Brendan Coles
ea47b6de04
Add writable? method to Msf::Post::File - Fix #10644
2018-09-15 06:29:24 +00:00
Brendan Coles
d49d7a1214
Land #10638 , Warn when listing inactive sessions without DB connection
...
Replaces confusing message and stack trace with a warning message,
when the `sessions -d` command is used to list inactive sessions
when no database is connected.
2018-09-15 05:36:37 +00:00
Erin Bleiweiss
6fae6065d6
Upcase all the things
2018-09-14 16:05:43 -05:00
Erin Bleiweiss
e590b7c01f
Consolidate notes reference in erb templates
2018-09-14 12:08:22 -05:00
Erin Bleiweiss
184d1d5954
Leave notes type as a plain hash
2018-09-14 11:17:37 -05:00
Kent 'picat' Gruber
c71078a381
use max instead of sort_by { |p| p.size }.last
...
`sort_by { |p| p.size }.last` is less readable compared to just using the `max` method
I believe this does basicall the exact same thing, ontop of being much faster in my micro benchmark.
The old method was, something like, 8 times slower.
2018-09-14 11:19:16 -04:00
Kent 'picat' Gruber
2dcfdcbdc4
remove redundant hash merge
...
https://github.com/JuanitoFatas/fast-ruby#hashmerge-vs-hash-code
2018-09-14 11:04:39 -04:00
Kent 'picat' Gruber
ed338bbeec
use tr instead of gsub
...
https://github.com/rails/rails/pull/17257
https://github.com/JuanitoFatas/fast-ruby#stringgsub-vs-stringtr-code
2018-09-14 10:51:51 -04:00
William Vu
4a759fd048
Refactor cmd_shell and add cmd_shell_{help,tabs}
2018-09-13 19:44:24 -05:00
William Vu
cfbd259e80
Merge remote-tracking branch 'upstream/master' into pr/10389
2018-09-13 16:08:07 -05:00
Adam Cammack
7c6c621a8f
Remember to assign `self.prompt` in shell.rb
...
Not everything updates the prompt all the time, make them feel welcome.
2018-09-13 15:51:07 -05:00
Matthew Kienow
c2230f98d5
Warn user about inactive sessions without DB
2018-09-13 15:13:41 -04:00
Matthew Kienow
6a6d92abc1
Check DB is active before querying sessions
2018-09-13 15:06:53 -04:00
William Vu
b3e9856851
Revert doc changes to exploit.rb autofilter
...
I think the changes might have been accidental.
3cf4329335
2018-09-13 13:27:52 -05:00
h00die
8025a49c44
Land #10633 fix for solaris pidof for more versions
2018-09-13 13:10:28 -04:00
Adam Cammack
175dec7ade
Print help when `repeat` is run with no commands
2018-09-13 11:27:05 -05:00
Adam Cammack
04cc7843a4
Typo fixes
2018-09-13 11:19:13 -05:00
Brendan Coles
53a326c743
Cleanup is_root? method for Linux::Priv / Solaris::Priv
2018-09-13 08:54:31 +00:00
Brendan Coles
bba818a323
Fix Msf::Post::Solaris::System pidof method
2018-09-13 08:29:56 +00:00
William Vu
68a51da27b
Land #10477 , console prompt fixes and refactor
2018-09-12 18:00:48 -05:00
OJ
84e87b10af
Update warning message when loading mimikatz on new OSes
2018-09-13 08:31:08 +10:00
William Vu
b70960bddb
Land #10619 , mimikatz/kiwi warning per OS version
2018-09-12 17:11:11 -05:00
Tim W
5c65f23847
add chmod tab completion
2018-09-12 19:04:51 +08:00
Adam Cammack
d017f420bf
Fix missing exception capture
2018-09-11 17:58:41 -05:00
OJ
e2c6748759
Replace 'and' with '&&'
2018-09-12 08:27:27 +10:00
Adam Cammack
8fa71ade44
Add `repeat` command to loop msfconsole commands
2018-09-11 17:25:33 -05:00
Adam Cammack
de0f0a97fb
Add mode to Shell#run_single to re-raise errors
2018-09-11 17:23:56 -05:00
Adam Cammack
da25391426
Relocate option parsing error handling up a level
2018-09-11 17:22:05 -05:00
Adam Cammack
74ae89ac96
Minor fixups for `grep`
...
Use Shellwords to join words that have been shellsplit and will be
shellsplit again, and correctly reference a missing command name.
2018-09-11 17:20:34 -05:00
h00die
a7105b45a6
add gcc path for solaris
2018-09-11 05:18:26 -04:00
William Vu
117121b058
Land #10617 , sessions -x fix for when LURI is used
2018-09-11 03:00:34 -05:00
Brendan Coles
7c1ae843b1
Fix Msf::Post::Solaris::Kernel class name
2018-09-11 07:15:19 +00:00
OJ
8d6fcefccc
Fix crash when using sessions -x
2018-09-11 13:28:33 +10:00
Brent Cook
a3d74d926c
Land #9897 , Fix #8404 ListenerComm Support For Exploit::Remote::TcpServer
2018-09-10 16:25:55 -05:00
Brent Cook
ea2fcb6fc4
Land #10593 , Refactor SSH mixins and update modules
2018-09-10 15:38:53 -05:00
Brent Cook
55ae02ba4e
DRY up doc generator
2018-09-07 11:47:29 -05:00
Erin Bleiweiss
1eb703b1b5
Refactor initialization of module's notes attribute
2018-09-06 16:15:52 -05:00
Erin Bleiweiss
b7ee406203
Use a 'reduce' to transform notes
2018-09-06 15:50:23 -05:00
Erin Bleiweiss
876240d18c
Condense note transformation inside mod_meta_common
2018-09-06 15:48:22 -05:00
Brent Cook
dd476066cf
Land #10584 , fix session upgrade HANDLE_TIMEOUT and upgrading osx shells
2018-09-06 05:52:40 -05:00
William Vu
35fb0d19ab
Refactor SSH mixins and update modules
2018-09-05 23:53:11 -05:00
William Vu
e2428b5c20
Fix target DisableNops not being passed to payload
2018-09-05 18:07:54 -05:00
Wei Chen
1f16052988
Make key random and fix RPC
2018-09-05 15:09:47 -05:00
OJ
635d92901f
Add warning for mimikatz and kiwi if OS versions are wrong
2018-09-05 09:34:34 +10:00
Tim W
c38a7e97fd
fix session.type for osx shells
2018-09-04 22:59:03 +08:00
Wei Chen
a3df5bb5d9
Fix rpc_info
2018-09-04 08:35:39 -05:00
Jacob Robles
0a2b0f8cec
Remove trailing comma
...
