Commit Graph

8336 Commits (50d90defbc4a5af267c9cddc65f1543be03f31ad)

Author SHA1 Message Date
Brandon Turner e637237574
Use the Rubygems 2.2 version convention
Substitute version dashes with ".pre.".

MSP-10714
2014-07-16 11:13:14 -05:00
David Maloney 52a29856b3
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-16 09:38:44 -05:00
Brandon Turner 044fdb8c55
Fix gem version to support rubygems < 2.1
MSP-10714
2014-07-15 19:02:39 -05:00
sinn3r f8e47a5c61
Land #3524 - WPTouch fileupload exploit 2014-07-15 16:29:59 -05:00
David Maloney ea57ad0126
fix connection error on base
missed a reference to connection_error on the
loginscanner base. this would prevent us from
bailing out early if we have too many connection errors
2014-07-15 16:21:13 -05:00
David Maloney 7ac6640cfd
Merge branch 'staging/electro-release' into feature/MSP-10711/login-status
Conflicts:
	Gemfile
	Gemfile.lock
	modules/auxiliary/scanner/smb/smb_login.rb
2014-07-15 15:12:33 -05:00
dmaloney-r7 4d3bfcf9d0 Merge pull request #109 from rapid7/bug/MSP-10713/smb-error-code
Move error_name to InvalidPacket and check for nil
2014-07-15 15:10:37 -05:00
James Lee 51a9a763c0
Move error_name to InvalidPacket and check for nil
MSP-10713
2014-07-15 15:02:53 -05:00
David Maloney 34635ab968
module login status cleanup
cleanup several bruteforce module to
use the loginstatus constants for result status
2014-07-15 14:55:41 -05:00
David Maloney 9857bac6b1
add NO_AUTH_REQUIRED 2014-07-15 14:38:41 -05:00
Trevor Rosen 6a1149c1ed
Add missing origin
MSP-9948
2014-07-15 13:27:08 -05:00
David Maloney 939e585658
refactor all loginscanners
loginscanners now use LoginStatus constants
for the result statuses
2014-07-15 13:17:56 -05:00
David Maloney 846679bef9
change Result status
result bojects now use Login::status constants
for their status
2014-07-15 11:39:38 -05:00
jvazquez-r7 09619abe79 Catch AddressInUse when running commands from the meterpreter console 2014-07-15 11:15:10 -05:00
Christian Mehlmauer 29bb788d96
Better login detection for wordpress 2014-07-15 07:04:14 +02:00
Trevor Rosen 0966949203
Merge branch 'staging/electro-release' into feature/MSP-9948/update-db-import
Upstream merge

Conflicts:
	Gemfile
	Gemfile.lock
2014-07-14 17:59:54 -05:00
Trevor Rosen aca627489e
Pass workspace down in import of creds dump
MSP-9948
2014-07-14 16:40:41 -05:00
James Lee de22aeba41
Land #3481, meterpreter bins 2014-07-14 15:57:52 -05:00
dmaloney-r7 f3ec386240 Merge pull request #106 from rapid7/feature/MSP-10686/stop-after-user-success
Feature/msp 10686/stop after user success
2014-07-14 14:56:23 -05:00
Christian Mehlmauer 144c6aecba
Added WPTouch fileupload exploit 2014-07-14 21:35:18 +02:00
dmaloney-r7 7184d2ed5e Merge pull request #107 from rapid7/feature/MSP-9704/pop3-module-refactor
Refactor pop3_login
2014-07-14 13:27:11 -05:00
Tod Beardsley 96554a4967
Remove this errant test::unit test 2014-07-14 10:57:32 -05:00
Trevor Rosen b05b2657bc
Now importing creds dumps inside msf zips
MSP-9948
2014-07-13 11:07:01 -05:00
James Lee e68dcdbb06
Refactor pop3_login
Also adjusts timeout in the scanner class to account for Dovecot's
default "Authentication Penalty" delay.

See http://wiki2.dovecot.org/Authentication/Penalty
2014-07-11 17:26:49 -05:00
William Vu 79603c9a73
Land #3505, a bunch o' Linux post module fixes 2014-07-11 12:39:31 -05:00
Trevor Rosen cc93dbbe29 Merge pull request #102 from rapid7/feature/MSP-9707/smb-bruteforce-refactor
Feature/msp 9707/smb bruteforce refactor

MSP-9707 #land
2014-07-11 11:33:12 -05:00
James Lee 4b16985eb8
Stop trying more creds for a user after success
This is more like the behavior of the old AuthBrute mixin, where a
scanner module was expected to return :next_user in the block given to
each_user_pass when it successfully authenticated.

The advantage is a reduced number of attempts that are very unlikely to
be successful since we already know the password. However, note that
since we don't compare realms, this will cause a false negative in the
rare case where the same username exists with different realms on the
same service.

