Jeffrey Martin
0be166e719
update session_compatible? for changes from PR#7507
2016-12-02 14:55:38 -06:00
darkbushido
889de05af4
removing some commented code
2016-12-02 13:06:22 -06:00
darkbushido
486f8cd2a3
adding arch to search
2016-12-02 13:05:23 -06:00
darkbushido
f6694992ce
changing module search to use the new scopes
2016-12-02 13:05:23 -06:00
Tim
5a2eb29a1b
remove unused generate_small_uri
2016-12-01 18:33:36 +08:00
Tim
4da614532b
fix luri
2016-12-01 18:22:13 +08:00
OJ
72a20ce464
Merge timwr's changes that fix android/reverse_http
2016-12-01 09:59:41 +10:00
David Maloney
2a065cd220
Land #7591 , sinn3r's warbird check fix
...
Lands sinn3r's fix to the warbird license verification
check in the payload segment injector
2016-11-30 15:45:04 -06:00
Tim
78480e31e7
remove AutoLoadAndroid
2016-11-30 21:23:14 +08:00
Tim
b494d069f7
fix android/meterpreter/reverse_https
2016-11-30 20:53:09 +08:00
Tim
92751714c1
fix android/meterpreter/reverse_http
2016-11-30 20:12:00 +08:00
OJ
e5db0f4610
Fix unpack causing puid breakage in some cases
2016-11-30 15:51:17 +10:00
OJ
3fad75641d
Final touches to make MSF happy with all refactorings
2016-11-30 11:30:59 +10:00
OJ
834756c337
Rework android structure to function with the multi arch payload
2016-11-29 17:55:31 +10:00
OJ
bdfaaf01b2
Make multi work with https
2016-11-29 15:51:38 +10:00
OJ
bd8f8fd6cb
More rework of payload structure to handle multi arch handlers
2016-11-29 15:21:13 +10:00
OJ
beca63645e
Revamp of java payload structure
2016-11-29 11:54:30 +10:00
OJ
e8d7a074fa
Tweak to stageless handling for python payloads
2016-11-29 07:54:51 +10:00
OJ
5e8a47ac00
Merge upstream/master into universal handler work
2016-11-28 15:26:43 +10:00
OJ
496836fc06
Remove debug junk, rejig order of ops in initializer
2016-11-28 15:25:07 +10:00
OJ
e8158bd200
Add multi platform type, wire into the multi stage
2016-11-28 09:34:09 +10:00
OJ
5fdd5a7326
More progress on http universal staged handler
2016-11-25 13:00:35 +10:00
Jin Qian
9f4784354a
Disconnect after making the HTTP transaction in send_request_cgi
...
Add a disconnect call after cgi is done.
2016-11-23 11:20:10 -06:00
James Lee
b45a36180e
Don't complain when Proxies is an empty string
2016-11-22 09:29:04 -06:00
OJ
c606eabbb9
Merge 'upstream/master' into universal-handlers
2016-11-22 14:06:46 +10:00
wchen-r7
b2cc8e2b95
Fix #7569 , Fix warbird check for missing text section
...
Fix #7569
2016-11-21 14:57:01 -06:00
Tim
daae46d37b
Fixes #7552 , fix apk injection into proguarded apks
2016-11-21 15:05:59 +08:00
Brent Cook
f313389be4
Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch
2016-11-20 19:08:56 -06:00
h00die
cd01b07682
Land #7565
...
Lands print_bad and vprint_bad from todb-r7
2016-11-18 13:29:39 -05:00
Tim
66ba2b077b
Land #7567 , fix apk injection when template has no permissions
2016-11-17 11:42:54 +00:00
Brian Yip
927e195e28
Generate payload apk from permissionless apk
2016-11-16 00:48:10 -04:00
Tod Beardsley
1deacad2be
Add a print_bad alias for print_error
...
