Commit Graph

12143 Commits (40240662dbe2b456016c0e76e11a661e55023dbf)

Author SHA1 Message Date
Brent Cook 76e8e8f6c7 really fix regex 2016-05-23 20:08:38 -05:00
Brent Cook eb26202961 fix regex 2016-05-23 17:33:06 -05:00
Louis Sato d0b87131a9
fixing import of zip workspace
MS-1528
2016-05-23 16:09:22 -05:00
Brent Cook 6af9a093d2 update bool 2016-05-23 15:48:03 -05:00
darkbushido 5e059e0c5b
updating the error message
changing the exception to be a little more specific.
2016-05-23 15:40:32 -05:00
darkbushido d3cdcd5f99
Having the payload generator check the payload size
Payload generator will raise an error if the payload is larger then the size option
2016-05-23 15:17:41 -05:00
Brent Cook fe1b24e666 allow nil assignment to the datastore 2016-05-23 14:56:19 -05:00
Brent Cook f29463f119 include {peer} in the context of the command dispatcher 2016-05-23 14:55:58 -05:00
RageLtMan efc64eaa5f Implement reverse_tcp_rc4_dns payload in metasm
Using the ruby methods for generating assembly blocks defined or
separated in prior commits, create a new payload from the existing
assembly blocks which performs a DNS lookup of the LHOST prior to
establishing a corresponding socket and downloading, and
decrypting the RC4 encrypted payload.

For anyone looking to learn how to build these payloads, these
three commits should provide a healthy primer. Small changes to
the payload structure can yield entropy enough to avoid signature
based detection by in-line or out-of-band static defenses. This
payload was completed in the time between this commit and the last.

Testing:
  Win2k8r2

ToDo:
  Update payload sizes when this branch is "complete"
  Ensure UUIDs and adjacent black magic all work properly
2016-05-23 14:27:11 -05:00
RageLtMan 0e69040a6a Implement reverse_tcp_dns as metasm payload
Using the separation of block_recv and reverse_tcp, implement
reverse_tcp_dns using original shellcode as template with dynamic
injection of parameters. Concatenate the whole thing in the
generation call chain, and compile the resulting shellcode for
delivery.

Metasploit module pruned to bare minimum, with the LHOST OptString
moved into the library component.

Testing:
  Win2k8r2

ToDo:
  Update payload sizes when this branch is "complete"
  Ensure UUIDs and adjacent black magic all work properly

Misc:
  Clean up rc4.rb to use the rc4_keys method when generating a
stage. Makes the implementation far more readable and reduces
redundant code.
2016-05-23 14:27:11 -05:00
RageLtMan df2346d9e0 Implement RC4 metasm payloads for tcp bind and rev
Convert reverse_tcp_rc4 and bind_tcp_rc4 from static shellcode
substitution payloads to metasm compiled assembly approach.

Splits up metasm methods for bind_tcp and reverse_tcp into socket
creation and block_recv to allow for reuse of the socket methods
with the RC4 payloads, while substituting the block_recv methods
for those carrying the appropriate decryptor stubs.

Creates a new rc4 module carrying the bulk of the decryptor and
adjacent convenince methods for standard payload generation.

