5b7127c826
Use Rex::Text::Table for outputting data services
2018-08-27 13:18:41 -05:00
24cf99f59c
Enable deletion of saved data services
2018-08-27 11:32:19 -05:00
cb07ba2b6c
Land #10516 , Add brace expansion encoder and update ${IFS} encoder
2018-08-25 22:23:07 -05:00
969170096a
Land #10520 , Only allow setting persistence on payload jobs
2018-08-25 22:21:46 -05:00
6df235062b
Land #10505 , post-auth and default creds info
2018-08-24 18:08:15 -05:00
e955e8dc15
Clean up code
...
And hope I didn't break anything.
2018-08-24 18:05:52 -05:00
bb0ec0472b
Enable saving local data services
2018-08-24 12:51:50 -05:00
1dd91434f4
Fix #10518 , bug fix when add persistent to non-payload job.
2018-08-24 03:39:18 -04:00
6d84d3bfec
Add tabs auto completion for irb.
2018-08-23 23:29:12 -04:00
418b574161
Merge branch 'master' and resolve conflict.
2018-08-23 23:24:23 -04:00
7c0dd2a0fe
Add CmdUnixBrace and update CmdUnixIfs
...
Acronyms can be capitalized as per the Ruby style guide.
2018-08-23 21:18:09 -05:00
724e0dcaf3
Add ability to connect to saved data services
2018-08-22 17:16:27 -05:00
9b3e0d8306
Add additional root tags for GPP XML
...
Finally ran through all the samples and cross-referenced with MS14-025.
https://msdn.microsoft.com/en-us/library/cc232650.aspx
https://support.microsoft.com/en-us/help/2962486/ms14-025-vulnerability-in-group-policy-preferences-could-allow-elevati
2018-08-22 16:48:33 -05:00
2891255549
Clarify what is being imported currently
...
Since the parser is focused on creds.
2018-08-22 15:53:19 -05:00
1e4eb0eae0
Revert report_note, since it added nothing
...
A bit of misunderstanding. We're in agreement that loot was enough.
2018-08-22 14:34:09 -05:00
6fa04950ee
Store parsed GPP data as a note
...
And refactor slightly.
2018-08-22 14:19:50 -05:00
b1c633faf6
Add Group Policy Preferences support to db_import
...
And take the Jaden Smith approach, as @busterb quipped to me. :)
This one's a little weird, since you normally import scans into
Metasploit, but now that creds are first-class in the database, it makes
more sense to be able to import them.
Currently, your alternatives are post/windows/gather/credentials/gpp,
which requires a session, and auxiliary/scanner/smb/smb_enum_gpp, which
requires a network scan.
2018-08-21 23:44:39 -05:00
57243106f7
Connect to the default database on startup
2018-08-21 14:29:20 -05:00
b6401dbe56
Add db_save command
2018-08-21 11:10:43 -05:00
080ba15179
Another boo-boo
2018-08-21 08:55:14 -05:00
321f2b8746
Improve file operations
...
Hmm, why did I not use File.write before? Oh well, fixed.
2018-08-20 22:25:19 -05:00
808e2f2e25
Fix issue #10499
2018-08-21 03:08:14 +00:00
edb85614ff
Make code cleaner
2018-08-21 03:05:44 +00:00
bc3b317963
Land #10449 , Implementation of download/upload file in reverse shell
2018-08-20 19:10:26 -05:00
4aee3a4ae2
Land #10448 , Implementation of CTRL+C to send SIGINT signal
2018-08-20 18:14:29 -05:00
11fee8fa2c
Land #10471 , Import target DefaultOptions into the datastore
2018-08-20 17:30:27 -05:00
fb2d3bfd4a
Land #10492 , show help when no argument is provided to `show`
2018-08-20 15:46:29 -05:00
3fadc64fb2
Don't set the workspace to default if it is already set
2018-08-20 14:35:06 -05:00
8869604143
update help for show and search
2018-08-21 00:17:57 +05:30
e8c0638092
Update modules.rb
2018-08-20 23:36:57 +05:30
0e594266e9
show help when no argument is provided to `show`
2018-08-20 23:32:34 +05:30
410eee8537
Remove 'append' mode from update_prompt
...
