Commit Graph

5209 Commits (4bd9b0c94a35c58f33f39398b97b2689deff5442)

Author SHA1 Message Date
James Lee 65b92efe8c Fix an ancient syntax fail 2012-03-16 02:03:54 -06:00
James Lee 9aaf6af072 Return network prefixes when available
Solves #6525 on Vista+.  Win2k still works using the old MIB method
(which doesn't support ipv6).  Win2k3 and XP are still busted for
unknown reasons.
2012-03-16 01:50:26 -06:00
James Lee 916f23fe4e Add IPv6 support for bit2netmask 2012-03-16 01:50:26 -06:00
James Lee a3db547c76 Justify TLVs to be a little easier to read 2012-03-16 01:50:26 -06:00
David Maloney 6011da7db8 More Virtualisation SSL fixes 2012-03-15 19:06:48 -05:00
James Lee 6895ff9cbb Whitespace at EOL 2012-03-14 21:42:00 -06:00
James Lee 9d563d4d9e Pastographical error 2012-03-14 21:41:14 -06:00
Maciej Kotowicz f91b894375 added posibilities for generating payload from asm to more arch's
added linux/x64/shell_find_port payload
2012-03-14 22:39:56 +01:00
James Lee 2c34b7d599 Alias `ifconfig` to `ipconfig`
This has bugged me for *years*.
2012-03-14 11:07:31 -06:00
James Lee 40e1cafd6e Remove extraneous debug print 2012-03-14 11:07:31 -06:00
gaspmat@gmail.com 248a73a73c change sniffer behaviour when stopping capture. workaround if pcap_findalldev fails 2012-03-14 11:07:31 -06:00
sinn3r 46da36d3a0 Fix bug: undefined method `size' for nil:NilClass (Bug #6526) by Raphael 2012-03-14 11:49:49 -05:00
David Maloney 5a69c896fc Fixes #6465
Properly imports vulnerability titles from Qualys Scan Reports
2012-03-13 16:45:55 -05:00
James Lee 6cfb3ff4fc Comment out extension TLV types
I suspect this is a load order issue where sometimes the extension's TLV
types are defined before hitting this and sometimes aren't.
Nevertheless, pretty printing a TLV is not worth breaking all the
payloads.
2012-03-13 14:08:58 -06:00
James Lee 6a6dd06103 Merge branch 'feature/6476-list-all-ifaces'
Conflicts:
	modules/auxiliary/scanner/afp/afp_server_info.rb
2012-03-13 13:55:45 -06:00
James Lee 89e3fee5a8 Revert "Squashed commit of the following:"
This reverts commit dd9ac8a6c0.
2012-03-13 13:38:35 -06:00
James Lee dd9ac8a6c0 Squashed commit of the following:
commit 8b4750d0dcbac0686f9403acdf5cab50c918212f
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 13 13:14:43 2012 -0600

    Add bins for listing all addresses

    [Fixes #6476]

commit 213dd92ebc9b706a45725e6515c7939d2edace0e
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 13 02:08:34 2012 -0600

    Accept multiple addresses and netmasks

    [See #6476]

commit 2e8bd3c3ecfb319bf9456485d2420bb5829b60cc
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 13 01:55:57 2012 -0600

    Make inspecting meterpreter packets a little less painful

    Not sure why I originally thought there was no way to access extensions'
    constants before.  A simple `require` makes it all happy.

commit da367907cf579bd3aefaffbc84d2f96a41b85f00
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 11 22:08:44 2012 -0600

    Fix up Linux after changes for Windows

commit ec9f04378b0155f69df95d4a94e62d33ce61977c
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 11 21:56:11 2012 -0600

    Grab IPv6 addresses on Windows when possible

    Tries to GetProcAddress of GetAdaptersAddresses and falls back to the
    old GetIpAddrTable() function when it isn't available. This should work
    on XPSP1 and newer, albeit without netmasks on versions before Vista.
    Still trying to figure that one out.

commit 1052ebdcf86114fbc03d1a37ab5d4c6a78e82daa
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 6 15:34:09 2012 -0700

    Wrap Windows-specifc headers in ifdef

commit f23f20587b3117c38a77e7e5a93d542411e9504f
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 6 14:36:34 2012 -0700

    Handle multiple addrs on one iface on the ruby side

commit d7207d075ac6462875d9da531cf20c175629a416
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 5 21:57:39 2012 -0700

    Adds IPv6 addrs to win32 get_interfaces response

commit 11ae7e8a45bd56d25841ea8724377e0fb6789d72
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 5 09:07:28 2012 -0700

    Don't distinguish between 4 and 6.

    The client can figure it out from the length.

commit 2c7490bdf3e4079f30857ee323d2ce23ab1bd9a5
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 4 04:25:26 2012 -0700

    Append to the list instead of assigning to it

    All addresses are being sent to the client now.  Just need a way to
    parse them out correctly on the other side and meterpreter will be able
    to list all addresses on all interfaces on Linux.  Next step is to
    allocate the proper number of TLVs to avoid good ol' stack smashes on
    systems with lots of addresses and then make sure we clean all the
    memory leaks.

    [See #6476]

commit 73bba037ad968b922341c02459017afcc8407a76
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 4 03:12:28 2012 -0700

    Lay the groundwork for returning all addresses

    This commit only sends the last interface in the list, but it is looping
    through all of them as evidenced by the log, just need to make sure
    we're not overwriting as we go.

    [See #6476]
2012-03-13 13:19:18 -06:00
sinn3r 50d2796899 Merge branch 'afp' of https://github.com/gregory-m/metasploit-framework into gregory-m-afp 2012-03-13 11:30:34 -05:00
Brandon Perry 7275e91698 spiceworks tab fix 2012-03-13 08:46:11 -07:00
James Lee 1d99330795 Accept multiple addresses and netmasks
[See #6476]
2012-03-13 02:08:34 -06:00
Gregory Man b0ba10f79c Added afp_login module. 2012-03-13 10:01:42 +02:00
Gregory Man 5b13b7d1d9 Extracted common AFP functionality to mixin 2012-03-13 09:56:03 +02:00
James Lee 58bc9346f4 Make inspecting meterpreter packets a little less painful
Not sure why I originally thought there was no way to access extensions'
constants before.  A simple `require` makes it all happy.
2012-03-13 01:55:57 -06:00
James Lee b815955e09 Allow file argument for the `ls` command
Previously only worked for directories.

