c6bbc5bccf
Merge branch 'landing-4055' into upstream-master
2014-10-28 11:18:20 -05:00
4251ad199e
Change killing back to stopping
...
Got a little excited with the copypasta, I guess.
2014-10-28 05:49:30 -05:00
5547890002
Add support for sessions -d ranges
2014-10-28 03:07:46 -05:00
36c85b7150
Add support for jobs -k ranges
2014-10-28 03:01:53 -05:00
d8cf45ef67
Allow FTP server exploits pick a PASV port
...
This makes it somewhat easier to use FTP server exploit modules in
somewhat more restrictive networks, where you might only have a few
inbound ports to choose from.
2014-10-27 22:21:54 -05:00
7d34452448
TCP and TCPServer should use TLS1 by default
2014-10-27 15:55:50 -05:00
1508be6254
Fix whitespace in lib/msf/ui/banner.rb for #4073
2014-10-27 14:49:44 -05:00
7f66d18cfd
Clean up whitespace a bit
2014-10-27 14:49:27 -05:00
626cd55b5e
Land #4073 , improved banner selection
2014-10-27 14:20:10 -05:00
aba25cb28c
Make RPC creds work again
2014-10-26 15:50:40 -05:00
13b6f1cf48
Syntax changes
2014-10-25 09:39:15 -05:00
c1a61e3b4e
Support an MSFLOGO env var and logo enumeration
2014-10-24 13:07:28 -04:00
a9e52437f0
fixes inverted EICAR corruption logic
2014-10-24 10:27:13 -05:00
82f41d56a6
Add [user_]logos_directory to Msf::Config
2014-10-24 10:52:05 -04:00
3b8067e9a2
fixes refactor error in msf/util/exe
2014-10-23 22:15:19 -05:00
34f29f218c
really resolve merge conflicts
2014-10-23 21:51:33 -05:00
bf63d85e5c
fixes merge conflicts msfpayload & exe
2014-10-23 21:43:46 -05:00
7cb4320a76
Land #3561 - unix cmd generic_sh encoder
2014-10-23 15:48:00 -05:00
2a6a8245cf
Allow killing multiple specific sessions
2014-10-23 05:56:26 -05:00
f19b093529
cleans & DRYs exploit/exe & util/exe & msfpayload
2014-10-23 01:10:38 -05:00
7f7f257426
fix session.shell_upgrade after #3401
2014-10-22 21:22:10 +01:00
22fc6496ac
Merge branch 'pr/3401' into landing-3401
2014-10-22 19:23:01 +01:00
79d393c5aa
Resolve merge conflicts
...
Conflicts:
lib/msf/core/exploit/smb.rb
lib/msf/core/exploit/tcp.rb
modules/auxiliary/scanner/http/axis_login.rb
2014-10-21 13:06:35 -05:00
9dfbbbde7d
Add missing require
...
MSP-11145
2014-10-21 09:39:31 -05:00
85f48a3fb2
Land #3738 , SMBServer file descriptor updates
2014-10-20 12:40:43 -05:00
935a23296d
Updates to NAT-PMP, lands #4041
2014-10-20 11:26:26 -05:00
ce40c1152a
Land #4014 , msfconsole spinnerz
2014-10-17 16:25:31 -05:00
080ea3e56a
Merge branch 'staging/great-backport' into feature/MSP-11126/msf-module-reorg
...
MSP-11126
2014-10-17 14:28:13 -05:00
06fbbf7001
Fully-qualified Msf::NormalRanking in Msf::Module::Ranking
...
MSP-11126
Needed due to loss of `Msf` lexical scope.
2014-10-17 13:58:57 -05:00
43354774e1
Fully qualified Msf::RankingName in Msf::Module::Ranking
...
MSP-11126
To compensate for loss of `Msf` lexical scope.
2014-10-17 13:43:51 -05:00
ae45c1b9d3
Msf::Module::Rank -> Msf::Module::Ranking
...
MSP-11126
So that mixin module won't appear as Rank constant that Msf::Module
subclasses are supposed to define.
2014-10-17 13:39:53 -05:00
a431bff13f
@wvu-r7 is a skilled negotiator. s/stdout/stderr/
2014-10-17 13:13:44 -05:00
a6a2886faa
Fully-qualify Msf::OptionContainer references
...
MSP-11126
2014-10-17 13:09:27 -05:00
112b5988f2
Add missing autoload to fix loading on travis-ci
...
MSP-11126
`Msf::Module::Failure` fails to load on travis-ci probably due to a load
order difference, so add `:Failure` to autoloads in `Msf::Module`.
2014-10-17 13:05:59 -05:00
0c00c7cc50
Fully-qualifiy Msf::MODULE_TYPES constants
...
MSP-11126
Fully-qualify `Msf::MODULE_TYPES`, `Msf::MODULE_ANY`,
Msf::MODULE_ENCODER`, `Msf::MODULE_EXPLOIT`, `Msf::MODULE_NOP`,
`Msf::MODULE_AUX`, `Msf::MODULE_PAYLOAD`, `Msf::MODULE_POST` so that
their usage isn't dependent on nested lexical scoping.
2014-10-17 12:43:40 -05:00
200d64040d
Fully-qualify Msf::ServiceState
...
MSP-11152
Replace unqualified `ServiceState` with `Msf::ServiceState`.
2014-10-17 11:58:11 -05:00
172afd180a
Extract Msf::Module::Privileged
...
MSP-11126
2014-10-17 11:45:03 -05:00
cbae9be5b5
Extract Msf::Module::UUID
...
MSP-11126
2014-10-17 11:31:56 -05:00
a59e635913
Extract Msf::Module::Author
...
MSP-11126
2014-10-17 11:17:12 -05:00
9f32cbd476
Use :: to force top-level constant resolution
...
