a8b5bf4625
Show selected auxiliary action
2014-10-07 14:34:41 -05:00
0ec855cd07
Add debug log for ARCH_CMD encoder results
2014-10-06 22:34:09 -05:00
260e829a59
Fix PayloadGenerator to have platform into account, so msfvenom works as expected
2014-10-06 19:20:59 -05:00
0089810026
Merge to update
2014-10-06 19:09:31 -05:00
212762e1d6
Delete RequiredCmd for unix cmd encoders, favor EncoderType
2014-10-06 18:42:21 -05:00
17f278effd
Fix #3822 - Support file:// syntax for check()
2014-10-06 13:37:14 -05:00
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
097d2bfbb5
Land #3922 : Metasploit Park banner
2014-10-03 16:32:56 -05:00
d048bb7725
Add some color to the msfpark banner
...
It looks kind of naked without some color compared to all the other
banners.
2014-10-03 14:52:54 -05:00
f7e709dcb3
Land #3941 , new WPVDB reference
2014-10-03 10:17:02 -05:00
f45b89503d
change WPVULNDBID to WPVDB
2014-10-03 17:13:18 +02:00
6d7870a4ac
Land #3934 - New :vuln_test option to BES
2014-10-02 16:31:50 -05:00
33b37727c7
Added wpvulndb links
2014-10-02 23:03:31 +02:00
6571213f1c
Remove un-truthy doc string.
2014-10-01 23:41:02 -05:00
5a8eca8946
Adds a :vuln_test option to BES, just like in BAP.
...
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.
This commit also does some mild refactoring of un-
useful behavior in BES.
2014-10-01 23:34:31 -05:00
b1b8cba4c5
Rescue an IOError on channel double-close.
...
This was causing output from python meterpreter
commands run on OSX to be discarded when the error
was raised, making cmd_exec not-so-useful.
2014-10-01 22:35:41 -05:00
5cb016c1b1
Use Match constant in BES as well
2014-10-01 16:17:13 -05:00
a75d47aad9
Use yardoc for new methods
...
Also substitute '&&' for 'and', and fix some whitespace
2014-10-01 16:02:33 -05:00
909ac522d1
Add metasploit-park.txt banner to msfconsole
...
Obviously a homage to Jurassic Park. :)
2014-09-30 16:28:23 -05:00
1e2d860ae1
Fix #3914 - Inconsistent unicode names
2014-09-30 12:19:27 -05:00
9e5826c4eb
Land #3844 - Add the JSObfu mixin to Firefox exploits
2014-09-29 11:15:14 -05:00
8fa666b75d
Verbose messages on why a connection is closed
2014-09-28 17:41:21 -07:00
d5959d6bd6
Land #2585 , Refactor Bypassuac with Runas Mixin
2014-09-28 09:24:22 +01:00
e14dd9900b
Land #3896 , Change Max LOGLEVEL to 3
2014-09-28 09:18:29 +01:00
67c25c20ca
Land #3357 , Run Local Exploits in AutoRunScript
2014-09-28 09:12:26 +01:00
3fc57109e6
Dont rescue Exception
2014-09-28 09:12:03 +01:00
ae82ebc734
Change max LogLevel to 3
...
There is no such thing as a LogLevel 5.
2014-09-26 14:20:47 -05:00
a31b4ecad9
Merge branch 'review_3893' into test_land_3893
2014-09-26 08:41:43 -05:00
86f85a356d
Add DHCP server module for CVE-2014-6271
2014-09-26 01:24:42 -05:00
bdac82bc7c
Fix lib/msf/core/exploit/dhcp.rb
2014-09-25 22:18:26 -03:00
2b02174999
Yank Android->jsobfu integration. Not really needed currently.
2014-09-25 16:00:37 -05:00
b96a7ed1d0
Install a global object in firefox payloads, bump jsobfu.
2014-09-24 16:05:00 -05:00
5d234c0e01
Pass #send in this so jsobfu is not confused.
2014-09-24 15:07:14 -05:00
650b65250f
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2014-09-22 11:51:10 -07:00
4e9f1282de
Land #3834 , @jabra-'s updates to UDPscanner to support spoofing
2014-09-22 11:49:53 -07:00
e86b18cdd4
Add sanity check for NUM_REQUESTS
2014-09-22 11:48:39 -07:00
f61afe2598
Merge branch 'master' into bug/MSP-11368/boot-profiling
...
MSP-11368
2014-09-22 10:00:07 -05:00
ebacb26e51
Land #3838 , msfvenom badchar fix
2014-09-22 03:08:57 -05:00
d9e6f2896f
Add the JSObfu mixin to a lot of places.
2014-09-21 23:45:59 -05:00
e1cfc74c32
Move jsobfu to a mixin
2014-09-21 00:39:04 -05:00
cd037466a6
upate doc
2014-09-20 23:40:47 -05:00
9191af6241
Update js_obfuscate
2014-09-20 23:38:35 -05:00
a9420befa4
Default to 0
2014-09-20 21:39:20 -05:00
046045c608
Chagne option description
2014-09-20 21:38:57 -05:00
fd5aee02d7
Update js_obfuscate
2014-09-20 21:36:17 -05:00
7bab825224
Last changes
2014-09-20 18:39:09 -05:00
135bed254d
Update BrowserExploitServer for JSObfu
2014-09-20 17:59:36 -05:00
d9a713b415
Decode the badchars string correctly.