Testing:
 Tested against Win2k8r2, Win7x64, and WinXPx86

ToDo:
 Ensure all the methods around payload sizing, UUIDs, and other
new functionality, the semantics of which i do not yet fully
understand, are appropriate and do not introduce breakage.
2016-05-23 14:27:11 -05:00
Brent Cook 9fc07eeb99
Land #6902, Respect SSLCipher in server mixins 2016-05-20 17:34:38 -05:00
Adam Cammack fda4c62c1f
Respect SSLCipher in server mixins
This allows us to set a sane cipher spec for SSL-enabled server modules.
2016-05-20 16:59:36 -05:00
Metasploit 100300c819
Bump version of framework to 4.12.4 2016-05-18 07:04:09 -07:00
Brent Cook 6a4a9742e8 handle bad user 2016-05-17 17:24:46 -05:00
Brent Cook c6db5bf34a add a missing postgresql 9.4.1-5 matching case 2016-05-17 17:12:47 -05:00
Jenkins c9dd863085
Bump version of framework to 4.12.3 2016-05-17 10:18:08 -07:00
Jon Hart 8bccfef571
Fix merge conflict 2016-05-16 17:29:45 -07:00
wchen-r7 04d70640b1
Land #6868, Add axis2 payload generator for msfvenom 2016-05-16 17:48:50 -05:00
David Maloney c40b8ea3fb
Land #6864, Meterp Suspend 2016-05-16 11:13:43 -05:00
Jenkins 621a908b2d
Bump version of framework to 4.12.2 2016-05-13 12:51:58 -07:00
David Maloney ba4bfca806 Revert "arg bad build, resetting version back one"
This reverts commit d86392e96b.
2016-05-13 14:48:35 -05:00
David Maloney d86392e96b
arg bad build, resetting version back one 2016-05-13 14:44:02 -05:00
Jenkins b6a83f734d
Bump version of framework to 4.12.1 2016-05-13 12:39:43 -07:00
David Maloney 31050a8da7
Rails upgrade to 4.2.6
lands all of the rails 4.2 upgrade work
Merge branch 'staging/rails-upgrade'
2016-05-13 14:34:50 -05:00
Jenkins 6c11054d5a
Bump version of framework to 4.12.0 2016-05-13 11:46:03 -07:00
Christian Mehlmauer 7fcddd5a05
Add axis2 payload generator 2016-05-12 22:48:07 +02:00
David Maloney d9abb06a5a
Merge branch 'master' into staging/rails-upgrade 2016-05-12 11:18:51 -05:00
David Maloney 7edaa2abcc
still trying to fix these migrations
seeing odd behaviour with mgirations in
rspec
2016-05-11 14:54:40 -05:00
David Maloney 2fb3123ef2
fix migration crazieness
MS-1486
2016-05-11 14:05:34 -05:00
David Maloney 993709e076
Land #6862, jar payloads
lands FireFarts jar payload pr
2016-05-11 09:56:41 -05:00
Brent Cook af84e85174 fix exception suspending channels from meterpreter 2016-05-10 04:21:31 -05:00
Christian Mehlmauer e2dd844e34
reenable jar format 2016-05-09 21:25:23 +02:00
David Maloney 6142d2cef1
Merge branch 'master' into staging/rails-upgrade 2016-05-09 09:27:17 -05:00
Jenkins 805f98f599
Bump version of framework to 4.11.27 2016-05-06 11:32:46 -07:00
David Maloney 1ffab935cc
pull dep mgirations from credential
credential pulls mdm, so we don't combine these
2016-05-06 11:57:40 -05:00
David Maloney a763863ff3
remove #truncate_session_desc
this method was absed around a char limit
for the desc column which no longer exists
trying to perform this operation generates an error
removing the method since it is not needed
2016-05-06 09:36:12 -05:00
Adam Cammack f75009a9c6
Don't duplicate headers when sending emails
If Date: and Subject: are present, we should not try to add them again.
This made Amazon SES puke, and that made us sad :(.