MSP-11152
When `Msf::DBManager::Import::MetasploitFramework` is included in
`Msf::DBManager::Import`, it's child namespace of
`Msf::DBManager::Import::MetasploitFramework::Zip becomes resolvable as
`Zip` in `Msf::DBManager::Import` methods, so need to use `::Zip` to
cause `Zip` to be resolved from rubyzip gem.
2014-10-17 10:15:59 -05:00
13923a8ca5
Fully-qualify Msf::DBImportError
...
MSP-11152
Constant was unqualified in some of the reorganized Msf::DBManager code
because that code was take advantage of the old nested lexical scope
that included `Msf`.
2014-10-17 09:29:01 -05:00
e822920298
Msf::Module::Author -> Msf::Author
...
MSP-11126
`Msf::Module::Author` was already aliased to `Msf::Author`. This just
moved `Msf::Module::Author` to that alias to free up
`Msf::Module::Author` so it can be used for a concern for
`Msf::Module`'s author methods.
2014-10-17 08:59:54 -05:00
b5039c3817
Extract Msf::Module::Network
...
MSP-11126
2014-10-16 15:51:59 -05:00
2e538bd72d
Extract Msf::Module::Search
...
MSP-11126
2014-10-16 15:27:54 -05:00
7743fdb2f9
Extract Msf::Module::FullName
...
MSP-11126
2014-10-16 15:24:59 -05:00
8fdae8fbfb
Move protocol and lifetime to mixin, use correct map_target if CHOST
2014-10-16 13:24:17 -07:00
0e53548c82
Extract Msf::Target
...
MSP-11126
2014-10-16 15:13:18 -05:00
e5cc456be7
Extract Msf::Platform
...
MSP-11126
2014-10-16 15:11:59 -05:00
27c006a8f9
Extract Msf::SiteReference
...
MSP-11126
2014-10-16 15:09:55 -05:00
9981271e2a
extract Msf::Reference
...
MSP-11126
2014-10-16 15:03:21 -05:00
c8730ca55b
Extract Msf::Author
...
MSP-11126
2014-10-16 14:59:15 -05:00
fe5ffa9cec
Standardize on autoload over require
...
MSP-11126
Standardize on autoload to prevent trying to use colliding names for
included Module with Modules/Classes just under the namespace.
2014-10-16 14:58:08 -05:00
d5c7a50e86
Extract Msf::Module::Rank
...
MSP-11126
2014-10-16 14:39:33 -05:00
e6f442697b
Extract Msf::Module::Type
...
MSP-11126
2014-10-16 14:23:21 -05:00
e418f98d45
arch -> Msf::Module::Arch
...
MSP-11126
2014-10-16 13:21:11 -05:00
44b2e5e35c
Extract Msf::Module::Arch
...
MSP-11126
2014-10-16 13:14:56 -05:00
31c93e9dbc
Extract Msf::Module::ModuleInfo
...
MSP-11126
2014-10-16 13:01:42 -05:00
c503e8a3d8
Merge branch 'landing/4026' into upstream-master
...
Land #4026
* db.rb (DBManager) now in multiple files
* Cucumber coverage for DB-related msfconsole commands
2014-10-16 11:52:57 -05:00
f9caa4d25e
Extract Msf::Module::Options
...
MSP-11126
Methods for registering, derigsterings, and validating options.
2014-10-16 11:14:42 -05:00
c50cb2eb8a
Extract Msf::Module::UI::*::Verbose and shared examples
...
MSP-11126
2014-10-16 10:05:45 -05:00
a9a6f0c5f9
Extract Msf::Module::UI::Line
...
MSP-11126
2014-10-16 09:50:07 -05:00
bc2bd99698
Extract Msf::Module::UI::Message
...
MSP-11126
2014-10-16 09:39:30 -05:00
f5d09f735e
Extract Msf::Module::Compatibility
...
MSP-11126
2014-10-16 09:14:57 -05:00
85169d5e8d
Extract Msf::Module::DataStore
...
MSP-11126
2014-10-16 09:03:23 -05:00
f068d669d6
Extract Msf::Module::ModuleStore
...
MSP-11126
2014-10-16 09:03:07 -05:00
370daaed5e
Extract Msf::Module::Failure
...
MSP-11126
Move `Msf::Module::Failure` to a file of its own.
2014-10-16 09:02:55 -05:00
62be638258
Add 'Auto' to tcp.rb as well.
2014-10-15 16:01:42 -05:00
3a9c2f95c9
Add magic encoding to new files
2014-10-15 14:23:34 -05:00
2986031db5
Move SMBServer into its own file
2014-10-15 14:22:23 -05:00
1064488ada
Whitespace
2014-10-15 14:21:39 -05:00
9456506e3d
Merge branch 'master' into feature/MSP-11124/msf-dbmanager-reorg
...
MSP-11124
2014-10-15 14:08:55 -05:00
1f7ad1cac9
unserialize_object -> Msf::DBManager::Import::MetasploitFramework
...
MSP-11124
2014-10-15 14:03:18 -05:00
bed98fe43b
nils_for_nulls -> Msf::DBManager::Import::MetasploitFramework
...
MSP-11124
2014-10-15 13:59:03 -05:00
ac30990177
Move libpcap helpers to Libpcap module
...
MSP-11124
2014-10-15 13:55:24 -05:00
7aed88f11b
Extract Msf::DBManager::Import::Report
...
MSP-11124
2014-10-15 13:51:57 -05:00
e5e051c905
Extract Msf::DBManager::Import::Wapiti
...
MSP-11124
2014-10-15 13:42:54 -05:00
e65a386d3d
Extract Msf::DBManager::Import::Spiceworks
...
MSP-11124
2014-10-15 13:37:35 -05:00
a762d871bf
Autonegotiate SSL/TLS versions when not explicit
2014-10-15 13:26:40 -05:00
dfe690ac52
Extract Msf::DBManager::Import::Retina
...
MSP-11124
2014-10-15 13:23:12 -05:00
8af280b1cb
Extract Msf::DBManager::Import::Outpost24
...
