infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
37,069 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

11632 Commits (51604fa24a5943d9ae99ebd626d3a90093ed2dc7)

Author SHA1 Message Date
Metasploit dea4f35b0e Bump to 4.11.7 2016-01-07 15:56:59 -08:00
Jonathan Harms 5266860cec Squashed more commits back into 1 2016-01-07 17:53:49 -06:00
Jonathan Harms 675100946b Initial SSL working OK 2016-01-07 17:53:48 -06:00
wchen-r7 6a2b4c2530 Fix #6445, Unexpected HttpServer terminations 
Fix #6445

Problem:
When an HttpServer instance is trying to register a resource that
is already taken, it causes all HttpServers to terminate, which
is not a desired behavior.

Root Cause:
It appears the Msf::Exploit::Remote::TcpServer#stop_service method
is causing the problem. When the service is being detected as an
HttpServer, the #stop method used actually causes all servers to
stop, not just for a specific one. This stopping route was
introduced in 04772c8946, when Juan
noticed that the java_rmi_server exploit could not be run again
after the first time.

Solution:
Special case the stopping routine on the module's level, and not
universal.
 2016-01-07 16:55:41 -06:00
darkbushido e38ff7079a
changing the require to start at metasploit_credentials 2016-01-07 15:49:49 -06:00
joev 210f065427 Add a background option for the echo cmdstager. 2016-01-07 01:16:08 -06:00
Brent Cook eb0b66a4cf
Land #6390, report exceptions on bind/listen failure 2016-01-06 21:44:06 -06:00
Brent Cook 7f9b804060
Land #6410, remove JtR binaries, update for independent framework releases 2016-01-06 14:16:49 -06:00
wchen-r7 6e65d1d871
Land #6411, chinese caidao asp/aspx/php backdoor bruteforce 2016-01-06 12:03:17 -06:00
wchen-r7 480913cb32 Add rspec 2016-01-06 01:41:13 -06:00
nixawk c3158497c0 rebuild / add check_setup / send_request 2016-01-05 15:10:26 +08:00
James Lee 2dd59a932b
Clean up some warnings 2016-01-04 16:02:43 -06:00
James Lee 05d8f9d186
Make sure addr is not nil 
See http://ruby-doc.org/stdlib-2.2.2/libdoc/socket/rdoc/Socket/Ifaddr.html#method-i-addr
Which says:
    Returns the address of *ifaddr*. nil is returned if address is not
    available in *ifaddr*.

