infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
22,825 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

2559 Commits (43be99f31b1d828623ac5c284bda3428a7853286)

Author SHA1 Message Date
William Vu 8d4d7dae50 Restore comment header and remove carriage returns 2013-11-11 12:16:14 -06:00
sinn3r d483f2ad79
Land #2618 - rm shebangs 2013-11-11 11:55:23 -06:00
Jonathan 36064ca886 remove EOL carriage return from socks4a.rb 2013-11-11 12:47:41 -05:00
OJ 6a25ba18be Move kitrap0d exploit from getsystem to local exploit 
This version modifies the existing meterpreter session and bumps the privs
up to SYSTEM. However it's not how local exploits are supposed to work.
More work will be done to make this create a new session with the elevated
privs instead.
 2013-11-11 17:14:40 +10:00
Jonathan 26482f9ebd reset head~2 and removed shebang from unattend.rb 2013-11-09 15:05:56 -05:00
Tod Beardsley cc9ac7695d
Land #2592, add getproxy 
Needed for new functionality in #2612
 2013-11-08 13:20:20 -06:00
Jonathan 575072585f removed shebangs from files within rex 2013-11-07 18:51:59 -05:00
scriptjunkie 7615264b17 Merge branch 'lanattacks_fix' of git://github.com/OJ/metasploit-framework into OJ-lanattacks_fix 2013-11-07 10:35:00 -06:00
sinn3r 991240a87e Support java version detection 2013-11-07 00:54:52 -06:00
OJ 1dacf7e57e Last lot of shebangs removed 2013-11-07 07:35:51 +10:00
OJ 6422e1d6e8 Remove shebang, code tidy, as per @jlee-r7's gripes 2013-11-07 07:32:04 +10:00
OJ 7dcb071f11 Remote shebang and fix pxexeploit 2013-11-06 07:10:25 +10:00
sinn3r 5f2d8358c0 Be more browser specific with Javascript generation 2013-11-05 01:04:52 -06:00
OJ d1e008387a Stop auto preview, code clean 
Removed the auto preview of captured images from the clipboard.

Removed parens from calls to print_line.
 2013-11-05 07:15:31 +10:00
OJ f62247e731 Fix comments, indenting and pxexploit module 
Updated the comments and indentation so they're not blatantly wrong.

Adjusted the pxexploit module so that it doesn't break any more as
a result of the refactoring.
 2013-11-05 06:35:50 +10:00
OJ ff78082004 Refactor lanattacks ruby code, add command dispatcher 
The lanattacks module didn't seem to have a command dispatcher, and
hence loading the module would always result in a failure. This
commit fixes this problem.