MSP-11124
2014-10-15 13:16:11 -05:00
eff95221da
Order methods
...
MSP-11124
2014-10-15 13:14:20 -05:00
cf555e2390
Extract Msf::DBManager::Import::OpenVAS
...
MSP-11124
2014-10-15 13:11:49 -05:00
5d6044786a
Extract Msf::DBManager::Import::Nmap
...
MSP-11124
2014-10-15 13:06:28 -05:00
cf3a3a0d65
Move nexpose requires to appropriate module
...
MSP-11124
2014-10-15 12:54:30 -05:00
16f143c2ed
Extract Msf::DBManager::Import::Nikto
...
MSP-11124
2014-10-15 12:51:16 -05:00
e64a14c748
Extract Msf::DBManager::Import::Nexpose::Simple
...
MSP-11124
2014-10-15 12:40:04 -05:00
c4d1a4c7dc
Revert #4022 , as the solution is incomplete
...
Revert "Land 4022, datastore should default TLS1 vs SSL3"
This reverts commit 4c8662c6c10937f32ff9
2014-10-15 12:32:08 -05:00
2b861f91e9
Extract Msf::DBManager::Import::Nexpose::Raw
...
MSP-11124
2014-10-15 11:59:03 -05:00
c371eab26a
Extract Msf::DBManager::Import::Netsparker
...
MSP-11124
2014-10-15 11:46:38 -05:00
a73b0e2283
Move requires for nessus parses to appropriate module
...
MSP-11124
2014-10-15 11:42:00 -05:00
b43035145d
Move nessus helper function to closest module
...
MSP-11124
2014-10-15 11:39:23 -05:00
aae6dc9066
Extract Msf::DBManager::Import::Nessus::XML::V*
...
MSP-11124
Extract different versions of Nessus XML format.
2014-10-15 11:34:37 -05:00
a0494b2eeb
Extract Msf::DBManager::Import::Nessus::XML
...
MSP-11124
2014-10-15 11:27:23 -05:00
0c861848bc
Extract Msf::DBManager::Import::Nessus::NBE
...
MSP-11124
2014-10-15 11:21:26 -05:00
d0d0c478aa
Extract Msf::DBManager::Import::MetasploitFramework::Credential
...
MSP-11124
2014-10-15 11:12:13 -05:00
46a2c47dfe
Extract Msf::DBManager::Import::MetasploitFramework::Zip
...
MSP-11124
2014-10-15 10:59:41 -05:00
1754b23ffb
Datastore options should default to TLS1, not SSL3
...
Otherwise, we risk getting our connections killed by particularly
aggressive DPI devices (IPS, firewalls, etc)
Squashed commit of the following:
commit 5e203851d5c9dce1fe984b106ce3031a3653e54b
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Wed Oct 15 10:19:04 2014 -0500
Whoops missed one
commit 477b15a08e06e74d725f1c45486b37e4b403e3c2
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Wed Oct 15 10:16:59 2014 -0500
Other datastore options also want TLS1 as default
commit 8d397bd9b500ff6a8462170b4c39849228494795
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Wed Oct 15 10:12:06 2014 -0500
TCP datastore opts default to TLS1
Old encryption is old. See also: POODLE
2014-10-15 10:28:53 -05:00
65885c8cc8
MsfXml -> MetasploitFramework::XML
...
MSP-11124
2014-10-15 10:25:42 -05:00
ac9a593b43
import_msf_file -> Msf::DBManager::Import::MsfXml
...
MSP-11124
2014-10-15 10:02:42 -05:00
d870188377
Extract Msf::DBManager::Import::MBSA
...
MSP-11124
2014-10-15 09:54:03 -05:00
f29408680f
Extract Msf::DBManager::Import::Libpcap
...
MSP-11124
2014-10-15 09:48:23 -05:00
44968400e9
Extract Msf::DBManager::Import::IPList
...
MSP-11124
2014-10-15 09:42:11 -05:00
e5236e9b56
Extract Msf::DBManager::Import::FusionVM
...
MSP-11124
2014-10-15 09:36:29 -05:00
2e85dc910a
Extracts Msf::DBManager::Import::Foundstone
...
MSP-11124
2014-10-15 09:27:53 -05:00
68a1ebd2fb
Extract Msf::DBManager::Import::CI
...
MSP-11124
2014-10-15 09:23:08 -05:00
8d628c221b
Extract Msf::DBManager::Import::Burp
...
MSP-11124
2014-10-15 09:16:57 -05:00
f42307a6ff
Extract Msf::DBManager::Import::Appscan
...
MSP-11124
2014-10-15 09:12:38 -05:00
dcac8a45ee
Extract Msf::DBManager::Import::Amap
...
MSP-11124
2014-10-15 09:06:03 -05:00
07f2d4dafe
Further improvements to NAT-PMP. Faster, more useful, less not useful
2014-10-15 06:39:38 -07:00
6cf62765de
Default to TLSv1 for RPC connections
2014-10-15 01:20:43 -05:00
5434996969
Move TcpServer into its own file
2014-10-14 18:43:40 -05:00
a00d039796
Move require for IP360 XML parser
...
MSP-11124
2014-10-14 16:18:47 -05:00
599bcc33a9
Extract Msf::DBManager::Import::IP360::V3
...
MSP-11124
2014-10-14 16:16:47 -05:00
e68aaa4226
Don't disclose empty disclosure dates
...
For rapid7#4015
2014-10-14 16:02:23 -05:00
81c18c96ee
Extract Msf::DBManager::Import::IP260::ASPL
...
MSP-11124
2014-10-14 15:58:43 -05:00
6c0f549abb
Extract Msf::DBManager::Import::Acunetix
...
MSP-11124
2014-10-14 15:40:29 -05:00
0c10b5a859
Extract #handle_qualys to Msf::DBManager::Import::Qualys
...
