Commit Graph

379 Commits (5d55600d7dc09286e4a53761ec2bb4e432891105)

Author SHA1 Message Date
Brent Cook a0511c79a4
pull in minor build fixes and filesystem stat implementation from python
This pulls in https://github.com/rapid7/metasploit-payloads/pull/219
and https://github.com/rapid7/metasploit-payloads/pull/195
2017-07-23 22:37:43 -07:00
Brent Cook 3bc0c18e6a Properly handle threads and window destruction, add PID logging
This pulls in https://github.com/rapid7/metasploit-payloads/pull/213
which fixes https://github.com/rapid7/metasploit-framework/issues/8608
and adds PID logging to verbose keyboard capture.
2017-07-23 22:27:42 -07:00
Brent Cook 8444038c62
Add eval alternative to PHP Meterpreter to bypass suhosin
See https://suhosin.org/stories/index.html for more information on this system.
2017-07-23 22:04:09 -07:00
Brent Cook b75530b978 Fix an issue where 'sleep' with Python Meterpreter appears to fail. 2017-07-23 05:38:06 -07:00
Brent Cook 302b66c2d8
add payloads support for OSX with python meterpreter 2017-07-23 05:26:59 -07:00
Brent Cook 072b0dc90b Hide errors in Windows Meterpreter sessions
In Windows Meterpreter sessions, set newly created threads via
SetThreadErrorMode to not display error popups when there are failures.
2017-07-23 05:09:01 -07:00
Brent Cook 1d0db02a64 bump payloads 2017-07-20 09:10:19 -05:00
Brent Cook cc3168933f update mettle payloads, template generator 2017-07-18 13:13:38 -05:00
David Maloney 3ad4ff69b4
try and hard lock rex-powershell version
remove this later when the issues with this gem release are addressed
2017-07-17 15:25:26 -05:00
Christian Mehlmauer 3c7d6c3a6a
fixed some bugs 2017-07-17 10:10:12 +02:00
Christian Mehlmauer 7d6992c0e8
respect windows 2017-07-17 09:58:20 +02:00
Christian Mehlmauer d24e2943ca
update docker stuff 2017-07-10 16:38:10 +02:00
Brendan Coles 6a29b87a4c Add pdf-reader dependency 2017-07-07 11:19:06 +00:00
William Webb 6349026134
Land #8442, Exploit module for Backup Exec Windows Agent UaF 2017-06-28 10:39:28 -05:00
Brent Cook eba8979914 bump payloads 2017-06-27 04:08:15 -05:00
Rob Fuller 2918b3af13
Land #8599, Dynamic DNS updater module 2017-06-25 15:08:22 -05:00
Brent Cook 7a006e0f71 bump payloads 2017-06-23 18:13:52 -05:00
OJ 87cee65a06
Bump payloads to 1.2.35 to include kiwi updates 2017-06-23 13:43:00 +10:00
Brent Cook fda2e8c73d
Land #8523, Add support for session GUIDs 2017-06-22 20:10:10 -05:00
KINGSABRI 5528084e27 add Dnsruby 2017-06-22 15:55:04 -05:00
Brent Cook ebfd920222 document why 2017-06-21 03:13:43 -05:00
Brent Cook 22db17a87a bind ruby-pg back to version 0.20 2017-06-21 03:11:11 -05:00
OJ a3f3dc0a70
Upload payloads/mettle gems, update cache sizes
Updated both the metasploit-payload and metasploit-payload-mettle gems
to the versions that match for the session GUID pull requests. Updated
the payload cached sizes to match the new payloads.
2017-06-09 17:15:52 +10:00
Brent Cook 5f10e63923 bump payloads 2017-06-05 08:43:16 -05:00
Brent Cook 43ac76ee2b
Fix #8464, use pathname when determining where .git is 2017-05-30 08:56:10 -05:00
Brent Cook b05fa9c01e add missing dirname 2017-05-30 08:50:43 -05:00
Brent Cook a01a2ead1a
Land #8467, Samba CVE-2017-7494 Improvements 2017-05-30 00:15:03 -05:00
Brent Cook e31e3fc545 add additional architectures and targets 2017-05-30 00:07:37 -05:00
Brent Cook 1a8f84083c data/gui has not existed in a long time 2017-05-26 22:57:59 -05:00
Brent Cook 0f832fd4d1 skip generating gem file contents if this is not a git checkout 2017-05-26 22:57:59 -05:00
Brent Cook ab6b5f381d msfupdate is no longer a distributed binary, it's a dev tool 2017-05-26 22:57:59 -05:00
Matthew Daley 52363aec13 Add module for CVE-2017-8895, UAF in Backup Exec Windows agent
This module exploits a use-after-free vulnerability in the handling of
SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for
Windows. When SSL is re-established on a NDMP connection that previously
has had SSL established, the BIO struct for the connection's previous
SSL session is reused, even though it has previously been freed.

