Commit Graph

15608 Commits (56bff4f748e652e6e53b7c4491c8bf40b622ba1e)

Author SHA1 Message Date
James Barnett 466b0004e1
Land #11163, add API endpoint for retrieving Mdm::Events 2019-01-08 09:26:53 -06:00
James Barnett 69ee3a4a26
Land #11187, Conform LoginServlet to API standards 2019-01-07 17:03:39 -06:00
James Barnett f23142c19c
Land #11183, add authentication to LoginServlet endpoints 2019-01-07 17:02:31 -06:00
Erin Bleiweiss cfa22bb4ec
Exclude key from VulnDetail update 2019-01-07 16:33:50 -06:00
Erin Bleiweiss 771469f4cd
Update all Mdm::xx.update() instances 2019-01-07 16:24:13 -06:00
Erin Bleiweiss 6641c606b2
Add support for db import from remote data service 2019-01-07 14:32:27 -06:00
James Barnett 02fda8625a
Address code review comments.
- Fix CSS on submit button
- Dont generate a new token when logging in to web form
- Also added text to account page to send the user to the login page when not logged in
2019-01-07 13:52:01 -06:00
asoto-r7 0ca4dd829e
Fixed an off-by-one error in fingerprinting string randomization 2019-01-04 16:31:43 -06:00
James Barnett 101fbb7aa5
Address code review comments 2019-01-04 15:23:24 -06:00
James Barnett 83267d08e0
Update jquery version and use SRI 2019-01-04 15:23:24 -06:00
James Barnett 4bbf84b949
Update login test page to use POST for generate-token 2019-01-04 15:22:32 -06:00
James Barnett 60681e4385
Use POST for token generation 2019-01-04 15:22:32 -06:00
James Barnett 1b29e17827
Dont array wrap refs 2019-01-04 15:10:21 -06:00
James Barnett b875d391fc
WIP: updating ref lookup based on code review comments 2019-01-04 15:10:20 -06:00
James Barnett 5f43ec0a79
Address code review comment 2019-01-04 15:10:20 -06:00
James Barnett 0281ddf78c
Remove vuln_refs from Vuln JSON schema
This object is just a pointer between Vulns and refs. We don't need to surface it
2019-01-04 15:10:20 -06:00
James Barnett 10cceb0e9b
Fix a couple of bugs introduced by symbolizing to_ar 2019-01-04 15:10:20 -06:00
James Barnett e9931fa70e
Fix bug when updating Mdm::Vuln.refs 2019-01-04 15:10:19 -06:00
James Barnett bcfe434d1e
Update to_ar to use symbolized keys 2019-01-04 15:10:19 -06:00
Tim W f4e84da495 add comment 2019-01-03 18:00:06 +08:00
William Vu cfec99b1a8
Land #11154, tab completion for aux rerun/exploit 2019-01-02 18:44:04 -06:00
Tim W c0dd020ff5 fix linux meterpreter ls 2019-01-02 19:09:46 +08:00
Tim W 79c58cd786 fix #11158, fix multi line text in android send_sms 2019-01-02 03:51:59 +08:00
Tim W 05d78e23ea fix #11189, fix meterpreter ls handling of large files 2019-01-02 03:34:13 +08:00
Matthew Kienow 4fc65b39a1
Make position of warden call the same as others
Minor correction for consistent usage since a previous refactoring moved
the authenticate call into the begin block.
