Commit Graph

124 Commits (3640e87a37c33cd952f119967e5d99c66de6b1ab)

Author SHA1 Message Date
Brent Cook b08d1ad8d8
Revert "Land #6812, remove broken OSVDB references"
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
2016-07-15 12:00:31 -05:00
Brent Cook 2b016e0216
Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
Brent Cook 194a84c793 Modify stdapi so it also uses exist? over exists? for ruby parity
Also add an alias for backward compatibility.
2016-04-23 17:31:22 -04:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references.
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
2016-04-23 12:32:34 -05:00
Brendan Watters fa95922547 Add unicode test examples 2016-04-05 16:06:51 -05:00
Brent Cook da039e136a update test modules to use MetasploitModule 2016-03-13 13:44:44 -05:00
jvazquez-r7 d5a010c230
Add support for registry_key_exist? 2015-10-22 16:07:38 -05:00
wchen-r7 cf6d5fac2a Use the latest cred API, no more report_auth_info 2015-09-04 13:43:15 -05:00
wchen-r7 d55757350d Use the latest credential API, no more report_auth_info 2015-09-04 03:04:14 -05:00
wchen-r7 54c5c6ea38 Another update 2015-07-29 14:31:35 -05:00
wchen-r7 8bead5fde2 Modate update on using metasploit-credential
Update some more modules to usethe new cred API.
Also, make sure to always provide proof because that seems handy.
2015-07-23 18:07:19 -05:00
wchen-r7 91fc213ddf More metasploit-credential update 2015-07-23 15:50:50 -05:00
wchen-r7 4561850055 Use metasploit-credential API instead of report_auth_info 2015-07-22 01:11:43 -05:00
Tod Beardsley 31eedbcfa0
Minor cleanups on recent modules
Edited modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb
first landed in #5577, MS15-034 HTTP.SYS Information Disclosure

Edited modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb
first landed in #5605, CVE-2015-3105 flash exploit

Edited modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb
first landed in #5559, Adobe Flash Player ShaderJob Buffer Overflow

Edited modules/auxiliary/test/report_auth_info.rb first landed in #5540,
@wchen-r7's changes for multiple auxiliary modules to use the new cred
API
2015-06-26 12:18:33 -05:00
wchen-r7 b6379b4d24 Update drupal_views_user_enum 2015-06-16 00:02:02 -05:00
wchen-r7 0b88e86a49 Using the new cred API for multiple auxiliary modules 2015-06-15 16:06:57 -05:00
jvazquez-r7 4224008709
Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
Brent Cook d77f8ffeeb update meterpreter tests to test utf filenames
This adds a new option BaseFileName that allows setting the base name for files
and directories used in the meterpreter test modules.
2015-03-20 22:18:19 -05:00
Brent Cook 89a0a79377 revert puts back to a vprint call 2015-01-28 16:41:12 -06:00
Brent Cook 8b3a0a0bb1 really fix the cmdweb test
this test to include the CmdStager module, not the CmdStagerVbs class

Before:
```
msf > loadpath test/modules
Loaded 32 modules:
    8 posts
    12 auxiliarys
    12 exploits
```

After:
```
msf > loadpath test/modules
Loaded 33 modules:
    8 posts
    12 auxiliarys
    13 exploits
msf > use exploit/test/cmdweb
msf exploit(cmdweb) > info

       Name: Command Stager Web Test
     Module: exploit/test/cmdweb
   Platform: Windows
 Privileged: Yes
    License: Metasploit Framework License (BSD)
       Rank: Manual
  Disclosed: 2010-02-03

Provided by:
  bannedit <bannedit@metasploit.com>

Available targets:
  Id  Name
  --  ----
  0   Automatic Targeting

Basic options:
  Name     Current Setting  Required  Description
  ----     ---------------  --------  -----------
  Proxies                   no        A proxy chain of format type:host:port[,type:host:port][...]
  RHOST                     yes       The target address
  RPORT    8080             yes       The target port
  VHOST                     no        HTTP server virtual host

Payload information:

Description:
  This module tests the command stager mixin against a shell.jsp
  application installed on an Apache Tomcat server.

msf exploit(cmdweb) > set RHOST 127.0.0.1
RHOST => 127.0.0.1
msf exploit(cmdweb) > run

[*] Started reverse handler on 127.0.0.1:4444
[*] Command Stager progress -   2.01% done (2046/101881 bytes)
[*] Command Stager progress -   4.02% done (4092/101881 bytes)
[*] Command Stager progress -   6.02% done (6138/101881 bytes)
[*] Command Stager progress -   8.03% done (8184/101881 bytes)
[*] Command Stager progress -  10.04% done (10230/101881 bytes)
[*] Command Stager progress -  12.05% done (12276/101881 bytes)
[*] Command Stager progress -  14.06% done (14322/101881 bytes)
[*] Command Stager progress -  16.07% done (16368/101881 bytes)
[*] Command Stager progress -  18.07% done (18414/101881 bytes)
...
```
2015-01-27 11:44:34 -06:00
Brent Cook 550e6efff8 improve resiliency of meterpreter session tests
- Use separate names for files and directories to avoid cascading
   failures if one test fails and leaves a file or directory behind.
 - Use %TEMP% rather than %TMP - the former is defined on all Windows
   versions, whereas the later is not defined on Windows 2012, causing
   the test to fail.
 - Don't assume 'HACKING' is in the current working directory, which
   breaks remote test harnesses. Instead, send the source code to the
   current __FILE__ as the test file to upload, since that works from
   any directory or remotely.
2015-01-27 09:07:21 -06:00
Brent Cook a42cc2ef1f add support for specifying 32 or 64-bit registry access
This adds an extra parameter to most of the post/windows/registry
methods called 'view' that specifies if a registry key should be
accessed as a native process, 32-bit or 64-bit.

