Commit Graph

4621 Commits (636c43dcdc1c7e0eee54fbb6351251e3f2c302f4)

Author SHA1 Message Date
Tod Beardsley 90207628cc
Land #2666, SSLCompression option
[SeeRM #823], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
Tod Beardsley 0b6e03df75
More comment docs on SSLCompression 2014-01-21 16:48:26 -06:00
Tod Beardsley b8219e3e91
Warn the user about SSLCompression 2014-01-21 16:41:45 -06:00
HD Moore 68ccdc8386 Fix a stack trace when module_payloads.rb is run
This fixes a missing check for self.target being nil in the compatible_payloads method
2014-01-13 15:36:33 -08:00
William Vu 4ccf1a4720
Land #2873, Msf::Handler::ReverseHttp::UriChecksum 2014-01-13 15:38:56 -06:00
David Maloney 41807d7e4e move rev_http uri checksum code
need access to the uri checksum
routines outside of the handler.
moved them to their own mixin
and then mixed into the handler.
added specs also
2014-01-13 15:18:16 -06:00
Tod Beardsley e6e6d7aae4
Land #2868, fix Firefox mixin requires 2014-01-13 14:23:51 -06:00
Joe Vennix 3db143c452 Remove explicit requires for FF payload.
Adds ff payload require to msf/core/payload.rb
2014-01-13 13:07:55 -06:00
jvazquez-r7 95a5d12345 Merge #2835, #2836, #2837, #2838, #2839, #2840, #2841, #2842 into one branch 2014-01-13 10:57:09 -06:00
sinn3r cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells 2014-01-10 14:29:32 -06:00
Tod Beardsley 02018077ea
dangit odd number of ]s 2014-01-09 15:15:47 -06:00
Tod Beardsley 25337888b0
Move back the expires date. 2014-01-09 14:51:23 -06:00
Tod Beardsley fe3fed1dba
Add a link to http://bit.ly/msfsurvey in banner 2014-01-09 14:37:41 -06:00
Tod Beardsley e4460278d2
Fix the closing brackets on the banner. 2014-01-09 14:37:25 -06:00
Joe Vennix 7af8fe9cd1 Catch exceptions in an XSS script and return the error. 2014-01-07 16:23:24 -06:00
Joe Vennix fb1a038024 Update async API to actually be async in all cases.
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
2014-01-07 16:17:34 -06:00
Niel Nielsen 73e359ede1 Update reverse_tcp.rb
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:06:11 +01:00
Niel Nielsen e3a3b560e2 Update bind_tcp.rb
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:02:52 +01:00
Joe Vennix 9d3b86ecf4 Add explicit require for JSON, so msfpayload runs. 2014-01-05 14:58:18 -06:00
Joe Vennix d00acccd4f Remove Java target, since it no longer works. 2014-01-04 21:22:47 -06:00
OJ 8898486820 Change display message to show actual bind address
When running a http/https listener the address:port that was being
shown in the output was that which was passed to the victim as part
of the stager and not the actual listener address:port.

This commit fixes this so that the display is correct.
2014-01-05 11:28:51 +10:00
Joe Vennix f2f68a61aa Use shell primitives instead of resorting to
echo hacks.
2014-01-04 19:00:36 -06:00
Raphael Mudge 6034c26fa7 Honor LPORT as callback port for HTTP/S handler
This commit completes our quest to (optionally) decouple the stage's
callback parameters from the interface/port our handler binds to.

LPORT is now patched into the stage over ReverseListenerBindPort.
2014-01-04 18:52:19 -05:00
Raphael Mudge 3c9d684759 Cleanup - Remove bind_address from reverse_http.rb
This commit removes the now unused bind_address function from
reverse_http.rb. This function returns an array of hosts the handler
should attempt to bind to (e.g., [LHOST value, any])

Other handlers (e.g., reverse_tcp.rb) loop through these values until
they're able to start a server with that bind address.

The HTTP server doesn't work this way. It's setup to try one address
and that's it. It makes sense to have the HTTP server always bind to
0.0.0.0 by default as future modules run by the user may register
resources with the same HTTP server.
2014-01-04 16:02:32 -05:00
Raphael Mudge 6f55579acd HTTP Handler Bind to 0.0.0.0 or ReverseListenerBindAddress
This commit returns the HTTP/S handler to its former semantic glory.
By default the HTTP/S handler will bind to :: or 0.0.0.0. If the
user specifies a ReverseListenerBindAddress then, instead, the
server will bind to that address.

