10bd75348c
Merge branch 'upstream/master' into uuid-stagers
2015-05-22 13:07:25 +10:00
a6a274d3a3
Merge recent stager changes
2015-05-22 13:01:45 +10:00
9b17b63259
Switch to append mode for x86 service templates, fixes #5403
2015-05-21 20:42:20 -05:00
ea9059f930
Fix broken endian specification (<I vs I<)
2015-05-21 20:00:22 -05:00
4890882beb
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2015-05-21 15:03:17 -05:00
c29bb35e28
Change datastore name
2015-05-21 10:15:03 -05:00
356f361b40
add sid to the the yard docs
...
you win this round OJ ;)
MSP-12722
2015-05-21 09:30:09 -05:00
ee1a366e2b
Use select with ActiveRecord::Associations::CollectionProxy for subset selection
2015-05-21 11:04:03 +05:00
eac1663fed
Ensure that the base directory exists before creating the file
2015-05-21 00:40:49 -05:00
3ee02d3626
Hmm bug
2015-05-21 00:36:40 -05:00
4622fa60eb
Register the init_* URLs and whitelist these
2015-05-21 00:22:41 -05:00
31c60b48c8
Don't forget to doc
2015-05-21 00:08:04 -05:00
6e8ee2f3ba
Add whitelist feature
2015-05-21 00:05:14 -05:00
27406204ed
Disable payload UUID registration by default
2015-05-20 23:56:15 -05:00
e07576ce20
Indicate whether a session has a registered UUID
2015-05-20 23:55:49 -05:00
bdf30dd383
Land #5374 , --smallest option in msfvenom
2015-05-20 21:06:10 -05:00
a8d111ce89
Merge branch 'master' into feature/uuid-registration
2015-05-20 19:48:39 -05:00
ac0004ea0a
Implement IgnoreUnknownPayloads
2015-05-20 19:47:17 -05:00
93900087c7
Resolve #5219 , user-configurable HTTP timeout
...
Resolve #5219
2015-05-20 13:30:45 -05:00
e34c751034
only use regex matches if they are specified
2015-05-20 12:22:36 -05:00
e9be0d3f7a
Allow cmd_arp to use -S flag
...
Allow searching for regex' through ARP output using Table's new
'SearchTerm' parameter.
Example:
```
meterpreter > arp -S 10.2.1.1
ARP cache
=========
IP address MAC address Interface
---------- ----------- ---------
10.2.1.1 00:01:02:03:04:05 15
```
2015-05-20 11:26:06 -05:00
b20c1c51b5
Import -S option for netstat
...
Allow searching through netstat output tables for specific strings.
Example:
```
meterpreter > netstat -S 192
Connection list
===============
Proto Local address Remote address State User Inode PID/Program name
----- ------------- -------------- ----- ---- ----- ----------------
tcp 10.1.1.20:3389 192.168.100.186:38470 ESTABLISHED 0 0 3076/svchost.exe
tcp 10.1.1.20:63826 192.168.100.186:31158 ESTABLISHED 0 0 4568/powershell.exe
tcp 10.1.1.20:64887 192.168.100.186:31158 ESTABLISHED 0 0 -
```
2015-05-20 11:26:06 -05:00
e4165d3ae0
whitespace fixes
...
from @sempervictus
2015-05-20 11:26:04 -05:00
66bd881ac5
support filtering on processes with a regex
...
from @sempervictus
Merge forked changes to cmd_ps allowing for the use of string
matching on listing output via Rex::Ui::Text::Table's SearchTerm
facility
Example:
```
meterpreter > ps -S x64.*Auth.*Sys
Process list
============
PID Name Arch Session User Path
--- ---- ---- ------- ---- ----
400 smss.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\smss.exe
...
```
2015-05-20 11:25:56 -05:00
d97ad5f8e4
support more consistent table output formatting
...
from @sempervictus
2015-05-20 11:25:55 -05:00
8a0bb6735e
support creating Rex Tables from CSV
...
from @sempervictus
2015-05-20 11:25:53 -05:00
3d27443ef6
support flipping a table 90 degrees
...
from @sempervictus
This allows displaying large attributes in a nicer way.
2015-05-20 11:25:48 -05:00
1fe18243bd
Allow Internal Filtering by SearchTerm
...
from @sempervictus
Allow passing 'SearchTerm' into Rex::Ui::Text::Table creation to
filter all output by regex match to the string passed.
Provides base functionality for higher level subscribers such as
cmd_ls in meterpreter sessions for filtering output
2015-05-20 11:25:39 -05:00
6fd82ad996
add cp / copy commands
...
from @sempervictus
2015-05-20 11:25:36 -05:00
282c7eb81e
add -S regex search to ls, normalize arg parsing
...
from @sempervictus
Merge forked changes to cmd_ls allowing for the use of string
matching on listing output via Rex::Ui::Text::Table's SearchTerm
facility.
