8aa2df1924
Fixup yarddoc
2014-05-23 20:47:52 +01:00
d31908b72e
Land #3374 , RPC deadlock fix
...
[FixRM #8794 ]
2014-05-22 12:07:23 -05:00
14b796acbf
First stab at refactoring webrtc mixin.
2014-05-21 15:32:29 -05:00
778138b0dc
Refactors
...
Add a Rex::Constants::Windows module to hold windows constants
Convert DCERPC_SERVICES to a class and move to Rex
2014-05-21 20:15:32 +01:00
92669cd4d6
Use parser
2014-05-20 22:26:13 +01:00
0a2b79ccd1
Tidyup parser
2014-05-20 22:04:59 +01:00
09af023a71
Merge in parser
2014-05-20 21:56:35 +01:00
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
d2ebab09aa
Add timeout for SSL renegotiation after migrating
...
[SeeRM #8794 ]
2014-05-16 15:42:46 -05:00
472f029576
Fix random bug when workstation_name is < 6 chars
...
When the local workstation name is less than 6 characters, remote
authentication against a Windows 2008r2 WinRM service always fails. This
doesn't seem to affect authentication against IIS's negotiate
implementation.
2014-05-15 13:27:37 -05:00
2849a1bc0c
Update comment again
2014-05-12 13:10:20 -05:00
a3cc499a17
Update comment w/ all modes
2014-05-12 13:02:54 -05:00
d82bc11b7d
Add 'u-noslashes' and re-order cases for consistency.
2014-05-12 13:01:05 -05:00
5f523e8a04
Rex::Text::uri_encode - make 'hex-all' really mean all.
...
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes' It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
66252ba9e5
support negation in portspec
2014-05-08 21:35:35 +02:00
3542f851bf
Fix some yarddoc issues
2014-05-05 22:45:41 +02:00
dc38212741
Fix function parsing
2014-05-05 20:53:36 +01:00
0b886db406
Script specs and remove unknown method
2014-05-05 19:01:36 +01:00
0177e51148
Finish obfu specs and use rig
2014-05-05 18:47:25 +01:00
6ab85027a4
More spec
2014-05-05 17:47:30 +01:00
162b6a8ab9
Add output spec
2014-05-05 14:48:18 +01:00
399928cf69
Remove unnecessary requires
2014-05-05 13:37:17 +01:00
c3fb5bf614
fix a few clarical errors and typos
2014-04-29 22:42:26 -04:00
4bd2dabfcd
Land #3121 , new kiwi extension, with compiled bins
...
See also rapid7/meterpreter#79
2014-04-29 17:53:37 -05:00
b860cecad6
Function spec (doesnt pass)
2014-04-28 14:09:39 +01:00
8031e50d35
Make Exploitation::Powershell testable
...
Example test
2014-04-26 13:27:25 +01:00
98d2b2293b
Unnecessary return
2014-04-26 13:05:47 +01:00
be10c8e4ac
Split Rex::Exploitation::Powershell::* into individual files
2014-04-26 12:59:43 +01:00
206184007f
Move methods and rename file so it is run by rspec
2014-04-25 15:16:15 +01:00
32fa8748a8
Fix up decompress
2014-04-23 05:20:54 +01:00
e774411b63
Revert Enum removal
...
.NET 4.5 has two constructors with 2 args so this becomes ambiguous
2014-04-23 02:06:14 +01:00
d2e8e07cfe
Fix old powershell generation
2014-04-23 01:58:02 +01:00
dd38a81dfc
Fix a @parma
2014-04-23 01:10:13 +01:00
647936e291
Add more yarddoc to Rex::Exploitation::Powershell
...
encode_code doesn't use eof
no need to unicode encode in gzip as this is handled by encode_code
2014-04-23 01:07:54 +01:00
86cfecdd95
Shave some chars off compression code
2014-04-22 14:52:30 +01:00
354311d191
No need to out-null if no windows is shown
2014-04-22 14:42:03 +01:00
cec12edd99
Use enum integer values
2014-04-22 14:40:32 +01:00
71b43d392b
Dont need to specify ASCII mode
2014-04-22 14:36:02 +01:00
49bd86f077
Clean up yardocs and a few style issues
2014-04-21 03:12:23 -05:00
c936dc963c
Shorten compression
2014-04-19 18:55:45 +01:00
67f44072ca
Merge remote-tracking branch 'upstream/master' into pr2075
2014-04-19 18:45:55 +01:00
9f05760c50
Merge with Meatballs' initial changes
...
Clean up arch detection code and dedup Msf/Rex
Reduce generated payload size
2014-04-18 00:28:48 -04:00
5c3289bbc6
merge fix
2014-04-17 21:26:04 -04:00
38d8df4040
Merge remote-tracking branch 'upstream/master' into pr2075
...
