Tod Beardsley
423b490168
Use Rex::Compat.getenv instead
...
Also, this would deprecate out the editor plugin.
2013-10-11 10:42:13 -05:00
Tod Beardsley
a7025fca3d
msfconsole 'edit' command
...
Useful for quick editing a module during development / bug fixing. I
don't really see a security issue with running a command defined in the
user's VISUAL or EDITOR environment variables; if the user can run
msfconsole to begin with, there are better ways to get into trouble.
2013-10-10 23:00:25 -05:00
OJ
b99af52279
Improve extapi ruby structure, add bins
...
The extapi project will get bigger over time so this change allows for the code to get
bigger without becoming a headache before it starts.
Added binaries to this commit as well.
2013-10-11 09:52:23 +10:00
Tod Beardsley
85112e8704
Land #2413 , axe callcc
...
This is the only time callcc is used in the entire codebase, too, so
this apparently removes a roadblack to non-MRI Rubies, so that's nice.
2013-10-10 14:55:55 -05:00
Meatballs
378f403fab
Land #2453 , Add stdapi_net_resolve_host(s) to Python Meterpreter.
...
Moves resolve_host post module to multi and depreciates Windows module.
Resolve will now return nil for failed lookups instead of an empty
string.
2013-10-10 20:13:06 +01:00
Meatballs
9ca9b4ab29
Merge branch 'master' into data_dir
...
Conflicts:
lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
William Vu
de57cbc67d
Land #2497 , @todb-r7's author alphabetization
2013-10-10 13:00:50 -05:00
OJ
cbaeebeff7
Add service_query to ext_server_extapi
...
Once the user has queried the list of services they can now use the
`service_query` function to get more detail about a specific service.
2013-10-11 01:02:51 +10:00
OJ
23340e9df0
Add service_enum to the ext_server_extapi extension
...
This commit adds the ability to enumerate services on the target machine,
showing the PID, the service name, the display name and an indication of
the service's ability to interact with the desktop.
Some other small code tidies were done too.
2013-10-10 21:23:23 +10:00
kernelsmith
adbcace9dd
Land #2458 , OJ's Meterpreter railgun multi call fix
...
also [FixRM #8269 ]
2013-10-10 00:38:44 -05:00
Tod Beardsley
4f1e71e222
Also this isn't Lua. Deal with commas.
2013-10-09 17:30:57 -05:00
Tod Beardsley
c8dc251042
Alphabetize authors
...
Because alphabetizing is cool and makes it easy for humans to find
things in long array lists quickly.
Also, I need to keep my lines changed count up.
2013-10-09 17:29:17 -05:00
James Lee
947925e3a3
Use a proper main signature with arguments
...
Allows us to `unlink(argv[0])`
2013-10-09 17:22:01 -05:00
Spencer McIntyre
6c382c8eb7
Return nil on error, and move the module to post/multi.
2013-10-09 16:52:53 -04:00
Tod Beardsley
9d34a8c894
Land #2465 , deal with missing cpuinfo bins
...
[FixRM #8456 ]
Thanks @ZeroChaos!
2013-10-09 13:03:48 -05:00
Tod Beardsley
356263df56
Litter some more rescue nil's in there
...
I hate them but they were there when I got there.
A more sane way to deal with this should happen someday.
2013-10-09 12:17:13 -05:00
Tod Beardsley
f95da649f8
Deal with missing bins, too.
...
This could be way more DRY. At least there's a YARD-ish comment.
This fixes up https://github.com/rapid7/metasploit-framework/pull/2465
to be a more complete solution.
[SeeRM #8465 ]
2013-10-09 12:13:44 -05:00
OJ
47801c17b3
MSF started to the extended API with window enum
...
Decided to kick off a new extended API extension with mubix and
kernelsmith to include some more advanced enumeration stuff. The goal of
this extension is to take stuff that wouldn't be part of the std api but
is rather useful for enumeration of a target once meterpreter has been
established.
This commit kicks things off with enumeration of top level windows on the
current desktop.
2013-10-09 22:25:43 +10:00
Markus Wulftange
e895a17722
Add 'no quotes' option for CmdStagerPrintf
...
Exploit developers can use the ':noquotes => true' option to avoid
single quotes surrounding the octal escapes argument.
2013-10-08 21:04:28 +02:00
jvazquez-r7
2593c06e7c
Land #2412 , @mwulftange's printf cmd stager
2013-10-08 09:08:29 -05:00
Markus Wulftange
6f7d513f6e
Another clean up and simplification of CmdStagerPrintf
2013-10-08 07:22:09 +02:00
Tod Beardsley
ff6dec5eee
Promote joev to a first class citizen
...
[See #2476 ]
2013-10-07 12:40:43 -05:00
Markus Wulftange
836ff24998
Clean and fix CmdStagerPrintf
...
Clean up of the CmdStagerPrintf as discussed in mwulftange#1
2013-10-05 10:39:55 +02:00
sinn3r
77cbb7cd19
Update function documentation
2013-10-04 15:18:27 -05:00
ZeroChaos
5f4e4de267
fix for bug 8456
...
On systems without bundled johntheripper (either by removing the bundled version or by no compatible version shipped) the system john is used. In this case, all of the checking for compatible bundled jtr makes no sense and as such we can shortcut out of this to not only reduce the size of msf (for embedded) but also to speed execution (saving multiple calls to some random bundled binary cpuinfo*.bin).
This patch makes it very easy to simply remove cpuinfo and msf will not try to run it when missing and default to running john from the path.
2013-10-04 15:58:47 -04:00
James Lee
541833e2cc
Convert llmnr_response to use Net::DNS
...
