Commit Graph

3232 Commits (4f05f4e03f19546b14204b7aa4a2d020b7450a40)

Author SHA1 Message Date
sinn3r db1e400dff Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-02-05 01:27:21 -06:00
HD Moore 7524d5e75d Tweak the event dispatcher to enable customer events without a category
and trigger http request events from the main exploit mixin.
Experimental
2012-02-04 04:44:50 -06:00
HD Moore 6f54f0637b Dont run ifconfig on windows 2012-02-04 01:18:32 -06:00
David Maloney 668e5f8c52 More fixes to the vim soa[p libs
Added the SoapAction header as this turns out to be pretty
important for the screenshot task creation method.
2012-02-03 22:11:21 -06:00
David Maloney df401f4c94 more fixes to backend stuff, plus updated vmware http login module to use
the correct mixin method now.
2012-02-03 15:44:41 -06:00
Tod Beardsley 148dddba2f http_fingerprint should use the ssl() function
Instead of re-declaring ssl as a variable, just use the library's SSL
function, since it's there and it's incidentally more accurate.
2012-02-03 15:31:20 -06:00
James Lee c0e9825565 Whitespace and a typo 2012-02-03 14:10:17 -07:00
David Maloney b914a97359 Fixes to a bunch of fucntions to work on more complex vmware setups
VM Enuemration now appears to work against VCenter
2012-02-03 14:17:35 -06:00
Tod Beardsley af506240cf http_fingerprint reports service info
Service info once again is reported when http_fingerprint is run against
a target, along with http status codes.
2012-02-03 12:15:11 -06:00
Tod Beardsley 786d75493c Fix up VMWware webscan to not false positive
Checks to see if a target is actually vmware based on the provided
cookie, using the http_fingerprint() function from HttpClient.

[Fixes #6340]
2012-02-02 22:19:57 -06:00
Marcus J. Carey e70f9151e5 Merge remote-tracking branch 'upstream/master' 2012-02-02 07:13:03 -06:00
David Maloney 3f48e626a2 Adding a bunch of new VIM API auxiliary stuff
Work in progress.
2012-02-01 12:05:20 -06:00
HD Moore 46d40b89a5 Make sure at least one character is returned 2012-02-01 02:08:26 -06:00
sinn3r 187f630283 Merge branch 'netrc-creds' of https://github.com/jhartftw/metasploit-framework into jhartftw-netrc-creds 2012-01-31 22:45:47 -06:00
HD Moore 77c986948c Proper fix for IPv6 postgresql connections 2012-01-31 02:08:02 -06:00
HD Moore a74cf1ee10 Missing argument 2012-01-31 01:49:42 -06:00
HD Moore 52004b1e33 A little more cleanup for IPv6 in HTTP mixins 2012-01-31 01:44:03 -06:00
HD Moore 32f2d6754c Handle ipv6 addresses, choose more obvious 'bad' password for
fingerprinting
2012-01-31 00:32:54 -06:00
sinn3r b96beb0680 Correct regex syntax. Also some whitespace fix. 2012-01-30 15:49:06 -06:00
Jon Hart 37d467ea79 Loot .netrc files, generic enum_user_directories 2012-01-29 14:03:57 -08:00
Carlos Perez 5acc0c62d2 Have the the load command also look at the ~/.msf4/plugins folder 2012-01-29 15:03:18 -04:00
sinn3r 41ca655d86 Merge pull request #135 from scriptjunkie/master
Allow RPC clients to discover supported encoding formats.
2012-01-28 18:43:05 -08:00
scriptjunkie 086b2e4bf7 Allow RPC clients to discover supported encoding formats. 2012-01-28 15:46:17 -05:00
HD Moore a2d20e25d3 Fix a regression in the workspace inclusion code (only affected
non-DB-connected instances). Add a PCA UDP scanner
2012-01-27 12:36:13 -06:00
sinn3r ac582cd0fc Change the error handling message for read_file_meterpreter(), because this one is easier to understand 2012-01-27 02:17:09 -06:00
sinn3r 3f4dbd9df6 Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework 2012-01-27 01:58:42 -06:00
Stephen Haywood efda420e5f Updates to enum_artifacts 2012-01-26 19:35:39 -05:00
Tod Beardsley 33c53b1f3f Updates vm checking 2012-01-26 13:02:39 -06:00
David Maloney 31f6c4dfff http_fingerprint now reports website isntead of just a service
fixes #6277
2012-01-26 11:05:06 -06:00
Marcus J. Carey 9b320fa6f3 Update lib/msf/ui/banner.rb 2012-01-24 23:07:38 -06:00
Marcus J. Carey b135446cc6 Update lib/msf/ui/banner.rb 2012-01-24 23:06:24 -06:00
Marcus J. Carey 79ff641f4d adding new comic strip banner logo 2012-01-24 23:01:48 -06:00
scriptjunkie ee2823d23b Compatibility - don't assign LongPtr to Long on x64 2012-01-23 22:17:28 -05:00
Tod Beardsley 31dea3844e Reintroduces chao-mu's OptRegexp
Revert "Revert "Merge pull request #101 from chao-mu/master""

