0584ae8177
Add Rex::Java::Serialization::Builder#new_object
2015-01-20 10:31:37 -06:00
6ca86256cf
Add Rex::Java::Serialization::Builder#new_array
2015-01-20 10:23:09 -06:00
ec57387821
Add Rex::Java::Serialization::Builder#new_class
2015-01-19 11:54:12 -06:00
4220a5e60f
Use Rex::Java::Serialization::Builder#new_class
2015-01-19 11:53:53 -06:00
cb0257bec7
Land #4576 , OpenVAS database import fix
2015-01-18 00:45:36 -06:00
55a746eeb7
Changing code to catch everything extraneous
2015-01-17 15:46:26 +00:00
697e4fbd41
Land #4584 , @sgabe's fix for egghunter searchforward
2015-01-16 19:36:52 -06:00
a42b095472
Delete heaponly option
2015-01-16 19:35:57 -06:00
859a8978e7
Allow searchforward to be an string
2015-01-16 19:33:19 -06:00
3297d198f3
Fix search-forward option in regular egghunter
2015-01-16 22:16:30 +01:00
95eab85df4
Add support for heap-only search in regular egghunter
2015-01-13 21:31:13 +01:00
5cc7d5d1a8
Remove errant pry
2015-01-13 10:35:05 -08:00
0babde8c1a
Fix specs
2015-01-13 10:48:23 -06:00
4351964290
Change module filename
2015-01-13 10:46:14 -06:00
3946b95bc3
Update rex code and specs
2015-01-13 10:45:00 -06:00
1f0b986bf1
Change filenames
2015-01-13 10:43:27 -06:00
69f03f5c5d
Move ACPP default port into Rex
2015-01-12 19:43:57 -08:00
d5cdfe73ed
Big style cleanup
2015-01-12 19:11:14 -08:00
9baae6e494
Potential Fix For OpenVAS DB Import Issue
2015-01-13 02:46:13 +00:00
ec506af8ea
Make ACPP login work
2015-01-12 14:01:23 -08:00
691ed2cf14
More cleanup
...
Don't validate checksums by default until they are better understood
Handle the unknowns a bit better
Make checksum failures more obvious why it failed
2015-01-12 13:08:12 -08:00
97f5cbdf08
Add initial Airport ACPP login scanner
2015-01-12 13:08:12 -08:00
fba6945e9a
Doc payload oddness. Add more checksum tests
2015-01-12 13:08:12 -08:00
54eab4ea3d
Checksum validation, more tests
2015-01-12 13:08:12 -08:00
7e4dd4e55b
Add ACPP decoding capabilities
2015-01-12 13:08:12 -08:00
2af82ac987
Some preliminary Apple Airport admin protocol (ACPP?) support
2015-01-12 13:08:11 -08:00
d59805568e
Do first module refactoring try
2015-01-07 19:06:09 -06:00
731c2f99d1
Handle better java references
2015-01-07 15:19:28 -06:00
0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post
...
Conflicts:
test/modules/post/test/services.rb
2015-01-07 20:53:34 +00:00
ba13e9d64c
Add Stream spec
2015-01-07 12:05:44 -06:00
98ec08ae0d
Add support for Ping and PingAck
2015-01-06 15:18:55 -06:00
1e3b24f01b
Add support for DbgAck
2015-01-06 15:00:17 -06:00
6d1d300e72
Add support for ReturnData
2015-01-06 12:52:00 -06:00
825e08f5ac
Add support for Call messages
2015-01-06 12:36:06 -06:00
f3ff42dbfb
Add support for Continuation
2015-01-06 11:34:47 -06:00
0bece137c1
Land #4494 , Object.class.to_s fix
2015-01-06 02:27:35 -06:00
757f95a24d
Add support for ProtocolAck
2015-01-06 00:14:14 -06:00
26da73ffb8
Change class name
2015-01-05 19:23:07 -06:00
d5dfd75e71
Add initial model and support to OutputStream
2015-01-05 18:52:13 -06:00
dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post
2015-01-05 22:18:44 +00:00
17ff546b0f
Remove unnecessary calls to expand path
...
When using the Meterpreter Binaries gem to locate the path to the
meterpreter DLLs, it's not necessary to use File.expand_path on
the result because the gem's code does this already.
This commit simple removes those unnecessary calls.