* Allows responding to AAAA requests in addition to the existing A
support
* Prevents problems when recvfrom returns a mapped address like
"::ffff:192.0.2.1"
Also:
* Fix a few typos
* capture: Don't shadow a method name (arp) with a local variable
* capture: Handle the case where our UDP send hits an ENETUNREACH
2013-10-04 12:35:30 -05:00
sinn3r
29d1c75d1c
Update RopDb mixin to allow dynamic payload size for neg
...
This adds a new key to allow a "safe" integer value to NEG. "Safe"
means the value does not have any null bytes after the NEG instruction,
which is typically used to calculate the payload size.
2013-10-03 23:09:23 -05:00
OJ
21afa9defe
Meterpreter railgun multi call fix
...
Modifications accommodate changes in the multi-call railgun code that
were made to Meterpreter.
This also includes a fix for Redmine 8269, so the Windows constants
now work correctly with the multi-calls.
2013-10-04 12:04:18 +10:00
Meatballs
c460f943f7
Merge branch 'master' into data_dir
...
Conflicts:
modules/exploits/windows/local/always_install_elevated.rb
plugins/sounds.rb
scripts/meterpreter/powerdump.rb
scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
James Lee
b822a41004
Axe errant tabs and unused vars
2013-10-02 13:47:39 -05:00
jvazquez-r7
758fd02619
Windows 7 SP1 and newer fail when forcing IPv6 sockets
2013-10-02 09:45:51 -05:00
OJ
82162ef486
Add error message support to railgun
...
This code was lost in the transition when the meterpreter source was
removed from the metasploit-framework source. I'm pulling this in by
request of @dmaloney-r7 who originally requested this code be inculded
as part of https://github.com/rapid7/metasploit-framework/pull/740
I added an extra bit of code to free up memory that is allocated by the
call to FormatMessage and forced the ASCII-version (FormatMessageA) of
the call.
This PR is the MSF side of https://github.com/rapid7/meterpreter/pull/26
2013-10-01 17:23:08 +10:00
Meatballs
29a7059eb4
Update AlwaysInstallElevated to use a generated MSI file
...
Fixes bugs with MSI::UAC option, invalid logic and typo...
2013-09-29 17:09:03 +01:00
Tod Beardsley
2fb770f73e
Land #1569 , MSI payloads
...
The bins are signed by Meatballs, everything looks good here, so
landing. Thanks for your patience on these!
2013-09-27 16:29:27 -05:00
Tod Beardsley
7cc2ad55a6
Land #1770 , unattend.xml snarfing modules
2013-09-27 16:04:38 -05:00
Tod Beardsley
63d638888d
Get rid of interior tabs
2013-09-27 16:04:03 -05:00
Tod Beardsley
d869b1bb70
Unless, unless everywhere.
2013-09-27 15:55:57 -05:00
Meatballs
8aeb134581
Retab...
2013-09-27 20:40:16 +01:00
OJ
58cd2c796e
Add a bind port setting to reverse listeners
...
This adds a `ReverseListenerBindPort` advanced setting to the reverse listeners whic
allows for the local bind port to be separated from the `LHOST` setting used in the
payload. This means that listeners can bind to different ports in cases where the
attacker isn't able to listen on the same port that the victim can call out on, but
there are NATs/portforwards/whatever in place that allow the connection to happen.
2013-09-28 05:38:39 +10:00
Meatballs
6ca01adf1d
Merge branch 'master' into msi_payload
...
Conflicts:
lib/msf/util/exe.rb
2013-09-27 20:37:40 +01:00
Meatballs
34c443f346
Forgot msi-nouac
2013-09-27 20:36:00 +01:00
Meatballs
8a9843cca6
Merge upstream/master
2013-09-27 20:02:23 +01:00
Tab Assassin
c94e8a616f
Retabbed to catch new bad tabs
2013-09-27 13:34:13 -05:00
Meatballs
8b800cf5de
Merge and resolve conflicts
2013-09-27 18:19:23 +01:00
Tod Beardsley
869c10af04
Land #2396 , aspx-exe shellcode generator
...
Looks good to me, specs are all happy (also added a #to_h spec)
2013-09-27 11:42:16 -05:00
Joshua J. Drake
d04c47d2b7
Remove comment since it was addressed in 4500d09c2f
2013-09-26 19:47:54 -05:00
Meatballs
3d812742f1
Merge upstream master
2013-09-26 21:27:44 +01:00
Meatballs
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
Meatballs
a25833e4d7
Fix %TEMP% path
2013-09-26 19:22:36 +01:00
Tod Beardsley
8696b5d2dc
Fix bug on missing hosts for SunRPC Portmap
...
Also cleans up and normalizes the print messages to follow the
conventions of "host:port - proto - message"
[FixRM #8409 ], reported by Chris F.
2013-09-26 09:42:38 -05:00
Tod Beardsley
701410f608
Land #2414 , portfwd teardown and recreate
...
[FixRM #8240 ]
2013-09-25 17:40:47 -05:00
Tod Beardsley
1a515093cb
Idiomatic Ruby
...
Assuming this gets accepted, this should [FixRM #8240 ]. Take a look, and
if you're good with it, I'll land on master. Everything seems to work
out on this end.
2013-09-25 17:26:00 -05:00
jvazquez-r7
9cc446ae2a
Get cookies with empty values
2013-09-25 14:31:34 -05:00
jvazquez-r7
58d4096e0f
Resolv conflicts on #2267
2013-09-25 13:06:14 -05:00
joev
99e46d2cdb
Merge branch 'master' into cve-2013-4660_js_yaml_code_exec
...
Conflicts:
modules/exploits/multi/handler.rb
2013-09-25 00:32:56 -05:00
FireFart
617f6d53fe
user_id starts at 1
2013-09-24 23:41:02 +02:00
FireFart
7a2762f4a7
more regexes
2013-09-24 20:20:06 +02:00
FireFart
dc8f94bac1
Added wordpress version detection
2013-09-24 08:59:56 +02:00
OJ
0038bb90b1
Remove unncessary counter var
2013-09-24 13:35:29 +10:00
OJ
b91e344815
Add code to recreate the forwards after migration
...