MSP-10686
2014-07-10 17:48:58 -05:00
Joshua Smith dbe9b47937
lands 3469, fixes handler deadlock in corner cases
May affect the following RM issues which need to be retested:
  https://dev.metasploit.com/redmine/issues/8407
  https://dev.metasploit.com/redmine/issues/4314
  https://dev.metasploit.com/redmine/issues/6829
2014-07-10 16:20:33 -05:00
James Lee 097d5d68ce
Display 'realm\user' for AD instead of 'user@realm' 2014-07-10 14:31:42 -05:00
James Lee e4039c2382
Merge branch 'staging/electro-release' into feature/MSP-10679/refactor-invalidate-login 2014-07-10 14:00:28 -05:00
Tod Beardsley 688c31cc44
Switch to a space. It gets eaten anyway. 2014-07-10 13:59:30 -05:00
James Lee 147c6d8160
Merge branch 'feature/MSP-10660/realm_adjustments' into staging/electro-release 2014-07-10 13:52:21 -05:00
Tod Beardsley 5bb3c8a581
Make merged module descriptions more grammar. 2014-07-10 13:31:57 -05:00
David Maloney 818bd1946d
final tweak for the http case
the only scenario in our final else that
would have a realm in the credential is the
http case in which case we want the realm to be there
still. otherwise the credential in this case has no
realm anyways so there is no need to strip one off
2014-07-10 12:39:01 -05:00
David Maloney 7dc58d060e
make only one each method
made the one true enumerator of credentials
for the login_scanner.

also covered the wierd http case where it can have a realm key
but no default realm.
2014-07-10 12:35:09 -05:00
Samuel Huckins 5b1dc39caf
Filler task dropped, login results in task assoc
MSP-10683

* Task constraint now optional, so no need for filler
* Task ID now in service_data so it's passed to the core and the login
creation methods
2014-07-10 12:32:40 -05:00
David Maloney a319d5270e
set default connection tiemouts
loginscanners should have a default connection timeout
2014-07-10 11:35:10 -05:00
David Maloney 87e6ede123
Merge branch 'master' into staging/electro-release 2014-07-10 08:44:12 -05:00
David Maloney 1a0200f711
one more strip 2014-07-09 17:50:28 -05:00
David Maloney 25ee278097
strip vestigial realms
in the cases where we don't want a realm we should be
stripping it from the credential so we can build accurate results
2014-07-09 17:46:56 -05:00
James Lee bb3525419e
Rescue the right thing
MSP-9707
2014-07-09 17:44:53 -05:00
Tod Beardsley 038d1e210a
Merge upstream/master to deconflict.
Conflicts:
	Gemfile.lock
2014-07-09 17:43:42 -05:00
David Maloney 0c4e53ce5a
fix up specs
a whole bunch of spec changes needed for
these changes.

alos the axis2 spec was actually testing the winrm
class due to copypasta error.
2014-07-09 16:32:59 -05:00
David Maloney c7b37743ef
working realm coercion
LoginScanners will now figure out
the right thing to do about Realms
based on attributes of the Scanner itself
2014-07-09 15:56:39 -05:00
David Maloney 24fced822e
coerce realm_key when it exists
if the cred has a realm and the loginscanner
has a realm_key, make the credential use the
scanner's realm key
2014-07-09 14:58:20 -05:00
David Maloney 766b50b5e0
REALM_KEY not _TYPE
arg typos
2014-07-09 14:01:41 -05:00
James Lee 7d9c0da691
Record correct creds with non-success status 2014-07-09 13:26:49 -05:00
James Lee afe36ab6ad
Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor
Conflicts:
	lib/metasploit/framework/login_scanner/smb.rb
2014-07-09 12:50:24 -05:00
David Maloney 7325cfec64
add default realm values
for the scanners that take a realm
we know what the default realm to try is
so the Scanner should hold that info
2014-07-09 11:19:25 -05:00
David Maloney bc18ca5762
add REALM_KEY to each LoginScanner
each LoginScanner should now know
what kind of REALM it takes
2014-07-09 10:53:37 -05:00
Trevor Rosen a27c1d7dcc
Importing old export, making new models
MSP-9948
2014-07-08 19:14:26 -05:00
jvazquez-r7 c19deddfb1 Delete debug messages 2014-07-08 16:24:45 -05:00
jvazquez-r7 c25c5f6806 Make linux gather post modules compatible with meterpreter 2014-07-08 16:23:57 -05:00
dmaloney-r7 b65989ff0c Merge pull request #100 from rapid7/bug/MSP-10661/glob-rb-files
Use glob instead of entries
2014-07-08 14:29:24 -05:00
Trevor Rosen 79054fae20
Remove credentials exportation from XML
MSP-9948
2014-07-08 12:03:32 -05:00
William Vu 4eeab66ebe
Land #3497, comma-separated get_cookies 2014-07-08 11:00:40 -05:00
James Lee 567435f508
Use glob instead of entries
Fixes the case where a non-ruby file exists in the login_scanner/
directory
2014-07-08 11:00:33 -05:00
Trevor Rosen 8436adb5f8
Make XML export work with new backend
MSP-9948

