infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
29,691 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

3020 Commits (4928cd36e4123e8398cad397746c6af1196be22e)

Author SHA1 Message Date
William Vu dc4b4218b3 Make {COUNT,SIZE}_MAX more readable 
Good suggestion, @jlee-r7.
 2014-01-21 12:13:14 -06:00
William Vu 6a16cf96ba Fix bug in fsupload 
Badchar analysis: file may contain form feeds.
 2014-01-21 11:36:24 -06:00
OJ 524bbceb1a
Merge branch 'upstream/master' into ext_server_kiwi 2014-01-17 11:53:07 +10:00
OJ 9212013c3e Add error message support 
This commit enables returning of error messages based on the HRESULT.
They still aren't nice, but they're better than nothing.
 2014-01-17 11:42:07 +10:00
jvazquez-r7 ac9e634cbb
Land #2874, @mandreko's sercomm exploit fixes 2014-01-16 16:35:32 -06:00
sinn3r a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules 2014-01-16 15:57:38 -06:00
William Vu 9bf90b836b Add environment variables support 2014-01-16 14:53:25 -06:00
William Vu 0915212249 Fix socket timeout bug 2014-01-16 11:58:37 -06:00
jvazquez-r7 0b9ff43217 Make slice_up_payload easier 2014-01-16 11:03:22 -06:00
jvazquez-r7 f41849c921 Clean CmdStagerEcho 2014-01-16 11:00:57 -06:00
OJ 8e1d3c9c2a Final tweaks for WMI support 2014-01-16 22:02:28 +10:00
OJ 69abffaff6 First pass of WMI support 
Close but more to do.
 2014-01-16 13:47:46 +10:00
William Vu 311704fc0a Perform final cleanup 2014-01-15 13:49:37 -06:00
OJ 870349acd0
Merge branch 'upstream/master' into basic_adsi_support 2014-01-15 19:57:07 +10:00
Matt Andreko b7b1ddf1e8 Sercomm Exploit module fixes 
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
 2014-01-13 16:58:32 -05:00
sinn3r cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells 2014-01-10 14:29:32 -06:00
OJ 0f722cbe6d Add ext_server_kiwi, which is Mimikatz v2 
This is a separate extension because the new version doesn't support
as many operating systems as the old version, but it does have more
new features which are really funky.
 2014-01-10 16:51:01 +10:00
William Vu b43a221959
Land #2855, Rex::Socket refactor and specs 2014-01-09 16:20:50 -06:00
James Lee ba252ec0c3
Use 'unless' instead of 'if not' 2014-01-09 16:01:58 -06:00
James Lee 7cb6836209
Replace unused var with purpose-revealing comment 2014-01-09 15:07:04 -06:00
James Lee 27133257a4 Better docs, more accurate var names 2014-01-09 15:05:19 -06:00
James Lee 20a5bf45f5
Fix beug with #next raising after the end 
... instead of the old behavior or just returning nil again
 2014-01-09 15:03:11 -06:00
William Vu 1893cbca0e
Land #2843, RangeWalker resolution failure bug fix 2014-01-09 14:36:32 -06:00
James Lee 1519af33f5
Refactor `getaddress` in terms of `getaddresses` 2014-01-09 11:03:24 -06:00
jvazquez-r7 85203c2f2a
Land #2823, @mandreko's exploit module for OSVDB 101653 2014-01-09 10:27:44 -06:00
James Lee 01f350964f
Add specs for some stuff in Rex::Socket 2014-01-09 10:19:19 -06:00
William Vu 27f079ad7c Move {begin,end}_job from libs to modules 2014-01-09 01:03:01 -06:00
William Vu 025fc79683 Refactor commands for modularity 2014-01-09 01:03:01 -06:00
William Vu 3fca11e5ac Replace magic numbers with constants 2014-01-09 01:03:01 -06:00
William Vu 2f2823e323 Remove newline from end_job to conform to spec 2014-01-09 01:03:01 -06:00
William Vu d3bbe5b5d0 Add filesystem commands and new PoC modules 
This commit also refactors some of the code.
 2014-01-09 01:03:01 -06:00
William Vu af66310e3a Address @jlee-r7's comments 2014-01-09 01:03:01 -06:00
William Vu bab32d15f3 Address @wchen-r7's comments 2014-01-09 01:03:00 -06:00
William Vu 1c889beada Add Rex::Proto::PJL and PoC modules 2014-01-09 01:03:00 -06:00
Matt Andreko d2458bcd2a Code Review Feedback 
Migrated the Sercomm module to use the CmdStager mixin to provide
uploading of the ELF binary.
Modified the CmdStagerEcho mixin to allow bypass of the "-en " since in
this case, the device messed up when it was used, and would actually
write the "-en " to the file, from some flaky busybox version of "echo".
 2014-01-08 22:21:32 -05:00
James Lee 4bfe6b1b08
Remove pointless checks and add some docs 2014-01-08 14:37:40 -06:00
James Lee 4ba0020934
Simplify the logic deciding when we're finished 2014-01-08 14:22:44 -06:00
James Lee 22bdca92f4
Remove the ipv6 attr on Range 
Makes more sense in the option hash.
 2014-01-07 16:52:34 -06:00
James Lee 9c23910b69
Refactor Socket::Range 
There was really no reason for it to inherit from Array. Also adds a few
more specs and gets coverage up to a more respectable percentage.
 2014-01-07 16:31:55 -06:00
James Lee 2ed9772080
Fix unhandled exceptions when resolution fails 2014-01-07 12:00:04 -06:00
OJ e3b90f3c4e Fix issue with incorrect parameter parsing 
Code was looking for -s instead of -a when dealing with domain
queries. This commit fixes that.
 2014-01-05 20:06:47 +10:00
Tod Beardsley bd2033c587
Land #2814, streaming webcam STDAPI add 2014-01-03 12:09:25 -06:00
OJ ef281bf31d Adjust the getenv API 
The getenv call in sys/config was renamed to getenvs and now uses
the splat operator so that arrays don't have to be passed in. A
new function called getenv was added which takes a single argument
and returns a single value back (for ease of use).
 2014-01-03 08:05:45 +10:00
Joe Vennix 694cb11025 Add firefox platform, architecture, and payload. 
* Enables chrome privilege exploits in firefox to run a javascript cmd
shell session without touching the disk.
* Adds a spec for the addon_generator.
 2014-01-02 10:48:28 -06:00
sinn3r e6823c39c2 Incorrect variable used 2014-01-02 00:50:32 -06:00
sinn3r 92a0ff1096 Add webcam livestream feature for meterpreter 
[SeeRM #8729] - This meterpreter command allows the attacker to observe the target at real-time
by turning their webcam live. There is also a HTML-based player provided, which does not require
a plugin or anything, just open it with a browser. The HTML-based player also allows the attacker
to put livestream on the web (evil? yeah, kind of.)
 2013-12-30 18:38:13 -06:00
Tod Beardsley feaf6c23cf
Merge and Unconflict client.rb, new module splat 
The only conflict was the regex option for no encoding, which was added
after @Meatballs1's original PR for rapid7/metasploit-framework#1421

Also fixes the module with the new license splat.

Conflicts:
	lib/rex/proto/smb/client.rb
 2013-12-30 16:53:13 -06:00
jvazquez-r7 8986659861
Land #2804, @rcvalle's support for disasm on msfelfscan 2013-12-30 12:24:22 -06:00
Ramon de C Valle c1f377fda6 Add disasm option to msfelfscan 2013-12-26 16:26:45 -02:00
Meatballs 3ef1c0ecd6 Merge remote-tracking branch 'upstream/master' into enum_ad_perf 2013-12-19 14:25:07 +00:00
Meatballs 244cf3b3f6 Merge remote-tracking branch 'upstream/pr/2736' into enum_ad_perf 2013-12-19 13:59:57 +00:00
Meatballs b252e7873b
Merge remote-tracking branch 'upstream/master' into pr2075 2013-12-16 14:29:05 +00:00
Meatballs ca1c887e68 Add missing ] 2013-12-15 01:12:50 +00:00
Meatballs a930056d7f Added service status checks to Post::Windows::Services 
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module

Conflicts:
	lib/msf/core/post/windows/services.rb
	lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb
 2013-12-15 01:12:45 +00:00
Spencer McIntyre a08c420862 Add railgun definitions for local exploit relevant functions. 2013-12-12 10:26:08 -05:00
OJ 64b1e78e34 Fix page size and max results 2013-12-11 00:03:05 +10:00
OJ 8a1517fde8 Fix issues with missing params on computer enum 
No more late night and rushed commits, its still and wastes people's time.

Thanks sinn3r for getting on this. Apologies for the poor quality of the PR.
 2013-12-10 21:06:28 +10:00
OJ 2237419134
Merge branch 'upstream/master' into basic_adsi_support 2013-12-10 20:58:38 +10:00
Meatballs 45a0ac9e68
Land #2602, Windows Extended API 
Retrieve clipboard data
Retrieve window handles
Retrieve service information
 2013-12-08 19:01:35 +00:00
Meatballs e5a92a18a5
and expand path 2013-12-08 19:01:03 +00:00
Meatballs 3c67f1c6a9
Fix file download 2013-12-08 18:57:10 +00:00
OJ a3c050c8b6 Added page size setting 2013-12-08 23:29:42 +10:00
OJ 8172596c0b Fix rendering of result total 2013-12-08 20:58:03 +10:00
OJ f13736d208 Add support for general domain queries 
Specific queries are just wrappers over the top of the domain query
 2013-12-08 20:41:30 +10:00
OJ 35b051174c Add basic ADSI enum of users and computers 2013-12-07 00:22:54 +10:00
OJ e90b7641ca Allow self-destruct via "kill -s" 
HTTP(s) payloads don't exit cleanly at the moment. This is an issue that's
being addressed through other work. However, there's a need to be able to
terminate the current HTTP(s) session forcably.

