David Maloney
ad264cb031
remove dead variable
...
dead variable left in a method from
a previous code iteration. removed
2014-04-30 13:30:09 -05:00
David Maloney
90882f803b
use base mixin in scanners
...
refactor the LoginScanner classes to use the
new Base mixin. Still some more cleanup to be done
2014-04-30 13:29:14 -05:00
David Maloney
7978587428
add lgoinscanner base mixin
...
start moving common behaviour for
all LoginScanners into a mixin
2014-04-30 13:11:48 -05:00
David Maloney
f61ede7fd2
fix merge wonkiness
2014-04-30 10:23:20 -05:00
David Maloney
e5276d111d
Merge branch 'staging/electro_release' into feature/login_scanner/snmp
...
Conflicts:
lib/metasploit/framework/login_scanner/result.rb
2014-04-30 10:21:35 -05:00
James Lee
e8e5a7f72b
Add initial stab at LoginScanner::HTTP
2014-04-30 00:55:45 -05:00
Rob Fuller
c3fb5bf614
fix a few clarical errors and typos
2014-04-29 22:42:26 -04:00
James Lee
4bd2dabfcd
Land #3121 , new kiwi extension, with compiled bins
...
See also rapid7/meterpreter#79
2014-04-29 17:53:37 -05:00
nstarke
ace9e797e1
Adding count-based print message
...
This commit removes the creation of a separate, timed
thread for printing out status messages to the user
in the case of large PASS_FILEs. This adjustment eliminates
the overheard of context switching associated with
spinning off separate threads, as well as the dangers
associated with the Thread#kill method.
2014-04-29 22:10:08 +00:00
Lance Sanchez
ddee401e27
Merge branch 'feature/MSP-9684/sshkey_loginscanner' into staging/electro_release
...
MSP-9684 #land
2014-04-29 15:21:56 -05:00
David Maloney
5c24eab526
add snmp specific behaviour
...
add the snmp specific attempt_login behaviour
to gear this login scanner to the right protocol.
2014-04-29 14:08:30 -05:00
David Maloney
f1105ebe48
basic template copypasta
...
copy the ssh scanner as a template to
start the SNMP scanner from
2014-04-29 10:14:23 -05:00
David Maloney
00b9c99c89
fix class documentation copypasta
2014-04-29 10:13:11 -05:00
David Maloney
08b2974454
fix class documentation
2014-04-29 10:12:26 -05:00
jvazquez-r7
2b4006089b
Land #3298 , @wvu-r7's fix for db_import and its spec
2014-04-28 17:29:52 -05:00
nstarke
eb98ea2d31
Large pass_file hangs login modules
...
SeeRM #8704
When running a *_login module that contains a large PASS_FILE
the module appears to hang while it is creating the combinations over
such a large dataset. The solution proposed in the Redmine task
requested that the user be alerted with some sort of progress feedback
if the process takes an excessive amount of time.
I have added a message that logs to the console that contains the
number of pairs left to be constructed before the module will continue.
The verbiage is fairly arbitrary and should probably be updated to
something that might be more descriptive. Likewise, the sleep
interval may need to be adjusted.
2014-04-28 21:45:14 +00:00
sinn3r
8a4c7b22ed
Land #3296 - Refactors firefox js usage into a mixin
2014-04-28 15:22:55 -05:00
Samuel Huckins
7fad215f3e
Merge branch 'bug/9582-metasploit-imports-and-tasks' into upstream-master
...
Land #3299
2014-04-28 10:47:23 -05:00
William Vu
696eee1ada
Add Outpost24 to db_import help
2014-04-25 14:27:44 -05:00
David Maloney
0fcfb9d655
add proxies to ssh scanner
...
allow the SSH LoginScanner
to accept a proxy directive
2014-04-25 14:22:21 -05:00
David Maloney
35a039848c
add sshkey loginscanner
...
added the loginscanner class for SSHKey and
the base specs
2014-04-25 14:21:08 -05:00
lsanchez-r7
8f43c229b1
Passing the Mdm::Task down the chain
...
when reporting hosts from an Mdm::Task we need to pass the task all
the way down. this wasnt done for the metasploit import format.
2014-04-25 11:15:39 -05:00
David Maloney
2346d583ed
touchups and specsfor FTP Scanner
...
add some final touchups and specs to the FTP
Loginscanner object. now fully working.
2014-04-25 11:02:15 -05:00
David Maloney
838a444b23
first pass of FTP LoginScanner
...
made the first pass at the ftp
LoginScanner, with base specs.
Need to still tierate, add more new
specs and clean it up
2014-04-25 10:14:48 -05:00
joev
f94d1f6546
Refactors firefox js usage into a mixin.
