Commit Graph

3020 Commits (4928cd36e4123e8398cad397746c6af1196be22e)

Author SHA1 Message Date
sinn3r b6c7116890 Land #1778 - Mimikatz Fix for table.print and x86 warning 2013-09-20 16:13:53 -05:00
Meatballs 5add142789 Choose smallest smallest 2013-09-20 13:47:51 +01:00
Tod Beardsley e9e1b28ba8
Land #2371, echo -e cmd stager 2013-09-19 14:47:39 -05:00
Meatballs 11bdf5d332 New pull 2013-09-19 19:57:38 +01:00
Meatballs 72155f8e9e Comment update 2013-09-19 19:46:05 +01:00
OJ 598e85a8d9 Fix for dangling port forwards
Code tears down the port forwards prior to migrating so that we don't end up with dangling connections that don't work.
2013-09-19 19:27:54 +10:00
Tod Beardsley f4e2e0ac11 Clear report_data on each host report 2013-09-18 17:11:22 -05:00
jvazquez-r7 dd7010d272 Fix @todb-r7 feedback 2013-09-17 20:54:19 -05:00
Tod Beardsley dae8847c4d
Land #2374, more complete 32/64 migrate fix
[FixRM #8395]
2013-09-17 14:52:04 -05:00
James Lee 21055f6856 Add x86 to meterpreter's binary suffix
This makes x86 more consistent with x64.

Also replaces a bunch of instances of:
  File.join(Msf::Config.install_root, 'data', ...)
with the simpler
  File.join(Msf::Config.data_directory, ...)

[See rapid7/meterpreter#19]
2013-09-16 21:52:04 -05:00
Joe Vennix d954d64f69 Add NODEJS arch constants. 2013-09-16 21:33:44 -05:00
Joe Vennix 217449a836 Ensures termination of inner while loop and cleans up #map.
* Tested working against ubuntu target using the sshexec test script.
2013-09-16 20:42:20 -05:00
jvazquez-r7 edec022957 Use shellwords, as recommended by @jvennix-r7 2013-09-16 16:35:45 -05:00
James Lee d6954e9ce7 Fix migrate from 32- to 64-bit processes
In some cases, it was possible to end up in a situation where the x64
reflective library hadn't been loaded by the time a user typed migrate.
If the target process was 64-bit, msfconsole would error out with a
NoMethodError and much sadness would ensue.

[See #2356]
2013-09-16 16:04:50 -05:00
jvazquez-r7 a5049df320 Add echo CmdStager 2013-09-16 11:35:05 -05:00
Meatballs b4d1fd6ff8 Fixup rex text 2013-09-13 21:15:28 +01:00
Meatballs 9ade4cb671 Refactor 2013-09-13 20:43:09 +01:00
HD Moore 72dff03426 FixRM #8396 change all lib use of regex to 8-bit pattern 2013-09-12 16:58:49 -05:00
Tab Assassin 8bc83f4922 Retab changes for PR #1420 2013-09-05 16:21:26 -05:00
Tab Assassin d6a7ce5328 Merge for retab 2013-09-05 16:21:13 -05:00
Tab Assassin 785c2eeb95 Retab changes for PR #1421 2013-09-05 16:20:04 -05:00
Tab Assassin a5cf67a9af Merge for retab 2013-09-05 16:19:51 -05:00
Tab Assassin b3b8cee870 Retab changes for PR #1473 2013-09-05 16:19:05 -05:00
Tab Assassin 0ba4e1da65 Merge for retab 2013-09-05 16:18:56 -05:00
Tab Assassin 3c1df47314 Retab changes for PR #1681 2013-09-05 16:10:40 -05:00
Tab Assassin a231e85293 Merge for retab 2013-09-05 16:10:28 -05:00
Tab Assassin 2e9096d427 Retab changes for PR #1734 2013-09-05 14:59:41 -05:00
Tab Assassin 322ed35bb4 Merge for retab 2013-09-05 14:59:34 -05:00
Tab Assassin 2846a5d680 Retab changes for PR #1770 2013-09-05 14:57:40 -05:00
Tab Assassin 269c1a26cb Merge for retab 2013-09-05 14:57:32 -05:00
Tab Assassin 701513a212 Retab changes for PR #1778 2013-09-05 14:56:35 -05:00
Tab Assassin 3788bab8e5 Merge for retab 2013-09-05 14:56:30 -05:00
Tab Assassin 26b8364dcb Retab changes for PR #1789 2013-09-05 14:44:21 -05:00
Tab Assassin 789be1fe3e Merge for retab 2013-09-05 14:44:14 -05:00
Tab Assassin 81479a6ade Retab changes for PR #2093 2013-09-05 14:31:10 -05:00
Tab Assassin 8a76b3390d Merge for retab 2013-09-05 14:31:05 -05:00
Tab Assassin 874ed2ac17 Retab changes for PR #2107 2013-09-05 14:30:08 -05:00
Tab Assassin 27564b2de2 Merge for retab 2013-09-05 14:30:03 -05:00
Tab Assassin daed98931e Retab changes for PR #2158 2013-09-05 14:19:55 -05:00
Tab Assassin 27fd54092a Merge for retab 2013-09-05 14:19:49 -05:00
Meatballs 051ef0bdfa Refactor to common post module 2013-09-02 20:24:54 +01:00
Tab Assassin 7e5e0f7fc8 Retab lib 2013-08-30 16:28:33 -05:00
Meatballs 1ea3d91f48 Lands #2244 Python Meterpreter
[Closes #2244]
2013-08-30 14:33:35 +01:00
Meatballs 526e504531 More fix 2013-08-25 12:21:37 +01:00
Meatballs d45d37bc38 Really fix... 2013-08-25 00:18:50 +01:00
Meatballs 83da0b3a57 Correct fname 2013-08-25 00:17:26 +01:00
Meatballs 19e47d5e82 Really fix war 2013-08-25 00:06:31 +01:00
Meatballs b4b59aa065 Add guards against empty payloads 2013-08-24 11:59:59 +01:00
Meatballs 09ceeb5de2 Fix war generation 2013-08-23 20:06:57 +01:00
Meatballs 41b1b30438 vba transform 2013-08-23 18:00:19 +01:00
Meatballs 7370fc3f4e vbs transform 2013-08-23 16:26:03 +01:00
Meatballs 5040347521 Fix psh and add powershell transform 2013-08-23 15:59:19 +01:00
Spencer McIntyre e276b57ee7 Merge remote-tracking branch 'upstream/master' into python-meterpreter-dev 2013-08-19 08:37:12 -04:00
James Lee ed00b8c19e Ensure checksum* methods return a Fixnum
Fixes a bug in reverse_http* stagers where requests for the root URI
(i.e., "/") cause a NoMethodError on nil returned by checksum8.

[See #2216]
2013-08-14 14:09:37 -05:00
James Lee 3827b14103 Land #1726, ssl verify mode
Conflicts:
	lib/rex/socket/parameters.rb
Fix doc strings
2013-08-12 17:57:10 -05:00
Meatballs 08c32c250f File versions 2013-08-08 19:42:14 +01:00
Spencer McIntyre 2d69174c5b Initial commit of the python meterpreter. 2013-08-05 23:38:49 -04:00
RageLtMan 7c46e95e8f Merge branch 'master' of https://github.com/rapid7/metasploit-framework into powershell_import 2013-07-31 18:34:57 -04:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
jvazquez-r7 455569aee8 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-29 12:10:12 -05:00
Meatballs b99ad41a64 Add api constants and tidy 2013-07-26 01:48:39 +01:00
Meatballs 0235e6803d Initial working 2013-07-25 23:24:11 +01:00
Meatballs 1d2d4b5345 Add some null checks 2013-07-25 18:35:11 +01:00
jvazquez-r7 47c21dfe85 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-24 11:42:11 -05:00
Tod Beardsley 00630376c3 Revert the default call to firefox
This reverts commit 0928a370f3.

No, no, you guys are right in the comments for #2148. The call to
system is inside the else, but the tabbing made my eyes cross.
Sorry about that. Someday soon, @tabassassin will save us all from these
kinds of screw ups in mental parsing.
2013-07-23 16:13:02 -05:00
William Vu d493346691 Land #2137, fixes and specs for Opt containers 2013-07-23 15:58:09 -05:00
David Maloney 621568bf8f Another Error Type needs caught
Different systems throw a different error
Need to rescue that error too
2013-07-23 15:47:42 -05:00
William Vu 86ab942435 Land #2146, Unix and Windows path normalization 2013-07-23 15:23:41 -05:00
Tod Beardsley 0928a370f3 Adding back default firefox
the default is triggered only outside the case statement, which itself
is totally bizarre. I can't tell if anyone is relying on this behavior
right now, but it's too premature to just remove it out at this point.
2013-07-23 14:43:30 -05:00
Tod Beardsley 53c3fd2ce7 Update comment docs on Rex::Compat.open_browser 2013-07-23 14:38:04 -05:00
ZeroChaos ce5742461a update open_browser functionality
open_browser didn't support xdg-open or firefox-bin.  xdg-open was made the default as it is the most likely to succeed afaik.

the fallback to firefox was removed because since we check for the existence of firefox is makes no sense to try to run it after we failed to find it.  This will silently fail if no supported browser is found due to suggestions from the msf team:

< Zero_Chaos> more importantly, it would be great if someone told me how to spit out a message to the user
< Zero_Chaos> because I have no clue :-)
<@egypt> Zero_Chaos: it's in rex, so the answer is "don't"
2013-07-23 14:58:16 -04:00
Tod Beardsley bb16683415 Land #2087, @egypt's random ID generator 2013-07-23 13:52:08 -05:00
sinn3r 958a4edd73 Keep the trailing slash if the user wishes 2013-07-22 20:46:18 -05:00
sinn3r 359009583f Drop support for UNC path parsing in normalize_win_path
Not really a good idea to try to parse UNC format. Confuses the
purpose of the function.
2013-07-22 20:20:45 -05:00
sinn3r 4b3fce9349 Add functions to normalize Winodws & Unix paths
The purpose of these functions is to be able to join file/dir paths
safely without trailing slashes, basically for the same reason as
normalize_uri.  Some modules are really buggy when merging paths,
so instead of letting them do it, it's better to use these functions.
2013-07-22 19:26:04 -05:00
jvazquez-r7 15b0e39617 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-21 13:47:40 -05:00
RageLtMan dc15c5b505 Merge branch 'master' into powershell_import
Resolve conflicts from old code being pulled into master.

Conflicts:
	lib/msf/core/exploit/powershell.rb
	modules/exploits/windows/smb/psexec_psh.rb
2013-07-20 19:29:55 -04:00
sinn3r 757cf18bb4 Land #2135 - Update FF detection 2013-07-20 13:10:14 -05:00
Joe Vennix 92ae90b828 Whitespace fixes. 2013-07-19 17:27:27 -05:00
Joe Vennix 2e838d7be3 Fix minor bugs discovered when testing. 2013-07-19 17:18:39 -05:00
Joe Vennix 7e2fc147f1 Add updated versions of firefox. 2013-07-18 16:35:57 -05:00
David Maloney ec82644bd3 mo fixes mo specs
SEERM #7536
SEERM #7537
2013-07-18 15:00:57 -05:00
jvazquez-r7 58229ff8b7 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-17 20:18:48 -05:00
James Lee 9d56e58e84 Rely on object detection for '5716599'
[SeeRM #7252]
2013-07-17 15:47:25 -05:00
jvazquez-r7 458ac5f289 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-17 15:02:33 -05:00
jvazquez-r7 11f8b351c0 Merge branch 'nvidia' of https://github.com/Meatballs1/metasploit-framework 2013-07-17 11:44:42 -05:00
William Vu 54af2929f5 Land #2109, kill stray character 2013-07-16 11:11:06 -05:00
Joe Vennix 34e732eabd Kill stray character in whitespace gutter. 2013-07-16 10:14:41 -05:00
RageLtMan 987d6a671f Allow passing MaxChar to Rex::Ui::Text::Table cols
Passing MaxChar allows setting the maximum number of characters
printed within a specific column during the row_to_s method.
This does not affect CSV output nor truncate the actual data.
Meant for tidying up long console ouput.

Example: cleaned up cmd_creds to show proof and not maul tables
with unix session data.
2013-07-10 20:00:40 -04:00
James Lee 85affe4d47 Land #2089, smb last_filename can be nil 2013-07-10 14:18:00 -05:00
James Lee 4cc179a24c Store inverted hash for better lookups
Also clarifies comment about infinite loops
2013-07-10 12:38:42 -05:00
sinn3r 71974a8535 to_addr_hex_dump is never used and is too similar to to_hex_dump
Not so much value in to_addr_hex_dump, as Meatballs1 suggested, we
should remove this.
2013-07-10 11:09:47 -05:00
sinn3r add294d999 Fix potential nil in last_filename
Replacing #2060.  It is possible to get a nil in last_filename if
the sub! function doesn't find any 0x00s to replace, so instead
it's best to use sub(), which should at least return the original
filename.  To make sure we don't hit any other unknown conditions
that may result in nil last_filename, it's also convert with to_s
to make sure it's always a string.
2013-07-09 12:50:19 -05:00
James Lee afa6a36df3 Make first char's character class configurable 2013-07-09 02:50:28 -05:00
James Lee 273046d8f0 Add a class for generating random identifiers
Will be useful for all kinds of things, but brought about in discussions
specifically for Util::EXE in #2037.
2013-07-09 02:06:44 -05:00
Meatballs 0ce3fe2e7c Added service status checks to Post::Windows::Services
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
2013-07-05 22:25:04 +01:00
RageLtMan 4554cc6e51 Import Powershell libs and modules (again)
Add Rex powershell parser:
 reads PSH, determines functions, variables, blocks
 compresses and cleans up the code it's read, obfuscates
 handles string literals and reserved variable names
 extracts code blocks and functions for reuse
  turns powersploit into a useful sub-component for MSF
Rewire Msf powershell modules
 Make use of Rex parser
 Handles payload generation, substituions
 Brings convenience methods - byte array generation and download
 Re-add .NET compiler
  Compiles .NET code (C#/VB.NET) in memory
  Can generate binary output file (dynamic persistence)
  Handles code-signing (steal cert with mimikatz, sign your bin)
  Not detected by AV (still...)
 Update payload generation
  GZip compression and decompression (see Rex module as well)
  msftidy violations for space efficiency - each char counts
Re-submit psexec-psh
 Makes use of updated Msf and Rex modules
 Runs shellcode in-memory (in a hidden PSH window)
 Completely bypasses all AVs tested for the last year...
2013-07-04 14:04:19 -04:00
William Vu 28a4a05991 Land #2046, base argument for to_hex_dump 2013-07-02 12:11:05 -05:00
sinn3r 98c214d2fb Allow 0 base address, and dynamic left column length 2013-07-02 11:40:23 -05:00
jvazquez-r7 2ceb404f7d Land #2047, @hmoore-r7 ipmi related work 2013-07-02 11:13:25 -05:00
sinn3r 9eb32ea9af Allow "base" argument for to_hex_dump
[SeeRM:#8121] - For debugging purposes, it's useful to be able to
specify a base.
2013-07-01 23:56:51 -05:00
jvazquez-r7 2751470c71 Add @jlee-r7's feedback to sapni proxies support 2013-07-01 21:37:53 -05:00
jvazquez-r7 9c4d869ed8 Land #1018, @nmonkee's support for sap router proxies 2013-07-01 21:36:02 -05:00
HD Moore 8e4dd29a4c Add cipher zero scanner 2013-06-30 02:35:37 -05:00
HD Moore 4fb6fa67f2 Fix require for constants, trim useless fields from banner 2013-06-26 09:59:40 -05:00
HD Moore 84117e28a8 Remove stale constants.rb require 2013-06-26 09:52:15 -05:00
James Lee b3b94c7a73 Break packet classes into their own files
This makes the file structure match the class structure and makes the
source tree easier to grok.
2013-06-24 19:24:09 -05:00
HD Moore 1801a5a270 Better HP iLO compatibility (retry on session ID error) 2013-06-24 14:23:53 -05:00
HD Moore c869112407 Cleanup, reporting, and automatic cracking 2013-06-23 01:35:31 -05:00
HD Moore 5656e0cb7a Initial commit of IPMI library, scanner, & cracker 2013-06-22 23:38:28 -05:00
Meatballs 6c62463f83 Add ipv6 resolution and remove nix 2013-06-20 22:17:31 +01:00
jvazquez-r7 1aff778a79 Fix unpack 2013-06-18 09:06:44 -05:00
jvazquez-r7 3f665ba5a0 Skip also max-age from cookies 2013-06-17 14:04:08 -05:00
Meatballs 1637651bbb Revert multilang test 2013-06-15 17:48:32 +01:00
Meatballs 62e335dab2 Resolve conflict 2013-06-15 17:40:37 +01:00
Meatballs fc7d151273 Add multilang syscheck 2013-06-15 17:39:01 +01:00
jvazquez-r7 f5b00512e0 Fix sap ni proxy, hopefully 2013-06-13 17:15:48 -05:00
Brandon Perry 3cb851e4e0 Merge remote-tracking branch 'todb-r7/fix-msftidy-1944' into csharp_payload 2013-06-12 17:29:00 -05:00
Brandon Perry 0f06e9b08c Merge branch 'master' of https://github.com/rapid7/metasploit-framework into csharp_payload 2013-06-12 17:27:55 -05:00
Tod Beardsley 9c75d821d1 Fix up msftidy warnings on rex/text.rb 2013-06-12 11:17:58 -05:00
Brandon Perry d0e1e4df0a This commit adds support for C# byte arrays for the assembly payloads. 2013-06-11 19:27:06 -05:00
James Lee af613ee254 Add a more readable #inspect 2013-06-11 15:22:49 -05:00
sinn3r 937d7fb762 Landing #1835 - Fix a backwards disasm bug which stomps on the depth opt 2013-05-31 16:28:49 -05:00
sinn3r df2140ea59 Add back the tmp include check according to bannedit's feedback 2013-05-31 16:26:52 -05:00
sinn3r dacc73a60f Improve readability based on Egypt's feedback 2013-05-31 16:24:27 -05:00
Tod Beardsley 14c4dbcf8c Also remove *.ts.rb files
On the heels of #1862, this gets rid of the "test suites" that bound
together all the old unit tests.
2013-05-28 17:05:44 -05:00
Samuel Huckins e20385dd9e Merge pull request #1864 from dmaloney-r7/feature/task_associations/cred_service_host
Passes specs and functional tests
2013-05-28 12:11:57 -07:00
James Lee 9843dc4cb4 Land #1708, android meterpreter
Conflicts:
	data/meterpreter/ext_server_stdapi.jar
2013-05-28 12:19:45 -05:00
David Maloney 0f21861921 Add task handling to imports
allow imports to carry along task info

[Story #49167601]
2013-05-23 13:33:19 -05:00
Tod Beardsley 05916c079e Inline unit tests are so last decade
Aside from codebase-wide changes, nearly all of these tests haven't been
touched since before 2010, and there is no effort to maintain this style
of testing. We've moved on to (correctly) seperating out our tests from
our codebase.
2013-05-23 12:41:14 -05:00
James Lee f4498c3916 Remove $Id tags
Also adds binary coding magic comment to a few files
2013-05-20 16:21:03 -05:00
bannedit 031bb2eb0b Fix a backwards disasm bug which stomps on the depth option 2013-05-15 22:08:50 -04:00
James Lee 61afe1449e Landing #1275, bash cmdstager
Conflicts:
	lib/rex/exploitation/cmdstager.rb

Conflict was just the $Id$ tag, which is no longer used anyway.
2013-05-15 10:44:05 -05:00
Joshua J. Drake c71b57764e Add a Python buffer formatter and update msfpayload to enable using it 2013-05-13 20:41:15 -05:00
Meatballs 7fb092c58c Initial commit 2013-05-02 22:08:19 +01:00
Tasos Laskos 6bf19c6fb8 HTTP::ClientRequest: Should handle nils in params
When hashes for params contain nils, they should be converted to empty
strings instead of crashing.

