infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
38,841 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

12079 Commits (6290cb681fbac6a80796240f0417f12a78cfdc51)

Author SHA1 Message Date
William Webb 563b8206c5
Land #6962, Apache Continuum Exploit 2016-06-13 16:41:53 -05:00
wchen-r7 337e48dc07 Create #make_fast_nops for huge NOP chunks 
This creates a new method called #make_fast_nops for exploits that
actually need large chunks of NOPs.
 2016-06-13 15:25:46 -05:00
William Vu f7d261516d
Land #6968, get_uri URIPORT fix (again) 2016-06-13 10:52:29 -05:00
William Vu b7139da624 Clean up whitespace 2016-06-13 10:51:38 -05:00
Trenton Ivey 776dd57803 get_uri missing port fix 2016-06-12 19:27:34 -05:00
h00die 7831cb53c5 print status of opening browser at file 2016-06-11 21:13:31 -04:00
William Vu 5adc360b2a Make opts truly optional 2016-06-10 20:35:40 -05:00
Metasploit fd4a51cadb
Bump version of framework to 4.12.8 2016-06-10 10:01:27 -07:00
wchen-r7 0d7b587b5d Avoid printing rhost:rport from AuthBrute 
When AuthBurte is mixed with other modules using the TCP mixin,
rhost:rport is printed twice. This info should come from the
protocol level mixin.
 2016-06-08 14:32:58 -05:00
Metasploit 815685992a
Bump version of framework to 4.12.7 2016-06-07 13:14:34 -07:00
Brian Patterson 6d72b5b19f
Land #6946 Fix a bug with OptPort validation when not req 2016-06-07 14:43:10 -05:00
David Maloney 53b989f283
fix normalisation so we don't coerce to 0 
don't coerce nil to 0
 2016-06-07 14:29:13 -05:00
David Maloney 16030cda30
simpler fix 
talking with adam shows that there is a simpler solution
to this problem
 2016-06-07 14:13:10 -05:00
David Maloney 9de27e0b9c
add more specific normalise method to otpport 
add a normalise method that prevents emtpy string
from being converted to 0 for OptPort avoiding
a bad behaviour
 2016-06-07 14:03:34 -05:00
David Maloney 27b5d961fd
fixes a bug with OptPort validation when not req 
OptPort lost the check for whether the option was required causing it
to incorrectly return false in certain cases

MS-1633
 2016-06-07 13:48:57 -05:00
Louis Sato d3a13f4b0c Merge pull request #6942 from acammack-r7/bug/MS-1517/fix-acunetix-again 
Fix Acunetix import with a blacklist
 2016-06-05 23:00:48 -05:00
Adam Cammack 08f1e68487
Fix Acunetix import with a blacklist 
If a host is blacklisted, we won't create the service for it. If we
don't create the service, we don't want to create entries for the web
pages.

MS-1517
 2016-06-03 19:40:29 -05:00
Brent Cook da532ecc5e
Land #6919, Move LURI into a full URI for a new 'Payload opts" column in jobs output 2016-06-03 13:57:47 -05:00
James Barnett e0cf4721c5
Land #6927, Fix exception handling in #exploit_simple 2016-06-02 11:15:25 -05:00
David Maloney ffa4177575
missed a few joins 
missed a few joins statements before

MS-1593
 2016-06-01 15:32:51 -05:00
David Maloney 2047475901
host tags commands eagerloaded instead of joining 
someone tried to fix a rails deprecation warning by doing an
eager load, but caused an actual exception instead. switching to
propper joins makes everything work properly

MS-1593
 2016-06-01 13:50:38 -05:00
David Maloney a27d10c200
fixes the exception handling in #exploit_simple 
The exception handling in the #exploit_simple method tries to set
error on exploit but exploit is defined within the begin block
causing a noMethodError on nilClass

MS-1608
 2016-05-31 11:46:05 -05:00
Metasploit c35322ec3f
Bump version of framework to 4.12.6 2016-05-30 22:34:13 -07:00
James Lee f7382f5b3b
Make `jobs` display a full uri 
Addresses the problem of LURI taking the place of URIPATH, which has
different semantics.