Conflicts:
modules/exploits/windows/local/wmi.rb
2014-04-15 22:06:45 +01:00
02b11afddc
Merge remote-tracking branch 'upstream/master' into netapi_change_passwd
...
Conflicts:
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb
2014-04-15 21:23:45 +01:00
fc018eb32e
Initial commit
2014-04-15 21:05:06 +01:00
e09f887c4c
Revert "Fixes large-string expansion in JSObfu."
...
This reverts commit 14fed8c610
2014-04-11 16:51:47 -05:00
4cb04b6b9a
Revert "Use implicit return for assignment."
...
This reverts commit 49139cc07f
2014-04-11 16:51:40 -05:00
21b2697b95
Revert "Use tiny var names by default."
...
This reverts commit 52432ef482
2014-04-11 16:51:34 -05:00
d41b3467f8
Revert "Re-add the #random_string(len) method to pass specs."
...
This reverts commit bd8918e4e1
2014-04-11 16:51:21 -05:00
a6a6ad2217
Land #3227 - Remove bundled rkelly, to Gemfile
2014-04-10 12:31:59 -05:00
68a50e3663
Land #3224 - Fixes large-string expansion in JSObfu
2014-04-10 12:09:22 -05:00
bd8918e4e1
Re-add the #random_string(len) method to pass specs.
2014-04-09 17:44:48 -05:00
57aa1eec11
Kick rkelly out to a gem, add rkelly-remixed.
...
rkelly-remixed is a faster fork of rkelly that is more frequently updated
nowadays. With the new gem, jsobfu obfuscates os.js about twice as fast on
my dev environment.
2014-04-09 17:21:22 -05:00
52432ef482
Use tiny var names by default.
2014-04-09 16:54:02 -05:00
49139cc07f
Use implicit return for assignment.
2014-04-09 15:48:07 -05:00
14fed8c610
Fixes large-string expansion in JSObfu.
2014-04-09 15:45:48 -05:00
ae3ead6ef9
Land #2107 Post Enum Domain Users
2014-04-09 11:32:12 +01:00
80b069f161
Add support for spoofed zip Central Dir names at Entry level
2014-04-07 09:21:26 -05:00
46e6f937f1
Revert "Add central directory zip spoofing"
...
This reverts commit d0700e8ac4
2014-04-07 08:50:33 -05:00
d0700e8ac4
Add central directory zip spoofing
2014-04-07 08:49:49 -05:00
6d72860d58
Land #3004 , @m-1-k-3's linksys moon exploit
2014-04-04 14:04:48 -05:00
9779913060
Land #3184 , Rex::Proto::Http::Client IOError fix
2014-04-03 15:58:50 -05:00
42d59d269e
Check #closed? instead of rescuing.
2014-04-03 14:20:48 -05:00
98628b814e
Prevent Rex::Proto::Http::Client from raising on close.
2014-04-03 11:36:18 -05:00
231138da1b
Fix a typo in the nexpose raw importer
2014-04-03 07:12:45 -07:00
670a0c8e0f
Merge branch 'upstream/master' into ext_server_kiwi
2014-04-02 19:36:42 +10:00
cceb146680
Support for the new ADSI result structure
2014-04-02 17:37:23 +10:00
e61e532223
Add support for extraction of wifi profile creds
2014-04-02 17:16:40 +10:00
1d46e65897
Update to match meterpreter changes
...
This also includes the ability to specify id and groups for the
golden ticket feature.
2014-04-02 12:29:35 +10:00
7e227581a7
Rework OS fingerprinting to match Recog changes
...
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.
This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
1b0fe74da5
Use Array#sample in email generators.
2014-04-01 14:11:23 -05:00
8ab03f3aeb
Use Array#sample in randomize_space
2014-04-01 14:09:07 -05:00
ec7bb6de54
Land #2969 , random name generator for phishing
2014-04-01 13:00:55 -05:00
8bd5d10052
Use rand_hostname in rand_mail_address
2014-03-28 16:44:49 -05:00
8f1e55de5a
Use ObfuscateJS
2014-03-28 11:08:38 -05:00
da6a428bbf
Modify libs to support explib2
2014-03-28 10:44:52 -05:00
86ddd24d26
Update to use Rex::Text and change handling a bit
...
This change also outputs blank creds so that users know which
accounts have blank passwords
2014-03-28 16:12:51 +10:00
65e204e834
Modify the menu item descriptions
2014-03-28 11:03:38 +10:00
3a42cb8a46
Fix typo in kiwi help
2014-03-28 11:03:03 +10:00
685d959886
Support refactors of TLVs and adsi nested group changes
2014-03-27 15:49:22 +10:00
8e7f12e30e
Land #3085 , service_control support
...