* #to_s: Calls #to_s on vars_get and vars_post data
* #set_encode_uri: Calls #to_s on its arg
2013-04-30 22:01:00 +03:00
Meatballs 293c847a32 Fix table.print 2013-04-29 22:02:41 -05:00
Meatballs 69dead8c8f Tidier 2013-04-29 23:17:11 +01:00
Meatballs 36ef2cb5a1 x86 warning for mimikatz 2013-04-29 23:14:32 +01:00
Meatballs 02788f71d9 Fix table.print 2013-04-29 22:37:02 +01:00
James Lee d53d6370b3 Land #1747, mimikatz meterpreter extension
[Closes #1747]

See rapid7/meterpreter#9
2013-04-29 14:45:07 -05:00
sinn3r 1d9a695d2b Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238)
[Closes #1772]
2013-04-28 12:17:16 -05:00
Meatballs bbd53a2dbd Add domain to get_cookies 2013-04-26 20:34:21 +01:00
Meatballs b25b9e769c Msftidy 2013-04-26 20:30:04 +01:00
Meatballs 1f2cab7aef Tidyup and getcookies 2013-04-26 20:26:04 +01:00
Meatballs 9ad19ed2bf Final tidyup 2013-04-26 15:41:28 +01:00
Meatballs c7ac647e4e Initial attempt lfi 2013-04-26 14:32:18 +01:00
Meatballs d8430c83cf Add simple rspec 2013-04-26 00:47:00 +01:00
Meatballs 668dd78587 Msftidy 2013-04-26 00:21:31 +01:00
Meatballs e2bf4882f0 Add domain join parse 2013-04-26 00:20:10 +01:00
Meatballs 235887ccb5 Finished 2013-04-25 23:25:05 +01:00
James Lee 93bddd9041 Improved docs and partial specs for Rex::Text
Conflicts:
	lib/msf/core/modules/loader/base.rb
	lib/rex/poly/block.rb
	lib/rex/text.rb
2013-04-23 17:24:03 -05:00
Meatballs fab1781812 Refactored to send custom commands 2013-04-22 10:04:38 +01:00
Meatballs 6656514616 Msftidy 2013-04-21 14:34:47 +01:00
Meatballs fc621e8d7e Parse ssp correctly 2013-04-21 10:55:01 +01:00
Meatballs 83fbc3e46f Small fix and attribution to gentilkiwi 2013-04-21 00:36:43 +01:00
Meatballs cec737d399 tidy and table header 2013-04-20 18:05:47 +01:00
Meatballs b219a23f00 Refactoring 2013-04-20 18:00:46 +01:00
Meatballs 20849714ac Add all methods 2013-04-20 17:27:32 +01:00
Meatballs ddaa09edad Added msv 2013-04-20 16:31:45 +01:00
Meatballs 83578dec68 Getprivs by default 2013-04-20 14:59:07 +01:00
Meatballs a23d7bb66f Add client UI and parse results 2013-04-20 12:20:38 +01:00
Meatballs 5fa81942db Initial comms 2013-04-19 22:19:50 +01:00
Tod Beardsley 4d21c7dff5 Landing #1727, adding @jlee-r7's new fingerprints 2013-04-15 13:49:59 -05:00
Meatballs 67791c12a5 Small tidy 2013-04-14 11:18:45 +01:00
Meatballs 26479bbe82 Fixup resolve_host 2013-04-14 10:58:51 +01:00
Meatballs 6a7fc70274 Remove length stuff 2013-04-14 10:54:19 +01:00
Meatballs 6bca2b305f Typo 2013-04-14 10:44:00 +01:00
Meatballs 849b42ffb9 Further tidy 2013-04-14 10:42:15 +01:00
Meatballs 4b4f77eb0f Finalize 2013-04-14 10:32:56 +01:00
timwr 32bd812bdb android meterpreter 2013-04-12 18:57:04 +01:00
James Lee 2c8ec656ca Typo 2013-04-11 22:36:08 -05:00
James Lee 7df80c7aac Add a couple new IE fingerprints to osdetect.js 2013-04-11 22:29:02 -05:00
RageLtMan 1e93ae65e3 fix typo in parameters 2013-04-11 19:12:32 -04:00
RageLtMan 5ac18e9156 commant update 2013-04-11 19:11:25 -04:00
RageLtMan 6eb33ae5ed Rex::Socket::SslTcp set cipher and verify_mode
Update Rex::Socket::SslTcp to accept verification mode string from
Rex::Socket::Parameters, which has been modified accordingly.
Add SSLVerifyMode and SSLCipher options (params and socket work
were done before, but the option was not exposed) to
Msf::Exploit::Tcp.

Testing:
```
>> sock = Rex::Socket::Tcp.create('PeerHost'=>'10.1.1.1','PeerPort'
=>443,'SSL' => true, 'SSLVerifyMode' => 'NONE')
>> sock.sslctx.verify_mode
=> 0
>> sock.close
=> nil
>> sock = Rex::Socket::Tcp.create('PeerHost'=>'10.1.1.1','PeerPort'
=>443,'SSL' => true, 'SSLVerifyMode' => 'PEER')
=> #<Socket:fd 13>
>> sock.sslctx.verify_mode
=> 1
```

Note: this should be able to resolve the recent SSL socket hackery
of exploit/linux/misc/nagios_nrpe_arguments.
2013-04-11 18:00:33 -04:00
James Lee 6a0b240d10 Add some better docs for Rex::Socket 2013-04-10 12:41:41 -05:00
Meatballs e4ff7a2f2c Address egypt's feedback 2013-04-09 21:15:04 +01:00
Meatballs 3660ad8c0a Initial attempt 2013-04-07 23:03:43 +01:00
Meatballs d94360c451 Merge remote branch 'upstream/master' into enum_ad_perf 2013-04-07 14:29:45 +01:00
James Lee 067140643e Landing #1579, meterpreter mv
See rapid7/meterpreter/#6
2013-04-04 23:42:31 -05:00
James Lee ad46b46684 Landing #1463, Meatballs' cdecl fixes 2013-04-04 22:58:59 -05:00
Luke Imhoff 47842aa6a2 Fix 'Output is not a module'
[#46491831]

I missed that Rex::Ui::Text::Output was a class and not a module, so
starting up prosvc fell over when it loaded
rex/ui/text/output/buffer/stdout, which also would screw up
msf/ui/console/command_dispatcher/core.rb where I original added
Rex::Ui::Text::Output::Buffer::Stdout.
2013-04-01 20:16:28 -05:00
Luke Imhoff 2317e9cced Fix yard tag warnings
[#46491831]
2013-03-30 17:13:12 -05:00
Luke Imhoff 7ed2812ec3 Fix Cannot resolve link YARD warnings
[#46491831]
2013-03-30 16:58:49 -05:00
Luke Imhoff bc4b87ebd9 Fix Undocumentable method defined on object instance YARD warnings
[#46491831]

Change code to use format that YARD can document without changing
semantics.
2013-03-30 16:05:12 -05:00
Luke Imhoff c210260845 Fix Undocumentable method, missing name YARD warning
[#46491831]

Comments at the start of the file with ## caused YARD to think the
comment was documenting the require call.  By removing the ##, the
warning disappeared.  I did not determine what is special about ## in
file comments.
2013-03-30 15:32:38 -05:00
RageLtMan 0adb30c87a whitespace cleanup 2013-03-28 04:11:52 -04:00
RageLtMan ed3b1cecd4 Rex::Text::Ui::Table.new[find_by_colnames]
Add :[] to ...Ui::Table allowing user to pass multiple colnames.
Returns a new table with only those columns and their rows.

Useful when using Rex to filter output, prep CSV, etc.

Testing:
```
t = Rex::Ui::Text::Table.new('Columns' => ['a','b','c'])
t << ['x','y','z']
t << ['p','q','r']
t['a','c']

=> a  c
-  -
p  r
x  z
```
2013-03-28 04:02:31 -04:00
Tod Beardsley 91e3f4cca6 Merge 'kernelsmith/msfconsole-grep'
Resolved a conflict between grep and go_pro (go_pro was added after
grep). Adds @kernelsmith's grep command. Josh is determined to have
msfconsole be his default shell, it seems.

[Closes #1320]

Conflicts:
	lib/msf/ui/console/command_dispatcher/core.rb
2013-03-18 14:39:45 -05:00
RageLtMan d399093d80 Add Framework side of stdapi.fs.file.mv
Add the appropriate methods to Rex side of the FS extension and
the commensurate command dispatcher.

Requires https://github.com/rapid7/meterpreter/pull/6 from the
meterpreter repo as well as compiling fresh DLL for
ext_server_stdapi.
2013-03-12 02:06:38 -04:00
Spencer McIntyre bf54b582c9 Condense the decoder commands 2013-03-08 16:29:03 -05:00
Spencer McIntyre 8b5a83c7f5 Remove the DECODER option 2013-03-08 15:25:16 -05:00
Spencer McIntyre aceba9fc8a Revert "escape ticks and spaces in paths"
This reverts commit 4c87b1ba36.
2013-03-08 14:37:28 -05:00
James Lee 0a9b00e24c Apparently missed part of mubix's original changes
Used by auxiliary/admin/smb/list_directory
2013-03-07 21:20:46 -06:00
James Lee c3fa62cd59 Whitespace at EOL 2013-03-07 18:16:57 -06:00
Meatballs df3361df50 Merge branch 'master' into wds_scanner_repull 2013-03-07 20:09:44 +00:00
James Lee f05431791f Merge branch 'dmaloney-r7-feature/ssl/add_cipher_support' into rapid7 2013-03-07 12:54:39 -06:00
James Lee 27f43d3d1c Param name goes before type 2013-03-07 12:50:43 -06:00
James Lee c41bfa9141 Whitespace 2013-03-07 12:45:01 -06:00
David Maloney 06443ea4d0 yarddoc cleanup 2013-03-07 11:52:58 -06:00
David Maloney 007b26d918 dry up enumerators 2013-03-07 11:35:34 -06:00
David Maloney 7332d31523 fix some style things for egypt 2013-03-07 11:11:48 -06:00
James Lee 24c0da0adb Merge branch 'rapid7' into doc/cleanup-peparsey 2013-03-05 21:00:26 -06:00
James Lee 27727df415 Merge branch 'R3dy-psexec-mixin2' into rapid7 2013-03-05 14:36:55 -06:00
James Lee 3acccd71f7 Whitespace and doc fix 2013-03-05 14:35:27 -06:00
James Lee a64edb33c4 Make code sections look right in docs 2013-03-05 14:34:11 -06:00
David Maloney 6eb334c925 a little more coverage 2013-03-05 00:01:09 -06:00
David Maloney d909c00036 better spec coverage 2013-03-04 23:43:18 -06:00
David Maloney 3bb1b2b368 attempt to deal with specs 2013-03-04 19:25:20 -06:00
David Maloney c121a4e9dc Some more minor touchups 2013-03-04 18:42:08 -06:00
David Maloney 8b6b2fbce9 bad error handling fixed 2013-03-04 18:33:03 -06:00
David Maloney dc7c02e9e8 still trying to get around this sslv2 thing 2013-03-04 18:18:01 -06:00
David Maloney 246977e0cf Address openssl sslv2 issues
Debian/Ubuntu ship openssl without sslv2 compiled in.
we now check for this ahead of time
2013-03-04 17:39:28 -06:00
David Maloney 12201c519a make sure we close sockets 2013-03-04 16:34:29 -06:00
David Maloney 13ad5cf150 Merge branch 'master' into feature/ssl/add_cipher_support 2013-03-04 15:07:32 -06:00
David Maloney 6dcca7df78 Remove duplicated header issues
Headers were getting duped back into client config, causing invalid
requests to be sent out
2013-03-04 11:24:26 -06:00
David Maloney 6d811ce4b9 empty passwords should be allowed 2013-03-04 09:09:11 -06:00
David Maloney 4212c36566 Fix up basic auth madness 2013-03-01 11:59:02 -06:00
David Maloney 902948e5d3 cleanup options 2013-03-01 11:01:00 -06:00
James Lee 5a79fcd11e Ensure we build only one Authorization header
Also fixes an issue where Host headers were generated with nil by
preferring the vhost from Client instead of the default nil from
ClientRequest.
2013-02-28 13:47:30 -06:00
James Lee 425c245771 Axe set_cgi in favor of set_uri
They were identical except for a couple of extra bugs in set_cgi.

Also changes ```split("/")``` to ```split("/", -1)```, which behaves
correctly when the input has a seperator at the beginning or end.
2013-02-27 19:13:05 -06:00
James Lee b0745b090a Msf HTTP uses this directly, can't axe it 2013-02-27 17:54:31 -06:00
James Lee 4edd46216f Refactor config -> opts
Puts all the evasion stuff in the same place as regular HTTP options to
make it easier to deal with.
2013-02-27 17:29:26 -06:00
James Lee d5ae54cbb6 More accurate docs 2013-02-27 16:27:37 -06:00
James Lee d3b3587660 Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-27 14:01:57 -06:00
sinn3r 4085fa73c5 Merge branch 'stephenfewer-master' 2013-02-27 11:13:10 -06:00
James Lee 7a7dd8975f Hmm, turns out something actually used that
Despite comments to the contrary
2013-02-26 18:16:54 -06:00
James Lee 29df20996e Move most of the configuration into ClientRequest
Also fixes in-place modification of the query string which resulted in
duplication of the GET parameters when calling #to_s more than once.
2013-02-26 17:38:09 -06:00
David Maloney f16cec552a increase timeout with new checks 2013-02-26 14:27:04 -06:00
David Maloney 2ec2489f52 Test for general ssl before testing ciphers 2013-02-26 14:26:14 -06:00
James Lee 579c11bc69 Set reasonable defaults for more things
All current tests are passing now
2013-02-26 14:25:46 -06:00
James Lee d7de3b75a4 Format Authorization header like others
Also sorts the set_*_header methods
2013-02-26 14:18:20 -06:00
James Lee c206ac4998 Set some reasonable defaults
Fixes a number of nil deref issues
2013-02-26 14:15:51 -06:00
David Maloney 1cb2717fe7 fix weak and strong cipher enumerators 2013-02-26 14:13:17 -06:00
James Lee d463460da7 Default cgi to true when not given 2013-02-26 13:33:54 -06:00
James Lee 764bbbb8e5 Whitespace 2013-02-26 13:33:19 -06:00
James Lee 5e0161d3f7 Reflect new ClientRequst in docs 2013-02-26 13:31:24 -06:00
David Maloney 1869cb5f8d fix timeout
20 seconds is way too long for jsut opening a socket
2013-02-26 13:20:16 -06:00
James Lee 5ac20e1b02 Merge branch 'feature/http/authv2' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/http/authv2
Conflicts:
	lib/rex/proto/http/client.rb
2013-02-26 12:08:00 -06:00
David Maloney c104fa6d97 Add spec and a few fixes for set_uri 2013-02-26 11:01:16 -06:00
David Maloney d9627151c0 Add socket context option
Add the option for a socket context so pivoting will work
2013-02-25 15:01:42 -06:00
James Lee 1ce86b7adb Whitespace 2013-02-25 14:29:10 -06:00
James Lee e41922853e Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-25 14:15:22 -06:00
HD Moore 8e8fecd208 Prefer String#encode over Iconv for Ruby 2.0 compat 2013-02-24 13:10:16 -06:00
James Lee fc07bf16e7 Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-22 15:41:49 -06:00
David Maloney d15e202f19 Add some YARD docs 2013-02-20 18:47:20 -06:00
David Maloney 8d2233bbdd first minor cleanup 2013-02-20 15:33:24 -06:00
David Maloney accd620843 Clean up pry 2013-02-19 23:50:30 -06:00
David Maloney b2563dd6c2 trying to clean up the mess from the revert 2013-02-19 21:25:37 -06:00
David Maloney dac1147473 merge client config into opts 2013-02-19 19:41:42 -06:00
David Maloney de4234f0ad Some more YARD docs 2013-02-19 18:48:03 -06:00
David Maloney a4905e43a2 Fix the way creds are passed + YARD
some ayrddocs on send_auth plus fix the wierd way i was passing creds
around
2013-02-19 18:40:39 -06:00
David Maloney 0662677a72 First minor cleanup sweep 2013-02-19 17:19:16 -06:00
James Lee 867ab2f269 Whitespace 2013-02-18 19:01:03 -06:00
corelanc0d3r 0d4a6c6a04 support for searchforward option in egghunter 2013-02-18 12:45:49 +01:00
David Maloney d23ca8f599 Merge branch 'master' into feature/http/authv2
Conflicts:
	lib/rex/proto/http/client.rb
2013-02-17 22:58:23 -06:00
David Maloney 87d9af585e fix request_raw 2013-02-17 21:35:19 -06:00
David Maloney dd26b08197 first run at Clientrequest object
need a reliable object class for request_raw and request_cgi so that we
can manipulate requests in a safe and sane manner. It is not a eprfect
solution, but should fix what we need for the auth work.
2013-02-17 19:25:27 -06:00
James Lee a902480576 Break out subclasses into their own files 2013-02-17 06:57:35 -06:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
2013-02-11 20:49:55 -06:00
Meatballs cbbfa1765e Handling for 1000 limit 2013-02-11 23:27:03 +00:00
David Maloney adfd26eb2d Cleanup to_s output 2013-02-11 17:08:14 -06:00
jvazquez-r7 d4d41f36d4 Merge branch 'bug/basic_auth' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-bug/basic_auth 2013-02-11 21:16:35 +01:00
David Maloney f90fdcd5eb Missed nil check 2013-02-11 13:14:05 -06:00
David Maloney 0ccf7dd58a trust any manualy set basic auth header
for now we will assume the module author knows what they are doing.
2013-02-11 13:06:26 -06:00
sinn3r 6e9232bf72 Merge branch 'addr_hex_dump' of github.com:Meatballs1/metasploit-framework into Meatballs1-addr_hex_dump 2013-02-11 11:31:54 -06:00
David Maloney 84534caae1 Fix expliciti basic_auth for http 2013-02-11 10:32:44 -06:00
David Maloney 0f9b16d07f Scanner class finished, result needs more work
the result class needs a nice clean to_s method to print easily readable
output. mostly working now. a few more tweaks needed.
2013-02-09 19:06:17 -06:00
Meatballs acdd952eb2 Initial commit 2013-02-09 21:50:12 +00:00
David Maloney c25d4b4863 Test Cipher method underway
Trying to get a clever test plan under way to actually test the network
side of this. Not quite working yet
2013-02-09 01:07:56 -06:00
David Maloney ebb0f166ca Accept propper formats for SSL version
we were only accepting sloppy string values and not accepting input of
the actual symbols that OpenSSL expects in the first place. Allow the
user to enter it right themselves to be compat with OpenSSL
2013-02-09 00:40:58 -06:00
David Maloney 38d0a244fd Beginings of the actual scanner
configuration and configuration validation in place with tests.
2013-02-09 00:03:58 -06:00
Meatballs 595cace025 Fixup wldap32 mistakes 2013-02-08 22:25:07 +00:00
Meatballs a980419285 msftidy 2013-02-08 21:02:37 +00:00
Meatballs a6fea39583 Change to wldap to allow cdecl 2013-02-08 21:01:22 +00:00
Meatballs a9bf09aa06 Add calling conv to railgun 2013-02-08 19:26:33 +00:00
David Maloney 3295157f78 More support for various checks 2013-02-08 13:25:49 -06:00
James Lee 5b3b0a8b6d Merge branch 'dmaloney-r7-http/auth_methods' into rapid7 2013-02-08 12:45:35 -06:00
David Maloney dfc7ce9381 fix stupid datat structure
also supports a boolean value for whether the cipher is weak or not
2013-02-08 11:33:36 -06:00
James Lee 071df7241b Merge branch 'rapid7' into sonicwall_gms
Conflicts:
	modules/exploits/multi/http/sonicwall_gms_upload.rb

Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
2013-02-07 21:53:49 -06:00
James Lee bf28be7cff Fix some comments that yard parsed incorrectly 2013-02-07 18:36:04 -06:00
David Maloney 5c9f946927 empty shells for the scanner and its specs 2013-02-07 16:16:41 -06:00
David Maloney 096360261e De-dup cipher results 2013-02-07 16:09:47 -06:00
David Maloney 4e87bf4ab3 Add enumeration and support options
i lied, there's more. Adds two enumerators and methods to check for
specific ssl version support as well as a quick method to tell if the
server supports ssl at all.
2013-02-07 15:51:07 -06:00
David Maloney 10e017ae73 finish up the SSLScan::Result class
finishes up result class for SSLScan , compelte with tests
2013-02-07 14:56:26 -06:00
David Maloney 7036365e04 Start adding sslscan results object
Building out the result object for the SSlScan
2013-02-07 12:42:18 -06:00
James Lee a15889305a Return a Request object
Still changes the return type, but now at least .to_s will give you the
right thing and at least a Request object is a logical thing to return.
2013-02-06 18:56:06 -06:00
David Maloney ebd03ccceb Allow user to set ssl cipher
Rex::Socket::Tcp now allows the user to specify a cipher or ciphers to
try and use for the ssl connection in addition to the version.
2013-02-06 16:57:47 -06:00
David Maloney 888bb80ab6 more comments 2013-02-05 11:55:12 -06:00
David Maloney 16b4fb1faa Added some comment documentation 2013-02-05 10:36:51 -06:00
David Maloney 463a45ccaf if we don't support the auth return original res
make sure we return the original 401 if we don't support the auth.
2013-02-05 09:57:33 -06:00
David Maloney af6b0615fb fix pipelining
winrm is unforgiving of pipelining from non ntlm requests into the
challenge response cycle. we must clear our initial tcp session before
starting ntlm auth for winrm
2013-02-04 16:42:24 -06:00
David Maloney 9b84e5b3c4 Fix raw requests to work as well as cgi 2013-02-04 13:59:58 -06:00
David Maloney 9497e38ef7 Fix http login scanner
Fix the http_login scanner to use new buitin auth
2013-02-04 12:31:19 -06:00
David Maloney 8d817dcbb5 fix iis digest support mistake
Digest auth working automatically
2013-02-01 15:49:18 -06:00
David Maloney 6c12fa26bc oodles of small fixes
Basic, NTLM and Negotiate auth all working transparently
Have to test digest auth still
2013-02-01 15:12:11 -06:00
David Maloney 61969d575b remove mixin require, more datastore clenaup 2013-02-01 15:12:11 -06:00
David Maloney efe0947286 Start fixing datastore options 2013-02-01 15:12:11 -06:00
David Maloney ef1fc58e5e Remove mixin, start moving into Rex
move auth awareness into rex itself
2013-02-01 15:12:11 -06:00
Meatballs 739204b86d Build upon A.Maloteaux's SMB fixes 2013-01-31 20:17:25 +00:00
Meatballs 1e60817ec9 Remember the SMB Changes 2013-01-31 20:07:48 +00:00
Meatballs 70167ac667 Repull 2013-01-31 19:53:37 +00:00
jvazquez-r7 1e1cbd7445 Merge branch 'wldap32_railgun' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-wldap32_railgun 2013-01-30 21:01:31 +01:00
sinn3r fc833ea8df Catch exceptions and return value 2013-01-28 10:30:59 -06:00
rogueclown 169f91159e added 'from' PID to meterpreter migrate message 2013-01-27 21:18:49 -06:00
Rob Fuller 27aae87c18 Stop aggravating default show screenshot
A better fix would have it detect default browsers 
as being text only like lynx. But this has got to
go one way or another. Loosing shell because I forgot
to do -v false is wall punch worthy
2013-01-24 22:06:51 -05:00
HD Moore d6ed6cd5e4 Fix a stack overflow in bidirectional pipe 2013-01-22 00:27:03 -06:00
Meatballs1 567185ec65 Better cleanup and address comments 2013-01-20 00:19:17 +00:00
Meatballs1 4ee80e76bd msftidy wldap32 2013-01-19 23:15:20 +00:00
Tod Beardsley 9f42abdb95 Whitespace fixup 2013-01-18 15:44:52 -06:00
Tod Beardsley 0c3e7ee3e0 Merge remote-tracking branch 'Meatballs1/reboot_force2' 2013-01-18 15:01:51 -06:00
Tod Beardsley bfd58e9570 Add a comment doc for future parser writers 2013-01-18 14:59:41 -06:00
Tod Beardsley ef97b20cb7 Merge branch 'wds_unattend' 2013-01-18 14:42:00 -06:00
James Lee 4fd4af1f43 Fix typo that breaks record_mic command 2013-01-16 16:30:38 -06:00
kernelsmith 3210c5382e undo vestiges of attempt to add tab_complete nesting
return code to original state before I started editing
2013-01-16 00:49:54 -06:00
kernelsmith 3c44769bd8 attempt to add nested tab completion 2013-01-14 14:15:13 -06:00
sinn3r 90b0a7035b Recover the prompt again 2013-01-13 13:24:48 -06:00
Spencer McIntyre b178ce1895 allow the mixin to auto detect an available decoder binary 2013-01-12 17:31:11 -05:00
sinn3r 2f2a5c1d47 [FixRM: #2100] Rescue TerminateLineInput in irb
In irb, when you hit ^c, you will get an ugly backtrace. This
fix handles that exception.
2013-01-12 01:43:40 -06:00
sinn3r 4546d147d0 Merge branch 'master' of github.com:stephenfewer/metasploit-framework into stephenfewer-master 2013-01-11 01:43:45 -06:00
James Lee 19ff7f93ae Merge remote-tracking branch 'wchen-r7/encoder_fixes' into rapid7 2013-01-10 17:41:08 -06:00
James Lee 0f346dde9e Some whitespace and ruby -c fixes 2013-01-10 17:29:54 -06:00
James Lee ab64c428ab Merge remote-tracking branch 'kernelsmith/RM7676-migrate-h' into rapid7 2013-01-10 17:24:11 -06:00
James Lee d4854606f2 Cosmetic fixes
[FixRM #7223][See #1283]
2013-01-10 17:18:25 -06:00
sinn3r 192279544b BufferRegister should be validated.
If BufferRegister is in lower-case, then gen_decoder_prefix will
return nil.  When the return value is nil, other functions like
gen_decoder() will backtrace due to a "undefined method "+" for nil"
error.  Therefore, this input should NOT be case-sensitive.

Also, if for some reason the user supplies an invalid BufferRegister,
the function should be aware of that and warn the user about the
bad input.
2013-01-10 17:14:38 -06:00
James Lee afb12983ab Merge branch 'rapid7' into kernelsmith-msfconsole-suspend 2013-01-10 16:40:27 -06:00
kernelsmith e8c239dc81 changed TODO to @todo per egypt 2013-01-10 16:35:01 -06:00
kernelsmith b3266823ba Addressed egypt's comments
-changed the suspend/resume loop logic to reduce code duplication.
-fixed up some print_*'s to remove embedded \n's
-changed formatting on some error messages
-switched comment to a TODO:
-change host_processes.select (blah} to use .find instead
-adjusted code due to remvoal of the pids.dup, resulting in arr_pids
disappearing
2013-01-10 15:40:54 -06:00
kernelsmith b11f941387 cleaned up at validate_pids conversion, fixed YARD doc
in validate_pids no longer need dup as conversion to ints was cleaned
up to use map.  Which also improved readability and allowed adding uniq
and compact, thanks egypt.
YARD doc on cmd_suspend was incorrectly organized
2013-01-10 14:59:02 -06:00
Stephen Fewer 8e6e1bc164 open up the bloxor encoder. 2013-01-10 17:39:40 +00:00
Spencer McIntyre 4c87b1ba36 escape ticks and spaces in paths 2013-01-10 09:15:24 -05:00
kernelsmith 92e8def889 adds suspend to meterp and adds full pid validation
This fully fixes RM7223 and adds the suspend command to the meterpreter
interface.
Suspend allows you to suspend and resume running processes on the
targethost.  It was originally written as a post module (and the dll
version will be submitted as such later), but egypt suggested I add it
to meterpreter
2013-01-09 23:25:32 -06:00
HD Moore 4c1e501ed0 Exploit for CVE-2013-0156 and new ruby-platform modules 2013-01-09 23:10:13 -06:00
kernelsmith 4728a59189 fixes RM7676 migrate -h doesn't produce help
also adds YARD doc to cmd_migrate in collusion with egypt.
low threat change, but still tested on Win7-32 sp0, ruby 1.9.3-p125,
Framework Version: 4.6.0-dev just for kicks
2013-01-09 16:28:04 -06:00
kernelsmith 3b8914c270 skeleton & YARD doc for cmd_suspend added
functionality untested atm.
cmd_suspend_help also added
2013-01-09 15:34:04 -06:00
Spencer McIntyre 1a98393ffa fix for OSX and remove unnecessary lines 2013-01-09 10:10:56 -05:00
sinn3r be36c4ebef Some machines are sensitive about this. 2013-01-07 22:32:43 -06:00
sinn3r 1d3c1ec7fc Merge branch 'master' of github.com:CharlieEriksen/metasploit-framework into CharlieEriksen-master 2013-01-07 19:03:35 -06:00
James Lee a0e6c7043b Add actual cdata handler
Netsparker puts requests, responses, and info for vulns inside a cdata
(which makes sense because it's usually html snippets). This commit
handles that so report_web_vuln will actually be somewhat useful. Note
that the request is ignored by report_web_vuln despite there being a
place for it in the WebVuln model.

[SeeRM #7665]
2013-01-07 17:16:48 -06:00
James Lee 8bfca52941 Clear state for new vulns
[FixRM #7665]
2013-01-07 16:27:40 -06:00
James Lee 3f9c459545 Fix ArgumentError when importing netsparker xml 2013-01-07 12:21:08 -06:00
Charlie Eriksen 25cadf8b87 Adding exploit for CVE 2012-4915
Initial commit.

Major functionality working. A bit of polish is still needed in a few
spots to handle exceptions and such.
2013-01-05 14:21:02 +00:00
Meatballs1 04714893c8 Add force option to reboot command 2013-01-04 09:20:56 +00:00
Spencer McIntyre 3c039327c0 include the new mixin 2013-01-02 13:41:57 -05:00
Spencer McIntyre 7aed6e44e1 Initial commit of the Bourne shell command stager, nothing uses it yet. 2013-01-02 13:28:08 -05:00
Meatballs1 0b3143ff45 Fix railgun EOL 2012-12-30 16:32:15 +00:00
Tod Beardsley 8cd7c2783e Indentation fixes 2012-12-28 14:36:06 -06:00
Tod Beardsley 7a0a230e92 Put the coding: binary magic comment back 2012-12-28 14:16:56 -06:00
Tod Beardsley 4002759fcf Bring some sanity to the Array#packs 2012-12-28 14:16:08 -06:00
sinn3r e05b55f32d Add new functions 2012-12-28 03:48:35 -06:00
sinn3r 0344c568fd Merge branch 'smb_fixes' of git://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-smb_fixes 2012-12-18 11:38:14 -06:00
Meatballs1 378038afab Merge remote-tracking branch 'upstream/master' into wldap32_railgun 2012-12-17 17:23:43 +00:00
Meatballs1 6a92bd609a Tidying and refactoring 2012-12-17 15:29:04 +00:00
Meatballs1 b5fd3463d7 Initial working AD_LDAP lookup 2012-12-17 14:07:35 +00:00
Rob Fuller b3118afcbb Correct Railgun WriteProcessMemory var type
This is described here:
https://dev.metasploit.com/redmine/issues/7237

After change operates as expected.
2012-12-15 23:11:52 -05:00
Meatballs1 3127808f76 Revert/remove unnecessary files 2012-12-13 11:02:54 +00:00
Meatballs1 e60d10bd3d Repackage as single module pull 2012-12-13 09:40:36 +00:00
kernelsmith 11fec0bc07 adds rudimentary validity checking to pids for meterp kill
addresses redmine https://dev.metasploit.com/redmine/issues/7223, but
may not be a truly encompassing solution.  'good bandaid' as egypt put
it
2012-12-05 13:17:33 -06:00
Alexandre Maloteaux c0c3dff4e6 Several fixes for smb, mainly win 8 compatibility 2012-11-28 22:49:40 +01:00
nmonkee 937e49378c Syntax fix
Doh, missed one.
2012-11-22 09:57:08 +00:00
nmonkee 79c0507077 Fix syntax errors 2012-11-22 09:43:16 +00:00
nmonkee 088d20c5a9 Made requested changes 2012-11-22 09:28:50 +00:00
Meatballs1 e057467329 Initial attempt 2012-11-18 21:24:49 +00:00
Tasos Laskos c659b37c94 Updated indentation to use tabs 2012-11-16 23:11:48 +02:00
nmonkee f04dc587b6 made requested changes 2012-11-15 00:13:06 +00:00
Tasos Laskos 7032ef0f6f Merge remote-tracking branch 'upstream/master' into web-modules 2012-11-09 00:21:38 +02:00
nmonkee bdbf6ea9bb SAP NI Proxy Support (SAProuter) - see http://labs.mwrinfosecurity.com/blog/2012/09/13/sap-smashing-internet-windows 2012-11-06 21:16:32 +00:00
HD Moore 0d6acad1a0 Updates for PR #981 (cleanup) 2012-11-02 15:47:52 -05:00
HD Moore 0bf5f63d67 Merge branch 'master' into feature/addp-modules 2012-11-02 15:41:03 -05:00
HD Moore 52f0bca9be Merge branch 'master' into feature/addp-modules 2012-11-02 15:40:36 -05:00
Tasos Laskos 33502b52b0 Rex::Text.refine: removed redundant Array operations 2012-11-02 16:10:42 +02:00
Tasos Laskos 385d225305 Updated support for Web modules and analysis techniques (committing to new clean branch due to corruption) 2012-11-01 21:14:38 +02:00
jvazquez-r7 c27a4d5de2 Merge branch 'master' into bug/handle-100-continue 2012-10-31 18:56:33 +01:00
James Lee d0650dfb25 Put a bandaid over getsockname
Depending on how a socket was created, #getsockname will return either a
struct sockaddr as a String (the default ruby Socket behavior) or an
Array (the extend'd Rex::Socket::Tcp behavior). Avoid the ambiguity when
generating SSL certificates for meterpreter handlers by always picking a
random hostname.

This is by no means a proper fix for the underlying problem of
Socket#getsockname having ambiguous behavior before and after being
extended with Rex::Socket::Tcp. It does, however, solve the immediate
problem of not being able to create tunneled meterpreter sessions over
http(s) sessions.

[SeeRM #7350]
2012-10-29 22:45:46 -05:00
HD Moore 6ec392c4cf Add Rex::Text.sha1 and Rex::Text.sha1_raw 2012-10-28 23:49:21 -05:00
HD Moore adc9532ec7 Reset this back to master's copy, fixes this pull 2012-10-28 23:13:32 -05:00
HD Moore 3a42eb3f73 New modules and library for the ADDP protocol 2012-10-28 23:04:18 -05:00
HD Moore 43fe219a05 This improves handling of 100-continue responses 2012-10-28 22:57:18 -05:00
James Lee dafb56f6b6 Merge branch 'dmaloney-r7-findpids' into rapid7
[Closes #950]
2012-10-22 15:52:07 -05:00
James Lee 651f9b9c8f Use opts.usage instead of a Table 2012-10-22 15:16:55 -05:00
James Lee ffa4373242 Merge branch 'rapid7' into wchen-r7-print_warning
[Closes #899]
2012-10-19 13:49:32 -05:00
Meatballs e1a4ec2fcc Fix to SMB Client when using find_first on a directory with exactly 20 files. 2012-10-17 21:58:20 +01:00
James Lee 45a60b6bdd Clarify why we need to sleep.
[Closes #911][FixRM #7344]
2012-10-15 17:54:18 -05:00
Raphael Mudge f4b151f63d Detect and mitigate CPU starvation condition [SeeRM #7344] 2012-10-15 17:54:18 -05:00
sinn3r d36f642edc Add print_warning() 2012-10-12 21:48:15 -05:00
Tod Beardsley 95fef5d607 Merge remote branch 'dalton/master' 2012-10-08 08:28:23 -05:00
Rob Fuller b984d33996 add RunAs ask module 2012-10-06 00:51:44 -04:00
James Lee 9d4427270e Merge branch 'rapid7' into bug/active_support/dependencies-compatibility
[Closes #843]
2012-10-04 17:18:07 -05:00
Luke Imhoff df9db42c32 Fix module reloading
[#36737359]

The merging of reload_module and the various load_module methods
resulted in the module loading from disk, but because the Hash entry in
the module manager was not deleted before on_module_load was called, the
newly reloaded module was logged as an ambiguous module name instead of
a reload.  In order to report the reload errors correctly, I determined
that module_load_error_by_reference_name should really be
module_load_error_by_path.  I eliminated faild in favor of this new name
since failed was just calling the attribute and the attribute's name is
clearer about the format of the data.

