a030179577
Bump version of framework to 4.11.8
2016-01-15 15:17:13 -08:00
59660dd6d0
Land #6465 , remove unneeded meterpreter extension post-installation copies
2016-01-15 17:04:14 -06:00
e7e63d92be
Land #6467 : fix missing requires in payloads
...
Fixes #6460
2016-01-15 07:42:14 +10:00
e1be57d658
Land #6458 , Backport net-ssh AES CTR ciphers
2016-01-14 14:44:49 -06:00
544b681981
Land #6451 , Backport net-ssh Diffie-Hellman Group Exchange SHA-256 key exchange
2016-01-14 14:43:52 -06:00
28cf943bcb
Fix a couple of missing requires in payloads.
...
This pops up occasionally. This fixes a couple of anecdotal reports of missing
requires that cause the loader to fail, depending on the directory sort order.
It also fixes the problem as reported in #6460
2016-01-14 13:17:26 -06:00
8479d01029
Land #6450 , add TLS support to MSSQL
2016-01-14 12:17:40 -06:00
37178cda06
Land #6449 , properly handle HttpServer resource collisions
2016-01-14 12:15:18 -06:00
a7869975d8
Remove useless variable
2016-01-14 10:04:23 -06:00
1f61eb50be
Sort methods
2016-01-14 09:09:29 -06:00
18fe9bd96f
Merge branch 'upstream/master' into default-xor
2016-01-13 10:05:59 +10:00
f7ce0dfedf
remove the merge extension intialiser
...
this initialiser conflicts with the gemfication
of framework and causes permissions issues
MS-972
2016-01-12 14:08:54 -06:00
c76389629a
receive startActivity result
2016-01-12 07:49:37 +00:00
f48e4363f5
activity_start
2016-01-12 07:22:55 +00:00
4ab58caa93
Fix the help option for vulns command
2016-01-11 22:19:44 +01:00
8102fc2af2
add support for ECDH SHA2 NIST key exchanges
2016-01-10 18:01:49 +00:00
96b6eb6b06
remove extraneous comma
2016-01-10 17:13:15 +00:00
b7e3d97935
remove extra spacing
2016-01-10 17:12:41 +00:00
b3e42c3611
add missing coding preamble
2016-01-10 17:10:23 +00:00
8f72166f66
add missing coding preamble
2016-01-10 17:08:58 +00:00
9ff5ffd1ac
fix erroneous comment
2016-01-09 17:56:11 +00:00
888be6133c
KEx availability depends on OpenSSL support
2016-01-09 13:45:23 +00:00
3a5805faaf
add CTR mode to support the new ciphers
2016-01-08 01:43:21 +00:00
5a710e4969
add aes128-ctr encryption algorithm
2016-01-08 01:15:17 +00:00
f82e32372e
add aes192-ctr encryption algorithm
2016-01-08 01:14:09 +00:00
3dc822588f
add aes256-ctr encryption algorithm
2016-01-08 01:12:27 +00:00
77cd28c136
add dh group exchange sha256 kex to net-ssh lib
2016-01-08 00:58:48 +00:00
192505fe2d
killing threads and closing sockets more elegantly
2016-01-07 17:57:32 -06:00
dea4f35b0e
Bump to 4.11.7
2016-01-07 15:56:59 -08:00
5266860cec
Squashed more commits back into 1
2016-01-07 17:53:49 -06:00
675100946b
Initial SSL working OK
2016-01-07 17:53:48 -06:00
6a2b4c2530
Fix #6445 , Unexpected HttpServer terminations
...
Fix #6445
Problem:
When an HttpServer instance is trying to register a resource that
is already taken, it causes all HttpServers to terminate, which
is not a desired behavior.
Root Cause:
It appears the Msf::Exploit::Remote::TcpServer#stop_service method
is causing the problem. When the service is being detected as an
HttpServer, the #stop method used actually causes all servers to
stop, not just for a specific one. This stopping route was
introduced in 04772c8946
2016-01-07 16:55:41 -06:00
e38ff7079a
changing the require to start at metasploit_credentials
2016-01-07 15:49:49 -06:00
210f065427
Add a background option for the echo cmdstager.
