b273893947
use URI.parse over a custom regex
2015-09-01 14:07:05 -05:00
299ceb7087
Add timeout option for migration
...
This commit changes the migrate function so that an optional timeout parameter can be given. This means that people in high-latency scenarios can extend the timeout when migration in order to increase the chances that things will work.
2015-09-01 22:53:30 +10:00
696bc95838
Merge branch 'upstream/master' into adsi-file-output
2015-09-01 17:25:13 +10:00
ef73f56201
Add -o parameter to adsi query functions
...
This allows for the output of the query to be written to a file.
2015-09-01 17:03:41 +10:00
abfeb204b3
Move help functionality for ps command
2015-09-01 16:45:35 +10:00
ff6fbfa738
Land #5895 , rework of ADSI modules
2015-08-31 14:10:41 -07:00
92d74ffb3b
Default to SSLv23 (autonegotiate), fixes #5870
2015-08-31 13:30:05 -07:00
30830ad9e5
Land #5262 , fix webcam_chat and tidy adjacent code
2015-08-31 14:21:24 -05:00
fe69fc84de
expand the path environment variables before executing
2015-08-31 13:38:08 -05:00
fba751a986
Disable early returns
2015-08-31 12:13:42 -05:00
80f21b50c9
Fix #4227 by improving parsing of nested elements
2015-08-31 11:47:43 -05:00
b8b68983b0
Merge remote-tracking branch 'upstream/master' into adsi_group_enum_improvements
2015-08-28 15:11:27 +01:00
3a5ce02e8e
Changed the other print\n lines to print_line() for consistency
2015-08-28 14:05:44 +01:00
266a6e7dc4
Changed to print_line() at the request of hdm
2015-08-28 11:35:51 +01:00
a2d5511e39
Land #5379 , new post modules to load into powershell sessions
2015-08-26 17:11:40 -05:00
5cdf1aeef4
Added examples to the usage-help and run through msftidy
2015-08-26 19:33:09 +01:00
4bac21b7b9
Added command to list the domain controllers
...
Also added more information relating to the computers from LDAP
2015-08-26 15:33:54 +01:00
59cf75c5a8
Updated description to make it more obvious & added specific DC enumeration
2015-08-26 15:03:28 +01:00
7cee4d0ad1
Added the following commands:
...
adsi_group_enum - Lists all groups on the specified domain
adsi_nested_group_user_enum - Lists all users on the specified domain who are members of a given group DN (taking into account recursive/nested groups)
2015-08-26 14:14:15 +01:00
6c89d0997c
Land #5855 , android offline collection support
2015-08-25 17:44:51 -05:00
1181600a69
Land #5575 , interactive channel logging
2015-08-25 16:23:51 -05:00
7ff828d000
Land #5573 , console and session log timestamps
2015-08-25 15:35:25 -05:00
026e6626f2
Added regular expression filtering for excess characters
2015-08-25 14:59:20 -05:00
54dcd312f6
more style issues resolved
2015-08-24 18:07:31 -05:00
90a46fbcd0
update style issues
2015-08-24 17:58:24 -05:00
573f2b51a5
fix some crashes running webcam commands on webcamless machines
2015-08-24 16:51:43 -05:00
dfd00ad50b
prefer catching RuntimeError
2015-08-24 16:42:33 -05:00
6977a12dd8
whitespace fixups
2015-08-24 16:39:17 -05:00
f96236d61f
remove redundant to_s and RuntimeError
2015-08-24 16:21:34 -05:00
4e8cc47299
remove superfluous SYSTEMDRIVE path
2015-08-24 16:19:16 -05:00
407d701fd9
Remove unnecessary version_random_case option
2015-08-20 10:05:16 -07:00
2e4944b8ec
Remove unnecessary version_random_case option
2015-08-20 10:05:04 -07:00
99ab64727d
Land #5859 , add comparison cases for IP/IPv6 addresses in rex tables
2015-08-19 11:52:33 -05:00
f1ec92aba0
Land #5749 , http large file download fixes
2015-08-18 15:57:31 -05:00
015d045730
read max_size bytes at a time
2015-08-18 15:56:57 -05:00
5b173319f2
Fix up level rendering
2015-08-19 00:22:26 +10:00
884760f11d
Update the output format for the Wifi collection
2015-08-18 17:27:48 +10:00
5b35134f98
Land #5820 , DispatcherShell: Ensure exceptions don't interfere with busy state
2015-08-17 17:53:55 -05:00
02e3e9af16
Allow to compare ipv4 vs ipv6 hosts
2015-08-17 14:52:26 -05:00
241593117b
First pass of the android interval collection
2015-08-18 00:53:25 +10:00
5dd015150c
Land #5748 , refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter
2015-08-16 10:58:17 -05:00
422bba87d3
style fixes, moved google_geolocate to google/geolocate
2015-08-15 19:49:32 -05:00
3615bd094d
limit the # of bssids sent to google, log more error details
2015-08-14 17:58:33 -05:00
f4031d87fc
light ruby style cleanups
2015-08-14 17:26:05 -05:00
3aab9aa74c
move BSSID checker to tools, fixup rubocop warnings, add OS X example
2015-08-14 17:13:11 -05:00
3aa1f93196
Fixed string->uint
2015-08-14 17:45:47 +01:00
02a58d459b
Merge remote-tracking branch 'upstream/master' into pageant_extension
2015-08-14 17:05:38 +01:00
6e684d46f2
Ensure exceptions don't interfere with `busy`
2015-08-10 12:11:37 -04:00
de47f4752b
Added feature to add color background (Prompt)
2015-08-01 18:54:01 -03:00
deb6f5638e
Update WinSCP Gather
...
* Refactor parsing to common library to support command line tool
* Look in APPDATA not just ProgramFiles
* Iterate over user APPDATA
2015-08-01 20:44:14 +01:00
b40c36688c
check send retry count and abort in excess
2015-07-31 16:17:34 -05:00
6e146794a2
fix indents and style
2015-07-31 14:48:02 -05:00
226516ef20
restore PPID to the meterpreter process list table
...
This restores pre-66bd881ac5a6de636c2eea7528946bc2d3abd52c behavior, but merges
the current search and output fixups currently in the tree.
2015-07-25 18:10:10 -05:00
c30127cfe8
Land #5729 , add user-agent list, MeterpreterUserAgent derives from this
...
Later PRs will convert modules to use this. A random user agent might be nice
for meterpreter actually.
2015-07-24 17:39:30 -05:00
ec7bf606c6
Land #5735 , @rcvalle's for CVE-2015-1793 OpenSSL mitm
2015-07-24 14:38:27 -05:00
45b4334006
Use Rex::Socket::SslTcpServer
...
* Also add rex sockets managing
2015-07-24 11:16:09 -05:00
981d98443f
fix local mods
...
Fixed some local modifications that were unintentionally pushed.
2015-07-23 17:04:12 +01:00
31dcae6828
bug fixes
2015-07-23 16:58:55 +01:00
264bc0f921
Land #5726 , support multiple glob patterns with search
2015-07-22 17:58:33 -05:00
a52bf4526d
Use uniq on the globs array
...
This avoids search repetition.
