Commit Graph

1153 Commits (692ddc8b8b18d788aada962dbb226823c02c026f)

Author SHA1 Message Date
James Barnett 929fb041ab
Fix bug when adding workspace remotely 2018-03-19 11:01:22 -05:00
James Barnett 35bc8e905e
Refactor workspace delete to be consistent with other commands 2018-03-16 16:11:09 -05:00
James Barnett 8ddaae5fe4
Remove unused code 2018-03-15 12:12:12 -05:00
christopher lee 4d04319d2a Merged master 2018-03-15 11:31:44 -05:00
James Barnett 0d170571da
Fix bug with file name 2018-03-14 15:59:07 -05:00
James Barnett b179603b4a
Externalize db_export command 2018-03-14 15:06:28 -05:00
James Barnett ac5669388a
Merge branch 'goliath' into MS-2879_db_export 2018-03-14 11:37:08 -05:00
Matthew Kienow fcd2bbd1de
workaround attempt to parse nil JSON string value 2018-03-12 14:29:42 -04:00
Matthew Kienow 636284d530
Update session inferred vuln handling
Add remote vuln attempt
2018-03-12 14:26:03 -04:00
h00die ec7a62bc4c move ssh platforms to lib 2018-03-08 21:23:11 -05:00
James Barnett b18ed03407
Merge branch 'goliath' into MS-2909 2018-03-07 14:55:50 -06:00
James Barnett c670748fe3
Update services signature 2018-03-07 13:59:09 -06:00
James Barnett c058d0fba0
WIP: port db_export command 2018-03-06 15:15:27 -06:00
Brent Cook d6871f5733
Land #9614, Juniper post enum module 2018-03-06 10:29:56 -06:00
christopher lee 68d72cbfa7 Goliath Cleanup in preparation for merge to master 2018-03-06 10:21:22 -06:00
James Barnett b42c3ff654 Merge branch 'goliath' into MS-2909 2018-03-02 16:32:55 -06:00
James Barnett fd4032928e
Add services search 2018-03-02 10:57:35 -06:00
christopher lee 4f6b1de9a3 Merge branch 'master' into goliath 2018-03-01 14:14:39 -06:00
James Barnett 06d2482e86
Implement services update
NOTE: This changes functionality for the services command flags.
Previously -s and -p were used for searching for services.
Now the commands will only be used for adds/updates.
If you would like to search, please use -s and pass a search string
2018-02-28 15:12:23 -06:00
James Barnett dffbc67e71
Implement service delete
Also fix bug searching for services by host address
2018-02-27 17:17:07 -06:00
Brent Cook 9597e5294d treat MUST_CHANGE + PASSWORD_EXPIRED as valid 2018-02-27 15:21:21 -06:00
James Barnett c90fabee60
Implement remote service create 2018-02-27 14:20:43 -06:00
James Barnett 9dc6089fcf Merge branch 'goliath' into MS-2909 2018-02-27 11:14:15 -06:00
Brent Cook 66e3ac4c76 treat 'password must change' as a successful login 2018-02-26 17:57:31 -06:00
h00die c7bbc6eca4 juniper post enum module 2018-02-22 21:08:21 -05:00
Matthew Kienow 22752518ea
WIP remote vuln read, update, delete 2018-02-22 13:53:22 -05:00
James Barnett d4440d049d Merge branch 'goliath' of github.com:clee-r7/metasploit-framework into goliath 2018-02-21 11:16:31 -06:00
James Barnett 3005a8b7ce
Merge branch 'rapid7/master' into goliath 2018-02-21 11:16:05 -06:00
James Barnett b3642b1079
Address PR comments 2018-02-20 15:30:37 -06:00
James Barnett 09ae4ac8ac
Add more info to console output 2018-02-20 13:34:33 -06:00
Wei Chen 9a293cd30e Fix #8120, Fix undef method 'gsub' in bavision_cam_login
Fix #8120
2018-02-14 11:03:03 -06:00
James Barnett efd23d37c3
Use common error handling 2018-02-09 16:24:45 -06:00
James Barnett bbd25fc97b
WIP: getting services add working 2018-02-08 17:20:50 -06:00
James Barnett f114092445 Merge branch 'goliath' into MS-2833 2018-02-08 14:32:03 -06:00
jbarnett-r7 352cf295b5