2014-09-20 17:48:03 -05:00
cd8b1318e0
send data based on input not @probe
2014-09-20 15:18:58 -04:00
3fb00ece9e
refactored the code based on PR feedback
2014-09-20 14:10:00 -04:00
5884cbc196
Optimize skip logic in #update_all_module_details
...
MSP-11368
Use `Hash<String, Set<String>>` instead of `Array<(String, String)>` so
that `include?` call is faster because (1) it's only search through
reference names of the same module_type and (2) `Set#include?` is faster
than `Array#include?`. This change is a 8.20% average reduction in boot
time compare to b863978028b5c3c87790https://docs.google.com/spreadsheets/d/1TnZIUFIR1S5nCnkeM-7XR3AVSbyCl39x2mItJKJCOqg/edit?usp=sharing
and data at
https://drive.google.com/folderview?id=0Bx1hRHfpRW92VEFvQ2FaN3RoWWs&usp=drive_web
2014-09-19 15:34:10 -05:00
8b5a146067
Wrap Array#include? usage
...
MSP-11368
Wrap skipped.include? call to confirm it is the culprit for
Array#include? inside of with_connection in profile.
2014-09-19 14:38:12 -05:00
c216cf8c53
added spoofing capabilities to udp_scanner
2014-09-19 10:29:05 -04:00
b863978028
Remove fastlib
...
MSP-11368
MSP-11143
Remove fastlib as it slows down the code loading process. From the
previous commit, the mean loading for
`METASPLOIT_FRAMEWORK_PROFILE=true msfconsole -q -x exit` was
27.9530±0.3485 seconds (N=10). The mean after removal of fastlib
was 17.9820±0.6497 seconds (N=10). This means an average 35.67%
reduction in boot time.
2014-09-18 15:24:21 -05:00
29eb3ebf86
Fix up the StageEncodingFallback logic and error handling
2014-09-15 21:56:35 -05:00
9cbc7e46a3
Fix suggested stuff
...
https://github.com/hmoore-r7/metasploit-framework/pull/2
2014-09-15 09:47:06 +02:00
c71428be50
Choose fallback if stage encoding fail
2014-09-13 13:56:54 +02:00
2977e8e102
Add msfcli (M)issing
2014-09-12 10:25:13 -05:00
425874315c
Add show missing
2014-09-12 10:23:12 -05:00
7485d9172a
Rescue only NoEncodersSucceededError to pass the tests
2014-09-12 13:30:03 +02:00
28e61edef4
Unblock when invalid encoder is selected and allow multiple encoder
2014-09-12 12:48:09 +02:00
37e6173d1f
Make Metasploit::Concern a first-class dep.
...
Also adds a Concern hook to HttpServer, so Pro can more
easily change its behavior.
2014-09-11 13:28:45 -05:00
71228b48a0
Update 3 more encoders to be StageEncoder compatible
...
This could probably use some DRY love via a mixin
2014-09-10 20:21:35 -05:00
65287e41cd
Land #3773 - Fix windows cmd redirection in firefox payloads
2014-09-10 13:25:42 -05:00
1bb6573570
Fix windows cmd redirection in ff payloads.
2014-09-10 00:47:05 -05:00
0a6ce1f305
Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP
2014-09-09 17:21:03 -05:00
6c0dae953d
Stage encoding is now SaveRegister aware
2014-09-09 14:21:51 -05:00
ef748fdef7
check if database is connected first
...
wooops
2014-09-08 12:54:19 -05:00
09e6c2f51f
Merge branch 'master' into feature/MSP-11162/db-all-creds
2014-09-08 12:52:25 -05:00
ae5a8f449c
Land #3691 , gdbserver hax
2014-09-08 11:48:39 -05:00
5c1d95812c
Add verify_checksum and use it
...
Also fixed a YARD typo.
2014-09-08 02:19:21 -05:00
ce0e7b59f5
Remove WVE and BPS reference identifiers
...
Reasons why they should be gone:
WVE:
* wirelessve.org is down.
* Not a single module uses WVE as a reference
BPS:
* "BreakingPoint" no longer exists
* The URL takes you to a login page to ixia. And there is no point
of referencing something people can't see.
* Not a single module uses BPS as a reference.
2014-09-05 13:28:10 -05:00
b6e04599a7
Fix read_ack to read only the ACK
...
It was reading the response, too. Also removed an extraneous send_ack.
2014-09-05 12:30:59 -05:00
093f488360
add db_all_cred methods to authbrute
...
adds 3 methods to add db_all_creds functionality back to
the loginscanners
2014-09-04 12:20:42 -05:00
4966082de5
Replace 'rescue nil' with DRY-violating versions :(
2014-09-03 23:06:11 -05:00
0e18d69aab
Add extended mode to prevent service from dying.
2014-09-03 16:07:27 -05:00
4293500a5e
Implement running exe in multi.
2014-09-03 15:56:21 -05:00
268d42cf07
Add PrependFork to payload options.
