HD Moore
c220a80494
Revert "Mark branch as -release (not final, just prep work)"
...
This reverts commit b02c368c55
.
2012-02-19 18:52:10 -06:00
HD Moore
b02c368c55
Mark branch as -release (not final, just prep work)
2012-02-19 13:47:52 -06:00
David Maloney
6ced540e0b
Merge branch 'vmware-api' into vmware-stable
2012-02-18 18:38:20 -06:00
David Maloney
87242f377f
trying to resolve conflict for new mixin
2012-02-18 18:38:02 -06:00
David Maloney
36dc0fee50
Better dynamic soap generation for all the vmware stuff
2012-02-18 18:29:46 -06:00
David Maloney
a0dac593bc
Merge branch 'vmware-api' of github.com:rapid7/metasploit-framework into vmware-api
2012-02-16 02:22:31 -06:00
David Maloney
e9b2e060d6
Permissions scanner for vmware
...
Fixed the way loot was getting stored to set a propper type
2012-02-16 02:19:33 -06:00
David Maloney
8d7ddab2af
Some minor bug fixes
...
Added vm_tag module for 'flag planting'
2012-02-16 00:45:48 -06:00
David Maloney
c5ae56a147
Adding User Enumeration Scanner for vmware
2012-02-15 22:55:11 -06:00
Tod Beardsley
95f54413d8
Create a stable branch of vmware-api
...
Just to pick up the soap library and the esx_fingerprint stuff.
2012-02-15 21:25:56 -06:00
Tod Beardsley
bf9ed96155
Fixes up esx_fingerprint and the host model to ID vmware correctly
...
Uses the proper host.normalize_os methods to fix up the normalization of
ESX servers.
2012-02-15 20:31:51 -06:00
David Maloney
c9cf47bd4c
Add Terminate Session module and some extra goodness to enum sessions
2012-02-15 16:39:13 -06:00
James Lee
038893f72a
Don't override the host's os_flavor, either
...
See commit:ca0d2d7bc21e100d5471551d9fb65cce39cc064c
2012-02-15 14:57:06 -07:00
James Lee
ca0d2d7bc2
Don't override the host's os_name with "Unknown"
...
This prevents modules that provide OS fingerprint details via
report_host from being overridden with inconclusive or missing OS
details from service fingerprints.
2012-02-15 10:17:26 -07:00
David Maloney
67ba39cc3e
Adds a scanner to pull active login sessions off servers
2012-02-15 02:27:25 -06:00
David Maloney
e0f11992af
Gah screwed up that commit, accidentally chunked out the rescues.
2012-02-15 02:12:06 -06:00
David Maloney
6b539036c9
Fix fingerprinting in the vmware_http_login module
2012-02-15 01:54:34 -06:00
David Maloney
e67e9ab34f
Adds a power off vm aux module
2012-02-14 20:52:45 -06:00
David Maloney
a256a6fb0b
Adds a power on vm module
2012-02-14 20:44:11 -06:00
Tod Beardsley
4e55c8b7e4
Fixes Qualys asset importer to pull all refs
...
Makes the qualys asset importer behave like the qualys scan importer
when it comes to importing vuln references.
2012-02-14 11:08:51 -06:00
Tod Beardsley
8c1581567c
Cleanup on the vmware fingerprinting.
...
Add in some new OS constants and seperate out the fingerprinting
function from the connection function in order to avoid having errors
swallowed by a rescue.
2012-02-13 16:40:44 -06:00
Tod Beardsley
727cde00c6
Taking David's version of vmware_http_login over mine
2012-02-13 14:54:47 -06:00
David Maloney
8c305e1a28
VMWare Web service finerprinting and OS detection.
...
VMWare Screenshot stealer
Improvemenets to the mixin
fix to check method for the login scanner
2012-02-13 12:05:32 -06:00
David Maloney
f4d768ca64
Fix to use the Rex uri_encode method
2012-02-11 14:57:13 -06:00
David Maloney
676a0c53a0
Working Screenshot capability!
2012-02-11 03:51:18 -06:00
sinn3r
85e644ed4c
Merge branch 'railgun_defs' of https://github.com/NoVAHA/metasploit-framework into NoVAHA-railgun_defs
2012-02-10 01:17:07 -06:00
Rob Fuller
3312a16708
Added a message when backgrounding a session
2012-02-09 05:49:40 +00:00
Rob Fuller
1f1e67cb16
Moved railgun function definitions into central storage and out of individual modules where possible
2012-02-09 04:56:13 +00:00
HD Moore
6685a65c39
Spend some time type-checking - no exploitable vulns we are aware of, but no reason to leave it to future chance
2012-02-07 17:17:45 -06:00
Patroklos Argyroudis
a3af2a1868
Spelling error fix
2012-02-06 16:25:56 +02:00
Patroklos Argyroudis
f3345eb2b8
Mac OS X x64 binary template support
2012-02-06 15:58:01 +02:00
sinn3r
db1e400dff
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-05 01:27:21 -06:00
HD Moore
7524d5e75d
Tweak the event dispatcher to enable customer events without a category
...
and trigger http request events from the main exploit mixin.