Example:
```
meterpreter > ls chef -R -S wget
No entries exist in chef/backup/chef/handlers
No entries exist in chef/backup/chef/ohai_plugins
No entries exist in chef/backup/chef
No entries exist in chef/backup
No entries exist in chef/cache/cookbooks/avast/attributes
No entries exist in chef/cache/cookbooks/avast/recipes
No entries exist in chef/cache/cookbooks/avast
No entries exist in chef/cache/cookbooks/chef-client/attributes
No entries exist in chef/cache/cookbooks/chef-client/libraries
No entries exist in chef/cache/cookbooks/chef-client/recipes
No entries exist in chef/cache/cookbooks/chef-client
No entries exist in chef/cache/cookbooks/chef_handler/attributes
No entries exist in chef/cache/cookbooks/chef_handler/libraries
No entries exist in chef/cache/cookbooks/chef_handler/providers
No entries exist in chef/cache/cookbooks/chef_handler/recipes
No entries exist in chef/cache/cookbooks/chef_handler/resources
No entries exist in chef/cache/cookbooks/chef_handler
No entries exist in chef/cache/cookbooks/cron/providers
No entries exist in chef/cache/cookbooks/cron/recipes
No entries exist in chef/cache/cookbooks/cron/resources
No entries exist in chef/cache/cookbooks/cron
No entries exist in chef/cache/cookbooks/logrotate/attributes
No entries exist in chef/cache/cookbooks/logrotate/definitions
No entries exist in chef/cache/cookbooks/logrotate/libraries
No entries exist in chef/cache/cookbooks/logrotate/recipes
No entries exist in chef/cache/cookbooks/logrotate
No entries exist in chef/cache/cookbooks/ohai/attributes
No entries exist in chef/cache/cookbooks/ohai/files/default/plugins
No entries exist in chef/cache/cookbooks/ohai/files/default
No entries exist in chef/cache/cookbooks/ohai/files
No entries exist in chef/cache/cookbooks/ohai/recipes
No entries exist in chef/cache/cookbooks/ohai
No entries exist in chef/cache/cookbooks/svit-windows/attributes
No entries exist in chef/cache/cookbooks/svit-windows/recipes
No entries exist in chef/cache/cookbooks/svit-windows/templates/default/plugins
No entries exist in chef/cache/cookbooks/svit-windows/templates/default
No entries exist in chef/cache/cookbooks/svit-windows/templates
No entries exist in chef/cache/cookbooks/svit-windows
No entries exist in chef/cache/cookbooks/windows/attributes
No entries exist in chef/cache/cookbooks/windows/files/default/handlers
No entries exist in chef/cache/cookbooks/windows/files/default
No entries exist in chef/cache/cookbooks/windows/files
No entries exist in chef/cache/cookbooks/windows/libraries
No entries exist in chef/cache/cookbooks/windows/providers
No entries exist in chef/cache/cookbooks/windows/recipes
No entries exist in chef/cache/cookbooks/windows/resources
No entries exist in chef/cache/cookbooks/windows
No entries exist in chef/cache/cookbooks
No entries exist in chef/cache
No entries exist in chef/handlers
No entries exist in chef/log
No entries exist in chef/ohai_plugins
No entries exist in chef/run
Listing: chef
=============
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
100666/rw-rw-rw- 161 fil 2014-07-21 11:08:26 -0400 wget.ps1
100666/rw-rw-rw- 1285 fil 2014-07-21 11:08:26 -0400 wget.vbs
meterpreter >
```
2015-05-20 11:25:33 -05:00
44f8cf4124
Add more size to stagers, adjust psexec payloads
...
This psexec payload size should be evaluated to make sure I'm not doing
anything stupid. i can't see a reason why increasing these sizes would
be bad. They seem to work fine.
2015-05-20 17:07:56 +10:00
5963a5833a
Fix up php stageless payload includes
2015-05-20 16:50:00 +10:00
d0a5b803e8
Use generate_payload_uuid instead of manual obj creation
2015-05-20 16:25:52 +10:00
818d8b186c
Implement tracking
2015-05-20 01:10:19 -05:00
289873c25f
Merge all the stager changes
2015-05-20 16:02:37 +10:00
6859b24c1c
Fix missing label, update payload sizes
2015-05-20 15:42:31 +10:00
d43e11f5af
WinHTTP rework with proxy support, and SSL verification
...
This commit fixes up the winhttps stuff properly too. PHEW!
