infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,347 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

7558 Commits (61b8fb7921078e88c082a2ac3dd304f0b6dd01c8)

Author SHA1 Message Date
Tod Beardsley eab938c7b4
Get rid of requires, too 2014-04-07 16:39:19 -05:00
Tod Beardsley 17ddbccc34
Remove the broken lorcon module set 
None of the lorcon / lorcon2 modules have been functional for a long
time, due to the lack of a "Lorcon" gem. It's unclear where it went.

I'm happy to include it and get these working again, but until someone
comes up with some functional code (hint: 'gem install' doesn't work) I
don't see any reason to keep shipping these.

Is there some trick people are doing to make these work? As far as I can
see, they are broken by default.

````
msf auxiliary(wifun) > show options

Module options (auxiliary/dos/wifi/wifun):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   CHANNEL    11               yes       The initial channel
   DRIVER     autodetect       yes       The name of the wireless driver
for lorcon
   INTERFACE  wlan0            yes       The name of the wireless
interface

msf auxiliary(wifun) > run

[*] The Lorcon2 module is not available: cannot load such file --
Lorcon2
[-] Auxiliary failed: RuntimeError Lorcon2 not available
[-] Call stack:
[-]
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/lorcon2.rb:67:in
`open_wifi'
[-]
/home/todb/git/rapid7/metasploit-framework/modules/auxiliary/dos/wifi/wifun.rb:29:in
`run'
[*] Auxiliary module execution completed
````
 2014-04-07 16:37:10 -05:00
sinn3r d385c5ad4b Fix undefined method `rport' for the check command 2014-04-07 11:48:28 -05:00
jvazquez-r7 80b069f161 Add support for spoofed zip Central Dir names at Entry level 2014-04-07 09:21:26 -05:00
jvazquez-r7 46e6f937f1 Revert "Add central directory zip spoofing" 
This reverts commit d0700e8ac4.
 2014-04-07 08:50:33 -05:00
jvazquez-r7 d0700e8ac4 Add central directory zip spoofing 2014-04-07 08:49:49 -05:00
jvazquez-r7 6d72860d58
Land #3004, @m-1-k-3's linksys moon exploit 2014-04-04 14:04:48 -05:00
William Vu 9779913060
Land #3184, Rex::Proto::Http::Client IOError fix 2014-04-03 15:58:50 -05:00
joev 42d59d269e Check #closed? instead of rescuing. 2014-04-03 14:20:48 -05:00
joev 98628b814e Prevent Rex::Proto::Http::Client from raising on close. 2014-04-03 11:36:18 -05:00
jvazquez-r7 c892da44e8
Land #3181, @dmaloney-r7's fix for metasm 2014-04-02 16:38:33 -05:00
Tab Assassin 6faa3d939b
Retabbed PR rapid7#3181 2014-04-02 15:51:11 -05:00
David Maloney b426449ce7
fix the fix for 64 bit 
JJ's fix is too specific
 2014-04-02 15:24:24 -05:00
jvazquez-r7 577bd7c855
Land #3146, @wchen-r7's flash version detection code 2014-04-02 15:13:41 -05:00
David Maloney 29c2a73a12
latest fix 
trying to fix c comparison ops
 2014-04-02 15:13:35 -05:00
agix a71fcaeefd add comments on change description call 2014-04-02 20:33:09 +01:00
agix bc4cb3febf Add DCERPC catch exception 2014-04-02 20:33:09 +01:00
agix 4a575d57ab Try to fix Meatballs1 suggestions : optional service_description change call 2014-04-02 20:33:09 +01:00
agix 5334f2657e Fix a bug for backwards compatibility 2014-04-02 20:33:08 +01:00
