jvazquez-r7
fa5cd928a1
Refactor exploit to use the mixin
2015-01-08 16:04:56 -06:00
jvazquez-r7
ca765e2cc5
Refactor client mixin
2015-01-08 15:46:24 -06:00
jvazquez-r7
873ade3b8a
Refactor exploit module
2015-01-08 14:52:55 -06:00
jvazquez-r7
956bf0c8f9
Fix indentation
2015-01-08 14:31:37 -06:00
jvazquez-r7
e9e6c32769
Move build* calls to Streams
2015-01-08 14:13:06 -06:00
jvazquez-r7
23d0ae9488
Add Streams mixin
2015-01-08 14:01:41 -06:00
jvazquez-r7
c205ef28d4
Refactor build_gc_call
2015-01-08 14:01:04 -06:00
Christian Mehlmauer
a5b56c7d09
fix error
2015-01-08 19:48:29 +01:00
David Maloney
fd7e65d459
derp just check db active
...
the other way of doing this was stupid, jsut check if
the db is active
2015-01-08 11:58:56 -06:00
jvazquez-r7
bf482e806c
Add YARD documentation for the YARD mixin
2015-01-08 09:56:32 -06:00
Meatballs
8f720ef766
Use get_env in runas
2015-01-08 11:07:40 +00:00
jvazquez-r7
73e3cd19c3
Convert java_rmi_server aux mod to use new mixin
2015-01-08 00:29:50 -06:00
OJ
844460dd87
Update bypass UAC to work on 8.1 and 2012
...
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.
I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
2015-01-08 15:39:19 +10:00
jvazquez-r7
7dd7e62726
Add first mixin draft
2015-01-07 20:42:44 -06:00
jvazquez-r7
d59805568e
Do first module refactoring try
2015-01-07 19:06:09 -06:00
Samuel Huckins
f0261a418c
Lands #4535 , report_auth_info shoring up
2015-01-07 16:32:14 -06:00
David Maloney
001b6d913e
allows loginscanners to work without db
...
created stub methods around the credential
creation methods modules would use from
Metasploit::Credential, they try to call the real ones
but rescue a NoMethodError that arises if framework is setup
without the db. it just prints a message to the console
telling the user the cred data will not be saved
MSP-10969
2015-01-07 16:09:04 -06:00
Meatballs
e6f53ebcbc
Remove duplicate rhosts
2015-01-07 22:04:01 +00:00
Meatballs
dccd21a559
Resolve #3870 , reinstance creds -R
2015-01-07 22:01:45 +00:00
James Lee
da2e088118
Land #4536 , Ruby 2.2 compat fixes
...
Note that ActiveRecord 3.2.21 still has a similar warning that will
probably cause bugs, preventing full support for 2.2 until that's fixed.
2015-01-07 15:33:23 -06:00
Meatballs
e3e9a64064
Land #4543 , Update john.conf with korelogic rules
2015-01-07 21:30:44 +00:00
jvazquez-r7
731c2f99d1
Handle better java references
2015-01-07 15:19:28 -06:00
Meatballs
bdbb26ba31
Land #4540 , resolves #4532 , honour DB_ALL_* options
2015-01-07 21:12:23 +00:00
Meatballs
0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post
...
Conflicts:
test/modules/post/test/services.rb
2015-01-07 20:53:34 +00:00
rastating
294cd80a08
Update documentation for wordpress_login
2015-01-07 18:32:52 +00:00
David Maloney
4ad7021336
give user option to turn on KoreLogic rules
...
the cracker modules in framework now have a datastore option
to allow the user to select the KoreLogicRules
2015-01-07 12:32:26 -06:00
David Maloney
5d68d48ca5
Land #4385 , fixes bruteforce_speed validator
...
bruteforce_speed validator now accepts nil
2015-01-07 12:09:25 -06:00
jvazquez-r7
ba13e9d64c
Add Stream spec
2015-01-07 12:05:44 -06:00
David Maloney
702511dbc5
respect DB_ALL_USERS & DB_ALL_PASS
...
fix last few things in authbrute
and make the CredentialCollections understand the
additional seperate components
MSP-11986
2015-01-07 11:41:41 -06:00
David Maloney
7ff2ba0725
first pass on fixing DB_ALL authbrute stuff
...
DB_ALL_CREDS worked but DB_ALL_USER and DB_ALL_PASS
did not. working on fixing that.
This commit also does some nice DRY work in the auth_brute mixin
MSP-11986
2015-01-07 11:30:39 -06:00
Meatballs
aef8c702d7
Filter creds by type
2015-01-07 17:19:31 +00:00
rastating
e90e98547b
Add configurable timeout to WordPress login
2015-01-07 17:06:31 +00:00
dmooray
478505c17a
ruby 2.2 compatibility
...
https://bugs.ruby-lang.org/issues/10314
2015-01-07 11:41:34 +02:00
jvazquez-r7
98ec08ae0d
Add support for Ping and PingAck
2015-01-06 15:18:55 -06:00
jvazquez-r7
1e3b24f01b
Add support for DbgAck
2015-01-06 15:00:17 -06:00
jvazquez-r7
6d1d300e72
Add support for ReturnData
2015-01-06 12:52:00 -06:00
sinn3r
609c490b3c
I missed nobfu
2015-01-06 12:49:39 -06:00
sinn3r
2ed05869b8
Make Msf::Exploit::PDF follow the Ruby method naming convention
...