2014-09-03 14:56:22 -05:00
85c5de07ec
Fix use of datastore['SMBServerIdleTimeout']
2014-09-02 13:47:01 -05:00
6fcc864942
Reduce the chance of file descriptor leaks in SMBServer
...
This patch addresses three observed error conditions in long-running SMB services.
1. A call to get_once() in on_client_data could raise a Timeout exception and bubble all the way up to the dispatcher. This should technically never happen, but gets triggered for zero-byte writes and clients closing their connections. The fix was to handle the exception and lower the timeout. The change was tested with a number of SMB clients to make sure this didn't introduce any regressions.
2. A client could indefinitely keep a connection to the SMB server. The SMB server now disconnects idle clients after 120 seconds of inactivity (configurable).
3. A client could send a large amount of data that was invalid SMB traffic, using up memory as a potential DoS.
Caveats: The idle client sweep occurs every 100 requests or at an interval equal to the idle timeout. A client could fill up the entire connection table on its own, preventing the sweep from occurring by preventing new connections. Fixing this would require a dedicated thread to sweep for idle connections and is a more aggressive attack than this patch is designed to defend against (accidental connection flooding, basically).
2014-09-02 13:29:37 -05:00
0ef71c70d3
s/services/creds
2014-08-31 09:54:49 -07:00
3bb370437c
Returns csv output to creds command
...
commit 82b2c1deae
2014-08-31 08:35:22 -07:00
559ec4adfe
Add module for ZDI-14-299
2014-08-31 01:11:46 -05:00
e1b6ee283f
Allow Msf::Payload::JSP to guess system shell path if it isnt provided
2014-08-30 16:27:02 -05:00
b4e3ce0fdc
Merge branch 'master' of github.com:rapid7/metasploit-framework
2014-08-28 17:14:07 -05:00
fa77caa819
Merge branch 'bug/MSP-11153/database-config-overrides'
...
MSP-11153 #land
2014-08-28 17:12:37 -05:00
031445fee7
Check for nil resource files
...
See #3719
2014-08-28 16:27:33 -05:00
7a8d7a38d1
Remove debugging 'puts'
...
MSP-11153
2014-08-28 13:48:46 -05:00
951ce15b44
Move database.yml selection to Metasploit::Framework::Database
...
MSP-11153
Test the following paths in order and only return them if the path
exists:
1. MSF_DATABASE_CONFIG environment variable
2. ~/.msf4/database.yml
3. <project>/config/database.yml
2014-08-27 12:01:43 -05:00
316a952e9c
Make SIP note, service and print output more similar
2014-08-26 17:47:31 -07:00
2d2606aeaf
Update sip note format, small tweaks to output, service.info
2014-08-26 16:42:00 -05:00
ba1f7c3bf6
Land #3687 , reworks the nat-pmp portscanner
2014-08-26 14:34:46 -05:00
4e19d9ade1
Land #3545 , fix up sip scanners, msftidy, db services cmd
2014-08-26 14:07:21 -05:00
e75e213b52
Clarify SIP mixin method name, store header values as string, etc
2014-08-26 11:40:49 -07:00
677d7804ae
Fix bad merge
2014-08-26 10:49:54 -07:00
162508f532
Update NAT-PMP modules to use new/updated mixins
2014-08-26 10:49:53 -07:00
816404bb88
Move common NAT-PMP functionality into a central place
2014-08-26 10:49:53 -07:00
ff7e0f3c19
Land #3705 , xistence's UPNP SSDP M-SEARCH amplification scanner
2014-08-26 08:30:43 -07:00
337cd02dd7
Change Auxiliary::DRDoS' prove_drdos to prove_amplification
2014-08-26 07:48:44 -07:00
9749c78632
Add amplification multiplier for vulnerable proofs
2014-08-26 07:36:38 -07:00
b3e898736f
Land 3694, msfconsole.rc wasn't loading, add yard
2014-08-26 01:12:33 -05:00
a41748e77e
Correct SIP header note storage to align with Recog
2014-08-25 13:12:30 -07:00
6185721a61
Address @hmoore-r7's feedback regarding binary encoding
2014-08-25 13:11:22 -07:00
a4f623a955
Show port and protocol when printing service notes, not just name
2014-08-25 13:11:22 -07:00
9955cb5b27
Enforce proper protocol case where necessary
2014-08-25 13:11:22 -07:00
b760815c86
Also pull the Allow headers (previous behavior)
2014-08-25 13:11:21 -07:00
637f86f37d
Gut SIP UDP stuff, use Msf::Auxiliary::UDPScanner
2014-08-25 13:11:21 -07:00
50d90defbc
Use a correct default Accept header -- responses++
2014-08-25 13:11:21 -07:00
c2e70446ed
Move SIP module stuff to Msf::Exploit::Remote::SIP
2014-08-25 13:11:21 -07:00
c4a173e943
Remove automatic target, couldn't figure out generic payloads.
2014-08-25 14:14:47 -05:00
1ee83ff57e
Land #3696 , pile of NTP DRDoS 0days
...
Dr. DoS in da house?
2014-08-25 11:47:28 -05:00
92ff0974b7
Add YARD option formatting
2014-08-25 01:45:59 -05:00
19d6feca62
Fix regression where msfconsole.rc wasn't loading
...
