Commit Graph

6589 Commits (3fc25a00d84bbf5d82d039fc77d8088049b6ea99)

Author SHA1 Message Date
James Lee d7fa0ec669
Let IPAddr#hton do the calculating 2015-03-17 17:36:45 -05:00
jvazquez-r7 87b777e923
Refactor moving code to rex 2015-03-17 17:15:32 -05:00
jvazquez-r7 dd6ecefe39 Fix endianess 2015-03-17 11:40:50 -05:00
jvazquez-r7 ebe7ad07b0 Add specs, plus modify java_rmi_server modules 2015-03-17 11:26:27 -05:00
sinn3r ff58f7d270 Add Symantec Web Gateway Login Module 2015-03-17 02:51:57 -05:00
jvazquez-r7 0a37df67a0 Add initial support for better RMI calls 2015-03-16 23:44:16 -05:00
HD Moore 2ea984423b while(true)->loop, use thread.join 2015-03-16 14:08:01 -05:00
HD Moore 5fd3637d34 Remove the i32 size specifier (not needed) 2015-03-16 14:00:51 -05:00
HD Moore 69d9280748 Fix yard docs, retries, push.i8 instructions. See commit 05138524e3
Note that StagerRetryCount is not defined here, but will be in the parent class once #4934 lands
2015-03-16 13:52:13 -05:00
HD Moore 05138524e3 Fix yard docs, fix retries, trim bytes, retested and working 2015-03-16 13:35:36 -05:00
HD Moore 69a808b744 StagerProxy -> PayloadProxy 2015-03-16 12:14:42 -05:00
OJ 03232befc7 Add extra check to avoid crashing on startup 2015-03-16 17:14:36 +10:00
HD Moore f361e4ee52 Prefer the new-style proxy datastore options when available 2015-03-16 00:22:10 -05:00
HD Moore 7e89281485 Adds proxy (with authentication) support to reverse_http(s) 2015-03-16 00:03:31 -05:00
HD Moore 8e37342c50 Comment typo 2015-03-14 16:52:04 -05:00
HD Moore 0d12ca49a7 Work around lack of option normalization during size calculation 2015-03-14 16:19:13 -05:00
HD Moore 03019cf451 Adds StagerVerifySSLCert support (SHA1 of HandlerSSLCert) 2015-03-14 15:53:21 -05:00
Brent Cook 7a212a01eb
Land #4917, @hmoore-r7 avoid another payload size recalc 2015-03-13 08:43:33 -05:00
Brent Cook b68e05e536
Land #4914, @hmoore-r7 and @BorjaMerino winhttp stagers 2015-03-13 08:24:11 -05:00
HD Moore a57f02b863 Remove invalid SECURITY_FLAG_IGNORE_REVOCATION flag 2015-03-12 23:01:04 -05:00
HD Moore 744b1a680e Reworks how payload prepends work internally, see #1674 2015-03-12 02:30:06 -05:00
HD Moore 376d05f797 Avoid instantiating the module during recalculate 2015-03-12 01:02:37 -05:00
scriptjunkie dfbc50ff47 Make Host header override optional 2015-03-11 23:15:45 -05:00
OJ 345b5cc8e1 Add stageless meterpreter support
This commit adds plumbing which allows for the creation of stageless
meterpreter payloads that include extensions. The included transprots at
this point are bind_tcp, reverse_tcp and reverse_https, all x86.