2014-04-24 15:09:48 -05:00
David Maloney
1f9cf8c68f
add the mixins for tcp and ftp
...
skimmed down, non-module dependent mixins
for TCP client and Ftp client. neccesary for
loginscanner work
2014-04-24 13:39:04 -05:00
David Maloney
087bcbdce1
Merge branch 'master' into staging/electro_release
2014-04-24 09:50:18 -05:00
David Maloney
3a66723741
nake scan! more generic
...
scan! can now be reused for each scanner and
only attempt_login is specific for each thing.
2014-04-24 09:43:39 -05:00
Trevor Rosen
e556997bf7
Land #3269 (Pro) fix report import issue
2014-04-24 08:27:06 -05:00
Spencer McIntyre
ec1f7d644c
Support deprecation information from constants
2014-04-23 23:03:02 -04:00
David Maloney
ed8f87d3cf
allow scan! to take a blcok
...
by allowing scan! to take block
and yield the result of each attempt
we can do things like have a module print out
status messages
2014-04-23 12:41:10 -05:00
David Maloney
d25f0d8f6c
cash host resolution
...
if we successfuly resolve the host during
the validation, then alter host to the resolved
address to avoid the overhead of subsequent
DNS requests.
2014-04-22 15:34:16 -05:00
David Maloney
0439569ffb
more documentation work
...
added some more YARD docs
2014-04-22 11:48:14 -05:00
David Maloney
a613d044f5
more cleanup work
...
some code and documentation DRY work
2014-04-22 11:38:24 -05:00
David Maloney
bc092af855
Fix credential docs
...
expanded return types for the Credential
object to be more accurate
2014-04-22 11:05:12 -05:00
David Maloney
b731889c79
add class level documentation
...
add some comments for YARD to have class
level documentation for each class
2014-04-22 10:59:28 -05:00
David Maloney
526bb4989a
more explicit requires
...
LoginScanner module brings in all the deps
while the individual classes require
the module then to get their deps.
2014-04-22 10:28:01 -05:00
David Maloney
645eef51b7
Rename CredDetail to Credential
...
it was felt this was better naming
for the class. Refactored all occurence
2014-04-22 10:25:36 -05:00
David Maloney
7d05de935e
Merge branch 'staging/electro_release' into feature/ssh_login_scanner
2014-04-21 19:26:49 -05:00
David Maloney
f079d3f3a9
move requires into module
...
move all the requires into the LoginScanner
module area to clean up requires
2014-04-21 19:14:50 -05:00
David Maloney
9c6528f13f
use the CredDetail class
...
now that we have the new CredDetail
class, use it instead of hashes
2014-04-21 18:58:23 -05:00
David Maloney
1a6ef8dced
allow for balnk passwords
...
have to alter validation slightly
to allow for blank passwords
2014-04-21 18:57:28 -05:00
David Maloney
fd1777a79f
add CredDetail class
...
rather than passing dumb hashes around
added a CredDetail class that comes
with it's own conditional validations
2014-04-21 18:26:38 -05:00
David Maloney
de2bb7d66c
dd tests for #scan!
...
the scan! method is mostly done
and has unit tests
2014-04-21 17:59:50 -05:00
David Maloney
2e11f80a98
refactor to use Result class
...
we now use a Result class to handle
all result codes from the login attempt
2014-04-21 15:35:16 -05:00
David Maloney
d313047532
add loginscanner result class
...
add a result class to have more
tightly defined return values from
the loginscanner classes
2014-04-21 15:11:56 -05:00
David Maloney
aa1d1be786
do not create sessions with scanner
...
the session creation behaviour is
currently inextricably linked to module
behaviour. We will have our scanner class
only return success status. The calling module
will be responsible for opening sessions afterwards.
2014-04-21 11:38:48 -05:00
David Maloney
7571fe1f68
fix host validation
...
host validation was buggy, fixed it
2014-04-21 11:34:40 -05:00
James Lee
49bd86f077
Clean up yardocs and a few style issues
2014-04-21 03:12:23 -05:00
David Maloney
9a15a2be04
basic login attempt functionality
...
groundowkr now layed for trying
authentication attempts on the
SSH LoginScanner, with test coverage
2014-04-18 20:08:28 -05:00
David Maloney
85349ccec4
SSH connection exception handling
...
added in the exception handling
around the Net::SSH conenction
in attempt_login
2014-04-18 18:13:05 -05:00
David Maloney
17b4d4a416
Add more attributes and validations
...
Added some more attributes neccesary
for the actual running of the login scan
as well as accompanying validations and
specs
2014-04-18 16:23:35 -05:00
William Vu
7d801e3acc
Land #3200 , goodbye LORCON modules :(
2014-04-18 12:32:22 -05:00
David Maloney
613612eecb
Merge branch 'master' into feature/ssh_login_scanner
2014-04-18 11:16:18 -05:00
Samuel Huckins
2ed7a739c3
New reports in new exports can now import
...