2018-12-31 16:38:26 -05:00
Matthew Kienow 7b22527f8f
Make error message use same language as others 2018-12-31 16:37:08 -05:00
Matthew Kienow 05d810ac23
Add support for GET with ID in the path 2018-12-31 15:46:00 -05:00
Matthew Kienow 0e56c30ab2
Use data object wrapper for JSON response 2018-12-31 15:43:16 -05:00
Matthew Kienow 12f4222b2e
Fix to ensure authentication 2018-12-28 16:29:33 -05:00
Matthew Kienow 8361dab983
Minor method comment change 2018-12-27 21:57:31 -05:00
Brent Cook 66505790f9
Land #11179, Replace Sysrandom with Ruby default SecureRandom 2018-12-27 11:33:29 -06:00
Matthew Kienow 34e99c3857
Modify GET error message to match other servlets 2018-12-26 22:45:33 -05:00
Brent Cook 0d0356ccdd
Land #11126, Update sessions through the DBManager 2018-12-26 13:15:43 -06:00
Matthew Kienow ebc7a3a315
Replace sysrandom with ruby default securerandom 2018-12-26 13:40:44 -05:00
Wei Chen f5210abb55 Add rspec 2018-12-26 11:18:44 -06:00
Green-m 12a948dde5
Move down cmd_rerun to fix rspec issue. 2018-12-24 11:30:02 +08:00
Matthew Kienow b5bc65c3bd
Add GET handler to query events 2018-12-21 22:18:10 -05:00
Matthew Kienow a448b26f73
Remove unnecessary argument default value 2018-12-21 22:13:52 -05:00
Matthew Kienow 5e971132f3
Enhance events method to fully query events 2018-12-21 22:07:43 -05:00
Matthew Kienow 7e10b38421
Add events method 2018-12-21 21:37:42 -05:00
Brent Cook 9736e8252c Merge branch 'master' into land-11038- 2018-12-21 16:31:53 -06:00
William Vu b4ff3b544f Add CMDSTAGER::SSL datastore option
It has come to my attention that since I added the HTTP(S) command
stagers, no one has used HTTPS. This is probably why.

The CmdStager options hash takes precedence over any datastore options.
2018-12-21 14:51:49 -06:00
William Vu 5cff330a38
Land #11128, Rex::Exploitation::CmdStagerFetch 2018-12-21 14:16:57 -06:00
Garvit Dewan 3021a05553
Fix typo in report.rb 2018-12-21 17:51:46 +05:30
Green-m 06de47ce68
Enhance the command auto-complete in aux. 2018-12-21 18:03:57 +08:00
Wei Chen f7eb3452be
Land #11083, set user agent in Windows reverse_http(s) stagers 2018-12-19 11:38:12 -06:00
Brent Cook 09f9b887b9 don't bother handholding the empty string 2018-12-19 10:52:51 -06:00
Wei Chen 847e3232ab
Land #11102, remove old metasm remnants 2018-12-18 08:53:53 -06:00
Brendan Coles 8d93812c0a Add Rex::Exploitation::CmdStagerFetch 2018-12-15 03:30:00 +00:00
asoto-r7 a2a38bb72f
ysoserial: Distracted halfway through a comment 🙃 2018-12-14 15:07:13 -06:00
asoto-r7 74b4ba1c50
ysoserial: Change class name to camelcase to align with Ruby style guide 2018-12-14 14:44:58 -06:00
asoto-r7 212454b1fb
ysoserial: Support larger payloads, Randomize fingerprintable string 2018-12-14 14:43:30 -06:00
asoto-r7 fa74a1839a
Initial support for dynamic ysoserial Java serialization payloads 2018-12-14 12:51:08 -06:00
Matthew Kienow eec7a3dafc
Remove debug code 2018-12-14 13:33:16 -05:00
Matthew Kienow ad6b80bd08
Remove unused session_dto flag 2018-12-14 13:01:20 -05:00
Matthew Kienow a683cedcce
Enhance race condition workaround in report_host 2018-12-14 12:28:16 -05:00
Matthew Kienow c2af36f405
Use update_session rather than Mdm save method
The changes ensure that updates to an Mdm::Session are reflected on a
remote data service.
2018-12-14 12:22:49 -05:00
Matthew Kienow b6cdf7aa9d
Add update_session method 2018-12-14 12:04:55 -05:00
Matthew Kienow a8ed971f12
Move convert_msf_session_to_hash to data proxy 2018-12-14 11:46:12 -05:00
Matthew Kienow 3f9b2dadc8
Remove unnecessary single object selection 2018-12-14 11:20:19 -05:00
Matthew Kienow 4cefb8d06e
Fix typo 2018-12-14 11:19:40 -05:00
Jeffrey Martin 288cbd2386
add analyze command 2018-12-13 18:21:00 -06:00
Jeffrey Martin 4963647bf6
remove call to method not defined 2018-12-13 17:00:41 -06:00
bwatters-r7 564814c4db
Land #10676, Add support for ext_server_unhook
Merge branch 'land-10676' into upstream-master
2018-12-13 09:46:37 -06:00
William Vu a415063acd Reword CreateSession option description 2018-12-12 15:32:31 -06:00
Stephen Haywood eceb47a9da Move CREATE_SESSION option to advanced option CreateSession 2018-12-12 15:32:31 -06:00
Stephen Haywood 8a7187ad79 Add CREATE_SESSION option to CommanShell
Register the CREATE_SESSION option in command_shell_options so it
can be used with all modules that use start_session.
