infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
20,761 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

6633 Commits (6ca01adf1ddfb491d834feed37514337ad868907)

Author SHA1 Message Date
David Maloney 5a424ab4df Allow user supplied buffer register 
let the user pick, otherwise default to edx
 2013-08-26 13:15:12 -05:00
Christian Mehlmauer 7afa789547 fix indentation 2013-08-26 11:37:40 +02:00
David Maloney 383c9ed7f8 set edx as a BufferRegister 
polymorphic encoders can now always use EDX
as a BufferRegister, making it harder to catch
the decoder stub.
 2013-08-25 14:18:32 -05:00
Meatballs 96c093dce0 Fix Exploit::Exe 2013-08-25 19:56:29 +01:00
Meatballs 66ee15f461 Merge and deconflict 2013-08-25 19:14:15 +01:00
David Maloney f5e9089dd5 remove dupe comment 2013-08-25 12:46:47 -05:00
David Maloney a50fa2deec style fixups 2013-08-25 12:37:30 -05:00
David Maloney 5e5f5acf19 plug in 64bit injector 
64 bit exe generation only had subsitution method
add the x64 injector in there too.
 2013-08-25 12:19:57 -05:00
Meatballs 526e504531 More fix 2013-08-25 12:21:37 +01:00
Christian Mehlmauer 45ad043102 moderated comments are now also working (even for unauthenticated users) 2013-08-25 11:02:15 +02:00
Christian Mehlmauer 035258389f use feed first before trying to bruteforce 2013-08-25 10:16:43 +02:00
Meatballs d45d37bc38 Really fix... 2013-08-25 00:18:50 +01:00
Meatballs 83da0b3a57 Correct fname 2013-08-25 00:17:26 +01:00
Meatballs 19e47d5e82 Really fix war 2013-08-25 00:06:31 +01:00
David Maloney 4c57af051a Revert "'remove unused framework references" 
This reverts commit 98a09b9f5c.
 2013-08-24 17:52:57 -05:00
David Maloney 98a09b9f5c 'remove unused framework references 
passing around framework references that are never used
removing these whever possible
 2013-08-24 16:59:29 -05:00
David Maloney bd5f184e2b Dry up the exe subsitution stuff 
6 different methods were doing essentially
the same exact thing. DRY it up a bit
 2013-08-24 16:50:45 -05:00
David Maloney d38117a521 replace old inject method 
replacing jsut the win32 inject method this time
with out new injector method.
 2013-08-24 16:30:47 -05:00
David Maloney 8f47aa6dcb Basic Injector class 
create a class for injecting payloads
into an exe template as a new section
 2013-08-24 16:11:00 -05:00
Christian Mehlmauer 5f7ccf1cbe naming..again 2013-08-24 18:58:00 +02:00
Christian Mehlmauer 9af1341179 consistent naming 2013-08-24 18:51:07 +02:00
Christian Mehlmauer 7cd150b850 another module 2013-08-24 18:42:22 +02:00
Meatballs b4b59aa065 Add guards against empty payloads 2013-08-24 11:59:59 +01:00
Meatballs 9786f84a6e Service exes 2013-08-24 03:45:07 +01:00
Meatballs 9ea17ef1e1 Merge upstream 2013-08-24 03:34:02 +01:00
Meatballs 3fae6c51c8 Initial exe-service 2013-08-24 03:28:47 +01:00
Meatballs f50ede1993 Remove redundant methods 2013-08-23 23:28:13 +01:00
Meatballs 4c4fe0b110 Fix x64 exe droppers 2013-08-23 23:21:31 +01:00
Joe Vennix 2d3f599498 Moves ruby_dl helpers to proper place in repo. 
* Adds fail_with methods and moves timeouts to constants.
 2013-08-23 17:17:19 -05:00
Christian Mehlmauer c40252e0b3 bugfixing 2013-08-24 00:04:16 +02:00
Joe Vennix 87d8e16001 Use defined? instead of version float check. 2013-08-23 16:59:36 -05:00
Christian Mehlmauer e9eb6b2427 simplification 2013-08-23 22:29:31 +02:00
Christian Mehlmauer 576ae50b73 more feedback implemented 2013-08-23 22:22:56 +02:00
Joe Vennix 2a68e4484b Oops. Don't write the ruby payload to /Users/joe/Desktop, thats not good. 2013-08-23 15:15:37 -05:00
Christian Mehlmauer 84fecc35da more feedback implemented 2013-08-23 22:14:58 +02:00
Joe Vennix 7ebe6635ea Finish fixing ruby 1.8.7 regressions. Works on 10.8 and 10.7. 2013-08-23 15:06:48 -05:00
Christian Mehlmauer de3fc1fa6c first feedback implemented 2013-08-23 21:59:36 +02:00
Meatballs 09ceeb5de2 Fix war generation 2013-08-23 20:06:57 +01:00
Meatballs cf5ddfeebf Some war fixes 2013-08-23 18:59:48 +01:00
Meatballs dfc606fe56 Slightly saner filenames 2013-08-23 18:06:48 +01:00
Meatballs 41b1b30438 vba transform 2013-08-23 18:00:19 +01:00
Meatballs 4d21b06f4f Aspx uses transform 2013-08-23 17:22:33 +01:00
Meatballs 1cb1afa50a Fix aspx 2013-08-23 17:09:51 +01:00
Meatballs dd13a7e48f Working .asp 2013-08-23 16:55:07 +01:00
Meatballs 7370fc3f4e vbs transform 2013-08-23 16:26:03 +01:00
Meatballs 5040347521 Fix psh and add powershell transform 2013-08-23 15:59:19 +01:00
Meatballs 418505adc9 Fix psh-net 2013-08-23 15:21:26 +01:00
Meatballs 12b5dbedae Initialize the hash_sub 2013-08-23 14:58:14 +01:00
Meatballs cfd6c66ffd Fix VBS 2013-08-23 14:35:19 +01:00
Meatballs 23a067aab7 Refactor reading of script files and substitution 2013-08-23 13:51:10 +01:00
Christian Mehlmauer 556f17c47e Move modules 2013-08-22 17:33:35 +02:00
Christian Mehlmauer b6b7da7b6f comments 2013-08-22 15:47:10 +02:00
Christian Mehlmauer 4a29277251 renamed files 2013-08-22 11:18:30 +02:00
Brandon Turner cd45c77080 Fix a few database leaks 
All database access should be wrapped in with_connection blocks.