Just changing method names.
It will actually also fix #4520
2015-01-06 12:42:06 -06:00
jvazquez-r7
825e08f5ac
Add support for Call messages
2015-01-06 12:36:06 -06:00
jvazquez-r7
f3ff42dbfb
Add support for Continuation
2015-01-06 11:34:47 -06:00
William Vu
0bece137c1
Land #4494 , Object.class.to_s fix
2015-01-06 02:27:35 -06:00
jvazquez-r7
757f95a24d
Add support for ProtocolAck
2015-01-06 00:14:14 -06:00
jvazquez-r7
26da73ffb8
Change class name
2015-01-05 19:23:07 -06:00
jvazquez-r7
d5dfd75e71
Add initial model and support to OutputStream
2015-01-05 18:52:13 -06:00
Meatballs
dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post
2015-01-05 22:18:44 +00:00
David Maloney
fc91244252
insert deprecation error message
...
report_auth_info will now issue an error message
stating that the method is deprecated along with the module name
that called it
MSP-11919
2015-01-05 14:02:16 -06:00
David Maloney
db8f260557
add some YARD docs to report_auth_info
...
add yard docs for the modified report_auth_info
MSP-11919
2015-01-05 13:58:25 -06:00
David Maloney
71d600e829
make report_auth_info create new creds and logins
...
report_auth_info coerces old data into the new credential
types as best as it is able
MSP-11919
2015-01-05 13:41:30 -06:00
OJ
17ff546b0f
Remove unnecessary calls to expand path
...
When using the Meterpreter Binaries gem to locate the path to the
meterpreter DLLs, it's not necessary to use File.expand_path on
the result because the gem's code does this already.
This commit simple removes those unnecessary calls.
2015-01-03 08:30:26 +10:00
sinn3r
d45cdd61aa
Resolve #4507 - respond_to? + send = evil
...
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.
Resolve #4507
2015-01-02 13:29:17 -06:00
Sven Vetsch
b121e2c3fd
adds a get and getg method besides the already existing set/setg and unset/unsetg
2015-01-02 12:40:24 +01:00
Christian Mehlmauer
056046f38b
update wordpress readme regex
2015-01-01 23:13:20 +01:00
Spencer McIntyre
6d966dbbcf
Land #4203 , @jvazquez-r7's cleanup for java_rmi_server
2014-12-31 11:25:19 -05:00
Brent Cook
92bdf42496
Land #3594 , jvazquez-r7's linux meterpreter migration support
2014-12-31 09:20:44 -06:00
Christian Mehlmauer
4f11dc009a
fixes #4490 , class.to_s should not be used for checks
2014-12-31 10:46:24 +01:00
jvazquez-r7
722f86f361
Try to guess TMPDIR folder
2014-12-30 18:39:29 -06:00
jvazquez-r7
7596d211e9
Use length for comparision
2014-12-30 18:39:18 -06:00
jvazquez-r7
e903044fd5
Allow to provide writable dir
2014-12-30 18:36:30 -06:00
jvazquez-r7
f17a7e8a61
Better handling of the unix domain socket argument
2014-12-30 18:36:28 -06:00
jvazquez-r7
4df4e8b9d6
Add support for linux meterpreter migration
2014-12-30 18:34:24 -06:00
jvazquez-r7
56df2d0062
Add support for linux meterpreter migrate types
2014-12-30 18:30:15 -06:00
sinn3r
553030b22d
Land #4473 - Log backtraces by default
2014-12-30 18:13:33 -06:00
Tod Beardsley
135faeee29
Land #4095 , specs for Rex::OLE
2014-12-30 14:25:09 -06:00
Christian Mehlmauer
6444d8ba64
use kind_of? for checking exceptions
2014-12-30 21:16:57 +01:00
William Vu
ce0bbca6ed
Land #4487 , no spinnerz on Windows :(
2014-12-30 14:06:05 -06:00
Tod Beardsley
a8e907d68b
Land #4479 , nil comparisons and missing DLLs
...
Also fixes #4474 .
2014-12-30 13:55:54 -06:00
Brent Cook
bdac5db695
remove usage of ==/!= nil
...
Adjust all module-loading libraries to have consistent nil?/!nil? checking and
'if' style.
2014-12-30 10:59:49 -06:00
Tod Beardsley
6ded5a7eb4
Avoid spinner on Windows
...
Fixes #4147 , probably.
2014-12-30 10:17:56 -06:00
Jon Hart
d727ac5367
Alias Rex::Ui::Text::Output::Tee print_raw to write, fixes #4469 and #4363
2014-12-29 16:47:04 -08:00
sinn3r
9af3fd01d4
Fix response_timeout
...
response_timeout is a method specific to a meterpreter session, not
shell. So if the user is using a shell type payload, he will never
see a backtrace before interacting with the sessions.
2014-12-29 17:03:50 -06:00
sinn3r
555713b6ae
Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support)
2014-12-29 16:09:28 -06:00
Brent Cook
f9b141c1e2
Land #4442 , wchen-r7's configurable session response timeout option
...
fixes #4431
2014-12-29 13:02:47 -06:00
Brent Cook
5d70b837ed
handle nil results from MeterpreterBinaries.path
...
When a meterpreter binary cannot be found, give the user some hint about what
went wrong.
```
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.43.1
lhost => 192.168.43.1
msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.43.1:4444
[*] Starting the payload handler...