Modify ssh_login.rb, ssh_login_pubkey.rb, and telnet_login.rb to
use the new CREATE_SESSION option.
When CREATE_SESSION is set to true (default) a new session is
created with each successful login. When set to false a new session
is not created but the successful login is still registered in the
credentials database.
2018-12-12 15:32:31 -06:00
bwatters 0c9d5b7d51
refactor `unless !` to `if` 2018-12-11 10:04:55 -06:00
Brent Cook 4ff6f0171d remove old metasm remnants
Noticed while @asoto-r7 was reviewing Code Climate results, and it
highlighted some metasm code as having unusual code structure. Rather
than fixing it, we can delete it, since this is from upstream metasm
presumably, which we've used as a Gem for some time (thanks @egypt).

All payloads should still be regenerable, and evasion modules as well.
2018-12-10 18:58:53 -06:00
Brent Cook 43842ad41d
Land #11082, Update show plugins to show all available plugins as well 2018-12-10 10:20:51 -06:00
Brent Cook 733c2f637d
Land #11081, Add Msf::Post::Linux::Kernel.lkrg_installed? method 2018-12-08 09:14:57 -06:00
Brent Cook 3dca52510d pass NULL if the UA field is empty 2018-12-08 06:23:35 -06:00
Brent Cook 6f8fc55b86 set user agent in Windows reverse_http(s) stagers 2018-12-07 14:03:03 -06:00
Garvit Dewan 42c5a7d245 Update show plugins to show all available plugins as well as the loaded ones.
Fixes #11051
2018-12-08 01:19:44 +05:30
Brent Cook df76521100
Land #11066, add rpc output locking, fix logging 2018-12-07 13:49:10 -06:00
Brent Cook 09ffce4ec5 fix mutex locking, push to rpcSend 2018-12-07 13:28:34 -06:00
Brendan Coles 80d83720df Add Msf::Post::Linux::Kernel.lkrg_installed? method 2018-12-07 14:42:16 +00:00
Brent Cook 9e110eb9fc
Land #10940, add default service mapping to imports 2018-12-06 21:04:05 -06:00
Brent Cook f4282bfb56
Land #11064, Add Msf::Post::Linux::Kernel.kernel_config method 2018-12-06 20:52:12 -06:00
Brent Cook 310d6f0170
Land #11068, Update db_connect help text 2018-12-06 20:32:13 -06:00
James Barnett e36e27d91a
Port is optional for HTTP data services 2018-12-05 16:05:09 -06:00
James Barnett 1e57f025d9
Update db_connect help 2018-12-05 14:52:26 -06:00
Christopher Lee b0560c1ec8 Centralize logging sync, fix minor logging issues 2018-12-05 12:42:44 -06:00
Brendan Coles 25e4c4734f
return nil rather than empty array 2018-12-05 23:44:13 +11:00
Brendan Coles 9d690f4f8c Add Msf::Post::Linux::Kernel.kernel_config method 2018-12-05 11:19:36 +00:00
Brendan Coles 6040f779c5 Supress 'Permission denied' error in get_suid_files 2018-12-05 00:35:32 +00:00
Matthew Kienow c7acbc08ab
Land #11058, fix SSH key displayed by creds cmd 2018-12-04 15:25:51 -06:00
James Barnett 5e29d1206d
Land #11059, provide meaningful error when workspace doesnt exist 2018-12-04 14:53:43 -06:00