MSP-11124
2014-10-14 15:32:22 -05:00
11bcac8a4e
Extract Msf::DBManager::Import::Qualys::Scan
...
MSP-11124
2014-10-14 15:19:55 -05:00
f612c8cd3e
Add disclosure date to info
2014-10-14 15:15:24 -05:00
fdd79e64c3
Land #4010 , ReverseAllowProxy clarification
2014-10-14 15:10:50 -05:00
bf0a5d038e
Add an animation to comfort the user
...
Sometimes msfconsole takes a little while to start.
This adds a fairly common ASCII spinner to the startup sequence.
I haven't spec'ed it, and the code organization isn't great, so consider
this PR more of a cry for help than something immediately landable.
That said, it works for me.
2014-10-14 14:54:45 -05:00
5c4f61057f
Show available actions for info
2014-10-14 12:41:02 -05:00
70d1eefaa9
Update reverse_tcp.rb
...
As I am using a exploit that does a check on the Server HTTP headers to identify the target I saw an error message that reads like this:
>The target server fingerprint "" does not match "(?-mix:(Jetty|JBoss))", use 'set FingerprintCheck false' to disable this check.
Then, while using a HTTP proxy to analyse the requests I am presented with an error that tells me to set another internal option to override a default behaviour. Although it should be pretty clear to everyone using the metasploit framework, I think it is more convenient if all error messages have the same format/way to present suggestions, in this case, presenting the full command the user needs to introduce in order to carry on with the execution of the exploit.
2014-10-14 11:24:59 +01:00
1f49f767dc
Extract Msf::DBManager::Import::Qualys::Asset
...
MSP-11124
2014-10-13 16:06:15 -05:00
a7d1577494
ImportMsfXml -> Import::MsfXml
...
MSP-11124
2014-10-13 15:46:13 -05:00
87825d40b1
Fix migration.rb loading
...
MSP-11124
2014-10-13 15:39:15 -05:00
b8ea44235b
Remove nesting in Msf::DBManager::ImportMsfXml
...
MSP-11124
Don't use nested modules to prevent Msf::DBManager::ImportMsfXml from
being the declaring location for Msf::DBManager.
2014-10-13 15:37:16 -05:00
ef04261686
Fix indentation in Msf::DBManager
...
MSP-11124
2014-10-13 15:26:19 -05:00
c6ea3a3880
Distribute requires to where they are needed
...
MSP-11124
Push requires down to the Msf::DBManager mixins that actually need them.
2014-10-13 15:24:56 -05:00
4371254dd2
Reorder remaining code in Msf::DBManager
...
MSP-11124
2014-10-13 15:13:28 -05:00
2dd925c18c
Move add_rails_engine_migration_paths to Msf::DBManager::Migration
...
MSP-11124
2014-10-13 15:01:14 -05:00
1dfaba1884
Remove nesting in Msf::DBManager::Migration
...
MSP-11124
To prevent migration.rb as counting as the definer of `Msf::DBManager`.
2014-10-13 14:56:08 -05:00
bc4d2ff152
Extract Msf::DBManager::Adapter
...
MSP-11124
Extract methods related to setting up the adapter/driver(s).
2014-10-13 14:49:26 -05:00
930b020211
Extract Msf::DBManager::Connection
...
MSP-11124
Extract methods that connect, disconnect and show status of connection
to database.
2014-10-13 12:07:13 -05:00
f472411c8c
Extract Msf::DBManager::Web
...
MSP-11124
Extract `Mdm::Web*` methods.
2014-10-13 11:59:39 -05:00
5067e43ac1
Extract Msf::DBManager::VulnAttempt
...
MSP-11124
Extract `Mdm::VulnAttempt` methods.
2014-10-13 11:32:15 -05:00
e7e12ec6a5
Extract Msf::DBManager::Route
...
MSP-11124
Extract `Mdm::Route` methods.
2014-10-13 11:23:37 -05:00
8011187aa9
Extract Msf::DBManager::SessionEvent
...
MSP-11124
Extract `Mdm::SessionEvent` methods.
2014-10-13 11:13:39 -05:00
1f86712d63
Extract Msf::DBManager::HostTag
...
MSP-11124
Extract `Mdm::HostTag` method.
2014-10-13 11:00:36 -05:00
1811d4e58f
Extract Msf::DBManager::Session
...
MSP-11124
Extract methods related to `Mdm::Session`s.
2014-10-13 10:50:11 -05:00
f16b3f05b4
Extract Msf::DBManager::HostDetail
...
MSP-11124
Extract method related to `Mdm::HostDetail`s.
2014-10-13 10:15:14 -05:00
87ee06b792
Extract Msf::DBManager::Ref
...
MSP-11124
Extract methods related to `Mdm::Ref`s.
2014-10-13 10:06:37 -05:00
5668a2820e
Move #report_artifact to Msf::DBManager::Report
...
MSP-11124
2014-10-13 10:00:19 -05:00
43c9909636
Extract Msf::DBManager::VulnDetail
...
MSP-11124
Extract methods related to `Mdm::VulnDetail`s.
2014-10-13 09:54:38 -05:00
f42f8e106a
Extract Msf::DBManager::ExploitAttempt
...
MSP-11124
Extract methods that create `Mdm::ExploitAttempt`s.
2014-10-13 09:41:32 -05:00
e0f76a7517
Extract Msf::DBManager::Task
...
MSP-11124
Extract methods related to `Mdm::Task`s.
2014-10-13 09:28:48 -05:00
90b50339c3
Extract Msf::DBManager::Report
...
MSP-11124
Extract methods related to the obsolete `Mdm::Report`. These methods
should be deleted, but since this branch is just for moves, I won't
delete them now.
2014-10-13 09:19:39 -05:00
9632c83cde
Extract Msf::DBManager::Event
...
MSP-11124
Extract methods related to `Mdm::Event`s.