This commit add a -s option to kill, which (when specified) will kill
the current session.
 2013-12-06 14:56:19 +10:00
OJ 4ca48308c1 Fix downloading of files 2013-12-06 13:40:20 +10:00
OJ 1d757c40db Remove empty parens 2013-12-04 07:10:23 +10:00
OJ 8b77da4ef7 Fix non-rubyisms 2013-12-04 07:06:32 +10:00
OJ 18e1d9ce17 Revert "Start clipboard monitor functionality" 
This reverts commit ecbdfd3502.

I don't know how this got in there, as it's in another branch waiting for more work.
My bad.
 2013-12-04 07:03:12 +10:00
sinn3r 4d3d02ae01
Land #2667 - Add num and dword output format 2013-12-02 13:52:17 -06:00
jvazquez-r7 0343aef7c8
Land #2695, @wchen-r7's support to detect silverlight 2013-11-27 09:40:12 -06:00
sinn3r 5d10b44430 Add support for Silverlight 
Add support for Silverlight exploitation. [SeeRM #8705]
 2013-11-26 14:47:27 -06:00
OJ 1a65566005 Add the getenv command which pulls env vars from the victim 
This command will allow the attacker to grab environment variables from the
target, if they exist. Calling this function allows for one or more values
to be passed in, which should match the name of the variable required. If
the variable is found, it is returned. If it is not found, the variable
is not returned (ie. it's not present in the resulting hash).

Note 1: POSIX environment vars are case-senstive, whereas Windows is not.
Note 2: POSIX doesn't seem to cough up user environment vars, it only returns
system vars. I'm not sure why this is, but it could be because of the way
we do linking on POSIX.
 2013-11-26 10:05:50 +10:00
OJ 86b6d647bf Merge branch 'upstream/master' into ext_server_extapi 2013-11-25 07:43:36 +10:00
Meatballs 20b76602a1
Merge remote-tracking branch 'upstream/master' into pr2075 
Conflicts:
	lib/msf/core/exploit/powershell.rb
 2013-11-22 22:41:08 +00:00
OJ 4d1c3c1f01 Start clipboard monitor functionality 
Added the basics of the clipboard monitor functionality with usage
messages and stuff like that. Lots more to do.
 2013-11-22 13:31:40 +10:00
corelanc0d3r 742c52711a added 2 new output types for msfencode: num and dword 2013-11-20 22:36:17 +01:00
Joe Vennix e10f9cc518 More whitespace fixes. 2013-11-20 15:07:51 -06:00
Joe Vennix 739c7b4ca2 More dead code and tweaks. 2013-11-20 14:44:53 -06:00
Joe Vennix 3ff9da5643 Remove compression options from client sockets. 
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
 2013-11-20 14:41:45 -06:00
OJ ecbdfd3502 Start clipboard monitor functionality 
Added the basics of the clipboard monitor functionality with usage
messages and stuff like that. Lots more to do.
 2013-11-21 06:29:37 +10:00
Joe Vennix b70b594a2a Kill extraneous comma. 2013-11-20 13:47:47 -06:00
Joe Vennix a7b01e3b72 Put initialize params back on one line, and move attr_accessors. 
As per @hdm's feedback
 2013-11-20 12:29:09 -06:00
Joe Vennix e74e75fe6f Revert changes to legacy rescues. 2013-11-20 12:20:34 -06:00
Joe Vennix 9f103f8621 Whitespace tweak. 2013-11-20 01:15:15 -06:00
Joe Vennix f8b57d45cd Reenable the client SSLCompression advanced option. 
Add spec for some of the additions to Rex::Proto::Http::Client
 2013-11-20 01:03:13 -06:00
Joe Vennix d51b92b06f Turns out & ~ does work. 
Decided not to expose this as a datastore option for the Client,
but it can be used internally to toggle the compression.
 2013-11-20 00:01:48 -06:00
Joe Vennix a8c55f23a7 Remove &~ bit-clearing method in favor of defaults. 
For some reason the OP_ALL & ~OP_NO_COMPRESSION method doesnt work,
but it is late and the default is false anyways.
 2013-11-19 23:42:58 -06:00
Joe Vennix 109fc5a834 Add SSLCompression datastore option. 
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.

This also kills some ruby < 1.9.3 code.
 2013-11-19 22:34:39 -06:00
jvazquez-r7 647c867c2d
Land #1681, @sempervictus Rex::Text::Ui::Table [] method 2013-11-19 16:30:09 -06:00
jvazquez-r7 e1eddc84aa Check for inexistent column names 2013-11-19 16:02:52 -06:00
jvazquez-r7 162d433014 Use snake_case for variables 2013-11-19 15:46:11 -06:00
jvazquez-r7 6a13a0eee6 fix indentation 2013-11-19 15:42:12 -06:00
jvazquez-r7 7435d74c59
Land #2093, @sempervictus MaxChar for Rex::Ui::Text::Table cols 2013-11-19 13:34:45 -06:00
jvazquez-r7 4cf16cf360
Land #2633, @OJ's port of Kitrap0d as local exploit 2013-11-14 09:27:10 -06:00
sinn3r 2fc43182be
Land #2622 - Fix up proxy/socks4a.rb 2013-11-12 18:22:32 -06:00
jvazquez-r7 ef6d9db48f
Land #2613, @wchen-r7's BrowserExploitServer mixin 2013-11-12 17:33:12 -06:00
William Vu 8d4d7dae50 Restore comment header and remove carriage returns 2013-11-11 12:16:14 -06:00
sinn3r d483f2ad79
Land #2618 - rm shebangs 2013-11-11 11:55:23 -06:00
Jonathan 36064ca886 remove EOL carriage return from socks4a.rb 2013-11-11 12:47:41 -05:00
OJ 6a25ba18be Move kitrap0d exploit from getsystem to local exploit 
This version modifies the existing meterpreter session and bumps the privs
up to SYSTEM. However it's not how local exploits are supposed to work.
More work will be done to make this create a new session with the elevated
privs instead.
 2013-11-11 17:14:40 +10:00
Jonathan 26482f9ebd reset head~2 and removed shebang from unattend.rb 2013-11-09 15:05:56 -05:00
Tod Beardsley cc9ac7695d
Land #2592, add getproxy 
Needed for new functionality in #2612
 2013-11-08 13:20:20 -06:00
Jonathan 575072585f removed shebangs from files within rex 2013-11-07 18:51:59 -05:00
scriptjunkie 7615264b17 Merge branch 'lanattacks_fix' of git://github.com/OJ/metasploit-framework into OJ-lanattacks_fix 2013-11-07 10:35:00 -06:00
sinn3r 991240a87e Support java version detection 2013-11-07 00:54:52 -06:00
OJ 1dacf7e57e Last lot of shebangs removed 2013-11-07 07:35:51 +10:00
OJ 6422e1d6e8 Remove shebang, code tidy, as per @jlee-r7's gripes 2013-11-07 07:32:04 +10:00
OJ 7dcb071f11 Remote shebang and fix pxexeploit 2013-11-06 07:10:25 +10:00
sinn3r 5f2d8358c0 Be more browser specific with Javascript generation 2013-11-05 01:04:52 -06:00
OJ d1e008387a Stop auto preview, code clean 
Removed the auto preview of captured images from the clipboard.

Removed parens from calls to print_line.
 2013-11-05 07:15:31 +10:00
OJ f62247e731 Fix comments, indenting and pxexploit module 
Updated the comments and indentation so they're not blatantly wrong.

Adjusted the pxexploit module so that it doesn't break any more as
a result of the refactoring.
 2013-11-05 06:35:50 +10:00
OJ ff78082004 Refactor lanattacks ruby code, add command dispatcher 
The lanattacks module didn't seem to have a command dispatcher, and
hence loading the module would always result in a failure. This
commit fixes this problem.