Also add some slightly better docs for the Driver class
2014-08-24 15:10:41 -05:00
6313b29b7a
Add #arch method to Msf::EncodedPayload.
...
This allows exploits with few one automatic target to support many
different architectures.
2014-08-24 02:22:15 -05:00
1d3531d09d
Put include above constant defs.
2014-08-24 01:17:32 -05:00
4e63faea08
Get a shell from a loose gdbserver session.
2014-08-24 01:10:30 -05:00
7ee5423310
Add specs for Msf::HTTP::JBoss::Base
2014-08-22 15:11:27 -05:00
4742dbad91
Fix YARD documentation
2014-08-22 14:18:13 -05:00
38e6576990
Update
2014-08-22 13:22:57 -05:00
05f0d09828
Merge branch staging/electro-release into master
...
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master. Rather than merging with
history, he squashed all history into two commits (see
149c3ecc6382760bf5b319ba7772f362b81d681448f0743d1b
2014-08-22 10:50:38 -05:00
19ba7772f3
Revert "Various merge resolutions from master <- staging"
...
This reverts commit 149c3ecc63
2014-08-22 10:17:44 -05:00
48f0743d1b
remove crappy basedir method
...
this method is no lopnger needed
2014-08-20 15:28:36 -05:00
6bc55bf8cc
change is_apt method
2014-08-20 15:27:11 -05:00
b547f7fc75
fix msfbasedir for go_pro
...
go_pro uses the wrong base director y for starting
up metasploit pro when using the go_pro command
this caused errors
2014-08-20 15:22:18 -05:00
8fd4ee87ab
Allow singular NTP version and mode 7 implementation testing
2014-08-20 12:21:39 -07:00
e0df664656
Land #3653 : NETAPI x64 fixes
2014-08-19 11:40:43 +10:00
fd40a68525
Added YARD documentation to lib/msf/http/jboss
2014-08-18 18:19:37 +02:00
5e123e024d
Add 'coding: binary' to all msf/rex library files
...
This fixes a huge number of hard-to-detect runtime bugs
that occur when a default utf-8 string from one of these
libraries is passed into a method expecting ascii-8bit
2014-08-17 17:31:53 -05:00
6d92d701d7
Merge feature/recog into post-electro master for this PR
2014-08-16 01:19:08 -05:00
149c3ecc63
Various merge resolutions from master <- staging
...
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
8302e82ca1
Use x64 ptr sizes
2014-08-14 23:32:04 +01:00
256204f2af
Use correct pack/unpack specifier
2014-08-13 11:36:16 +01:00
351b687759
Land #3612 , Windows Local Kernel exploits refactor
2014-08-10 22:05:06 +01:00
b277f588fb
Use railgun helper functions
2014-08-10 21:52:12 +01:00
af3ca19ab2
Land #3501 , @AnwarMohamed's android meterpreter commands.
2014-08-09 16:29:59 -05:00
dbaa377aa1
Final-round of code tweaks. All commands working well.
2014-08-09 13:04:52 -05:00
d6198c786d
Move rdoc for Msf::Auxiliary::DRDoS
2014-08-08 23:23:48 -07:00
ddcaa11216
Add new mixin for helping to detect DRDoS vulns
2014-08-08 23:15:09 -07:00
ed3ccdc9e0
Initial commit of modules for NTP vulns described in R7-2014-12
...
Not entirely functional or polished, but mostly working
2014-08-08 21:00:43 -07:00
73253b575a
Land #3626 , @wchen-r7's storing of text loot as txt
2014-08-08 18:57:38 -07:00
93174a818b
Land #3628 - Add --ask option in msfconsole
2014-08-08 11:03:15 -05:00
b33d2b8583
Adds a newline for readability
2014-08-07 13:49:13 -05:00
6cea921478
Adds --ask option to prompt before exiting msfconsole
2014-08-07 13:44:46 -05:00
e432f3f442
Support all text-based ctypes
2014-08-07 11:10:32 -05:00
d6e60453d6
Added Wordpress XMLRPC DoS
2014-08-07 11:38:44 +02:00
1d430dbb45
Run migrations when connection already established in console
...
MSP-10955
`Msf::Ui::Console::Driver#initialize` doesn't call
`framework.db.connect` if it can't find the the `database.yml`, but when
using `msfpro`, the connection is already established, so the console
doesn't need to know where the database file is and should just run the
migrations so that `framework.db.migrate` can be set and
`framework.db.active` will return `true`.
2014-08-06 19:55:51 -05:00
91bb0b6e10
Metasploit Framework 4.9.3-2014072301
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
/lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
aJ0QgKJz8thZgafZc89I
=e1z9
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
AjGcfOzhhcsY+WAQ7OG+
=Pjob
-----END PGP SIGNATURE-----
Merge tag '2014072301' into staging/electro-release
Conflicts:
Gemfile.lock
modules/post/windows/gather/credentials/gpp.rb
This removes the active flag in the gpp.rb module. According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
2ed02c30a8
Use better variable names instad of an array
2014-08-05 21:34:36 -07:00
b602e47454
Implement improvements based on feedback
2014-08-05 21:24:37 -07:00
9c29b78b9a
Add missing require
...
