4b8961a464
Land #3428 , deprecation warns for payloads
2014-06-11 09:57:07 -05:00
c0c1bd40a9
Fix help spec
2014-06-10 17:28:55 -05:00
82b2c1deae
Make creds command show Metasploit::Credentials
...
This attempts to change the output of the command as little as possible,
but removes the ability to add and delete for now. At some point, we'll
need to add that back in.
2014-06-10 15:03:03 -05:00
b379dc014a
Avoid double-printing with setup and init_ui
2014-06-10 13:57:25 -05:00
4d923a4809
Update to Rubyzip 1.X API
...
MSP-10004
`require 'zip'` instead of `'zip/zip'` and rename all classes to remove
redundant Zip prefix inside the Zip namespace.
2014-06-10 13:41:42 -05:00
92414d3688
Merge pull request #53 from rapid7/bug/MSP-9994/framework-db-driver
...
Set `framework.db.driver` when connection already established.
2014-06-10 10:49:00 -05:00
2cbbaad6b4
Set drivers and driver when connection already established
...
MSP-9994
3 database commands in msfconsole check for framework.db.driver to be
set, so driver must be set when the connection is already established by
the Rails initialization.
2014-06-09 14:26:59 -05:00
1ee35ec68a
Handle unconnected config in connection_established?
...
MSP-9994
Rescue `ActiveRecord::ConnectionNotEstablished` in
`Msf::DBManager#connection_established?` in addition to
`PG::ConnectionBad` to handle when the connection has been removed.
2014-06-09 14:26:45 -05:00
482aa2ea08
Merge branch 'master' into staging/electro-release
2014-06-09 10:27:22 -05:00
bf1a665259
Land #2657 , Dynamic generation of windows service executable functions
...
Allows a user to specify non service executables as EXE::Template as
long as the file has enough size to store the payload.
2014-06-07 13:28:20 +01:00
897ad6f963
Some service yarddoc
2014-06-07 13:27:32 +01:00
5218ca4d89
Give warning on module load
2014-06-06 23:04:40 +01:00
d990fb4999
Remove a number of stray edits and bs.
2014-06-06 16:24:45 -05:00
4a9f50bb60
Clean up some dead code.
2014-06-06 16:20:40 -05:00
7c762ad42c
Fix some minor bugs in webrtc stuff, inline API code.
2014-06-06 16:18:39 -05:00
bacf82acb1
Merge branch 'release' into 'master'
2014-06-06 09:59:00 -05:00
21be4f21a6
Bump version to 4.9.3
2014-06-06 09:52:01 -05:00
f2a56c041b
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
...
MSP-9653
Conflicts:
Gemfile
Gemfile.lock
2014-06-05 16:22:02 -05:00
28bf29980e
Merge branch 'master' into staging/electro-release
2014-06-04 10:21:08 -05:00
cf6b181959
Revert change to trailer(). Kill dead method.
...
* I verified that changes to PDF mixin do not affect any older modules that
generate PDF. I did this by (on each branch) running in irb, then
running the module and diffing the pdf's generated by each branch. There were
no changes.
2014-06-02 22:26:14 -05:00
9f5dfab9ea
Add better interface for specifying custom #eol.
2014-06-02 22:26:11 -05:00
09e965d54e
Remove extraneous method from pdf.rb
2014-06-02 22:26:03 -05:00
feca6c4700
Add exploit for ajsif vuln in Adobe Reader.
...
* This refactors the logic of webview_addjavascriptinterface into a mixin (android.rb).
* Additionally, some behavior in pdf.rb had to be modified (in backwards-compatible ways).
Conflicts:
lib/msf/core/exploit/mixins.rb
2014-06-02 22:25:55 -05:00
d0d389598a
Land #3086 , Android Java Meterpreter updates
...
w00t.
2014-06-02 17:28:38 -05:00
9e78509aac
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
...
MSP-9653
Conflicts:
Gemfile
Gemfile.lock
2014-06-02 13:40:11 -05:00
9d326fcb24
Extra common engine and fix default encoding
...
MSP-9653
Extra config and initializers that can we shared between
Metasploit::Framework::Application and the future
Metasploit::Framework::Engine. Move the default encoding setup from
lib/msf/sanity.rb to a before_initialize callback for the shared config
so that gems, like gherkin that depend on the utf-8 default internal
encoding can be loaded.
2014-06-02 12:57:48 -05:00
3ebe7dfbc8
Gem version
...
MSP-9653
Move version information to standard location for gems.
2014-06-02 12:54:46 -05:00
21fad7163d
Msf::DBManager#connection_established?
...
MSP-9653
Calling `ActiveRecord::Base.establish_connection`, followed by
`ActiveRecord::Base.connected?` returns false unless some other code
requires a connection to be checked out first. The correct way to check
if the spec passed to `ActiveRecord::Base.establish_connection` is to
checkout a connection and then ask if it is active.
`Msf::DBManager#connection_established?` does the checkout, active check
and checkin, and should be used in place of
`ActiveRecord::Base.connected?` and
`ActiveRecord::Base.connection_pool.connected?`.
`Msf::DBManager#active` should still be used as it also checks for
adapter/driver usability and that migrations have run.
2014-06-02 12:49:09 -05:00
1055efbeaa
Add module paths from paths['modules'] from Rails app and engines
...
MSP-9653
Allow rails engines (and other applications, like
Metasploit::Pro::Engine::Application) to define their own module paths
using the paths['modules'] entry for Rails Applications/Engines.
2014-06-02 12:32:54 -05:00
34004908bb
Merge branch 'master' into staging/electro-release
...