The commit contains a bit of a refactor of the lanattacks code to be
a little more modular. It also has a shiny new dispatcher which breaks
the DHCP and TFTP functionality up into separate areas.
 2013-11-04 17:37:42 +10:00
joev bccbed2757 Rename :use_xhr_shim to :inject_xhr_shim. 2013-11-02 16:52:04 -05:00
joev 90d8da6a21 Fix some bugs in my edits, add a spec. 2013-11-02 16:46:33 -05:00
joev c7c1fcfa98 Pull shared XHR shim out, add option to static Js module method. 
* Moves shim to data/js/network/xhr_shim.js
* Add some yardoc comments
 2013-11-02 14:52:50 -05:00
OJ d658fa46b4 Updated help, removed binaries 2013-11-02 23:10:16 +10:00
OJ 67fbeacbf0 Add support for optional image downloading 
Without -d, `CF_DIB` types will just show image dimensions. Running
with -d will result in the image being looted.
 2013-11-02 23:07:13 +10:00
sinn3r 6e7e5a0ff9 Put postInfo() in the js directory 2013-10-31 13:55:22 -05:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib 
It wasn't just cmdstager_printf.rb. :/
 2013-10-30 19:51:25 -05:00
OJ 2fbac9b129 Add `getproxy` command 
This command pulls out system proxy details on windows machines.
 2013-10-30 18:40:51 +10:00
OJ 1f6c320bb3
Tidy up of extapi code, new bins 
* Rename methods to remove redundancy.
* Update bins to freshly compiled version.
* Use the Rex Table functionality instead of custom look.
* Use the `usage` feature of the Arguments class for help.
 2013-10-29 21:22:05 +10:00
OJ 606411de81 Fix mimikatz error when password is nil 
In some cases the password value that comes out of mimikatz results
is `nil`, instead of an empty string. This fixes this so that if
the string is `nil` is falls back to an empty string, resulting in
the call to `gsub` working instead of failing.
 2013-10-29 15:13:32 +10:00
Tod Beardsley b5f26455a3
Land #2545, javascript library overhaul 2013-10-23 16:12:49 -05:00
sinn3r ee95ca5e2b
Land #2158 - Fix NoMethodError undefined method `split' for nil:NilClass 2013-10-22 16:01:27 -05:00
sinn3r e1c4aef805
Land #1789 - Windows SSO Post Module 2013-10-22 15:48:15 -05:00
sinn3r afcce8a511 Merge osdetect and addonsdetect 2013-10-22 01:11:11 -05:00
sinn3r 19615ac4b7 Apparently I missed a lot of stuff 2013-10-21 21:02:01 -05:00
sinn3r fcba529ea5 Update coding format 2013-10-21 20:54:25 -05:00
sinn3r ea56c4914c Need this file 2013-10-21 20:17:38 -05:00
sinn3r 9a3e719233 Rework the naming style 2013-10-21 20:16:37 -05:00
OJ cf65f59a28 Retry shell without thread impersonation 
In certain scenarios on Windows XP there are times when creating a
shell fails with the error `ERROR_PRIVILEGE_NOT_HELD`. When this
happens the user will usuall fallback to a non-impersonated shell
via the command: `execute -f cmd.exe -H -i -c`

This patch catches the error, warns the use of the failure and then retries
to create the interactive shell without the `-t` flag.
 2013-10-21 15:29:19 +10:00
OJ 4e90394c7f
Add support for CF_DIB clipboard formats 
Image data copied to the clipboard, such as a screenshot, is converted to a JPEG using GDI+, and downloaded to the local loot folder.

This feature doesn't work with W2K as a result, but that doesn't really bother me. The code is simpler and much smaller as a result and doesn't require the inclusion of the jpeg library code.
 2013-10-21 00:05:42 +10:00
sinn3r 2d24824e78 Use data_directory instead of install_root 2013-10-19 17:55:03 -05:00
sinn3r 8a94df7dcd Change category name for base64 2013-10-18 21:20:16 -05:00
sinn3r 62dadc80d3 Make sure the data type for the return value is a string 2013-10-18 21:08:46 -05:00
sinn3r 298f23c91c Fix extra slashes that cause browser autopwn to fail. 2013-10-18 20:43:39 -05:00
Tod Beardsley ffcb86eba2
Land #2541, Outpost24 importer 
Sample data is currently secret. If we get a hold of non-secret sample
data, it'll be tacked on to the Redmine bug referenced below.

[FixRM #8384]
 2013-10-18 13:21:58 -05:00
Tod Beardsley f6675f3120
Reordered case statements 2013-10-18 13:21:28 -05:00
sinn3r 8579cb8322 Use obfuscation 2013-10-18 13:06:19 -05:00
William Vu 93ff9ec501 Create methods for start_element for readability 2013-10-18 12:20:43 -05:00
William Vu ff69e9fd05 Move product info code to a better location 2013-10-18 12:07:34 -05:00
sinn3r 3af38b9602 I bet "../" will drive people crazy, avoid that. 2013-10-18 11:56:03 -05:00
William Vu e6cccedad0 Append vuln info to vuln description 2013-10-18 11:31:54 -05:00
sinn3r b0d614bc6a Cleaning up requires 2013-10-18 01:47:27 -05:00
sinn3r c926fa710b Move all exploitation-related JavaScript to their new home 2013-10-17 16:43:29 -05:00
William Vu 12151650e4 Add product info to hosts and services :) 2013-10-17 16:18:27 -05:00
William Vu 06c7943f54 Import hostnames without breaking everything 2013-10-17 15:31:48 -05:00
William Vu 920e406526 Import CVE refs and db.emit all the things 2013-10-17 14:29:54 -05:00
OJ d4d4839dc2
Add size (bytes) of the files on the clipboard 
Output of the `clipboard_get_data` call now includes the size
of each file in bytes.
 2013-10-16 22:54:55 +10:00
OJ afc5e282a9
Add CF_HDROP file support to the clipboard 
`clipboard_get_data` has been changed so that raw text is supported and file listings are supported.

If files are on the clipboard, those files and folders are listed when this command is run. To download the files, pass in the `-d` option.
 2013-10-16 17:46:22 +10:00
sinn3r 0081e186f7 Make sure i var is local 2013-10-15 23:59:23 -05:00
William Vu ad8af02021 Add my wonderfully simplistic Outpost24 parser 2013-10-15 16:34:46 -05:00
sinn3r 4c91f2e0f5 Add detection code MS Office 
Add detection code for MS Office XP, 2003, 2007, 2010, and 2012.

[SeeRM #8413]
 2013-10-15 16:27:23 -05:00
sinn3r 41ab4739e3
Land #2520 - Add detection for FF 22 - 24 2013-10-15 15:17:43 -05:00
OJ 414a814d5d
Add the start of clipboard support 
This commit adds support for getting text-based information from the
victim's clipboard and for setting text-based data to the victim's
clipboard. Early days, with much wiggle room left for extra fun
functionality.
 2013-10-15 23:57:33 +10:00
OJ ea89b5e880
Add support for child window enumeration 
Children of windows can now be enumerated via the -p parameter, which
specifies the handle of the parent window to enumerate.

There is also a -u parameter which includes unknown/untitled windows
in the result set.
 2013-10-15 18:02:27 +10:00
joev 711fac08b7 Don't throw exception if createElement is missing. 2013-10-14 14:15:13 -05:00
joev 183940308b Add another nil check, just to be safe. 2013-10-14 13:55:54 -05:00
joev 20a145f1e7 Check for prop in prototype, not constructor. 2013-10-14 13:51:45 -05:00
joev 488ed5bd4a Add new feature detection logic for FF 23 and 24. 2013-10-14 13:41:26 -05:00
Meatballs cad717a186
Use NDR 32bit syntax. 
Compatible with both x86 and x64 systems.
Tidy up the module...
 2013-10-12 18:52:45 +01:00
Tod Beardsley 876d4e0aa8
Land #1420, WDS scanner 2013-10-11 16:53:25 -05:00
OJ b99af52279 Improve extapi ruby structure, add bins 
The extapi project will get bigger over time so this change allows for the code to get
bigger without becoming a headache before it starts.

Added binaries to this commit as well.
 2013-10-11 09:52:23 +10:00
Tod Beardsley 85112e8704
Land #2413, axe callcc 
This is the only time callcc is used in the entire codebase, too, so
this apparently removes a roadblack to non-MRI Rubies, so that's nice.
 2013-10-10 14:55:55 -05:00
Meatballs 378f403fab
Land #2453, Add stdapi_net_resolve_host(s) to Python Meterpreter. 
Moves resolve_host post module to multi and depreciates Windows module.
Resolve will now return nil for failed lookups instead of an empty
string.
 2013-10-10 20:13:06 +01:00
OJ cbaeebeff7 Add service_query to ext_server_extapi 
Once the user has queried the list of services they can now use the
`service_query` function to get more detail about a specific service.
 2013-10-11 01:02:51 +10:00
OJ 23340e9df0 Add service_enum to the ext_server_extapi extension 
This commit adds the ability to enumerate services on the target machine,
showing the PID, the service name, the display name and an indication of
the service's ability to interact with the desktop.

Some other small code tidies were done too.
 2013-10-10 21:23:23 +10:00
kernelsmith adbcace9dd
Land #2458, OJ's Meterpreter railgun multi call fix 
also [FixRM #8269]
 2013-10-10 00:38:44 -05:00
Spencer McIntyre 6c382c8eb7 Return nil on error, and move the module to post/multi. 2013-10-09 16:52:53 -04:00
OJ 47801c17b3 MSF started to the extended API with window enum 
Decided to kick off a new extended API extension with mubix and
kernelsmith to include some more advanced enumeration stuff. The goal of
this extension is to take stuff that wouldn't be part of the std api but
is rather useful for enumeration of a target once meterpreter has been
established.

This commit kicks things off with enumeration of top level windows on the
current desktop.
 2013-10-09 22:25:43 +10:00
Markus Wulftange e895a17722 Add 'no quotes' option for CmdStagerPrintf 
Exploit developers can use the ':noquotes => true' option to avoid
single quotes surrounding the octal escapes argument.
 2013-10-08 21:04:28 +02:00
jvazquez-r7 2593c06e7c
Land #2412, @mwulftange's printf cmd stager 2013-10-08 09:08:29 -05:00
Markus Wulftange 6f7d513f6e Another clean up and simplification of CmdStagerPrintf 2013-10-08 07:22:09 +02:00
Markus Wulftange 836ff24998 Clean and fix CmdStagerPrintf 
Clean up of the CmdStagerPrintf as discussed in mwulftange#1
 2013-10-05 10:39:55 +02:00
sinn3r 77cbb7cd19 Update function documentation 2013-10-04 15:18:27 -05:00
sinn3r 29d1c75d1c Update RopDb mixin to allow dynamic payload size for neg 
This adds a new key to allow a "safe" integer value to NEG. "Safe"
means the value does not have any null bytes after the NEG instruction,
which is typically used to calculate the payload size.
 2013-10-03 23:09:23 -05:00
OJ 21afa9defe Meterpreter railgun multi call fix 
Modifications accommodate changes in the multi-call railgun code that
were made to Meterpreter.