2015-07-22 14:25:49 -05:00
121fe1adda
Land #5654 : Python Meterpreter Transport
2015-07-22 10:39:06 +10:00
85e806dc99
Add simple class for getting geo data from Google
2015-07-20 19:28:19 -05:00
0771d5ec39
minor fixes
2015-07-20 01:22:45 +01:00
97f4ec72f9
minor fixes
2015-07-20 01:20:36 +01:00
ad86a72918
send_sms + wlan_geolocate
2015-07-20 01:16:58 +01:00
844b47e8ce
Additional changes
2015-07-18 14:10:46 +07:00
7f05403ae0
Added certutil cmdstager
2015-07-16 13:20:05 +07:00
f6cdbb65dd
Land #5706 , Kiwi creds_* -o write to file
2015-07-15 15:43:29 +00:00
b6e25506d0
Add a common user agent list, use the shortest for Meterpreter
2015-07-15 13:03:47 +10:00
6685fc479b
Add multi-glob filesystem search to Meterpreter
2015-07-14 20:23:23 +00:00
53bcee011b
Land #5709 , s/Filed/Failed/ typo fixes
2015-07-13 18:37:46 +00:00
4cd6e0c72b
Added "Failed" to line 121 of kdc_request.rb
2015-07-13 11:27:32 -05:00
6a5645d747
Changed "Filed" to "Failed" in multiple files
2015-07-13 11:21:20 -05:00
0a581be9f9
put -u back for removing transports
2015-07-13 12:10:32 -04:00
4fc258ec0c
Remove duplicate entries, allow for output to file
...
This commit does a few tidies of code, as well as adds the ability to
write all the kiwi output to disk as well as to the console. We can't
yet add this stuff to the credential DB because it's tied to machine,
where the creds that come out of kiwi are often tied to domains.
This also removes duplicate creds from the output list, and gets rid of
the auth id stuff from the output too (not sure why it was useful
before).
2015-07-13 14:17:31 +10:00
eaa0d0a44e
first msg was better
2015-07-11 22:50:38 -04:00
508c9f55df
specify transports by index
2015-07-11 22:22:50 -04:00
5be94c12b6
Land #5602 , adds irb -e to core
2015-07-02 16:21:20 -05:00
434cffa258
clean up so idiomatic ruby details
2015-07-02 16:16:57 -05:00
0af397217c
Merge pymet transport feature into fresh branch
2015-07-02 08:43:13 -04:00
a17b27efce
Update descriptions
2015-07-01 21:47:51 -05:00
caddf545c4
Make getsystem more verbose
...
Resolves #4401
2015-07-01 20:49:14 -05:00
37ac5f0ee3
Use environment variables for Program Files
...
Done, thanks @Meatballs1 !
2015-06-30 17:28:21 -05:00
7aae9b210e
Add pymet support for core_enumextcmd
2015-06-26 11:32:51 -04:00
f6ae1f4223
Merge branch 'upstream/master' into android-java-transport-refactor
2015-06-26 14:12:56 +10:00
5a24dc8e64
Enable the transport command for java
2015-06-25 14:08:41 +10:00
f9642da387
Support expressions for meterpreter's irb too
2015-06-24 21:02:18 -04:00
5c65c58fdf
Land #5598:handle nil or short machine_ids gracefully
2015-06-24 19:11:08 -05:00
24a6e4c110
Comment update
2015-06-24 16:33:07 -05:00
4d58e49cdc
Land #5600 , update session info after migrate
2015-06-24 15:16:58 -05:00
151fa2f676
Update user info on migrate
2015-06-24 20:50:29 +01:00
aa9ea13934
Fix up the core_machine_id call to handle weirdness better
2015-06-24 11:44:54 -07:00
3141d4e465
Relocate the mkdir to synced_update
2015-06-23 10:44:15 -07:00
67e711998b
Do not create the payloads.json file until first usage
2015-06-23 12:21:04 -05:00
e696d2f3dc
Merge branch 'master' into land-5348-ntds
2015-06-22 17:18:13 -05:00
ba340ecec1
Land #5543 , add transport delete command
2015-06-22 16:58:47 -05:00
6a0a410cad
fix minor issue typing 'transport remove'
...
meterpreter > transport remove
[-] Error running command transport: NoMethodError undefined method `end_with?' for nil:NilClass
2015-06-22 16:56:16 -05:00
732192aeaf
move ntds from priv to extapi
2015-06-22 09:04:08 -05:00
48102aa6eb
Strip newlines so we dont add spaces
2015-06-21 19:13:55 +01:00
65adb7a770
Inlcude interactive channel logging
2015-06-21 17:00:51 +01:00
bf7e0695d0
Land #5570 , @todb-r7 Removes references to Iconv gem, since it's deprecated
2015-06-19 17:19:03 -05:00
d267efbbbe
Get the filename right
2015-06-19 22:07:00 +01:00
30b2a4aefe
Dont need source
2015-06-19 21:58:14 +01:00
50cd15c52a
Add the logsink
2015-06-19 21:56:39 +01:00
64449d5035
Timestamp session output
2015-06-19 21:50:42 +01:00
7eeb8805ee
Do minor code cleanup
2015-06-19 13:37:02 -05:00
01e37386dd
Add some YARD docs to the ebcdic methods
2015-06-19 12:59:47 -05:00
a004c72068
Get rid of the encode test and iconv fallback
2015-06-19 12:30:20 -05:00
afe5bb54c3
Get rid of the fall through methods
2015-06-19 12:24:07 -05:00
34ece37f26
First off, iconv is gone, and zlib is stdlib
2015-06-19 12:17:43 -05:00
8656add0ad
Add uri parameter when removing http/s transports
2015-06-19 10:55:22 +10:00
8ea09532c8
removed a debugging line
2015-06-17 13:13:00 -04:00
e30b0e0cda
forced client to version 3 for servers and added comments. This adds support for RFB version 4 servers. Tested on 004.001
2015-06-17 12:57:24 -04:00
772a5dd7df
Created array and added support for version 4
2015-06-17 12:31:51 -04:00
9573c7e415
Implement transport remove
2015-06-16 11:38:59 +10:00
91a06fb6fb
TFTP::Client retransmit lost data blocks on upload
...
Retransmit data blocks until we receieve a matching ACK.
2015-06-09 15:53:33 -05:00
ca7d6ec2d8
Account registers correctly on geteip_fpu
2015-06-08 16:35:23 -05:00
f8623ebdda
Add support for stage encoding to alpha_upper
2015-06-08 14:35:48 -05:00
11f2712a43
Use push instead of concat for single registers
2015-06-08 13:53:03 -05:00
890d9890e2
Account geteip_fpu modified registers
2015-06-08 12:00:14 -05:00
2a474c8375
Merge branch 'master' into feature/MSP-12358/ntds-dump-module
2015-06-08 11:42:03 -05:00
a77a4bd4c5
Account alpha_mixed modified registers
2015-06-08 11:16:24 -05:00
537dc6e218
Update Payload Cached Sizes fails in PSH Script
...
When attempting to update cached payload sizes which utilize the
Rex::Powershell functionality, the BRE block which appropriates
initial code is called with the 'code' variable being a nil which
results in:
```
lib/rex/powershell/script.rb:40:in `initialize': no implicit
conversion of nil into String (TypeError)
```
This throws a conditional into the File.open call which presents an
empty string instead of a nil. This still results in the rescue
block having to catch the exception, but manages to keep the
payload size updating script happy an retains consistent
behavior.
