Commit Graph

7652 Commits (51c488a5ead4168f06cc132e56b1c49a4a3b8430)

Author SHA1 Message Date
Tom Sellers ae1b7e564b Update powershell.rb 2014-05-27 05:18:00 -05:00
William Vu 704e4d78ca
Fix typo in client_request.rb comment 2014-05-26 23:55:48 -05:00
William Vu 0133e861f8
Fix typo 2014-05-26 23:55:20 -05:00
William Vu 352e14c21a
Land #3391, all vars_get msftidy warning fixes 2014-05-26 23:41:46 -05:00
Meatballs 1914e0abd3
Land 3393, Add session and framework vars to irb 2014-05-26 18:50:20 +01:00
jvazquez-r7 994891e9c5
Land #3383, @wchen-r7's [FixRM #8804] Fix / URIPATH for BrowserExploitServer 2014-05-25 19:51:30 -05:00
Spencer McIntyre 77e70d8bbe Add 2 more variables for meterpreter irb 2014-05-25 16:28:40 -04:00
Christian Mehlmauer da0a9f66ea
Resolved all msftidy vars_get warnings 2014-05-25 19:29:39 +02:00
Tom Sellers 42a17cc085 Update powershell.rb
To be clear, the shell that was tested with was 'windows/shell_reverse_tcp' delivered via 'exploit/windows/smb/psexec'

Additional changes required to fix regex to support the multiline output.  Also, InstanceId uses a lower case 'D' on the platforms I tested - PowerShell 2.0 on Windows 2003, Windows 7, Windows 2008 R2 as well as PowerShell 4.0 on Windows 2012 R2.

This method doesn't appear to be used anywhere in the Metasploit codebase currently.
2014-05-25 08:59:42 -05:00
Tom Sellers 76b9273f10 Improve reliability of have_powershell
I have a case where on a Windows 2008 R2 host with PowerShell 2.0 the 'have_powershell' method times out.  When I interactively run the command I find that the output stops after the PowerShell command and the token from 'cmd_exec' is NOT displayed.  When I hit return the shell then processes the '&echo <randomstring>' and generates the token that 'cmd_exec' was looking for.  I tried various versions of the PowerShell command string such as 'Get-Host;Exit(0)', '$PSVErsionTable.PSVersion', and '-Command Get-Host' but was unable to change the behavior.  I found that adding 'echo. | ' simulated pressing enter and did not disrupt the results on this host or on another host where the 'have_powershell' method functioned as expected.

There may be a better solution, but this was the only one that I could find.
2014-05-25 08:07:38 -05:00
Lutz Wolf fc5436417b Simplification 2014-05-24 23:45:21 +02:00
Lutz Wolf 4fc6e402dc Allow port 0 2014-05-24 23:44:50 +02:00
joev ae3c334232 Getting closer. Still something f'd with local answerer.html. 2014-05-22 17:14:35 -05:00
sinn3r 1dbe972377 Fix URIPATH / for BrowserExploitServer
[SeeRM #8804] Fix URIPATH / for BrowserExploitServer
2014-05-22 12:18:49 -05:00
William Vu d31908b72e
Land #3374, RPC deadlock fix
[FixRM #8794]
2014-05-22 12:07:23 -05:00
joev 14b796acbf First stab at refactoring webrtc mixin. 2014-05-21 15:32:29 -05:00
James Lee d2ebab09aa
Add timeout for SSL renegotiation after migrating
[SeeRM #8794]
2014-05-16 15:42:46 -05:00
James Lee 472f029576
Fix random bug when workstation_name is < 6 chars
When the local workstation name is less than 6 characters, remote
authentication against a Windows 2008r2 WinRM service always fails. This
doesn't seem to affect authentication against IIS's negotiate
implementation.
2014-05-15 13:27:37 -05:00
nstarke 048aebbdf2 Search Result Uniqueness
SeeRM #8754