Tested by run rexploit and then exiting over and over with
ms08_067_netapi.  When I messed up the file so it couldn't load, by
adding `inclde Exploit` (note mispelling of `include`), it reported the
error to msfconsole.  When I removed the bad line and added a puts
"RELOADING <n>", where I kept incrementing n and saving the file, the
new number appeared during each rexploit.
2012-10-04 16:32:12 -05:00
sinn3r 2a88aab209 set mode 2012-10-02 15:46:16 -05:00
sinn3r 6d815bce4e Haters gon hate, Windows' gotta be Windows. 2012-10-02 15:27:13 -05:00
sinn3r 8d6e858604 What open()? This open()! 2012-10-02 15:20:38 -05:00
sinn3r e141a84f6b Not having a newline at the end of the file is a crime 2012-10-02 15:19:12 -05:00
sinn3r ba1b65742e Separate XML for various DLLs. 2012-10-02 11:27:10 -05:00
sinn3r f2c7731b39 Add RopDb mixin 2012-10-01 17:09:01 -05:00
David Maloney 4511dead88 Fix up the ps help 2012-09-21 13:45:09 -05:00
David Maloney 5738d808ba Add a bunch of extra filter options 2012-09-21 13:27:16 -05:00
David Maloney 14c94e4f03 rolled changes into existing ps command
Some users requested this be added to the ps
command via a -S opt instead of creating a new command.
This limits the search to only one search parameter at a time
but with the ability to pass RegEx I think that's fine
2012-09-19 08:28:36 -05:00
David Maloney 4dbe7767ca Merge branch 'master' into findpids 2012-09-19 07:55:54 -05:00
sinn3r 1828857a63 Change conditions
When 'encod_params' is set to true explicitly, or does not have a
value, we make sure it's true. Otherwise, false.
2012-09-15 18:08:29 -05:00
sinn3r 0967d1bfc4 Allow modules to disable URI encoding for GET/POST variables
Often in HTTP modules, people are forced to to use 'data' instead
of 'vars_get' or 'vars_post', because the parameters (especially
the names) are URI-encoded, and the application actually may not
recognize the names/values.  The new 'encode_params' option allows
that feature to be disabled.  However, to make sure we're not
changing existing HTTP modules' behaviors, 'encode_params' is
still true by default (which is the original behavior we've always
been using).
2012-09-15 17:40:42 -05:00
David Maloney 71e57a6067 Moved help text into cmd_findpids_help 2012-09-12 08:26:31 -05:00
Adam Dalton 0b0af0a4f5 updating sleep to allow nil arguments 2012-09-11 11:20:03 -04:00
Tod Beardsley cf98f52036 Should resuce nil as well 2012-09-10 09:33:45 -05:00
RageLtMan 1facfcf6d9 remove commented old method 2012-09-10 09:33:45 -05:00
RageLtMan ef0f4d0acc Fix Meterpreter edit command file removal
fs.rb was originally attempting to call the "close" method on a
string holding the temporary path to the file being editted.
Replaced with ::File.delete(temp_path).
2012-09-10 09:33:45 -05:00
David Maloney 228a150379 Built in regex support to findpids 2012-09-06 11:54:28 -05:00
David Maloney f906aa3884 Adds a new findpids command to meterpreter
findpids calls client.sys.process.get_processes like ps
but then filters out any processes that do not match
one of the process names supplied as arguments to the command.
`findpids explorer.exe notepad.exe` will return all processes
named explorer.exe or notepad.exe Allows for quick searching for
the pid you want. ideal for migration
2012-09-06 11:33:57 -05:00
Tod Beardsley dc77b435a7 Remove trailing commas
Tend to cause problems in Ruby 1.8 anyway.
2012-08-31 11:00:37 -05:00
Tod Beardsley ce51761193 Fixes uictl's disappearance
utctl shouldn't check for stdapi_ui_disable_mouse or disable_keyboard
since neither exist.

Removed the check, tested both enable and disable on mouse and keyboard,
uictl seems to work as advertised now.

[FIXRM #7217]
2012-08-31 10:53:01 -05:00
James Lee e7dc8e5ac2 Add a File.open method for meterpreter
Same semantics as Ruby stdlib File.open - if you give it a block, yields
a new File object and closes it after the block, otherwise same as
File.new.

[FixRM #6481]
2012-08-29 16:19:03 -05:00
James Lee bbded154d9 Fix tab-completion on meterpreter run
[FixRM #7143]
2012-08-29 14:55:12 -05:00
m m c1ca9fea79 netstat and arp commands in win32/posix meterpreter 2012-08-28 17:02:37 -05:00
Tod Beardsley f6ca31d5db Merge branch 'rage-alex-oui' 2012-08-22 10:47:51 -05:00
Tod Beardsley b457289e01 Merge remote branch 'webstersprodigy/module-http-ntlmrelay' 2012-08-21 15:28:50 -05:00
RageLtMan 1d5af3d825 Alex' patch to Rex::Oui 2012-08-06 21:34:36 -04:00
Chris Lennert 4050633c18 Squashed commit of the following:
commit 665f3f5b993dfa48db817f6138ac356919af37fc
Author: Chris Lennert <calennert@gmail.com>
Date:   Wed Aug 1 19:44:14 2012 -0500

    Two corrections to NetGetJoinInformation args

[Closes #661]
2012-08-03 13:58:42 -06:00
HD Moore c25ebabce0 Fix up incompatibility with MaxDataSize (thanks @mubix) 2012-07-23 13:40:41 -05:00
webstersprodigy d56ccc69b9 Forgot to git add client.rb 2012-07-22 20:13:57 -04:00
Rob Fuller 70017511f5 Implement proto/smb/client find_next for find_files
Squashed commit of the following:

commit b5370b24d48a0b79d13cff465ef1fe53738754d0
Author: Rob Fuller <jd.mubix@gmail.com>
Date:   Sat Jul 21 01:52:31 2012 -0400

    add some documentation for smb client

commit 92438f515ef272337ce02b6deebb35f62a50f0a3
Author: Rob Fuller <jd.mubix@gmail.com>
Date:   Fri Jul 20 03:09:27 2012 -0400

    adds find_next to find_files

[Closes #627]
2012-07-21 00:03:19 -06:00
Rob Fuller df7af9df40 Fix an errant bitwise-and used as bool
Squashed commit of the following:

commit 748ab76d71422e5909dc29403fd24ceb025504b5
Author: Rob Fuller <jd.mubix@gmail.com>
Date:   Fri Jul 20 02:50:50 2012 -0400

    fixes dir/file check

[Closes #626]
2012-07-20 16:29:53 -06:00
HD Moore 9d16a1a472 Fix some SMB operations that dont like this value 2012-07-20 16:25:00 -05:00
James Lee e200f43183 Squashed commit of the following:
commit 1de16b41c8808df2919706eaa8cc89ae44d9b591
Author: m m <gaspmat@gmail.com>
Date:   Mon Jul 9 21:55:32 2012 +0200

    typo

commit a396b55018175f3eb2a83baecb1ec601cc99eef4
Author: m m <gaspmat@gmail.com>
Date:   Mon Jul 9 21:51:32 2012 +0200

    various posix meterpreter bugfixes

[Closes #584]
[FIXRM #7042]
2012-07-19 15:56:47 -06:00
James Lee 5110aad0f3 Add better docs on some File methods 2012-07-17 17:32:27 -06:00
James Lee c9ccb02aae Clean up rdoc 2012-07-17 17:32:27 -06:00
James Lee 62fe00866d Add comments about what the block is for 2012-07-17 16:09:17 -06:00
James Lee a1cfb32f93 Fix a typo that breaks post param padding
Corner case and doesn't really *break* things, just means you end up
with one big param instead of multiple due to missing ampersands.
2012-07-17 12:29:28 -06:00
sinn3r fbe0cb7471 Merge branch 'post_win_gather_creds_gpp_pass' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-post_win_gather_creds_gpp_pass 2012-07-17 08:28:19 -05:00
HD Moore 975d8004d3 Remove protected operator, not useful 2012-07-11 02:08:56 -05:00
webstersprodigy f50843e0b7 Adding http_ntlmrelay module 2012-07-09 22:56:24 -04:00
sinn3r b817070545 Merge branch 'mac_oui' of https://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-mac_oui 2012-07-09 20:14:25 -05:00
Alexandre Maloteaux e509c72574 better handle company name 2012-07-10 00:24:30 +01:00
Alexandre Maloteaux e949b8c2c8 mac_oui 2012-07-09 23:46:57 +01:00
HD Moore c8c3c0e3e4 Correct an issue with HTTP response header parsing 2012-07-09 10:22:12 -07:00
HD Moore a8266bd831 Fix up odd reference normalization cases 2012-07-08 11:25:32 -05:00
Meatballs1 bd2368d6ab Added specific details for each policy type to output table, modified REX:Ui:Table to prevent sorting when SortIndex == -1 2012-07-02 11:47:44 +01:00
HD Moore eb762b3653 Back out encoding change of empty string, done by comment 2012-06-29 01:07:58 -05:00
HD Moore d656e3185f Mark all libraries as defaulting to 8-bit strings 2012-06-29 00:18:28 -05:00
HD Moore c45b1037f1 Make sure entries are 8-bit 2012-06-28 23:31:26 -05:00
HD Moore a393f8d62d Apply the console ID if specified 2012-06-25 01:37:38 -05:00
HD Moore 19c18a3e4e Record the device_id correctly in the nexpose raw import 2012-06-25 01:23:16 -05:00
HD Moore 38cc6571de Merge branch 'master' into feature/vuln-info 2012-06-25 01:03:52 -05:00
HD Moore aa0c6d7036 Better IE 9/10 coverage 2012-06-25 01:03:34 -05:00
HD Moore faf5adadd9 Merge branch 'master' into feature/vuln-info 2012-06-25 00:42:02 -05:00
HD Moore 4bd9b0c94a Quick typo fix 2012-06-25 00:41:45 -05:00
HD Moore f7dca272b6 IE 10/Win8 detection support 2012-06-25 00:36:49 -05:00
HD Moore 1989f0ab46 IE 10/Win8 detection support 2012-06-25 00:36:04 -05:00
HD Moore a8f7ea901a Fix cache counters for vuln_attempts, tweak nexpose 2012-06-17 21:55:11 -05:00
HD Moore a892fce320 Indent only subsequent list items 2012-06-17 20:55:19 -05:00
HD Moore 9ceba4421a Bullet formatting rendered poorly, remove these and keep indents 2012-06-17 20:49:22 -05:00
HD Moore 39a77024e2 Parse solutions/descriptions into a slightly less ugly format 2012-06-17 19:27:25 -05:00
HD Moore be9b7a88fb Complicate the matching process in the name of memory
and loading speed. Use optional match_details param
to find matching vuln instances.
2012-06-17 00:07:00 -05:00
HD Moore 7d9d6f11e5 Comitting a copy of the "old" mode of loading,
still hoping to avoid having to do this due to
memory bloat and slowness.
2012-06-16 22:42:31 -05:00
HD Moore 8177783681 Merge branch 'master' into feature/vuln-info 2012-06-14 16:21:51 -05:00
Tod Beardsley bffb3571c2 Adding URL ref for db_autopwn deprecation message 2012-06-14 09:53:59 -05:00
James Lee 2683bb0ba7 Add deprecation warnings for old commands
This should hopefully cut down a bit on support requests from people
asking about old commands  they read about in _Metasploit: The
Penetration Tester's Guide_
2012-06-14 09:44:38 -05:00
HD Moore de45630092 Merge branch 'master' into feature/vuln-info 2012-06-12 15:36:16 -05:00
Jeff Jarmoc e820d23f73 Cleanup whitespace 2012-06-12 15:32:50 -05:00
HD Moore 6290bba71b Merge branch 'master' into feature/vuln-info 2012-06-12 12:41:41 -05:00
David Maloney fc0dc23752 Some handling around empty elements 2012-06-10 17:04:47 -05:00
David Maloney f9999a3033 Add FusiuonVM Importer
This adds a nokogiri stream parser for XML reports from
Critical Watch's FusionVM.
2012-06-10 16:38:28 -05:00
HD Moore e840f7e9ee Add additional host detail columns and parsers 2012-06-09 00:43:03 -05:00
HD Moore 376aaa410b Fix tag deuplication and reset after each vuln properly 2012-06-08 22:55:37 -05:00
HD Moore 49b3c9b0e8 More cleanup related to vuln schema 2012-06-07 04:42:16 -05:00
James Lee fb1bf0b356 Work around a bug in rubinius 2012-05-31 16:48:34 -06:00
HD Moore 03b65c6a48 Handle cases where a user-agent was set via headers 2012-05-31 14:59:25 -05:00
Brandon Perry e889d93924 missed @state[:bid] 2012-05-28 14:12:09 -05:00
Brandon Perry a3a308f74d fix tabs 2012-05-28 13:56:18 -05:00
Brandon Perry 820d5d2ec7 be a bit more defensive, check to make sur ethe data we think is there is there 2012-05-28 13:53:30 -05:00
James Lee 7c85a2796a Whitespace cleanup 2012-05-24 17:10:26 -06:00
James Lee e88501789c Make sure state is initialized
Fixes a stack trace when the xml has osmatch before osclass. Thanks Sean
Carolan for the report!
2012-05-24 10:43:30 -06:00
James Lee dc08bc337b Default to ethernet if the server doesn't specify
Still need to recompile sniffer, but this will fix the immediate problem
of stack traces and failing to save the pcap.
2012-05-23 10:06:30 -06:00
HD Moore 5cc98b7ded Import NSE script output as notes 2012-05-22 01:49:45 -05:00
James Lee d273a0e44b Check for the right method name
"stdapi_fs_rm" doesn't exist
2012-05-21 12:42:23 -06:00
James Lee 52183aa249 Unbreak the migrate command
The server is not returning the core_migrate command.  This is a bandaid
to make migrate work again until that gets sorted.
2012-05-18 10:25:29 -06:00
jlee-r7 fe7928c18d Merge pull request #390 from jlee-r7/consolidate-250-254-375
Consolidate #250, #254, #375
2012-05-16 17:07:33 -07:00
James Lee de22d76a40 Blank fields exist legitimately
The first process in Windows is usually [System Process] which has no
associated path, arch, or user, causing this code to skip all those
columns. Check for nil instead of blank to get around it. Need to
revisit this and make nonsense columns nil instead of an empty-string.
2012-05-16 17:47:31 -06:00
James Lee 5bd374e6e9 Refactor the processlist into its own class
*NOTE* Possible backwards compatibility issue! Changes get_processes
hash key from 'parentpid' to 'ppid'
2012-05-16 17:22:55 -06:00
James Lee 42719ab34b Squashed commit of the following:
commit 6a3ad1d887df9d277e4878de94f8700ed8e404f9
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 16:22:49 2012 -0600

    Add register_command calls for md5 and sha1

commit dbd52c5a1edfe1818a580d4d46aac0a9ca038e9c
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 16:22:09 2012 -0600

    Read the file instead of downloading it

commit 55b84ad8e2a8532b3f8520ccb1162169b8e9c056
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 15:27:11 2012 -0600

    Re-compile linux meterp to support the loadlib api

commit d112e84e490aa30aa9533fb0bdb33a9713ce01a5
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 14:50:25 2012 -0600

    Re-compile java meterp to support the loadlib api

commit c137187b346b708487245a849b95343223e4e7b0
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 14:44:10 2012 -0600

    Don't try to get interfaces if this session doesn't implement it

commit 88bba1e6c360c5725c4174623f56bcb6d8b54228
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 14:38:17 2012 -0600

    Remove debugging load

commit 02954cbf93e2a13da967780cb703103b3f83ecf4
Merge: d9ef256 88b35a3
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 12:06:53 2012 -0600

    Merge branch 'rapid7' into feature/4905

    Conflicts:
    	data/meterpreter/ext_server_stdapi.php
    	modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb

commit d9ef2569b88ae8bce67f13316f6eff76311fd846
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 2 18:06:06 2012 -0600

    PHP doesn't support rev2self

commit bf13ea0ff25541da07b8c099218e5ad7ea6ae8ba
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 18:21:59 2012 -0600

    Add php support for returning new extension commands

commit 7e35f2d671d3797fc3fab12e54015387f44b0b33
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 16:03:26 2012 -0600

    Reset CVE-2012-0507 back to master

    Purges commits unrelated to this branch.

commit 86a77b3cd017e1e3a3f23d9fba3b9ed173761f80
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 15:59:35 2012 -0600

    Revert "Make building the jar for cve-2012-0507 a bit easier"

    This reverts commit 27ef76522ad10436ec785728445ed2cc0657f85f.