agix 631a7b9c48 Adapt to new psexec mixin (first try :D) 2014-04-02 20:33:08 +01:00
David Maloney ab7c4a41fc
missed net new files 
some net new files we're missing from metasm
 2014-04-02 13:46:18 -05:00
David Maloney 72b1f1373f
pull JJ's latest changes in for c64 
compiler for x86_64 has some bugs, this is JJ's
latest fixes
 2014-04-02 13:44:02 -05:00
William Vu f9a7cfaa67
Land #3168, EICAR payload encoding 2014-04-01 09:17:10 -05:00
Tod Beardsley 42c7b85b86
Don't EICAR every time. That would be bad. 2014-04-01 09:05:55 -05:00
Christian Mehlmauer 5397fdbf02
Land #3173, Fix ActiveRecord::ConnectionNotEstablished 2014-03-29 00:13:44 +01:00
William Vu 5a448d9f2d
Fix ActiveRecord::ConnectionNotEstablished 
[SeeRM #8780]
 2014-04-02 00:54:39 -05:00
William Vu 8fd4f50081
Fix NameError for "r" in Msf::Auxiliary::Nmap 
Wasn't in scope.
 2014-04-01 17:35:20 -05:00
Tod Beardsley ec7bb6de54
Land #2969, random name generator for phishing 2014-04-01 13:00:55 -05:00
Christian Mehlmauer ba03890004
Land #3171, Fix NameError for "r" in Msf::Auxiliary::Nmap 2014-03-29 00:01:03 +01:00
Tod Beardsley 1b0fe74da5
Use Array#sample in email generators. 2014-04-01 14:11:23 -05:00
Tod Beardsley 8ab03f3aeb
Use Array#sample in randomize_space 2014-04-01 14:09:07 -05:00
William Vu 8bd5d10052
Use rand_hostname in rand_mail_address 2014-03-28 16:44:49 -05:00
sinn3r 07ab05c870 Update a comment 2014-03-28 15:20:45 -05:00
sinn3r 4b7f85e47d Adobe Flash support in BES 2014-03-28 15:14:58 -05:00
Tod Beardsley 196e07c5b1
Touch up the EICAR stuff 2014-03-28 11:45:28 -05:00
jvazquez-r7 8f1e55de5a Use ObfuscateJS 2014-03-28 11:08:38 -05:00
jvazquez-r7 da6a428bbf Modify libs to support explib2 2014-03-28 10:44:52 -05:00
James Lee 6c36d14be1
Land #3118, fix java payloads for msfvenom 2014-03-25 15:38:21 -05:00
sinn3r 85c0c8bb70 Add support to detect mshtml build 
Some IE vulns are build-specific, in that case we need a way to
detect the build version. On IE9 and newer, the build version is
the same as the one you see in WinDBG when you do lmv m mshtml.
On IE8, it returns something else I don't know.
 2014-03-25 03:31:08 -05:00
William Vu 8b2ee4eb8c
Disable BLANK_PASSWORDS and USER_AS_PASS 
They're as obnoxious as DB_ALL_* when enabled by default.
 2014-03-24 15:51:35 -05:00
sinn3r 13f5c22536
Land #3129 - Fix 2782 with 2961 and stop stack-tracing download_exec 2014-03-21 11:36:59 -05:00
James Lee 0a141f1c02
Land #2810, masked password format switcheroo 2014-03-20 15:12:12 -05:00
David Maloney c4a9b4fda0
Land #3128, Put loot in correct workspace 2014-03-20 14:11:17 -05:00
Tod Beardsley 4d3f871e9d
Land #2961, get_env and get_envs Post mixin 
This unbreaks the changes introduced by #2782 by introducing
get_env and get_envs for shell sessions (not just meterpreter sessions).
 2014-03-20 10:53:50 -05:00
Trevor Rosen dd4b16ad60 Remove some dead code 2014-03-20 09:38:14 -05:00
Trevor Rosen dc85a99fbd report_loot now sets proper Mdm::Workspace 
* Uses an Mdm::Workspace when passed one in conf hash
 2014-03-20 09:27:09 -05:00
Samuel Huckins 33ca577010 Zip Workspace imports now working. 
MSP-9531