I ran into this with a teql interface, but who knows what else might
trigger it.
 2016-01-04 15:58:03 -06:00
Chris Doughty 44ece87480 Merge branch 'master' into framework-as-a-gem 2016-01-04 09:04:32 -06:00
joev 00f1511b46 Use the right op for the data checksum. 2016-01-03 01:48:25 -06:00
joev 00dc6364b5 Add support for native target in addjsif exploit. 2016-01-03 01:07:36 -06:00
joev 849857a418 Fix spacing issues in message.rb. 2016-01-02 22:57:26 -06:00
joev 6668dbec41 Remove stray binding.pry. 2016-01-02 22:50:06 -06:00
joev dcd36b74db Last mile polish and tweaks. 2016-01-02 22:41:38 -06:00
joev 6575f4fe4a Use the cmdstager mixin. 2016-01-02 14:09:56 -06:00
joev 9c85c5d4fe Add newline. 2016-01-02 01:17:28 -06:00
joev a88471dc8d Add ADB client and module for obtaining shell. 2016-01-02 01:13:53 -06:00
nixawk 370351ca88 chinese caidao asp/aspx/php backdoor bruteforce 2015-12-31 15:17:01 +08:00
Brent Cook bcd1a6d45e make JSON key format a little more standard, emit options 2015-12-30 16:00:09 -06:00
Chris Doughty 2a0ae144df Fixup rubocop warnings for cleanup purposes 2015-12-30 14:33:02 -06:00
Chris Doughty bb857e7a33 Add new line after json output for cleaner usability 2015-12-30 14:32:31 -06:00
Chris Doughty 8090bbc750 Changes to support framework as a gem 2015-12-30 11:00:45 -06:00
Chris Doughty 3f98511d7c Cleanup logic to force an output type 2015-12-29 15:11:16 -06:00
Chris Doughty 29ea553e03 Adding a json formatting option to the info command 2015-12-29 13:57:35 -06:00
Brent Cook e23b5c5435
Land #6179, add NTP initial crypto nak spoofing module 2015-12-24 15:46:18 -06:00
Brent Cook eec6a6f905
Land #6304, simplify Meterpreter livelness checks 2015-12-24 15:42:17 -06:00
Jon Hart beb2fa9f92
Use bind_addresses rather than bind_address; fixes #6394 2015-12-24 09:20:21 -08:00
Jon Hart efdb6a8885
Land #6392, @wchen-r7's 'def peer' cleanup, fixing #6362 2015-12-24 08:53:32 -08:00
Brent Cook 9c410e02e3 Merge branch 'master' into land-6111-android 2015-12-24 10:13:25 -06:00
Brent Cook 17ad41070b
Land #6380, allow linux x86 meterpreter in the pref list 2015-12-23 16:10:26 -06:00
Brent Cook e4f9594646
Land #6331, ensure generic payloads raise correct exceptions on failure 2015-12-23 15:43:12 -06:00
wchen-r7 cea3bc27b9 Fix #6362, avoid overriding def peer repeatedly 
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
 2015-12-23 11:44:55 -06:00
wchen-r7 a16a10aaf6 Fix #6371, being able to report an exception in #job_run_proc 
Fix #6371

When a browser fails to bind (probably due to an invalid port or
server IP), the module actually fails to report this exception from
exception, the method calls exploit.handle_exception(e). But since
handle_exception is not a valid method for that object, it is unable
to do so, and as a result the module fails to properly terminate
the module, or show any error on the console. For the user, this will
make it look like the module has started, the payload listener is up,
but there is no exploit job.

Rex::BindFailed actually isn't the only error that could be raised
by #job_run_proc. As far as I can tell registering the same resource
again could, too. With this patch, the user should be able to see this
error too.