[Fixes #3055]
2012-03-13 00:52:42 -06:00
HD Moore 1a364df37e Pull payload/exploit options into nop modules as well 2012-03-12 23:28:47 -05:00
HD Moore 606ca82432 Share the datastore with encoders 2012-03-12 23:23:15 -05:00
HD Moore be6a64b3f7 Force option validation in exploit_simple for e & p 2012-03-12 22:57:23 -05:00
HD Moore 7b32bc689f Swap URIPATH to TARGETURI for consistency 2012-03-12 13:58:33 -05:00
Tod Beardsley de888e50f0 Adding a cleaner RuntimeError to target_uri
The purpose of re-raising an error from a library method like this is to
tell the user in no uncertain terms what all actually went wrong with the
module. This fix will cause a somewhat more pleasant error message than
the default message. Here's the raise from URI:

```
[-] Auxiliary failed: URI::InvalidURIError bad URI(is not URI?): what%ever
[-] Call stack:
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:156:in `split'
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:174:in `parse'
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:626:in `parse'
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:724:in `URI'
[-]   /home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/http/client.rb:535:in `target_uri'
[-]   /home/todb/.msf4/modules/auxiliary/test_uri.rb:20:in `run'
[*] Auxiliary module execution completed
```

And here's the new, Metasploit-specific one:

```
[-] Invalid URI: "what%ever"
[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: URIPATH.
[*] Auxiliary module execution completed
```

The user can now tell easily what's wrong with the module configuration,
and doesn't have to parse through a stack trace that leads down into
the Ruby stdlib.
2012-03-10 10:58:16 -06:00
sinn3r cc87ed8428 Remove weird error handling unless someone explains to me why I need to raise errors when it does already 2012-03-09 18:42:06 -06:00
sinn3r 0530eb4b09 Add target_uri 2012-03-09 14:44:32 -06:00
HD Moore 6b00848688 Propagate the job_id back to the caller (often console's active_module)
to restore job handling
2012-03-08 16:01:32 -06:00
James Lee 090674386f Tell the user when we have to switch from a deleted workspace 2012-03-08 14:08:38 -07:00
James Lee b79e79022a Add a rename option to workspace command
[Fixes #6498]
2012-03-08 13:44:31 -07:00
David Maloney 67c7971bdf Addresses a race condition with checking a scanner's status before it's run method has executed. 2012-03-08 13:07:03 -06:00
David Maloney 9d343ea1c1 Fix to dividie by zero issue in scannenr progress method 2012-03-08 11:03:33 -06:00
HD Moore 761f859695 Simplify the module instance (required to call certain methods) 2012-03-07 07:59:41 -06:00
HD Moore 5054840165 Overwrite the local datastore with the normalized option, even if it
came from a global datastore due to a fall-through
2012-03-07 07:37:36 -06:00
HD Moore b89af3546d Revert the previous global fix in favor of a different method.
Fixes #6501
2012-03-07 07:37:36 -06:00
HD Moore 9975d5a220 Always clone modules before running them via the simplified wrappers.
This prevents changes to the datastore or instance variables from
being carried over into a second run
2012-03-07 07:37:36 -06:00
James Lee d99df825b3 Handle multiple addrs on one iface on the ruby side 2012-03-06 14:36:34 -07:00
James Lee 6b9a21936e Whitespace at EOL 2012-03-06 14:14:02 -07:00
James Lee 2b9acb61ad Clean up some incosistent verbosity
Modules should use `vprint_*` instead of `print... if
datastore["VERBOSE"]` or similar constructs
2012-03-06 12:01:20 -07:00
HD Moore 8cbe5d8a54 Force many integer arguments to be integers 2012-03-06 09:28:29 -06:00
Tod Beardsley 7f9880a1fc Fixes whitespace on linux shellcode from @mak
Also repairs some weirdly broken comment.

[Closes #131]
2012-03-05 16:59:37 -06:00
Tod Beardsley 9e380d9e88 Merge remote branch 'mak/payload-linux-x64' into l64 2012-03-05 14:58:24 -06:00
Tod Beardsley e014e9a5c3 Fix up notes search implementation
Uses delete_if and a negative assertion, rather than the (much nicer but
unavailable) keep_if method.
2012-03-05 13:50:02 -07:00
Tod Beardsley b847d48927 Tidies up sempervictus's search patch
Affects the console's db commands of hosts, services, vulns, creds, notes,
loot

Skips searching entirely unless a search term is provided, and
explicitly casts the term as a Regexp object from the outset.

Avoids using Object#to_sym in preference of Object#intern (safer in
nearly all cases)

Temporarily disables functionality on notes since Array#keep_if isn't
available prior to Ruby 1.9.2
2012-03-05 13:50:02 -07:00
RageLtMan 3270976d7b Search functionality for db dispatcher commands 2012-03-05 13:50:02 -07:00
Tod Beardsley 85d1b77ed3 Fix up notes search implementation
Uses delete_if and a negative assertion, rather than the (much nicer but
unavailable) keep_if method.
2012-03-05 13:40:26 -06:00
Tod Beardsley a957c45daf Tidies up sempervictus's search patch
Affects the console's db commands of hosts, services, vulns, creds, notes,
loot

Skips searching entirely unless a search term is provided, and
explicitly casts the term as a Regexp object from the outset.

Avoids using Object#to_sym in preference of Object#intern (safer in
nearly all cases)

Temporarily disables functionality on notes since Array#keep_if isn't
available prior to Ruby 1.9.2
2012-03-05 13:40:26 -06:00
RageLtMan fb475ca49c Search functionality for db dispatcher commands 2012-03-05 13:40:26 -06:00
HD Moore de9b35d7b0 Fixes #6485 by allowing validation to write back normalized values to
global. This isn't perfect, but we have no better solution unless we
clone the module datastore and unset the default imported_by for the
module run (actively testing that too in a branch)
2012-02-29 01:49:26 -06:00
HD Moore 7b40d8d819 Allow updates to fallthrough to the global store just like reads 2012-02-29 01:40:54 -06:00
James Lee 9f05562a18 Don't distinguish between IPv4 and IPv6 routes
It's easier to deal with one Array of all routes regardless of INET
family than having get_routes() return a two-element Array of Arrays.
Also fixes a bug in each_route() which was expecting get_routes() to
return a single Array of all routes. Thanks to valsmith for reporting.
2012-03-02 18:26:57 -07:00
Tod Beardsley 6c0f8636ec Merge pull request #217 from rapid7/reverse-http-randomness
Reverse http randomness
2012-03-02 16:36:26 -08:00
HD Moore b70b41091b Tested fairly well - this randomizes the URLs and removes the user-agent string from the request 2012-03-02 17:44:23 -06:00
James Lee 9e2a1b6d52 Allow channel -k as a synonym for -c
Makes it consistent with "jobs", "sessions", and "threads" commands in
msfconsole.  Because I keep using the wrong thing and being confused
about why it doesn't work.
2012-03-02 15:11:00 -07:00
James Lee 884550ce7c Fix undefined constant bug in session.fs.seek
How did this ever work?  Clearly nothing exercises this code.
2012-03-02 14:43:00 -07:00
James Lee 65c0cbdc00 Allow tab completion for resource files in current dir 2012-03-02 11:19:46 -07:00
Efrain Torres a2e5a4d9d5 New wmap version 1.5. Plugin and mixin changes. Modules edited to adjust to naming convention 2012-03-02 10:18:31 -06:00
James Lee 4f2fd918e4 Only add a Content-Type when it's not nil
Makes it possible to create MIME parts for non-file POST parameters when
sending a file.
2012-03-01 16:28:55 -07:00
James Lee bde9a846b9 Default the index to -1
This prevents stack traces on Java which doesn't provide the index.
2012-02-29 20:27:10 -07:00
James Lee 8380d0e9e0 No need to set the driver anymore
Fixes a ridiculous stack trace when connecting with a yaml file.
2012-02-29 15:47:45 -07:00
James Lee f5e2d1c19b Grevious typo causing load_session_info failure
That's the problem with rescue ::Exception, it catches crap like this
and it takes a while before anyone notices. =(
2012-02-29 08:14:02 -07:00
James Lee 624e19fd8b Merge session-host-rework branch back to master
Squashed commit of the following:

commit 2f4e8df33c5b4baa8d6fd67b400778a3f93482aa
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:31:03 2012 -0700