2015-06-07 11:42:24 -04:00
346ea40d66
fix some alignment, add usage
2015-06-04 16:14:31 -05:00
06cc759080
Use the correct help output for the ps command
...
It should not look like this:
```
meterpreter > ps -h
Usage: ps [ options ]
OPTIONS:
-S Search string to filter by
-h This help menu
```
It should not not look like this:
```
meterpreter > ps -h
Use the command with no arguments to see all running processes.
The following options can be used to filter those results:
OPTIONS:
-A <opt> Filters processes on architecture (x86 or x86_64)
-S <opt> String to search for (converts to regex)
-U <opt> Filters processes on the user using the supplied RegEx
-h Help menu.
-s Show only SYSTEM processes
```
2015-06-04 16:06:07 -05:00
b8a8e65c2c
Merge branch 'master' into land-5394-uuid-tracker
2015-05-29 16:22:45 -05:00
7b0006a1b2
Merge branch 'master' into land-5394-uuid-tracker
2015-05-29 15:41:31 -05:00
96a1e1b344
Land #5367 , add UUID stagers
2015-05-29 15:18:53 -05:00
1be04a9e7e
Land #5182 , @m-1-k-3's exploit for Dlink UPnP SOAP-Header Injection
2015-05-29 14:49:09 -05:00
8b2e49eabc
Do code cleanup
2015-05-29 14:45:47 -05:00
0d0dbaab60
Fix :gsub! delegator for Powershell::Script
2015-05-29 05:08:27 -04:00
10baf1ebb6
echo stager
2015-05-23 15:50:35 +02:00
c17ee64d81
Merge branch 'master' into feature/uuid-registration
2015-05-22 00:29:16 -05:00
1c73c190fc
Add machine_id support to windows php meterp
2015-05-22 14:55:29 +10:00
9ce669f878
Land #5328 : reworked x64 http/https stagers
2015-05-21 23:26:34 -05:00
10bd75348c
Merge branch 'upstream/master' into uuid-stagers
2015-05-22 13:07:25 +10:00
eac1663fed
Ensure that the base directory exists before creating the file
2015-05-21 00:40:49 -05:00
a8d111ce89
Merge branch 'master' into feature/uuid-registration
2015-05-20 19:48:39 -05:00
27e12754fe
Import Powershell libraries and sample post module
...
Sync critical functionality from Rex and Msf namespaces dealing
with encoding and processing of powershell script for exploit
or post namespaces.
Import Post module. Primarily adds a psh_exec method which will be
replaced in the next PR with @benpturner's work integrated into
the Post module namespace.
Provide a sample metasploit windows post module to show the
execution pipeline - entire subs process can be removed and the
module reduced to a psh_exec(datastore['SCRIPT']).
This commit is designed to provide sync between the SVIT fork and
upstream. Pending commits to be based on this work will provide
access to .NET compiler in the Post namespace to be used for
dynamic persistent payload creation on target and the import of
@benpturner's work.
2015-05-20 18:18:51 -04:00
e34c751034
only use regex matches if they are specified
2015-05-20 12:22:36 -05:00
e9be0d3f7a
Allow cmd_arp to use -S flag
...
Allow searching for regex' through ARP output using Table's new
'SearchTerm' parameter.
Example:
```
meterpreter > arp -S 10.2.1.1
ARP cache
=========
IP address MAC address Interface
---------- ----------- ---------
10.2.1.1 00:01:02:03:04:05 15
```
2015-05-20 11:26:06 -05:00
b20c1c51b5
Import -S option for netstat
...
Allow searching through netstat output tables for specific strings.
Example:
```
meterpreter > netstat -S 192
Connection list
===============
Proto Local address Remote address State User Inode PID/Program name
----- ------------- -------------- ----- ---- ----- ----------------
tcp 10.1.1.20:3389 192.168.100.186:38470 ESTABLISHED 0 0 3076/svchost.exe
tcp 10.1.1.20:63826 192.168.100.186:31158 ESTABLISHED 0 0 4568/powershell.exe
tcp 10.1.1.20:64887 192.168.100.186:31158 ESTABLISHED 0 0 -
```
2015-05-20 11:26:06 -05:00
e4165d3ae0
whitespace fixes
...
from @sempervictus
2015-05-20 11:26:04 -05:00
66bd881ac5
support filtering on processes with a regex
...
from @sempervictus
Merge forked changes to cmd_ps allowing for the use of string
matching on listing output via Rex::Ui::Text::Table's SearchTerm
facility
Example:
```
meterpreter > ps -S x64.*Auth.*Sys
Process list
============
PID Name Arch Session User Path
--- ---- ---- ------- ---- ----
400 smss.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\smss.exe
...
```
2015-05-20 11:25:56 -05:00
d97ad5f8e4
support more consistent table output formatting
...
from @sempervictus
2015-05-20 11:25:55 -05:00
8a0bb6735e
support creating Rex Tables from CSV
...
from @sempervictus
2015-05-20 11:25:53 -05:00
3d27443ef6
support flipping a table 90 degrees
...
from @sempervictus
This allows displaying large attributes in a nicer way.
2015-05-20 11:25:48 -05:00
1fe18243bd
Allow Internal Filtering by SearchTerm
...
from @sempervictus
Allow passing 'SearchTerm' into Rex::Ui::Text::Table creation to
filter all output by regex match to the string passed.
Provides base functionality for higher level subscribers such as
cmd_ls in meterpreter sessions for filtering output
2015-05-20 11:25:39 -05:00
6fd82ad996
add cp / copy commands
...
from @sempervictus
2015-05-20 11:25:36 -05:00
282c7eb81e
add -S regex search to ls, normalize arg parsing
...
from @sempervictus
Merge forked changes to cmd_ls allowing for the use of string
matching on listing output via Rex::Ui::Text::Table's SearchTerm
facility.