Cast the results of the query to an array and perform the uniq
function passing a block which provides uniqueness based
on the return value, which in this instance is ‘fullname’
This was done because the uniq function in AREL cannot take
a specific field for uniqueness, and the sophistication of the query
make grouping nearly impossible.  Initial testing showed negligible
speed difference to the user.
2014-05-15 17:52:11 +00:00
nstarke b85403ab8f Revert "POST module duplicate search results"
This reverts commit 0bca3a2d54.
2014-05-15 16:05:47 +00:00
William Vu 773fd7a9cb
Fix up whitespace 2014-05-14 15:31:40 -05:00
William Vu 340956f294
Add a newline after DISCLOSURE_DATE_FORMAT 2014-05-14 15:28:07 -05:00
Christian Mehlmauer dc7a8d32d8
Land #3324, msfconsole search timestamp fixes 2014-05-14 21:30:02 +02:00
nstarke bb6201d66d Fixing nil bug and making format constant
The date format has been moved into a constant variable.
Certain modules do not have a disclosure_date.  For example,
‘checkvm’.  This necessitated checking disclosure_date for nil
before attempting a format conversion.  Also, there was an additional
location in core.rb that needed the formatting / nil check added.  Specs
were also updated appropriately.
2014-05-14 15:51:42 +00:00
William Vu 9fbda3eae0
Land #3183, tab completion improvements 2014-05-14 02:20:12 -05:00
William Vu fdbfaacdf6
Land #3313, progress feedback for PASS_FILE
[FixRM #8704]
2014-05-14 02:03:39 -05:00
William Vu 1ada4831e0
Land #3293, module deprecation constants 2014-05-14 01:37:29 -05:00
William Vu de49241195
Land #3185, regex option validation 2014-05-14 01:27:18 -05:00
agix 1a3b319262 rebase to use the mixin psexec 2014-05-13 16:04:40 +02:00
agix 87be2e674a Rebase on https://github.com/rapid7/metasploit-framework/pull/2831 and adapt to the new mixin 2014-05-13 16:04:40 +02:00
Florian Gaultier 808f87d213 SERVICE_DESCRIPTION doesn't concern this PR 2014-05-13 16:04:39 +02:00
Florian Gaultier bb4e9e2d4d correct error in block service_change_description 2014-05-13 16:04:39 +02:00
Florian Gaultier 6332957bd2 Try to add SERVICE_DESCRIPTION options to psexec, but it doesn't seem to work... 2014-05-13 16:04:39 +02:00
Florian Gaultier bdbb70ab71 up block_service_stopped.asm 2014-05-13 16:04:39 +02:00
Florian Gaultier 94f97ab963 Prevent import table overwritting by shifting entry point 2014-05-13 16:04:39 +02:00
Florian Gaultier e269c1e4f1 Improve service_block with service_stopped block to cleanly terminate service 2014-05-13 16:04:38 +02:00
Florian Gaultier c43e3cf581 Improve block_create_remote_process to point on shellcode everytime 2014-05-13 16:04:38 +02:00
Florian Gaultier 25d48b7300 Add create_remote_process block, now used in exe_service generation 2014-05-13 16:04:38 +02:00
Florian Gaultier 5ecebc3427 Add options `SERVICE_NAME` and `SERVICE_DISPLAYNAME` to psexec and correct service payload generation 2014-05-13 16:04:37 +02:00
Florian Gaultier 0b462ceea6 refactor `to_winpe_only` code to be used by `to_win32pe_service` 2014-05-13 16:04:37 +02:00
Florian Gaultier 914d15c285 fix typo 2014-05-13 16:04:37 +02:00
Florian Gaultier ca7a2c7a36 Add string_to_pushes to use non fixed size service_name 2014-05-13 16:04:37 +02:00
Florian Gaultier b3fd21b98d Change to try to follow ruby guidelines 2014-05-13 16:04:37 +02:00
Florian Gaultier 72a3e49fbb fix typo 2014-05-13 16:04:36 +02:00
Florian Gaultier 513f3de0f8 new service exe creation refreshed 2014-05-13 16:04:36 +02:00
Jeff Jarmoc 2849a1bc0c Update comment again 2014-05-12 13:10:20 -05:00
Jeff Jarmoc a3cc499a17 Update comment w/ all modes 2014-05-12 13:02:54 -05:00
Jeff Jarmoc d82bc11b7d Add 'u-noslashes' and re-order cases for consistency. 2014-05-12 13:01:05 -05:00
Jeff Jarmoc 5f523e8a04 Rex::Text::uri_encode - make 'hex-all' really mean all.
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes'  It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
William Vu 453851277f
Fix missing space in prompt for back and grep 2014-05-09 17:08:45 -05:00
William Vu 4b47a9a297
Land #3339, banner updates for Pro free trial 2014-05-09 15:25:09 -05:00
nstarke a71be33091 Adjusting status message to be based on time
Previously the status message timing was determined by the number of
pairs left to process.  I have adjusted the code to rely on Time.now
in order to consistently print a message out every 60 seconds.
2014-05-09 14:39:34 +00:00
Lutz Wolf 66252ba9e5 support negation in portspec 2014-05-08 21:35:35 +02:00
William Vu ee303aa34e
Add missing formats in lib/msf/core/db.rb comment
Found outside big if block. Ugh.
2014-05-08 10:27:38 -05:00
Tod Beardsley 281b000805
Typo fix for #3339 2014-05-08 10:18:19 -05:00
William Vu b50b3820a0
Update core/db.rb comments 'n' stuff 2014-05-08 02:53:02 -05:00
William Vu 7da6a2c84c
Update db_import help with authoritative formats
Taken from import_filetype_detect in lib/msf/core/db.rb.

