16eab48012 introduced changes to
cmd_db_nmap which pass a new arguments variable to Open3 with a
list of args excluding save.
This approach created a problem wherein the address of the target
had to be passed in first and arguments could get mangled.
Reintroduce an array format, exploding when passing to Open3.
Ensure output file options are appended to the arguments being
passed to Open3, instead of the args variable.
Error example:
db_nmap -F 192.168.0.1
[*] Nmap: 'nmap: unrecognized option '- 192.168.0.1 ''
This commit contains a few minor tweaks
for style and format. Some whitespace removed,
an erroneous 'return' removed, and using single
quotes for consistency. Updated as per request.
These functions address certain problems
listed in GitHub issue #4353, but do not
address all issues in that ticket. Most
notably, this commit adds basic tab
completion for db_nmap.
More predictable than /dev/stdin, which is usually a symlink to
/proc/self/fd/0 or /dev/fd/0, but the feature is not guaranteed to be
present.
This isn't *terribly* useful, but it can be. -x is recommended, but it
doesn't allow for ERB directives. This is mostly for hax.
Sometimes we forget the set command is context specific. For example,
if run from a module's context, it will set the value in the module's
datastore.
Fix#4641
This should fix up #4642 with respect to #4504.
Squashed commit of the following:
commit 124d53ccb00cd200bede092e893dda7e033d3e17
Merge: cb2bef8 ccad159
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Jan 26 16:23:03 2015 -0600
Merge branch 'feature/creds-blank-finders' into temp
commit ccad159222eaa949d76e22b588d1ac7709fb2f27
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Jan 26 15:58:02 2015 -0600
Clean out whitespace, make vars more meaningful
commit 266b45dff26e2778e43d8e4750d212b5aee5a009
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Jan 26 15:54:32 2015 -0600
Add some specs for regular users and blank users
commit 2e51503f76e9a2f6921c57e86a2f98527f80c874
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Jan 26 15:04:03 2015 -0600
Users should be able to find blank user/pass
This is a weak attempt to solve a race condition between modules loading
and cmd_use being fired. Upon startup, saved configurations, running
resource scripts, and running commands will sometimes jump ahead of the
module loading procedure.
I have not discovered where the race actually is and how to cause the
race to happen. However, the timing seems to be fairly close to a second;
by waiting three seconds after trying use again, we seem to be in the
clear, at least according to testing.
Fixes#4549, but better solutions are welcome!
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.
Resolve#4507
response_timeout is a method specific to a meterpreter session, not
shell. So if the user is using a shell type payload, he will never
see a backtrace before interacting with the sessions.
MSP-11671
Add command line option --defer-module-loads to msfconsole. It will
stop `Msf::Ui::Console::Driver` from calling
`framework.modules.init_module_paths` AND
`framework.modules.refresh_cache_from_database`. This flag is only
meant to speed up msfconsole boot when modules do not need to accessed,
such as during cucumber testing of command help or command line options.
MSP-11672
Pass `'DeferModuleLoads' => false` to `Msf::Simple::Framework.create` so
that `framework.modules.init_module_paths` is only called once (directly
in `Msf::Ui::Console::Driver#initialize`) instead of twice (in
`Msf::Simple::Framework.create` and `Msf::Ui::Console::Driver#initialize).
Minor tweaks after the PR from @kernelsmith
Remaining items:
1. Handle empty session IDs correctly, for example 'sessions -d' or 'sessions -k'
2. Find a method of explaining the range options in the help text
3. Retest all changed code areas
4. Edit PR Summary to reflect changes to the scope
- Added check for un-detach-able sessions
- Added back the check for session.interactive? when detaching sessions
- Collapse build_jobs_array and build_sessions_array to build_range_array
- Added check for empty or invalid parameters to detach and kill [session | job]
- Reworked session id sanity check around line 1660
- RuboCop/Style guide change: Array.new -> []
- Misc RuboCop/Style guide spacing changes
MSP-11126
Fully-qualify `Msf::MODULE_TYPES`, `Msf::MODULE_ANY`,
Msf::MODULE_ENCODER`, `Msf::MODULE_EXPLOIT`, `Msf::MODULE_NOP`,
`Msf::MODULE_AUX`, `Msf::MODULE_PAYLOAD`, `Msf::MODULE_POST` so that
their usage isn't dependent on nested lexical scoping.
MSP-11152
Constant was unqualified in some of the reorganized Msf::DBManager code
because that code was take advantage of the old nested lexical scope
that included `Msf`.
Sometimes msfconsole takes a little while to start.
This adds a fairly common ASCII spinner to the startup sequence.
I haven't spec'ed it, and the code organization isn't great, so consider
this PR more of a cry for help than something immediately landable.
That said, it works for me.
MSP-11153
Test the following paths in order and only return them if the path
exists:
1. MSF_DATABASE_CONFIG environment variable
2. ~/.msf4/database.yml
3. <project>/config/database.yml
Matt Buck
root
jvazquez-r7
William Vu
sekritskwurl
rwhitcroft
Fernando Arias
Tod Beardsley
James Lee
RageLtMan
HD Moore
sinn3r
nstarke
Christian Catalan
Brent Cook
Jon Hart
Christian Mehlmauer
Meatballs
Sven Vetsch
Spencer McIntyre
Trevor Rosen
Luke Imhoff
Joshua Smith
Tom Sellers
Tim Wright
Kurt Grutzmacher
Samuel Huckins