The previous commit to change the URL to always reference LHOST
should go with this too. LHOST is always my intent of where the
stage should call home too. ReverseListenerBindAddress would make
sense as my intent as to where I want to bind to. The two options
shouldn't take on each other's meanings.
2014-01-04 15:50:06 -05:00
Raphael Mudge f93210ca74 Always Use LHOST for Full URL in HTTP/S Stage
Redmine #8726 documents a change where the reverse HTTP/S
tries to bind LHOST and if it can not it does a hard stop

If it's expected that users will use ReverseListenerBind-
-Address then this commit addresses #8726 by patching the
HTTP/S stage with the host provided by the user in LHOST.

Currently ReverseListenerBindAddress (if used) is patched
into the stage. This makes for a broken HTTP/S session if
the user sets this option to 0.0.0.0.

With this commit--users can provide any LHOST they like
and set ReverseListenerBindAddress to 0.0.0.0 and things
will work.

This commit does not attempt to bring the HTTP/S handler
back to the old behavior of falling back to 0.0.0.0 when
it can't bind LHOST. I'd welcome the old behavior but I
leave it to you to decide what makes sense. :)
2014-01-04 15:16:22 -05:00
Joe Vennix b9c46cde47 Refactor runCmd, allow js exec.
* Updates exec payload to not touch disk
* Adds XSS module that uses hiddenWindow (to avoid X-Frame-Options)
2014-01-04 08:46:57 -06:00
Joe Vennix 60991b08eb Whitespace tweak. 2014-01-03 18:40:31 -06:00
Joe Vennix a5ebdce262 Add exec payload. Cleans up a lot of code.
Adds some yardocs and whatnot.
2014-01-03 18:23:48 -06:00
Joe Vennix 8fd517f9ef Fixes shell escaping errors with nested quotes in windows. 2014-01-03 16:14:28 -06:00
Joe Vennix 13464d0aae Minor cleanup of firefox.rb. 2014-01-03 01:34:57 -06:00
Joe Vennix 7961b3eecd Rework windows shell to use wscript. 2014-01-03 01:29:34 -06:00
Joe Vennix 06fb2139b0 Digging around to get shell_command_token to work. 2014-01-02 14:05:06 -06:00
Joe Vennix 8d3130b19e Reorder targets. 2014-01-02 10:48:28 -06:00
Joe Vennix 9b39ea55ee Fix comment.{ 2014-01-02 10:48:28 -06:00
Joe Vennix 1f9ac12dda DRYs up firefox payloads. 2014-01-02 10:48:28 -06:00
Joe Vennix 694cb11025 Add firefox platform, architecture, and payload.
* Enables chrome privilege exploits in firefox to run a javascript cmd
shell session without touching the disk.
* Adds a spec for the addon_generator.
2014-01-02 10:48:28 -06:00
William Vu 2554ad9b79
Land #2800, lib/msf/base YARD comments 2014-01-01 21:51:54 -06:00
Timothy Swartz 3ad8b0d530 Removed space from readable_text.rb 2013-12-31 16:38:40 -08:00
Timothy Swartz a1e42e5c16 config.rb typo correction 2013-12-31 16:02:18 -08:00
jvazquez-r7 b8569a1698
Land #2794, @Meatballs1's fix for to_exe_jsp on J7u21, [FixRM #8717] 2013-12-30 09:28:27 -06:00
jvazquez-r7 39844e90c3 Don't user merge! because can modify self.compat 2013-12-27 16:37:34 -06:00
Timothy Swartz e51fab01fc Doc tag changes based on feedback. 2013-12-26 10:14:41 -08:00
Timothy Swartz a20e888551 Added YARD tags/comments to readable_text.rb
Also fixed a few other tags.
2013-12-25 02:24:26 -08:00
Timothy Swartz 6c871a7e43 Added YARD comments to persistent_storage.rb
Also, fixed logging.rb link to Msf::Session
Added --no-private to .yardopts. This will hide anything marked with
@private from the generated documentation.
Previous additions in the msf/base directory and not msf/core.
2013-12-24 19:45:11 -08:00
Timothy Swartz b07dfc4f44 Added YARD tags to msf/core/logging.rb 2013-12-24 19:42:24 -08:00
Timothy Swartz ff4e94cd91 Added YARD comments to msf/core/config.rb 2013-12-24 19:42:24 -08:00
sinn3r 9c484dd0a3
Land #2786 - HP SiteScope issueSiebelCmd Remote Code Execution 2013-12-23 02:34:01 -06:00
Meatballs f112e78de9
Fixes .war file creation 2013-12-22 20:58:21 +00:00
jvazquez-r7 ed838d73a6 Allow targets to specify Compat[ible] payloads 2013-12-19 17:48:15 -06:00