linux throws a different exception than osx
when the vnc client fails to connect
this caused issues with the specs running. this now
catches that additional exception
MSP-9653
Rails::Engine version of Metasploit::Framework::Application that can be
used by downstream projects, like Pro to get the shared behaviors, like
modules path adding, meterpreter extension merging, and binary default
encoding.
MSP-9653
Extra config and initializers that can we shared between
Metasploit::Framework::Application and the future
Metasploit::Framework::Engine. Move the default encoding setup from
lib/msf/sanity.rb to a before_initialize callback for the shared config
so that gems, like gherkin that depend on the utf-8 default internal
encoding can be loaded.
MSP-9653
Calling `ActiveRecord::Base.establish_connection`, followed by
`ActiveRecord::Base.connected?` returns false unless some other code
requires a connection to be checked out first. The correct way to check
if the spec passed to `ActiveRecord::Base.establish_connection` is to
checkout a connection and then ask if it is active.
`Msf::DBManager#connection_established?` does the checkout, active check
and checkin, and should be used in place of
`ActiveRecord::Base.connected?` and
`ActiveRecord::Base.connection_pool.connected?`.
`Msf::DBManager#active` should still be used as it also checks for
adapter/driver usability and that migrations have run.
MSP-9653
lib/msfenv.rb should only load the framework environment to initialize
Metasploit::Framework::Application if a Rails.application is not
defined, otherwise it will clash with the Rails application in prosvc.
MSP-9653
Allow rails engines (and other applications, like
Metasploit::Pro::Engine::Application) to define their own module paths
using the paths['modules'] entry for Rails Applications/Engines.
refactor the Hashdump post module for window
to use the new cred creation methods.
Also some extra methods to do db safe checks
for record ids that we need
MSP-9653
If ActiveRecord::Base is already connected, then don't attempt to create
the database (as it involves establishing a new connection) or
establishing a new connection after the creation. Still run the
migrations as the normal Rails::Application.initialize! will result in
ActiveRecord::Base.connected? being true even if migrations are missing.
To be clear, the shell that was tested with was 'windows/shell_reverse_tcp' delivered via 'exploit/windows/smb/psexec'
Additional changes required to fix regex to support the multiline output. Also, InstanceId uses a lower case 'D' on the platforms I tested - PowerShell 2.0 on Windows 2003, Windows 7, Windows 2008 R2 as well as PowerShell 4.0 on Windows 2012 R2.
This method doesn't appear to be used anywhere in the Metasploit codebase currently.
I have a case where on a Windows 2008 R2 host with PowerShell 2.0 the 'have_powershell' method times out. When I interactively run the command I find that the output stops after the PowerShell command and the token from 'cmd_exec' is NOT displayed. When I hit return the shell then processes the '&echo <randomstring>' and generates the token that 'cmd_exec' was looking for. I tried various versions of the PowerShell command string such as 'Get-Host;Exit(0)', '$PSVErsionTable.PSVersion', and '-Command Get-Host' but was unable to change the behavior. I found that adding 'echo. | ' simulated pressing enter and did not disrupt the results on this host or on another host where the 'have_powershell' method functioned as expected.
There may be a better solution, but this was the only one that I could find.
Luke Imhoff
David Maloney
Trevor Rosen
Lance Sanchez
Tod Beardsley
William Vu
Christian Mehlmauer
Meatballs
Tom Sellers
James Lee
jvazquez-r7
Spencer McIntyre