This also includes a fix for Redmine 8269, so the Windows constants
now work correctly with the multi-calls.
 2013-10-04 12:04:18 +10:00
jvazquez-r7 758fd02619 Windows 7 SP1 and newer fail when forcing IPv6 sockets 2013-10-02 09:45:51 -05:00
OJ 82162ef486 Add error message support to railgun 
This code was lost in the transition when the meterpreter source was
removed from the metasploit-framework source. I'm pulling this in by
request of @dmaloney-r7 who originally requested this code be inculded
as part of https://github.com/rapid7/metasploit-framework/pull/740

I added an extra bit of code to free up memory that is allocated by the
call to FormatMessage and forced the ASCII-version (FormatMessageA) of
the call.

This PR is the MSF side of https://github.com/rapid7/meterpreter/pull/26
 2013-10-01 17:23:08 +10:00
Tod Beardsley 7cc2ad55a6
Land #1770, unattend.xml snarfing modules 2013-09-27 16:04:38 -05:00
Tod Beardsley 63d638888d Get rid of interior tabs 2013-09-27 16:04:03 -05:00
Tod Beardsley d869b1bb70 Unless, unless everywhere. 2013-09-27 15:55:57 -05:00
Tab Assassin c94e8a616f Retabbed to catch new bad tabs 2013-09-27 13:34:13 -05:00
Tod Beardsley 869c10af04
Land #2396, aspx-exe shellcode generator 
Looks good to me, specs are all happy (also added a #to_h spec)
 2013-09-27 11:42:16 -05:00
Joshua J. Drake d04c47d2b7 Remove comment since it was addressed in 4500d09c2f 2013-09-26 19:47:54 -05:00
Tod Beardsley 701410f608
Land #2414, portfwd teardown and recreate 
[FixRM #8240]
 2013-09-25 17:40:47 -05:00
Tod Beardsley 1a515093cb Idiomatic Ruby 
Assuming this gets accepted, this should [FixRM #8240]. Take a look, and
if you're good with it, I'll land on master. Everything seems to work
out on this end.
 2013-09-25 17:26:00 -05:00
jvazquez-r7 9cc446ae2a Get cookies with empty values 2013-09-25 14:31:34 -05:00
jvazquez-r7 58d4096e0f Resolv conflicts on #2267 2013-09-25 13:06:14 -05:00
joev 99e46d2cdb Merge branch 'master' into cve-2013-4660_js_yaml_code_exec 
Conflicts:
	modules/exploits/multi/handler.rb
 2013-09-25 00:32:56 -05:00
Meatballs f1e563d375 Merge branch 'master' of github.com:rapid7/metasploit-framework into enum_ad_perf 2013-09-24 19:08:52 +01:00
OJ 0038bb90b1 Remove unncessary counter var 2013-09-24 13:35:29 +10:00
OJ b91e344815 Add code to recreate the forwards after migration 
* Feels like a bit of a hack job, but it works.
 2013-09-24 13:27:58 +10:00
James Lee 487f68f4d2 Get rid of callcc 
[SeeRM 8407]
 2013-09-23 19:36:26 -05:00
FireFart 7c4708b1df -) Fix get_cookies to return multiple cookies. Before it only returned the first cookie 
-) Bugfix
 2013-09-23 23:59:45 +02:00
Tod Beardsley e885ab45b6
Land #1734 Metasploit side for ip resolv 2013-09-23 16:18:40 -05:00
Markus Wulftange 10252ca6f4 Just Rex::Text.to_octal is probably better 2013-09-23 23:03:38 +02:00
Markus Wulftange 9353929945 Add CmdStagerPrintf 2013-09-23 22:02:29 +02:00
sinn3r b6c7116890 Land #1778 - Mimikatz Fix for table.print and x86 warning 2013-09-20 16:13:53 -05:00
Meatballs 5add142789 Choose smallest smallest 2013-09-20 13:47:51 +01:00
Tod Beardsley e9e1b28ba8
Land #2371, echo -e cmd stager 2013-09-19 14:47:39 -05:00
Meatballs 11bdf5d332 New pull 2013-09-19 19:57:38 +01:00
Meatballs 72155f8e9e Comment update 2013-09-19 19:46:05 +01:00
OJ 598e85a8d9 Fix for dangling port forwards 
Code tears down the port forwards prior to migrating so that we don't end up with dangling connections that don't work.
 2013-09-19 19:27:54 +10:00
Tod Beardsley f4e2e0ac11 Clear report_data on each host report 2013-09-18 17:11:22 -05:00
jvazquez-r7 dd7010d272 Fix @todb-r7 feedback 2013-09-17 20:54:19 -05:00
Tod Beardsley dae8847c4d
Land #2374, more complete 32/64 migrate fix 
[FixRM #8395]
 2013-09-17 14:52:04 -05:00
James Lee 21055f6856 Add x86 to meterpreter's binary suffix 
This makes x86 more consistent with x64.

Also replaces a bunch of instances of:
  File.join(Msf::Config.install_root, 'data', ...)
with the simpler
  File.join(Msf::Config.data_directory, ...)

[See rapid7/meterpreter#19]
 2013-09-16 21:52:04 -05:00
Joe Vennix d954d64f69 Add NODEJS arch constants. 2013-09-16 21:33:44 -05:00
Joe Vennix 217449a836 Ensures termination of inner while loop and cleans up #map. 
* Tested working against ubuntu target using the sshexec test script.
 2013-09-16 20:42:20 -05:00
jvazquez-r7 edec022957 Use shellwords, as recommended by @jvennix-r7 2013-09-16 16:35:45 -05:00
James Lee d6954e9ce7 Fix migrate from 32- to 64-bit processes 
In some cases, it was possible to end up in a situation where the x64
reflective library hadn't been loaded by the time a user typed migrate.
If the target process was 64-bit, msfconsole would error out with a
NoMethodError and much sadness would ensue.

[See #2356]
 2013-09-16 16:04:50 -05:00
jvazquez-r7 a5049df320 Add echo CmdStager 2013-09-16 11:35:05 -05:00
Meatballs b4d1fd6ff8 Fixup rex text 2013-09-13 21:15:28 +01:00
Meatballs 9ade4cb671 Refactor 2013-09-13 20:43:09 +01:00
HD Moore 72dff03426 FixRM #8396 change all lib use of regex to 8-bit pattern 2013-09-12 16:58:49 -05:00
Tab Assassin 8bc83f4922 Retab changes for PR #1420 2013-09-05 16:21:26 -05:00
Tab Assassin d6a7ce5328 Merge for retab 2013-09-05 16:21:13 -05:00
Tab Assassin 785c2eeb95 Retab changes for PR #1421 2013-09-05 16:20:04 -05:00
Tab Assassin a5cf67a9af Merge for retab 2013-09-05 16:19:51 -05:00
Tab Assassin b3b8cee870 Retab changes for PR #1473 2013-09-05 16:19:05 -05:00
Tab Assassin 0ba4e1da65 Merge for retab 2013-09-05 16:18:56 -05:00
Tab Assassin 3c1df47314 Retab changes for PR #1681 2013-09-05 16:10:40 -05:00
Tab Assassin a231e85293 Merge for retab 2013-09-05 16:10:28 -05:00
Tab Assassin 2e9096d427 Retab changes for PR #1734 2013-09-05 14:59:41 -05:00
Tab Assassin 322ed35bb4 Merge for retab 2013-09-05 14:59:34 -05:00
Tab Assassin 2846a5d680 Retab changes for PR #1770 2013-09-05 14:57:40 -05:00
Tab Assassin 269c1a26cb Merge for retab 2013-09-05 14:57:32 -05:00
Tab Assassin 701513a212 Retab changes for PR #1778 2013-09-05 14:56:35 -05:00
Tab Assassin 3788bab8e5 Merge for retab 2013-09-05 14:56:30 -05:00
Tab Assassin 26b8364dcb Retab changes for PR #1789 2013-09-05 14:44:21 -05:00
Tab Assassin 789be1fe3e Merge for retab 2013-09-05 14:44:14 -05:00
Tab Assassin 81479a6ade Retab changes for PR #2093 2013-09-05 14:31:10 -05:00
Tab Assassin 8a76b3390d Merge for retab 2013-09-05 14:31:05 -05:00
Tab Assassin 874ed2ac17 Retab changes for PR #2107 2013-09-05 14:30:08 -05:00
Tab Assassin 27564b2de2 Merge for retab 2013-09-05 14:30:03 -05:00
Tab Assassin daed98931e Retab changes for PR #2158 2013-09-05 14:19:55 -05:00
Tab Assassin 27fd54092a Merge for retab 2013-09-05 14:19:49 -05:00
Meatballs 051ef0bdfa Refactor to common post module 2013-09-02 20:24:54 +01:00
Tab Assassin 7e5e0f7fc8 Retab lib 2013-08-30 16:28:33 -05:00
Meatballs 1ea3d91f48 Lands #2244 Python Meterpreter 
[Closes #2244]
 2013-08-30 14:33:35 +01:00
Meatballs 526e504531 More fix 2013-08-25 12:21:37 +01:00
Meatballs d45d37bc38 Really fix... 2013-08-25 00:18:50 +01:00
Meatballs 83da0b3a57 Correct fname 2013-08-25 00:17:26 +01:00
Meatballs 19e47d5e82 Really fix war 2013-08-25 00:06:31 +01:00
Meatballs b4b59aa065 Add guards against empty payloads 2013-08-24 11:59:59 +01:00
Meatballs 09ceeb5de2 Fix war generation 2013-08-23 20:06:57 +01:00
Meatballs 41b1b30438 vba transform 2013-08-23 18:00:19 +01:00
Meatballs 7370fc3f4e vbs transform 2013-08-23 16:26:03 +01:00
Meatballs 5040347521 Fix psh and add powershell transform 2013-08-23 15:59:19 +01:00
Spencer McIntyre e276b57ee7 Merge remote-tracking branch 'upstream/master' into python-meterpreter-dev 2013-08-19 08:37:12 -04:00
James Lee ed00b8c19e Ensure checksum* methods return a Fixnum 
Fixes a bug in reverse_http* stagers where requests for the root URI
(i.e., "/") cause a NoMethodError on nil returned by checksum8.