James Barnett 8799c550e1
Parse public and private as correct sub-type 2018-12-04 10:57:54 -06:00
Brent Cook 55a9a12670
Land #10964, add initial golang modules for enumerating owa/o365 2018-12-04 10:33:37 -06:00
Matthew Kienow 4f08243af9
Raise exception if workspace not found 2018-12-03 17:24:36 -06:00
Matthew Kienow 74a5d816be
Fix parentheses around args of method invocations 2018-12-03 17:19:59 -06:00
James Barnett d41f48853a
Use to_s when printing credential private 2018-12-03 16:46:30 -06:00
Brent Cook 042a793648
Land #11050, Add protection checks to Msf::Post::Linux::Kernel lib 2018-12-03 13:16:46 -06:00
Brent Cook 6574ceaab8
Land #11053, Add Openwall detection to Linux system lib 2018-12-03 12:46:36 -06:00
Christopher Lee b11bcd92a4 Broken into 3 modules, addressed review comments 2018-12-03 10:25:21 -06:00
Jeffrey Martin ab1bea1b22
Land #10798, Cisco device manager update 2018-12-03 01:39:19 -06:00
Brendan Coles f2b7036e37 Add Openwall detection to Linux system lib 2018-12-03 06:58:19 +00:00
Brendan Coles 0481cbffe6 Add check for Exec-Shield 2018-12-03 03:51:14 +00:00
Brendan Coles d87fef5ee3 Add grsec/PaX checks to Msf::Post::Linux::Kernel lib 2018-12-02 08:11:17 +00:00
Brendan Coles dc125d1dc5 return hostname 2018-12-01 05:20:47 +00:00
Christopher Lee 5b926bcbcf Addressed feedback 2018-11-30 13:18:02 -06:00
Christopher Lee 6225c04b99 Address review feedback, fix bugs 2018-11-30 11:36:39 -06:00
Jacob Robles 88ca775fd3
Land #10952, WP GDPR Compliance plugin exploit 2018-11-29 13:31:31 -06:00
asoto-r7 117d8ad986
Change default behavior of required OptString to permit empty strings 2018-11-29 11:34:44 -06:00
Green-m 3e571ff71a Compatible with REG_MULTI_SZ when set value. 2018-11-29 15:47:09 +08:00
Jacob Robles 9d33891652
Update register descriptions 2018-11-28 19:37:35 -06:00
Jacob Robles c4959da77f
Email validation and user registration 2018-11-28 17:56:55 -06:00
Wei Chen d523124faf
Land #10965, Add the macOS LPE from pwn2own2018 (CVE-2018-4237) 2018-11-27 14:00:35 -06:00
Brent Cook d7c1dd91c0
Land #10509, Add source meta command for shell sessions 2018-11-26 14:27:08 -06:00
Brent Cook 181fc292c2
Land #10861, Add framework for JSON-RPC and future Sinatra apps 2018-11-26 14:12:08 -06:00
Brent Cook 2cde2e4e21
Land #11017, Fix userns_enabled? check for unprivileged_userns_clone 2018-11-26 14:07:14 -06:00
Matthew Kienow fd75b75c61
Add FrameworkExtension 2018-11-26 13:08:42 -05:00
Matthew Kienow e144cc6738
Move under Msf::WebServices namespace 2018-11-26 12:58:10 -05:00
Brent Cook 0678d33760 Revert "ensure a value exists before returning the normalized key"
This reverts commit 063838fb17.
2018-11-26 10:10:07 -06:00
Brent Cook a98dbd1d61 Revert "Return the original key if it does not exist in the datastore"
This reverts commit 7312fa774f.