[See #101]

This reverts commit c5ce575543.
2012-01-23 14:21:19 -06:00
scriptjunkie c5590a6c40 Add x64 support to VBA in-mem shellcode execution. 2012-01-23 12:43:47 -05:00
scriptjunkie c6f66f6bb4 Add in-memory shellcode execution via VBA macro.
Keep old embedded exe method as 'vba-exe'.
2012-01-22 07:23:21 -05:00
scriptjunkie 9d7591467f Fix "failed to generate" error when passing a preferred encoder to "payload.generate" method using RPC from, for example, the GUI on Windows.
framework.encoders[reqs['Encoder']] returns nil when, for example, reqs['Encoder'] is in UTF-8 encoding and the corresponding key of the framework.encoders hash in US-ASCII encoding.
2012-01-20 21:06:53 -06:00
sinn3r 955b02e227 Allow 'port' option in module searching (idea originally from Brandon Perry's blog) 2012-01-18 11:19:37 -06:00
Tod Beardsley c5ce575543 Revert "Merge pull request #101 from chao-mu/master"
Reverting the OptRegexp commit from chao-mu. Before committing to
master, this option type needs to be tested on the various mainstream
UI's (Metasploit Pro, msfgui, and Armitage) to see if they behave
as reasonably as msfconsole. Each UI tends to handle option setting,
passing, and display in their own special way.

This should make it back in by Wednesday, assuming all goes well.

[See #101]

This reverts commit 84db5a21fc, reversing
changes made to 24aaf85a1b.
2012-01-17 15:33:47 -06:00
Tod Beardsley cfca791480 Version info toggle for git vs svn checkouts
Version numbers are kind of meaningless in git development branches, but
are reportedly useful for SVN checkouts.

[See #6254]
2012-01-17 14:35:33 -06:00
Tod Beardsley 84db5a21fc Merge pull request #101 from chao-mu/master
Created Regexp option type
2012-01-14 07:25:50 -08:00
Tod Beardsley 4ac6c0c3ee A great big pile of fixes to the ssh scanners
Not sure how this managed to fall out of master -- some of these fixes
are five days old, and should certianly have been merged in prior to
just now.
2012-01-13 13:49:21 -06:00
chao-mu b6b49ad672 Merge remote branch 'upstream/master' 2012-01-12 19:40:24 -05:00
chao-mu a8a3d4d2c7 Updatted railgun_reverse_lookups test module to use the new regex options. Corrected spelling mistake in a variable name (my editor ate a p) 2012-01-12 19:39:05 -05:00
sinn3r 02bd1f3407 Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework 2012-01-12 17:06:14 -06:00
Stephen Haywood 8d19bca2a9 Added remote digest methods 2012-01-12 12:47:29 -05:00
Tod Beardsley 5f121fe181 Workaround postgresql.fingerprint dlog message
Came up as a concern, this special-cases notes of
"postgresql.fingerprint". Not thrilled with this fix, though.
2012-01-11 13:17:21 -06:00
David Maloney ed0dbad243 Fix to MSSQL Ping that returns ALL known isntances onstead of jsut the first one.
Fixes #6066
2012-01-10 12:32:47 -08:00
chao-mu b23b7b8a88 Adds support for a regular expression based Option (RegexpOpt). Also introduced a method to OptBase called display_value which returns the value to be displayed to the user. 2012-01-10 09:22:14 -05:00
James Lee 753ddb27c5 Make all the EXE options OptPath 2012-01-10 03:36:47 -07:00
James Lee 1eb4900102 Make EXE::Custom an OptPath so it can be tab'd 2012-01-10 03:25:13 -07:00
Tod Beardsley 9e78eff968 Merge pull request #96 from chao-mu/master
Updates to Railgun