Experimental
2012-02-04 04:44:50 -06:00
HD Moore
6f54f0637b
Dont run ifconfig on windows
2012-02-04 01:18:32 -06:00
HD Moore
b8756faa68
Merge in updated fastlib
2012-02-04 00:03:03 -06:00
David Maloney
668e5f8c52
More fixes to the vim soa[p libs
...
Added the SoapAction header as this turns out to be pretty
important for the screenshot task creation method.
2012-02-03 22:11:21 -06:00
matugm
f89853d3bc
Squashed commit of the following:
...
commit 69bb41a8176fb814485225e0c3b0e1c44342e652
Author: matugm <matugm@gmail.com>
Date: Tue Jan 31 11:30:52 2012 +0100
indentation
commit 175d230a06dc58e2123f092d39f33063efdce83d
Author: matugm <matugm@gmail.com>
Date: Tue Jan 31 11:13:02 2012 +0100
Changed way of finding hive names so that it works with xp hives
2012-02-03 17:01:35 -06:00
David Maloney
df401f4c94
more fixes to backend stuff, plus updated vmware http login module to use
...
the correct mixin method now.
2012-02-03 15:44:41 -06:00
Tod Beardsley
148dddba2f
http_fingerprint should use the ssl() function
...
Instead of re-declaring ssl as a variable, just use the library's SSL
function, since it's there and it's incidentally more accurate.
2012-02-03 15:31:20 -06:00
James Lee
c0e9825565
Whitespace and a typo
2012-02-03 14:10:17 -07:00
David Maloney
b914a97359
Fixes to a bunch of fucntions to work on more complex vmware setups
...
VM Enuemration now appears to work against VCenter
2012-02-03 14:17:35 -06:00
Tod Beardsley
af506240cf
http_fingerprint reports service info
...
Service info once again is reported when http_fingerprint is run against
a target, along with http status codes.
2012-02-03 12:15:11 -06:00
HD Moore
6623988fc0
Remove duplicate interfaces call, fixes #6344
2012-02-03 09:46:08 -06:00
Tod Beardsley
786d75493c
Fix up VMWware webscan to not false positive
...
Checks to see if a target is actually vmware based on the provided
cookie, using the http_fingerprint() function from HttpClient.
[Fixes #6340 ]
2012-02-02 22:19:57 -06:00
sinn3r
f677f51319
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-02 16:53:38 -06:00
James Lee
cd0a806a06
Sort by filename instead of the default first column
...
[Fixes 6336]
2012-02-02 12:13:52 -07:00
James Lee
b347418f90
Add checks for numeric column data
...
[Fixes #6303 ]
2012-02-02 12:13:52 -07:00
James Lee
eb795514b3
Add a SortIndex option to rex Table
...
Allows Table#to_s to do the right thing when the first column isn't the
one we want sorted.
2012-02-02 12:13:51 -07:00
Marcus J. Carey
e70f9151e5
Merge remote-tracking branch 'upstream/master'
2012-02-02 07:13:03 -06:00
David Maloney
3f48e626a2
Adding a bunch of new VIM API auxiliary stuff
...
Work in progress.
2012-02-01 12:05:20 -06:00
HD Moore
46d40b89a5
Make sure at least one character is returned
2012-02-01 02:08:26 -06:00
sinn3r
187f630283
Merge branch 'netrc-creds' of https://github.com/jhartftw/metasploit-framework into jhartftw-netrc-creds
2012-01-31 22:45:47 -06:00
Maciej Kotowicz
01d6903c76
fix few mistakes
2012-01-31 22:01:52 +01:00
HD Moore
77c986948c
Proper fix for IPv6 postgresql connections
2012-01-31 02:08:02 -06:00
HD Moore
a74cf1ee10
Missing argument
2012-01-31 01:49:42 -06:00
HD Moore
52004b1e33
A little more cleanup for IPv6 in HTTP mixins
2012-01-31 01:44:03 -06:00
HD Moore
32f2d6754c
Handle ipv6 addresses, choose more obvious 'bad' password for
...
fingerprinting
2012-01-31 00:32:54 -06:00
sinn3r
b96beb0680
Correct regex syntax. Also some whitespace fix.
2012-01-30 15:49:06 -06:00
Jon Hart
37d467ea79
Loot .netrc files, generic enum_user_directories
2012-01-29 14:03:57 -08:00
Carlos Perez
5acc0c62d2
Have the the load command also look at the ~/.msf4/plugins folder
2012-01-29 15:03:18 -04:00
sinn3r
41ca655d86
Merge pull request #135 from scriptjunkie/master
...
Allow RPC clients to discover supported encoding formats.
2012-01-28 18:43:05 -08:00
scriptjunkie
086b2e4bf7
Allow RPC clients to discover supported encoding formats.