Successful exploitation will give remote code execution as the user of
the Backup Exec Remote Agent for Windows service, almost always
NT AUTHORITY\SYSTEM.
2017-05-24 00:18:20 +12:00
Brent Cook c59371dd5e add ruby backports compat library 2017-05-17 23:41:20 -05:00
Brent Cook 337db56d4f bump payloads 2017-05-11 14:57:10 -05:00
James Lee fd05cea033
Update packetfu and remove version lock 2017-05-09 11:03:32 -05:00
Zero_Chaos 9295a39c92 update packetfu dep now that 1.1.13 is released
Please use the release instead of the pre-release
2017-05-09 11:18:28 -04:00
Brent Cook 7f1e2e6c71 bump metasploit-payloads 2017-05-08 17:34:55 -05:00
Brent Cook 0bc9d9259d meterpreter bugfixes
fixed stdapi_fs_mount_show to show full mapped drive path for Python
Meterpreter on Windows

Updated the Windows Meterpreter `getprivs` command to list all privileges
2017-05-08 16:26:32 -05:00
Brent Cook 7c11e0065d update mettle 2017-04-26 18:00:50 -05:00
Brent Cook 7613bd8964 bump metasploit-payloads, fix 64-bit builds 2017-04-16 08:52:41 -05:00
Brent Cook fe33fe5571 bump payloads with new keyscan code 2017-04-14 21:54:50 -05:00
Brent Cook 7eaba1fdee bump payloads 2017-04-14 13:17:25 -05:00
Brent Cook eedbf25f06 bump android meterpreter, adding in-app screenshot support 2017-04-14 12:38:53 -05:00
Brent Cook f8a94de671 bump metasploit-payloads, enhance windows support in python meterpreter 2017-04-14 12:28:52 -05:00
Brent Cook 5dd681ead7 we only need xmlrpc for ruby >= 2.3 2017-04-13 17:33:29 -05:00
Brent Cook cdccd1df19 add xmlrpc as an explicit dependency 2017-04-13 07:12:38 -05:00
Jeffrey Martin 157d28ab3d
make metasploit-aggregator a framework package 2017-04-12 12:33:13 -05:00
Jeffrey Martin c845745f0b
remove platform restriction on metasploit-aggregator 2017-04-06 13:09:09 -05:00
David Maloney 2d9c2321d1
add ruby_smb as a dep
added the ruby_smb library to the gemspec

MS-2557
2017-03-28 16:12:12 -05:00
Brent Cook 9542087642 bump mettle to 0.1.8 2017-03-21 16:45:25 -05:00
Brent Cook 2701fef34b bump to metasploit-payloads 1.2.29 2017-03-17 17:34:16 -05:00
Brent Cook 0631bc4c29 bump payloads and such 2017-03-16 23:51:51 -05:00
bwatters-r7 637a9b018d Bump to metasploit-payloads 1.2.17 that has needed code changes 2017-03-15 18:39:21 -05:00
Brent Cook 031285d49a update payloads 2017-02-28 03:04:53 -06:00
bwatters-r7 adcb65c66b Update gemspec file to use metasploit-payloads 1.2.15 per payloads PR#171 2017-02-24 20:15:50 -06:00
James Barnett 2631259919 Land #7973, Enable cert validation for Nexpose
This PR enables connection to a Nexpose console using the
nexpose client gem.