2015-05-20 15:32:34 +10:00
513a81e340
Add framework.uuid_db as a JSONHashFile
2015-05-20 00:28:32 -05:00
fd2534914d
Small tweaks to reverse_http
2015-05-20 12:15:38 +10:00
48c50a897c
add rpc call to change meterp transport
...
this rpc method allows the user to change transport
on an existing meterp session. if it's successful
it will close the old 'session' tied to the rpevious transport
MSP-12722
2015-05-19 14:43:25 -05:00
046003acb4
Increase REXML expansion text limit
...
MSP-9532
* Increase to reasonable size to handle larger xml file expansion on import
* Prevents the 'RuntimeError entity expansion has grown too large' error that prevents import
2015-05-19 12:47:19 -05:00
3b8effc589
fix ext_server_android.jar error
2015-05-19 17:26:50 +01:00
c1b8cee315
Land #5369 , @dmaloney-r7's snmp_login fixes
2015-05-19 10:39:03 -05:00
e7c8a3b56c
add support for SessionRetryTotal and SessionRetryWait on Android
2015-05-19 16:16:04 +01:00
c0b0a95d95
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2015-05-19 08:39:10 -05:00
9fddc21cf3
Shaved another sneaky byte off the payload
2015-05-19 21:21:07 +10:00
6e96e6d118
Shellcode golf to make the payload smaller
...
Tried to implement some more of the stuff that egypt suggested, managed
to get some in, but not others. Ultimately, its smaller than it was, and
I'm sure there are ways to make it better as well.
2015-05-19 21:17:42 +10:00
62720ab357
Fix the wininet stager for http/s
...
For some reason this was only working on Windows7/2008, yet when tired
on Windows 2012 it was resulting in crashes. It was also stopping
working in exploits such as psexec_psh.
Went back to the beginning and started again. With this in place, we can
now do a bit of shellcode golf to make it a bit smaller.
Adjusted payload sizes as well.
2015-05-19 20:03:22 +10:00
9d7e54f360
Add the UUID subdirectory, including initial DB class
2015-05-18 23:41:22 -05:00
c7932855f2
Move UUIDOptions to UUID::Options
2015-05-18 23:35:18 -05:00
448736989d
Merge branch 'master' into feature/msfvenom-smallest
2015-05-18 18:41:44 -05:00
46f389fecd
Documentation
2015-05-18 18:41:37 -05:00
fbbd25f4bc
I never use this thing
2015-05-18 17:56:17 -05:00
84060bbaeb
Land #5370 , support specifying maximum encoder space with msfvenom
2015-05-18 16:43:12 -05:00
89be3fc1f2
Do global requirement comparison in BAP
2015-05-18 16:27:18 -05:00
9dd82d94ae
Exclude Manual ranked encoders from automatic selection, these can still be specified with -e
2015-05-18 15:47:15 -05:00
71eab7a236
Implements msfvenom --smallest, still some blockers
2015-05-18 15:24:59 -05:00
657746c97f
Land #5364 , fix endian in meterpreter config block
2015-05-18 15:23:42 -05:00
a82168d7bb
Fixes #5361 by adding --encoder-space to msfvenom
2015-05-18 14:27:52 -05:00
ea8e62f0fb
Add #file_dropper_file_exist?
2015-05-18 14:13:12 -05:00
e2c6742c1b
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2015-05-18 13:44:01 -05:00
7376d4d94e
account for public only credentials in #to_s
...
SNMP in particular will only have a public, so we need
to account for this so we don't output poorly formed text
with a trailing ':' char
5266
2015-05-18 13:42:15 -05:00
c69b6b2b8b
only issue db warning once
...
cache the fact that we have issued the db warning
so we do not issue it for every credential attempt
on the module run.
5266
2015-05-18 13:41:18 -05:00
129ed7fb7a
Add yard documentation
2015-05-18 10:27:04 -05:00
e7f80042d4
Finalise work on the bind_ipv6_tcp stager for UUID support
2015-05-18 21:19:04 +10:00
593f6e5fc4
Fix issue with bind UUID
2015-05-18 20:25:15 +10:00
9296a024e2
PHP meterpreter refactoring in prep for uuid work
2015-05-18 17:40:48 +10:00
27cdc588c8
Merge module include fix from stager update
2015-05-18 15:00:05 +10:00
677acb22a4
Fix up module include in x64 winhttp
2015-05-18 14:59:49 +10:00
4488a5e634
Add uuid support to python, and rework stages/stagers
2015-05-18 14:33:35 +10:00
0d56b3ee66
Stage UUIDs, generation options, php and python meterp uuid
2015-05-18 13:29:46 +10:00
bf2b113abb
Merge branch 'upstream/master' into update-x64-stagers
2015-05-18 13:28:36 +10:00
8bd41a3834
Land #5354 - transport config fallback in stager
2015-05-18 10:16:44 +10:00
8b2e5c88d9
Adjust transport config fallback to include https
2015-05-18 10:16:09 +10:00
dbe4f3f1c8
Adjust single pack statement, fix up some quotes
...