2012-01-28 15:46:17 -05:00
HD Moore
a2d20e25d3
Fix a regression in the workspace inclusion code (only affected
...
non-DB-connected instances). Add a PCA UDP scanner
2012-01-27 12:36:13 -06:00
sinn3r
ac582cd0fc
Change the error handling message for read_file_meterpreter(), because this one is easier to understand
2012-01-27 02:17:09 -06:00
sinn3r
3f4dbd9df6
Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework
2012-01-27 01:58:42 -06:00
Stephen Haywood
efda420e5f
Updates to enum_artifacts
2012-01-26 19:35:39 -05:00
Tod Beardsley
33c53b1f3f
Updates vm checking
2012-01-26 13:02:39 -06:00
David Maloney
31f6c4dfff
http_fingerprint now reports website isntead of just a service
...
fixes #6277
2012-01-26 11:05:06 -06:00
Maciej Kotowicz
87e7b10b2d
`advance` linux x64 payloads
2012-01-26 01:09:35 +01:00
Maciej Kotowicz
fe2caf2fe4
`advance` linux x64 payloads
2012-01-26 00:51:06 +01:00
Marcus J. Carey
9b320fa6f3
Update lib/msf/ui/banner.rb
2012-01-24 23:07:38 -06:00
Marcus J. Carey
b135446cc6
Update lib/msf/ui/banner.rb
2012-01-24 23:06:24 -06:00
Marcus J. Carey
79ff641f4d
adding new comic strip banner logo
2012-01-24 23:01:48 -06:00
Jon Hart
7ec5f98480
Adding jhart's natpimp libary and modules.
...
Made some minor corrections -- dropped the #vim splats, switched to msf
constants for service open etc, namely.
[See #106 ]
2012-01-24 10:32:30 -06:00
scriptjunkie
ee2823d23b
Compatibility - don't assign LongPtr to Long on x64
2012-01-23 22:17:28 -05:00
Tod Beardsley
26836cab47
Adds a default context for the TFTP Client lib.
...
For use with nonstandard routing.
2012-01-23 16:00:54 -06:00
Tod Beardsley
31dea3844e
Reintroduces chao-mu's OptRegexp
...
Revert "Revert "Merge pull request #101 from chao-mu/master""
[See #101 ]
This reverts commit c5ce575543
.
2012-01-23 14:21:19 -06:00
scriptjunkie
c5590a6c40
Add x64 support to VBA in-mem shellcode execution.
2012-01-23 12:43:47 -05:00
scriptjunkie
c6f66f6bb4
Add in-memory shellcode execution via VBA macro.
...
Keep old embedded exe method as 'vba-exe'.
2012-01-22 07:23:21 -05:00
scriptjunkie
9d7591467f
Fix "failed to generate" error when passing a preferred encoder to "payload.generate" method using RPC from, for example, the GUI on Windows.
...
framework.encoders[reqs['Encoder']] returns nil when, for example, reqs['Encoder'] is in UTF-8 encoding and the corresponding key of the framework.encoders hash in US-ASCII encoding.
2012-01-20 21:06:53 -06:00
sinn3r
955b02e227
Allow 'port' option in module searching (idea originally from Brandon Perry's blog)
2012-01-18 11:19:37 -06:00
Tod Beardsley
c5ce575543
Revert "Merge pull request #101 from chao-mu/master"
...
Reverting the OptRegexp commit from chao-mu. Before committing to
master, this option type needs to be tested on the various mainstream
UI's (Metasploit Pro, msfgui, and Armitage) to see if they behave
as reasonably as msfconsole. Each UI tends to handle option setting,
passing, and display in their own special way.
This should make it back in by Wednesday, assuming all goes well.
[See #101 ]
This reverts commit 84db5a21fc
, reversing
changes made to 24aaf85a1b
.
2012-01-17 15:33:47 -06:00
Tod Beardsley
cfca791480
Version info toggle for git vs svn checkouts
...
Version numbers are kind of meaningless in git development branches, but
are reportedly useful for SVN checkouts.
[See #6254 ]
2012-01-17 14:35:33 -06:00
Brandon Perry
d34a9f38a5
Adding bperry's various and sundry regex fixes
...