Merge branch 'goliath' into MS-2833 2018-02-07 14:38:26 -06:00
James Barnett 5b35662dbf
Address PR comments 2018-02-07 14:21:31 -06:00
James Barnett cb093d8063
Use proper logging 2018-02-07 10:25:56 -06:00
Matthew Kienow 52b8f405bd
Refactor change host methods, remove debug output 2018-02-06 18:54:05 -05:00
James Barnett 5bc38206c0
Few more loot bugs 2018-02-06 17:22:09 -06:00
James Barnett 6e2503bbd8
Add loot update 2018-02-06 16:16:22 -06:00
Matthew Kienow 629f79ebf7
WIP remote host update 2018-02-06 16:11:46 -05:00
James Barnett 49b88dbef7
Pass loot search using query string 2018-02-05 18:15:05 -06:00
jbarnett-r7 f176e339bc
Merge pull request #12 from clee-r7/ms-2911
Ms 2911
2018-02-05 15:46:28 -06:00
christopher lee 1759621b03 Make 8080 default service port 2018-02-05 15:01:03 -06:00
christopher lee 020a28f5c7 Unify data service command 2018-02-05 13:28:17 -06:00
James Barnett e8b29af208 Merge branch 'goliath' into MS-2833 2018-02-02 17:32:17 -06:00
Matthew Kienow dcf4171cfb
Fix query array encoding issue 2018-02-02 17:16:12 -05:00
christopher lee 5a899d5126 Renamed msfdb to avoid omnibus collision, removed inline data service startup code 2018-02-01 16:28:36 -06:00
christopher lee 3bc0608579 Finish POC cleanup 2018-02-01 13:59:15 -06:00
christopher lee 59bc1a34d5 Remove 'puts' logging and cleanup AWS poc 2018-02-01 13:38:20 -06:00
James Barnett fc7ab6cbff
Merge branch 'externalize-host-data-search' into MS-2833 2018-02-01 11:24:11 -06:00
Matthew Kienow 5c38207a8e
WIP externalize host data search 2018-01-31 16:34:42 -05:00
James Barnett 3ff613db8f
"fix" adding loot from the command line 2018-01-31 10:31:09 -06:00
James Barnett e1b61b8180 Merge branch 'goliath' into MS-2833 2018-01-31 10:06:36 -06:00
Matthew Kienow 3a01a16dcb
Fix issue with workspace in query data 2018-01-25 17:29:58 -05:00
Matthew Kienow 4989e94e68
Add HTTP PUT request method 2018-01-25 10:40:57 -05:00
James Barnett 5505996518 Add loot delete 2018-01-24 16:42:16 -06:00
Matthew Kienow 2ffd627c56
Merge branch 'goliath' into add_https 2018-01-23 18:59:59 -05:00
christopher lee dd65141a22 Merge branch 'goliath' into MS-2891 2018-01-23 10:45:44 -06:00
James Barnett d10cd2d92a
Add verification methods to HTTPS
This commit enables peer verification for SSL.
It also gives the user options to verify the server if the server uses a self-signed cert.
There is an override to skip verification as well.
2018-01-22 18:08:16 -06:00
Christopher Lee 6ffae7f6ad
Merge pull request #9 from clee-r7/correct-api-url
Update API URLs
2018-01-22 15:17:09 -06:00
christopher lee 2521c941d4 Ported singleton calls 2018-01-22 14:57:28 -06:00
Matthew Kienow 2211459b9d
Correct workspace_associations_counts API path 2018-01-20 14:54:14 -05:00
Matthew Kienow b7e5b0f161
Update API URLs per design discussion 2018-01-20 14:50:59 -05:00
Matthew Kienow cb4999c1ac
Add URI query data option to request methods 2018-01-19 16:51:49 -05:00
christopher lee d5978803eb Fix all failing rspec for goliath 2018-01-19 15:16:19 -06:00
James Barnett b8296a809c Merge branch 'goliath' into add_https 2018-01-19 13:33:24 -06:00
James Barnett ff9c69c7c8
Merge branch 'rapid7/master' into goliath 2018-01-19 13:28:17 -06:00
Matthew Kienow 764ecf6562
Land #6 JSON to MDM
Deserialize JSON returned from a remote data service to an in-memory MDM object
2018-01-18 17:21:10 -05:00
James Barnett 0654979be6
Remove separate code path for openstruct for creds.