* Moved over to using single quotes for strings that don't need
escaping or interpolation.
* Changed one pack spec to be "more correct". Thankfully, we were only
packing 0 so the endianness isn't a problem, however it should be
correct, hence the fix.
2015-05-18 09:29:48 +10:00
178ba50b98
Merge branch 'upstream/master' into rage-stager-transport
2015-05-17 20:09:50 +10:00
d725554a87
Fix UUID code so that it always deals with 16 bytes
...
Also re-add the payload ID to session validation now that the UUID stuff
is reliable.
2015-05-17 17:49:21 +10:00
37e4d71a6a
Remove check for UUID in the valid session check
...
This is causing sessions to fail because meterpreter isn't doing the
right thing. I have another fix in the works which will properly solve
this, but in the short term the best way of solving the problem is to
remove this line.
2015-05-17 17:13:54 +10:00
11e715ae46
Configure transport from stager mixin
...
Transport configuration for basic session types can be performed
by the stager mixin.
Add a default transport_config method to Msf::Payload::Stager by
mixing in Msf::Payload::TransportConfig and attempting to guess
the default tranport and direction types from the currently loaded
module's (MSF module) refname.
Users with custom payloads will no longer need to update them with
transport_config methods unless they use a non standard transport,
direction, or other innovation which affects the default approach.
Testing:
Tested with payloads lacking transport_config methods or access
to the TransportConfig module (Ruby) namespace. This also resolves
problems with the RC4 payloads in upstream as they can't currently
generate stagers for meterpreter.
2015-05-17 03:03:17 -04:00
b1507f6d2a
Land #5339 , support for 'sleep' with meterpreter sessions
2015-05-15 18:14:37 -05:00
fb3a2079f2
Merge branch 'master' into land-5339-sleep
2015-05-15 18:00:52 -05:00
7d44d6d67a
client side for new sysinfo fields
...
added Domain and Logged On Users fields to
the meterpreter sysinfo command
MSP-12715
2015-05-15 15:09:33 -05:00
5cf6d28c34
Land #5426 , use RAW for TLV hash binary data
2015-05-15 11:54:45 -05:00
93ba08738c
add backward compatibility for hash responses
2015-05-15 11:53:12 -05:00
3c92d5365e
Lnad #5334 , @wchen-r7's deletes unnecessary check on mysql_drop_and_create_sys_exec
2015-05-15 11:51:21 -05:00
25099dd877
Land #5212 , HTA Powershell template
2015-05-15 11:49:07 -05:00
3bc3614be6
Do a check for powershell.exe before running it.
2015-05-15 11:48:21 -05:00
4c1558b398
Land #5331 , @wchen-r7's fixes #5330 by using print_warning
2015-05-15 11:42:57 -05:00
b7b00666fa
Use parenthesis
2015-05-15 11:41:14 -05:00
d05cae5faf
Land #5329 , @wchen-r7's add configurable options to jenkins_login
2015-05-15 11:38:21 -05:00
c614f6059d
Merge branch 'master' into land-5326-
2015-05-15 11:29:54 -05:00
ac04b8d1e7
a little bit of cleanup
...
constantise some of the magic numbers in
the NTDS Account class
MSP-12358
2015-05-15 10:47:31 -05:00
1653acd527
Land #5344 , print payload size from msfvenom
2015-05-15 09:49:05 -05:00
3d905418f4
Merge branch 'master' of github.com:rapid7/metasploit-framework
2015-05-15 00:20:59 -05:00
2d310a473b
Do some documentation
2015-05-14 23:32:11 -05:00
7b2aee2a60
Merge branch 'upstream/master' into update-x64-stagers
2015-05-15 12:27:40 +10:00
8bcdd08f34
Some basic code in place for real-time exploit list generation
2015-05-14 19:09:38 -05:00
1ff6d6298e
Remove stray comma causing help to be incorrect
2015-05-15 09:23:55 +10:00
7c013c0486
Merge branch 'upstream/master' into add-transport-sleep
2015-05-15 08:00:04 +10:00
92799266c6
fix typo
...
you happy now?
2015-05-14 15:06:01 -05:00
724b7c6f16
save the ntlm hases as creds
...
the last step is now complete. the current and historical
hashes are all saved to the database for cracking and/or
replay
MSP-12358
2015-05-14 13:52:11 -05:00
452fc6b149
Merge branch 'feature/MSP-12357/meterp-ntds' into feature/MSP-12358/ntds-dump-module
2015-05-14 10:31:28 -05:00
6e813f6abd
Merge branch 'master' into feature/MSP-12357/meterp-ntds
2015-05-14 10:30:48 -05:00
a5c5360afd
Merge branch 'master' of github.com:rapid7/metasploit-framework
2015-05-14 08:45:53 -05:00
83fbd41970
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
Gemfile.lock
modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb
2015-05-14 14:50:25 +10:00
104e0456ec
Do cleanup for jobs
2015-05-13 23:41:05 -05:00
5f3947312d
Lands #5327 , SSL support + refactor for PowerShell
2015-05-13 23:25:15 -05:00
a2ebfe2bf8
Make parse_rank a little bit smarter
2015-05-13 18:05:10 -05:00
2e61973411
Resolve #5343 , Print payload size
...
