
2014-04-01 09:05:55 -05:00
07ab05c870
Update a comment
2014-03-28 15:20:45 -05:00
4b7f85e47d
Adobe Flash support in BES
2014-03-28 15:14:58 -05:00
196e07c5b1
Touch up the EICAR stuff
2014-03-28 11:45:28 -05:00
da6a428bbf
Modify libs to support explib2
2014-03-28 10:44:52 -05:00
6c36d14be1
Land #3118 , fix java payloads for msfvenom
2014-03-25 15:38:21 -05:00
85c0c8bb70
Add support to detect mshtml build
...
Some IE vulns are build-specific, in that case we need a way to
detect the build version. On IE9 and newer, the build version is
the same as the one you see in WinDBG when you do lmv m mshtml.
On IE8, it returns something else I don't know.
2014-03-25 03:31:08 -05:00
8b2ee4eb8c
Disable BLANK_PASSWORDS and USER_AS_PASS
...
They're as obnoxious as DB_ALL_* when enabled by default.
2014-03-24 15:51:35 -05:00
13f5c22536
Land #3129 - Fix 2782 with 2961 and stop stack-tracing download_exec
2014-03-21 11:36:59 -05:00
0a141f1c02
Land #2810 , masked password format switcheroo
2014-03-20 15:12:12 -05:00
c4a9b4fda0
Land #3128 , Put loot in correct workspace
2014-03-20 14:11:17 -05:00
4d3f871e9d
Land #2961 , get_env and get_envs Post mixin
...
This unbreaks the changes introduced by #2782 by introducing
get_env and get_envs for shell sessions (not just meterpreter sessions).
2014-03-20 10:53:50 -05:00
dd4b16ad60
Remove some dead code
2014-03-20 09:38:14 -05:00
dc85a99fbd
report_loot now sets proper Mdm::Workspace
...
* Uses an Mdm::Workspace when passed one in conf hash
2014-03-20 09:27:09 -05:00
33ca577010
Zip Workspace imports now working.
...
MSP-9531
* Was trying to delete XML file, not sure why, running into permission
error
* General clarification and cleanup
2014-03-19 22:53:15 -05:00
cc4c958d58
Merge remote-tracking branch 'metasploit-framework/master' into masked-cred-format-update
2014-03-19 15:47:46 -05:00
130474fdfd
Fix java payload generation
...
jsp payloads are java but do not generate JARs
also we were not merging datastore options in properly
2014-03-18 13:41:27 -05:00
da0c37cee2
Land #2684 , Meatballs PSExec refactor
2014-03-14 13:01:20 -05:00
6e37493471
Land #3091 - native shellcode payloads from a FF privileged js shell
2014-03-13 13:36:37 -05:00
db036e44ad
Use RdlCopyMemory from Kernel32.
2014-03-13 11:05:58 -05:00
7ead04414c
Land #3024 - Allow encoder Compat options
2014-03-13 10:59:40 -05:00
851fca2107
Add posix fork() call before running code.
2014-03-12 02:56:26 -05:00
7afcb6aee8
Add CreateThread wrapper for windows.
2014-03-12 02:49:09 -05:00
ce0c5380a5
Kill stray //.
2014-03-12 02:20:49 -05:00
9bdf570763
All working now. In-memory meterpreter even.
2014-03-12 02:19:28 -05:00
b431bf3da9
Land #3052 - Fix nil error in BES
2014-03-11 12:51:03 -05:00
b45524ecdd
generate cert @ payload/dalvik.rb
2014-03-10 21:50:00 -05:00
99cc94e6fc
moving string_sub() to payload/dalvik.rb
2014-03-10 21:49:59 -05:00
c07f390382
Add CookieExpiration option, add trailing slash to URI.
2014-03-10 13:07:17 -05:00
311d4665ce
Re-use CreateService Handle
...
and remove unused variable
2014-03-06 21:37:49 +00:00
05067b4e33
Oops. Need to init the profile before accessed.
2014-03-06 11:48:54 -06:00
ad592fd114
Remove unnecessary method.
2014-03-05 23:36:43 -06:00
a792f85a5f
Fix re-initialize bug.
2014-03-05 23:27:04 -06:00
096d6ad951
Land #3055 , heapLib2 integration
2014-03-05 15:48:13 -06:00
a1aef92652
Land #2431 - In-memory bypass uac
2014-03-05 11:15:54 +10:00
5790547d34
Start undoing some work.
2014-03-04 17:01:53 -06:00
72c6b995de
adjust timeout for shadowcopy
...