[See #2216]
 2013-08-14 14:09:37 -05:00
James Lee 3827b14103 Land #1726, ssl verify mode 
Conflicts:
	lib/rex/socket/parameters.rb
Fix doc strings
 2013-08-12 17:57:10 -05:00
Meatballs 08c32c250f File versions 2013-08-08 19:42:14 +01:00
Spencer McIntyre 2d69174c5b Initial commit of the python meterpreter. 2013-08-05 23:38:49 -04:00
RageLtMan 7c46e95e8f Merge branch 'master' of https://github.com/rapid7/metasploit-framework into powershell_import 2013-07-31 18:34:57 -04:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff 
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
 2013-07-29 21:47:52 -05:00
jvazquez-r7 455569aee8 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-29 12:10:12 -05:00
Meatballs b99ad41a64 Add api constants and tidy 2013-07-26 01:48:39 +01:00
Meatballs 0235e6803d Initial working 2013-07-25 23:24:11 +01:00
Meatballs 1d2d4b5345 Add some null checks 2013-07-25 18:35:11 +01:00
jvazquez-r7 47c21dfe85 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-24 11:42:11 -05:00
Tod Beardsley 00630376c3 Revert the default call to firefox 
This reverts commit 0928a370f3.

No, no, you guys are right in the comments for #2148. The call to
system is inside the else, but the tabbing made my eyes cross.
Sorry about that. Someday soon, @tabassassin will save us all from these
kinds of screw ups in mental parsing.
 2013-07-23 16:13:02 -05:00
William Vu d493346691 Land #2137, fixes and specs for Opt containers 2013-07-23 15:58:09 -05:00
David Maloney 621568bf8f Another Error Type needs caught 
Different systems throw a different error
Need to rescue that error too
 2013-07-23 15:47:42 -05:00
William Vu 86ab942435 Land #2146, Unix and Windows path normalization 2013-07-23 15:23:41 -05:00
Tod Beardsley 0928a370f3 Adding back default firefox 
the default is triggered only outside the case statement, which itself
is totally bizarre. I can't tell if anyone is relying on this behavior
right now, but it's too premature to just remove it out at this point.
 2013-07-23 14:43:30 -05:00
Tod Beardsley 53c3fd2ce7 Update comment docs on Rex::Compat.open_browser 2013-07-23 14:38:04 -05:00
ZeroChaos ce5742461a update open_browser functionality 
open_browser didn't support xdg-open or firefox-bin.  xdg-open was made the default as it is the most likely to succeed afaik.

the fallback to firefox was removed because since we check for the existence of firefox is makes no sense to try to run it after we failed to find it.  This will silently fail if no supported browser is found due to suggestions from the msf team:

< Zero_Chaos> more importantly, it would be great if someone told me how to spit out a message to the user
< Zero_Chaos> because I have no clue :-)
<@egypt> Zero_Chaos: it's in rex, so the answer is "don't"
 2013-07-23 14:58:16 -04:00
Tod Beardsley bb16683415 Land #2087, @egypt's random ID generator 2013-07-23 13:52:08 -05:00
sinn3r 958a4edd73 Keep the trailing slash if the user wishes 2013-07-22 20:46:18 -05:00
sinn3r 359009583f Drop support for UNC path parsing in normalize_win_path 
Not really a good idea to try to parse UNC format. Confuses the
purpose of the function.
 2013-07-22 20:20:45 -05:00
sinn3r 4b3fce9349 Add functions to normalize Winodws & Unix paths 
The purpose of these functions is to be able to join file/dir paths
safely without trailing slashes, basically for the same reason as
normalize_uri.  Some modules are really buggy when merging paths,
so instead of letting them do it, it's better to use these functions.
 2013-07-22 19:26:04 -05:00
jvazquez-r7 15b0e39617 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-21 13:47:40 -05:00
RageLtMan dc15c5b505 Merge branch 'master' into powershell_import 
Resolve conflicts from old code being pulled into master.

Conflicts:
	lib/msf/core/exploit/powershell.rb
	modules/exploits/windows/smb/psexec_psh.rb
 2013-07-20 19:29:55 -04:00
sinn3r 757cf18bb4 Land #2135 - Update FF detection 2013-07-20 13:10:14 -05:00
Joe Vennix 92ae90b828 Whitespace fixes. 2013-07-19 17:27:27 -05:00
Joe Vennix 2e838d7be3 Fix minor bugs discovered when testing. 2013-07-19 17:18:39 -05:00
Joe Vennix 7e2fc147f1 Add updated versions of firefox. 2013-07-18 16:35:57 -05:00
David Maloney ec82644bd3 mo fixes mo specs 
SEERM #7536
SEERM #7537
 2013-07-18 15:00:57 -05:00
jvazquez-r7 58229ff8b7 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-17 20:18:48 -05:00
James Lee 9d56e58e84 Rely on object detection for '5716599' 
[SeeRM #7252]
 2013-07-17 15:47:25 -05:00
jvazquez-r7 458ac5f289 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-17 15:02:33 -05:00
jvazquez-r7 11f8b351c0 Merge branch 'nvidia' of https://github.com/Meatballs1/metasploit-framework 2013-07-17 11:44:42 -05:00
William Vu 54af2929f5 Land #2109, kill stray character 2013-07-16 11:11:06 -05:00
Joe Vennix 34e732eabd Kill stray character in whitespace gutter. 2013-07-16 10:14:41 -05:00
RageLtMan 987d6a671f Allow passing MaxChar to Rex::Ui::Text::Table cols 
Passing MaxChar allows setting the maximum number of characters
printed within a specific column during the row_to_s method.
This does not affect CSV output nor truncate the actual data.
Meant for tidying up long console ouput.

