9c7f97d124
Fix methods name schema
2015-08-28 13:26:52 -05:00
6a75ad0162
Fix yard documentation
2015-08-28 13:23:30 -05:00
be7db10e7d
Fix busybox_write_file
2015-08-28 13:15:07 -05:00
50f7d99674
Clean get_writable_directory
2015-08-28 13:02:10 -05:00
c4a3b4f18e
Add busy_box_file_exist?
2015-08-28 11:56:12 -05:00
8faf6f9cd0
Fix require
2015-08-28 11:51:26 -05:00
9db65ea8e5
Change module filename
2015-08-28 11:48:55 -05:00
0a95a1543f
Add spaces
2015-08-28 11:47:50 -05:00
a2d5511e39
Land #5379 , new post modules to load into powershell sessions
2015-08-26 17:11:40 -05:00
b14889ad5c
Small typo fix
2015-08-26 17:09:33 -05:00
3f994e964d
Change method name and update rspec
2015-08-25 23:23:26 -05:00
7ff828d000
Land #5573 , console and session log timestamps
2015-08-25 15:35:25 -05:00
3412f31f85
Add Android POST API
2015-08-24 18:37:25 -05:00
ec7a07e0bb
Move DLL prefix calculation to its own method
2015-08-24 14:05:24 -05:00
3c90ae1ebd
Use mov instead of lea for 64-bit absolute addrs
2015-08-24 13:51:54 -05:00
ed1065b297
Create MatchResult with status Failure on session failure
...
MSP-13104
2015-08-24 12:56:32 -05:00
b37efd29b0
Modified module busybox_pingnet.rb to avoid sending an ash script but executing each ping command separately. Added some fixes. Modified spec file for busybox.rb.
2015-08-23 12:17:17 +02:00
b99f5bc672
Land #5874 , Consistency and API conformance changes to LES
2015-08-22 21:57:24 -05:00
d264802ce0
Consistency and API conformance changes to LES
2015-08-21 12:38:58 -05:00
0bb9324c8d
Pass HTTP::version_random_valid and HTTP::version_random_invalid
...
Fixes #5871
2015-08-20 10:05:42 -07:00
870e9f448e
Added PacketStorm (PKT) in References Display
2015-08-20 00:36:27 -03:00
21c349494f
Fix default buffer_register for x64
2015-08-19 19:01:35 -05:00
d71467f9e7
Allow x64 registers for buffer_register
2015-08-19 17:06:29 -05:00
bf39f53066
Add proper CreateThread stub for x64
2015-08-19 16:16:58 -05:00
68a802b980
Merge pull request #5834 from gmikeska-r7/bug/MSP-13064/SVV-validations-not-created
...
Bug/msp 13064/svv validations not created
2015-08-19 12:47:59 -05:00
f1ec92aba0
Land #5749 , http large file download fixes
2015-08-18 15:57:31 -05:00
56db3f2f87
Added YARD comments for busybox mixin.
2015-08-18 21:15:02 +02:00
0aa958dac0
Allow unserialization on hosts v5
2015-08-17 13:47:52 -05:00
a9ad7b7c6f
Modifications to use cmd_exec instead of session.shell_write.
...
Refactoring of common functions to a new Post mixin /lib/msf/core/post/linux/busybox.rb.
2015-08-17 18:24:22 +02:00
bf631869a7
Land #5835 , allow overriding stage2 lhost and lport values
2015-08-16 11:22:13 -05:00
92958bdf8b
prefer && to 'and' for consistent order-of-operations
2015-08-16 11:21:22 -05:00
ad149a1aec
Land #5819 , update stage_payload call arguments
2015-08-16 11:17:28 -05:00
5dd015150c
Land #5748 , refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter
2015-08-16 10:58:17 -05:00
875ac289e0
wait up to time_out seconds for output from the command
2015-08-15 19:44:48 -05:00
c257f8945b
Don't use now-removed files
2015-08-13 11:51:39 -07:00
92d0e212d9
Update Auxiliary::UDPScanner to collect all responses by default
2015-08-13 11:30:20 -07:00
61e23ad23e
Switch back to ::Net::DNS::Packet.new
2015-08-13 11:29:56 -07:00
3a7cea51b4
Merge master and fix Net::DNS::RR merge conflicts
2015-08-13 08:53:25 -07:00
6e75db090f
Fix comment
2015-08-12 21:11:48 -05:00
e9203060b0
Allow the hostname and port to be overridden, necessary for complex NAT setups
2015-08-12 16:20:14 -05:00
790356bac8
add infer_vuln_from_session to other valid case
...