2016-01-07 01:16:08 -06:00
eb0b66a4cf
Land #6390 , report exceptions on bind/listen failure
2016-01-06 21:44:06 -06:00
7f9b804060
Land #6410 , remove JtR binaries, update for independent framework releases
2016-01-06 14:16:49 -06:00
6e65d1d871
Land #6411 , chinese caidao asp/aspx/php backdoor bruteforce
2016-01-06 12:03:17 -06:00
480913cb32
Add rspec
2016-01-06 01:41:13 -06:00
c3158497c0
rebuild / add check_setup / send_request
2016-01-05 15:10:26 +08:00
2dd59a932b
Clean up some warnings
2016-01-04 16:02:43 -06:00
05d8f9d186
Make sure addr is not nil
...
See http://ruby-doc.org/stdlib-2.2.2/libdoc/socket/rdoc/Socket/Ifaddr.html#method-i-addr
Which says:
Returns the address of *ifaddr*. nil is returned if address is not
available in *ifaddr*.
I ran into this with a teql interface, but who knows what else might
trigger it.
2016-01-04 15:58:03 -06:00
44ece87480
Merge branch 'master' into framework-as-a-gem
2016-01-04 09:04:32 -06:00
00f1511b46
Use the right op for the data checksum.
2016-01-03 01:48:25 -06:00
00dc6364b5
Add support for native target in addjsif exploit.
2016-01-03 01:07:36 -06:00
849857a418
Fix spacing issues in message.rb.
2016-01-02 22:57:26 -06:00
6668dbec41
Remove stray binding.pry.
2016-01-02 22:50:06 -06:00
dcd36b74db
Last mile polish and tweaks.
2016-01-02 22:41:38 -06:00
6575f4fe4a
Use the cmdstager mixin.
2016-01-02 14:09:56 -06:00
9c85c5d4fe
Add newline.
2016-01-02 01:17:28 -06:00
a88471dc8d
Add ADB client and module for obtaining shell.
2016-01-02 01:13:53 -06:00
370351ca88
chinese caidao asp/aspx/php backdoor bruteforce
2015-12-31 15:17:01 +08:00
bcd1a6d45e
make JSON key format a little more standard, emit options
2015-12-30 16:00:09 -06:00
2a0ae144df
Fixup rubocop warnings for cleanup purposes
2015-12-30 14:33:02 -06:00
bb857e7a33
Add new line after json output for cleaner usability
2015-12-30 14:32:31 -06:00
8090bbc750
Changes to support framework as a gem
2015-12-30 11:00:45 -06:00
3f98511d7c
Cleanup logic to force an output type
2015-12-29 15:11:16 -06:00
29ea553e03
Adding a json formatting option to the info command
2015-12-29 13:57:35 -06:00
e23b5c5435
Land #6179 , add NTP initial crypto nak spoofing module
2015-12-24 15:46:18 -06:00
eec6a6f905
Land #6304 , simplify Meterpreter livelness checks
2015-12-24 15:42:17 -06:00
beb2fa9f92
Use bind_addresses rather than bind_address; fixes #6394
2015-12-24 09:20:21 -08:00
efdb6a8885
Land #6392 , @wchen-r7's 'def peer' cleanup, fixing #6362
2015-12-24 08:53:32 -08:00
9c410e02e3
Merge branch 'master' into land-6111-android
2015-12-24 10:13:25 -06:00
5d0e868fd6
facebook.orca fixes
2015-12-24 12:21:08 +00:00
69b65e7d39
fix error handling
2015-12-24 09:13:56 +00:00
17ad41070b
Land #6380 , allow linux x86 meterpreter in the pref list
2015-12-23 16:10:26 -06:00
e4f9594646
Land #6331 , ensure generic payloads raise correct exceptions on failure
2015-12-23 15:43:12 -06:00
cea3bc27b9
Fix #6362 , avoid overriding def peer repeatedly
...
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
a16a10aaf6
Fix #6371 , being able to report an exception in #job_run_proc
...
Fix #6371
When a browser fails to bind (probably due to an invalid port or
server IP), the module actually fails to report this exception from
exception, the method calls exploit.handle_exception(e). But since
handle_exception is not a valid method for that object, it is unable
to do so, and as a result the module fails to properly terminate
the module, or show any error on the console. For the user, this will
make it look like the module has started, the payload listener is up,
but there is no exploit job.