2015-01-03 08:30:26 +10:00
d45cdd61aa
Resolve #4507 - respond_to? + send = evil
...
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.
Resolve #4507
2015-01-02 13:29:17 -06:00
4f11dc009a
fixes #4490 , class.to_s should not be used for checks
2014-12-31 10:46:24 +01:00
722f86f361
Try to guess TMPDIR folder
2014-12-30 18:39:29 -06:00
7596d211e9
Use length for comparision
2014-12-30 18:39:18 -06:00
e903044fd5
Allow to provide writable dir
2014-12-30 18:36:30 -06:00
f17a7e8a61
Better handling of the unix domain socket argument
2014-12-30 18:36:28 -06:00
4df4e8b9d6
Add support for linux meterpreter migration
2014-12-30 18:34:24 -06:00
56df2d0062
Add support for linux meterpreter migrate types
2014-12-30 18:30:15 -06:00
135faeee29
Land #4095 , specs for Rex::OLE
2014-12-30 14:25:09 -06:00
a8e907d68b
Land #4479 , nil comparisons and missing DLLs
...
Also fixes #4474 .
2014-12-30 13:55:54 -06:00
bdac5db695
remove usage of ==/!= nil
...
Adjust all module-loading libraries to have consistent nil?/!nil? checking and
'if' style.
2014-12-30 10:59:49 -06:00
d727ac5367
Alias Rex::Ui::Text::Output::Tee print_raw to write, fixes #4469 and #4363
2014-12-29 16:47:04 -08:00
555713b6ae
Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support)
2014-12-29 16:09:28 -06:00
5d70b837ed
handle nil results from MeterpreterBinaries.path
...
When a meterpreter binary cannot be found, give the user some hint about what
went wrong.
```
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.43.1
lhost => 192.168.43.1
msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.43.1:4444
[*] Starting the payload handler...
[*] Sending stage (770048 bytes) to 192.168.43.252
[*] Meterpreter session 1 opened (192.168.43.1:4444 -> 192.168.43.252:49297) at 2014-12-29 12:32:37 -0600
meterpreter > use mack
Loading extension mack...
[-] Failed to load extension: No module of the name ext_server_mack.x86.dll found
```
This is also useful for not scaring away would-be developers who replaced only
half (the wrong half) of their DLLs from a fresh meterpreter build and
everything exploded. Not that thats ever happened to me :)
2014-12-29 12:34:02 -06:00
72eb8e6503
Land #4475 , inverted timeout fix
2014-12-29 11:37:28 -06:00
bbb41c39b8
fix backward meterpreter packet timeout logic
...
The current logic times out every packet almost immediately, making it possible
for almost any non-trivial meterpreter session to receive duplicate packets.
This causes problems especially with any interactions that involve passing
resource handles or pointers back and forth between MSF and meterpreter, since
meterpreter can be told to operate on freed pointers, double-closes, etc.
This probably fixes tons of heisenbugs, including #3798 .
To reproduce this, I enabled all debug messages in meterpreter to slow it
down, then ran this RC script with a reverse TCP meterpreter, after linking in
the test modules:
(cd modules/post
ln -s ../../test/modules/post/test)
die.rc:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.43.1
exploit -j
sleep 5
use post/test/services
set SESSION 1
run
2014-12-29 08:15:51 -06:00
d148848d31
Support Kerberos error codes
2014-12-24 18:05:48 -06:00
05a9ec05e8
raise NotImplementedError
2014-12-23 19:59:37 -06:00
4493b3285c
Raise NoMethodError for methods designed to be overriden
2014-12-23 19:51:41 -06:00
fee033d6df
Use Rex::Text.md5_raw
2014-12-23 19:30:23 -06:00
3c10b04673
add start of rspec tests
2014-12-23 16:35:27 +00:00
fca0484639
fix a few bugs with the code cleanup
2014-12-23 15:28:00 +00:00
6b98a7d444
Tidy up by removing some duplicate code; add framework to track payload requests through the file id
2014-12-23 14:14:06 +00:00
b41e259252
Move it to a common method
2014-12-23 11:16:07 +00:00
13ec578d1a
Revert "Back to Create OpenSSL::BN from string"
...
This reverts commit 635a54ca94
2014-12-22 23:17:03 -06:00
635a54ca94
Revert "Create OpenSSL::BN from string"
...