Resolve #5343 . Prints payload size
2015-05-13 16:33:22 -05:00
1a8ab91ce3
Configurable max exploits
2015-05-13 16:23:22 -05:00
7617217eff
Add ability to exclude
2015-05-13 15:55:19 -05:00
66391493f4
Pass only the datastore options we need
2015-05-13 15:34:01 -05:00
e4fed019ac
Hide exploit paths
...
As an user, you shouldn't be using exploit paths so we hide them
by default.
2015-05-13 13:51:59 -05:00
a7e265b07e
Proper cleanup for notes
2015-05-13 13:46:06 -05:00
9308da7956
2003 code path working
...
using VSS directly on server 2003 and repairing
the database with esentutl is now working
MSP-12358
2015-05-13 12:25:44 -05:00
1f294eac0b
Updated to remove dup code
2015-05-13 17:26:21 +01:00
9fafb645dd
Updating Rails version comment
2015-05-13 09:37:32 -05:00
60d331fe0c
Add support for a "sleep" command
...
This makes meterpeter shut down it's comms and sleep for a while before
it attempts to open communications again. This is effectively the same
as doing a transport change back to the same transport, but with
a timeout.
2015-05-13 10:13:08 +10:00
9549d572cc
Land #5280 , update to Ruby on Rails 4.0
...
This upgrades a number of other gems as a side-effect.
2015-05-12 16:48:49 -05:00
b1b8f86aae
Lands #5270 , improvements to Msf::ModuleSet
2015-05-12 11:01:23 -05:00
605e492781
Avoid #create if possible
2015-05-12 01:55:22 -05:00
9bba95c2a3
Include more options
2015-05-12 01:47:03 -05:00
06dfdbcc2c
Merge updated transport changes
...
Discard changes that were made for reverse_https transport in x64 as
they no longer apply here.
2015-05-12 10:26:39 +10:00
836feaa2d8
Fix uuid setting, fix reverse_https x64 payload
...
The payload changes in this PR will be fixed up/removed in the
update-x64-stagers PR.
2015-05-12 10:24:11 +10:00
5f735c917c
Add condition before overwriting payload_uuid
2015-05-12 09:56:55 +10:00
0fb21af247
Verify deletion at on_new_session moment
2015-05-11 18:56:18 -05:00
51e6c13bc4
Adjust transport configuration include for x64/reverse_http
...
Not sure how I missed this, but I did!
2015-05-12 09:54:08 +10:00
489afd5aa1
Remove redundant check for ascii_str setting
2015-05-12 09:50:58 +10:00
849f904711
Finalise style changes as per suggestions in PR
2015-05-12 09:48:50 +10:00
474461d2a4
Merge format and structure changes from multi transport
2015-05-12 09:46:02 +10:00
69d2b8ffb1
Various code format, style changes, file moves
...
As per Egypt's suggestions.
2015-05-12 09:43:41 +10:00
c5be193357
Maybe put custom content at the bottom?
2015-05-11 18:21:50 -05:00
42f94e70c7
Add `nil` default to exit_types, transport param order swap
...
This allows for checking against exit types to be super easy instead of
having to have extra checks in place. Also changed the order of scope_id
and uri in the transport URI generation. The net effect of this is NOP
because these things only appear separately.
2015-05-12 09:05:58 +10:00
5dfab1f426
Fix exitfunk module for x64
...
The exitfunk module was using asm keywords that are considered invalid
by metasm. This commit removes these keywords and also adjusts one of
the label names to reduce the chance of a collision with other files.
2015-05-12 08:44:03 +10:00
b1dd2a63fc
On new session, check if file has been REALLY deleted
2015-05-11 17:14:42 -05:00
ecb23d09cc
Do initial fix
2015-05-11 15:02:46 -05:00
12038ed3e1
Fix #5244 , Remove unnecessary check for mysql_drop_and_create_sys_exec
...
Fix #5244 , MySQL is always return OK so it doesn't seem to be so
important to check res for DROP FUNCTION IF EXISTS sys_exe
2015-05-11 14:17:51 -05:00
f3effe5fbb
some minor cleanup
...
cleanup based on feedback from Kronicdeth
MSP-12357
2015-05-11 11:17:58 -05:00
730135705d
Resolve #5330 , change print_error to print_warning for report_auth_info
...