The commit contains a bit of a refactor of the lanattacks code to be
a little more modular. It also has a shiny new dispatcher which breaks
the DHCP and TFTP functionality up into separate areas.
 2013-11-04 17:37:42 +10:00
joev bccbed2757 Rename :use_xhr_shim to :inject_xhr_shim. 2013-11-02 16:52:04 -05:00
joev 90d8da6a21 Fix some bugs in my edits, add a spec. 2013-11-02 16:46:33 -05:00
joev c7c1fcfa98 Pull shared XHR shim out, add option to static Js module method. 
* Moves shim to data/js/network/xhr_shim.js
* Add some yardoc comments
 2013-11-02 14:52:50 -05:00
OJ d658fa46b4 Updated help, removed binaries 2013-11-02 23:10:16 +10:00
OJ 67fbeacbf0 Add support for optional image downloading 
Without -d, `CF_DIB` types will just show image dimensions. Running
with -d will result in the image being looted.
 2013-11-02 23:07:13 +10:00
sinn3r 6e7e5a0ff9 Put postInfo() in the js directory 2013-10-31 13:55:22 -05:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib 
It wasn't just cmdstager_printf.rb. :/
 2013-10-30 19:51:25 -05:00
OJ 2fbac9b129 Add `getproxy` command 
This command pulls out system proxy details on windows machines.
 2013-10-30 18:40:51 +10:00
OJ 1f6c320bb3
Tidy up of extapi code, new bins 
* Rename methods to remove redundancy.
* Update bins to freshly compiled version.
* Use the Rex Table functionality instead of custom look.
* Use the `usage` feature of the Arguments class for help.
 2013-10-29 21:22:05 +10:00
OJ 606411de81 Fix mimikatz error when password is nil 
In some cases the password value that comes out of mimikatz results
is `nil`, instead of an empty string. This fixes this so that if
the string is `nil` is falls back to an empty string, resulting in
the call to `gsub` working instead of failing.
 2013-10-29 15:13:32 +10:00
Tod Beardsley b5f26455a3
Land #2545, javascript library overhaul 2013-10-23 16:12:49 -05:00
sinn3r ee95ca5e2b
Land #2158 - Fix NoMethodError undefined method `split' for nil:NilClass 2013-10-22 16:01:27 -05:00
sinn3r e1c4aef805
Land #1789 - Windows SSO Post Module 2013-10-22 15:48:15 -05:00
sinn3r afcce8a511 Merge osdetect and addonsdetect 2013-10-22 01:11:11 -05:00
sinn3r 19615ac4b7 Apparently I missed a lot of stuff 2013-10-21 21:02:01 -05:00
sinn3r fcba529ea5 Update coding format 2013-10-21 20:54:25 -05:00
sinn3r ea56c4914c Need this file 2013-10-21 20:17:38 -05:00
sinn3r 9a3e719233 Rework the naming style 2013-10-21 20:16:37 -05:00
OJ cf65f59a28 Retry shell without thread impersonation 
In certain scenarios on Windows XP there are times when creating a
shell fails with the error `ERROR_PRIVILEGE_NOT_HELD`. When this
happens the user will usuall fallback to a non-impersonated shell
via the command: `execute -f cmd.exe -H -i -c`

This patch catches the error, warns the use of the failure and then retries
to create the interactive shell without the `-t` flag.
 2013-10-21 15:29:19 +10:00
OJ 4e90394c7f
Add support for CF_DIB clipboard formats 
Image data copied to the clipboard, such as a screenshot, is converted to a JPEG using GDI+, and downloaded to the local loot folder.

This feature doesn't work with W2K as a result, but that doesn't really bother me. The code is simpler and much smaller as a result and doesn't require the inclusion of the jpeg library code.
 2013-10-21 00:05:42 +10:00
sinn3r 2d24824e78 Use data_directory instead of install_root 2013-10-19 17:55:03 -05:00
sinn3r 8a94df7dcd Change category name for base64 2013-10-18 21:20:16 -05:00
sinn3r 62dadc80d3 Make sure the data type for the return value is a string 2013-10-18 21:08:46 -05:00
sinn3r 298f23c91c Fix extra slashes that cause browser autopwn to fail. 2013-10-18 20:43:39 -05:00
Tod Beardsley ffcb86eba2
Land #2541, Outpost24 importer 
Sample data is currently secret. If we get a hold of non-secret sample
data, it'll be tacked on to the Redmine bug referenced below.

[FixRM #8384]
 2013-10-18 13:21:58 -05:00
Tod Beardsley f6675f3120
Reordered case statements 2013-10-18 13:21:28 -05:00
sinn3r 8579cb8322 Use obfuscation 2013-10-18 13:06:19 -05:00
William Vu 93ff9ec501 Create methods for start_element for readability 2013-10-18 12:20:43 -05:00
William Vu ff69e9fd05 Move product info code to a better location 2013-10-18 12:07:34 -05:00
sinn3r 3af38b9602 I bet "../" will drive people crazy, avoid that. 2013-10-18 11:56:03 -05:00
William Vu e6cccedad0 Append vuln info to vuln description 2013-10-18 11:31:54 -05:00
sinn3r b0d614bc6a Cleaning up requires 2013-10-18 01:47:27 -05:00
sinn3r c926fa710b Move all exploitation-related JavaScript to their new home 2013-10-17 16:43:29 -05:00
William Vu 12151650e4 Add product info to hosts and services :) 2013-10-17 16:18:27 -05:00
William Vu 06c7943f54 Import hostnames without breaking everything 2013-10-17 15:31:48 -05:00
William Vu 920e406526 Import CVE refs and db.emit all the things 2013-10-17 14:29:54 -05:00
OJ d4d4839dc2
Add size (bytes) of the files on the clipboard 
Output of the `clipboard_get_data` call now includes the size
of each file in bytes.
 2013-10-16 22:54:55 +10:00
OJ afc5e282a9
Add CF_HDROP file support to the clipboard 
`clipboard_get_data` has been changed so that raw text is supported and file listings are supported.