This depends on rapid7/meterpreter#77 to function
2014-03-19 08:43:17 -05:00
04b5d71fa5
Land #3061 , enhance clipboard dump
...
This depends on rapid7/meterpreter#75 to function
2014-03-19 08:42:36 -05:00
35b94b04bf
Land #2889 , WMI support
...
This depends on rapid7/meterpreter#69 to actually be useful.
2014-03-19 08:42:03 -05:00
11f9bfadb1
Final bits of documentation and code tweaking
2014-03-19 18:40:53 +10:00
84728c9fc9
Code tidying and defaulting to empty strings for table format
2014-03-19 16:19:23 +10:00
959cedb9b1
Bit more code tidying
2014-03-19 16:19:05 +10:00
f80c7b7b51
Fix silly typo
2014-03-19 15:55:12 +10:00
0dcf992781
Add comments to the kiwi source
2014-03-19 15:45:53 +10:00
3635fff98e
Add support for kerberos ticket enumeration
...
Fix up a bunch of other issues and do some code tidies too.
2014-03-19 14:25:11 +10:00
91e198fd63
Add SAM key dump in LSA dumping output
2014-03-18 09:45:31 +10:00
dfb4b22015
Merge branch 'upstream/master' into ext_server_kiwi
2014-03-18 08:08:45 +10:00
9eada528d7
Land #3097 , Rex::Text.uri_encode RFC 3986 fix
2014-03-14 15:38:24 -05:00
a9758413c0
Add lsa secret dumps plus other tweaks
2014-03-14 19:50:01 +10:00
520d1e69c4
Rapid7 Comma Inc
...
After some more discussion with Rapid7's legal fellow.
2014-03-13 09:46:20 -05:00
9d4ceaa3a0
Let's try to be consistent about Rapid7 Inc.
...
According to
http://www.sec.gov/Archives/edgar/data/1560327/000156032712000001/0001560327-12-000001.txt
Rapid7 is actually "Rapid7 Inc" not "Rapid7, LLC" any more.
This does not address the few copyright/license statements around
"Metasploit LLC," whatever that is.
2014-03-12 11:20:17 -05:00
b431bf3da9
Land #3052 - Fix nil error in BES
2014-03-11 12:51:03 -05:00
1d70411ea7
Support service_control and new status field in query
...
This code adds support for the new service_control feature in meterpreter
and also supports the status field that comes from the service_query function.
2014-03-11 14:50:19 +10:00
c76a1ab9f4
Land #3065 - Safari User-Assisted Download & Run Attack
2014-03-07 10:29:56 -06:00
9638bc7061
Allow a custom .app bundle.
...
* adds a method to Rex::Zip::Archive to allow recursive packing
2014-03-06 16:11:30 -06:00
096d6ad951
Land #3055 , heapLib2 integration
2014-03-05 15:48:13 -06:00
5790547d34
Start undoing some work.
2014-03-04 17:01:53 -06:00
6e88bbd827
No need for that kind of language
2014-03-04 14:34:50 -06:00
0bdce4836f
Modify clipboard dump to support new format from Meterpreter
2014-03-04 19:37:57 +10:00
3360f7004d
Update form_post vars, add Expires to cookie.
2014-03-03 23:29:02 -06:00
6c3b667152
Kill extra comma.
2014-03-03 16:48:02 -06:00
bfecf9525d
Add Rex::RandomIdentifierGenerator.
2014-03-03 16:43:49 -06:00
517a85d141
Remove unneeded quotes.
2014-03-03 15:42:46 -06:00
b3ab8f7ce1
Make random_var_name public, add specs for it.
2014-03-03 15:39:56 -06:00
ae9ce962c0
Add future reserved words.
...
Gotta stay ahead of the game.
2014-03-03 14:59:46 -06:00
dd86a9188c
Prevent jsobfu from generating duplicate/reserved tokens.
...
I got an error from a script that tried to 'set void = 1'.
2014-03-03 14:56:50 -06:00
ee1209b7fb
This should work
2014-03-03 11:53:51 -06:00
e0438f570b
Merge branch 'upstream/master' into ext_server_kiwi
2014-03-03 17:28:44 +10:00
b458b8ad63
Add specs for new methods.
2014-03-02 20:23:20 -06:00
46f27289ed
Reorganizes form_post into separate file.
2014-03-02 19:55:21 -06:00
8dee9b22c3
Reinstate to_byte_array
2014-03-02 22:07:47 +00:00
2acd0a1b1e
Reinstance encode_code
2014-03-02 21:03:31 +00:00
2885ebcb40
Merge remote-tracking branch 'upstream/master' into pr2075
2014-03-02 20:57:02 +00:00
c9a2135959
Merge in semperv
2014-03-02 19:07:13 +00:00
8cf5c3b97e
Add heaplib2
...
