0ca0cd5ee1
loot add/remove command for msfconsole
2013-03-14 14:37:15 -05:00
5967991f6f
Auxiliary::Web#log_*: details[:category] => #name
...
Recent category updates to modules caused variations of vulns of the
same type to be ignored leading to a smaller exploitation surface.
Thus, use the #name of the module as the key instead of the category name.
2013-03-12 19:43:47 +02:00
32bf7cf8f4
Merge remote-tracking branch 'tasos-r7/bug/web-fuzzable-path' into rapid7
...
[Closes #1578 ]
2013-03-12 12:31:32 -05:00
c641ca96c1
Auxiliary::Web::Path.from_model: inputs => form.inputs
...
Fixed uninitialized variable error.
2013-03-11 23:08:41 +02:00
d764740779
Convert user/pass tokens to ASCII in db.rb
...
This commit fixes an Encoding::CompatibilityError incompatible
encoding regexp match (ASCII-8BIT regexp with UTF-8 string) when
sanitizing non-printable tokens from a user/pass string.
The UTF-8 strings are derived from strings passed through the
module.execute RPC call.
2013-03-11 15:02:28 -04:00
f0cee29100
modified CommandDispatcher::Exploit to have the change into account
2013-03-11 18:08:46 +01:00
7e15788bb5
Auxiliary::Web: updated form of vuln storage in parent
...
#log_fingerprint and #log_resource now create a key in the
parent's #vulns attribute with the name of the vuln type and
store the details of each such vuln under it.
2013-03-08 22:38:23 +02:00
8b5a83c7f5
Remove the DECODER option
2013-03-08 15:25:16 -05:00
ac6065d8f9
Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging
2013-03-08 21:50:49 +02:00
3422a7c098
Auxiliary::Web: force vuln proof to_s
2013-03-08 21:50:01 +02:00
aceba9fc8a
Revert "escape ticks and spaces in paths"
...
This reverts commit 4c87b1ba36
2013-03-08 14:37:28 -05:00
db676f1a88
Whitespace at EOL
2013-03-07 18:20:08 -06:00
cf3df4b179
Auxiliary::Web::HTTP: added error output
...
Instead of using elog when an HTTP request callback throws an
exception, use the HTTP class' parent #print_error.
2013-03-07 20:14:38 +02:00
c3b3da4254
Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging
2013-03-06 23:04:10 +02:00
5dff043e3c
Whitespace
2013-03-06 14:52:32 -06:00
d9a6f5f0ca
Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging
2013-03-06 18:26:18 +02:00
c497d5ffef
Auxiliary::Web: log methods pass vuln info to parent
2013-03-06 18:25:25 +02:00
09fc52f3d9
Merge pull request #1536 from rapid7/feature/active-record-migrator-migrations-paths
...
Use ActiveRecord::Migrator multiple migrations paths support
2013-03-06 08:20:36 -08:00
24c0da0adb
Merge branch 'rapid7' into doc/cleanup-peparsey
2013-03-05 21:00:26 -06:00
27727df415
Merge branch 'R3dy-psexec-mixin2' into rapid7
2013-03-05 14:36:55 -06:00
a928e5f963
Whitespace
2013-03-05 14:34:56 -06:00
f5c23e4b02
fix typo snaffu
2013-03-05 12:35:21 -06:00
1407886e83
Revert "fix a major typo snaffu"
...
This reverts commit c639de7ccc
2013-03-05 12:34:51 -06:00
c639de7ccc
fix a major typo snaffu
2013-03-05 12:33:37 -06:00
9084e2a3bb
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-03-04 21:10:39 -06:00
ac63965e4d
Merge remote-tracking branch 'gerry/nbe_importing_fix' into rapid7
2013-03-04 20:00:50 -06:00
4e31187f72
Use start.sh to start Pro via go_pro command
...
start.sh (installed with community/pro on apt installs) automatically
starts dependency services (such as postgresql).
2013-03-04 18:35:47 -06:00
370aed5973
Silence status output, it is distracting
2013-03-04 18:27:22 -06:00
fb0237a180
Fix typo
2013-03-04 18:26:59 -06:00
c0689a7d43
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-03-04 12:14:33 -06:00
6dcca7df78
Remove duplicated header issues
...
Headers were getting duped back into client config, causing invalid
requests to be sent out
2013-03-04 11:24:26 -06:00
0ddc6b3afa
Document Msf::DBManager#initialize_metasploit_data_models
2013-03-02 21:16:02 -06:00
c9a162ac33
Correct return type of Msf::DBManager#migrate.