    Clean up some rdoc comments

    This adds categories for the various interfaces that meterpreter and
    shell sessions implement so they are grouped logically in the docs.

commit 9d31bc1b35845f7279148412f49bda56a39c9d9d
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 13:00:25 2012 -0700

    Combine the docs into one output dir

    There's really no need to separate the API sections into their own
    directory.  Combining them makes it much easier to read.

commit eadd7fc136a9e7e4d9652d55dfb86e6f318332e0
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 08:27:22 2012 -0700

    Keep the order of iface attributes the same accross rubies

    1.8 doesn't maintain insertion order for Hash keys like 1.9 does so we
    end up with ~random order for the display with the previous technique.
    Switch to an Array instead of a Hash so it's always the same.

commit 6f66dd40f39959711f9bacbda99717253a375d21
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 08:23:35 2012 -0700

    Fix a few more compiler warnings

commit f39cb536a80c5000a5b9ca1fec5902300ae4b440
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 08:17:39 2012 -0700

    Fix a type-safety warning

commit 1e52785f38146515409da3724f858b9603d19454
Author: James Lee <egypt@metasploit.com>
Date:   Mon Feb 27 15:21:36 2012 -0700

    LHOST should be OptAddress, not OptAddressRange

commit acef978aa4233c7bd0b00ef63646eb4da5457f67
Author: James Lee <egypt@metasploit.com>
Date:   Sun Feb 26 17:45:59 2012 -0700

    Fix a couple of warnings and a typo

commit 29d87f88790aa1b3e5db6df650ecfb3fb93c675b
Author: HD Moore <hdm@digitaloffense.net>
Date:   Mon Feb 27 11:54:29 2012 -0600

    Fix ctype vs content_type typo

commit 83b5400356c47dd1973e6be3aa343084dfd09c73
Author: Gregory Man <man.gregory@gmail.com>
Date:   Sun Feb 26 15:38:33 2012 +0200

    Fixed scripts/meterpreter/enum_firefox to work with firefox > 3.6.x

commit 49c2c80b347820d02348d694cc71f1b3028b4365
Author: Steve Tornio <swtornio@gmail.com>
Date:   Sun Feb 26 07:13:13 2012 -0600

    add osvdb ref

commit e18e1fe97b89c3a2b8c22bc6c18726853d2c2bee
Author: Matt Andreko <mandreko@gmail.com>
Date:   Sat Feb 25 18:02:56 2012 -0500

    Added aspx target to msfvenom.  This in turn added it to msfencode as well.
    Ref: https://github.com/rapid7/metasploit-framework/pull/188
    Tested on winxp with IIS in .net 1.1 and 2.0 modes

commit e6aa5072112d79bbf8a4d2289cf8d301db3932f5
Author: Joshua J. Drake <github.jdrake@qoop.org>
Date:   Sat Feb 25 13:00:48 2012 -0600

    Fixes #6308: Fall back to 127.0.0.1 when SocketError is raised from the resolver

commit b3371e8bfeea4d84f9d0cba100352b57d7e9e78b
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 17:07:42 2012 -0700

    Simplify logic for whether an inner iface has the same address

commit 5417419f35a40d1c08ca11ca40744722692d3b0d
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:58:16 2012 -0700

    Whitespace

commit 9036875c2918439ae23e11ee7b958e30ccc29545
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:53:45 2012 -0700

    Set session info before worrying about address

    get_interfaces can take a while on Linux, grab uid and hostname earlier
    so we can give the user an idea of what they popped as soon as possible.

commit f34b51c6291031ab25b5bfb1ac6307a516ab0ee9
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:48:42 2012 -0700

    Clean up rdoc

commit e61a0663454400ec66f59a80d18b0baff4cb8cd9
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 04:54:45 2012 -0600

    Ensure the architecture is only the first word (not the full WOW64
    message in some cases)

commit 4c701610976a92298c1182eecc9291a1b301e43b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 04:49:17 2012 -0600

    More paranoia code, just in case RHOST is set to whitespace

commit c5ff89fe3dc9061e0fa9f761e6530f6571989d28
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 04:47:01 2012 -0600

    A few more small bug fixes to handle cases with an empty string target
    host resulting in a bad address

commit 462d0188a1298f29ac83b10349aec6737efc5b19
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 03:55:10 2012 -0600

    Fix up the logic (reversed by accident)

commit 2b2b0adaec2448423dbd3ec54d90a5721965e2df
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 23:29:52 2012 -0600

    Automatically parse system information and populate the db, identify and
    report NAT when detected, show the real session_host in the sessions -l
    listing

commit 547a4ab4c62dc3248f847dd5d305ad3b74157348
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:16:03 2012 -0600

    Fix typo introduced

commit 27a7b7961e61894bdecd55310a8f45d0917c5a5c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:11:38 2012 -0600

    More session.session_host tweaks

commit e447302a1a9915795e89b5e29c89ff2ab9b6209b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:08:20 2012 -0600

    Additional tunnel_peer changes

commit 93369fcffaf8c6b00d992526b4083acfce036bb3
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:06:21 2012 -0600

    Additional changes to session.session_host

commit c3552f66d158685909e2c8b51dfead7c240c4f40
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:00:19 2012 -0600

    Merge changes into the new branch
2012-02-28 18:29:39 -07:00
James Lee 46fef357f4 Clean up some rdoc comments
This adds categories for the various interfaces that meterpreter and
shell sessions implement so they are grouped logically in the docs.
2012-02-28 16:31:03 -07:00
James Lee db88145294 Keep the order of iface attributes the same accross rubies
1.8 doesn't maintain insertion order for Hash keys like 1.9 does so we
end up with ~random order for the display with the previous technique.
Switch to an Array instead of a Hash so it's always the same.
2012-02-28 08:27:22 -07:00
HD Moore d0bf833942 Fix ctype vs content_type typo 2012-02-27 11:54:29 -06:00
sinn3r 58dfe32b0a Merge branch 'aspx-msfvenom' of https://github.com/mandreko/metasploit-framework into mandreko-aspx-msfvenom 2012-02-26 18:40:30 -06:00
HD Moore 139136e033 Fix a handful of typos in the regex/parsing code 2012-02-26 02:10:06 -06:00
Matt Andreko 85645a81c1 Added aspx target to msfvenom. This in turn added it to msfencode as well.
Ref: https://github.com/rapid7/metasploit-framework/pull/188
Tested on winxp with IIS in .net 1.1 and 2.0 modes
2012-02-25 18:02:56 -05:00
James Lee 2b8d16203a Refactor Interfac#pretty to be more rubyish 2012-02-24 16:42:12 -07:00
MM f83a7f14ac Switch to netlink for listing interfaces
* Adds support for listing IPv6 addresses on POSIX meterpreter
* Ensures crash logs are only created if debugging is enabled
* Fixes a bug in sniffer where a lock was not acquired correctly