Conflicts:
.ruby-version
2014-06-02 11:10:33 -05:00
bba741897e
Land #3413 , improved FileDropper cleanup message
2014-06-02 11:05:48 -05:00
428df19739
Changed message
2014-06-02 17:28:09 +02:00
f0e9a9010e
Return nil if fail
2014-06-01 11:55:40 +01:00
a4ecd8e02d
Should return the thread object
2014-06-01 11:49:56 +01:00
58ee2ccd6e
Land #3390 , Fix have_powershell
2014-06-01 10:43:35 +01:00
03b4a29662
Clarify filedropper error message
2014-05-31 22:17:32 +02:00
dee4acdb2a
Merge pull request #27 from rapid7/feature/MSP-9725/windows_hashdump
...
Windows Hashdump post module refactor
MSP-9725 #land
2014-05-30 14:04:31 -05:00
8bcd763039
Merge pull request #26 from rapid7/feature/MSP-9685/telnet_login_scanner
...
Feature/msp 9685/telnet login scanner
MSP-9685 #land
2014-05-30 13:40:18 -05:00
782c8bd172
Merge branch 'staging/electro-release' into feature/MSP-9725/windows_hashdump
2014-05-30 13:28:35 -05:00
ba525c7b78
use metasploit-credential creation methods
2014-05-30 13:07:11 -05:00
98a23881ee
remove cred creation methods
...
removed cred creation methods from framework
and include them from the metasploit-credential gem instead
2014-05-30 11:28:53 -05:00
e3c4745879
Windows Hashdump post module refactor
...
refactor the Hashdump post module for window
to use the new cred creation methods.
Also some extra methods to do db safe checks
for record ids that we need
2014-05-29 13:20:32 -05:00
eb04a3774a
fixes for telnet wierdness
...
had to work around the way the old
Auxiliary::Login mixin worked. Scanner
now works properly
2014-05-29 10:43:00 -05:00
aa85cb8195
Update powershell.rb
2014-05-29 05:46:32 -05:00
0e60f08e51
Don't re-establish connection
...
MSP-9653
If ActiveRecord::Base is already connected, then don't attempt to create
the database (as it involves establishing a new connection) or
establishing a new connection after the creation. Still run the
migrations as the normal Rails::Application.initialize! will result in
ActiveRecord::Base.connected? being true even if migrations are missing.
2014-05-28 14:34:36 -05:00
ca4c942ceb
Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation
2014-05-28 09:40:44 -05:00
967b0d49b1
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-05-28 09:39:56 -05:00
deabd1c3b0
tidy the YARD
...
some more cleanup, in the YARD
docs this time.
2014-05-28 09:30:45 -05:00
ae1b7e564b
Update powershell.rb
2014-05-27 05:18:00 -05:00
42a17cc085
Update powershell.rb
...
To be clear, the shell that was tested with was 'windows/shell_reverse_tcp' delivered via 'exploit/windows/smb/psexec'
Additional changes required to fix regex to support the multiline output. Also, InstanceId uses a lower case 'D' on the platforms I tested - PowerShell 2.0 on Windows 2003, Windows 7, Windows 2008 R2 as well as PowerShell 4.0 on Windows 2012 R2.
This method doesn't appear to be used anywhere in the Metasploit codebase currently.
2014-05-25 08:59:42 -05:00
76b9273f10
Improve reliability of have_powershell
...
I have a case where on a Windows 2008 R2 host with PowerShell 2.0 the 'have_powershell' method times out. When I interactively run the command I find that the output stops after the PowerShell command and the token from 'cmd_exec' is NOT displayed. When I hit return the shell then processes the '&echo <randomstring>' and generates the token that 'cmd_exec' was looking for. I tried various versions of the PowerShell command string such as 'Get-Host;Exit(0)', '$PSVErsionTable.PSVersion', and '-Command Get-Host' but was unable to change the behavior. I found that adding 'echo. | ' simulated pressing enter and did not disrupt the results on this host or on another host where the 'have_powershell' method functioned as expected.
There may be a better solution, but this was the only one that I could find.
2014-05-25 08:07:38 -05:00
32b88c2db6
final fixes to login creation
2014-05-23 10:58:21 -05:00
ae3c334232
Getting closer. Still something f'd with local answerer.html.
2014-05-22 17:14:35 -05:00
ac9af000af
full cred creation rotuine done
...
creating Logins as a seperate method, both
methods are done and fully documented.
2014-05-22 13:53:26 -05:00
1dbe972377
Fix URIPATH / for BrowserExploitServer
...
[SeeRM #8804 ] Fix URIPATH / for BrowserExploitServer
2014-05-22 12:18:49 -05:00
19e36cccb3
Credential Core creation now complete
2014-05-21 16:37:13 -05:00
14b796acbf
First stab at refactoring webrtc mixin.
2014-05-21 15:32:29 -05:00
3ea99a9d43
private creation w/ specs and docs
...
the private creation method is now done
with specs and YARD docs
2014-05-21 13:21:56 -05:00
2629549f6f
added realm creation
...
added method for creating credential realm
creation.
2014-05-21 11:22:22 -05:00
15313a9ab1
Dont try to read 0 structs
2014-05-20 21:55:04 +01:00
ce69f742a4
add yarddocs to origin methods
...
added YARD docs to the creation methods for
Credential::Origins
2014-05-20 11:16:19 -05:00
38fbbdc1b5
Print tm_call one caller per line
...
MSP-9653
The inspect format was difficult to read so convert to standard
backtrace format of one caller per line.