* Feels like a bit of a hack job, but it works.
2013-09-24 13:27:58 +10:00
James Lee
487f68f4d2
Get rid of callcc
...
[SeeRM 8407]
2013-09-23 19:36:26 -05:00
FireFart
e1aefe07e1
clarify documentation
2013-09-24 00:08:33 +02:00
FireFart
7c4708b1df
-) Fix get_cookies to return multiple cookies. Before it only returned the first cookie
...
-) Bugfix
2013-09-23 23:59:45 +02:00
Tod Beardsley
8db1a389eb
Land #2304 fix post module require order
...
Incidentally resolve conflict on current_user_psexec to account for the
new powershell require.
2013-09-23 16:52:23 -05:00
FireFart
bfe88fa089
added wordpress login checks for 2.0 and 2.5
2013-09-23 23:32:31 +02:00
Tod Beardsley
e885ab45b6
Land #1734 Metasploit side for ip resolv
2013-09-23 16:18:40 -05:00
Markus Wulftange
10252ca6f4
Just Rex::Text.to_octal is probably better
2013-09-23 23:03:38 +02:00
Markus Wulftange
9353929945
Add CmdStagerPrintf
2013-09-23 22:02:29 +02:00
Meatballs
695fdf836c
Generate NonUAC MSIs
2013-09-21 13:13:18 +01:00
Meatballs
85ea9ca05a
Merge branch 'master' of github.com:rapid7/metasploit-framework into msi_payload
2013-09-21 12:49:38 +01:00
Joe Vennix
a08d195308
Add Node.js as a platform.
...
* Fix some whitespace issues in platform.rb
2013-09-20 18:14:01 -05:00
sinn3r
b6c7116890
Land #1778 - Mimikatz Fix for table.print and x86 warning
2013-09-20 16:13:53 -05:00
jvazquez-r7
87f75e1065
Complete CmdStagerEcho code doc
2013-09-20 13:24:53 -05:00
Meatballs
7d1c5c732a
Correct powershell
2013-09-20 18:36:24 +01:00
Meatballs
3dd75db584
Address feedback
2013-09-20 17:20:42 +01:00
Meatballs
a00f3d8b8e
initial
2013-09-20 13:40:28 +01:00
Tod Beardsley
e9e1b28ba8
Land #2371 , echo -e cmd stager
2013-09-19 14:47:39 -05:00
Meatballs
11bdf5d332
New pull
2013-09-19 19:57:38 +01:00
Meatballs
72155f8e9e
Comment update
2013-09-19 19:46:05 +01:00
OJ
598e85a8d9
Fix for dangling port forwards
...
Code tears down the port forwards prior to migrating so that we don't end up with dangling connections that don't work.
2013-09-19 19:27:54 +10:00
Tod Beardsley
f4e2e0ac11
Clear report_data on each host report
2013-09-18 17:11:22 -05:00
James Lee
8fe9132159
Land #2358 , deprecate funny names
2013-09-18 14:55:33 -05:00
James Lee
595820382e
Fix lying documentation
2013-09-17 20:58:29 -05:00
jvazquez-r7
dd7010d272
Fix @todb-r7 feedback
2013-09-17 20:54:19 -05:00
James Lee
a0d113d754
Fix a bug that deleted too many hosts
...
When running a command that takes host ranges as arguments (e.g.,
`hosts`, `services`), the arguments get parsed by
Rex::Socket::RangeWalker. If RangeWalker was unable to parse, it would
return nil, which in this context means "all hosts." If the user is
searching, they get all hosts instead of the ones they were interested
in -- this is annoying, but not too big a deal. Unfortunately, the same
logic applied when *deleting* hosts, with `hosts -d ...`, causing all
hosts to be deleted when giving it an invalid range.
2013-09-17 20:51:41 -05:00
James Lee
150f0f644e
Merge branch 'rapid7' into bug/osx-mods-load-order
...
Conflicts:
modules/post/windows/gather/enum_dirperms.rb
2013-09-17 18:21:13 -05:00
Tod Beardsley
dae8847c4d
Land #2374 , more complete 32/64 migrate fix
...
[FixRM #8395 ]
2013-09-17 14:52:04 -05:00
James Lee
c77d49a640
Merge branch 'rapid7' into cleanup/remove-id-tags
...
Conflicts:
lib/msf/core/payload/osx/bundleinject.rb
lib/msf/core/payload/windows/dllinject.rb
lib/msf/core/payload/windows/exec.rb
lib/msf/core/payload/windows/loadlibrary.rb
lib/msf/core/payload/windows/reflectivedllinject.rb
lib/msf/core/payload/windows/x64/reflectivedllinject.rb
scripts/meterpreter/netenum.rb
2013-09-17 10:55:02 -05:00
James Lee
97d3a20f82
Remove more $Revision tags
2013-09-17 10:46:37 -05:00
James Lee
21055f6856
Add x86 to meterpreter's binary suffix
...
This makes x86 more consistent with x64.
Also replaces a bunch of instances of:
File.join(Msf::Config.install_root, 'data', ...)
with the simpler
File.join(Msf::Config.data_directory, ...)
[See rapid7/meterpreter#19 ]
2013-09-16 21:52:04 -05:00
Joe Vennix
d954d64f69
Add NODEJS arch constants.
2013-09-16 21:33:44 -05:00
Joe Vennix
217449a836
Ensures termination of inner while loop and cleans up #map.
...
* Tested working against ubuntu target using the sshexec test script.
2013-09-16 20:42:20 -05:00
jvazquez-r7
edec022957
Use shellwords, as recommended by @jvennix-r7
2013-09-16 16:35:45 -05:00
James Lee
d6954e9ce7
Fix migrate from 32- to 64-bit processes
...
