James Barnett
466b0004e1
Land #11163 , add API endpoint for retrieving Mdm::Events
2019-01-08 09:26:53 -06:00
James Barnett
69ee3a4a26
Land #11187 , Conform LoginServlet to API standards
2019-01-07 17:03:39 -06:00
James Barnett
f23142c19c
Land #11183 , add authentication to LoginServlet endpoints
2019-01-07 17:02:31 -06:00
Erin Bleiweiss
cfa22bb4ec
Exclude key from VulnDetail update
2019-01-07 16:33:50 -06:00
Erin Bleiweiss
771469f4cd
Update all Mdm::xx.update() instances
2019-01-07 16:24:13 -06:00
Erin Bleiweiss
6641c606b2
Add support for db import from remote data service
2019-01-07 14:32:27 -06:00
James Barnett
02fda8625a
Address code review comments.
...
- Fix CSS on submit button
- Dont generate a new token when logging in to web form
- Also added text to account page to send the user to the login page when not logged in
2019-01-07 13:52:01 -06:00
asoto-r7
0ca4dd829e
Fixed an off-by-one error in fingerprinting string randomization
2019-01-04 16:31:43 -06:00
James Barnett
101fbb7aa5
Address code review comments
2019-01-04 15:23:24 -06:00
James Barnett
83267d08e0
Update jquery version and use SRI
2019-01-04 15:23:24 -06:00
James Barnett
4bbf84b949
Update login test page to use POST for generate-token
2019-01-04 15:22:32 -06:00
James Barnett
60681e4385
Use POST for token generation
2019-01-04 15:22:32 -06:00
James Barnett
1b29e17827
Dont array wrap refs
2019-01-04 15:10:21 -06:00
James Barnett
b875d391fc
WIP: updating ref lookup based on code review comments
2019-01-04 15:10:20 -06:00
James Barnett
5f43ec0a79
Address code review comment
2019-01-04 15:10:20 -06:00
James Barnett
0281ddf78c
Remove vuln_refs from Vuln JSON schema
...
This object is just a pointer between Vulns and refs. We don't need to surface it
2019-01-04 15:10:20 -06:00
James Barnett
10cceb0e9b
Fix a couple of bugs introduced by symbolizing to_ar
2019-01-04 15:10:20 -06:00
James Barnett
e9931fa70e
Fix bug when updating Mdm::Vuln.refs
2019-01-04 15:10:19 -06:00
James Barnett
bcfe434d1e
Update to_ar to use symbolized keys
2019-01-04 15:10:19 -06:00
Tim W
f4e84da495
add comment
2019-01-03 18:00:06 +08:00
William Vu
cfec99b1a8
Land #11154 , tab completion for aux rerun/exploit
2019-01-02 18:44:04 -06:00
Tim W
c0dd020ff5
fix linux meterpreter ls
2019-01-02 19:09:46 +08:00
Tim W
79c58cd786
fix #11158 , fix multi line text in android send_sms
2019-01-02 03:51:59 +08:00
Tim W
05d78e23ea
fix #11189 , fix meterpreter ls handling of large files
2019-01-02 03:34:13 +08:00
Matthew Kienow
4fc65b39a1
Make position of warden call the same as others
...
Minor correction for consistent usage since a previous refactoring moved
the authenticate call into the begin block.
2018-12-31 16:38:26 -05:00
Matthew Kienow
7b22527f8f
Make error message use same language as others
2018-12-31 16:37:08 -05:00
Matthew Kienow
05d810ac23
Add support for GET with ID in the path
2018-12-31 15:46:00 -05:00
Matthew Kienow
0e56c30ab2
Use data object wrapper for JSON response
2018-12-31 15:43:16 -05:00
Matthew Kienow
12f4222b2e
Fix to ensure authentication
2018-12-28 16:29:33 -05:00
Matthew Kienow
8361dab983
Minor method comment change
2018-12-27 21:57:31 -05:00
Brent Cook
66505790f9
Land #11179 , Replace Sysrandom with Ruby default SecureRandom
2018-12-27 11:33:29 -06:00
Matthew Kienow
34e99c3857
Modify GET error message to match other servlets
2018-12-26 22:45:33 -05:00
Brent Cook
0d0356ccdd
Land #11126 , Update sessions through the DBManager
2018-12-26 13:15:43 -06:00
Matthew Kienow
ebc7a3a315
Replace sysrandom with ruby default securerandom
2018-12-26 13:40:44 -05:00
Wei Chen
f5210abb55
Add rspec
2018-12-26 11:18:44 -06:00
Green-m
12a948dde5
Move down cmd_rerun to fix rspec issue.
