Meatballs
244cf3b3f6
Merge remote-tracking branch 'upstream/pr/2736' into enum_ad_perf
2013-12-19 13:59:57 +00:00
Meatballs
b252e7873b
Merge remote-tracking branch 'upstream/master' into pr2075
2013-12-16 14:29:05 +00:00
Meatballs
ca1c887e68
Add missing ]
2013-12-15 01:12:50 +00:00
Meatballs
a930056d7f
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
Conflicts:
lib/msf/core/post/windows/services.rb
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb
2013-12-15 01:12:45 +00:00
Spencer McIntyre
a08c420862
Add railgun definitions for local exploit relevant functions.
2013-12-12 10:26:08 -05:00
OJ
64b1e78e34
Fix page size and max results
2013-12-11 00:03:05 +10:00
OJ
8a1517fde8
Fix issues with missing params on computer enum
...
No more late night and rushed commits, its still and wastes people's time.
Thanks sinn3r for getting on this. Apologies for the poor quality of the PR.
2013-12-10 21:06:28 +10:00
OJ
2237419134
Merge branch 'upstream/master' into basic_adsi_support
2013-12-10 20:58:38 +10:00
Meatballs
45a0ac9e68
Land #2602 , Windows Extended API
...
Retrieve clipboard data
Retrieve window handles
Retrieve service information
2013-12-08 19:01:35 +00:00
Meatballs
e5a92a18a5
and expand path
2013-12-08 19:01:03 +00:00
Meatballs
3c67f1c6a9
Fix file download
2013-12-08 18:57:10 +00:00
OJ
a3c050c8b6
Added page size setting
2013-12-08 23:29:42 +10:00
OJ
8172596c0b
Fix rendering of result total
2013-12-08 20:58:03 +10:00
OJ
f13736d208
Add support for general domain queries
...
Specific queries are just wrappers over the top of the domain query
2013-12-08 20:41:30 +10:00
OJ
35b051174c
Add basic ADSI enum of users and computers
2013-12-07 00:22:54 +10:00
OJ
e90b7641ca
Allow self-destruct via "kill -s"
...
HTTP(s) payloads don't exit cleanly at the moment. This is an issue that's
being addressed through other work. However, there's a need to be able to
terminate the current HTTP(s) session forcably.
This commit add a -s option to kill, which (when specified) will kill
the current session.
2013-12-06 14:56:19 +10:00
OJ
4ca48308c1
Fix downloading of files
2013-12-06 13:40:20 +10:00
OJ
1d757c40db
Remove empty parens
2013-12-04 07:10:23 +10:00
OJ
8b77da4ef7
Fix non-rubyisms
2013-12-04 07:06:32 +10:00
OJ
18e1d9ce17
Revert "Start clipboard monitor functionality"
...
This reverts commit ecbdfd3502
.
I don't know how this got in there, as it's in another branch waiting for more work.
My bad.
2013-12-04 07:03:12 +10:00
sinn3r
4d3d02ae01
Land #2667 - Add num and dword output format
2013-12-02 13:52:17 -06:00
jvazquez-r7
0343aef7c8
Land #2695 , @wchen-r7's support to detect silverlight
2013-11-27 09:40:12 -06:00
sinn3r
5d10b44430
Add support for Silverlight
...
Add support for Silverlight exploitation. [SeeRM #8705 ]
2013-11-26 14:47:27 -06:00
OJ
1a65566005
Add the getenv command which pulls env vars from the victim
...
This command will allow the attacker to grab environment variables from the
target, if they exist. Calling this function allows for one or more values
to be passed in, which should match the name of the variable required. If
the variable is found, it is returned. If it is not found, the variable
is not returned (ie. it's not present in the resulting hash).
Note 1: POSIX environment vars are case-senstive, whereas Windows is not.
Note 2: POSIX doesn't seem to cough up user environment vars, it only returns
system vars. I'm not sure why this is, but it could be because of the way
we do linking on POSIX.
2013-11-26 10:05:50 +10:00
OJ
86b6d647bf
Merge branch 'upstream/master' into ext_server_extapi
2013-11-25 07:43:36 +10:00
Meatballs
20b76602a1
Merge remote-tracking branch 'upstream/master' into pr2075
...
Conflicts:
lib/msf/core/exploit/powershell.rb
2013-11-22 22:41:08 +00:00
OJ
4d1c3c1f01
Start clipboard monitor functionality
...
Added the basics of the clipboard monitor functionality with usage
messages and stuff like that. Lots more to do.
2013-11-22 13:31:40 +10:00
corelanc0d3r
742c52711a
added 2 new output types for msfencode: num and dword
2013-11-20 22:36:17 +01:00
Joe Vennix
e10f9cc518
More whitespace fixes.
2013-11-20 15:07:51 -06:00
Joe Vennix
739c7b4ca2
More dead code and tweaks.
2013-11-20 14:44:53 -06:00
Joe Vennix
3ff9da5643
Remove compression options from client sockets.
...
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
2013-11-20 14:41:45 -06:00
OJ
ecbdfd3502
Start clipboard monitor functionality
...
Added the basics of the clipboard monitor functionality with usage
messages and stuff like that. Lots more to do.
2013-11-21 06:29:37 +10:00
Joe Vennix
b70b594a2a
Kill extraneous comma.
2013-11-20 13:47:47 -06:00
Joe Vennix
a7b01e3b72
Put initialize params back on one line, and move attr_accessors.
...
As per @hdm's feedback
2013-11-20 12:29:09 -06:00
Joe Vennix
e74e75fe6f
Revert changes to legacy rescues.
2013-11-20 12:20:34 -06:00
Joe Vennix
9f103f8621
Whitespace tweak.
2013-11-20 01:15:15 -06:00
Joe Vennix
f8b57d45cd
Reenable the client SSLCompression advanced option.
...
Add spec for some of the additions to Rex::Proto::Http::Client
2013-11-20 01:03:13 -06:00
Joe Vennix
d51b92b06f
Turns out & ~ does work.
...
Decided not to expose this as a datastore option for the Client,
but it can be used internally to toggle the compression.
2013-11-20 00:01:48 -06:00
Joe Vennix
a8c55f23a7
Remove &~ bit-clearing method in favor of defaults.
...
For some reason the OP_ALL & ~OP_NO_COMPRESSION method doesnt work,
but it is late and the default is false anyways.
2013-11-19 23:42:58 -06:00
Joe Vennix
109fc5a834
Add SSLCompression datastore option.
...
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.
This also kills some ruby < 1.9.3 code.
2013-11-19 22:34:39 -06:00
jvazquez-r7
647c867c2d
Land #1681 , @sempervictus Rex::Text::Ui::Table [] method
2013-11-19 16:30:09 -06:00
jvazquez-r7
e1eddc84aa
Check for inexistent column names
2013-11-19 16:02:52 -06:00
jvazquez-r7
162d433014
Use snake_case for variables
2013-11-19 15:46:11 -06:00
jvazquez-r7
6a13a0eee6
fix indentation
2013-11-19 15:42:12 -06:00
jvazquez-r7
7435d74c59
Land #2093 , @sempervictus MaxChar for Rex::Ui::Text::Table cols
2013-11-19 13:34:45 -06:00
jvazquez-r7
4cf16cf360
Land #2633 , @OJ's port of Kitrap0d as local exploit
2013-11-14 09:27:10 -06:00
sinn3r
2fc43182be
Land #2622 - Fix up proxy/socks4a.rb
2013-11-12 18:22:32 -06:00
jvazquez-r7
ef6d9db48f
Land #2613 , @wchen-r7's BrowserExploitServer mixin
2013-11-12 17:33:12 -06:00
William Vu
8d4d7dae50
Restore comment header and remove carriage returns
2013-11-11 12:16:14 -06:00
sinn3r
d483f2ad79
Land #2618 - rm shebangs
2013-11-11 11:55:23 -06:00
Jonathan
36064ca886
remove EOL carriage return from socks4a.rb
2013-11-11 12:47:41 -05:00
OJ
6a25ba18be
Move kitrap0d exploit from getsystem to local exploit
...
This version modifies the existing meterpreter session and bumps the privs
up to SYSTEM. However it's not how local exploits are supposed to work.
More work will be done to make this create a new session with the elevated
privs instead.
2013-11-11 17:14:40 +10:00
Jonathan
26482f9ebd
reset head~2 and removed shebang from unattend.rb
2013-11-09 15:05:56 -05:00
Tod Beardsley
cc9ac7695d
Land #2592 , add getproxy
...
Needed for new functionality in #2612
2013-11-08 13:20:20 -06:00
Jonathan
575072585f
removed shebangs from files within rex
2013-11-07 18:51:59 -05:00
scriptjunkie
7615264b17
Merge branch 'lanattacks_fix' of git://github.com/OJ/metasploit-framework into OJ-lanattacks_fix
2013-11-07 10:35:00 -06:00
sinn3r
991240a87e
Support java version detection
2013-11-07 00:54:52 -06:00
OJ
1dacf7e57e
Last lot of shebangs removed
2013-11-07 07:35:51 +10:00
OJ
6422e1d6e8
Remove shebang, code tidy, as per @jlee-r7's gripes
2013-11-07 07:32:04 +10:00
OJ
7dcb071f11
Remote shebang and fix pxexeploit
2013-11-06 07:10:25 +10:00
sinn3r
5f2d8358c0
Be more browser specific with Javascript generation
2013-11-05 01:04:52 -06:00
OJ
d1e008387a
Stop auto preview, code clean
...
Removed the auto preview of captured images from the clipboard.
Removed parens from calls to print_line.
2013-11-05 07:15:31 +10:00
OJ
f62247e731
Fix comments, indenting and pxexploit module
...
Updated the comments and indentation so they're not blatantly wrong.
Adjusted the pxexploit module so that it doesn't break any more as
a result of the refactoring.
2013-11-05 06:35:50 +10:00
OJ
ff78082004
Refactor lanattacks ruby code, add command dispatcher
...
The lanattacks module didn't seem to have a command dispatcher, and
hence loading the module would always result in a failure. This
commit fixes this problem.
The commit contains a bit of a refactor of the lanattacks code to be
a little more modular. It also has a shiny new dispatcher which breaks
the DHCP and TFTP functionality up into separate areas.
2013-11-04 17:37:42 +10:00
joev
bccbed2757
Rename :use_xhr_shim to :inject_xhr_shim.
2013-11-02 16:52:04 -05:00
joev
90d8da6a21
Fix some bugs in my edits, add a spec.
2013-11-02 16:46:33 -05:00
joev
c7c1fcfa98
Pull shared XHR shim out, add option to static Js module method.
...