Came up on Twitter, where Justin may have been trolling a little:
https://twitter.com/jstnkndy/status/798671298302017536
We have a `print_good` method, but not a `print_bad`, which seems a
little weird for Ruby -- opposite methods should be intuitive as Justin
is implying.
Anyway, I went with alias_method, thanks to the compelling argument at
https://github.com/bbatsov/ruby-style-guide#alias-method
...since Metasploit is all about the singleton, and didn't want to risk
some unexpected scoping thing.
Also dang, we define the `print_` methods like fifty billion times!
Really should fix that some day.
2016-11-15 19:20:42 -06:00
Brendan
7e4645afb3
Land #7527 , Add LURI support to the reverse_http/s stagers
2016-11-15 16:31:20 -06:00
dana-at-cp
c0e839dfd9
Fixes keytool bug in APK inject code
2016-11-11 06:12:47 -08:00
OJ
50c2ed8509
Fix post mixin platform/session check
2016-11-05 02:41:52 +10:00
OJ
b0970783ff
Another interim commit moving towards universal handlers
2016-11-04 13:25:02 +10:00
Brendan
dae1f26313
Land #7521 , Modernize TLS protocol configuration for SMTP / SQL Server
2016-11-03 12:56:50 -05:00
OJ
47ac122c15
Add LURI support to the reverse_http/s stagers
2016-11-03 14:51:07 +10:00
OJ
09d9733a75
Interim commit while working on multi payloads
2016-11-03 06:44:39 +10:00
OJ
cc8c1adc00
Add first pass of multi x86 http/s payload (not working yet)
2016-11-03 02:44:53 +10:00
OJ
494b4e67bd
Refactor http/s handler & payloads
...
This commit moves much of the platform-specific logic from the
reverse_http handler down into the payloads. This makes the handler
a bit more agnostic of what the payload is (which is a good thing).
There is more to do here though, and things can be improved.
Handling of datastore settings has been changed to make room for the
ability to override the datastore completely when generating the
payloads. If a datastore is given via the `opts` then this is used
instead otherwise it falls back to the settings specified in the usual
datatstore location.
Down the track, we'll have a payload that supports multiple stages, and
the datastore will be generated on the fly, along with the stage itself.
Without this work, there's no other nice way of getting datastore
settings to be contained per-stager.
2016-11-02 11:33:59 +10:00
David Maloney
451686309b
fixes #7519 psh payload generation
...
a few files references to the templates for pwoershell were
missed when transfering the templates over to the rex-powershell gem
2016-11-01 14:32:40 -05:00
OJ
0fca4483c0
Correctly call generate_stage on native init
2016-11-02 00:52:25 +10:00
OJ
6ec76611c3
Fix arch typo in meterpreter_options for x64
2016-11-02 00:38:34 +10:00
Brent Cook
f08a7ac10b
modernize default smtp_deliver TLS options
2016-11-01 05:42:05 -05:00
OJ
294b1e5ed7
Move session_type to base, and map shell arch to string
2016-11-01 03:02:23 +10:00
OJ
44ac3f8781
Use ARCH constant in mainframe_shell
2016-11-01 02:24:44 +10:00
OJ
ddd2d5e43f
Remove junk spaces from EXE exploit module
2016-11-01 01:28:21 +10:00
OJ
eeff24d2ef
Change BSD regex as per Brent's suggestion
2016-11-01 01:26:45 +10:00
OJ
0730613c67
Add comment to hilight need to support ARCH_CMD in sess check
2016-10-29 14:29:05 +10:00
OJ
8605992cdf
Remove superfluous session check in the post mixin
2016-10-29 14:19:27 +10:00
OJ
e5d3feebea
Final regex fix for jobs arch check
2016-10-29 14:10:01 +10:00
OJ
57eabda5dc
Merge upstream/master
2016-10-29 13:54:31 +10:00
OJ
8b97183924
Update UUID to match detected platform, fail exploit on invalid session
2016-10-29 13:45:28 +10:00
OJ
0737d7ca12
Tidy code, remove regex and use comparison for platform checks
2016-10-29 13:41:20 +10:00
OJ
9e3960f334
Update session listing to show type or platform
2016-10-29 12:46:11 +10:00
OJ
6364e93ece
Update session types to have base_platform and base_arch
2016-10-29 12:45:37 +10:00
OJ
a7485c4bba
Use constants for base_arch
2016-10-29 08:10:44 +10:00
OJ
1d617ae389
Implement first pass of architecture/platform refactor
2016-10-28 07:16:05 +10:00
OJ
ca377cadd7
Move the binary suffix stuff to a better location
2016-10-27 07:43:27 +10:00
Sonny Gonzalez
5ce886cf5c
Land #7490 , xml importer fingerprinting fixed
2016-10-25 14:13:15 -05:00
Louis Sato
56d5c49d4d
host was no associated with the workspace
...