2018-12-24 11:30:02 +08:00
Matthew Kienow
b5bc65c3bd
Add GET handler to query events
2018-12-21 22:18:10 -05:00
Matthew Kienow
a448b26f73
Remove unnecessary argument default value
2018-12-21 22:13:52 -05:00
Matthew Kienow
5e971132f3
Enhance events method to fully query events
2018-12-21 22:07:43 -05:00
Matthew Kienow
7e10b38421
Add events method
2018-12-21 21:37:42 -05:00
Brent Cook
9736e8252c
Merge branch 'master' into land-11038-
2018-12-21 16:31:53 -06:00
William Vu
b4ff3b544f
Add CMDSTAGER::SSL datastore option
...
It has come to my attention that since I added the HTTP(S) command
stagers, no one has used HTTPS. This is probably why.
The CmdStager options hash takes precedence over any datastore options.
2018-12-21 14:51:49 -06:00
William Vu
5cff330a38
Land #11128 , Rex::Exploitation::CmdStagerFetch
2018-12-21 14:16:57 -06:00
Garvit Dewan
3021a05553
Fix typo in report.rb
2018-12-21 17:51:46 +05:30
Green-m
06de47ce68
Enhance the command auto-complete in aux.
2018-12-21 18:03:57 +08:00
Wei Chen
f7eb3452be
Land #11083 , set user agent in Windows reverse_http(s) stagers
2018-12-19 11:38:12 -06:00
Brent Cook
09f9b887b9
don't bother handholding the empty string
2018-12-19 10:52:51 -06:00
Wei Chen
847e3232ab
Land #11102 , remove old metasm remnants
2018-12-18 08:53:53 -06:00
Brendan Coles
8d93812c0a
Add Rex::Exploitation::CmdStagerFetch
2018-12-15 03:30:00 +00:00
asoto-r7
a2a38bb72f
ysoserial: Distracted halfway through a comment 🙃
2018-12-14 15:07:13 -06:00
asoto-r7
74b4ba1c50
ysoserial: Change class name to camelcase to align with Ruby style guide
2018-12-14 14:44:58 -06:00
asoto-r7
212454b1fb
ysoserial: Support larger payloads, Randomize fingerprintable string
2018-12-14 14:43:30 -06:00
asoto-r7
fa74a1839a
Initial support for dynamic ysoserial Java serialization payloads
2018-12-14 12:51:08 -06:00
Matthew Kienow
eec7a3dafc
Remove debug code
2018-12-14 13:33:16 -05:00
Matthew Kienow
ad6b80bd08
Remove unused session_dto flag
2018-12-14 13:01:20 -05:00
Matthew Kienow
a683cedcce
Enhance race condition workaround in report_host
2018-12-14 12:28:16 -05:00
Matthew Kienow
c2af36f405
Use update_session rather than Mdm save method
...
The changes ensure that updates to an Mdm::Session are reflected on a
remote data service.
2018-12-14 12:22:49 -05:00
Matthew Kienow
b6cdf7aa9d
Add update_session method
2018-12-14 12:04:55 -05:00
Matthew Kienow
a8ed971f12
Move convert_msf_session_to_hash to data proxy
2018-12-14 11:46:12 -05:00
Matthew Kienow
3f9b2dadc8
Remove unnecessary single object selection
2018-12-14 11:20:19 -05:00
Matthew Kienow
4cefb8d06e
Fix typo
2018-12-14 11:19:40 -05:00
Jeffrey Martin
288cbd2386
add analyze command
2018-12-13 18:21:00 -06:00
Jeffrey Martin
4963647bf6
remove call to method not defined
2018-12-13 17:00:41 -06:00
bwatters-r7
564814c4db
Land #10676 , Add support for ext_server_unhook
...