* Was trying to delete XML file, not sure why, running into permission
error
* General clarification and cleanup
 2014-03-19 22:53:15 -05:00
Samuel Huckins cc4c958d58 Merge remote-tracking branch 'metasploit-framework/master' into masked-cred-format-update 2014-03-19 15:47:46 -05:00
Tod Beardsley 8e7f12e30e
Land #3085, service_control support 
This depends on rapid7/meterpreter#77 to function
 2014-03-19 08:43:17 -05:00
Tod Beardsley 04b5d71fa5
Land #3061, enhance clipboard dump 
This depends on rapid7/meterpreter#75 to function
 2014-03-19 08:42:36 -05:00
Tod Beardsley 35b94b04bf
Land #2889, WMI support 
This depends on rapid7/meterpreter#69 to actually be useful.
 2014-03-19 08:42:03 -05:00
David Maloney 130474fdfd
Fix java payload generation 
jsp payloads are java but do not generate JARs
also we were not merging datastore options in properly
 2014-03-18 13:41:27 -05:00
William Vu 9eada528d7
Land #3097, Rex::Text.uri_encode RFC 3986 fix 2014-03-14 15:38:24 -05:00
David Maloney da0c37cee2
Land #2684, Meatballs PSExec refactor 2014-03-14 13:01:20 -05:00
William Vu 8393a49148
Land #3098, check command host selection fix 
[FixRM #8768]
 2014-03-13 14:25:39 -05:00
sinn3r 6e37493471
Land #3091 - native shellcode payloads from a FF privileged js shell 2014-03-13 13:36:37 -05:00
Joe Vennix db036e44ad Use RdlCopyMemory from Kernel32. 2014-03-13 11:05:58 -05:00
sinn3r 7ead04414c
Land #3024 - Allow encoder Compat options 2014-03-13 10:59:40 -05:00
Tod Beardsley 520d1e69c4
Rapid7 Comma Inc 
After some more discussion with Rapid7's legal fellow.
 2014-03-13 09:46:20 -05:00
sinn3r 84b08a5a35 Fix check command host selection behavior 
[SeeRM #8768] Instead of using the saved value for host, the check
command should use whatever the user specifies.
 2014-03-12 22:54:01 -05:00
Tod Beardsley 9d4ceaa3a0
Let's try to be consistent about Rapid7 Inc. 
According to

http://www.sec.gov/Archives/edgar/data/1560327/000156032712000001/0001560327-12-000001.txt

Rapid7 is actually "Rapid7 Inc" not "Rapid7, LLC" any more.