2018-11-26 10:10:07 -06:00
Brendan Coles 8f07f299b4 Fix userns_enabled? check for unprivileged_userns_clone 2018-11-25 01:26:49 +00:00
Brent Cook 847e630630 ensure incoming creds are all UTF-8 2018-11-22 09:20:12 -06:00
Brent Cook e07e5caebd don't do a binary regex against a regular string 2018-11-22 09:19:38 -06:00
Brent Cook cdc9c24f6d don't try to close a nil connection in smb login scanner mixin 2018-11-22 05:02:17 -06:00
Brent Cook 8694d6dd19
Land #10990, move metasploit web service code 2018-11-21 16:49:56 -06:00
Brent Cook 77723ba2f8
Land #11002, Support Python 3.7 in external probe scanner code 2018-11-21 16:23:34 -06:00
Brent Cook 682ebdc234
Land #11001, Properly error out when attempting to format ELFs 2018-11-21 16:13:40 -06:00
Adam Cammack 317f71f7f4
Land #10802, Make `msfvenom -f` case-insensitive 2018-11-21 16:04:30 -06:00
Brent Cook c9f8a591e5
Land #10872, Add --pad-nops option for msfvenom 2018-11-21 16:02:02 -06:00
Adam Cammack 44da31edb8
Support Python 3.7 in external probe scanner code 2018-11-21 15:06:54 -06:00
Adam Cammack 818c3c9f57
Properly error out when attempting to format ELFs 2018-11-21 14:57:37 -06:00
Adam Cammack 230ae70028
Land #11000, fix DB import error messages 2018-11-21 14:52:17 -06:00
Jeffrey Martin 1eb4a79410
adjust error message on impart 2018-11-21 14:42:48 -06:00
Brent Cook 7312fa774f Return the original key if it does not exist in the datastore 2018-11-21 06:03:50 -06:00
Brent Cook 063838fb17 ensure a value exists before returning the normalized key 2018-11-21 04:43:06 -06:00
Brent Cook da9e6edbf1 delete option aliases when an option is deleted
Otherwise the aliases will remain active and if the aliased value is redefined
2018-11-21 04:09:33 -06:00
Patrick 30bf716827
Use --pad-nops as a boolean to make -n <size> the total payload size. 2018-11-20 23:26:03 -06:00
Matthew Kienow 4cc9959e3f
Move MSF API App and associated servlets
The modules interact with the DbManager, however, are not a part of it
and belong in a more meaningful location for web services.
2018-11-19 18:46:15 -05:00
Brent Cook 630de06f9e
Land #10972, Rework session_compatible? check in post mixin, excluding ARCH_CMD modules 2018-11-19 16:08:15 -06:00
William Vu 6d317baada Coerce DisablePayloadHandler into a Boolean string
Due to discrepancies in how command dispatchers receive datastore
options, especially after a "save" of the console, Boolean values are
stored as strings.

This is a quick fix for DisablePayloadHandler specifically, since it was
driving me insane.
2018-11-19 13:18:15 -06:00
Erin Bleiweiss fd3ece3f9b
Land #10956, Use new 'data_service_operation' block in 'DataProxy' modules 2018-11-16 17:24:00 -06:00
William Vu 4726c58516 Update documentation 2018-11-16 12:40:42 -06:00
William Vu 1e3515bddc Clean up code 2018-11-16 05:04:54 -06:00
William Vu a58a91613a Exclude ARCH_CMD modules, not local exploits
We don't want to lose SessionTypes. Brain fart.
2018-11-16 05:00:17 -06:00
Brent Cook 8be53f8730
Land #10971, Fix extraneous whitespace in check output 2018-11-16 03:38:32 -06:00
Brendan Coles 277ed375d6
Ensure peer_msg falls back on an empty string
Co-Authored-By: wvu-r7 <wvu-r7@users.noreply.github.com>
2018-11-16 03:30:52 -06:00
William Vu b60ae0ff1a Limit session_compatible? check to post modules
Local exploits may define a different payload platform or arch.
2018-11-16 02:59:59 -06:00
William Vu eb90fc74a1 Fix extraneous whitespace in check output
Death to the peer gods.