It also allows you to connect using a trusted certificate
instead of simply overriding the SSL validation.
2017-02-24 14:27:24 -06:00
Brent Cook 86c04cd9f4 update metasploit payloads with Python fixes 2017-02-17 18:52:14 -06:00
Brent Cook 40c86567aa import packetfu fix for https://github.com/packetfu/packetfu/pull/163 2017-02-06 15:51:01 -06:00
Jeffrey Martin eeba1e0bb2
first pass of upgrading nexpose gem to latest 2017-01-25 10:16:48 -06:00
bwatters 49da83cf74 Bump metasploit-payloads to 1.2.11 to incorporate changes to metasploit-payloads
PR# 163; timestomp fixes
2017-01-25 09:54:07 -06:00
Brent Cook 2e1d381e2e bump gem 2017-01-24 09:48:40 -06:00
Brent Cook d9602f49a2 bump payloads 2017-01-22 15:45:45 -06:00
Brent Cook 6a2d036ea8 depend on regular rb-readline, bugs fixed upstream 2017-01-22 10:20:05 -06:00
Brent Cook 28211c3b73 bump payloads 2017-01-22 10:02:41 -06:00
Brent Cook f11cf92040 bump mettle gem to include pivoting support 2017-01-10 16:43:49 -06:00
Brent Cook cd950e91a9 bump payloads gem 2016-12-29 15:59:07 -06:00
William Webb 5702bd6745
Land #7674, Move migration stub generation code into msf 2016-12-22 17:53:00 -06:00
William Webb ea704211ca incorporate payload stub generation changes 2016-12-22 17:50:43 -06:00
Brent Cook 50f95f9940
Land #7681, Get ready for stageless mettle 2016-12-09 09:31:47 -06:00
Brent Cook 6dcdf74850 bump mettle gem 2016-12-09 09:27:56 -06:00
Adam Cammack eeef8fa6ad
Add new arches to UUIDs 2016-12-08 16:29:43 -06:00
OJ fc1d601d13
Bump the payloads version to 1.2.4 2016-12-07 14:57:05 +10:00
Brent Cook 7346223a65
update payloads 2016-12-06 07:16:44 -06:00
Brent Cook d7dce28018 bump mettle to get fix for UUID encoding 2016-11-21 00:57:50 -06:00
Brent Cook 05cb5edaac update payload gems 2016-11-20 19:10:27 -06:00
Brent Cook f313389be4 Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch 2016-11-20 19:08:56 -06:00
Brent Cook fafc749447 update metasploit payloads 2016-11-14 16:51:38 -06:00
Brent Cook 422ff57335 update metasploit-payloads 2016-11-14 02:53:18 -06:00
OJ 57eabda5dc
Merge upstream/master 2016-10-29 13:54:31 +10:00
OJ 052045c101
Update rex-arch gem to 0.1.2 2016-10-29 06:40:18 +10:00
Brent Cook 1a1841d441 rebuilt metasploit-payloads without debug info 2016-10-26 05:43:36 -05:00
Brent Cook 672e275877 update gems 2016-10-23 16:43:02 -05:00
Pearce Barry 43fd0a8813
Land #7436, Put Rex-exploitation Gem Back 2016-10-18 16:03:54 -05:00
Brent Cook c5faffddbd
bump gems 2016-10-17 04:48:12 -05:00
Brent Cook 741c4b8916 updated android payload gem, removed unused extension jar 2016-10-14 09:59:06 -05:00
Brent Cook aa748ecc83 update to working mettle gem 0.0.8 2016-10-11 21:12:00 -05:00
David Maloney 7894d5b2c1 Revert "Revert "use the new rex-exploitation gem""
This reverts commit f3166070ba.
2016-10-11 17:40:43 -05:00
Brent Cook 8f8a54bf8c update to really-working payloads 1.1.21 2016-10-11 07:00:01 -05:00
Brent Cook deaa4047df bump payloads (and sqlite too) 2016-10-10 23:58:19 -05:00
Brent Cook f3166070ba
Revert "use the new rex-exploitation gem"
This reverts commit 52f6265d2e.
2016-10-08 21:55:16 -05:00
David Maloney 52f6265d2e use the new rex-exploitation gem
use the new rex-exploitation gem instead of the packaged in lbirary code
cleans up a huge ammount of space in framework

MS-1709
2016-10-05 09:05:27 -05:00
Brent Cook 55d267730e
bump metasploit-payloads 2016-10-04 07:16:39 -05:00
Jeffrey Martin a457f64e2a
update to latest release payload gem 2016-09-28 16:14:29 -05:00
Brent Cook 8f9be92b1b update to latest metasploit-payloads 2016-09-27 11:06:34 -05:00
David Maloney 7e10b5c482
use new rex-encoder gem
remove all the encoidng lbiraries and use the new gem
rex-encoder that contains them now.