Squashed commit of the following:

commit 955124b264a675c7d67187703bf23b58f0aba6d8
Author: MM <gaspmat@gmail.com>
Date:   Thu Feb 23 23:42:26 2012 +0100

    posix meterpreter - IPv6 support for route and ipconfig using netlink sockets

[Closes #196]
2012-02-24 16:42:12 -07:00
Tod Beardsley cf0fd2bc93 Version bump to 4.3.0-dev
Closed or moved all the remaining 4.2 bugs, so
now we're in 4.3.0-dev. 4.2.0-release (and really
any -release) is intentionally very short-lived.
2012-02-24 15:06:24 -06:00
James Lee a81868b6b3 Fix a nil comparison bug
I swear there was a ticket for this but now I can't find it.
2012-02-23 16:30:29 -07:00
James Lee f7e60cefed Add a fingerprint for pg on ubuntu 8.04.2 2012-02-23 16:11:52 -07:00
James Lee db4bb0e537 Clean up comments for rdoc
Fixes some ugly formatting
2012-02-23 15:32:05 -07:00
James Lee 72038df7b5 Allow :sname as a synonym for :name when reporting services 2012-02-21 22:59:20 -07:00
Tod Beardsley b87d9a3a80 Version bump. 2012-02-21 17:54:23 -06:00
James Lee 0e375fc555 Remove superfluous db_driver command now that only pg is supported 2012-02-21 10:10:42 -07:00
James Lee 3857bef9f6 Adds help and tabs for commands in meterpreter core 2012-02-21 10:10:42 -07:00
James Lee 89e0842b1e Add vim_soap to the mixins list.
Fixes an issue where a different module load order would result in one
of the vmware modules failing to load be cause vim_soap hadn't been
required yet. Thanks d0rm0us3 for having a weird system and spotting
stuff like this.
2012-02-20 13:17:45 -07:00
Matt Buck e0a75c1b2c Merge branch 'release/4.2-stable'
Conflicts:
	lib/msf/core/model/host.rb
2012-02-19 22:57:22 -06:00
HD Moore c220a80494 Revert "Mark branch as -release (not final, just prep work)"
This reverts commit b02c368c55.
2012-02-19 18:52:10 -06:00
HD Moore b02c368c55 Mark branch as -release (not final, just prep work) 2012-02-19 13:47:52 -06:00
David Maloney 6ced540e0b Merge branch 'vmware-api' into vmware-stable 2012-02-18 18:38:20 -06:00
David Maloney 87242f377f trying to resolve conflict for new mixin 2012-02-18 18:38:02 -06:00
David Maloney 36dc0fee50 Better dynamic soap generation for all the vmware stuff 2012-02-18 18:29:46 -06:00
David Maloney a0dac593bc Merge branch 'vmware-api' of github.com:rapid7/metasploit-framework into vmware-api 2012-02-16 02:22:31 -06:00
David Maloney e9b2e060d6 Permissions scanner for vmware
Fixed the way loot was getting stored to set a propper type
2012-02-16 02:19:33 -06:00
David Maloney 8d7ddab2af Some minor bug fixes
Added vm_tag module for 'flag planting'
2012-02-16 00:45:48 -06:00
David Maloney c5ae56a147 Adding User Enumeration Scanner for vmware 2012-02-15 22:55:11 -06:00
Tod Beardsley 95f54413d8 Create a stable branch of vmware-api
Just to pick up the soap library and the esx_fingerprint stuff.
2012-02-15 21:25:56 -06:00
Tod Beardsley bf9ed96155 Fixes up esx_fingerprint and the host model to ID vmware correctly
Uses the proper host.normalize_os methods to fix up the normalization of
ESX servers.
2012-02-15 20:31:51 -06:00
David Maloney c9cf47bd4c Add Terminate Session module and some extra goodness to enum sessions 2012-02-15 16:39:13 -06:00
James Lee 038893f72a Don't override the host's os_flavor, either
See commit:ca0d2d7bc21e100d5471551d9fb65cce39cc064c
2012-02-15 14:57:06 -07:00
James Lee ca0d2d7bc2 Don't override the host's os_name with "Unknown"
This prevents modules that provide OS fingerprint details via
report_host from being overridden with inconclusive or missing OS
details from service fingerprints.
2012-02-15 10:17:26 -07:00
David Maloney 67ba39cc3e Adds a scanner to pull active login sessions off servers 2012-02-15 02:27:25 -06:00
David Maloney e0f11992af Gah screwed up that commit, accidentally chunked out the rescues. 2012-02-15 02:12:06 -06:00
David Maloney 6b539036c9 Fix fingerprinting in the vmware_http_login module 2012-02-15 01:54:34 -06:00
David Maloney e67e9ab34f Adds a power off vm aux module 2012-02-14 20:52:45 -06:00
David Maloney a256a6fb0b Adds a power on vm module 2012-02-14 20:44:11 -06:00
Tod Beardsley 4e55c8b7e4 Fixes Qualys asset importer to pull all refs
Makes the qualys asset importer behave like the qualys scan importer
when it comes to importing vuln references.
2012-02-14 11:08:51 -06:00
Tod Beardsley 8c1581567c Cleanup on the vmware fingerprinting.
Add in some new OS constants and seperate out the fingerprinting
function from the connection function in order to avoid having errors
swallowed by a rescue.
2012-02-13 16:40:44 -06:00
Tod Beardsley 727cde00c6 Taking David's version of vmware_http_login over mine 2012-02-13 14:54:47 -06:00
David Maloney 8c305e1a28 VMWare Web service finerprinting and OS detection.
VMWare Screenshot stealer
Improvemenets to the mixin
fix to check method for the login scanner
2012-02-13 12:05:32 -06:00
David Maloney f4d768ca64 Fix to use the Rex uri_encode method 2012-02-11 14:57:13 -06:00
David Maloney 676a0c53a0 Working Screenshot capability! 2012-02-11 03:51:18 -06:00
sinn3r 85e644ed4c Merge branch 'railgun_defs' of https://github.com/NoVAHA/metasploit-framework into NoVAHA-railgun_defs 2012-02-10 01:17:07 -06:00
Rob Fuller 3312a16708 Added a message when backgrounding a session 2012-02-09 05:49:40 +00:00
Rob Fuller 1f1e67cb16 Moved railgun function definitions into central storage and out of individual modules where possible 2012-02-09 04:56:13 +00:00
HD Moore 6685a65c39 Spend some time type-checking - no exploitable vulns we are aware of, but no reason to leave it to future chance 2012-02-07 17:17:45 -06:00
Patroklos Argyroudis a3af2a1868 Spelling error fix 2012-02-06 16:25:56 +02:00
Patroklos Argyroudis f3345eb2b8 Mac OS X x64 binary template support 2012-02-06 15:58:01 +02:00
sinn3r db1e400dff Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-02-05 01:27:21 -06:00
HD Moore 7524d5e75d Tweak the event dispatcher to enable customer events without a category
and trigger http request events from the main exploit mixin.
Experimental
2012-02-04 04:44:50 -06:00
HD Moore 6f54f0637b Dont run ifconfig on windows 2012-02-04 01:18:32 -06:00
HD Moore b8756faa68 Merge in updated fastlib 2012-02-04 00:03:03 -06:00
David Maloney 668e5f8c52 More fixes to the vim soa[p libs
Added the SoapAction header as this turns out to be pretty
important for the screenshot task creation method.
2012-02-03 22:11:21 -06:00
matugm f89853d3bc Squashed commit of the following:
commit 69bb41a8176fb814485225e0c3b0e1c44342e652
Author: matugm <matugm@gmail.com>
Date:   Tue Jan 31 11:30:52 2012 +0100