Fix issue causes target.ret to be an array
2018-09-04 07:43:43 -05:00
Wei Chen
d89b971d83
Add API doc for rpc_compatible_evasion_payloads
2018-09-03 22:25:51 -05:00
Wei Chen
e9c4698291
Support RPC
2018-09-03 22:15:23 -05:00
Tim W
d5e78ab66f
Land #10437 , sync some linux local libraries to solaris
2018-09-03 22:46:50 +08:00
Matthew Kienow
34f87efb2b
Land #10532 , enhance db_connect for data services
2018-09-03 09:43:34 -04:00
James Barnett
1c8a2f3ee1
Raise an error when http service fails to connect
...
Also fix a bug where failed Postgres connections werent being raised
2018-09-02 15:51:13 -05:00
Tim W
c4ebf7b4f3
add meterpreter chmod command
2018-09-01 23:52:31 +08:00
stefano118
1ddd22d073
bug fix and improvements
2018-09-01 03:17:18 +02:00
stefano118
6c1a83d464
refactor: snake case
2018-09-01 03:17:17 +02:00
stefano118
27d7d17deb
refactor: beautify stub
...
refactor: beautify stub
refactor: beautify stub
refactor: beautify stub
2018-09-01 03:17:16 +02:00
James Barnett
b4c731d4ca
Check name validity at a higher level
2018-08-31 18:16:32 -05:00
Erin Bleiweiss
5c7f59e2f9
Remove AKA formatters from references
2018-08-31 16:54:16 -05:00
Erin Bleiweiss
420041f287
Don't refer to AKA as 'alias' in order to not overlap nomenclature with upcoming 'alias' feature
2018-08-31 16:54:07 -05:00
Erin Bleiweiss
e5106b54db
Add AKA info to module info
2018-08-31 16:52:26 -05:00
Erin Bleiweiss
e10d9c5d67
Update module search to search aka names
2018-08-31 16:52:17 -05:00
Erin Bleiweiss
3f9e19c6af
Restructure Notes into NotesContainer object
2018-08-31 16:51:59 -05:00
Erin Bleiweiss
f61ed95ebe
Add default value for notes
2018-08-31 16:50:23 -05:00
Erin Bleiweiss
3c115f1bfc
Update json parsing rules for external modules
2018-08-31 16:48:56 -05:00
James Barnett
084607b955
Set current_data_service when disconnecting from http
2018-08-31 16:48:33 -05:00
Erin Bleiweiss
659e4f2b34
Build json correctly for new notes field
2018-08-31 16:47:00 -05:00
James Barnett
185fe56e82
Add message when connecting via yaml
2018-08-31 16:13:17 -05:00
James Barnett
a413b27e57
Fix bug connecting to https servers
2018-08-31 15:49:29 -05:00
Wei Chen
b976ccd3fe
Fix typos
2018-08-31 14:53:52 -05:00
Wei Chen
bcaa6e90f6
Fix targeting
2018-08-31 13:37:23 -05:00
James Barnett
1e6f19e1de
Update db_save message when no valid service connected
...
Also add the current data service name to db_status
2018-08-31 12:54:08 -05:00
Wei Chen
f296c204cb
Add some comments
2018-08-31 11:55:50 -05:00
Wei Chen
5c6b33bcf4
Add support for evasion targets, also module doc
2018-08-31 11:45:29 -05:00
James Barnett
bc4a0345dc
Fix bug preventing yaml connections
2018-08-31 11:26:08 -05:00
OJ
41b0dc1dfe
Update label for the kiwi extention to match latest ver
...
I'll also update this PR with the udpated binaries when the paylaods
repo has landed https://github.com/rapid7/metasploit-payloads/pull/298
2018-08-31 09:31:57 +10:00
James Barnett
6ddf4f4c22
Refactor db_connect for updated usage
...
db_connect will now automatically save the data service it connects to
db_save will be used to set the current data service as default
add a db_remove command to delete a saved data service
2018-08-30 18:19:14 -05:00
Wang Yihang
a83e63516e
[+] Modify script permission in case of TOCTOU
2018-08-30 10:25:27 -04:00
Wang Yihang
e6140bc78c
Merge branch 'upstream-master' into add-source-meta-command
2018-08-30 10:17:29 -04:00
Wei Chen
ea41127c6e
Support info command
2018-08-29 16:24:23 -05:00
Josh Hale
71a7ca4d7d
Use env(1) instead of export
2018-08-29 14:51:20 -05:00
James Barnett
d6d9f9c675
Handle case for no connection for save and disconnect
2018-08-29 13:54:20 -05:00
Wei Chen
b085633e49
Style change and move option to evasion.rb
2018-08-29 13:39:29 -05:00
James Barnett
133892629e
Dont allow invalid config file characters
...
Also only save cert when it is present
2018-08-29 12:49:03 -05:00
James Barnett
f7ecd4436d
Even more messaging changes
2018-08-29 11:32:01 -05:00
James Barnett
65f38d6051
More messaging changes
2018-08-29 11:19:37 -05:00
Adam Cammack
7414b18f20
Move prompt_char space to correct place
2018-08-29 10:38:28 -05:00
Josh Hale
09926bd184
Better help description and comments
2018-08-28 22:11:32 -05:00
James Barnett
28954dbc1d
More messaging improvements
2018-08-28 17:14:59 -05:00
James Barnett
cc5d96a441
Update messaging
2018-08-28 17:00:58 -05:00
James Barnett
161fb52ae3
Dont build connect string manually during loadup
2018-08-28 16:37:14 -05:00
James Barnett
52cc140cd2
Handle case where no default db is set
2018-08-28 15:52:26 -05:00
bwatters-r7
1be7f55cae
Land #8983 , Add peinjector post module
...