2013-03-02 21:09:45 -06:00
af4b3fa287
Use ActiveRecord::Migrator multiple migrations paths support
...
[#44034071 ]
ActiveRecord::Migrator has a class attribute, migrations_paths,
specificially for storing a list of different directories that have
migrations in them. ActiveRecord::Migrator.migrations_paths is used in
rake db:load_config, which is a dependency of db:migrate, etc. that is
passed to ActiveRecord::Migrator.migrate. Since migrate supports an
array of directories, and not just a single directory, there is no need
to merge all the migrations paths into one temporary directory as was
previously done.
2013-03-02 20:33:48 -06:00
2e4760c486
Merge pull request #1533 from rapid7/feature/migrations-in-metasploit_data_models
...
All steps passing as described.
2013-03-01 12:54:41 -08:00
99a8ec593b
Fixing merge conflicts
2013-03-01 20:21:02 +02:00
4212c36566
Fix up basic auth madness
2013-03-01 11:59:02 -06:00
7b8654a71d
Revert "Merge pull request #1534 from tasos-r7/bugfix/web-vuln-confidence"
...
This reverts commit 3840ddccbce1891f0836
2013-03-01 11:41:06 -06:00
3840ddccbc
Merge pull request #1534 from tasos-r7/bugfix/web-vuln-confidence
...
Auxiliary::Web: fixed confidence calculation in log methods
2013-03-01 09:25:07 -08:00
862b813786
Auxiliary::Web: fixed confidence calc in log methods
2013-03-01 18:33:16 +02:00
239e1934b8
Use migrations from metasploit_data_models
...
[#44034071 ]
metasploit_data_models version 0.5.0 copied the migrations from
metasploit-framework/data/sql/migrate to
metasploit_data_models/db/migrate so that specs could be written the Mdm
models in metasploit_data_models. As part of the specs, :null => false
columns that should be :null => true were discovered, so a new migration
was added, but to metasploit_data_models/db/migrate, so it could be
tested. Instead of replicating migrations back and forth, I'm removing
the migrations completely from metasploit-framework and changing the
default migration path in Msf::DbManager#migration_paths to
MetasploitDataModels.root.join('db', 'migrate').
2013-03-01 09:03:45 -06:00
c290bc565e
Merge branch 'master' into feature/http/authv2
2013-02-28 14:33:44 -06:00
18c0bb0ac8
Updates description again
2013-02-28 11:34:48 -06:00
8cb5da0794
One size rules them all.
2013-02-28 11:21:23 -06:00
722e077029
Update generic target
2013-02-28 11:09:52 -06:00
2c013cada8
Update documentation for default values
2013-02-28 11:05:18 -06:00
86d78939ad
Make objId optional
2013-02-28 11:01:15 -06:00
9f35452d73
Beef up the default values for precise alloc size and consistency
2013-02-28 10:35:40 -06:00
bb02dc43b3
Documentation
2013-02-27 15:34:21 -06:00
312638d6a5
Correct allocation size for IE10
2013-02-27 14:32:39 -06:00
e3f0757304
Improved version thanks to corelanc0d3r
2013-02-27 14:08:57 -06:00
2a7b4ee3d8
Merge branch 'master' into setstringproperty_spray
2013-02-27 11:15:52 -06:00
724b32af17
Fixed the importing of NBE files
2013-02-26 16:55:26 -08:00
38af8ba866
Merge branch 'feature/sqli-exploitation-mssql' of github.com:tasos-r7/metasploit-framework into tasos-r7-feature/sqli-exploitation-mssql
2013-02-26 13:41:32 -06:00
75a36ce171
Merge pull request #1154 from todb/feature/go_pro
2013-02-26 01:09:24 -06:00
08275e8d83
Process.spawn instead of system
...
Per @bturner-r7's comment here:
https://github.com/rapid7/metasploit-framework/pull/1514#discussion_r3129535
2013-02-25 19:49:02 -06:00
8cff88efac
Change from web ui to community / pro
2013-02-25 15:45:55 -06:00
0421cff913
Exploit::Remote::Web#perform_request: timeout set to 10
2013-02-25 19:49:39 +02:00
2141492654
Per @brandont comment, use exit status instead.
2013-02-24 15:24:21 -06:00
9d9d83cf8b
Implement per-target arch/platform searches SeeRM #7754
2013-02-24 11:06:29 -06:00
5e1119e2ed
A little more error handling for browser launches
...
Implement a timeout and deal with the case where xdg-open isn't
avialable for whatever reason.