[Closes #109 ]
Squashed commit of the following:
commit 692568d02fbfd547ef2d05ad9887427fc53f8abb
Author: Brandon Perry <bperry.volatile@gmail.com>
Date: Mon Jan 16 12:34:35 2012 -0600
small get_everything fix
commit 5b29a310601b6658ffb74a4922b52bc5b3f864fb
Author: Brandon Perry <bperry.volatile@gmail.com>
Date: Mon Jan 16 12:31:31 2012 -0600
regex fixes
commit a565ade7f4fe42fb5d070d04ac1ba4e65c98d8b8
Author: Brandon Perry <bperry.volatile@gmail.com>
Date: Sun Jan 15 16:39:29 2012 -0600
registry.rb in lib/rex
commit 3609313ea357884480750948a9b0cc6514dcfcc2
Author: Brandon Perry <bperry.volatile@gmail.com>
Date: Sun Jan 15 16:32:06 2012 -0600
boot key fixed
commit e591ed1815b01b3e535b517c73470ad9984fe8c7
Author: Brandon Perry <bperry.volatile@gmail.com>
Date: Sun Jan 15 15:53:21 2012 -0600
fixes
commit 3598f3482eea2845baead71310d6192e105b6074
Author: Brandon Perry <bperry.volatile@gmail.com>
Date: Sat Jan 14 13:47:29 2012 -0600
stuff
commit 8a8d0dfda603d3697b54bd852f131795259f9c28
Author: Brandon Perry <bperry.volatile@gmail.com>
Date: Fri Jan 13 22:57:30 2012 -0600
reg fixes
commit fcfb51bb64b2d8ee6a28722bbf1998be47145b90
Merge: 2c7cfde 24aaf85
Author: Brandon Perry <bperry.volatile@gmail.com>
Date: Fri Jan 13 21:54:45 2012 -0600
Merge remote-tracking branch 'upstream/master'
commit 2c7cfdef41d9cdcce563c4d623c1c3585170d1fe
Author: Brandon Perry <bperry.volatile@gmail.com>
Date: Tue Jan 10 19:16:37 2012 -0600
typo
2012-01-16 17:54:33 -06:00
Tod Beardsley
84db5a21fc
Merge pull request #101 from chao-mu/master
...
Created Regexp option type
2012-01-14 07:25:50 -08:00
Tod Beardsley
24aaf85a1b
Merge pull request #98 from brandonprry/master
...
Offline registry reading library for rex (Rex::Registry)
2012-01-13 16:54:43 -08:00
Tod Beardsley
4ac6c0c3ee
A great big pile of fixes to the ssh scanners
...
Not sure how this managed to fall out of master -- some of these fixes
are five days old, and should certianly have been merged in prior to
just now.
2012-01-13 13:49:21 -06:00
chao-mu
b6b49ad672
Merge remote branch 'upstream/master'
2012-01-12 19:40:24 -05:00
chao-mu
a8a3d4d2c7
Updatted railgun_reverse_lookups test module to use the new regex options. Corrected spelling mistake in a variable name (my editor ate a p)
2012-01-12 19:39:05 -05:00
sinn3r
02bd1f3407
Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework
2012-01-12 17:06:14 -06:00
Stephen Haywood
8d19bca2a9
Added remote digest methods
2012-01-12 12:47:29 -05:00
Tod Beardsley
5f121fe181
Workaround postgresql.fingerprint dlog message
...
Came up as a concern, this special-cases notes of
"postgresql.fingerprint". Not thrilled with this fix, though.
2012-01-11 13:17:21 -06:00
Brandon Perry
0236a6994f
registry stuff
2012-01-10 18:45:24 -06:00
David Maloney
ed0dbad243
Fix to MSSQL Ping that returns ALL known isntances onstead of jsut the first one.
...
Fixes #6066
2012-01-10 12:32:47 -08:00
chao-mu
b23b7b8a88
Adds support for a regular expression based Option (RegexpOpt). Also introduced a method to OptBase called display_value which returns the value to be displayed to the user.
2012-01-10 09:22:14 -05:00
James Lee
753ddb27c5
Make all the EXE options OptPath
2012-01-10 03:36:47 -07:00
James Lee
1eb4900102
Make EXE::Custom an OptPath so it can be tab'd
2012-01-10 03:25:13 -07:00
Tod Beardsley
9e78eff968
Merge pull request #96 from chao-mu/master
...
Updates to Railgun
[Fixes #6128 ] among other things.
2012-01-09 06:43:02 -08:00
Tod Beardsley
badf62d8e0
Add back in ssh_key_matches?()
2012-01-08 22:45:00 -06:00
Tod Beardsley
a1668f2b23
Adds SSHKey gem and some other ssh goodies
...
Pubkeys are now stored as loot, and the Cred model has new and exciting
ways to discover which pubkeys match which privkeys.
Squashed commit of the following:
commit 036d2eb61500da7e161f50d348a44fbf615f6e17
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 22:23:32 2012 -0600
Updates ssh credentials to easily find common keys
Instead of making the modules do all the work of cross-checking keys,
this introduces a few new methods to the Cred model to make this more
universal.
Also includes the long-overdue workspace() method for credentials.
So far, nothing actually implements it, but it's nice that it's there
now.
commit c28430a721fc6272e48329bed902dd5853b4a75a
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 20:10:40 2012 -0600
Adding back cross-checking for privkeys.
Needs to test to see if anything depends on order, but should
be okay to mark up the privkey proof with this as well.
commit dd3563995d4d3c015173e730eebacf471c671b4f
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 16:49:56 2012 -0600
Add SSHKey gem, convert PEM pubkeys to SSH pubkeys
commit 11fc363ebda7bda2c3ad6d940299bf4cbafac6fd
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 13:51:55 2012 -0600
Store pubkeys as loot for reuse.