Merge branch 'land-8983' into upstream-master
2018-08-28 15:25:56 -05:00
William Vu
4803c889f9
Land #10507 , GPP creds for db_import
2018-08-28 11:45:51 -05:00
James Barnett
5e45e2f1e9
Add help text for -l and -n options
2018-08-28 11:42:10 -05:00
James Barnett
3c1086741b
Use correct variable name for api_token
2018-08-28 10:49:50 -05:00
alpiste
562fc09d5d
add new line to the end of the file
2018-08-28 09:02:21 -05:00
alpiste
3a6d72b8b6
some executable files need stack preserve and stack restore, functionality restored
2018-08-28 09:02:21 -05:00
alpiste
ff7baaca13
remove stack preserve and stack restore in x86 shellcode and delete duplicated stack preserve variable in x64 shellcode
2018-08-28 09:02:21 -05:00
bwatters-r7
5a28863b12
Fix Whitespace for Rubocop
2018-08-28 09:02:21 -05:00
bwatters-r7
3ac24abfb2
Remove Extra stackpreserve variable
2018-08-28 09:02:21 -05:00
bwatters-r7
f9148f7864
Update/Add Human-Readable ASM
2018-08-28 09:02:21 -05:00
alpiste
f1e4079641
move add_thread code to lib/rex/post/meterpreter/extensions/peinjector/peinjector.rb
2018-08-28 09:02:21 -05:00
alpiste
55299561b1
Peinjector meterpreter extension interface added
2018-08-28 09:02:21 -05:00
alpiste
ced4ae6f49
MSFTidy module
2018-08-28 09:02:21 -05:00
alpiste
2251c4a712
Add peinjector post module
2018-08-28 09:02:21 -05:00
James Barnett
5b7127c826
Use Rex::Text::Table for outputting data services
2018-08-27 13:18:41 -05:00
James Barnett
24cf99f59c
Enable deletion of saved data services
2018-08-27 11:32:19 -05:00
Josh Hale
419738a746
Add expect method, -s, and -l
2018-08-26 19:38:19 -05:00
Brent Cook
cb07ba2b6c
Land #10516 , Add brace expansion encoder and update ${IFS} encoder
2018-08-25 22:23:07 -05:00
Brent Cook
969170096a
Land #10520 , Only allow setting persistence on payload jobs
2018-08-25 22:21:46 -05:00
William Vu
6df235062b
Land #10505 , post-auth and default creds info
2018-08-24 18:08:15 -05:00
William Vu
cde82b18ab
Land #10379 , tab completion for multiple commands
2018-08-24 18:06:14 -05:00
William Vu
e955e8dc15
Clean up code
...
And hope I didn't break anything.
2018-08-24 18:05:52 -05:00
James Barnett
bb0ec0472b
Enable saving local data services
2018-08-24 12:51:50 -05:00
Green-m
1dd91434f4
Fix #10518 , bug fix when add persistent to non-payload job.
2018-08-24 03:39:18 -04:00
Green-m
6d84d3bfec
Add tabs auto completion for irb.
2018-08-23 23:29:12 -04:00
Green-m
418b574161
Merge branch 'master' and resolve conflict.
2018-08-23 23:24:23 -04:00
William Vu
7c0dd2a0fe
Add CmdUnixBrace and update CmdUnixIfs
...
Acronyms can be capitalized as per the Ruby style guide.
2018-08-23 21:18:09 -05:00
Matthew Kienow
df18e354e1
Add bind_busybox_telnetd payload, misc cleanup
2018-08-23 15:23:39 -04:00
Matthew Kienow
c0c3e12c74
WIP - hp officejet pro exploit, enhance PJL lib
2018-08-23 14:53:54 -04:00
James Barnett
724e0dcaf3
Add ability to connect to saved data services
2018-08-22 17:16:27 -05:00
William Vu
9b3e0d8306
Add additional root tags for GPP XML
...
Finally ran through all the samples and cross-referenced with MS14-025.
https://msdn.microsoft.com/en-us/library/cc232650.aspx
https://support.microsoft.com/en-us/help/2962486/ms14-025-vulnerability-in-group-policy-preferences-could-allow-elevati
2018-08-22 16:48:33 -05:00
William Vu
2891255549
Clarify what is being imported currently
...
Since the parser is focused on creds.
2018-08-22 15:53:19 -05:00
William Vu
1e4eb0eae0
Revert report_note, since it added nothing
...
A bit of misunderstanding. We're in agreement that loot was enough.
2018-08-22 14:34:09 -05:00
William Vu
6fa04950ee
Store parsed GPP data as a note
...
And refactor slightly.
2018-08-22 14:19:50 -05:00
Wang Yihang
29ff1ea952
[+] Add source meta command to execute script remotely
2018-08-22 21:50:40 +08:00
Wang Yihang
8f0a37add6
Merge remote-tracking branch 'upstream/master' into add-resource-meta-shell-command
2018-08-22 21:08:28 +08:00
王一航
e29135d0f5
Merge branch 'master' into impl-of-ctrl-z
2018-08-22 17:31:00 +08:00
William Vu
b1c633faf6
Add Group Policy Preferences support to db_import
...
And take the Jaden Smith approach, as @busterb quipped to me. :)
This one's a little weird, since you normally import scans into
Metasploit, but now that creds are first-class in the database, it makes
more sense to be able to import them.
Currently, your alternatives are post/windows/gather/credentials/gpp,
which requires a session, and auxiliary/scanner/smb/smb_enum_gpp, which
requires a network scan.