WMIC defaults to 10 sec timeout but shadowcopy
often needs longer.
2014-03-04 10:18:59 -06:00
e452b81fb1
style changes as suggested by @jlee-r7
2014-03-04 08:49:52 +02:00
3360f7004d
Update form_post vars, add Expires to cookie.
2014-03-03 23:29:02 -06:00
43715eeb7f
Blame @OJ
...
He changed the clipboard API underneat me.
2014-03-03 22:06:05 +00:00
32d83887d3
Merge remote-tracking branch 'upstream/master' into wmic_post
2014-03-03 21:56:31 +00:00
ee1209b7fb
This should work
2014-03-03 11:53:51 -06:00
894d16af80
Add specs for new/returning/previous visitors.
2014-03-02 20:50:10 -06:00
6825fd2486
Whitespace tweaks and cleanup.
2014-03-02 19:57:48 -06:00
46f27289ed
Reorganizes form_post into separate file.
2014-03-02 19:55:21 -06:00
785a35a81a
Needed to kill objToQuery.
2014-03-02 19:48:55 -06:00
e8226f9d40
Use a keyed cookie. Moves AJAX call to a form post.
2014-03-02 19:47:24 -06:00
26db845438
Try to pthread_create. Fails.
2014-03-02 18:02:23 -06:00
8cf5c3b97e
Add heaplib2
...
[SeeRM #8769 ] Add heapLib2 for browser exploitation
2014-03-02 11:47:18 -06:00
ac446d3b3f
Land #3043 - randomization for Rex::Zip::Jar and java_signed_applet
2014-02-28 14:10:55 -06:00
fd1586ee6a
Land #2515 , plaintext creds fix for John
...
[FixRM #8481 ]
2014-02-28 09:53:47 -06:00
f66709b5bb
make bypassuac module clean itself up
...
since the IO redirection hangs our original process
we have the moudle wait for the session then kills
the spawning process and delete the exe we dropped
2014-02-27 12:54:40 -06:00
6c490af75e
Add randomization to Rex::Zip::Jar and java_signed_applet
2014-02-27 12:38:52 -06:00
d358fe5f94
Merge branch 'payload_defaults'
2014-02-26 10:28:46 -06:00
f51cbfffb8
minor fix to payload generator
...
was passing platform string instead of the
platform lsit when formatting the payload
2014-02-25 15:51:06 -06:00
d0780cd1a2
Land #3010 - EXITFUNC as OptEnum
2014-02-24 11:07:10 -06:00
c760d37703
use the actual shellcode length.
2014-02-24 09:55:44 -06:00
9fd635d645
Favor \! vs == false
2014-02-24 08:47:25 -06:00
2a6258be15
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
external/source/exploits/make.bat
2014-02-28 20:26:24 +00:00
5a7730b495
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
2014-02-25 23:15:47 +00:00
8bdb22aeb9
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
lib/msf/core/post/windows.rb
2014-02-25 22:15:05 +00:00
bbacaa477e
Add missing require
2014-02-25 22:08:27 +00:00
8af992e083
Use same coding style
2014-02-21 16:02:27 -06:00
0c44cc5ae4
Allow Exploits to provide Encoder Compat options
2014-02-21 15:49:39 -06:00
0179faa66f
Fix yardoc for Post::Windows::LDAP
...
Also fix some style issues and warnings.
2014-02-21 13:25:11 -06:00
0b5e617236
Land #3016 lsanchez-r7's send_message mod to return info
2014-02-19 17:01:06 -06:00
c0cdea37f7
Initialize send_status at the function's start
2014-02-19 16:54:29 -06:00
f7a483523c
changing the initial state from false to nil
2014-02-19 16:45:00 -06:00
212ebb568c
EXITFUNC option should be an OptEnum.
2014-02-19 03:06:15 -06:00
50fb9b247e
Restructure some of the exploit methods.
2014-02-19 02:31:22 -06:00
4ca4d82d89
Land #2939 , @Meatballs1 exploit for Wikimedia RCE and a lot more...
2014-02-18 17:48:02 -06:00
e4aedfad43
Fixup netapi call
2014-02-18 23:30:29 +00:00
lsanchez-r7
joev
Trevor Rosen
Spencer McIntyre
William Vu
Samuel Huckins
sinn3r
Tod Beardsley
David Maloney
Brandon Turner
James Lee
Meatballs
Christian Mehlmauer
jvazquez-r7
agix
agix
Trevor Rosen
AnwarMohamed
OJ
Etienne Stalmans