More coming for x64. Will also validate http soon.
2015-03-12 13:22:04 +10:00
HD Moore 8bae58d631 Updated cache sizes 2015-03-11 21:25:12 -05:00
HD Moore 631e1606bf Fix WinHttpSetOption & stack parameters 2015-03-11 21:05:18 -05:00
scriptjunkie 401d553f84 Use host header in reverse_http(s) 2015-03-11 19:40:52 -05:00
HD Moore 1135e5e073 First take on WinHTTP stagers, untested 2015-03-11 16:27:14 -05:00
Brent Cook ceeee4446f
Land #4904, @hmoore-r7 reworks reverse_http/s stagers
They are now assembled dynamically and support more flexible options,
such as long URLs.
2015-03-11 10:41:59 -05:00
HD Moore 1d17e9ab5b Remove the 256 byte limit for URLs 2015-03-10 15:27:04 -05:00
James Lee cb41154712
Make a MatchResult when sessions are reported 2015-03-10 15:17:57 -05:00
HD Moore 5f382e539a Updated required_space to count all 256 bytes of the URL 2015-03-10 15:17:09 -05:00
HD Moore dedf3726ea Simplify the uri_req_len logic, thanks @bcook-r7 2015-03-10 15:12:02 -05:00
William Vu 736f0b34be
Land #4902, @nstarke's db_connect warning message 2015-03-10 14:12:47 -05:00
William Vu 3c7b061e05 Use single quotes
But I like double quotes. :(
2015-03-10 14:03:13 -05:00
William Vu 72e7691300 Change print_status to print_error
And drop db_disconnect note to another line.
2015-03-10 13:31:35 -05:00
HD Moore 966848127a Refactor x86 Windows reverse_http and reverse_https stagers 2015-03-10 12:48:30 -05:00
William Vu e81f2e366c Refactor db_{status,connect} a bit
Also allow for db_connect help.
2015-03-10 12:35:58 -05:00
nstarke ee8318d5c4 Adding db_disconnect qualifying statement 2015-03-10 11:58:04 +00:00
Brent Cook 97f09b6ab0
Land #4894: hmoore-r7 cache payload sizes on start
Avoid the hit of regenerating all of the static-size payloads when
loading the framework. This will facilitate conversion of payloads to
use metasm later.
2015-03-09 23:06:55 -05:00
nstarke 187a0445f3 Issue #4868 - Adding warning message to db_connect when already connected 2015-03-10 00:02:34 +00:00
HD Moore 78456fb2e0 Correct a typo (stringified symbol loses the :) 2015-03-09 15:42:23 -05:00
HD Moore 038591497f YARD docs for the Msf::Util::PayloadCachedSize class 2015-03-09 15:39:19 -05:00
James Lee 838746b021
Add user_data_is_match? method 2015-03-09 15:35:53 -05:00
HD Moore 99e2b05597 Move the cache update logic into a utility class 2015-03-09 15:29:58 -05:00
HD Moore 8c635243d3 Fix whitespace in the regex, implements Msf::Payload.dynamic_size? 2015-03-09 13:15:06 -05:00
Brent Cook 603179176a
Land #4876, @hmoore-r7 give encoders and payloads space available 2015-03-09 11:50:46 -05:00
Samuel Huckins 08df0bfaca
Land #4858, RPC client true/truthy fix
* Misc ruby cleanup and fixing the issue that caused MSP-12235, rolling back the
full rollback of PR 4823
2015-03-09 11:35:57 -05:00
James Lee b37a975108
Use metasploit_data_models staging branch 2015-03-09 01:28:27 -05:00
HD Moore c3479ba747 Update msfvenom & PayloadGenerator to pass in available_space 2015-03-09 01:14:56 -05:00
James Lee d771f54e35
Axe unused var 2015-03-09 00:21:10 -05:00
James Lee 6baff47e98
Refactor inference into its own method 2015-03-09 00:19:57 -05:00
sinn3r a91a29d4e5 Add a comment explaining about the error key 2015-03-08 23:51:43 -05:00
HD Moore d46635ff8b Restore a comment lost in the code churn 2015-03-07 21:25:35 -06:00
HD Moore 853bf1b569 Accidental carry over from stale master 2015-03-07 20:48:22 -06:00
HD Moore 2e49791bef This implements payload size caching, speeding up framework loads 2015-03-07 20:44:19 -06:00
William Vu 5316e0f0ce
Land #4887, msfconsole -n store_loot fix 2015-03-07 17:14:21 -06:00
sinn3r f3494d9019 Correct grammar in BES 2015-03-07 16:04:06 -06:00
James Lee 8adc4646f8
Add :user_data to Msf::Module 2015-03-06 14:23:06 -06:00
joev ca3b2220b5 Check to ensure Mdm is loaded to fix store_loot. 2015-03-05 23:27:13 -06:00
Brent Cook a13cd2bcb7
Land #4880: @wchen-r7 check if module has session before comparison 2015-03-05 20:48:42 -06:00
jvazquez-r7 9f3f8bb727
Merging #3323 work 2015-03-05 15:44:15 -06:00