2014-05-20 10:59:29 -05:00
9cdddb08d9
origin specs for realsies
...
final specs and fixes for the origin creation
methods
2014-05-20 10:19:03 -05:00
b84aaaad19
specs and fixes for origin creation
2014-05-20 09:59:15 -05:00
ddfa4f1ee7
some origin creation specs
...
started getting working specs
for the origin creation methods. feel
into the weeds for a bit, but making progress at last.
2014-05-19 15:16:02 -05:00
9efb97d465
origin creation method
...
added base behaviour for creating generic
credential origin objects from report
2014-05-19 10:00:19 -05:00
a4d85ad61b
Merge branch 'master' into staging/electro-release
2014-05-16 11:24:18 -05:00
048aebbdf2
Search Result Uniqueness
...
SeeRM #8754
Cast the results of the query to an array and perform the uniq
function passing a block which provides uniqueness based
on the return value, which in this instance is ‘fullname’
This was done because the uniq function in AREL cannot take
a specific field for uniqueness, and the sophistication of the query
make grouping nearly impossible. Initial testing showed negligible
speed difference to the user.
2014-05-15 17:52:11 +00:00
773fd7a9cb
Fix up whitespace
2014-05-14 15:31:40 -05:00
340956f294
Add a newline after DISCLOSURE_DATE_FORMAT
2014-05-14 15:28:07 -05:00
dc7a8d32d8
Land #3324 , msfconsole search timestamp fixes
2014-05-14 21:30:02 +02:00
fb671c72a7
Merge branch 'master' into staging/electro-release
2014-05-14 13:00:37 -05:00
acaf713229
Merge pull request #17 from rapid7/feature/MSP-9606/metasploit-credential
...
Run migrations from Metasploit::Credential and initialize its concerns which patch Mdm
2014-05-14 11:15:07 -05:00
bb6201d66d
Fixing nil bug and making format constant
...
The date format has been moved into a constant variable.
Certain modules do not have a disclosure_date. For example,
‘checkvm’. This necessitated checking disclosure_date for nil
before attempting a format conversion. Also, there was an additional
location in core.rb that needed the formatting / nil check added. Specs
were also updated appropriately.
2014-05-14 15:51:42 +00:00
9fbda3eae0
Land #3183 , tab completion improvements
2014-05-14 02:20:12 -05:00
fdbfaacdf6
Land #3313 , progress feedback for PASS_FILE
...
[FixRM #8704 ]
2014-05-14 02:03:39 -05:00
1ada4831e0
Land #3293 , module deprecation constants
2014-05-14 01:37:29 -05:00
de49241195
Land #3185 , regex option validation
2014-05-14 01:27:18 -05:00
91cc9dc2d6
Add missing Msf::DBManager#drivers initialization
...
MSP-9606
2014-05-13 13:01:59 -05:00
1a3b319262
rebase to use the mixin psexec
2014-05-13 16:04:40 +02:00
87be2e674a
Rebase on https://github.com/rapid7/metasploit-framework/pull/2831 and adapt to the new mixin
2014-05-13 16:04:40 +02:00
808f87d213
SERVICE_DESCRIPTION doesn't concern this PR
2014-05-13 16:04:39 +02:00
bb4e9e2d4d
correct error in block service_change_description
2014-05-13 16:04:39 +02:00
6332957bd2
Try to add SERVICE_DESCRIPTION options to psexec, but it doesn't seem to work...
2014-05-13 16:04:39 +02:00
bdbb70ab71
up block_service_stopped.asm
2014-05-13 16:04:39 +02:00
94f97ab963
Prevent import table overwritting by shifting entry point
2014-05-13 16:04:39 +02:00
e269c1e4f1
Improve service_block with service_stopped block to cleanly terminate service
2014-05-13 16:04:38 +02:00
c43e3cf581
Improve block_create_remote_process to point on shellcode everytime
2014-05-13 16:04:38 +02:00
25d48b7300
Add create_remote_process block, now used in exe_service generation
2014-05-13 16:04:38 +02:00
5ecebc3427
Add options `SERVICE_NAME` and `SERVICE_DISPLAYNAME` to psexec and correct service payload generation
2014-05-13 16:04:37 +02:00
0b462ceea6
refactor `to_winpe_only` code to be used by `to_win32pe_service`
2014-05-13 16:04:37 +02:00
914d15c285
fix typo
2014-05-13 16:04:37 +02:00
ca7a2c7a36
Add string_to_pushes to use non fixed size service_name
2014-05-13 16:04:37 +02:00
b3fd21b98d
Change to try to follow ruby guidelines
2014-05-13 16:04:37 +02:00
72a3e49fbb
fix typo
2014-05-13 16:04:36 +02:00
513f3de0f8
new service exe creation refreshed
2014-05-13 16:04:36 +02:00
b1598e83c3
Re-enable `bundle install --without db` support
...
MSP-9606
Catch LoadError in config/application.rb when trying to require
'active_record/railtie` so that end-users can run without any of the
database gems installed. NOTE: you can't run in the development or
test environment without the database because factory_girl needs
ActiveRecord.
2014-05-12 15:39:34 -05:00
3370465d84
Use railties to load Metasploit::Credential correctly
...
MSP-9606
In order to support Metasploit::Credential correctly,
metasploit-framework needs to support Metasploit::Concern, which does
all its magic using a Rails::Engine initializer, so the easiest path is
to make metasploit-framework be able to use Rails::Engines. To make
Rails::Engine use Rails::Engine, make a dummy Rails::Application
subclass so that all the initializers will be run when anything requires
msfenv.