2018-08-21 23:44:39 -05:00
James Barnett
68aca395a4
Remove debug logging
2018-08-21 15:06:30 -05:00
James Barnett
57243106f7
Connect to the default database on startup
2018-08-21 14:29:20 -05:00
James Barnett
b6401dbe56
Add db_save command
2018-08-21 11:10:43 -05:00
Wei Chen
080ba15179
Another boo-boo
2018-08-21 08:55:14 -05:00
William Vu
321f2b8746
Improve file operations
...
Hmm, why did I not use File.write before? Oh well, fixed.
2018-08-20 22:25:19 -05:00
Green-m
808e2f2e25
Fix issue #10499
2018-08-21 03:08:14 +00:00
Green-m
edb85614ff
Make code cleaner
2018-08-21 03:05:44 +00:00
asoto-r7
bc3b317963
Land #10449 , Implementation of download/upload file in reverse shell
2018-08-20 19:10:26 -05:00
asoto-r7
4aee3a4ae2
Land #10448 , Implementation of CTRL+C to send SIGINT signal
2018-08-20 18:14:29 -05:00
Brent Cook
11fee8fa2c
Land #10471 , Import target DefaultOptions into the datastore
2018-08-20 17:30:27 -05:00
Brent Cook
fb2d3bfd4a
Land #10492 , show help when no argument is provided to `show`
2018-08-20 15:46:29 -05:00
James Barnett
3fadc64fb2
Don't set the workspace to default if it is already set
2018-08-20 14:35:06 -05:00
Auxilus
8869604143
update help for show and search
2018-08-21 00:17:57 +05:30
Auxilus
e8c0638092
Update modules.rb
2018-08-20 23:36:57 +05:30
Auxilus
0e594266e9
show help when no argument is provided to `show`
2018-08-20 23:32:34 +05:30
Adam Cammack
94dd67f3a5
Add public readers for prompt and prompt_char
...
This allows various things to inspect the state of the console before
calling `update_prompt`.
2018-08-17 14:41:48 -05:00
Adam Cammack
410eee8537
Remove 'append' mode from update_prompt
...
Nothing used it meaningfully. Also, due to the way `init_prompt` was set
prior to b1401e2e4e
, it would have been
very broken: the prompt_char would have been included in the line twice
and prompt substitutions like %T would have been cached. Even more,
trying to append the empty string to the prompt (removed in that commit)
caused us to add a number of workarounds removed in
1df442e0cf
.
2018-08-17 14:32:48 -05:00
Adam Cammack
1df442e0cf
Centralize where msfconsole touches the prompt
2018-08-17 14:21:16 -05:00
Adam Cammack
b1401e2e4e
Update the prompt every shell tick
...
This was inadvertently done as part of the tab completion
initialization but is what we want. Also move the prompt formatting to
the prompt update and make the code more readable.
2018-08-17 14:10:28 -05:00
Jeffrey Martin
d6bce4410c
Land #10203 , Add command for persistent job handler when msf restart
2018-08-16 15:37:10 -05:00
William Vu
7e496ae067
Import target DefaultOptions into the datastore
2018-08-16 12:18:02 -05:00
William Vu
59f2bf9002
Land #10469 , bug fixes for shell's prompt_yesno
2018-08-16 10:51:54 -05:00
Adam Cammack
4375a3fbfb
Fix lurking bugs in the shell's prompt_yesno
2018-08-16 09:05:22 -05:00
William Vu
7a20d05fa6
Land #10456 , known_hosts fix for SSH modules
2018-08-15 21:28:08 -05:00
Green-m
1475f205d4
Update for style requirements.
2018-08-15 22:24:20 -04:00
Green-m
028799299c
Update for style requirements.
2018-08-15 22:23:04 -04:00
William Vu
101539a1bc
Land #10464 , prompt to use plain module name
2018-08-15 20:55:28 -05:00
Adam Cammack
c045f70e80
Emulate `prompt_yesno` semantics for UI drivers
2018-08-15 17:30:37 -05:00
James Barnett
becd42553a
Land #10462 , Add API documentation for users and auth endpoints
2018-08-15 17:10:26 -05:00
Adam Cammack
a4fb33d53a
Prompt to use module when given plain module name
2018-08-15 15:58:19 -05:00
Adam Cammack
fe75a87cd5
Land #10459 , Fix PMA scanner vs. non-PMA hosts
2018-08-15 14:44:40 -05:00
James Barnett
f05844d8f4
Refactor options handling and help printing
2018-08-15 11:48:03 -05:00
Erin Bleiweiss
13326ea94b
Land #10451 , Add 'payload' to module search command help documentation
2018-08-15 11:20:13 -05:00
James Barnett
1a4c04cae6
Merge branch 'master' into consolidate_db_connect_data_services
2018-08-14 15:20:56 -05:00
William Vu
cedcb04ce0
Land #10433 , pry and irb in developer dispatcher
2018-08-14 13:32:47 -05:00
Erin Bleiweiss
66b761db15
Add doc for user operations
2018-08-14 13:19:56 -05:00
Erin Bleiweiss
f7a0b201d7
Add authorization support for auth/bearer tokens
2018-08-14 11:51:15 -05:00
Jacob Robles
a956f675ff
PMA Scanner Check Error Condition
2018-08-14 06:16:55 -05:00
Green-m
97b6425315
Make persist list go all in on the JSON format.
2018-08-14 06:39:56 -04:00
Green-m
2394e92c1c
Go all in with JSON format, rename var to get more readable.
2018-08-14 06:37:08 -04:00
Green-m
bdb663b078
Make persist list go all in on the JSON format.
2018-08-14 06:33:44 -04:00
Kevin Kirsche
4450d34fee
Remove SSH scanner using known_hosts
...
Fix #10266
This disables writing to the `known_hosts` file when performing auxiliary ssh scans.