MSP-9783
* Extracted import_report from monstrous import_msf_collateral;
simplified and clarified approach
* Updated report_report: includes all attrs provided vs subset, provides
more helpful error message
* Added report_artifact: adds child artifact for reports, handles
various troublesome cases
* Tested on all report types with a legion of option variants
2014-04-16 15:15:47 -05:00
David Maloney
756488b581
last of the validations
...
finalized validation for SSH lgoinscanner
2014-04-16 13:34:23 -05:00
David Maloney
bf20ed5812
add validations for cred_details
...
Adds validator for the cred_details
attribute on the SSH Login Scanner.
Makes sure propper input is always supplied
for the scanner.
2014-04-16 13:20:14 -05:00
David Maloney
434391c308
add host validations to ssh scanner
...
add validations to the :host attribute
on the SSH LoginScanner
2014-04-16 10:26:00 -05:00
sinn3r
54346f3f92
Land #3265 - Windows Post Manage Change Password
2014-04-15 18:45:48 -05:00
sinn3r
7a4e12976c
First little bit at Bug 8498
...
[FixRM #8489 ] rhost/rport modification
2014-04-15 18:20:16 -05:00
David Maloney
02a17b8612
namespace change to Metasploit
...
chaning the code to live in the namespace of
Metasploit::Framework instead of Msf::Auxiliary
MSP-9683
2014-04-15 17:11:25 -05:00
Meatballs
02b11afddc
Merge remote-tracking branch 'upstream/master' into netapi_change_passwd
...
Conflicts:
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb
2014-04-15 21:23:45 +01:00
Meatballs
fc018eb32e
Initial commit
2014-04-15 21:05:06 +01:00
David Maloney
3c9507c30c
Adds invalid exception class
...
adds an invalid exception class to the
LoginScanner namespace.
MSP-9683
2014-04-15 13:23:24 -05:00
Tod Beardsley
9db01770ec
Add custom rhost/rport, remove editorializing desc
...
Verification:
````
resource (./a.rc)> run
[*] Connecting to FTP server ....
[*] FTP recv: "220 ProFTPD 1.3.3a Server (My FTP server)
[*] Connected to target FTP server.
[*] Authenticating as anonymous with password mozilla@example.com...
[*] FTP send: "USER anonymous\r\n"
[*] FTP recv: "331 Anonymous login ok, send your complete email address
as your password\r\n"
````
...etc.
2014-04-14 21:46:05 -05:00
David Maloney
c537aebf0f
Land #3228 , JtR colon Seperation
2014-04-14 11:19:16 -05:00
Tod Beardsley
2aecab89bb
14-day free trial banner for non-binary installs
2014-04-14 11:00:41 -05:00
agix
ac63e84d02
Fix little bug when using msfencode and exe-only
...
When arch is not defined, arch is null so it crashs.
It should be 'x86' by default
2014-04-14 01:02:31 +02:00
sinn3r
7b6b94acd5
Land #3247 - Revert #3224 jsobfu string size fixes
2014-04-12 00:58:27 -05:00
joev
e09f887c4c
Revert "Fixes large-string expansion in JSObfu."
...
This reverts commit 14fed8c610
.
2014-04-11 16:51:47 -05:00
joev
4cb04b6b9a
Revert "Use implicit return for assignment."
...
This reverts commit 49139cc07f
.
2014-04-11 16:51:40 -05:00
joev
21b2697b95
Revert "Use tiny var names by default."
...
This reverts commit 52432ef482
.
2014-04-11 16:51:34 -05:00
joev
d41b3467f8
Revert "Re-add the #random_string(len) method to pass specs."
...
This reverts commit bd8918e4e1
.
2014-04-11 16:51:21 -05:00
Tod Beardsley
91293fd0db
Allow vhost to be maybe opts['rhost']
...
This enables passing rhost and rport directly to send_request_cgi
without having to monkey with the datastore.
See #8498
2014-04-10 16:47:49 -05:00
sinn3r
80faaf86d8
Add a link to explain about unmet exploit requirements
2014-04-10 14:01:16 -05:00
sinn3r
a6a6ad2217
Land #3227 - Remove bundled rkelly, to Gemfile
2014-04-10 12:31:59 -05:00
sinn3r
68a50e3663
Land #3224 - Fixes large-string expansion in JSObfu
2014-04-10 12:09:22 -05:00
Tod Beardsley
bc5f87b01a
Land #3195 , check() fix
2014-04-10 08:59:53 -05:00
Tod Beardsley
3109f42a55
Merge release back into master
2014-04-11 15:07:16 -05:00
Brandon Turner
2f2692f4bf
Bump version to 4.9.2
2014-04-10 17:45:42 -05:00
James Lee
95399b0de7
Don't try to be too helpful
...
John cares not one whit how many colons are in a hash line, only that
there are enough for the format (at least 2 for regular /etc/passwd, at
least 3 for NTLM, etc). So there is no simple way to programmatically
determine whether a password had a colon or there was just an extra on
the end of the original hash line.
[MSP-9778]
See #2515
2014-04-09 19:24:26 -05:00
Joe Vennix
bd8918e4e1
Re-add the #random_string(len) method to pass specs.