* Moves shim to data/js/network/xhr_shim.js
* Add some yardoc comments
2013-11-02 14:52:50 -05:00
OJ
d658fa46b4
Updated help, removed binaries
2013-11-02 23:10:16 +10:00
OJ
67fbeacbf0
Add support for optional image downloading
...
Without -d, `CF_DIB` types will just show image dimensions. Running
with -d will result in the image being looted.
2013-11-02 23:07:13 +10:00
sinn3r
6e7e5a0ff9
Put postInfo() in the js directory
2013-10-31 13:55:22 -05:00
William Vu
f5d1d8eace
chmod -x .rb files without #! in modules and lib
...
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
OJ
2fbac9b129
Add `getproxy` command
...
This command pulls out system proxy details on windows machines.
2013-10-30 18:40:51 +10:00
OJ
1f6c320bb3
Tidy up of extapi code, new bins
...
* Rename methods to remove redundancy.
* Update bins to freshly compiled version.
* Use the Rex Table functionality instead of custom look.
* Use the `usage` feature of the Arguments class for help.
2013-10-29 21:22:05 +10:00
OJ
606411de81
Fix mimikatz error when password is nil
...
In some cases the password value that comes out of mimikatz results
is `nil`, instead of an empty string. This fixes this so that if
the string is `nil` is falls back to an empty string, resulting in
the call to `gsub` working instead of failing.
2013-10-29 15:13:32 +10:00
Tod Beardsley
b5f26455a3
Land #2545 , javascript library overhaul
2013-10-23 16:12:49 -05:00
sinn3r
ee95ca5e2b
Land #2158 - Fix NoMethodError undefined method `split' for nil:NilClass
2013-10-22 16:01:27 -05:00
sinn3r
e1c4aef805
Land #1789 - Windows SSO Post Module
2013-10-22 15:48:15 -05:00
sinn3r
afcce8a511
Merge osdetect and addonsdetect
2013-10-22 01:11:11 -05:00
sinn3r
19615ac4b7
Apparently I missed a lot of stuff
2013-10-21 21:02:01 -05:00
sinn3r
fcba529ea5
Update coding format
2013-10-21 20:54:25 -05:00
sinn3r
ea56c4914c
Need this file
2013-10-21 20:17:38 -05:00
sinn3r
9a3e719233
Rework the naming style
2013-10-21 20:16:37 -05:00
OJ
cf65f59a28
Retry shell without thread impersonation
...
In certain scenarios on Windows XP there are times when creating a
shell fails with the error `ERROR_PRIVILEGE_NOT_HELD`. When this
happens the user will usuall fallback to a non-impersonated shell
via the command: `execute -f cmd.exe -H -i -c`
This patch catches the error, warns the use of the failure and then retries
to create the interactive shell without the `-t` flag.
2013-10-21 15:29:19 +10:00
OJ
4e90394c7f
Add support for CF_DIB clipboard formats
...
Image data copied to the clipboard, such as a screenshot, is converted to a JPEG using GDI+, and downloaded to the local loot folder.
This feature doesn't work with W2K as a result, but that doesn't really bother me. The code is simpler and much smaller as a result and doesn't require the inclusion of the jpeg library code.
2013-10-21 00:05:42 +10:00
sinn3r
2d24824e78
Use data_directory instead of install_root
2013-10-19 17:55:03 -05:00
sinn3r
8a94df7dcd
Change category name for base64
2013-10-18 21:20:16 -05:00
sinn3r
62dadc80d3
Make sure the data type for the return value is a string
2013-10-18 21:08:46 -05:00
sinn3r
298f23c91c
Fix extra slashes that cause browser autopwn to fail.
2013-10-18 20:43:39 -05:00
Tod Beardsley
ffcb86eba2
Land #2541 , Outpost24 importer
...
Sample data is currently secret. If we get a hold of non-secret sample
data, it'll be tacked on to the Redmine bug referenced below.
[FixRM #8384 ]
2013-10-18 13:21:58 -05:00
Tod Beardsley
f6675f3120
Reordered case statements
2013-10-18 13:21:28 -05:00
sinn3r
8579cb8322
Use obfuscation
2013-10-18 13:06:19 -05:00
William Vu
93ff9ec501
Create methods for start_element for readability
2013-10-18 12:20:43 -05:00
William Vu
ff69e9fd05
Move product info code to a better location
2013-10-18 12:07:34 -05:00
sinn3r
3af38b9602
I bet "../" will drive people crazy, avoid that.
2013-10-18 11:56:03 -05:00
William Vu
e6cccedad0
Append vuln info to vuln description
2013-10-18 11:31:54 -05:00
sinn3r
b0d614bc6a
Cleaning up requires
2013-10-18 01:47:27 -05:00
sinn3r
c926fa710b
Move all exploitation-related JavaScript to their new home
2013-10-17 16:43:29 -05:00
William Vu
12151650e4
Add product info to hosts and services :)
2013-10-17 16:18:27 -05:00
William Vu
06c7943f54
Import hostnames without breaking everything
2013-10-17 15:31:48 -05:00
William Vu
920e406526
Import CVE refs and db.emit all the things
2013-10-17 14:29:54 -05:00
OJ
d4d4839dc2
Add size (bytes) of the files on the clipboard
...
Output of the `clipboard_get_data` call now includes the size
of each file in bytes.
2013-10-16 22:54:55 +10:00
OJ
afc5e282a9
Add CF_HDROP file support to the clipboard
...
`clipboard_get_data` has been changed so that raw text is supported and file listings are supported.
If files are on the clipboard, those files and folders are listed when this command is run. To download the files, pass in the `-d` option.
2013-10-16 17:46:22 +10:00
sinn3r
0081e186f7
Make sure i var is local
2013-10-15 23:59:23 -05:00
William Vu
ad8af02021
Add my wonderfully simplistic Outpost24 parser
2013-10-15 16:34:46 -05:00
sinn3r
4c91f2e0f5
Add detection code MS Office
...
Add detection code for MS Office XP, 2003, 2007, 2010, and 2012.
[SeeRM #8413 ]
2013-10-15 16:27:23 -05:00
sinn3r
41ab4739e3
Land #2520 - Add detection for FF 22 - 24
2013-10-15 15:17:43 -05:00
OJ
414a814d5d
Add the start of clipboard support
...
This commit adds support for getting text-based information from the
victim's clipboard and for setting text-based data to the victim's
clipboard. Early days, with much wiggle room left for extra fun
functionality.
2013-10-15 23:57:33 +10:00
OJ
ea89b5e880
Add support for child window enumeration
...
Children of windows can now be enumerated via the -p parameter, which
specifies the handle of the parent window to enumerate.
There is also a -u parameter which includes unknown/untitled windows
in the result set.
2013-10-15 18:02:27 +10:00
joev
711fac08b7
Don't throw exception if createElement is missing.
2013-10-14 14:15:13 -05:00
joev
183940308b
Add another nil check, just to be safe.
2013-10-14 13:55:54 -05:00
joev
20a145f1e7
Check for prop in prototype, not constructor.
2013-10-14 13:51:45 -05:00
joev
488ed5bd4a
Add new feature detection logic for FF 23 and 24.
2013-10-14 13:41:26 -05:00
Meatballs
cad717a186
Use NDR 32bit syntax.
...
Compatible with both x86 and x64 systems.
Tidy up the module...
2013-10-12 18:52:45 +01:00
Tod Beardsley
876d4e0aa8
Land #1420 , WDS scanner
2013-10-11 16:53:25 -05:00
OJ
b99af52279
Improve extapi ruby structure, add bins
...
The extapi project will get bigger over time so this change allows for the code to get
bigger without becoming a headache before it starts.
Added binaries to this commit as well.
2013-10-11 09:52:23 +10:00
Tod Beardsley
85112e8704
Land #2413 , axe callcc
...
This is the only time callcc is used in the entire codebase, too, so
this apparently removes a roadblack to non-MRI Rubies, so that's nice.
2013-10-10 14:55:55 -05:00
Meatballs
378f403fab
Land #2453 , Add stdapi_net_resolve_host(s) to Python Meterpreter.
...
Moves resolve_host post module to multi and depreciates Windows module.
Resolve will now return nil for failed lookups instead of an empty
string.
2013-10-10 20:13:06 +01:00
OJ
cbaeebeff7
Add service_query to ext_server_extapi
...
Once the user has queried the list of services they can now use the
`service_query` function to get more detail about a specific service.
2013-10-11 01:02:51 +10:00
OJ
23340e9df0
Add service_enum to the ext_server_extapi extension
...
This commit adds the ability to enumerate services on the target machine,
showing the PID, the service name, the display name and an indication of
the service's ability to interact with the desktop.
Some other small code tidies were done too.
2013-10-10 21:23:23 +10:00
kernelsmith
adbcace9dd
Land #2458 , OJ's Meterpreter railgun multi call fix
...
also [FixRM #8269 ]
2013-10-10 00:38:44 -05:00
Spencer McIntyre
6c382c8eb7
Return nil on error, and move the module to post/multi.
2013-10-09 16:52:53 -04:00
OJ
47801c17b3
MSF started to the extended API with window enum
...
Decided to kick off a new extended API extension with mubix and
kernelsmith to include some more advanced enumeration stuff. The goal of
this extension is to take stuff that wouldn't be part of the std api but
is rather useful for enumeration of a target once meterpreter has been
established.
This commit kicks things off with enumeration of top level windows on the
current desktop.
2013-10-09 22:25:43 +10:00
Markus Wulftange
e895a17722
Add 'no quotes' option for CmdStagerPrintf
...
Exploit developers can use the ':noquotes => true' option to avoid
single quotes surrounding the octal escapes argument.
2013-10-08 21:04:28 +02:00
jvazquez-r7
2593c06e7c
Land #2412 , @mwulftange's printf cmd stager
2013-10-08 09:08:29 -05:00
Markus Wulftange
6f7d513f6e
Another clean up and simplification of CmdStagerPrintf
2013-10-08 07:22:09 +02:00
Markus Wulftange
836ff24998
Clean and fix CmdStagerPrintf
...
Clean up of the CmdStagerPrintf as discussed in mwulftange#1
2013-10-05 10:39:55 +02:00
sinn3r
77cbb7cd19
Update function documentation
2013-10-04 15:18:27 -05:00
sinn3r
29d1c75d1c
Update RopDb mixin to allow dynamic payload size for neg
...
This adds a new key to allow a "safe" integer value to NEG. "Safe"
means the value does not have any null bytes after the NEG instruction,
which is typically used to calculate the payload size.
2013-10-03 23:09:23 -05:00
OJ
21afa9defe
Meterpreter railgun multi call fix
...
Modifications accommodate changes in the multi-call railgun code that
were made to Meterpreter.
This also includes a fix for Redmine 8269, so the Windows constants
now work correctly with the multi-calls.