MSP-13065
2015-08-12 15:45:37 -05:00
01b3ae2dd8
Revert "added infer_vuln_from_session to other valid case"
...
This reverts commit 53e747ce2e
2015-08-12 15:43:16 -05:00
53e747ce2e
added infer_vuln_from_session to other valid case
...
MSP-13064
2015-08-12 15:35:03 -05:00
e141d1451c
Fix calls to stage_payload
2015-08-10 09:33:38 +10:00
ef33f36bda
Remove untrusted il
2015-08-01 23:20:00 +01:00
2d9bc64457
Fix WMIC Post Library for SYSTEM
...
SYSTEM doesn't have a proper clipboard?
2015-08-01 23:11:09 +01:00
5bcb63476d
Add high integrity level check
2015-08-01 23:10:51 +01:00
fcb7981199
Add BIND TKEY DoS
2015-08-01 06:01:35 -05:00
629afd86fc
Land #5788 , local exploit suggestor
...
Good luck getting Mr. Robot, Elliot.
2015-07-31 11:43:53 -05:00
a112ccd023
Lnad #5660 , @wchen-r7's warbird check
...
* Fixes #4380
2015-07-31 10:25:43 -05:00
08338b73b2
Add get_target_arch and get_target_os
...
We cannot use session.platform to fingerprint the target's platform
and arch, because it's not really meant to be used that way.
2015-07-30 18:26:41 -05:00
61b2ca6675
Land #5781 , Msf::Format::Webarchive rename
2015-07-29 13:38:42 -05:00
5ff46a5dbd
Fix indentation
2015-07-29 11:45:49 -05:00
bf96b34108
Tweak module->class
2015-07-28 04:13:35 -07:00
7681d73e01
Relocate Webarchive into the Exploit namespace, fixes #5717
2015-07-28 04:11:17 -07:00
768de00214
Automatically pass arch & platform from cmdstager
...
This allows the cmdstager mixin to automatically pass the arch
and platform information without changing the modules. This should
address the following tickets:
Fix #5727
Fix #5718
Fix #5761
2015-07-27 14:17:21 -05:00
eb70ecb448
Land #5752 , synchronize calls to payload.stop_handler
2015-07-24 17:49:54 -05:00
347f48b0ec
Land #5762 , adjust PHP stager to work in and outside of eval()
2015-07-24 17:43:26 -05:00
c30127cfe8
Land #5729 , add user-agent list, MeterpreterUserAgent derives from this
...
Later PRs will convert modules to use this. A random user agent might be nice
for meterpreter actually.
2015-07-24 17:39:30 -05:00
18636e3b9b
Land #5739 , @wchen-r7 fixes #5738 updating L/URI HOST/PORT options
2015-07-24 15:45:31 -05:00
1f95491b45
Drop bang method and tweak formatting
2015-07-24 10:35:47 -05:00
6720a57659
Fix #5761 , pass the correct arch and platform for exe generation
...