See #4623
 2016-05-27 11:15:12 -05:00
Brendan Watters 00b18c8ac5
Land #6917, Fix minor issues with the RC4 stager 2016-05-26 10:12:54 -05:00
Brent Cook a3d2cba698
Land #6906, Improve msfvenom error handling and spec coverage 2016-05-26 07:58:37 -05:00
Brent Cook 96c459c71d fix #6915, handle nil payloads and alert to the user 2016-05-26 07:22:09 -05:00
Brent Cook 8612eaa553 remove senduuid for now, give RC4PASSWORD a default 2016-05-26 06:34:51 -05:00
Brent Cook c65401026a wip fixup rc4 2016-05-25 06:17:02 -05:00
wchen-r7 05680ab6f3
Land #6887, add a missing postgresql 9.4.1-5 matching case 2016-05-24 22:19:03 -05:00
James Lee 5921ac7b47
Add a spec and fix ReverseHttp#luri 2016-05-24 17:22:14 -05:00
William Vu 3dfdf1d936
Land #6528, tilde expansion and more for OptPath 2016-05-24 16:01:59 -05:00
Jon Hart a23ce05752
File.exists? must cease to exist 2016-05-24 13:53:26 -07:00
wchen-r7 14cb85250e
Land #6912, use the correct variable for cookie expiration in BAP2 2016-05-24 14:19:03 -05:00
wchen-r7 ff4d150449 Show IP for print_* 2016-05-24 14:12:54 -05:00
wchen-r7 b5987e1d51
Land #6907, Fix check command with an IP or IP range 2016-05-24 11:37:56 -05:00
James Lee 9807f9b796
Move Rex::Job into its own file 2016-05-24 11:24:47 -05:00
Metasploit 54f4389d31
Bump version of framework to 4.12.5 2016-05-24 08:54:14 -07:00
Brendan Watters 77a62ff7c0
Land #6905 RC4 Stagers 2016-05-24 09:34:32 -05:00
Brendan Watters 43f79f34a9 Removed superfluous instruction 2016-05-24 09:03:14 -05:00
Brent Cook 3bc020178f use the correct variable for cookie expiration 2016-05-24 07:16:55 -05:00
Brent Cook 76e8e8f6c7 really fix regex 2016-05-23 20:08:38 -05:00
Brent Cook eb26202961 fix regex 2016-05-23 17:33:06 -05:00
Louis Sato d0b87131a9
fixing import of zip workspace 
MS-1528
 2016-05-23 16:09:22 -05:00
Brent Cook 6af9a093d2 update bool 2016-05-23 15:48:03 -05:00
darkbushido 5e059e0c5b
updating the error message 
changing the exception to be a little more specific.
 2016-05-23 15:40:32 -05:00
darkbushido d3cdcd5f99
Having the payload generator check the payload size 
Payload generator will raise an error if the payload is larger then the size option
 2016-05-23 15:17:41 -05:00
Brent Cook fe1b24e666 allow nil assignment to the datastore 2016-05-23 14:56:19 -05:00
Brent Cook f29463f119 include {peer} in the context of the command dispatcher 2016-05-23 14:55:58 -05:00
RageLtMan efc64eaa5f Implement reverse_tcp_rc4_dns payload in metasm 
Using the ruby methods for generating assembly blocks defined or
separated in prior commits, create a new payload from the existing
assembly blocks which performs a DNS lookup of the LHOST prior to
establishing a corresponding socket and downloading, and
decrypting the RC4 encrypted payload.

For anyone looking to learn how to build these payloads, these
three commits should provide a healthy primer. Small changes to
the payload structure can yield entropy enough to avoid signature
based detection by in-line or out-of-band static defenses. This
payload was completed in the time between this commit and the last.

Testing:
  Win2k8r2

ToDo:
  Update payload sizes when this branch is "complete"
  Ensure UUIDs and adjacent black magic all work properly
 2016-05-23 14:27:11 -05:00
RageLtMan 0e69040a6a Implement reverse_tcp_dns as metasm payload 
Using the separation of block_recv and reverse_tcp, implement
reverse_tcp_dns using original shellcode as template with dynamic
injection of parameters. Concatenate the whole thing in the
generation call chain, and compile the resulting shellcode for
delivery.