2014-05-12 15:03:51 -05:00
5f523e8a04
Rex::Text::uri_encode - make 'hex-all' really mean all.
...
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes' It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
f83e8a4a4f
Add missing requires
...
MSP-9606
require 'msf/base/config' when required directly was not working.
2014-05-12 10:16:10 -05:00
453851277f
Fix missing space in prompt for back and grep
2014-05-09 17:08:45 -05:00
4b47a9a297
Land #3339 , banner updates for Pro free trial
2014-05-09 15:25:09 -05:00
a71be33091
Adjusting status message to be based on time
...
Previously the status message timing was determined by the number of
pairs left to process. I have adjusted the code to rely on Time.now
in order to consistently print a message out every 60 seconds.
2014-05-09 14:39:34 +00:00
ee303aa34e
Add missing formats in lib/msf/core/db.rb comment
...
Found outside big if block. Ugh.
2014-05-08 10:27:38 -05:00
281b000805
Typo fix for #3339
2014-05-08 10:18:19 -05:00
b50b3820a0
Update core/db.rb comments 'n' stuff
2014-05-08 02:53:02 -05:00
7da6a2c84c
Update db_import help with authoritative formats
...
Taken from import_filetype_detect in lib/msf/core/db.rb.
[SeeRM #8799 ]
2014-05-08 02:30:29 -05:00
eecd05ec74
Fix banner language, padding.
2014-05-07 16:12:15 -05:00
c50c929412
Treat apt and binary installs the same for banners
2014-05-07 15:59:50 -05:00
ab56583ce0
Remove dead oldwarn code, fix shortlink
2014-05-07 09:49:41 -05:00
7ed943cead
Add new rotating banners for apt installs
2014-05-07 09:39:39 -05:00
a55e2bcf19
Rework banner trailers in sprintf padding
2014-05-07 09:38:59 -05:00
3542f851bf
Fix some yarddoc issues
2014-05-05 22:45:41 +02:00
cc8ab9bcba
Support one line js payload
...
Add missing ';' in `run_cmd_source`
2014-05-05 18:57:15 +10:00
5b1a207377
cleans up numerous superfluous returns in msf/core/module
2014-05-02 19:52:58 -04:00
f0a8f40acd
Omitting timestamp from msfconsole search output
...
SeeRM #8795
The disclosure date field in the results from the search command
where returning with a timestamp that was almost always 00:00:00 UTC. I added a bit of date time formatting to only
include the year (4 digit), month (2 digit), and day (2 digit)
in the following format: Y-m-d. This date time formatting
applies to both searches conducted through the database instance
as well as searches performed without a database (slow search).
2014-05-01 13:41:15 +00:00
ace9e797e1
Adding count-based print message
...
This commit removes the creation of a separate, timed
thread for printing out status messages to the user
in the case of large PASS_FILEs. This adjustment eliminates
the overheard of context switching associated with
spinning off separate threads, as well as the dangers
associated with the Thread#kill method.
2014-04-29 22:10:08 +00:00
2b4006089b
Land #3298 , @wvu-r7's fix for db_import and its spec
2014-04-28 17:29:52 -05:00
eb98ea2d31
Large pass_file hangs login modules
...
SeeRM #8704
When running a *_login module that contains a large PASS_FILE
the module appears to hang while it is creating the combinations over
such a large dataset. The solution proposed in the Redmine task
requested that the user be alerted with some sort of progress feedback
if the process takes an excessive amount of time.
I have added a message that logs to the console that contains the
number of pairs left to be constructed before the module will continue.
The verbiage is fairly arbitrary and should probably be updated to
something that might be more descriptive. Likewise, the sleep
interval may need to be adjusted.
2014-04-28 21:45:14 +00:00
8a4c7b22ed
Land #3296 - Refactors firefox js usage into a mixin
2014-04-28 15:22:55 -05:00
7fad215f3e
Merge branch 'bug/9582-metasploit-imports-and-tasks' into upstream-master
...
Land #3299
2014-04-28 10:47:23 -05:00
696eee1ada
Add Outpost24 to db_import help
2014-04-25 14:27:44 -05:00
8f43c229b1
Passing the Mdm::Task down the chain
...
when reporting hosts from an Mdm::Task we need to pass the task all
the way down. this wasnt done for the metasploit import format.
2014-04-25 11:15:39 -05:00
19dd21abaf
Remove duplicate methods
2014-04-25 15:40:03 +01:00
f94d1f6546
Refactors firefox js usage into a mixin.
2014-04-24 15:09:48 -05:00
e556997bf7
Land #3269 (Pro) fix report import issue
2014-04-24 08:27:06 -05:00
ec1f7d644c
Support deprecation information from constants
2014-04-23 23:03:02 -04:00
72a2849bf1
Better specs
...
90.6% line coverage in Exploit::Powershell
77.32% in Rex::Exploitation::Powershell and haven't even started
writing those specs...
2014-04-23 08:07:42 +01:00
0137fdb690
Prepend sleep should be an int
2014-04-23 07:29:51 +01:00
61b8fb7921
Remove puts
2014-04-23 06:15:28 +01:00
11526b59a6
Boolean datastore options should always be present
...
Dont evaluate true/false as 'true'/'false'!