2018-08-13 21:27:51 -04:00
Auxilus
b1041093f2
Add payload to cmd_search_help type
2018-08-13 11:55:56 +05:30
Wang Yihang
0bf699b716
[+] handler CTRL+Z Signal in shell session and remove debug print
2018-08-13 04:22:13 +08:00
Wang Yihang
fcd1527eec
[+] Add status print while resourcing scripts
2018-08-13 02:39:15 +08:00
Tim W
1ca6cb31d1
Land #10440 , fix apk injection on windows
2018-08-13 01:09:55 +08:00
Wang Yihang
8b4a669c5b
[+] Disable debug print
2018-08-12 14:09:29 +08:00
Wang Yihang
67f6e83cbe
[+] Make the progress bar more precise
2018-08-12 14:08:32 +08:00
Wang Yihang
6a0a52e6fe
[+] Add conditions in help menu
2018-08-12 13:10:11 +08:00
Wang Yihang
89c875d3bb
[+] Implementation of upload meta command
2018-08-12 12:54:05 +08:00
Wang Yihang
f3d98b26d7
[+] Implementation of download meta command
2018-08-12 11:37:39 +08:00
Wang Yihang
fe6fda0072
[+] Implementation of download meta command
2018-08-12 11:19:30 +08:00
Josh Hale
f1fd077bef
Whitespace fix
2018-08-11 17:39:44 -05:00
Josh Hale
7b573fa3ca
Use multiple bash methods
2018-08-11 17:38:13 -05:00
Wang Yihang
6c33854ffc
[+] Exit vim opened in reverse shell via signal USR1
2018-08-12 06:07:18 +08:00
Wang Yihang
b6e2c34b11
[+] Fix can not abort reverse shell session
2018-08-12 05:40:40 +08:00
Wang Yihang
dc342a29b3
[+] Fix typo
2018-08-12 05:23:18 +08:00
Wang Yihang
7e4a666e1b
[+] Modify script arguments, change LOG_FILE to /dev/null
2018-08-12 04:54:08 +08:00
Wang Yihang
3fb814cef3
[+] Implementation of script and socat on poping up a interactive shell
2018-08-12 04:49:44 +08:00
Wang Yihang
b220c9b0ab
[+] Fix confliction on resource meta command branch and merge
2018-08-12 03:38:47 +08:00
Wang Yihang
e457eba2dd
[+] handler CTRL+C Signal in reverse shell sessions
2018-08-12 02:41:16 +08:00
Green-m
2529fdf322
Fix issue #8887 , when injecting into an existing .apk file on windows
2018-08-10 05:43:26 -04:00
Wei Chen
d9fc99ec4a
Correct false negative post_auth? status
2018-08-09 23:34:03 -05:00
Wang Yihang
6578950533
[-] Remove debug message
2018-08-09 16:32:27 +08:00
Wang Yihang
f6c28106b9
Merge remote-tracking branch 'upstream/master' into add-resource-meta-shell-command
2018-08-09 16:20:26 +08:00
h00die
a977121a61
include kernel to solaris.rb
2018-08-08 20:24:59 -04:00
h00die
c1635948ce
sync some linux local libraries to solaris
2018-08-08 20:08:23 -04:00
James Barnett
c8dc5967d2
Remove data_services commands
...
db_connect is now the preferred method of connecting
2018-08-08 17:47:17 -05:00
James Barnett
d7dcdce7a8
Add more information when already connected to a db
2018-08-08 13:32:25 -05:00
James Barnett
cfe1ea86fb
Only allow one http connection at a time
2018-08-08 13:20:46 -05:00
William Vu
89a3a265d2
Move the built-in irb command while we're at it
2018-08-07 21:32:30 -05:00
William Vu
68a7761f68
Move built-in pry command to developer dispatcher
...
We also fall back on prying Framework if a module isn't active.
This fixes the following bad behavior:
msf5 > pry
[*] exec: pry
And then your input gets stolen.
2018-08-07 21:17:22 -05:00
James Barnett
201b91f9d7
Land #10410 , add script for setting up and managing data services
...
The msfdb script allows you to create, delete, start, and
stop local and remote data services. The database backend requires
PostgreSQL and the webservice provides a REST API to interact with it.
2018-08-07 18:25:51 -05:00
William Vu
2bce8b008e
Fix history deduplication for system Readline
2018-08-07 16:53:24 -05:00
William Vu
298d5c3b30
Refactor history clearing
2018-08-07 16:53:17 -05:00
Wei Chen
6223685c37
Update auth requirement for json metadata
2018-08-07 16:42:00 -05:00
William Vu
6eda1b2dfa
Revert deletion of history clearing
...
ef487f6be5
2018-08-07 14:06:52 -05:00
James Barnett
387d784ddc
Implement db_disconnect for remote data service
...
And a couple of fixes for db_connect for remote data services
2018-08-07 14:03:38 -05:00
William Vu
3b2c3507d1
Refactor history deduplication on save
...
We move the check outside the block and clean up the syntax.
2018-08-07 11:18:13 -05:00
Green-m
3caa3057d8
Process persistent job when msf start.
2018-08-07 05:41:47 -04:00
Green-m
2dee2cf038
Update command job to support for persistent job when msf restart.
2018-08-07 05:40:35 -04:00
Green-m
91a9a24879
Update the dump_jobs for persistent job info.
2018-08-07 05:36:57 -04:00
Wei Chen
f7e49d3f7e
Able to successfully run a module
2018-08-06 11:46:19 -05:00
Auxilus
cb01216e0c
fix history issues as stated in #10423
2018-08-06 11:27:47 +05:30
William Vu
f6d9cde7c4
Revert history -u deduplication on print
2018-08-05 14:28:15 -05:00
William Vu
a0962855bd
Refactor history deduplication
...
We don't need to know the absolute index. We also fix the IndexError.
2018-08-05 14:28:10 -05:00
Auxilus
fce19cf5b8
Prevent adding the same command to history
2018-08-05 22:33:00 +05:30
William Vu
ef6be1980f
Fix use -h to call cmd_use_help
...
It really shouldn't try to load it as a module.