[SeeRM #8769 ] Add heapLib2 for browser exploitation
2014-03-02 11:47:18 -06:00
8543da0fbd
Corrected uri_encode
2014-03-01 11:30:50 +01:00
6c490af75e
Add randomization to Rex::Zip::Jar and java_signed_applet
2014-02-27 12:38:52 -06:00
dbbd080fc1
a first try of the cmd stager, wget in a seperated module included
2014-02-23 20:59:17 +01:00
4ca4d82d89
Land #2939 , @Meatballs1 exploit for Wikimedia RCE and a lot more...
2014-02-18 17:48:02 -06:00
6f988209ab
Merge remote-tracking branch 'upstream/master' into enum_domain_users_update
2014-02-18 20:02:39 +00:00
8e0a4aaa58
Land #2983 , webcam_chat for Meterpreter
2014-02-18 13:43:42 -06:00
0519abb558
Fix the wrong conversion
2014-02-17 23:17:19 -06:00
f07efc91a8
Land #2915 , @Meatballs1 improvements for LDAP post mixin
2014-02-17 19:14:59 -06:00
f5c401bee7
Yarddocs
2014-02-14 22:59:36 +00:00
b8b36ef528
Merge remote-tracking branch 'upstream/master' into pr2075
2014-02-14 22:52:55 +00:00
d606be5efb
That's funny I changed the wrong method
2014-02-13 16:41:18 -06:00
5d3eed8600
Add info about browser requirements in help
2014-02-13 16:37:05 -06:00
9c48335764
Change to google.com
2014-02-13 16:30:44 -06:00
a44f235a8d
Fix things based on Tod's feedback
2014-02-13 16:13:42 -06:00
29bf296b61
import rex powershell
2014-02-12 16:45:57 -05:00
b453362a52
Merge remote-tracking branch 'upstream/pr/2966' into integrate_with_meatballs
2014-02-12 16:43:30 -05:00
ff267a64b1
Have into account the Content-Transfer-Encoding header
2014-02-12 12:40:11 -06:00
45d4b1e1fd
Land #2958 - Add options: Applicaiton-Name, Permissions for jar.rb
2014-02-12 11:14:25 -06:00
750ce3c4db
Make server configurable
2014-02-11 23:07:43 -06:00
beca4b8bc3
Fix issue with getenv failing
...
The call to `getenv` failed when `%` or `$` were used because of the
differences between Meterpreter handling and MSF handling.
Meterpreter effectively ignores (ie. strips out) the platform-specific
characters which are used for environment variables. In the `getenv`
call, MSF was invoking `getenvs` and getting a full hash of values, then
attempting to index into the hash using a string which may be "polluted"
with those platform-specific characters. This meant that there was a
discrepency between what was returned and what was used to index and
as a result, the value would come out as `nil`.
For example, calling `getenv('%FOO%')` would result in a hash with
`{'FOO'=>'bar'}`, so looking for '%FOO%' in this result would yield
nothing.
This commit changes this so that the name is ignored and the first
value is returned.
2014-02-12 13:51:30 +10:00
51df2d8b51
Use the fixed API on the mediawiki exploit
2014-02-11 08:28:58 -06:00
2bb15d3a87
answerer's interface gets a makeover
2014-02-11 02:15:22 -06:00
79d559a0c9
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
fdd696fc31
Drop Opera support
...
It's sad nobody is actually using it. See article: "Across desktop and
mobile, Chrome is used more than Firefox, IE, and Opera combined" -
thenextweb.com
2014-02-10 18:03:42 -06:00
1414f6794c
Change the name of the video chat command
2014-02-10 17:44:47 -06:00
44282d8a83
Add an exception handling
2014-02-10 17:06:56 -06:00
1114913298
Automatically turn on webcam in Firefox
2014-02-10 17:05:08 -06:00
48fdb08164
Add flag --use-fake-ui-for-media-stream
...
Thanks Joev!!