Since the exploit object does not have access to the methods in
Msf::Simple::Exploit, plus there is no other code using
handle_exception and setup_fail_detail_from_exception, I decided
to move these to lib/msf/core/exploit.rb so they are actually
callable.
 2015-12-22 16:35:29 -06:00
Brent Cook 84675e352b
Land #6249, check for nil when using read_exactly_n_bytes 2015-12-22 15:48:39 -06:00
Brent Cook 3f4c6eb370
Land #5383, allow tunneling reverse_tcp meterpreter sessions without 'route add' 2015-12-22 15:42:42 -06:00
Christian Mehlmauer f6eaff5d96
use the new and shiny joomla mixin 2015-12-22 21:36:42 +01:00
wchen-r7 fa390358a2 Add linux/x86/meterpreter/reverse_tcp to the preference list 
linux/x86/meterpreter/reverse_tcp was not added to the preference
list, because at the time it was reliable. For example: it would
crash while running a post module. This is not the case anymore,
so it looks like linux/x86/meterpreter/reverse_tcp is ready to
serve.
 2015-12-21 23:09:54 -06:00
wchen-r7 2cc54a7a43 Make joomla.xml go first 
Reason is here:
https://github.com/rapid7/metasploit-framework/pull/6373#issuecomment-166446092
 2015-12-21 22:59:13 -06:00
wchen-r7 17b67b8f1b Add trailing / 2015-12-19 17:18:34 -06:00
wchen-r7 5ff02956c9 Lower joomla.xml 2015-12-19 13:46:13 -06:00
wchen-r7 0fda963601 Have multiple paths to find the generator tag 2015-12-19 13:45:41 -06:00
wchen-r7 6dada5f20f add another we can check 
administrator/manifests/files/joomla.xml
 2015-12-19 12:06:06 -06:00
wchen-r7 7d8ecf2341 Add Joomla mixin 2015-12-18 21:14:04 -06:00
Jon Hart b78f7b4d55
Land #6319, @all3g's module for abusing redis to achieve file uploads 2015-12-14 18:00:44 -08:00
Jon Hart 6611da9239
strip, not stripgit diff. strip! returns nil if the string was unmodified 2015-12-11 19:22:57 -08:00
Jon Hart dcdc21e2db
Correct unbalanced quotes 
You down with OCD (Yeah you know me).
 2015-12-11 18:44:14 -08:00
Jon Hart e23908d672
Improve verbose output related to authentication handling 2015-12-11 18:32:00 -08:00
Jon Hart 1a0f71b6fa
Try to catch case where post-auth commands are failing 2015-12-11 17:23:03 -08:00
Jon Hart 9cec3d9e6b
Move redis password option to non-advanced 2015-12-11 17:03:49 -08:00
Jon Hart 1fecd9846c
Bury some helper methods behind private 2015-12-11 10:13:13 -08:00
Jon Hart 9ef46140c0
Improve output when success 2015-12-11 10:10:44 -08:00
Jon Hart 32a64c3d8e
Make auth easier, work automatically and on older redis versions 
Also, improve check
 2015-12-11 10:04:47 -08:00
Jon Hart ac47c87af4
Move Password option to redis mixin 2015-12-11 08:53:11 -08:00
Jon Hart 38d0b0a0f2
Wire in @all3g's redis auth code 2015-12-11 08:42:59 -08:00
Luke Imhoff 4858ae63bd Thread class name for debugger has changed, so add new name 
MSP-13484
 2015-12-10 21:47:22 -06:00
Jon Hart 555e52e416
Document the redis upload process more 2015-12-10 09:35:46 -08:00
Jon Hart 00f72b279b
Cleaner printing when in verbose 2015-12-10 09:12:54 -08:00
Jon Hart 21ab4e96e5
First pass at redis mixin 2015-12-10 08:29:59 -08:00
wchen-r7 07ef09e0b6 Avoid Msf::Module::Platform 
We don't know how to generate an exe payload if the platform is
Msf::Module::Platform, so don't use it.
 2015-12-08 21:40:30 -06:00
wchen-r7 9e52663705 Doc 
Fix #6330
 2015-12-08 21:24:39 -06:00
wchen-r7 11c1eb6c78 Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails 
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
 2015-12-08 21:13:23 -06:00
wchen-r7 5b27d3a99c This looks right 2015-12-08 20:42:35 -06:00
wchen-r7 cea8c40432 Fix generate_payload_exe for generic payload support 
Platform can be seen from different sources:

1. From the opts argument. For example: When you are using
   generate_payload_exe, and you want to set a specific platform.
   This is the most explicit. So we check first.

2. From the metadata of a payload module. Normally, a payload module
   should include the platform information, with the exception of
   some generic payloads. For example: generic/shell_reverse_tcp.
   This is the most trusted source.