Resolve #5330 for more consistent deprecation style.
2015-05-11 11:01:45 -05:00
1cc44cfc31
An alternative for normalize_uri
...
normalize_uri doesn't seem to work very well in our case, so
we do our own thing here.
2015-05-11 10:42:26 -05:00
10982f0a1a
Login url should normalize too
2015-05-11 10:18:09 -05:00
d8cc2c19d3
Fix #5315 , User configurable options for jenkins_login
...
Fix #5315 . This patch allows the user to configure the HTTP method
for the login, as well as the URL.
2015-05-11 10:15:49 -05:00
e99d885b6b
Final work on reverse_winhttps
2015-05-11 22:21:22 +10:00
68eadd9f51
More work on reverse_winhttps
2015-05-11 21:38:26 +10:00
e69e6c4a73
Implement winhttp for x64
...
Still has some quirks to fix up, but we're getting there. Everything
seems to work except for reverse_winhttps. I can't see why at this
point.
2015-05-11 17:27:47 +10:00
800ab11abd
Payload size adjustment, typo fix
...
Woot, this somehow reduces the payload sizes by 2 bytes... woot.. or
something.
2015-05-11 17:24:32 +10:00
cbf06fcb02
Tweak reverse_winhttp to fix small issues
...
Now working fine with proxy settings.
2015-05-11 17:24:32 +10:00
679bb46f86
Refactoring, exitfunk fix, block_api_hash func
2015-05-11 17:24:32 +10:00
99fdfe31f1
More tidying/refactoring of the stagers
2015-05-11 17:24:31 +10:00
4686691753
Interim commit while juggling some other code
2015-05-11 17:24:31 +10:00
0820bc5dd5
Small bits of tidying up for reverse_winhttp/s
...
Refactoring, ready to get the proxy stuff going.
2015-05-11 17:24:31 +10:00
21397b46aa
Add proxy user/pass to x64 reverse_http/s
2015-05-11 17:24:31 +10:00
9312c0ea46
Add proxy host support to x64 reverse_http/s
...
Proxy user/pass coming shortly.
2015-05-11 17:24:31 +10:00
b922da8f80
Add support for x64 reverse_http
...
Still need to bake in support for proxies in the stagers, but wer'e
getting there.
2015-05-11 17:24:31 +10:00
15e9fb7e40
Port reverse_https (wininet) x64 to metasm
...
This laid the groundwork for implementation of reverse_http as well.
2015-05-11 17:24:31 +10:00
29649ff881
Fix proxy config not making it through
2015-05-11 17:24:02 +10:00
30b1c508f1
javascript portion
2015-05-10 16:50:32 -05:00
d3ba84b378
Add TLV_TYPE_FILE_HASH
2015-05-10 14:18:16 +01:00
706e304849
Land 5299, implement shell_command for PS sessions
2015-05-09 11:23:43 +01:00
98d531e053
Check if session responds to response_timeout
2015-05-09 11:21:45 +01:00
1a98c5ddc5
Land #5320 , fix SSL weak cipher results
...
This adds a fallback for deprecated ciphers that are no longer exported
current SSL libraries.
2015-05-08 18:19:25 -05:00
d3730ae18c
include a list of deprecated ciphers in the sslscan result
...
Allow recording remote deprecated cipher support even if the local OpenSSL
library does not support negotiating that cipher.
2015-05-08 18:05:00 -05:00
c103779eab
Land #5080 , @bcook-r7's 'ls' and 'download' meterpreter improvements
2015-05-08 18:02:16 -05:00
422e261b36
Use parenthesis
2015-05-08 17:59:04 -05:00
2f9205abc3
recover consistent parenthesis usage
2015-05-08 14:15:06 -05:00
8d5ef42c2d
be sure to pass the pattern more than one level deep
2015-05-08 14:03:12 -05:00
79753f719f
Slight fix to the transport config
2015-05-08 18:36:30 +10:00
ba3266803a
Add transport configuration to reverse_http/s
2015-05-08 18:32:48 +10:00
5111abdd09
Add transport config entry to reverse_winhttp
2015-05-08 18:15:24 +10:00
2ea5d49902
Update set payload description
2015-05-08 00:53:25 -05:00
785a1f4205
Modify set payload
2015-05-08 00:48:04 -05:00
2e2b536e8f
Update
2015-05-08 00:28:46 -05:00
8e86a92210
Update
2015-05-08 00:25:34 -05:00
508574970c
Land #5307 , Brocade login scanner resurrection
2015-05-07 22:43:39 -05:00
8d3737d13c
Fix some stylistic issues
2015-05-07 22:43:23 -05:00
71518ef613
Land #5303 , metasploit-payloads Java binaries
2015-05-07 22:39:54 -05:00
2f2169af90
Use single quotes consistently
2015-05-07 22:39:36 -05:00
8cd2d442ff
Modify show options
2015-05-07 20:54:30 -05:00
95f087ffd3
Some progress
2015-05-07 19:26:38 -05:00
ef59d1f7c4
Markers
2015-05-07 22:50:09 +01:00
7b5da6f266
Land #5241 , sqlmap parsing fixes
2015-05-07 14:21:20 -05:00
24abe597e4
numeric
2015-05-07 19:23:25 +01:00
01c2bc0287
Buff
2015-05-07 19:10:33 +01:00
c234714013
Start and End Markers
2015-05-07 19:06:36 +01:00
fd827db6dd
Fix up bind stager payload sizes
2015-05-07 10:13:27 +10:00
78c58088fe
Land #5314 , set snmp defaults for constrained values
2015-05-06 16:27:41 -05:00
9d7a7cb68d
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
lib/msf/core/payload/linux/bind_tcp.rb
2015-05-07 07:24:22 +10:00
60e25170fa
Land #5313 : fixup bind_tcp stager
2015-05-07 07:09:19 +10:00
669df591f2
Pull default connection_timeout into constant
2015-05-06 13:18:00 -05:00
d4aed08260
Fix typo
2015-05-06 13:17:58 -05:00
0939bbc710
Set default retries/version for SNMP LoginScanner
...
