Commit Graph

13655 Commits (5ec3da843e22b0ec901c4160fd18bcb0282bac94)

Author SHA1 Message Date
Brent Cook 5ec3da843e
Land #9349, GoAhead LD_PRELOAD CGI Module 2018-01-24 17:12:47 -06:00
Brent Cook bb73d2c07e
Land #9431, Fix owa_login to handle inserting credentials for a hostname 2018-01-24 17:12:39 -06:00
William Vu 7da3bdd081
Land #9432, cmd_edit improvements (again!)
We seem to enjoy refactoring this method.
2018-01-24 17:12:20 -06:00
Brent Cook 55c345418d
Land #9438, address cmd_exec inconsistencies 2018-01-24 17:11:40 -06:00
Brent Cook 0916d8402e
fix whitespace patchups for current python meterpreter 2018-01-24 17:08:33 -06:00
Metasploit 898aa82933
Bump version of framework to 4.16.33 2018-01-18 10:05:22 -08:00
William Vu 2916c5ae45 Rescue Rex::Proto::SunRPC::RPCTimeout
Coincidentally, this also fixes the rescue in the library, since
rescuing Timeout instead of Timeout::Error does nothing.
2018-01-12 19:34:59 -06:00
Metasploit 18f16e7c66
Bump version of framework to 4.16.32 2018-01-11 10:03:16 -08:00
William Vu 4b225c30fd
Land #9368, ye olde NIS ypserv map dumper 2018-01-10 22:02:36 -06:00
William Vu 1a8ffed5e3
Land #9369, register_dir{,s}_for_cleanup 2018-01-10 22:02:15 -06:00
William Vu b1cecd4193 Bump TIMEOUT in Msf::Exploit::Remote::SunRPC 2018-01-10 20:36:35 -06:00
William Vu 1c1f3b161e Rescue XDR errors in Msf::Exploit::Remote::SunRPC 2018-01-10 20:11:30 -06:00
Brent Cook cb82015c87
Land #9387, Check exploit stance for array as well as string 2018-01-09 03:52:59 -05:00
William Vu 333d57461a Check exploit stance for array as well as string
An exploit can be both aggressive and passive.
2018-01-08 13:52:04 -06:00
William Vu 461f1c12e6 Fix nil bug(s) by moving arrays to initialize 2018-01-06 02:31:16 -06:00
William Vu 14143c2b90 Fix missed file_dropper_win_path 2018-01-06 01:44:25 -06:00
jgor 51e5fb450f Detect and return on bad VNC negotiations 2018-01-05 10:12:13 -06:00
Wei Chen 9fbddd6474
Land #9374, fix HTML parsing problems for info -d
Land #9374
2018-01-04 16:08:56 -06:00
Matthew Kienow 67e7ea4df9
Fix markdown premature less-than sign escape 2018-01-04 15:51:05 -05:00
Metasploit 3a7a539c84
Bump version of framework to 4.16.31 2018-01-04 12:17:08 -08:00
Jeffrey Martin 78872be2ad
Merge released '4.x' 2018-01-04 14:13:18 -06:00
Metasploit d4de9eef9b
Bump version of framework to 4.16.30 2018-01-04 10:03:21 -08:00
William Vu 50f4ebb3b2 Add register_dirs_for_cleanup to FileDropper 2018-01-04 11:06:32 -06:00
William Vu d7c826b5e8 Add rm_rf to Post::File 2018-01-03 23:14:21 -06:00
Adam Cammack 16fa3b99ef
Land #9350, Improve fake SSL cert details 2018-01-03 15:32:27 -06:00
Brent Cook a444bdb329 handle no datastore 2017-12-29 15:26:28 -06:00
Brent Cook 198aeda2c8 rename option 2017-12-29 12:31:56 -06:00
Brent Cook e546598cf1 Implement a method for command shells to register a post-session cleanup command 2017-12-29 12:14:34 -06:00
RageLtMan c32ef4a3be Require msf/core/cert_provider in framework.rb
Add an explicit require for the new cert_provider in framework.rb
in case it has not yet been loaded.