[SeeRM #8799]
2014-05-08 02:30:29 -05:00
Tod Beardsley eecd05ec74
Fix banner language, padding. 2014-05-07 16:12:15 -05:00
Tod Beardsley c50c929412
Treat apt and binary installs the same for banners 2014-05-07 15:59:50 -05:00
Tod Beardsley ab56583ce0
Remove dead oldwarn code, fix shortlink 2014-05-07 09:49:41 -05:00
Tod Beardsley 7ed943cead
Add new rotating banners for apt installs 2014-05-07 09:39:39 -05:00
Tod Beardsley a55e2bcf19
Rework banner trailers in sprintf padding 2014-05-07 09:38:59 -05:00
Meatballs 3542f851bf Fix some yarddoc issues 2014-05-05 22:45:41 +02:00
Brendan Coles cc8ab9bcba Support one line js payload
Add missing ';' in `run_cmd_source`
2014-05-05 18:57:15 +10:00
Joshua Smith 5b1a207377 cleans up numerous superfluous returns in msf/core/module 2014-05-02 19:52:58 -04:00
nstarke f0a8f40acd Omitting timestamp from msfconsole search output
SeeRM #8795

The disclosure date field in the results from the search command
where returning with a timestamp that was almost always 00:00:00 UTC. I added a bit of date time formatting to only
include the year (4 digit), month (2 digit), and day (2 digit)
in the following format: Y-m-d.  This date time formatting
applies to both searches conducted through the database instance
as well as searches performed without a database (slow search).
2014-05-01 13:41:15 +00:00
Rob Fuller c3fb5bf614 fix a few clarical errors and typos 2014-04-29 22:42:26 -04:00
James Lee 4bd2dabfcd
Land #3121, new kiwi extension, with compiled bins
See also rapid7/meterpreter#79
2014-04-29 17:53:37 -05:00
nstarke ace9e797e1 Adding count-based print message
This commit removes the creation of a separate, timed
thread for printing out status messages to the user
in the case of large PASS_FILEs.  This adjustment eliminates
the overheard of context switching associated with
spinning off separate threads, as well as the dangers
associated with the Thread#kill method.
2014-04-29 22:10:08 +00:00
jvazquez-r7 2b4006089b
Land #3298, @wvu-r7's fix for db_import and its spec 2014-04-28 17:29:52 -05:00
nstarke eb98ea2d31 Large pass_file hangs login modules
SeeRM #8704

When running a *_login module that contains a large PASS_FILE
the module appears to hang while it is creating the combinations over
such a large dataset.  The solution proposed in the Redmine task
requested that the user be alerted with some sort of progress feedback
if the process takes an excessive amount of time.

I have added a message that logs to the console that contains the
number of pairs left to be constructed before the module will continue.
The verbiage is fairly arbitrary and should probably be updated to
something that might be more descriptive.  Likewise, the sleep
interval may need to be adjusted.
2014-04-28 21:45:14 +00:00
sinn3r 8a4c7b22ed
Land #3296 - Refactors firefox js usage into a mixin 2014-04-28 15:22:55 -05:00
Samuel Huckins 7fad215f3e
Merge branch 'bug/9582-metasploit-imports-and-tasks' into upstream-master
Land #3299
2014-04-28 10:47:23 -05:00
nstarke 0bca3a2d54 POST module duplicate search results
Running a POST module in meterpreter was causing duplicate search
results for the executed module.  For example, running
post/windows/gather/checkvm would produce duplicate results for that
module when executing “search checkvm” in msf.

Debugging revealed that the cmd_exec function in meterpreter’s ui
command_dispatcher core was creating the specified module, and then
promptly reloading it.  The reload function was causing the duplicate
module_detail record to be written to the msg postgres database
instance.  Further analysis revealed that the “original_mod” could be
used for running the post module, so the “reloaded_mod” was removed
and the “original_mod” used in it’s place to run the post module.