2018-11-16 02:59:36 -06:00
Matthew Kienow 691b9276a6
Fix issue when re-establishing DB connection 2018-11-15 21:00:19 -05:00
Tim W 420be60900 add CVE-2018-4237 2018-11-15 08:48:10 +08:00
Christopher Lee 38bea6c29c Added msmailprobe to msf 2018-11-14 16:15:11 -06:00
Jacob Robles 795aa3c99c
Land #10828, git submodule url exec CVE-2018-17456 2018-11-14 12:39:13 -06:00
christopher lee 97ee965c6e
Landing #10884 - Add JSON-RPC Client 2018-11-13 08:31:55 -06:00
Matthew Kienow 2571c8cd86
Use data_service_operation block to perform work 2018-11-12 23:45:29 -05:00
Jeffrey Martin d2a78cecd0
improvements to code commente and floe 2018-11-12 17:31:43 -06:00
Jacob Robles 1b44fd0ade
Remove conditional for path 2018-11-12 11:05:40 -06:00
Jacob Robles a80ac67373
Prepend GO path 2018-11-12 11:03:19 -06:00
Jacob Robles 8dc974b51e
Prepend python path 2018-11-12 07:58:43 -06:00
Brendan Coles e231fd0623 next if onlyup 2018-11-10 16:21:06 +00:00
h00die 8ea4ed6314
land #10927 proper identification of centos/alpine linux in post libs 2018-11-10 08:33:35 -05:00
Jeffrey Martin 5ba44ff12d
add default service mapping to imports 2018-11-08 18:14:22 -06:00
Christian Mehlmauer 7127792fcf
tidy up external go modules 2018-11-06 20:23:10 +01:00
Brent Cook 407a9f3de1 remove debug 2018-11-06 11:12:02 -06:00
Brent Cook 76531cb818 gofmt all the things 2018-11-06 11:12:02 -06:00
Brent Cook 97bee891ce remove some ruby vestiges 2018-11-06 11:12:02 -06:00
Brent Cook df43b372fa initial golang module support 2018-11-06 11:12:02 -06:00
Brent Cook cfbc0a9a0c properly bubble up errors on external module load 2018-11-06 11:12:02 -06:00
Brent Cook dea460c813 golang module loader support 2018-11-06 11:12:02 -06:00
Brendan Coles 08d4e2265d Add CentOS and Alpine Linux detection to Linux system lib 2018-11-06 03:16:07 +00:00
Brendan Coles a8ff9b27f7
Land #10823, store host system data from post/system libs in database 2018-11-06 02:54:02 +00:00
h00die e7f5c0cfbf additional solaris-ish regexes 2018-11-05 19:25:08 -05:00
Brent Cook cb229411bc
Land #10888, Fix Net::SSH::CommandStream session open failure 2018-11-05 11:15:09 -06:00
Kevin Kirsche ad58930e9b Dump formats when invalid format is selected 2018-11-04 09:25:37 -05:00
Kevin Kirsche 9f77966ec9 Revert downcase throughout, instead use single downcase within option parsing 2018-11-04 08:57:45 -05:00
h00die 7326453024 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into hosts_data 2018-11-03 17:06:00 -04:00
h00die ca0249c539 enhancements to solaris host info db regex 2018-11-03 17:05:47 -04:00
William Vu e9b3502f98 Fix Net::SSH::CommandStream session open failure
I suspected this might be a problem for libssh servers.
2018-11-02 01:08:05 -05:00
William Vu 8372007576 Prefer method_defined? for the class 2018-11-02 00:34:17 -05:00
William Vu c3311da6e2 Be specific about report_on_exception 2018-11-02 00:24:16 -05:00
William Vu 0592420ea4 Fix thread exception reporting for Ruby 2.3.8
Thread::report_on_exception doesn't exist.
2018-11-01 18:59:23 -05:00
Brent Cook 7cf384405e only change thread behavior if on Ruby 2.5 or above 2018-11-01 18:24:12 -05:00
Brent Cook 4dcb31f26b only turn off thread reporting if it is already on 2018-11-01 18:08:52 -05:00
William Vu 0b682b6300 Preserve old thread exception reporting behavior
https://ruby-doc.org/core-2.5.0/Thread.html#method-c-report_on_exception
2018-11-01 17:30:49 -05:00
bwatters-r7 08ec8e1ef9
Land #10553, add x86/xor_dynamic and x64/xor_dynamic encoders
Merge branch 'land-10553' into upstream-master
2018-10-30 09:56:15 -05:00
Matthew Kienow 06966312c1
Remove unused code 2018-10-30 00:40:33 -04:00
Matthew Kienow 04e4c2941c
Remove unnecessary require 2018-10-30 00:19:21 -04:00
Matthew Kienow 3c3022902f
Add JSON-RPC Client 2018-10-30 00:15:58 -04:00
Matthew Kienow 24b1898e21
Fix comment 2018-10-29 23:27:50 -04:00
Patrick ffc193f49b
Issue #6100: Finalized changes to pass rake spec Msf::PayloadGenerator 2018-10-26 13:06:37 -05:00
James Barnett bd7c867485
Land #10862, fix issue with session reporting when DB is disabled 2018-10-26 10:58:06 -05:00
Matthew Kienow eb9dd311ce
Add check that data service is active 2018-10-25 23:07:31 -04:00
Matthew Kienow 2f8aacbf8d
Remove debug output 2018-10-25 14:44:11 -04:00
Matthew Kienow 64f8852797
Use data_service_operation block to perform work
This fixes the session report issue when the database is disabled,
because no exceptions are thrown from the DataProxy under these
conditions.