2014-02-10 14:47:25 -06:00
427fece52c
Add random mail address function
2014-02-10 21:04:44 +01:00
57320a59f1
Do small clean up for mediawiki_thumb pr
2014-02-10 08:57:09 -06:00
93ef3c784d
Update some JavaScript and other things
2014-02-08 22:23:19 -06:00
b279c45db5
Update open_webrtc_browser method
2014-02-08 20:47:02 -06:00
0d24f06109
Not adding remote support for Linux meterpreter, here's why
2014-02-08 20:30:53 -06:00
be8538f3bd
Tweak video attributes
2014-02-08 19:56:43 -06:00
8d55104712
Random channel
2014-02-08 19:36:33 -06:00
e25767ceab
More progress
2014-02-08 17:28:15 -06:00
3f9ad8a6d5
Fix bugs and stuff
2014-02-08 16:11:39 -06:00
c37cb5075c
Merge remote-tracking branch 'upstream/master' into pr2075
2014-02-08 22:11:31 +00:00
c76862b391
Reduce payload size
2014-02-08 22:11:17 +00:00
22cc665115
More error handling
2014-02-08 16:06:51 -06:00
07ad99ba3a
Remove unnecessary methods
2014-02-08 15:51:33 -06:00
a70c77c9eb
Handle some more exceptions
2014-02-08 15:51:11 -06:00
325214e37f
Fix bugs and stuff
2014-02-08 15:41:44 -06:00
b10df54dbb
Dont need to encode the compress payload
2014-02-08 21:34:51 +00:00
09c48358f4
Retab rex powershell
2014-02-08 20:43:04 +00:00
e8ec6d1062
Rename command name
2014-02-08 03:53:49 -06:00
ee1900c273
progress
2014-02-08 03:29:15 -06:00
b188943bd1
Progress
2014-02-08 02:57:49 -06:00
526bf9f6bc
This should work
2014-02-07 22:17:42 -06:00
103780c3da
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-07 20:07:04 +00:00
36f3a82b5c
A wise man once said do not abuse the power of expand_path
2014-02-07 12:10:58 -06:00
bab9a5522b
You will go deaf with the default volume value. No thanks.
2014-02-07 11:35:57 -06:00
3c3bd11aca
Oh look, more progress
2014-02-07 11:25:20 -06:00
2d93b38e2a
Fixed java_signed_applet for Java 7u51
2014-02-07 16:29:50 +01:00
43be99f31b
Save some progress
2014-02-07 03:06:52 -06:00
f66fc15b9e
Add support for webrtc in meterpreter
2014-02-06 10:44:24 -06:00
76515092ce
Small mime changes
2014-02-03 23:28:26 +00:00
595e5fd8b1
Correct mime logic
2014-02-03 21:59:17 +00:00
83925da2f1
Refactor form_data code
2014-02-03 21:16:58 +00:00
8b33ef1874
Not html its form-data...
2014-02-02 13:57:29 +00:00
9f35407a0c
Add MIME to_html method
2014-02-01 00:37:01 +00:00
b60398b020
Merge branch 'upstream/master' into clipboard_monitor
...
Conflicts:
lib/rex/post/meterpreter/extensions/extapi/tlv.rb
2014-01-29 23:07:05 +10:00
ad1dce38d2
Final fixes before the monitor PR
2014-01-29 23:04:43 +10:00
2ef0e7e2a5
Small tidy of code
2014-01-29 17:07:06 +10:00
e27707cac3
More tweaking of the clipboard monitor with dump/purge
2014-01-29 14:51:03 +10:00
10ac7a22af
Land #2897 Sane address resolution [FixRM #7259 ]
2014-01-28 23:09:44 +10:00
6d9e395d40
Use LPVOID to avoid ptr trunc
2014-01-24 23:27:56 +00:00
1ff063d7de
Test the object not the class duhhh
2014-01-24 11:46:48 -06:00
37b11ce2e1
Use Class#kind_of? instead of ==
2014-01-24 11:31:04 -06:00
9fce617462
Fixup railgun utils
...
Implement DsGetDcNamea to return current domain using example
railgun utils techniques.
2014-01-24 16:22:05 +00:00
4bac297f66
Land #1473 , add LDAP hotness
2014-01-23 18:11:39 -06:00
de06480f4f
Add a defined? check to fix older versions of OpenSSL.
...
Older versions of OpenSSL did not export the OP_NO_COMPRESSION constant,
so users running metasploit on systems with old copies of openssl
would throw a NameError since the constant did not exist.
2014-01-23 14:51:47 -06:00
9acd0f4b56
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-22 21:46:50 +00:00
636c43dcdc
Land #2736 , basic ADSI support via meterp extapi
2014-01-22 15:24:01 -06:00
90207628cc
Land #2666 , SSLCompression option
...
[SeeRM #823 ], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
83358fbbf0
More work on the clipboard monitor
2014-01-22 22:56:13 +10:00
a7d4aa5d46
Merge branch 'upstream/master' into clipboard_monitor
...
Conflicts:
lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
2014-01-22 11:51:10 +10:00
e9ccec4755
Refactor load_session_info
...
All of this code is in sore need of some specs but I think this change
makes it a bit easier to understand what it is supposed to be doing.
2014-01-21 18:55:54 -06:00
0b6e03df75
More comment docs on SSLCompression
2014-01-21 16:48:26 -06:00
720f892e2f
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-21 21:00:51 +00:00
dc4b4218b3
Make {COUNT,SIZE}_MAX more readable
...
Good suggestion, @jlee-r7.