Samuel Huckins 7cb3e236fb
Adding back prepended colons
Don't seem to be needed but don't want to introduce that change.
2015-03-05 14:06:50 -06:00
Samuel Huckins 02d30b3d44
Changes workspace cmd ordering to updated_at asc 2015-03-05 14:05:24 -06:00
Samuel Huckins 84df403d11
Land #4852, vuln note import/export addition 2015-03-05 13:54:22 -06:00
sinn3r 31191bef39 Fix #4865, undef method 'ancestors' in lib/msf/core/payload_set.rb
Fix #4865
2015-03-05 12:49:51 -06:00
jvazquez-r7 5ede40a39d Change the variable name 2015-03-05 12:21:33 -06:00
jvazquez-r7 e0a22a6794 Add support for folder 2015-03-05 12:19:33 -06:00
HD Moore 7a354f322c Comment typo (missing i). 2015-03-04 20:11:41 -06:00
HD Moore 95f67dba7a Tell payloads and encoders how much space they have to work with 2015-03-04 19:25:04 -06:00
HD Moore 1001061a96 Initialize @capture_count 2015-03-04 18:52:18 -06:00
jvazquez-r7 36375fab28 Fix downcase path handling 2015-03-04 12:58:41 -06:00
jvazquez-r7 4de1fdd020 Make SHARE prints verbose 2015-03-04 10:57:18 -06:00
jvazquez-r7 1c064f6b46
Land #3074, @0x41414141 SMB Share mixin 2015-03-04 10:16:04 -06:00
jvazquez-r7 64fd818364
Land #4411, @bcook-r7's support for direct, atomic registry key access in meterpreter 2015-03-04 10:01:33 -06:00
David Barksdale fb74136723 Add MIPS arches to this stupid case statement 2015-03-03 15:25:08 -06:00
jvazquez-r7 a57aefb721 Add specs for QUERY information level 2015-03-03 15:24:13 -06:00
jvazquez-r7 c213ed3f5f Add specs for FIND information level 2015-03-03 14:13:36 -06:00
jvazquez-r7 4237cd2c88 Add specs for QueryPathInformation 2015-03-03 13:19:06 -06:00
jvazquez-r7 63a3ab16fe Add specs for SMB_COM_SESSION_SETUP_ANDX commands 2015-03-03 10:31:43 -06:00
jvazquez-r7 4fc08d7243 Add specs for Msf::Exploit::Remote::SMB::Server::Share::Command::ReadAndX 2015-03-02 17:32:03 -06:00
jvazquez-r7 b0bc69b832 Add @todo comment 2015-03-02 14:25:56 -06:00
jvazquez-r7 d57e220f00 Delete unnecessary case on smb_cmd_trans_query_path_info_basic 2015-03-02 14:19:20 -06:00
jvazquez-r7 2004aea7b7 Add helpers for path handling on TRANS2 requests 2015-03-02 14:15:25 -06:00
jvazquez-r7 8acde11aaf Use file_contents instead of exe_contents 2015-03-02 12:56:48 -06:00
jvazquez-r7 34bd6a4365 Add documentation for the Share mixin 2015-03-02 12:42:32 -06:00
jvazquez-r7 9a8e17508f Add documentation for QUERY information levels 2015-03-02 12:00:34 -06:00
jvazquez-r7 750022806b Add documentation for FIND information levels 2015-03-02 11:46:20 -06:00
jvazquez-r7 0d8632dae9 Add documentation for TRANSACTION2 subcommands 2015-03-02 11:19:34 -06:00
jvazquez-r7 6a5dae4549 Add documentation for SMB_COM_TRANSACTION2 handling 2015-03-02 11:12:57 -06:00
jvazquez-r7 3923589286 Add documentation for SMB_COM_SESSION_SETUP_ANDX handling 2015-03-02 11:06:41 -06:00
jvazquez-r7 e8dd9c1971 Add documentation for SMB_COM_READ_ANDX 2015-03-02 10:59:07 -06:00
jvazquez-r7 1ad3f91c50 Add documentation for SMB_COM_NT_CREATE_ANDX handling 2015-03-02 10:52:30 -06:00
jvazquez-r7 19061121b3 Add documentation for SMB_COM_NEGOTIATE handling 2015-03-02 10:45:43 -06:00
jvazquez-r7 3e8bbb6c9e Add documentation for SMB_COM_CLOSE handling 2015-03-02 10:36:13 -06:00
jvazquez-r7 227cf4500d define constants for tree connect access rights 2015-02-28 18:38:45 -06:00
jvazquez-r7 eb3aedf4a7 Define constants for WordCount in responses 2015-02-28 18:15:14 -06:00
sinn3r 5f8c14c958 Fix check for TrueClass, plus other small changes 2015-02-28 14:11:15 -06:00
sinn3r 6f4259f2de Revert #4859, temporary solution for unbreaking client
This reverts commit 7ab86be72a, reversing
changes made to 49ae173057.
2015-02-28 14:07:26 -06:00
jvazquez-r7 eb7ac02d1a Normalize handlers names 2015-02-28 12:14:58 -06:00
jvazquez-r7 1d602d38c9 Refactor SessionSetupAndx handler 2015-02-28 12:10:48 -06:00
William Vu b27c9b9efc
Land #4838, reverse_http{,s} listening service fix 2015-02-27 21:02:58 -06:00
sinn3r ac81318e7a Revert #4823, changes for ruby style guide
This reverts commit 885469ca52, reversing
changes made to fd73445d9b.