Yanked cross checking for now, will drop back in before pushing.
commit aad12b31a897db2952999f7be0161df1f59b6000
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 02:10:12 2012 -0600
Fixes up a couple typos in ssh_identify_pubkeys
commit 48937728a92b9ae52d0b93cdcd20bb83f15f8803
Author: Tod Beardsley <todb@metasploit.com>
Date: Sat Jan 7 17:18:33 2012 -0600
Updates to ssh_identify_pubkeys and friends
Switches reporting to cred-based rather than note-based, accurately deal
with DSA keys, adds disable_agent option to other ssh modules, and
reports successful ssh_login attempts pubkey fingerprints as well.
This last thing Leads to some double accounting of creds, so I'm not
super-thrilled, but it sure makes searching for ssh_pubkey types a lot
easier.... maybe a better solution is to just have a special method for
the cred model, though.
2012-01-08 22:28:37 -06:00
chao-mu
f7a9518944
In railgun mixin, "error_lookup" has been renamed "lookup_error" and now accepts a filtering regular expression. ::BUILTIN_DLLS instead of .builtin_dlls
2012-01-08 17:18:34 -05:00
chao-mu
d0fb9424b2
Updated to use "reject!" instead of "select!" so older versions of ruby are happy
2012-01-08 11:16:17 -05:00
chao-mu
6591bd3a45
Completed test coverage for pointer_util.rb and fixed the bugs I found
2012-01-08 11:05:24 -05:00
chao-mu
f9d123a8c8
Merge remote branch 'upstream/master'
2012-01-07 19:06:51 -05:00
James Lee
c2406e0e65
Fix whitespace at EOL
2012-01-06 21:13:17 -07:00
James Lee
c35c7f5fab
Add tab completion for pushm
...
[See #6165 ]
2012-01-06 21:10:59 -07:00
James Lee
7ea5f87960
Allow proper ruby types for evasion configuration
...
At some point in the distant past, the datastore was all strings and the
various option types got parsed out in the appropriate places. Then, in
the somewhat more recent past, the options started getting converted to
regular ruby types (such as TrueClass for a BOOL options, etc) earlier
in their life. Apparently, that change broke boolean http evasions.
This commit fixes them by ensuring that +true+ is just as acceptable as
"true".
Fixes #6198 , thanks Ashish for the report
2012-01-06 20:05:29 -07:00
chao-mu
c59e08ce7d
Moved utility codde and expanded railgun test suite runner
2012-01-06 21:07:16 -05:00
chao-mu
f41fc7a0ac
Moved platform_util.rb and added the tests for the new utilities to railgun.rb.ts.rb
2012-01-06 20:56:41 -05:00
chao-mu
bd52f228a0
Merge remote branch 'upstream/master'
2012-01-06 20:27:53 -05:00
HD Moore
c2a71d63b4
Tweak the logic here
2012-01-06 00:53:50 -06:00
HD Moore
9c827abcb7
net-ssh hackery to disable agent support, disable private key support,
...
and add a callback
2012-01-05 14:10:31 -06:00
Jonathan Cran
eec70706d0
make the esx driver dependent on meterpreter
2012-01-05 20:42:58 -06:00
Jonathan Cran
bedc34ad44
Merge branch 'master' of r7.github.com:rapid7/metasploit-framework
2012-01-05 18:26:26 -06:00
Jonathan Cran
c522514030
update the meterpreter modifier to reflect the new copy_ api
2012-01-05 18:26:05 -06:00
David Maloney
54bca49ef9
Slightly better fix to the digest request header issue
2012-01-05 12:25:32 -08:00
David Maloney
e61b4ed65c
Fixed issue with send_digest_request_cgi not keeping user supplied headers.
2012-01-05 12:02:21 -08:00
chao-mu
3772f56260
Am making use of platform_util.rb's platform symbols for standardization across railgun. Ideally only platform_util.rb will need to know what platform strings look like and how they are represented in the railgun world. Corrected railgun.rb mixin's pointer_size function.
2012-01-04 22:28:20 -05:00
chao-mu
6db2da1f76
module Rex
...
module Post
module Meterpreter
module Extensions
module Stdapi
module Railgun
module Type
module PlatformUtil
X86_64 = :x86_64
X86_32 = :x86_32
def self.parse_client_platform(meterp_client_platform)
meterp_client_platform =~ /win64/ ? X86_64 : X86_32
end
end # PlatformUtil
end # Type
end # Railgun
end # Stdapi
end # Extensions
end # Meterpreter
end # Post
end # Rex
2012-01-04 22:11:09 -05:00
chao-mu
d995c3893b
Platform handling utilities. I want to protect railgun against changes to client.platform's general form
2012-01-04 21:56:34 -05:00
chao-mu
d46379dda2
Merge remote branch 'upstream/master'
2012-01-04 19:32:06 -05:00
chao-mu
3d7d5d5f3d
Utility for working with pointers. Test coverage is incomplete
2012-01-04 19:30:30 -05:00
Tod Beardsley
164c80d496
Adding a comment doc to the shadowcopy lib.
...