2014-01-21 12:13:14 -06:00
6a16cf96ba
Fix bug in fsupload
...
Badchar analysis: file may contain form feeds.
2014-01-21 11:36:24 -06:00
524bbceb1a
Merge branch 'upstream/master' into ext_server_kiwi
2014-01-17 11:53:07 +10:00
9212013c3e
Add error message support
...
This commit enables returning of error messages based on the HRESULT.
They still aren't nice, but they're better than nothing.
2014-01-17 11:42:07 +10:00
ac9e634cbb
Land #2874 , @mandreko's sercomm exploit fixes
2014-01-16 16:35:32 -06:00
a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules
2014-01-16 15:57:38 -06:00
9bf90b836b
Add environment variables support
2014-01-16 14:53:25 -06:00
0915212249
Fix socket timeout bug
2014-01-16 11:58:37 -06:00
0b9ff43217
Make slice_up_payload easier
2014-01-16 11:03:22 -06:00
f41849c921
Clean CmdStagerEcho
2014-01-16 11:00:57 -06:00
8e1d3c9c2a
Final tweaks for WMI support
2014-01-16 22:02:28 +10:00
69abffaff6
First pass of WMI support
...
Close but more to do.
2014-01-16 13:47:46 +10:00
311704fc0a
Perform final cleanup
2014-01-15 13:49:37 -06:00
870349acd0
Merge branch 'upstream/master' into basic_adsi_support
2014-01-15 19:57:07 +10:00
b7b1ddf1e8
Sercomm Exploit module fixes
...
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
2014-01-13 16:58:32 -05:00
cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells
2014-01-10 14:29:32 -06:00
0f722cbe6d
Add ext_server_kiwi, which is Mimikatz v2
...
This is a separate extension because the new version doesn't support
as many operating systems as the old version, but it does have more
new features which are really funky.
2014-01-10 16:51:01 +10:00
b43a221959
Land #2855 , Rex::Socket refactor and specs
2014-01-09 16:20:50 -06:00
ba252ec0c3
Use 'unless' instead of 'if not'
2014-01-09 16:01:58 -06:00
7cb6836209
Replace unused var with purpose-revealing comment
2014-01-09 15:07:04 -06:00
27133257a4
Better docs, more accurate var names
2014-01-09 15:05:19 -06:00
20a5bf45f5
Fix beug with #next raising after the end
...
... instead of the old behavior or just returning nil again
2014-01-09 15:03:11 -06:00
1893cbca0e
Land #2843 , RangeWalker resolution failure bug fix
2014-01-09 14:36:32 -06:00
1519af33f5
Refactor `getaddress` in terms of `getaddresses`
2014-01-09 11:03:24 -06:00
85203c2f2a
Land #2823 , @mandreko's exploit module for OSVDB 101653
2014-01-09 10:27:44 -06:00
01f350964f
Add specs for some stuff in Rex::Socket
2014-01-09 10:19:19 -06:00
27f079ad7c
Move {begin,end}_job from libs to modules
2014-01-09 01:03:01 -06:00
025fc79683
Refactor commands for modularity
2014-01-09 01:03:01 -06:00
3fca11e5ac
Replace magic numbers with constants
2014-01-09 01:03:01 -06:00
2f2823e323
Remove newline from end_job to conform to spec
2014-01-09 01:03:01 -06:00
d3bbe5b5d0
Add filesystem commands and new PoC modules
...
This commit also refactors some of the code.
2014-01-09 01:03:01 -06:00
af66310e3a
Address @jlee-r7's comments
2014-01-09 01:03:01 -06:00
bab32d15f3
Address @wchen-r7's comments
2014-01-09 01:03:00 -06:00
1c889beada
Add Rex::Proto::PJL and PoC modules
2014-01-09 01:03:00 -06:00
d2458bcd2a
Code Review Feedback
...
Migrated the Sercomm module to use the CmdStager mixin to provide
uploading of the ELF binary.
Modified the CmdStagerEcho mixin to allow bypass of the "-en " since in
this case, the device messed up when it was used, and would actually
write the "-en " to the file, from some flaky busybox version of "echo".
2014-01-08 22:21:32 -05:00
4bfe6b1b08
Remove pointless checks and add some docs
2014-01-08 14:37:40 -06:00
4ba0020934
Simplify the logic deciding when we're finished
2014-01-08 14:22:44 -06:00
22bdca92f4
Remove the ipv6 attr on Range
...
Makes more sense in the option hash.
2014-01-07 16:52:34 -06:00
9c23910b69
Refactor Socket::Range
...
There was really no reason for it to inherit from Array. Also adds a few
more specs and gets coverage up to a more respectable percentage.