2014-10-13 09:05:10 -05:00
89d588272e
Extract Msf::DBManager::Client
...
MSP-11124
Extract methods related to `Mdm::Client`s.
2014-10-13 08:27:09 -05:00
458da2bca4
Land #3988 , @wchen-r7's fix for #3985 , a lack of logging for 'check'
2014-10-12 18:46:35 -07:00
96be53dcf1
Land #3962 - Show selected action
2014-10-12 14:02:40 -05:00
a04ad3aa8c
Update print_error to reflect new usage
2014-10-10 14:38:26 -05:00
26743b4c38
Rewrite existing code to use HasActions
...
And fix a bug in the initial use case where mod.action was dropped.
2014-10-10 14:35:54 -05:00
7e7e0259e4
Fix tab completion for post actions
2014-10-10 12:24:23 -05:00
238a30a769
Update print_error to include post modules
2014-10-10 12:12:43 -05:00
48d2343152
Fix #3985 - check command should elog
2014-10-10 01:06:37 -05:00
08aee23966
Extract Msf::DBManager::Vuln
...
MSP-11124
Extract all methods related to `Mdm::Vuln`s from `Msf::DBManager`.
2014-10-09 15:47:34 -05:00
2fa02f5c44
Extract Msf::DBManager::Note
...
Extract all methods related to `Mdm::Note`s.
2014-10-09 15:29:07 -05:00
0bc71ecd24
Extract Msf::DBManager::Loot
...
MSP-11124
2014-10-09 15:15:40 -05:00
cb9bdd96c7
Extract Msf::DBManager::Import
...
MSP-11124
Extract all methods dealing with imports.
2014-10-09 14:51:24 -05:00
d18dcf5961
Extract Msf::DBManager::ExploitedHost
...
MSP-11124
Extract methods related to `Mdm::ExploitedHost`s.
2014-10-09 12:54:04 -05:00
ceba04d556
Extract Msf::DBManager::Cred
...
MSP-11124
Extract methods related to `Mdm::Cred`s.
2014-10-09 11:41:04 -05:00
0284edf430
Extract Msf::DBManager::Service
...
MSP-11124
Extract methods related to `Mdm::Service`s.
2014-10-09 11:31:29 -05:00
0cfac32290
Extract Msf::DBManager::Host
...
MSP-11124
Extract methods related to `Mdm::Host`s.
2014-10-09 11:11:36 -05:00
bb26f4f303
Extract Msf::DBManager::Wmap
...
MSP-11124
Extract methods that are commented as related to WMAP.
2014-10-09 10:13:34 -05:00
b0147c994a
Extract Msf::DBManager::IPAddress
...
MSP-11124
Extract the IP address validation methods to
`Msf::DBManager::IPAddress`.
2014-10-09 09:35:19 -05:00
3a96ae9be9
Move #match_values to Msf::DBManager::ModuleCache
...
MSP-11124
`#match_values` is only used in `#search_modules`, so `#match_values`
should be grouped with `#search_modules` in
`Msf::DBManager::ModuleCache`.
2014-10-09 09:18:03 -05:00
d4a94366a6
Extract Msf::DBManager::ModuleCache
...
MSP-11124
Extract methods related to the module cache state and maintenance to
`Msf::DBManager::ModuleCache`.
2014-10-09 08:53:41 -05:00
ee0de997d5
Extract Msf::DBManager::Workspace
...
MSP-11124
Gather together all workspace related methods into
`Msf::DBManager::Workspace` and include it in `Msf::DBManager`.
2014-10-08 15:46:35 -05:00
a64036f6cf
Move Msf::DBManager#sync to Msf::DBManager::Sink
...
MSP-11124
The comment on `#sync` says it's related to `sink`, so move it into its
Module.
2014-10-08 15:38:56 -05:00
a054259ee5
Extract Msf::DBManager::Sink
...
MSP-11124
Extract attributes and methods associated with the deprecated sink.
2014-10-08 15:26:28 -05:00
1d766ba95b
Rename dump_auxiliary_action{,s}
...
To dump_module_action{,s} to accommodate post modules, etc.
2014-10-08 14:49:14 -05:00
f30309fe81
Land #3919 , @wchen-r7's Fixes #3914 , Inconsistent unicode names
2014-10-08 14:46:14 -05:00
f6a9cfcc52
Break away the elsif into a separate if
...
In case exploits support actions for some crazy reason in the future.
2014-10-08 14:30:41 -05:00
15f9461279
Merge db.rb into db_manager.rb
...
MSP-11124
The class name is DBManager, so the correct file name is db_manager.rb
2014-10-08 14:27:22 -05:00
cffc74d571
Extract Msf::DBImportError
...
MSP-11124
2014-10-08 14:14:35 -05:00
b2ba6e7ae1
Make the code more maintainable
...
Despite the code around it.
Thanks for the advice, @jlee-r7!
2014-10-08 14:14:28 -05:00
7a5ce19735
Fix code style
...
MSP-11124
Fix comment style and order methods.
2014-10-08 14:07:05 -05:00
6824515949
Fix indentation and whitespace in Msf::DatabaseEvent
...
MSP-11124
2014-10-08 14:04:21 -05:00
2206a86387
Extract Msf::DatabaseEvent
...
MSP-11124
Extract `Msf::DatabaseEvent` from `lib/msf/core/db.rb` into a more
conventional `lib/msf/core/database_event.rb`.
2014-10-08 14:01:58 -05:00
dbc199ad77
space after commas
2014-10-08 13:56:59 -05:00
6b3d70ce00
Fix code style in Msf::ServiceState
...
MSP-11124
2014-10-08 13:52:42 -05:00
46156fbbc6
Fix indentation in Msf::ServiceState
...
MSP-11124
2014-10-08 13:50:26 -05:00
57d9dc306c
Extract Msf::ServiceState
...
MSP-11124
Extract Msf::ServiceState from `lib/msf/core/db.rb` and put it into
`lib/msf/core/service_state.rb`.