[Fixes #6128] among other things.
2012-01-09 06:43:02 -08:00
Tod Beardsley badf62d8e0 Add back in ssh_key_matches?() 2012-01-08 22:45:00 -06:00
Tod Beardsley a1668f2b23 Adds SSHKey gem and some other ssh goodies
Pubkeys are now stored as loot, and the Cred model has new and exciting
ways to discover which pubkeys match which privkeys.

Squashed commit of the following:

commit 036d2eb61500da7e161f50d348a44fbf615f6e17
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 22:23:32 2012 -0600

    Updates ssh credentials to easily find common keys

    Instead of making the modules do all the work of cross-checking keys,
    this introduces a few new methods to the Cred model to make this more
    universal.

    Also includes the long-overdue workspace() method for credentials.

    So far, nothing actually implements it, but it's nice that it's there
    now.

commit c28430a721fc6272e48329bed902dd5853b4a75a
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 20:10:40 2012 -0600

    Adding back cross-checking for privkeys.

    Needs to test to see if anything depends on order, but should
    be okay to mark up the privkey proof with this as well.

commit dd3563995d4d3c015173e730eebacf471c671b4f
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 16:49:56 2012 -0600

    Add SSHKey gem, convert PEM pubkeys to SSH pubkeys

commit 11fc363ebda7bda2c3ad6d940299bf4cbafac6fd
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 13:51:55 2012 -0600

    Store pubkeys as loot for reuse.

    Yanked cross checking for now, will drop back in before pushing.

commit aad12b31a897db2952999f7be0161df1f59b6000
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 02:10:12 2012 -0600

    Fixes up a couple typos in ssh_identify_pubkeys

commit 48937728a92b9ae52d0b93cdcd20bb83f15f8803
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sat Jan 7 17:18:33 2012 -0600

    Updates to ssh_identify_pubkeys and friends

    Switches reporting to cred-based rather than note-based, accurately deal
    with DSA keys, adds disable_agent option to other ssh modules, and
    reports successful ssh_login attempts pubkey fingerprints as well.

    This last thing Leads to some double accounting of creds, so I'm not
    super-thrilled, but it sure makes searching for ssh_pubkey types a lot
    easier.... maybe a better solution is to just have a special method for
    the cred model, though.
2012-01-08 22:28:37 -06:00
chao-mu f7a9518944 In railgun mixin, "error_lookup" has been renamed "lookup_error" and now accepts a filtering regular expression. ::BUILTIN_DLLS instead of .builtin_dlls 2012-01-08 17:18:34 -05:00
chao-mu f9d123a8c8 Merge remote branch 'upstream/master' 2012-01-07 19:06:51 -05:00
James Lee c2406e0e65 Fix whitespace at EOL 2012-01-06 21:13:17 -07:00
James Lee c35c7f5fab Add tab completion for pushm
[See #6165]
2012-01-06 21:10:59 -07:00
chao-mu bd52f228a0 Merge remote branch 'upstream/master' 2012-01-06 20:27:53 -05:00
David Maloney 54bca49ef9 Slightly better fix to the digest request header issue 2012-01-05 12:25:32 -08:00
David Maloney e61b4ed65c Fixed issue with send_digest_request_cgi not keeping user supplied headers. 2012-01-05 12:02:21 -08:00
chao-mu 3772f56260 Am making use of platform_util.rb's platform symbols for standardization across railgun. Ideally only platform_util.rb will need to know what platform strings look like and how they are represented in the railgun world. Corrected railgun.rb mixin's pointer_size function. 2012-01-04 22:28:20 -05:00
chao-mu 6db2da1f76 module Rex
module Post
module Meterpreter
module Extensions
module Stdapi
module Railgun
module Type
module PlatformUtil