MS-1708
2016-09-14 12:07:26 -05:00
David Maloney fd3b885d83
replace msfrop with the rex-rop_builder gem
moved all of this code into the new gem

MS-1722
2016-09-12 16:06:53 -05:00
Pearce Barry 4495b27e67
Land #7254, Rex::SSLScan Gemification 2016-09-08 13:20:56 -05:00
David Maloney 1b9c37ff78
Merge branch 'master' into feature/MS-1711/rex-nop 2016-09-08 10:48:07 -05:00
Brendan a30711ddcd
Land #7279, Use the rubyntlm gem (again) 2016-09-07 16:33:35 -05:00
David Maloney cd90ff7c24 pull in rex-socket gem
pull rex-socket gem in as a dep

MS-1715
2016-09-07 11:38:26 -05:00
David Maloney 1a913da08c pull in rex-core as a dep 2016-09-07 11:38:26 -05:00
Pearce Barry 9d5a276e91
Fix recent metasploit-framework.gemspec conflict. 2016-09-06 13:10:28 -05:00
David Maloney 881effbae9
use the new rex-nop gem
transfer the opty2 library to rex-nop

MS-1711
2016-09-06 11:27:06 -05:00
dmohanty-r7 e36cfa54b1
Use rex-mime gem
MS-1710
2016-09-01 11:38:07 -05:00
Pearce Barry bd71df55c3
Merge branch 'nessus-bridge-gem' of git://github.com/kost/metasploit-framework into kost-nessus-bridge-gem
Also fix minor merge conflict.
2016-08-30 17:25:46 -05:00
David Maloney 029a28c95b
use the new rex-sslscan gem
remove old integerated code and replace it
with the gem. done.

MS-1693
2016-08-30 10:43:47 -05:00
David Maloney 45ab061a88
pull in rex-socket gem
pull rex-socket gem in as a dep

MS-1715
2016-08-26 14:12:16 -05:00
David Maloney fed1016430
pull in rex-core as a dep 2016-08-26 14:00:13 -05:00
dmohanty-r7 4478136065 Unvendor openvas-omp gem
MS-1718
2016-08-19 15:14:32 -05:00
David Maloney 42b1ced4fb
remove *scan from gemspec bins
update the gemspec so that it doesn't try to build binstubs
for the *scan bins

MS-1691
2016-08-16 09:33:09 -05:00
David Maloney d2a6c2e9ca
move rex bintools into new gem
move all the *scan *parsey code out into
the new rex-bin_tools gem

MS-1691
2016-08-15 14:01:43 -05:00
Vlatko Kosturjak 46e4ee4c5b Start using gem instead of obsolete library/tool
Rationale is following:
nessus-cli is obsolete
nessus is using json rest api instead of xmlrpc
xmlrpc name is therefore obsolete

Solution: with minimal changes start using nessus_rest gem.
2016-08-14 17:57:33 +02:00
Pearce Barry bdf073516b
Switch errors over to windows_error gem... 2016-07-27 17:43:00 -05:00
Brent Cook 288b39e37f update to mettle 0.0.6 2016-07-27 08:59:21 -05:00
Pearce Barry 1b6bd927d0 Rex::OLE is now rex-ole gem, fixes MS-1712 2016-07-25 14:05:48 -05:00
dmohanty-r7 01f08da345
Use rex-arch gem
MS-1703
2016-07-20 16:42:41 -05:00
James Lee ff63e6e05a
Land #7018, unvendor net-ssh 2016-07-19 17:06:35 -05:00
David Maloney 20d7e9a7a7
remove old struct2 code in favour of gem
use the new rex-struct2 gem and remove the code form it's old location

