infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
44,914 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

13748 Commits (6b9be37741996da3cf45168b07799963d8d880fd)

Author SHA1 Message Date
Sonny Gonzalez 667cc5bcca
Land #9653, fix Y2k38 issue (until Jan 1, 2038) 2018-03-01 09:28:11 -06:00
Jeffrey Martin 789034a06c
Land #9638, treat 'password must change' as a successful login 2018-02-28 13:25:22 -08:00
William Vu fac7f3d5be
Fix #9602, a little defensive programming 
Check for a nil message and unnecessary auth failures while looping.
 2018-02-26 18:08:37 -06:00
Metasploit 3021a3202b
Bump version of framework to 4.16.42 2018-02-23 08:57:01 -08:00
Metasploit c7cd9ca395
Bump version of framework to 4.16.41 2018-02-22 10:05:34 -08:00
Jacob Robles 178afdaed1
Land #9604, Fix logged errors when running without Python 3.6 / gmpy2 2018-02-22 08:27:37 -08:00
Brent Cook 826b986018
Land #9602, Create sessions with the Fortinet SSH backdoor scanner 2018-02-22 08:27:36 -08:00
Brent Cook 4e8fe54c6c
Land #9524, prefer 'shell' channels over 'exec' channels for ssh CommandStream 2018-02-22 08:27:36 -08:00
Brent Cook af8736cad6
Land #9585, fix ctrl-D handling with block continuation 2018-02-20 09:24:54 -06:00
Brent Cook d614e06bfa
Land #8997, add local 'ls' support to Meterpreter sessions 2018-02-20 09:24:54 -06:00
Brent Cook 13c8072bca
Land #9505, Support local knowledge base documents 2018-02-20 09:24:12 -06:00
Brent Cook 5dede95e98
Land #9270, Implement plugin API for hooking database events 2018-02-20 09:24:12 -06:00
Brent Cook 2395f839d0
Land #9507, Expand paths for meterpreter's cp, mv, and rm commands 2018-02-20 09:24:12 -06:00
Brent Cook a27b2bff3c
Land #9443, Add warning to FileDropper for deleting CWD 2018-02-20 09:24:11 -06:00
Brent Cook b3962c73b0
Land #9573, fixes for bind_named_pipe 2018-02-18 20:27:53 -08:00
Brent Cook f055bccc2a
Land #9570, properly handle when there is no stat callback specified on upload 2018-02-16 15:34:49 -08:00
Brent Cook 51a685bcc7
Land #9516, Support Bash-Style Continuation Lines 2018-02-16 15:34:48 -08:00
Brent Cook 60e37e1c78
Land #9562, avoid an error with aux module command dispatcher 2018-02-16 15:34:48 -08:00
Brent Cook 31ed50ac92
Land #9539, add bind_named_pipe transport to Windows meterpreter 2018-02-16 15:34:47 -08:00
Brent Cook b9a8f227fb
Land #9533, Add output file support to the vulns command 2018-02-15 14:14:07 -08:00
Brent Cook 1045c1fc11
Land #9564, honoring retry counts for x86/64 Windows reverse_tcp payloads 2018-02-15 13:22:56 -08:00
Brent Cook c5a73bdea3
Land #9563: improve memory usage on meterpreter file upload 2018-02-15 13:22:55 -08:00
Brent Cook 7cde510eb6
Land #9560, Fix undef method 'gsub' in bavision_cam_login 2018-02-15 13:22:55 -08:00
Metasploit 358954e15c
Bump version of framework to 4.16.40 2018-02-15 10:03:12 -08:00
Jeffrey Martin aecc1f143f
Land #7699, Add UDP handlers and payloads (redux) 2018-02-13 14:46:07 -08:00
Wei Chen 72ed11574b
Land #9532, Fix a bug in the MD docs references 
Land #9532
 2018-02-12 11:55:18 -06:00
Metasploit 55ae1f7bbe
Bump version of framework to 4.16.39 2018-02-09 09:49:50 -08:00
Adam Cammack b0da7fcd26 Add Enum-type options for external modules 2018-02-09 11:14:21 -06:00
Adam Cammack 0fe2fb9186 Add support for single-IP external scanners 2018-02-09 11:14:14 -06:00
Metasploit a7e779d987
Bump version of framework to 4.16.38 2018-02-08 10:04:59 -08:00
scriptjunkie 64c0d60fbf
Land #9492, fix for reverse port forwards 2018-02-06 23:33:52 -06:00
Adam Cammack e82ff28374
Land #9490, Fix HTML escaping of Unicode in docs 2018-02-06 23:33:34 -06:00
Metasploit 1fdc4bdabb
Bump version of framework to 4.16.37 2018-02-02 09:51:35 -08:00
William Vu 6c350be24e
Land #9473, new MS17-010 aux and exploit modules 2018-02-02 11:32:40 -06:00
Metasploit 445b72fdcd
Bump version of framework to 4.16.36 2018-02-01 10:03:16 -08:00