    indentation

commit 175d230a06dc58e2123f092d39f33063efdce83d
Author: matugm <matugm@gmail.com>
Date:   Tue Jan 31 11:13:02 2012 +0100

    Changed way of finding hive names so that it works with xp hives
2012-02-03 17:01:35 -06:00
David Maloney df401f4c94 more fixes to backend stuff, plus updated vmware http login module to use
the correct mixin method now.
2012-02-03 15:44:41 -06:00
Tod Beardsley 148dddba2f http_fingerprint should use the ssl() function
Instead of re-declaring ssl as a variable, just use the library's SSL
function, since it's there and it's incidentally more accurate.
2012-02-03 15:31:20 -06:00
James Lee c0e9825565 Whitespace and a typo 2012-02-03 14:10:17 -07:00
David Maloney b914a97359 Fixes to a bunch of fucntions to work on more complex vmware setups
VM Enuemration now appears to work against VCenter
2012-02-03 14:17:35 -06:00
Tod Beardsley af506240cf http_fingerprint reports service info
Service info once again is reported when http_fingerprint is run against
a target, along with http status codes.
2012-02-03 12:15:11 -06:00
HD Moore 6623988fc0 Remove duplicate interfaces call, fixes #6344 2012-02-03 09:46:08 -06:00
Tod Beardsley 786d75493c Fix up VMWware webscan to not false positive
Checks to see if a target is actually vmware based on the provided
cookie, using the http_fingerprint() function from HttpClient.

[Fixes #6340]
2012-02-02 22:19:57 -06:00
sinn3r f677f51319 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-02-02 16:53:38 -06:00
James Lee cd0a806a06 Sort by filename instead of the default first column
[Fixes 6336]
2012-02-02 12:13:52 -07:00
James Lee b347418f90 Add checks for numeric column data
[Fixes #6303]
2012-02-02 12:13:52 -07:00
James Lee eb795514b3 Add a SortIndex option to rex Table
Allows Table#to_s to do the right thing when the first column isn't the
one we want sorted.
2012-02-02 12:13:51 -07:00
Marcus J. Carey e70f9151e5 Merge remote-tracking branch 'upstream/master' 2012-02-02 07:13:03 -06:00
David Maloney 3f48e626a2 Adding a bunch of new VIM API auxiliary stuff
Work in progress.
2012-02-01 12:05:20 -06:00
HD Moore 46d40b89a5 Make sure at least one character is returned 2012-02-01 02:08:26 -06:00
sinn3r 187f630283 Merge branch 'netrc-creds' of https://github.com/jhartftw/metasploit-framework into jhartftw-netrc-creds 2012-01-31 22:45:47 -06:00
Maciej Kotowicz 01d6903c76 fix few mistakes 2012-01-31 22:01:52 +01:00
HD Moore 77c986948c Proper fix for IPv6 postgresql connections 2012-01-31 02:08:02 -06:00
HD Moore a74cf1ee10 Missing argument 2012-01-31 01:49:42 -06:00
HD Moore 52004b1e33 A little more cleanup for IPv6 in HTTP mixins 2012-01-31 01:44:03 -06:00
HD Moore 32f2d6754c Handle ipv6 addresses, choose more obvious 'bad' password for
fingerprinting
2012-01-31 00:32:54 -06:00
sinn3r b96beb0680 Correct regex syntax. Also some whitespace fix. 2012-01-30 15:49:06 -06:00
Jon Hart 37d467ea79 Loot .netrc files, generic enum_user_directories 2012-01-29 14:03:57 -08:00
Carlos Perez 5acc0c62d2 Have the the load command also look at the ~/.msf4/plugins folder 2012-01-29 15:03:18 -04:00
sinn3r 41ca655d86 Merge pull request #135 from scriptjunkie/master
Allow RPC clients to discover supported encoding formats.
2012-01-28 18:43:05 -08:00
scriptjunkie 086b2e4bf7 Allow RPC clients to discover supported encoding formats. 2012-01-28 15:46:17 -05:00
HD Moore a2d20e25d3 Fix a regression in the workspace inclusion code (only affected
non-DB-connected instances). Add a PCA UDP scanner
2012-01-27 12:36:13 -06:00
sinn3r ac582cd0fc Change the error handling message for read_file_meterpreter(), because this one is easier to understand 2012-01-27 02:17:09 -06:00
sinn3r 3f4dbd9df6 Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework 2012-01-27 01:58:42 -06:00
Stephen Haywood efda420e5f Updates to enum_artifacts 2012-01-26 19:35:39 -05:00
Tod Beardsley 33c53b1f3f Updates vm checking 2012-01-26 13:02:39 -06:00
David Maloney 31f6c4dfff http_fingerprint now reports website isntead of just a service
fixes #6277
2012-01-26 11:05:06 -06:00
Maciej Kotowicz 87e7b10b2d `advance` linux x64 payloads 2012-01-26 01:09:35 +01:00
Maciej Kotowicz fe2caf2fe4 `advance` linux x64 payloads 2012-01-26 00:51:06 +01:00
Marcus J. Carey 9b320fa6f3 Update lib/msf/ui/banner.rb 2012-01-24 23:07:38 -06:00
Marcus J. Carey b135446cc6 Update lib/msf/ui/banner.rb 2012-01-24 23:06:24 -06:00
Marcus J. Carey 79ff641f4d adding new comic strip banner logo 2012-01-24 23:01:48 -06:00
Jon Hart 7ec5f98480 Adding jhart's natpimp libary and modules.
Made some minor corrections -- dropped the #vim splats, switched to msf
constants for service open etc, namely.

