Commit Graph

12083 Commits (2471e8bc8ca891d2aff82be45fdcfcfe64a33322)

Author SHA1 Message Date
Metasploit 48410f3ab2
Bump version of framework to 4.12.13 2016-07-08 10:01:58 -07:00
Metasploit 82e092c2df
Bump version of framework to 4.12.12 2016-07-05 14:57:43 -07:00
James Lee 1164c025a2 Revert "Land #7009, egypt's rubyntlm cleanup"
This reverts commit d90f0779f8, reversing
changes made to e3e360cc83.
2016-07-05 15:22:44 -05:00
William Vu 6e7f07f0f3 Fix off-by-one error in #6954
Props to @egypt for noticing. My bad. :-)
2016-07-05 11:12:12 -05:00
David Maloney 7f341336b2
Land #7067, bcook's rex tools fix
this pr fixes rex requires in the various tools that were
disrupted by the new gemification of rex
2016-07-05 10:34:59 -05:00
David Maloney 85937ab839
require new gems inside rex.rb
have the root rex namespace require the new rex gems
to prevent broken requires when things greedily require all of rex
2016-07-05 10:33:45 -05:00
Metasploit 054ac5ac19
Bump version of framework to 4.12.11 2016-07-05 07:49:37 -07:00
Brendan e29d5b9efe
Land #6954, Fix the available size of payload for exploit/.../payload_inject 2016-07-05 07:38:27 -07:00
Brent Cook 5dc7d4b16e
Land #7043, Fix-up double slash handling with the LURI parameter 2016-07-05 01:21:33 -05:00
Brent Cook 85dfec0cf5 minor whitespace 2016-07-05 01:20:54 -05:00
Brent Cook 58e37931c5
Land #7040, Decrease chance of an error when exiting a interactive shell 2016-07-05 01:15:39 -05:00
OJ ef322ab9aa
Land #7066 - revert #6581 as it causes a regression 2016-07-05 16:05:48 +10:00
Brent Cook 4b77de2174
Land #7030, Ensure 'show options' reflects correct values 2016-07-05 00:48:46 -05:00
Brent Cook b9891aab27
Land #7007, Added JCL header data to mainframe payload module 2016-07-05 00:22:20 -05:00
Brent Cook 9b4028d2d7
Revert #6581, it causes regressions
We need a more clever solution without breaking HttpUnknownRequestResponse.
2016-07-05 00:11:15 -05:00
William Webb 2e97a08954
Land #7046, Pad host field in notes -d command 2016-07-01 10:14:45 -05:00
William Webb 02d40eb576
Land #7044, Pass exploit SRVPORT in BrowserAutopwn2 2016-07-01 09:49:05 -05:00
William Vu 4b01213fb5 Rewrite the logic to be positive
unless is the devil. unless/else doubly so.
2016-07-01 09:15:42 -05:00
William Vu 6e1b6e96a9
Land #7032, rm -rf lib/rex/encoders
Dead code!
2016-06-30 16:32:14 -05:00
William Vu f0cd25dcee
Land #7035, lib/sshkey* swap to gem 2016-06-30 16:25:27 -05:00
William Vu 343f4010bd Prefer newer hash syntax 2016-06-30 15:43:06 -05:00
wchen-r7 dbcdc300e5 Fix #7019, Pad host field in notes -d command
The notes -d command is always expecting a host address, but
fileformat exploits don't have this type of information when the
exploit file is generated, therefore there isn't enough fields
provided for Rex table.

Fix #7019
2016-06-30 15:38:58 -05:00
wchen-r7 118caa13bf Fix #7021, Pass exploit SRVPORT in BrowserAutopwn2
In BrowserAutoPwn2, the mixin forgets to pass the SRVPORT datastore
option to the exploits, so they always use the default 8080. As a
result, if a different SRVPORT is set, BAP2 would be serving the
target machine with bad exploit links.