* searching mdm host by wspace id instead
2016-10-25 12:05:06 -05:00
Louis Sato
1378e2e61a
preserve hosts should still fingerprint new hosts
2016-10-25 09:58:30 -05:00
Louis Sato
744724c083
conditionalize fingerprinting
...
* fix bug where host not preserved
2016-10-24 18:45:48 -05:00
Jon Hart
12508f7140
Fix DRDoS mixin to handle empty responses
2016-10-24 14:21:28 -07:00
Adam Cammack
39b889ea29
Land #7459 , Delay fingerprinting during import
2016-10-24 10:47:25 -05:00
Tim
ce1f3e6b9e
Land #7451 , copy original signing certificate when backdooring APK
2016-10-22 18:04:22 +08:00
David Maloney
6b77f509ba
fixes bad file refs for cmdstagers
...
when moving to the rex-exploitation gem some of the
file references were missed, partially due to silly differences
between how each file was referenced
Fixes #7466
2016-10-21 12:31:18 -05:00
David Maloney
de87fccf85
Land #7469 , OJ's php preamble fix
...
this is OJ's fix for the bind_php payload
preamble that causes it to be missing the php
tags
2016-10-21 12:05:39 -05:00
dana-at-cp
b8e30a241e
Copy original cert data into new signing cert created for APK injection
2016-10-20 08:43:45 -07:00
Louis Sato
f18cbd655e
delay fingerprinting of host
...
MS-2073
* imports are slow mainly caused by fingerprinting after every service creation
* now only fingerprints after all the services are created for imports
2016-10-18 17:42:48 -05:00
William Vu
ebf52759cc
Land #7449 , unsuitable language fix
2016-10-16 03:23:05 -05:00
Justin Steven
2ae62cfce1
Fix typo: Use a better adjective
2016-10-16 18:01:42 +10:00
dana-at-cp
d7ac8eba45
Create new signing certificate with dname value copied from original certificate.
2016-10-15 14:05:53 -07:00
Brent Cook
5736b2c821
add missing require
2016-10-14 12:15:45 -05:00
Brent Cook
4c248ebe9e
Merge branch 'master' into land-7430-
2016-10-14 09:48:33 -05:00
OJ
70011922a3
Remove binary suffixes for payloads that don't exist
2016-10-14 14:08:13 +10:00
OJ
022830634b
Rejig platform to use windows instead of win32/win64
2016-10-14 10:10:04 +10:00
Brent Cook
e5ac3eda61
Land #7362 , Fix apk injection script to include android payload service and broadcast receivers
2016-10-11 07:54:10 -05:00
Tim
3d9cb7375c
store Android payload information in byte array
2016-10-11 14:41:32 +08:00
OJ
e139a1ee8f
Land #7383 : Rebase/Fix + SSL stager support for python
2016-10-10 13:06:09 +10:00
Brent Cook
63bf93be1b
code and style cleanups
2016-10-08 21:04:15 -05:00
Brent Cook
7c1fa3eb51
fix 'info -d module', it assumed active module only
2016-10-08 19:31:00 -05:00
RageLtMan
44c5fc3250
Sync build_net_code post module upstream
...