    Conflicts:

    	external/source/exploits/CVE-2012-0507/Makefile
    	external/source/exploits/CVE-2012-0507/src/msf/x/PayloadX.java

commit 8c259fb779f736be16fe972215ddff1dd32fd0f3
Merge: fe2c273 1c03c2b
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 15:35:44 2012 -0600

    Merge branch 'rapid7' into feature/4905

    Conflicts:
    	data/meterpreter/ext_server_stdapi.jar
    	data/meterpreter/meterpreter.jar
    	external/source/meterpreter/java/src/meterpreter/com/metasploit/meterpreter/Meterpreter.java
    	modules/auxiliary/server/browser_autopwn.rb

commit fe2c273a6d840c67040d6c9e337f908204337e18
Merge: 8caff47 4e955e5
Author: James Lee <egypt@metasploit.com>
Date:   Fri Apr 6 10:19:53 2012 -0600

    Merge branch 'rapid7' into feature/4905

commit 8caff47d97469f1a5459c04461fd1098487ea514
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 17:51:18 2012 -0600

    Fix requires to find the test library

commit 51c33574cee3c47f0b2900c388d3d1213dd0a90d
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 17:48:35 2012 -0600

    Fix a load order problem with solaris post mods

commit 81b658362e5e6bdd215d18b53d14429d163aff72
Merge: adad2cf 6ef4257
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 15:43:19 2012 -0600

    Merge branch 'master' into feature/4905

commit 6ef42579471c6fde4bba71d0d4ce2c6c3e836180
Merge: 70ab8c0 5852455
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 15:16:56 2012 -0600

    Merge branch 'rapid7'

    Conflicts:
    	lib/rex/exploitation/javascriptosdetect.rb

commit adad2cf04c501c2a787e5475b62abd31871c06a0
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 20:20:21 2012 -0600

    Deal with null data/jar

    Not sure why "" turns into null sometimes, but it was breaking shells;
    this fixes it.

commit 4f8a437b490e2b2774f9efd23b4891eaf007cf16
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:10:59 2012 -0600

    Prev commit moved these to src/a

commit 27ef76522ad10436ec785728445ed2cc0657f85f
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:08:32 2012 -0600

    Make building the jar for cve-2012-0507 a bit easier

    Mostly stolen from cve-2008-5353

commit db3dbad0a5ff20b05758be073c3502138ff095c2
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 14:52:23 2012 -0600

    Fix incorrect option name

commit 776976af31795bdf1b405e208a2d4b78a6b6c2cf
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:36:20 2012 -0600

    Add bap support to java_rhino

commit a611ab16e06bd324d6616d0bd69f2c09d671bca0
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:35:16 2012 -0600

    Put next_exploit on the window object so it's always in scope

    Solves some issues with Chrome not running more than one exploit

commit 5114d35de7c2f234ac7fe4288b344d4f2bb9731f
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 14:31:53 2012 -0600

    Pull common stuff up out of the body

commit 748309465a029593e2fe2fd445149745367513f4
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:04:03 2012 -0600

    Fix indentation level

commit 954d485e3b8ffea9a7451bd495c1956a098e0eda
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:02:42 2012 -0600

    Abstract out copy-pasted methods

    Need to do the same thing for OSX, but it's a different implementation.

commit cba8d7c911fb184f6358948022fd4a0e010878d0
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 23 18:04:50 2012 -0600

    Linux doesn't implement (drop|steal)_token

commit 1cfda3a7b045c08ecfae1ad688e0124e76bd0c8f
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 23 17:57:37 2012 -0600

    Add availability checks for net, sys, ui, and webcam

commit 4bdf39a8bf4b5aab293fc47cb8282d0346db0811
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 23 16:45:59 2012 -0600

    add requirement checking for fs and core commands

commit 42e35971c9f7348b57293b2b94a42dd0260ac7e4
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 21 17:20:59 2012 -0600

    Add a to_octal method that converts e.g. "A" to \0101

commit c3b9415a0a9e2b55b1effbaf2396e11f88301aaa
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 21 17:20:07 2012 -0600

    Don't use "echo -n"

    It's not portable

commit b0f3ceccfaedbeaf67fbbe76f1a0a9aec7b44548
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 20 17:01:10 2012 -0600

    Return a list of new commands after core_loadlib, java version

    Thanks mihi for the patch and the awesome responsiveness!

commit d65303e1b6458bd4b95138dc0d61e5354c4e8d3a
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 20 13:21:06 2012 -0600

    Make sure we have a response before doing stuff with it

commit 721001ead474a17d1a16de543f78b548879f5e7e
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 21:25:31 2012 -0600

    Add missing rmdir and mkdir protocol commands to PHP

    Now passes all the stdapi tests that it can
    	[*] Session type is meterpreter and platform is php/php
    	[+] should return a user id
    	[+] should return a sysinfo Hash
    	[-] FAILED: should return network interfaces
    	[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_interfaces: Operation failed: 1
    	[-] FAILED: should have an interface that matches session_host
    	[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_interfaces: Operation failed: 1
    	[-] FAILED: should return network routes
    	[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_routes: Operation failed: 1
    	[+] should return the proper directory separator
    	[+] should return the current working directory
    	[+] should list files in the current directory
    	[+] should stat a directory
    	[+] should create and remove a dir
    	[+] should change directories
    	[+] should create and remove files
    	[+] should upload a file
    	[-] Passed: 10; Failed: 3

commit 024e99167a025f4678a707e1ee809a1524007d4d
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 15:26:00 2012 -0600

    Use a proper TLV type instead of a generic one

commit 1836d915cbe0bfd2f536a667e74d8d6a6ccee72a
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 15:24:25 2012 -0600

    Fix a counting error that caused segfaults (Linux)

commit 1e419d3fc392e435ae0af703561ce10bd5a45eb0
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 15:06:02 2012 -0600

    Return a list of new commands after core_loadlib

    Gets Windows back in sync with Linux

commit 3d3959f720de68e2f36ebfabe8196e01f98fe904
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 14:50:55 2012 -0600

    Refactor extensionList -> extension_commands

    It's not the same as extension_list.

commit a7acb638af803732fc5f3975e0c0632f427e0deb
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sun Mar 18 00:07:27 2012 -0500

    Massive whitespace cleanup

commit ef8b9fd5cea7db43860a5b88d7397ba84393ecd5
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 16:00:20 2012 -0500

    Add back enum_protections with some new changes

commit d778eec36953bb9bf4985e967ad2c119a1acd79b
Author: ohdae <bindshell@live.com>
Date:   Sat Mar 17 13:28:31 2012 -0400

    Added fix for enum_protections

commit 64611819d43bf13ab2d68f4353513c39e5a64fe0
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 03:14:26 2012 -0500

    A bunch of fixes

commit bb1a0205d73e75a61a8fbf5ff6440dd09f9780f9
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 00:28:05 2012 -0500

    The comments in get_chatlogs need an update

commit 666477e42a734f3120dcc4282b01b5ab5819384a
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 00:25:41 2012 -0500

    Correct license format

commit 3c8eecbcd7b952abaca0b1ce14dca41e1d4cabb7
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 00:22:03 2012 -0500

    Add enum_adium.rb post module

commit d290cf4fef1309df9a1af748e7c6c259a6788576
Author: ohdae <bindshell@live.com>
Date:   Fri Mar 16 16:54:36 2012 -0300

    Changed store_note to store_loot. Fixed local/remote file retrieval

commit ccb830b594ea0f0a8ce7c29b24f2f137ecfd5c4c
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 16 11:29:07 2012 -0600

    Fall back to MIB method if we can't get netmasks

    Misses IPv6 addresses, but at least doesn't break everything.

    [Fixes #6525]

commit a9a30232dd5fcc0854c10b4d58df8511a23f3091
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Fri Mar 16 11:49:31 2012 -0500

    This module is not ready, yanked.

commit 6bb34f7fd0785d31902f1edc938a6b05b91a1495
Author: Gregory Man <man.gregory@gmail.com>
Date:   Fri Mar 16 18:09:08 2012 +0200

    sockso_traversal 1.8 compatibility fix

commit e76965ce565a8ae634dc0d3c743542f1a6d977d7
Author: ohdae <bindshell@live.com>
Date:   Fri Mar 16 09:17:35 2012 -0400

    fix

commit 61ce7b587de54363f7071bc19df5a29eb29e9aa7
Author: ohdae <bindshell@live.com>
Date:   Fri Mar 16 09:14:48 2012 -0400

    saves each config to loot instead of notes

commit f4713974fa82d8b13017cb0817b5fd36696194d9
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 16 03:46:10 2012 -0600

    Check for a 0 prefix length

    If the OnLinkPrefixLength is 0, something is wrong, try the value in the
    prefix linked list.  Appears to fix v4 addresses on XP but not 2k3.

    [See #6525]

commit cde7fcc012e04880f2faa28226a1fc5834a2e3d5
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 16 01:46:41 2012 -0600

    Return network prefixes when available

    Solves #6525 on Vista+.  Win2k still works using the old MIB method
    (which doesn't support ipv6).  Win2k3 and XP are still busted for
    unknown reasons.

commit 98bd9a7bd09149f524ebbe1501ec916bf99b078d
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 22:59:42 2012 -0400

    Enumerate important and interesting configuration files

commit 9336df2ac28ee2df10a0e66e7006df3d23493492
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Thu Mar 15 19:06:48 2012 -0500

    More Virtualisation SSL fixes

commit f24c378281ee6c85f687d4823f09ef5848812daf
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Thu Mar 15 18:15:29 2012 -0500

    Default SSL to true for esx_fingerprint module

commit d6e14c42120df0fd16b79709ac5723d0e2818810
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 15:56:24 2012 -0500

    Fix typo

commit b24dcfe43e625740ec8a1465f33be02f7ec40162
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 15:55:54 2012 -0500

    Add sockso dir traversal

commit 033052c1e075fcf43e9c17e5ee4a5006247cb375
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 15 14:31:25 2012 -0600

    Fix syntax error in 1.8, thanks Jun Koi for the patch

commit 4529efaeaa22e52c9c7c1528c68efb60af8af729
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 14:27:40 2012 -0500

    enum_protections is now find_apps

commit 49e823802bd8f2cb1940545e74db04f3788352d1
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 14:22:23 2012 -0500

    File rename, as well as design and cosmetic changes

commit ccf6b011145cf9db444f7e2d3fb3ec61738e88cb
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 15:29:52 2012 -0300

    added report_note, removed store_loot function, cleaned up info/author

commit 27d571932e51afbac0c0fcd95c52f038786a9a28
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 12:18:29 2012 -0300

    fixed output newline issue

commit 5a828e35d1629dc68825fe7d9322d1316888f8d7
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 01:05:35 2012 -0300

    fixed save line

commit 805c2ee9871c076a8c0ac62b028a7942af70b6a5
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 01:02:07 2012 -0300

    removed unneeded comments

commit 5861e1512f2949c0d7848d9ebed8241277462085
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 01:00:55 2012 -0300

    fixed output issue

commit 593a3648111f1db1f56a410250539261c2a7cd9f
Author: ohdae <bindshell@live.com>
Date:   Wed Mar 14 18:26:53 2012 -0300

    removed unneeded dependency

commit 05053e6e74b0ac99bbd4005c40ecc3b1196fd13f
Author: ohdae <bindshell@live.com>
Date:   Wed Mar 14 13:30:16 2012 -0400

    locates installed 3rd part av, fws, etc

commit 5bf512d0e9d2b412c4107228db178a7078111443
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Wed Mar 14 16:50:54 2012 -0500

    Add OSVDB-79863 NetDecision Directory Traversal

commit 18715d0367f4ef01b5998d732043cbe224e1787e
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 23:03:01 2012 -0600

    Store the retrieved commands on the session

commit b752cb8b31fd8dcd221fb6caa483f6202bf5a4fd
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 22:45:16 2012 -0600

    Retrieve the list of new commands

    The client side doesn't do anything with them yet

commit 69ce8ef42d4089a0b26644bd4d6bebf57c4cfd50
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 22:41:16 2012 -0600

    Return a list of the new commands in response to core_loadlib

    Linux

commit 354c754aa4cce63ffebb4567f3bbfd621ffef46c
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 15:13:45 2012 -0600

    Whitespace at EOL

commit 4afcb4cb9da1921ede29b03b149433cc65d680da
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 14:30:09 2012 -0600

    Create instance methods that return extensions

    Before this change, meterpreter sessions would not #respond_to? their
    extensions despite having a pseudo-accessor for them:
    ```
    >> client.respond_to? :sys
    => false
    >> client.sys
    => #<Rex::Post::Meterpreter::ObjectAliases:0x0000000e263488 @aliases={"config"=>#<Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Config:0x0000000e268dc8 @client=#<Session:meterpreter 192.168.99.1:55882 (192.168.99.1) "uid=1000, gid=1000, euid=1000, egid=1000, suid=1000, sgid=1000 @ wpad">>, "process"=>#<Class:0x0000000e268d20>, "registry"=>#<Class:0x0000000e266da0>, "eventlog"=>#<Class:0x0000000e2654e8>, "power"=>#<Class:0x0000000e263c30>}>

    ```

    After:
    ```
    >> client.respond_to? :sys
    => true
    ```

commit 70ab8c018f67d15929b6f41322540837ab7b37c5
Merge: a8a3938 5f2bace
Author: James Lee <egypt@metasploit.com>
Date:   Tue Apr 3 11:46:25 2012 -0600

    Merge branch 'master' into bap-refactor

    Conflicts:
    	external/source/exploits/CVE-2012-0507/Help.java
    	external/source/exploits/CVE-2012-0507/Makefile
    	external/source/exploits/CVE-2012-0507/msf/x/Help.java
    	external/source/exploits/CVE-2012-0507/src/a/Exploit.java
    	external/source/exploits/CVE-2012-0507/src/a/Help.java

commit a8a393891588a8b5c18e3c2173f1cd9c2480b2d0
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 20:20:21 2012 -0600

    Deal with null data/jar

    Not sure why "" turns into null sometimes, but it was breaking shells;
    this fixes it.

commit 5e5eb39d3ccb62a9fc006be8241cfb97723caa06
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:10:59 2012 -0600

    Prev commit moved these to src/a

commit 5074eadbea426fc4f83d6d165a01e640ef42b4de
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:08:32 2012 -0600

    Make building the jar for cve-2012-0507 a bit easier

    Mostly stolen from cve-2008-5353

commit bdb3fbe7fd19aa76b4069edca5a78c53fec668c0
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 14:52:23 2012 -0600

    Fix incorrect option name

commit 78824ef60084510d3befe0ded6eed314d55eeb12
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 13:24:33 2012 -0600

    Add the detected browser version to the DOM

    Doing it this way lets modules grab the info a bit more easily.

commit 9813ccb8d6b14e0e728b8a13bacf59dd31b9c4b9
Merge: 0faa3f6 b5fc8e4
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 13:19:05 2012 -0600

    Merge branch 'master' into bap-refactor

commit 0faa3f65240c3a2b3ab0e72f4aeb2e9f50ed54ee
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:36:20 2012 -0600

    Add bap support to java_rhino

commit 66ca27f994e3b11c9c8adae85642820768158860
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:35:16 2012 -0600

    Put next_exploit on the window object so it's always in scope

    Solves some issues with Chrome not running more than one exploit

commit 7fc2ca1a0690c7a973307772aed42ab3514e1761
Merge: 325d306 e48c47e
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:10:54 2012 -0600

    Merge branch 'master' into bap-refactor

commit 325d3060599bc79674e93dd5f55a4e60061e9bdb
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 14:31:53 2012 -0600

    Pull common stuff up out of the body

commit 4f2b3260bf7f14f4d763625792adb0c3cfd1ed7c
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:04:03 2012 -0600

    Fix indentation level

commit 9b905c53b4d46beb86da8168a1c2c5b2da340f6d
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:02:42 2012 -0600

    Abstract out copy-pasted methods

    Need to do the same thing for OSX, but it's a different implementation.
2012-05-15 17:00:02 -06:00
MM 55bb7abc89 Squashed commit of the following:
commit 2027502c5c1364161854794529738344dddb5c50
Author: MM <gaspmat@gmail.com>
Date:   Thu Mar 22 18:12:07 2012 +0100

    link type must be signed, because dlt_to_linktype can return -1

commit 86027ea77d36d36e39070a54eb5caf3d3490e2e9
Author: MM <gaspmat@gmail.com>
Date:   Wed Mar 21 16:03:58 2012 +0100

    enable sniffing on any type of interface

commit df6eef12147a294d7f198d057c27e87ed4ffbeb3
Author: MM <gaspmat@gmail.com>
Date:   Tue Mar 20 18:01:50 2012 +0100

    ps support for linux meterpreter

[Closes #254]
2012-05-15 16:58:18 -06:00
MM 5d7190e8cb Squashed commit of the following:
commit df6eef12147a294d7f198d057c27e87ed4ffbeb3
Author: MM <gaspmat@gmail.com>
Date:   Tue Mar 20 18:01:50 2012 +0100

    ps support for linux meterpreter

[Closes #250]
2012-05-15 16:57:17 -06:00
James Lee 406661f620 Better object for FF6 2012-05-15 16:42:53 -06:00
James Lee 740c493be2 Add a Windows Mobile fingerprint 2012-05-15 16:29:17 -06:00
James Lee 4acb627d13 Add more detections for newer Firefox
Object detections are not extensively tested, but everything came from
the "Firefox for developers" series of documents from
developer.mozilla.org; thanks to Artur Szymczak for prompting this
update.

[Fixes #6860]
2012-05-15 14:58:18 -06:00
James Lee ee84195bdb Add fingerprint for latest Ubuntu build 2012-05-15 13:09:13 -06:00
Brandon Perry 1beaeb8e2f OpenVAS import functionality. See qa/sample_data for two openvas reports. 2012-05-14 18:40:08 -05:00
sinn3r 06b12bcd7d Merge pull request #385 from brandonprry/wapiti_report
Wapiti XML report import
2012-05-14 16:02:03 -07:00
root 99a5d1a7b5 fix :pname in the web_vuln_info hash to no include the parameter value 2012-05-13 14:43:02 -07:00
James Lee ecb106d714 throw is not the same as raise
Clearly this code never gets called.
2012-05-13 15:31:57 -06:00
root d5cec05cc3 fix tabs 2012-05-13 14:28:50 -07:00
root 253802761f Remove extraneous puts 2012-05-13 14:19:19 -07:00
root d0f49c1213 Finished! Importing wapiti now adds Mdm::WebVulns to the db.
However, I see no way to actually seeing the webvulns in framework
after importing the report.
2012-05-13 13:58:25 -07:00
Brandon Perry b0b72b05d5 Adding the beginning of the wapiti report import nokogiri document 2012-05-13 13:02:48 -05:00
Tod Beardsley 36c805c5ff Move the context setting to the module
Apparently you can't hit the framework object before running the module
any more. Bummer.

[Fixes #6843]
2012-05-10 21:21:32 -05:00
HD Moore bbca2c4649 Remove reference to missing dispatch_ninja 2012-05-01 10:31:18 -05:00
James Lee eedf4520be Merge branch 'rapid7' into bap-refactor 2012-04-17 16:20:11 -06:00
James Lee 57ecc29b31 Add a rand_guid method for generating GUIDs 2012-04-16 12:09:25 -06:00
Tod Beardsley 4bcbdc54c9 Cutting over rails3 to master.
This switches the Metasploit Framework to a Rails 3 backend. If you run
into new problems (especially around Active Record or your postgresql
gem) you should try first updating your Ruby installation to 1.9.3 and
use a more recent 'pg' gem.

If that fails, we'd love to see your bug report (just drop all the
detail you can into an issue on GitHub). In the meantime, you can
checkout the rails2 branch, which was branched from master immediately
before this cutover.