Fix #5761
2015-07-23 01:34:44 -05:00
0929d7695a
Fix PHP stagers
2015-07-23 14:50:04 +10:00
121fe1adda
Land #5654 : Python Meterpreter Transport
2015-07-22 10:39:06 +10:00
a59fa059dc
Fix #5675 Synchronize access to stop_handler
2015-07-20 16:09:13 -05:00
035c0a8a38
Fix #5078 by improving actual_timeout calculation
2015-07-20 11:27:48 -05:00
1a9664fcba
Delete default option
2015-07-20 09:54:51 -05:00
da445a52aa
Update URIHOST and URIPORT
2015-07-16 14:27:46 -05:00
1fdbcc71c1
Support URIHOST and URIPORT for exploit URI generation
2015-07-16 14:10:49 -05:00
7f05403ae0
Added certutil cmdstager
2015-07-16 13:20:05 +07:00
886ca47dfb
Land #5650 , @wchen-r7's browser autopwn 2
2015-07-15 10:21:44 -05:00
b6e25506d0
Add a common user agent list, use the shortest for Meterpreter
2015-07-15 13:03:47 +10:00
4f8f640189
Rename autopwnv2 to just autopwn2
2015-07-14 17:38:51 -05:00
709676e6cc
Make exploits quiet
2015-07-14 17:00:44 -05:00
219d0032fa
Do print_good to make this important stand up more
2015-07-14 15:36:35 -05:00
1992a5648d
Make up our damn mind
2015-07-14 15:09:23 -05:00
d64f4be691
Check if URIPORT is 0
2015-07-14 14:45:10 -05:00
5e63b5f93e
Can't use cli
2015-07-14 14:37:45 -05:00
cf714fe4aa
Change port logic too
2015-07-14 14:19:00 -05:00
61d49f29e8
Check nil for SRVHOST option
2015-07-14 14:16:49 -05:00
8efb4df8af
Change the HOST IP logic again
2015-07-14 14:15:32 -05:00
9980e8f285
Change SRVHOST vs URIHOST vs Rex again
2015-07-14 14:06:33 -05:00
f76fe07872
Fix SRVHOST
2015-07-14 13:49:28 -05:00
9be030bbff
Fix nil in executable generation
2015-07-14 18:47:33 +00:00
9dddb13d0b
Slow down on killing exploits
...
Jobs aren't thread safe, so we kind of have to take it easy.
2015-07-14 13:10:57 -05:00
2264efac15
Reduce output
2015-07-14 12:22:38 -05:00
100d3c8d46
A number of small fixes for BAPv2
...
* Use module.register_parent() to pass WORKSPACE and other fields
* Prevent partial resource matching in URIs
* Make disclosure_date sorting resilient
2015-07-14 11:40:28 -05:00
60444c208b
Land #5658 , MSF version includes git hash now
2015-07-14 09:21:25 -05:00
0582e7e3ca
Return nil instead of "null"
...
A scenario is when FF disables Flash, BES returns "null", and when
modules try to use Gem::Version, the "null" is considered a malformed
data and it won't be able to continue.
2015-07-14 01:25:41 -05:00
8384be6466
Fix rand_text_alpha and bump max exploit count to 21
2015-07-14 01:02:01 -05:00
d6565a9aee
Merge branch 'bes_flash' into bapv2_flash_test
2015-07-14 00:34:54 -05:00
8fb6bedd94
Delete as3 detecotr
2015-07-13 18:23:39 -05:00
8928c5529c
Fix Javascript code
2015-07-13 17:43:04 -05:00
244d9bae64
Add max timeout
2015-07-13 16:52:25 -05:00
9116460cb0
Add prototype with AS3
2015-07-13 16:33:55 -05:00
07d05828d0
Land #5688 , remove msfcli
2015-07-13 15:27:38 -05:00
93f154b395
Land #5695 , SMTPDeliver STARTTLS unspecific SSL
2015-07-13 18:54:41 +00:00
0a5119a4ac
Land #5702 , vprint_* optional parameter
2015-07-13 18:47:22 +00:00
884b779b36
Land #5593 , CVE-2015-1155 Safari file:// Redirection Sandbox Escape
2015-07-13 11:28:39 -05:00
e638d85f30
Merge branch 'upstream-master' into bapv2
2015-07-12 02:01:09 -05:00
8d40d30d47
Comemnt
2015-07-11 23:24:01 -05:00
88357857a0
These datastore options don't need to set anymore
2015-07-11 23:22:05 -05:00
a4dc409c12
Add empty default vprint value
2015-07-11 19:38:27 +01:00
8349a274ea
use and include git hash of Framework as part of the version
...
Because we do not always update the version number, multiple releases have
shown version string, which is not useful for helping debug issues, or for
knowing what features are enabled.