Example:
```
meterpreter > ls chef -R -S wget
No entries exist in chef/backup/chef/handlers
No entries exist in chef/backup/chef/ohai_plugins
No entries exist in chef/backup/chef
No entries exist in chef/backup
No entries exist in chef/cache/cookbooks/avast/attributes
No entries exist in chef/cache/cookbooks/avast/recipes
No entries exist in chef/cache/cookbooks/avast
No entries exist in chef/cache/cookbooks/chef-client/attributes
No entries exist in chef/cache/cookbooks/chef-client/libraries
No entries exist in chef/cache/cookbooks/chef-client/recipes
No entries exist in chef/cache/cookbooks/chef-client
No entries exist in chef/cache/cookbooks/chef_handler/attributes
No entries exist in chef/cache/cookbooks/chef_handler/libraries
No entries exist in chef/cache/cookbooks/chef_handler/providers
No entries exist in chef/cache/cookbooks/chef_handler/recipes
No entries exist in chef/cache/cookbooks/chef_handler/resources
No entries exist in chef/cache/cookbooks/chef_handler
No entries exist in chef/cache/cookbooks/cron/providers
No entries exist in chef/cache/cookbooks/cron/recipes
No entries exist in chef/cache/cookbooks/cron/resources
No entries exist in chef/cache/cookbooks/cron
No entries exist in chef/cache/cookbooks/logrotate/attributes
No entries exist in chef/cache/cookbooks/logrotate/definitions
No entries exist in chef/cache/cookbooks/logrotate/libraries
No entries exist in chef/cache/cookbooks/logrotate/recipes
No entries exist in chef/cache/cookbooks/logrotate
No entries exist in chef/cache/cookbooks/ohai/attributes
No entries exist in chef/cache/cookbooks/ohai/files/default/plugins
No entries exist in chef/cache/cookbooks/ohai/files/default
No entries exist in chef/cache/cookbooks/ohai/files
No entries exist in chef/cache/cookbooks/ohai/recipes
No entries exist in chef/cache/cookbooks/ohai
No entries exist in chef/cache/cookbooks/svit-windows/attributes
No entries exist in chef/cache/cookbooks/svit-windows/recipes
No entries exist in chef/cache/cookbooks/svit-windows/templates/default/plugins
No entries exist in chef/cache/cookbooks/svit-windows/templates/default
No entries exist in chef/cache/cookbooks/svit-windows/templates
No entries exist in chef/cache/cookbooks/svit-windows
No entries exist in chef/cache/cookbooks/windows/attributes
No entries exist in chef/cache/cookbooks/windows/files/default/handlers
No entries exist in chef/cache/cookbooks/windows/files/default
No entries exist in chef/cache/cookbooks/windows/files
No entries exist in chef/cache/cookbooks/windows/libraries
No entries exist in chef/cache/cookbooks/windows/providers
No entries exist in chef/cache/cookbooks/windows/recipes
No entries exist in chef/cache/cookbooks/windows/resources
No entries exist in chef/cache/cookbooks/windows
No entries exist in chef/cache/cookbooks
No entries exist in chef/cache
No entries exist in chef/handlers
No entries exist in chef/log
No entries exist in chef/ohai_plugins
No entries exist in chef/run
Listing: chef
=============
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
100666/rw-rw-rw- 161 fil 2014-07-21 11:08:26 -0400 wget.ps1
100666/rw-rw-rw- 1285 fil 2014-07-21 11:08:26 -0400 wget.vbs
meterpreter >
```
2015-05-20 11:25:33 -05:00
513a81e340
Add framework.uuid_db as a JSONHashFile
2015-05-20 00:28:32 -05:00
b2aef62a40
MSFTidy
2015-05-19 14:42:30 +01:00
ea4d3415ec
Continued to tidy up code, added verbose mode to assist in debugging
2015-05-19 12:21:00 +01:00
d704e95890
Tidying up
2015-05-19 11:34:25 +01:00
e152ceb05d
Tidied up code, added MWR labs logo
2015-05-19 10:33:32 +01:00
a4fc8aefd5
Working, tested & cleans up after itself
2015-05-19 10:21:08 +01:00
b749d44c6a
Tidied up working version, logic has now moved to a POST module
2015-05-19 10:00:50 +01:00
2d2032c96b
Merge remote-tracking branch 'upstream/master' into pageant_extension
2015-05-19 09:20:58 +01:00
4488a5e634
Add uuid support to python, and rework stages/stagers
2015-05-18 14:33:35 +10:00
bf2b113abb
Merge branch 'upstream/master' into update-x64-stagers
2015-05-18 13:28:36 +10:00
dbe4f3f1c8
Adjust single pack statement, fix up some quotes
...
* Moved over to using single quotes for strings that don't need
escaping or interpolation.
* Changed one pack spec to be "more correct". Thankfully, we were only
packing 0 so the endianness isn't a problem, however it should be
correct, hence the fix.
2015-05-18 09:29:48 +10:00
d725554a87
Fix UUID code so that it always deals with 16 bytes
...
Also re-add the payload ID to session validation now that the UUID stuff
is reliable.
2015-05-17 17:49:21 +10:00
b1507f6d2a
Land #5339 , support for 'sleep' with meterpreter sessions
2015-05-15 18:14:37 -05:00
fb3a2079f2
Merge branch 'master' into land-5339-sleep
2015-05-15 18:00:52 -05:00
7d44d6d67a
client side for new sysinfo fields
...
added Domain and Logged On Users fields to
the meterpreter sysinfo command
MSP-12715
2015-05-15 15:09:33 -05:00
93ba08738c
add backward compatibility for hash responses
2015-05-15 11:53:12 -05:00
c614f6059d
Merge branch 'master' into land-5326-
2015-05-15 11:29:54 -05:00
c8174119bf
Initial working pageant extension
2015-05-15 11:29:20 +01:00
7b2aee2a60
Merge branch 'upstream/master' into update-x64-stagers
2015-05-15 12:27:40 +10:00
1ff6d6298e
Remove stray comma causing help to be incorrect
2015-05-15 09:23:55 +10:00
7c013c0486
Merge branch 'upstream/master' into add-transport-sleep
2015-05-15 08:00:04 +10:00
6e813f6abd
Merge branch 'master' into feature/MSP-12357/meterp-ntds
2015-05-14 10:30:48 -05:00
83fbd41970
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
Gemfile.lock
modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb
2015-05-14 14:50:25 +10:00
60d331fe0c
Add support for a "sleep" command
...
This makes meterpeter shut down it's comms and sleep for a while before
it attempts to open communications again. This is effectively the same
as doing a transport change back to the same transport, but with
a timeout.
2015-05-13 10:13:08 +10:00
06dfdbcc2c
Merge updated transport changes
...
Discard changes that were made for reverse_https transport in x64 as
they no longer apply here.
2015-05-12 10:26:39 +10:00
836feaa2d8
Fix uuid setting, fix reverse_https x64 payload
...
The payload changes in this PR will be fixed up/removed in the
update-x64-stagers PR.
2015-05-12 10:24:11 +10:00
489afd5aa1
Remove redundant check for ascii_str setting
2015-05-12 09:50:58 +10:00
474461d2a4
Merge format and structure changes from multi transport
2015-05-12 09:46:02 +10:00
42f94e70c7
Add `nil` default to exit_types, transport param order swap
...
This allows for checking against exit types to be super easy instead of
having to have extra checks in place. Also changed the order of scope_id
and uri in the transport URI generation. The net effect of this is NOP
because these things only appear separately.
2015-05-12 09:05:58 +10:00
f3effe5fbb
some minor cleanup
...
cleanup based on feedback from Kronicdeth
MSP-12357
2015-05-11 11:17:58 -05:00
679bb46f86
Refactoring, exitfunk fix, block_api_hash func
2015-05-11 17:24:32 +10:00
29649ff881
Fix proxy config not making it through
2015-05-11 17:24:02 +10:00
d3ba84b378
Add TLV_TYPE_FILE_HASH
2015-05-10 14:18:16 +01:00
1a98c5ddc5
Land #5320 , fix SSL weak cipher results
...
This adds a fallback for deprecated ciphers that are no longer exported
current SSL libraries.
2015-05-08 18:19:25 -05:00
d3730ae18c
include a list of deprecated ciphers in the sslscan result
...
Allow recording remote deprecated cipher support even if the local OpenSSL
library does not support negotiating that cipher.
2015-05-08 18:05:00 -05:00
c103779eab
Land #5080 , @bcook-r7's 'ls' and 'download' meterpreter improvements
2015-05-08 18:02:16 -05:00
422e261b36
Use parenthesis
2015-05-08 17:59:04 -05:00
2f9205abc3
recover consistent parenthesis usage
2015-05-08 14:15:06 -05:00
8d5ef42c2d
be sure to pass the pattern more than one level deep
2015-05-08 14:03:12 -05:00
710a2a007b
fix format error
2015-05-05 15:27:06 -05:00
1a8e8c624c
Merge branch 'master' into feature/MSP-12357/meterp-ntds
2015-05-05 11:07:36 -05:00
62fa14326d
Merge branch 'upstream/master' into multi-transport-support
...