Example: cleaned up cmd_creds to show proof and not maul tables
with unix session data.
 2013-07-10 20:00:40 -04:00
James Lee 85affe4d47 Land #2089, smb last_filename can be nil 2013-07-10 14:18:00 -05:00
James Lee 4cc179a24c Store inverted hash for better lookups 
Also clarifies comment about infinite loops
 2013-07-10 12:38:42 -05:00
sinn3r 71974a8535 to_addr_hex_dump is never used and is too similar to to_hex_dump 
Not so much value in to_addr_hex_dump, as Meatballs1 suggested, we
should remove this.
 2013-07-10 11:09:47 -05:00
sinn3r add294d999 Fix potential nil in last_filename 
Replacing #2060.  It is possible to get a nil in last_filename if
the sub! function doesn't find any 0x00s to replace, so instead
it's best to use sub(), which should at least return the original
filename.  To make sure we don't hit any other unknown conditions
that may result in nil last_filename, it's also convert with to_s
to make sure it's always a string.
 2013-07-09 12:50:19 -05:00
James Lee afa6a36df3 Make first char's character class configurable 2013-07-09 02:50:28 -05:00
James Lee 273046d8f0 Add a class for generating random identifiers 
Will be useful for all kinds of things, but brought about in discussions
specifically for Util::EXE in #2037.
 2013-07-09 02:06:44 -05:00
Meatballs 0ce3fe2e7c Added service status checks to Post::Windows::Services 
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
 2013-07-05 22:25:04 +01:00
RageLtMan 4554cc6e51 Import Powershell libs and modules (again) 
Add Rex powershell parser:
 reads PSH, determines functions, variables, blocks
 compresses and cleans up the code it's read, obfuscates
 handles string literals and reserved variable names
 extracts code blocks and functions for reuse
  turns powersploit into a useful sub-component for MSF
Rewire Msf powershell modules
 Make use of Rex parser
 Handles payload generation, substituions
 Brings convenience methods - byte array generation and download
 Re-add .NET compiler
  Compiles .NET code (C#/VB.NET) in memory
  Can generate binary output file (dynamic persistence)
  Handles code-signing (steal cert with mimikatz, sign your bin)
  Not detected by AV (still...)
 Update payload generation
  GZip compression and decompression (see Rex module as well)
  msftidy violations for space efficiency - each char counts
Re-submit psexec-psh
 Makes use of updated Msf and Rex modules
 Runs shellcode in-memory (in a hidden PSH window)
 Completely bypasses all AVs tested for the last year...
 2013-07-04 14:04:19 -04:00
William Vu 28a4a05991 Land #2046, base argument for to_hex_dump 2013-07-02 12:11:05 -05:00
sinn3r 98c214d2fb Allow 0 base address, and dynamic left column length 2013-07-02 11:40:23 -05:00
jvazquez-r7 2ceb404f7d Land #2047, @hmoore-r7 ipmi related work 2013-07-02 11:13:25 -05:00
sinn3r 9eb32ea9af Allow "base" argument for to_hex_dump 
[SeeRM:#8121] - For debugging purposes, it's useful to be able to
specify a base.
 2013-07-01 23:56:51 -05:00
jvazquez-r7 2751470c71 Add @jlee-r7's feedback to sapni proxies support 2013-07-01 21:37:53 -05:00
jvazquez-r7 9c4d869ed8 Land #1018, @nmonkee's support for sap router proxies 2013-07-01 21:36:02 -05:00
HD Moore 8e4dd29a4c Add cipher zero scanner 2013-06-30 02:35:37 -05:00
HD Moore 4fb6fa67f2 Fix require for constants, trim useless fields from banner 2013-06-26 09:59:40 -05:00
HD Moore 84117e28a8 Remove stale constants.rb require 2013-06-26 09:52:15 -05:00
James Lee b3b94c7a73 Break packet classes into their own files 
This makes the file structure match the class structure and makes the
source tree easier to grok.
 2013-06-24 19:24:09 -05:00
HD Moore 1801a5a270 Better HP iLO compatibility (retry on session ID error) 2013-06-24 14:23:53 -05:00
HD Moore c869112407 Cleanup, reporting, and automatic cracking 2013-06-23 01:35:31 -05:00
HD Moore 5656e0cb7a Initial commit of IPMI library, scanner, & cracker 2013-06-22 23:38:28 -05:00
Meatballs 6c62463f83 Add ipv6 resolution and remove nix 2013-06-20 22:17:31 +01:00
jvazquez-r7 1aff778a79 Fix unpack 2013-06-18 09:06:44 -05:00
jvazquez-r7 3f665ba5a0 Skip also max-age from cookies 2013-06-17 14:04:08 -05:00
Meatballs 1637651bbb Revert multilang test 2013-06-15 17:48:32 +01:00
Meatballs 62e335dab2 Resolve conflict 2013-06-15 17:40:37 +01:00
Meatballs fc7d151273 Add multilang syscheck 2013-06-15 17:39:01 +01:00
jvazquez-r7 f5b00512e0 Fix sap ni proxy, hopefully 2013-06-13 17:15:48 -05:00
Brandon Perry 3cb851e4e0 Merge remote-tracking branch 'todb-r7/fix-msftidy-1944' into csharp_payload 2013-06-12 17:29:00 -05:00
Brandon Perry 0f06e9b08c Merge branch 'master' of https://github.com/rapid7/metasploit-framework into csharp_payload 2013-06-12 17:27:55 -05:00
Tod Beardsley 9c75d821d1 Fix up msftidy warnings on rex/text.rb 2013-06-12 11:17:58 -05:00
Brandon Perry d0e1e4df0a This commit adds support for C# byte arrays for the assembly payloads. 2013-06-11 19:27:06 -05:00
James Lee af613ee254 Add a more readable #inspect 2013-06-11 15:22:49 -05:00
sinn3r 937d7fb762 Landing #1835 - Fix a backwards disasm bug which stomps on the depth opt 2013-05-31 16:28:49 -05:00
sinn3r df2140ea59 Add back the tmp include check according to bannedit's feedback 2013-05-31 16:26:52 -05:00
sinn3r dacc73a60f Improve readability based on Egypt's feedback 2013-05-31 16:24:27 -05:00
Tod Beardsley 14c4dbcf8c Also remove *.ts.rb files 
On the heels of #1862, this gets rid of the "test suites" that bound
together all the old unit tests.
 2013-05-28 17:05:44 -05:00
Samuel Huckins e20385dd9e Merge pull request #1864 from dmaloney-r7/feature/task_associations/cred_service_host 
Passes specs and functional tests
 2013-05-28 12:11:57 -07:00
James Lee 9843dc4cb4 Land #1708, android meterpreter 
Conflicts:
	data/meterpreter/ext_server_stdapi.jar
 2013-05-28 12:19:45 -05:00
David Maloney 0f21861921 Add task handling to imports 
allow imports to carry along task info

[Story #49167601]
 2013-05-23 13:33:19 -05:00
Tod Beardsley 05916c079e Inline unit tests are so last decade 
Aside from codebase-wide changes, nearly all of these tests haven't been
touched since before 2010, and there is no effort to maintain this style
of testing. We've moved on to (correctly) seperating out our tests from
our codebase.
 2013-05-23 12:41:14 -05:00
James Lee f4498c3916 Remove $Id tags 
Also adds binary coding magic comment to a few files
 2013-05-20 16:21:03 -05:00
bannedit 031bb2eb0b Fix a backwards disasm bug which stomps on the depth option 2013-05-15 22:08:50 -04:00
James Lee 61afe1449e Landing #1275, bash cmdstager 
Conflicts:
	lib/rex/exploitation/cmdstager.rb

Conflict was just the $Id$ tag, which is no longer used anyway.
 2013-05-15 10:44:05 -05:00
Joshua J. Drake c71b57764e Add a Python buffer formatter and update msfpayload to enable using it 2013-05-13 20:41:15 -05:00
Meatballs 7fb092c58c Initial commit 2013-05-02 22:08:19 +01:00
Tasos Laskos 6bf19c6fb8 HTTP::ClientRequest: Should handle nils in params 
When hashes for params contain nils, they should be converted to empty
strings instead of crashing.

* #to_s: Calls #to_s on vars_get and vars_post data
* #set_encode_uri: Calls #to_s on its arg
 2013-04-30 22:01:00 +03:00
Meatballs 293c847a32 Fix table.print 2013-04-29 22:02:41 -05:00
Meatballs 69dead8c8f Tidier 2013-04-29 23:17:11 +01:00
Meatballs 36ef2cb5a1 x86 warning for mimikatz 2013-04-29 23:14:32 +01:00
Meatballs 02788f71d9 Fix table.print 2013-04-29 22:37:02 +01:00
James Lee d53d6370b3 Land #1747, mimikatz meterpreter extension 
[Closes #1747]

See rapid7/meterpreter#9
 2013-04-29 14:45:07 -05:00
sinn3r 1d9a695d2b Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238) 
[Closes #1772]
 2013-04-28 12:17:16 -05:00
Meatballs bbd53a2dbd Add domain to get_cookies 2013-04-26 20:34:21 +01:00
Meatballs b25b9e769c Msftidy 2013-04-26 20:30:04 +01:00
Meatballs 1f2cab7aef Tidyup and getcookies 2013-04-26 20:26:04 +01:00
Meatballs 9ad19ed2bf Final tidyup 2013-04-26 15:41:28 +01:00
Meatballs c7ac647e4e Initial attempt lfi 2013-04-26 14:32:18 +01:00
Meatballs d8430c83cf Add simple rspec 2013-04-26 00:47:00 +01:00
Meatballs 668dd78587 Msftidy 2013-04-26 00:21:31 +01:00
Meatballs e2bf4882f0 Add domain join parse 2013-04-26 00:20:10 +01:00
Meatballs 235887ccb5 Finished 2013-04-25 23:25:05 +01:00
James Lee 93bddd9041 Improved docs and partial specs for Rex::Text 
Conflicts:
	lib/msf/core/modules/loader/base.rb
	lib/rex/poly/block.rb
	lib/rex/text.rb
 2013-04-23 17:24:03 -05:00
Meatballs fab1781812 Refactored to send custom commands 2013-04-22 10:04:38 +01:00
Meatballs 6656514616 Msftidy 2013-04-21 14:34:47 +01:00
Meatballs fc621e8d7e Parse ssp correctly 2013-04-21 10:55:01 +01:00
Meatballs 83fbc3e46f Small fix and attribution to gentilkiwi 2013-04-21 00:36:43 +01:00
Meatballs cec737d399 tidy and table header 2013-04-20 18:05:47 +01:00
Meatballs b219a23f00 Refactoring 2013-04-20 18:00:46 +01:00
Meatballs 20849714ac Add all methods 2013-04-20 17:27:32 +01:00
Meatballs ddaa09edad Added msv 2013-04-20 16:31:45 +01:00
Meatballs 83578dec68 Getprivs by default 2013-04-20 14:59:07 +01:00
Meatballs a23d7bb66f Add client UI and parse results 2013-04-20 12:20:38 +01:00
Meatballs 5fa81942db Initial comms 2013-04-19 22:19:50 +01:00
Tod Beardsley 4d21c7dff5 Landing #1727, adding @jlee-r7's new fingerprints 2013-04-15 13:49:59 -05:00
Meatballs 67791c12a5 Small tidy 2013-04-14 11:18:45 +01:00
Meatballs 26479bbe82 Fixup resolve_host 2013-04-14 10:58:51 +01:00
Meatballs 6a7fc70274 Remove length stuff 2013-04-14 10:54:19 +01:00
Meatballs 6bca2b305f Typo 2013-04-14 10:44:00 +01:00
Meatballs 849b42ffb9 Further tidy 2013-04-14 10:42:15 +01:00
Meatballs 4b4f77eb0f Finalize 2013-04-14 10:32:56 +01:00
timwr 32bd812bdb android meterpreter 2013-04-12 18:57:04 +01:00
James Lee 2c8ec656ca Typo 2013-04-11 22:36:08 -05:00
James Lee 7df80c7aac Add a couple new IE fingerprints to osdetect.js 2013-04-11 22:29:02 -05:00
RageLtMan 1e93ae65e3 fix typo in parameters 2013-04-11 19:12:32 -04:00
RageLtMan 5ac18e9156 commant update 2013-04-11 19:11:25 -04:00
RageLtMan 6eb33ae5ed Rex::Socket::SslTcp set cipher and verify_mode 
Update Rex::Socket::SslTcp to accept verification mode string from
Rex::Socket::Parameters, which has been modified accordingly.
Add SSLVerifyMode and SSLCipher options (params and socket work
were done before, but the option was not exposed) to
Msf::Exploit::Tcp.