Metasploit module pruned to bare minimum, with the LHOST OptString
moved into the library component.

Testing:
  Win2k8r2

ToDo:
  Update payload sizes when this branch is "complete"
  Ensure UUIDs and adjacent black magic all work properly

Misc:
  Clean up rc4.rb to use the rc4_keys method when generating a
stage. Makes the implementation far more readable and reduces
redundant code.
 2016-05-23 14:27:11 -05:00
RageLtMan df2346d9e0 Implement RC4 metasm payloads for tcp bind and rev 
Convert reverse_tcp_rc4 and bind_tcp_rc4 from static shellcode
substitution payloads to metasm compiled assembly approach.

Splits up metasm methods for bind_tcp and reverse_tcp into socket
creation and block_recv to allow for reuse of the socket methods
with the RC4 payloads, while substituting the block_recv methods
for those carrying the appropriate decryptor stubs.

Creates a new rc4 module carrying the bulk of the decryptor and
adjacent convenince methods for standard payload generation.

Testing:
 Tested against Win2k8r2, Win7x64, and WinXPx86

ToDo:
 Ensure all the methods around payload sizing, UUIDs, and other
new functionality, the semantics of which i do not yet fully
understand, are appropriate and do not introduce breakage.
 2016-05-23 14:27:11 -05:00
Brent Cook 9fc07eeb99
Land #6902, Respect SSLCipher in server mixins 2016-05-20 17:34:38 -05:00
Adam Cammack fda4c62c1f
Respect SSLCipher in server mixins 
This allows us to set a sane cipher spec for SSL-enabled server modules.
 2016-05-20 16:59:36 -05:00
Metasploit 100300c819
Bump version of framework to 4.12.4 2016-05-18 07:04:09 -07:00
Brent Cook 6a4a9742e8 handle bad user 2016-05-17 17:24:46 -05:00
Brent Cook c6db5bf34a add a missing postgresql 9.4.1-5 matching case 2016-05-17 17:12:47 -05:00
Jenkins c9dd863085
Bump version of framework to 4.12.3 2016-05-17 10:18:08 -07:00
Jon Hart 8bccfef571
Fix merge conflict 2016-05-16 17:29:45 -07:00
wchen-r7 04d70640b1
Land #6868, Add axis2 payload generator for msfvenom 2016-05-16 17:48:50 -05:00
David Maloney c40b8ea3fb
Land #6864, Meterp Suspend 2016-05-16 11:13:43 -05:00
Jenkins 621a908b2d
Bump version of framework to 4.12.2 2016-05-13 12:51:58 -07:00
David Maloney ba4bfca806 Revert "arg bad build, resetting version back one" 
This reverts commit d86392e96b.
 2016-05-13 14:48:35 -05:00
David Maloney d86392e96b
arg bad build, resetting version back one 2016-05-13 14:44:02 -05:00
Jenkins b6a83f734d
Bump version of framework to 4.12.1 2016-05-13 12:39:43 -07:00
David Maloney 31050a8da7
Rails upgrade to 4.2.6 
lands all of the rails 4.2 upgrade work
Merge branch 'staging/rails-upgrade'
 2016-05-13 14:34:50 -05:00
Jenkins 6c11054d5a
Bump version of framework to 4.12.0 2016-05-13 11:46:03 -07:00
Christian Mehlmauer 7fcddd5a05
Add axis2 payload generator 2016-05-12 22:48:07 +02:00
David Maloney d9abb06a5a
Merge branch 'master' into staging/rails-upgrade 2016-05-12 11:18:51 -05:00
David Maloney 7edaa2abcc
still trying to fix these migrations 
seeing odd behaviour with mgirations in
rspec
 2016-05-11 14:54:40 -05:00
David Maloney 2fb3123ef2
fix migration crazieness 
MS-1486
 2016-05-11 14:05:34 -05:00
David Maloney 993709e076
Land #6862, jar payloads 
lands FireFarts jar payload pr
 2016-05-11 09:56:41 -05:00
Brent Cook af84e85174 fix exception suspending channels from meterpreter 2016-05-10 04:21:31 -05:00
Christian Mehlmauer e2dd844e34
reenable jar format 2016-05-09 21:25:23 +02:00
David Maloney 6142d2cef1
Merge branch 'master' into staging/rails-upgrade 2016-05-09 09:27:17 -05:00
Jenkins 805f98f599
Bump version of framework to 4.11.27 2016-05-06 11:32:46 -07:00
David Maloney 1ffab935cc
pull dep mgirations from credential 
credential pulls mdm, so we don't combine these
 2016-05-06 11:57:40 -05:00
David Maloney a763863ff3
remove #truncate_session_desc 
this method was absed around a char limit
for the desc column which no longer exists
trying to perform this operation generates an error
removing the method since it is not needed
 2016-05-06 09:36:12 -05:00
Adam Cammack f75009a9c6
Don't duplicate headers when sending emails 
If Date: and Subject: are present, we should not try to add them again.
This made Amazon SES puke, and that made us sad :(.