Please see: #4823 for why.
2015-02-27 17:28:00 -06:00
jvazquez-r7 e5e13108ed Refactor close handling 2015-02-26 23:50:10 -06:00
jvazquez-r7 5418cdad11 Refactor negotiate handling 2015-02-26 23:49:07 -06:00
jvazquez-r7 5ed1f8d44f Make opts optional 2015-02-26 23:39:17 -06:00
jvazquez-r7 882f0bdc0e Refactor read_andx request handling 2015-02-26 23:35:12 -06:00
jvazquez-r7 5b770f9f7a Refactor nt_create_andx requests 2015-02-26 23:31:09 -06:00
jvazquez-r7 70033576fe Refactor query information level 2015-02-26 23:22:57 -06:00
jvazquez-r7 d544da22b5 Always send answer 2015-02-26 16:47:05 -06:00
jvazquez-r7 45be95747f Refactor Find Information Levels 2015-02-26 16:46:34 -06:00
jvazquez-r7 89a033c194 Delete unnecessary paddings due to miscalculations 2015-02-26 15:54:00 -06:00
David Maloney 095431c323
fix note search conditions
note search conditions needed to know about
vuln_id or else vuln notes would get overwritten

MSP-12183
2015-02-26 15:48:04 -06:00
rastating 3669fb678d Fix parameter default value 2015-02-26 21:15:33 +00:00
William Vu 260c603ffb Fix msfconsole -L
s/rb-readline/rb-readline-r7/

Should have been in #4816 (#4128).
2015-02-26 15:14:38 -06:00
jvazquez-r7 387c966550 Fix unnecessary paddings 2015-02-26 15:00:53 -06:00
David Maloney a72d49678a
only match by CVE refs
the other refs can be non-specific and refer
to multiple distinct vulns, resulting in
incorrect refs being attached to a vuln leading to
a snowball effect with more and more vulns being
misidentified.

MSP-12183
2015-02-26 14:57:16 -06:00
jvazquez-r7 500e4707ab Use smb_error 2015-02-26 14:35:52 -06:00
jvazquez-r7 c73ffea1b9 Do minor cleanup 2015-02-26 12:50:45 -06:00
David Maloney 8351920d1e
don't match based on URL refs
multiple vulns may be listed for
the same URL making matches based on
these refs entirely unreliable

MSP-12183
2015-02-26 11:40:15 -06:00
jvazquez-r7 b1e6de2eeb Add todo 2015-02-26 11:39:17 -06:00
jvazquez-r7 26bfebf1bb Add dummy wildcard handling 2015-02-26 11:39:05 -06:00
jvazquez-r7 d0ab9206b9 Do minor cleanup 2015-02-26 10:58:36 -06:00
jvazquez-r7 970f0c94b2 Create CREATE_ANDX constants 2015-02-26 10:44:07 -06:00
Matthew Hall ab1bb0e50d bugfixes to https://github.com/jvazquez-r7/metasploit-framework/tree/review_3074_clean_server
to provide consistent support for various exploits and OS SMB Commands.