In some cases, it was possible to end up in a situation where the x64
reflective library hadn't been loaded by the time a user typed migrate.
If the target process was 64-bit, msfconsole would error out with a
NoMethodError and much sadness would ensue.
[See #2356 ]
2013-09-16 16:04:50 -05:00
jvazquez-r7
a8198bc948
Add documentatio to the mixin
2013-09-16 11:55:30 -05:00
jvazquez-r7
a5049df320
Add echo CmdStager
2013-09-16 11:35:05 -05:00
sinn3r
4be0601c73
Land #2352 - Expand path to database config
2013-09-16 01:51:51 -05:00
Tod Beardsley
53a7e74813
Land #2360
...
All the specs pass, and it's difficult to repo many of these cases to
see if bugs are actually here, but it's a good idea to enforce binary
regexs.
2013-09-13 14:43:53 -05:00
HD Moore
72dff03426
FixRM #8396 change all lib use of regex to 8-bit pattern
2013-09-12 16:58:49 -05:00
James Lee
6cc5965123
Land #2278 , exe injection refactor
2013-09-12 16:37:58 -05:00
Tod Beardsley
76f27ecde8
Require the deprecation mixin in all modules
...
Because rememberin to require it, and hoping against a race is not how we
roll any more.
2013-09-12 15:49:33 -05:00
David Maloney
34e5f69fbf
fix merge conflict
2013-09-12 13:56:08 -05:00
David Maloney
e80cda4ace
Merge branch 'master' into spike/exe_generation
2013-09-12 12:36:10 -05:00
James Lee
30c2efe3b2
Add require for eventlog
...
Even though nothing uses it except an old script
2013-09-11 16:21:10 -05:00
Till Maas
763b111c9b
cmd_db_connect: Expand path to database config
...
Do not only check whether the expanded path for the database config file
exists, but also use it.
2013-09-11 11:23:26 +02:00
Markus Wulftange
80243c6e4d
Disable default sorting on MSSQL results
...
When printing output using the `mssql_print_reply`, the output gets
sorted by default by the first column. This can distort the output,
especially when the row order is crucial like in case of executing
external commands with `mssql_xpcmdshell`.
This patch disables sorting by initializing Rex::Ui::Text::Table
with SortIndex = -1.
2013-09-09 20:14:48 +02:00
David Maloney
5773a009f5
Merge branch 'spike/exe_generation' of github.com:/dmaloney-r7/metasploit-framework into spike/exe_generation
2013-09-09 12:17:36 -05:00
David Maloney
d6e4e46d86
better validation of buffer register
2013-09-09 12:16:15 -05:00
jvazquez-r7
eb745af12f
Land #1054 , @Meatballs1 exploit for IPsec Keying and more
2013-09-05 16:53:20 -05:00
Tab Assassin
8bc83f4922
Retab changes for PR #1420
2013-09-05 16:21:26 -05:00
Tab Assassin
d6a7ce5328
Merge for retab
2013-09-05 16:21:13 -05:00
Tab Assassin
2bd1fb451b
Retab changes for PR #1569
2013-09-05 16:16:05 -05:00
Tab Assassin
48cf2af685
Merge for retab
2013-09-05 16:16:00 -05:00
Tab Assassin
3c1df47314
Retab changes for PR #1681
2013-09-05 16:10:40 -05:00
Tab Assassin
a231e85293
Merge for retab
2013-09-05 16:10:28 -05:00
James Lee
adfb31e30a
Land #2316 , don't modify datastore in authbrute
2013-09-05 16:04:15 -05:00
jvazquez-r7
368a78a963
Undo post setup change
2013-09-05 15:00:58 -05:00
Tab Assassin
2e9096d427
Retab changes for PR #1734
2013-09-05 14:59:41 -05:00
Tab Assassin
322ed35bb4
Merge for retab
2013-09-05 14:59:34 -05:00
Tab Assassin
2846a5d680
Retab changes for PR #1770
2013-09-05 14:57:40 -05:00
Tab Assassin
269c1a26cb
Merge for retab
2013-09-05 14:57:32 -05:00
Tab Assassin
701513a212
Retab changes for PR #1778
2013-09-05 14:56:35 -05:00
Tab Assassin
3788bab8e5
Merge for retab
2013-09-05 14:56:30 -05:00
Tab Assassin
26b8364dcb
Retab changes for PR #1789
2013-09-05 14:44:21 -05:00
Tab Assassin
789be1fe3e
Merge for retab
2013-09-05 14:44:14 -05:00
Meatballs
d4043a6646
Spaces and change to filedropper
2013-09-05 20:41:37 +01:00
Meatballs
c5daf939d1
Stabs tabassassin
2013-09-05 20:36:52 +01:00
Tab Assassin
81479a6ade
Retab changes for PR #2093
2013-09-05 14:31:10 -05:00
Tab Assassin
8a76b3390d
Merge for retab
2013-09-05 14:31:05 -05:00
Tab Assassin
daed98931e
Retab changes for PR #2158
2013-09-05 14:19:55 -05:00
Tab Assassin
27fd54092a
Merge for retab
2013-09-05 14:19:49 -05:00
James Lee
41f6ab3073
Land #2294 , fix post setup
...