Merged with HD's stuff as he fixed up a few things that I had done too.
Conflicts:
lib/msf/base/sessions/meterpreter_options.rb
lib/rex/post/meterpreter/client_core.rb
lib/rex/post/meterpreter/packet_dispatcher.rb
2015-05-05 17:18:01 +10:00
c540ba4b98
Land #5297 : Track machine_id and dead sessions
2015-05-05 17:08:39 +10:00
852961f059
Tweaking of transport behaviour, removal of patch
2015-05-05 11:45:22 +10:00
b42f4f5cd2
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
lib/msf/core/payload/windows/stageless_meterpreter.rb
lib/msf/core/payload/windows/x64/stageless_meterpreter.rb
lib/rex/post/meterpreter/client_core.rb
modules/payloads/stages/linux/x86/meterpreter.rb
modules/payloads/stages/windows/meterpreter.rb
modules/payloads/stages/windows/x64/meterpreter.rb
2015-05-05 07:53:54 +10:00
e45bf5cf51
Remove the URI patcher now that it's not used at all
2015-05-05 07:35:49 +10:00
05e4af8162
Land #5214 , initial meterpreter session recovery support
2015-05-04 16:25:27 -05:00
e6ea5511ca
update linux and windows meterpreters to use metasploit-payloads
2015-05-04 09:44:36 -05:00
e835f2b99c
Rejig transport config into module
...
Adjust a few other things along the way, including tidying of code,
removing of dead stuff.
2015-05-04 22:04:34 +10:00
f42334414a
add recursion limit
2015-05-04 04:00:58 -05:00
9300158c9a
Initial rework of POSIX stuff to handle new configuration
2015-05-04 18:58:55 +10:00
7ff3044552
style cleanups and guard search where not implemented
2015-05-04 03:56:17 -05:00
8cab350275
use the search API when downloading recursive patterns
2015-05-04 03:56:17 -05:00
eefc6f78c6
avoid redownloading files that have not changed
2015-05-04 03:56:16 -05:00
9672a59b05
support download globbing
2015-05-04 03:56:16 -05:00
43be856b95
keep the glob going into subdirectories
2015-05-04 03:56:16 -05:00
8617115483
simplify arg parsing, compute initial stat path correctly
2015-05-04 03:56:15 -05:00
d934027b3b
expand glob match
2015-05-04 03:56:15 -05:00
866955b6fd
added -R recursive, glob filtering and a dummy '-l' option
2015-05-04 03:56:14 -05:00
a577bef9c3
Rework dirty cleanup to use skip_cleanup instead
2015-05-04 03:52:55 -05:00
e7ba6e8a9a
Speed up dead session cleanup by skipping shutdown/cleanup
2015-05-04 03:40:48 -05:00
3080feb188
Track the machine_id and drop non-responsive sessions automatically
2015-05-04 03:22:29 -05:00
451484cb0d
Add support for transport listing
...
Includes a verbose flag for the extra HTTP/S properties
2015-05-04 11:19:53 +10:00
8ca66e03aa
Track and display the last checkin time for Meterpreter sessions
2015-05-03 10:52:54 -05:00
2189c6d868
Pass timeouts to clients and correctly patch timeouts
...
Timeouts are correctly passed through to the client instances from the
handlers. The cilent also passes those values through to the RDI code so
that the binaries are correctly patched.
2015-05-02 10:01:32 +10:00
c3438955d4
Land #5169 , stop reading when the HTTP socket is closed
2015-05-01 11:40:49 -05:00
acb833bd09
NTDS::Parser class built out
...
the NTDS Parser class will take a meterpreter
client and a fielpath and provide an enumerator for reading
out the user accounts as ruby objects
MSP-12357
2015-04-30 14:57:30 -05:00
3e40433f00
Add an alias for write
...
Fixes #4971
2015-04-30 08:56:16 -05:00
8ddd7a4891
Fix session removal code, prevent missing transport param fail
2015-04-30 22:39:48 +10:00
e220ccfda0
Merge branch 'master' into feature/MSP-12357/meterp-ntds
2015-04-28 08:25:09 -05:00
919b96e4cf
Fix up UUID handling
2015-04-28 21:59:19 +10:00
4f9c8d04a2
Add support for moving transports and uuid fetching
...
The 'next' and 'prev' commands were added so that the session can jump
transports without having to add new ones at the same time.
There's also a command which gives the UUID now so that this can be
reused across sessions.
2015-04-28 20:24:44 +10:00
f711e5dee7
Update migration support
...
Migration now uses the new meterpreter loader. Migration configuration
is loaded and created by meterpreter on the fly, and supports the
multiple transport stuff that's just been wired in.
2015-04-28 17:41:43 +10:00
fca4d852a1
Remove the passing on off listen socket values
2015-04-28 13:51:48 +10:00
d82bfb0692
Reorder params, fix up the transport termination
2015-04-28 13:03:40 +10:00
c41f4bd59f
Fix up http/s a little
...
Correctly check the URL against the non-widechar version. Get the SSL
verification stuff working again.
2015-04-28 09:44:48 +10:00
1ca5188c5e
Change the payload to use IPv6 formats if required
2015-04-28 07:44:21 +10:00
9aaa2ec8cc
First pass at making webcam_chat more functional
2015-04-27 16:23:35 -05:00
6da8a14f62
Initial work on x64 payloads for new config
2015-04-26 13:41:31 +10:00
6ac3ecfa7c
Refactor, add reverse_winhttps support
...
Getting closer to a normalised view of what this stuff will look like.
There URL patching is slowly being removed. Reverse HTTPS works fine,
and by default HTTP should too.
Next up, x64 for the same main ones.
2015-04-26 12:11:14 +10:00
bb77a3a0e6
First pass of refactoring to support new config block
...
This is pretty basic stuff, but at least it's reusable.
2015-04-25 21:36:28 +10:00
6c77c4bb52
opening groundwork
...
added a priv extension method to open
a stream channel to read ntdsaccounts from
and an NTDS account class to accept the
data and parse it into a useable structure
MSP-12357
2015-04-24 15:50:12 -05:00
ff96101dba
Land #5218 , fix #3816 , remove print_debug / DEBUG
2015-04-24 13:41:07 -05:00
27f6adcd81
Land #5110 , teach Http::Response to extract hidden form inputs
2015-04-24 13:30:57 -05:00
edbf9b766f
Land #5100 , @bcook-r7's deletekey API usage fix
...
Fixes #5099
2015-04-21 12:58:02 -04:00
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
70f94bbd96
break loop if socket is closed
2015-04-21 11:09:17 -04:00
c8bab6ace1
Fix help for timeouts
2015-04-21 20:35:46 +10:00
f654fea9b3
Adjust transport command to work with posix
2015-04-21 20:16:57 +10:00
86957d9b07
Merge branch 'upstream/master' into connection-recovery
2015-04-21 20:01:59 +10:00
1a66786d1b
Fix Nmap XML parser for tunnel attribute
2015-04-20 17:04:19 -05:00
79ca0a56f9
Land #4171 , Steam protocol support
2015-04-20 15:35:06 -05:00
97912882ca
Adjustments for POSIX meterpreter patching
2015-04-17 19:53:05 +10:00
3107d99b9a
Use the same URI that was registered when we deregister
...