Reintroduces smb_cmd_trans_query_path_info_network for use with the Struts2 JSP injection vulnerability.
Reintroduces smb_cmd_trans_query_file_info_basic for common use with rundll32.
Corrects some issues with filename formatting and pattern matching for file requests (can still be improved).
2015-02-26 16:10:34 +00:00
jvazquez-r7 993c75ec77 Update Offset counts with constants 2015-02-25 16:25:16 -06:00
jvazquez-r7 ee18cf592b Calculate ParamCount and DataCount 2015-02-25 16:00:26 -06:00
jvazquez-r7 df50aa0f06 Use constants for DataCount and DataCountTotal 2015-02-25 14:11:38 -06:00
jvazquez-r7 f35e03b21b Use constants 2015-02-25 13:44:56 -06:00
jvazquez-r7 f21959a8a2 Add constants for session setup actions 2015-02-25 13:31:57 -06:00
jvazquez-r7 e967cfbfb3 Create Access rights constants 2015-02-25 13:22:16 -06:00
jvazquez-r7 1caffbea2d Add constants for Negotiation Capabilities 2015-02-25 12:50:33 -06:00
jvazquez-r7 50d50d5353 Define constants for SMB Flags 2015-02-25 12:28:25 -06:00
jvazquez-r7 e5d9bb0a47 Update from master 2015-02-25 11:37:13 -06:00
jvazquez-r7 ec9be4531b Add SMB_CREATE_ANDX_RES_PKT template 2015-02-25 11:33:08 -06:00
jvazquez-r7 50f8731980 Parse SMB_CMD_CREATE requests 2015-02-25 11:09:14 -06:00
William Vu 0ad3473ebb Implement case-insensitive datastore.delete 2015-02-24 20:47:00 -06:00
jvazquez-r7 d10385cfed Add template for SMB_TREE_CONN_ANDX_RES_PKT 2015-02-24 19:27:25 -06:00
jvazquez-r7 1f1d95bb37 Delete one more extra comment 2015-02-24 18:27:39 -06:00
jvazquez-r7 aeb7f05158 Delete extra comment 2015-02-24 18:27:21 -06:00
jvazquez-r7 bb36899699 Do templates names consistent 2015-02-24 18:26:46 -06:00
jvazquez-r7 744e338ddc Do cleanup 2015-02-24 18:15:55 -06:00
jvazquez-r7 ec53e27249 Do better handling of TRAN2_QUERY_FILE_INFORMATION requests 2015-02-24 17:20:41 -06:00
jvazquez-r7 d29e9fc20b Parse TRAN2_FIND_FIRST2 commands 2015-02-24 17:02:49 -06:00
rastating 06cb30a20a Remove duplicated code 2015-02-24 22:43:59 +00:00
jvazquez-r7 231a2f3110 Fix handlers 2015-02-24 16:03:13 -06:00
David Maloney e4a58a2ec5
import notes attached to vulns
add the ability to import notes that
are attached to vulns instead of hosts

MSP-12183
2015-02-24 13:36:57 -06:00
David Maloney 389bcbd343
refactor note import into sep method
we will now be importing notes from multiple
place within the XML document. the importing
of notes has been refactored into a seperate
method to be easily reused in this fashion

MSP-12183
2015-02-24 12:18:32 -06:00
David Maloney 2389185376
export notes associated to a vuln
in addition to ntoes asscoiated directly
to a host, the XML export will now
export notes that are tied to a vuln

MSP-12183
2015-02-24 12:17:44 -06:00
Brent Cook c5d36ec24d remove unused handler methods
already defined in the base class
2015-02-24 11:23:08 -06:00
jvazquez-r7 ca7aabe9bc handle SMB_QUERY_FILE_NETWORK_OPEN_INFO 2015-02-24 11:13:18 -06:00
Brent Cook 3bed2d5136 fix for properly stopping the reverse_http/https handler
The issue seems to be at the root of #4669 is that reverse_http
registers an HTTP service but never releases its reference to it. If
we stop it directly, there may be a session already connected to it that
we kill, so we can't do that. Instead, track if we got a connection or
not, and conditionally release our reference based on whether the
connection succeeded.