[*] Sending stage (770048 bytes) to 192.168.43.252
[*] Meterpreter session 1 opened (192.168.43.1:4444 -> 192.168.43.252:49297) at 2014-12-29 12:32:37 -0600
meterpreter > use mack
Loading extension mack...
[-] Failed to load extension: No module of the name ext_server_mack.x86.dll found
```
This is also useful for not scaring away would-be developers who replaced only
half (the wrong half) of their DLLs from a fresh meterpreter build and
everything exploded. Not that thats ever happened to me :)
2014-12-29 12:34:02 -06:00
Tod Beardsley
72eb8e6503
Land #4475 , inverted timeout fix
2014-12-29 11:37:28 -06:00
Brent Cook
bbb41c39b8
fix backward meterpreter packet timeout logic
...
The current logic times out every packet almost immediately, making it possible
for almost any non-trivial meterpreter session to receive duplicate packets.
This causes problems especially with any interactions that involve passing
resource handles or pointers back and forth between MSF and meterpreter, since
meterpreter can be told to operate on freed pointers, double-closes, etc.
This probably fixes tons of heisenbugs, including #3798 .
To reproduce this, I enabled all debug messages in meterpreter to slow it
down, then ran this RC script with a reverse TCP meterpreter, after linking in
the test modules:
(cd modules/post
ln -s ../../test/modules/post/test)
die.rc:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.43.1
exploit -j
sleep 5
use post/test/services
set SESSION 1
run
2014-12-29 08:15:51 -06:00
Christian Mehlmauer
3a73b40a1e
more error handling
2014-12-29 00:39:00 +01:00
Christian Mehlmauer
7b52bcb657
log errors into framework.log
2014-12-29 00:20:26 +01:00
jvazquez-r7
04772c8946
Ensure stop_service closes Rex::Proto::Http::Server
2014-12-26 13:50:03 -06:00
jvazquez-r7
c1b0385a4b
Land #4460 , @Meatballs1's ssl cert validation bypass on powershell web delivery
2014-12-26 12:07:45 -06:00
jvazquez-r7
d148848d31
Support Kerberos error codes
2014-12-24 18:05:48 -06:00
Brent Cook
725a17c70b
override default attr for OptRegexp
...
Rather than literally returning the default Regex object, override the accessor
to return the string representation. This allows the RPC backend to properly
serialize the options hash values, since msgpack does not know how to serialize
a Regexp object. Fixes #3798 .
To verify the fix, run the steps for issue #3798 and ensure that the module
options are returned instead of a backtrace. Also, ensure that the module
continues to work as expected:
```
$ ./msfconsole -q
msf > use auxiliary/scanner/http/scraper
msf auxiliary(scraper) > info
Name: HTTP Page Scraper
Module: auxiliary/scanner/http/scraper
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
et <et@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
PATH / yes The test path to the page to analize
PATTERN (?i-mx:<title>(.*)<\/title>) yes The regex to use (default regex is a sample to grab page title)
Proxies no Use a proxy chain
RHOSTS yes The target address range or CIDR identifier
RPORT 80 yes The target port
THREADS 1 yes The number of concurrent threads
VHOST no HTTP server virtual host
override default attr for OptRegexp
Description:
Scrap defined data from a specific web page based on a regular
expresion
msf auxiliary(scraper) > set RHOSTS lwn.net
RHOSTS => lwn.net
msf auxiliary(scraper) > set RHOSTS 72.51.34.34
RHOSTS => 72.51.34.34
msf auxiliary(scraper) > set VHOST lwn.net
VHOST => lwn.net
msf auxiliary(scraper) > run
[*] [72.51.34.34] / [Welcome to LWN.net [LWN.net]]
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
2014-12-24 09:57:14 -06:00
jvazquez-r7
05a9ec05e8
raise NotImplementedError
2014-12-23 19:59:37 -06:00
jvazquez-r7
4493b3285c
Raise NoMethodError for methods designed to be overriden
2014-12-23 19:51:41 -06:00
jvazquez-r7
fee033d6df
Use Rex::Text.md5_raw
2014-12-23 19:30:23 -06:00
Meatballs
c2bcde24ef
Land #4377 , Support DYNAMIC_BASE templates - resolves #4366
2014-12-23 11:57:33 +00:00
Meatballs
b41e259252
Move it to a common method
2014-12-23 11:16:07 +00:00
Joe Vennix
e974d272f0
Remove stray line comment that ruined things when minified.
2014-12-23 00:22:50 -06:00
jvazquez-r7
13ec578d1a
Revert "Back to Create OpenSSL::BN from string"
...
This reverts commit 635a54ca94
.
2014-12-22 23:17:03 -06:00
jvazquez-r7
635a54ca94
Revert "Create OpenSSL::BN from string"
...
This reverts commit fe99b65a62
.