Squashed commit of the following:

commit 5802ec851580341c6717dfea529027c12678d35f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 23:30:12 2012 -0500

    Enable MSF_BUNDLE_GEMS mode by default (set to N/F/0 to disable)

commit 8102f98dce9eb0c73c4374e40dce09af7b51d060
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 23:30:03 2012 -0500

    Add a method to expand win32 file paths

commit bda6479d154cf75572dd5de8b66bfde661a55de9
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:53:44 2012 -0500

    Fix 1.8.x compatibility

commit 101ce4eb17bfdf755ef8c0a5198174668b6cd6fd
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:40:59 2012 -0500

    Use verbose instead of stringio

commit 5db467ffb593488285576d183b1662093e454b3e
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:30:06 2012 -0500

    Hide the iconv warning, were stuck with it due to EBCDIC support

commit 63b9cb20eb6a61daf4effb4c8d2761c16ff0c4e0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:29:58 2012 -0500

    Dont use GEM_HOME by default

commit ca49271c22c314a4465fff934334df18c704cbc0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:23:34 2012 -0500

    Move Gemfile to root (there be dragons, lets find them) and catch failed bundler loads

commit 34af04076a068e9f60c5526045ddbba5fca359fd
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:18:29 2012 -0500

    Fallback to bundler when not running inside of a installer env

commit ed1066a4f3f12fae7d4afc03eb1ab70ffe2f9cf3
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 16:26:55 2012 -0500

    Remove a mess of gems that were not actually required

commit 21290a73926809e9049a59359449168f740d13d2
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:59:10 2012 -0500

    Hack around a gem() call that is well-intentioned but an obstacle in this case

commit 8e414a8bfab9641c81088d22f73033be5b37a700
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 15:06:08 2012 -0500

    Ruby, come on. Ducktype this. Please.

    Use interpolated strings to get the to_s behavior you don't get with
    just plussing.

commit 0fa92c58750f8f84edbecfaab72cd2da5062743f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:05:42 2012 -0500

    Add new eventmachine/thin gems

commit 819d5e7d45e0a16741d3852df3ed110b4d7abc44
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:01:18 2012 -0500

    Purge (reimport in a second)

commit ea6f3f6c434537ca15b6c6674e31081e27ce7f86
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:54:42 2012 -0500

    Cleanup uncessary .so files (ext vs lib)

commit d219330a3cc563e9da9f01fade016c9ed8cda21c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:53:02 2012 -0500

    PG gems built against the older installation environment

commit d6e590cfa331ae7b25313ff1471c6148a6b36f3b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:06:35 2012 -0500

    Rename to include the version

commit a893de222b97ce1222a55324f1811b0262aae2d0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 13:56:47 2012 -0500

    Detect older installation environments and load the arch-lib directories into the search path

commit 6444bba0a421921e2ebe2df2323277a586f9736f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 13:49:25 2012 -0500

    Merge in windows gems

commit 95efbcfde220917bc7ee08e6083d7b383240d185
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 13:49:33 2012 -0500

    Report_vuln shouldn't use :include in finder

    find_or_create_by doesn't take :include as a param.

commit c5f99eb87f0874ef7d32fa42828841c9a714b787
Author: David Maloney <DMaloney@rapid7.com>
Date:   Sun Apr 15 12:44:09 2012 -0500

    One more msised Mdm namespace issue

commit 2184e2bbc3dd9b0993e8f21d2811a65a0c694d68
Author: David Maloney <DMaloney@rapid7.com>
Date:   Sun Apr 15 12:33:41 2012 -0500

    Fixes some mroe Mdm namespace confusion
    Fixes #6626

commit 10cee17f391f398bb2be3409137ff7348c7a66ee
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 03:40:44 2012 -0500

    Add robots gem (required by webscan)

commit 327e674c83850101364c9cca8f8d16da1de3dfb5
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 03:39:05 2012 -0500

    Fix missing error checks

commit a5a24641866e47e611d7636a3f19ba3b3ed10ac5
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 01:15:37 2012 -0500

    Reorder requires and add a method for injecting a new migration path

commit 250a5fa5ae8cb05807af022aa4168907772c15f8
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:56:09 2012 -0500

    Remove missing constant (use string) and add gemcache cleaner

commit 37ad6063fce0a41dddedb857fa49aa2c4834a508
Merge: d47ee82 4be0361
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 00:40:16 2012 -0500

    Merge branch 'master-clone' into rails3-clone

commit d47ee82ad7e66de53dd3d3a65649cc37299a2479
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:30:03 2012 -0500

    cleanup leftovers from gems

commit 6d883b5aa8a3a7ddbcde5bfd4521d57c5b30d3c2
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:25:47 2012 -0500

    MDM update with purged DBSave module

commit 71e4f2d81f6da221b76150562a16c730888f5925
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 23:19:37 2012 -0500

    Add new mdm

commit 651cd5adac8211d65e0c8079371d8264e549533a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 23:19:13 2012 -0500

    Update mdm

commit 0191a8bd0acec30ddb2a9e9c291111a12378537f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 22:30:40 2012 -0500

    This fixes numerous cases of missed Mdm:: prefixes on db objects

commit a2a9bb3f2148622c135663dead80b3367b6f7695
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 18:30:18 2012 -0500

    Add eventmachine

commit 301ddeb12b906ed3c508613ca894347bedc3b499
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 18:18:12 2012 -0500

    A nicer error for folks who need to upgrade pg

commit fa6bde1e67b12e2d3d9978f59bbc98e0c1a1a707
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:54:55 2012 -0500

    Remove bundler requirements

commit 2e3ab9ed211303f1116e602b9a450141b71e56a4
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:35:38 2012 -0500

    Pull in eventmachine with actual .so's this time

commit 901fb33ff6b754ce2c2cfd51e3b0b669f6ec600b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:19:12 2012 -0500

    Update deps, still need to add eventmachine

commit 6b0e17068e8caa0601f3ef81e8dbdb672758fcbe
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 13:07:06 2012 -0500

    Handle older installer environments and only allow binary gems when the
    environment specifically asks for it

commit b98eb7873a6342834840424699caa414a5cb172a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 04:05:13 2012 -0500

    Bump version to -testing

commit 6ac508c4ba3fdc278aaf8cfe2c58d01de3395431
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:25:09 2012 -0500

    Remove msf3 subdir

commit a27dac5067635a95b4cbb773df1985f2a2dc2c5a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:24:39 2012 -0500

    Remove the old busted external

commit 5fb5a0fc642b6c301934c319db854cc3145427a1
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:03:10 2012 -0500

    Add the gemcache loader

commit 09e2d89dfd09b9ac0c123fcc4e19816c86725627
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:02:23 2012 -0500

    Purge gemfile/bundler configure in exchange for new gemcache setup

commit 3cc0264e1cfb027b515d7f24b95a74b023bd905c
Author: Tod Beardsley <todb@metasploit.com>
Date:   Thu Apr 12 14:11:45 2012 -0500

    Mode change on modicon_ladder.apx

commit c18b3d56efd639e461137acdc76b4b283fe978d4
Author: HD Moore <hd_moore@rapid7.com>
Date:   Thu Apr 12 01:38:56 2012 -0500

    The go faster button

commit ca2a67d51d6d4c7c3ca2e745f8b018279aef668a
Merge: 674ee09 b8129f9
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Apr 9 15:50:33 2012 -0500

    Merge branch 'master-clone' into rails3-clone

    Picking up Packetfu upstream changes, all pretty minor

commit 674ee097ab8a6bc9608bf377479ccd0b87e7302b
Merge: e9513e5 a26e844
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Apr 9 13:57:26 2012 -0500

    Merge branch 'master-clone' into rails3-clone

    Conflicts:
    	lib/msf/core/handler/reverse_http.rb
    	lib/msf/core/handler/reverse_https.rb
    	modules/auxiliary/scanner/discovery/udp_probe.rb
    	modules/auxiliary/scanner/discovery/udp_sweep.rb

    Resolved conflicts with the reverse_http handlers and the udp probe /
    scanners byt favoring the more recent changes (which happened to be the
    intent anyway). The reverse_http and reverse_https changes were mine so
    I know what the intent was, and @dmaloney-r7 changed udp_probe and
    udp_sweep to use pcAnywhere_stat instead of merely pcAnywhere, so the
    intent is clear there as well.

commit e9513e54f984fdb100c13b44a1724246779ccb76
Author: David Maloney <dmaloney@melodie.gateway.2wire.net>
Date:   Fri Apr 6 18:21:46 2012 -0500

    Some fixes to how services get reported to prevent issues with the web interface

commit adeb44e9aaf1a329a0e587d2b26e678398730422
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Mon Apr 2 15:39:46 2012 -0500

    Some corrections to pcAnywhere discovery modules to distinguish between the two services

commit b13900176484fea8f5217a2ef925ae2ad9b7af47
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Mar 31 12:03:21 2012 -0500

    Enable additional migration-path parameters, use a temporary directory to bring the database online

commit 526b4c56883f461417f71269404faef38639917c
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Wed Mar 28 23:24:56 2012 -0500

    A bunch of Mdsm fixes for .kind_of? calls, to make sure we ponit to the right place

commit 2cf3143370af808637d164ce59400605300f922c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 16:22:09 2012 -0500

    Check for ruby 2.0 as well as 1.9 for encoding override

commit 4d0f51b76d89f00f7acbce6b1f00dc6e4c4545ee
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 15:36:04 2012 -0500

    Remove debug statement

commit f5d2335e7745aa1a354f4d6c8fc9d0b3876c472a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 15:01:55 2012 -0500

    Be explicit about the Mdm namespace

commit bc8be225606d6ea38dd2a85ab4310c1c181a94ee
Author: hdm <hdm@hypo.(none)>
Date:   Mon Mar 26 11:49:51 2012 -0500

    Precalculate some uri strings in case the 1000-round generation fails

commit 4254f419723349ffb93e4aebdaeabbd7d66bf8c0
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Sat Mar 24 14:03:44 2012 -0500

    Removed some non-namespaced calls to Host

commit c8190e1bb8ad365fb0d7a1c4a9173e6c739be85c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Mar 20 00:37:00 2012 -0500

    Purge the rvmrc, this is causing major headaches

commit 76df18588917b7150a3bedf2569710a80bab51f8
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Mar 20 00:31:52 2012 -0500

    Switch .rvmrc to the shipping 1.9.3 version

commit 7124971d0032b268f4ddf89aca125f15e284f345
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Mon Mar 12 16:56:40 2012 -0500

    Adds mixin for looking up Mime Types by extension

commit b7ca8353164c43db6bacb2f3f16afa1269f66e43
Merge: a0b0c75 6b9a219
Author: Matt Buck <techpeace@gmail.com>
Date:   Tue Mar 6 19:38:53 2012 -0600

    Merge from develop.

commit a0b0c7528d2b8fabb76b2246a15004bc89239cf0
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Mar 6 11:08:59 2012 -0600

    Somehow migration file is new?

commit 84d2b3cb1ad6290413c3ea3222ddf9932270b105
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Wed Feb 29 16:38:55 2012 -0600

    Added ability to specify headers to redirects in http server

commit e50d27cda83872c616722adb03dc1a6a5e685405
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Feb 4 04:44:50 2012 -0600

    Tweak the event dispatcher to enable customer events without a category
    and trigger http request events from the main exploit mixin.
    Experimental

commit 0e4fd2040df49df2e6cb0e8d2c6240a03d108033
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Thu Feb 2 22:09:05 2012 -0600

    Change Msm -> Mdm in migrations. This is what was preventing migrations from finishing on first boot.

commit c94a2961d04eee84adfd42bb01ed7a3e3846b83a
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Wed Feb 1 12:48:48 2012 -0600

    Changed Gemfile to use new gem name

commit 245c2063f06b4fddbfc607d243796669ef236136
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Wed Feb 1 12:47:42 2012 -0600

    Did find/replace for final namespace of Mdm

commit 6ed9bf8430b555dcbe62daeddb2f33bd400ab5bc
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 24 10:47:44 2012 -0600

    Fix a bunch of namespace issues

commit 2fe08d9e4226c27e78d07a00178c58f528cbc72e
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Fri Jan 20 14:37:37 2012 -0600

    Update Msm contstants in migrations for initial DB builds.

commit 4cc6b8fb0440c6258bf70de77a9153468fea4ea5
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Fri Jan 20 14:37:25 2012 -0600

    Update Gemfile.lock.

commit 1cc655b678f0a054a9a783da119237fe3f67faa4
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Thu Jan 19 11:48:29 2012 -0600

    Errant Workspaces needed namespace

commit 607a78285582c530a68985add33ccf4d899c467a
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 17 15:44:02 2012 -0600

    Refactored all models to use the new namespace

    * Every model using DBManager::* namespace is now Msm namespace
    * Almost all of this in msf/base/core
    * Some in modules

commit a690cd959b3560fa2284975ca7ecca10c228fb05
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 17 13:41:44 2012 -0600

    Move bundler setup

commit dae115cc8f7619ca7a827123079cb67fb4d9354b
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Mon Jan 9 15:51:07 2012 -0600

    Moved ActiveSupport dep to gem

commit d32f8edb6e7f82079b775ffbc2b9a405d1f32b3b
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Mon Jan 9 14:40:05 2012 -0600

    Removed model require file

commit d0c74cff8c44771e566ec63b03eda10d03b25c42
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 3 16:06:10 2012 -0600

    Update some more finds

commit 4eb79ea6b58b74c309ab1f1bb0bd35fe9041de46
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 3 14:21:15 2012 -0600

    Yet another dumb commit

commit a75febcb593d52fdfe930306b4275829759d81d1
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Thu Dec 29 19:20:51 2011 -0600

    Fixing deletion

commit dc139ff2fdfc4e7cdee3901dfb863e70913d6b92
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Wed Dec 7 17:06:45 2011 -0600

    Fixed erroneous commit

commit 531c1e611cf4d23aeb9c48350dabf7630d662d25
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Mon Nov 21 16:11:35 2011 -0600

    Remove AR patch stuff; attempting to debug non-connection between MSF and Pro

commit 458611224189c7aa27e500aabd373d85dc2dc5c0
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Fri Nov 18 16:17:27 2011 -0600

    Drop ActiveRecord/ActiveSupport in preparation for upgrade
2012-04-15 23:35:38 -05:00
James Lee 8ee0a5533c Fix a NoMethodError on nil when cat'ing a file in meterpreter
Thanks, mihi for the report.
2012-04-11 11:46:52 -06:00
James Lee c19a4d7a23 Put final detection results on window.os_detect object
Makes it easier to grab results from within a module without having to
run the detection again.  I thought I had committed something like this
before, I wonder what other code I've lost...
2012-04-09 14:08:35 -06:00
James Lee 9ae9509cfe More fingerprints from browsershots 2012-04-08 11:12:32 -06:00
James Lee bac6bcd6f1 More fingerprints from browsershots 2012-04-06 18:41:14 -06:00
James Lee 31e3eb7d91 Merge branch 'rapid7' into bap-refactor 2012-04-06 18:12:49 -06:00
James Lee bb4e37b7aa Add a few fingerprints. Thanks browsershots.org! 2012-04-06 18:09:19 -06:00
James Lee 585245501a Print an error when trying to open a dir as a file
Prevents unnecessary stack traces
2012-04-05 11:49:03 -06:00
James Lee 778fed9a19 Put things in the right namespace 2012-04-05 01:22:27 -06:00
James Lee 0ddfa79a34 Move javascriptosdetect out to its own file
Allows editors to easily highlight correctly which makes editing a
little nicer. Also makes it easier to debug because line numbers are
only off by the length of the custom_js argument.
2012-04-04 17:07:17 -06:00
James Lee e901f9cc50 Add a couple of fingerprints and sort some
This is in terrible need of some more crowd-sourced fingerprint
gathering.
2012-04-03 18:18:32 -06:00
Brandon Perry 4a3d2a18de hard tabs 2012-04-02 21:42:51 -05:00
Brandon Perry a4d9e59934 silly registry typos 2012-04-02 21:33:01 -05:00
Chris John Riley 684663f340 Added Base32 Support 2012-03-28 14:29:31 -06:00
James Lee 66727043f9 Add an inspect method that doesn't print the entire buffer
Also cleans up some whitespace
2012-03-19 01:10:23 -06:00
James Lee 6754bccf78 Use `#session_compatible?` instead of looping through `#compatible_sessions` 2012-03-16 12:12:08 -06:00
James Lee 65b92efe8c Fix an ancient syntax fail 2012-03-16 02:03:54 -06:00
James Lee 9aaf6af072 Return network prefixes when available
Solves #6525 on Vista+.  Win2k still works using the old MIB method
(which doesn't support ipv6).  Win2k3 and XP are still busted for
unknown reasons.
2012-03-16 01:50:26 -06:00
James Lee 916f23fe4e Add IPv6 support for bit2netmask 2012-03-16 01:50:26 -06:00
James Lee a3db547c76 Justify TLVs to be a little easier to read 2012-03-16 01:50:26 -06:00
James Lee 6895ff9cbb Whitespace at EOL 2012-03-14 21:42:00 -06:00
James Lee 9d563d4d9e Pastographical error 2012-03-14 21:41:14 -06:00
James Lee 2c34b7d599 Alias `ifconfig` to `ipconfig`
This has bugged me for *years*.
2012-03-14 11:07:31 -06:00
gaspmat@gmail.com 248a73a73c change sniffer behaviour when stopping capture. workaround if pcap_findalldev fails 2012-03-14 11:07:31 -06:00
James Lee 6cfb3ff4fc Comment out extension TLV types
I suspect this is a load order issue where sometimes the extension's TLV
types are defined before hitting this and sometimes aren't.
Nevertheless, pretty printing a TLV is not worth breaking all the
payloads.
2012-03-13 14:08:58 -06:00
James Lee 6a6dd06103 Merge branch 'feature/6476-list-all-ifaces'
Conflicts:
	modules/auxiliary/scanner/afp/afp_server_info.rb
2012-03-13 13:55:45 -06:00
James Lee 89e3fee5a8 Revert "Squashed commit of the following:"
This reverts commit dd9ac8a6c0.
2012-03-13 13:38:35 -06:00
James Lee dd9ac8a6c0 Squashed commit of the following:
commit 8b4750d0dcbac0686f9403acdf5cab50c918212f
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 13 13:14:43 2012 -0600

    Add bins for listing all addresses

    [Fixes #6476]

commit 213dd92ebc9b706a45725e6515c7939d2edace0e
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 13 02:08:34 2012 -0600

    Accept multiple addresses and netmasks

    [See #6476]

commit 2e8bd3c3ecfb319bf9456485d2420bb5829b60cc
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 13 01:55:57 2012 -0600

    Make inspecting meterpreter packets a little less painful

    Not sure why I originally thought there was no way to access extensions'
    constants before.  A simple `require` makes it all happy.

commit da367907cf579bd3aefaffbc84d2f96a41b85f00
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 11 22:08:44 2012 -0600

    Fix up Linux after changes for Windows

commit ec9f04378b0155f69df95d4a94e62d33ce61977c
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 11 21:56:11 2012 -0600

    Grab IPv6 addresses on Windows when possible

    Tries to GetProcAddress of GetAdaptersAddresses and falls back to the
    old GetIpAddrTable() function when it isn't available. This should work
    on XPSP1 and newer, albeit without netmasks on versions before Vista.
    Still trying to figure that one out.

commit 1052ebdcf86114fbc03d1a37ab5d4c6a78e82daa
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 6 15:34:09 2012 -0700

    Wrap Windows-specifc headers in ifdef

commit f23f20587b3117c38a77e7e5a93d542411e9504f
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 6 14:36:34 2012 -0700

    Handle multiple addrs on one iface on the ruby side

commit d7207d075ac6462875d9da531cf20c175629a416
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 5 21:57:39 2012 -0700

    Adds IPv6 addrs to win32 get_interfaces response

commit 11ae7e8a45bd56d25841ea8724377e0fb6789d72
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 5 09:07:28 2012 -0700

    Don't distinguish between 4 and 6.