Conflicts:
lib/msf/core/post.rb
2013-09-05 14:11:32 -05:00
Tab Assassin
f5a4c05dbc
Retab changes for PR #2267
2013-09-05 14:11:03 -05:00
Tab Assassin
4703a10b64
Merge for retab
2013-09-05 14:10:58 -05:00
Tab Assassin
0d884ebbab
Retab changes for PR #2278
2013-09-05 14:08:14 -05:00
Tab Assassin
63612a64e9
Merge for retab
2013-09-05 14:08:09 -05:00
Tab Assassin
d0360733d7
Retab changes for PR #2282
2013-09-05 14:05:34 -05:00
Tab Assassin
49dface180
Merge for retab
2013-09-05 14:05:28 -05:00
Tab Assassin
845bf7146b
Retab changes for PR #2304
2013-09-05 13:41:25 -05:00
Tab Assassin
adf9ff356c
Merge for retab
2013-09-05 13:41:23 -05:00
Tab Assassin
abb52a086c
Retab changes for PR #2316
2013-09-05 13:33:59 -05:00
Tab Assassin
8665de0261
Merge for retab
2013-09-05 13:33:49 -05:00
Tab Assassin
d0a3ea6156
Retab changes for PR #2320
2013-09-05 13:27:47 -05:00
Tab Assassin
bff7d0e6ae
Merge for retab
2013-09-05 13:27:09 -05:00
Tab Assassin
896bb129cd
Retab changes for PR #2325
2013-09-05 13:24:09 -05:00
Tab Assassin
5ff25d8b96
Merge for retab
2013-09-05 13:23:25 -05:00
James Lee
b913fcf1a7
Add a proper PrependFork for linux
...
Also fixes a typo bug for AppendExit
2013-09-04 00:15:07 -05:00
Meatballs
1471a4fcef
Fixes an error in file_dropper where @dropped_files is nil
...
causing an exception to be raised and on_new_session to fail.
I have moved super to the top of the chain so it always gets
called regardless.
2013-09-03 23:45:41 +01:00
Meatballs
c687f23b81
Better error handling
2013-09-03 22:57:27 +01:00
Meatballs
a8e77c56bd
Updates
2013-09-03 22:46:20 +01:00
Meatballs
ac0c493cf9
Merge branch 'master' of github.com:rapid7/metasploit-framework into local_win_priv_keyring
2013-09-03 21:33:11 +01:00
Meatballs
4c9e6a865a
Default to exe-small
2013-09-03 00:01:20 +01:00
jvazquez-r7
560d384633
Do first modification to Auxiliary::Login and Auxiliary::AuthBrute
2013-08-31 23:38:04 -05:00
Tab Assassin
7e5e0f7fc8
Retab lib
2013-08-30 16:28:33 -05:00
Spencer McIntyre
ee4ba04d7d
Initial commit of the python meterpreter.
2013-08-30 13:14:32 -05:00
Meatballs
1ea3d91f48
Lands #2244 Python Meterpreter
...
[Closes #2244 ]
2013-08-30 14:33:35 +01:00
Meatballs
53c3f6b2db
Deconflict
2013-08-30 10:52:42 +01:00
James Lee
37f8d7a536
And one more.
2013-08-29 23:52:00 -05:00
James Lee
49bfc84ea6
Bah, missed changes after refactor
...
Thanks, travis-ci!
2013-08-29 23:39:29 -05:00
James Lee
63adde2429
Fix load order in posts, hopefully forever
2013-08-29 13:37:50 -05:00
James Lee
eba6762977
Land #2270 , Util::EXE refactor
...
With a minor rebase to fix a commit message
[Closes #2270 ]
Conflicts:
spec/support/shared/contexts/msf/util/exe.rb
2013-08-28 21:49:59 -05:00
shellster
ee9b1ef8e0
Greatly shortened to_mem_old.ps1.template by using [Math]::max.
...
Added necessary end of line conversion in lib/msf/util/exe.rb so
that Powershell will parse multiline strings.
2013-08-28 21:39:42 -05:00
jvazquez-r7
ab58e2db41
Ensure PostMixin setup is called
2013-08-27 18:03:30 -05:00
sinn3r
a91b38cbf4
Land #2276 - osx webcam and record_mic post modules
2013-08-27 12:28:14 -05:00
lsanchez-r7
007b3de06d
Merge pull request #2271 from bturner-r7/bug/db-leaks
...
Land #2271 , Fix database connection leaks
2013-08-26 14:39:11 -07:00
David Maloney
5a424ab4df
Allow user supplied buffer register
...
let the user pick, otherwise default to edx
2013-08-26 13:15:12 -05:00
Meatballs
3b9ded5a8e
BypassUAC now checks if the process is LowIntegrityLevel
...
and fails if so. Some small improvements made to Post::Priv
and BypassUAC module.
2013-08-26 13:54:55 +01:00
Christian Mehlmauer
7afa789547
fix indentation
2013-08-26 11:37:40 +02:00
David Maloney
383c9ed7f8
set edx as a BufferRegister
...
polymorphic encoders can now always use EDX
as a BufferRegister, making it harder to catch
the decoder stub.
2013-08-25 14:18:32 -05:00
Meatballs
96c093dce0
Fix Exploit::Exe
2013-08-25 19:56:29 +01:00
Meatballs
66ee15f461
Merge and deconflict
2013-08-25 19:14:15 +01:00
David Maloney
f5e9089dd5
remove dupe comment
2013-08-25 12:46:47 -05:00
David Maloney
a50fa2deec
style fixups
2013-08-25 12:37:30 -05:00
David Maloney
5e5f5acf19
plug in 64bit injector
...
64 bit exe generation only had subsitution method
add the x64 injector in there too.
2013-08-25 12:19:57 -05:00
Meatballs
526e504531
More fix
2013-08-25 12:21:37 +01:00
Christian Mehlmauer
45ad043102
moderated comments are now also working (even for unauthenticated users)
2013-08-25 11:02:15 +02:00
Christian Mehlmauer
035258389f
use feed first before trying to bruteforce
2013-08-25 10:16:43 +02:00
Meatballs
d45d37bc38
Really fix...
2013-08-25 00:18:50 +01:00
Meatballs
83da0b3a57
Correct fname
2013-08-25 00:17:26 +01:00
Meatballs
19e47d5e82
Really fix war
2013-08-25 00:06:31 +01:00
David Maloney
4c57af051a
Revert "'remove unused framework references"
...
This reverts commit 98a09b9f5c
.
