Commit Graph

512 Commits (5c447a6b13de331c8d1066d21f506fbbfbcc179c)

Author SHA1 Message Date
Tim Wright 3955c4332d fix android autoload commands and sysinfo 2016-08-22 14:53:58 +01:00
Brent Cook e70402a130 use the platform string verbatim on windows meterpreter 2016-08-15 23:50:57 -05:00
David Maloney 09ad342b67
Merge branch 'master' into feature/MS-1875/rex-table 2016-08-10 15:58:27 -05:00
Brent Cook 1cb01ee876 remove architecture fidling from platform string for now 2016-08-10 14:46:48 -05:00
David Maloney eb73a6914d
replace old rex::ui::text::table refs
everywhere we called the class we have now rewritten it
to use the new namespace

MS-1875
2016-08-10 13:30:09 -05:00
Pearce Barry ae59c4ae74
Land #6687, Fix meterpreter platform to include OS in the tuple for all meterpreters 2016-08-07 05:00:24 -05:00
Brent Cook 049b322ae4 add x86 and x64 stagers for mettle 2016-07-05 11:24:54 -05:00
Adam Cammack 0390ed4d6e Add MIPS O32 Linux support (big and little endian) 2016-07-05 11:24:54 -05:00
Adam Cammack 8de508c4e0 Add mettle module for ARM 2016-07-05 11:24:54 -05:00
Pearce Barry 0660880332 Ensure 'show options' reflects correct values.
Small fix here to ensure that, even when boolean 'option' variables have a default value of 'true', that their current value is correctly reflected via the 'show options' command.  This change should play fine with all other option variable types, I believe.

Current behavior:

```
msf > use auxiliary/gather/darkcomet_filedownloader
msf auxiliary(darkcomet_filedownloader) > show options

Module options (auxiliary/gather/darkcomet_filedownloader):

   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   BRUTETIMEOUT  1                no        Timeout (in seconds) for bruteforce attempts
   KEY                            no        DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)
   LHOST         0.0.0.0          yes       This is our IP (as it appears to the DarkComet C2 server)
   NEWVERSION    true             no        Set to true if DarkComet version >= 5.1, set to false if version < 5.1
   RHOST         0.0.0.0          yes       The target address
   RPORT         1604             yes       The target port
   STORE_LOOT    true             no        Store file in loot (will simply output file to console if set to false).
   TARGETFILE                     no        Target file to download (assumes password is set)

msf auxiliary(darkcomet_filedownloader) > set STORE_LOOT false
STORE_LOOT => false
msf auxiliary(darkcomet_filedownloader) > get STORE_LOOT
STORE_LOOT => false
msf auxiliary(darkcomet_filedownloader) > set NEW_VERSION false
NEW_VERSION => false
msf auxiliary(darkcomet_filedownloader) > get NEW_VERSION
NEW_VERSION => false
msf auxiliary(darkcomet_filedownloader) > show options

Module options (auxiliary/gather/darkcomet_filedownloader):

   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   BRUTETIMEOUT  1                no        Timeout (in seconds) for bruteforce attempts
   KEY                            no        DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)
   LHOST         0.0.0.0          yes       This is our IP (as it appears to the DarkComet C2 server)
   NEWVERSION    true             no        Set to true if DarkComet version >= 5.1, set to false if version < 5.1
   RHOST         0.0.0.0          yes       The target address
   RPORT         1604             yes       The target port
   STORE_LOOT    true             no        Store file in loot (will simply output file to console if set to false).
   TARGETFILE                     no        Target file to download (assumes password is set)
```