Fix merge conflicts and add missing lines to framework version of
the DotNet compiler example module.
Test output to come in PR #5393
2016-10-08 14:06:35 -05:00
RageLtMan
47b1320d08
Add options to cmd_psh_payload
...
Fill in validated datastore options for generating custom PSH
payloads
2016-10-08 14:06:35 -05:00
RageLtMan
fb8e025aa5
Force datastore validation by option set
...
cmd_psh_payload relies on datastore options to have a proper
data type down the call chain. When modules are created with string
values for all data store options, a conditional naively checking
what should be a boolean value for false/nil? would return true
for a string representation of "false."
Ensure that datastore options are validated prior to using them
to set variables passed into Rex methods.
2016-10-08 14:06:35 -05:00
RageLtMan
f24bfe7d4e
Import Powershell::exec_in_place
...
Allow passing exec_in_place parameter to cmd_psh_payload in order
to execute raw powershell without the commandline wrappers of
comspec or calling the powershell binary itself.
This is useful in contexts such as the web delivery mechanism or
recent powershell sessions as it does not require the creation of
a new PSH instance.
2016-10-08 14:06:35 -05:00
RageLtMan
36b989e6d7
Initial import of .NET compiler and persistence
...
Add Exploit::Powershell::DotNet namespace with compiler and
runtime elevator.
Add compiler modules for payloads and custom .NET code/blocks.
==============
Powershell-based persistence module to compile .NET templates
with MSF payloads into binaries which persist on host.
Templates by @hostess (way back in 2012).
C# templates for simple binaries and a service executable with
its own install wrapper.
==============
Generic .NET compiler post module
Compiles .NET source code to binary on compromised hosts.
Useful for home-grown APT deployment, decoy creation, and other
misdirection or collection activities.
Using mimikatz (kiwi), one can also extract host-resident certs
and use them to sign the generated binary, thus creating a
locally trusted exe which helps with certain defensive measures.
==============
Concept:
Microsoft has graciously included a compiler in every modern
version of Windows. Although executables which can be easily
invoked by the user may not be present on all hosts, the
shared runtime of .NET and Powershell exposes this functionality
to all users with access to Powershell.
This commit provides a way to execute the compiler entirely in
memory, seeking to avoid disk access and the associated forensic
and defensive measures. Resulting .NET assemblies can be run
from memory, or written to disk (with the option of signing
them using a pfx cert on the host). Two basic modules are
provided to showcase the functionality and execution pipeline.
Usage notes:
Binaries generated this way are dynamic by nature and avoid sig
based detection. Heuristics, sandboxing, and other isolation
mechanisms must be defeated by the user for now. Play with
compiler options, included libraries, and runtime environments
for maximum entropy before you hit the temmplates.
Defenders should watch for:
Using this in conjunction with WMI/PS remoting or other MSFT
native distributed execution mechanism can bring malware labs
to their knees with properly crafted templates.
The powershell code to generate the binaries also provides a
convenient method to leave behind complex trojans which are not
yet in binary form, nor will they be until execution (which can
occur strictly in memory avoiding disk access for the final
product).
==============
On responsible disclosure: I've received some heat over the years
for prior work in this arena. Everything here is already public,
and has been in closed PRs in the R7 repo for years. The bad guys
have had this for a while (they do their homework religiously),
defenders need to be made aware of this approach and prepare
themselves to deal with it.