This should fix #4669
2015-02-24 11:06:50 -06:00
William Vu 5f0aeda0be
Land #4835, new hex format for msfvenom 2015-02-24 10:56:47 -06:00
jvazquez-r7 31d1ba7100 Simplify debug to inspect smb_cmd_trans_query_file_info_network 2015-02-24 10:54:45 -06:00
Christian Mehlmauer 1d2fc989bd
remove newline 2015-02-24 17:35:53 +01:00
William Vu c3c9b233dd
Land #4834, a few more duplicate hash key fixes 2015-02-24 10:32:55 -06:00
Christian Mehlmauer 906c4a9024
use + instead of << 2015-02-24 17:18:41 +01:00
sinn3r 12a99ecee5
Land #4796, Handle incompatible payload architecture in BES 2015-02-24 10:02:25 -06:00
Christian Mehlmauer 5880702552
added new hex format 2015-02-24 16:05:02 +01:00
William Vu 7b32b8b58c
Land #4810, support for job renaming in msfconsole 2015-02-24 08:51:06 -06:00
Brent Cook ab4a416958 comment out duplicate keys that can only be used for reference
ruby is ignoring all but the second instances, and 2.2 still throws a
warning
2015-02-24 08:50:02 -06:00
William Vu 285c138f80 Add tab completion for rename_job 2015-02-24 04:25:36 -06:00
William Vu 500b6229be Clean up whitespace 2015-02-24 04:13:59 -06:00
sinn3r e9b6a023de Fix a typo 2015-02-23 21:45:02 -06:00
jvazquez-r7 d0d124eb19 Mimic original handling 2015-02-23 20:42:49 -06:00
jvazquez-r7 32046f9c47 smb_cmd_trans_query_path_info_standard 2015-02-23 19:57:16 -06:00
jvazquez-r7 ea483f14a1 Try to fix logic for query information levels 2015-02-23 17:17:33 -06:00
jvazquez-r7 3fca26a5de Add support for SMB_COM_TRANSACTION2 data blocks and params 2015-02-23 16:37:39 -06:00
jvazquez-r7 623d319ca7 Fix offsets 2015-02-23 14:43:06 -06:00
jvazquez-r7 2653ff9d58 Try to simplify request query and find request handling 2015-02-23 14:06:23 -06:00
jvazquez-r7 36711e801c Fix comment 2015-02-23 13:09:23 -06:00
jvazquez-r7 99483f88f1 Fix, hopefully, dispatching 2015-02-23 13:08:45 -06:00
jvazquez-r7 87176b9b37 Redo TRANS2_QUERY_PATH_INFORMATION dispatching 2015-02-23 12:52:50 -06:00
jvazquez-r7 a06d07d6da Clean smb_cmd_trans2_query_file_information dispatching 2015-02-23 12:03:08 -06:00
sinn3r c39d6e152e
Land #4819, Normalize HTTP LoginScanner modules 2015-02-23 11:43:42 -06:00
jvazquez-r7 abe5ea42cb Clean smb_cmd_trans 2015-02-23 11:34:19 -06:00
jvazquez-r7 3d7381b62a Handle TRANS2 commands 2015-02-23 11:33:49 -06:00
jvazquez-r7 fe00cadd18 Delete require 2015-02-23 11:15:55 -06:00
jvazquez-r7 1dba961698 delete SubCommand namespace 2015-02-23 11:15:14 -06:00
jvazquez-r7 7d9f661d78 Fix includes 2015-02-23 11:14:45 -06:00
jvazquez-r7 439507d359 Move trans2 files 2015-02-23 11:13:08 -06:00
HD Moore bdd5276524 This fixes a number of issues with the Capture mixin
* The use of www.metasploit.com in a datastore option results in a DNS lookup (infoleak). Switch to 8.8.8.8 (TTL=1)
 * The hackey code around #each_packet is no longer necessary in newer Ruby versions
 * The arp()/probe_gateway() calls to inject_reply() had broken logic leading to early exit and missed replies
 * The arp() function now tries up to three times to get a reply (helpful with lossy L2)
 * GC.start is extraneous and should be removed
 * Increased timeouts
2015-02-22 21:53:47 -06:00
HD Moore 615d71de6e Remove extraneous calls to GC.start() 2015-02-22 21:51:33 -06:00
Joshua Smith 251c284458 modernizes some of the rpc code 2015-02-22 15:37:55 -06:00
rastating 37a55cce74 Abstracted version comparison code 2015-02-22 16:20:46 +00:00
rastating 3d38d46729 Add extra version checking methods
Added the ability to check style.css for theme versions as version
tagging in style.css is a requirement of WordPress theme development.
Also updated existing readme checking to allow for a nil fixed_version
parameter in scenarios where all versions are vulnerable in an EOL
product.
2015-02-22 16:20:46 +00:00
HD Moore 888c718f40 Fix two typos 2015-02-22 02:45:50 -06:00
HD Moore 8e8a366889 Pass Http::Client parameters into LoginScanner::Http (see #4803) 2015-02-22 02:26:15 -06:00
Christian Mehlmauer c820431879
Land #4770, Wordpress Ultimate CSV Importer user extract module 2015-02-22 08:52:45 +01:00
William Vu 2b9ab901cb
Land #4811, creds -d documentation 2015-02-21 20:59:52 -06:00
William Vu b39e2bea8e
Land #4806, EXE::Custom case-sensitivity fix 2015-02-21 20:49:53 -06:00
William Vu f900d9cf26 Handle whitespace as per blank?
!~ /\S/ as per the original implementation of blank? also works.
2015-02-21 20:36:16 -06:00
rastating 708340ec5a Tidy up various bits of code 2015-02-21 12:53:33 +00:00
jvazquez-r7 80aef690a0 Do first commands refactoring 2015-02-21 01:48:47 -06:00
jvazquez-r7 52b41ab4f8 Do first Share refactoring 2015-02-21 01:00:46 -06:00
sinn3r b8cb93d712 Fix #3790, document the creds -d feature
Fix #3790
2015-02-20 21:38:26 -06:00
sinn3r b5f8ae85cf Fix #3827, Add support to rename a job
Fix #3827
2015-02-20 21:13:45 -06:00
rastating 7e1e0f8196 Add plugin upload functionality 2015-02-21 01:20:20 +00:00
jvazquez-r7 df903120e3 Reorganize trans2_find_first2 requests 2015-02-20 18:28:49 -06:00
jvazquez-r7 52a0e6dd1c Mark a couple of handlers for later review 2015-02-20 16:28:04 -06:00
Meatballs dc4898765f
Fix EXE::Custom 2015-02-20 16:59:18 +00:00
jvazquez-r7 a91d19e0e7 Add template for SMB_QUERY_FILE_STANDARD_INFO 2015-02-20 10:58:15 -06:00
jvazquez-r7 21978a1bfe Add template for SMB_QUERY_FILE_BASIC_INFO 2015-02-20 10:40:45 -06:00
jvazquez-r7 cf63e09188 Add templates for SMB_FIND_FILE_FULL_DIRECTORY_INFO_HDR and SMB_FIND_FILE_NAMES_INFO_HDR 2015-02-20 09:17:51 -06:00
jvazquez-r7 f2405a5dc0 Create SMB_FIND_FILE_BOTH_DIRECTORY_INFO_HDR_LENGTH constant 2015-02-20 00:35:26 -06:00
jvazquez-r7 571dffa317 Create template for SMB_FIND_FILE_BOTH_DIRECTORY_INFO 2015-02-20 00:22:33 -06:00
jvazquez-r7 94ad64546c Create TRANS2_PARAMETERS template 2015-02-19 23:16:52 -06:00
jvazquez-r7 b24b94ddd3 Do first cleanup of find_first2 handlers 2015-02-19 19:08:56 -06:00
jvazquez-r7 74c43f5527 Delete more unused local variables 2015-02-19 14:39:55 -06:00
jvazquez-r7 1d5a977280 Delete a lot of verbose prints 2015-02-19 14:37:16 -06:00
jvazquez-r7 0940ceae75 Delete unused local variables 2015-02-19 14:26:46 -06:00
jvazquez-r7 c38c3519d8 Delete more unused code 2015-02-19 14:24:18 -06:00
jvazquez-r7 7487f9611b Do some extra prints 2015-02-19 14:11:27 -06:00
jvazquez-r7 d9b9de8e89 Delete unused code 2015-02-19 13:16:24 -06:00
jvazquez-r7 5510000bf1 Use constant for FLAGS2 2015-02-19 13:02:50 -06:00
jvazquez-r7 392137292e Old delete register prototype comment 2015-02-19 13:00:12 -06:00
jvazquez-r7 39ceb5b90f Update smb_error on Exploit::Remote::SMB::Server 2015-02-19 12:10:28 -06:00
Brent Cook 4781ac4b39 the http service needs to keep running to handle meterpreter loading
revert a8f44ca68f
2015-02-19 09:38:48 -06:00
jvazquez-r7 b85324435e Don't waste instance variables 2015-02-18 16:42:52 -06:00
jvazquez-r7 91d9d93fec Handle instance variables correctly 2015-02-18 16:35:20 -06:00
jvazquez-r7 438b38dfe4 Use Rex::Text 2015-02-18 16:20:47 -06:00
jvazquez-r7 a815858644 Fix setup 2015-02-18 16:19:05 -06:00
jvazquez-r7 06dfa6b5be Fix initialize 2015-02-18 13:56:06 -06:00
jvazquez-r7 62c08094fd Delete the old FileServer mixin 2015-02-18 13:54:24 -06:00
jvazquez-r7 9068397fff Delete code commented by myself 2015-02-18 13:47:05 -06:00
jvazquez-r7 a446df95b2 Make Msf::Exploit::Remote::SMB::Server::Share a mixin 2015-02-18 13:45:48 -06:00
jvazquez-r7 415c671416 Move Rex code, we'll redesign as mixin 2015-02-18 13:44:02 -06:00
jvazquez-r7 ff4aa1f9da Require FileServer mixin 2015-02-18 11:43:13 -06:00
jvazquez-r7 f960a77754 Solve merging conflicts 2015-02-18 11:36:47 -06:00
Matt Buck a9931cd410
Land #4725, convert Rails 3 AR calls in RPC_Db
Converts Rails 3 style ActiveRecord calls in RPC_Db to their Rails 4
counterparts.