	X86_64 = :x86_64
	X86_32 = :x86_32

	def self.parse_client_platform(meterp_client_platform)
		meterp_client_platform =~ /win64/ ? X86_64 : X86_32
	end

end # PlatformUtil
end # Type
end # Railgun
end # Stdapi
end # Extensions
end # Meterpreter
end # Post
end # Rex
2012-01-04 22:11:09 -05:00
chao-mu d46379dda2 Merge remote branch 'upstream/master' 2012-01-04 19:32:06 -05:00
Tod Beardsley 164c80d496 Adding a comment doc to the shadowcopy lib.
Citing Tim Tomes and Mark Baggett
2012-01-04 12:03:13 -06:00
chao-mu b9b5b1e66f Merge remote branch 'upstream/master' 2012-01-02 20:07:50 -05:00
David Maloney dd0b07b2cc Adds mixin and post modules to manipulate Volume shadowcopy Service(VSS) 2011-12-30 15:03:04 -08:00
Joshua Smith 29b6d0d1e3 Adds previous, pushm, popm to msfconsole
Adds the ability to set and use a stack of modules, and to easily switch
between the last two modules used.

[Fixes #6165][Closes #84]
Squashed commit of the following:

commit e41e7f704888b1ce5ad5f23caeee1de13052e3d5
Author: Joshua Smith <kernelsmith@kernelsmith.com>
Date:   Mon Dec 26 15:52:08 2011 -0500

    pushm/popm working great, let me know if you find bugs

commit 23da8d56ea08ca196e649431e8188b4f29ba97b9
Author: Joshua Smith <kernelsmith@kernelsmith.com>
Date:   Mon Dec 26 14:37:18 2011 -0500

    Adds the 'previous' command to msfconsole which will load the previously active module as the currently active module, adds @previous_module as a class variable
2011-12-30 15:30:55 -06:00
andurin 898df592be Fix2 rpc exception handling
HD suggested a small tweak to use error_code OR res.code for the raise
2011-12-30 07:05:26 +01:00
andurin 7b4de2380f Small fix: RPC client exception handling
IMHO rpc client should transform the error code from Msf::RPC::Exception
into it's own Msf::RPC::ServerException and should not take the msgpack
response code.

In deep:
I ran into a '401 invalid auth token' after a token timeout (300s).
RPC Daemon raised a 401 - invalid auth token as expected but rpc client
transformed it to a '200 - invalid auth token' using the successful http
transaction to transport the exception.
2011-12-30 05:44:26 +01:00
Tod Beardsley bc22b7de99 MSFConsole should display hostless loot, also typo fix.
Fixes the console to display loot not associated with a host, as when
the CorpWatch modules save loot. Also fixes a typo on
corpwatch_lookup_id.rb