MSP-10848
Not triggered on OSX development machines, only on Linux.
2014-08-04 18:23:25 -05:00
8fe9ec098e
Date attrs set after creation in report import
...
MSP-11021
* created_at and updated_at are protected against mass-assignment, so
these need to be set after for reports and report artifacts
2014-08-04 14:02:59 -05:00
6543b08eb4
Support writing a copy of the original token
2014-08-04 11:49:00 -07:00
4b73ad6f40
Fix guessing the arch with modules specifying an array
2014-08-04 11:49:00 -07:00
893b9a6e99
Add an open_device function for wrapping CreateFileA
2014-08-04 11:49:00 -07:00
43a5120696
Cleanup the WindowsKernel mixin
2014-08-04 11:49:00 -07:00
49837a3ba6
Create a basic WindowsKernel exploit mixin
2014-08-04 11:49:00 -07:00
88f23832e6
Added Time out
...
For some reason the handler was closing before the command could
complete. Added the time out from bypassuac and now both psh and exe
work perfectly.
2014-08-02 14:29:42 -07:00
693e744da4
Hide icon flash on taskbar during cmd_psh_payload
...
When 'cmd_psh_payload' is run via 'cmd_exec' on a windows shell that is running in the context of an interactive user an icon will flash very quickly on the user's task bar. This can be avoided (verified) by adding the /b switch to the start section of the command launcher text. I have verified that this switch exists from Windows 2000 through Windows 2012 R2.
2014-08-02 15:52:52 -05:00
11515fc75c
Update core.rb
2014-08-02 15:27:10 -05:00
6603443df4
Add missing require
...
MSP-10998
2014-08-01 21:54:41 -05:00
9096a8a1f5
Remove Msf::Framework::VersionAPI
...
MSP-10998
It's compacting of the version parts into a single float doesn't work
with APIMinor over 10, so replace with Gem::Version, which compares
parts correctly.
2014-08-01 21:43:14 -05:00
22db5aad8a
Remove Msf::Framework::VersionCore
...
MSP-10998
It can't handle 4.10.0 because it tries to compact the multiple part
version into one float using (1 / 10.0).
2014-08-01 21:31:48 -05:00
5aa347ef65
Changed Method Names
...
Changed names to look like shell_execute_(option), to make it more
defined on what it does.
2014-08-01 17:10:32 -07:00
def652a50e
Merge https://github.com/rapid7/metasploit-framework into bypassuac/psh_option
2014-08-01 14:32:55 -07:00
c31fc61617
Land #3270 , @jlee-r7 deprecation ipv6 payloads
...
These are not needed, since you can just config the regular handler now
and pick either.
This resolves the conflict (rm'ed the old modules)
Conflicts:
modules/payloads/stagers/windows/reverse_ipv6_http.rb
modules/payloads/stagers/windows/reverse_ipv6_https.rb
2014-08-01 16:27:59 -05:00
73ca8c0f6d
Work on jboss refactoring
2014-08-01 14:28:26 -05:00
902cf4bc1e
Fix var name
2014-07-31 23:16:53 +01:00
90c0f587bf
Fix for newer powershell
2014-07-31 23:11:51 +01:00
15c1ab64cd
Quick rubocop
2014-07-31 23:11:00 +01:00
d336c56b99
Merge remote-tracking branch 'upstream/master' into land_2551
2014-07-31 23:06:37 +01:00
0546282441
Land #3590 , #3574 reversion
2014-07-31 09:59:04 -05:00
735ccda4db
Add an example for add-ssh-key
2014-07-31 09:40:36 -05:00
391e2bb99b
Fixed some style changes
...
Removed upload var, it really served no purpose.
2014-07-30 22:42:07 -07:00
53b66f3b4a
Land #2075 , Powershell Improvements
2014-07-31 00:49:39 +01:00
77d99b7374
Land #3586 , fix msfconsole when running without db
...
Conflicts:
Gemfile.lock
metasploit-framework.gemspec
2014-07-30 17:24:21 -05:00
3320a1ef77
Revert PR #3574
...
This reverts commit 96945442ff
2014-07-30 14:06:46 -05:00
3e915e5059
Merge branch 'staging/electro-release' into bug/MSP-10715/import-security-issues
...
Update deps
Conflicts:
Gemfile
Gemfile.lock
2014-07-30 12:49:15 -05:00
ea72a7e5c3
Merge pull request #3583 from jlee-r7/feature/MSP-9932/creds-add-subcommands
...
Add `creds` subcommands
MSP-9932 #land
2014-07-30 12:01:36 -05:00
85b00eede6
Add #present? checks
2014-07-30 11:52:59 -05:00
ceb8a0f5c2
Extract option require pattern to helper Module
...
MSP-10905
`Metasplot::Framework::Require.optionally` can be used to optionally
require a library and then issue a warning if the require fails or run a
block when it succeeds.
2014-07-30 10:07:53 -05:00
8fda4ee239
Fix fd leak and blind IO#gets in pwdump import
...
MSP-10715
2014-07-29 15:15:47 -05:00
f5ff22eba4
msfconsole with bundle install --without db
...
MSP-10905
2014-07-29 14:46:44 -05:00
8e7dd1b658
Add missing require
...