Fixes #4725, also see MSP-12017
2015-02-18 09:59:40 -06:00
William Vu bda96f46e6
Land #4780, stop HTTP service with HTTP handler 2015-02-18 03:34:03 -06:00
sinn3r 8ce1db5081 Fix #4783, raise exception if the payload arch is incompatible
Fix #4783
2015-02-17 21:47:17 -06:00
rastating e0d87a8886 Update to use store_loot for CSV export 2015-02-17 19:21:31 +00:00
Brent Cook bed40a83ee fix #4337: gracefully handle resolve_sid failure when enumerating user profiles
Rather than throwing a backtrace with an unresolvable SID, try to get as
much profile data as possible if resolve_sid fails.

```
[*] Determining session platform and type...
[-] Unexpected windows error 1332
[*] Checking for Firefox directory in:
C:\Users\Administrator\AppData\Roaming\Mozilla\
[-] Firefox not found
[*] Post module execution completed
```
2015-02-17 13:03:12 -06:00
Brent Cook a8f44ca68f stop the http service when the reverse http handler stops 2015-02-17 12:38:20 -06:00
Matthew Hall 547d4d1950 Merge with master 2015-02-17 17:23:19 +00:00
Matthew Hall 9e2a483977 Add example usage to Msf::Exploit::Remote::SMBFileServer documentation 2015-02-17 17:23:18 +00:00
Matthew Hall cec817902f Add yardoc documentation for Msf::Exploit::Remote::SMBFileServer 2015-02-17 17:23:18 +00:00
Matthew Hall 5cf8833697 Tidy lib/msf/core/exploit/smb.rb following feedback from jlee-r7.
* Doc comments wrap at 78 chars to follow yardoc convention
 * Remove unused :server and SERVER vals
 * Use Utils class directly
 * Stop server within an ensure
 * Change SRVHOST to an OptAddress
2015-02-17 17:23:18 +00:00
Matthew Hall 8beed5652d Implement SMBFileServer mixin.
In order to accomplish remote file injection (e.g. DLL) this module
emulates an SMB service process to allow clients to load a file from a
network share.