* XML data looks ok in spot check
2014-07-08 09:40:15 -05:00
AnwarMohamed a513f403ba fixing bugs 2014-07-08 10:58:48 +02:00
AnwarMohamed ead7b35aa9 formating 2014-07-08 10:48:24 +02:00
AnwarMohamed 6e0bc763ff formating 2014-07-08 10:46:16 +02:00
AnwarMohamed 656da8a63b android extension 2014-07-08 04:56:04 +02:00
AnwarMohamed 34dcb609e2 android extension 2014-07-08 04:52:06 +02:00
David Maloney 38419dae83
fix to_credential on core
the Metasploit::Credential::Core to_credential
method now seats private_type and realm_key correctly
2014-07-07 18:05:04 -05:00
David Maloney aeda74f394
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-07 16:41:23 -05:00
David Maloney 2c13ff4038
Merge branch 'staging/electro-release' into feature/MSP-10656/unify-ssh-scanners 2014-07-07 16:32:39 -05:00
dmaloney-r7 db8b0c907b Merge pull request #94 from rapid7/feature/MSP-10648/login-scanner-creation
Feature/msp 10648/login scanner creation
2014-07-07 16:04:09 -05:00
Trevor Rosen 1d7de8fef9
Mid-work commit
MSP-9848
2014-07-07 15:44:29 -05:00
dmaloney-r7 c4c7ff519f Merge pull request #96 from rapid7/feature/MSP-10657/add-private-type
Add private_type and realm_key accessors to Framework::Credential
2014-07-07 15:43:18 -05:00
David Maloney b52c13228c
make private_type validation conditional
there are times when this won't be filled in
but the credential is still valid
2014-07-07 15:40:52 -05:00
James Lee 2a9ac0a007
Axe SSHKey in favor of a unified SSH 2014-07-07 13:35:17 -05:00
James Lee 71cbbc5388
Merge branch 'feature/MSP-10648/login-scanner-creation' into feature/MSP-10656/unify-ssh-scanners 2014-07-07 13:19:34 -05:00
James Lee b7cfc927c4
Add private_type and realm_key accessors 2014-07-07 13:07:28 -05:00
James Lee 5c406a2aa5
Remove successes and failures
No reason to store them and they could fill a ton of unnecessary memory.
2014-07-07 12:33:15 -05:00
James Lee 7035064f3d
Assignment alignment for Dave 2014-07-07 12:30:04 -05:00
OJ bdf27b1834 Fix up the TLVs that are now QWORD values in MSF
Various values were adjusted to become QWORD values in MSF an windows
meterpreter, but the changes were not ported over to python, php and
java. This commit fixes this inconsistency.
2014-07-07 10:42:58 -05:00
James Lee 8df3ada087
Better docs 2014-07-07 10:18:42 -05:00
James Lee 325d2d25b9
Fix requires and derp typos 2014-07-07 10:09:45 -05:00
HD Moore ab7848a895
Merge master for testing of #2809 2014-07-06 22:27:58 -05:00
jvazquez-r7 f51feb7f52 Modify get_cookies regular expression 2014-07-06 13:22:31 -05:00
Brandon Perry 68a0e7c16e Create sqlmap_session.rb 2014-07-04 10:53:37 -05:00
Brandon Perry 88c44bf4f5 Create sqlmap_manager.rb 2014-07-04 10:53:14 -05:00
Tod Beardsley a471f298a5
Merge #3476 into #3481 for meterpreter smilies
This incoporates @OJ's fixes as a result of gemification.
2014-07-03 22:54:56 -05:00
James Lee 311f43f1e4
Constpocalypse 2014-07-03 18:49:46 -05:00
Trevor Rosen c1fc68e1b1
Replace to_pwdump internals
MSP-9948
2014-07-03 15:41:26 -05:00
jvazquez-r7 405de05e4b Add specs for module_flavors 2014-07-03 10:31:39 -05:00
Jon Hart bc3ac1ee36 Correct private message format, update tests 2014-07-03 08:27:27 -07:00
Spencer McIntyre d93bf55435 Add a module_flavors method for all available flavors 2014-07-03 11:01:21 -04:00
James Lee b7a55d402d
Add likely service ports and names for HTTP 2014-07-02 23:41:31 -05:00
James Lee 9dde47a0bc
Add a simple classes_for_service method 2014-07-02 23:31:56 -05:00
Jon Hart 1830bdc7a5 Add rspec coverage for Rex::Proto::NTP 2014-07-01 12:29:47 -07:00
Jon Hart bc274b358f Move NTP message code to Rex::Proto::NTP, simplify option handling 2014-06-30 23:57:47 -07:00
Trevor Rosen 2da890810a
Make db_import use Metasploit Credential
MSP-9948

* Special-case the pwdump file to be IO
* Had to use lotsa shims
2014-06-30 13:32:59 -05:00
HD Moore 84c0504b1b MSI sections actually need to be signed after all 2014-06-30 13:08:28 -05:00
Trevor Rosen cf9c3caea3 Get the latest
Merge branch 'staging/electro-release' into feature/MSP-9848/db-export-refactor
2014-06-30 11:14:11 -05:00
HD Moore c9b6c05eab Fix improper use of host-endian or signed pack/unpack
Note that there are some cases of host-endian left, these
are intentional because they operate on host-local memory
or services.

When in doubt, please use:

```
ri pack
```
2014-06-30 02:50:10 -05:00
HD Moore 255e792ed3 Fix host-endian related pack errors. See below for details.
Ruby treats endianess in pack operators in the opposite way
of python. For example, using pack('<I') actually ignores the
endianess specifier. These need to be 'I<' or better yet, 'V'.
The endian specify must occur after the pack specifier and
multiple instances in meterpreter and exe generation were
broken in thier usage.

The summary:

Instead of I/L or I< use V
Instead of I/L or I> use N
For Q, you need to always use Q< (LE) or Q> (BE)
For c/s/l/i and other lowercase variants, you probably dont
need or want a *signed* value, so stick with vV nN and cC.
2014-06-30 02:46:36 -05:00
Tod Beardsley 8b63d3d467 Revert the revert of #3446
This reverts commit 9b35b0e13a.