2013-08-24 17:52:57 -05:00
David Maloney
98a09b9f5c
'remove unused framework references
...
passing around framework references that are never used
removing these whever possible
2013-08-24 16:59:29 -05:00
David Maloney
bd5f184e2b
Dry up the exe subsitution stuff
...
6 different methods were doing essentially
the same exact thing. DRY it up a bit
2013-08-24 16:50:45 -05:00
David Maloney
d38117a521
replace old inject method
...
replacing jsut the win32 inject method this time
with out new injector method.
2013-08-24 16:30:47 -05:00
David Maloney
8f47aa6dcb
Basic Injector class
...
create a class for injecting payloads
into an exe template as a new section
2013-08-24 16:11:00 -05:00
Christian Mehlmauer
5f7ccf1cbe
naming..again
2013-08-24 18:58:00 +02:00
Christian Mehlmauer
9af1341179
consistent naming
2013-08-24 18:51:07 +02:00
Christian Mehlmauer
7cd150b850
another module
2013-08-24 18:42:22 +02:00
Meatballs
b4b59aa065
Add guards against empty payloads
2013-08-24 11:59:59 +01:00
Meatballs
9786f84a6e
Service exes
2013-08-24 03:45:07 +01:00
Meatballs
9ea17ef1e1
Merge upstream
2013-08-24 03:34:02 +01:00
Meatballs
3fae6c51c8
Initial exe-service
2013-08-24 03:28:47 +01:00
Meatballs
f50ede1993
Remove redundant methods
2013-08-23 23:28:13 +01:00
Meatballs
4c4fe0b110
Fix x64 exe droppers
2013-08-23 23:21:31 +01:00
Joe Vennix
2d3f599498
Moves ruby_dl helpers to proper place in repo.
...
* Adds fail_with methods and moves timeouts to constants.
2013-08-23 17:17:19 -05:00
Christian Mehlmauer
c40252e0b3
bugfixing
2013-08-24 00:04:16 +02:00
Joe Vennix
87d8e16001
Use defined? instead of version float check.
2013-08-23 16:59:36 -05:00
Christian Mehlmauer
e9eb6b2427
simplification
2013-08-23 22:29:31 +02:00
Christian Mehlmauer
576ae50b73
more feedback implemented
2013-08-23 22:22:56 +02:00
Joe Vennix
2a68e4484b
Oops. Don't write the ruby payload to /Users/joe/Desktop, thats not good.
2013-08-23 15:15:37 -05:00
Christian Mehlmauer
84fecc35da
more feedback implemented
2013-08-23 22:14:58 +02:00
Joe Vennix
7ebe6635ea
Finish fixing ruby 1.8.7 regressions. Works on 10.8 and 10.7.
2013-08-23 15:06:48 -05:00
Christian Mehlmauer
de3fc1fa6c
first feedback implemented
2013-08-23 21:59:36 +02:00
Meatballs
09ceeb5de2
Fix war generation
2013-08-23 20:06:57 +01:00
Meatballs
cf5ddfeebf
Some war fixes
2013-08-23 18:59:48 +01:00
Meatballs
dfc606fe56
Slightly saner filenames
2013-08-23 18:06:48 +01:00
Meatballs
41b1b30438
vba transform
2013-08-23 18:00:19 +01:00
Meatballs
4d21b06f4f
Aspx uses transform
2013-08-23 17:22:33 +01:00
Meatballs
1cb1afa50a
Fix aspx
2013-08-23 17:09:51 +01:00
Meatballs
dd13a7e48f
Working .asp
2013-08-23 16:55:07 +01:00
Meatballs
7370fc3f4e
vbs transform
2013-08-23 16:26:03 +01:00
Meatballs
5040347521
Fix psh and add powershell transform
2013-08-23 15:59:19 +01:00
Meatballs
418505adc9
Fix psh-net
2013-08-23 15:21:26 +01:00
Meatballs
12b5dbedae
Initialize the hash_sub
2013-08-23 14:58:14 +01:00
Meatballs
cfd6c66ffd
Fix VBS
2013-08-23 14:35:19 +01:00
Meatballs
23a067aab7
Refactor reading of script files and substitution
2013-08-23 13:51:10 +01:00
Christian Mehlmauer
556f17c47e
Move modules
2013-08-22 17:33:35 +02:00
Christian Mehlmauer
b6b7da7b6f
comments
2013-08-22 15:47:10 +02:00
Christian Mehlmauer
4a29277251
renamed files
2013-08-22 11:18:30 +02:00
Brandon Turner
cd45c77080
Fix a few database leaks
...
All database access should be wrapped in with_connection blocks.
To avoid breaking git blame with a bunch of whitespace, I outdented
the with_connection blocks as seems to be common in db.rb.
[Story #55586616 ]
2013-08-21 18:53:17 -05:00
shellster
a6e5e9c61d
Updated using limhof-r7 advice
2013-08-21 16:43:10 -07:00
shellster
86a83391fd
Merge remote-tracking branch 'upstream/master'
2013-08-21 16:16:20 -07:00
Christian Mehlmauer
959553583f
-) revert last commit
...
-) split into seperate modules
2013-08-22 00:45:22 +02:00
Brandon Turner
c0700673e7
Fix SessionManager database leak
...
All database access should be wrapped in with_connection blocks.
Much of this commit is whitespace. It may help to view it with
--ignore-all-space or the w=0 parameter on GitHub.
[Story #55586616 ]
2013-08-21 17:34:25 -05:00
Christian Mehlmauer
009d8796f6
wordpress is now a module, not a mixin
2013-08-22 00:05:58 +02:00
Christian Mehlmauer
0a2bf9e9e7
implement @limhoff-r7 feedback
2013-08-21 21:10:00 +02:00
Christian Mehlmauer
2e9a579a08
implement @limhoff-r7 feedback
2013-08-21 21:05:52 +02:00
Christian Mehlmauer
ffdd057f10
-) Documentation
...
