Commit Graph

476 Commits (2fddf333ed752c664814a22ef3a41ceb377fee1c)

Author SHA1 Message Date
Brent Cook 05e4af8162
Land #5214, initial meterpreter session recovery support 2015-05-04 16:25:27 -05:00
benpturner 453b1fce50 Spaces 2015-05-04 22:17:08 +01:00
benpturner 658958d8e7 Allow sessions -c command on powershell 2015-05-04 22:07:22 +01:00
HD Moore a577bef9c3 Rework dirty cleanup to use skip_cleanup instead 2015-05-04 03:52:55 -05:00
HD Moore e7ba6e8a9a Speed up dead session cleanup by skipping shutdown/cleanup 2015-05-04 03:40:48 -05:00
HD Moore 3080feb188 Track the machine_id and drop non-responsive sessions automatically 2015-05-04 03:22:29 -05:00
HD Moore d00f6a8fdf Rework verbose sessions listing to work around table limits 2015-05-04 02:55:31 -05:00
HD Moore 8ca66e03aa Track and display the last checkin time for Meterpreter sessions 2015-05-03 10:52:54 -05:00
OJ 4f9c8d04a2 Add support for moving transports and uuid fetching
The 'next' and 'prev' commands were added so that the session can jump
transports without having to add new ones at the same time.

There's also a command which gives the UUID now so that this can be
reused across sessions.
2015-04-28 20:24:44 +10:00
OJ fca4d852a1 Remove the passing on off listen socket values 2015-04-28 13:51:48 +10:00
HD Moore 1cebc9f3cb Fallback if the regex fails for some reason 2015-04-26 15:59:36 -05:00
Ben Turner 82fe480c2e Update session to display username and hostname 2015-04-26 21:47:49 +01:00
benpturner 76e68fcf4c session info 2015-04-26 20:13:18 +01:00
benpturner 1cc167a7fb Inserted ARCH_X86 payloads, removed interactive_powershell and updated base powershell session 2015-04-26 18:50:42 +01:00
benpturner 57914b6924 new session type 2015-04-23 23:12:02 +01:00
OJ 809409d8c4 Lots of changes to support moving timeouts to common spots
Session expiry, comms timeout, retry total/wait are all now part of all
of the meterpreter payloads as these are going to be used for
maintaining access with resiliency and will aim for consistency across
the payload types.
2015-04-09 17:57:43 +10:00
HD Moore c9696d3f6c Merge in stageless/transport work, deconflict 2015-04-04 11:52:26 -07:00
HD Moore a39ba05383 Functional Payload UUID embedding via PayloadUUIDSeed 2015-03-31 15:44:18 -05:00
James Lee 8f0c434faa Add specs for the new method 2015-03-25 12:34:10 -05:00
HD Moore d53ccb32a0 Turn off unicode filtering by default for non-Windows platforms (UTF-8 consoles)
This is a followup to support for unicode added in #4950
2015-03-19 15:45:45 -05:00
HD Moore c3479ba747 Update msfvenom & PayloadGenerator to pass in available_space 2015-03-09 01:14:56 -05:00
Christian Mehlmauer 1d2fc989bd
remove newline 2015-02-24 17:35:53 +01:00
Christian Mehlmauer 906c4a9024
use + instead of << 2015-02-24 17:18:41 +01:00
Christian Mehlmauer 5880702552
added new hex format 2015-02-24 16:05:02 +01:00
sinn3r c62beacd31 Revert #4473 - Log backtraces by default 2015-01-24 02:44:29 -06:00
Christian Mehlmauer a5b56c7d09
fix error 2015-01-08 19:48:29 +01:00
Christian Mehlmauer 6444d8ba64
use kind_of? for checking exceptions 2014-12-30 21:16:57 +01:00
Christian Mehlmauer 7b52bcb657
log errors into framework.log 2014-12-29 00:20:26 +01:00
Trevor Rosen 80cd04d76a
Land #4332, test optimization for Cucumber
* Make Cuke run faster on TravisCI
2014-12-18 09:34:55 -06:00
sinn3r c2bc79c53c Resolves #4275 - Configurable variable name as an option
Resolves #4275
2014-12-15 23:59:34 -06:00
Spencer McIntyre 42710cc32e Error messages for the python meterpreter 2014-12-09 11:03:57 -06:00
Luke Imhoff 8c0610cb7a
Merge branch 'master' into feature/MSP-11671/test-optimization
MSP-11671