Also fix RemoteCredentialDataService to work with json_to_mdm
2018-01-18 13:27:33 -06:00
Brent Cook 7fe237abe1
Land #9220, Module cache improvements 2018-01-17 22:34:51 -06:00
Brent Cook 08f622b0ce update version 2018-01-17 17:24:15 -06:00
James Barnett bab9b66521
Only send back one object for host create 2018-01-12 10:52:16 -06:00
James Barnett 809d3d28c7 Merge branch 'rapid7/master' into goliath 2018-01-11 16:18:41 -06:00
James Barnett b2666ad3f2
Update host delete method to return full objects of deleted hosts 2018-01-11 16:12:25 -06:00
Metasploit 18f16e7c66
Bump version of framework to 4.16.32 2018-01-11 10:03:16 -08:00
Matthew Kienow e964e8bcbb
Fix incorrect HTTP request method calls 2018-01-10 23:59:53 -05:00
Matthew Kienow f895169c7f
Fix incorrect HTTP request method calls 2018-01-10 23:53:24 -05:00
James Barnett 3c73892a70
Use json_to_mdm for Credentials. 2018-01-10 16:58:44 -06:00
James Barnett 4a377af5e6
Deserialize JSON to Mdm Object 2018-01-09 15:18:49 -06:00
James Barnett 173705ad35
Add error handling when no data returned from server 2018-01-05 11:44:25 -06:00
Metasploit 3a7a539c84
Bump version of framework to 4.16.31 2018-01-04 12:17:08 -08:00
Metasploit d4de9eef9b
Bump version of framework to 4.16.30 2018-01-04 10:03:21 -08:00
James Barnett 5058c2d36f Merge branch 'goliath' into add_https 2018-01-03 10:51:22 -06:00
James Barnett 4aac8f5c39
Merge branch 'rapid7/master' into goliath 2018-01-02 17:34:40 -06:00
Matthew Kienow 40d15bf3e6
Hash#each style correction 2018-01-02 12:25:14 -05:00
James Barnett f015b926da Merge branch 'goliath' into add_https 2018-01-02 10:38:48 -06:00
Metasploit 7254130b77
Bump version of framework to 4.16.29 2017-12-28 15:19:22 -08:00
Jeffrey Martin 66ca61f636
Merge released '4.x' 2017-12-28 17:15:29 -06:00
Brent Cook c2bb144d0f
Land #9302, Implement ARD auth and add remote CVE-2017-13872 (iamroot) module 2017-12-28 14:11:26 -06:00
Metasploit c681c7881d
Bump version of framework to 4.16.28 2017-12-28 10:03:39 -08:00
Brent Cook 6f1196d30c clarify what's happening when there is a connection failure 2017-12-27 22:32:08 -06:00
Matthew Kienow 5e4836b1e9
Implement hosts remote data store delete
Also, resolve an issue when adding a host where the client-side
raises an exception.