MS-1476
2016-05-05 10:47:21 -05:00
David Maloney 19af279ce9
Merge branch 'master' into staging/rails-upgrade 2016-05-05 10:46:12 -05:00
dmohanty-r7 f096c3bb99
Land #6821 Fix send_request_cgi! redirection 2016-05-05 09:09:30 -05:00
David Maloney 55b38ad089
Land #6398, content length header
lands wei's content length header pr
2016-05-04 11:53:46 -05:00
Jenkins e7ff4665e1
Bump version of framework to 4.11.26 2016-05-04 09:44:18 -07:00
Rob Fuller 4c9eba333e
Land #6753, MSF-side support for reverse port forwards
Huge thanks to @OJ for making this happen.
Tested targets Win7,10,2008,2012
Tested payloads Win32 native, Win64 native, python
2016-05-04 07:39:05 -04:00
Jenkins 7490ab1c78
Bump version of framework to 4.11.25 2016-05-03 17:09:07 -07:00
OJ 60f81a69ea Remove the pfservice close call on shutdown 2016-05-03 12:03:37 +10:00
OJ d136844d3b Add error handling around double-bind of ports 2016-05-03 10:42:41 +10:00
wchen-r7 ffc91a193c Fix #6841, info -d [module path] not spawning module documentation
Fix #6841
2016-05-02 14:23:29 -05:00
Brian Patterson be363411de
Land #6317, Add delay(with jitter) option to auxiliary scanner and portscan modules 2016-05-02 13:09:40 -05:00
David Maloney fb5b228984
Merge branch 'master' into staging/rails-upgrade 2016-05-02 11:33:35 -05:00
dmaloney-r7 3b893cf740 Merge pull request #6581 from bcook-r7/uuidretry
don't send a response on invalid UUID, allow stagers to survive another day
2016-05-02 11:23:02 -05:00
Jenkins d4f1c78c5c
Bump version of framework to 4.11.24 2016-04-29 13:38:06 -07:00
dmohanty-r7 20ec56d06a Do not parse empty web_sites
MS-255
2016-04-28 13:17:03 -05:00
dmohanty-r7 5a4e70fdf0 Fixes indentation in check_msf_xml_version!
MS-255
2016-04-28 13:17:02 -05:00
dmohanty-r7 f4f607d815 Correct comments to use Nokogiri::XML::Element
MS-255
2016-04-28 13:17:02 -05:00
dmohanty-r7 56fd5a745e Do not parse element if empty
MS-255
2016-04-28 13:17:02 -05:00
dmohanty-r7 050061762b Fix db_manager rspec tests
MS-255
2016-04-28 13:17:02 -05:00
dmohanty-r7 0e568674d7 Add comments on parse functions
MS-255
2016-04-28 13:17:01 -05:00
dmohanty-r7 0759848ad5 Use Nokogiri Reader in zip import
MS-255
2016-04-28 13:17:01 -05:00
dmohanty-r7 83ff60c111 Force encoding on import xml
MS-255
2016-04-28 13:17:01 -05:00
dmohanty-r7 e4fcaefc8c Unpack and pack an unsigned integer per 8 bytes
MS-255
2016-04-28 13:17:01 -05:00
dmohanty-r7 e6a8d69b0b Force encoding of XML import
MS-255
2016-04-28 13:17:00 -05:00
dmohanty-r7 f1d8e1d693 Parse web_data in xml import
MS-255
2016-04-28 13:17:00 -05:00
dmohanty-r7 802dfabbe3 Converts XML importer to use Nokogiri Reader
MS-255
2016-04-28 13:17:00 -05:00
wchen-r7 d4b89edf9c Fix #6398, Missing Content-Length header in HTTP POST
RFC-7230 states that a Content-Length header is normally sent in
a POST request even when the value (length) is 0, indicating an
empty payload body. Rex HTTP client failed to follow this spec,
and caused some modules to fail (such as winrm_login).

Fix #6398
2016-04-28 11:44:10 -05:00
OJ c15a2e8787
Merge branch 'upstream/master' into reverse-port-forward
Signed-off-by: OJ <oj@buffered.io>
2016-04-26 09:48:40 +10:00
wchen-r7 47d52a250e Fix #6806 and #6820 - Fix send_request_cgi! redirection
This patch fixes two problems:

1. 6820 - If the HTTP server returns a relative path
   (example: /test), there is no host to extract, therefore the HOST
   header in the HTTP request ends up being empty. When the web
   server sees this, it might return an HTTP 400 Bad Request, and
   the redirection fails.

2. 6806 - If the HTTP server returns a relative path that begins
   with a dot, send_request_cgi! will literally send that in the
   GET request. Since that isn't a valid GET request path format,
   the redirection fails.

Fix #6806
Fix #6820
2016-04-25 14:30:46 -05:00
wchen-r7 4676d70918 rm osvdb condition 2016-04-24 18:36:33 -05:00
Adam Cammack f28d280199
Land #6814, move stdapi to exist? 2016-04-24 13:41:11 -04:00
Brent Cook 12a47b7fab prefer && 2016-04-24 11:56:32 -04:00
Brent Cook 194a84c793 Modify stdapi so it also uses exist? over exists? for ruby parity
Also add an alias for backward compatibility.
2016-04-23 17:31:22 -04:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references.
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
2016-04-23 12:32:34 -05:00
Brent Cook 45961f75d4 Fix the payload size updater for MetasploitModule 2016-04-23 11:38:42 -04:00
William Vu 9713124e54
Land #6802, resolve command for Meterpreter 2016-04-22 17:18:31 -05:00
William Vu 7f8491149f Fix minor whitespace issues 2016-04-22 17:18:10 -05:00
Jenkins d70dcbf4a4
Bump version of framework to 4.11.23 2016-04-22 09:34:10 -07:00
join-us c1a64b1f6f fix: issues/6803 - info command references bug 2016-04-22 15:14:35 +08:00
OJ 540409e735 Add `resolve` to the meterpreter command line
I'm aware that this already exists as a post module, but there's nothing more annoying than having to bail out of Meterpreter, use the right module, set up the host list, etc all to just fire off a one-liner.

