Updated pattern_create.rb to be more consistent other tools and modules in Metasploit. Provided a usage example for undocumented custom set feature that allows removal of bad characters.
Usage: ./pattern_create.rb [options]
Example: ./pattern_create.rb -l 50 -s ABC,def,123
Ad1Ad2Ad3Ae1Ae2Ae3Af1Af2Af3Bd1Bd2Bd3Be1Be2Be3Bf1Bf
Specific options:
-l, --length <length> The length of the pattern
-s, --sets <ABC,def,123> Custom Pattern Sets
-h, --help Show this message
On Stock Kali 2.0 (after apt-get upgrade), the following command errors ./egghunter.rb --list-formats. Adding the require 'msfenv' to the file alleviates the issue.
root@kali:/usr/share/metasploit-framework/tools/exploit# ./egghunter.rb --list-formats
/usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require': cannot load such file -- rkelly (LoadError)
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/share/metasploit-framework/lib/rex/proto/http/response.rb:5:in `<top (required)>'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/share/metasploit-framework/lib/rex/proto/http.rb:4:in `<top (required)>'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/share/metasploit-framework/lib/rex/proto.rb:2:in `<top (required)>'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/share/metasploit-framework/lib/rex.rb:79:in `<top (required)>'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/share/metasploit-framework/lib/msf/core.rb:17:in `<top (required)>'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/share/metasploit-framework/lib/msf/base.rb:17:in `<top (required)>'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from ./egghunter.rb:9:in `<main>'
If you do patch test/analysis/diffing, you might find this tool
handy. This tool will automatically extract all the *.msu files,
and then you can search for the patched files you're looking for
quickly.
The workflow would be something like this:
1. You download the patches from:
http://mybulletins.technet.microsoft.com/BulletinPages/Dashboard
2. You put all the *.msu files in one directory.
3. Run this tool: extract_msu.bat [path to *.msu files]
4. The tool should extract the updates. After it's done, you can
use Windows to search for the file(s) you're looking for.
Calling .new on payload modules does not perform parameter validation, leading
to a number cached sizes based on invalid parameters. Most notably,
normalization does not occur either, which makes all OptBool params default to
true.
msfcli is no longer supported, please use msfconsole.
Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
This merely makes it easy and fun to import all developer keys used over
the past year to your local GPG keychain. This will make the task of
reviewing merge commits for signedness much easier, especially if you
use a nicelog alias such as this one:
https://github.com/todb-r7/junkdrawer/blob/master/dotfiles/git-repos/gitconfig#L40
This does not handle automating checking for signatures as part of
Travis-CI -- for that, see PR #5337, a work in progress.