This should not land on master until the Metasploit Pro folks (@trosen-r7
and friends) get their Meterpreter path specifications working the
same way as Framework's does.
2014-06-29 17:22:21 -05:00
dmaloney-r7 0a6a5a0a12 Merge pull request #92 from rapid7/feature/MSP-9912/metamodule-refactor-ssh-key
Feature/msp 9912/metamodule refactor ssh key
2014-06-27 11:48:57 -05:00
Spencer McIntyre ea077b2f12 Improve the guess_flavor logic to pull from module info 2014-06-27 08:34:57 -04:00
Spencer McIntyre 952c935730 Use a semi-intelligent OptEnum for CMDSTAGER::FLAVOR 2014-06-27 08:34:57 -04:00
Spencer McIntyre 219153c887 Raise NotImplementedError and let :flavor be guessed 2014-06-27 08:34:56 -04:00
jvazquez-r7 dcd0e77f9e Change #compatible? method name because it's used by Module 2014-06-27 08:34:56 -04:00
jvazquez-r7 31acc4a528 Fix #compatible? method 2014-06-27 08:34:56 -04:00
jvazquez-r7 ddd1dd5155 The check for required decoder hasn't a lot of sense 2014-06-27 08:34:56 -04:00
jvazquez-r7 9c6a521b94 Fix select_decoder 2014-06-27 08:34:56 -04:00
jvazquez-r7 dad2c75592 Initialize opts arguments 2014-06-27 08:34:56 -04:00
jvazquez-r7 381dea94d0 Fix typo 2014-06-27 08:34:56 -04:00
jvazquez-r7 cbc1bd9966 Redesign constants 2014-06-27 08:34:56 -04:00
jvazquez-r7 160147b370 Make some methods not dependant of the instance flavor 2014-06-27 08:34:56 -04:00
jvazquez-r7 45248dcdec Add YARD documentation for methods 2014-06-27 08:34:56 -04:00
jvazquez-r7 68938e3d7a Add select_cmdstager 2014-06-27 08:34:56 -04:00
jvazquez-r7 35d035fa4e Add YARD docu for execute_cmdstager 2014-06-27 08:34:56 -04:00
jvazquez-r7 e8f9dde50f Allow datastore options and opts to use strings instead of sym 2014-06-27 08:34:56 -04:00
jvazquez-r7 870fa96bd4 Allow quotes in CmdStagerFlavor metadata 2014-06-27 08:34:56 -04:00
jvazquez-r7 37d0dd59e8 Clean up a little CMDStager methods 2014-06-27 08:34:56 -04:00
jvazquez-r7 8db7ec683f Fix setup and teardown stager methods 2014-06-27 08:34:55 -04:00
jvazquez-r7 dd7b2fc541 Use constants 2014-06-27 08:34:55 -04:00
jvazquez-r7 778f34bab6 Allow targets and modules to define compatible stagers 2014-06-27 08:34:55 -04:00
jvazquez-r7 74a6de828a Cannot delete @cmd_list, is used at least by one module 2014-06-27 08:34:55 -04:00
jvazquez-r7 7ced5927d8 Use One CMDStagermixin 2014-06-27 08:34:55 -04:00
jvazquez-r7 0a99b549d6 Change filenames 2014-06-27 08:34:55 -04:00
jvazquez-r7 cff580162b Move stagers 2014-06-27 08:34:55 -04:00
Spencer McIntyre 9991316ae6 Minor code cleanup and honor the datastore decoder. 2014-06-27 08:34:55 -04:00
Spencer McIntyre 80bdf750e9 Multi-fy the new printf stager and add to sshexec. 2014-06-27 08:34:55 -04:00
Spencer McIntyre ae25c300e5 Initial attempt to unify the command stagers. 2014-06-27 08:34:55 -04:00
Trevor Rosen a86610dad5
Gut and delegate import_msf_pwdump
MSP-9848
2014-06-26 16:47:42 -05:00
David Maloney 56b94fea4f
pcap import now creates creds
refactored cred creation to use Metasploit::Credential
for captured HTTP basic auth credentials gatehered on the wire
2014-06-26 15:34:40 -05:00
Lance Sanchez b5351eec2b
adding .to_credential
Metasploit::Framework::Credential and Metasploit::Credential::Core
need to be consumable by the login scanners. the easiest way to do this
was to create a shared to_credential method on both that return Metasploit::Framework::Credential