Fix #7021
2016-06-30 14:20:53 -05:00
HD Moore 23399326c2 Fix up double slashes, tweak syntax 2016-06-30 12:56:29 -05:00
ssyy201506 0a85f1d233 Fix an error when exiting a interactive shell 2016-06-30 16:19:10 +09:00
Pearce Barry 5e39f895cf Fix exception on msf 'db_export' cmd (see #7008)
Users reported (in GitHub issue #7008) hitting an exception when attempting to export the contents of the msf database (i.e. workspaces, hosts, events, etc.) via the 'db_export' command.  After some digging, it appears there were a few ActiveRecord changes with the new Rails upgrade that require a couple mods to the way we are querying.
2016-06-29 16:02:31 -05:00
David Maloney 80563b2c0f
Merge branch 'master' into feature/MS-1700/sshkey-gem 2016-06-29 09:44:57 -05:00
David Maloney 2dba09a9ce
unvendor sshkey gem
use the actual maintained gem rather than our vendored
copy

MS-1700
2016-06-28 16:10:48 -05:00
David Maloney dcddd2d671
use the bit-struct gem
removed vendored copy of bit-struct and use the gem
instead

MS-1699
2016-06-28 15:58:47 -05:00
David Maloney 356f4fd54d
delete deprecated lib/rex/encoders
this directory is all dead code and has been replaced with
the lib/rex/encoder directory. these files should have been
purge a long time ago for cleanlieness

MS-1692
2016-06-28 14:43:39 -05:00
David Maloney 0a83b34a85
Land #7025, dev's PR for rex-java
lands the pr for moving Rex::Java into it's own gem
2016-06-28 14:40:02 -05:00
David Maloney d90f0779f8
Land #7009, egypt's rubyntlm cleanup
Land egypt's PR to replace all of our NTLM code with
the rubyntlm gem
2016-06-28 14:15:34 -05:00
David Maloney 97f9ca4028
Merge branch 'master' into egypt/ruby-ntlm 2016-06-28 14:14:56 -05:00
Metasploit e3e360cc83
Bump version of framework to 4.12.10 2016-06-28 12:13:26 -07:00
Louis Sato d5d0b9e9b8 Revert "Land #6729, Speed up the datastore"
This reverts commit c6b1955a5a, reversing
changes made to 4fb7472391.
2016-06-28 13:39:52 -05:00
Pearce Barry 0660880332 Ensure 'show options' reflects correct values.
Small fix here to ensure that, even when boolean 'option' variables have a default value of 'true', that their current value is correctly reflected via the 'show options' command.  This change should play fine with all other option variable types, I believe.

Current behavior:

```
msf > use auxiliary/gather/darkcomet_filedownloader
msf auxiliary(darkcomet_filedownloader) > show options

Module options (auxiliary/gather/darkcomet_filedownloader):

   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   BRUTETIMEOUT  1                no        Timeout (in seconds) for bruteforce attempts
   KEY                            no        DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)
   LHOST         0.0.0.0          yes       This is our IP (as it appears to the DarkComet C2 server)
   NEWVERSION    true             no        Set to true if DarkComet version >= 5.1, set to false if version < 5.1
   RHOST         0.0.0.0          yes       The target address
   RPORT         1604             yes       The target port
   STORE_LOOT    true             no        Store file in loot (will simply output file to console if set to false).
   TARGETFILE                     no        Target file to download (assumes password is set)

msf auxiliary(darkcomet_filedownloader) > set STORE_LOOT false
STORE_LOOT => false
msf auxiliary(darkcomet_filedownloader) > get STORE_LOOT
STORE_LOOT => false
msf auxiliary(darkcomet_filedownloader) > set NEW_VERSION false
NEW_VERSION => false
msf auxiliary(darkcomet_filedownloader) > get NEW_VERSION
NEW_VERSION => false
msf auxiliary(darkcomet_filedownloader) > show options

Module options (auxiliary/gather/darkcomet_filedownloader):

   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   BRUTETIMEOUT  1                no        Timeout (in seconds) for bruteforce attempts
   KEY                            no        DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)
   LHOST         0.0.0.0          yes       This is our IP (as it appears to the DarkComet C2 server)
   NEWVERSION    true             no        Set to true if DarkComet version >= 5.1, set to false if version < 5.1
   RHOST         0.0.0.0          yes       The target address
   RPORT         1604             yes       The target port
   STORE_LOOT    true             no        Store file in loot (will simply output file to console if set to false).
   TARGETFILE                     no        Target file to download (assumes password is set)
```