The original URI is registered as '/foobar/' but is deregistered as
'//foobar/', causing it to never get deregistered. Changing this fixes
unregistration of the service handler for staged payloads, but stageless
doesn't work properly if the URI actually gets deregistered.
2015-04-17 03:20:24 -05:00
18225780da
cleanup HTTP and HTTPS listeners when sessions are closed
...
Rather than listening forever after a session shuts down, close the session if
there are no other URI's registered on the listener. This allows reconfiguring
the listener without restarting framework, but should be safe for situations
where multiple modules share the same listener.
2015-04-17 02:41:24 -05:00
0a8b29dd86
Merge branch 'upstream/master' into connection-recovery
...
Conflicts:
lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb
2015-04-17 14:40:21 +10:00
e0cd4a4d44
Merge branch 'upstream/master' into multi-session-stageless
2015-04-17 12:46:20 +10:00
f280e5191b
I forgot to move this require statement
2015-04-16 21:11:09 -05:00
3493d25ff9
Move all this to Rex
2015-04-16 21:07:23 -05:00
9bf897a829
Land #4744 , refactor powershell for msfvenom psh-cmd
2015-04-16 15:44:57 -05:00
602e9c8df1
Update client.rb
2015-04-16 16:06:16 -04:00
6ef86b69a7
Fix loop spinning in HttpClient
2015-04-16 10:49:47 -04:00
75b559eea3
Land #5081 , meterpreter certificate hash check controls
2015-04-14 10:46:13 -05:00
7f56c07b64
add missing sslhash attribute
2015-04-14 10:45:44 -05:00
4e49964c15
Add support for init_connect for stageless payloads
...
This new mode for HTTP/S stageless allows the stageless payload to be
reused without MSF believing that the session has already been
initialised.
2015-04-14 16:43:07 +10:00
1c5de59d99
Add support for the set of timeout values
...
This removes the need for a separate get call behind the scenes as
meterpreter does get and set in a single call.
2015-04-13 10:42:05 +10:00
ec7fab7ef6
Add support for getting transport timeouts
2015-04-13 10:07:50 +10:00
d5903ca5b2
Land #5126 , Meterpreter edit command fix
2015-04-10 17:19:33 -05:00
8acc768da7
Copy documentation
2015-04-10 17:17:54 -05:00
64c2bf3227
don't raise exception if file download fails
2015-04-10 16:23:33 -04:00
b5f4b72b51
fix timestomp arg parsing
2015-04-10 00:28:35 -04:00
809409d8c4
Lots of changes to support moving timeouts to common spots
...
Session expiry, comms timeout, retry total/wait are all now part of all
of the meterpreter payloads as these are going to be used for
maintaining access with resiliency and will aim for consistency across
the payload types.
2015-04-09 17:57:43 +10:00
2b5ba7d12d
fixed a typo
...
a typo fixed in help.
command and not commannd
2015-04-09 12:11:46 +05:30
1591c92547
Add the "all" option for the uictl
2015-04-09 01:04:50 -03:00
e03f2df691
Land #5002 , RMI/JMX improvements
2015-04-08 15:23:29 -05:00
db9a3d167a
fix deletekey API usage from the meterpreter CLI
...
There is an old-looking bug where the deletekey command opens the key it tries
to delete, then deletes the same key name again. Basically, it uses the wrong
level of indirection.
2015-04-07 15:34:23 -05:00
53d5b97634
Add support for UUID generation in transport switching
...
If the session doesn't have a payload UUID we now generate one as best
we can. This code will probably go away when TCP related transports have
had the UUID stuf baked in.
2015-04-07 17:25:55 +10:00
15313243cc
Use UUID instead of old skool URIs
...
This uses HD's UUID stuff to generate a new URI for the transport.
Currently we don't have UUID support for TCP connections, but that's
coming.
Still do to: generation of a valid UUID for payloads that don't already
have one.
2015-04-07 16:00:30 +10:00
2977cbd42a
Merge branch 'upstream/master' into dynamic-transport
2015-04-07 14:30:48 +10:00
38a77c930e
Land #5072 : Support and embed payload UUIDs
2015-04-07 10:10:36 +10:00
5f8d58f214
Use framework.db.active
2015-04-06 14:08:10 -05:00
566c330b83
Add workspace to prompt format options
2015-04-06 09:19:49 -05:00
4635bb83c3
Implement ssl verification toggling
...
Add support to meterpreter that allows for the querying and toggling of
SSL certificate verification on the fly.
In order to verify that the socket was SSL-enabled, some rejigging had
to be done of the type? method in the ssl socket class.
2015-04-06 14:40:59 +10:00
8bcdddfd04
Fix yardoc comment, thanks @void-in!
2015-04-05 22:09:35 -05:00
261ef51813
Add Rex::Java::Serialization exceptions
2015-04-05 18:43:03 -05:00
2e52817b24
Add DecodeError
2015-04-05 18:16:19 -05:00
85a70d401b
Introduce Rex::Proto::Rmi::DecodeError
2015-04-05 18:15:04 -05:00
3570fc586f
Use constants for JMX serial version uids
2015-04-05 16:23:39 -05:00
72c36eb23e
Use concatenation
2015-04-05 15:57:50 -05:00
ebf77cd02d
Merge remote-tracking branch 'upstream/master' into msfvenom_psh_squash
...
Conflicts:
lib/msf/util/exe.rb
2015-04-05 00:24:48 +01:00
c9696d3f6c
Merge in stageless/transport work, deconflict
2015-04-04 11:52:26 -07:00
e3bbb7c297
Solve conflicts
2015-04-03 14:57:49 -05:00
75c6341dd8
Fix raise
2015-04-03 14:18:15 -05:00
6c36a82f78
Land #5059 , @void-in's documentation clean up
2015-04-03 14:16:34 -05:00
b0042f1cf2
Undo java serialization and RMI fixes
2015-04-03 14:07:49 -05:00
11d372b015
Fix YARD documentation
...
* Thanks @void-in
* See #5059
2015-04-03 14:01:31 -05:00
0dd987d873
Updated as per jlee-r7 feedback
2015-04-03 10:17:54 +05:00
fd043d4842
Fix up build and missing uri_checksum stuff
...
Somehow this made it into a merge when it shouldn't have. This fix moves
the URI checksum module to where it needs to be and updates all the
references where required. This will result in a class with the dynamic
transport branch, but I can fix that after.
2015-04-03 13:42:25 +10:00
d2d68d76a2
Update transport switching to a full blown command
...
Transport switching should now support all of the bits and pieces
required to do full switching with all configurable transport options
2015-04-02 23:13:59 +10:00
4ba761986f
Correct YARD doc comments
2015-04-02 16:14:25 +05:00
47fa97816d
Code fixes as per suggestions, fix build
...
* Use of `ERROR_FAILURE_WINDOWS` in python meterpreter.
* Moving of constants/logic to client_core instead of
command_dispatcher.
* Fix spec include.
2015-04-02 09:05:38 +10:00
01bdf54487
Merge branch 'upstream/master' into dynamic-transport
2015-04-01 18:53:20 +10:00
79ec2e0586
Add machine ID support to the command list
2015-04-01 14:29:04 +10:00
1a313ad943
Fix up the proxy patching
...