MSP-9912
2014-06-26 11:05:59 -05:00
David Maloney 9cec330f05
Merge branch 'master' into staging/electro-release 2014-06-26 10:22:30 -05:00
Matt Buck 27ef12bafe
Land #3478, disallow port 0 for portspec
[Closes #3478]
2014-06-25 15:46:30 -05:00
Chris Doughty 9b35b0e13a Revert "Land #3446 -- Meterpreter bins gem switch" due to build failures
This reverts commit bba8bd3498, reversing
changes made to 002234993f.
2014-06-25 13:24:07 -05:00
David Maloney 97d08a081a
reverting port 0 behaviour in portspec
a change was made to protspec that allowed port 0
when we explicitly dissallowed port 0. This change caused
other code that depended on this behaviour to break
2014-06-25 13:07:22 -05:00
James Lee f225ac92ab
Refactor smb_login
Maintains the new admin check functionality added in
rapid7/metasploit-framework#3330
2014-06-25 04:13:37 -05:00
OJ 769f2e4936 Change elevator to 'elevator'
This would have made lots of people uhnappy.
2014-06-25 07:47:47 +10:00
OJ ac03b7c96a Use sorted sets extension lists 2014-06-25 03:26:25 +10:00
OJ 0fc4d10813 Fix indentation for case statements 2014-06-25 03:18:37 +10:00
OJ bba8bd3498
Land #3446 -- Meterpreter bins gem switch 2014-06-25 03:00:11 +10:00
James Lee 85611702f9 Merge branch 'upstream-master' into feature/MSP-9707/smb-bruteforce-refactor 2014-06-23 23:58:47 -05:00
HD Moore 002234993f
SMB lib fixes, unattend.xml cred gathering 2014-06-23 20:08:42 -05:00
HD Moore b872fa0f0d Handle smb_recv corner case with a cache, clean up find_*, cosmetic 2014-06-23 16:14:18 -05:00
HD Moore 94388e3931 Fix typo in the constant name 2014-06-23 12:51:26 -05:00
HD Moore d6a263d538 Identify the hung host in the thread info 2014-06-22 16:01:03 -05:00
HD Moore 538a520445 Remove redundant option (threads are always used in reverse_tcp_double) 2014-06-22 16:00:44 -05:00
HD Moore b3d83720ca Add ReverseListenerThreaded option to prevent deadlocks
JodaZ reported that the handle_connection() sock.put call can
result in the entire reverse_tcp stager hanging if the client
stops receiving or is on a very slow link. The solution emulates
what ReverseTcpDouble already does, which is stage each connection
in a new thread. However, given that a high number of threads
can be a problem on some operating systems (*ahem* win32) this
option is not enabled by default.

We should look into thread pooling and handle_connection() timeouts
as well as event-based polling of multiple clients as alternatives,
but this option will improve the situation for our existing users.
2014-06-22 15:55:20 -05:00
HD Moore 6e5f528332 Prevent stager deadlock if inp/out detection hangs for some reason
Even though there are calls to has_read_data(), it doesn't prevent
the put() call from blocking in a dead client or slowaris-like
situation. By moving the inp/out detection into the thread, we
allow the main handler to keep processing connections even if
a single connection hangs.
2014-06-22 15:25:19 -05:00
Spencer McIntyre 05d4a1ab2c
Land #3342, Support negation in portspec 2014-06-21 18:14:50 -04:00
James Lee 35c0ef0c68
Merge branch 'feature/MSP-9716/mssql_crack' into staging/electro-release 2014-06-20 12:39:07 -05:00
Tod Beardsley 2626450c38
Fix indent per @jlee-r7'e eagle eye 2014-06-20 11:52:47 -05:00
David Maloney 99b1702559
Merge branch 'master' into staging/electro-release
Conflicts:
	lib/msfenv.rb
2014-06-20 11:38:47 -05:00
jvazquez-r7 4203e75777
Land #3408, @m-1-k-3's exploit for D-Link hedwig.cgi OSVDB 95950 2014-06-20 10:27:32 -05:00
Tod Beardsley 2a4ed0e651
Replace all the obvious path calls to Meterpreter
Unfortunately, though, there seems to be a stealthy set, somewhere, of
datastore['DLL']. Not sure where yet. The stack trace in the
framework.log is:

````
[06/19/2014 17:53:34] [i(0)] core: windows/meterpreter/reverse_http: iteration 1: Successfully encoded with encoder x86/fnstenv_mov (size is
366)
[06/19/2014 17:53:35] [e(0)] rex: Proc::on_request: Errno::ENOENT: No such file or directory -
/home/todb/git/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll

/home/todb/git/rapid7/metasploit-framework/lib/msf/core/reflective_dll_loader.rb:26:in `initialize'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/reflective_dll_loader.rb:26:in `open'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/reflective_dll_loader.rb:26:in `load_rdi_dll'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/payload/windows/reflectivedllinject.rb:56:in `stage_payload'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/handler/reverse_http.rb:212:in `on_request'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/handler/reverse_http.rb:129:in `block in setup_handler'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/handler/proc.rb:38:in `call'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/handler/proc.rb:38:in `on_request'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/server.rb:365:in `dispatch_request'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/server.rb:299:in `on_client_data'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/server.rb:158:in `block in start'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:48:in `call'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:48:in `on_client_data'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:192:in `block in monitor_clients'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:190:in `each'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:190:in `monitor_clients'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:73:in `block in start'
/home/todb/git/rapid7/metasploit-framework/lib/rex/thread_factory.rb:22:in `call'
/home/todb/git/rapid7/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/thread_manager.rb💯in `call'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/thread_manager.rb💯in `block in spawn'