Citing Tim Tomes and Mark Baggett
2012-01-04 12:03:13 -06:00
chao-mu
b9b5b1e66f
Merge remote branch 'upstream/master'
2012-01-02 20:07:50 -05:00
David Maloney
dd0b07b2cc
Adds mixin and post modules to manipulate Volume shadowcopy Service(VSS)
2011-12-30 15:03:04 -08:00
Joshua Smith
29b6d0d1e3
Adds previous, pushm, popm to msfconsole
...
Adds the ability to set and use a stack of modules, and to easily switch
between the last two modules used.
[Fixes #6165 ][Closes #84 ]
Squashed commit of the following:
commit e41e7f704888b1ce5ad5f23caeee1de13052e3d5
Author: Joshua Smith <kernelsmith@kernelsmith.com>
Date: Mon Dec 26 15:52:08 2011 -0500
pushm/popm working great, let me know if you find bugs
commit 23da8d56ea08ca196e649431e8188b4f29ba97b9
Author: Joshua Smith <kernelsmith@kernelsmith.com>
Date: Mon Dec 26 14:37:18 2011 -0500
Adds the 'previous' command to msfconsole which will load the previously active module as the currently active module, adds @previous_module as a class variable
2011-12-30 15:30:55 -06:00
James Lee
0fa0ceccb5
Merge branch 'master' of github-r7:rapid7/metasploit-framework
2011-12-30 10:55:48 -07:00
James Lee
ba017773b2
Cleanup whitespace at EOL
2011-12-30 10:55:01 -07:00
andurin
898df592be
Fix2 rpc exception handling
...
HD suggested a small tweak to use error_code OR res.code for the raise
2011-12-30 07:05:26 +01:00
andurin
7b4de2380f
Small fix: RPC client exception handling
...
IMHO rpc client should transform the error code from Msf::RPC::Exception
into it's own Msf::RPC::ServerException and should not take the msgpack
response code.
In deep:
I ran into a '401 invalid auth token' after a token timeout (300s).
RPC Daemon raised a 401 - invalid auth token as expected but rpc client
transformed it to a '200 - invalid auth token' using the successful http
transaction to transport the exception.
2011-12-30 05:44:26 +01:00
Tod Beardsley
bc22b7de99
MSFConsole should display hostless loot, also typo fix.
...
Fixes the console to display loot not associated with a host, as when
the CorpWatch modules save loot. Also fixes a typo on
corpwatch_lookup_id.rb
Fixes #6177
2011-12-29 15:11:15 -06:00
Tod Beardsley
78da15ed15
Always check for the current workspace when calling Report#myworkspace().
...
Fixes #6175
2011-12-29 13:48:05 -06:00
Tod Beardsley
4d8aea4ef8
Missed a session.options.
2011-12-29 08:59:16 -06:00
chao-mu
ebe461cce7
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2011-12-28 20:14:01 -05:00
chao-mu
0054fb5167
using select! instead of delete_if to avoid double negatives...
2011-12-28 20:05:54 -05:00
Tod Beardsley
84dfd46006
Merge pull request #83 from dirtyfilthy/rename_ssh_forward_options_var
...
rename non existent local variable 'options' to correct session.options
2011-12-28 13:52:28 -08:00
David Maloney
3bb2b5b7fd
Fixed typo in validation routine
2011-12-28 09:40:36 -08:00
David Maloney
9e1e87508f
Fix to boundary validation for when no db is present
...
Fixes #6171
2011-12-28 08:47:22 -08:00
chao-mu
5560c6b17e
Moved and adapted code relating to looking up constant names by constant value
2011-12-28 00:40:08 -05:00
chao-mu
ffcf5af9b0
Merge remote branch 'upstream/master'
2011-12-27 22:06:51 -05:00
David Maloney
a2760b219d
Merge branch 'master' of github.com:rapid7/metasploit-framework
2011-12-27 11:34:36 -08:00
David Maloney
9b995bc0a5
Adds boundary validation to the framework
...
enforces boudnary checking on netbios probes
2011-12-27 11:33:52 -08:00
James Lee
80603e03cb
grab the appropriate shell from mult-platform meterpreters and use /bin/sh instead of /bin/bash for linux to improve compatibility, fixes #5996
2011-12-26 14:41:24 -07:00
alhazred
39b365702f
rename non existent local variable 'options' to correct session.options
2011-12-26 21:40:46 +13:00
chao-mu
1604162ba3
A place to add railgun convenience code for use in modules
2011-12-24 15:59:46 -05:00
Tod Beardsley
35e868f705
Merge pull request #67 from kernelsmith/railgun-add_const_reverse_lookup
...
Add const_reverse_lookup and error_lookup to railgun (redmine 6128)
2011-12-22 14:43:24 -08:00
Jonathan Cran
e48031cf22
squashed lab upload commit
2011-12-22 14:56:45 -06:00
Tod Beardsley
b6d56e8410
Fixes VBS executable creator util
...
Fixes #6152 , using booleans instead of ints.