New behavior with this change:

```
msf > use auxiliary/gather/darkcomet_filedownloader
msf auxiliary(darkcomet_filedownloader) > show options

Module options (auxiliary/gather/darkcomet_filedownloader):

   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   BRUTETIMEOUT  1                no        Timeout (in seconds) for bruteforce attempts
   KEY                            no        DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)
   LHOST         0.0.0.0          yes       This is our IP (as it appears to the DarkComet C2 server)
   NEWVERSION    true             no        Set to true if DarkComet version >= 5.1, set to false if version < 5.1
   RHOST         0.0.0.0          yes       The target address
   RPORT         1604             yes       The target port
   STORE_LOOT    true             no        Store file in loot (will simply output file to console if set to false).
   TARGETFILE                     no        Target file to download (assumes password is set)

msf auxiliary(darkcomet_filedownloader) > set STORE_LOOT false
STORE_LOOT => false
msf auxiliary(darkcomet_filedownloader) > get STORE_LOOT
STORE_LOOT => false
msf auxiliary(darkcomet_filedownloader) > set NEWVERSION false
NEWVERSION => false
msf auxiliary(darkcomet_filedownloader) > get NEWVERSION
NEWVERSION => false
msf auxiliary(darkcomet_filedownloader) > show options

Module options (auxiliary/gather/darkcomet_filedownloader):

   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   BRUTETIMEOUT  1                no        Timeout (in seconds) for bruteforce attempts
   KEY                            no        DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)
   LHOST         0.0.0.0          yes       This is our IP (as it appears to the DarkComet C2 server)
   NEWVERSION    false            no        Set to true if DarkComet version >= 5.1, set to false if version < 5.1
   RHOST         0.0.0.0          yes       The target address
   RPORT         1604             yes       The target port
   STORE_LOOT    false            no        Store file in loot (will simply output file to console if set to false).
   TARGETFILE                     no        Target file to download (assumes password is set)
```
2016-06-28 13:12:34 -05:00
David Maloney 69e2d05a5d
rip out old rex code and replace with gems
rex-text, rex-random_identifier, rex-powershell, rex-zip, and rex-registry
are now being pulled in as gems instead of part of the spgehtti code that is lib/rex
2016-06-21 13:56:36 -05:00
Brent Cook da532ecc5e
Land #6919, Move LURI into a full URI for a new 'Payload opts" column in jobs output 2016-06-03 13:57:47 -05:00
David Maloney a27d10c200
fixes the exception handling in #exploit_simple
The exception handling in the #exploit_simple method tries to set
error on exploit but exploit is defined within the begin block
causing a noMethodError on nilClass

MS-1608
2016-05-31 11:46:05 -05:00
James Lee f7382f5b3b
Make `jobs` display a full uri
Addresses the problem of LURI taking the place of URIPATH, which has
different semantics.