Support is added to both the Meterpreter and command-line backends. For
the command backend, a lot of boilerplate is removed from each method in
favor of a few shared commands. There is an error hash that never gets
used, so I removed it as well.

This passes the post/test/registry module with meterpreter, but fails
the command line backend. However, it fails in the same way without
these changes (tested on Windows 8), so I suspect that the command line
session was already not working well, at least with newer versions of
Windows. I might look into figuring out how to fix that, but it looks
pretty fragile to me, parsing for english phrases in the output.
2015-01-20 15:26:59 -06:00
Meatballs 0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post
Conflicts:
	test/modules/post/test/services.rb
2015-01-07 20:53:34 +00:00
Brent Cook 0c94536b87 make post service manipulation tests work
Fix a funny default service name, adjust test to be case-agnostic.

winmgmt on Windows XP and Windows 8 have different capitalization for this
service. I'm not sure why it's a module parameter though - the test will still
fail if its anything other than winmgmt.

The following RC script has 7 successful outputs when run against a reverse_tcp shell.

Run a reverse_tcp stager and the following RC script to run the test

```
loadpath test/modules
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.43.1
run -j
sleep 5
use post/test/services
set SESSION 1
run
```

Note: this test still doesn't run very reliably on windows 8 unless you're
using the code from rapid7/meterpreter#107 and #4411, though it runs ok on
Windows XP.
2015-01-07 13:31:16 -06:00
Brent Cook c96c8a03cf CmdStagerVBS is now in Rex::Exploitation
```
 $ ./msfconsole -qx "loadpath test/modules/; exit"
 Loaded 32 modules:
     12 auxiliarys
	 12 exploits
	 8 posts
```
2015-01-07 13:31:15 -06:00
Meatballs 42b6c5425f
Update tests 2015-01-05 22:25:14 +00:00
Meatballs dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post 2015-01-05 22:18:44 +00:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Meatballs d2bc0baa87
Merge remote-tracking branch 'upstream/master' into extapi_service_post
Conflicts:
	lib/msf/core/post/windows/services.rb
2014-08-24 19:46:19 +01:00
Joshua Smith 6884c87cfa removes IDs/Revisions, resplats test/modules 2014-08-04 01:04:23 -05:00
James Lee 23b04c8ece Fix post/test/* modules' loadpath
Allows loading when pwd is not framework's install root
2014-07-30 14:21:42 -05:00
Meatballs c474ff4465
Merge remote-tracking branch 'upstream/master' into extapi_service_post
Conflicts:
	modules/exploits/windows/local/service_permissions.rb
	modules/post/windows/manage/rpcapd_start.rb
2014-05-05 13:19:25 +01:00
jvazquez-r7 ce02f8a7c5 Allow easier control of sprayed memory 2014-03-28 11:58:41 -05:00
jvazquez-r7 0523d9e625 Add comments 2014-03-28 11:09:39 -05:00
jvazquez-r7 04bfe55ae0 Add test modules 2014-03-28 11:09:10 -05:00
Tod Beardsley cfdd64d5b1
Title, description grammar and spelling 2014-03-24 12:16:59 -05:00
Tod Beardsley 4d3f871e9d
Land #2961, get_env and get_envs Post mixin
This unbreaks the changes introduced by #2782 by introducing
get_env and get_envs for shell sessions (not just meterpreter sessions).
2014-03-20 10:53:50 -05:00
James Lee 9aaf111523
Only test routes when they are implemented 2014-03-13 13:05:09 -05:00
Tod Beardsley 2086224a4c
Minor fixes. Includes a test module. 2014-03-10 14:49:45 -05:00
sinn3r ee1209b7fb This should work 2014-03-03 11:53:51 -06:00
Meatballs 6e197ce535
Post get_envs library methods 2014-02-08 11:37:25 +00:00
Meatballs 73d978d5f6
Add some negative tests 2013-12-17 15:24:27 +00:00
Meatballs 41a00101b0
Add change_config test 2013-12-17 14:18:26 +00:00
Meatballs ba335d6c91
Update Service Tests
And small fixes
2013-12-17 14:03:19 +00:00
Tod Beardsley 040619c373
Minor description changes
No code changes (one comment made on play_youtube to suggest xdg-open
rather than firefox for linux targets).
2013-12-16 14:57:33 -06:00
jvazquez-r7 2284763922
Land #2720, @wchen-r7's httpserver test module 2013-12-13 16:29:26 -06:00
jvazquez-r7 3d18273bcf Make msftidy happy 2013-12-13 16:28:14 -06:00
Tod Beardsley e737b136cc
Minor grammar/caps fixup for release 2013-12-09 14:01:27 -06:00
Meatballs 45a0ac9e68
Land #2602, Windows Extended API
Retrieve clipboard data
Retrieve window handles
Retrieve service information
2013-12-08 19:01:35 +00:00
OJ bea0f8c18e Change client to session in tests 2013-12-06 13:43:47 +10:00