2014-12-22 19:14:07 -06:00
jvazquez-r7
fe99b65a62
Create OpenSSL::BN from string
2014-12-22 18:44:47 -06:00
jvazquez-r7
d12b43d257
Use Intege.new
2014-12-22 18:37:07 -06:00
jvazquez-r7
f37cf555bb
Use random subkey
2014-12-22 15:39:08 -06:00
jvazquez-r7
ad97457a39
Move more constants to Crypto
2014-12-22 15:27:16 -06:00
jvazquez-r7
75a2846377
Add more PAC constants
2014-12-22 15:14:46 -06:00
jvazquez-r7
5a6c915123
Clean options
2014-12-22 14:37:37 -06:00
sinn3r
bcf659792e
Restore original timeout
2014-12-22 12:34:52 -06:00
jvazquez-r7
f3b263f57d
Use more crypto constants
2014-12-22 12:13:23 -06:00
jvazquez-r7
b96d172ccc
Use constant names
2014-12-22 11:58:59 -06:00
jvazquez-r7
ff208002d7
Reorganize the Crypto mixin
2014-12-22 11:57:35 -06:00
jvazquez-r7
7a45918ecc
Add specs for Msf::Kerberos::Client::TgsRequest
2014-12-22 11:28:24 -06:00
jvazquez-r7
8c62822ab9
Add specs for Msf::Client::Kerberos::AsRequest
2014-12-22 09:34:21 -06:00
jvazquez-r7
b469ff3567
Add doc references to Msf::Kerberos::Client::CacheCredential
2014-12-22 08:54:09 -06:00
jvazquez-r7
1f3eded4a8
Add specs for Msf::Kerberos::Client::CacheCredential
2014-12-21 23:47:40 -06:00
jvazquez-r7
7cb27408b2
Add doc references por spec'd mixins
2014-12-21 21:03:58 -06:00
jvazquez-r7
60d4525632
Add specs for Msf::Kerberos::Client::Pac
2014-12-21 17:49:36 -06:00
jvazquez-r7
e219b0b249
Add specs for Msf::Kerberos::Client::AsResponse
2014-12-21 01:12:00 -06:00
jvazquez-r7
9f1403a63e
Add initial specs for Msf::Kerberos::Client::TgsResponse
2014-12-20 20:29:00 -06:00
jvazquez-r7
5f0c3ebb2b
Add documentation for Msf::Kerberos::Client::TgsResponse and TgsRequest
2014-12-20 19:32:38 -06:00
jvazquez-r7
ffb319d703
Add documentation for Msf::Kerberos::Client::AsRequest
2014-12-20 18:57:49 -06:00
jvazquez-r7
8929cbd6b3
Fix typo
2014-12-20 18:29:50 -06:00
jvazquez-r7
e35218b6f1
Add documentation for Msf::Kerberos::Client::CacheCredential
2014-12-20 18:28:36 -06:00
jvazquez-r7
ca75b4b74a
Add documentation for Msf::Client::Kerberos::Pac
2014-12-20 01:36:54 -06:00
jvazquez-r7
cf13dc8d53
Do build_ap_req
2014-12-20 01:25:20 -06:00
jvazquez-r7
422d3ce9b5
Take more care of options on build_tgs_request
2014-12-20 01:13:56 -06:00
sinn3r
ad8bbf4477
Rescue rescue Rex::TimeoutError so the iteration can keep going
2014-12-20 01:12:30 -06:00
sinn3r
a8e3ee033c
Fix #4431 - Support arbitrary session response timeout
...
Fix #4431
2014-12-20 00:25:02 -06:00
jvazquez-r7
cd16e11b22
Make checksum from a method
2014-12-19 20:08:15 -06:00
jvazquez-r7
b0ac68fbc3
Create build_subkey method
2014-12-19 19:46:57 -06:00
jvazquez-r7
4a106089b9
Move options to build_tgs_request_body
2014-12-19 19:12:17 -06:00
jvazquez-r7
e6781fcbea
Build AuthorizationData from the module
2014-12-19 18:59:39 -06:00
jvazquez-r7
9bd454d288
Build PAC extensions from the module
2014-12-19 18:47:41 -06:00
jvazquez-r7
04ef087434
Delete Microsoft namespace from the mixin
2014-12-19 18:41:27 -06:00
jvazquez-r7
b78765e584
Create PAC mixin component
2014-12-19 18:36:02 -06:00
jvazquez-r7
f332860c19
Clean creation of client and server principal names
2014-12-19 18:16:22 -06:00
jvazquez-r7
bd85723a9d
Build pre auth array out of the mixin
2014-12-19 18:10:14 -06:00
Tod Beardsley
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
jvazquez-r7
9cfc52b5af
Extract build_as_request_body
2014-12-19 17:00:39 -06:00
jvazquez-r7
fcb801c729
Add Timeout datastore option
2014-12-19 16:53:12 -06:00
jvazquez-r7
d058bd5259
Refact extraction of kerberos cache credentials
2014-12-19 15:53:24 -06:00
Fernando Arias
337b2d784f
Land #4416 , define rails version dep in one place
...
* Bump rails to 3.2.21
2014-12-19 15:17:54 -06:00
Matt Buck
db0aeb2a05
Make the version constraint a range
2014-12-19 13:54:13 -06:00
sinn3r
650a68c994
Fix jcxz to jecxz for x86_64 in metasm
...
This fixes "invalid opcode near 'jecxz'" for x64 metasm encoding.