MS-1782
2016-07-15 16:01:21 -05:00
David Maloney 01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-14 09:48:28 -05:00
Brent Cook ea94e9752a
bump to metasploit-payloads 1.1.13
Includes these PRs:
  https://github.com/rapid7/metasploit-payloads/pull/106
  https://github.com/rapid7/metasploit-payloads/pull/104
  https://github.com/rapid7/metasploit-payloads/pull/103
2016-07-13 00:50:09 -05:00
Pearce Barry 7b1d9596c7
Land #7068, Introduce 'mettle' - new POSIX meterpreter 2016-07-11 22:38:40 -05:00
James Lee cfb56211e7
Revert "Revert "Land #7009, egypt's rubyntlm cleanup""
This reverts commit 1164c025a2.
2016-07-07 15:00:41 -05:00
James Lee 1164c025a2 Revert "Land #7009, egypt's rubyntlm cleanup"
This reverts commit d90f0779f8, reversing
changes made to e3e360cc83.
2016-07-05 15:22:44 -05:00
Adam Cammack 2f3f655352 Add gem for mettle
This adds the gem for the mettle binaries, which contains reflective
payloads for a variety of Linux architectures (and more OSs in the
future)
2016-07-05 11:24:54 -05:00
David Maloney 8b430826c6
merge screwed up gesmepc
add net-ssh back into the gemspec
2016-07-05 11:08:57 -05:00
William Vu f0cd25dcee
Land #7035, lib/sshkey* swap to gem 2016-06-30 16:25:27 -05:00
Brent Cook d6c7ac51d6 Fix interactive shell with Windows Meterpreter
see https://github.com/rapid7/metasploit-payloads/pull/105
2016-06-30 15:34:40 -05:00
David Maloney 80563b2c0f
Merge branch 'master' into feature/MS-1700/sshkey-gem 2016-06-29 09:44:57 -05:00
David Maloney 2dba09a9ce
unvendor sshkey gem
use the actual maintained gem rather than our vendored
copy

MS-1700
2016-06-28 16:10:48 -05:00
David Maloney dcddd2d671
use the bit-struct gem
removed vendored copy of bit-struct and use the gem
instead

MS-1699
2016-06-28 15:58:47 -05:00
David Maloney 0a83b34a85
Land #7025, dev's PR for rex-java
lands the pr for moving Rex::Java into it's own gem
2016-06-28 14:40:02 -05:00
David Maloney 97f9ca4028
Merge branch 'master' into egypt/ruby-ntlm 2016-06-28 14:14:56 -05:00
dmohanty-r7 c2f3d411c3
Replace rex/java with rex-java gem 2016-06-27 14:52:49 -05:00
James Lee c2a063c8ae
Start using rubyntlm for ssp auth 2016-06-22 10:15:16 -05:00
David Maloney 69e2d05a5d
rip out old rex code and replace with gems
rex-text, rex-random_identifier, rex-powershell, rex-zip, and rex-registry
are now being pulled in as gems instead of part of the spgehtti code that is lib/rex
2016-06-21 13:56:36 -05:00
darkbushido 771171cbe1
adding tzinfo-data to the gemspec
this should fix windows.
2016-05-17 11:40:25 -05:00
Brent Cook 307e565859
Land rapid7/metasploit-payloads#98, Fix python meterpreter reverse_tcp reconnect. 2016-05-13 22:59:52 -05:00
David Maloney fd543f13af
fix deps 2016-05-13 13:34:18 -05:00
David Maloney 19af279ce9
Merge branch 'master' into staging/rails-upgrade 2016-05-05 10:46:12 -05:00
Brent Cook 94c8b51a54 bump payloads gem 2016-05-04 10:56:41 -05:00
David Maloney fb5b228984
Merge branch 'master' into staging/rails-upgrade 2016-05-02 11:33:35 -05:00
wchen-r7 aa707fd63b Update gem metasploit-payloads to 1.1.8 2016-04-27 15:25:01 -05:00
David Maloney c52f3dcb0e
update to rails 4.2.6
fix lost dep unlocks and upgrade rails to 4.2.6

MS-1400
2016-04-15 11:45:43 -05:00
William Vu 22d08fdf39 Revert #6748, premature Gemfile* changes 2016-04-06 14:52:22 -05:00
David Maloney c3452ab982
unlock gemspec deps
unlock version constraints on deps
defined inside the gemspec

MS-1330
2016-04-04 15:31:09 -05:00
David Maloney 8de58e4b80
Merge branch 'master' into staging/rails-upgrade 2016-04-04 09:30:01 -05:00
Brent Cook 627615d47b update to payloads 1.1.6 2016-04-01 21:30:34 -05:00
OJ 6c602dae90 Bump payloads to 1.1.5 2016-03-31 14:03:59 +10:00
wchen-r7 bc48ebd43b Use patch_finder for msu_finder 2016-03-29 23:21:01 -05:00
Brent Cook b8d53dde4a Merge branch 'upstream-master' into staging/rails-upgrade 2016-03-29 15:56:50 -05:00