This reverts commit fe99b65a62
2014-12-22 19:14:07 -06:00
fe99b65a62
Create OpenSSL::BN from string
2014-12-22 18:44:47 -06:00
d12b43d257
Use Intege.new
2014-12-22 18:37:07 -06:00
ad97457a39
Move more constants to Crypto
2014-12-22 15:27:16 -06:00
75a2846377
Add more PAC constants
2014-12-22 15:14:46 -06:00
5a6c915123
Clean options
2014-12-22 14:37:37 -06:00
ff208002d7
Reorganize the Crypto mixin
2014-12-22 11:57:35 -06:00
9f1403a63e
Add initial specs for Msf::Kerberos::Client::TgsResponse
2014-12-20 20:29:00 -06:00
5f0c3ebb2b
Add documentation for Msf::Kerberos::Client::TgsResponse and TgsRequest
2014-12-20 19:32:38 -06:00
e35218b6f1
Add documentation for Msf::Kerberos::Client::CacheCredential
2014-12-20 18:28:36 -06:00
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
fad08d7fca
Add specs for Rex Kerberos client
2014-12-19 12:14:33 -06:00
f4037b1003
Clean Kerberos Rex client code
2014-12-19 11:08:48 -06:00
dfa92da287
Add TODO
2014-12-19 01:13:56 -06:00
77e2d4d90d
Add documentation for the Kerberos PAC support classes
2014-12-19 01:12:14 -06:00
fda4cd3440
Fix some Rex Kerberos model documentation
2014-12-18 19:30:12 -06:00
c426cf32d0
Add specs for Rex::Proto::Kerberos::CredentialCache::Principal
2014-12-18 17:40:06 -06:00
16d5ee1aae
Add documentation for the rex credential cache support
2014-12-18 17:12:58 -06:00
7275f5a5f2
Allow Rex to load credential_cache
2014-12-18 16:32:21 -06:00
f325d2f60e
Add support for cache credentials in the mixin
2014-12-18 16:31:46 -06:00
0a61e108ea
Add code skeleton for credential_cache
2014-12-18 00:30:47 -06:00
0f19f3cf2e
Add classes templates
2014-12-17 23:16:58 -06:00
f3f6a64f02
Add some AS response methods to a mixin
2014-12-17 19:50:42 -06:00
8e570cc19b
Initial support to send TGS-REQ
2014-12-17 18:55:30 -06:00
594b9bcfc2
Add support for AuthorizationData
2014-12-16 23:21:13 -06:00
9de4137aa7
Patch UA/Proxy settings during migration, lands #3632
2014-12-16 22:21:48 -06:00
1930eb1bf8
Refactors metsrv patching in reverse_http.rb
2014-12-17 10:04:43 -05:00
2649d482fe
Add support for KRB_AP_REQ
2014-12-16 18:39:42 -06:00
0f55a98450
Add support for Authenticator encoding
2014-12-16 17:45:54 -06:00
dde45a7f53
Add support for Checksum encoding
2014-12-16 17:05:35 -06:00
a93cbac7bf
Support ticket encoding
2014-12-16 16:04:13 -06:00
ce6b53b44c
Fix attribute description
2014-12-16 11:39:04 -06:00
a5f8b4319f
Add support to encode PAC-TYPE
2014-12-16 11:31:27 -06:00
1721641138
Add support for PAC-LOGON-INFO
2014-12-16 09:32:47 -06:00
52b3025351
Reworked to avoid extending String class on blob per hdm's rec.