2014-10-08 13:45:15 -05:00
c0ef2c7938
Support post modules
...
I kinda hate this code.
TODO: Get rid of and/or and the extra parens.
2014-10-08 13:23:50 -05:00
0708ac1361
Fix comment style in Msf::HostState
...
MSP-11124
2014-10-08 11:47:04 -05:00
5ecd194a0d
Fix indent in Msf::HostState
...
MSP-11124
2014-10-08 11:43:28 -05:00
6e6780da86
Split Msf::HostState into own file
...
MSP-11124
2014-10-08 11:37:59 -05:00
a8b5bf4625
Show selected auxiliary action
2014-10-07 14:34:41 -05:00
0ec855cd07
Add debug log for ARCH_CMD encoder results
2014-10-06 22:34:09 -05:00
260e829a59
Fix PayloadGenerator to have platform into account, so msfvenom works as expected
2014-10-06 19:20:59 -05:00
0089810026
Merge to update
2014-10-06 19:09:31 -05:00
3329aa68ad
Fix baffling comment
...
See 9d759146
2014-10-06 18:55:52 -05:00
212762e1d6
Delete RequiredCmd for unix cmd encoders, favor EncoderType
2014-10-06 18:42:21 -05:00
e9f341fd6c
Rename to more intention-revealing name
2014-10-06 16:33:21 -05:00
41e41e2f49
Fix typo that caused encoding to ignore saved regs
2014-10-06 16:24:50 -05:00
17f278effd
Fix #3822 - Support file:// syntax for check()
2014-10-06 13:37:14 -05:00
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
097d2bfbb5
Land #3922 : Metasploit Park banner
2014-10-03 16:32:56 -05:00
d048bb7725
Add some color to the msfpark banner
...
It looks kind of naked without some color compared to all the other
banners.
2014-10-03 14:52:54 -05:00
f7e709dcb3
Land #3941 , new WPVDB reference
2014-10-03 10:17:02 -05:00
f45b89503d
change WPVULNDBID to WPVDB
2014-10-03 17:13:18 +02:00
6d7870a4ac
Land #3934 - New :vuln_test option to BES
2014-10-02 16:31:50 -05:00
33b37727c7
Added wpvulndb links
2014-10-02 23:03:31 +02:00
6571213f1c
Remove un-truthy doc string.
2014-10-01 23:41:02 -05:00
5a8eca8946
Adds a :vuln_test option to BES, just like in BAP.
...
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.
This commit also does some mild refactoring of un-
useful behavior in BES.
2014-10-01 23:34:31 -05:00
b1b8cba4c5
Rescue an IOError on channel double-close.
...
This was causing output from python meterpreter
commands run on OSX to be discarded when the error
was raised, making cmd_exec not-so-useful.
2014-10-01 22:35:41 -05:00
5cb016c1b1
Use Match constant in BES as well
2014-10-01 16:17:13 -05:00
a75d47aad9
Use yardoc for new methods
...
Also substitute '&&' for 'and', and fix some whitespace
2014-10-01 16:02:33 -05:00
6d07dffa6c
Fix a typo that was preventing WAR deletion
...
I made a typo while refactoring jboss_deploymentfilerepository. This
typo was preventing the WAR payload to be removed after its execution.
2014-10-01 18:04:21 +02:00
909ac522d1
Add metasploit-park.txt banner to msfconsole
...
Obviously a homage to Jurassic Park. :)
2014-09-30 16:28:23 -05:00
1e2d860ae1
Fix #3914 - Inconsistent unicode names
2014-09-30 12:19:27 -05:00
47507e1ff1
Slight modifications to pass msftidy
2014-09-29 23:59:12 +02:00
9e5826c4eb
Land #3844 - Add the JSObfu mixin to Firefox exploits
2014-09-29 11:15:14 -05:00
8fa666b75d
Verbose messages on why a connection is closed
2014-09-28 17:41:21 -07:00
7125a9f047
Added YARD doc to the mixin
...
Also make a slight correction on jboss_deployementfilerepository.rb to
handle nil responses.
2014-09-28 19:44:37 +02:00
d5959d6bd6
Land #2585 , Refactor Bypassuac with Runas Mixin
2014-09-28 09:24:22 +01:00
e14dd9900b
Land #3896 , Change Max LOGLEVEL to 3
2014-09-28 09:18:29 +01:00
67c25c20ca
Land #3357 , Run Local Exploits in AutoRunScript
2014-09-28 09:12:26 +01:00
3fc57109e6
Dont rescue Exception
2014-09-28 09:12:03 +01:00
ae82ebc734
Change max LogLevel to 3
...
There is no such thing as a LogLevel 5.
2014-09-26 14:20:47 -05:00
a31b4ecad9
Merge branch 'review_3893' into test_land_3893
2014-09-26 08:41:43 -05:00
86f85a356d
Add DHCP server module for CVE-2014-6271
2014-09-26 01:24:42 -05:00
bdac82bc7c
Fix lib/msf/core/exploit/dhcp.rb
2014-09-25 22:18:26 -03:00
2b02174999
Yank Android->jsobfu integration. Not really needed currently.
2014-09-25 16:00:37 -05:00
b96a7ed1d0
Install a global object in firefox payloads, bump jsobfu.
2014-09-24 16:05:00 -05:00
02d202dd44
Refactor Jboss mixin
...
Use send_request_cgi and vars_get
rand_text_alpha -> Rex::Text.rand_text_alpha
2014-09-24 22:41:58 +02:00
919eec250d
Refactor auto_target from Jboss mixin
...
Removed fail_with and targets from the mixin.
2014-09-24 22:15:32 +02:00
5d234c0e01
Pass #send in this so jsobfu is not confused.