2014-04-23 05:03:16 +01:00
1347649a47
Remove unused EOFs
2014-04-23 02:37:07 +01:00
01bfad3489
Correct datastore values
2014-04-23 02:08:57 +01:00
647936e291
Add more yarddoc to Rex::Exploitation::Powershell
...
encode_code doesn't use eof
no need to unicode encode in gzip as this is handled by encode_code
2014-04-23 01:07:54 +01:00
88fe619c48
Yarddoc exploit::powershell
2014-04-23 00:15:55 +01:00
4c66e86f73
Dont add extra space in args
2014-04-22 14:44:01 +01:00
0f942d8c3d
Still :shorten command args
2014-04-19 18:58:26 +01:00
270b4b9728
Catch first arg with shorten
2014-04-19 18:54:42 +01:00
67f44072ca
Merge remote-tracking branch 'upstream/master' into pr2075
2014-04-19 18:45:55 +01:00
7d801e3acc
Land #3200 , goodbye LORCON modules :(
2014-04-18 12:32:22 -05:00
9f05760c50
Merge with Meatballs' initial changes
...
Clean up arch detection code and dedup Msf/Rex
Reduce generated payload size
2014-04-18 00:28:48 -04:00
5c3289bbc6
merge fix
2014-04-17 21:26:04 -04:00
549e306572
Remove superfluous v6 http{,s} payload and handler
2014-04-16 18:32:35 -05:00
2ed7a739c3
New reports in new exports can now import
...
MSP-9783
* Extracted import_report from monstrous import_msf_collateral;
simplified and clarified approach
* Updated report_report: includes all attrs provided vs subset, provides
more helpful error message
* Added report_artifact: adds child artifact for reports, handles
various troublesome cases
* Tested on all report types with a legion of option variants
2014-04-16 15:15:47 -05:00
7a4e12976c
First little bit at Bug 8498
...
[FixRM #8489 ] rhost/rport modification
2014-04-15 18:20:16 -05:00
38d8df4040
Merge remote-tracking branch 'upstream/master' into pr2075
...
Conflicts:
modules/exploits/windows/local/wmi.rb
2014-04-15 22:06:45 +01:00
9db01770ec
Add custom rhost/rport, remove editorializing desc
...
Verification:
````
resource (./a.rc)> run
[*] Connecting to FTP server ....
[*] FTP recv: "220 ProFTPD 1.3.3a Server (My FTP server)
[*] Connected to target FTP server.
[*] Authenticating as anonymous with password mozilla@example.com...
[*] FTP send: "USER anonymous\r\n"
[*] FTP recv: "331 Anonymous login ok, send your complete email address
as your password\r\n"
````
...etc.
2014-04-14 21:46:05 -05:00
c537aebf0f
Land #3228 , JtR colon Seperation
2014-04-14 11:19:16 -05:00
2aecab89bb
14-day free trial banner for non-binary installs
2014-04-14 11:00:41 -05:00
ac63e84d02
Fix little bug when using msfencode and exe-only
...
When arch is not defined, arch is null so it crashs.
It should be 'x86' by default
2014-04-14 01:02:31 +02:00
91293fd0db
Allow vhost to be maybe opts['rhost']
...
This enables passing rhost and rport directly to send_request_cgi
without having to monkey with the datastore.
See #8498
2014-04-10 16:47:49 -05:00
bc5f87b01a
Land #3195 , check() fix
2014-04-10 08:59:53 -05:00
3109f42a55
Merge release back into master
2014-04-11 15:07:16 -05:00
2f2692f4bf
Bump version to 4.9.2
2014-04-10 17:45:42 -05:00
80faaf86d8
Add a link to explain about unmet exploit requirements
2014-04-10 14:01:16 -05:00
95399b0de7
Don't try to be too helpful
...
John cares not one whit how many colons are in a hash line, only that
there are enough for the format (at least 2 for regular /etc/passwd, at
least 3 for NTLM, etc). So there is no simple way to programmatically
determine whether a password had a colon or there was just an extra on
the end of the original hash line.
[MSP-9778]
See #2515
2014-04-09 19:24:26 -05:00
062175128b
Update @Meatballs and @FireFart in authors.rb
2014-04-09 10:46:10 -05:00
ae3ead6ef9
Land #2107 Post Enum Domain Users
2014-04-09 11:32:12 +01:00
eab938c7b4
Get rid of requires, too
2014-04-07 16:39:19 -05:00
17ddbccc34
Remove the broken lorcon module set
...
None of the lorcon / lorcon2 modules have been functional for a long
time, due to the lack of a "Lorcon" gem. It's unclear where it went.
I'm happy to include it and get these working again, but until someone
comes up with some functional code (hint: 'gem install' doesn't work) I
don't see any reason to keep shipping these.
Is there some trick people are doing to make these work? As far as I can
see, they are broken by default.
````
msf auxiliary(wifun) > show options
Module options (auxiliary/dos/wifi/wifun):
Name Current Setting Required Description
---- --------------- -------- -----------
CHANNEL 11 yes The initial channel
DRIVER autodetect yes The name of the wireless driver
for lorcon
INTERFACE wlan0 yes The name of the wireless
interface
msf auxiliary(wifun) > run
[*] The Lorcon2 module is not available: cannot load such file --
Lorcon2
[-] Auxiliary failed: RuntimeError Lorcon2 not available
[-] Call stack:
[-]
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/lorcon2.rb:67:in
`open_wifi'
[-]
/home/todb/git/rapid7/metasploit-framework/modules/auxiliary/dos/wifi/wifun.rb:29:in
`run'
[*] Auxiliary module execution completed
````
2014-04-07 16:37:10 -05:00
d385c5ad4b
Fix undefined method `rport' for the check command
2014-04-07 11:48:28 -05:00
aecd13d314
Tab complete the same case
2014-04-03 09:54:48 -04:00
1c57c0092c
Tab complete case insensitive module options too
2014-04-02 23:27:11 -04:00
7d93d28f1d
Support more tab completion features
2014-04-02 21:57:17 -04:00
4bf6481242
Added regex option to validate options
2014-04-02 23:51:33 +02:00
577bd7c855
Land #3146 , @wchen-r7's flash version detection code
2014-04-02 15:13:41 -05:00
a71fcaeefd
add comments on change description call
2014-04-02 20:33:09 +01:00
bc4cb3febf
Add DCERPC catch exception
2014-04-02 20:33:09 +01:00
4a575d57ab
Try to fix Meatballs1 suggestions : optional service_description change call
2014-04-02 20:33:09 +01:00
5334f2657e
Fix a bug for backwards compatibility
2014-04-02 20:33:08 +01:00
631a7b9c48
Adapt to new psexec mixin (first try :D)
2014-04-02 20:33:08 +01:00
5a448d9f2d
Fix ActiveRecord::ConnectionNotEstablished
...