Set in snmp_login but missed in the LoginScanner.
MSP-12668
2015-05-06 13:17:40 -05:00
5a8b6e90f2
restore ecx after setting the socket options, set default size
2015-05-06 11:56:07 -05:00
97807e09ca
Lad #5125 , Group Policy startup exploit
2015-05-06 11:17:01 -05:00
93c785560b
remove brocade_telnet scanner, extend telnet
...
Rather than duplicate the entire telnet scanner, add a pre-login hook that a
module can use to extend the behavior on connect. This also adds a local
pass-through print_error method like http has.
2015-05-05 21:19:46 -05:00
6b5aaa5479
brocade enable command bruteforcer
2015-05-05 21:16:23 -05:00
95e9057854
Remove typo'd stuff that shouldn't have made it past merge
2015-05-06 08:07:07 +10:00
710a2a007b
fix format error
2015-05-05 15:27:06 -05:00
a0c806c213
Update java meterpreter and payload references to use metasploit-payloads
2015-05-05 15:01:00 -05:00
982b2381ed
New shell_command markers
2015-05-05 19:20:03 +01:00
013781fb9c
Land #5292 , WordPress custom file version check
2015-05-05 11:21:18 -05:00
18791ce933
Clean up code
2015-05-05 11:19:40 -05:00
1a8e8c624c
Merge branch 'master' into feature/MSP-12357/meterp-ntds
2015-05-05 11:07:36 -05:00
26e7fe15f9
Merge branch 'upstream' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
2015-05-05 11:00:38 -05:00
22d2275ecb
|| session.type == 'powershell'
2015-05-05 09:31:43 +01:00
62fa14326d
Merge branch 'upstream/master' into multi-transport-support
...
Merged with HD's stuff as he fixed up a few things that I had done too.
Conflicts:
lib/msf/base/sessions/meterpreter_options.rb
lib/rex/post/meterpreter/client_core.rb
lib/rex/post/meterpreter/packet_dispatcher.rb
2015-05-05 17:18:01 +10:00
c540ba4b98
Land #5297 : Track machine_id and dead sessions
2015-05-05 17:08:39 +10:00
2949bf053a
Remove old comment from ASM
2015-05-05 13:09:13 +10:00
852961f059
Tweaking of transport behaviour, removal of patch
2015-05-05 11:45:22 +10:00
cf62d1fd7c
Remove patch and old stageless stuff
2015-05-05 09:27:01 +10:00
b42f4f5cd2
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
lib/msf/core/payload/windows/stageless_meterpreter.rb
lib/msf/core/payload/windows/x64/stageless_meterpreter.rb
lib/rex/post/meterpreter/client_core.rb
modules/payloads/stages/linux/x86/meterpreter.rb
modules/payloads/stages/windows/meterpreter.rb
modules/payloads/stages/windows/x64/meterpreter.rb
2015-05-05 07:53:54 +10:00
e45bf5cf51
Remove the URI patcher now that it's not used at all
2015-05-05 07:35:49 +10:00
05e4af8162
Land #5214 , initial meterpreter session recovery support
2015-05-04 16:25:27 -05:00
453b1fce50
Spaces
2015-05-04 22:17:08 +01:00
658958d8e7
Allow sessions -c command on powershell
2015-05-04 22:07:22 +01:00
d90c25ecea
Land #5287 , RPC API fixes
2015-05-04 15:44:15 -05:00
0ca0d3d045
Improve nt_create_andx path parsing
2015-05-04 15:20:51 -05:00
e6ea5511ca
update linux and windows meterpreters to use metasploit-payloads
2015-05-04 09:44:36 -05:00
c2dc4677fb
Prevent stagless from overwriting socket
...