2014-04-09 17:44:48 -05:00
Joe Vennix
57aa1eec11
Kick rkelly out to a gem, add rkelly-remixed.
...
rkelly-remixed is a faster fork of rkelly that is more frequently updated
nowadays. With the new gem, jsobfu obfuscates os.js about twice as fast on
my dev environment.
2014-04-09 17:21:22 -05:00
Joe Vennix
52432ef482
Use tiny var names by default.
2014-04-09 16:54:02 -05:00
Joe Vennix
49139cc07f
Use implicit return for assignment.
2014-04-09 15:48:07 -05:00
Joe Vennix
14fed8c610
Fixes large-string expansion in JSObfu.
2014-04-09 15:45:48 -05:00
Tod Beardsley
062175128b
Update @Meatballs and @FireFart in authors.rb
2014-04-09 10:46:10 -05:00
Meatballs
ae3ead6ef9
Land #2107 Post Enum Domain Users
2014-04-09 11:32:12 +01:00
Tod Beardsley
eab938c7b4
Get rid of requires, too
2014-04-07 16:39:19 -05:00
Tod Beardsley
17ddbccc34
Remove the broken lorcon module set
...
None of the lorcon / lorcon2 modules have been functional for a long
time, due to the lack of a "Lorcon" gem. It's unclear where it went.
I'm happy to include it and get these working again, but until someone
comes up with some functional code (hint: 'gem install' doesn't work) I
don't see any reason to keep shipping these.
Is there some trick people are doing to make these work? As far as I can
see, they are broken by default.
````
msf auxiliary(wifun) > show options
Module options (auxiliary/dos/wifi/wifun):
Name Current Setting Required Description
---- --------------- -------- -----------
CHANNEL 11 yes The initial channel
DRIVER autodetect yes The name of the wireless driver
for lorcon
INTERFACE wlan0 yes The name of the wireless
interface
msf auxiliary(wifun) > run
[*] The Lorcon2 module is not available: cannot load such file --
Lorcon2
[-] Auxiliary failed: RuntimeError Lorcon2 not available
[-] Call stack:
[-]
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/lorcon2.rb:67:in
`open_wifi'
[-]
/home/todb/git/rapid7/metasploit-framework/modules/auxiliary/dos/wifi/wifun.rb:29:in
`run'
[*] Auxiliary module execution completed
````
2014-04-07 16:37:10 -05:00
sinn3r
d385c5ad4b
Fix undefined method `rport' for the check command
2014-04-07 11:48:28 -05:00
jvazquez-r7
80b069f161
Add support for spoofed zip Central Dir names at Entry level
2014-04-07 09:21:26 -05:00
jvazquez-r7
46e6f937f1
Revert "Add central directory zip spoofing"
...
This reverts commit d0700e8ac4
.
2014-04-07 08:50:33 -05:00
jvazquez-r7
d0700e8ac4
Add central directory zip spoofing
2014-04-07 08:49:49 -05:00
jvazquez-r7
6d72860d58
Land #3004 , @m-1-k-3's linksys moon exploit
2014-04-04 14:04:48 -05:00
William Vu
9779913060
Land #3184 , Rex::Proto::Http::Client IOError fix
2014-04-03 15:58:50 -05:00
joev
42d59d269e
Check #closed? instead of rescuing.
2014-04-03 14:20:48 -05:00
joev
98628b814e
Prevent Rex::Proto::Http::Client from raising on close.
2014-04-03 11:36:18 -05:00
Spencer McIntyre
aecd13d314
Tab complete the same case
2014-04-03 09:54:48 -04:00
Spencer McIntyre
1c57c0092c
Tab complete case insensitive module options too
2014-04-02 23:27:11 -04:00
Spencer McIntyre
7d93d28f1d
Support more tab completion features
2014-04-02 21:57:17 -04:00
Christian Mehlmauer
4bf6481242
Added regex option to validate options
2014-04-02 23:51:33 +02:00
jvazquez-r7
c892da44e8
Land #3181 , @dmaloney-r7's fix for metasm
2014-04-02 16:38:33 -05:00
OJ
e06ed601cf
Merge branch 'upstream/master' into ext_server_kiwi
2014-04-03 07:19:36 +10:00
Tab Assassin
6faa3d939b
Retabbed PR rapid7#3181
2014-04-02 15:51:11 -05:00
David Maloney
b426449ce7
fix the fix for 64 bit
...