SeeRM #8754
2014-04-27 20:31:32 +00:00
William Vu 696eee1ada
Add Outpost24 to db_import help 2014-04-25 14:27:44 -05:00
lsanchez-r7 8f43c229b1
Passing the Mdm::Task down the chain
when reporting hosts from an Mdm::Task we need to pass the task all
the way down. this wasnt done for the metasploit import format.
2014-04-25 11:15:39 -05:00
joev f94d1f6546 Refactors firefox js usage into a mixin. 2014-04-24 15:09:48 -05:00
Trevor Rosen e556997bf7
Land #3269 (Pro) fix report import issue 2014-04-24 08:27:06 -05:00
Spencer McIntyre ec1f7d644c Support deprecation information from constants 2014-04-23 23:03:02 -04:00
James Lee 49bd86f077
Clean up yardocs and a few style issues 2014-04-21 03:12:23 -05:00
William Vu 7d801e3acc
Land #3200, goodbye LORCON modules :( 2014-04-18 12:32:22 -05:00
Samuel Huckins 2ed7a739c3
New reports in new exports can now import
MSP-9783

* Extracted import_report from monstrous import_msf_collateral;
simplified and clarified approach
* Updated report_report: includes all attrs provided vs subset, provides
more helpful error message
* Added report_artifact: adds child artifact for reports, handles
various troublesome cases
* Tested on all report types with a legion of option variants
2014-04-16 15:15:47 -05:00
sinn3r 54346f3f92
Land #3265 - Windows Post Manage Change Password 2014-04-15 18:45:48 -05:00
sinn3r 7a4e12976c
First little bit at Bug 8498
[FixRM #8489] rhost/rport modification
2014-04-15 18:20:16 -05:00
Meatballs 02b11afddc
Merge remote-tracking branch 'upstream/master' into netapi_change_passwd
Conflicts:
	lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb
2014-04-15 21:23:45 +01:00
Meatballs fc018eb32e
Initial commit 2014-04-15 21:05:06 +01:00
Tod Beardsley 9db01770ec
Add custom rhost/rport, remove editorializing desc
Verification:

````
resource (./a.rc)> run
[*] Connecting to FTP server ....
[*] FTP recv: "220 ProFTPD 1.3.3a Server (My FTP server)
[*] Connected to target FTP server.
[*] Authenticating as anonymous with password mozilla@example.com...
[*] FTP send: "USER anonymous\r\n"
[*] FTP recv: "331 Anonymous login ok, send your complete email address
as your password\r\n"
````

...etc.
2014-04-14 21:46:05 -05:00
David Maloney c537aebf0f
Land #3228, JtR colon Seperation 2014-04-14 11:19:16 -05:00
Tod Beardsley 2aecab89bb
14-day free trial banner for non-binary installs 2014-04-14 11:00:41 -05:00
agix ac63e84d02 Fix little bug when using msfencode and exe-only
When arch is not defined, arch is null so it crashs.
It should be 'x86' by default
2014-04-14 01:02:31 +02:00
sinn3r 7b6b94acd5
Land #3247 - Revert #3224 jsobfu string size fixes 2014-04-12 00:58:27 -05:00
joev e09f887c4c Revert "Fixes large-string expansion in JSObfu."
This reverts commit 14fed8c610.
2014-04-11 16:51:47 -05:00
joev 4cb04b6b9a Revert "Use implicit return for assignment."
This reverts commit 49139cc07f.
2014-04-11 16:51:40 -05:00
joev 21b2697b95 Revert "Use tiny var names by default."
This reverts commit 52432ef482.
2014-04-11 16:51:34 -05:00
joev d41b3467f8 Revert "Re-add the #random_string(len) method to pass specs."
This reverts commit bd8918e4e1.
2014-04-11 16:51:21 -05:00
Tod Beardsley 91293fd0db
Allow vhost to be maybe opts['rhost']
This enables passing rhost and rport directly to send_request_cgi
without having to monkey with the datastore.

See #8498
2014-04-10 16:47:49 -05:00
sinn3r 80faaf86d8 Add a link to explain about unmet exploit requirements 2014-04-10 14:01:16 -05:00
sinn3r a6a6ad2217
Land #3227 - Remove bundled rkelly, to Gemfile 2014-04-10 12:31:59 -05:00
sinn3r 68a50e3663
Land #3224 - Fixes large-string expansion in JSObfu 2014-04-10 12:09:22 -05:00
Tod Beardsley bc5f87b01a
Land #3195, check() fix 2014-04-10 08:59:53 -05:00