    The client can figure it out from the length.

commit 2c7490bdf3e4079f30857ee323d2ce23ab1bd9a5
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 4 04:25:26 2012 -0700

    Append to the list instead of assigning to it

    All addresses are being sent to the client now.  Just need a way to
    parse them out correctly on the other side and meterpreter will be able
    to list all addresses on all interfaces on Linux.  Next step is to
    allocate the proper number of TLVs to avoid good ol' stack smashes on
    systems with lots of addresses and then make sure we clean all the
    memory leaks.

    [See #6476]

commit 73bba037ad968b922341c02459017afcc8407a76
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 4 03:12:28 2012 -0700

    Lay the groundwork for returning all addresses

    This commit only sends the last interface in the list, but it is looping
    through all of them as evidenced by the log, just need to make sure
    we're not overwriting as we go.

    [See #6476]
2012-03-13 13:19:18 -06:00
James Lee 1d99330795 Accept multiple addresses and netmasks
[See #6476]
2012-03-13 02:08:34 -06:00
James Lee 58bc9346f4 Make inspecting meterpreter packets a little less painful
Not sure why I originally thought there was no way to access extensions'
constants before.  A simple `require` makes it all happy.
2012-03-13 01:55:57 -06:00
James Lee b815955e09 Allow file argument for the `ls` command
Previously only worked for directories.

[Fixes #3055]
2012-03-13 00:52:42 -06:00
James Lee d99df825b3 Handle multiple addrs on one iface on the ruby side 2012-03-06 14:36:34 -07:00
James Lee 6b9a21936e Whitespace at EOL 2012-03-06 14:14:02 -07:00
HD Moore 8cbe5d8a54 Force many integer arguments to be integers 2012-03-06 09:28:29 -06:00
James Lee 9f05562a18 Don't distinguish between IPv4 and IPv6 routes
It's easier to deal with one Array of all routes regardless of INET
family than having get_routes() return a two-element Array of Arrays.
Also fixes a bug in each_route() which was expecting get_routes() to
return a single Array of all routes. Thanks to valsmith for reporting.
2012-03-02 18:26:57 -07:00
Tod Beardsley 6c0f8636ec Merge pull request #217 from rapid7/reverse-http-randomness
Reverse http randomness
2012-03-02 16:36:26 -08:00
HD Moore b70b41091b Tested fairly well - this randomizes the URLs and removes the user-agent string from the request 2012-03-02 17:44:23 -06:00
James Lee 9e2a1b6d52 Allow channel -k as a synonym for -c
Makes it consistent with "jobs", "sessions", and "threads" commands in
msfconsole.  Because I keep using the wrong thing and being confused
about why it doesn't work.
2012-03-02 15:11:00 -07:00
James Lee 884550ce7c Fix undefined constant bug in session.fs.seek
How did this ever work?  Clearly nothing exercises this code.
2012-03-02 14:43:00 -07:00
James Lee 4f2fd918e4 Only add a Content-Type when it's not nil
Makes it possible to create MIME parts for non-file POST parameters when
sending a file.
2012-03-01 16:28:55 -07:00
James Lee bde9a846b9 Default the index to -1
This prevents stack traces on Java which doesn't provide the index.
2012-02-29 20:27:10 -07:00
James Lee db88145294 Keep the order of iface attributes the same accross rubies
1.8 doesn't maintain insertion order for Hash keys like 1.9 does so we
end up with ~random order for the display with the previous technique.
Switch to an Array instead of a Hash so it's always the same.
2012-02-28 08:27:22 -07:00
James Lee 2b8d16203a Refactor Interfac#pretty to be more rubyish 2012-02-24 16:42:12 -07:00
MM f83a7f14ac Switch to netlink for listing interfaces
* Adds support for listing IPv6 addresses on POSIX meterpreter
* Ensures crash logs are only created if debugging is enabled
* Fixes a bug in sniffer where a lock was not acquired correctly

Squashed commit of the following:

commit 955124b264a675c7d67187703bf23b58f0aba6d8
Author: MM <gaspmat@gmail.com>
Date:   Thu Feb 23 23:42:26 2012 +0100

    posix meterpreter - IPv6 support for route and ipconfig using netlink sockets

[Closes #196]
2012-02-24 16:42:12 -07:00
James Lee 3857bef9f6 Adds help and tabs for commands in meterpreter core 2012-02-21 10:10:42 -07:00
sinn3r 85e644ed4c Merge branch 'railgun_defs' of https://github.com/NoVAHA/metasploit-framework into NoVAHA-railgun_defs 2012-02-10 01:17:07 -06:00
Rob Fuller 3312a16708 Added a message when backgrounding a session 2012-02-09 05:49:40 +00:00
Rob Fuller 1f1e67cb16 Moved railgun function definitions into central storage and out of individual modules where possible 2012-02-09 04:56:13 +00:00
HD Moore 6685a65c39 Spend some time type-checking - no exploitable vulns we are aware of, but no reason to leave it to future chance 2012-02-07 17:17:45 -06:00
matugm f89853d3bc Squashed commit of the following:
commit 69bb41a8176fb814485225e0c3b0e1c44342e652
Author: matugm <matugm@gmail.com>
Date:   Tue Jan 31 11:30:52 2012 +0100

    indentation

commit 175d230a06dc58e2123f092d39f33063efdce83d
Author: matugm <matugm@gmail.com>
Date:   Tue Jan 31 11:13:02 2012 +0100

    Changed way of finding hive names so that it works with xp hives
2012-02-03 17:01:35 -06:00
HD Moore 6623988fc0 Remove duplicate interfaces call, fixes #6344 2012-02-03 09:46:08 -06:00
James Lee cd0a806a06 Sort by filename instead of the default first column
[Fixes 6336]
2012-02-02 12:13:52 -07:00
James Lee b347418f90 Add checks for numeric column data
[Fixes #6303]
2012-02-02 12:13:52 -07:00
James Lee eb795514b3 Add a SortIndex option to rex Table
Allows Table#to_s to do the right thing when the first column isn't the
one we want sorted.
2012-02-02 12:13:51 -07:00
Jon Hart 7ec5f98480 Adding jhart's natpimp libary and modules.
Made some minor corrections -- dropped the #vim splats, switched to msf
constants for service open etc, namely.

[See #106]
2012-01-24 10:32:30 -06:00
Tod Beardsley 26836cab47 Adds a default context for the TFTP Client lib.
For use with nonstandard routing.
2012-01-23 16:00:54 -06:00
Brandon Perry d34a9f38a5 Adding bperry's various and sundry regex fixes
[Closes #109]

Squashed commit of the following:

commit 692568d02fbfd547ef2d05ad9887427fc53f8abb
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Mon Jan 16 12:34:35 2012 -0600

    small get_everything fix

commit 5b29a310601b6658ffb74a4922b52bc5b3f864fb
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Mon Jan 16 12:31:31 2012 -0600

    regex fixes

commit a565ade7f4fe42fb5d070d04ac1ba4e65c98d8b8
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Sun Jan 15 16:39:29 2012 -0600

    registry.rb in lib/rex

commit 3609313ea357884480750948a9b0cc6514dcfcc2
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Sun Jan 15 16:32:06 2012 -0600

    boot key fixed

commit e591ed1815b01b3e535b517c73470ad9984fe8c7
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Sun Jan 15 15:53:21 2012 -0600

    fixes

commit 3598f3482eea2845baead71310d6192e105b6074
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Sat Jan 14 13:47:29 2012 -0600

    stuff

commit 8a8d0dfda603d3697b54bd852f131795259f9c28
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Fri Jan 13 22:57:30 2012 -0600

    reg fixes

commit fcfb51bb64b2d8ee6a28722bbf1998be47145b90
Merge: 2c7cfde 24aaf85
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Fri Jan 13 21:54:45 2012 -0600

    Merge remote-tracking branch 'upstream/master'

commit 2c7cfdef41d9cdcce563c4d623c1c3585170d1fe
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Tue Jan 10 19:16:37 2012 -0600

    typo
2012-01-16 17:54:33 -06:00
Brandon Perry 0236a6994f registry stuff 2012-01-10 18:45:24 -06:00
chao-mu d0fb9424b2 Updated to use "reject!" instead of "select!" so older versions of ruby are happy 2012-01-08 11:16:17 -05:00
chao-mu 6591bd3a45 Completed test coverage for pointer_util.rb and fixed the bugs I found 2012-01-08 11:05:24 -05:00
chao-mu f9d123a8c8 Merge remote branch 'upstream/master' 2012-01-07 19:06:51 -05:00
James Lee 7ea5f87960 Allow proper ruby types for evasion configuration
At some point in the distant past, the datastore was all strings and the
various option types got parsed out in the appropriate places. Then, in
the somewhat more recent past, the options started getting converted to
regular ruby types (such as TrueClass for a BOOL options, etc) earlier
in their life.  Apparently, that change broke boolean http evasions.
This commit fixes them by ensuring that +true+ is just as acceptable as
"true".

Fixes #6198, thanks Ashish for the report
2012-01-06 20:05:29 -07:00
chao-mu c59e08ce7d Moved utility codde and expanded railgun test suite runner 2012-01-06 21:07:16 -05:00
chao-mu f41fc7a0ac Moved platform_util.rb and added the tests for the new utilities to railgun.rb.ts.rb 2012-01-06 20:56:41 -05:00
chao-mu 3772f56260 Am making use of platform_util.rb's platform symbols for standardization across railgun. Ideally only platform_util.rb will need to know what platform strings look like and how they are represented in the railgun world. Corrected railgun.rb mixin's pointer_size function. 2012-01-04 22:28:20 -05:00
chao-mu d995c3893b Platform handling utilities. I want to protect railgun against changes to client.platform's general form 2012-01-04 21:56:34 -05:00
chao-mu 3d7d5d5f3d Utility for working with pointers. Test coverage is incomplete 2012-01-04 19:30:30 -05:00
chao-mu b9b5b1e66f Merge remote branch 'upstream/master' 2012-01-02 20:07:50 -05:00
James Lee ba017773b2 Cleanup whitespace at EOL 2011-12-30 10:55:01 -07:00
chao-mu 0054fb5167 using select! instead of delete_if to avoid double negatives... 2011-12-28 20:05:54 -05:00
chao-mu 5560c6b17e Moved and adapted code relating to looking up constant names by constant value 2011-12-28 00:40:08 -05:00
chao-mu ffcf5af9b0 Merge remote branch 'upstream/master' 2011-12-27 22:06:51 -05:00
James Lee 80603e03cb grab the appropriate shell from mult-platform meterpreters and use /bin/sh instead of /bin/bash for linux to improve compatibility, fixes #5996 2011-12-26 14:41:24 -07:00
chao-mu 1604162ba3 A place to add railgun convenience code for use in modules 2011-12-24 15:59:46 -05:00
Tod Beardsley 35e868f705 Merge pull request #67 from kernelsmith/railgun-add_const_reverse_lookup
Add const_reverse_lookup and error_lookup to railgun (redmine 6128)
2011-12-22 14:43:24 -08:00
Tod Beardsley 743a0546f1 Don't blow up if the user doesn't set a filename
Can't actually require FILENAME or REMOTE_FILENAME because I don't know
if you're going to upload or download. However, there shouldn't be a
stacktrace when you just try to go with neither.
2011-12-21 16:26:29 -06:00
Tod Beardsley 24d53efa7c Final touches on TFTP client
See #5291. Adds an option to mess with the block size in case someone
wants to write a fuzzer or exploit that leverages that. Adds a cleanup
method to the module (pretty much required, it turns out). Looking
nearly final, just need to rename the module and I think we're good to
push to master.
2011-12-20 10:03:04 -06:00
Tod Beardsley 677cb4b152 Handle empty data sends sanely for TFTP.
Don't just hang forever -- let the user know they just send empty data.
TFTP servers don't like this of course.
2011-12-19 21:56:03 -06:00
Tod Beardsley 2b3e3725ac TFTP adding comment docs, ability to send w/out a file.
Commenting the tricksy parts a little better for general usage.

Adding the ability to set FILEDATA instead of FILENAME, in case
only short bits of data are desired and the user doesn't want
to go to the trouble of creating a source file to upload.
2011-12-19 18:15:19 -06:00
Tod Beardsley 431ef826c9 TFTP client now uses constants, preserves trailing spaces/nulls in data
See #5291, just rediscovered the bug on this.
2011-12-19 16:33:25 -06:00
Tod Beardsley 5eaf2e7535 Adding download and loot functionality.
Still need to deal with the use case of not passing a block; blocks
should not be required, it should be okay to invoke and just wait for
the complete attribute to be true. You'll miss out on error messages but
eh, maybe those should be return values.
2011-12-19 15:50:50 -06:00
Tod Beardsley aecde6fea4 Updating TFTP client. Now with grown-up thread handling.
No longer blocks on successful connections.
2011-12-19 12:14:40 -06:00
Tod Beardsley 902d7f5ea7 Adding more to TFTP. Still need a read tho
Adds error checking and some helpful messaging in the event of an error.
In the event of a failed transfer the module exits immediately, but in
success, I'm still hanging around for several seconds after. Not a deal
breaker but can be annoying.

Also, need to implement a read as well as a write and store it as loot,
to be actually useful for most TFTP checking.
2011-12-18 21:05:27 -06:00
Joshua Smith 8bdf76a87b Adds const_reverse_lookup and error_lookup methods to the railgun instance, also adds test/modules/post/test/railgun_reverse_lookups.rb, tested, working great 2011-12-17 16:19:32 -05:00
Tod Beardsley 50fa10679b First draft of a TFTP client.
Could use some actual error checking and also needs to expose
more options.
2011-12-16 18:41:55 -06:00
chao ec1dd8154e When duplicating a DLL, duplicate everything underneath it to remain threadsafe. I wrote this patch months and months ago. The way I am deep copying produced much groaning in #metasploit when I put it in for code review. It was ultimately declared the lesser of two evils. If you have chat logs from months ago you may be able to find the discussion 2011-12-15 22:05:02 -05:00
HD Moore 2c538fe9c0 Rework RangeWalker and some of the socket API to fix bugs and generally
handle ranges the right way
2011-12-10 20:10:10 -06:00
HD Moore dee053cd71 Try multiple scopes for link-local addresses, if necessary. Fix a small
typo
2011-12-10 15:24:10 -06:00
HD Moore e46745b761 Add support for link-local scopes 2011-12-10 13:24:58 -06:00
HD Moore 1cc68d1ed5 Accept IPv6 addresses in getaddress() responses 2011-12-10 13:24:58 -06:00
HD Moore 49ff9f594a Properly enclose IPv6 addresses with brackets inside of the Host header 2011-12-10 13:24:58 -06:00
HD Moore 72f64583e2 Add IPv6 range support, permission tweak 2011-12-06 00:43:11 -06:00
HD Moore 4344a5f92a Fix up IPv6 resolution in DNS replies 2011-12-05 13:07:37 -06:00
HD Moore bcebdb1893 Improve IPv6 handling 2011-12-05 13:07:37 -06:00
HD Moore 27974c4c27 Merge branch 'master' of github.com:rapid7/metasploit-framework into fastlib
Conflicts:
	modules/auxiliary/scanner/http/axis_login.rb
	modules/exploits/multi/http/axis2_deployer.rb
	modules/post/multi/gather/thunderbird_creds.rb
	modules/post/windows/gather/credentials/imvu.rb
	msfopcode
2011-12-03 14:07:09 -06:00
Tod Beardsley 6b06df0d7d Merge pull request #38 from XeroHawk/alpha2_fix
Ported over the Issue 3190 SVN changes for unicode_mixed, an old bug that was hiding out in Redmine.
2011-12-02 12:51:47 -08:00
David Maloney 1db9177583 Revert "Merge pull request #22 from scriptjunkie/multithread"
This reverts commit 4f76f3bbb8, reversing
changes made to e72dad4e81.
2011-12-02 13:35:43 -05:00
HD Moore 4f76f3bbb8 Merge pull request #22 from scriptjunkie/multithread
RPC multithreading
2011-12-01 23:43:32 -08:00
HD Moore e72dad4e81 Rescue the load error so rex will work outside of Metasploit. Fixes 2011-12-02 00:28:31 -06:00
Xero Hawk 2ac8cbaf66 Ported over the Issue 3190 SVN changes 2011-11-30 14:37:10 -05:00
Joshua J. Drake e9c3e8ee50 Fix SMB_COM_NT_TRANSACT structure definition per specification. For more information see http://j.mp/t5zzku 2011-11-27 19:27:01 -06:00
HD Moore f82c7e9bb4 Fixup requires to use sane paths 2011-11-21 14:37:26 -06:00
James Lee 8f56dc1504 get rid of a bunch more spaces at EOL 2011-11-20 11:46:35 +11:00
James Lee 70b463b257 msftidy run 2011-11-20 11:39:27 +11:00
James Lee 60c3c44800 remove spaces at EOL 2011-11-20 11:30:15 +11:00
scriptjunkie c4eb32d2ff Add an optional multithreading to stream server, and enable multithreading (one thread per client) to the RPC server. 2011-11-17 08:07:34 -08:00
Tod Beardsley 6715248047 Minor comment fixes
Removing patch comment
2011-11-17 08:42:30 -06:00
Dillon 67c07165c6 Update lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb 2011-11-17 08:26:57 -06:00
Dillon 66621632f0 added linux shell functionality to meterpreter's shell command. 2011-11-17 08:26:57 -06:00
HD Moore 825c9f776c Fixes #5980 by correcting the address match for IPv6. Clean up regex mapping in general 2011-11-16 14:35:23 -06:00
James Lee 91e7e39fd9 Add definition for DeleteService 2011-11-13 21:04:35 -07:00
Tod Beardsley 40614a3cf4 Merge branch 'iss5454' 2011-11-11 11:26:05 -06:00
Tom Samstag 7b7413d85e Bash format for msfencode/msfvenom
This patch adds a Bash output format for msfencode and msfvenom. This is especially useful for local exploitation with shellcode in an environment variable.
Example output:

$ echo 'this is a test' | ./msfvenom -f bash
[-] Using X86 architecture and Windows platform for stdin payload to change use -a and --platform
export buf=\
$'\x74\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74'\
$'\x0a'

It adds unit tests for the new format and also fixes a unit test that was broken (assert_equal 'AAAAAAAAA', Rex::Text.pattern_create(9,['A'])) due to a bug in the shortcut in pattern_create.
2011-11-11 00:13:17 -08:00
HD Moore 30a86c9378 Merge patch to fix #5271 2011-11-10 20:01:50 -06:00
Wei Chen b689796678 msf*scan is busted with -i because of "uninitialized constant Rex::Socket". This addresses that issue.
git-svn-id: file:///home/svn/framework3/trunk@14117 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-29 18:54:24 +00:00
Tod Beardsley fed2e9a611 Fixes #2052. The supplied patch wanted to do it in the to_s, but it seems to make more sense to do this kind of thing in the sort_rows() method.
Thanks for the patch, though. Note, it's slightly easier to locate which file you're diffing if you diff from the top of /trunk.



git-svn-id: file:///home/svn/framework3/trunk@14051 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 20:41:26 +00:00
James Lee 437e2e79be whitespace
git-svn-id: file:///home/svn/framework3/trunk@14043 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 04:54:03 +00:00
James Lee 70bf92edae whitespace
git-svn-id: file:///home/svn/framework3/trunk@14042 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 04:52:22 +00:00
HD Moore 5fec13a389 Propogate the timeout in send_recv() down to the TCP connect call as well
git-svn-id: file:///home/svn/framework3/trunk@14021 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-21 15:41:37 +00:00
HD Moore 3cfa3c25d3 Treat all input as strings, avoids some sloppy caller code that wasn't as strict before
git-svn-id: file:///home/svn/framework3/trunk@13995 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 19:16:48 +00:00
HD Moore 62740172e4 Officially remove support for the buggy/non-functional MySQL backend
git-svn-id: file:///home/svn/framework3/trunk@13948 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 09:42:04 +00:00
Tod Beardsley c532cfd2ef Fixes a problem where vulns were sometimes given the reference of the one before it.
git-svn-id: file:///home/svn/framework3/trunk@13947 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 04:46:16 +00:00
James Lee 643f2ab242 better fix for gsub() on non-String values in the table. Fixes cachedump brokenness
git-svn-id: file:///home/svn/framework3/trunk@13944 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 00:23:29 +00:00
James Lee 8295bb0a4e fix a nil.gsub() bug
git-svn-id: file:///home/svn/framework3/trunk@13943 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 00:18:30 +00:00
Tod Beardsley 52767b3104 Fixes #5204. Adding Windows Console2 color support from mihi. Thanks!
git-svn-id: file:///home/svn/framework3/trunk@13913 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-13 17:35:31 +00:00
Carlos Perez 4d4b07db40 Winsock2 getaddrinfo definition for Railgun
git-svn-id: file:///home/svn/framework3/trunk@13894 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 23:14:10 +00:00
Chao Mu 09423d89ef Adding support for wlanapi in prep for thelightcosine's coming modules. Note, this will *not* break railgun on systems that don't support wlanapi.
git-svn-id: file:///home/svn/framework3/trunk@13888 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 02:58:45 +00:00
Tod Beardsley a75371c282 See #5660. Well that broke other things. Rats.
git-svn-id: file:///home/svn/framework3/trunk@13861 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 21:20:45 +00:00
Tod Beardsley e9e4dc5d02 Fixes #5660 for real. Apparently I cannot tell the difference between 0 and 1. I would be a terrible robot. 0101100101.
git-svn-id: file:///home/svn/framework3/trunk@13857 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 19:03:18 +00:00
Tod Beardsley 1f1cd87e87 Fixes #5660. update_prompt('') is now equivalent to update_prompt(nil), which avoids the prompt stacking problem when setting an empty prompt.
git-svn-id: file:///home/svn/framework3/trunk@13855 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 18:42:44 +00:00
HD Moore 292aae8ab5 This small patch causes any input to RangeWalker that contains a host name to expand to all A records returned for that name. This allows RHOSTS to be set to a dns name that returns multiple addresses and for all addresses corresponding to the name to be tested.
git-svn-id: file:///home/svn/framework3/trunk@13837 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 01:07:51 +00:00
Wei Chen 1649a6d47c Add function for CredEnumerateA
git-svn-id: file:///home/svn/framework3/trunk@13833 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-07 21:01:35 +00:00
Tod Beardsley b21acdaaae Rex shouldn't die when trying to Rex::Text.base64_encode(nil). It should return an empty string.
git-svn-id: file:///home/svn/framework3/trunk@13817 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-05 01:42:14 +00:00
James Lee b3e96add60 fix whitespace at eol
git-svn-id: file:///home/svn/framework3/trunk@13795 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-26 17:42:07 +00:00
Matt Weeks de9e99bd3d Fix some TOCTOU confusion and database errors.
git-svn-id: file:///home/svn/framework3/trunk@13779 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-23 15:12:19 +00:00
Joshua Drake 2481eac4be remove extraneous relative load path addition, bad bad bad
git-svn-id: file:///home/svn/framework3/trunk@13761 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-19 23:01:26 +00:00
Tod Beardsley b72ca9dcc8 Fixes #5452.
Fixes #5446 for real.
Breaks up the regex to more managable registers, ensures that nil is never returned.


git-svn-id: file:///home/svn/framework3/trunk@13729 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-14 16:41:30 +00:00
Tod Beardsley 0413dc25c5 Fixes #5446 by ensuring the method is always sane.
git-svn-id: file:///home/svn/framework3/trunk@13723 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-12 19:59:29 +00:00
Matt Weeks acae5dcdc8 Killing puts.
Die, puts, die!!



git-svn-id: file:///home/svn/framework3/trunk@13715 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-11 02:42:39 +00:00
Wei Chen 14f39a69a0 Show DllCharacteristics (see #5234)
git-svn-id: file:///home/svn/framework3/trunk@13709 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-08 22:55:12 +00:00
Wei Chen e748b53a54 Modify the code for imported functions in order to display the addresses. See #5422.
git-svn-id: file:///home/svn/framework3/trunk@13704 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-07 23:17:47 +00:00
Wei Chen 047b1b4ee2 RopCollect needs to use print_status too
git-svn-id: file:///home/svn/framework3/trunk@13701 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-06 23:08:58 +00:00
David Rude 7e0424e976 fixes some bugs with imports of rop gadgets
git-svn-id: file:///home/svn/framework3/trunk@13700 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-06 22:27:03 +00:00
David Rude 5e4a3f5beb Opps typo in the require
git-svn-id: file:///home/svn/framework3/trunk@13678 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-01 10:21:15 +00:00
David Rude 525af4325d Add the jsobfu require
git-svn-id: file:///home/svn/framework3/trunk@13677 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-01 09:11:23 +00:00
David Rude 1e37649a4d Add backwards compatability support for old obfuscation methods needed by older exploits
git-svn-id: file:///home/svn/framework3/trunk@13674 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-01 08:58:18 +00:00
David Rude aa5ad30805 Alters heaplib so it no longer obfuscates using the old method
git-svn-id: file:///home/svn/framework3/trunk@13665 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-30 22:08:51 +00:00
Wei Chen ee961b69ad Add support for virtualalloc (see #5262)
git-svn-id: file:///home/svn/framework3/trunk@13659 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-30 06:52:56 +00:00
Matt Weeks 6853221762 Fixes #5313 by adding logging support to pivoted PXE attacks, and displaying results as the module runs.
git-svn-id: file:///home/svn/framework3/trunk@13646 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-27 15:46:49 +00:00
Matt Weeks 23b4f4ed98 Address #5313 for locally-launched PXE attacks.
git-svn-id: file:///home/svn/framework3/trunk@13639 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-25 22:48:33 +00:00
Matt Weeks 2b340439e0 Fixes #5312 - auto boot from disk on second PXE boot (after payload delivery).
git-svn-id: file:///home/svn/framework3/trunk@13629 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-24 21:28:31 +00:00
James Lee 3c7f25ff78 help help
git-svn-id: file:///home/svn/framework3/trunk@13579 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-18 20:29:49 +00:00
Matt Weeks 9e80c740b6 Also recognize PXE clients who do not set the PXE option in the DHCP request but do identify in client string.
git-svn-id: file:///home/svn/framework3/trunk@13577 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-18 00:18:43 +00:00
James Lee f99429138e clean up some rdoc comments. odd that rdoc doesn't appear to pick up ApiConstants at all...
git-svn-id: file:///home/svn/framework3/trunk@13576 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-17 23:00:28 +00:00
James Lee 0fc14a2164 whitespace
git-svn-id: file:///home/svn/framework3/trunk@13572 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-16 21:16:25 +00:00
James Lee 79b7fb7c43 actually store the new Util object. how did this ever work before? fixes #5265
git-svn-id: file:///home/svn/framework3/trunk@13571 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-16 18:01:21 +00:00
James Lee f16e593628 report udp protocol correctly, see #5260, r13569
git-svn-id: file:///home/svn/framework3/trunk@13570 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-15 22:39:41 +00:00
James Lee 4779c039f0 protocol != proto. fixes #5260
git-svn-id: file:///home/svn/framework3/trunk@13569 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-15 22:29:57 +00:00
Chao Mu c77dfcc48e fixes #5232 Add DLL definition for crypt32. I removed a custom add too
git-svn-id: file:///home/svn/framework3/trunk@13560 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-14 21:08:55 +00:00
Matt Weeks 4a7714e1b1 Fix #5244
git-svn-id: file:///home/svn/framework3/trunk@13551 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 20:26:03 +00:00
Joshua Drake 5966cf460e Fixes #5240: avoid crash when read fails
git-svn-id: file:///home/svn/framework3/trunk@13550 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 19:30:56 +00:00
Jonathan Cran 15a9036dd9 add in the Buffer input class
git-svn-id: file:///home/svn/framework3/trunk@13516 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 21:05:12 +00:00
Chao Mu 0bc44c4736 Expanding the range of mock dll/functions to allow for more thorough testing. Number of assertions when you run railgun tests are about to jump.
git-svn-id: file:///home/svn/framework3/trunk@13506 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 03:36:39 +00:00
James Lee a5b30b1964 sometimes windows raises EADDRNOTAVAIL which gets mapped to AddressInUse when using addresses it doesn't like, e.g. .0 and .255; make AddressInUse a ConnectionError so scanners handle it properly. makes scanners work on windows when an address range includes one of these. they won't be scanned (since windows is dumb) but at least it won't error out.
git-svn-id: file:///home/svn/framework3/trunk@13503 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 00:51:23 +00:00
Matt Weeks b2733c04db More PXE dust for extra magic!
git-svn-id: file:///home/svn/framework3/trunk@13493 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-05 17:10:27 +00:00
HD Moore 842bfdebe8 Lets just leave this here (insurance against my laptop melting down between now and tomorrow morning). Nothing to see here, move along ;)
git-svn-id: file:///home/svn/framework3/trunk@13483 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-03 22:58:55 +00:00
HD Moore d7e775b74c This speeds up shutdown for normal reverse_tcp meterpreters (avoids the penalization for http/https)
git-svn-id: file:///home/svn/framework3/trunk@13470 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-02 01:33:17 +00:00
HD Moore 7fa5795115 Cleanup session files. Wait a little longer for the session to receive the shutdown command
git-svn-id: file:///home/svn/framework3/trunk@13458 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-31 19:46:36 +00:00
James Lee f5862e87d0 guard against nil and false ranges
git-svn-id: file:///home/svn/framework3/trunk@13446 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-31 15:48:29 +00:00
Tod Beardsley 7667e5aa74 More of the same.
git-svn-id: file:///home/svn/framework3/trunk@13439 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-30 23:50:04 +00:00
Tod Beardsley 58f7618b78 Fixes #5144. Repro's with nexpose-raw.xml in sample data -- before the fix, DNS on port 53 would be marked as "Postfix" which is the same as the service prior, 25/tcp. After the fix, it is appropriately blank. (Same with 80/tcp and 443/tcp both being Apache -- technically probably correct but the service fingerprint isn't there for 443 in the import).
Checking other service importers for the same kind of problem, but it looks unique to nexpose-raw.



git-svn-id: file:///home/svn/framework3/trunk@13438 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-30 23:35:13 +00:00
HD Moore 7f758e42e8 Fix up SSL behavior (correctly, this time). Update the msfrpc tools to support the new MessagePack code, fix various defaults in the plugin. Fixes #5116
git-svn-id: file:///home/svn/framework3/trunk@13416 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-29 23:58:05 +00:00
HD Moore 07df5f051f Woops. Get the right variable name
git-svn-id: file:///home/svn/framework3/trunk@13412 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-29 19:26:43 +00:00
HD Moore f57799943c Rework this patch to only enable non-blocking openssl on Windows, as this has also reproduced on BT5 with 1.9.2
git-svn-id: file:///home/svn/framework3/trunk@13411 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-29 19:10:20 +00:00
HD Moore ace9ca86a8 This commit abstracts the non-blocking SSL check so that it verifies existence of the non-blocking API and skips Mac OS X. This should fix some of the issues with meterpreter on MacOS X with Ruby 1.9.2
git-svn-id: file:///home/svn/framework3/trunk@13404 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-29 03:34:15 +00:00
James Lee d50577066f remove some silliness of registering UserAgent as an option since it's already an advanced option for HttpClient, make the default obvious
git-svn-id: file:///home/svn/framework3/trunk@13394 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-28 22:57:47 +00:00
HD Moore 9f8cbc4145 First pass at an import, still missing a few items to call this done
git-svn-id: file:///home/svn/framework3/trunk@13390 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-28 21:17:30 +00:00
HD Moore c7077f2551 Fix up the stop call
git-svn-id: file:///home/svn/framework3/trunk@13382 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-27 20:50:11 +00:00
James Lee aa2c025ce1 add a flush option to portfwd. thanks ipax for the patch!
git-svn-id: file:///home/svn/framework3/trunk@13359 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-27 04:59:06 +00:00
Joshua Drake f1473c4cb3 Fixes #5062 - Use .length instead of .count (1.8 compat)
git-svn-id: file:///home/svn/framework3/trunk@13352 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-26 23:36:30 +00:00
James Lee fa4dbf6783 move the client accessor back to the top so it's available when needed, use the session-specific separator, fixes #4892 again
git-svn-id: file:///home/svn/framework3/trunk@13350 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-26 22:37:41 +00:00
James Lee 2212afcf31 un-remove an important include...
git-svn-id: file:///home/svn/framework3/trunk@13348 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-26 20:58:23 +00:00
James Lee 0f95070f3f add a request type for grabbing the host's directory separator, fixes #4892
git-svn-id: file:///home/svn/framework3/trunk@13346 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-26 20:51:33 +00:00
David Rude 25bdbe6568 More prompt bug fixes, back and use commands should work properly now
git-svn-id: file:///home/svn/framework3/trunk@13326 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-24 18:41:23 +00:00
James Lee d3836badc6 add a fingerprint for ie6 on xp sp2 korean
git-svn-id: file:///home/svn/framework3/trunk@13321 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-23 17:42:56 +00:00
HD Moore d60524a3d4 Fixes #5009 by using the right client object
git-svn-id: file:///home/svn/framework3/trunk@13299 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-22 23:33:06 +00:00
David Rude a54b8c26c3 Fix prompt updates to show the last set prompt variable
git-svn-id: file:///home/svn/framework3/trunk@13291 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-22 01:49:29 +00:00
David Rude 59b9dfd9eb no need for the framework reference now
git-svn-id: file:///home/svn/framework3/trunk@13281 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-21 18:35:57 +00:00
David Rude 2776669a51 reworked how the custom prompts work with different input streams
git-svn-id: file:///home/svn/framework3/trunk@13279 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-21 18:19:43 +00:00
HD Moore 3046896204 This commit makes the new unicode string encoding optional, it can be disabled by setting EnableUnicodeEncoding to false or through the 'disable_unicode_encoding' console command in the Meterpreter shell. Fixes #4986
git-svn-id: file:///home/svn/framework3/trunk@13278 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-21 15:44:54 +00:00
HD Moore ce862cf999 Disable this until some bugs are sorted out
git-svn-id: file:///home/svn/framework3/trunk@13277 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-21 15:38:28 +00:00
HD Moore 8337c9e90a Add the framework accessor, unbreak trunk
git-svn-id: file:///home/svn/framework3/trunk@13276 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-21 15:35:28 +00:00
HD Moore 7dfb74be10 See #4986, make unicode encoding optional
git-svn-id: file:///home/svn/framework3/trunk@13275 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-21 15:26:15 +00:00
David Rude f6e3065a51 camel case the advanced options
git-svn-id: file:///home/svn/framework3/trunk@13274 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-21 14:35:02 +00:00
David Rude 1902b92878 Merge custom prompt code
git-svn-id: file:///home/svn/framework3/trunk@13272 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-21 06:14:25 +00:00
James Lee bffc8088c3 don't just ignore the prefix. see r13244
git-svn-id: file:///home/svn/framework3/trunk@13250 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-19 23:27:37 +00:00
Carlos Perez d4055e8697 to_s on table was appending to it self every time it was called
git-svn-id: file:///home/svn/framework3/trunk@13244 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-19 22:04:13 +00:00
James Lee 93839922dd fix method name in doc comment
git-svn-id: file:///home/svn/framework3/trunk@13235 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-19 19:52:52 +00:00
David Rude b877d3c639 Added memory_grep post module and updated the GetProcessHeaps definition in railgun
git-svn-id: file:///home/svn/framework3/trunk@13225 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-19 17:06:26 +00:00
HD Moore 628f29c551 Correctly throw a not-supported error on older ruby
git-svn-id: file:///home/svn/framework3/trunk@13223 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-19 14:49:34 +00:00
Chao Mu d23a5f6092 "The GetFileSecurityA and GetFileSecurityW functions have a "RequestedInformation" that is defined as a PBLOB and should be a DWORD." - Keith Faber. Thank you Keith! see #4364
git-svn-id: file:///home/svn/framework3/trunk@13201 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-17 17:48:09 +00:00
HD Moore cccbdf9fab This patch allows meterpreter to work with file paths and user names that are not of the US-ASCII character set.
git-svn-id: file:///home/svn/framework3/trunk@13200 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-17 17:32:52 +00:00