This does not address the few copyright/license statements around
"Metasploit LLC," whatever that is.
 2014-03-12 11:20:17 -05:00
Joe Vennix 851fca2107 Add posix fork() call before running code. 2014-03-12 02:56:26 -05:00
Joe Vennix 7afcb6aee8 Add CreateThread wrapper for windows. 2014-03-12 02:49:09 -05:00
Joe Vennix ce0c5380a5
Kill stray //. 2014-03-12 02:20:49 -05:00
Joe Vennix 9bdf570763
All working now. In-memory meterpreter even. 2014-03-12 02:19:28 -05:00
sinn3r b431bf3da9
Land #3052 - Fix nil error in BES 2014-03-11 12:51:03 -05:00
OJ 1d70411ea7 Support service_control and new status field in query 
This code adds support for the new service_control feature in meterpreter
and also supports the status field that comes from the service_query function.
 2014-03-11 14:50:19 +10:00
Joe Vennix c07f390382 Add CookieExpiration option, add trailing slash to URI. 2014-03-10 13:07:17 -05:00
sinn3r c76a1ab9f4
Land #3065 - Safari User-Assisted Download & Run Attack 2014-03-07 10:29:56 -06:00
Joe Vennix 9638bc7061 Allow a custom .app bundle. 
* adds a method to Rex::Zip::Archive to allow recursive packing
 2014-03-06 16:11:30 -06:00
Meatballs 311d4665ce
Re-use CreateService Handle 
and remove unused variable
 2014-03-06 21:37:49 +00:00
William Vu ee0aa20955
Land #3013, Metasm update 2014-03-06 14:15:42 -06:00
Joe Vennix 05067b4e33 Oops. Need to init the profile before accessed. 2014-03-06 11:48:54 -06:00
Joe Vennix ad592fd114 Remove unnecessary method. 2014-03-05 23:36:43 -06:00
Joe Vennix a792f85a5f Fix re-initialize bug. 2014-03-05 23:27:04 -06:00
Joe Vennix 38a2e6e436 Minor fixes. 2014-03-05 19:03:54 -06:00
Joe Vennix 12cf5a5138 Add BES, change extra_plist -> plist_extra. 2014-03-05 18:51:42 -06:00
William Vu 096d6ad951
Land #3055, heapLib2 integration 2014-03-05 15:48:13 -06:00
Joe Vennix cd3c2f9979 Move osx-app format to EXE. 2014-03-04 22:54:00 -06:00
OJ a1aef92652
Land #2431 - In-memory bypass uac 2014-03-05 11:15:54 +10:00
Joe Vennix 5790547d34 Start undoing some work. 2014-03-04 17:01:53 -06:00
Tod Beardsley 6e88bbd827
No need for that kind of language 2014-03-04 14:34:50 -06:00
sinn3r e638c3d50a
Land #3058 - Prevent jsobfu from generating reserved js keywords 2014-03-04 11:43:39 -06:00
David Maloney 72c6b995de
adjust timeout for shadowcopy 
WMIC defaults to 10 sec timeout but shadowcopy
often needs longer.
 2014-03-04 10:18:59 -06:00
OJ 0bdce4836f Modify clipboard dump to support new format from Meterpreter 2014-03-04 19:37:57 +10:00
Etienne Stalmans e452b81fb1 style changes as suggested by @jlee-r7 2014-03-04 08:49:52 +02:00
Joe Vennix 3360f7004d Update form_post vars, add Expires to cookie. 2014-03-03 23:29:02 -06:00
Joe Vennix 6c3b667152 Kill extra comma. 2014-03-03 16:48:02 -06:00
Joe Vennix bfecf9525d Add Rex::RandomIdentifierGenerator. 2014-03-03 16:43:49 -06:00
Meatballs 43715eeb7f
Blame @OJ 
He changed the clipboard API underneat me.
 2014-03-03 22:06:05 +00:00
Meatballs 32d83887d3
Merge remote-tracking branch 'upstream/master' into wmic_post 2014-03-03 21:56:31 +00:00
Joe Vennix 517a85d141 Remove unneeded quotes. 2014-03-03 15:42:46 -06:00
Joe Vennix b3ab8f7ce1 Make random_var_name public, add specs for it. 2014-03-03 15:39:56 -06:00
Joe Vennix ae9ce962c0 Add future reserved words. 
Gotta stay ahead of the game.
 2014-03-03 14:59:46 -06:00
Joe Vennix dd86a9188c Prevent jsobfu from generating duplicate/reserved tokens. 
I got an error from a script that tried to 'set void = 1'.
 2014-03-03 14:56:50 -06:00
sinn3r ee1209b7fb This should work 2014-03-03 11:53:51 -06:00
Joe Vennix 894d16af80 Add specs for new/returning/previous visitors. 2014-03-02 20:50:10 -06:00
Joe Vennix b458b8ad63 Add specs for new methods. 2014-03-02 20:23:20 -06:00
Joe Vennix 6825fd2486 Whitespace tweaks and cleanup. 2014-03-02 19:57:48 -06:00
Joe Vennix 46f27289ed Reorganizes form_post into separate file. 2014-03-02 19:55:21 -06:00