2018-08-04 15:34:26 -05:00
James Barnett
df607ddd16
Enable connecting to remote data services with db_connect
2018-08-03 13:38:02 -05:00
Wei Chen
37f70343e3
Get payload options to work (show, set, etc)
2018-08-03 11:47:43 -05:00
Brendan Coles
bc9fcf40d4
2016
2018-08-03 07:07:21 +00:00
Wei Chen
f176dd03b5
Add a new module type to support evasion (WIP)
2018-08-02 11:54:38 -05:00
Matthew Kienow
fbc9d3ee83
Add print methods from HttpDBManagerService
2018-08-02 12:38:52 -04:00
Adam Cammack
54abc65c55
Land #10406 , Fix notes service, port, protocol
2018-08-01 14:39:34 -05:00
Brent Cook
1601e8a844
Land #10330 , Add SMBv2 support to bind_named_pipe payloads
2018-08-01 12:58:44 -05:00
Erin Bleiweiss
58b3f63c1a
Update to reflect new JSON models
2018-07-31 15:57:26 -05:00
Erin Bleiweiss
3e8efea57a
Merge branch 'conform_to_api_standards' into exploit-query
...
Prepare for new JSON format.
2018-07-31 14:48:37 -05:00
James Barnett
eb240892fc
Fix but with origin display in console
...
Also prevent adding workspace to opts when id is present
2018-07-31 14:03:53 -05:00
Erin Bleiweiss
9d1a2e20ee
Add better error handling.
2018-07-31 13:25:49 -05:00
Erin Bleiweiss
1d3761c9d6
Add support for 'check' metadata value
2018-07-31 12:18:09 -05:00
William Vu
2bca1ade05
Normalize note proto better and actually use it
2018-07-31 11:51:34 -05:00
Erin Bleiweiss
3291931955
Merge branch 'upstream-master' into exploit-query
2018-07-31 11:51:14 -05:00
Erin Bleiweiss
db91c7f075
Add error message to console if invalid params are supplied
2018-07-31 11:49:09 -05:00
James Barnett
2ef639f99e
opts[:id] could sometimes be an integer, so cast to string
2018-07-31 10:58:01 -05:00
Green-m
21afd0572c
use %w to replace [] for string arrays, more readable.
2018-07-30 22:47:59 -04:00
James Barnett
7dc14f59f4
We're using named parametes now
2018-07-30 15:38:48 -05:00
James Barnett
0843e6789d
Fix private data not displaying for creds
...
Also fix issue where delete and update cred were not using the data format
2018-07-30 15:31:38 -05:00
James Barnett
d1f09ca81c
Add path selection for GET requests
...
Also remove instances where workspace is passed for
single object lookups since it is no longer required
2018-07-30 13:56:34 -05:00
James Barnett
4c92de0b55
Refactor logic for determining single object output.
...
Also add restrictions on passing id as a query string param
2018-07-30 11:42:45 -05:00
Wang Yihang
c90b03808a
Merge remote-tracking branch 'upstream/master' into add-resource-meta-shell-command
2018-07-30 13:25:26 +08:00
Wang Yihang
b2eb5edf37
[+] Fix bug in pull 10220
2018-07-30 13:21:26 +08:00
Josh Hale
fcbfa8019f
style and more python checks
2018-07-29 22:52:43 -05:00
James Barnett
9cd99cbc17
Fix error when id param is present in GET request
2018-07-28 22:55:03 -05:00
Josh Hale
51ff09a9b6
Only try on NX
2018-07-28 19:00:33 -05:00
James Barnett
9e08bf6ec2
Fix logic issue when processing HTTP requests
2018-07-28 15:23:56 -05:00
James Barnett
37706e094d
Dont wrap object in array when using ID parameter
2018-07-27 16:41:11 -05:00
James Barnett
829b43f743
Address minor code review comments
2018-07-27 16:19:17 -05:00
Erin Bleiweiss
d4b5e27edc
remove whitespace
2018-07-27 16:03:16 -05:00
Erin Bleiweiss
57c9a3544a
delete unnecessary proxy files
2018-07-27 16:01:45 -05:00
Erin Bleiweiss
3e41db6994
refactor for more dry, more compartmentalized code
2018-07-27 16:00:19 -05:00
Erin Bleiweiss
4ac11d4e70
parameter validation
2018-07-27 15:15:49 -05:00
James Barnett
3411d0bce2
Refactor error JSON responses to use a helper method
2018-07-27 13:59:17 -05:00
Erin Bleiweiss
7cfc2b44ec
allow rank search with numeric value only
2018-07-27 13:30:29 -05:00
James Barnett
15fe80de06
Merge branch 'master' into conform_to_api_standards
2018-07-27 11:08:18 -05:00
Erin Bleiweiss
df159e957d
condense logic for matching rank names to numeric value
2018-07-27 11:02:25 -05:00
Erin Bleiweiss
c76f141a49
replace magic numbers with constants
2018-07-27 10:42:57 -05:00
Erin Bleiweiss
06c98a0772
ignore extraneous/invalid keywords
2018-07-27 10:33:47 -05:00
Erin Bleiweiss
44239b7005
remove debug line
2018-07-27 10:28:31 -05:00
UserExistsError
6181253109
fix multi connect bug
2018-07-26 17:34:11 -06:00
Erin Bleiweiss
129b3ec2b5
rename single-letter variables to be more descriptive
2018-07-26 17:35:26 -05:00
Erin Bleiweiss
23c0f70c68
update multi-line block syntax
2018-07-26 17:24:04 -05:00
Erin Bleiweiss
7e81e81965
call 'except' without duplicating variable
2018-07-26 17:22:15 -05:00
Erin Bleiweiss
9f5f2ffeab
remove extraneous newlines
2018-07-26 17:19:18 -05:00
Josh Hale
0a6a91a1c6
Initial add of pybash option
2018-07-26 14:44:34 -05:00
Erin Bleiweiss
2572a297a2
clean up parameter delcarations in docs and rename doc files to module_search
2018-07-26 11:43:55 -05:00
James Barnett
5c9f002a72
Make hash definitions more consistent
2018-07-26 10:40:58 -05:00
Green-m
3f8906596d
Fix issue 10372, match mutiple slashes better
2018-07-26 05:35:04 -04:00
Green-m
63ed4b2173
Add uictl tabs
2018-07-26 05:33:40 -04:00
Green-m
2dbbd0c649
Add multiple commands' tabs and help
2018-07-26 05:32:57 -04:00
Green-m
4060492bfc
Add multiple commands' tabs and help
2018-07-26 05:27:47 -04:00
Green-m
3852265d9f
Add multiple commands' tabs and help
2018-07-26 05:26:30 -04:00
Green-m
6c1a28d2d6
Add multiple commands' tabs and help
2018-07-26 05:25:38 -04:00
Green-m
6a0534de14
Update splitkey method to match better on windows
2018-07-26 05:23:27 -04:00
Green-m
746b63f76a
Add method to glob the given filename.