2014-09-24 15:07:14 -05:00
650b65250f
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2014-09-22 11:51:10 -07:00
4e9f1282de
Land #3834 , @jabra-'s updates to UDPscanner to support spoofing
2014-09-22 11:49:53 -07:00
e86b18cdd4
Add sanity check for NUM_REQUESTS
2014-09-22 11:48:39 -07:00
f61afe2598
Merge branch 'master' into bug/MSP-11368/boot-profiling
...
MSP-11368
2014-09-22 10:00:07 -05:00
ebacb26e51
Land #3838 , msfvenom badchar fix
2014-09-22 03:08:57 -05:00
d9e6f2896f
Add the JSObfu mixin to a lot of places.
2014-09-21 23:45:59 -05:00
e1cfc74c32
Move jsobfu to a mixin
2014-09-21 00:39:04 -05:00
cd037466a6
upate doc
2014-09-20 23:40:47 -05:00
9191af6241
Update js_obfuscate
2014-09-20 23:38:35 -05:00
a9420befa4
Default to 0
2014-09-20 21:39:20 -05:00
046045c608
Chagne option description
2014-09-20 21:38:57 -05:00
fd5aee02d7
Update js_obfuscate
2014-09-20 21:36:17 -05:00
7bab825224
Last changes
2014-09-20 18:39:09 -05:00
135bed254d
Update BrowserExploitServer for JSObfu
2014-09-20 17:59:36 -05:00
d9a713b415
Decode the badchars string correctly.
2014-09-20 17:48:03 -05:00
cd8b1318e0
send data based on input not @probe
2014-09-20 15:18:58 -04:00
3fb00ece9e
refactored the code based on PR feedback
2014-09-20 14:10:00 -04:00
5884cbc196
Optimize skip logic in #update_all_module_details
...
MSP-11368
Use `Hash<String, Set<String>>` instead of `Array<(String, String)>` so
that `include?` call is faster because (1) it's only search through
reference names of the same module_type and (2) `Set#include?` is faster
than `Array#include?`. This change is a 8.20% average reduction in boot
time compare to b863978028b5c3c87790https://docs.google.com/spreadsheets/d/1TnZIUFIR1S5nCnkeM-7XR3AVSbyCl39x2mItJKJCOqg/edit?usp=sharing
and data at
https://drive.google.com/folderview?id=0Bx1hRHfpRW92VEFvQ2FaN3RoWWs&usp=drive_web
2014-09-19 15:34:10 -05:00
8b5a146067
Wrap Array#include? usage
...
MSP-11368
Wrap skipped.include? call to confirm it is the culprit for
Array#include? inside of with_connection in profile.
2014-09-19 14:38:12 -05:00
c216cf8c53
added spoofing capabilities to udp_scanner
2014-09-19 10:29:05 -04:00
b863978028
Remove fastlib
...
MSP-11368
MSP-11143
Remove fastlib as it slows down the code loading process. From the
previous commit, the mean loading for
`METASPLOIT_FRAMEWORK_PROFILE=true msfconsole -q -x exit` was
27.9530±0.3485 seconds (N=10). The mean after removal of fastlib
was 17.9820±0.6497 seconds (N=10). This means an average 35.67%
reduction in boot time.
2014-09-18 15:24:21 -05:00
29eb3ebf86
Fix up the StageEncodingFallback logic and error handling
2014-09-15 21:56:35 -05:00
9cbc7e46a3
Fix suggested stuff
...
https://github.com/hmoore-r7/metasploit-framework/pull/2
2014-09-15 09:47:06 +02:00
c71428be50
Choose fallback if stage encoding fail
2014-09-13 13:56:54 +02:00
2977e8e102
Add msfcli (M)issing
2014-09-12 10:25:13 -05:00
425874315c
Add show missing
2014-09-12 10:23:12 -05:00
7485d9172a
Rescue only NoEncodersSucceededError to pass the tests
2014-09-12 13:30:03 +02:00
28e61edef4
Unblock when invalid encoder is selected and allow multiple encoder
2014-09-12 12:48:09 +02:00
37e6173d1f
Make Metasploit::Concern a first-class dep.
...
Also adds a Concern hook to HttpServer, so Pro can more
easily change its behavior.
2014-09-11 13:28:45 -05:00
71228b48a0
Update 3 more encoders to be StageEncoder compatible
...
This could probably use some DRY love via a mixin
2014-09-10 20:21:35 -05:00
65287e41cd
Land #3773 - Fix windows cmd redirection in firefox payloads
2014-09-10 13:25:42 -05:00
1bb6573570
Fix windows cmd redirection in ff payloads.
2014-09-10 00:47:05 -05:00
0a6ce1f305
Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP
2014-09-09 17:21:03 -05:00
6c0dae953d
Stage encoding is now SaveRegister aware
2014-09-09 14:21:51 -05:00
ef748fdef7
check if database is connected first
...
wooops
2014-09-08 12:54:19 -05:00
09e6c2f51f
Merge branch 'master' into feature/MSP-11162/db-all-creds
2014-09-08 12:52:25 -05:00
ae5a8f449c
Land #3691 , gdbserver hax
2014-09-08 11:48:39 -05:00
b8ba2dd703
Fix timeout with HEAD request in delete_file
2014-09-08 18:34:50 +02:00
cc5b852517
Fixed spec for lib/msf/http/jboss
...
Revert commit abdd72e8c6
2014-09-08 17:42:04 +02:00
283e83028f
Fix problem with HEAD requests
...
Split lib/msf/http/jboss/script into
lib/msf/http/jboss/deployment_file_repository_scripts.rb and
lib/msf/http/jboss/bean_shell_scripts.rb as
2014-09-08 14:02:15 +02:00
5c1d95812c
Add verify_checksum and use it
...
Also fixed a YARD typo.
2014-09-08 02:19:21 -05:00
ce0e7b59f5
Remove WVE and BPS reference identifiers
...
Reasons why they should be gone:
WVE:
* wirelessve.org is down.