JJ's fix is too specific
2014-04-02 15:24:24 -05:00
jvazquez-r7
577bd7c855
Land #3146 , @wchen-r7's flash version detection code
2014-04-02 15:13:41 -05:00
David Maloney
29c2a73a12
latest fix
...
trying to fix c comparison ops
2014-04-02 15:13:35 -05:00
agix
a71fcaeefd
add comments on change description call
2014-04-02 20:33:09 +01:00
agix
bc4cb3febf
Add DCERPC catch exception
2014-04-02 20:33:09 +01:00
agix
4a575d57ab
Try to fix Meatballs1 suggestions : optional service_description change call
2014-04-02 20:33:09 +01:00
agix
5334f2657e
Fix a bug for backwards compatibility
2014-04-02 20:33:08 +01:00
agix
631a7b9c48
Adapt to new psexec mixin (first try :D)
2014-04-02 20:33:08 +01:00
David Maloney
ab7c4a41fc
missed net new files
...
some net new files we're missing from metasm
2014-04-02 13:46:18 -05:00
David Maloney
72b1f1373f
pull JJ's latest changes in for c64
...
compiler for x86_64 has some bugs, this is JJ's
latest fixes
2014-04-02 13:44:02 -05:00
OJ
670a0c8e0f
Merge branch 'upstream/master' into ext_server_kiwi
2014-04-02 19:36:42 +10:00
OJ
e61e532223
Add support for extraction of wifi profile creds
2014-04-02 17:16:40 +10:00
OJ
1d46e65897
Update to match meterpreter changes
...
This also includes the ability to specify id and groups for the
golden ticket feature.
2014-04-02 12:29:35 +10:00
William Vu
f9a7cfaa67
Land #3168 , EICAR payload encoding
2014-04-01 09:17:10 -05:00
Tod Beardsley
42c7b85b86
Don't EICAR every time. That would be bad.
2014-04-01 09:05:55 -05:00
Christian Mehlmauer
5397fdbf02
Land #3173 , Fix ActiveRecord::ConnectionNotEstablished
2014-03-29 00:13:44 +01:00
William Vu
5a448d9f2d
Fix ActiveRecord::ConnectionNotEstablished
...
[SeeRM #8780 ]
2014-04-02 00:54:39 -05:00
William Vu
8fd4f50081
Fix NameError for "r" in Msf::Auxiliary::Nmap
...
Wasn't in scope.
2014-04-01 17:35:20 -05:00
Tod Beardsley
ec7bb6de54
Land #2969 , random name generator for phishing
2014-04-01 13:00:55 -05:00
Christian Mehlmauer
ba03890004
Land #3171 , Fix NameError for "r" in Msf::Auxiliary::Nmap
2014-03-29 00:01:03 +01:00
Tod Beardsley
1b0fe74da5
Use Array#sample in email generators.
2014-04-01 14:11:23 -05:00
Tod Beardsley
8ab03f3aeb
Use Array#sample in randomize_space
2014-04-01 14:09:07 -05:00
William Vu
8bd5d10052
Use rand_hostname in rand_mail_address
2014-03-28 16:44:49 -05:00
sinn3r
07ab05c870
Update a comment
2014-03-28 15:20:45 -05:00
sinn3r
4b7f85e47d
Adobe Flash support in BES
2014-03-28 15:14:58 -05:00
Tod Beardsley
196e07c5b1
Touch up the EICAR stuff
2014-03-28 11:45:28 -05:00
jvazquez-r7
8f1e55de5a
Use ObfuscateJS
2014-03-28 11:08:38 -05:00
jvazquez-r7
da6a428bbf
Modify libs to support explib2
2014-03-28 10:44:52 -05:00
OJ
86ddd24d26
Update to use Rex::Text and change handling a bit
...
This change also outputs blank creds so that users know which
accounts have blank passwords
2014-03-28 16:12:51 +10:00
OJ
65e204e834
Modify the menu item descriptions
2014-03-28 11:03:38 +10:00
OJ
3a42cb8a46
Fix typo in kiwi help
2014-03-28 11:03:03 +10:00
James Lee
6c36d14be1
Land #3118 , fix java payloads for msfvenom
2014-03-25 15:38:21 -05:00
sinn3r
85c0c8bb70
Add support to detect mshtml build
...
Some IE vulns are build-specific, in that case we need a way to
detect the build version. On IE9 and newer, the build version is
the same as the one you see in WinDBG when you do lmv m mshtml.
On IE8, it returns something else I don't know.
2014-03-25 03:31:08 -05:00
William Vu
8b2ee4eb8c
Disable BLANK_PASSWORDS and USER_AS_PASS
...
They're as obnoxious as DB_ALL_* when enabled by default.
2014-03-24 15:51:35 -05:00
sinn3r
13f5c22536
Land #3129 - Fix 2782 with 2961 and stop stack-tracing download_exec
2014-03-21 11:36:59 -05:00
James Lee
0a141f1c02
Land #2810 , masked password format switcheroo
2014-03-20 15:12:12 -05:00
David Maloney
c4a9b4fda0
Land #3128 , Put loot in correct workspace
2014-03-20 14:11:17 -05:00
Tod Beardsley
4d3f871e9d
Land #2961 , get_env and get_envs Post mixin
...
This unbreaks the changes introduced by #2782 by introducing
get_env and get_envs for shell sessions (not just meterpreter sessions).