So this commit adds the command directly to Meterpreter's command line so that you don't have to do all that. This doesn't support specifying a file with the hosts in it (the post module does that). This is intended for quick resolution of particular hosts quickly.
2016-04-22 13:21:19 +10:00
wchen-r7 98f89ca23a
Land #6794, Fixed yard doc errors 2016-04-21 13:16:45 -05:00
wchen-r7 6cb93f2af2 Make yard doc ignore @probe 2016-04-21 13:15:58 -05:00
thao doan 5e36a3128c Fix #5197, Fixed yard doc errors
Fix #5197 Fixed issues that caused errors during yard doc generation
2016-04-21 13:06:00 -05:00
Brent Cook 57ab974737 File.exists? must die 2016-04-21 00:47:07 -04:00
Louis Sato 6b3326eab2
Land #6707, support for LURI handler 2016-04-20 16:26:07 -05:00
David Maloney 5d0de63dc7
fiddling bits on db migrations
getting duplicate migrations errors in pro,
trying to isolate
2016-04-19 15:00:55 -05:00
David Maloney 1006902aea
fix migrations from deps
the mgirations from mdm and credential were not
being pulled in correctly by the rake db tasks
fixed this in the databases.rake file
2016-04-19 14:46:05 -05:00
Christian Mehlmauer 3b280d45a4
fix some yardoc issues 2016-04-18 21:00:21 +02:00
thao doan fd603102db Land #6765, Fixed SQL error in lib/msf/core/exploit/postgres 2016-04-18 10:44:20 -07:00
Brent Cook 4c0a53a809 replace 'and' with '&&' 2016-04-18 08:26:02 -05:00
OJ 555352b210 Force lurl string duplication to avoid stageless issues
I have NO idea why this is even a problem. Mutating state is the spawn of satan.
2016-04-18 08:25:19 -05:00
OJ a74a7dde55 More fixies for LURI in Python, and native too 2016-04-18 08:25:19 -05:00
OJ b95267997d Fix LURI support for stageless, transport add/change and code tidies 2016-04-18 08:24:41 -05:00
Rory McNamara 63e478c826 fix sessions -l bug 2016-04-18 08:21:50 -05:00
Rory McNamara a45d0aed53 show LURI in new connection log message 2016-04-18 08:21:50 -05:00
Rory McNamara 7eda08aa2e windows/x64 support 2016-04-18 08:16:35 -05:00
Rory McNamara 1e16804c63 size considerations for LURI, stageless 2016-04-18 08:16:35 -05:00
Rory McNamara 7e708e3159 sessions LURI display 2016-04-18 08:13:10 -05:00
Rory McNamara d2d36ca043 java handler, better default, jobs -v 2016-04-18 08:13:10 -05:00
Rory McNamara b122dffe3d initial LURI commit. windows, python functional 2016-04-18 08:13:10 -05:00
Metasploit d5085f6f0d
Bump version of framework to 4.11.22 2016-04-16 09:09:23 -07:00
David Maloney c52f3dcb0e
update to rails 4.2.6
fix lost dep unlocks and upgrade rails to 4.2.6