2016-10-08 14:05:53 -05:00
William Vu
1f36583db2
Add zeroSteiner to author.rb
2016-10-07 12:51:22 -05:00
David Maloney
af4f3e7a0d
use templates from the gem for psh
...
use the templates now contained within the magical
gem of rex-powershell
7309
MS-2106
2016-10-04 14:14:25 -05:00
Brent Cook
63d13f0f49
check if there is a stance set before checking the value
2016-10-02 19:48:49 -05:00
Tim
e628fab86e
Land #7378 , run zipalign during apk injection process
2016-09-30 12:27:27 +08:00
Brent Cook
6241e48b34
Land #7350 , add 'sess' command for direct session switching support
2016-09-29 23:18:53 -05:00
RageLtMan
4fdb54e6a1
Fixup transport to work with upstream
...
Differences in transport configuration and the actual payload do
not allow a direct splice of the original files included.
Clean up the payload generator to work with upstream handler,
payload, and transport configuration implementation.
Initial testing shows inbound sessions are created and SSL cert
is now properly attaching to the handler.
2016-09-29 17:21:59 -05:00
RageLtMan
a7470991d9
Bring Python reverse_tcp_ssl payload upstream
...
Adds TLS/SSL transport encryption for reverse tcp payloads in
python
2016-09-29 17:21:59 -05:00
dana-at-cp
b06a3d3c68
Refactor code that calls zipalign on injected APK
2016-09-29 07:49:50 -07:00
dana-at-cp
e8d99fb3f5
Run zipalign as last step during APK injection process
...
Running zipalign on an APK after signing and before distribution
is considered general best practice. Also, properly aligning an APK
makes it less likely to be flagged as suspicious by mobile security
solutions.
More on zipalign from Google:
https://developer.android.com/studio/command-line/zipalign.html
2016-09-28 20:05:17 -07:00
Jeffrey Martin
1689f10890
Land #7292 , add android stageless meterpreter_reverse_tcp
2016-09-28 16:05:22 -05:00
Brent Cook
5a611b0ec4
use the correct scope for the Stance names
2016-09-28 13:48:28 -05:00
Tim
b4a1adaf0f
refactor into android.rb
2016-09-28 18:23:34 +08:00
Tim
dc43f59dcf
dalvik -> android
2016-09-28 14:50:52 +08:00
Tim
a39c4965e4
fix apk injection script to include payload service and receivers
2016-09-26 19:50:10 +08:00
Brent Cook
006c749e6a
directly check to match the former definition of aggressive?
2016-09-25 23:57:13 -04:00
Brent Cook
743bea912a
fix exploit Passive / Aggressive overrides to do the right thing
2016-09-25 19:57:41 -04:00
Pearce Barry
00258a4d31
Land #7351 , restore NTLM constant class shortcuts
2016-09-25 12:09:38 -05:00
dmohanty-r7
00c02bb132
Land #7349 , Add initialization of RHOST value prior to calling child check()
2016-09-23 12:28:08 -05:00
Tim
c13ab28a5b
remove debug statement
2016-09-22 16:27:11 +01:00
Tim
acb3e66064
fix comments
2016-09-22 16:26:26 +01:00
Tim
32c2311b86
android meterpreter_reverse_tcp
2016-09-22 16:26:26 +01:00
Brent Cook
2ec87d1f67
check if constant aliases are already set before setting
...
(I'm presuming that was what removing was intended to help with)
2016-09-22 07:12:42 -05:00
Brent Cook
4acb29a129
restore NTLM constant class shortcuts
2016-09-22 07:01:38 -05:00
OJ
af4b1cf48f
Add the `sess` command to MSF and Meterp shells
...
This new command is a simpler shortcut that allows for moving around sessions much faster from within the console.
* From inside MSF, `sess <id>` is shorthand for `sessions -i <id>`
* From inside Meterp, `sess <id>` is shorthand for `background; sessions -i <id>`
In the latter case, if the session being switched to is the same id, then no swiching happens.
2016-09-22 16:09:59 +10:00
Brent Cook
b4b709d921
Land #7342 , remove OSVDB links and references from library code - leave in modules
2016-09-22 00:45:05 -05:00
William Vu
fda5faf4ed
Land #7346 , route command fixes
...