See #4623
2016-05-27 11:15:12 -05:00
Brent Cook 7b1148c438 disambiguate NetBSD/OpenBSD 2016-05-09 05:11:47 -05:00
Brent Cook bbe35ac21a match solaris uname 2016-05-09 05:06:59 -05:00
Brent Cook 1a97042a0d include running CPU architecture in platform string 2016-05-09 05:06:37 -05:00
Brent Cook f466464e80 set a recommended number of threads per session type 2016-05-08 22:39:41 -05:00
Brent Cook 9268f66540 auto-set the meterpreter platform based on the sysinfo os 2016-05-08 22:39:41 -05:00
join-us c1a64b1f6f fix: issues/6803 - info command references bug 2016-04-22 15:14:35 +08:00
Brent Cook 57ab974737 File.exists? must die 2016-04-21 00:47:07 -04:00
Louis Sato 6b3326eab2
Land #6707, support for LURI handler 2016-04-20 16:26:07 -05:00
Christian Mehlmauer 3b280d45a4
fix some yardoc issues 2016-04-18 21:00:21 +02:00
Brent Cook 4c0a53a809 replace 'and' with '&&' 2016-04-18 08:26:02 -05:00
Rory McNamara 63e478c826 fix sessions -l bug 2016-04-18 08:21:50 -05:00
Rory McNamara 7e708e3159 sessions LURI display 2016-04-18 08:13:10 -05:00
Rory McNamara d2d36ca043 java handler, better default, jobs -v 2016-04-18 08:13:10 -05:00
James Lee 8cc1d2ec89
Make advanced and evasion options readable 2016-04-05 15:05:58 -05:00
Till Maas 7f002128ad Rectify MSF_CFGROOT_CONFIG comment
Also remove reference to feature request that does not seem to be
available anymore.
2016-03-23 22:23:30 +01:00
James Lee 1375600780
Land #6644, datastore validation on assignment 2016-03-17 11:16:12 -05:00
David Maloney 88697a5d3f
Merge branch 'master' into staging/rails-upgrade 2016-03-08 15:22:04 -06:00
Brent Cook 85acfabfca remove various library workarounds for the datastore not preserving types 2016-03-05 23:10:57 -06:00
Gregory Mikeska cbc5b296e4
implement engines method locally instead of adding refinement 2016-02-25 11:05:17 -06:00
Brent Cook d316609fef put extra columns under the -x flag 2016-02-18 15:36:43 -06:00
OJ 7b4f3f8148 Remove -vv, restore -v and add -ci 2016-01-29 11:52:21 +10:00
OJ 69d9ff7958 Add an extended mode to the session list 2016-01-25 22:36:13 +10:00
Brent Cook eb0b66a4cf
Land #6390, report exceptions on bind/listen failure 2016-01-06 21:44:06 -06:00
Brent Cook bcd1a6d45e make JSON key format a little more standard, emit options 2015-12-30 16:00:09 -06:00
Chris Doughty 2a0ae144df Fixup rubocop warnings for cleanup purposes 2015-12-30 14:33:02 -06:00
Chris Doughty 29ea553e03 Adding a json formatting option to the info command 2015-12-29 13:57:35 -06:00
wchen-r7 a16a10aaf6 Fix #6371, being able to report an exception in #job_run_proc
Fix #6371

When a browser fails to bind (probably due to an invalid port or
server IP), the module actually fails to report this exception from
exception, the method calls exploit.handle_exception(e). But since
handle_exception is not a valid method for that object, it is unable
to do so, and as a result the module fails to properly terminate
the module, or show any error on the console. For the user, this will
make it look like the module has started, the payload listener is up,
but there is no exploit job.

Rex::BindFailed actually isn't the only error that could be raised
by #job_run_proc. As far as I can tell registering the same resource
again could, too. With this patch, the user should be able to see this
error too.

Since the exploit object does not have access to the methods in
Msf::Simple::Exploit, plus there is no other code using
handle_exception and setup_fail_detail_from_exception, I decided
to move these to lib/msf/core/exploit.rb so they are actually
callable.
2015-12-22 16:35:29 -06:00
OJ 87507e19a9 Change job view to show bind port if applicable 2015-11-26 16:18:00 +10:00
bigendian smalls 43dbdcea76
Removed process_autoruns from mainframe_shell
Removed process_autoruns until we can write a fully compatible one or
fully regression test the existing.  Likely the former because of
encoding issues
2015-10-26 14:55:40 -05:00
William Vu bbc1e43149 Remove raise, since it broke things
Need to pass through silently.
2015-10-26 14:45:21 -05:00
William Vu 43eae0b97f Clean up Msf::Sessions::MainframeShell 2015-10-26 12:15:45 -05:00
bigendian smalls d53be873dc Updating master to metasploit/master 2015-10-26 09:24:24 -05:00
James Lee 71b8c97f0e
Always print PAYLOAD and LPORT in 'jobs' 2015-10-24 14:48:03 -05:00
bigendian smalls bef7562823
Fixed Typo 2015-10-09 06:39:02 -05:00
bigendian smalls 6549f48d4e
Added new class MainframeShell for mainframe(z/os)
This class is built upon and overrides certain methods in the generic
CommandShell class.  Primarily it is here to control when and if bytes
sent to/from mainframe (z/os) targets get encoded/decoded from cp1047
(ebcdic<->ascii).  This would be the default shell for upcoming
mainframe based payloads.
2015-10-08 17:11:31 -05:00
jvazquez-r7 c967b60bf8
Land #5948, @bcook-r7's fix shell_to_meterpreter from powershell 2015-10-02 15:59:43 -05:00