Patching of the proxy details was failing, so this commit fixes that.
Also, added code that makes the proxy type check case-insensitive.
2015-04-01 11:48:22 +10:00
a9cfd7efef
Merging master back into the UUID branch
2015-03-31 12:02:03 -05:00
d89cd118e0
remove wininet workaround in meterpreter http/s
...
We had a workaround to close connections on very old wininet implementations
that would not do it themselves. With the new WinHttp API-using meterpreters
and stagers, we no longer should use this workaround. It can actually be
actively bad and prematurely close the connection.
This needs testing around different payloads, and they should be on real
networks, ideally where TCP really has to work to get data transfered.
2015-03-30 23:38:32 -05:00
13fc498523
Land #4948 , fixes several AppScan import issues
2015-03-29 23:33:01 -05:00
c0f496197c
Rejig code to support http payloads
...
* Move the uri checksum code to a spot that can be shared with rex.
* Adjust modules to make use of this new location.
* Fix up the tranpsort switcher to add the URI for those payloads.
2015-03-30 07:11:25 +10:00
1f00b595bc
Hacked support for transport switching
2015-03-25 13:08:52 +10:00
6ea42f6599
Fix description
2015-03-24 12:30:27 -05:00
39e87f927a
Make code consistent
2015-03-24 11:44:26 -05:00
25dcfc796a
Better support old binaries in rev http(s)
...
* Patch 256char URL if the 512char one doesn't work.
* Return an empty list in the case where the ext enum fails.
2015-03-24 10:14:44 +10:00
04341bfc78
Support JMX_ROLE again
2015-03-23 17:32:26 -05:00
1869977921
Land #4962 : OJ adjusts MSF to new metsrv needs
...
bump meterpreter bins to 0.0.17
2015-03-23 17:18:06 -05:00
d8d4c23d60
JMX code refactoring
2015-03-23 17:06:51 -05:00
60966f3d2a
handle a blank response body
...
sometimes the response body itself can be blank
so we need to handle that properly.
MSP-9972
2015-03-23 16:03:30 -05:00
962bb670de
Remove old JMX mixin
2015-03-23 15:48:10 -05:00
9c9d333a1b
Create verify ssl mixin, adjust some formatting
2015-03-23 13:21:08 +10:00
bc3c73e408
Merge branch 'master' into feature/registered-payload-uuids
2015-03-22 18:51:13 -05:00
0d1fe37710
Ignore non-base64url characters during decode
2015-03-22 16:16:47 -05:00
94241b2998
First attempt at rewiring HTTP handlers to use UUIDs
2015-03-21 03:15:08 -05:00
97b919923e
Fix undefined esize in Rex::Exploitation::Egghunter
...
esize is not a valid variable, and we don't need it either.
2015-03-20 21:32:46 -05:00
858d9b1e7a
Introduce Rex::Text.(en|de)code_base64url and use it for uri_checksum
2015-03-20 21:32:08 -05:00
9d20d057dd
Update Meterpreter URL length to 512
2015-03-20 13:16:43 +10:00
fd4ad9bd2e
Rework changes on top of HD's PR
...
This commit removes duplication, tidies up a couple of things and puts
some common code into the x509 module.
2015-03-20 13:06:57 +10:00
7ca91b2eb5
Add support for ssl to the patcher
2015-03-20 12:52:38 +10:00
a9f74383d0
Update patch to support both ascii and wchar
2015-03-20 12:52:18 +10:00
acd802c5fd
Initial work for WinHTTP comms support in Meterpreter
2015-03-20 12:51:47 +10:00
564962042e
Land #4925 , OJ adds self-contained windows meterpreter options
2015-03-19 21:07:32 -05:00
24ce0118b8
reenable UTF filtering support where needed
...
revert d22231bdc8
2015-03-19 16:02:21 -05:00
ec90594f7e
Add support for Rex::Java::Serialization::ProxyClassDesc
2015-03-19 15:41:24 -05:00
a582e05b6d
Merge gemfile changes in master
2015-03-20 06:29:38 +10:00
040ef1e3e9
Land #4950 : ls unicode and sorting in meterpreter
2015-03-20 06:28:29 +10:00
5c3134a616
Add first support to gather information from RMI registries
2015-03-19 11:16:04 -05:00
7899881416
Update POSIX bins from master
2015-03-19 14:50:14 +10:00
ae621c83c5
Add a URL-safe base64 encoder/decoder
2015-03-18 17:03:29 -05:00
c774038fe6
improve ls output by providing various new options
2015-03-18 16:02:03 -05:00
4293af01b1
make sure we strip leading whitespace
...
in the aforementiond record_request_and_response method
we need to still make sure to strip leading whitespace
from the front of our data before saving it
MSP-9972
2015-03-18 11:23:45 -05:00
dacaa9e82b
simplify request-response parsing in apsscan
...
the record_request_and_response method for the
nokogiri appscan parser was way overcomplicated
it was trying to do way too much trickiness
when the data could be very simply split and consumed
MSP-9972
2015-03-18 11:19:00 -05:00
3269817b29
remove bad truthiness checks
...
truthy checks were used here, but you'll get
an empty hash which will be treated as true causing
the test to be invalid and allowing for errors further in the method
MSP-9972
2015-03-18 10:52:24 -05:00
8d3cb8bde5
Fix up meterpreter patching arguments and names
2015-03-18 01:25:42 -05:00
390a704cc7
Cleanup proxyhost/proxyport arguments to match new names
2015-03-18 01:19:05 -05:00
14be07a2c4
Update java_rmi_server modules
2015-03-17 21:29:52 -05:00
6315e07312
Add specs for UniqueIdentifier
2015-03-17 20:38:43 -05:00
87b777e923
Refactor moving code to rex
2015-03-17 17:15:32 -05:00
d22231bdc8
remove unicode_filter_encode calls
...
Let the underlying utf8 messages through to the console.
2015-03-17 11:07:07 -05:00
11593800b6
Move X509 PEM parsing into Rex::Parser::X509Certificate
2015-03-14 15:52:23 -05:00
74ee2d8408
Land #4916 , @hmoore-r7 annotate Interlock Target param as 'in' only
2015-03-13 08:59:59 -05:00
1338a55b0d
Adjust error handling for extension enumeration
...
Make the catch case more generic for when the target doesn't support the
command for extension enumeration. This supports more than just windows
now.
2015-03-13 21:49:45 +10:00
fa2fbc387c
Land #4922 , REG_MULTI_SZ for type2str
2015-03-13 01:07:27 -05:00
14a5efce58
Add yardoc
2015-03-13 01:04:23 -05:00
f676dc03c8
Lands #4849 , prevents the target from running out of memory during NTFS reads
2015-03-12 00:01:47 -05:00
7252ba284a
Tweak memory usage from 64Mb to 4Mb
2015-03-11 23:58:13 -05:00
aa79b71e35
Fixes #4897 by corrected kernel32!Interlocked function definitions
2015-03-11 23:26:32 -05:00
345b5cc8e1
Add stageless meterpreter support
...
This commit adds plumbing which allows for the creation of stageless
meterpreter payloads that include extensions. The included transprots at
this point are bind_tcp, reverse_tcp and reverse_https, all x86.