Also adds session -1 support.
2016-09-21 15:44:24 -05:00
Spencer McIntyre
a3e3bbf2b0
Remove unnecessary reference to idx
2016-09-21 12:42:25 -04:00
Spencer McIntyre
08836a317d
Fix "route add" error and support using session -1
2016-09-21 12:02:30 -04:00
Spencer McIntyre
0671e854a9
Default the route command to printing the table
2016-09-21 10:36:59 -04:00
Brendan
b0bb5b5806
Added initialization of RHOST value prior to calling child check() functions
2016-09-20 18:18:52 -05:00
“Brian
4ff8235304
Remove semicolon
2016-09-20 17:57:48 -05:00
“Brian
8871673ada
Merge branch 'master' of github.com:rapid7/metasploit-framework
2016-09-20 17:48:06 -05:00
“Brian
53170cca01
msfconsole command
...
resolves #7330
Warns the user if they try to run msfconsole in msfconsole and does not let them do it
2016-09-20 17:46:25 -05:00
Brent Cook
1b31e0a63e
remove osvdb links
2016-09-20 14:27:59 -05:00
Pearce Barry
3f5ed75198
Relocate Rex::Platform:Windows content (fixes MS-1714)
2016-09-19 14:34:44 -05:00
dmohanty-r7
4c4f2e45d6
Land #7283 , add jsp payload generator
2016-09-16 14:37:59 -05:00
Brent Cook
b21daa7019
Land #7263 , Automatically generate keystore for android apk signing
2016-09-15 22:09:15 -05:00
Brent Cook
e09fe08983
Land #7278 , fix FTP path traversal scanners
2016-09-12 10:47:36 -05:00
Brendan
a30711ddcd
Land #7279 , Use the rubyntlm gem (again)
2016-09-07 16:33:35 -05:00
David Maloney
43942e6029
refactor pem parser to use the rex-socket gem version
...
use rex-socket's pem aprser instead of the old one we used
to have in rex::parser
MS-1715
2016-09-07 11:38:27 -05:00
David Maloney
405c59b8b8
move bidirectional pipe into rex/ui/text
...
this didn't really fit with the rest of rex::io and it inherits
from inside rex/ui/text so just put it there
MS-1715
2016-09-07 11:34:04 -05:00
Christian Mehlmauer
c6012e7947
add jsp payload generator
2016-09-06 22:17:21 +02:00
William Vu
b701048ce2
Fix data_disconnect to shutdown only if datasocket
...
Seeing people use this with ensure when their data channel was never set
up. This breaks things. :)
2016-09-05 15:54:26 -05:00
Tim
9ebe18d096
automatically generate keystore for apk signing
2016-09-01 10:19:58 +01:00
Pearce Barry
226ded8d7e
Land #6921 , Support basic and form auth at the same time
2016-08-25 16:31:26 -05:00
William Vu
954dee752b
Sort msfvenom --help-platforms
...
Also sort --help-formats.
2016-08-25 14:02:58 -05:00
Pearce Barry
250e6676ca
Update crawler with new auth key values.
2016-08-24 16:01:46 -05:00
William Vu
61f1e7e9c2
Add server_port to HTTP fingerprint
...
MS-1982
2016-08-24 13:24:24 -05:00
Pearce Barry
03e14ec86f
Land #7232 , Net::SSH Regression Fixes
...