Merge branch 'land-10676' into upstream-master
2018-12-13 09:46:37 -06:00
William Vu
a415063acd
Reword CreateSession option description
2018-12-12 15:32:31 -06:00
Stephen Haywood
eceb47a9da
Move CREATE_SESSION option to advanced option CreateSession
2018-12-12 15:32:31 -06:00
Stephen Haywood
8a7187ad79
Add CREATE_SESSION option to CommanShell
...
Register the CREATE_SESSION option in command_shell_options so it
can be used with all modules that use start_session.
Modify ssh_login.rb, ssh_login_pubkey.rb, and telnet_login.rb to
use the new CREATE_SESSION option.
When CREATE_SESSION is set to true (default) a new session is
created with each successful login. When set to false a new session
is not created but the successful login is still registered in the
credentials database.
2018-12-12 15:32:31 -06:00
bwatters
0c9d5b7d51
refactor `unless !` to `if`
2018-12-11 10:04:55 -06:00
Brent Cook
4ff6f0171d
remove old metasm remnants
...
Noticed while @asoto-r7 was reviewing Code Climate results, and it
highlighted some metasm code as having unusual code structure. Rather
than fixing it, we can delete it, since this is from upstream metasm
presumably, which we've used as a Gem for some time (thanks @egypt).
All payloads should still be regenerable, and evasion modules as well.
2018-12-10 18:58:53 -06:00
Brent Cook
43842ad41d
Land #11082 , Update show plugins to show all available plugins as well
2018-12-10 10:20:51 -06:00
Brent Cook
733c2f637d
Land #11081 , Add Msf::Post::Linux::Kernel.lkrg_installed? method
2018-12-08 09:14:57 -06:00
Brent Cook
3dca52510d
pass NULL if the UA field is empty
2018-12-08 06:23:35 -06:00
Brent Cook
6f8fc55b86
set user agent in Windows reverse_http(s) stagers
2018-12-07 14:03:03 -06:00
Garvit Dewan
42c5a7d245
Update show plugins to show all available plugins as well as the loaded ones.
...
Fixes #11051
2018-12-08 01:19:44 +05:30
Brent Cook
df76521100
Land #11066 , add rpc output locking, fix logging
2018-12-07 13:49:10 -06:00
Brent Cook
09ffce4ec5
fix mutex locking, push to rpcSend
2018-12-07 13:28:34 -06:00
Brendan Coles
80d83720df
Add Msf::Post::Linux::Kernel.lkrg_installed? method
2018-12-07 14:42:16 +00:00
Brent Cook
9e110eb9fc
Land #10940 , add default service mapping to imports
2018-12-06 21:04:05 -06:00
Brent Cook
f4282bfb56
Land #11064 , Add Msf::Post::Linux::Kernel.kernel_config method
2018-12-06 20:52:12 -06:00
Brent Cook
310d6f0170
Land #11068 , Update db_connect help text
2018-12-06 20:32:13 -06:00
James Barnett
e36e27d91a
Port is optional for HTTP data services
2018-12-05 16:05:09 -06:00
James Barnett
1e57f025d9
Update db_connect help
2018-12-05 14:52:26 -06:00
Christopher Lee
b0560c1ec8
Centralize logging sync, fix minor logging issues
2018-12-05 12:42:44 -06:00
Brendan Coles
25e4c4734f
return nil rather than empty array
2018-12-05 23:44:13 +11:00
Brendan Coles
9d690f4f8c
Add Msf::Post::Linux::Kernel.kernel_config method
2018-12-05 11:19:36 +00:00
Brendan Coles
6040f779c5
Supress 'Permission denied' error in get_suid_files
2018-12-05 00:35:32 +00:00