2017-12-26 23:09:23 -05:00
Jon Hart d4bc98c13f
Merge branch 'upstream-master' into feature/mqtt-login 2017-12-22 08:07:40 -08:00
Metasploit 909caa0425
Bump version of framework to 4.16.27 2017-12-21 13:27:52 -08:00
Brent Cook 9d8cb8a8d0 Merge branch '4.x' into upstream-master 2017-12-21 15:17:38 -06:00
Metasploit ee2f10efc5
Bump version of framework to 4.16.26 2017-12-21 10:04:38 -08:00
Jon Hart 962bc71d10
Merge branch 'feature/mqtt' into feature/mqtt-login 2017-12-20 18:58:36 -08:00
Jon Hart d0b3abc14b
Better handling of MQTT endpoints which don't require authentication
Arguably this is working around LoginScanner's inability to provide
blank usernames AND passwords
2017-12-20 18:02:52 -08:00
Jeffrey Martin 8cd7185a7f
Land #9313, Add DirectAdmin login_scanner module 2017-12-20 15:23:24 -06:00
Jeffrey Martin 7f8a5d3834
improved credential reporting 2017-12-20 15:09:11 -06:00
Jon Hart b4262662dc
Add missing mqtt login helper 2017-12-20 12:33:49 -08:00
Metasploit 66b1a555a1
Bump version of framework to 4.16.25 2017-12-18 16:33:25 -08:00
Nick Marcoccio be2a3ca270 edited sid comment 2017-12-18 08:18:02 -05:00
Nick Marcoccio f447fa1a12 Added DirectAdmin Login Utillity 2017-12-17 22:43:37 -05:00
jgor b99f044de5 Implement VNC security type 30 (Apple Remote Desktop) authentication 2017-12-14 13:57:38 -06:00
Metasploit be4f9236f2
Bump version of framework to 4.16.24 2017-12-14 10:08:05 -08:00
James Barnett 973f3bacd8
Remove require statements for remote_service_endpoint 2017-12-13 11:31:29 -06:00
James Barnett 74c00cf8ba
WIP: Enable HTTPS client.
Removed RemoteServiceEndpoint and using URI instead.
2017-12-12 16:42:20 -06:00
Matthew Kienow c7e7b5861d
Fix error in exception message 2017-12-11 17:52:24 -05:00
Metasploit 348cbe54b6
Bump version of framework to 4.16.23 2017-12-08 10:01:55 -08:00
James Barnett 8835dae6f0
Switch to net/http header handling 2017-12-05 15:06:15 -06:00
James Barnett 35b217b748 Merge branch 'goliath' into http_client_change 2017-12-05 11:13:53 -06:00
Metasploit fd1681edd9
Bump version of framework to 4.16.22 2017-12-01 10:04:07 -08:00
Metasploit 174d0d46de
Bump version of framework to 4.16.21 2017-11-29 10:45:55 -08:00
Metasploit c9da8f7a18
Bump version of framework to 4.16.20 2017-11-24 10:01:50 -08:00
James Barnett 770f092e5d
Use more accurate variable name 2017-11-22 12:34:24 -06:00
James Barnett e0837fb01d
Create local copies of loot 2017-11-21 16:28:19 -06:00
James Barnett 82a30ed618
Fix bug in db_nmap with RDS
The cmd_db_nmap method was cleaning up the nmap XML file
before it could be read. Making the call synchronous will prevent
it from hitting the ensure block before the processing is done
when running msfdb locally.
2017-11-20 15:40:27 -06:00
Metasploit 602406a423
Bump version of framework to 4.16.19 2017-11-17 10:02:22 -08:00
Metasploit 5cdd364590
Bump version of framework to 4.16.18 2017-11-15 19:46:12 -08:00
christopher lee fe1af35107 First pass at changes needed for module metadata caching 2017-11-15 16:38:01 -06:00
James Barnett 9647f8d951
DRY up HTTP request code. 2017-11-14 15:31:31 -06:00
Metasploit 4f660d7dd7
Bump version of framework to 4.16.17 2017-11-10 10:05:05 -08:00
James Barnett 029d3b718d
Connect and get working with net/http.
POST looks to be working too.