If files are on the clipboard, those files and folders are listed when this command is run. To download the files, pass in the `-d` option.
 2013-10-16 17:46:22 +10:00
sinn3r 0081e186f7 Make sure i var is local 2013-10-15 23:59:23 -05:00
William Vu ad8af02021 Add my wonderfully simplistic Outpost24 parser 2013-10-15 16:34:46 -05:00
sinn3r 4c91f2e0f5 Add detection code MS Office 
Add detection code for MS Office XP, 2003, 2007, 2010, and 2012.

[SeeRM #8413]
 2013-10-15 16:27:23 -05:00
sinn3r 41ab4739e3
Land #2520 - Add detection for FF 22 - 24 2013-10-15 15:17:43 -05:00
OJ 414a814d5d
Add the start of clipboard support 
This commit adds support for getting text-based information from the
victim's clipboard and for setting text-based data to the victim's
clipboard. Early days, with much wiggle room left for extra fun
functionality.
 2013-10-15 23:57:33 +10:00
OJ ea89b5e880
Add support for child window enumeration 
Children of windows can now be enumerated via the -p parameter, which
specifies the handle of the parent window to enumerate.

There is also a -u parameter which includes unknown/untitled windows
in the result set.
 2013-10-15 18:02:27 +10:00
joev 711fac08b7 Don't throw exception if createElement is missing. 2013-10-14 14:15:13 -05:00
joev 183940308b Add another nil check, just to be safe. 2013-10-14 13:55:54 -05:00
joev 20a145f1e7 Check for prop in prototype, not constructor. 2013-10-14 13:51:45 -05:00
joev 488ed5bd4a Add new feature detection logic for FF 23 and 24. 2013-10-14 13:41:26 -05:00
Meatballs cad717a186
Use NDR 32bit syntax. 
Compatible with both x86 and x64 systems.
Tidy up the module...
 2013-10-12 18:52:45 +01:00
Tod Beardsley 876d4e0aa8
Land #1420, WDS scanner 2013-10-11 16:53:25 -05:00
OJ b99af52279 Improve extapi ruby structure, add bins 
The extapi project will get bigger over time so this change allows for the code to get
bigger without becoming a headache before it starts.

Added binaries to this commit as well.
 2013-10-11 09:52:23 +10:00
Tod Beardsley 85112e8704
Land #2413, axe callcc 
This is the only time callcc is used in the entire codebase, too, so
this apparently removes a roadblack to non-MRI Rubies, so that's nice.
 2013-10-10 14:55:55 -05:00
Meatballs 378f403fab
Land #2453, Add stdapi_net_resolve_host(s) to Python Meterpreter. 
Moves resolve_host post module to multi and depreciates Windows module.
Resolve will now return nil for failed lookups instead of an empty
string.
 2013-10-10 20:13:06 +01:00
OJ cbaeebeff7 Add service_query to ext_server_extapi 
Once the user has queried the list of services they can now use the
`service_query` function to get more detail about a specific service.
 2013-10-11 01:02:51 +10:00
OJ 23340e9df0 Add service_enum to the ext_server_extapi extension 
This commit adds the ability to enumerate services on the target machine,
showing the PID, the service name, the display name and an indication of
the service's ability to interact with the desktop.