2018-07-26 05:21:12 -04:00
William Vu
8e6a1d203b
Futureproof FingerprintCheck until we delete it
2018-07-25 21:39:02 -05:00
William Vu
4e46ebdb9c
Call check_simple when RHOSTS is a single host
2018-07-25 21:27:20 -05:00
William Vu
25ef422168
Handle connection errors and fail_with in check
...
Also fix FingerprintCheck to tell us when it doesn't receive a response.
2018-07-25 21:11:40 -05:00
Brent Cook
e78337d59a
Land #10374 , Net::SSH::CommandStream fixes
2018-07-25 18:21:39 -05:00
William Vu
8753c5bf62
Land #10303 , HttpClient Rex::ConnectionError fix
2018-07-25 18:02:44 -05:00
Sonny Gonzalez
f5ccdcfcd2
Net SSH CommandStream fixes implemented
...
* Net::SSH::CommandStream typos fixed
* Net::SSH::CommandStream cleanup made more robust and refactored
* require 'net/ssh/command_stream' added to various modules
2018-07-25 11:22:28 -05:00
Wei Chen
625ea87ea9
Land #10368 , PhpMyAdmin Login Scanner Module
2018-07-24 23:25:27 -05:00
Erin Bleiweiss
9205159e7d
update console help documentation
2018-07-24 16:43:30 -05:00
Erin Bleiweiss
e6e06fea84
update rank param to accept descriptive names
2018-07-24 16:43:16 -05:00
Erin Bleiweiss
87434ef22d
pull changes
2018-07-24 15:42:31 -05:00
James Barnett
503a2276f2
Convert creds to use new format
2018-07-24 15:25:48 -05:00
Erin Bleiweiss
ffe4dbcc19
refactor out of db_manager and into web_services
2018-07-24 15:25:23 -05:00
Jeffrey Martin
6d878a9bb6
Land #10367 , Pass a framework instance to external module shims
2018-07-24 15:22:47 -05:00
Adam Cammack
de52e8c631
Update Rspec expected thread count
...
External modules start threads during the test run, so the thread
manager is always running by the end in addition to the main VM thread.
2018-07-24 15:14:47 -05:00
Shelby Pace
4f81fcdc87
retn versions in chk_setup, tests to reflect, doc
2018-07-24 14:51:00 -05:00
James Barnett
eccd223a3e
Merge branch 'master' into conform_to_api_standards
2018-07-24 12:11:14 -05:00
Adam Cammack
230e36f5f0
Pass the framework instance to exec module shims
2018-07-24 12:02:54 -05:00
Shelby Pace
976a3464e1
added phpmyadmin login scanner and aux module
2018-07-24 09:47:01 -05:00
James Barnett
2242cb590d
Fix name in credential_data_service
2018-07-23 17:26:12 -05:00
James Barnett
e3da0a6828
Merge branch 'master' into remote_creds_data
2018-07-23 16:39:13 -05:00
Erin Bleiweiss
2215cab7df
refactor search to work with existing console search function, and expand console keyword options
2018-07-23 16:37:11 -05:00
James Barnett
862f918d49
Fix bug when updating Core subobjects
2018-07-23 16:21:30 -05:00
William Vu
87f9d3bd23
Land #10345 , OptionParser for console grep
2018-07-23 16:00:18 -05:00
James Barnett
351c2319a8
Fix issues with creds filter by IP
2018-07-23 14:53:09 -05:00
Wei Chen
dc43cc78b0
Land #10341 , Add check method Boolean to module cache and info and search commands
2018-07-23 14:45:28 -05:00
William Vu
654cbd198a
Fix missing method when check is run
...
Oops, lost the "mod" when I refactored into ternary. Caught during
verification with @wchen-r7. :D
2018-07-23 14:19:48 -05:00
James Barnett
08c0463e41
Cleanup creds options
2018-07-20 16:35:55 -05:00
James Barnett
b250c4e3f4
Honor realm in creds -S
2018-07-20 16:30:17 -05:00
James Barnett
08e1941e9b
Remove unsupported syntax from creds help
2018-07-20 15:54:57 -05:00
William Vu
58ad718a7d
Display check support in module search
2018-07-20 14:10:44 -05:00
James Barnett
c7ea24e856
Pass symbols for credential types
2018-07-20 13:17:57 -05:00
Erin Bleiweiss
6c7650eec3
add call to warden.authenticate!