Tip o' the hat to cloder for the MSDN ref:
http://msdn.microsoft.com/en-us/library/aa265018%28v=vs.60%29.aspx
Tested works on winxp and win7 targets via the persistence meterpreter
script.
2011-12-22 13:13:34 -06:00
Tod Beardsley
743a0546f1
Don't blow up if the user doesn't set a filename
...
Can't actually require FILENAME or REMOTE_FILENAME because I don't know
if you're going to upload or download. However, there shouldn't be a
stacktrace when you just try to go with neither.
2011-12-21 16:26:29 -06:00
Tod Beardsley
1a396ba955
Merge pull request #70 from rapid7/tftp_client
...
Tftp client
2011-12-20 08:42:42 -08:00
Tod Beardsley
24d53efa7c
Final touches on TFTP client
...
See #5291 . Adds an option to mess with the block size in case someone
wants to write a fuzzer or exploit that leverages that. Adds a cleanup
method to the module (pretty much required, it turns out). Looking
nearly final, just need to rename the module and I think we're good to
push to master.
2011-12-20 10:03:04 -06:00
alhazred
3b44aa9e39
fix for ssh forwarding not handling the eof packet type
2011-12-20 19:42:54 +13:00
Tod Beardsley
677cb4b152
Handle empty data sends sanely for TFTP.
...
Don't just hang forever -- let the user know they just send empty data.
TFTP servers don't like this of course.
2011-12-19 21:56:03 -06:00
Tod Beardsley
2b3e3725ac
TFTP adding comment docs, ability to send w/out a file.
...
Commenting the tricksy parts a little better for general usage.
Adding the ability to set FILEDATA instead of FILENAME, in case
only short bits of data are desired and the user doesn't want
to go to the trouble of creating a source file to upload.
2011-12-19 18:15:19 -06:00
Tod Beardsley
431ef826c9
TFTP client now uses constants, preserves trailing spaces/nulls in data
...
See #5291 , just rediscovered the bug on this.
2011-12-19 16:33:25 -06:00
Tod Beardsley
5eaf2e7535
Adding download and loot functionality.
...
Still need to deal with the use case of not passing a block; blocks
should not be required, it should be okay to invoke and just wait for
the complete attribute to be true. You'll miss out on error messages but
eh, maybe those should be return values.
2011-12-19 15:50:50 -06:00
Tod Beardsley
aecde6fea4
Updating TFTP client. Now with grown-up thread handling.
...
No longer blocks on successful connections.
2011-12-19 12:14:40 -06:00
Tod Beardsley
902d7f5ea7
Adding more to TFTP. Still need a read tho
...
Adds error checking and some helpful messaging in the event of an error.
In the event of a failed transfer the module exits immediately, but in
success, I'm still hanging around for several seconds after. Not a deal
breaker but can be annoying.
Also, need to implement a read as well as a write and store it as loot,
to be actually useful for most TFTP checking.
2011-12-18 21:05:27 -06:00
Joshua Smith
8bdf76a87b
Adds const_reverse_lookup and error_lookup methods to the railgun instance, also adds test/modules/post/test/railgun_reverse_lookups.rb, tested, working great
2011-12-17 16:19:32 -05:00
chao-mu
df0abd0273
Merge remote branch 'upstream/master'
2011-12-16 19:44:13 -05:00
Tod Beardsley
50fa10679b
First draft of a TFTP client.
...
Could use some actual error checking and also needs to expose
more options.
2011-12-16 18:41:55 -06:00
chao
ec1dd8154e
When duplicating a DLL, duplicate everything underneath it to remain threadsafe. I wrote this patch months and months ago. The way I am deep copying produced much groaning in #metasploit when I put it in for code review. It was ultimately declared the lesser of two evils. If you have chat logs from months ago you may be able to find the discussion
2011-12-15 22:05:02 -05:00
Joshua Smith
5166bdcb01
initial, working resource file tab completion, completes from <install_dir>/scripts/resource, see redmine no. 4611
2011-12-15 17:27:52 -05:00
Jenkins
f6ef4ce2d1
add submodule
2011-12-13 21:45:18 -06:00
Jonathan Cran
6165b7a1eb
This commit adds a junit_success method, which can be called to
...
generate a test case success xml. This is necessary for the parser to
recognize that tests were indeed run.
2011-12-13 21:13:31 -06:00
HD Moore
cb94b92e9c
What in nine hells was this.