Rex::BindFailed actually isn't the only error that could be raised
by #job_run_proc. As far as I can tell registering the same resource
again could, too. With this patch, the user should be able to see this
error too.
Since the exploit object does not have access to the methods in
Msf::Simple::Exploit, plus there is no other code using
handle_exception and setup_fail_detail_from_exception, I decided
to move these to lib/msf/core/exploit.rb so they are actually
callable.
2015-12-22 16:35:29 -06:00
84675e352b
Land #6249 , check for nil when using read_exactly_n_bytes
2015-12-22 15:48:39 -06:00
3f4c6eb370
Land #5383 , allow tunneling reverse_tcp meterpreter sessions without 'route add'
2015-12-22 15:42:42 -06:00
f6eaff5d96
use the new and shiny joomla mixin
2015-12-22 21:36:42 +01:00
d2a9aa18d8
fix sillyness
2015-12-22 16:06:01 +00:00
eeea4bde9d
integrate ./msfvenom -x for android payloads
2015-12-22 15:58:27 +00:00
662a6dfd53
¯\_(ツ)_/¯
2015-12-22 14:49:00 +00:00
d2cc32a389
integrate apk_backdoor with msfvenom
2015-12-22 14:49:00 +00:00
fa390358a2
Add linux/x86/meterpreter/reverse_tcp to the preference list
...
linux/x86/meterpreter/reverse_tcp was not added to the preference
list, because at the time it was reliable. For example: it would
crash while running a post module. This is not the case anymore,
so it looks like linux/x86/meterpreter/reverse_tcp is ready to
serve.
2015-12-21 23:09:54 -06:00
2cc54a7a43
Make joomla.xml go first
...
Reason is here:
https://github.com/rapid7/metasploit-framework/pull/6373#issuecomment-166446092
2015-12-21 22:59:13 -06:00
17b67b8f1b
Add trailing /
2015-12-19 17:18:34 -06:00
5ff02956c9
Lower joomla.xml
2015-12-19 13:46:13 -06:00
0fda963601
Have multiple paths to find the generator tag
2015-12-19 13:45:41 -06:00
6dada5f20f
add another we can check
...
administrator/manifests/files/joomla.xml
2015-12-19 12:06:06 -06:00
7d8ecf2341
Add Joomla mixin
2015-12-18 21:14:04 -06:00
b78f7b4d55
Land #6319 , @all3g's module for abusing redis to achieve file uploads
2015-12-14 18:00:44 -08:00
6611da9239
strip, not stripgit diff. strip! returns nil if the string was unmodified
2015-12-11 19:22:57 -08:00
dcdc21e2db
Correct unbalanced quotes
...
You down with OCD (Yeah you know me).
2015-12-11 18:44:14 -08:00
e23908d672
Improve verbose output related to authentication handling
2015-12-11 18:32:00 -08:00
1a0f71b6fa
Try to catch case where post-auth commands are failing
2015-12-11 17:23:03 -08:00
9cec3d9e6b
Move redis password option to non-advanced
2015-12-11 17:03:49 -08:00
1fecd9846c
Bury some helper methods behind private
2015-12-11 10:13:13 -08:00
9ef46140c0
Improve output when success
2015-12-11 10:10:44 -08:00
32a64c3d8e
Make auth easier, work automatically and on older redis versions
...
Also, improve check
2015-12-11 10:04:47 -08:00
ac47c87af4
Move Password option to redis mixin
2015-12-11 08:53:11 -08:00
38d0b0a0f2
Wire in @all3g's redis auth code
2015-12-11 08:42:59 -08:00
4858ae63bd
Thread class name for debugger has changed, so add new name
...
MSP-13484
2015-12-10 21:47:22 -06:00
555e52e416
Document the redis upload process more
2015-12-10 09:35:46 -08:00
00f72b279b
Cleaner printing when in verbose
2015-12-10 09:12:54 -08:00
21ab4e96e5
First pass at redis mixin
2015-12-10 08:29:59 -08:00
07ef09e0b6
Avoid Msf::Module::Platform
...
We don't know how to generate an exe payload if the platform is
Msf::Module::Platform, so don't use it.
2015-12-08 21:40:30 -06:00
9e52663705
Doc
...
Fix #6330
2015-12-08 21:24:39 -06:00
11c1eb6c78
Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails
...