-) Added Wordpress checks
2013-08-21 14:27:11 +02:00
Christian Mehlmauer
655e2dcf6c
more methods
2013-08-21 13:13:41 +02:00
Christian Mehlmauer
68a51f4055
msftidy
2013-08-21 12:50:26 +02:00
Christian Mehlmauer
11ef8d077c
-) added wordpress mixin
...
-) fixed typo in web mixin
2013-08-21 12:45:15 +02:00
Shelby Spencer
97933c4954
Moving meterpreter scripts out of exe.rb into a templates folder.
2013-08-20 16:49:48 -07:00
sinn3r
f148eb4715
Land #2255 - Fix fail_with()
2013-08-20 01:28:21 -05:00
jvazquez-r7
491ea81acf
Fix calls to fail_with from mixins
2013-08-19 16:42:52 -05:00
jvazquez-r7
7e37130837
Patch for [SeeRM #8315 ]
2013-08-19 16:34:02 -05:00
Spencer McIntyre
e276b57ee7
Merge remote-tracking branch 'upstream/master' into python-meterpreter-dev
2013-08-19 08:37:12 -04:00
Nicholas Davis
559dfb5a7e
Fix for bug #8297
...
Fixed getting the policy_hash_list which can fail if elements are null
[SeeRM #89297 ]
2013-08-18 14:49:44 -07:00
Tod Beardsley
1eb3c323ed
Land #2175 , force string encoding for RPC
...
Metasploit takes great pains to ensure that all strings are encoded as
plain old US-ASCII. This PR enforces this conversion over RPC as well.
[FixRM #7888 ]
2013-08-16 16:09:24 -05:00
Tod Beardsley
7937fbcc49
More idiomatic ruby with symbols and spaces
2013-08-16 15:59:04 -05:00
HD Moore
bec15ebf7c
Remove Failure (moved to parent class)
2013-08-15 13:31:21 -05:00
HD Moore
4706f8b54c
Add fail_with() stub and move Failure from Exploit
2013-08-15 13:30:47 -05:00
Tod Beardsley
0ef4b4c982
Land #2222 , remove Version from module info
2013-08-15 11:56:21 -05:00
James Lee
ed00b8c19e
Ensure checksum* methods return a Fixnum
...
Fixes a bug in reverse_http* stagers where requests for the root URI
(i.e., "/") cause a NoMethodError on nil returned by checksum8.
[See #2216 ]
2013-08-14 14:09:37 -05:00
sinn3r
bd6a45fffa
Get rid of version() use
2013-08-14 11:00:09 -05:00
sinn3r
83aec3b231
Remove module version display
...
Since modules no longer use the 'Version' key, there's no point to
collect and show them. It's all 0 anyway.
[See RM 8278]
2013-08-14 02:26:39 -05:00
sinn3r
92d57ef37d
Fix merge conflict
...
Conflicts:
msfvenom
2013-08-13 00:00:16 -05:00
James Lee
3827b14103
Land #1726 , ssl verify mode
...
Conflicts:
lib/rex/socket/parameters.rb
Fix doc strings
2013-08-12 17:57:10 -05:00
jvennix-r7
8278808a37
Merge pull request #2204 from todb-r7/bug/undo-optstring-validator
...
Revert "OptString specs and better validation"
2013-08-09 13:42:46 -07:00
Tod Beardsley
02f460287b
Revert "OptString specs and better validation"
...
This reverts commit d66779ba4c
.
Specifically, this commit was causing trouble when a datastore was
getting an Integer. For some reason (as yet undiscovered), the option
normalizer wasn't trying to Integer#to_s such arguments.
This kind of thing is going to happen a lot. For now, I'd rather just
end up with the ducktype, and attack the normalizer in a seperate fix.
2013-08-09 15:30:42 -05:00
sinn3r
4558aca7ca
Land #2136 - Removed requirement for note.data to be present
2013-08-09 15:29:25 -05:00
Meatballs
08c32c250f
File versions
2013-08-08 19:42:14 +01:00
James Lee
ab976ddf8f
Fix genarate command in msfconsole
...
Thanks @Meatballs1 for spotting
2013-08-06 14:46:53 -05:00
Spencer McIntyre
2d69174c5b
Initial commit of the python meterpreter.
2013-08-05 23:38:49 -04:00
allfro
9180dd59fe
Patch for string encoding issues with `msgpack`
...
Fixes an issue that causes exploits to fail if the PAYLOAD option is the last option to get marshalled in an MSFRPC dictionary. The patch adjusts the string's encoding to match the internal default encoding used by Ruby. Hence, making `fetch()` succeed.
2013-07-30 13:38:44 -04:00
Tod Beardsley
7e539332db
Reverting disaster merge to 593363c5f
with diff
...
There was a disaster of a merge at 6f37cf22eb
that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).
What this commit does is simulate a hard reset, by doing thing:
git checkout -b reset-hard-ohmu
git reset --hard 593363c5f9
git checkout upstream-master
git checkout -b revert-via-diff
git diff --no-prefix upstream-master..reset-hard-ohmy > patch
patch -p0 < patch
Since there was one binary change, also did this:
git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf
Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
jvazquez-r7
05be76ecb7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-29 16:41:22 -05:00
jvazquez-r7
593363c5f9
Land #2154 , @wchen-r7's msfcli optimizations and refactoring
2013-07-29 16:38:32 -05:00
jvazquez-r7
455569aee8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-29 12:10:12 -05:00
jvazquez-r7
0851974408
Land #2162 , @Meatballs1's exploit for ms13-005
2013-07-29 11:43:31 -05:00
Meatballs
9ad99ed4ca
I am a git genius
2013-07-29 17:01:57 +01:00
Meatballs
0329caec5f
Revert "Fixup psh datastore"
...
This reverts commit aa64f5cd58
.