2014-12-19 13:34:56 -06:00
jvazquez-r7
fad08d7fca
Add specs for Rex Kerberos client
2014-12-19 12:14:33 -06:00
Matt Buck
c493ccfc06
Define the Rails version constraint in a library constant
2014-12-19 11:46:39 -06:00
jvazquez-r7
f4037b1003
Clean Kerberos Rex client code
2014-12-19 11:08:48 -06:00
jvazquez-r7
dfa92da287
Add TODO
2014-12-19 01:13:56 -06:00
jvazquez-r7
77e2d4d90d
Add documentation for the Kerberos PAC support classes
2014-12-19 01:12:14 -06:00
jvazquez-r7
fda4cd3440
Fix some Rex Kerberos model documentation
2014-12-18 19:30:12 -06:00
jvazquez-r7
c426cf32d0
Add specs for Rex::Proto::Kerberos::CredentialCache::Principal
2014-12-18 17:40:06 -06:00
jvazquez-r7
16d5ee1aae
Add documentation for the rex credential cache support
2014-12-18 17:12:58 -06:00
jvazquez-r7
7275f5a5f2
Allow Rex to load credential_cache
2014-12-18 16:32:21 -06:00
jvazquez-r7
f325d2f60e
Add support for cache credentials in the mixin
2014-12-18 16:31:46 -06:00
William Vu
723998e1d4
Land #4425 , jobs tab completion NilClass fix
2014-12-18 15:25:57 -06:00
Spencer McIntyre
400bd9a094
Fix jobs NilClass tab complete bug
2014-12-18 15:43:04 -05:00
Trevor Rosen
80cd04d76a
Land #4332 , test optimization for Cucumber
...
* Make Cuke run faster on TravisCI
2014-12-18 09:34:55 -06:00
jvazquez-r7
0a61e108ea
Add code skeleton for credential_cache
2014-12-18 00:30:47 -06:00
jvazquez-r7
0f19f3cf2e
Add classes templates
2014-12-17 23:16:58 -06:00
jvazquez-r7
f3f6a64f02
Add some AS response methods to a mixin
2014-12-17 19:50:42 -06:00
jvazquez-r7
8e570cc19b
Initial support to send TGS-REQ
2014-12-17 18:55:30 -06:00
Spencer McIntyre
549f3c69ff
Dont crash when tab complete threads command with typos
2014-12-17 19:36:04 -05:00
Spencer McIntyre
698ca2639b
Do not delete files that do not exist in rm_f
2014-12-17 09:18:06 -05:00
jvazquez-r7
662160ef61
Refactor mixin
2014-12-16 23:48:53 -06:00
jvazquez-r7
594b9bcfc2
Add support for AuthorizationData
2014-12-16 23:21:13 -06:00
HD Moore
9de4137aa7
Patch UA/Proxy settings during migration, lands #3632
2014-12-16 22:21:48 -06:00
Sean Verity
370f6003e3
Refactors metsrv patching in reverse_hop_htt.rb
2014-12-17 11:57:17 -05:00
Sean Verity
1930eb1bf8
Refactors metsrv patching in reverse_http.rb
2014-12-17 10:04:43 -05:00
jvazquez-r7
2649d482fe
Add support for KRB_AP_REQ
2014-12-16 18:39:42 -06:00
jvazquez-r7
0f55a98450
Add support for Authenticator encoding
2014-12-16 17:45:54 -06:00
jvazquez-r7
dde45a7f53
Add support for Checksum encoding
2014-12-16 17:05:35 -06:00
jvazquez-r7
a93cbac7bf
Support ticket encoding
2014-12-16 16:04:13 -06:00
jvazquez-r7
ce6b53b44c
Fix attribute description
2014-12-16 11:39:04 -06:00
jvazquez-r7
a5f8b4319f
Add support to encode PAC-TYPE
2014-12-16 11:31:27 -06:00
jvazquez-r7
1721641138
Add support for PAC-LOGON-INFO
2014-12-16 09:32:47 -06:00
sinn3r
c2bc79c53c
Resolves #4275 - Configurable variable name as an option
...
Resolves #4275
2014-12-15 23:59:34 -06:00
Sean Verity
52b3025351
Reworked to avoid extending String class on blob per hdm's rec.
2014-12-15 21:40:41 -05:00
jvazquez-r7
c1114c180a
Add support for PAC-CLIENT-INFO
2014-12-15 17:32:51 -06:00
jvazquez-r7
64a0162e3f
Add support for PAC-SERVER-CHECKSUM
2014-12-15 17:16:43 -06:00
jvazquez-r7
482c883d36
Add the parent class for pac elements
2014-12-15 17:13:52 -06:00
jvazquez-r7
2c7139b936
Add support for PAC-PRIVSRV-CHECKSUM
2014-12-15 17:13:22 -06:00
Samuel Huckins
4c994d84e0
Updating version to 4.11 for Flood release
2014-12-15 14:42:09 -06:00
jvazquez-r7
147ff13080
Add support to decode the encryption part of as responses
2014-12-15 11:47:08 -06:00
jvazquez-r7
643279b54b
Add support to decode the encryption part of as responses
2014-12-15 11:46:11 -06:00
Brent Cook
c24fdb81b5
Land #4389 , Meatballs1's fix for enum_ad_* post module regressions
...
Fixes #4387 by adjusting for the new return type from ADSI queries.