Testing:
```
>> sock = Rex::Socket::Tcp.create('PeerHost'=>'10.1.1.1','PeerPort'
=>443,'SSL' => true, 'SSLVerifyMode' => 'NONE')
>> sock.sslctx.verify_mode
=> 0
>> sock.close
=> nil
>> sock = Rex::Socket::Tcp.create('PeerHost'=>'10.1.1.1','PeerPort'
=>443,'SSL' => true, 'SSLVerifyMode' => 'PEER')
=> #<Socket:fd 13>
>> sock.sslctx.verify_mode
=> 1
```

Note: this should be able to resolve the recent SSL socket hackery
of exploit/linux/misc/nagios_nrpe_arguments.
 2013-04-11 18:00:33 -04:00
James Lee 6a0b240d10 Add some better docs for Rex::Socket 2013-04-10 12:41:41 -05:00
Meatballs e4ff7a2f2c Address egypt's feedback 2013-04-09 21:15:04 +01:00
Meatballs 3660ad8c0a Initial attempt 2013-04-07 23:03:43 +01:00
Meatballs d94360c451 Merge remote branch 'upstream/master' into enum_ad_perf 2013-04-07 14:29:45 +01:00
James Lee 067140643e Landing #1579, meterpreter mv 
See rapid7/meterpreter/#6
 2013-04-04 23:42:31 -05:00
James Lee ad46b46684 Landing #1463, Meatballs' cdecl fixes 2013-04-04 22:58:59 -05:00
Luke Imhoff 47842aa6a2 Fix 'Output is not a module' 
[#46491831]

I missed that Rex::Ui::Text::Output was a class and not a module, so
starting up prosvc fell over when it loaded
rex/ui/text/output/buffer/stdout, which also would screw up
msf/ui/console/command_dispatcher/core.rb where I original added
Rex::Ui::Text::Output::Buffer::Stdout.
 2013-04-01 20:16:28 -05:00
Luke Imhoff 2317e9cced Fix yard tag warnings 
[#46491831]
 2013-03-30 17:13:12 -05:00
Luke Imhoff 7ed2812ec3 Fix Cannot resolve link YARD warnings 
[#46491831]
 2013-03-30 16:58:49 -05:00
Luke Imhoff bc4b87ebd9 Fix Undocumentable method defined on object instance YARD warnings 
[#46491831]

Change code to use format that YARD can document without changing
semantics.
 2013-03-30 16:05:12 -05:00
Luke Imhoff c210260845 Fix Undocumentable method, missing name YARD warning 
[#46491831]

Comments at the start of the file with ## caused YARD to think the
comment was documenting the require call.  By removing the ##, the
warning disappeared.  I did not determine what is special about ## in
file comments.
 2013-03-30 15:32:38 -05:00
RageLtMan 0adb30c87a whitespace cleanup 2013-03-28 04:11:52 -04:00
RageLtMan ed3b1cecd4 Rex::Text::Ui::Table.new[find_by_colnames] 
Add :[] to ...Ui::Table allowing user to pass multiple colnames.
Returns a new table with only those columns and their rows.

Useful when using Rex to filter output, prep CSV, etc.

Testing:
```
t = Rex::Ui::Text::Table.new('Columns' => ['a','b','c'])
t << ['x','y','z']
t << ['p','q','r']
t['a','c']

=> a  c
-  -
p  r
x  z
```
 2013-03-28 04:02:31 -04:00
Tod Beardsley 91e3f4cca6 Merge 'kernelsmith/msfconsole-grep' 
Resolved a conflict between grep and go_pro (go_pro was added after
grep). Adds @kernelsmith's grep command. Josh is determined to have
msfconsole be his default shell, it seems.

[Closes #1320]

Conflicts:
	lib/msf/ui/console/command_dispatcher/core.rb
 2013-03-18 14:39:45 -05:00
RageLtMan d399093d80 Add Framework side of stdapi.fs.file.mv 
Add the appropriate methods to Rex side of the FS extension and
the commensurate command dispatcher.

Requires https://github.com/rapid7/meterpreter/pull/6 from the
meterpreter repo as well as compiling fresh DLL for
ext_server_stdapi.
 2013-03-12 02:06:38 -04:00
Spencer McIntyre bf54b582c9 Condense the decoder commands 2013-03-08 16:29:03 -05:00
Spencer McIntyre 8b5a83c7f5 Remove the DECODER option 2013-03-08 15:25:16 -05:00
Spencer McIntyre aceba9fc8a Revert "escape ticks and spaces in paths" 
This reverts commit 4c87b1ba36.
 2013-03-08 14:37:28 -05:00
James Lee 0a9b00e24c Apparently missed part of mubix's original changes 
Used by auxiliary/admin/smb/list_directory
 2013-03-07 21:20:46 -06:00
James Lee c3fa62cd59 Whitespace at EOL 2013-03-07 18:16:57 -06:00
Meatballs df3361df50 Merge branch 'master' into wds_scanner_repull 2013-03-07 20:09:44 +00:00
James Lee f05431791f Merge branch 'dmaloney-r7-feature/ssl/add_cipher_support' into rapid7 2013-03-07 12:54:39 -06:00
James Lee 27f43d3d1c Param name goes before type 2013-03-07 12:50:43 -06:00
James Lee c41bfa9141 Whitespace 2013-03-07 12:45:01 -06:00
David Maloney 06443ea4d0 yarddoc cleanup 2013-03-07 11:52:58 -06:00
David Maloney 007b26d918 dry up enumerators 2013-03-07 11:35:34 -06:00
David Maloney 7332d31523 fix some style things for egypt 2013-03-07 11:11:48 -06:00
James Lee 24c0da0adb Merge branch 'rapid7' into doc/cleanup-peparsey 2013-03-05 21:00:26 -06:00
James Lee 27727df415 Merge branch 'R3dy-psexec-mixin2' into rapid7 2013-03-05 14:36:55 -06:00
James Lee 3acccd71f7 Whitespace and doc fix 2013-03-05 14:35:27 -06:00
James Lee a64edb33c4 Make code sections look right in docs 2013-03-05 14:34:11 -06:00
David Maloney 6eb334c925 a little more coverage 2013-03-05 00:01:09 -06:00
David Maloney d909c00036 better spec coverage 2013-03-04 23:43:18 -06:00
David Maloney 3bb1b2b368 attempt to deal with specs 2013-03-04 19:25:20 -06:00
David Maloney c121a4e9dc Some more minor touchups 2013-03-04 18:42:08 -06:00
David Maloney 8b6b2fbce9 bad error handling fixed 2013-03-04 18:33:03 -06:00
David Maloney dc7c02e9e8 still trying to get around this sslv2 thing 2013-03-04 18:18:01 -06:00
David Maloney 246977e0cf Address openssl sslv2 issues 
Debian/Ubuntu ship openssl without sslv2 compiled in.
we now check for this ahead of time
 2013-03-04 17:39:28 -06:00
David Maloney 12201c519a make sure we close sockets 2013-03-04 16:34:29 -06:00
David Maloney 13ad5cf150 Merge branch 'master' into feature/ssl/add_cipher_support 2013-03-04 15:07:32 -06:00
David Maloney 6dcca7df78 Remove duplicated header issues 
Headers were getting duped back into client config, causing invalid
requests to be sent out
 2013-03-04 11:24:26 -06:00
David Maloney 6d811ce4b9 empty passwords should be allowed 2013-03-04 09:09:11 -06:00
David Maloney 4212c36566 Fix up basic auth madness 2013-03-01 11:59:02 -06:00
David Maloney 902948e5d3 cleanup options 2013-03-01 11:01:00 -06:00
James Lee 5a79fcd11e Ensure we build only one Authorization header 
Also fixes an issue where Host headers were generated with nil by
preferring the vhost from Client instead of the default nil from
ClientRequest.
 2013-02-28 13:47:30 -06:00
James Lee 425c245771 Axe set_cgi in favor of set_uri 
They were identical except for a couple of extra bugs in set_cgi.