This should address the Travis failure on initial PR, although the
gem version in socket has not been updated, so this might take a
bit to propagate. In the end, if the dependency already gives us
this functionality by the time we call Rex::Socket::Ssl then this
commit can safely be dropped
2017-12-29 02:14:48 -05:00
RageLtMan 18f3815147 Update TLS certificate generation routines
Msf relies on Rex::Socket to create TLS certificates for services
hosted in the framework and used by some payloads. These certs are
flagged by NIDS - snort sid 1-34864 and such.

Now that Rex::Socket can accept a @@cert_provider from the Msf
namespace, a more robust generation routine can be used by all TLS
socket services, provided down from Msf to Rex, using dependencies
which Rex does not include.

This work adds the faker gem into runtime dependencies, creates an
Msf::Exploit::Remote::Ssl::CertProvider namespace, and provides
API compatible method invocations with the Rex version, but able
to generate higher entropy certs with more variables, options, etc.

This should reduce the hit rate against NIDS on the wire, reducing
pesky blue team interference until we slip up some other way. Also,
with the ability to generate different cert types, we may want to
look at extending this effort to probide a more comprehensive key
oracle to Framework and consumers.

Testing:
  None yet, internal tests pending.
  Travis should fail as this requires rex-socket #8.
2017-12-28 21:00:03 -05:00
Metasploit 7254130b77
Bump version of framework to 4.16.29 2017-12-28 15:19:22 -08:00
Jeffrey Martin 66ca61f636
Merge released '4.x' 2017-12-28 17:15:29 -06:00
Brent Cook c2bb144d0f
Land #9302, Implement ARD auth and add remote CVE-2017-13872 (iamroot) module 2017-12-28 14:11:26 -06:00
Metasploit c681c7881d
Bump version of framework to 4.16.28 2017-12-28 10:03:39 -08:00
Brent Cook 6f1196d30c clarify what's happening when there is a connection failure 2017-12-27 22:32:08 -06:00
Jon Hart bbed7db13c
Merge branch 'upstream-master' into feature/mqtt-login 2017-12-27 13:08:44 -08:00
Jeffrey Martin 8ea50572df
Land #9329, Add basic framework for interacting with MQTT 2017-12-27 14:59:34 -06:00
Tod Beardsley e6de25d63b
Land #9316 Cambium modules and mixins, tx @juushya
These cover several of the CVEs mentioned in

https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/
2017-12-26 12:39:51 -06:00
juushya 8b0f2214b1 few more updates 2017-12-23 03:04:11 +05:30
juushya 038119d9df Use of get_cookies_parsed, changing dirs, marking deprecated in 2 mods, more 2017-12-23 00:14:27 +05:30
Jon Hart d4bc98c13f
Merge branch 'upstream-master' into feature/mqtt-login 2017-12-22 08:07:40 -08:00
William Vu caae33b417
Land #9170, Linux UDF for mysql_udf_payload 2017-12-21 20:48:24 -06:00
Metasploit 909caa0425
Bump version of framework to 4.16.27 2017-12-21 13:27:52 -08:00
Brent Cook 9d8cb8a8d0 Merge branch '4.x' into upstream-master 2017-12-21 15:17:38 -06:00
Metasploit ee2f10efc5
Bump version of framework to 4.16.26 2017-12-21 10:04:38 -08:00
Jon Hart becc05b4f1
Cleaner client_id handling 2017-12-21 06:57:33 -08:00
Jon Hart 157d973194
Merge branch 'feature/mqtt' into feature/mqtt-login 2017-12-20 19:13:34 -08:00
Jon Hart 82bdce683b
Remove to_s 2017-12-20 19:13:12 -08:00
Jon Hart adca42f311
Merge branch 'feature/mqtt' into feature/mqtt-login 2017-12-20 19:11:52 -08:00
Jon Hart b78f1105f7
Add missing port 2017-12-20 19:11:33 -08:00