````

Still tracking this down.
2014-06-19 18:03:11 -05:00
David Maloney 3c85601426
not every version has dupe supression 2014-06-19 16:28:23 -05:00
jvazquez-r7 a0386f0797 Fix cmd_concat_operator 2014-06-19 15:52:55 -05:00
David Maloney 4453dcdc8e
some minor fixes 2014-06-19 15:45:24 -05:00
David Maloney 8de2109f97
Merge branch 'staging/electro-release' into feature/MSP-9696/http-bruteforce-refactor 2014-06-19 15:38:05 -05:00
James Lee 9421beedb3
Refactor http_login 2014-06-19 14:12:21 -05:00
David Maloney 0ff8708e6d
some minor fixes 2014-06-19 13:08:43 -05:00
Matt Buck 5815ec96df Merge pull request #80 from rapid7/bug/MSP-10038/skip-ssh-passphrase
Backported net-ssh ask_passphrase functionality

MSP-10038
2014-06-19 12:53:43 -05:00
David Maloney 53352924d2
Merge branch 'staging/electro-release' into feature/MSP-9716/mssql_crack
Conflicts:
	Gemfile
2014-06-19 12:45:53 -05:00
James Lee b606448976
Merge branch 'feature/MSP-9689/jtr_cracker' into staging/electro-release 2014-06-19 10:14:57 -05:00
James Lee 2d9c6f832a
Moar parens!!1!! 2014-06-19 10:07:21 -05:00
James Lee 594923c790
Don't overwrite ENV if it's set 2014-06-18 14:53:41 -05:00
David Maloney 62f4054858
startring refactor on jtr_mssql
started work on the mssql hash cracker
fixed some minor bugs with the underlying mixin
crackers now runs. still have to have the cred objects created
2014-06-18 14:50:08 -05:00
James Lee 5beb43d200
Land #3022, support Gemfile.local 2014-06-18 14:28:57 -05:00
David Maloney fd0e24cdb2
moar docs! 2014-06-18 11:38:07 -05:00
David Maloney 4b4d9796c5
more minor cleanup
cleanup from code review
2014-06-18 11:24:55 -05:00
Fernando Arias f24d665516 Backported net-ssh ask_passphrase functionality
MSP-10038
2014-06-18 11:21:17 -05:00
Michael Messner 86f523f00c concator handling 2014-06-18 18:15:58 +02:00
David Maloney 9f11170c3b
some minor cleanup on jtr stuff
minor cleanup to code nstyling stuff
2014-06-18 10:57:41 -05:00
David Maloney 58b016202b
Merge branch 'staging/electro-release' into feature/MSP-9709/ssh-pubkey 2014-06-18 10:50:29 -05:00
David Maloney 2b0bb608b1
Merge branch 'master' into staging/electro-release 2014-06-18 10:49:58 -05:00
OJ 5879ca3340
Merge branch 'upstream/master' into meatballs x64_injection 2014-06-18 10:24:33 +10:00
David Maloney 34c0b00816
don't autload this mixin
causes laod order problems when we try to
autoload this mixin. We will just explicitly require
2014-06-17 16:10:09 -05:00
David Maloney 763f6f8d80
finish cleaning up jtr mixin
finish cleaning up the module mixin for jtr
2014-06-17 15:16:32 -05:00
David Maloney 432b88680b
start fixing jtr module mixin 2014-06-17 13:27:11 -05:00
David Maloney d473d86ef0
use tr instead of gsub for mutation
this should be another slight performance
increase as straight up string replacement
should require less overhead then multiple
runs of regex replacement.
2014-06-17 10:29:09 -05:00
James Lee 6237d56398
Refactor ssh_login_pubkey
* Fix a bug in LoginScanner::SSHKey (which was copy-pasted from SSH)
   where the ssh_socket accessor was not being set because of a
   shadowing local var
 * Fix a bug in the db command dispatcher where an extra column was
   added to the table, causing an unhandled exception when running the
   creds command
 * Add a big, ugly, untested class for imitating
   Metasploit::Framework::CredentialCollection for ssh keys. This class
   continues the current behavoir of silently ignoring files that are a)
   encrypted or b) not private keys.
 * Remove unnecessary proof gathering in the module (it's already
   handled by the LoginScanner class)
2014-06-16 18:38:20 -05:00
David Maloney a81b0ed17b
rename method to_file
change method name from write to to_file