Nothing used it meaningfully. Also, due to the way `init_prompt` was set
prior to b1401e2e4e1df442e0cf
2018-08-17 14:32:48 -05:00
1df442e0cf
Centralize where msfconsole touches the prompt
2018-08-17 14:21:16 -05:00
d6bce4410c
Land #10203 , Add command for persistent job handler when msf restart
2018-08-16 15:37:10 -05:00
7e496ae067
Import target DefaultOptions into the datastore
2018-08-16 12:18:02 -05:00
1475f205d4
Update for style requirements.
2018-08-15 22:24:20 -04:00
028799299c
Update for style requirements.
2018-08-15 22:23:04 -04:00
101539a1bc
Land #10464 , prompt to use plain module name
2018-08-15 20:55:28 -05:00
c045f70e80
Emulate `prompt_yesno` semantics for UI drivers
2018-08-15 17:30:37 -05:00
becd42553a
Land #10462 , Add API documentation for users and auth endpoints
2018-08-15 17:10:26 -05:00
a4fb33d53a
Prompt to use module when given plain module name
2018-08-15 15:58:19 -05:00
f05844d8f4
Refactor options handling and help printing
2018-08-15 11:48:03 -05:00
13326ea94b
Land #10451 , Add 'payload' to module search command help documentation
2018-08-15 11:20:13 -05:00
1a4c04cae6
Merge branch 'master' into consolidate_db_connect_data_services
2018-08-14 15:20:56 -05:00
cedcb04ce0
Land #10433 , pry and irb in developer dispatcher
2018-08-14 13:32:47 -05:00
66b761db15
Add doc for user operations
2018-08-14 13:19:56 -05:00
f7a0b201d7
Add authorization support for auth/bearer tokens
2018-08-14 11:51:15 -05:00
97b6425315
Make persist list go all in on the JSON format.
2018-08-14 06:39:56 -04:00
2394e92c1c
Go all in with JSON format, rename var to get more readable.
2018-08-14 06:37:08 -04:00
bdb663b078
Make persist list go all in on the JSON format.
2018-08-14 06:33:44 -04:00
b1041093f2
Add payload to cmd_search_help type
2018-08-13 11:55:56 +05:30
1ca6cb31d1
Land #10440 , fix apk injection on windows
2018-08-13 01:09:55 +08:00
8b4a669c5b
[+] Disable debug print
2018-08-12 14:09:29 +08:00
67f6e83cbe
[+] Make the progress bar more precise
2018-08-12 14:08:32 +08:00
6a0a52e6fe
[+] Add conditions in help menu
2018-08-12 13:10:11 +08:00
89c875d3bb
[+] Implementation of upload meta command
2018-08-12 12:54:05 +08:00
f3d98b26d7
[+] Implementation of download meta command
2018-08-12 11:37:39 +08:00
6c33854ffc
[+] Exit vim opened in reverse shell via signal USR1
2018-08-12 06:07:18 +08:00
b6e2c34b11
[+] Fix can not abort reverse shell session
2018-08-12 05:40:40 +08:00
dc342a29b3
[+] Fix typo
2018-08-12 05:23:18 +08:00
7e4a666e1b
[+] Modify script arguments, change LOG_FILE to /dev/null
2018-08-12 04:54:08 +08:00
3fb814cef3
[+] Implementation of script and socat on poping up a interactive shell
2018-08-12 04:49:44 +08:00
b220c9b0ab
[+] Fix confliction on resource meta command branch and merge
2018-08-12 03:38:47 +08:00
e457eba2dd
[+] handler CTRL+C Signal in reverse shell sessions
2018-08-12 02:41:16 +08:00
2529fdf322
Fix issue #8887 , when injecting into an existing .apk file on windows
2018-08-10 05:43:26 -04:00
d9fc99ec4a
Correct false negative post_auth? status
2018-08-09 23:34:03 -05:00
f6c28106b9
Merge remote-tracking branch 'upstream/master' into add-resource-meta-shell-command
2018-08-09 16:20:26 +08:00
a977121a61
include kernel to solaris.rb
2018-08-08 20:24:59 -04:00
c1635948ce
sync some linux local libraries to solaris
2018-08-08 20:08:23 -04:00
c8dc5967d2
Remove data_services commands
...