2013-10-04 12:04:18 +10:00
jvazquez-r7
758fd02619
Windows 7 SP1 and newer fail when forcing IPv6 sockets
2013-10-02 09:45:51 -05:00
OJ
82162ef486
Add error message support to railgun
...
This code was lost in the transition when the meterpreter source was
removed from the metasploit-framework source. I'm pulling this in by
request of @dmaloney-r7 who originally requested this code be inculded
as part of https://github.com/rapid7/metasploit-framework/pull/740
I added an extra bit of code to free up memory that is allocated by the
call to FormatMessage and forced the ASCII-version (FormatMessageA) of
the call.
This PR is the MSF side of https://github.com/rapid7/meterpreter/pull/26
2013-10-01 17:23:08 +10:00
Tod Beardsley
7cc2ad55a6
Land #1770 , unattend.xml snarfing modules
2013-09-27 16:04:38 -05:00
Tod Beardsley
63d638888d
Get rid of interior tabs
2013-09-27 16:04:03 -05:00
Tod Beardsley
d869b1bb70
Unless, unless everywhere.
2013-09-27 15:55:57 -05:00
Tab Assassin
c94e8a616f
Retabbed to catch new bad tabs
2013-09-27 13:34:13 -05:00
Tod Beardsley
869c10af04
Land #2396 , aspx-exe shellcode generator
...
Looks good to me, specs are all happy (also added a #to_h spec)
2013-09-27 11:42:16 -05:00
Joshua J. Drake
d04c47d2b7
Remove comment since it was addressed in 4500d09c2f
2013-09-26 19:47:54 -05:00
Tod Beardsley
701410f608
Land #2414 , portfwd teardown and recreate
...
[FixRM #8240 ]
2013-09-25 17:40:47 -05:00
Tod Beardsley
1a515093cb
Idiomatic Ruby
...
Assuming this gets accepted, this should [FixRM #8240 ]. Take a look, and
if you're good with it, I'll land on master. Everything seems to work
out on this end.
2013-09-25 17:26:00 -05:00
jvazquez-r7
9cc446ae2a
Get cookies with empty values
2013-09-25 14:31:34 -05:00
jvazquez-r7
58d4096e0f
Resolv conflicts on #2267
2013-09-25 13:06:14 -05:00
joev
99e46d2cdb
Merge branch 'master' into cve-2013-4660_js_yaml_code_exec
...
Conflicts:
modules/exploits/multi/handler.rb
2013-09-25 00:32:56 -05:00
Meatballs
f1e563d375
Merge branch 'master' of github.com:rapid7/metasploit-framework into enum_ad_perf
2013-09-24 19:08:52 +01:00
OJ
0038bb90b1
Remove unncessary counter var
2013-09-24 13:35:29 +10:00
OJ
b91e344815
Add code to recreate the forwards after migration
...
* Feels like a bit of a hack job, but it works.
2013-09-24 13:27:58 +10:00
James Lee
487f68f4d2
Get rid of callcc
...
[SeeRM 8407]
2013-09-23 19:36:26 -05:00
FireFart
7c4708b1df
-) Fix get_cookies to return multiple cookies. Before it only returned the first cookie
...
-) Bugfix
2013-09-23 23:59:45 +02:00
Tod Beardsley
e885ab45b6
Land #1734 Metasploit side for ip resolv
2013-09-23 16:18:40 -05:00
Markus Wulftange
10252ca6f4
Just Rex::Text.to_octal is probably better
2013-09-23 23:03:38 +02:00
Markus Wulftange
9353929945
Add CmdStagerPrintf
2013-09-23 22:02:29 +02:00
sinn3r
b6c7116890
Land #1778 - Mimikatz Fix for table.print and x86 warning
2013-09-20 16:13:53 -05:00
Meatballs
5add142789
Choose smallest smallest
2013-09-20 13:47:51 +01:00
Tod Beardsley
e9e1b28ba8
Land #2371 , echo -e cmd stager
2013-09-19 14:47:39 -05:00
Meatballs
11bdf5d332
New pull
2013-09-19 19:57:38 +01:00
Meatballs
72155f8e9e
Comment update
2013-09-19 19:46:05 +01:00
OJ
598e85a8d9
Fix for dangling port forwards
...
Code tears down the port forwards prior to migrating so that we don't end up with dangling connections that don't work.
2013-09-19 19:27:54 +10:00
Tod Beardsley
f4e2e0ac11
Clear report_data on each host report
2013-09-18 17:11:22 -05:00
jvazquez-r7
dd7010d272
Fix @todb-r7 feedback
2013-09-17 20:54:19 -05:00
Tod Beardsley
dae8847c4d
Land #2374 , more complete 32/64 migrate fix
...
[FixRM #8395 ]
2013-09-17 14:52:04 -05:00
James Lee
21055f6856
Add x86 to meterpreter's binary suffix
...
This makes x86 more consistent with x64.
Also replaces a bunch of instances of:
File.join(Msf::Config.install_root, 'data', ...)
with the simpler
File.join(Msf::Config.data_directory, ...)
[See rapid7/meterpreter#19 ]
2013-09-16 21:52:04 -05:00
Joe Vennix
d954d64f69
Add NODEJS arch constants.
2013-09-16 21:33:44 -05:00
Joe Vennix
217449a836
Ensures termination of inner while loop and cleans up #map.
...
* Tested working against ubuntu target using the sshexec test script.
2013-09-16 20:42:20 -05:00
jvazquez-r7
edec022957
Use shellwords, as recommended by @jvennix-r7
2013-09-16 16:35:45 -05:00
James Lee
d6954e9ce7
Fix migrate from 32- to 64-bit processes
...
In some cases, it was possible to end up in a situation where the x64
reflective library hadn't been loaded by the time a user typed migrate.
If the target process was 64-bit, msfconsole would error out with a
NoMethodError and much sadness would ensue.
[See #2356 ]
2013-09-16 16:04:50 -05:00
jvazquez-r7
a5049df320
Add echo CmdStager
2013-09-16 11:35:05 -05:00
Meatballs
b4d1fd6ff8
Fixup rex text
2013-09-13 21:15:28 +01:00
Meatballs
9ade4cb671
Refactor
2013-09-13 20:43:09 +01:00
HD Moore
72dff03426
FixRM #8396 change all lib use of regex to 8-bit pattern
2013-09-12 16:58:49 -05:00
Tab Assassin
8bc83f4922
Retab changes for PR #1420
2013-09-05 16:21:26 -05:00
Tab Assassin
d6a7ce5328
Merge for retab
2013-09-05 16:21:13 -05:00
Tab Assassin
785c2eeb95
Retab changes for PR #1421
2013-09-05 16:20:04 -05:00
Tab Assassin
a5cf67a9af
Merge for retab
2013-09-05 16:19:51 -05:00
Tab Assassin
b3b8cee870
Retab changes for PR #1473
2013-09-05 16:19:05 -05:00
Tab Assassin
0ba4e1da65
Merge for retab
2013-09-05 16:18:56 -05:00
Tab Assassin
3c1df47314
Retab changes for PR #1681
2013-09-05 16:10:40 -05:00
Tab Assassin
a231e85293
Merge for retab
2013-09-05 16:10:28 -05:00
Tab Assassin
2e9096d427
Retab changes for PR #1734
2013-09-05 14:59:41 -05:00
Tab Assassin
322ed35bb4
Merge for retab
2013-09-05 14:59:34 -05:00
Tab Assassin
2846a5d680
Retab changes for PR #1770
2013-09-05 14:57:40 -05:00
Tab Assassin
269c1a26cb
Merge for retab
2013-09-05 14:57:32 -05:00
Tab Assassin
701513a212
Retab changes for PR #1778
2013-09-05 14:56:35 -05:00
Tab Assassin
3788bab8e5
Merge for retab
2013-09-05 14:56:30 -05:00
Tab Assassin
26b8364dcb
Retab changes for PR #1789
2013-09-05 14:44:21 -05:00
Tab Assassin
789be1fe3e
Merge for retab
2013-09-05 14:44:14 -05:00
Tab Assassin
81479a6ade
Retab changes for PR #2093
2013-09-05 14:31:10 -05:00
Tab Assassin
8a76b3390d
Merge for retab
2013-09-05 14:31:05 -05:00
Tab Assassin
874ed2ac17
Retab changes for PR #2107
2013-09-05 14:30:08 -05:00
Tab Assassin
27564b2de2
Merge for retab
2013-09-05 14:30:03 -05:00
Tab Assassin
daed98931e
Retab changes for PR #2158
2013-09-05 14:19:55 -05:00
Tab Assassin
27fd54092a
Merge for retab
2013-09-05 14:19:49 -05:00
Meatballs
051ef0bdfa
Refactor to common post module
2013-09-02 20:24:54 +01:00
Tab Assassin
7e5e0f7fc8
Retab lib
2013-08-30 16:28:33 -05:00
Meatballs
1ea3d91f48
Lands #2244 Python Meterpreter
...
[Closes #2244 ]
2013-08-30 14:33:35 +01:00
Meatballs
526e504531
More fix
2013-08-25 12:21:37 +01:00
Meatballs
d45d37bc38
Really fix...
2013-08-25 00:18:50 +01:00
Meatballs
83da0b3a57
Correct fname
2013-08-25 00:17:26 +01:00
Meatballs
19e47d5e82
Really fix war
2013-08-25 00:06:31 +01:00
Meatballs
b4b59aa065
Add guards against empty payloads
2013-08-24 11:59:59 +01:00
Meatballs
09ceeb5de2
Fix war generation
2013-08-23 20:06:57 +01:00
Meatballs
41b1b30438
vba transform
2013-08-23 18:00:19 +01:00
Meatballs
7370fc3f4e
vbs transform
2013-08-23 16:26:03 +01:00
Meatballs
5040347521
Fix psh and add powershell transform
2013-08-23 15:59:19 +01:00
Spencer McIntyre
e276b57ee7
Merge remote-tracking branch 'upstream/master' into python-meterpreter-dev
2013-08-19 08:37:12 -04:00
James Lee
ed00b8c19e
Ensure checksum* methods return a Fixnum
...
Fixes a bug in reverse_http* stagers where requests for the root URI
(i.e., "/") cause a NoMethodError on nil returned by checksum8.
[See #2216 ]
2013-08-14 14:09:37 -05:00
James Lee
3827b14103
Land #1726 , ssl verify mode
...
Conflicts:
lib/rex/socket/parameters.rb
Fix doc strings
2013-08-12 17:57:10 -05:00
Meatballs
08c32c250f
File versions
2013-08-08 19:42:14 +01:00
Spencer McIntyre
2d69174c5b
Initial commit of the python meterpreter.