* Not a single module uses WVE as a reference
BPS:
* "BreakingPoint" no longer exists
* The URL takes you to a login page to ixia. And there is no point
of referencing something people can't see.
* Not a single module uses BPS as a reference.
2014-09-05 13:28:10 -05:00
b6e04599a7
Fix read_ack to read only the ACK
...
It was reading the response, too. Also removed an extraneous send_ack.
2014-09-05 12:30:59 -05:00
093f488360
add db_all_cred methods to authbrute
...
adds 3 methods to add db_all_creds functionality back to
the loginscanners
2014-09-04 12:20:42 -05:00
4966082de5
Replace 'rescue nil' with DRY-violating versions :(
2014-09-03 23:06:11 -05:00
0e18d69aab
Add extended mode to prevent service from dying.
2014-09-03 16:07:27 -05:00
4293500a5e
Implement running exe in multi.
2014-09-03 15:56:21 -05:00
268d42cf07
Add PrependFork to payload options.
2014-09-03 14:56:22 -05:00
85c5de07ec
Fix use of datastore['SMBServerIdleTimeout']
2014-09-02 13:47:01 -05:00
6fcc864942
Reduce the chance of file descriptor leaks in SMBServer
...
This patch addresses three observed error conditions in long-running SMB services.
1. A call to get_once() in on_client_data could raise a Timeout exception and bubble all the way up to the dispatcher. This should technically never happen, but gets triggered for zero-byte writes and clients closing their connections. The fix was to handle the exception and lower the timeout. The change was tested with a number of SMB clients to make sure this didn't introduce any regressions.
2. A client could indefinitely keep a connection to the SMB server. The SMB server now disconnects idle clients after 120 seconds of inactivity (configurable).
3. A client could send a large amount of data that was invalid SMB traffic, using up memory as a potential DoS.
Caveats: The idle client sweep occurs every 100 requests or at an interval equal to the idle timeout. A client could fill up the entire connection table on its own, preventing the sweep from occurring by preventing new connections. Fixing this would require a dedicated thread to sweep for idle connections and is a more aggressive attack than this patch is designed to defend against (accidental connection flooding, basically).
2014-09-02 13:29:37 -05:00
0ef71c70d3
s/services/creds
2014-08-31 09:54:49 -07:00
3bb370437c
Returns csv output to creds command
...
commit 82b2c1deae
2014-08-31 08:35:22 -07:00
559ec4adfe
Add module for ZDI-14-299
2014-08-31 01:11:46 -05:00
e1b6ee283f
Allow Msf::Payload::JSP to guess system shell path if it isnt provided
2014-08-30 16:27:02 -05:00
403eae3579
Jboss file deployment repository refactorization
...
Moved lib/msf/http/jboss/bean_shell_script.rb to
lib/msf/http/jboss/script.rb. Moved head_stager_jsp to script.rb.
Removed stager_jsp to use the function from the mixin.
2014-08-30 13:15:37 +02:00
33f90de7f6
Refactoring jboss module to work with the Mixin
...
Moved upload and delete methods of deploymentfilerepository to the
mixin. Removed call_uri_mtimes method as the module now uses deploy
from the mixin.
2014-08-29 20:08:35 +02:00
b4e3ce0fdc
Merge branch 'master' of github.com:rapid7/metasploit-framework
2014-08-28 17:14:07 -05:00
fa77caa819
Merge branch 'bug/MSP-11153/database-config-overrides'
...
MSP-11153 #land
2014-08-28 17:12:37 -05:00
031445fee7
Check for nil resource files
...
See #3719
2014-08-28 16:27:33 -05:00
7a8d7a38d1
Remove debugging 'puts'
...
MSP-11153
2014-08-28 13:48:46 -05:00
af9f3b83a7
Refactoring jboss module to work with the Mixin
...
Removed datastore USERNAME and PASSWORD which are provided by
Msf::Exploit::Remote::HttpClient. Removed datastore PATH and VERB which
are provided by the mixin (lib/msf/http/jboss). Moved target detection
to the mixin.
2014-08-27 22:54:40 +02:00
951ce15b44
Move database.yml selection to Metasploit::Framework::Database
...
MSP-11153
Test the following paths in order and only return them if the path
exists:
1. MSF_DATABASE_CONFIG environment variable
2. ~/.msf4/database.yml
3. <project>/config/database.yml
2014-08-27 12:01:43 -05:00
316a952e9c
Make SIP note, service and print output more similar
2014-08-26 17:47:31 -07:00
2d2606aeaf
Update sip note format, small tweaks to output, service.info
2014-08-26 16:42:00 -05:00
ba1f7c3bf6
Land #3687 , reworks the nat-pmp portscanner
2014-08-26 14:34:46 -05:00
4e19d9ade1
Land #3545 , fix up sip scanners, msftidy, db services cmd
2014-08-26 14:07:21 -05:00
e75e213b52
Clarify SIP mixin method name, store header values as string, etc
2014-08-26 11:40:49 -07:00
677d7804ae
Fix bad merge
2014-08-26 10:49:54 -07:00
162508f532
Update NAT-PMP modules to use new/updated mixins
2014-08-26 10:49:53 -07:00
816404bb88
Move common NAT-PMP functionality into a central place
2014-08-26 10:49:53 -07:00
ff7e0f3c19
Land #3705 , xistence's UPNP SSDP M-SEARCH amplification scanner
2014-08-26 08:30:43 -07:00
Joe Vennix
William Vu
Tod Beardsley
scriptjunkie
Tom Sellers
Spencer McIntyre
Joshua Smith
sinn3r
Tim Wright
Luke Imhoff
HD Moore
Jon Hart
Trevor Rosen
James Lee
Pedro Laguna
jvazquez-r7
Christian Mehlmauer
Vincent Herbulot
Meatballs
Ramon de C Valle
Josh Abraham
agix
David Maloney
Kurt Grutzmacher
Samuel Huckins