2014-12-15 10:45:12 -06:00
jvazquez-r7
d81cdd6cbb
Add KdcResponse spec first draft
2014-12-14 21:20:54 -06:00
jvazquez-r7
c3a2bcf956
Make KdcResponse decoding better
2014-12-14 21:01:09 -06:00
jvazquez-r7
442adb080f
Add first support to decode tickets
2014-12-14 20:51:26 -06:00
jvazquez-r7
35742873c7
Delete references to deleted namespaces
2014-12-14 19:23:21 -06:00
jvazquez-r7
78c76092dd
Delete namespaces from model classes
2014-12-14 19:18:30 -06:00
jvazquez-r7
13ae624738
Delete namespaces
2014-12-14 19:15:57 -06:00
jvazquez-r7
2d0cb5acd8
Move elements to model dir
2014-12-14 19:11:21 -06:00
jvazquez-r7
328e9f62e8
Add first draft for Kerberos responses
2014-12-14 19:09:41 -06:00
jvazquez-r7
483c273e17
Add support to decode responses on the Rex client
2014-12-14 17:54:17 -06:00
jvazquez-r7
883bfd1f46
Add support to retrieve e-data
2014-12-14 17:23:37 -06:00
jvazquez-r7
7067f2ea83
Modify Rex::Proto::Kerberos::Client to read responses
2014-12-14 16:32:25 -06:00
jvazquez-r7
c5dc065fde
Add support for decoding KrbError
2014-12-14 16:26:18 -06:00
jvazquez-r7
704781d0ce
Modify exception message
2014-12-14 12:11:09 -06:00
jvazquez-r7
8435328af7
Fix create_tcp_connection
2014-12-14 00:54:26 -06:00
jvazquez-r7
0abf5d147e
Add some documentation
2014-12-14 00:51:44 -06:00
HD Moore
e2617c7095
Return the workspace id in responses, lands #4142
2014-12-13 18:04:58 -06:00
HD Moore
00590f9f26
Adds Java serialization support, lands #4327
2014-12-13 17:47:53 -06:00
HD Moore
6ea5ed1a82
Shrinks windows payloads, lands #4391
2014-12-13 17:41:50 -06:00
HD Moore
f67a32ef9c
Add missing commits from #3770 , lands #4393
2014-12-13 17:36:26 -06:00
HD Moore
19adfca8ce
Updated stubs from source
2014-12-13 12:55:41 -06:00
Meatballs
5d18de2ebf
Fix legacy railgun LDAP implementation
2014-12-13 18:26:26 +00:00
HD Moore
92490ab5e8
Singles updated from the source
2014-12-13 12:22:07 -06:00
HD Moore
4681416a0f
Update block_api with @schierlm's changes
2014-12-13 12:06:38 -06:00
jvazquez-r7
bde8c380c2
Make mixin run
2014-12-13 02:46:00 -06:00
HD Moore
f676b72767
Add Kademlia scanner, lands #4210
2014-12-12 16:40:58 -06:00
Tod Beardsley
9545b6e4d6
Land #4343 , os_flavor reduction
2014-12-12 14:49:15 -06:00
Tod Beardsley
ac004d2770
Fix bruteforce validators to accept nil
...
bruteforce_speed isn't always required, because the speed checker
already handles nil (and presumes the user wants the fastest possible).
See also MSP-11842
2014-12-12 13:57:37 -06:00
Tod Beardsley
177cade6a5
Merge branch 'land-4274-ssl' into temp
2014-12-12 13:25:54 -06:00
sinn3r
985245e8a1
Document method
...
Fix #4366 (support dynamic_base templates)
2014-12-12 01:22:32 -06:00
jvazquez-r7
78eb3325bc
Add initial Rex Client and mixin
2014-12-12 01:20:14 -06:00
sinn3r
b8e58d0f04
Support 32 and 64-bit for exe-only, and fix -k
2014-12-12 01:13:09 -06:00
Brent Cook
fef9c67b0e
Land #3175 , OJ's TLV group refactoring
2014-12-11 22:12:35 -06:00
Brent Cook
8140ed4a45
Merge branch 'upstream-master' into land-3175
2014-12-11 22:03:03 -06:00
sinn3r
d311059e75
Fix DYNAMIC_BASE templates
2014-12-11 20:44:03 -06:00
James Lee
0c1d02c940
Fix event handlers on ruby 2
...
Fixes #4219
2014-12-11 20:08:45 -06:00
jvazquez-r7
20836c1789
Refactor crypto usage
2014-12-11 18:18:37 -06:00
jvazquez-r7
0b2fd7ffec
Update PreAuthEncTimeStamp#encrypt documentation
2014-12-11 17:08:04 -06:00
jvazquez-r7
424ce6ad53
Add constant with CRYPTO_MSG_TYPE
2014-12-11 17:03:46 -06:00
jvazquez-r7
38a0506f2d
Refactor Crypto
2014-12-11 17:00:46 -06:00
jvazquez-r7
35f02e6796
Add support to encode KdcRequest
2014-12-11 15:51:54 -06:00
dmaloney-r7
47c38ed04e
Merge pull request #4364 from todb-r7/bug/bruteforce-speed-3904
...
Modules should respect bruteforce_speed again
2014-12-11 13:19:42 -06:00
jvazquez-r7
d96206b813
Support KdcRequest#encode
2014-12-11 12:44:17 -06:00
Tod Beardsley
4eaf64afef
Don't lie about stop_on_success
...
This absolutely needs to be honored too, though.
See #4365 .