This commit implements the SMBFileServer exploit module utilising the
::Rex::Proto::SMB::Server module to export the "start_smb_server"
function.

Utilising the module (example):
 include Msf::Exploit::Remote::SMBFileServer
 exe = generate_payload_dll
 @exe_file = rand_text_alpha(7) + ".dll"
 @share = rand_text_alpha(5)
 my_host = (datastore['SRVHOST'] == '0.0.0.0') ?
 Rex::Socket.source_address : datastore['SRVHOST']
 @unc = "\\#{my_host}\#{@share}\#{@exe_file}"
 start_smb_server(@unc, exe, @exe_file)
 // Inject DLL
 handle

A separate commit will provide a sample implementation of utilising this
module within a generic webserver DLL injection exploit:
./exploits/windows/http/generic_http_dllinject.rb
2015-02-17 17:23:18 +00:00
sinn3r 6eaa3c264c
Land #4763, LSBackgroundOnly for safari_user_assisted_download_launch 2015-02-17 10:41:59 -06:00
Brent Cook e08206d192
Land #4768, jvazquez-r7 reorganizes the SMB mixins 2015-02-17 10:36:19 -06:00
sinn3r 0597d2defb
Land #4560, Massive Java RMI update 2015-02-17 10:07:07 -06:00
Brent Cook b4cf2f5d8c use correct response filter TLV_TYPE_VALUE_NAME 2015-02-17 08:46:25 -06:00
Brent Cook 503f58375b add direct registry access methods
Rather than operating on a passed-in HKEY, these open and close the registry
key directly for each operation.

This pattern better reflects the actual API usage within msf, and removes extra
round-trips to open and close the registry key, reducing traffic and increasing
performance. I did not add direct versions of every registry operation.
There was no benefit for more rarely-used operations, other than requiring more
churn in the meterpreters.

The primary beneficiary of this is post exploitation modules that do registry
or service enumeration. See #3693 for test cases.
2015-02-17 06:11:20 -06:00
rastating a22f5c1287 Add extra readme check for case sensitive servers 2015-02-14 23:43:04 +00:00
jvazquez-r7 2c842ee6d7 Fix namespaces on Server 2015-02-13 17:34:55 -06:00
jvazquez-r7 9b7bbc220b Fix namespaces on Client 2015-02-13 17:33:41 -06:00
jvazquez-r7 46c6ac9ca1 Redefine namespaces and requires 2015-02-13 17:09:06 -06:00
jvazquez-r7 df1daff673 Move clients 2015-02-13 17:07:03 -06:00