Some other small code tidies were done too.
 2013-10-10 21:23:23 +10:00
kernelsmith adbcace9dd
Land #2458, OJ's Meterpreter railgun multi call fix 
also [FixRM #8269]
 2013-10-10 00:38:44 -05:00
Spencer McIntyre 6c382c8eb7 Return nil on error, and move the module to post/multi. 2013-10-09 16:52:53 -04:00
OJ 47801c17b3 MSF started to the extended API with window enum 
Decided to kick off a new extended API extension with mubix and
kernelsmith to include some more advanced enumeration stuff. The goal of
this extension is to take stuff that wouldn't be part of the std api but
is rather useful for enumeration of a target once meterpreter has been
established.

This commit kicks things off with enumeration of top level windows on the
current desktop.
 2013-10-09 22:25:43 +10:00
Markus Wulftange e895a17722 Add 'no quotes' option for CmdStagerPrintf 
Exploit developers can use the ':noquotes => true' option to avoid
single quotes surrounding the octal escapes argument.
 2013-10-08 21:04:28 +02:00
jvazquez-r7 2593c06e7c
Land #2412, @mwulftange's printf cmd stager 2013-10-08 09:08:29 -05:00
Markus Wulftange 6f7d513f6e Another clean up and simplification of CmdStagerPrintf 2013-10-08 07:22:09 +02:00
Markus Wulftange 836ff24998 Clean and fix CmdStagerPrintf 
Clean up of the CmdStagerPrintf as discussed in mwulftange#1
 2013-10-05 10:39:55 +02:00
sinn3r 77cbb7cd19 Update function documentation 2013-10-04 15:18:27 -05:00
sinn3r 29d1c75d1c Update RopDb mixin to allow dynamic payload size for neg 
This adds a new key to allow a "safe" integer value to NEG. "Safe"
means the value does not have any null bytes after the NEG instruction,
which is typically used to calculate the payload size.
 2013-10-03 23:09:23 -05:00
OJ 21afa9defe Meterpreter railgun multi call fix 
Modifications accommodate changes in the multi-call railgun code that
were made to Meterpreter.

This also includes a fix for Redmine 8269, so the Windows constants
now work correctly with the multi-calls.
 2013-10-04 12:04:18 +10:00
jvazquez-r7 758fd02619 Windows 7 SP1 and newer fail when forcing IPv6 sockets 2013-10-02 09:45:51 -05:00
OJ 82162ef486 Add error message support to railgun 
This code was lost in the transition when the meterpreter source was
removed from the metasploit-framework source. I'm pulling this in by
request of @dmaloney-r7 who originally requested this code be inculded
as part of https://github.com/rapid7/metasploit-framework/pull/740

I added an extra bit of code to free up memory that is allocated by the
call to FormatMessage and forced the ASCII-version (FormatMessageA) of
the call.