2014-03-20 10:53:50 -05:00
Trevor Rosen
dd4b16ad60
Remove some dead code
2014-03-20 09:38:14 -05:00
Trevor Rosen
dc85a99fbd
report_loot now sets proper Mdm::Workspace
...
* Uses an Mdm::Workspace when passed one in conf hash
2014-03-20 09:27:09 -05:00
Samuel Huckins
33ca577010
Zip Workspace imports now working.
...
MSP-9531
* Was trying to delete XML file, not sure why, running into permission
error
* General clarification and cleanup
2014-03-19 22:53:15 -05:00
Samuel Huckins
cc4c958d58
Merge remote-tracking branch 'metasploit-framework/master' into masked-cred-format-update
2014-03-19 15:47:46 -05:00
Tod Beardsley
8e7f12e30e
Land #3085 , service_control support
...
This depends on rapid7/meterpreter#77 to function
2014-03-19 08:43:17 -05:00
Tod Beardsley
04b5d71fa5
Land #3061 , enhance clipboard dump
...
This depends on rapid7/meterpreter#75 to function
2014-03-19 08:42:36 -05:00
Tod Beardsley
35b94b04bf
Land #2889 , WMI support
...
This depends on rapid7/meterpreter#69 to actually be useful.
2014-03-19 08:42:03 -05:00
OJ
11f9bfadb1
Final bits of documentation and code tweaking
2014-03-19 18:40:53 +10:00
OJ
84728c9fc9
Code tidying and defaulting to empty strings for table format
2014-03-19 16:19:23 +10:00
OJ
959cedb9b1
Bit more code tidying
2014-03-19 16:19:05 +10:00
OJ
f80c7b7b51
Fix silly typo
2014-03-19 15:55:12 +10:00
OJ
0dcf992781
Add comments to the kiwi source
2014-03-19 15:45:53 +10:00
OJ
3635fff98e
Add support for kerberos ticket enumeration
...
Fix up a bunch of other issues and do some code tidies too.
2014-03-19 14:25:11 +10:00
David Maloney
130474fdfd
Fix java payload generation
...
jsp payloads are java but do not generate JARs
also we were not merging datastore options in properly
2014-03-18 13:41:27 -05:00
OJ
91e198fd63
Add SAM key dump in LSA dumping output
2014-03-18 09:45:31 +10:00
OJ
dfb4b22015
Merge branch 'upstream/master' into ext_server_kiwi
2014-03-18 08:08:45 +10:00
William Vu
9eada528d7
Land #3097 , Rex::Text.uri_encode RFC 3986 fix
2014-03-14 15:38:24 -05:00
David Maloney
da0c37cee2
Land #2684 , Meatballs PSExec refactor
2014-03-14 13:01:20 -05:00
OJ
a9758413c0
Add lsa secret dumps plus other tweaks
2014-03-14 19:50:01 +10:00
William Vu
8393a49148
Land #3098 , check command host selection fix
...
[FixRM #8768 ]
2014-03-13 14:25:39 -05:00
sinn3r
6e37493471
Land #3091 - native shellcode payloads from a FF privileged js shell
2014-03-13 13:36:37 -05:00
Joe Vennix
db036e44ad
Use RdlCopyMemory from Kernel32.
2014-03-13 11:05:58 -05:00
sinn3r
7ead04414c
Land #3024 - Allow encoder Compat options
2014-03-13 10:59:40 -05:00
Tod Beardsley
520d1e69c4
Rapid7 Comma Inc
...
After some more discussion with Rapid7's legal fellow.
2014-03-13 09:46:20 -05:00
sinn3r
84b08a5a35
Fix check command host selection behavior
...
[SeeRM #8768 ] Instead of using the saved value for host, the check
command should use whatever the user specifies.
2014-03-12 22:54:01 -05:00
Tod Beardsley
9d4ceaa3a0
Let's try to be consistent about Rapid7 Inc.
...
According to
http://www.sec.gov/Archives/edgar/data/1560327/000156032712000001/0001560327-12-000001.txt
Rapid7 is actually "Rapid7 Inc" not "Rapid7, LLC" any more.
This does not address the few copyright/license statements around
"Metasploit LLC," whatever that is.
2014-03-12 11:20:17 -05:00
Joe Vennix
851fca2107
Add posix fork() call before running code.
2014-03-12 02:56:26 -05:00
Joe Vennix
7afcb6aee8
Add CreateThread wrapper for windows.
2014-03-12 02:49:09 -05:00
Joe Vennix
ce0c5380a5
Kill stray //.
2014-03-12 02:20:49 -05:00
Joe Vennix
9bdf570763
All working now. In-memory meterpreter even.
2014-03-12 02:19:28 -05:00
sinn3r
b431bf3da9
Land #3052 - Fix nil error in BES
2014-03-11 12:51:03 -05:00
OJ
1d70411ea7
Support service_control and new status field in query
...
This code adds support for the new service_control feature in meterpreter
and also supports the status field that comes from the service_query function.