2013-02-24 10:23:12 -06:00
8010cdbd8b
Shuffled methods around
2013-02-24 09:33:15 -06:00
8caedd4290
Can't apt-get install inside msfconsole
...
At least, you can't and expect the service to connect correctly. You
must exit msfconsole and restart it for the migrations to take place.
2013-02-23 23:41:14 -06:00
a7c0d62106
Cleanup after some testing
2013-02-23 23:33:08 -06:00
d5a074283a
Fill in the details of starting, launching, etc
2013-02-23 22:38:29 -06:00
a3886a1a6b
No smartquotes plz
2013-02-23 17:17:18 -06:00
b80343817c
Skeleton for acutally go_pro'ing
2013-02-23 09:48:18 -06:00
90a1dcffa3
Adds a random banner offering go_pro
2013-02-23 09:36:06 -06:00
2af930f1ff
Adds msfbase_dir, switches on apt existance
2013-02-23 09:19:31 -06:00
0977d1a9b0
help shouldn't go past 80 columns
2013-02-23 08:49:47 -06:00
7509501b18
Adding a go_pro command
2013-02-23 08:46:51 -06:00
aa007b9e0a
Updates
2013-02-22 20:07:16 -06:00
56fa5ead37
Initial version of js_property_spray
2013-02-22 10:21:20 -06:00
c423ad2583
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-02-21 15:30:43 -06:00
ac6fdf24a2
Fix winrm mixin from revert merge
2013-02-19 22:01:43 -06:00
b2563dd6c2
trying to clean up the mess from the revert
2013-02-19 21:25:37 -06:00
3949c851a4
Was, indeed, missing an or pipe
2013-02-19 17:53:48 -06:00
d81f177ab6
Adding Nemski's fix
...
[FixRM #7451 ]
2013-02-19 17:51:51 -06:00
4703278183
Move SMB mixins into their own directory
2013-02-19 12:55:06 -06:00
ede804e6af
Make psexec mixin a bit better
...
* Removes copy-pasted code from psexec_command module and uses the mixin
instead
* Uses the SMB protocol to delete files rather than psexec'ing to call
cmd.exe and del
* Replaces several instances of "rescue StandardError" with better
exception handling so we don't accidentally swallow things like
NoMethodError
* Moves file reading and existence checking into the Exploit::SMB mixin
2013-02-19 12:33:19 -06:00
b72d2b59f8
Add logging in case of exceptions during rm
2013-02-18 18:02:51 -06:00
0938190063
Merge branch 'rapid7' into R3dy-psexec-mixin2
2013-02-17 06:08:09 -06:00
aea76a56de
Add some docs to FtpServer
2013-02-13 14:39:19 -06:00
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
b8b445c834
Update lib/msf/core/auxiliary/login.rb
...
Fix for Bug #7451
2013-02-09 15:32:47 +11:00
99218d142b
Merge branch 'rapid7' into R3dy-psexec-mixin2
2013-02-08 12:48:06 -06:00
5b3b0a8b6d
Merge branch 'dmaloney-r7-http/auth_methods' into rapid7
2013-02-08 12:45:35 -06:00
2b3c8a68ad
Merge remote-tracking branch 'tasos-r7/feature/web_http_request_opts_override' into rapid7
2013-02-08 12:45:02 -06:00
d2c7dbe160
Merge remote-tracking branch 'wchen-r7/type_error_dir_scanner' into rapid7
2013-02-08 12:39:08 -06:00
8798567d79
Fix bug: TypeError can't convert Fixnum into String
...
wmap_target_port is retrieved from datastore['RPORT'], and that's a
Fixnum. But wmap_base_url is treating that like a String, so when a
module uses that function, it's doomed.
See:
http://dev.metasploit.com/redmine/issues/7748
2013-02-08 12:05:27 -06:00
071df7241b
Merge branch 'rapid7' into sonicwall_gms
...
Conflicts:
modules/exploits/multi/http/sonicwall_gms_upload.rb
Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
2013-02-07 21:53:49 -06:00
e535a3e93f
Guard against running broken method on non-windows
...
This just puts a bandaid around the issue and makes it so FileDropper
doesn't completely break java and posix meterpreter sessions.
[SeeRM #7721 ]
2013-02-07 21:10:27 -06:00
16a0ab1933
Fix comment link and some whitespace
2013-02-07 18:37:11 -06:00
13d1045989
Works for java and native linux targets
2013-02-07 16:56:38 -06:00
b3e828359d
Web::HTTP#_request: allow Rex opt level overrides
...