2014-12-11 12:37:13 -06:00
jvazquez-r7
3f12c5c9c5
Redo decode_asn1
2014-12-11 12:34:47 -06:00
jvazquez-r7
8d6e41fae3
Add documentation for KdcRequest
2014-12-11 12:27:26 -06:00
jvazquez-r7
162d2d39b5
Add support for KdcRequestBody decoding
2014-12-11 12:19:26 -06:00
Tod Beardsley
edf541fabe
Fix some double spacing
2014-12-11 09:39:15 -06:00
jvazquez-r7
39ffc0c58a
Add support for PreAuthData#encode
2014-12-10 19:48:44 -06:00
jvazquez-r7
b89dee03c6
Add PreAuthEncTimeStamp#encode support
2014-12-10 19:30:21 -06:00
jvazquez-r7
3accdb705b
Add support for PreAuthPacRequest#encode
2014-12-10 19:18:19 -06:00
jvazquez-r7
96c1370334
Add EncryptedData#encode support
2014-12-10 19:12:24 -06:00
jvazquez-r7
543ec35a01
Refactor PrincipalName#encode
2014-12-10 18:57:23 -06:00
jvazquez-r7
5d2ff5982e
Add support for PreAuthEncTimeStamp decoding/decrypting
2014-12-10 18:33:46 -06:00
Tod Beardsley
0eea9a02a1
Land #3144 , psexec refactoring
2014-12-10 17:30:39 -06:00
sinn3r
9202c4f2a1
No mercy for os_flavor
2014-12-10 11:46:21 -06:00
jvazquez-r7
785ff60d8e
Add inital support for PreAuthEncTimeStamp
2014-12-10 11:25:48 -06:00
jvazquez-r7
8ec403af89
Add support for PA-PAC-REQUEST
2014-12-10 10:51:37 -06:00
jvazquez-r7
6ebfbe7271
Prefix coding
2014-12-10 09:54:57 -06:00
jvazquez-r7
11acba3324
Prefix coding
2014-12-10 09:52:23 -06:00
jvazquez-r7
6653502e68
Support pa_data parsing on kdc_request
2014-12-10 09:47:31 -06:00
jvazquez-r7
cc909ba402
Add documentation for PreAuthData
2014-12-09 19:57:16 -06:00
jvazquez-r7
18819ad6b9
Prefix Rex
2014-12-09 19:37:42 -06:00
jvazquez-r7
0a6e42968b
Add inital support for padata
2014-12-09 19:28:40 -06:00
jvazquez-r7
e62628f1cc
Make specs pass
2014-12-09 18:52:42 -06:00
jvazquez-r7
2557780e7c
Add initial support to decode kdc requests
2014-12-09 18:48:08 -06:00
jvazquez-r7
bed1e06d13
Mark EncryptedData encode as unsupported atm
2014-12-09 17:06:51 -06:00
jvazquez-r7
82549315ff
Mark KdcRequestBody encode as unsupported atm
2014-12-09 17:05:20 -06:00
jvazquez-r7
b84840a596
Add support to decode TGS_REQ body
2014-12-09 16:51:34 -06:00
jvazquez-r7
f236438290
Add initial support for EncryptedData
2014-12-09 16:40:44 -06:00
jvazquez-r7
2725235bc1
Add require for EncryptedData
2014-12-09 16:28:37 -06:00
jvazquez-r7
c5865c6fec
Add initial design draft
2014-12-09 15:53:29 -06:00
Tod Beardsley
09617f990b
Implement BRUTEFORCE_SPEED respect (telnet)
...
This implements just for telnet, but assuming this strategy is kosher,
it's not too painful to add for the rest of the LoginScanner using the
old defaults used by `AuthBrute`.
See #3904 , @dmaloney-r7 or @jlee-r7
2014-12-09 15:40:43 -06:00
Spencer McIntyre
d74a8f6c41
Include the datastore options for the encoder too
2014-12-09 16:32:41 -05:00
sinn3r
a584a5982f
Clarify about how BES uses os_flavor
...
We don't. We don't use os_flavor anymore because it is no longer
implemented. We get the information from os_name instead.
2014-12-09 12:21:59 -06:00
sinn3r
c670bb72df
Land #4337 - Fix prompt coloring on Windows
2014-12-09 11:53:35 -06:00
Spencer McIntyre
42710cc32e
Error messages for the python meterpreter
2014-12-09 11:03:57 -06:00
Luke Imhoff
5f730277cf
Fix prompt coloring on Windows
...
MSP-11669
Set output stream for RbReadline (rl_outstream) to the
Rex::Ui::Text::Output::Stdio, which will use translate the ANSI color
escapes to set_color calls in Windows.
2014-12-08 14:31:00 -06:00
Luke Imhoff
8c0610cb7a
Merge branch 'master' into feature/MSP-11671/test-optimization
...
MSP-11671
Conflicts:
.travis.yml
2014-12-08 08:46:22 -06:00
jvazquez-r7
564da4446e
Add print friendly to_s
2014-12-07 17:52:09 -06:00
jvazquez-r7
19effa7eb9
Fix feedback's review
2014-12-06 21:47:55 -06:00
jvazquez-r7
21742b6469
Test #3729
2014-12-06 21:20:52 -06:00
jvazquez-r7
2c290e2004
Use classes short name
2014-12-05 20:16:50 -06:00
jvazquez-r7
8f403f3eea
Update documentation
2014-12-05 20:11:45 -06:00
jvazquez-r7
03740df931
Support serialization
2014-12-05 19:55:52 -06:00
jvazquez-r7
785006b684
Use references
2014-12-05 19:12:05 -06:00
jvazquez-r7
ae608b1311
Add references to stream when possible
2014-12-05 17:35:38 -06:00
jvazquez-r7
13d8058fe5
Fill stream attribute
2014-12-05 17:14:37 -06:00
Jon Hart
39790a95a0
Land #4313 , @wchen-r7's fix for #4304
2014-12-05 15:08:35 -08:00
jvazquez-r7
ca164cd99f
Support the stream attribute
2014-12-05 16:52:59 -06:00
jvazquez-r7
90e2bbbff5
Refactor Contents
2014-12-05 16:05:35 -06:00
Jon Hart
da92e4705c
Land #4319 , @wchen-r7's fix for #4307
2014-12-05 12:08:39 -08:00
Tod Beardsley
0431720a07
Land #4294 , msfconsole speedups on module load
...
