9f4784354a
Disconnect after making the HTTP transaction in send_request_cgi
...
Add a disconnect call after cgi is done.
2016-11-23 11:20:10 -06:00
b45a36180e
Don't complain when Proxies is an empty string
2016-11-22 09:29:04 -06:00
f313389be4
Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch
2016-11-20 19:08:56 -06:00
cd01b07682
Land #7565
...
Lands print_bad and vprint_bad from todb-r7
2016-11-18 13:29:39 -05:00
66ba2b077b
Land #7567 , fix apk injection when template has no permissions
2016-11-17 11:42:54 +00:00
927e195e28
Generate payload apk from permissionless apk
2016-11-16 00:48:10 -04:00
1deacad2be
Add a print_bad alias for print_error
...
Came up on Twitter, where Justin may have been trolling a little:
https://twitter.com/jstnkndy/status/798671298302017536
We have a `print_good` method, but not a `print_bad`, which seems a
little weird for Ruby -- opposite methods should be intuitive as Justin
is implying.
Anyway, I went with alias_method, thanks to the compelling argument at
https://github.com/bbatsov/ruby-style-guide#alias-method
...since Metasploit is all about the singleton, and didn't want to risk
some unexpected scoping thing.
Also dang, we define the `print_` methods like fifty billion times!
Really should fix that some day.
2016-11-15 19:20:42 -06:00
7e4645afb3
Land #7527 , Add LURI support to the reverse_http/s stagers
2016-11-15 16:31:20 -06:00
c0e839dfd9
Fixes keytool bug in APK inject code
2016-11-11 06:12:47 -08:00
50c2ed8509
Fix post mixin platform/session check
2016-11-05 02:41:52 +10:00
dae1f26313
Land #7521 , Modernize TLS protocol configuration for SMTP / SQL Server
2016-11-03 12:56:50 -05:00
47ac122c15
Add LURI support to the reverse_http/s stagers
2016-11-03 14:51:07 +10:00
451686309b
fixes #7519 psh payload generation
...
a few files references to the templates for pwoershell were
missed when transfering the templates over to the rex-powershell gem
2016-11-01 14:32:40 -05:00
0fca4483c0
Correctly call generate_stage on native init
2016-11-02 00:52:25 +10:00
6ec76611c3
Fix arch typo in meterpreter_options for x64
2016-11-02 00:38:34 +10:00
f08a7ac10b
modernize default smtp_deliver TLS options
2016-11-01 05:42:05 -05:00
294b1e5ed7
Move session_type to base, and map shell arch to string
2016-11-01 03:02:23 +10:00
44ac3f8781
Use ARCH constant in mainframe_shell
2016-11-01 02:24:44 +10:00
ddd2d5e43f
Remove junk spaces from EXE exploit module
2016-11-01 01:28:21 +10:00
eeff24d2ef
Change BSD regex as per Brent's suggestion
2016-11-01 01:26:45 +10:00
0730613c67
Add comment to hilight need to support ARCH_CMD in sess check
2016-10-29 14:29:05 +10:00
8605992cdf
Remove superfluous session check in the post mixin
2016-10-29 14:19:27 +10:00
e5d3feebea
Final regex fix for jobs arch check
2016-10-29 14:10:01 +10:00
57eabda5dc
Merge upstream/master
2016-10-29 13:54:31 +10:00
8b97183924
Update UUID to match detected platform, fail exploit on invalid session
2016-10-29 13:45:28 +10:00
0737d7ca12
Tidy code, remove regex and use comparison for platform checks
2016-10-29 13:41:20 +10:00
9e3960f334
Update session listing to show type or platform
2016-10-29 12:46:11 +10:00
6364e93ece
Update session types to have base_platform and base_arch
2016-10-29 12:45:37 +10:00
a7485c4bba
Use constants for base_arch
2016-10-29 08:10:44 +10:00
1d617ae389
Implement first pass of architecture/platform refactor
2016-10-28 07:16:05 +10:00
ca377cadd7
Move the binary suffix stuff to a better location
2016-10-27 07:43:27 +10:00
5ce886cf5c
Land #7490 , xml importer fingerprinting fixed
2016-10-25 14:13:15 -05:00
56d5c49d4d
host was no associated with the workspace
...
* searching mdm host by wspace id instead
2016-10-25 12:05:06 -05:00
1378e2e61a
preserve hosts should still fingerprint new hosts
2016-10-25 09:58:30 -05:00
744724c083
conditionalize fingerprinting
...
* fix bug where host not preserved
2016-10-24 18:45:48 -05:00
12508f7140
Fix DRDoS mixin to handle empty responses
2016-10-24 14:21:28 -07:00
39b889ea29
Land #7459 , Delay fingerprinting during import
2016-10-24 10:47:25 -05:00
ce1f3e6b9e
Land #7451 , copy original signing certificate when backdooring APK
2016-10-22 18:04:22 +08:00
6b77f509ba
fixes bad file refs for cmdstagers
...
when moving to the rex-exploitation gem some of the
file references were missed, partially due to silly differences
between how each file was referenced
Fixes #7466
2016-10-21 12:31:18 -05:00
de87fccf85
Land #7469 , OJ's php preamble fix
...
this is OJ's fix for the bind_php payload
preamble that causes it to be missing the php
tags
2016-10-21 12:05:39 -05:00
b8e30a241e
Copy original cert data into new signing cert created for APK injection
2016-10-20 08:43:45 -07:00
f18cbd655e
delay fingerprinting of host
...
MS-2073
* imports are slow mainly caused by fingerprinting after every service creation
* now only fingerprints after all the services are created for imports
2016-10-18 17:42:48 -05:00
ebf52759cc
Land #7449 , unsuitable language fix
2016-10-16 03:23:05 -05:00
2ae62cfce1
Fix typo: Use a better adjective
2016-10-16 18:01:42 +10:00
d7ac8eba45
Create new signing certificate with dname value copied from original certificate.
2016-10-15 14:05:53 -07:00
5736b2c821
add missing require
2016-10-14 12:15:45 -05:00
4c248ebe9e
Merge branch 'master' into land-7430-
2016-10-14 09:48:33 -05:00
70011922a3
Remove binary suffixes for payloads that don't exist
2016-10-14 14:08:13 +10:00
022830634b
Rejig platform to use windows instead of win32/win64
2016-10-14 10:10:04 +10:00
e5ac3eda61
Land #7362 , Fix apk injection script to include android payload service and broadcast receivers
2016-10-11 07:54:10 -05:00
Jin Qian
James Lee
Brent Cook
h00die
Tim
Brian Yip
Tod Beardsley
Brendan
dana-at-cp
OJ
David Maloney
Sonny Gonzalez
Louis Sato
Jon Hart
Adam Cammack
William Vu
Justin Steven