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
2015-12-08 21:13:23 -06:00
5b27d3a99c
This looks right
2015-12-08 20:42:35 -06:00
cea8c40432
Fix generate_payload_exe for generic payload support
...
Platform can be seen from different sources:
1. From the opts argument. For example: When you are using
generate_payload_exe, and you want to set a specific platform.
This is the most explicit. So we check first.
2. From the metadata of a payload module. Normally, a payload module
should include the platform information, with the exception of
some generic payloads. For example: generic/shell_reverse_tcp.
This is the most trusted source.
3. From the exploit module's target.
4. From the exploit module's metadata.
Architecture shares the same load order.
2015-12-08 20:26:07 -06:00
39da306b1d
Land #6057 , @danilbaz's module for dumping Bitlocker master key (FVEK)
2015-12-08 18:16:39 -08:00
080ec26afb
Land #4489 , Update SMB admin modules to use Scanner & fixes
2015-12-08 14:49:26 -06:00
c747ffc05a
Implement support for TLV packet XORing, and RECV removal
2015-12-08 16:37:10 +10:00
ef217c4b6d
Land #6315 , Support migrating to processes by process name
2015-12-07 23:53:06 -06:00
db788d1b7c
Land #6238 , CmdStager BOURNE_{PATH,FILE} options
2015-12-07 12:34:42 -06:00
06836d9b8a
Better handling of invalid process name/IDs
2015-12-04 14:25:57 -08:00
14b1b3a1f0
Land #6299 , Stageless HTTP(S) Python Meterpreter
2015-12-04 16:16:54 -06:00
3ecac615a2
Support migrating to processes by process name
...
Fixes #6313
2015-12-04 13:33:01 -08:00
340fe5640f
Land #6255 , @wchen-r7's module for Atlassian HipChat JIRA plugin
2015-12-03 20:01:06 -06:00
0bcac5e73b
Use concat instead of assignment on java proxy classes encoding
...
* fixes bug in java serialization encoding proxy class
2015-12-03 17:31:13 -06:00
aa9969c81a
Add more normalization to temporary directory
2015-12-03 11:37:02 -06:00
762fdbed40
Simplify meterpreter liveness check
2015-12-03 09:16:18 -06:00
6fa2269764
PacketResponseWaiter - improve yardoc coverage
2015-12-03 09:16:17 -06:00
d7aeabbb71
Land #6293 , listener bind_port fix
2015-12-02 13:16:23 -06:00
58cf9f4fcd
Land #6301 for sure, @busterb's REALLY wants to delete go_pro :)
2015-12-02 09:38:40 -06:00
545e8a2ea0
Land #6301 , @busterb removes the go_pro command
2015-12-02 09:28:08 -06:00
98b3919e94
Remove .bin from default behaviour
2015-12-02 09:58:11 +00:00
15dd18dc4b
use single quotes, remove explicit nil
2015-12-02 09:36:07 +00:00
6d3c4868a3
Land #6286 , bind port display in jobs
2015-12-02 02:21:14 -06:00
098c573f82
Land #6291 , DisablePayloadHandler Boolean fix
...
Nice call with Regexp#===, @wchen-r7. :)
2015-12-02 02:17:59 -06:00
fbeaeb2877
remove more unneeded machinery for go_pro
2015-12-01 22:32:50 -06:00
6ab2919c40
remove go_pro command
2015-12-01 15:29:21 -06:00
388edd3207
Fix the scheme for the pymet ProxyHandler
2015-11-30 13:45:24 -05:00
fba9715a56
Add stageless python meterpreter http & https payloads
2015-11-28 17:41:55 -05:00
070a156925
-Recovrey +Recovery
2015-11-27 13:58:19 +01:00
0c8eb6fb37
Display ReverseListenerBindPort if it is set
...
ReverseListenerBindPort overrides LPORT if it is used. The `listener_uri`
method should use the output `bind_port` to account for this.
2015-11-27 09:16:20 +00:00
c888726a1a
Fix #6287 , check DisablePayloadHandler value in exploit.rb
...
It looks active_module datastore options are always strings. They
are actually different than what the module uses (normalized), so
we have to always have to check it.