MSP-10905
2014-07-29 14:06:27 -05:00
9a5085cbba
Prevent circular dependency
...
MSP-10905
Use Metasploit::Framework::Version directly instead of
Msf::Framework to prevent circular dependency when starting msfconsole.
2014-07-29 14:04:15 -05:00
c2be3d6875
fixing autoload bug
2014-07-29 17:51:56 +02:00
b02dbcc2e7
remove extra whitespace
2014-07-29 16:23:27 +02:00
7512e04894
fixing autoload
2014-07-29 16:21:31 +02:00
d6c7eb8850
Fixed a typo introduced in commit 9e92448
2014-07-29 09:04:12 +02:00
9e9244830a
Added spec for lib/msf/http/jboss
...
Also renamed get_undeploy_bsh and get_undeploy_stager to
gen_undeploy_bsh and gen_undeploy_stager to be consistent
with the other functions
2014-07-29 01:57:04 +02:00
d334797116
Updated foxpress module
2014-07-28 22:23:22 +02:00
3870b59873
remove rpg_get_auth_info
...
this is an rpc call that calls a method that
does not even exist...
WAT?!
2014-07-28 15:13:03 -05:00
c9d231b48b
remove old rpc methods
...
added rpc methods to create new creds
removing the old methods for
the obsolete cred models
2014-07-28 14:52:53 -05:00
e29b2aed9b
add credential rpc calls
2014-07-28 14:49:35 -05:00
49d0fc37c2
Add support for different realm_key
2014-07-28 14:39:24 -05:00
ba7d8efb07
Land #3574 , has_actions.rb cleanup
2014-07-28 12:59:33 -05:00
1e32574768
Merge branch 'staging/electro-release' into feature/MSP-9641/cred-rpc-calls
2014-07-28 11:10:59 -05:00
79fe342688
Land #3558 , @FireFart's improvements to wordpress mixin
2014-07-28 09:52:20 -05:00
2d5fd5e0d5
Use constant for WORDPRESS_VERSION_PATTERN
2014-07-28 09:22:50 -05:00
c65db18090
Add rudimentary specs and fix some help wording
2014-07-28 09:19:09 -05:00
b061d24b84
Favor & over and
2014-07-28 09:05:53 -05:00
283046b25d
fixing auto load on new session
2014-07-28 10:49:50 +02:00
96945442ff
removes unnec. retruns & uses of 'not' - has_actions.rb
2014-07-27 18:20:12 -05:00
a35e7371bb
Add simple tabbing for creds command
2014-07-27 14:08:38 -05:00
b8bb4c7bc0
Add add-ssh-key to help output, fix some warnings
2014-07-27 13:46:38 -05:00
a38a627b94
Merge branch 'staging/electro-release' into feature/MSP-9932/creds-add-subcommands
2014-07-27 13:38:33 -05:00
3e304536ea
Land #3554 , Typo3 mixin specs
2014-07-25 16:06:40 -05:00
a0a2fddee8
Land #3562 , yardoc cleanup
2014-07-24 17:25:12 -05:00
bc836f3606
Add a little easter egg in the NTLM hash
2014-07-24 16:37:24 -05:00
cd2ec0a863
Refactored jboss mixin and modules
...
Moved fail_with() from mixin to modules. Added PACKAGE datastore to
lib/msf/http/jboss/bsh.rb.
2014-07-24 22:58:58 +02:00
b8b3509c96
Re-add the ability to delete creds
2014-07-24 15:44:52 -05:00
18ce342e2a
Refactor a bit for readability
2014-07-24 15:42:36 -05:00
1a4e59e547
Add add-ssh-key subcommand
2014-07-23 17:09:02 -05:00
eee72a86ba
Fix the case when john cracks only half of LM
2014-07-23 15:25:32 -05:00
4f19a1defa
Add an origin type and actually honor realm
...
Also adds better help text
2014-07-22 19:52:10 -05:00
57839e0f4b
Fix some yardoc issues
2014-07-22 23:26:50 +02:00
b526fc50f8
Refactored jboss mixin and modules
...
Moved VERB option to the mixin. Replaced "if datastore['VERBOSE']"
by vprint_status().
2014-07-22 23:08:42 +02:00
1f007bf3c9
start adding new rpc calls
...
Signed-off-by: David Maloney <DMaloney@rapid7.com>
2014-07-22 15:46:27 -05:00
c1a0f707ef
typos
2014-07-22 22:29:01 +02:00
f546eae464
Modify encoders to allow back compatibility
2014-07-22 13:27:12 -05:00
073a8c5233
redirection returns an URI
2014-07-22 19:55:26 +02:00
a6479a77d6
Implented feedback from @jhart-r7
2014-07-22 19:49:58 +02:00
a642ce5e1c
Delete not necessary end keywords
2014-07-22 11:35:04 -05:00
b770745e9d
Split generic_sh in echo, perl and ifs encoders
2014-07-22 10:27:45 -05:00
baff003ecc
extracted check version to module
...
also added some wordpress specs and applied
rubocop
2014-07-22 17:02:35 +02:00
2013e28608
WIP: First stab at creds add-* subcommands
2014-07-22 02:05:55 -05:00
47d9a30af0
Add specs for Typo3 mixin
2014-07-21 17:39:07 -05:00
ae2cd63391
Refactored Jboss mixin
...