More coming for x64. Will also validate http soon.
2015-03-12 13:22:04 +10:00
cd5699dc39
Sort cases and add specs
2015-03-08 23:27:32 -05:00
0440e19cc1
Add REG_MULTI_SZ
2015-03-08 22:48:24 -05:00
1c064f6b46
Land #3074 , @0x41414141 SMB Share mixin
2015-03-04 10:16:04 -06:00
64fd818364
Land #4411 , @bcook-r7's support for direct, atomic registry key access in meterpreter
2015-03-04 10:01:33 -06:00
cdf5fec474
Fix style
2015-03-04 09:57:39 -06:00
8328c5c5e9
Add specs for SMB_FIND_FILE_BOTH_DIRECTORY_INFO requests
2015-03-03 12:43:41 -06:00
eb3aedf4a7
Define constants for WordCount in responses
2015-02-28 18:15:14 -06:00
89a033c194
Delete unnecessary paddings due to miscalculations
2015-02-26 15:54:00 -06:00
3aa68c30b0
=> not => !
2015-02-26 21:31:01 +01:00
a427e417a3
-consomation +consumption
2015-02-26 21:23:09 +01:00
0a51ca12a5
Download all of every file implicitly
2015-02-26 14:10:53 -06:00
d0ca1b2dc6
Delete a thing I added for no reason
2015-02-26 14:06:10 -06:00
5996256ccc
Fix formatting
2015-02-26 14:05:50 -06:00
c73ffea1b9
Do minor cleanup
2015-02-26 12:50:45 -06:00
d75f55e493
Rex should not depend on ActiveSupport, .blank? is not stdlib Ruby
2015-02-26 11:23:38 -06:00
970f0c94b2
Create CREATE_ANDX constants
2015-02-26 10:44:07 -06:00
ab1bb0e50d
bugfixes to https://github.com/jvazquez-r7/metasploit-framework/tree/review_3074_clean_server
...
to provide consistent support for various exploits and OS SMB Commands.
Reintroduces smb_cmd_trans_query_path_info_network for use with the Struts2 JSP injection vulnerability.
Reintroduces smb_cmd_trans_query_file_info_basic for common use with rundll32.
Corrects some issues with filename formatting and pattern matching for file requests (can still be improved).
2015-02-26 16:10:34 +00:00
ed9213eb4c
Add fsquery check to fs{download,delete} methods
2015-02-25 17:37:20 -06:00
ea5b6f66d4
Add UEL to fsdownload method
2015-02-25 17:35:34 -06:00
5d3c7f3b4a
Add fsquery method
2015-02-25 17:18:23 -06:00
1f981dd336
Add FSQUERY constant
2015-02-25 17:00:27 -06:00
993c75ec77
Update Offset counts with constants
2015-02-25 16:25:16 -06:00
91f0713056
Add fsdelete method
2015-02-25 15:41:40 -06:00
a096a17e21
Add FSDELETE constant
2015-02-25 15:39:51 -06:00
80d8491d09
Add fsdownload method
2015-02-25 15:00:31 -06:00
e8c2c3687d
Replace "pathname" with "path"
...
This always bothered me, since I usually say "path."
2015-02-25 15:00:18 -06:00
02ea7a0282
Add FSDOWNLOAD constant
2015-02-25 15:00:11 -06:00
df50aa0f06
Use constants for DataCount and DataCountTotal
2015-02-25 14:11:38 -06:00
f21959a8a2
Add constants for session setup actions
2015-02-25 13:31:57 -06:00
e967cfbfb3
Create Access rights constants
2015-02-25 13:22:16 -06:00
1caffbea2d
Add constants for Negotiation Capabilities
2015-02-25 12:50:33 -06:00
50d50d5353
Define constants for SMB Flags
2015-02-25 12:28:25 -06:00
e5d9bb0a47
Update from master
2015-02-25 11:37:13 -06:00
ec9be4531b
Add SMB_CREATE_ANDX_RES_PKT template
2015-02-25 11:33:08 -06:00
d10385cfed
Add template for SMB_TREE_CONN_ANDX_RES_PKT
2015-02-24 19:27:25 -06:00
642765aeb5
Delete comments
2015-02-24 18:27:02 -06:00
bb36899699
Do templates names consistent
2015-02-24 18:26:46 -06:00
d29e9fc20b
Parse TRAN2_FIND_FIRST2 commands
2015-02-24 17:02:49 -06:00
5f0aeda0be
Land #4835 , new hex format for msfvenom
2015-02-24 10:56:47 -06:00
5880702552
added new hex format
2015-02-24 16:05:02 +01:00
ab4a416958
comment out duplicate keys that can only be used for reference
...
ruby is ignoring all but the second instances, and 2.2 still throws a
warning
2015-02-24 08:50:02 -06:00
5eec07d4d1
Fix duplicate hash key "jpeg"
...
In lib/rex/proto/http/server.rb.
2015-02-24 05:19:42 -06:00
ea483f14a1
Try to fix logic for query information levels
2015-02-23 17:17:33 -06:00
3fca26a5de
Add support for SMB_COM_TRANSACTION2 data blocks and params
2015-02-23 16:37:39 -06:00
a06d07d6da
Clean smb_cmd_trans2_query_file_information dispatching
2015-02-23 12:03:08 -06:00
3d7381b62a
Handle TRANS2 commands
2015-02-23 11:33:49 -06:00
e5e3474af4
Handle ICMP "protocol not available" errors as connection errors
2015-02-22 16:36:53 -06:00
d8132f86ff
ajust buffer size
2015-02-22 08:51:16 +01:00
85871ab822
Fix #4382 , Make errors more meaningful
...
Fix #4382
2015-02-20 20:09:58 -06:00
52a0e6dd1c
Mark a couple of handlers for later review
2015-02-20 16:28:04 -06:00
0d53dc1d13
use a buffer to avoid memory use on victims machine
...
use a buffer to avoid memory use on victims machine
use attacker memory to store files
avoid bugs on large files
2015-02-20 20:02:09 +01:00
a91d19e0e7
Add template for SMB_QUERY_FILE_STANDARD_INFO
2015-02-20 10:58:15 -06:00
21978a1bfe
Add template for SMB_QUERY_FILE_BASIC_INFO
2015-02-20 10:40:45 -06:00
cf63e09188
Add templates for SMB_FIND_FILE_FULL_DIRECTORY_INFO_HDR and SMB_FIND_FILE_NAMES_INFO_HDR
2015-02-20 09:17:51 -06:00
fe75a31a59
NTFS parser optimisation
...
NTFS Parser does not gather automaticaly non resident attribute
that were not necessary
Railgun is called 17 times instead of 32 on an examples on ntds.dit
2015-02-20 13:11:53 +01:00
Brent Cook
OJ
HD Moore
jvazquez-r7
Stuart Morgan
Mo Sadek
Jon Hart
Alex Watt
Roberto Soares
Meatballs
Jack64
Jack64
William Vu
James Lee
xistence
rwhitcroft
Joshua Smith
Spencer McIntyre
wchen-r7
Tod Beardsley
Th3R3p0
David Barksdale
David Maloney
RageLtMan
Michael Messner
Tim
rwhitcroft
Anant Shrivastava
root
Samuel Huckins
Bazin Danil
Matthew Hall
Christian Mehlmauer
BAZIN-HSC