Allow overriding options at the Rex level when performing requests
via the Auxiliary::Web::HTTP wrapper.
2013-02-06 01:02:46 +02:00
877fb017b6
remove negotiate requirements
...
winrm can support basic, and now these modules can too, for free
2013-02-04 16:50:43 -06:00
44d4e298dc
Attempting to cleanup winrm auth
2013-02-04 15:48:31 -06:00
c71b803413
Add invisible auth to web crawler
...
the anemone web crawler now properly supports our invisible auth scheme
for rex http.
2013-02-04 14:38:08 -06:00
413c37e506
Add invisible auth to Web::HTTP
...
add the invisible auth support to tasos' http class
2013-02-04 13:39:40 -06:00
0c57026065
Remove junk added earlier
...
i added junk to tasos' class when we were going to attempt this a
different way. housekeeping to clean it up
2013-02-04 13:13:08 -06:00
8d013d1034
Merge branch 'master' into http/auth_methods
2013-02-04 13:11:57 -06:00
9497e38ef7
Fix http login scanner
...
Fix the http_login scanner to use new buitin auth
2013-02-04 12:31:19 -06:00
7faaa635d3
Fixed exception handling to use smb::proto
2013-02-03 18:46:41 -06:00
797e2604a0
Fix missing require in reverse_tcp_ssl
2013-02-03 17:41:45 -06:00
ffb88baf4a
initial module import from SV rev_ssl branch
2013-02-03 15:06:24 -05:00
c3801ad083
This adds an openssl CMD payload and handler
2013-02-03 04:44:25 -06:00
61969d575b
remove mixin require, more datastore clenaup
2013-02-01 15:12:11 -06:00
efe0947286
Start fixing datastore options
2013-02-01 15:12:11 -06:00
ef1fc58e5e
Remove mixin, start moving into Rex
...
move auth awareness into rex itself
2013-02-01 15:12:11 -06:00
c407fa9e74
add mixjn
2013-02-01 15:12:11 -06:00
5814c59620
move httpauth to mixin
...
HttpAuth stuff gets it's own little mixin
mix it in to Exploit::Http::Client
mix in it to Auxiliary::Web::HTTP
2013-02-01 15:12:10 -06:00
8e870f3654
merge in sinn3r's changes
2013-02-01 15:12:10 -06:00
95cc84f5e8
Updates normalize_uri()
...
This function should not remove the trailing slash, because you may
end up getting a different HTTP response. The new function also
allows multiple URIs as argument, and will just merge & normalize
them together. [SeeRM #7733 ]
2013-01-30 15:42:21 -06:00
6002e35460
Merge pull request #1397 from wchen-r7/target_uri_fix
...
normalize_uri fixes (double slashes and trailing slash)
2013-01-29 11:26:30 -08:00
c42d4a6617
Merge for CVE-2013-0156 RoR Exploit
...
Also massages the RUBY payload.
2013-01-28 23:06:05 -06:00
92c736a6a9
Move fork stuff out of exploit into payload mixin
...
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
9a58b7b732
Fix normalize_uri() function
...
This will make sure all the double slashes are gone. Also, the
function description is updated to clarify its purpose.
2013-01-28 12:10:21 -06:00
3fc9b5d636
Doc cleanup
2013-01-28 00:01:45 -06:00
2965fa480e
Some errant spaces
2013-01-25 05:41:28 -06:00
a081389f86
Auxiliary::Web, Exploit::Remote::Web: style updates
2013-01-29 03:08:53 +02:00
76e0305dcf
Merge remote-tracking branch 'upstream/master' into web-modules
2013-01-29 01:06:26 +02:00
d9e1653443
Use EXITFUNC if present to save space and be more correct.
...
Jump straight to payload on process failure to save space.
2013-01-24 17:14:25 -06:00
9aaca2eae9
Auxiliary::Web::HTTP: updated exception handling
...
[FIXRM #7724 ]
Updated #run and #_requestto rescue and elog all exception.
2013-01-24 22:07:17 +02:00
60e871b8d4
Merge pull request #1365 from todb-r7/banner-logos
...
Delivers Pro #41793473
2013-01-24 09:07:41 -08:00
477ab65d55
Exploit::Remote::Web: added #tries method
...
#tries method indicates how many times we should run a module until
we establish a session.
2013-01-23 23:05:22 +02:00
e920594534
Whitespace cleanup, no blank lines plz
2013-01-23 14:23:38 -06:00
d0382b68c7
One more backslash
2013-01-23 14:18:40 -06:00
40dcbe0e89
Fix escaping, whitespace
...