2018-10-25 14:38:13 -04:00
Matthew Kienow 7f8aeeb498
Raise RuntimeError rather than Exception 2018-10-25 14:29:24 -04:00
Matthew Kienow 8e2d6a62b1
Add block process data service operation method 2018-10-25 14:24:47 -04:00
Wei Chen 6920470f99
Land #10821, Enhance windows compiler w/ new functions 2018-10-24 20:28:36 -05:00
Wei Chen 2ab9a003d4
Land #10864, Add Cisco WebEx RCE Modules 2018-10-24 16:20:00 -05:00
h00die b875a102fe remove report_host data for another PR 2018-10-24 16:26:38 -04:00
Brent Cook 4dd2147d60
Land #10857, ensure os_flavor can be supplied for non Windows OS 2018-10-24 14:28:32 -05:00
Green-m 3c5aa93a0d
Fix for style consistency. 2018-10-24 15:17:37 +08:00
Green-m 129425ca94
Fix session report bug when database disabled. 2018-10-24 14:48:03 +08:00
Shelby Pace 34ae9c38f9
added WebEx modules, arch check 2018-10-23 15:51:23 -05:00
Jeffrey Martin efeacf8666
ensure os_flavor can be supplied for no Windows OS 2018-10-23 12:22:57 -05:00
Brent Cook b65f467ada
Land #10851, add ndkstager to data/exploits 2018-10-23 12:04:57 -05:00
William Vu 4182777488 Support SSH shell/exec channel request output
Looks like channel[:data] was initialized but never used.
2018-10-23 09:34:12 -05:00
asoto-r7 f742d3bd9a
Land #10450, Implementation of CTRL+Z in reverse shell session
Additionally, a check was added to disable this new functionality on
Windows command shell payloads.
2018-10-22 15:50:41 -05:00
h00die dd5ac16240 re-add report 2018-10-22 15:42:47 -04:00
h00die 4426e4131a remove unecessary include 2018-10-20 15:01:40 -04:00
William Vu da38dfb29a Clarify we never receive CHANNEL_OPEN_FAILURE 2018-10-19 13:25:19 -05:00
William Vu cc283d9def Add testing note about session channel opens 2018-10-19 13:13:22 -05:00
William Vu 21397330f8 Refactor fortinet_backdoor copypasta 2018-10-19 00:07:18 -05:00
William Vu d1354cc1f7 Add libssh auth bypass packet 2018-10-18 23:03:23 -05:00
William Vu cf00f20e11 Update Net::SSH::CommandStream exception handling 2018-10-18 22:45:16 -05:00
Tim W 64e257649f cleanup module 2018-10-18 11:45:59 +08:00
Tim W 290d4428c1 create git mixin 2018-10-18 11:31:31 +08:00
William Vu 6fd53fcb6a Fix whitespace further 2018-10-17 15:45:02 -05:00
William Vu 1e1950c83d Prefer keyword args after all
SINCE we've been using only the first two params, we're fine!
2018-10-17 15:41:19 -05:00
William Vu a453760aa4 Add PTY option to Net::SSH::CommandStream
This allows us to spawn a PTY for our shell session. Note that this will
write us to {u,w}tmp and lastlog, so use this option with care.