2013-08-05 23:38:49 -04:00
RageLtMan
7c46e95e8f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into powershell_import
2013-07-31 18:34:57 -04:00
Tod Beardsley
7e539332db
Reverting disaster merge to 593363c5f
with diff
...
There was a disaster of a merge at 6f37cf22eb
that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).
What this commit does is simulate a hard reset, by doing thing:
git checkout -b reset-hard-ohmu
git reset --hard 593363c5f9
git checkout upstream-master
git checkout -b revert-via-diff
git diff --no-prefix upstream-master..reset-hard-ohmy > patch
patch -p0 < patch
Since there was one binary change, also did this:
git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf
Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
jvazquez-r7
455569aee8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-29 12:10:12 -05:00
Meatballs
b99ad41a64
Add api constants and tidy
2013-07-26 01:48:39 +01:00
Meatballs
0235e6803d
Initial working
2013-07-25 23:24:11 +01:00
Meatballs
1d2d4b5345
Add some null checks
2013-07-25 18:35:11 +01:00
jvazquez-r7
47c21dfe85
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-24 11:42:11 -05:00
Tod Beardsley
00630376c3
Revert the default call to firefox
...
This reverts commit 0928a370f3
.
No, no, you guys are right in the comments for #2148 . The call to
system is inside the else, but the tabbing made my eyes cross.
Sorry about that. Someday soon, @tabassassin will save us all from these
kinds of screw ups in mental parsing.
2013-07-23 16:13:02 -05:00
William Vu
d493346691
Land #2137 , fixes and specs for Opt containers
2013-07-23 15:58:09 -05:00
David Maloney
621568bf8f
Another Error Type needs caught
...
Different systems throw a different error
Need to rescue that error too
2013-07-23 15:47:42 -05:00
William Vu
86ab942435
Land #2146 , Unix and Windows path normalization
2013-07-23 15:23:41 -05:00
Tod Beardsley
0928a370f3
Adding back default firefox
...
the default is triggered only outside the case statement, which itself
is totally bizarre. I can't tell if anyone is relying on this behavior
right now, but it's too premature to just remove it out at this point.
2013-07-23 14:43:30 -05:00
Tod Beardsley
53c3fd2ce7
Update comment docs on Rex::Compat.open_browser
2013-07-23 14:38:04 -05:00
ZeroChaos
ce5742461a
update open_browser functionality
...
open_browser didn't support xdg-open or firefox-bin. xdg-open was made the default as it is the most likely to succeed afaik.
the fallback to firefox was removed because since we check for the existence of firefox is makes no sense to try to run it after we failed to find it. This will silently fail if no supported browser is found due to suggestions from the msf team:
< Zero_Chaos> more importantly, it would be great if someone told me how to spit out a message to the user
< Zero_Chaos> because I have no clue :-)
<@egypt> Zero_Chaos: it's in rex, so the answer is "don't"
2013-07-23 14:58:16 -04:00
Tod Beardsley
bb16683415
Land #2087 , @egypt's random ID generator
2013-07-23 13:52:08 -05:00
sinn3r
958a4edd73
Keep the trailing slash if the user wishes
2013-07-22 20:46:18 -05:00
sinn3r
359009583f
Drop support for UNC path parsing in normalize_win_path
...
Not really a good idea to try to parse UNC format. Confuses the
purpose of the function.
2013-07-22 20:20:45 -05:00
sinn3r
4b3fce9349
Add functions to normalize Winodws & Unix paths
...
The purpose of these functions is to be able to join file/dir paths
safely without trailing slashes, basically for the same reason as
normalize_uri. Some modules are really buggy when merging paths,
so instead of letting them do it, it's better to use these functions.
2013-07-22 19:26:04 -05:00
jvazquez-r7
15b0e39617
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-21 13:47:40 -05:00
RageLtMan
dc15c5b505
Merge branch 'master' into powershell_import
...
Resolve conflicts from old code being pulled into master.
Conflicts:
lib/msf/core/exploit/powershell.rb
modules/exploits/windows/smb/psexec_psh.rb
2013-07-20 19:29:55 -04:00
sinn3r
757cf18bb4
Land #2135 - Update FF detection
2013-07-20 13:10:14 -05:00
Joe Vennix
92ae90b828
Whitespace fixes.
2013-07-19 17:27:27 -05:00
Joe Vennix
2e838d7be3
Fix minor bugs discovered when testing.
2013-07-19 17:18:39 -05:00
Joe Vennix
7e2fc147f1
Add updated versions of firefox.
2013-07-18 16:35:57 -05:00
David Maloney
ec82644bd3
mo fixes mo specs
...
SEERM #7536
SEERM #7537
2013-07-18 15:00:57 -05:00
jvazquez-r7
58229ff8b7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-17 20:18:48 -05:00
James Lee
9d56e58e84
Rely on object detection for '5716599'
...
[SeeRM #7252 ]
2013-07-17 15:47:25 -05:00
jvazquez-r7
458ac5f289
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-17 15:02:33 -05:00
jvazquez-r7
11f8b351c0
Merge branch 'nvidia' of https://github.com/Meatballs1/metasploit-framework
2013-07-17 11:44:42 -05:00
William Vu
54af2929f5
Land #2109 , kill stray character
2013-07-16 11:11:06 -05:00
Joe Vennix
34e732eabd
Kill stray character in whitespace gutter.
2013-07-16 10:14:41 -05:00
RageLtMan
987d6a671f
Allow passing MaxChar to Rex::Ui::Text::Table cols
...
Passing MaxChar allows setting the maximum number of characters
printed within a specific column during the row_to_s method.
This does not affect CSV output nor truncate the actual data.
Meant for tidying up long console ouput.
Example: cleaned up cmd_creds to show proof and not maul tables
with unix session data.
2013-07-10 20:00:40 -04:00
James Lee
85affe4d47
Land #2089 , smb last_filename can be nil
2013-07-10 14:18:00 -05:00
James Lee
4cc179a24c
Store inverted hash for better lookups
...
Also clarifies comment about infinite loops
2013-07-10 12:38:42 -05:00
sinn3r
71974a8535
to_addr_hex_dump is never used and is too similar to to_hex_dump
...
Not so much value in to_addr_hex_dump, as Meatballs1 suggested, we
should remove this.
2013-07-10 11:09:47 -05:00
sinn3r
add294d999
Fix potential nil in last_filename
...
Replacing #2060 . It is possible to get a nil in last_filename if
the sub! function doesn't find any 0x00s to replace, so instead
it's best to use sub(), which should at least return the original
filename. To make sure we don't hit any other unknown conditions
that may result in nil last_filename, it's also convert with to_s
to make sure it's always a string.
2013-07-09 12:50:19 -05:00
James Lee
afa6a36df3
Make first char's character class configurable
2013-07-09 02:50:28 -05:00
James Lee
273046d8f0
Add a class for generating random identifiers
...
Will be useful for all kinds of things, but brought about in discussions
specifically for Util::EXE in #2037 .
2013-07-09 02:06:44 -05:00
Meatballs
0ce3fe2e7c
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
2013-07-05 22:25:04 +01:00
RageLtMan
4554cc6e51
Import Powershell libs and modules (again)
...
Add Rex powershell parser:
reads PSH, determines functions, variables, blocks
compresses and cleans up the code it's read, obfuscates
handles string literals and reserved variable names
extracts code blocks and functions for reuse
turns powersploit into a useful sub-component for MSF
Rewire Msf powershell modules
Make use of Rex parser
Handles payload generation, substituions
Brings convenience methods - byte array generation and download
Re-add .NET compiler
Compiles .NET code (C#/VB.NET) in memory
Can generate binary output file (dynamic persistence)
Handles code-signing (steal cert with mimikatz, sign your bin)
Not detected by AV (still...)
Update payload generation
GZip compression and decompression (see Rex module as well)
msftidy violations for space efficiency - each char counts
Re-submit psexec-psh
Makes use of updated Msf and Rex modules
Runs shellcode in-memory (in a hidden PSH window)
Completely bypasses all AVs tested for the last year...
2013-07-04 14:04:19 -04:00
William Vu
28a4a05991
Land #2046 , base argument for to_hex_dump
2013-07-02 12:11:05 -05:00
sinn3r
98c214d2fb
Allow 0 base address, and dynamic left column length
2013-07-02 11:40:23 -05:00
jvazquez-r7
2ceb404f7d
Land #2047 , @hmoore-r7 ipmi related work
2013-07-02 11:13:25 -05:00
sinn3r
9eb32ea9af
Allow "base" argument for to_hex_dump
...
[SeeRM:#8121] - For debugging purposes, it's useful to be able to
specify a base.
2013-07-01 23:56:51 -05:00
jvazquez-r7
2751470c71
Add @jlee-r7's feedback to sapni proxies support
2013-07-01 21:37:53 -05:00
jvazquez-r7
9c4d869ed8
Land #1018 , @nmonkee's support for sap router proxies
2013-07-01 21:36:02 -05:00
HD Moore
8e4dd29a4c
Add cipher zero scanner
2013-06-30 02:35:37 -05:00
HD Moore
4fb6fa67f2
Fix require for constants, trim useless fields from banner
2013-06-26 09:59:40 -05:00
HD Moore
84117e28a8
Remove stale constants.rb require
2013-06-26 09:52:15 -05:00
James Lee
b3b94c7a73
Break packet classes into their own files
...
This makes the file structure match the class structure and makes the
source tree easier to grok.
2013-06-24 19:24:09 -05:00
HD Moore
1801a5a270
Better HP iLO compatibility (retry on session ID error)
2013-06-24 14:23:53 -05:00
HD Moore
c869112407
Cleanup, reporting, and automatic cracking
2013-06-23 01:35:31 -05:00
HD Moore
5656e0cb7a
Initial commit of IPMI library, scanner, & cracker
2013-06-22 23:38:28 -05:00
Meatballs
6c62463f83
Add ipv6 resolution and remove nix
2013-06-20 22:17:31 +01:00
jvazquez-r7
1aff778a79
Fix unpack
2013-06-18 09:06:44 -05:00
jvazquez-r7
3f665ba5a0
Skip also max-age from cookies
2013-06-17 14:04:08 -05:00
Meatballs
1637651bbb
Revert multilang test
2013-06-15 17:48:32 +01:00
Meatballs
62e335dab2
Resolve conflict
2013-06-15 17:40:37 +01:00
Meatballs
fc7d151273
Add multilang syscheck
2013-06-15 17:39:01 +01:00
jvazquez-r7
f5b00512e0
Fix sap ni proxy, hopefully
2013-06-13 17:15:48 -05:00
Brandon Perry
3cb851e4e0
Merge remote-tracking branch 'todb-r7/fix-msftidy-1944' into csharp_payload
2013-06-12 17:29:00 -05:00
Brandon Perry
0f06e9b08c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into csharp_payload
2013-06-12 17:27:55 -05:00
Tod Beardsley
9c75d821d1
Fix up msftidy warnings on rex/text.rb
2013-06-12 11:17:58 -05:00
Brandon Perry
d0e1e4df0a
This commit adds support for C# byte arrays for the assembly payloads.