2011-12-13 16:04:25 -06:00
HD Moore
f38a794b1c
Convert ` to '
2011-12-13 16:02:23 -06:00
HD Moore
cfa128a2c8
Show the actual module name in the stack trace (instead of eval)
2011-12-13 09:47:37 -06:00
HD Moore
1d244c4b27
Return the URL in the correct format from the model
2011-12-11 13:50:21 -06:00
HD Moore
17cc89ebad
Add IPv6 specific HTTP(S) handlers and payloads (simplifies
...
options/usage)
2011-12-11 13:26:48 -06:00
HD Moore
2c538fe9c0
Rework RangeWalker and some of the socket API to fix bugs and generally
...
handle ranges the right way
2011-12-10 20:10:10 -06:00
HD Moore
dee053cd71
Try multiple scopes for link-local addresses, if necessary. Fix a small
...
typo
2011-12-10 15:24:10 -06:00
HD Moore
8e01312d0f
Formatting
2011-12-10 13:27:47 -06:00
HD Moore
e33ca5a7ba
Small typo fix
2011-12-10 13:26:47 -06:00
HD Moore
e46745b761
Add support for link-local scopes
2011-12-10 13:24:58 -06:00
HD Moore
9c887eb457
Fix displayed host name for IPv6 targets
2011-12-10 13:24:58 -06:00
HD Moore
e3f121929c
Accept IPv6 addresses in the return if getaddress
2011-12-10 13:24:58 -06:00
HD Moore
1cc68d1ed5
Accept IPv6 addresses in getaddress() responses
2011-12-10 13:24:58 -06:00
HD Moore
49ff9f594a
Properly enclose IPv6 addresses with brackets inside of the Host header
2011-12-10 13:24:58 -06:00
Tod Beardsley
f1950c2fe1
Adding back bitstruct (current upstream) and dns_fuzzer module
...
Fixes #3289 .
This commit adds back the bit-struct library because in the end,
it is useful for some modules, especially pello's. It's small
and it has a nice license, so why not. After all, it /is/
useful for quicky application headers. Eventually, should
be replaced by StructFu, but that requires some doc work
on my part to get that transition in place.
This also adds pello's DNS fuzzer module which makes use of
BitStruct to create sometimes malformed-on-purpose DNS headers.
Tested against 3 different DNS servers, caused one to reboot,
so I'd say it works.
2011-12-06 17:03:36 -06:00
HD Moore
72f64583e2
Add IPv6 range support, permission tweak
2011-12-06 00:43:11 -06:00
David Maloney
d939e33f1e
Allows for Loot and Tasks to be imported from an MSF ZIP.
...
This should bring any loots and tasks along with
everything else when doing an improt from an MSF ZIP file.
2011-12-05 22:30:34 -05:00
HD Moore
18e9b99e72
Fix permission (octal not decimal)
2011-12-05 16:49:16 -06:00
HD Moore
4344a5f92a
Fix up IPv6 resolution in DNS replies
2011-12-05 13:07:37 -06:00
HD Moore
bcebdb1893
Improve IPv6 handling
2011-12-05 13:07:37 -06:00
HD Moore
4748bf70cd
Use octal mode, duh
2011-12-05 13:07:36 -06:00
HD Moore
89caed444b
Add a helper method for modules to indicate IPv6 compatibility
2011-12-05 13:07:36 -06:00
HD Moore
5362e0cd24
Accept IPv6 addresses into the database routines, start flushing out
...
incompatibilities.
2011-12-05 13:07:36 -06:00
HD Moore
4829968107
Purge the old RPC API
2011-12-05 13:07:25 -06:00
HD Moore
f673b02308
Remove references to address6
2011-12-05 13:07:25 -06:00
HD Moore
27974c4c27
Merge branch 'master' of github.com:rapid7/metasploit-framework into fastlib
...
Conflicts:
modules/auxiliary/scanner/http/axis_login.rb
modules/exploits/multi/http/axis2_deployer.rb
modules/post/multi/gather/thunderbird_creds.rb
modules/post/windows/gather/credentials/imvu.rb
msfopcode
2011-12-03 14:07:09 -06:00
Tod Beardsley
6b06df0d7d
Merge pull request #38 from XeroHawk/alpha2_fix
...
Ported over the Issue 3190 SVN changes for unicode_mixed, an old bug that was hiding out in Redmine.
2011-12-02 12:51:47 -08:00
David Maloney
1db9177583
Revert "Merge pull request #22 from scriptjunkie/multithread"
...
This reverts commit 4f76f3bbb8
, reversing
changes made to e72dad4e81
.
2011-12-02 13:35:43 -05:00
HD Moore
424901b4b6
Change the encapsulation method to allow multiple methods without
...
conflict
2011-12-02 02:02:55 -06:00
HD Moore
4f76f3bbb8
Merge pull request #22 from scriptjunkie/multithread
...
RPC multithreading
2011-12-01 23:43:32 -08:00
HD Moore
e72dad4e81
Rescue the load error so rex will work outside of Metasploit. Fixes
2011-12-02 00:28:31 -06:00
Xero Hawk
2ac8cbaf66
Ported over the Issue 3190 SVN changes
2011-11-30 14:37:10 -05:00
HD Moore
626389f5ba
No longer track module archive paths, since the manager will load them from the main dir
2011-11-28 22:27:21 -06:00
HD Moore
591ef73f7d
Merge in updated module_manager that loads all .fastlibs
2011-11-28 22:24:27 -06:00
Tod Beardsley
ac33e55df5
Allow hyphens for fnames and ltypes for fileformat exploits
2011-11-28 19:16:30 -06:00