MS-1400
2016-04-15 11:45:43 -05:00
greg.mikeska@rapid7.com 2627a00727
Land #6750 Fix an error in the OpenVas and Burp Issue importers 2016-04-13 17:25:27 -05:00
Spencer McIntyre d3a832b31d
Land #6776, Fix #6775 update regex for Win 10 UAC 2016-04-13 17:03:45 -04:00
Brian Patterson 11d6740e7f
Modify syntax in burp_issue_nokogiri.rb to conform to code style guidelines 2016-04-12 17:33:20 -05:00
OJ 3898d11aa7 Add Windows 10 entry to the version check regex 2016-04-13 08:23:01 +10:00
Brian Patterson 6105822268 Merge branch 'master' of github.com:rapid7/metasploit-framework into bug/MS-247/OpenVas-default-workspace 2016-04-12 16:57:41 -05:00
Jon Hart ca6beeb676
Land #6187, @join-us' cleanup for enum_dns 2016-04-11 09:50:12 -07:00
OJ 5c2e5398ad Fix issue with flushing rev port forwards 2016-04-11 10:41:12 +10:00
William Vu feb1394630
Land #6752, compact table for advanced options 2016-04-09 21:25:43 -05:00
wchen-r7 93cb91a515 Remove an extra nil check 2016-04-08 21:18:24 -05:00
Jon Hart 7c70a554ea
Merge branch 'pr/6187' into pr/fixup-6187 for pre-master merge testing 2016-04-08 16:56:38 -07:00
Metasploit 16c599866c
Bump version of framework to 4.11.21 2016-04-08 16:23:33 -07:00
wchen-r7 6b4dd8787b Fix #6764, nil SQL error in lib/msf/core/exploit/postgres
Fix #6764
2016-04-08 15:20:04 -05:00
wchen-r7 ae46b5a688
Bring #6417 up to date with upstream-master 2016-04-08 13:41:40 -05:00
James Lee 2563634dce
Fix inverted logic introduced by #6734
MS-385
2016-04-06 22:03:31 -05:00
William Vu 22d08fdf39 Revert #6748, premature Gemfile* changes 2016-04-06 14:52:22 -05:00
Brian Patterson 78281213eb
Merge branch 'landing-6748' into upstream-master 2016-04-06 13:44:15 -05:00
OJ 866cb5a23b Fix usage of lport/rport while tracking rev forwards 2016-04-06 16:36:41 +10:00
OJ 6d504316ae Add MSF-side support for reverse port forwards
This includes changes to the portfwd command so that the output is
nicer, things are easier to use, and users have the ability to create
reverse port forwards.
2016-04-06 15:38:39 +10:00
James Lee 8cc1d2ec89
Make advanced and evasion options readable 2016-04-05 15:05:58 -05:00
wchen-r7 4d5695f7fc
Land #6743, reimplement HD's session interrupt handler
MS-385
2016-04-05 11:16:32 -05:00
Brian Patterson e5ee5b903b Merge branch 'master' of github.com:rapid7/metasploit-framework into bug/MS-247/OpenVas-default-workspace 2016-04-05 09:36:27 -05:00
David Maloney cde89b90cd
Land #6744, Deprecation on host eager load
Lands SemperVictus' pr for fixing a deprecation warning
on eager loading the hosts table
2016-04-05 09:19:16 -05:00
Justin Steven 3bcac49c21 Fix: badchars.present? is false for whitespace
badchars.present? is false in the case of badchars containing only whitespace.

Instead check for is not empty and is not nil.
2016-04-05 10:09:56 +10:00
Brian Patterson 2a7e3fb600
Fix an error in the OpenVas and Burp Issue importers where the vuln and host info would import into the default workspace instead of the current workspace 2016-04-04 17:35:31 -05:00
greg.mikeska@rapid7.com 5e8ed09b66 Merge branch 'task/MS-1354/OpenVAS-Nessus-Importer' of https://github.com/bpatterson-r7/metasploit-framework into bpatterson-r7-task/MS-1354/OpenVAS-Nessus-Importer 2016-04-04 17:07:05 -05:00
David Maloney 8de58e4b80
Merge branch 'master' into staging/rails-upgrade 2016-04-04 09:30:01 -05:00
wchen-r7 72d631a255
Land #6745, open_webrtc_browser fix for Windows 2016-04-02 13:54:05 -05:00
Brent Cook c6bdc3fa14 fix the path quoting in open_webrtc_browser 2016-04-02 13:18:23 -05:00
RageLtMan 992df12fa7 Address ActiveRecord deprecation warning
AR will start to complain about eager loading in command_dispatcher
/db.rb:519 because it references hosts as string without explicitly
stating that the table is being referenced.

Add a call .references in the AR call chain after the where clause
to silence this abysmal warning.
2016-04-02 00:22:26 -04:00
wchen-r7 f7dd326b16
Land #6455, Fix dns labels/names size limits for lib/net/dns/names/names 2016-04-01 21:57:09 -05:00
Brent Cook 3d995546d9 check for true before empty string 2016-04-01 21:30:11 -05:00
David Maloney 64b94dfe3b
reimplement HD's session interrupt handler
reimplement HD's work on a session interrupt handler
so that if an exploit fails the handler does not continue
waiting for a session that will never come