db_connect is now the preferred method of connecting
2018-08-08 17:47:17 -05:00
d7dcdce7a8
Add more information when already connected to a db
2018-08-08 13:32:25 -05:00
cfe1ea86fb
Only allow one http connection at a time
2018-08-08 13:20:46 -05:00
89a3a265d2
Move the built-in irb command while we're at it
2018-08-07 21:32:30 -05:00
68a7761f68
Move built-in pry command to developer dispatcher
...
We also fall back on prying Framework if a module isn't active.
This fixes the following bad behavior:
msf5 > pry
[*] exec: pry
And then your input gets stolen.
2018-08-07 21:17:22 -05:00
201b91f9d7
Land #10410 , add script for setting up and managing data services
...
The msfdb script allows you to create, delete, start, and
stop local and remote data services. The database backend requires
PostgreSQL and the webservice provides a REST API to interact with it.
2018-08-07 18:25:51 -05:00
298d5c3b30
Refactor history clearing
2018-08-07 16:53:17 -05:00
6223685c37
Update auth requirement for json metadata
2018-08-07 16:42:00 -05:00
6eda1b2dfa
Revert deletion of history clearing
...
ef487f6be5
2018-08-07 14:06:52 -05:00
387d784ddc
Implement db_disconnect for remote data service
...
And a couple of fixes for db_connect for remote data services
2018-08-07 14:03:38 -05:00
3caa3057d8
Process persistent job when msf start.
2018-08-07 05:41:47 -04:00
2dee2cf038
Update command job to support for persistent job when msf restart.
2018-08-07 05:40:35 -04:00
91a9a24879
Update the dump_jobs for persistent job info.
2018-08-07 05:36:57 -04:00
f6d9cde7c4
Revert history -u deduplication on print
2018-08-05 14:28:15 -05:00
ef6be1980f
Fix use -h to call cmd_use_help
...
It really shouldn't try to load it as a module.
2018-08-04 15:34:26 -05:00
df607ddd16
Enable connecting to remote data services with db_connect
2018-08-03 13:38:02 -05:00
bc9fcf40d4
2016
2018-08-03 07:07:21 +00:00
fbc9d3ee83
Add print methods from HttpDBManagerService
2018-08-02 12:38:52 -04:00
54abc65c55
Land #10406 , Fix notes service, port, protocol
2018-08-01 14:39:34 -05:00
1601e8a844
Land #10330 , Add SMBv2 support to bind_named_pipe payloads
2018-08-01 12:58:44 -05:00
58b3f63c1a
Update to reflect new JSON models
2018-07-31 15:57:26 -05:00
3e8efea57a
Merge branch 'conform_to_api_standards' into exploit-query
...
Prepare for new JSON format.
2018-07-31 14:48:37 -05:00
9d1a2e20ee
Add better error handling.
2018-07-31 13:25:49 -05:00
1d3761c9d6
Add support for 'check' metadata value
2018-07-31 12:18:09 -05:00
2bca1ade05
Normalize note proto better and actually use it
2018-07-31 11:51:34 -05:00
3291931955
Merge branch 'upstream-master' into exploit-query
2018-07-31 11:51:14 -05:00
db91c7f075
Add error message to console if invalid params are supplied
2018-07-31 11:49:09 -05:00
2ef639f99e
opts[:id] could sometimes be an integer, so cast to string
2018-07-31 10:58:01 -05:00
21afd0572c
use %w to replace [] for string arrays, more readable.
2018-07-30 22:47:59 -04:00
7dc14f59f4
We're using named parametes now
2018-07-30 15:38:48 -05:00
0843e6789d
Fix private data not displaying for creds
...
Also fix issue where delete and update cred were not using the data format
2018-07-30 15:31:38 -05:00
d1f09ca81c
Add path selection for GET requests
...