This PR is the MSF side of https://github.com/rapid7/meterpreter/pull/26
 2013-10-01 17:23:08 +10:00
Tod Beardsley 7cc2ad55a6
Land #1770, unattend.xml snarfing modules 2013-09-27 16:04:38 -05:00
Tod Beardsley 63d638888d Get rid of interior tabs 2013-09-27 16:04:03 -05:00
Tod Beardsley d869b1bb70 Unless, unless everywhere. 2013-09-27 15:55:57 -05:00
Tab Assassin c94e8a616f Retabbed to catch new bad tabs 2013-09-27 13:34:13 -05:00
Tod Beardsley 869c10af04
Land #2396, aspx-exe shellcode generator 
Looks good to me, specs are all happy (also added a #to_h spec)
 2013-09-27 11:42:16 -05:00
Joshua J. Drake d04c47d2b7 Remove comment since it was addressed in 4500d09c2f 2013-09-26 19:47:54 -05:00
Tod Beardsley 701410f608
Land #2414, portfwd teardown and recreate 
[FixRM #8240]
 2013-09-25 17:40:47 -05:00
Tod Beardsley 1a515093cb Idiomatic Ruby 
Assuming this gets accepted, this should [FixRM #8240]. Take a look, and
if you're good with it, I'll land on master. Everything seems to work
out on this end.
 2013-09-25 17:26:00 -05:00
jvazquez-r7 9cc446ae2a Get cookies with empty values 2013-09-25 14:31:34 -05:00
jvazquez-r7 58d4096e0f Resolv conflicts on #2267 2013-09-25 13:06:14 -05:00
joev 99e46d2cdb Merge branch 'master' into cve-2013-4660_js_yaml_code_exec 
Conflicts:
	modules/exploits/multi/handler.rb
 2013-09-25 00:32:56 -05:00
Meatballs f1e563d375 Merge branch 'master' of github.com:rapid7/metasploit-framework into enum_ad_perf 2013-09-24 19:08:52 +01:00
OJ 0038bb90b1 Remove unncessary counter var 2013-09-24 13:35:29 +10:00
OJ b91e344815 Add code to recreate the forwards after migration 
* Feels like a bit of a hack job, but it works.
 2013-09-24 13:27:58 +10:00
James Lee 487f68f4d2 Get rid of callcc 
[SeeRM 8407]
 2013-09-23 19:36:26 -05:00
FireFart 7c4708b1df -) Fix get_cookies to return multiple cookies. Before it only returned the first cookie 
-) Bugfix
 2013-09-23 23:59:45 +02:00
Tod Beardsley e885ab45b6
Land #1734 Metasploit side for ip resolv 2013-09-23 16:18:40 -05:00
Markus Wulftange 10252ca6f4 Just Rex::Text.to_octal is probably better 2013-09-23 23:03:38 +02:00
Markus Wulftange 9353929945 Add CmdStagerPrintf 2013-09-23 22:02:29 +02:00
sinn3r b6c7116890 Land #1778 - Mimikatz Fix for table.print and x86 warning 2013-09-20 16:13:53 -05:00
Tod Beardsley e9e1b28ba8
Land #2371, echo -e cmd stager 2013-09-19 14:47:39 -05:00
Meatballs 11bdf5d332 New pull 2013-09-19 19:57:38 +01:00
Meatballs 72155f8e9e Comment update 2013-09-19 19:46:05 +01:00
OJ 598e85a8d9 Fix for dangling port forwards 
Code tears down the port forwards prior to migrating so that we don't end up with dangling connections that don't work.
 2013-09-19 19:27:54 +10:00
Tod Beardsley f4e2e0ac11 Clear report_data on each host report 2013-09-18 17:11:22 -05:00
jvazquez-r7 dd7010d272 Fix @todb-r7 feedback 2013-09-17 20:54:19 -05:00
Tod Beardsley dae8847c4d
Land #2374, more complete 32/64 migrate fix 
[FixRM #8395]
 2013-09-17 14:52:04 -05:00
James Lee 21055f6856 Add x86 to meterpreter's binary suffix 
This makes x86 more consistent with x64.

Also replaces a bunch of instances of:
  File.join(Msf::Config.install_root, 'data', ...)
with the simpler
  File.join(Msf::Config.data_directory, ...)

[See rapid7/meterpreter#19]
 2013-09-16 21:52:04 -05:00
Joe Vennix d954d64f69 Add NODEJS arch constants. 2013-09-16 21:33:44 -05:00
Joe Vennix 217449a836 Ensures termination of inner while loop and cleans up #map. 
* Tested working against ubuntu target using the sshexec test script.
 2013-09-16 20:42:20 -05:00
jvazquez-r7 edec022957 Use shellwords, as recommended by @jvennix-r7 2013-09-16 16:35:45 -05:00
James Lee d6954e9ce7 Fix migrate from 32- to 64-bit processes 
In some cases, it was possible to end up in a situation where the x64
reflective library hadn't been loaded by the time a user typed migrate.
If the target process was 64-bit, msfconsole would error out with a
NoMethodError and much sadness would ensue.