Moved TARGETURI option to the JBoss mixin. The mixin now includes
Msf::Exploit::Remote::HttpClient which provides USERNAME and PASSWORD
2014-07-21 23:41:58 +02:00
a62ee99d1d
Actually require NetAPI
2014-07-21 12:48:34 -05:00
5f0533677e
Cheat/Rubycop all the things
2014-07-20 21:07:59 +01:00
474ee81807
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-20 21:01:54 +01:00
8fe508207c
Merge Meatballs' gpp_again pull into new branch
2014-07-19 11:10:14 -05:00
ed1ed5d5a4
Merge pull request #117 from rapid7/feature/MSP-9943/db-import-creds
...
Deprecation warning exorcised, specs passing, export/import accuracy confirmed.
MSP-9943 #land
2014-07-18 11:56:59 -05:00
175d857611
Fix empty message and don't lie in yardoc
2014-07-18 11:36:31 -05:00
088f208c7c
Added auxiliary module jboss_bshdeployer
...
The module allows to deploy a WAR (a webshell for instance) using the
BSHDeployer.
Also refactored modules/exploits/multi/http/jboss_bshdeployer.rb to
use the new Mixin (lib/msf/http/jboss).
2014-07-18 11:51:46 +02:00
58adc350b5
Refactor: Creation of a JBoss mixin
...
The jboss_bsheployer as is does not allow to deploy a custom WAR file.
It is convenient when ports are blocked to be able to deploy a webshell
instead of just launching a payload. This will require a auxiliary
module which will use the JBoss mixin methods.
2014-07-18 00:56:32 +02:00
2dab69d67c
Use constant instead of hardcoded filename
2014-07-17 16:04:25 -05:00
7d1cd22aca
Quick and dirty import of cred zip
2014-07-17 15:59:16 -05:00
08cd2690f9
Merge branch 'bug/MSP-10724/fix-import-failure' into staging/electro-release MSP-10724 #land
2014-07-17 13:37:13 -05:00
e789d5350b
No idea why this didn't fail before
...
MSP-10724
2014-07-17 10:15:22 -05:00
bebf11c969
Resolves some Login::Status migration issues
...
MSP-10730
2014-07-16 21:52:08 -05:00
25f74b79b8
Land #3484 , bad pack/unpack specifier fix
2014-07-16 14:52:23 -05:00
7583ed4950
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-16 20:34:34 +01:00
52a29856b3
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-16 09:38:44 -05:00
6a1149c1ed
Add missing origin
...
MSP-9948
2014-07-15 13:27:08 -05:00
29bb788d96
Better login detection for wordpress
2014-07-15 07:04:14 +02:00
0966949203
Merge branch 'staging/electro-release' into feature/MSP-9948/update-db-import
...
Upstream merge
Conflicts:
Gemfile
Gemfile.lock
2014-07-14 17:59:54 -05:00
aca627489e
Pass workspace down in import of creds dump
...
MSP-9948
2014-07-14 16:40:41 -05:00
144c6aecba
Added WPTouch fileupload exploit
2014-07-14 21:35:18 +02:00
b05b2657bc
Now importing creds dumps inside msf zips
...
MSP-9948
2014-07-13 11:07:01 -05:00
79603c9a73
Land #3505 , a bunch o' Linux post module fixes
2014-07-11 12:39:31 -05:00
dbe9b47937
lands 3469, fixes handler deadlock in corner cases
...
May affect the following RM issues which need to be retested:
https://dev.metasploit.com/redmine/issues/8407
https://dev.metasploit.com/redmine/issues/4314
https://dev.metasploit.com/redmine/issues/6829
2014-07-10 16:20:33 -05:00
688c31cc44
Switch to a space. It gets eaten anyway.
2014-07-10 13:59:30 -05:00
5bb3c8a581
Make merged module descriptions more grammar.
2014-07-10 13:31:57 -05:00
5b1dc39caf
Filler task dropped, login results in task assoc
...
MSP-10683
* Task constraint now optional, so no need for filler
* Task ID now in service_data so it's passed to the core and the login
creation methods
2014-07-10 12:32:40 -05:00
3a41bd983e
changes 'module' back to 'script', makes more sense
2014-07-09 17:25:39 -05:00
a9e43c308e
removes lingering debug lines, changes word script to module
2014-07-09 17:05:35 -05:00
8bbaecc726
adds some additional protection against capilization issues
2014-07-09 16:46:28 -05:00
172bc450b3
adds TARGET to 'to_neuter' list
2014-07-09 16:46:28 -05:00
f4942eccd4
cleans up comments, line lengths, dup/clone
2014-07-09 16:46:28 -05:00
51db859432
uses exploit_type vs category, thx egypt
2014-07-09 16:46:28 -05:00
ee56828bf7
New updates to scriptable.rb for payload/target
...
Additional w00t for your pwning pleasure.