2014-01-07 16:31:55 -06:00
2ed9772080
Fix unhandled exceptions when resolution fails
2014-01-07 12:00:04 -06:00
e3b90f3c4e
Fix issue with incorrect parameter parsing
...
Code was looking for -s instead of -a when dealing with domain
queries. This commit fixes that.
2014-01-05 20:06:47 +10:00
bd2033c587
Land #2814 , streaming webcam STDAPI add
2014-01-03 12:09:25 -06:00
ef281bf31d
Adjust the getenv API
...
The getenv call in sys/config was renamed to getenvs and now uses
the splat operator so that arrays don't have to be passed in. A
new function called getenv was added which takes a single argument
and returns a single value back (for ease of use).
2014-01-03 08:05:45 +10:00
694cb11025
Add firefox platform, architecture, and payload.
...
* Enables chrome privilege exploits in firefox to run a javascript cmd
shell session without touching the disk.
* Adds a spec for the addon_generator.
2014-01-02 10:48:28 -06:00
e6823c39c2
Incorrect variable used
2014-01-02 00:50:32 -06:00
92a0ff1096
Add webcam livestream feature for meterpreter
...
[SeeRM #8729 ] - This meterpreter command allows the attacker to observe the target at real-time
by turning their webcam live. There is also a HTML-based player provided, which does not require
a plugin or anything, just open it with a browser. The HTML-based player also allows the attacker
to put livestream on the web (evil? yeah, kind of.)
2013-12-30 18:38:13 -06:00
feaf6c23cf
Merge and Unconflict client.rb, new module splat
...
The only conflict was the regex option for no encoding, which was added
after @Meatballs1's original PR for rapid7/metasploit-framework#1421
Also fixes the module with the new license splat.
Conflicts:
lib/rex/proto/smb/client.rb
2013-12-30 16:53:13 -06:00
8986659861
Land #2804 , @rcvalle's support for disasm on msfelfscan
2013-12-30 12:24:22 -06:00
c1f377fda6
Add disasm option to msfelfscan
2013-12-26 16:26:45 -02:00
3ef1c0ecd6
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2013-12-19 14:25:07 +00:00
244cf3b3f6
Merge remote-tracking branch 'upstream/pr/2736' into enum_ad_perf
2013-12-19 13:59:57 +00:00
b252e7873b
Merge remote-tracking branch 'upstream/master' into pr2075
2013-12-16 14:29:05 +00:00
ca1c887e68
Add missing ]
2013-12-15 01:12:50 +00:00
a930056d7f
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
Conflicts:
lib/msf/core/post/windows/services.rb
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb
2013-12-15 01:12:45 +00:00
a08c420862
Add railgun definitions for local exploit relevant functions.
2013-12-12 10:26:08 -05:00
64b1e78e34
Fix page size and max results
2013-12-11 00:03:05 +10:00
8a1517fde8
Fix issues with missing params on computer enum
...
No more late night and rushed commits, its still and wastes people's time.
Thanks sinn3r for getting on this. Apologies for the poor quality of the PR.
2013-12-10 21:06:28 +10:00
2237419134
Merge branch 'upstream/master' into basic_adsi_support
2013-12-10 20:58:38 +10:00
45a0ac9e68
Land #2602 , Windows Extended API
...
Retrieve clipboard data
Retrieve window handles
Retrieve service information
2013-12-08 19:01:35 +00:00
e5a92a18a5
and expand path
2013-12-08 19:01:03 +00:00
3c67f1c6a9
Fix file download
2013-12-08 18:57:10 +00:00
a3c050c8b6
Added page size setting
2013-12-08 23:29:42 +10:00
8172596c0b
Fix rendering of result total
2013-12-08 20:58:03 +10:00
f13736d208
Add support for general domain queries
...
Specific queries are just wrappers over the top of the domain query
2013-12-08 20:41:30 +10:00
35b051174c
Add basic ADSI enum of users and computers
2013-12-07 00:22:54 +10:00
e90b7641ca
Allow self-destruct via "kill -s"
...
HTTP(s) payloads don't exit cleanly at the moment. This is an issue that's
being addressed through other work. However, there's a need to be able to
terminate the current HTTP(s) session forcably.
This commit add a -s option to kill, which (when specified) will kill
the current session.
2013-12-06 14:56:19 +10:00
4ca48308c1
Fix downloading of files
2013-12-06 13:40:20 +10:00
1d757c40db
Remove empty parens
2013-12-04 07:10:23 +10:00
8b77da4ef7
Fix non-rubyisms
2013-12-04 07:06:32 +10:00
18e1d9ce17
Revert "Start clipboard monitor functionality"
...
This reverts commit ecbdfd3502
2013-12-04 07:03:12 +10:00
4d3d02ae01
Land #2667 - Add num and dword output format
2013-12-02 13:52:17 -06:00
0343aef7c8
Land #2695 , @wchen-r7's support to detect silverlight
2013-11-27 09:40:12 -06:00
5d10b44430
Add support for Silverlight
...