Brent Cook 48c3c7cd62
Land #9475, Fix import for Fix proxy authentication in reverse_http 2018-02-01 11:24:10 -06:00
Metasploit cca76d2217
Bump version of framework to 4.16.35 2018-01-26 16:18:28 -08:00
William Vu a87ae41d81 Land #9446, Post API fix for setuid_nmap 2018-01-26 18:08:47 -06:00
Metasploit c2379308cf
Bump version of framework to 4.16.34 2018-01-25 10:04:45 -08:00
bwatters-r7 af0c58c2ae
Land #9335, Added socket bind port option for reverse tcp payload. 
Merge branch 'land-9335' into upstream-master
 2018-01-24 17:20:14 -06:00
Matthew Kienow b515a582f0
Land #9424, Add SharknAT&To external scanner 2018-01-24 17:20:03 -06:00
Brent Cook 15f631dcb5
Land #9452, expose linux/osx meterpreter process hiding 2018-01-24 17:12:56 -06:00
Brent Cook d6beb94c59
Land #6611, add native DNS to Rex, MSF mixin, sample modules 2018-01-24 17:12:52 -06:00
Brent Cook 5ec3da843e
Land #9349, GoAhead LD_PRELOAD CGI Module 2018-01-24 17:12:47 -06:00
Brent Cook bb73d2c07e
Land #9431, Fix owa_login to handle inserting credentials for a hostname 2018-01-24 17:12:39 -06:00
William Vu 7da3bdd081
Land #9432, cmd_edit improvements (again!) 
We seem to enjoy refactoring this method.
 2018-01-24 17:12:20 -06:00
Brent Cook 55c345418d
Land #9438, address cmd_exec inconsistencies 2018-01-24 17:11:40 -06:00
Brent Cook 0916d8402e
fix whitespace patchups for current python meterpreter 2018-01-24 17:08:33 -06:00
Metasploit 898aa82933
Bump version of framework to 4.16.33 2018-01-18 10:05:22 -08:00
William Vu 2916c5ae45 Rescue Rex::Proto::SunRPC::RPCTimeout 
Coincidentally, this also fixes the rescue in the library, since
rescuing Timeout instead of Timeout::Error does nothing.
 2018-01-12 19:34:59 -06:00
Metasploit 18f16e7c66
Bump version of framework to 4.16.32 2018-01-11 10:03:16 -08:00
William Vu 4b225c30fd
Land #9368, ye olde NIS ypserv map dumper 2018-01-10 22:02:36 -06:00
William Vu 1a8ffed5e3
Land #9369, register_dir{,s}_for_cleanup 2018-01-10 22:02:15 -06:00
William Vu b1cecd4193 Bump TIMEOUT in Msf::Exploit::Remote::SunRPC 2018-01-10 20:36:35 -06:00
William Vu 1c1f3b161e Rescue XDR errors in Msf::Exploit::Remote::SunRPC 2018-01-10 20:11:30 -06:00
Brent Cook cb82015c87
Land #9387, Check exploit stance for array as well as string 2018-01-09 03:52:59 -05:00
William Vu 333d57461a Check exploit stance for array as well as string 
An exploit can be both aggressive and passive.
 2018-01-08 13:52:04 -06:00
William Vu 461f1c12e6 Fix nil bug(s) by moving arrays to initialize 2018-01-06 02:31:16 -06:00
William Vu 14143c2b90 Fix missed file_dropper_win_path 2018-01-06 01:44:25 -06:00
jgor 51e5fb450f Detect and return on bad VNC negotiations 2018-01-05 10:12:13 -06:00
Wei Chen 9fbddd6474
Land #9374, fix HTML parsing problems for info -d 
Land #9374
 2018-01-04 16:08:56 -06:00
Matthew Kienow 67e7ea4df9
Fix markdown premature less-than sign escape 2018-01-04 15:51:05 -05:00
Metasploit 3a7a539c84
Bump version of framework to 4.16.31 2018-01-04 12:17:08 -08:00
Jeffrey Martin 78872be2ad
Merge released '4.x' 2018-01-04 14:13:18 -06:00
Metasploit d4de9eef9b
Bump version of framework to 4.16.30 2018-01-04 10:03:21 -08:00
William Vu 50f4ebb3b2 Add register_dirs_for_cleanup to FileDropper 2018-01-04 11:06:32 -06:00
William Vu d7c826b5e8 Add rm_rf to Post::File 2018-01-03 23:14:21 -06:00
Adam Cammack 16fa3b99ef
Land #9350, Improve fake SSL cert details 2018-01-03 15:32:27 -06:00
Brent Cook a444bdb329 handle no datastore 2017-12-29 15:26:28 -06:00
Brent Cook 198aeda2c8 rename option 2017-12-29 12:31:56 -06:00
Brent Cook e546598cf1 Implement a method for command shells to register a post-session cleanup command 2017-12-29 12:14:34 -06:00
RageLtMan c32ef4a3be Require msf/core/cert_provider in framework.rb 
Add an explicit require for the new cert_provider in framework.rb
in case it has not yet been loaded.