2013-07-29 17:00:28 +01:00
Meatballs
aa64f5cd58
Fixup psh datastore
2013-07-28 21:53:11 +01:00
sinn3r
a0decf502f
Refactor msfcli
2013-07-28 12:40:50 -05:00
Meatballs
234e49d982
Add type technique
2013-07-26 23:33:16 +01:00
Meatballs
b99ad41a64
Add api constants and tidy
2013-07-26 01:48:39 +01:00
jvazquez-r7
4a0b33241f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 18:41:50 -05:00
sinn3r
7b7603a5e7
Land #2104 - reverse_https_proxy
2013-07-25 17:26:56 -05:00
Meatballs
0235e6803d
Initial working
2013-07-25 23:24:11 +01:00
jvazquez-r7
33f6f7e8fc
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 17:03:45 -05:00
William Vu
27a540e12f
Land #1215 , creds reuse for AuthBrute modules
2013-07-25 16:54:44 -05:00
William Vu
dac9ac4a1d
Land #2159 , spool command nil dereference fix
2013-07-25 15:38:35 -05:00
James Lee
a5ca516435
Fix nil deref in spool command
...
Occurs when no module is currently `use`d
2013-07-25 14:51:39 -05:00
Meatballs
1d2d4b5345
Add some null checks
2013-07-25 18:35:11 +01:00
jvazquez-r7
2b3dcaf678
Land #2157 , @wvu and @averagesecurityguy patch for OpenVAS XML Reports importing
2013-07-25 12:04:38 -05:00
William Vu
97680304d6
Use index, since it can apparently do regex
2013-07-25 12:00:33 -05:00
jvazquez-r7
5014919198
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 09:02:20 -05:00
sinn3r
56367ef69c
Update documentation
2013-07-24 19:04:47 -05:00
sinn3r
0fd2c385fb
Update documentation
2013-07-24 19:02:10 -05:00
sinn3r
e266d1bd0a
Add comment about opts
2013-07-24 19:00:58 -05:00
sinn3r
a71d7eb372
Update archive.rb to handle whitelist
2013-07-24 18:59:43 -05:00
sinn3r
9ae550c883
Do if [].empty?. Avoid msfcli running as a job
2013-07-24 18:35:06 -05:00
sinn3r
ed51d284fa
Change name, change how data is passed, fix rspec
2013-07-24 17:15:56 -05:00
jvazquez-r7
214f337f58
Fix indentation
2013-07-24 16:55:01 -05:00
Meatballs
c221360cc1
Retab
2013-07-24 22:16:41 +01:00
sinn3r
e120ecfba9
msfcli is designed to load only one module (auxiliary or exploit),
...
so we shouldn't have to load all of them to run this utility. The
overall goal of this PR is to narrow down what modules
(exploit/aux + payload + encoder + nop) you possibly need in order
to shave off loading time. By doing this, on my box this is 5-6
seconds faster than the original one.
I actually tried to avoid making too many changes in the library
(such as Module Manager), because we don't have test cases for them,
and we can't really afford to risk breaking it. I also developed
a test script to actually be able to test msfcli.
2013-07-24 14:40:46 -05:00
jvazquez-r7
e9a4f6d5da
Merge branch 'dll_fix' of https://github.com/Meatballs1/metasploit-framework
2013-07-24 14:00:52 -05:00
Meatballs
fee5fabb91
Revert x64 corruption changes
2013-07-24 19:59:04 +01:00
Meatballs
44cae75af1
Cleanup
2013-07-24 19:52:59 +01:00
Meatballs
edc297756b
Tabs
2013-07-24 19:14:11 +01:00
Meatballs
4b84b49674
Fix payload corruption
2013-07-24 19:08:02 +01:00
jvazquez-r7
47c21dfe85
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-24 11:42:11 -05:00
Tod Beardsley
00630376c3
Revert the default call to firefox
...
This reverts commit 0928a370f3
.
No, no, you guys are right in the comments for #2148 . The call to
system is inside the else, but the tabbing made my eyes cross.
Sorry about that. Someday soon, @tabassassin will save us all from these
kinds of screw ups in mental parsing.
2013-07-23 16:13:02 -05:00
William Vu
d493346691
Land #2137 , fixes and specs for Opt containers
2013-07-23 15:58:09 -05:00
jvazquez-r7
b0c17fdebc
Land #2002 , @jlee-r7's patch for better handling uri resources
2013-07-23 15:49:21 -05:00
David Maloney
621568bf8f
Another Error Type needs caught
...
Different systems throw a different error
Need to rescue that error too
2013-07-23 15:47:42 -05:00
William Vu
86ab942435
Land #2146 , Unix and Windows path normalization
2013-07-23 15:23:41 -05:00
Tod Beardsley
0928a370f3
Adding back default firefox
...
the default is triggered only outside the case statement, which itself
is totally bizarre. I can't tell if anyone is relying on this behavior
right now, but it's too premature to just remove it out at this point.
2013-07-23 14:43:30 -05:00
Tod Beardsley
53c3fd2ce7
Update comment docs on Rex::Compat.open_browser
2013-07-23 14:38:04 -05:00
ZeroChaos
ce5742461a
update open_browser functionality
...
open_browser didn't support xdg-open or firefox-bin. xdg-open was made the default as it is the most likely to succeed afaik.
the fallback to firefox was removed because since we check for the existence of firefox is makes no sense to try to run it after we failed to find it. This will silently fail if no supported browser is found due to suggestions from the msf team:
< Zero_Chaos> more importantly, it would be great if someone told me how to spit out a message to the user
< Zero_Chaos> because I have no clue :-)
<@egypt> Zero_Chaos: it's in rex, so the answer is "don't"
2013-07-23 14:58:16 -04:00
Tod Beardsley
bb16683415
Land #2087 , @egypt's random ID generator
2013-07-23 13:52:08 -05:00