[SeeRM #8780 ]
2014-04-02 00:54:39 -05:00
8fd4f50081
Fix NameError for "r" in Msf::Auxiliary::Nmap
...
Wasn't in scope.
2014-04-01 17:35:20 -05:00
f9a7cfaa67
Land #3168 , EICAR payload encoding
2014-04-01 09:17:10 -05:00
42c7b85b86
Don't EICAR every time. That would be bad.
2014-04-01 09:05:55 -05:00
07ab05c870
Update a comment
2014-03-28 15:20:45 -05:00
4b7f85e47d
Adobe Flash support in BES
2014-03-28 15:14:58 -05:00
196e07c5b1
Touch up the EICAR stuff
2014-03-28 11:45:28 -05:00
da6a428bbf
Modify libs to support explib2
2014-03-28 10:44:52 -05:00
6c36d14be1
Land #3118 , fix java payloads for msfvenom
2014-03-25 15:38:21 -05:00
85c0c8bb70
Add support to detect mshtml build
...
Some IE vulns are build-specific, in that case we need a way to
detect the build version. On IE9 and newer, the build version is
the same as the one you see in WinDBG when you do lmv m mshtml.
On IE8, it returns something else I don't know.
2014-03-25 03:31:08 -05:00
8b2ee4eb8c
Disable BLANK_PASSWORDS and USER_AS_PASS
...
They're as obnoxious as DB_ALL_* when enabled by default.
2014-03-24 15:51:35 -05:00
d53b56c161
Tidy up
2014-03-22 18:38:58 +00:00
b524507e4e
Merge remote-tracking branch 'upstream/master' into land_2551
...
Conflicts:
modules/exploits/windows/local/ask.rb
2014-03-22 18:14:45 +00:00
7b2f0a64fc
Tidy up
2014-03-22 18:07:57 +00:00
13f5c22536
Land #3129 - Fix 2782 with 2961 and stop stack-tracing download_exec
2014-03-21 11:36:59 -05:00
0a141f1c02
Land #2810 , masked password format switcheroo
2014-03-20 15:12:12 -05:00
c4a9b4fda0
Land #3128 , Put loot in correct workspace
2014-03-20 14:11:17 -05:00
4d3f871e9d
Land #2961 , get_env and get_envs Post mixin
...
This unbreaks the changes introduced by #2782 by introducing
get_env and get_envs for shell sessions (not just meterpreter sessions).
2014-03-20 10:53:50 -05:00
dd4b16ad60
Remove some dead code
2014-03-20 09:38:14 -05:00
dc85a99fbd
report_loot now sets proper Mdm::Workspace
...
* Uses an Mdm::Workspace when passed one in conf hash
2014-03-20 09:27:09 -05:00
33ca577010
Zip Workspace imports now working.
...
MSP-9531
* Was trying to delete XML file, not sure why, running into permission
error
* General clarification and cleanup
2014-03-19 22:53:15 -05:00
cc4c958d58
Merge remote-tracking branch 'metasploit-framework/master' into masked-cred-format-update
2014-03-19 15:47:46 -05:00
130474fdfd
Fix java payload generation
...
jsp payloads are java but do not generate JARs
also we were not merging datastore options in properly
2014-03-18 13:41:27 -05:00
da0c37cee2
Land #2684 , Meatballs PSExec refactor
2014-03-14 13:01:20 -05:00
8393a49148
Land #3098 , check command host selection fix
...
[FixRM #8768 ]
2014-03-13 14:25:39 -05:00
6e37493471
Land #3091 - native shellcode payloads from a FF privileged js shell
2014-03-13 13:36:37 -05:00
db036e44ad
Use RdlCopyMemory from Kernel32.
2014-03-13 11:05:58 -05:00
7ead04414c
Land #3024 - Allow encoder Compat options
2014-03-13 10:59:40 -05:00
84b08a5a35
Fix check command host selection behavior
...
[SeeRM #8768 ] Instead of using the saved value for host, the check
command should use whatever the user specifies.
2014-03-12 22:54:01 -05:00
851fca2107
Add posix fork() call before running code.
2014-03-12 02:56:26 -05:00
7afcb6aee8
Add CreateThread wrapper for windows.
2014-03-12 02:49:09 -05:00
ce0c5380a5
Kill stray //.
2014-03-12 02:20:49 -05:00
9bdf570763
All working now. In-memory meterpreter even.
2014-03-12 02:19:28 -05:00
b431bf3da9
Land #3052 - Fix nil error in BES
2014-03-11 12:51:03 -05:00
b45524ecdd
generate cert @ payload/dalvik.rb
2014-03-10 21:50:00 -05:00
99cc94e6fc
moving string_sub() to payload/dalvik.rb
2014-03-10 21:49:59 -05:00
c07f390382
Add CookieExpiration option, add trailing slash to URI.