This adds the git hash or reads from a file a copy of the git hash (useful for
doing packaged builds without git) so that it is clear the origin of a
particular metasploit-framework version.
2015-07-10 18:03:37 -05:00
89aa00cfc4
Check job workspace
2015-07-10 13:09:42 -05:00
086de2c030
Pass more options
2015-07-10 12:39:43 -05:00
513dcf3574
We don't need these methods anymore
2015-07-10 12:12:53 -05:00
493971245a
switch nsock locally to TLS - don't assume self.sock is set
2015-07-10 12:10:53 -05:00
3495d317b5
Do not lock SMTP STARTTLS to only use SSLv3
...
SSLv3 has been deprecated for some time, and is being actively disabled more
and more (http://disablessl3.com , https://tools.ietf.org/html/rfc7568 ).
To maintain forward compatibility, do not specify a maximum version
and insteady use the default from the local OpenSSL library instead. Fallbacks
to older versions will happen on handshake as needed.
2015-07-10 11:17:31 -05:00
51f59b3c8c
Re-add URI generation to reverse_http
2015-07-10 16:21:55 +10:00
f59c99e2ff
Remove msfcli, please use msfconsole -x instead
...
msfcli is no longer supported, please use msfconsole.
Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
21e44f235e
Example of doing Flash detection with Flash
2015-07-08 13:18:57 -05:00
0b59e63084
keep advanced options on the fat side of the conditional
2015-07-07 22:44:34 -05:00
23abc288c8
Resolved conflicts with master
2015-07-07 22:34:30 -05:00
fdb715c9dd
Merge branch 'upstream-master' into bapv2
2015-07-07 13:45:39 -05:00
dc0ce88279
We're note actually using Mubex, it might be causing a crash too
...
A problem we are seeing is that sometimes when BAP terminates
(ie: jobs -K), we hit a deadlock while jobs are trying to cleanup,
and sometimes that might cause msfconsole to crash and terminate.
We suspect this Mubex is a contributing factor but it has been hard
to prove because it's very hard to reproduce the crash.
2015-07-07 00:32:20 -05:00
4a70e23f9a
Add ExploitReloadTimeout datastore option
...
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
0a4c6fb92f
Merge branch 'master' of github.com:rapid7/metasploit-framework
2015-07-06 14:24:52 -05:00
c68064ba36
Lands #5671 , re-integrates SMB fdleak/timeout settings
2015-07-06 14:23:59 -05:00
366d42a0d8
Land #5609 , Fuzzer.rb and file_info.rb YARD doc update
2015-07-06 14:12:55 -05:00
25bdf7a50a
Land #5427 , check payload compatability for set payload fix
2015-07-06 12:56:21 -05:00
3595a23673
Restore #3738
2015-07-06 11:22:22 -05:00
2a89e248d7
Pymet fix send uuid logic for Python 3.x
2015-07-06 11:20:34 -04:00
3150549634
Experimental output show/hide for BAPv2
2015-07-05 19:07:10 -05:00
d2063c92e1
Refactor datastore names to match standards
2015-07-05 18:21:45 -05:00
60a896f58b
Adjust extension timeout.
2015-07-05 16:48:25 -05:00
b577f79845
Fix some bugs in the safari file navigation module.
2015-07-05 16:46:18 -05:00
aaaf6807ed
Minor indentation/space fixes
2015-07-05 09:18:27 +10:00
3c7298ba80
Fix additional copy-pasta cases of #5662
2015-07-04 12:38:04 -05:00
fb2da00bfd
Fix #5662 by not generating a small uri by default
2015-07-04 09:27:18 -07:00
29d45e3b18
Pymet patch in timeout info on generate_stage
2015-07-03 14:12:29 -04:00
2b0f6e723d
Explain the byte sequence
2015-07-03 11:12:59 -05:00
5c582b76ca
Resolves #4380 , check for warbird template
...