Fixes #7160
Fixes #7175
Fixes #7229
2016-08-23 14:53:42 -05:00
David Maloney
95b82219a3
Land #7233 , ssh over L# pivot
...
this lands egypt's fix for using Net::SSH over L# pivots
2016-08-23 14:12:54 -05:00
William Webb
3b3b4723c2
Land #7231 , Fix Android Meterpreter command autoload and sysinfo
2016-08-22 12:22:43 -05:00
David Maloney
b6dff719f3
add a hard require to the ssh mixin
...
added hard require for SSHFactory into the ssh exploit mixin
this should prevent any laod-order bugs from cropping up again
2016-08-22 09:56:07 -05:00
Tim Wright
3955c4332d
fix android autoload commands and sysinfo
2016-08-22 14:53:58 +01:00
wchen-r7
265adebd50
Fix typo
2016-08-19 10:44:24 -05:00
wchen-r7
0f4d26af19
Update yard doc
2016-08-18 17:18:16 -05:00
wchen-r7
2a61450511
Add new POST exploitation APIs for stealing a token
2016-08-18 17:08:21 -05:00
James Lee
91417e62a8
Cleanup docs
2016-08-18 10:40:32 -05:00
William Vu
bc9a402d9e
Land #7214 , print_brute ip:rport fix
2016-08-17 22:48:40 -05:00
William Webb
667c3566e5
Land #7209 , Add functionality to pull .NET versions on Windows hosts
2016-08-17 12:48:05 -05:00
Brent Cook
b37dc8ea27
Land #7210 , allow send_request_cgi to close a non-global socket
2016-08-16 22:54:23 -05:00
Brendan
b25b2a5188
Cleaned up code per suggestions in the PR
2016-08-16 16:16:25 -05:00
wchen-r7
5f8ef6682a
Fix #7202 , Make print_brute print ip:rport if available
...
Fix #7202
2016-08-16 15:34:30 -05:00
Brent Cook
e70402a130
use the platform string verbatim on windows meterpreter
2016-08-15 23:50:57 -05:00
wchen-r7
498657ab35
Fix #3860 , tearing down TCP connection for send_request_cgi
...
Fix #3860
2016-08-15 15:45:52 -05:00
Brendan
0778b77f7b
Cleaned up a little
2016-08-15 12:20:28 -07:00
Brendan
7730e0eb27
Added ability to retrieve .NET versions
2016-08-15 11:29:00 -07:00
Brendan
906d480264
Added dotnet require
2016-08-15 11:06:29 -07:00
Pearce Barry
1e7663c704
Land #7200 , Rex::Ui::Text cleanup
2016-08-12 16:22:55 -05:00
Brent Cook
6a035b7e48
Land #7161 , add specs for cisco mixin to use Metasploit Credentials
2016-08-12 10:07:17 -05:00
Pearce Barry
6386d9daca
Land #7178 , Add a method to check the Powershell version
2016-08-11 11:02:41 -05:00
wchen-r7
e08c4a8bef
Remove .Net check
...
cmd_exec doesn't seem to be the best way to go because there is
some issue grabbing the output sometimes.
2016-08-11 10:49:06 -05:00
David Maloney
09ad342b67
Merge branch 'master' into feature/MS-1875/rex-table
2016-08-10 15:58:27 -05:00
wchen-r7
3851db7bcb
Use powershell when possible
2016-08-10 15:14:11 -05:00
Brent Cook
1cb01ee876
remove architecture fidling from platform string for now
2016-08-10 14:46:48 -05:00
David Maloney
eb73a6914d
replace old rex::ui::text::table refs
...
everywhere we called the class we have now rewritten it
to use the new namespace
MS-1875
2016-08-10 13:30:09 -05:00
dmohanty-r7
b027176799
Land #7156 , use windows_error gem for constants
2016-08-10 11:47:37 -05:00
Pearce Barry
ae59c4ae74
Land #6687 , Fix meterpreter platform to include OS in the tuple for all meterpreters
2016-08-07 05:00:24 -05:00
wchen-r7
4055fd1930
Do e.message instead of e.to_s
2016-08-05 14:12:50 -05:00
wchen-r7
d59b6d99ee
Make the debug output more readable
2016-08-05 13:20:53 -05:00
wchen-r7
766c0cc539
return nil if no .Net is installed
2016-08-05 11:36:32 -05:00
wchen-r7
a8d9a5c02c
Print exceptions if needed
2016-08-04 18:14:22 -05:00
wchen-r7
7538b3dcf8
Fix #7170 , Add HttpTrace option for HttpClient
...