2014-03-10 13:07:17 -05:00
c76a1ab9f4
Land #3065 - Safari User-Assisted Download & Run Attack
2014-03-07 10:29:56 -06:00
311d4665ce
Re-use CreateService Handle
...
and remove unused variable
2014-03-06 21:37:49 +00:00
05067b4e33
Oops. Need to init the profile before accessed.
2014-03-06 11:48:54 -06:00
ad592fd114
Remove unnecessary method.
2014-03-05 23:36:43 -06:00
a792f85a5f
Fix re-initialize bug.
2014-03-05 23:27:04 -06:00
38a2e6e436
Minor fixes.
2014-03-05 19:03:54 -06:00
12cf5a5138
Add BES, change extra_plist -> plist_extra.
2014-03-05 18:51:42 -06:00
096d6ad951
Land #3055 , heapLib2 integration
2014-03-05 15:48:13 -06:00
cd3c2f9979
Move osx-app format to EXE.
2014-03-04 22:54:00 -06:00
a1aef92652
Land #2431 - In-memory bypass uac
2014-03-05 11:15:54 +10:00
5790547d34
Start undoing some work.
2014-03-04 17:01:53 -06:00
6e88bbd827
No need for that kind of language
2014-03-04 14:34:50 -06:00
72c6b995de
adjust timeout for shadowcopy
...
WMIC defaults to 10 sec timeout but shadowcopy
often needs longer.
2014-03-04 10:18:59 -06:00
e452b81fb1
style changes as suggested by @jlee-r7
2014-03-04 08:49:52 +02:00
3360f7004d
Update form_post vars, add Expires to cookie.
2014-03-03 23:29:02 -06:00
43715eeb7f
Blame @OJ
...
He changed the clipboard API underneat me.
2014-03-03 22:06:05 +00:00
32d83887d3
Merge remote-tracking branch 'upstream/master' into wmic_post
2014-03-03 21:56:31 +00:00
ee1209b7fb
This should work
2014-03-03 11:53:51 -06:00
894d16af80
Add specs for new/returning/previous visitors.
2014-03-02 20:50:10 -06:00
6825fd2486
Whitespace tweaks and cleanup.
2014-03-02 19:57:48 -06:00
46f27289ed
Reorganizes form_post into separate file.
2014-03-02 19:55:21 -06:00
785a35a81a
Needed to kill objToQuery.
2014-03-02 19:48:55 -06:00
e8226f9d40
Use a keyed cookie. Moves AJAX call to a form post.
2014-03-02 19:47:24 -06:00
26db845438
Try to pthread_create. Fails.
2014-03-02 18:02:23 -06:00
2885ebcb40
Merge remote-tracking branch 'upstream/master' into pr2075
2014-03-02 20:57:02 +00:00
0956ae5789
Fix payload selection
2014-03-02 20:56:55 +00:00
1ca690eccf
Do some rspec
2014-03-02 20:37:08 +00:00
c9a2135959
Merge in semperv
2014-03-02 19:07:13 +00:00
8cf5c3b97e
Add heaplib2
...
[SeeRM #8769 ] Add heapLib2 for browser exploitation
2014-03-02 11:47:18 -06:00
1a0f77edb2
Land #2739 , DLL injection in msfvenom
...
lands Meatballs PR to fix dll injection
in Msfvenom. Test to ensure it still works
in the new MsfVenom
2014-02-28 14:22:17 -06:00
9e355e1265
Merge branch 'master' into dll_inject
2014-02-28 14:20:46 -06:00
ac446d3b3f
Land #3043 - randomization for Rex::Zip::Jar and java_signed_applet
2014-02-28 14:10:55 -06:00
566a791ef3
Land #2992 , Fix VNC Inject Defaults
2014-02-28 14:04:56 -06:00
fd1586ee6a
Land #2515 , plaintext creds fix for John
...
[FixRM #8481 ]
2014-02-28 09:53:47 -06:00
f66709b5bb
make bypassuac module clean itself up
...
since the IO redirection hangs our original process
we have the moudle wait for the session then kills
the spawning process and delete the exe we dropped
2014-02-27 12:54:40 -06:00
6c490af75e
Add randomization to Rex::Zip::Jar and java_signed_applet
2014-02-27 12:38:52 -06:00
d358fe5f94
Merge branch 'payload_defaults'
2014-02-26 10:28:46 -06:00
f51cbfffb8
minor fix to payload generator
...
was passing platform string instead of the
platform lsit when formatting the payload
2014-02-25 15:51:06 -06:00
d0780cd1a2
Land #3010 - EXITFUNC as OptEnum
2014-02-24 11:07:10 -06:00
c760d37703
use the actual shellcode length.
2014-02-24 09:55:44 -06:00
9fd635d645
Favor \! vs == false
2014-02-24 08:47:25 -06:00
2a6258be15
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
external/source/exploits/make.bat
2014-02-28 20:26:24 +00:00
5a7730b495
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
2014-02-25 23:15:47 +00:00
8bdb22aeb9
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
lib/msf/core/post/windows.rb
2014-02-25 22:15:05 +00:00
bbacaa477e
Add missing require
2014-02-25 22:08:27 +00:00
e31a144f4d
Use better system call
2014-02-22 20:34:56 +00:00
8af992e083
Use same coding style
2014-02-21 16:02:27 -06:00
0c44cc5ae4
Allow Exploits to provide Encoder Compat options
2014-02-21 15:49:39 -06:00
0179faa66f
Fix yardoc for Post::Windows::LDAP
...