2013-06-11 19:27:06 -05:00
James Lee
af613ee254
Add a more readable #inspect
2013-06-11 15:22:49 -05:00
sinn3r
937d7fb762
Landing #1835 - Fix a backwards disasm bug which stomps on the depth opt
2013-05-31 16:28:49 -05:00
sinn3r
df2140ea59
Add back the tmp include check according to bannedit's feedback
2013-05-31 16:26:52 -05:00
sinn3r
dacc73a60f
Improve readability based on Egypt's feedback
2013-05-31 16:24:27 -05:00
Tod Beardsley
14c4dbcf8c
Also remove *.ts.rb files
...
On the heels of #1862 , this gets rid of the "test suites" that bound
together all the old unit tests.
2013-05-28 17:05:44 -05:00
Samuel Huckins
e20385dd9e
Merge pull request #1864 from dmaloney-r7/feature/task_associations/cred_service_host
...
Passes specs and functional tests
2013-05-28 12:11:57 -07:00
James Lee
9843dc4cb4
Land #1708 , android meterpreter
...
Conflicts:
data/meterpreter/ext_server_stdapi.jar
2013-05-28 12:19:45 -05:00
David Maloney
0f21861921
Add task handling to imports
...
allow imports to carry along task info
[Story #49167601 ]
2013-05-23 13:33:19 -05:00
Tod Beardsley
05916c079e
Inline unit tests are so last decade
...
Aside from codebase-wide changes, nearly all of these tests haven't been
touched since before 2010, and there is no effort to maintain this style
of testing. We've moved on to (correctly) seperating out our tests from
our codebase.
2013-05-23 12:41:14 -05:00
James Lee
f4498c3916
Remove $Id tags
...
Also adds binary coding magic comment to a few files
2013-05-20 16:21:03 -05:00
bannedit
031bb2eb0b
Fix a backwards disasm bug which stomps on the depth option
2013-05-15 22:08:50 -04:00
James Lee
61afe1449e
Landing #1275 , bash cmdstager
...
Conflicts:
lib/rex/exploitation/cmdstager.rb
Conflict was just the $Id$ tag, which is no longer used anyway.
2013-05-15 10:44:05 -05:00
Joshua J. Drake
c71b57764e
Add a Python buffer formatter and update msfpayload to enable using it
2013-05-13 20:41:15 -05:00
Meatballs
7fb092c58c
Initial commit
2013-05-02 22:08:19 +01:00
Tasos Laskos
6bf19c6fb8
HTTP::ClientRequest: Should handle nils in params
...
When hashes for params contain nils, they should be converted to empty
strings instead of crashing.
* #to_s: Calls #to_s on vars_get and vars_post data
* #set_encode_uri: Calls #to_s on its arg
2013-04-30 22:01:00 +03:00
Meatballs
293c847a32
Fix table.print
2013-04-29 22:02:41 -05:00
Meatballs
69dead8c8f
Tidier
2013-04-29 23:17:11 +01:00
Meatballs
36ef2cb5a1
x86 warning for mimikatz
2013-04-29 23:14:32 +01:00
Meatballs
02788f71d9
Fix table.print
2013-04-29 22:37:02 +01:00
James Lee
d53d6370b3
Land #1747 , mimikatz meterpreter extension
...
[Closes #1747 ]
See rapid7/meterpreter#9
2013-04-29 14:45:07 -05:00
sinn3r
1d9a695d2b
Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238)
...
[Closes #1772 ]
2013-04-28 12:17:16 -05:00
Meatballs
bbd53a2dbd
Add domain to get_cookies
2013-04-26 20:34:21 +01:00
Meatballs
b25b9e769c
Msftidy
2013-04-26 20:30:04 +01:00
Meatballs
1f2cab7aef
Tidyup and getcookies
2013-04-26 20:26:04 +01:00
Meatballs
9ad19ed2bf
Final tidyup
2013-04-26 15:41:28 +01:00
Meatballs
c7ac647e4e
Initial attempt lfi
2013-04-26 14:32:18 +01:00
Meatballs
d8430c83cf
Add simple rspec
2013-04-26 00:47:00 +01:00
Meatballs
668dd78587
Msftidy
2013-04-26 00:21:31 +01:00
Meatballs
e2bf4882f0
Add domain join parse
2013-04-26 00:20:10 +01:00
Meatballs
235887ccb5
Finished
2013-04-25 23:25:05 +01:00
James Lee
93bddd9041
Improved docs and partial specs for Rex::Text
...
Conflicts:
lib/msf/core/modules/loader/base.rb
lib/rex/poly/block.rb
lib/rex/text.rb
2013-04-23 17:24:03 -05:00
Meatballs
fab1781812
Refactored to send custom commands
2013-04-22 10:04:38 +01:00
Meatballs
6656514616
Msftidy
2013-04-21 14:34:47 +01:00
Meatballs
fc621e8d7e
Parse ssp correctly
2013-04-21 10:55:01 +01:00
Meatballs
83fbc3e46f
Small fix and attribution to gentilkiwi
2013-04-21 00:36:43 +01:00
Meatballs
cec737d399
tidy and table header
2013-04-20 18:05:47 +01:00
Meatballs
b219a23f00
Refactoring
2013-04-20 18:00:46 +01:00
Meatballs
20849714ac
Add all methods
2013-04-20 17:27:32 +01:00
Meatballs
ddaa09edad
Added msv
2013-04-20 16:31:45 +01:00
Meatballs
83578dec68
Getprivs by default
2013-04-20 14:59:07 +01:00
Meatballs
a23d7bb66f
Add client UI and parse results
2013-04-20 12:20:38 +01:00
Meatballs
5fa81942db
Initial comms
2013-04-19 22:19:50 +01:00
Tod Beardsley
4d21c7dff5
Landing #1727 , adding @jlee-r7's new fingerprints
2013-04-15 13:49:59 -05:00
Meatballs
67791c12a5
Small tidy
2013-04-14 11:18:45 +01:00
Meatballs
26479bbe82
Fixup resolve_host
2013-04-14 10:58:51 +01:00
Meatballs
6a7fc70274
Remove length stuff
2013-04-14 10:54:19 +01:00
Meatballs
6bca2b305f
Typo
2013-04-14 10:44:00 +01:00
Meatballs
849b42ffb9
Further tidy
2013-04-14 10:42:15 +01:00
Meatballs
4b4f77eb0f
Finalize
2013-04-14 10:32:56 +01:00
timwr
32bd812bdb
android meterpreter
2013-04-12 18:57:04 +01:00
James Lee
2c8ec656ca
Typo
2013-04-11 22:36:08 -05:00
James Lee
7df80c7aac
Add a couple new IE fingerprints to osdetect.js
2013-04-11 22:29:02 -05:00
RageLtMan
1e93ae65e3
fix typo in parameters
2013-04-11 19:12:32 -04:00
RageLtMan
5ac18e9156
commant update
2013-04-11 19:11:25 -04:00
RageLtMan
6eb33ae5ed
Rex::Socket::SslTcp set cipher and verify_mode
...
Update Rex::Socket::SslTcp to accept verification mode string from
Rex::Socket::Parameters, which has been modified accordingly.
Add SSLVerifyMode and SSLCipher options (params and socket work
were done before, but the option was not exposed) to
Msf::Exploit::Tcp.
Testing:
```
>> sock = Rex::Socket::Tcp.create('PeerHost'=>'10.1.1.1','PeerPort'
=>443,'SSL' => true, 'SSLVerifyMode' => 'NONE')
>> sock.sslctx.verify_mode
=> 0
>> sock.close
=> nil
>> sock = Rex::Socket::Tcp.create('PeerHost'=>'10.1.1.1','PeerPort'
=>443,'SSL' => true, 'SSLVerifyMode' => 'PEER')
=> #<Socket:fd 13>
>> sock.sslctx.verify_mode
=> 1
```
Note: this should be able to resolve the recent SSL socket hackery
of exploit/linux/misc/nagios_nrpe_arguments.
2013-04-11 18:00:33 -04:00
James Lee
6a0b240d10
Add some better docs for Rex::Socket
2013-04-10 12:41:41 -05:00
Meatballs
e4ff7a2f2c
Address egypt's feedback
2013-04-09 21:15:04 +01:00
Meatballs
3660ad8c0a
Initial attempt
2013-04-07 23:03:43 +01:00
Meatballs
d94360c451
Merge remote branch 'upstream/master' into enum_ad_perf
2013-04-07 14:29:45 +01:00
James Lee
067140643e
Landing #1579 , meterpreter mv
...
See rapid7/meterpreter/#6
2013-04-04 23:42:31 -05:00
James Lee
ad46b46684
Landing #1463 , Meatballs' cdecl fixes
2013-04-04 22:58:59 -05:00
Luke Imhoff
47842aa6a2
Fix 'Output is not a module'
...
[#46491831 ]
I missed that Rex::Ui::Text::Output was a class and not a module, so
starting up prosvc fell over when it loaded
rex/ui/text/output/buffer/stdout, which also would screw up
msf/ui/console/command_dispatcher/core.rb where I original added
Rex::Ui::Text::Output::Buffer::Stdout.
2013-04-01 20:16:28 -05:00
Luke Imhoff
2317e9cced
Fix yard tag warnings
...
[#46491831 ]
2013-03-30 17:13:12 -05:00
Luke Imhoff
7ed2812ec3
Fix Cannot resolve link YARD warnings
...
[#46491831 ]
2013-03-30 16:58:49 -05:00
Luke Imhoff
bc4b87ebd9
Fix Undocumentable method defined on object instance YARD warnings
...
[#46491831 ]
Change code to use format that YARD can document without changing
semantics.
2013-03-30 16:05:12 -05:00
Luke Imhoff
c210260845
Fix Undocumentable method, missing name YARD warning
...
[#46491831 ]
Comments at the start of the file with ## caused YARD to think the
comment was documenting the require call. By removing the ##, the
warning disappeared. I did not determine what is special about ## in
file comments.
2013-03-30 15:32:38 -05:00
RageLtMan
0adb30c87a
whitespace cleanup
2013-03-28 04:11:52 -04:00
RageLtMan
ed3b1cecd4
Rex::Text::Ui::Table.new[find_by_colnames]
...
Add :[] to ...Ui::Table allowing user to pass multiple colnames.
Returns a new table with only those columns and their rows.
Useful when using Rex to filter output, prep CSV, etc.