2018-07-20 10:34:07 -05:00
Shelby Pace
c11d404ae0
successfully works on v4.8.1
2018-07-20 09:13:51 -05:00
bwatters-r7
658267849b
deconflict the method names in mix-ins
2018-07-19 17:01:40 -05:00
James Barnett
65d42380d3
Merge branch 'master' into remote_creds_data
2018-07-19 16:25:06 -05:00
James Barnett
a8e5308fd3
WIP: Convert each endpoint to use the correct JSON format
2018-07-19 16:20:35 -05:00
Erin Bleiweiss
2cd5c11342
remove unnecessary whitespace
2018-07-19 15:56:04 -05:00
Jacob Robles
9327d75ceb
Land #10343 , Add decryption and decoding support for Metasploit C compiler
2018-07-19 14:57:43 -05:00
Erin Bleiweiss
ad2bd35858
add a requirement that there must be at least one search parameter
2018-07-19 14:56:51 -05:00
Erin Bleiweiss
04a6cf8f0a
pull latest changes and re-register module servlet in new sinatra base
2018-07-19 14:42:39 -05:00
Erin Bleiweiss
77fbd4b443
strip whitespace from field params
2018-07-19 14:34:47 -05:00
Erin Bleiweiss
ce7eb9f3fe
add list of valid fields to documenation and update aliases
2018-07-19 14:31:46 -05:00
Erin Bleiweiss
7dc37c8c79
add aliases to prevent ambiguity with plurals
2018-07-19 14:24:12 -05:00
Erin Bleiweiss
3d58ec3a53
add aliases for field keywords
2018-07-19 14:23:47 -05:00
Erin Bleiweiss
dd4279fc2a
add more robust searching to reflect all metadata values
2018-07-19 13:07:16 -05:00
Adam Cammack
ef264e78f0
Refactor grep command to use optparse
...
This is an experiment to see what it would take to convert *all* option
assignment, parsing, and validation to use Ruby's builtin optparse. Our
current situation in the command dispatchers is a mishmash of bespoke
and Rex code, both with odd behaviors. Modules use a more formalized
system, but it is also a bit janky and unlike most other tools a
pentester might use.
The first step is to refactor the console commands to use Ruby's builtin
option parsing to reduce code and increase homogeneity among the various
functions. Next we plan to explore what it would take to invoke modules
from within Metasploit this way (this would be Metasploit 5+ only).
Refactoring `grep` seems to have been a success. There is now less code;
the code that declares and handles the options are now in the same
place; long options are now supported; adjacent, argument-less short
opts now work as expected; patterns can now begin with a `-`; and option
arguments are now validated. Additionally, optparse's argument
coercion/validation code can be extended for custom types/validations to
support more specialized commands.
2018-07-19 12:11:09 -05:00
James Barnett
59962c5273
Merge branch 'master' into conform_to_api_standards
2018-07-19 09:26:17 -05:00
Wei Chen
f2fd24780c
Add support for XOR
2018-07-18 23:13:45 -05:00
Wei Chen
1534613cda
Add Base64 support
2018-07-18 20:07:27 -05:00
Wei Chen
999d0e994f
Add RC4 decryption
2018-07-18 19:50:46 -05:00
Brent Cook
08290b81c0
Land #10282 , Add support for running external modules outside of msfconsole
2018-07-18 17:38:40 -05:00
Erin Bleiweiss
8010c58220
add module documentation to swagger (WIP)
2018-07-18 17:36:31 -05:00
James Barnett
612959d9ab
Land #10323 , add authentication to REST API
2018-07-18 17:29:22 -05:00
William Vu
1371fc6daf
Fix regexed integer RPORT for module search
2018-07-18 17:24:05 -05:00
William Vu
de23559491
Add check for check to module cache
2018-07-18 16:40:52 -05:00
Matthew Kienow
ee6de3da39
Make endpoint plural and uniform with the others
2018-07-18 17:35:47 -04:00
William Vu
98d6d4cbcd
Add check for check to info command
2018-07-18 16:33:30 -05:00
William Vu
5fa1ddf4eb
Remove default check method
2018-07-18 16:25:46 -05:00
Erin Bleiweiss
93ce09cbd2
indicate private methods
2018-07-18 15:55:25 -05:00
Erin Bleiweiss
6955a9a58b
filter search result using comma delimited fields
2018-07-18 15:52:47 -05:00
James Barnett
4da27d2bff
Enable GET for /endpoint/ID for each model
2018-07-18 15:18:22 -05:00
Erin Bleiweiss
389b015047
fix typo (reference -> references)
2018-07-18 15:10:11 -05:00
Matthew Kienow
257a05d5d7
Add long port option for data_services cmd
2018-07-18 14:29:32 -04:00
Matthew Kienow
3147b8307b
Fix issue when adding authenticated data service
...
Add authentication to MsfServlet as a simple workaround to an issue
that occurs when data_services cmd is used to add a remote service
that requires an API token and no token or an invalid token are
provided.
2018-07-18 14:08:30 -04:00
Matthew Kienow
4ff39e3799
Fix error code returned by authentication failure
...
Previously an authentication failure message would indicate that the
error was permissions related yet the error code remained 401. The fix
allows the Authentication::Strategies classes to specify an error code
that is returned to the user.
2018-07-18 14:04:09 -04:00
James Barnett
026ddad9d8
Remove more unused code
2018-07-18 12:44:27 -05:00
James Barnett
08b53a1ef7
Homogenize GET requests
2018-07-18 12:43:48 -05:00
Erin Bleiweiss
a2da40a104
refactor endpoint under /v1/modules/
2018-07-18 12:06:25 -05:00
James Barnett
846df018e0
Minor code cleanup. Remove unused methods
2018-07-18 11:51:43 -05:00
Erin Bleiweiss
64fff449f8
refactor platform/target search
2018-07-18 10:59:46 -05:00
William Vu
9d2bed2596
Fix grep's prompt rewriting
...
Missed in #9261 .
2018-07-17 21:08:21 -05:00
William Vu
94297de256
Add grep -C to msfconsole
2018-07-17 20:52:46 -05:00
William Vu
38daeb1b9f
Fix #10283 , SOUNDTRACK and LOGO refs
...
Some dupe code came in from master. Fixing and refactoring.
2018-07-17 19:36:35 -05:00
William Vu
6a38b36a45
Land #10283 , SOUNDTRACK and LOGO refs
...
:'(
2018-07-17 19:11:52 -05:00
William Vu
07203dccc6
Clean up some things
2018-07-17 19:11:26 -05:00
UserExistsError
d5ed70417b
bind_named_pipe payload for ruby_smb
2018-07-17 17:46:10 -06:00
Erin Bleiweiss
ad74ab7cf9
proof of concept searching with query params
2018-07-17 17:29:12 -05:00