MS-385
2016-04-01 14:43:16 -05:00
OJ 2a9f813bcd Don't interpreter blank string as error 2016-04-01 09:53:25 +10:00
OJ 9f299f4f0c
Merge branch 'upstream/master' into powershell-meterpreter-bindings 2016-04-01 09:32:32 +10:00
wchen-r7 618f379488 Update auxiliary/scanner/redis/redis_server and mixin 2016-03-31 17:14:49 -05:00
wchen-r7 2e7d07ff53 Fix PASSWORD datastore option 2016-03-31 17:12:00 -05:00
wchen-r7 545cb11736
Bring #6409 up to date with upstream-master 2016-03-31 17:00:56 -05:00
wchen-r7 5fdea91e93 Change naming 2016-03-31 17:00:29 -05:00
Brent Cook 4c2e130470 fix spelling 2016-03-31 09:25:24 -05:00
Brian Patterson 8f0d664a38
Modify the open_vas importer to support both results.xml and reports.xml open_vas exports and modify the nessus importer to import what it can when it can't find a properly formatted port number 2016-03-30 17:44:26 -05:00
Adam Cammack a808c9fe63
Bring some sanity to the datastore
Before, the datastore would store options case-sensitive, but would
access them case-insensitive, resulting is a number of string compares.
This commit stores options in their downcase form to reduce
update/lookup time. This adds up to reducing msfconsole boot time by
about 10% and rspec time by about 45 sec. (!) on my box.

One tricky part of this conversion is that there are several places (in
pro and framework) where we export or otherwise access the datastore as
a plain hash (case-sensitive). I believe I have caught all the ways we
access the datastore that are case-sensitive and substituted the
original key capitalization in those cases.
2016-03-30 15:17:55 -05:00
wchen-r7 a2a522be07
Land #6716, Add a rescue to catch method missing for stage_payload 2016-03-30 13:08:52 -05:00
wchen-r7 280aeb0b59
Land #6727, Show handler URI so we know which job's responding 2016-03-30 12:22:18 -05:00
James Lee ead6e6b6b6
Use a print_prefix instead 2016-03-30 11:50:45 -05:00
James Lee 0a239742f5
Show handler URI so we know which job's responding 2016-03-30 11:35:04 -05:00
wchen-r7 797acd625d
Land #6714, Kill defanged mode 2016-03-30 10:54:56 -05:00
Brent Cook b8d53dde4a Merge branch 'upstream-master' into staging/rails-upgrade 2016-03-29 15:56:50 -05:00
Metasploit b41ac10fe8
Bump version of framework to 4.11.20 2016-03-29 12:43:20 -07:00
wchen-r7 faaaf6b765 MS10-58 Call super in #set_sane_defaults for caidao login scanner
MS10-58
2016-03-29 13:40:51 -05:00
thao doan 587f1ee7b3 Land #6708, module documentation for msfconsole 2016-03-29 11:30:55 -07:00
Brent Cook e25525b4a7 avoid validating file-based datastore options on assignment
file:/ strings are special with some datastore options, causing them to read a
file rather than emitting the exact string. This causes a couple of problems.

1. the valid? check needs to be special on assignment, since normalization
   really means normalizing the path, not playing with the value as we would do
   for other types

2. there are races or simply out-of-order assignments when running commands
   like 'services -p 80 -R', where the datastore option is assigned before the
   file is actually written.