2014-03-11 14:50:19 +10:00
AnwarMohamed
b45524ecdd
generate cert @ payload/dalvik.rb
2014-03-10 21:50:00 -05:00
AnwarMohamed
99cc94e6fc
moving string_sub() to payload/dalvik.rb
2014-03-10 21:49:59 -05:00
Joe Vennix
c07f390382
Add CookieExpiration option, add trailing slash to URI.
2014-03-10 13:07:17 -05:00
sinn3r
c76a1ab9f4
Land #3065 - Safari User-Assisted Download & Run Attack
2014-03-07 10:29:56 -06:00
Joe Vennix
9638bc7061
Allow a custom .app bundle.
...
* adds a method to Rex::Zip::Archive to allow recursive packing
2014-03-06 16:11:30 -06:00
Meatballs
311d4665ce
Re-use CreateService Handle
...
and remove unused variable
2014-03-06 21:37:49 +00:00
William Vu
ee0aa20955
Land #3013 , Metasm update
2014-03-06 14:15:42 -06:00
Joe Vennix
05067b4e33
Oops. Need to init the profile before accessed.
2014-03-06 11:48:54 -06:00
Joe Vennix
ad592fd114
Remove unnecessary method.
2014-03-05 23:36:43 -06:00
Joe Vennix
a792f85a5f
Fix re-initialize bug.
2014-03-05 23:27:04 -06:00
Joe Vennix
38a2e6e436
Minor fixes.
2014-03-05 19:03:54 -06:00
Joe Vennix
12cf5a5138
Add BES, change extra_plist -> plist_extra.
2014-03-05 18:51:42 -06:00
William Vu
096d6ad951
Land #3055 , heapLib2 integration
2014-03-05 15:48:13 -06:00
Joe Vennix
cd3c2f9979
Move osx-app format to EXE.
2014-03-04 22:54:00 -06:00
OJ
a1aef92652
Land #2431 - In-memory bypass uac
2014-03-05 11:15:54 +10:00
Joe Vennix
5790547d34
Start undoing some work.
2014-03-04 17:01:53 -06:00
Tod Beardsley
6e88bbd827
No need for that kind of language
2014-03-04 14:34:50 -06:00
sinn3r
e638c3d50a
Land #3058 - Prevent jsobfu from generating reserved js keywords
2014-03-04 11:43:39 -06:00
David Maloney
72c6b995de
adjust timeout for shadowcopy
...
WMIC defaults to 10 sec timeout but shadowcopy
often needs longer.
2014-03-04 10:18:59 -06:00
OJ
0bdce4836f
Modify clipboard dump to support new format from Meterpreter
2014-03-04 19:37:57 +10:00
Etienne Stalmans
e452b81fb1
style changes as suggested by @jlee-r7
2014-03-04 08:49:52 +02:00
Joe Vennix
3360f7004d
Update form_post vars, add Expires to cookie.
2014-03-03 23:29:02 -06:00
Joe Vennix
6c3b667152
Kill extra comma.
2014-03-03 16:48:02 -06:00
Joe Vennix
bfecf9525d
Add Rex::RandomIdentifierGenerator.
2014-03-03 16:43:49 -06:00
Meatballs
43715eeb7f
Blame @OJ
...
He changed the clipboard API underneat me.
2014-03-03 22:06:05 +00:00
Meatballs
32d83887d3
Merge remote-tracking branch 'upstream/master' into wmic_post
2014-03-03 21:56:31 +00:00
Joe Vennix
517a85d141
Remove unneeded quotes.
2014-03-03 15:42:46 -06:00
Joe Vennix
b3ab8f7ce1
Make random_var_name public, add specs for it.
2014-03-03 15:39:56 -06:00
Joe Vennix
ae9ce962c0
Add future reserved words.
...
Gotta stay ahead of the game.
2014-03-03 14:59:46 -06:00
Joe Vennix
dd86a9188c
Prevent jsobfu from generating duplicate/reserved tokens.
...
I got an error from a script that tried to 'set void = 1'.
2014-03-03 14:56:50 -06:00
sinn3r
ee1209b7fb
This should work
2014-03-03 11:53:51 -06:00
OJ
e0438f570b
Merge branch 'upstream/master' into ext_server_kiwi
2014-03-03 17:28:44 +10:00
Joe Vennix
894d16af80
Add specs for new/returning/previous visitors.
2014-03-02 20:50:10 -06:00
Joe Vennix
b458b8ad63
Add specs for new methods.
2014-03-02 20:23:20 -06:00
Joe Vennix
6825fd2486
Whitespace tweaks and cleanup.
2014-03-02 19:57:48 -06:00
Joe Vennix
46f27289ed
Reorganizes form_post into separate file.
2014-03-02 19:55:21 -06:00
Joe Vennix
785a35a81a
Needed to kill objToQuery.
2014-03-02 19:48:55 -06:00
Joe Vennix
e8226f9d40
Use a keyed cookie. Moves AJAX call to a form post.