as it makes more sense for what it is is doing
and what it returns
2014-06-16 18:03:06 -05:00
David Maloney 95beaa4f7e
correct self-eating array nature
we never noticed we were modifying the array in place
because we were reculaculating. now with a memoized
version we would get decreasing results
2014-06-16 17:37:18 -05:00
David Maloney a92a58417f
memoize the mutation keys
it was recalculating the mutation rules
everytime, and there is no reason to do this
2014-06-16 17:18:52 -05:00
David Maloney f1a39ef973
enumerators all done with specs
the enumeration chains are now all complete with specs
so we can enumerate all the words generated by the given options.
2014-06-16 13:31:30 -05:00
David Maloney 9af811a2ed
we need to pass in a workspace 2014-06-15 15:52:57 -05:00
David Maloney 897b0b1ee5
wordlist enumerators with some specs
started the enumerators on the wordlist class
and began adding the specs for them
2014-06-15 13:37:50 -05:00
scriptjunkie d38a95a352 Merge branch 'bugfixes/post-module-execution-causing-duplicate-search-results' of github.com:nstarke/metasploit-framework into nstarke-bugfixes/post-module-execution-causing-duplicate-search-results 2014-06-15 13:15:57 -05:00
David Maloney a00ff5aeef
yield custom_wordlist words 2014-06-15 12:16:21 -05:00
David Maloney 41d6b326f2
specs for wordlist validations
added specs to cover the validations on
the JtR wordlist class.
2014-06-15 11:14:11 -05:00
David Maloney a5fb898904
actually set max run time
make maxrutnime affect the crack command
2014-06-14 20:03:56 -05:00
David Maloney 33519b1fcd
cracker validations and specs
more validations and specs for the cracker class
2014-06-14 19:59:59 -05:00
David Maloney 10f3531bbb
add exectuable validator
like the filepath validator but also checks
to see if the file is exectuable by the current
users.
2014-06-14 18:01:24 -05:00
David Maloney 21f29c4da9
more filepath validators
added filepath validations to cracker
also made them all conditional validations
2014-06-14 17:54:37 -05:00
David Maloney 1dd69a5228
wordlist validators
added custom fielpath vaidator and
added validations to the wordlist class
2014-06-14 17:49:47 -05:00
David Maloney 466576d03f
jtr wordlist validations started
start adding validations and exceptions for the
JtR Wordlist class.
2014-06-14 16:16:30 -05:00
David Maloney 19231b7c8f
starting skeleton on wordlist class
start framing out JtR wordlist class that
will generate Wordlists to be passed to our
JtR cracker.
2014-06-14 15:48:25 -05:00
David Maloney 41f7bc1372
add common root words wordlist
this adds a new wordlist to the data directory.
This wordlist is compiled from statistical analysis of
common Numeric passwords and Common rootwords across
6 years of colleted password breach dumps. Every word in
this list has been seen thousands of times in password
breaches
2014-06-14 14:13:59 -05:00
David Maloney 873d6e5b99
add all the specs 2014-06-14 12:28:17 -05:00
Tim Wright 9b43749916
Land #3418 - android adobe reader addjisf pdf exploit
Merge branch 'landing-3418' into upstream-master
2014-06-14 11:25:29 +01:00
David Maloney b784bea48e
slow roll of specs for jtr cracker
slowly adding spec coverage for the JtR cracker
2014-06-13 16:08:56 -05:00
David Maloney 7187138134
start injecting sanity 2014-06-13 14:53:56 -05:00
David Maloney a9bcb8b3bd
add skeleton for JtR Cracker
starting work on creating the JtR Cracker class
2014-06-13 11:10:12 -05:00
Michael Messner 894af92b22 echo stager, arch_cmd 2014-06-13 11:40:50 +02:00
Samuel Huckins f452652f54 Merge pull request #61 from rapid7/feature/MSP-9708/ssh-bruteforce
Functional steps updated and passing, along with specs. Proof being maintained seemed off, but it's not persisted, just used for setting platform.