Also remove instances where workspace is passed for
single object lookups since it is no longer required
2018-07-30 13:56:34 -05:00
4c92de0b55
Refactor logic for determining single object output.
...
Also add restrictions on passing id as a query string param
2018-07-30 11:42:45 -05:00
c90b03808a
Merge remote-tracking branch 'upstream/master' into add-resource-meta-shell-command
2018-07-30 13:25:26 +08:00
b2eb5edf37
[+] Fix bug in pull 10220
2018-07-30 13:21:26 +08:00
9cd99cbc17
Fix error when id param is present in GET request
2018-07-28 22:55:03 -05:00
37706e094d
Dont wrap object in array when using ID parameter
2018-07-27 16:41:11 -05:00
829b43f743
Address minor code review comments
2018-07-27 16:19:17 -05:00
d4b5e27edc
remove whitespace
2018-07-27 16:03:16 -05:00
3e41db6994
refactor for more dry, more compartmentalized code
2018-07-27 16:00:19 -05:00
4ac11d4e70
parameter validation
2018-07-27 15:15:49 -05:00
3411d0bce2
Refactor error JSON responses to use a helper method
2018-07-27 13:59:17 -05:00
7cfc2b44ec
allow rank search with numeric value only
2018-07-27 13:30:29 -05:00
15fe80de06
Merge branch 'master' into conform_to_api_standards
2018-07-27 11:08:18 -05:00
df159e957d
condense logic for matching rank names to numeric value
2018-07-27 11:02:25 -05:00
c76f141a49
replace magic numbers with constants
2018-07-27 10:42:57 -05:00
06c98a0772
ignore extraneous/invalid keywords
2018-07-27 10:33:47 -05:00
44239b7005
remove debug line
2018-07-27 10:28:31 -05:00
6181253109
fix multi connect bug
2018-07-26 17:34:11 -06:00
129b3ec2b5
rename single-letter variables to be more descriptive
2018-07-26 17:35:26 -05:00
23c0f70c68
update multi-line block syntax
2018-07-26 17:24:04 -05:00
7e81e81965
call 'except' without duplicating variable
2018-07-26 17:22:15 -05:00
9f5f2ffeab
remove extraneous newlines
2018-07-26 17:19:18 -05:00
2572a297a2
clean up parameter delcarations in docs and rename doc files to module_search
2018-07-26 11:43:55 -05:00
5c9f002a72
Make hash definitions more consistent
2018-07-26 10:40:58 -05:00
8e6a1d203b
Futureproof FingerprintCheck until we delete it
2018-07-25 21:39:02 -05:00
4e46ebdb9c
Call check_simple when RHOSTS is a single host
2018-07-25 21:27:20 -05:00
25ef422168
Handle connection errors and fail_with in check
...
Also fix FingerprintCheck to tell us when it doesn't receive a response.
2018-07-25 21:11:40 -05:00
8753c5bf62
Land #10303 , HttpClient Rex::ConnectionError fix
2018-07-25 18:02:44 -05:00
9205159e7d
update console help documentation
2018-07-24 16:43:30 -05:00
e6e06fea84
update rank param to accept descriptive names
2018-07-24 16:43:16 -05:00
87434ef22d
pull changes
2018-07-24 15:42:31 -05:00
503a2276f2
Convert creds to use new format
2018-07-24 15:25:48 -05:00
ffe4dbcc19
refactor out of db_manager and into web_services
2018-07-24 15:25:23 -05:00
6d878a9bb6
Land #10367 , Pass a framework instance to external module shims
2018-07-24 15:22:47 -05:00
eccd223a3e
Merge branch 'master' into conform_to_api_standards
2018-07-24 12:11:14 -05:00
230e36f5f0
Pass the framework instance to exec module shims
2018-07-24 12:02:54 -05:00
e3da0a6828
Merge branch 'master' into remote_creds_data
2018-07-23 16:39:13 -05:00
2215cab7df
refactor search to work with existing console search function, and expand console keyword options
2018-07-23 16:37:11 -05:00
862f918d49
Fix bug when updating Core subobjects
2018-07-23 16:21:30 -05:00
87f9d3bd23
Land #10345 , OptionParser for console grep
2018-07-23 16:00:18 -05:00
351c2319a8
Fix issues with creds filter by IP
2018-07-23 14:53:09 -05:00
dc43cc78b0
Land #10341 , Add check method Boolean to module cache and info and search commands
2018-07-23 14:45:28 -05:00
654cbd198a
Fix missing method when check is run
...