And yes, I did change the API, but up until now, we've been using only
the first two parameters. We should be using keyword args. /shrug
2018-10-17 15:40:13 -05:00
h00die e78b760678 database host info from post modules 2018-10-17 12:43:05 -04:00
Green-m ef3b1df647
Fix regular 2018-10-17 18:34:35 +08:00
Green-m 7b1b2198cb
resolve confiict. 2018-10-17 17:33:01 +08:00
Green-m 5df6f11cfc
Enhance regular to match blank before include. 2018-10-17 16:20:10 +08:00
h00die e8a08c9eeb review changes 2018-10-16 20:59:42 -04:00
Jacob Robles 786629afc9
Land #10818, Disable ERB templating for Metasploit::Framework::Compiler::Utils 2018-10-16 14:18:50 -05:00
h00die 32f4e2c9a0 add version and hostname to cisco config parser 2018-10-16 15:02:42 -04:00
Wei Chen 69cd0a5ddc Disable ERB templating for Metasploit::Framework::Compiler::Utils 2018-10-16 14:02:13 -05:00
Rich Whitcroft 854485a016 add bg command to meterpreter 2018-10-16 14:01:50 +00:00
Patrick 1241041739
[Issue 6100] Add --pad-size option to msfvenom to prepend nopsled given total payload size 2018-10-15 14:46:16 -05:00
Tim W 1e066df7fd fix debug printing 2018-10-15 17:04:31 +08:00
h00die f399b59ae4 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into cisco_device_manager 2018-10-13 13:31:20 -04:00
h00die 46a3d065ce fix indentation 2018-10-13 08:54:44 -04:00
Kevin Kirsche aadefdbc82 Update msfvenom formatter to be case insensitive 2018-10-12 11:11:52 -04:00
Brent Cook 4ae45cb20b comment around why we do this, make check more explicit 2018-10-12 02:12:30 -05:00
h00die e8097791fe remove spaces at eol 2018-10-11 21:46:45 -04:00
h00die d480a78b91 capture ephone creds 2018-10-11 21:21:53 -04:00
Nate Caroe 14e87bf06f
Baby come back 2018-10-11 11:10:36 -06:00
Nate Caroe e207c225a2
Remove function entirely 2018-10-11 10:41:43 -06:00
Nate Caroe 5c061c02b9
Remove peer information from the prefix 2018-10-10 16:31:48 -06:00
Brent Cook 3349ecf212
Land #10788, Clarify "NameError: wrong constant name" message on invalid module name 2018-10-10 15:34:55 -05:00
William Vu 0b8926715e Reactively check for invalid module names 2018-10-10 14:33:59 -05:00
William Vu 29f36a3921 Add Msf::ModuleLoadError exception 2018-10-10 14:22:40 -05:00
William Vu 1737935dc0 Convert reverse_relative_name to a class method
It'll be easier to use this way if someone uses it externally.
2018-10-10 13:21:18 -05:00
Brent Cook 12857a1d93
Land #10784, Add 'evasion' to search help 2018-10-10 13:02:45 -05:00
Brent Cook e829c6a838
Land #10786, Fix 'show evasion' command 2018-10-10 13:01:35 -05:00
Brent Cook 1a0df7ce07
Land #10787, Remove unused 'unknown' author mapping in author.rb 2018-10-10 13:01:05 -05:00
William Vu 63bcbdc8db Remove unknown author mapping in author.rb
No one was using it and instead writing "Unknown" directly. It was also
producing an invalid e-mail address.
2018-10-10 11:59:01 -05:00
Tim W fe356dabca convert payload to dylib 2018-10-10 23:35:20 +08:00
Wei Chen b103ea256d Fix #10785, incorrect implementation of "show evasion" command
Fix #10785
2018-10-10 10:20:12 -05:00
Auxilus a6797f101d
Add 'evasion' to search help 2018-10-10 20:15:47 +05:30
Brent Cook ba0bfb1114
Land #10781, Fix error in rpc_shell_read RPC method. 2018-10-10 09:02:47 -05:00
Tim W 4653cbdda1 add macho mixin 2018-10-10 20:27:56 +08:00
Tim W f2ebdd4cdf add apple_ios/armle/meterpreter/reverse_tcp 2018-10-10 17:39:51 +08:00
Ivo Nutár 50755b2e00 Fix function rpc_shell_read - return result as string 2018-10-10 11:36:17 +02:00
Ivo Nutár 36b7fb3524 Fix function rpc_shell_read - remove wrong parameter data, return correct values 2018-10-10 11:31:03 +02:00