Also changes ```split("/")``` to ```split("/", -1)```, which behaves
correctly when the input has a seperator at the beginning or end.
 2013-02-27 19:13:05 -06:00
James Lee b0745b090a Msf HTTP uses this directly, can't axe it 2013-02-27 17:54:31 -06:00
James Lee 4edd46216f Refactor config -> opts 
Puts all the evasion stuff in the same place as regular HTTP options to
make it easier to deal with.
 2013-02-27 17:29:26 -06:00
James Lee d5ae54cbb6 More accurate docs 2013-02-27 16:27:37 -06:00
James Lee d3b3587660 Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-27 14:01:57 -06:00
sinn3r 4085fa73c5 Merge branch 'stephenfewer-master' 2013-02-27 11:13:10 -06:00
James Lee 7a7dd8975f Hmm, turns out something actually used that 
Despite comments to the contrary
 2013-02-26 18:16:54 -06:00
James Lee 29df20996e Move most of the configuration into ClientRequest 
Also fixes in-place modification of the query string which resulted in
duplication of the GET parameters when calling #to_s more than once.
 2013-02-26 17:38:09 -06:00
David Maloney f16cec552a increase timeout with new checks 2013-02-26 14:27:04 -06:00
David Maloney 2ec2489f52 Test for general ssl before testing ciphers 2013-02-26 14:26:14 -06:00
James Lee 579c11bc69 Set reasonable defaults for more things 
All current tests are passing now
 2013-02-26 14:25:46 -06:00
James Lee d7de3b75a4 Format Authorization header like others 
Also sorts the set_*_header methods
 2013-02-26 14:18:20 -06:00
James Lee c206ac4998 Set some reasonable defaults 
Fixes a number of nil deref issues
 2013-02-26 14:15:51 -06:00
David Maloney 1cb2717fe7 fix weak and strong cipher enumerators 2013-02-26 14:13:17 -06:00
James Lee d463460da7 Default cgi to true when not given 2013-02-26 13:33:54 -06:00
James Lee 764bbbb8e5 Whitespace 2013-02-26 13:33:19 -06:00
James Lee 5e0161d3f7 Reflect new ClientRequst in docs 2013-02-26 13:31:24 -06:00
David Maloney 1869cb5f8d fix timeout 
20 seconds is way too long for jsut opening a socket
 2013-02-26 13:20:16 -06:00
James Lee 5ac20e1b02 Merge branch 'feature/http/authv2' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/http/authv2 
Conflicts:
	lib/rex/proto/http/client.rb
 2013-02-26 12:08:00 -06:00
David Maloney c104fa6d97 Add spec and a few fixes for set_uri 2013-02-26 11:01:16 -06:00
David Maloney d9627151c0 Add socket context option 
Add the option for a socket context so pivoting will work
 2013-02-25 15:01:42 -06:00
James Lee 1ce86b7adb Whitespace 2013-02-25 14:29:10 -06:00
James Lee e41922853e Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-25 14:15:22 -06:00
HD Moore 8e8fecd208 Prefer String#encode over Iconv for Ruby 2.0 compat 2013-02-24 13:10:16 -06:00
James Lee fc07bf16e7 Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-22 15:41:49 -06:00
David Maloney d15e202f19 Add some YARD docs 2013-02-20 18:47:20 -06:00
David Maloney 8d2233bbdd first minor cleanup 2013-02-20 15:33:24 -06:00
David Maloney accd620843 Clean up pry 2013-02-19 23:50:30 -06:00
David Maloney b2563dd6c2 trying to clean up the mess from the revert 2013-02-19 21:25:37 -06:00
David Maloney dac1147473 merge client config into opts 2013-02-19 19:41:42 -06:00
David Maloney de4234f0ad Some more YARD docs 2013-02-19 18:48:03 -06:00
David Maloney a4905e43a2 Fix the way creds are passed + YARD 
some ayrddocs on send_auth plus fix the wierd way i was passing creds
around
 2013-02-19 18:40:39 -06:00
David Maloney 0662677a72 First minor cleanup sweep 2013-02-19 17:19:16 -06:00
James Lee 867ab2f269 Whitespace 2013-02-18 19:01:03 -06:00
corelanc0d3r 0d4a6c6a04 support for searchforward option in egghunter 2013-02-18 12:45:49 +01:00
David Maloney d23ca8f599 Merge branch 'master' into feature/http/authv2 
Conflicts:
	lib/rex/proto/http/client.rb
 2013-02-17 22:58:23 -06:00
David Maloney 87d9af585e fix request_raw 2013-02-17 21:35:19 -06:00
David Maloney dd26b08197 first run at Clientrequest object 
need a reliable object class for request_raw and request_cgi so that we
can manipulate requests in a safe and sane manner. It is not a eprfect
solution, but should fix what we need for the auth work.
 2013-02-17 19:25:27 -06:00
James Lee a902480576 Break out subclasses into their own files 2013-02-17 06:57:35 -06:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444 
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
 2013-02-11 20:49:55 -06:00
Meatballs cbbfa1765e Handling for 1000 limit 2013-02-11 23:27:03 +00:00
David Maloney adfd26eb2d Cleanup to_s output 2013-02-11 17:08:14 -06:00
jvazquez-r7 d4d41f36d4 Merge branch 'bug/basic_auth' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-bug/basic_auth 2013-02-11 21:16:35 +01:00
David Maloney f90fdcd5eb Missed nil check 2013-02-11 13:14:05 -06:00
David Maloney 0ccf7dd58a trust any manualy set basic auth header 
for now we will assume the module author knows what they are doing.
 2013-02-11 13:06:26 -06:00
sinn3r 6e9232bf72 Merge branch 'addr_hex_dump' of github.com:Meatballs1/metasploit-framework into Meatballs1-addr_hex_dump 2013-02-11 11:31:54 -06:00
David Maloney 84534caae1 Fix expliciti basic_auth for http 2013-02-11 10:32:44 -06:00
David Maloney 0f9b16d07f Scanner class finished, result needs more work 
the result class needs a nice clean to_s method to print easily readable
output. mostly working now. a few more tweaks needed.
 2013-02-09 19:06:17 -06:00
Meatballs acdd952eb2 Initial commit 2013-02-09 21:50:12 +00:00
David Maloney c25d4b4863 Test Cipher method underway 
Trying to get a clever test plan under way to actually test the network
side of this. Not quite working yet
 2013-02-09 01:07:56 -06:00
David Maloney ebb0f166ca Accept propper formats for SSL version 
we were only accepting sloppy string values and not accepting input of
the actual symbols that OpenSSL expects in the first place. Allow the
user to enter it right themselves to be compat with OpenSSL
 2013-02-09 00:40:58 -06:00
David Maloney 38d0a244fd Beginings of the actual scanner 
configuration and configuration validation in place with tests.
 2013-02-09 00:03:58 -06:00
Meatballs 595cace025 Fixup wldap32 mistakes 2013-02-08 22:25:07 +00:00
Meatballs a980419285 msftidy 2013-02-08 21:02:37 +00:00
Meatballs a6fea39583 Change to wldap to allow cdecl 2013-02-08 21:01:22 +00:00
Meatballs a9bf09aa06 Add calling conv to railgun 2013-02-08 19:26:33 +00:00
David Maloney 3295157f78 More support for various checks 2013-02-08 13:25:49 -06:00
James Lee 5b3b0a8b6d Merge branch 'dmaloney-r7-http/auth_methods' into rapid7 2013-02-08 12:45:35 -06:00
David Maloney dfc7ce9381 fix stupid datat structure 
also supports a boolean value for whether the cipher is weak or not
 2013-02-08 11:33:36 -06:00
James Lee 071df7241b Merge branch 'rapid7' into sonicwall_gms 
Conflicts:
	modules/exploits/multi/http/sonicwall_gms_upload.rb

Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
 2013-02-07 21:53:49 -06:00
James Lee bf28be7cff Fix some comments that yard parsed incorrectly 2013-02-07 18:36:04 -06:00
David Maloney 5c9f946927 empty shells for the scanner and its specs 2013-02-07 16:16:41 -06:00
David Maloney 096360261e De-dup cipher results 2013-02-07 16:09:47 -06:00
David Maloney 4e87bf4ab3 Add enumeration and support options 
i lied, there's more. Adds two enumerators and methods to check for
specific ssl version support as well as a quick method to tell if the
server supports ssl at all.
 2013-02-07 15:51:07 -06:00
David Maloney 10e017ae73 finish up the SSLScan::Result class 
finishes up result class for SSLScan , compelte with tests
 2013-02-07 14:56:26 -06:00
David Maloney 7036365e04 Start adding sslscan results object 
Building out the result object for the SSlScan
 2013-02-07 12:42:18 -06:00
James Lee a15889305a Return a Request object 
Still changes the return type, but now at least .to_s will give you the
right thing and at least a Request object is a logical thing to return.
 2013-02-06 18:56:06 -06:00
David Maloney ebd03ccceb Allow user to set ssl cipher 
Rex::Socket::Tcp now allows the user to specify a cipher or ciphers to
try and use for the ssl connection in addition to the version.
 2013-02-06 16:57:47 -06:00
David Maloney 888bb80ab6 more comments 2013-02-05 11:55:12 -06:00
David Maloney 16b4fb1faa Added some comment documentation 2013-02-05 10:36:51 -06:00
David Maloney 463a45ccaf if we don't support the auth return original res 
make sure we return the original 401 if we don't support the auth.
 2013-02-05 09:57:33 -06:00
David Maloney af6b0615fb fix pipelining 
winrm is unforgiving of pipelining from non ntlm requests into the
challenge response cycle. we must clear our initial tcp session before
starting ntlm auth for winrm
 2013-02-04 16:42:24 -06:00
David Maloney 9b84e5b3c4 Fix raw requests to work as well as cgi 2013-02-04 13:59:58 -06:00
David Maloney 9497e38ef7 Fix http login scanner 
Fix the http_login scanner to use new buitin auth
 2013-02-04 12:31:19 -06:00
David Maloney 8d817dcbb5 fix iis digest support mistake 
Digest auth working automatically
 2013-02-01 15:49:18 -06:00
David Maloney 6c12fa26bc oodles of small fixes 
Basic, NTLM and Negotiate auth all working transparently
Have to test digest auth still
 2013-02-01 15:12:11 -06:00
David Maloney 61969d575b remove mixin require, more datastore clenaup 2013-02-01 15:12:11 -06:00
David Maloney efe0947286 Start fixing datastore options 2013-02-01 15:12:11 -06:00
David Maloney ef1fc58e5e Remove mixin, start moving into Rex 
move auth awareness into rex itself
 2013-02-01 15:12:11 -06:00