Resolves #4380 . Adds a check for warbird (license verification)
windows template. For reference please see:
http://thisissecurity.net/2014/10/15/warbird-operation/
2015-07-03 02:38:52 -05:00
7858d63036
Typo
2015-07-02 15:34:44 -05:00
43d47ad83e
Port BAPv2 to Auxiliary
2015-07-02 15:29:24 -05:00
6e31b9ef53
Initialize and rename the BES mutex
2015-07-02 15:11:03 -05:00
c5c7de0091
Rework browser profiles, get back to functional mode
2015-07-02 14:58:43 -05:00
c0969d4497
Fix module.uuid references
2015-07-02 13:45:38 -05:00
0e7f610836
Finish browser profile rework in BES
2015-07-02 12:58:21 -05:00
b9a8308138
Replace BAP profiles with a framework-instance hash
2015-07-02 12:53:24 -05:00
87e6325737
Revert BAPv2 changes to framework/libraries/handlers
2015-07-02 12:10:21 -05:00
0af397217c
Merge pymet transport feature into fresh branch
2015-07-02 08:43:13 -04:00
8051a99f4a
Merge branch 'upstream-master' into bapv2
2015-07-01 18:45:42 -05:00
a5ad56754f
Use full namespace for PACKET_TYPE_RESPONSE
2015-07-02 08:03:39 +10:00
e7271e3c04
Call the Meterpreter methods directly vs pollute the namespace
2015-07-01 16:04:54 -05:00
399b3d2810
Land #5629 , moar cmd_exec refactoring
2015-07-01 00:36:19 -05:00
e99d63687f
Land #5608 , android and java meterpreter transport and sleep support
...
This also includes stageless Windows meterpreter fixes for process migration.
2015-07-01 00:23:36 -05:00
a2721323be
Handle failure better for first recv
2015-07-01 14:02:40 +10:00
9c2cd34e92
Fix payload required space, remove WOW64 code from x64
2015-07-01 13:39:05 +10:00
a44c31052b
reverse_tcp x64 stager reliability fixes
...
Also includes a slight tweak to x86
2015-07-01 12:43:41 +10:00
cf8bbbfa3d
reverse_tcp 32 bit stager resiliency
2015-07-01 11:03:08 +10:00
7aeb9e555b
Change ranking and support CAMPAIGN_ID
2015-06-29 12:13:46 -05:00
02cd2a9cd9
Fix #3951 Update Windows::Registry to use cmd_exec
2015-06-29 12:07:37 -05:00
834c0e594a
Update multi modules
2015-06-29 11:36:28 -05:00
7742d85f2f
I guess that's fine
2015-06-27 20:58:19 -05:00
6136269ace
No can't do this
2015-06-27 13:53:29 -05:00
5c039ccfd7
Even faster
2015-06-27 13:51:21 -05:00
9bd920b169
Merge branch 'upstream-master' into bapv2
2015-06-27 12:19:55 -05:00
88e58cbdc5
Better performance
2015-06-27 12:19:07 -05:00
007da4af41
Force :init_connect for stageless
2015-06-27 18:21:15 +10:00
79185e91c6
Refactor the pymet to use transport objects
2015-06-26 14:56:31 -04:00
b46e1be22f
Land #5371 , Add file checking to the on_new_session cleanup
2015-06-26 13:33:57 -05:00
0c608e2a4c
Change doc for boolean args
2015-06-26 12:01:53 -05:00
1d9caeffc0
Update documentation for fuzzer.rb and file_info.rb
...
See #5599
2015-06-26 11:22:30 -05:00
f6ae1f4223
Merge branch 'upstream/master' into android-java-transport-refactor
2015-06-26 14:12:56 +10:00
a773979992
Java config wiring, tweak to include block counts
...
This commit adjusts the way that the config block is set for java and
android because behind the scenes the stageless connect-backs need to
know what to discard. as a result of connecting back to staged listeners
we need to be able to discard a number of bytes/blocks before we can
continue process (at least in the case of TCP).
2015-06-26 13:59:09 +10:00
15f9fc5d8f
Land #5599 , YARD for fuzzer.rb
2015-06-25 14:37:55 -05:00
31c35715fc
YARD Documentation for file_info.rb
2015-06-25 11:08:35 -05:00
98156ec944
Add user agent to the transport config
...