Conflicts:
	.travis.yml
2014-12-08 08:46:22 -06:00
Jon Hart da92e4705c
Land #4319, @wchen-r7's fix for #4307 2014-12-05 12:08:39 -08:00
Tod Beardsley 0431720a07
Land #4294, msfconsole speedups on module load
Related to #4257 and #4195 vaguely, and possibly even #4147.
2014-12-05 13:45:11 -06:00
sinn3r cfc1acfcae Fix #4307 - Check action for nil
Auxiiary modules already do this, but looks like we forgot to do the
same for post modules.

I also changed the error to allow "reason" in order to be more
informative about what the user should do.

Fix #4307
2014-12-04 17:07:59 -06:00
sinn3r f6f0050f56 Fix #3886 - Backtrace for #check when session is invalid
If the user supplies an invalid session (as in not on the session
list), it will cause a backtrace, because the setup method from
Msf::PostMixin isn't actually called.

We have thought about implementing this in a new OptSession instead.
But you can't use or even pass framework to option_container.rb, so
this is NOT possible.

The original PR was #3956.
2014-12-02 17:22:46 -06:00
Luke Imhoff 35ff82c9d8
Merge branch 'bug/MSP-11672/double-init-module-paths' into feature/MSP-11671/msfconsole-defer-module-loads
MSP-11671
2014-12-02 11:57:47 -06:00
Luke Imhoff 653c71e029
Fail if init_module_paths called more than once
MSP-11672

Calling init_module_paths takes 6 seconds on my machine even when there are no
files to that are changed just because it takes that long to walk the
directories and gather the mtime for each file.  Therefore, calling it
more than once should be avoided.  Also, there is no reason to call it
twice as to add paths later, `modules.add_module_paths` should be used.
2014-12-02 10:17:09 -06:00
Luke Imhoff 7e2b197f02
Document Msf::Simple::Framework.create
MSP-11671
2014-12-01 15:38:48 -06:00
Luke Imhoff 57cabb4f10
Document Msf::Simple::Framework.simplify
MSP-11671
2014-12-01 15:36:38 -06:00
HD Moore 673e21cfaf Rework meterpreter SSL & pass datastore to handle_connection()
This allows HandlerSSLCert to be used to pass a SSL certificate into the Meterpreter handler. The datastore has to be passed into handle_connection() for this to work, as SSL needs to be initialized on Session.new. This still doesn't pass the datastore into Meterpreter directly, but allows the Session::Meterpreter code to extract and pass down the :ssl_cert option if it was specified. This also fixes SSL certificate caching by expiring the cached cert from the class variables if the configuration has changed. A final change is to create a new SSL SessionID for each connection versus reusing the SSL context, which is incorrect and may lead to problems in the future (if not already).
2014-11-22 15:35:00 -06:00
Luke Imhoff 1fd8fe57df
Merge staging/great-backport to master
Conflicts:
	spec/lib/msf/core/module_spec.rb
2014-11-12 11:08:18 -06:00
Spencer McIntyre 82f41d56a6 Add [user_]logos_directory to Msf::Config 2014-10-24 10:52:05 -04:00
Luke Imhoff 0c00c7cc50
Fully-qualifiy Msf::MODULE_TYPES constants
MSP-11126