2015-11-26 18:30:31 -06:00
e5119e6446
use payload_uri's result to derive lhost / lport
2015-11-26 15:21:51 -06:00
216119c05c
unfold override lhost/lport logic
2015-11-26 15:15:21 -06:00
1b495e73ac
Further reduce python reverse_http duplicate code
2015-11-26 14:31:00 -05:00
bd25ffa48c
Consolidate py reverse http uri code into a mixin
2015-11-26 13:32:50 -05:00
f4d35116bd
land #6288 , fix regression using non-default port with reverse_http
2015-11-26 11:04:24 -06:00
eb57163db6
Land #6285 , excellent new sound plugin scheme
2015-11-26 10:41:02 -06:00
d9655fc882
Use LPORT if opts[:lport] is undefined
...
`nil.to_i` returns 0 which will short circuit the || resulting in port 0
being used. nil should be checked for prior to casting to int.
2015-11-26 16:08:22 +00:00
87507e19a9
Change job view to show bind port if applicable
2015-11-26 16:18:00 +10:00
776455d10a
Add another sound and event
...
Add sound: "We've got a shell"
Add event on_session_fail
2015-11-25 22:46:51 -06:00
a7a89adfac
Land #6264 , meterpreter per-extension init string support, update payloads to 1.0.17
...
This brings in the following changes:
Changes to support maven 3.3+
Don't fall back to 0.0.0.0
Remove all debug builds from the Windows projects
Add show_mount, ps_list, and some core tweaks
Refactor TLV layout, add more debug output, token stealing
Add incognito binding, code tidies
Update packaged libs
Add transport list binding
Add transport add command to python binding
Update python core lib archive
change source perms back to non-executable
First pass of stageless initialisation script
Finalise stageless initialisation scripts
add BOOT_COMPLETED receiver that starts the Payload
Improve the implementation of the getuid command
Switch to Utils.runCommand per timwr's suggestion
Updated init script method
also bumps msgpack 0.7.1, which fixes a failure packing messages > 256k
2015-11-25 22:27:27 -06:00
8923252de7
Land #6259 , NoMethodError in vim_soap.rb fix
...
We haven't been able to get the XML data that would cause the error, all we have is a backtrace. So "verification" is purely code reading. Thanks @wchen-r7
Fixes #6085
Merge remote-tracking branch 'origin/pr/6259'
2015-11-24 17:33:35 -06:00
b1abfe898d
Update wordpress_xmlrpc_login
...
Replace the wordpress_xmlrpc_login code with
wordpress_xmlrpc_massive_bruteforce.rb, which should run a lot
faster.
2015-11-24 16:30:34 -06:00
bd9ebeea53
Land #5851 , meterpreter dispatcher queue
2015-11-24 15:32:15 -06:00
7ad8adf67f
Land #6240 , change default SMBDomain to '.'
2015-11-24 12:58:46 -06:00
5303079ba4
Land #6262 , local exploit add not implemented error
2015-11-23 14:23:13 -06:00
5654b6b2e2
Land #6227 , reverse_hop_http updates and HTTPS unification
2015-11-23 06:29:15 -06:00
25f2241aa3
Land #6246 , show the user errors from create_session
2015-11-23 06:01:08 -06:00
353cad2cc6
Update to match active & github account merge
2015-11-22 13:38:26 -06:00
b9e176cd77
Fix up cell result parsing
2015-11-21 11:15:00 -06:00
c03ff13377
Don't wait if the response has already been set
...
Fixes a race condition which could leave the waiter sitting indefinitely
if notify() is called before wait().
2015-11-21 14:21:42 +00:00
12b24fecee
Return true/false if a waiter was/wasn't notified
...
The method is used as follows:
if notify_response_waiter(response)
# Proceed as if a waiter was notified
end
Previously the return value would be `nil` whenever the loop broke early
due to a waiter being found. This meant that the dispatcher thread often
believed that a packet was not being handled. As a result the
backlog == incomplete sleep kicked in unnecessarily.
2015-11-21 14:20:51 +00:00
Metasploit
Brent Cook
OJ
James Lee
David Maloney
Tim
Manuel Mancera
Christopher Moore
Louis Sato
Jonathan Harms
wchen-r7
darkbushido
joev
nixawk
Chris Doughty
Jon Hart
Christian Mehlmauer
Luke Imhoff
William Vu
jvazquez-r7
Sonny Gonzalez
Rory McNamara
Spencer McIntyre
BAZIN-HSC
Jon Cave
Kyle Gray
HD Moore