Testing:
```
t = Rex::Ui::Text::Table.new('Columns' => ['a','b','c'])
t << ['x','y','z']
t << ['p','q','r']
t['a','c']
=> a c
- -
p r
x z
```
2013-03-28 04:02:31 -04:00
Tod Beardsley
91e3f4cca6
Merge 'kernelsmith/msfconsole-grep'
...
Resolved a conflict between grep and go_pro (go_pro was added after
grep). Adds @kernelsmith's grep command. Josh is determined to have
msfconsole be his default shell, it seems.
[Closes #1320 ]
Conflicts:
lib/msf/ui/console/command_dispatcher/core.rb
2013-03-18 14:39:45 -05:00
RageLtMan
d399093d80
Add Framework side of stdapi.fs.file.mv
...
Add the appropriate methods to Rex side of the FS extension and
the commensurate command dispatcher.
Requires https://github.com/rapid7/meterpreter/pull/6 from the
meterpreter repo as well as compiling fresh DLL for
ext_server_stdapi.
2013-03-12 02:06:38 -04:00
Spencer McIntyre
bf54b582c9
Condense the decoder commands
2013-03-08 16:29:03 -05:00
Spencer McIntyre
8b5a83c7f5
Remove the DECODER option
2013-03-08 15:25:16 -05:00
Spencer McIntyre
aceba9fc8a
Revert "escape ticks and spaces in paths"
...
This reverts commit 4c87b1ba36
.
2013-03-08 14:37:28 -05:00
James Lee
0a9b00e24c
Apparently missed part of mubix's original changes
...
Used by auxiliary/admin/smb/list_directory
2013-03-07 21:20:46 -06:00
James Lee
c3fa62cd59
Whitespace at EOL
2013-03-07 18:16:57 -06:00
Meatballs
df3361df50
Merge branch 'master' into wds_scanner_repull
2013-03-07 20:09:44 +00:00
James Lee
f05431791f
Merge branch 'dmaloney-r7-feature/ssl/add_cipher_support' into rapid7
2013-03-07 12:54:39 -06:00
James Lee
27f43d3d1c
Param name goes before type
2013-03-07 12:50:43 -06:00
James Lee
c41bfa9141
Whitespace
2013-03-07 12:45:01 -06:00
David Maloney
06443ea4d0
yarddoc cleanup
2013-03-07 11:52:58 -06:00
David Maloney
007b26d918
dry up enumerators
2013-03-07 11:35:34 -06:00
David Maloney
7332d31523
fix some style things for egypt
2013-03-07 11:11:48 -06:00
James Lee
24c0da0adb
Merge branch 'rapid7' into doc/cleanup-peparsey
2013-03-05 21:00:26 -06:00
James Lee
27727df415
Merge branch 'R3dy-psexec-mixin2' into rapid7
2013-03-05 14:36:55 -06:00
James Lee
3acccd71f7
Whitespace and doc fix
2013-03-05 14:35:27 -06:00
James Lee
a64edb33c4
Make code sections look right in docs
2013-03-05 14:34:11 -06:00
David Maloney
6eb334c925
a little more coverage
2013-03-05 00:01:09 -06:00
David Maloney
d909c00036
better spec coverage
2013-03-04 23:43:18 -06:00
David Maloney
3bb1b2b368
attempt to deal with specs
2013-03-04 19:25:20 -06:00
David Maloney
c121a4e9dc
Some more minor touchups
2013-03-04 18:42:08 -06:00
David Maloney
8b6b2fbce9
bad error handling fixed
2013-03-04 18:33:03 -06:00
David Maloney
dc7c02e9e8
still trying to get around this sslv2 thing
2013-03-04 18:18:01 -06:00
David Maloney
246977e0cf
Address openssl sslv2 issues
...
Debian/Ubuntu ship openssl without sslv2 compiled in.
we now check for this ahead of time
2013-03-04 17:39:28 -06:00
David Maloney
12201c519a
make sure we close sockets
2013-03-04 16:34:29 -06:00
David Maloney
13ad5cf150
Merge branch 'master' into feature/ssl/add_cipher_support
2013-03-04 15:07:32 -06:00
David Maloney
6dcca7df78
Remove duplicated header issues
...
Headers were getting duped back into client config, causing invalid
requests to be sent out
2013-03-04 11:24:26 -06:00
David Maloney
6d811ce4b9
empty passwords should be allowed
2013-03-04 09:09:11 -06:00
David Maloney
4212c36566
Fix up basic auth madness
2013-03-01 11:59:02 -06:00
David Maloney
902948e5d3
cleanup options
2013-03-01 11:01:00 -06:00
James Lee
5a79fcd11e
Ensure we build only one Authorization header
...
Also fixes an issue where Host headers were generated with nil by
preferring the vhost from Client instead of the default nil from
ClientRequest.
2013-02-28 13:47:30 -06:00
James Lee
425c245771
Axe set_cgi in favor of set_uri
...
They were identical except for a couple of extra bugs in set_cgi.
Also changes ```split("/")``` to ```split("/", -1)```, which behaves
correctly when the input has a seperator at the beginning or end.
2013-02-27 19:13:05 -06:00
James Lee
b0745b090a
Msf HTTP uses this directly, can't axe it
2013-02-27 17:54:31 -06:00
James Lee
4edd46216f
Refactor config -> opts
...
Puts all the evasion stuff in the same place as regular HTTP options to
make it easier to deal with.
2013-02-27 17:29:26 -06:00
James Lee
d5ae54cbb6
More accurate docs
2013-02-27 16:27:37 -06:00
James Lee
d3b3587660
Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2
2013-02-27 14:01:57 -06:00
sinn3r
4085fa73c5
Merge branch 'stephenfewer-master'
2013-02-27 11:13:10 -06:00
James Lee
7a7dd8975f
Hmm, turns out something actually used that
...
Despite comments to the contrary
2013-02-26 18:16:54 -06:00
James Lee
29df20996e
Move most of the configuration into ClientRequest
...
Also fixes in-place modification of the query string which resulted in
duplication of the GET parameters when calling #to_s more than once.
2013-02-26 17:38:09 -06:00
David Maloney
f16cec552a
increase timeout with new checks
2013-02-26 14:27:04 -06:00
David Maloney
2ec2489f52
Test for general ssl before testing ciphers
2013-02-26 14:26:14 -06:00
James Lee
579c11bc69
Set reasonable defaults for more things
...
All current tests are passing now
2013-02-26 14:25:46 -06:00
James Lee
d7de3b75a4
Format Authorization header like others
...
Also sorts the set_*_header methods
2013-02-26 14:18:20 -06:00
James Lee
c206ac4998
Set some reasonable defaults
...
Fixes a number of nil deref issues
2013-02-26 14:15:51 -06:00
David Maloney
1cb2717fe7
fix weak and strong cipher enumerators
2013-02-26 14:13:17 -06:00
James Lee
d463460da7
Default cgi to true when not given
2013-02-26 13:33:54 -06:00
James Lee
764bbbb8e5
Whitespace
2013-02-26 13:33:19 -06:00
James Lee
5e0161d3f7
Reflect new ClientRequst in docs
2013-02-26 13:31:24 -06:00
David Maloney
1869cb5f8d
fix timeout
...
20 seconds is way too long for jsut opening a socket
2013-02-26 13:20:16 -06:00
James Lee
5ac20e1b02
Merge branch 'feature/http/authv2' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/http/authv2
...
Conflicts:
lib/rex/proto/http/client.rb
2013-02-26 12:08:00 -06:00
David Maloney
c104fa6d97
Add spec and a few fixes for set_uri
2013-02-26 11:01:16 -06:00
David Maloney
d9627151c0
Add socket context option
...
Add the option for a socket context so pivoting will work
2013-02-25 15:01:42 -06:00
James Lee
1ce86b7adb
Whitespace
2013-02-25 14:29:10 -06:00
James Lee
e41922853e
Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2
2013-02-25 14:15:22 -06:00
HD Moore
8e8fecd208
Prefer String#encode over Iconv for Ruby 2.0 compat
2013-02-24 13:10:16 -06:00
James Lee
fc07bf16e7
Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2
2013-02-22 15:41:49 -06:00
David Maloney
d15e202f19
Add some YARD docs
2013-02-20 18:47:20 -06:00
David Maloney
8d2233bbdd
first minor cleanup
2013-02-20 15:33:24 -06:00
David Maloney
accd620843
Clean up pry
2013-02-19 23:50:30 -06:00
David Maloney
b2563dd6c2
trying to clean up the mess from the revert
2013-02-19 21:25:37 -06:00
David Maloney
dac1147473
merge client config into opts
2013-02-19 19:41:42 -06:00
David Maloney
de4234f0ad
Some more YARD docs
2013-02-19 18:48:03 -06:00
David Maloney
a4905e43a2
Fix the way creds are passed + YARD
...
some ayrddocs on send_auth plus fix the wierd way i was passing creds
around
2013-02-19 18:40:39 -06:00
David Maloney
0662677a72
First minor cleanup sweep
2013-02-19 17:19:16 -06:00
James Lee
867ab2f269
Whitespace
2013-02-18 19:01:03 -06:00
corelanc0d3r
0d4a6c6a04
support for searchforward option in egghunter
2013-02-18 12:45:49 +01:00
David Maloney
d23ca8f599
Merge branch 'master' into feature/http/authv2
...
Conflicts:
lib/rex/proto/http/client.rb
2013-02-17 22:58:23 -06:00
David Maloney
87d9af585e
fix request_raw
2013-02-17 21:35:19 -06:00
David Maloney
dd26b08197
first run at Clientrequest object
...
need a reliable object class for request_raw and request_cgi so that we
can manipulate requests in a safe and sane manner. It is not a eprfect
solution, but should fix what we need for the auth work.
2013-02-17 19:25:27 -06:00
James Lee
a902480576
Break out subclasses into their own files
2013-02-17 06:57:35 -06:00
Tod Beardsley
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
Meatballs
cbbfa1765e
Handling for 1000 limit
2013-02-11 23:27:03 +00:00
David Maloney
adfd26eb2d
Cleanup to_s output
2013-02-11 17:08:14 -06:00
jvazquez-r7
d4d41f36d4
Merge branch 'bug/basic_auth' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-bug/basic_auth
2013-02-11 21:16:35 +01:00
David Maloney
f90fdcd5eb
Missed nil check
2013-02-11 13:14:05 -06:00
David Maloney
0ccf7dd58a
trust any manualy set basic auth header
...
for now we will assume the module author knows what they are doing.