[See #2356]
 2013-09-16 16:04:50 -05:00
jvazquez-r7 a5049df320 Add echo CmdStager 2013-09-16 11:35:05 -05:00
HD Moore 72dff03426 FixRM #8396 change all lib use of regex to 8-bit pattern 2013-09-12 16:58:49 -05:00
Tab Assassin 8bc83f4922 Retab changes for PR #1420 2013-09-05 16:21:26 -05:00
Tab Assassin d6a7ce5328 Merge for retab 2013-09-05 16:21:13 -05:00
Tab Assassin b3b8cee870 Retab changes for PR #1473 2013-09-05 16:19:05 -05:00
Tab Assassin 0ba4e1da65 Merge for retab 2013-09-05 16:18:56 -05:00
Tab Assassin 3c1df47314 Retab changes for PR #1681 2013-09-05 16:10:40 -05:00
Tab Assassin a231e85293 Merge for retab 2013-09-05 16:10:28 -05:00
Tab Assassin 2e9096d427 Retab changes for PR #1734 2013-09-05 14:59:41 -05:00
Tab Assassin 322ed35bb4 Merge for retab 2013-09-05 14:59:34 -05:00
Tab Assassin 2846a5d680 Retab changes for PR #1770 2013-09-05 14:57:40 -05:00
Tab Assassin 269c1a26cb Merge for retab 2013-09-05 14:57:32 -05:00
Tab Assassin 701513a212 Retab changes for PR #1778 2013-09-05 14:56:35 -05:00
Tab Assassin 3788bab8e5 Merge for retab 2013-09-05 14:56:30 -05:00
Tab Assassin 26b8364dcb Retab changes for PR #1789 2013-09-05 14:44:21 -05:00
Tab Assassin 789be1fe3e Merge for retab 2013-09-05 14:44:14 -05:00
Tab Assassin 81479a6ade Retab changes for PR #2093 2013-09-05 14:31:10 -05:00
Tab Assassin 8a76b3390d Merge for retab 2013-09-05 14:31:05 -05:00
Tab Assassin daed98931e Retab changes for PR #2158 2013-09-05 14:19:55 -05:00
Tab Assassin 27fd54092a Merge for retab 2013-09-05 14:19:49 -05:00
Tab Assassin 7e5e0f7fc8 Retab lib 2013-08-30 16:28:33 -05:00
Meatballs 1ea3d91f48 Lands #2244 Python Meterpreter 
[Closes #2244]
 2013-08-30 14:33:35 +01:00
Meatballs 526e504531 More fix 2013-08-25 12:21:37 +01:00
Meatballs d45d37bc38 Really fix... 2013-08-25 00:18:50 +01:00
Meatballs 83da0b3a57 Correct fname 2013-08-25 00:17:26 +01:00
Meatballs 19e47d5e82 Really fix war 2013-08-25 00:06:31 +01:00
Meatballs b4b59aa065 Add guards against empty payloads 2013-08-24 11:59:59 +01:00
Meatballs 09ceeb5de2 Fix war generation 2013-08-23 20:06:57 +01:00
Meatballs 41b1b30438 vba transform 2013-08-23 18:00:19 +01:00
Meatballs 7370fc3f4e vbs transform 2013-08-23 16:26:03 +01:00
Meatballs 5040347521 Fix psh and add powershell transform 2013-08-23 15:59:19 +01:00
Spencer McIntyre e276b57ee7 Merge remote-tracking branch 'upstream/master' into python-meterpreter-dev 2013-08-19 08:37:12 -04:00
James Lee ed00b8c19e Ensure checksum* methods return a Fixnum 
Fixes a bug in reverse_http* stagers where requests for the root URI
(i.e., "/") cause a NoMethodError on nil returned by checksum8.

[See #2216]
 2013-08-14 14:09:37 -05:00
James Lee 3827b14103 Land #1726, ssl verify mode 
Conflicts:
	lib/rex/socket/parameters.rb
Fix doc strings
 2013-08-12 17:57:10 -05:00
Meatballs 08c32c250f File versions 2013-08-08 19:42:14 +01:00