MSP-9708 #land
2014-06-12 18:37:44 -05:00
Samuel Huckins d215b8e5b2 Merge pull request #47 from rapid7/feature/MSP-9712/winrm-bruteforce
45 merged, steps passing.

MSP-9712 #land
2014-06-12 16:04:17 -05:00
Samuel Huckins df705c2edc
Gotta keep 'em sepArated.
MSP-9712
2014-06-12 16:03:02 -05:00
Tod Beardsley cbedea222f
Land #3416 again, now that the bins are available
This reverts commit 3d73414530.
2014-06-12 14:53:03 -05:00
Tod Beardsley 3d73414530 Revert #3416, needs the correct bins first
This was a whoops on my part. I will reland this when I have the
Meterpreter bins all sorted.

This reverts commit 40b5405053, reversing
changes made to 86e4eaaaed.
2014-06-12 14:20:06 -05:00
David Maloney 96e492f572
Merge branch 'master' into staging/electro-release 2014-06-12 14:02:27 -05:00
Tod Beardsley 40b5405053
Land #3416, fix DWORD/QWORD bug 2014-06-12 13:59:34 -05:00
Samuel Huckins fe33444858 Merge pull request #58 from rapid7/feature/MSP-9693/db2_auth
Errors resolved, cred created

MSP-9693 #land
2014-06-12 12:49:54 -05:00
David Maloney 5fd117a015
fix userpass file stack trace
if an improperly formated userpass file was
supplied it could cause a stack trace. add some guarding around it
2014-06-12 12:39:36 -05:00
dmaloney-r7 ed84336149 Merge pull request #60 from rapid7/feature/MSP-9992/creds-command
Refactor the creds command
2014-06-12 12:24:09 -05:00
joev 289bae88de
Remove lie in comment. 2014-06-12 10:02:29 -05:00
sinn3r 2a7227f443
Land #3427 - Adds webcam module for firefox privileged sessions on OSX 2014-06-11 22:27:25 -05:00
David Maloney c074ebda7b
refactor telnet_login 2014-06-11 17:46:42 -05:00
James Lee c8e1fab6ec
Merge branch 'staging/electro-release' into feature/MSP-9708/ssh-bruteforce
Conflicts:
	lib/metasploit/framework/credential.rb
2014-06-11 16:28:01 -05:00
James Lee b756395eaa
Merge branch 'staging/electro-release' into feature/MSP-9712/winrm-bruteforce
Conflicts:
	lib/metasploit/framework/credential_collection.rb
	spec/lib/metasploit/framework/credential_collection_spec.rb
2014-06-11 16:21:59 -05:00
dmaloney-r7 9affc753c0 Merge pull request #66 from rapid7/feature/cred-collection-prepend
Add ability to prepend creds to a collection
2014-06-11 14:34:54 -05:00
James Lee 3a8f6236ad
Add ability to prepend creds to a collection 2014-06-11 14:30:45 -05:00
Samuel Huckins 84aa0d42ed Merge pull request #57 from rapid7/bug/MSP-10004/rubyzip
Trevor added a 0.4.1 tag right before this PR landed, making this unmergable. Pulled in staging/electro-release, specs passing.
2014-06-11 13:48:03 -05:00
Samuel Huckins 1903542683
Merge branch 'staging/electro-release' into bug/MSP-10004/rubyzip
Conflicts:
	Gemfile
	Gemfile.lock
2014-06-11 13:42:26 -05:00
Trevor Rosen e8752f9c56 Point to correct creds version 2014-06-11 13:38:35 -05:00
David Maloney 9593422f9c
Merge branch 'master' into staging/electro-release 2014-06-11 10:23:56 -05:00
Tod Beardsley 4b8961a464
Land #3428, deprecation warns for payloads 2014-06-11 09:57:07 -05:00
James Lee fb8c1f4c4b
Refactor ssh_login to use LoginScanner stuffs
Also, Metasploit::Credential::Creation stuffs.
2014-06-10 17:30:06 -05:00
James Lee c0c1bd40a9
Fix help spec 2014-06-10 17:28:55 -05:00
James Lee 82b2c1deae
Make creds command show Metasploit::Credentials
This attempts to change the output of the command as little as possible,
but removes the ability to add and delete for now. At some point, we'll
need to add that back in.
2014-06-10 15:03:03 -05:00
Tod Beardsley b379dc014a
Avoid double-printing with setup and init_ui 2014-06-10 13:57:25 -05:00
Luke Imhoff 4d923a4809
Update to Rubyzip 1.X API
MSP-10004

`require 'zip'` instead of `'zip/zip'` and rename all classes to remove
redundant Zip prefix inside the Zip namespace.
2014-06-10 13:41:42 -05:00
Luke Imhoff f37ce795a1
Remove lib/zip
MSP-10004
2014-06-10 13:39:05 -05:00
David Maloney e9d9806408
invalidate_login
added invalidate_login call
also made to_s on credential drop the @
if there is no realm present
2014-06-10 11:07:15 -05:00
jvennix-r7 92414d3688 Merge pull request #53 from rapid7/bug/MSP-9994/framework-db-driver
Set `framework.db.driver` when connection already established.
2014-06-10 10:49:00 -05:00
Luke Imhoff 2cbbaad6b4
Set drivers and driver when connection already established
MSP-9994

3 database commands in msfconsole check for framework.db.driver to be
set, so driver must be set when the connection is already established by
the Rails initialization.
2014-06-09 14:26:59 -05:00
Luke Imhoff 1ee35ec68a
Handle unconnected config in connection_established?
MSP-9994

Rescue `ActiveRecord::ConnectionNotEstablished` in
`Msf::DBManager#connection_established?` in addition to
`PG::ConnectionBad` to handle when the connection has been removed.
2014-06-09 14:26:45 -05:00
David Maloney 482aa2ea08
Merge branch 'master' into staging/electro-release 2014-06-09 10:27:22 -05:00
Meatballs bf1a665259
Land #2657, Dynamic generation of windows service executable functions
Allows a user to specify non service executables as EXE::Template as
long as the file has enough size to store the payload.
2014-06-07 13:28:20 +01:00
Meatballs 897ad6f963
Some service yarddoc 2014-06-07 13:27:32 +01:00
Meatballs 5218ca4d89
Give warning on module load 2014-06-06 23:04:40 +01:00
joev d990fb4999
Remove a number of stray edits and bs. 2014-06-06 16:24:45 -05:00
joev 4a9f50bb60 Clean up some dead code. 2014-06-06 16:20:40 -05:00
joev 7c762ad42c Fix some minor bugs in webrtc stuff, inline API code. 2014-06-06 16:18:39 -05:00
Meatballs 4a699c2852
Merge remote-tracking branch 'upstream/pr/3416' into x64_injection 2014-06-06 20:37:12 +01:00
James Lee 552899ef13
Add a couple more specs for CredentialCollection
Also fixes some typos in docs
2014-06-06 12:12:32 -05:00
David Maloney 4d53c18ac4
fix version 2014-06-06 12:07:22 -05:00
dmaloney-r7 ff8e6d2c50 Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection
Add a CredCollection class and refactor WinRM bruteforce module
2014-06-06 11:53:28 -05:00
Brandon Turner bacf82acb1
Merge branch 'release' into 'master' 2014-06-06 09:59:00 -05:00
Brandon Turner 21be4f21a6
Bump version to 4.9.3 2014-06-06 09:52:01 -05:00
Luke Imhoff f2a56c041b
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
MSP-9653

Conflicts:
	Gemfile
	Gemfile.lock
2014-06-05 16:22:02 -05:00
David Maloney c61b47063d
vnc add missing exception catch
linux throws a different exception than osx
when the vnc client fails to connect
this caused issues with the specs running. this now
catches that additional exception
2014-06-05 15:32:08 -05:00
James Lee b1136752be
Add Credential#== to facilitate specs 2014-06-05 11:37:48 -05:00
James Lee 8b6e188ba8
Add support for realm in CredentialCollection
MSP-9988
2014-06-04 17:03:52 -05:00