3. From the exploit module's target.

4. From the exploit module's metadata.

Architecture shares the same load order.
 2015-12-08 20:26:07 -06:00
Jon Hart 39da306b1d
Land #6057, @danilbaz's module for dumping Bitlocker master key (FVEK) 2015-12-08 18:16:39 -08:00
wchen-r7 080ec26afb
Land #4489, Update SMB admin modules to use Scanner & fixes 2015-12-08 14:49:26 -06:00
wchen-r7 ef217c4b6d
Land #6315, Support migrating to processes by process name 2015-12-07 23:53:06 -06:00
William Vu db788d1b7c
Land #6238, CmdStager BOURNE_{PATH,FILE} options 2015-12-07 12:34:42 -06:00
Jon Hart 06836d9b8a
Better handling of invalid process name/IDs 2015-12-04 14:25:57 -08:00
wchen-r7 14b1b3a1f0
Land #6299, Stageless HTTP(S) Python Meterpreter 2015-12-04 16:16:54 -06:00
Jon Hart 3ecac615a2
Support migrating to processes by process name 
Fixes #6313
 2015-12-04 13:33:01 -08:00
jvazquez-r7 340fe5640f
Land #6255, @wchen-r7's module for Atlassian HipChat JIRA plugin 2015-12-03 20:01:06 -06:00
Louis Sato 0bcac5e73b
Use concat instead of assignment on java proxy classes encoding 
* fixes bug in java serialization encoding proxy class
 2015-12-03 17:31:13 -06:00
William Vu aa9969c81a Add more normalization to temporary directory 2015-12-03 11:37:02 -06:00
James Lee 762fdbed40
Simplify meterpreter liveness check 2015-12-03 09:16:18 -06:00
James Lee 6fa2269764
PacketResponseWaiter - improve yardoc coverage 2015-12-03 09:16:17 -06:00
Sonny Gonzalez d7aeabbb71
Land #6293, listener bind_port fix 2015-12-02 13:16:23 -06:00
jvazquez-r7 58cf9f4fcd
Land #6301 for sure, @busterb's REALLY wants to delete go_pro :) 2015-12-02 09:38:40 -06:00
jvazquez-r7 545e8a2ea0
Land #6301, @busterb removes the go_pro command 2015-12-02 09:28:08 -06:00
Rory McNamara 98b3919e94 Remove .bin from default behaviour 2015-12-02 09:58:11 +00:00
Rory McNamara 15dd18dc4b use single quotes, remove explicit nil 2015-12-02 09:36:07 +00:00
William Vu 6d3c4868a3
Land #6286, bind port display in jobs 2015-12-02 02:21:14 -06:00
William Vu 098c573f82
Land #6291, DisablePayloadHandler Boolean fix 
Nice call with Regexp#===, @wchen-r7. :)
 2015-12-02 02:17:59 -06:00
Brent Cook fbeaeb2877 remove more unneeded machinery for go_pro 2015-12-01 22:32:50 -06:00
Brent Cook 6ab2919c40 remove go_pro command 2015-12-01 15:29:21 -06:00
Spencer McIntyre 388edd3207 Fix the scheme for the pymet ProxyHandler 2015-11-30 13:45:24 -05:00
Spencer McIntyre fba9715a56 Add stageless python meterpreter http & https payloads 2015-11-28 17:41:55 -05:00
BAZIN-HSC 070a156925 -Recovrey +Recovery 2015-11-27 13:58:19 +01:00
Jon Cave 0c8eb6fb37 Display ReverseListenerBindPort if it is set 
ReverseListenerBindPort overrides LPORT if it is used. The `listener_uri`
method should use the output `bind_port` to account for this.
 2015-11-27 09:16:20 +00:00
wchen-r7 c888726a1a Fix #6287, check DisablePayloadHandler value in exploit.rb 
It looks active_module datastore options are always strings. They
are actually different than what the module uses (normalized), so
we have to always have to check it.
 2015-11-26 18:30:31 -06:00
Brent Cook e5119e6446 use payload_uri's result to derive lhost / lport 2015-11-26 15:21:51 -06:00
Brent Cook 216119c05c unfold override lhost/lport logic 2015-11-26 15:15:21 -06:00
Spencer McIntyre 1b495e73ac Further reduce python reverse_http duplicate code 2015-11-26 14:31:00 -05:00
Spencer McIntyre bd25ffa48c Consolidate py reverse http uri code into a mixin 2015-11-26 13:32:50 -05:00
Brent Cook f4d35116bd
land #6288, fix regression using non-default port with reverse_http 2015-11-26 11:04:24 -06:00
Brent Cook eb57163db6
Land #6285, excellent new sound plugin scheme 2015-11-26 10:41:02 -06:00