2017-11-09 17:10:26 -06:00
William Vu fbbc8da8fb Fix raise(s) in MSSQL client aborting mssql_login 2017-11-07 14:30:47 -06:00
Metasploit deb5a7b015
Bump version of framework to 4.16.16 2017-11-03 10:03:38 -07:00
Metasploit a14102083c
Bump version of framework to 4.16.15 2017-11-02 10:01:12 -07:00
James Barnett 04f5f41265 Merge branch 'port_dbnmap' into loot_and_creds 2017-10-31 17:03:40 -05:00
James Barnett cfdda37f62
Send nmap file across the wire. 2017-10-31 10:12:45 -05:00
Brent Cook f42b980cf0 fix misspelled RuntimeError 2017-10-30 15:42:11 -05:00
Metasploit 140955f220
Bump version of framework to 4.16.14 2017-10-27 10:03:00 -07:00
James Barnett 9d00093d81
Initial commit for nmap proxying 2017-10-25 16:04:31 -05:00
James Barnett a4914074fb Merge branch 'goliath' into loot_and_creds 2017-10-24 12:01:32 -05:00
James Barnett d63b087610
Fix bug with creating session_events 2017-10-24 11:51:27 -05:00
James Barnett ffcec527a7
Successfully storing creds remotely 2017-10-23 11:30:50 -05:00
Metasploit 884b68fa60
Bump version of framework to 4.16.13 2017-10-20 10:02:23 -07:00
christopher lee 2c8f27cd98 More general cleanup including is_local db check 2017-10-16 17:07:26 -05:00
James Barnett 5232e9926e
creds command converted 2017-10-16 15:27:53 -05:00
Metasploit 88585a5cfd
Bump version of framework to 4.16.12 2017-10-13 10:03:48 -07:00
James Barnett 4c164fafb0
WIP: proxy credentials 2017-10-10 13:52:30 -05:00
Metasploit 4acef04e0d
Bump version of framework to 4.16.11 2017-10-06 10:01:51 -07:00
James Barnett 0dbfc9d447
WIP: Drop session objects before JSON conversion
The session object is not intended to be store in the DB.
There are a ton of subobjects and unneeded data that causes the JSON conversion
to hang or fail with 'stack level too deep' errors.
2017-10-06 11:43:01 -05:00
James Barnett 08b62db061
Pass loot contents over the API and write file 2017-10-03 12:31:57 -05:00
James Barnett 49f5256f88
Make session_events retrievable from the API 2017-09-29 16:04:17 -05:00
James Barnett eb927663ff
use a better method for storing session_events 2017-09-29 14:59:08 -05:00
Metasploit 32104eb90e
Bump version of framework to 4.16.10 2017-09-29 10:04:04 -07:00
christopher lee 293d1edeb1 Merge master: 8853193542 2017-09-29 11:06:16 -05:00
James Barnett ed74c3726f
Proxy session events.
This enables modules to use report_loot with a remote data service
2017-09-28 17:03:09 -05:00
James Barnett 0b29408aa2
Allow filtering of loot 2017-09-26 13:48:01 -05:00
James Barnett ee3e354f4f
Get posting working with loot -a 2017-09-22 16:13:58 -05:00
James Barnett 40abbccb03
Merge remote-tracking branch 'rapid7/master' into proxy_loot 2017-09-22 14:10:02 -05:00
Metasploit 68fa3d45f3
Bump version of framework to 4.16.9 2017-09-22 10:05:19 -07:00
James Barnett 812ad9f9cb
loot printing (maybe) working 2017-09-21 15:20:49 -05:00
James Barnett 9f95f88035
Fix a couple of bugs. 2017-09-19 16:35:18 -05:00
James Barnett 765ea01e9f
loot posting working 2017-09-18 15:58:40 -05:00
Metasploit b2f5bd16e6
Bump version of framework to 4.16.8 2017-09-15 10:02:38 -07:00
christopher lee 2cd9649139 Added msf red connection mechanism 2017-09-14 12:57:03 -05:00
Metasploit faa84faf25
Bump version of framework to 4.16.7 2017-09-08 15:38:22 -07:00
Metasploit f5a73f3efe
Bump version of framework to 4.16.6 2017-09-08 10:03:41 -07:00
christopher lee 000f561d6f Added session data export 2017-09-08 11:09:15 -05:00
Metasploit 92f5290a50