[See #106]
2012-01-24 10:32:30 -06:00
scriptjunkie ee2823d23b Compatibility - don't assign LongPtr to Long on x64 2012-01-23 22:17:28 -05:00
Tod Beardsley 26836cab47 Adds a default context for the TFTP Client lib.
For use with nonstandard routing.
2012-01-23 16:00:54 -06:00
Tod Beardsley 31dea3844e Reintroduces chao-mu's OptRegexp
Revert "Revert "Merge pull request #101 from chao-mu/master""

[See #101]

This reverts commit c5ce575543.
2012-01-23 14:21:19 -06:00
scriptjunkie c5590a6c40 Add x64 support to VBA in-mem shellcode execution. 2012-01-23 12:43:47 -05:00
scriptjunkie c6f66f6bb4 Add in-memory shellcode execution via VBA macro.
Keep old embedded exe method as 'vba-exe'.
2012-01-22 07:23:21 -05:00
scriptjunkie 9d7591467f Fix "failed to generate" error when passing a preferred encoder to "payload.generate" method using RPC from, for example, the GUI on Windows.
framework.encoders[reqs['Encoder']] returns nil when, for example, reqs['Encoder'] is in UTF-8 encoding and the corresponding key of the framework.encoders hash in US-ASCII encoding.
2012-01-20 21:06:53 -06:00
sinn3r 955b02e227 Allow 'port' option in module searching (idea originally from Brandon Perry's blog) 2012-01-18 11:19:37 -06:00
Tod Beardsley c5ce575543 Revert "Merge pull request #101 from chao-mu/master"
Reverting the OptRegexp commit from chao-mu. Before committing to
master, this option type needs to be tested on the various mainstream
UI's (Metasploit Pro, msfgui, and Armitage) to see if they behave
as reasonably as msfconsole. Each UI tends to handle option setting,
passing, and display in their own special way.

This should make it back in by Wednesday, assuming all goes well.

[See #101]

This reverts commit 84db5a21fc, reversing
changes made to 24aaf85a1b.
2012-01-17 15:33:47 -06:00
Tod Beardsley cfca791480 Version info toggle for git vs svn checkouts
Version numbers are kind of meaningless in git development branches, but
are reportedly useful for SVN checkouts.

[See #6254]
2012-01-17 14:35:33 -06:00
Brandon Perry d34a9f38a5 Adding bperry's various and sundry regex fixes
[Closes #109]

Squashed commit of the following:

commit 692568d02fbfd547ef2d05ad9887427fc53f8abb
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Mon Jan 16 12:34:35 2012 -0600

    small get_everything fix

commit 5b29a310601b6658ffb74a4922b52bc5b3f864fb
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Mon Jan 16 12:31:31 2012 -0600

    regex fixes

commit a565ade7f4fe42fb5d070d04ac1ba4e65c98d8b8
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Sun Jan 15 16:39:29 2012 -0600

    registry.rb in lib/rex

commit 3609313ea357884480750948a9b0cc6514dcfcc2
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Sun Jan 15 16:32:06 2012 -0600

    boot key fixed

commit e591ed1815b01b3e535b517c73470ad9984fe8c7
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Sun Jan 15 15:53:21 2012 -0600

    fixes

commit 3598f3482eea2845baead71310d6192e105b6074
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Sat Jan 14 13:47:29 2012 -0600

    stuff

commit 8a8d0dfda603d3697b54bd852f131795259f9c28
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Fri Jan 13 22:57:30 2012 -0600

    reg fixes

commit fcfb51bb64b2d8ee6a28722bbf1998be47145b90
Merge: 2c7cfde 24aaf85
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Fri Jan 13 21:54:45 2012 -0600

    Merge remote-tracking branch 'upstream/master'

commit 2c7cfdef41d9cdcce563c4d623c1c3585170d1fe
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Tue Jan 10 19:16:37 2012 -0600

    typo
2012-01-16 17:54:33 -06:00
Tod Beardsley 84db5a21fc Merge pull request #101 from chao-mu/master
Created Regexp option type
2012-01-14 07:25:50 -08:00
Tod Beardsley 24aaf85a1b Merge pull request #98 from brandonprry/master
Offline registry reading library for rex (Rex::Registry)
2012-01-13 16:54:43 -08:00
Tod Beardsley 4ac6c0c3ee A great big pile of fixes to the ssh scanners
Not sure how this managed to fall out of master -- some of these fixes
are five days old, and should certianly have been merged in prior to
just now.
2012-01-13 13:49:21 -06:00
chao-mu b6b49ad672 Merge remote branch 'upstream/master' 2012-01-12 19:40:24 -05:00
chao-mu a8a3d4d2c7 Updatted railgun_reverse_lookups test module to use the new regex options. Corrected spelling mistake in a variable name (my editor ate a p) 2012-01-12 19:39:05 -05:00
sinn3r 02bd1f3407 Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework 2012-01-12 17:06:14 -06:00
Stephen Haywood 8d19bca2a9 Added remote digest methods 2012-01-12 12:47:29 -05:00
Tod Beardsley 5f121fe181 Workaround postgresql.fingerprint dlog message
Came up as a concern, this special-cases notes of
"postgresql.fingerprint". Not thrilled with this fix, though.
2012-01-11 13:17:21 -06:00
Brandon Perry 0236a6994f registry stuff 2012-01-10 18:45:24 -06:00
David Maloney ed0dbad243 Fix to MSSQL Ping that returns ALL known isntances onstead of jsut the first one.
Fixes #6066
2012-01-10 12:32:47 -08:00
chao-mu b23b7b8a88 Adds support for a regular expression based Option (RegexpOpt). Also introduced a method to OptBase called display_value which returns the value to be displayed to the user. 2012-01-10 09:22:14 -05:00
James Lee 753ddb27c5 Make all the EXE options OptPath 2012-01-10 03:36:47 -07:00
James Lee 1eb4900102 Make EXE::Custom an OptPath so it can be tab'd 2012-01-10 03:25:13 -07:00
Tod Beardsley 9e78eff968 Merge pull request #96 from chao-mu/master
Updates to Railgun

[Fixes #6128] among other things.
2012-01-09 06:43:02 -08:00
Tod Beardsley badf62d8e0 Add back in ssh_key_matches?() 2012-01-08 22:45:00 -06:00
Tod Beardsley a1668f2b23 Adds SSHKey gem and some other ssh goodies
Pubkeys are now stored as loot, and the Cred model has new and exciting
ways to discover which pubkeys match which privkeys.

Squashed commit of the following:

commit 036d2eb61500da7e161f50d348a44fbf615f6e17
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 22:23:32 2012 -0600

    Updates ssh credentials to easily find common keys

    Instead of making the modules do all the work of cross-checking keys,
    this introduces a few new methods to the Cred model to make this more
    universal.

    Also includes the long-overdue workspace() method for credentials.

    So far, nothing actually implements it, but it's nice that it's there
    now.

commit c28430a721fc6272e48329bed902dd5853b4a75a
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 20:10:40 2012 -0600

    Adding back cross-checking for privkeys.

    Needs to test to see if anything depends on order, but should
    be okay to mark up the privkey proof with this as well.

commit dd3563995d4d3c015173e730eebacf471c671b4f
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 16:49:56 2012 -0600

    Add SSHKey gem, convert PEM pubkeys to SSH pubkeys

commit 11fc363ebda7bda2c3ad6d940299bf4cbafac6fd
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 13:51:55 2012 -0600

    Store pubkeys as loot for reuse.