Matthew Kienow
c7acbc08ab
Land #11058 , fix SSH key displayed by creds cmd
2018-12-04 15:25:51 -06:00
James Barnett
5e29d1206d
Land #11059 , provide meaningful error when workspace doesnt exist
2018-12-04 14:53:43 -06:00
James Barnett
8799c550e1
Parse public and private as correct sub-type
2018-12-04 10:57:54 -06:00
Brent Cook
55a9a12670
Land #10964 , add initial golang modules for enumerating owa/o365
2018-12-04 10:33:37 -06:00
Matthew Kienow
4f08243af9
Raise exception if workspace not found
2018-12-03 17:24:36 -06:00
Matthew Kienow
74a5d816be
Fix parentheses around args of method invocations
2018-12-03 17:19:59 -06:00
James Barnett
d41f48853a
Use to_s when printing credential private
2018-12-03 16:46:30 -06:00
Brent Cook
042a793648
Land #11050 , Add protection checks to Msf::Post::Linux::Kernel lib
2018-12-03 13:16:46 -06:00
Brent Cook
6574ceaab8
Land #11053 , Add Openwall detection to Linux system lib
2018-12-03 12:46:36 -06:00
Christopher Lee
b11bcd92a4
Broken into 3 modules, addressed review comments
2018-12-03 10:25:21 -06:00
Jeffrey Martin
ab1bea1b22
Land #10798 , Cisco device manager update
2018-12-03 01:39:19 -06:00
Brendan Coles
f2b7036e37
Add Openwall detection to Linux system lib
2018-12-03 06:58:19 +00:00
Brendan Coles
0481cbffe6
Add check for Exec-Shield
2018-12-03 03:51:14 +00:00
Brendan Coles
d87fef5ee3
Add grsec/PaX checks to Msf::Post::Linux::Kernel lib
2018-12-02 08:11:17 +00:00
Brendan Coles
dc125d1dc5
return hostname
2018-12-01 05:20:47 +00:00
Christopher Lee
5b926bcbcf
Addressed feedback
2018-11-30 13:18:02 -06:00
Christopher Lee
6225c04b99
Address review feedback, fix bugs
2018-11-30 11:36:39 -06:00
Jacob Robles
88ca775fd3
Land #10952 , WP GDPR Compliance plugin exploit
2018-11-29 13:31:31 -06:00
asoto-r7
117d8ad986
Change default behavior of required OptString to permit empty strings
2018-11-29 11:34:44 -06:00
Green-m
3e571ff71a
Compatible with REG_MULTI_SZ when set value.
2018-11-29 15:47:09 +08:00
Jacob Robles
9d33891652
Update register descriptions
2018-11-28 19:37:35 -06:00
Jacob Robles
c4959da77f
Email validation and user registration
2018-11-28 17:56:55 -06:00
Wei Chen
d523124faf
Land #10965 , Add the macOS LPE from pwn2own2018 (CVE-2018-4237)
2018-11-27 14:00:35 -06:00
Brent Cook
d7c1dd91c0
Land #10509 , Add source meta command for shell sessions
2018-11-26 14:27:08 -06:00
Brent Cook
181fc292c2
Land #10861 , Add framework for JSON-RPC and future Sinatra apps
2018-11-26 14:12:08 -06:00
Brent Cook
2cde2e4e21
Land #11017 , Fix userns_enabled? check for unprivileged_userns_clone
2018-11-26 14:07:14 -06:00
Matthew Kienow
fd75b75c61
Add FrameworkExtension
2018-11-26 13:08:42 -05:00
Matthew Kienow
e144cc6738
Move under Msf::WebServices namespace
2018-11-26 12:58:10 -05:00
Brent Cook
0678d33760
Revert "ensure a value exists before returning the normalized key"
...
This reverts commit 063838fb17
.
2018-11-26 10:10:07 -06:00
Brent Cook
a98dbd1d61
Revert "Return the original key if it does not exist in the datastore"
...
This reverts commit 7312fa774f
.