MS-1476
 2016-05-05 10:47:21 -05:00
David Maloney 19af279ce9
Merge branch 'master' into staging/rails-upgrade 2016-05-05 10:46:12 -05:00
dmohanty-r7 f096c3bb99
Land #6821 Fix send_request_cgi! redirection 2016-05-05 09:09:30 -05:00
David Maloney 55b38ad089
Land #6398, content length header 
lands wei's content length header pr
 2016-05-04 11:53:46 -05:00
Jenkins e7ff4665e1
Bump version of framework to 4.11.26 2016-05-04 09:44:18 -07:00
Rob Fuller 4c9eba333e
Land #6753, MSF-side support for reverse port forwards 
Huge thanks to @OJ for making this happen.
Tested targets Win7,10,2008,2012
Tested payloads Win32 native, Win64 native, python
 2016-05-04 07:39:05 -04:00
Jenkins 7490ab1c78
Bump version of framework to 4.11.25 2016-05-03 17:09:07 -07:00
OJ 60f81a69ea Remove the pfservice close call on shutdown 2016-05-03 12:03:37 +10:00
OJ d136844d3b Add error handling around double-bind of ports 2016-05-03 10:42:41 +10:00
wchen-r7 ffc91a193c Fix #6841, info -d [module path] not spawning module documentation 
Fix #6841
 2016-05-02 14:23:29 -05:00
Brian Patterson be363411de
Land #6317, Add delay(with jitter) option to auxiliary scanner and portscan modules 2016-05-02 13:09:40 -05:00
David Maloney fb5b228984
Merge branch 'master' into staging/rails-upgrade 2016-05-02 11:33:35 -05:00
dmaloney-r7 3b893cf740 Merge pull request #6581 from bcook-r7/uuidretry 
don't send a response on invalid UUID, allow stagers to survive another day
 2016-05-02 11:23:02 -05:00
Jenkins d4f1c78c5c
Bump version of framework to 4.11.24 2016-04-29 13:38:06 -07:00
dmohanty-r7 20ec56d06a Do not parse empty web_sites 
MS-255
 2016-04-28 13:17:03 -05:00
dmohanty-r7 5a4e70fdf0 Fixes indentation in check_msf_xml_version! 
MS-255
 2016-04-28 13:17:02 -05:00
dmohanty-r7 f4f607d815 Correct comments to use Nokogiri::XML::Element 
MS-255
 2016-04-28 13:17:02 -05:00
dmohanty-r7 56fd5a745e Do not parse element if empty 
MS-255
 2016-04-28 13:17:02 -05:00
dmohanty-r7 050061762b Fix db_manager rspec tests 
MS-255
 2016-04-28 13:17:02 -05:00
dmohanty-r7 0e568674d7 Add comments on parse functions 
MS-255
 2016-04-28 13:17:01 -05:00
dmohanty-r7 0759848ad5 Use Nokogiri Reader in zip import 
MS-255
 2016-04-28 13:17:01 -05:00
dmohanty-r7 83ff60c111 Force encoding on import xml 
MS-255
 2016-04-28 13:17:01 -05:00