This is the 'easy' fix of disabling assignment validation (which we didn't have
before anyway) for types that can expect a file:/ prefix.
2016-03-28 23:03:17 -05:00
OJ 6523600952 Add a rescue to catch method missing for stage_payload
This allows us to provide a friendlier message to users when they are
using a stageless listener with a staged payload.
2016-03-29 09:46:09 +10:00
James Lee f1857d6350
Kill defanged mode 2016-03-28 09:02:07 -05:00
Metasploit 72bde63397
Bump version of framework to 4.11.19 2016-03-25 13:03:35 -07:00
James Lee 9d86a49c51
Land #6692, udp socket abstraction 2016-03-25 13:05:10 -05:00
f7b053223a9e 629bc00696 Use MSXML decoder instead 2016-03-25 22:52:16 +09:00
Brent Cook 242ea8d9cd Merge branch 'master' into land-6691- 2016-03-24 22:19:57 -05:00
OJ ce8a6f57a0 Added powershell_import support 2016-03-25 12:17:03 +10:00
Brendan Watters 18604c3d44
Land #6705, Rectify MSF_CFGROOT_CONFIG comment 2016-03-24 18:21:05 -05:00
wchen-r7 57984706b8 Resolve merge conflict with Gemfile 2016-03-24 18:13:31 -05:00
James Lee dfa518b492
Whitespace 2016-03-24 15:21:03 -05:00
James Lee 0073a8f40e
Wrap comments at 78, style 2016-03-24 15:20:43 -05:00
Gregory Mikeska 7bd6d0c696
Merge branch 'master' into staging/rails-upgrade 2016-03-24 12:55:05 -05:00
Till Maas 7f002128ad Rectify MSF_CFGROOT_CONFIG comment
Also remove reference to feature request that does not seem to be
available anymore.
2016-03-23 22:23:30 +01:00
James Lee 6388578ee6
Style fixes 2016-03-23 16:15:46 -05:00
James Lee 98355c397c
Clean up some variable names 2016-03-23 15:07:00 -05:00
James Lee 685d8fc588
Use 2.x symbol literal syntax 2016-03-23 15:06:35 -05:00
James Lee effee42e2f
Raise a better exception for WSAEADDRINUSE 2016-03-23 13:15:38 -05:00
Louis Sato 0c19d89655
add more space for deprecation message 2016-03-23 11:39:42 -05:00
Metasploit e7b0c60e5c
Bump version of framework to 4.11.18 2016-03-23 07:55:29 -07:00
Adam Cammack 866c4718b0
Fix OptPort validation
Allow a port value of 0 and don't reject empty values if the option is
not required.
2016-03-22 23:01:18 -05:00
Adam Cammack ec3a0a108d
Change OptPort to inherit from OptInt
Fixes the normalize and validate methods.
2016-03-22 19:25:51 -05:00
Adam Cammack 22df7c0071
Fix datastore to validate options w/o a default
Options without a default were not pulled into the `@options` hash and
therefore were not used to validate options on assignment.

I am not entirely sure how this fix works, since it would seem that
non-override options would not get pulled in if an option was first set
in the global datastore. However, a previous value does not get
overridden and new values are validated. Anything further is merely
speculation on my part.
2016-03-22 19:12:53 -05:00
Adam Cammack 5c163960ed
Fix datastore to not freeze options on the default 2016-03-22 19:07:58 -05:00
William Vu 0c7cf2924c
Land #6686, Android dump_* -o fixes 2016-03-21 12:21:47 -05:00
RageLtMan c871ceea0a Implement consistent socket abstraction
In current nomenclature, Rex Sockets are objects created by calls
to Rex::Socket::<Transport>.create and Rex::Socket.create_...
When the LocalHost or Comm parameters are set to remotely routed
addresses (currently via Meterpreter sessions), Rex will create a
Channel which will abstract communications with the remote end of
the session. These channel based abstractions are called pivots,
and present in three separate flavors:
1 - TcpClientChannel, a fully abstracted, selectable Socket.
2 - TcpServerChannel, a virtual Channel which distributes client
channels.
3 - UdpChannel, a virtual Channel which provides common methods for
UDP socket operations, but is not a full (selectable) abstraction.

Unfortunately this differentiation results in inconsistent returns
from the aforementioned socket creation calls, as the call chain
creates parameters and supplies them to the create method on the
comm object referenced in the params. The comm object may be a
channel, and produce a virtual representation of a socket with
functional methods analogous to Sockets, but without a kernel FD.

This commit begins the work of ensuring that all calls for socket
creation return selectable Rex::Socket objects with semantics
familiar to Ruby developers who have not read into the details of
Rex::Socket and Rex::Post.

-----

Summary of changes:

Convert Rex::IO::StreamAbstraction to SocketAbstraction and use
the new mixin in StreamAbstraction and DatagramAbstraction. This
approach allows for common methods to reuse the abstraction data
flow, while initializing separate types of socket obects and an
optional monitor as needed.

In the Rex::Post::Meterpreter namespace, extract common methods
from Stream to a SocketAbstraction mixin, include that mixin in
Stream, and add Datagram with the dio_write handler override
exported from the current implementation of UdpChannel, also using
the mixin. This relies on the Rex::IO work above to implement the
proper type of socket abstraction to the Channel descendants.

In Rex::Post::Meterpreter::Extensions::Stdapi::Net, convert the
UdpChannel to inherit from the Rex::Post::Meterpreter::Datagram
class, implementing only the send method at this tier. Convert
create_udp_channel to return the local socket side of the datagram
abstraction presented analogous to the TcpClientChannel approach
used before.