2018-11-26 10:10:07 -06:00
Brendan Coles
8f07f299b4
Fix userns_enabled? check for unprivileged_userns_clone
2018-11-25 01:26:49 +00:00
Brent Cook
847e630630
ensure incoming creds are all UTF-8
2018-11-22 09:20:12 -06:00
Brent Cook
e07e5caebd
don't do a binary regex against a regular string
2018-11-22 09:19:38 -06:00
Brent Cook
cdc9c24f6d
don't try to close a nil connection in smb login scanner mixin
2018-11-22 05:02:17 -06:00
Brent Cook
8694d6dd19
Land #10990 , move metasploit web service code
2018-11-21 16:49:56 -06:00
Brent Cook
77723ba2f8
Land #11002 , Support Python 3.7 in external probe scanner code
2018-11-21 16:23:34 -06:00
Brent Cook
682ebdc234
Land #11001 , Properly error out when attempting to format ELFs
2018-11-21 16:13:40 -06:00
Adam Cammack
317f71f7f4
Land #10802 , Make `msfvenom -f` case-insensitive
2018-11-21 16:04:30 -06:00
Brent Cook
c9f8a591e5
Land #10872 , Add --pad-nops option for msfvenom
2018-11-21 16:02:02 -06:00
Adam Cammack
44da31edb8
Support Python 3.7 in external probe scanner code
2018-11-21 15:06:54 -06:00
Adam Cammack
818c3c9f57
Properly error out when attempting to format ELFs
2018-11-21 14:57:37 -06:00
Adam Cammack
230ae70028
Land #11000 , fix DB import error messages
2018-11-21 14:52:17 -06:00
Jeffrey Martin
1eb4a79410
adjust error message on impart
2018-11-21 14:42:48 -06:00
Brent Cook
7312fa774f
Return the original key if it does not exist in the datastore
2018-11-21 06:03:50 -06:00
Brent Cook
063838fb17
ensure a value exists before returning the normalized key
2018-11-21 04:43:06 -06:00
Brent Cook
da9e6edbf1
delete option aliases when an option is deleted
...
Otherwise the aliases will remain active and if the aliased value is redefined
2018-11-21 04:09:33 -06:00
Patrick
30bf716827
Use --pad-nops as a boolean to make -n <size> the total payload size.
2018-11-20 23:26:03 -06:00
Matthew Kienow
4cc9959e3f
Move MSF API App and associated servlets
...
The modules interact with the DbManager, however, are not a part of it
and belong in a more meaningful location for web services.
2018-11-19 18:46:15 -05:00
Brent Cook
630de06f9e
Land #10972 , Rework session_compatible? check in post mixin, excluding ARCH_CMD modules
2018-11-19 16:08:15 -06:00
William Vu
6d317baada
Coerce DisablePayloadHandler into a Boolean string
...
Due to discrepancies in how command dispatchers receive datastore
options, especially after a "save" of the console, Boolean values are
stored as strings.
This is a quick fix for DisablePayloadHandler specifically, since it was
driving me insane.
2018-11-19 13:18:15 -06:00
Erin Bleiweiss
fd3ece3f9b
Land #10956 , Use new 'data_service_operation' block in 'DataProxy' modules
2018-11-16 17:24:00 -06:00
William Vu
4726c58516
Update documentation
2018-11-16 12:40:42 -06:00
William Vu
1e3515bddc
Clean up code
2018-11-16 05:04:54 -06:00
William Vu
a58a91613a
Exclude ARCH_CMD modules, not local exploits
...
We don't want to lose SessionTypes. Brain fart.
2018-11-16 05:00:17 -06:00
Brent Cook
8be53f8730
Land #10971 , Fix extraneous whitespace in check output
2018-11-16 03:38:32 -06:00
Brendan Coles
277ed375d6
Ensure peer_msg falls back on an empty string
...
Co-Authored-By: wvu-r7 <wvu-r7@users.noreply.github.com>
2018-11-16 03:30:52 -06:00
William Vu
b60ae0ff1a
Limit session_compatible? check to post modules
...
Local exploits may define a different payload platform or arch.
2018-11-16 02:59:59 -06:00
William Vu
eb90fc74a1
Fix extraneous whitespace in check output
...
Death to the peer gods.