Add support for Silverlight exploitation. [SeeRM #8705 ]
2013-11-26 14:47:27 -06:00
1a65566005
Add the getenv command which pulls env vars from the victim
...
This command will allow the attacker to grab environment variables from the
target, if they exist. Calling this function allows for one or more values
to be passed in, which should match the name of the variable required. If
the variable is found, it is returned. If it is not found, the variable
is not returned (ie. it's not present in the resulting hash).
Note 1: POSIX environment vars are case-senstive, whereas Windows is not.
Note 2: POSIX doesn't seem to cough up user environment vars, it only returns
system vars. I'm not sure why this is, but it could be because of the way
we do linking on POSIX.
2013-11-26 10:05:50 +10:00
86b6d647bf
Merge branch 'upstream/master' into ext_server_extapi
2013-11-25 07:43:36 +10:00
20b76602a1
Merge remote-tracking branch 'upstream/master' into pr2075
...
Conflicts:
lib/msf/core/exploit/powershell.rb
2013-11-22 22:41:08 +00:00
4d1c3c1f01
Start clipboard monitor functionality
...
Added the basics of the clipboard monitor functionality with usage
messages and stuff like that. Lots more to do.
2013-11-22 13:31:40 +10:00
742c52711a
added 2 new output types for msfencode: num and dword
2013-11-20 22:36:17 +01:00
e10f9cc518
More whitespace fixes.
2013-11-20 15:07:51 -06:00
739c7b4ca2
More dead code and tweaks.
2013-11-20 14:44:53 -06:00
3ff9da5643
Remove compression options from client sockets.
...
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
2013-11-20 14:41:45 -06:00
ecbdfd3502
Start clipboard monitor functionality
...
Added the basics of the clipboard monitor functionality with usage
messages and stuff like that. Lots more to do.
2013-11-21 06:29:37 +10:00
b70b594a2a
Kill extraneous comma.
2013-11-20 13:47:47 -06:00
a7b01e3b72
Put initialize params back on one line, and move attr_accessors.
...
As per @hdm's feedback
2013-11-20 12:29:09 -06:00
e74e75fe6f
Revert changes to legacy rescues.
2013-11-20 12:20:34 -06:00
9f103f8621
Whitespace tweak.
2013-11-20 01:15:15 -06:00
f8b57d45cd
Reenable the client SSLCompression advanced option.
...
Add spec for some of the additions to Rex::Proto::Http::Client
2013-11-20 01:03:13 -06:00
d51b92b06f
Turns out & ~ does work.
...
Decided not to expose this as a datastore option for the Client,
but it can be used internally to toggle the compression.
2013-11-20 00:01:48 -06:00
a8c55f23a7
Remove &~ bit-clearing method in favor of defaults.
...
For some reason the OP_ALL & ~OP_NO_COMPRESSION method doesnt work,
but it is late and the default is false anyways.
2013-11-19 23:42:58 -06:00
109fc5a834
Add SSLCompression datastore option.
...
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.
This also kills some ruby < 1.9.3 code.
2013-11-19 22:34:39 -06:00
647c867c2d
Land #1681 , @sempervictus Rex::Text::Ui::Table [] method
2013-11-19 16:30:09 -06:00
e1eddc84aa
Check for inexistent column names
2013-11-19 16:02:52 -06:00
162d433014
Use snake_case for variables
2013-11-19 15:46:11 -06:00
6a13a0eee6
fix indentation
2013-11-19 15:42:12 -06:00
7435d74c59
Land #2093 , @sempervictus MaxChar for Rex::Ui::Text::Table cols
2013-11-19 13:34:45 -06:00
4cf16cf360
Land #2633 , @OJ's port of Kitrap0d as local exploit
2013-11-14 09:27:10 -06:00
2fc43182be
Land #2622 - Fix up proxy/socks4a.rb
2013-11-12 18:22:32 -06:00
ef6d9db48f
Land #2613 , @wchen-r7's BrowserExploitServer mixin
2013-11-12 17:33:12 -06:00
8d4d7dae50
Restore comment header and remove carriage returns
2013-11-11 12:16:14 -06:00
d483f2ad79
Land #2618 - rm shebangs
2013-11-11 11:55:23 -06:00
Meatballs
William Vu
joev
HD Moore
James Lee
Jeff Jarmoc
Lutz Wolf
Rob Fuller
RageLtMan
sinn3r
jvazquez-r7
OJ
Tod Beardsley
FireFart
Michael Messner
Matteo Cantoni
grimmlin
Matt Andreko
Ramon de C Valle
Spencer McIntyre
corelanc0d3r