Bump version of framework to 4.16.5 2017-09-01 10:08:40 -07:00
Metasploit a0131f450e
Bump version of framework to 4.16.4 2017-08-28 14:34:39 -07:00
Metasploit 779b25bdf6
Bump version of framework to 4.16.3 2017-08-25 10:02:45 -07:00
Metasploit 2f72404b26
Bump version of framework to 4.16.2 2017-08-23 19:11:11 -07:00
Metasploit 7c2fa20191
Bump version of framework to 4.16.1 2017-08-23 10:36:19 -07:00
christopher lee c09796ea7e Merge master 2017-08-23 11:37:04 -05:00
Metasploit ca7d481658
Bump version of framework to 4.16.0 2017-08-20 16:57:48 -07:00
Metasploit 95824ce132
Bump version of framework to 4.15.8 2017-08-18 10:03:23 -07:00
Metasploit be926e1d75
Bump version of framework to 4.15.7 2017-08-11 10:12:37 -07:00
Metasploit 83cd0bc977
Bump version of framework to 4.15.6 2017-08-04 10:07:09 -07:00
Metasploit 70f659370f
Bump version of framework to 4.15.5 2017-07-28 10:21:44 -07:00
Metasploit 50474a1ea7
Bump version of framework to 4.15.4 2017-07-21 10:03:44 -07:00
Metasploit 39b2e824ec
Bump version of framework to 4.15.3 2017-07-17 15:43:31 -07:00
Metasploit f80c053114
Bump version of framework to 4.15.2 2017-07-17 12:01:22 -07:00
dmaloney-r7 d6ee0ca94d Merge branch 'master' into kill-cucumber 2017-07-14 10:23:38 -05:00
Metasploit 03691cc35f
Bump version of framework to 4.15.1 2017-07-12 20:08:07 -07:00
Brent Cook dbef4ee816 kill cucumber in framework 2017-07-12 08:00:29 -05:00
christopher lee b81e9a4d2a Pass 1: externalize database 2017-07-07 13:33:42 -05:00
Metasploit fad696ed58
Bump version of framework to 4.15.0 2017-06-22 18:02:38 -07:00
Pearce Barry c0efb7bc76
Land #8573, Adapted the authentitcity_token scheme 2017-06-19 15:45:20 -05:00
Metasploit 9ce0bb9345
Bump version of framework to 4.14.28 2017-06-16 10:02:07 -07:00
SecureAB ef7434b59b added new authentitcity_token scheme 2017-06-16 16:54:38 +02:00
Metasploit 0515980138
Bump version of framework to 4.14.27 2017-06-12 07:39:14 -07:00
Metasploit 77b1125e77
Bump version of framework to 4.14.26 2017-06-09 10:03:35 -07:00
David Maloney 42aa2e5acf
add some attempts at debugging to ntds
add some logging and more status outputs to the
NTDS domain hasdump. Also force the encoding on
strings to UTF8
2017-06-05 15:21:50 -05:00
Metasploit 92a65f5c63
Bump version of framework to 4.14.25 2017-06-02 10:03:44 -07:00
Metasploit 0c792798a7
Bump version of framework to 4.14.24 2017-05-30 07:26:35 -07:00
Metasploit 15b3b7de41
Bump version of framework to 4.14.23 2017-05-26 10:02:14 -07:00
Metasploit 18f520382b
Bump version of framework to 4.14.22 2017-05-19 12:12:27 -07:00
Metasploit c54c999efc
Bump version of framework to 4.14.21 2017-05-19 10:02:32 -07:00
Metasploit 126c078ced
Bump version of framework to 4.14.20 2017-05-18 11:53:33 -07:00
David Maloney 94e4dc2938
fix for smb_login errors
do not try the TreeConnect if the SESSION_SETUP
has already failed.
2017-05-18 11:26:03 -05:00
Metasploit 729f2a9ab8
Bump version of framework to 4.14.19 2017-05-16 14:09:45 -07:00
Metasploit 405f2c6ca1
Bump version of framework to 4.14.18 2017-05-12 10:10:30 -07:00
Metasploit a0b50390c5
Bump version of framework to 4.14.17 2017-05-05 10:02:17 -07:00
Metasploit 2f1df4d4c2
Bump version of framework to 4.14.16 2017-05-02 11:11:20 -07:00
Metasploit 89e81253ed
Bump version of framework to 4.14.15 2017-04-21 10:02:32 -07:00
Brent Cook 6b37e1ecfc
Land #8268, Improve metasploit-aggregator UX 2017-04-21 11:21:49 -05:00
Jeffrey Martin 32da0ed3d7
fix some comment typos 2017-04-19 14:14:26 -05:00