2018-11-16 02:59:36 -06:00
Matthew Kienow
691b9276a6
Fix issue when re-establishing DB connection
2018-11-15 21:00:19 -05:00
Tim W
420be60900
add CVE-2018-4237
2018-11-15 08:48:10 +08:00
Christopher Lee
38bea6c29c
Added msmailprobe to msf
2018-11-14 16:15:11 -06:00
Jacob Robles
795aa3c99c
Land #10828 , git submodule url exec CVE-2018-17456
2018-11-14 12:39:13 -06:00
christopher lee
97ee965c6e
Landing #10884 - Add JSON-RPC Client
2018-11-13 08:31:55 -06:00
Matthew Kienow
2571c8cd86
Use data_service_operation block to perform work
2018-11-12 23:45:29 -05:00
Jeffrey Martin
d2a78cecd0
improvements to code commente and floe
2018-11-12 17:31:43 -06:00
Jacob Robles
1b44fd0ade
Remove conditional for path
2018-11-12 11:05:40 -06:00
Jacob Robles
a80ac67373
Prepend GO path
2018-11-12 11:03:19 -06:00
Jacob Robles
8dc974b51e
Prepend python path
2018-11-12 07:58:43 -06:00
Brendan Coles
e231fd0623
next if onlyup
2018-11-10 16:21:06 +00:00
h00die
8ea4ed6314
land #10927 proper identification of centos/alpine linux in post libs
2018-11-10 08:33:35 -05:00
Jeffrey Martin
5ba44ff12d
add default service mapping to imports
2018-11-08 18:14:22 -06:00
Christian Mehlmauer
7127792fcf
tidy up external go modules
2018-11-06 20:23:10 +01:00
Brent Cook
407a9f3de1
remove debug
2018-11-06 11:12:02 -06:00
Brent Cook
76531cb818
gofmt all the things
2018-11-06 11:12:02 -06:00
Brent Cook
97bee891ce
remove some ruby vestiges
2018-11-06 11:12:02 -06:00
Brent Cook
df43b372fa
initial golang module support
2018-11-06 11:12:02 -06:00
Brent Cook
cfbc0a9a0c
properly bubble up errors on external module load
2018-11-06 11:12:02 -06:00
Brent Cook
dea460c813
golang module loader support
2018-11-06 11:12:02 -06:00
Brendan Coles
08d4e2265d
Add CentOS and Alpine Linux detection to Linux system lib
2018-11-06 03:16:07 +00:00
Brendan Coles
a8ff9b27f7
Land #10823 , store host system data from post/system libs in database
2018-11-06 02:54:02 +00:00
h00die
e7f5c0cfbf
additional solaris-ish regexes
2018-11-05 19:25:08 -05:00
Brent Cook
cb229411bc
Land #10888 , Fix Net::SSH::CommandStream session open failure
2018-11-05 11:15:09 -06:00
Kevin Kirsche
ad58930e9b
Dump formats when invalid format is selected
2018-11-04 09:25:37 -05:00
Kevin Kirsche
9f77966ec9
Revert downcase throughout, instead use single downcase within option parsing
2018-11-04 08:57:45 -05:00
h00die
7326453024
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into hosts_data
2018-11-03 17:06:00 -04:00
h00die
ca0249c539
enhancements to solaris host info db regex
2018-11-03 17:05:47 -04:00
William Vu
e9b3502f98
Fix Net::SSH::CommandStream session open failure
...
I suspected this might be a problem for libssh servers.
2018-11-02 01:08:05 -05:00
William Vu
8372007576
Prefer method_defined? for the class
2018-11-02 00:34:17 -05:00
William Vu
c3311da6e2
Be specific about report_on_exception
2018-11-02 00:24:16 -05:00
William Vu
0592420ea4
Fix thread exception reporting for Ruby 2.3.8
...
Thread::report_on_exception doesn't exist.
2018-11-01 18:59:23 -05:00
Brent Cook
7cf384405e
only change thread behavior if on Ruby 2.5 or above
2018-11-01 18:24:12 -05:00
Brent Cook
4dcb31f26b
only turn off thread reporting if it is already on
2018-11-01 18:08:52 -05:00
William Vu
0b682b6300
Preserve old thread exception reporting behavior
...
https://ruby-doc.org/core-2.5.0/Thread.html#method-c-report_on_exception
2018-11-01 17:30:49 -05:00
bwatters-r7
08ec8e1ef9
Land #10553 , add x86/xor_dynamic and x64/xor_dynamic encoders
...
Merge branch 'land-10553' into upstream-master
2018-10-30 09:56:15 -05:00
Matthew Kienow
06966312c1
Remove unused code
2018-10-30 00:40:33 -04:00
Matthew Kienow
04e4c2941c
Remove unnecessary require
2018-10-30 00:19:21 -04:00
Matthew Kienow
3c3022902f
Add JSON-RPC Client
2018-10-30 00:15:58 -04:00
Matthew Kienow
24b1898e21
Fix comment
2018-10-29 23:27:50 -04:00
Patrick
ffc193f49b
Issue #6100 : Finalized changes to pass rake spec Msf::PayloadGenerator
2018-10-26 13:06:37 -05:00
James Barnett
bd7c867485
Land #10862 , fix issue with session reporting when DB is disabled
2018-10-26 10:58:06 -05:00
Matthew Kienow
eb9dd311ce
Add check that data service is active
2018-10-25 23:07:31 -04:00
Matthew Kienow
2f8aacbf8d
Remove debug output
2018-10-25 14:44:11 -04:00
Matthew Kienow
64f8852797
Use data_service_operation block to perform work
...