Stageless payloads need to have the socket FD left along (ie. 0)
otherwise each of them will think that the socket is already open.
Instead we need to make sure it's left as 0 as per the configuration and
from there the stageless code will fire up a new socket based on the
transport in question.
2015-05-04 22:36:59 +10:00
e835f2b99c
Rejig transport config into module
...
Adjust a few other things along the way, including tidying of code,
removing of dead stuff.
2015-05-04 22:04:34 +10:00
93bf995b32
Reverse tcp support for POSIX
...
Ported the stager and wired in the new work to make the configuration
function.
2015-05-04 20:11:26 +10:00
f42334414a
add recursion limit
2015-05-04 04:00:58 -05:00
9300158c9a
Initial rework of POSIX stuff to handle new configuration
2015-05-04 18:58:55 +10:00
7ff3044552
style cleanups and guard search where not implemented
2015-05-04 03:56:17 -05:00
8cab350275
use the search API when downloading recursive patterns
2015-05-04 03:56:17 -05:00
eefc6f78c6
avoid redownloading files that have not changed
2015-05-04 03:56:16 -05:00
9672a59b05
support download globbing
2015-05-04 03:56:16 -05:00
43be856b95
keep the glob going into subdirectories
2015-05-04 03:56:16 -05:00
8617115483
simplify arg parsing, compute initial stat path correctly
2015-05-04 03:56:15 -05:00
d934027b3b
expand glob match
2015-05-04 03:56:15 -05:00
866955b6fd
added -R recursive, glob filtering and a dummy '-l' option
2015-05-04 03:56:14 -05:00
a577bef9c3
Rework dirty cleanup to use skip_cleanup instead
2015-05-04 03:52:55 -05:00
e7ba6e8a9a
Speed up dead session cleanup by skipping shutdown/cleanup
2015-05-04 03:40:48 -05:00
3080feb188
Track the machine_id and drop non-responsive sessions automatically
2015-05-04 03:22:29 -05:00
d00f6a8fdf
Rework verbose sessions listing to work around table limits
2015-05-04 02:55:31 -05:00
b47305ba4a
Merge branch 'sqlmap_plugin_json_parse_issue' of https://github.com/void-in/metasploit-framework into sqlmap_plugin_json_parse_issue
2015-05-04 10:01:44 +05:00
02db66e2f6
Rescue connection refused backtrace
2015-05-04 09:57:53 +05:00
451484cb0d
Add support for transport listing
...
Includes a verbose flag for the extra HTTP/S properties
2015-05-04 11:19:53 +10:00
c0adf7f113
Land #5291 , HTTPS reference links
2015-05-03 14:33:20 -05:00
8ca66e03aa
Track and display the last checkin time for Meterpreter sessions
2015-05-03 10:52:54 -05:00
55967172be
allow custom regex
2015-05-02 21:06:15 +02:00
9678479abb
check version from custom file
2015-05-02 18:34:10 +02:00
480a176415
Initial commit
2015-05-02 10:11:17 -05:00
e5847f0ddc
Return only json type from lib as per wchen-7 suggestion
2015-05-02 15:11:59 +05:00
2189c6d868
Pass timeouts to clients and correctly patch timeouts
...
Timeouts are correctly passed through to the client instances from the
handlers. The cilent also passes those values through to the RDI code so
that the binaries are correctly patched.
2015-05-02 10:01:32 +10:00
c441ff81a1
Update comment in wordpress/version.rb
...
The comment 'All versions are vulnerable' makes sense on line 163 where there is no introduced or fixed version. On line 175 though there is a fixed version, just no introduced version. Adjusting comment text.
2015-05-01 17:05:31 -05:00
8bd2a69112
simplify and fix rpc_get_note
2015-05-01 16:01:07 -05:00
52b9fc8fca
handle unknown host when generating a new note
2015-05-01 15:47:05 -05:00
8d78135321
pass down the workspace for the other opt_to_* methods
2015-05-01 15:42:04 -05:00
f2504b84be
use the same logic with 'get_note' and 'del_note' for selecting notes
...
factor out the selector from 'get_note' and use it in both places
2015-05-01 15:41:25 -05:00
29b97f4695
remove superfluous parens on ifs
2015-05-01 15:40:45 -05:00
OJ
HD Moore
Samuel Huckins
wchen-r7
David Maloney
root
Brent Cook
RageLtMan
Christian Catalan
Tim
William Vu
jvazquez-r7
benpturner
Meatballs
root
darkbushido
Christian Mehlmauer
Tom Sellers