2013-02-11 13:06:26 -06:00
sinn3r
6e9232bf72
Merge branch 'addr_hex_dump' of github.com:Meatballs1/metasploit-framework into Meatballs1-addr_hex_dump
2013-02-11 11:31:54 -06:00
David Maloney
84534caae1
Fix expliciti basic_auth for http
2013-02-11 10:32:44 -06:00
David Maloney
0f9b16d07f
Scanner class finished, result needs more work
...
the result class needs a nice clean to_s method to print easily readable
output. mostly working now. a few more tweaks needed.
2013-02-09 19:06:17 -06:00
Meatballs
acdd952eb2
Initial commit
2013-02-09 21:50:12 +00:00
David Maloney
c25d4b4863
Test Cipher method underway
...
Trying to get a clever test plan under way to actually test the network
side of this. Not quite working yet
2013-02-09 01:07:56 -06:00
David Maloney
ebb0f166ca
Accept propper formats for SSL version
...
we were only accepting sloppy string values and not accepting input of
the actual symbols that OpenSSL expects in the first place. Allow the
user to enter it right themselves to be compat with OpenSSL
2013-02-09 00:40:58 -06:00
David Maloney
38d0a244fd
Beginings of the actual scanner
...
configuration and configuration validation in place with tests.
2013-02-09 00:03:58 -06:00
Meatballs
595cace025
Fixup wldap32 mistakes
2013-02-08 22:25:07 +00:00
Meatballs
a980419285
msftidy
2013-02-08 21:02:37 +00:00
Meatballs
a6fea39583
Change to wldap to allow cdecl
2013-02-08 21:01:22 +00:00
Meatballs
a9bf09aa06
Add calling conv to railgun
2013-02-08 19:26:33 +00:00
David Maloney
3295157f78
More support for various checks
2013-02-08 13:25:49 -06:00
James Lee
5b3b0a8b6d
Merge branch 'dmaloney-r7-http/auth_methods' into rapid7
2013-02-08 12:45:35 -06:00
David Maloney
dfc7ce9381
fix stupid datat structure
...
also supports a boolean value for whether the cipher is weak or not
2013-02-08 11:33:36 -06:00
James Lee
071df7241b
Merge branch 'rapid7' into sonicwall_gms
...
Conflicts:
modules/exploits/multi/http/sonicwall_gms_upload.rb
Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
2013-02-07 21:53:49 -06:00
James Lee
bf28be7cff
Fix some comments that yard parsed incorrectly
2013-02-07 18:36:04 -06:00
David Maloney
5c9f946927
empty shells for the scanner and its specs
2013-02-07 16:16:41 -06:00
David Maloney
096360261e
De-dup cipher results
2013-02-07 16:09:47 -06:00
David Maloney
4e87bf4ab3
Add enumeration and support options
...
i lied, there's more. Adds two enumerators and methods to check for
specific ssl version support as well as a quick method to tell if the
server supports ssl at all.
2013-02-07 15:51:07 -06:00
David Maloney
10e017ae73
finish up the SSLScan::Result class
...
finishes up result class for SSLScan , compelte with tests
2013-02-07 14:56:26 -06:00
David Maloney
7036365e04
Start adding sslscan results object
...
Building out the result object for the SSlScan
2013-02-07 12:42:18 -06:00
James Lee
a15889305a
Return a Request object
...
Still changes the return type, but now at least .to_s will give you the
right thing and at least a Request object is a logical thing to return.
2013-02-06 18:56:06 -06:00
David Maloney
ebd03ccceb
Allow user to set ssl cipher
...
Rex::Socket::Tcp now allows the user to specify a cipher or ciphers to
try and use for the ssl connection in addition to the version.
2013-02-06 16:57:47 -06:00
David Maloney
888bb80ab6
more comments
2013-02-05 11:55:12 -06:00
David Maloney
16b4fb1faa
Added some comment documentation
2013-02-05 10:36:51 -06:00
David Maloney
463a45ccaf
if we don't support the auth return original res
...
make sure we return the original 401 if we don't support the auth.
2013-02-05 09:57:33 -06:00
David Maloney
af6b0615fb
fix pipelining
...
winrm is unforgiving of pipelining from non ntlm requests into the
challenge response cycle. we must clear our initial tcp session before
starting ntlm auth for winrm
2013-02-04 16:42:24 -06:00
David Maloney
9b84e5b3c4
Fix raw requests to work as well as cgi
2013-02-04 13:59:58 -06:00
David Maloney
9497e38ef7
Fix http login scanner
...
Fix the http_login scanner to use new buitin auth
2013-02-04 12:31:19 -06:00
David Maloney
8d817dcbb5
fix iis digest support mistake
...
Digest auth working automatically
2013-02-01 15:49:18 -06:00
David Maloney
6c12fa26bc
oodles of small fixes
...
Basic, NTLM and Negotiate auth all working transparently
Have to test digest auth still
2013-02-01 15:12:11 -06:00
David Maloney
61969d575b
remove mixin require, more datastore clenaup
2013-02-01 15:12:11 -06:00
David Maloney
efe0947286
Start fixing datastore options
2013-02-01 15:12:11 -06:00
David Maloney
ef1fc58e5e
Remove mixin, start moving into Rex
...
move auth awareness into rex itself
2013-02-01 15:12:11 -06:00
Meatballs
739204b86d
Build upon A.Maloteaux's SMB fixes
2013-01-31 20:17:25 +00:00
Meatballs
1e60817ec9
Remember the SMB Changes
2013-01-31 20:07:48 +00:00
Meatballs
70167ac667
Repull
2013-01-31 19:53:37 +00:00
jvazquez-r7
1e1cbd7445
Merge branch 'wldap32_railgun' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-wldap32_railgun
2013-01-30 21:01:31 +01:00
sinn3r
fc833ea8df
Catch exceptions and return value
2013-01-28 10:30:59 -06:00
rogueclown
169f91159e
added 'from' PID to meterpreter migrate message
2013-01-27 21:18:49 -06:00
Rob Fuller
27aae87c18
Stop aggravating default show screenshot
...
A better fix would have it detect default browsers
as being text only like lynx. But this has got to
go one way or another. Loosing shell because I forgot
to do -v false is wall punch worthy
2013-01-24 22:06:51 -05:00
HD Moore
d6ed6cd5e4
Fix a stack overflow in bidirectional pipe
2013-01-22 00:27:03 -06:00
Meatballs1
567185ec65
Better cleanup and address comments
2013-01-20 00:19:17 +00:00
Meatballs1
4ee80e76bd
msftidy wldap32
2013-01-19 23:15:20 +00:00
Tod Beardsley
9f42abdb95
Whitespace fixup
2013-01-18 15:44:52 -06:00
Tod Beardsley
0c3e7ee3e0
Merge remote-tracking branch 'Meatballs1/reboot_force2'
2013-01-18 15:01:51 -06:00
Tod Beardsley
bfd58e9570
Add a comment doc for future parser writers
2013-01-18 14:59:41 -06:00
Tod Beardsley
ef97b20cb7
Merge branch 'wds_unattend'
2013-01-18 14:42:00 -06:00
James Lee
4fd4af1f43
Fix typo that breaks record_mic command
2013-01-16 16:30:38 -06:00
kernelsmith
3210c5382e
undo vestiges of attempt to add tab_complete nesting
...
return code to original state before I started editing
2013-01-16 00:49:54 -06:00
kernelsmith
3c44769bd8
attempt to add nested tab completion
2013-01-14 14:15:13 -06:00
sinn3r
90b0a7035b
Recover the prompt again
2013-01-13 13:24:48 -06:00
Spencer McIntyre
b178ce1895
allow the mixin to auto detect an available decoder binary
2013-01-12 17:31:11 -05:00
sinn3r
2f2a5c1d47
[FixRM: #2100 ] Rescue TerminateLineInput in irb
...
In irb, when you hit ^c, you will get an ugly backtrace. This
fix handles that exception.
2013-01-12 01:43:40 -06:00
sinn3r
4546d147d0
Merge branch 'master' of github.com:stephenfewer/metasploit-framework into stephenfewer-master
2013-01-11 01:43:45 -06:00
James Lee
19ff7f93ae
Merge remote-tracking branch 'wchen-r7/encoder_fixes' into rapid7
2013-01-10 17:41:08 -06:00
James Lee
0f346dde9e
Some whitespace and ruby -c fixes
2013-01-10 17:29:54 -06:00
James Lee
ab64c428ab
Merge remote-tracking branch 'kernelsmith/RM7676-migrate-h' into rapid7
2013-01-10 17:24:11 -06:00
James Lee
d4854606f2
Cosmetic fixes
...
[FixRM #7223 ][See #1283 ]
2013-01-10 17:18:25 -06:00
sinn3r
192279544b
BufferRegister should be validated.
...
If BufferRegister is in lower-case, then gen_decoder_prefix will
return nil. When the return value is nil, other functions like
gen_decoder() will backtrace due to a "undefined method "+" for nil"
error. Therefore, this input should NOT be case-sensitive.
Also, if for some reason the user supplies an invalid BufferRegister,
the function should be aware of that and warn the user about the
bad input.
2013-01-10 17:14:38 -06:00
James Lee
afb12983ab
Merge branch 'rapid7' into kernelsmith-msfconsole-suspend
2013-01-10 16:40:27 -06:00
kernelsmith
e8c239dc81
changed TODO to @todo per egypt
2013-01-10 16:35:01 -06:00
kernelsmith
b3266823ba
Addressed egypt's comments
...
-changed the suspend/resume loop logic to reduce code duplication.
-fixed up some print_*'s to remove embedded \n's
-changed formatting on some error messages
-switched comment to a TODO:
-change host_processes.select (blah} to use .find instead
-adjusted code due to remvoal of the pids.dup, resulting in arr_pids
disappearing
2013-01-10 15:40:54 -06:00
kernelsmith
b11f941387
cleaned up at validate_pids conversion, fixed YARD doc
...
in validate_pids no longer need dup as conversion to ints was cleaned
up to use map. Which also improved readability and allowed adding uniq
and compact, thanks egypt.
YARD doc on cmd_suspend was incorrectly organized
2013-01-10 14:59:02 -06:00
Stephen Fewer
8e6e1bc164
open up the bloxor encoder.
2013-01-10 17:39:40 +00:00
Spencer McIntyre
4c87b1ba36
escape ticks and spaces in paths
2013-01-10 09:15:24 -05:00
kernelsmith
92e8def889
adds suspend to meterp and adds full pid validation
...
This fully fixes RM7223 and adds the suspend command to the meterpreter
interface.