-----

Notes and intricacies:

In order to implement recvfrom on the UDP abstraction, a shim layer
has been put in place to forward the sockaddr information from the
remote peer to the local UDP socketpair in the abstraction. This
information takes up buffer space in the UDP socket, and in order
to maintain compatibility with consumers, the dio_write_handler
pushes the data buffer, and in a separate send call, he sockaddr
information from the remote socket. On the abstraction side, the
recvfrom_nonblock call of the real UDPSocket has been overriden
via the mixed in module to call the real method twice, once for
the data buffer, and once for the packed sockaddr data. The Rex
level consumer for recvfrom calls the underlying nonblock method
and expects this exact set of returns (as opposed to what standard
library UDPSocket.recvfrom returns, which is a data buffer and an
Array of sockaddr data).

-----

Testing:
  Local and lab testing only so far.
  Test RC script to be added in GH comments.

-----

Issues:
  Currently, sendto on a remote socket does not appear to honor
LocalPort which causes DNS responses (#6611) to come from the
wrong port to remote clients being serviced over a pivot socket.
2016-03-21 03:32:52 -04:00
OJ 80e0bbeb68 Add the interactive shell prompt with sessions 2016-03-21 15:44:20 +10:00
Metasploit 6e12e74e02
Bump version of framework to 4.11.17 2016-03-18 14:12:18 -07:00
Adam Cammack 67b9d053ec
Land #6679, remove unreachable sanity checks 2016-03-18 11:25:51 -05:00
Brent Cook 9219efa512 remove unreachable ruby 1.x check 2016-03-18 11:16:44 -05:00
James Lee 1375600780
Land #6644, datastore validation on assignment 2016-03-17 11:16:12 -05:00
Brent Cook df2d0f7826 Indicate that output options take parameters 2016-03-17 11:13:34 -05:00
Brent Cook 1790f039c3
Land #6684, remove obsolete warn_about_rubies 2016-03-17 08:26:57 -05:00
William Vu 59a55dec5b
Land #6676, new Postgres fingerprints 2016-03-16 16:32:10 -05:00
Adam Cammack 32fe9ae55d
Remove dead version check in db_manager.rb
The check appears to have been orphaned in the db_manager refactor, but
I can't track down the exact commit.
2016-03-16 15:24:55 -05:00
James Lee 79c36c4f53
RPORT should be an OptPort 2016-03-16 14:13:19 -05:00
James Lee c21bad78e8
Fix some more String defaults 2016-03-16 14:13:18 -05:00
James Lee a878926f31
Remove unused datastore option 2016-03-16 14:13:17 -05:00
William Vu adb275520b
Land #6680, old SVN code deletion 2016-03-16 10:15:06 -05:00
Brent Cook 44e1fefa2e when normalizing a string type, ensure we have a string first 2016-03-16 06:44:36 -05:00
Brent Cook 5a72f2df16 remove subversion support 2016-03-15 22:00:32 -05:00
Brent Cook 63263773d1 simplify sanity checks for Ruby 1.x 2016-03-15 21:55:25 -05:00
Brent Cook 3b6a3374ae prefer explicit defaults to implicit 2016-03-15 20:58:14 -05:00
Brent Cook 87074c0638
Land #6651, add android sqlite_query option, update metasploit-payloads 2016-03-15 18:27:49 -05:00
Brent Cook 257c8f4058 handle a sqlite table being empty 2016-03-15 18:26:38 -05:00
Adam Cammack 05f585157d
Land #6646, add SSL SNI and unify SSLVersion opts 2016-03-15 16:35:22 -05:00
David Maloney 3cbc5684e1
iadd some preuath fps for postgres 9.4
the preauth fingerprinting for postgres is somewhat
unmaintainable, but due to a specific customer request
i have added these two FPs for 9.4.1-5

MS-1102
2016-03-15 14:50:07 -05:00
Brent Cook 654590911b Enforce integrity of datastore options on assignment 2016-03-15 14:00:32 -05:00
OJ d8c850aaf0 Add support for the execution of single powershell commands 2016-03-14 17:13:12 +10:00
OJ f8f61e8d83 Basic shell of the MSF Powershell extension functionality 2016-03-14 12:55:58 +10:00
HD Moore 42689df6b3 Fix a stack trace with ``set PAYLOAD`` in ``msf>`` context 2016-03-13 14:56:54 -05:00