This should address the Travis failure on initial PR, although the
gem version in socket has not been updated, so this might take a
bit to propagate. In the end, if the dependency already gives us
this functionality by the time we call Rex::Socket::Ssl then this
commit can safely be dropped
 2017-12-29 02:14:48 -05:00
RageLtMan 18f3815147 Update TLS certificate generation routines 
Msf relies on Rex::Socket to create TLS certificates for services
hosted in the framework and used by some payloads. These certs are
flagged by NIDS - snort sid 1-34864 and such.

Now that Rex::Socket can accept a @@cert_provider from the Msf
namespace, a more robust generation routine can be used by all TLS
socket services, provided down from Msf to Rex, using dependencies
which Rex does not include.

This work adds the faker gem into runtime dependencies, creates an
Msf::Exploit::Remote::Ssl::CertProvider namespace, and provides
API compatible method invocations with the Rex version, but able
to generate higher entropy certs with more variables, options, etc.

This should reduce the hit rate against NIDS on the wire, reducing
pesky blue team interference until we slip up some other way. Also,
with the ability to generate different cert types, we may want to
look at extending this effort to probide a more comprehensive key
oracle to Framework and consumers.

Testing:
  None yet, internal tests pending.
  Travis should fail as this requires rex-socket #8.
 2017-12-28 21:00:03 -05:00
Metasploit 7254130b77
Bump version of framework to 4.16.29 2017-12-28 15:19:22 -08:00
Jeffrey Martin 66ca61f636
Merge released '4.x' 2017-12-28 17:15:29 -06:00
Brent Cook c2bb144d0f
Land #9302, Implement ARD auth and add remote CVE-2017-13872 (iamroot) module 2017-12-28 14:11:26 -06:00
Metasploit c681c7881d
Bump version of framework to 4.16.28 2017-12-28 10:03:39 -08:00
Brent Cook 6f1196d30c clarify what's happening when there is a connection failure 2017-12-27 22:32:08 -06:00
Jon Hart bbed7db13c
Merge branch 'upstream-master' into feature/mqtt-login 2017-12-27 13:08:44 -08:00
Jeffrey Martin 8ea50572df
Land #9329, Add basic framework for interacting with MQTT 2017-12-27 14:59:34 -06:00
Tod Beardsley e6de25d63b
Land #9316 Cambium modules and mixins, tx @juushya 
These cover several of the CVEs mentioned in

https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/
 2017-12-26 12:39:51 -06:00
juushya 8b0f2214b1 few more updates 2017-12-23 03:04:11 +05:30
juushya 038119d9df Use of get_cookies_parsed, changing dirs, marking deprecated in 2 mods, more 2017-12-23 00:14:27 +05:30
Jon Hart d4bc98c13f
Merge branch 'upstream-master' into feature/mqtt-login 2017-12-22 08:07:40 -08:00
William Vu caae33b417
Land #9170, Linux UDF for mysql_udf_payload 2017-12-21 20:48:24 -06:00
Metasploit 909caa0425
Bump version of framework to 4.16.27 2017-12-21 13:27:52 -08:00
Brent Cook 9d8cb8a8d0 Merge branch '4.x' into upstream-master 2017-12-21 15:17:38 -06:00
Metasploit ee2f10efc5
Bump version of framework to 4.16.26 2017-12-21 10:04:38 -08:00
Jon Hart becc05b4f1
Cleaner client_id handling 2017-12-21 06:57:33 -08:00
Jon Hart 157d973194
Merge branch 'feature/mqtt' into feature/mqtt-login 2017-12-20 19:13:34 -08:00
Jon Hart 82bdce683b
Remove to_s 2017-12-20 19:13:12 -08:00
Jon Hart adca42f311
Merge branch 'feature/mqtt' into feature/mqtt-login 2017-12-20 19:11:52 -08:00
Jon Hart b78f1105f7
Add missing port 2017-12-20 19:11:33 -08:00
Jon Hart bedc276225
Merge branch 'feature/mqtt' into feature/mqtt-login 2017-12-20 19:09:51 -08:00
Jon Hart ddb2566f3b
Remove duplicate options, set less suspicious client_id 2017-12-20 19:09:35 -08:00
Jon Hart 962bc71d10
Merge branch 'feature/mqtt' into feature/mqtt-login 2017-12-20 18:58:36 -08:00
Jon Hart cf21d13b2e
Resolve conflict 2017-12-20 18:58:16 -08:00
William Vu 1975713a92
Land #9333, get_cookies_parsed using CGI::Cookie 2017-12-20 20:08:33 -06:00
Jon Hart d0b3abc14b
Better handling of MQTT endpoints which don't require authentication 
Arguably this is working around LoginScanner's inability to provide
blank usernames AND passwords
 2017-12-20 18:02:52 -08:00
Jon Hart 2e62d77e36
Add new method for fetching parsed cookies from an HTTP response 
This fixed #9332.
 2017-12-20 16:19:44 -08:00