This fixes the session report issue when the database is disabled,
because no exceptions are thrown from the DataProxy under these
conditions.
2018-10-25 14:38:13 -04:00
Matthew Kienow
7f8aeeb498
Raise RuntimeError rather than Exception
2018-10-25 14:29:24 -04:00
Matthew Kienow
8e2d6a62b1
Add block process data service operation method
2018-10-25 14:24:47 -04:00
Wei Chen
6920470f99
Land #10821 , Enhance windows compiler w/ new functions
2018-10-24 20:28:36 -05:00
Wei Chen
2ab9a003d4
Land #10864 , Add Cisco WebEx RCE Modules
2018-10-24 16:20:00 -05:00
h00die
b875a102fe
remove report_host data for another PR
2018-10-24 16:26:38 -04:00
Brent Cook
4dd2147d60
Land #10857 , ensure os_flavor can be supplied for non Windows OS
2018-10-24 14:28:32 -05:00
Green-m
3c5aa93a0d
Fix for style consistency.
2018-10-24 15:17:37 +08:00
Green-m
129425ca94
Fix session report bug when database disabled.
2018-10-24 14:48:03 +08:00
Shelby Pace
34ae9c38f9
added WebEx modules, arch check
2018-10-23 15:51:23 -05:00
Jeffrey Martin
efeacf8666
ensure os_flavor can be supplied for no Windows OS
2018-10-23 12:22:57 -05:00
Brent Cook
b65f467ada
Land #10851 , add ndkstager to data/exploits
2018-10-23 12:04:57 -05:00
William Vu
4182777488
Support SSH shell/exec channel request output
...
Looks like channel[:data] was initialized but never used.
2018-10-23 09:34:12 -05:00
asoto-r7
f742d3bd9a
Land #10450 , Implementation of CTRL+Z in reverse shell session
...
Additionally, a check was added to disable this new functionality on
Windows command shell payloads.
2018-10-22 15:50:41 -05:00
h00die
dd5ac16240
re-add report
2018-10-22 15:42:47 -04:00
h00die
4426e4131a
remove unecessary include
2018-10-20 15:01:40 -04:00
William Vu
da38dfb29a
Clarify we never receive CHANNEL_OPEN_FAILURE
2018-10-19 13:25:19 -05:00
William Vu
cc283d9def
Add testing note about session channel opens
2018-10-19 13:13:22 -05:00
William Vu
21397330f8
Refactor fortinet_backdoor copypasta
2018-10-19 00:07:18 -05:00
William Vu
d1354cc1f7
Add libssh auth bypass packet
2018-10-18 23:03:23 -05:00
William Vu
cf00f20e11
Update Net::SSH::CommandStream exception handling
2018-10-18 22:45:16 -05:00
Tim W
64e257649f
cleanup module
2018-10-18 11:45:59 +08:00
Tim W
290d4428c1
create git mixin
2018-10-18 11:31:31 +08:00
William Vu
6fd53fcb6a
Fix whitespace further
2018-10-17 15:45:02 -05:00
William Vu
1e1950c83d
Prefer keyword args after all
...
SINCE we've been using only the first two params, we're fine!
2018-10-17 15:41:19 -05:00
William Vu
a453760aa4
Add PTY option to Net::SSH::CommandStream
...
This allows us to spawn a PTY for our shell session. Note that this will
write us to {u,w}tmp and lastlog, so use this option with care.
And yes, I did change the API, but up until now, we've been using only
the first two parameters. We should be using keyword args. /shrug
2018-10-17 15:40:13 -05:00
h00die
e78b760678
database host info from post modules
2018-10-17 12:43:05 -04:00
Green-m
ef3b1df647
Fix regular
2018-10-17 18:34:35 +08:00
Green-m
7b1b2198cb
resolve confiict.