New behavior with this change:

```
msf > use auxiliary/gather/darkcomet_filedownloader
msf auxiliary(darkcomet_filedownloader) > show options

Module options (auxiliary/gather/darkcomet_filedownloader):

   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   BRUTETIMEOUT  1                no        Timeout (in seconds) for bruteforce attempts
   KEY                            no        DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)
   LHOST         0.0.0.0          yes       This is our IP (as it appears to the DarkComet C2 server)
   NEWVERSION    true             no        Set to true if DarkComet version >= 5.1, set to false if version < 5.1
   RHOST         0.0.0.0          yes       The target address
   RPORT         1604             yes       The target port
   STORE_LOOT    true             no        Store file in loot (will simply output file to console if set to false).
   TARGETFILE                     no        Target file to download (assumes password is set)

msf auxiliary(darkcomet_filedownloader) > set STORE_LOOT false
STORE_LOOT => false
msf auxiliary(darkcomet_filedownloader) > get STORE_LOOT
STORE_LOOT => false
msf auxiliary(darkcomet_filedownloader) > set NEWVERSION false
NEWVERSION => false
msf auxiliary(darkcomet_filedownloader) > get NEWVERSION
NEWVERSION => false
msf auxiliary(darkcomet_filedownloader) > show options

Module options (auxiliary/gather/darkcomet_filedownloader):

   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   BRUTETIMEOUT  1                no        Timeout (in seconds) for bruteforce attempts
   KEY                            no        DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)
   LHOST         0.0.0.0          yes       This is our IP (as it appears to the DarkComet C2 server)
   NEWVERSION    false            no        Set to true if DarkComet version >= 5.1, set to false if version < 5.1
   RHOST         0.0.0.0          yes       The target address
   RPORT         1604             yes       The target port
   STORE_LOOT    false            no        Store file in loot (will simply output file to console if set to false).
   TARGETFILE                     no        Target file to download (assumes password is set)
```
2016-06-28 13:12:34 -05:00
dmohanty-r7 c2f3d411c3
Replace rex/java with rex-java gem 2016-06-27 14:52:49 -05:00
Metasploit fd07da3519
Bump version of framework to 4.12.9 2016-06-27 11:54:04 -07:00
James Lee 058115c21f
Land #7015, sdavis' swagger exploit 2016-06-24 16:13:51 -05:00
James Lee 5d4cc7ab40
Add nodejs to list of defaults 2016-06-24 16:06:50 -05:00
James Lee 0126ec61d8
Style 2016-06-22 10:15:23 -05:00
James Lee b3f59ebd19
Whitespace 2016-06-22 10:15:23 -05:00
James Lee 07f7e5e148
Convert non-loginscanner MSSQL to rubyntlm 2016-06-22 10:15:22 -05:00
James Lee 4b3f6c5d29
Use rubyntlm for mssql login scanner 2016-06-22 10:15:22 -05:00
James Lee 039e8f5899
Use rubyntlm for HTTP Negotiate auth 2016-06-22 10:15:22 -05:00
James Lee c2a063c8ae
Start using rubyntlm for ssp auth 2016-06-22 10:15:16 -05:00
David Maloney 1e053c110a
Merge branch 'master' into feature/rex-cleanup/first-gems 2016-06-22 09:20:44 -05:00
Bigendian Smalls 3842753ce4
Added JCL header data to mainframe payload module
Currently any existing and future JCL payload has to have a 'job card'
basically data that defines the job to z/OS.  It has information about
the job's owner, place it will run, output creation, etc.  All JCL
shares the same job card format.  As such, creating a shared payload
method that allows this text to be imported into any JCL payload.
Additionally, that job card is now parameterized, allowing the
exploit/payload user to edit these job card values-as this may be needed
in order to run the job sucessfully on any given system.

This PR sets up the mf module - next PRs will update the existing
payloads to use this module.
2016-06-21 22:06:44 -05:00
David Maloney 69e2d05a5d
rip out old rex code and replace with gems
rex-text, rex-random_identifier, rex-powershell, rex-zip, and rex-registry
are now being pulled in as gems instead of part of the spgehtti code that is lib/rex
2016-06-21 13:56:36 -05:00
wchen-r7 129b449355 Add Msf::Util::EXE.to_zip
This adds a new method in Msf::Util::EXE to be able to create a
zip file with an array of binary data.
2016-06-20 13:36:59 -05:00