Fix #7170
2016-08-04 16:09:17 -05:00
wchen-r7
11f94a6efc
Do a different wmic query for newer systems
2016-08-04 14:50:46 -05:00
wchen-r7
3ea3d95744
Add methods to check .Net and Powershell versions
2016-08-03 17:49:15 -05:00
darkbushido
5a1cd24350
finishing converting the last of this to credentials
2016-07-29 09:58:17 -05:00
darkbushido
0972005b24
updating 'ppp.*username secret'
2016-07-29 09:58:17 -05:00
darkbushido
1d33c9aa88
updating specs upto 'username secret'
2016-07-29 09:58:17 -05:00
darkbushido
73b362cade
updating more spec
2016-07-29 09:58:16 -05:00
darkbushido
b66621af0d
adding in a blank service_name
...
fixing myworkspace
2016-07-29 09:58:16 -05:00
darkbushido
219f9d5d57
updating parts of cisco to use creds
2016-07-29 09:58:15 -05:00
darkbushido
40240662db
converting enable password to create_credentials
2016-07-29 09:58:15 -05:00
Brent Cook
8ad38aec2f
Land #7109 , Add final filesize to msfvenom output
2016-07-29 09:24:10 -05:00
Brendan
ee40c9d809
Land #6625 , Send base64ed shellcode and decode with certutil (Actually MSXML)
2016-07-28 13:01:05 -07:00
Brendan
2525eab996
persistance -> persistence
2016-07-28 12:56:04 -07:00
Pearce Barry
1f5fbd4a67
Put remaining consts in exploit mixin...
2016-07-27 17:43:29 -05:00
Pearce Barry
05afaa1162
Pull in consts from rex-arch gem...
2016-07-27 17:43:17 -05:00
Pearce Barry
bdf073516b
Switch errors over to windows_error gem...
2016-07-27 17:43:00 -05:00
William Webb
5b8b15e578
update global constants to allow for windows 10
2016-07-27 12:45:05 -05:00
Brendan
af137f3ec3
Land #7127 , Fix #6989 , scanner modules printing RHOST in progress messages
2016-07-27 09:16:08 -07:00
William Vu
a0c42f5dd2
Add wordpress_url_uploads
2016-07-26 19:10:19 -05:00
wchen-r7
cce1ae6026
Fix #6989 , scanner modules printing RHOST in progress messages
...
Fix #6989
2016-07-25 23:15:59 -05:00
wchen-r7
21f5da29d4
Remove unwanted <ruby> tag while generating module doc code
2016-07-25 15:38:59 -05:00
scriptjunkie
bc42ac5761
Fix #7117 by fixing stack offset
2016-07-21 20:48:08 -05:00
wchen-r7
390f69313a
Fix grammar in browser_exploit_server
2016-07-21 11:51:10 -05:00
forzoni
b58931f803
Avoid error when generated payload is nil.
2016-07-19 23:43:38 -05:00
James Lee
a54945c82c
whitespace
2016-07-19 17:07:17 -05:00
James Lee
ff63e6e05a
Land #7018 , unvendor net-ssh
2016-07-19 17:06:35 -05:00
forzoni
e90e6c4885
Use format check instead of length.
2016-07-19 09:38:09 -05:00
forzoni
d6fd2a49d4
Add final filesize, useful when using different formats.
2016-07-19 02:41:37 -05:00
wchen-r7
6d8dd24e41
Land #7104 , Update ActiveRecord syntax for framework db cred iteration
2016-07-17 17:57:06 -05:00
Brent Cook
2041870e62
Update ActiveRecord syntax for framework db credential iteration
2016-07-15 22:01:54 -05:00
Brent Cook
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e0216
, reversing
changes made to 7b1d9596c7
.
2016-07-15 12:00:31 -05:00