Since banners are now just data and not code, they don't need their
backslashes escaped any more.
2013-01-23 14:16:49 -06:00
537e12cf16
Render the banners nicely
2013-01-23 13:59:34 -06:00
b4f5c3b6ed
Fix up set_rhosts for all db commands
2013-01-23 10:10:02 -06:00
1477cda3d4
fix set_rhosts behavior/bugs.
...
msf exploit(rails_xml_yaml_code_exec) > hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
10.0.0.105 00:0C:29:59:65:08 VMWIN2000SP4 Microsoft Windows client
msf exploit(rails_xml_yaml_code_exec) > hosts -R
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
10.0.0.105 00:0C:29:59:65:08 VMWIN2000SP4 Microsoft Windows client
RHOSTS => 10.0.0.105
msf exploit(rails_xml_yaml_code_exec) > exit
2013-01-23 10:00:24 -06:00
9e5370eb2f
Merge branch 'slight_speedup_to_db_hosts-R' of github.com:kernelsmith/metasploit-framework into kernelsmith-slight_speedup_to_db_hosts-R
2013-01-23 00:20:55 -06:00
ff7756cd54
Make #prepends() actually work
2013-01-22 16:10:44 -06:00
33e9f182bd
Merge remote-tracking branch 'upstream/master' into web-modules
2013-01-22 23:43:25 +02:00
6b5c6c3a0c
Auxiliary::Web::Analysis::Differential
...
Removed payload option from #process_vulnerability call
2013-01-22 23:41:36 +02:00
0d564c1ce8
Auxiliary::Web::Analysis::Timing
...
Updated to pick the largest matching payload from the payload list.
2013-01-22 23:40:30 +02:00
f2beb5bf19
Auxiliary::Web#process_vulnerability: payload fix
...
Updated to pick the largest matching payload from the payload list.
2013-01-22 23:39:16 +02:00
c37510f777
Move prependmigrate.rb for naming consistency
2013-01-22 14:15:52 -06:00
04adaf0e9d
Unstupid the prepends callback
...
Windows#prepends was overriding PrependMigrate#prepends
2013-01-22 13:56:26 -06:00
32aa2c6d9c
Make asm spacing easier to read
...
Also adds a #prepends callback to Payload::Windows to make it a little
clearer what's happening.
2013-01-22 13:25:27 -06:00
fed4a836c6
Updated proof string for Web Differential Analysis
...
Manipulatable responses => Boolean manipulation
2013-01-22 20:29:57 +02:00
81625121f2
Cleaned up some code spacing
2013-01-22 09:49:03 -06:00
4740cb09a1
Fix NoMethodError if handler has no ParentModule
...
db.rb assumes that multi/handler sessions have a ParentModule defined
in their datastore. This assumption breaks when a user sets up a
multi/handler by hand to receive a session from another user (e.g.,
via multi_meter_inject).
When db.rb tries to access a member of a nil ParentModule, a
stacktrace is dumped to framework.log.
2013-01-22 02:56:43 -05:00
52596ae3b4
add -R capability like hosts -R
...
moves the set_rhosts method def out into a separate file so it can be
included by both db.rb cmd_hosts and core.rb cmd_grep
2013-01-21 18:17:28 -06:00
b2c7223108
Cleanup for mysql_file_enum.rb
2013-01-21 12:26:35 +01:00
f05e358058
replace unless rhosts.include? with rhosts.uniq!
...
seems like this will speed up the process due to far less Array lookups
2013-01-21 00:46:05 -06:00
23d1eb7a80
File/dir brute forcer using MySQL
2013-01-20 21:23:58 +00:00
66d5f39057
Ensure prepend_migrate? always functions correctly.
2013-01-18 18:04:09 -06:00
6c046dfa69
Move PrependMigrate to a mixin
2013-01-18 17:45:36 -06:00
07bf36f62f
Ensure shell still works if PrependMigrateProc fails to launch.
...
Don't rely on GetStartupInfoA return value.
2013-01-18 17:32:50 -06:00
Joshua Abraham
Tasos Laskos
James Lee
Raphael Mudge
jvazquez-r7
Spencer McIntyre
Samuel Huckins
David Maloney
Brandon Turner
Luke Imhoff
sinn3r
Gerry Eisenhaur
Tod Beardsley
HD Moore
nemski
Royce Davis
RageLtMan
Tod Beardsley
scriptjunkie
Trevor Rosen
kernelsmith
Robin Wood