Why this was missing I will never know :)
2015-06-25 14:51:06 +10:00
d9b6e46685
Merge branch 'upstream/master' into android-java-transport-refactor
2015-06-25 09:50:42 +10:00
e0c52730a0
YARD Documentation for Fuzzer.rb
2015-06-24 13:38:11 -05:00
a8c20496be
Remove unused code from the java http stager
2015-06-24 22:37:40 +10:00
c305348a3b
Fix the mixin to work in the exploit again.
2015-06-24 02:19:09 -05:00
8b6fba4988
Tweak and fix some things in Safari file URL module.
2015-06-24 02:08:06 -05:00
e796e56c6c
Modify the staging process
2015-06-24 13:22:33 +10:00
18a9585f7a
Add safari module for CVE-2015-1155
2015-06-23 16:15:50 -05:00
4e3a2b2b35
Upstream merge
2015-06-23 14:11:28 -05:00
e696d2f3dc
Merge branch 'master' into land-5348-ntds
2015-06-22 17:18:13 -05:00
d53067b0b7
Fix ctype handling for body-less pages
...
#5515
2015-06-22 14:17:29 -05:00
a5469fd906
Remove redundant methods
2015-06-19 21:28:47 +01:00
ef57afbfcf
Explain about performance problems
2015-06-19 13:35:14 -05:00
9da99a8265
Merge branch 'upstream-master' into bapv2
2015-06-19 11:36:27 -05:00
ce9481d2b7
Inconstancy - If datastore['VERBOSE'] vs vprint
2015-06-18 09:27:01 +01:00
e549580ad2
Linux doesn't like the uppercase
2015-06-18 00:40:47 -05:00
5fa864b097
done with rspec
2015-06-17 16:23:39 -05:00
3410782fe9
Capitalized 'Accepted'
2015-06-16 19:42:32 +01:00
8d640a0c8f
Land #5527 , multi/handler -> exploit/multi/handler
2015-06-15 10:23:26 -05:00
b3754d750f
Compression on a pre-script does not work in this context. Removed the elsif part of this code
2015-06-14 22:46:42 +01:00
d9c046449d
Fix comparison of string to Fixnum
2015-06-14 16:55:46 -04:00
6d5e0b93d3
Use random id generator appropriately
...
Powershell::Script includes a random generator (@rig) which can
produce non repeating randomized identifiers to be used as var
names within the PSH code.
Unwrap script handling in powershell env stager to instantate a
method-local Powershell::Script object and access its :rig to
generate identifiers.
2015-06-14 14:53:51 -04:00
ab6f3a7373
Fix #5531 , the ```stage_payload``` method does not take arguments.
2015-06-13 18:26:56 -05:00
6dcc9b7dab
More inconsistencies
2015-06-12 21:59:15 +01:00
6eb25743e3
Merge branch 'upstream-master' into bapv2
2015-06-09 10:10:00 -05:00
07d1282afb
Correct file naming for better Ruby coding style
2015-06-08 12:17:49 -05:00
2a474c8375
Merge branch 'master' into feature/MSP-12358/ntds-dump-module
2015-06-08 11:42:03 -05:00
1f11cd5470
Lands #5446 , support for 64-bit native powershell payloads
2015-06-07 14:16:19 -05:00
20b605e7cb
Remove duplicate exec
2015-06-07 18:11:11 +01:00
a46510465d
Fix older Windows payloads to not require UUID
...
Default Windows payload to not include_send_uuid for compatibility.
2015-06-07 02:58:31 -04:00
4b6dcbb9d9
remove junk method
2015-06-05 22:03:56 -05:00
7ca15f1ae1
Update select_payload doc
2015-06-05 21:06:20 -05:00
jvazquez-r7
HD Moore
wchen-r7
Mo Sadek
James Lee
Fernando Arias
jvicente
Jon Hart
Roberto Soares
Dev Mohanty
Brent Cook
Greg Mikeska
OJ
Meatballs
William Vu
xistence
Samuel Huckins
g0tmi1k
Spencer McIntyre
joev
Tod Beardsley
Trevor Rosen
benpturner
RageLtMan
David Maloney