Fully-qualify `Msf::MODULE_TYPES`, `Msf::MODULE_ANY`,
Msf::MODULE_ENCODER`, `Msf::MODULE_EXPLOIT`, `Msf::MODULE_NOP`,
`Msf::MODULE_AUX`, `Msf::MODULE_PAYLOAD`, `Msf::MODULE_POST` so that
their usage isn't dependent on nested lexical scoping.
2014-10-17 12:43:40 -05:00
Tod Beardsley e68aaa4226
Don't disclose empty disclosure dates
For rapid7#4015
2014-10-14 16:02:23 -05:00
William Vu f612c8cd3e
Add disclosure date to info 2014-10-14 15:15:24 -05:00
William Vu 5c4f61057f
Show available actions for info 2014-10-14 12:41:02 -05:00
William Vu 1d766ba95b
Rename dump_auxiliary_action{,s}
To dump_module_action{,s} to accommodate post modules, etc.
2014-10-08 14:49:14 -05:00
William Vu a8b5bf4625
Show selected auxiliary action 2014-10-07 14:34:41 -05:00
James Lee a65ee6cf30
Land #3373, recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
Meatballs 67c25c20ca
Land #3357, Run Local Exploits in AutoRunScript 2014-09-28 09:12:26 +01:00
Meatballs 3fc57109e6 Dont rescue Exception 2014-09-28 09:12:03 +01:00
William Vu 425874315c
Add show missing 2014-09-12 10:23:12 -05:00
Brandon Turner 05f0d09828
Merge branch staging/electro-release into master
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master.  Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63 and
82760bf5b3).

We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3).

This merge commit merges the staging/electro-release branch
(62b81d6814) into master
(48f0743d1b).  It ensures that any changes
committed to master since the original squashed merge are retained.

As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
Brandon Turner 19ba7772f3
Revert "Various merge resolutions from master <- staging"
This reverts commit 149c3ecc63.

Conflicts:
	lib/metasploit/framework/command/base.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/require.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/smb/smb_login.rb
	msfconsole
2014-08-22 10:17:44 -05:00
HD Moore 5e123e024d Add 'coding: binary' to all msf/rex library files
This fixes a huge number of hard-to-detect runtime bugs
that occur when a default utf-8 string from one of these
libraries is passed into a method expecting ascii-8bit
2014-08-17 17:31:53 -05:00
HD Moore 6d92d701d7 Merge feature/recog into post-electro master for this PR 2014-08-16 01:19:08 -05:00
Samuel Huckins 149c3ecc63
Various merge resolutions from master <- staging
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
joev dbaa377aa1 Final-round of code tweaks. All commands working well. 2014-08-09 13:04:52 -05:00
Luke Imhoff 9c29b78b9a
Add missing require
MSP-10848

Not triggered on OSX development machines, only on Linux.
2014-08-04 18:23:25 -05:00
Luke Imhoff 9a5085cbba
Prevent circular dependency
MSP-10905

Use Metasploit::Framework::Version directly instead of
Msf::Framework to prevent circular dependency when starting msfconsole.
2014-07-29 14:04:15 -05:00
AnwarMohamed c2be3d6875 fixing autoload bug 2014-07-29 17:51:56 +02:00
AnwarMohamed b02dbcc2e7 remove extra whitespace 2014-07-29 16:23:27 +02:00
AnwarMohamed 7512e04894 fixing autoload 2014-07-29 16:21:31 +02:00
AnwarMohamed 283046b25d fixing auto load on new session 2014-07-28 10:49:50 +02:00
Joshua Smith 3a41bd983e changes 'module' back to 'script', makes more sense 2014-07-09 17:25:39 -05:00
Joshua Smith a9e43c308e removes lingering debug lines, changes word script to module 2014-07-09 17:05:35 -05:00
Joshua Smith 8bbaecc726 adds some additional protection against capilization issues 2014-07-09 16:46:28 -05:00
Joshua Smith 172bc450b3 adds TARGET to 'to_neuter' list 2014-07-09 16:46:28 -05:00
Joshua Smith f4942eccd4 cleans up comments, line lengths, dup/clone 2014-07-09 16:46:28 -05:00
Joshua Smith 51db859432 uses exploit_type vs category, thx egypt 2014-07-09 16:46:28 -05:00
linuxchuck ee56828bf7 New updates to scriptable.rb for payload/target
Additional w00t for your pwning pleasure.
2014-07-09 16:46:27 -05:00
Joshua Smith 62785784c6 adds explicit TARGET setting 2014-07-09 16:46:27 -05:00
Joshua Smith 13f5450e53 uses clone instead of dup 2014-07-09 16:46:27 -05:00
Joshua Smith bb13590f02 first shot at letting scriptable.rb handle local exploits 2014-07-09 16:46:27 -05:00
AnwarMohamed a513f403ba fixing bugs 2014-07-08 10:58:48 +02:00
AnwarMohamed 6e0bc763ff formating 2014-07-08 10:46:16 +02:00
AnwarMohamed 34dcb609e2 android extension 2014-07-08 04:52:06 +02:00
Luke Imhoff 1055efbeaa
Add module paths from paths['modules'] from Rails app and engines
MSP-9653