2014-12-15 21:40:41 -05:00
c1114c180a
Add support for PAC-CLIENT-INFO
2014-12-15 17:32:51 -06:00
64a0162e3f
Add support for PAC-SERVER-CHECKSUM
2014-12-15 17:16:43 -06:00
482c883d36
Add the parent class for pac elements
2014-12-15 17:13:52 -06:00
2c7139b936
Add support for PAC-PRIVSRV-CHECKSUM
2014-12-15 17:13:22 -06:00
147ff13080
Add support to decode the encryption part of as responses
2014-12-15 11:47:08 -06:00
643279b54b
Add support to decode the encryption part of as responses
2014-12-15 11:46:11 -06:00
d81cdd6cbb
Add KdcResponse spec first draft
2014-12-14 21:20:54 -06:00
c3a2bcf956
Make KdcResponse decoding better
2014-12-14 21:01:09 -06:00
442adb080f
Add first support to decode tickets
2014-12-14 20:51:26 -06:00
35742873c7
Delete references to deleted namespaces
2014-12-14 19:23:21 -06:00
78c76092dd
Delete namespaces from model classes
2014-12-14 19:18:30 -06:00
13ae624738
Delete namespaces
2014-12-14 19:15:57 -06:00
2d0cb5acd8
Move elements to model dir
2014-12-14 19:11:21 -06:00
328e9f62e8
Add first draft for Kerberos responses
2014-12-14 19:09:41 -06:00
483c273e17
Add support to decode responses on the Rex client
2014-12-14 17:54:17 -06:00
883bfd1f46
Add support to retrieve e-data
2014-12-14 17:23:37 -06:00
7067f2ea83
Modify Rex::Proto::Kerberos::Client to read responses
2014-12-14 16:32:25 -06:00
c5dc065fde
Add support for decoding KrbError
2014-12-14 16:26:18 -06:00
704781d0ce
Modify exception message
2014-12-14 12:11:09 -06:00
8435328af7
Fix create_tcp_connection
2014-12-14 00:54:26 -06:00
0abf5d147e
Add some documentation
2014-12-14 00:51:44 -06:00
00590f9f26
Adds Java serialization support, lands #4327
2014-12-13 17:47:53 -06:00
19adfca8ce
Updated stubs from source
2014-12-13 12:55:41 -06:00
bde8c380c2
Make mixin run
2014-12-13 02:46:00 -06:00
f676b72767
Add Kademlia scanner, lands #4210
2014-12-12 16:40:58 -06:00
78eb3325bc
Add initial Rex Client and mixin
2014-12-12 01:20:14 -06:00
8140ed4a45
Merge branch 'upstream-master' into land-3175
2014-12-11 22:03:03 -06:00
20836c1789
Refactor crypto usage
2014-12-11 18:18:37 -06:00
0b2fd7ffec
Update PreAuthEncTimeStamp#encrypt documentation
2014-12-11 17:08:04 -06:00
424ce6ad53
Add constant with CRYPTO_MSG_TYPE
2014-12-11 17:03:46 -06:00
38a0506f2d
Refactor Crypto
2014-12-11 17:00:46 -06:00
35f02e6796
Add support to encode KdcRequest
2014-12-11 15:51:54 -06:00
d96206b813
Support KdcRequest#encode
2014-12-11 12:44:17 -06:00
3f12c5c9c5
Redo decode_asn1
2014-12-11 12:34:47 -06:00
8d6e41fae3
Add documentation for KdcRequest
2014-12-11 12:27:26 -06:00
162d2d39b5
Add support for KdcRequestBody decoding
2014-12-11 12:19:26 -06:00
39ffc0c58a
Add support for PreAuthData#encode
2014-12-10 19:48:44 -06:00
b89dee03c6
Add PreAuthEncTimeStamp#encode support
2014-12-10 19:30:21 -06:00
3accdb705b
Add support for PreAuthPacRequest#encode
2014-12-10 19:18:19 -06:00
96c1370334
Add EncryptedData#encode support
2014-12-10 19:12:24 -06:00
543ec35a01
Refactor PrincipalName#encode
2014-12-10 18:57:23 -06:00
5d2ff5982e
Add support for PreAuthEncTimeStamp decoding/decrypting
2014-12-10 18:33:46 -06:00
0eea9a02a1
Land #3144 , psexec refactoring
2014-12-10 17:30:39 -06:00
785ff60d8e
Add inital support for PreAuthEncTimeStamp
2014-12-10 11:25:48 -06:00
8ec403af89
Add support for PA-PAC-REQUEST
2014-12-10 10:51:37 -06:00
6ebfbe7271
Prefix coding
2014-12-10 09:54:57 -06:00
11acba3324
Prefix coding
2014-12-10 09:52:23 -06:00
6653502e68
Support pa_data parsing on kdc_request
2014-12-10 09:47:31 -06:00
cc909ba402
Add documentation for PreAuthData
2014-12-09 19:57:16 -06:00
jvazquez-r7
William Vu
nstarke
sgabe
Jon Hart
Meatballs
OJ
sinn3r
Christian Mehlmauer
Tod Beardsley
Brent Cook
Matthew Hall
HD Moore
Sean Verity