Related to #4257 and #4195 vaguely, and possibly even #4147 .
2014-12-05 13:45:11 -06:00
jvazquez-r7
2241653cb6
Delete self.stream initialization
2014-12-05 12:44:04 -06:00
jvazquez-r7
f5a19b9b41
Add support to decode TC_REFERENCE
2014-12-05 12:42:27 -06:00
sinn3r
abf199f924
Remove junk code
2014-12-05 11:01:34 -06:00
jvazquez-r7
1653101da4
Add support for Arrays of Objects
2014-12-04 20:31:38 -06:00
jvazquez-r7
8e5dc27546
Support Objects with super classes
2014-12-04 19:19:42 -06:00
jvazquez-r7
4b8bdad44b
Refactor contents serialization
2014-12-04 18:28:25 -06:00
sinn3r
cfc1acfcae
Fix #4307 - Check action for nil
...
Auxiiary modules already do this, but looks like we forgot to do the
same for post modules.
I also changed the error to allow "reason" in order to be more
informative about what the user should do.
Fix #4307
2014-12-04 17:07:59 -06:00
Jon Hart
743e9fca9d
Correctly set default SECRET
2014-12-04 14:06:22 -08:00
Jon Hart
1e423f415e
Add missing opt ,
2014-12-04 14:05:17 -08:00
Jon Hart
7f425fc3ab
Configurable fix for #4305
...
Rename UDP_SECRET to just SECRET, as it is used for more than just UDP
Rename and properly document GATEWAY option
Introduce an option to configure what UDP port will be probed
2014-12-04 13:17:34 -08:00
Meatballs
186d8bd359
Fix starts_with?
2014-12-04 20:16:56 +00:00
Jon Hart
f22d7191cd
Test fix for #4305
2014-12-04 10:59:57 -08:00
sinn3r
9cc04e59eb
Fix #4304 - Blank password is tried when it shouldn't happen
...
Fix #4304
2014-12-04 12:59:51 -06:00
jvazquez-r7
08f69da41a
Undo to_s methods
2014-12-04 12:48:05 -06:00
jvazquez-r7
b80f6c34c0
Add tool to deserialize streams from files
2014-12-04 12:47:02 -06:00
Jon Hart
d8b1401545
Test fix for #4306
2014-12-03 19:54:31 -08:00
jvazquez-r7
08fe467452
Add Stream specs
2014-12-03 19:31:46 -06:00
jvazquez-r7
2c8f66bba2
Add support for Reset
2014-12-03 18:50:56 -06:00
jvazquez-r7
fb246ac943
Add support for (de)serialization of contents
2014-12-03 18:50:31 -06:00
jvazquez-r7
3e8b8390dd
Add support for Java Streams
2014-12-03 17:59:00 -06:00
jvazquez-r7
6cb6252914
Add YARD documentation for NewObject
2014-12-03 17:34:12 -06:00
jvazquez-r7
d0fcbf2cdb
Add support for simple Objects really
2014-12-03 17:22:23 -06:00
jvazquez-r7
2b91d5013e
Add support for simple Objects
2014-12-03 17:21:11 -06:00
James Lee
8f2e444aca
Land #4281 , ::Queue workarounds for 2.1.x
...
Conflicts:
lib/msf/core/handler/reverse_tcp.rb
2014-12-03 15:48:20 -06:00
jvazquez-r7
fbea369043
Check nils before encoding
2014-12-03 15:06:28 -06:00
jvazquez-r7
0560cc2fe9
Fix typos
2014-12-03 14:59:38 -06:00
jvazquez-r7
268157d42f
Add support for Java Enums
2014-12-03 14:50:03 -06:00
jvazquez-r7
f0139d6aad
Fix some docu typos
2014-12-03 14:34:17 -06:00
jvazquez-r7
0cd51553ed
Raise error on unsupported ClassDesc
2014-12-03 14:00:10 -06:00
jvazquez-r7
6deb88af6b
Add support for arrays
2014-12-03 13:55:12 -06:00
jvazquez-r7
b9023e8fcc
Split ClassDescription into ClassDesc and NewClassDesc
2014-12-03 00:38:27 -06:00
jvazquez-r7
db45f4c620
Delete ClassDescription
2014-12-02 23:56:55 -06:00
jvazquez-r7
1f535a41ca
Move types to the Serialization module
2014-12-02 20:02:42 -06:00
jvazquez-r7
2c070c450b
Add support for ClassDescription
2014-12-02 17:31:53 -06:00
sinn3r
f6f0050f56
Fix #3886 - Backtrace for #check when session is invalid
...
If the user supplies an invalid session (as in not on the session
list), it will cause a backtrace, because the setup method from
Msf::PostMixin isn't actually called.
We have thought about implementing this in a new OptSession instead.
But you can't use or even pass framework to option_container.rb, so
this is NOT possible.
The original PR was #3956 .
2014-12-02 17:22:46 -06:00