Allow rails engines (and other applications, like
Metasploit::Pro::Engine::Application) to define their own module paths
using the paths['modules'] entry for Rails Applications/Engines.
2014-06-02 12:32:54 -05:00
Luke Imhoff f83e8a4a4f
Add missing requires
MSP-9606

require 'msf/base/config' when required directly was not working.
2014-05-12 10:16:10 -05:00
HD Moore dbb192532e Remove obsolete call to update_host_via_sysinfo() 2014-03-30 06:23:07 -07:00
Tod Beardsley 6e88bbd827
No need for that kind of language 2014-03-04 14:34:50 -06:00
David Maloney 566a791ef3
Land #2992, Fix VNC Inject Defaults 2014-02-28 14:04:56 -06:00
Meatballs e31a144f4d
Use better system call 2014-02-22 20:34:56 +00:00
Meatballs f7858bf1a7
SnakeCase option looks better 2014-02-14 21:05:24 +00:00
Meatballs 983f5abc2f
Make vnc a bit safer to use 2014-02-14 20:59:44 +00:00
sinn3r 4dd60631cb
Land #2950 - New Payload Generator for MsfVenom 2014-02-13 15:13:10 -06:00
William Vu 40db1c4d0d s/auxiliarly/auxiliary/ 2014-02-12 12:17:53 -06:00
William Vu 5a488b310d Use a more correct error message
-1 is a valid session ID, even though it's a fake one.
2014-02-11 18:06:43 -06:00
William Vu 2476d9be2d Fix invalid session ID bug
This fix should work seamlessly with #2952.
2014-02-11 15:43:35 -06:00
David Maloney e265d6f54c begining of payload generator
started basics of generator
started adding specs
added option to simple framework to disable logging
2014-02-02 14:35:16 -06:00
James Lee e9ccec4755
Refactor load_session_info
All of this code is in sore need of some specs but I think this change
makes it a bit easier to understand what it is supposed to be doing.
2014-01-21 18:55:54 -06:00
Raphael Mudge ac151794f3 Make Meterpreter Session Address Resolution Sane
If MSF can not match the visible IP address of a Meterpreter session
to an interface--it will attempt to find an IP address associated
with a default route and use it as the session's address.

This commit fixes the logic associated with this process. The old
logic only considers one IP address per Interface, even though an
Interface may have multiple addresses/masks associated with it.

This flaw led to situations where MSF would favor an IPv6 link-local
address over the IPv4 address associated with the default route,
solely because the IPv4 address was not the first value in the
addresses array.

[FixRM #7259]
2014-01-21 00:32:50 -05:00
Timothy Swartz 3ad8b0d530 Removed space from readable_text.rb 2013-12-31 16:38:40 -08:00
Timothy Swartz a1e42e5c16 config.rb typo correction 2013-12-31 16:02:18 -08:00
Timothy Swartz e51fab01fc Doc tag changes based on feedback. 2013-12-26 10:14:41 -08:00
Timothy Swartz a20e888551 Added YARD tags/comments to readable_text.rb
Also fixed a few other tags.
2013-12-25 02:24:26 -08:00
Timothy Swartz 6c871a7e43 Added YARD comments to persistent_storage.rb
Also, fixed logging.rb link to Msf::Session
Added --no-private to .yardopts. This will hide anything marked with
@private from the generated documentation.
Previous additions in the msf/base directory and not msf/core.
2013-12-24 19:45:11 -08:00
Timothy Swartz b07dfc4f44 Added YARD tags to msf/core/logging.rb 2013-12-24 19:42:24 -08:00
Timothy Swartz ff4e94cd91 Added YARD comments to msf/core/config.rb 2013-12-24 19:42:24 -08:00