Suspend allows you to suspend and resume running processes on the
targethost. It was originally written as a post module (and the dll
version will be submitted as such later), but egypt suggested I add it
to meterpreter
2013-01-09 23:25:32 -06:00
HD Moore
4c1e501ed0
Exploit for CVE-2013-0156 and new ruby-platform modules
2013-01-09 23:10:13 -06:00
kernelsmith
4728a59189
fixes RM7676 migrate -h doesn't produce help
...
also adds YARD doc to cmd_migrate in collusion with egypt.
low threat change, but still tested on Win7-32 sp0, ruby 1.9.3-p125,
Framework Version: 4.6.0-dev just for kicks
2013-01-09 16:28:04 -06:00
kernelsmith
3b8914c270
skeleton & YARD doc for cmd_suspend added
...
functionality untested atm.
cmd_suspend_help also added
2013-01-09 15:34:04 -06:00
Spencer McIntyre
1a98393ffa
fix for OSX and remove unnecessary lines
2013-01-09 10:10:56 -05:00
sinn3r
be36c4ebef
Some machines are sensitive about this.
2013-01-07 22:32:43 -06:00
sinn3r
1d3c1ec7fc
Merge branch 'master' of github.com:CharlieEriksen/metasploit-framework into CharlieEriksen-master
2013-01-07 19:03:35 -06:00
James Lee
a0e6c7043b
Add actual cdata handler
...
Netsparker puts requests, responses, and info for vulns inside a cdata
(which makes sense because it's usually html snippets). This commit
handles that so report_web_vuln will actually be somewhat useful. Note
that the request is ignored by report_web_vuln despite there being a
place for it in the WebVuln model.
[SeeRM #7665 ]
2013-01-07 17:16:48 -06:00
James Lee
8bfca52941
Clear state for new vulns
...
[FixRM #7665 ]
2013-01-07 16:27:40 -06:00
James Lee
3f9c459545
Fix ArgumentError when importing netsparker xml
2013-01-07 12:21:08 -06:00
Charlie Eriksen
25cadf8b87
Adding exploit for CVE 2012-4915
...
Initial commit.
Major functionality working. A bit of polish is still needed in a few
spots to handle exceptions and such.
2013-01-05 14:21:02 +00:00
Meatballs1
04714893c8
Add force option to reboot command
2013-01-04 09:20:56 +00:00
Spencer McIntyre
3c039327c0
include the new mixin
2013-01-02 13:41:57 -05:00
Spencer McIntyre
7aed6e44e1
Initial commit of the Bourne shell command stager, nothing uses it yet.
2013-01-02 13:28:08 -05:00
Meatballs1
0b3143ff45
Fix railgun EOL
2012-12-30 16:32:15 +00:00
Tod Beardsley
8cd7c2783e
Indentation fixes
2012-12-28 14:36:06 -06:00
Tod Beardsley
7a0a230e92
Put the coding: binary magic comment back
2012-12-28 14:16:56 -06:00
Tod Beardsley
4002759fcf
Bring some sanity to the Array#packs
2012-12-28 14:16:08 -06:00
sinn3r
e05b55f32d
Add new functions
2012-12-28 03:48:35 -06:00
sinn3r
0344c568fd
Merge branch 'smb_fixes' of git://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-smb_fixes
2012-12-18 11:38:14 -06:00
Meatballs1
378038afab
Merge remote-tracking branch 'upstream/master' into wldap32_railgun
2012-12-17 17:23:43 +00:00
Meatballs1
6a92bd609a
Tidying and refactoring
2012-12-17 15:29:04 +00:00
Meatballs1
b5fd3463d7
Initial working AD_LDAP lookup
2012-12-17 14:07:35 +00:00
Rob Fuller
b3118afcbb
Correct Railgun WriteProcessMemory var type
...
This is described here:
https://dev.metasploit.com/redmine/issues/7237
After change operates as expected.
2012-12-15 23:11:52 -05:00
Meatballs1
3127808f76
Revert/remove unnecessary files
2012-12-13 11:02:54 +00:00
Meatballs1
e60d10bd3d
Repackage as single module pull
2012-12-13 09:40:36 +00:00
kernelsmith
11fec0bc07
adds rudimentary validity checking to pids for meterp kill
...
addresses redmine https://dev.metasploit.com/redmine/issues/7223 , but
may not be a truly encompassing solution. 'good bandaid' as egypt put
it
2012-12-05 13:17:33 -06:00
Alexandre Maloteaux
c0c3dff4e6
Several fixes for smb, mainly win 8 compatibility
2012-11-28 22:49:40 +01:00
nmonkee
937e49378c
Syntax fix
...
Doh, missed one.
2012-11-22 09:57:08 +00:00
nmonkee
79c0507077
Fix syntax errors
2012-11-22 09:43:16 +00:00
nmonkee
088d20c5a9
Made requested changes
2012-11-22 09:28:50 +00:00
Meatballs1
e057467329
Initial attempt
2012-11-18 21:24:49 +00:00
Tasos Laskos
c659b37c94
Updated indentation to use tabs
2012-11-16 23:11:48 +02:00
nmonkee
f04dc587b6
made requested changes
2012-11-15 00:13:06 +00:00
Tasos Laskos
7032ef0f6f
Merge remote-tracking branch 'upstream/master' into web-modules
2012-11-09 00:21:38 +02:00
nmonkee
bdbf6ea9bb
SAP NI Proxy Support (SAProuter) - see http://labs.mwrinfosecurity.com/blog/2012/09/13/sap-smashing-internet-windows
2012-11-06 21:16:32 +00:00
HD Moore
0d6acad1a0
Updates for PR #981 (cleanup)
2012-11-02 15:47:52 -05:00
HD Moore
0bf5f63d67
Merge branch 'master' into feature/addp-modules
2012-11-02 15:41:03 -05:00
HD Moore
52f0bca9be
Merge branch 'master' into feature/addp-modules
2012-11-02 15:40:36 -05:00
Tasos Laskos
33502b52b0
Rex::Text.refine: removed redundant Array operations
2012-11-02 16:10:42 +02:00
Tasos Laskos
385d225305
Updated support for Web modules and analysis techniques (committing to new clean branch due to corruption)
2012-11-01 21:14:38 +02:00
jvazquez-r7
c27a4d5de2
Merge branch 'master' into bug/handle-100-continue
2012-10-31 18:56:33 +01:00
James Lee
d0650dfb25
Put a bandaid over getsockname
...
Depending on how a socket was created, #getsockname will return either a
struct sockaddr as a String (the default ruby Socket behavior) or an
Array (the extend'd Rex::Socket::Tcp behavior). Avoid the ambiguity when
generating SSL certificates for meterpreter handlers by always picking a
random hostname.
This is by no means a proper fix for the underlying problem of
Socket#getsockname having ambiguous behavior before and after being
extended with Rex::Socket::Tcp. It does, however, solve the immediate
problem of not being able to create tunneled meterpreter sessions over
http(s) sessions.
[SeeRM #7350 ]
2012-10-29 22:45:46 -05:00
HD Moore
6ec392c4cf
Add Rex::Text.sha1 and Rex::Text.sha1_raw
2012-10-28 23:49:21 -05:00
HD Moore
adc9532ec7
Reset this back to master's copy, fixes this pull
2012-10-28 23:13:32 -05:00
HD Moore
3a42eb3f73
New modules and library for the ADDP protocol
2012-10-28 23:04:18 -05:00
HD Moore
43fe219a05
This improves handling of 100-continue responses
2012-10-28 22:57:18 -05:00
James Lee
dafb56f6b6
Merge branch 'dmaloney-r7-findpids' into rapid7
...
[Closes #950 ]
2012-10-22 15:52:07 -05:00
James Lee
651f9b9c8f
Use opts.usage instead of a Table
2012-10-22 15:16:55 -05:00
James Lee
ffa4373242
Merge branch 'rapid7' into wchen-r7-print_warning
...
[Closes #899 ]
2012-10-19 13:49:32 -05:00
Meatballs
e1a4ec2fcc
Fix to SMB Client when using find_first on a directory with exactly 20 files.
2012-10-17 21:58:20 +01:00
James Lee
45a60b6bdd
Clarify why we need to sleep.
...
[Closes #911 ][FixRM #7344 ]
2012-10-15 17:54:18 -05:00
Raphael Mudge
f4b151f63d
Detect and mitigate CPU starvation condition [SeeRM #7344 ]
2012-10-15 17:54:18 -05:00
sinn3r
d36f642edc
Add print_warning()
2012-10-12 21:48:15 -05:00
Tod Beardsley
95fef5d607
Merge remote branch 'dalton/master'
2012-10-08 08:28:23 -05:00
Rob Fuller
b984d33996
add RunAs ask module
2012-10-06 00:51:44 -04:00
James Lee
9d4427270e
Merge branch 'rapid7' into bug/active_support/dependencies-compatibility
...
[Closes #843 ]
2012-10-04 17:18:07 -05:00
Luke Imhoff
df9db42c32
Fix module reloading
...
[#36737359 ]
The merging of reload_module and the various load_module methods
resulted in the module loading from disk, but because the Hash entry in
the module manager was not deleted before on_module_load was called, the
newly reloaded module was logged as an ambiguous module name instead of
a reload. In order to report the reload errors correctly, I determined
that module_load_error_by_reference_name should really be
module_load_error_by_path. I eliminated faild in favor of this new name
since failed was just calling the attribute and the attribute's name is
clearer about the format of the data.
Tested by run rexploit and then exiting over and over with
ms08_067_netapi. When I messed up the file so it couldn't load, by
adding `inclde Exploit` (note mispelling of `include`), it reported the
error to msfconsole. When I removed the bad line and added a puts
"RELOADING <n>", where I kept incrementing n and saving the file, the
new number appeared during each rexploit.
2012-10-04 16:32:12 -05:00
sinn3r
2a88aab209
set mode
2012-10-02 15:46:16 -05:00
sinn3r
6d815bce4e
Haters gon hate, Windows' gotta be Windows.
2012-10-02 15:27:13 -05:00
sinn3r
8d6e858604
What open()? This open()!
2012-10-02 15:20:38 -05:00
sinn3r
e141a84f6b
Not having a newline at the end of the file is a crime
2012-10-02 15:19:12 -05:00
sinn3r
ba1b65742e
Separate XML for various DLLs.
2012-10-02 11:27:10 -05:00
sinn3r
f2c7731b39
Add RopDb mixin
2012-10-01 17:09:01 -05:00
David Maloney
4511dead88
Fix up the ps help
2012-09-21 13:45:09 -05:00
David Maloney
5738d808ba
Add a bunch of extra filter options
2012-09-21 13:27:16 -05:00
David Maloney
14c94e4f03
rolled changes into existing ps command
...
Some users requested this be added to the ps
command via a -S opt instead of creating a new command.
This limits the search to only one search parameter at a time
but with the ability to pass RegEx I think that's fine
2012-09-19 08:28:36 -05:00
David Maloney
4dbe7767ca
Merge branch 'master' into findpids
2012-09-19 07:55:54 -05:00