2018-10-17 17:33:01 +08:00
Green-m
5df6f11cfc
Enhance regular to match blank before include.
2018-10-17 16:20:10 +08:00
h00die
e8a08c9eeb
review changes
2018-10-16 20:59:42 -04:00
Jacob Robles
786629afc9
Land #10818 , Disable ERB templating for Metasploit::Framework::Compiler::Utils
2018-10-16 14:18:50 -05:00
h00die
32f4e2c9a0
add version and hostname to cisco config parser
2018-10-16 15:02:42 -04:00
Wei Chen
69cd0a5ddc
Disable ERB templating for Metasploit::Framework::Compiler::Utils
2018-10-16 14:02:13 -05:00
Rich Whitcroft
854485a016
add bg command to meterpreter
2018-10-16 14:01:50 +00:00
Patrick
1241041739
[Issue 6100] Add --pad-size option to msfvenom to prepend nopsled given total payload size
2018-10-15 14:46:16 -05:00
Tim W
1e066df7fd
fix debug printing
2018-10-15 17:04:31 +08:00
h00die
f399b59ae4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into cisco_device_manager
2018-10-13 13:31:20 -04:00
h00die
46a3d065ce
fix indentation
2018-10-13 08:54:44 -04:00
Kevin Kirsche
aadefdbc82
Update msfvenom formatter to be case insensitive
2018-10-12 11:11:52 -04:00
Brent Cook
4ae45cb20b
comment around why we do this, make check more explicit
2018-10-12 02:12:30 -05:00
h00die
e8097791fe
remove spaces at eol
2018-10-11 21:46:45 -04:00
h00die
d480a78b91
capture ephone creds
2018-10-11 21:21:53 -04:00
Nate Caroe
14e87bf06f
Baby come back
2018-10-11 11:10:36 -06:00
Nate Caroe
e207c225a2
Remove function entirely
2018-10-11 10:41:43 -06:00
Nate Caroe
5c061c02b9
Remove peer information from the prefix
2018-10-10 16:31:48 -06:00
Brent Cook
3349ecf212
Land #10788 , Clarify "NameError: wrong constant name" message on invalid module name
2018-10-10 15:34:55 -05:00
William Vu
0b8926715e
Reactively check for invalid module names
2018-10-10 14:33:59 -05:00
William Vu
29f36a3921
Add Msf::ModuleLoadError exception
2018-10-10 14:22:40 -05:00
William Vu
1737935dc0
Convert reverse_relative_name to a class method
...
It'll be easier to use this way if someone uses it externally.
2018-10-10 13:21:18 -05:00
Brent Cook
12857a1d93
Land #10784 , Add 'evasion' to search help
2018-10-10 13:02:45 -05:00
Brent Cook
e829c6a838
Land #10786 , Fix 'show evasion' command
2018-10-10 13:01:35 -05:00
Brent Cook
1a0df7ce07
Land #10787 , Remove unused 'unknown' author mapping in author.rb
2018-10-10 13:01:05 -05:00
William Vu
63bcbdc8db
Remove unknown author mapping in author.rb
...
No one was using it and instead writing "Unknown" directly. It was also
producing an invalid e-mail address.
2018-10-10 11:59:01 -05:00
Tim W
fe356dabca
convert payload to dylib
2018-10-10 23:35:20 +08:00
Wei Chen
b103ea256d
Fix #10785 , incorrect implementation of "show evasion" command
...
Fix #10785
2018-10-10 10:20:12 -05:00
Auxilus
a6797f101d
Add 'evasion' to search help
2018-10-10 20:15:47 +05:30
Brent Cook
ba0bfb1114
Land #10781 , Fix error in rpc_shell_read RPC method.
2018-10-10 09:02:47 -05:00
Tim W
4653cbdda1
add macho mixin
2018-10-10 20:27:56 +08:00
Tim W
f2ebdd4cdf
add apple_ios/armle/meterpreter/reverse_tcp
2018-10-10 17:39:51 +08:00
Ivo Nutár
50755b2e00
Fix function rpc_shell_read - return result as string
2018-10-10 11:36:17 +02:00
Ivo Nutár
36b7fb3524
Fix function rpc_shell_read - remove wrong parameter data, return correct values
2018-10-10 11:31:03 +02:00