Oops, lost the "mod" when I refactored into ternary. Caught during
verification with @wchen-r7. :D
2018-07-23 14:19:48 -05:00
08c0463e41
Cleanup creds options
2018-07-20 16:35:55 -05:00
b250c4e3f4
Honor realm in creds -S
2018-07-20 16:30:17 -05:00
08e1941e9b
Remove unsupported syntax from creds help
2018-07-20 15:54:57 -05:00
58ad718a7d
Display check support in module search
2018-07-20 14:10:44 -05:00
6c7650eec3
add call to warden.authenticate!
2018-07-20 10:34:07 -05:00
658267849b
deconflict the method names in mix-ins
2018-07-19 17:01:40 -05:00
65d42380d3
Merge branch 'master' into remote_creds_data
2018-07-19 16:25:06 -05:00
a8e5308fd3
WIP: Convert each endpoint to use the correct JSON format
2018-07-19 16:20:35 -05:00
2cd5c11342
remove unnecessary whitespace
2018-07-19 15:56:04 -05:00
ad2bd35858
add a requirement that there must be at least one search parameter
2018-07-19 14:56:51 -05:00
04a6cf8f0a
pull latest changes and re-register module servlet in new sinatra base
2018-07-19 14:42:39 -05:00
77fbd4b443
strip whitespace from field params
2018-07-19 14:34:47 -05:00
ce7eb9f3fe
add list of valid fields to documenation and update aliases
2018-07-19 14:31:46 -05:00
7dc37c8c79
add aliases to prevent ambiguity with plurals
2018-07-19 14:24:12 -05:00
3d58ec3a53
add aliases for field keywords
2018-07-19 14:23:47 -05:00
dd4279fc2a
add more robust searching to reflect all metadata values
2018-07-19 13:07:16 -05:00
ef264e78f0
Refactor grep command to use optparse
...
This is an experiment to see what it would take to convert *all* option
assignment, parsing, and validation to use Ruby's builtin optparse. Our
current situation in the command dispatchers is a mishmash of bespoke
and Rex code, both with odd behaviors. Modules use a more formalized
system, but it is also a bit janky and unlike most other tools a
pentester might use.
The first step is to refactor the console commands to use Ruby's builtin
option parsing to reduce code and increase homogeneity among the various
functions. Next we plan to explore what it would take to invoke modules
from within Metasploit this way (this would be Metasploit 5+ only).
Refactoring `grep` seems to have been a success. There is now less code;
the code that declares and handles the options are now in the same
place; long options are now supported; adjacent, argument-less short
opts now work as expected; patterns can now begin with a `-`; and option
arguments are now validated. Additionally, optparse's argument
coercion/validation code can be extended for custom types/validations to
support more specialized commands.
2018-07-19 12:11:09 -05:00
59962c5273
Merge branch 'master' into conform_to_api_standards
2018-07-19 09:26:17 -05:00
08290b81c0
Land #10282 , Add support for running external modules outside of msfconsole
2018-07-18 17:38:40 -05:00
8010c58220
add module documentation to swagger (WIP)
2018-07-18 17:36:31 -05:00
612959d9ab
Land #10323 , add authentication to REST API
2018-07-18 17:29:22 -05:00
1371fc6daf
Fix regexed integer RPORT for module search
2018-07-18 17:24:05 -05:00
de23559491
Add check for check to module cache
2018-07-18 16:40:52 -05:00
ee6de3da39
Make endpoint plural and uniform with the others
2018-07-18 17:35:47 -04:00
98d6d4cbcd
Add check for check to info command
2018-07-18 16:33:30 -05:00
5fa1ddf4eb
Remove default check method
2018-07-18 16:25:46 -05:00
93ce09cbd2
indicate private methods
2018-07-18 15:55:25 -05:00
6955a9a58b
filter search result using comma delimited fields
2018-07-18 15:52:47 -05:00
4da27d2bff
Enable GET for /endpoint/ID for each model
2018-07-18 15:18:22 -05:00
389b015047
fix typo (reference -> references)
2018-07-18 15:10:11 -05:00
257a05d5d7
Add long port option for data_services cmd
2018-07-18 14:29:32 -04:00
3147b8307b
Fix issue when adding authenticated data service
...