    Yanked cross checking for now, will drop back in before pushing.

commit aad12b31a897db2952999f7be0161df1f59b6000
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 02:10:12 2012 -0600

    Fixes up a couple typos in ssh_identify_pubkeys

commit 48937728a92b9ae52d0b93cdcd20bb83f15f8803
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sat Jan 7 17:18:33 2012 -0600

    Updates to ssh_identify_pubkeys and friends

    Switches reporting to cred-based rather than note-based, accurately deal
    with DSA keys, adds disable_agent option to other ssh modules, and
    reports successful ssh_login attempts pubkey fingerprints as well.

    This last thing Leads to some double accounting of creds, so I'm not
    super-thrilled, but it sure makes searching for ssh_pubkey types a lot
    easier.... maybe a better solution is to just have a special method for
    the cred model, though.
2012-01-08 22:28:37 -06:00
chao-mu f7a9518944 In railgun mixin, "error_lookup" has been renamed "lookup_error" and now accepts a filtering regular expression. ::BUILTIN_DLLS instead of .builtin_dlls 2012-01-08 17:18:34 -05:00
chao-mu d0fb9424b2 Updated to use "reject!" instead of "select!" so older versions of ruby are happy 2012-01-08 11:16:17 -05:00
chao-mu 6591bd3a45 Completed test coverage for pointer_util.rb and fixed the bugs I found 2012-01-08 11:05:24 -05:00
chao-mu f9d123a8c8 Merge remote branch 'upstream/master' 2012-01-07 19:06:51 -05:00
James Lee c2406e0e65 Fix whitespace at EOL 2012-01-06 21:13:17 -07:00
James Lee c35c7f5fab Add tab completion for pushm
[See #6165]
2012-01-06 21:10:59 -07:00
James Lee 7ea5f87960 Allow proper ruby types for evasion configuration
At some point in the distant past, the datastore was all strings and the
various option types got parsed out in the appropriate places. Then, in
the somewhat more recent past, the options started getting converted to
regular ruby types (such as TrueClass for a BOOL options, etc) earlier
in their life.  Apparently, that change broke boolean http evasions.
This commit fixes them by ensuring that +true+ is just as acceptable as
"true".

Fixes #6198, thanks Ashish for the report
2012-01-06 20:05:29 -07:00
chao-mu c59e08ce7d Moved utility codde and expanded railgun test suite runner 2012-01-06 21:07:16 -05:00
chao-mu f41fc7a0ac Moved platform_util.rb and added the tests for the new utilities to railgun.rb.ts.rb 2012-01-06 20:56:41 -05:00
chao-mu bd52f228a0 Merge remote branch 'upstream/master' 2012-01-06 20:27:53 -05:00
HD Moore c2a71d63b4 Tweak the logic here 2012-01-06 00:53:50 -06:00
HD Moore 9c827abcb7 net-ssh hackery to disable agent support, disable private key support,
and add a callback
2012-01-05 14:10:31 -06:00
Jonathan Cran eec70706d0 make the esx driver dependent on meterpreter 2012-01-05 20:42:58 -06:00
Jonathan Cran bedc34ad44 Merge branch 'master' of r7.github.com:rapid7/metasploit-framework 2012-01-05 18:26:26 -06:00
Jonathan Cran c522514030 update the meterpreter modifier to reflect the new copy_ api 2012-01-05 18:26:05 -06:00
David Maloney 54bca49ef9 Slightly better fix to the digest request header issue 2012-01-05 12:25:32 -08:00
David Maloney e61b4ed65c Fixed issue with send_digest_request_cgi not keeping user supplied headers. 2012-01-05 12:02:21 -08:00
chao-mu 3772f56260 Am making use of platform_util.rb's platform symbols for standardization across railgun. Ideally only platform_util.rb will need to know what platform strings look like and how they are represented in the railgun world. Corrected railgun.rb mixin's pointer_size function. 2012-01-04 22:28:20 -05:00
chao-mu 6db2da1f76 module Rex
module Post
module Meterpreter
module Extensions
module Stdapi
module Railgun
module Type
module PlatformUtil

	X86_64 = :x86_64
	X86_32 = :x86_32

	def self.parse_client_platform(meterp_client_platform)
		meterp_client_platform =~ /win64/ ? X86_64 : X86_32
	end

end # PlatformUtil
end # Type
end # Railgun
end # Stdapi
end # Extensions
end # Meterpreter
end # Post
end # Rex
2012-01-04 22:11:09 -05:00
chao-mu d995c3893b Platform handling utilities. I want to protect railgun against changes to client.platform's general form 2012-01-04 21:56:34 -05:00
chao-mu d46379dda2 Merge remote branch 'upstream/master' 2012-01-04 19:32:06 -05:00
chao-mu 3d7d5d5f3d Utility for working with pointers. Test coverage is incomplete 2012-01-04 19:30:30 -05:00
Tod Beardsley 164c80d496 Adding a comment doc to the shadowcopy lib.
Citing Tim Tomes and Mark Baggett
2012-01-04 12:03:13 -06:00
chao-mu b9b5b1e66f Merge remote branch 'upstream/master' 2012-01-02 20:07:50 -05:00
David Maloney dd0b07b2cc Adds mixin and post modules to manipulate Volume shadowcopy Service(VSS) 2011-12-30 15:03:04 -08:00
Joshua Smith 29b6d0d1e3 Adds previous, pushm, popm to msfconsole
Adds the ability to set and use a stack of modules, and to easily switch
between the last two modules used.

[Fixes #6165][Closes #84]
Squashed commit of the following:

commit e41e7f704888b1ce5ad5f23caeee1de13052e3d5
Author: Joshua Smith <kernelsmith@kernelsmith.com>
Date:   Mon Dec 26 15:52:08 2011 -0500

    pushm/popm working great, let me know if you find bugs

commit 23da8d56ea08ca196e649431e8188b4f29ba97b9
Author: Joshua Smith <kernelsmith@kernelsmith.com>
Date:   Mon Dec 26 14:37:18 2011 -0500

    Adds the 'previous' command to msfconsole which will load the previously active module as the currently active module, adds @previous_module as a class variable
2011-12-30 15:30:55 -06:00
James Lee 0fa0ceccb5 Merge branch 'master' of github-r7:rapid7/metasploit-framework 2011-12-30 10:55:48 -07:00
James Lee ba017773b2 Cleanup whitespace at EOL 2011-12-30 10:55:01 -07:00
andurin 898df592be Fix2 rpc exception handling
HD suggested a small tweak to use error_code OR res.code for the raise
2011-12-30 07:05:26 +01:00
andurin 7b4de2380f Small fix: RPC client exception handling
IMHO rpc client should transform the error code from Msf::RPC::Exception
into it's own Msf::RPC::ServerException and should not take the msgpack
response code.