2014-03-02 19:47:24 -06:00
Joe Vennix
26db845438
Try to pthread_create. Fails.
2014-03-02 18:02:23 -06:00
sinn3r
8cf5c3b97e
Add heaplib2
...
[SeeRM #8769 ] Add heapLib2 for browser exploitation
2014-03-02 11:47:18 -06:00
FireFart
8543da0fbd
Corrected uri_encode
2014-03-01 11:30:50 +01:00
David Maloney
1a0f77edb2
Land #2739 , DLL injection in msfvenom
...
lands Meatballs PR to fix dll injection
in Msfvenom. Test to ensure it still works
in the new MsfVenom
2014-02-28 14:22:17 -06:00
David Maloney
9e355e1265
Merge branch 'master' into dll_inject
2014-02-28 14:20:46 -06:00
sinn3r
ac446d3b3f
Land #3043 - randomization for Rex::Zip::Jar and java_signed_applet
2014-02-28 14:10:55 -06:00
David Maloney
566a791ef3
Land #2992 , Fix VNC Inject Defaults
2014-02-28 14:04:56 -06:00
William Vu
fd1586ee6a
Land #2515 , plaintext creds fix for John
...
[FixRM #8481 ]
2014-02-28 09:53:47 -06:00
David Maloney
f66709b5bb
make bypassuac module clean itself up
...
since the IO redirection hangs our original process
we have the moudle wait for the session then kills
the spawning process and delete the exe we dropped
2014-02-27 12:54:40 -06:00
jvazquez-r7
6c490af75e
Add randomization to Rex::Zip::Jar and java_signed_applet
2014-02-27 12:38:52 -06:00
David Maloney
d358fe5f94
Merge branch 'payload_defaults'
2014-02-26 10:28:46 -06:00
David Maloney
f51cbfffb8
minor fix to payload generator
...
was passing platform string instead of the
platform lsit when formatting the payload
2014-02-25 15:51:06 -06:00
sinn3r
d0780cd1a2
Land #3010 - EXITFUNC as OptEnum
2014-02-24 11:07:10 -06:00
Joe Vennix
c760d37703
use the actual shellcode length.
2014-02-24 09:55:44 -06:00
jvazquez-r7
9fd635d645
Favor \! vs == false
2014-02-24 08:47:25 -06:00
Michael Messner
dbbd080fc1
a first try of the cmd stager, wget in a seperated module included
2014-02-23 20:59:17 +01:00
Meatballs
2a6258be15
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
external/source/exploits/make.bat
2014-02-28 20:26:24 +00:00
Meatballs
5a7730b495
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
2014-02-25 23:15:47 +00:00
Meatballs
8bdb22aeb9
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
lib/msf/core/post/windows.rb
2014-02-25 22:15:05 +00:00
Meatballs
bbacaa477e
Add missing require
2014-02-25 22:08:27 +00:00
Meatballs
e31a144f4d
Use better system call
2014-02-22 20:34:56 +00:00
jvazquez-r7
8af992e083
Use same coding style
2014-02-21 16:02:27 -06:00
jvazquez-r7
0c44cc5ae4
Allow Exploits to provide Encoder Compat options
2014-02-21 15:49:39 -06:00
James Lee
0179faa66f
Fix yardoc for Post::Windows::LDAP
...
Also fix some style issues and warnings.
2014-02-21 13:25:11 -06:00
jvazquez-r7
0b5e617236
Land #3016 lsanchez-r7's send_message mod to return info
2014-02-19 17:01:06 -06:00
jvazquez-r7
c0cdea37f7
Initialize send_status at the function's start
2014-02-19 16:54:29 -06:00
lsanchez-r7
f7a483523c
changing the initial state from false to nil
2014-02-19 16:45:00 -06:00
jvazquez-r7
7c5ba3e46c
Retab metasm
2014-02-19 14:01:20 -06:00
jvazquez-r7
bdb27b2cca
Manual loading shouldn't be needed
2014-02-19 13:13:41 -06:00
jvazquez-r7
a78ccc7862
Add up to date metasm
2014-02-19 13:13:08 -06:00
jvazquez-r7
f34078a7df
Delete old version of metasm
2014-02-19 13:09:53 -06:00
Joe Vennix
212ebb568c
EXITFUNC option should be an OptEnum.
2014-02-19 03:06:15 -06:00
Joe Vennix
50fb9b247e
Restructure some of the exploit methods.
2014-02-19 02:31:22 -06:00
jvazquez-r7
4ca4d82d89
Land #2939 , @Meatballs1 exploit for Wikimedia RCE and a lot more...
2014-02-18 17:48:02 -06:00
Meatballs
e4aedfad43
Fixup netapi call
2014-02-18 23:30:29 +00:00
lsanchez-r7
07fd3494e5
changing send_message to return more information
2014-02-18 16:48:52 -06:00
Meatballs
6f988209ab
Merge remote-tracking branch 'upstream/master' into enum_domain_users_update
2014-02-18 20:02:39 +00:00