Add authentication to MsfServlet as a simple workaround to an issue
that occurs when data_services cmd is used to add a remote service
that requires an API token and no token or an invalid token are
provided.
2018-07-18 14:08:30 -04:00
4ff39e3799
Fix error code returned by authentication failure
...
Previously an authentication failure message would indicate that the
error was permissions related yet the error code remained 401. The fix
allows the Authentication::Strategies classes to specify an error code
that is returned to the user.
2018-07-18 14:04:09 -04:00
08b53a1ef7
Homogenize GET requests
2018-07-18 12:43:48 -05:00
a2da40a104
refactor endpoint under /v1/modules/
2018-07-18 12:06:25 -05:00
64fff449f8
refactor platform/target search
2018-07-18 10:59:46 -05:00
9d2bed2596
Fix grep's prompt rewriting
...
Missed in #9261 .
2018-07-17 21:08:21 -05:00
94297de256
Add grep -C to msfconsole
2018-07-17 20:52:46 -05:00
38daeb1b9f
Fix #10283 , SOUNDTRACK and LOGO refs
...
Some dupe code came in from master. Fixing and refactoring.
2018-07-17 19:36:35 -05:00
6a38b36a45
Land #10283 , SOUNDTRACK and LOGO refs
...
:'(
2018-07-17 19:11:52 -05:00
07203dccc6
Clean up some things
2018-07-17 19:11:26 -05:00
d5ed70417b
bind_named_pipe payload for ruby_smb
2018-07-17 17:46:10 -06:00
ad74ab7cf9
proof of concept searching with query params
2018-07-17 17:29:12 -05:00
39e381049a
Remove unnecessary include
2018-07-17 15:36:23 -05:00
59278aef99
Add command dispatcher for developer commands
2018-07-17 15:07:50 -05:00
dc4e438c04
Add multiple commands' tabs
2018-07-17 06:27:51 -04:00
5d048a6eb2
Use a class variable for auth initialized flag
2018-07-16 18:22:47 -04:00
65c290fa39
Make API token optional on data_services cmd
2018-07-16 16:44:44 -04:00
d5814ae9f6
Use the unpkg hosted versions of SwaggerUI
2018-07-16 15:16:27 -05:00
70104ab25e
Rename request env variables to conform with Rack
2018-07-16 15:04:05 -04:00
f7a4c577d6
Add UserServlet and admin_api scope
2018-07-16 12:56:43 -04:00
4680455041
Implement report_user and password hashing
2018-07-16 12:55:00 -04:00
67721bc616
Refactor strategies to support admin token role
2018-07-16 12:51:41 -04:00
4e5ad576b2
Land #10267 , defer bind payload connections until exploit has run
2018-07-13 17:35:27 -05:00
c8891206af
Add vprint_status back to bind_named_pipe
...
I thought it was redundant with the improved handler start message, but
it broke consistency with the other print statements. Fixing.
2018-07-13 17:29:52 -05:00
2c9d85606c
Refactor and add error messages
2018-07-13 16:29:09 -05:00
bf53896aa7
Rex::Compat.getenv
2018-07-14 06:24:04 +10:00
James Barnett
Brent Cook
William Vu
Green-m
Wei Chen
asoto-r7
Auxilus
Adam Cammack
Jeffrey Martin
Erin Bleiweiss
Tim W
Wang Yihang
h00die
Brendan Coles
Matthew Kienow
UserExistsError
bwatters-r7