In deep:
I ran into a '401 invalid auth token' after a token timeout (300s).
RPC Daemon raised a 401 - invalid auth token as expected but rpc client
transformed it to a '200 - invalid auth token' using the successful http
transaction to transport the exception.
2011-12-30 05:44:26 +01:00
Tod Beardsley bc22b7de99 MSFConsole should display hostless loot, also typo fix.
Fixes the console to display loot not associated with a host, as when
the CorpWatch modules save loot. Also fixes a typo on
corpwatch_lookup_id.rb

Fixes #6177
2011-12-29 15:11:15 -06:00
Tod Beardsley 78da15ed15 Always check for the current workspace when calling Report#myworkspace().
Fixes #6175
2011-12-29 13:48:05 -06:00
Tod Beardsley 4d8aea4ef8 Missed a session.options. 2011-12-29 08:59:16 -06:00
chao-mu ebe461cce7 Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2011-12-28 20:14:01 -05:00
chao-mu 0054fb5167 using select! instead of delete_if to avoid double negatives... 2011-12-28 20:05:54 -05:00
Tod Beardsley 84dfd46006 Merge pull request #83 from dirtyfilthy/rename_ssh_forward_options_var
rename non existent local variable 'options' to correct session.options
2011-12-28 13:52:28 -08:00
David Maloney 3bb2b5b7fd Fixed typo in validation routine 2011-12-28 09:40:36 -08:00
David Maloney 9e1e87508f Fix to boundary validation for when no db is present
Fixes #6171
2011-12-28 08:47:22 -08:00
chao-mu 5560c6b17e Moved and adapted code relating to looking up constant names by constant value 2011-12-28 00:40:08 -05:00
chao-mu ffcf5af9b0 Merge remote branch 'upstream/master' 2011-12-27 22:06:51 -05:00
David Maloney a2760b219d Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-27 11:34:36 -08:00
David Maloney 9b995bc0a5 Adds boundary validation to the framework
enforces boudnary checking on netbios probes
2011-12-27 11:33:52 -08:00
James Lee 80603e03cb grab the appropriate shell from mult-platform meterpreters and use /bin/sh instead of /bin/bash for linux to improve compatibility, fixes #5996 2011-12-26 14:41:24 -07:00
alhazred 39b365702f rename non existent local variable 'options' to correct session.options 2011-12-26 21:40:46 +13:00
chao-mu 1604162ba3 A place to add railgun convenience code for use in modules 2011-12-24 15:59:46 -05:00
Tod Beardsley 35e868f705 Merge pull request #67 from kernelsmith/railgun-add_const_reverse_lookup
Add const_reverse_lookup and error_lookup to railgun (redmine 6128)
2011-12-22 14:43:24 -08:00
Jonathan Cran e48031cf22 squashed lab upload commit 2011-12-22 14:56:45 -06:00
Tod Beardsley b6d56e8410 Fixes VBS executable creator util
Fixes #6152, using booleans instead of ints.

Tip o' the hat to cloder for the MSDN ref:
http://msdn.microsoft.com/en-us/library/aa265018%28v=vs.60%29.aspx

Tested works on winxp and win7 targets via the persistence meterpreter
script.
2011-12-22 13:13:34 -06:00
Tod Beardsley 743a0546f1 Don't blow up if the user doesn't set a filename
Can't actually require FILENAME or REMOTE_FILENAME because I don't know
if you're going to upload or download. However, there shouldn't be a
stacktrace when you just try to go with neither.
2011-12-21 16:26:29 -06:00
Tod Beardsley 1a396ba955 Merge pull request #70 from rapid7/tftp_client
Tftp client
2011-12-20 08:42:42 -08:00
Tod Beardsley 24d53efa7c Final touches on TFTP client
See #5291. Adds an option to mess with the block size in case someone
wants to write a fuzzer or exploit that leverages that. Adds a cleanup
method to the module (pretty much required, it turns out). Looking
nearly final, just need to rename the module and I think we're good to
push to master.
2011-12-20 10:03:04 -06:00
alhazred 3b44aa9e39 fix for ssh forwarding not handling the eof packet type 2011-12-20 19:42:54 +13:00
Tod Beardsley 677cb4b152 Handle empty data sends sanely for TFTP.
Don't just hang forever -- let the user know they just send empty data.
TFTP servers don't like this of course.
2011-12-19 21:56:03 -06:00
Tod Beardsley 2b3e3725ac TFTP adding comment docs, ability to send w/out a file.
Commenting the tricksy parts a little better for general usage.

Adding the ability to set FILEDATA instead of FILENAME, in case
only short bits of data are desired and the user doesn't want
to go to the trouble of creating a source file to upload.
2011-12-19 18:15:19 -06:00
Tod Beardsley 431ef826c9 TFTP client now uses constants, preserves trailing spaces/nulls in data
See #5291, just rediscovered the bug on this.
2011-12-19 16:33:25 -06:00
Tod Beardsley 5eaf2e7535 Adding download and loot functionality.
Still need to deal with the use case of not passing a block; blocks
should not be required, it should be okay to invoke and just wait for
the complete attribute to be true. You'll miss out on error messages but
eh, maybe those should be return values.
2011-12-19 15:50:50 -06:00
Tod Beardsley aecde6fea4 Updating TFTP client. Now with grown-up thread handling.
No longer blocks on successful connections.
2011-12-19 12:14:40 -06:00
Tod Beardsley 902d7f5ea7 Adding more to TFTP. Still need a read tho
Adds error checking and some helpful messaging in the event of an error.
In the event of a failed transfer the module exits immediately, but in
success, I'm still hanging around for several seconds after. Not a deal
breaker but can be annoying.

Also, need to implement a read as well as a write and store it as loot,
to be actually useful for most TFTP checking.
2011-12-18 21:05:27 -06:00
Joshua Smith 8bdf76a87b Adds const_reverse_lookup and error_lookup methods to the railgun instance, also adds test/modules/post/test/railgun_reverse_lookups.rb, tested, working great 2011-12-17 16:19:32 -05:00
chao-mu df0abd0273 Merge remote branch 'upstream/master' 2011-12-16 19:44:13 -05:00
Tod Beardsley 50fa10679b First draft of a TFTP client.
Could use some actual error checking and also needs to expose
more options.
2011-12-16 18:41:55 -06:00
chao ec1dd8154e When duplicating a DLL, duplicate everything underneath it to remain threadsafe. I wrote this patch months and months ago. The way I am deep copying produced much groaning in #metasploit when I put it in for code review. It was ultimately declared the lesser of two evils. If you have chat logs from months ago you may be able to find the discussion 2011-12-15 22:05:02 -05:00
Joshua Smith 5166bdcb01 initial, working resource file tab completion, completes from <install_dir>/scripts/resource, see redmine no. 4611 2011-12-15 17:27:52 -05:00
Jenkins f6ef4ce2d1 add submodule 2011-12-13 21:45:18 -06:00
Jonathan Cran 6165b7a1eb This commit adds a junit_success method, which can be called to
generate a test case success xml. This is necessary for the parser to
recognize that tests were indeed run.
2011-12-13 21:13:31 -06:00
HD Moore cb94b92e9c What in nine hells was this. 2011-12-13 16:04:25 -06:00