Also fix some style issues and warnings.
2014-02-21 13:25:11 -06:00
0b5e617236
Land #3016 lsanchez-r7's send_message mod to return info
2014-02-19 17:01:06 -06:00
c0cdea37f7
Initialize send_status at the function's start
2014-02-19 16:54:29 -06:00
f7a483523c
changing the initial state from false to nil
2014-02-19 16:45:00 -06:00
212ebb568c
EXITFUNC option should be an OptEnum.
2014-02-19 03:06:15 -06:00
50fb9b247e
Restructure some of the exploit methods.
2014-02-19 02:31:22 -06:00
4ca4d82d89
Land #2939 , @Meatballs1 exploit for Wikimedia RCE and a lot more...
2014-02-18 17:48:02 -06:00
e4aedfad43
Fixup netapi call
2014-02-18 23:30:29 +00:00
07fd3494e5
changing send_message to return more information
2014-02-18 16:48:52 -06:00
6f988209ab
Merge remote-tracking branch 'upstream/master' into enum_domain_users_update
2014-02-18 20:02:39 +00:00
5c8af63063
Fix regression
2014-02-18 17:41:35 +00:00
1bc94b8a9d
Merge for retab
2014-02-17 19:19:47 -06:00
f07efc91a8
Land #2915 , @Meatballs1 improvements for LDAP post mixin
2014-02-17 19:14:59 -06:00
318ebdb4c8
Clean up // comments.
2014-02-17 15:34:42 -06:00
57449ac719
Adds working shellcode exec local exploit.
2014-02-17 15:31:45 -06:00
7f9b4a4bf4
Land #2655 , Re-do exe-small for scripting payloads.
2014-02-17 15:56:23 -05:00
022c52d087
Added bundling to handle many sessions at once.
2014-02-15 15:37:22 -06:00
b0d2949f9a
Ensure no race conditions on handlers
...
Configurable WfsDelay
2014-02-15 15:21:16 -06:00
a83ca2b8d6
Ghost sessions fix, fewer selfies, cleaner code
2014-02-15 15:21:16 -06:00
9c8c16d238
Allow multiple handlers to use same hop.
2014-02-15 15:21:16 -06:00
16e1280b8d
Style guide fixes.
2014-02-15 15:21:16 -06:00
a6a731c8ee
Keep stage until replaced, nil check, prettify.
2014-02-15 15:21:16 -06:00
85ae32775a
Fix to make migrate work; use the full URL.
2014-02-15 15:21:16 -06:00
5f7a0e162c
Add reverse_hop_http stager and handler
2014-02-15 15:21:16 -06:00
f58b66adf8
Docs and more robust code
2014-02-14 23:15:05 +00:00
b8b36ef528
Merge remote-tracking branch 'upstream/master' into pr2075
2014-02-14 22:52:55 +00:00
3299b68adf
Landing #2767 , @Meatballs1 Powershell Reflective Payload
2014-02-14 16:12:46 -05:00
f7858bf1a7
SnakeCase option looks better
2014-02-14 21:05:24 +00:00
983f5abc2f
Make vnc a bit safer to use
2014-02-14 20:59:44 +00:00
4dd60631cb
Land #2950 - New Payload Generator for MsfVenom
2014-02-13 15:13:10 -06:00
61563fb2af
Do minor cleanup
2014-02-13 09:10:04 -06:00
0056c26047
import msf exploit
2014-02-12 22:06:18 -05:00
b453362a52
Merge remote-tracking branch 'upstream/pr/2966' into integrate_with_meatballs
2014-02-12 16:43:30 -05:00
4565be18e3
require active_support numeric
...
ensure we have the activesupport numeric bytes extension
loaded for calling .gigabyte
2014-02-12 13:20:13 -06:00
40db1c4d0d
s/auxiliarly/auxiliary/
2014-02-12 12:17:53 -06:00
5a488b310d
Use a more correct error message
...
-1 is a valid session ID, even though it's a fake one.
2014-02-11 18:06:43 -06:00
4a603b9a8d
Merge remote-tracking branch 'upstream/master' into beug/session
...
Conflicts:
lib/msf/base/simple/post.rb
2014-02-11 16:38:16 -06:00
18816f3d5e
Land #2952 , -1 for last session ID
2014-02-11 16:22:36 -06:00
2476d9be2d
Fix invalid session ID bug
...
This fix should work seamlessly with #2952 .
2014-02-11 15:43:35 -06:00
1f0020a61c
Land #2946 , @jlee-r7's optimization of the x86 block_api code
2014-02-11 15:00:00 -06:00
e3aa838e52
Fix on_session_module_run bug
2014-02-11 11:37:58 -06:00
a67a14ff60
Land #2975 @wchen-r7's extra vprint_debug statements for ms13-090
2014-02-10 20:57:55 -05:00
d8ea11b851
Redirect HTTP too
2014-02-10 23:41:15 +00:00
442d212a94
Add vprint_debug to show what requirements are being compared
2014-02-10 17:33:36 -06:00
Tod Beardsley
James Lee
Luke Imhoff
jvennix-r7
David Maloney
Meatballs
Brandon Turner
William Vu
Christian Mehlmauer
Trevor Rosen
Tom Sellers
sinn3r
nstarke
agix
Florian Gaultier
Jeff Jarmoc
Brendan Coles
Joshua Smith
jvazquez-r7
Samuel Huckins
lsanchez-r7
Spencer McIntyre
RageLtMan
agix
Trevor Rosen
AnwarMohamed
OJ
Etienne Stalmans
scriptjunkie