2014-07-09 16:46:27 -05:00
62785784c6
adds explicit TARGET setting
2014-07-09 16:46:27 -05:00
cf595d6a10
fixes alias_method call
2014-07-09 16:46:27 -05:00
13f5450e53
uses clone instead of dup
2014-07-09 16:46:27 -05:00
bb13590f02
first shot at letting scriptable.rb handle local exploits
2014-07-09 16:46:27 -05:00
c957d0a1e7
adds category to msf/core/module.rb
2014-07-09 16:46:27 -05:00
a27c1d7dcc
Importing old export, making new models
...
MSP-9948
2014-07-08 19:14:26 -05:00
c19deddfb1
Delete debug messages
2014-07-08 16:24:45 -05:00
c25c5f6806
Make linux gather post modules compatible with meterpreter
2014-07-08 16:23:57 -05:00
79054fae20
Remove credentials exportation from XML
...
MSP-9948
2014-07-08 12:03:32 -05:00
8436adb5f8
Make XML export work with new backend
...
MSP-9948
* XML data looks ok in spot check
2014-07-08 09:40:15 -05:00
a513f403ba
fixing bugs
2014-07-08 10:58:48 +02:00
6e0bc763ff
formating
2014-07-08 10:46:16 +02:00
34dcb609e2
android extension
2014-07-08 04:52:06 +02:00
aeda74f394
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-07 16:41:23 -05:00
1d7de8fef9
Mid-work commit
...
MSP-9848
2014-07-07 15:44:29 -05:00
ab7848a895
Merge master for testing of #2809
2014-07-06 22:27:58 -05:00
43d65cc93a
Merge branch 'master' into feature/recog
...
Resolves conflicts:
Gemfile
data/js/detect/os.js
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
c1fc68e1b1
Replace to_pwdump internals
...
MSP-9948
2014-07-03 15:41:26 -05:00
405de05e4b
Add specs for module_flavors
2014-07-03 10:31:39 -05:00
d93bf55435
Add a module_flavors method for all available flavors
2014-07-03 11:01:21 -04:00
2da890810a
Make db_import use Metasploit Credential
...
MSP-9948
* Special-case the pwdump file to be IO
* Had to use lotsa shims
2014-06-30 13:32:59 -05:00
84c0504b1b
MSI sections actually need to be signed after all
2014-06-30 13:08:28 -05:00
cf9c3caea3
Get the latest
...
Merge branch 'staging/electro-release' into feature/MSP-9848/db-export-refactor
2014-06-30 11:14:11 -05:00
c9b6c05eab
Fix improper use of host-endian or signed pack/unpack
...
Note that there are some cases of host-endian left, these
are intentional because they operate on host-local memory
or services.
When in doubt, please use:
```
ri pack
```
2014-06-30 02:50:10 -05:00
255e792ed3
Fix host-endian related pack errors. See below for details.
...
Ruby treats endianess in pack operators in the opposite way
of python. For example, using pack('<I') actually ignores the
endianess specifier. These need to be 'I<' or better yet, 'V'.
The endian specify must occur after the pack specifier and
multiple instances in meterpreter and exe generation were
broken in thier usage.
The summary:
Instead of I/L or I< use V
Instead of I/L or I> use N
For Q, you need to always use Q< (LE) or Q> (BE)
For c/s/l/i and other lowercase variants, you probably dont
need or want a *signed* value, so stick with vV nN and cC.
2014-06-30 02:46:36 -05:00
ea077b2f12
Improve the guess_flavor logic to pull from module info
2014-06-27 08:34:57 -04:00
952c935730
Use a semi-intelligent OptEnum for CMDSTAGER::FLAVOR
2014-06-27 08:34:57 -04:00
219153c887
Raise NotImplementedError and let :flavor be guessed
2014-06-27 08:34:56 -04:00
dcd0e77f9e
Change #compatible? method name because it's used by Module
2014-06-27 08:34:56 -04:00
31acc4a528
Fix #compatible? method
2014-06-27 08:34:56 -04:00
ddd1dd5155
The check for required decoder hasn't a lot of sense
2014-06-27 08:34:56 -04:00
9c6a521b94
Fix select_decoder
2014-06-27 08:34:56 -04:00
dad2c75592
Initialize opts arguments
2014-06-27 08:34:56 -04:00
381dea94d0
Fix typo
2014-06-27 08:34:56 -04:00
cbc1bd9966
Redesign constants
2014-06-27 08:34:56 -04:00
160147b370
Make some methods not dependant of the instance flavor
2014-06-27 08:34:56 -04:00
45248dcdec
Add YARD documentation for methods
2014-06-27 08:34:56 -04:00
68938e3d7a
Add select_cmdstager
2014-06-27 08:34:56 -04:00
35d035fa4e
Add YARD docu for execute_cmdstager
2014-06-27 08:34:56 -04:00
William Vu
jvazquez-r7
sinn3r
James Lee
Tod Beardsley
Christian Mehlmauer
Joe Vennix
HD Moore
Meatballs
Ramon de C Valle
Jon Hart
Luke Imhoff
Josh Abraham
agix
David Maloney
Kurt Grutzmacher
Samuel Huckins
Joshua Smith
Brandon Turner
OJ
Vincent Herbulot
joev
Iquaba
Spencer McIntyre
b00stfr3ak
Tom Sellers
Trevor Rosen
Trevor Rosen
AnwarMohamed
scriptjunkie
Kyle Gray
linuxchuck