Fixes #6177
2011-12-29 15:11:15 -06:00
Tod Beardsley 78da15ed15 Always check for the current workspace when calling Report#myworkspace().
Fixes #6175
2011-12-29 13:48:05 -06:00
chao-mu ebe461cce7 Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2011-12-28 20:14:01 -05:00
David Maloney 3bb2b5b7fd Fixed typo in validation routine 2011-12-28 09:40:36 -08:00
David Maloney 9e1e87508f Fix to boundary validation for when no db is present
Fixes #6171
2011-12-28 08:47:22 -08:00
chao-mu 5560c6b17e Moved and adapted code relating to looking up constant names by constant value 2011-12-28 00:40:08 -05:00
chao-mu ffcf5af9b0 Merge remote branch 'upstream/master' 2011-12-27 22:06:51 -05:00
David Maloney 9b995bc0a5 Adds boundary validation to the framework
enforces boudnary checking on netbios probes
2011-12-27 11:33:52 -08:00
chao-mu 1604162ba3 A place to add railgun convenience code for use in modules 2011-12-24 15:59:46 -05:00
Tod Beardsley b6d56e8410 Fixes VBS executable creator util
Fixes #6152, using booleans instead of ints.

Tip o' the hat to cloder for the MSDN ref:
http://msdn.microsoft.com/en-us/library/aa265018%28v=vs.60%29.aspx

Tested works on winxp and win7 targets via the persistence meterpreter
script.
2011-12-22 13:13:34 -06:00
Joshua Smith 5166bdcb01 initial, working resource file tab completion, completes from <install_dir>/scripts/resource, see redmine no. 4611 2011-12-15 17:27:52 -05:00
Jonathan Cran 6165b7a1eb This commit adds a junit_success method, which can be called to
generate a test case success xml. This is necessary for the parser to
recognize that tests were indeed run.
2011-12-13 21:13:31 -06:00
HD Moore cb94b92e9c What in nine hells was this. 2011-12-13 16:04:25 -06:00
HD Moore f38a794b1c Convert ` to ' 2011-12-13 16:02:23 -06:00
HD Moore cfa128a2c8 Show the actual module name in the stack trace (instead of eval) 2011-12-13 09:47:37 -06:00
HD Moore 1d244c4b27 Return the URL in the correct format from the model 2011-12-11 13:50:21 -06:00
HD Moore 17cc89ebad Add IPv6 specific HTTP(S) handlers and payloads (simplifies
options/usage)
2011-12-11 13:26:48 -06:00
HD Moore 8e01312d0f Formatting 2011-12-10 13:27:47 -06:00
HD Moore e33ca5a7ba Small typo fix 2011-12-10 13:26:47 -06:00
HD Moore e46745b761 Add support for link-local scopes 2011-12-10 13:24:58 -06:00
HD Moore 9c887eb457 Fix displayed host name for IPv6 targets 2011-12-10 13:24:58 -06:00
HD Moore e3f121929c Accept IPv6 addresses in the return if getaddress 2011-12-10 13:24:58 -06:00
David Maloney d939e33f1e Allows for Loot and Tasks to be imported from an MSF ZIP.
This should bring any loots and tasks along with
everything else when doing an improt from an MSF ZIP file.
2011-12-05 22:30:34 -05:00
HD Moore 18e9b99e72 Fix permission (octal not decimal) 2011-12-05 16:49:16 -06:00
HD Moore 4748bf70cd Use octal mode, duh 2011-12-05 13:07:36 -06:00
HD Moore 89caed444b Add a helper method for modules to indicate IPv6 compatibility 2011-12-05 13:07:36 -06:00
HD Moore 5362e0cd24 Accept IPv6 addresses into the database routines, start flushing out
incompatibilities.
2011-12-05 13:07:36 -06:00
HD Moore 4829968107 Purge the old RPC API 2011-12-05 13:07:25 -06:00
HD Moore f673b02308 Remove references to address6 2011-12-05 13:07:25 -06:00
HD Moore 27974c4c27 Merge branch 'master' of github.com:rapid7/metasploit-framework into fastlib
Conflicts:
	modules/auxiliary/scanner/http/axis_login.rb
	modules/exploits/multi/http/axis2_deployer.rb
	modules/post/multi/gather/thunderbird_creds.rb
	modules/post/windows/gather/credentials/imvu.rb
	msfopcode
2011-12-03 14:07:09 -06:00