To avoid breaking git blame with a bunch of whitespace, I outdented
the with_connection blocks as seems to be common in db.rb.

[Story #55586616]
 2013-08-21 18:53:17 -05:00
shellster a6e5e9c61d Updated using limhof-r7 advice 2013-08-21 16:43:10 -07:00
shellster 86a83391fd Merge remote-tracking branch 'upstream/master' 2013-08-21 16:16:20 -07:00
Christian Mehlmauer 959553583f -) revert last commit 
-) split into seperate modules
 2013-08-22 00:45:22 +02:00
Brandon Turner c0700673e7 Fix SessionManager database leak 
All database access should be wrapped in with_connection blocks.

Much of this commit is whitespace.  It may help to view it with
--ignore-all-space or the w=0 parameter on GitHub.

[Story #55586616]
 2013-08-21 17:34:25 -05:00
Christian Mehlmauer 009d8796f6 wordpress is now a module, not a mixin 2013-08-22 00:05:58 +02:00
Christian Mehlmauer 0a2bf9e9e7 implement @limhoff-r7 feedback 2013-08-21 21:10:00 +02:00
Christian Mehlmauer 2e9a579a08 implement @limhoff-r7 feedback 2013-08-21 21:05:52 +02:00
Christian Mehlmauer ffdd057f10 -) Documentation 
-) Added Wordpress checks
 2013-08-21 14:27:11 +02:00
Christian Mehlmauer 655e2dcf6c more methods 2013-08-21 13:13:41 +02:00
Christian Mehlmauer 68a51f4055 msftidy 2013-08-21 12:50:26 +02:00
Christian Mehlmauer 11ef8d077c -) added wordpress mixin 
-) fixed typo in web mixin
 2013-08-21 12:45:15 +02:00
Shelby Spencer 97933c4954 Moving meterpreter scripts out of exe.rb into a templates folder. 2013-08-20 16:49:48 -07:00
sinn3r f148eb4715 Land #2255 - Fix fail_with() 2013-08-20 01:28:21 -05:00
jvazquez-r7 491ea81acf Fix calls to fail_with from mixins 2013-08-19 16:42:52 -05:00
jvazquez-r7 7e37130837 Patch for [SeeRM #8315] 2013-08-19 16:34:02 -05:00
Spencer McIntyre e276b57ee7 Merge remote-tracking branch 'upstream/master' into python-meterpreter-dev 2013-08-19 08:37:12 -04:00
Nicholas Davis 559dfb5a7e Fix for bug #8297 
Fixed getting the policy_hash_list which can fail if elements are null
[SeeRM #89297]
 2013-08-18 14:49:44 -07:00
Tod Beardsley 1eb3c323ed Land #2175, force string encoding for RPC 
Metasploit takes great pains to ensure that all strings are encoded as
plain old US-ASCII. This PR enforces this conversion over RPC as well.

[FixRM #7888]
 2013-08-16 16:09:24 -05:00
Tod Beardsley 7937fbcc49 More idiomatic ruby with symbols and spaces 2013-08-16 15:59:04 -05:00
HD Moore bec15ebf7c Remove Failure (moved to parent class) 2013-08-15 13:31:21 -05:00
HD Moore 4706f8b54c Add fail_with() stub and move Failure from Exploit 2013-08-15 13:30:47 -05:00
Tod Beardsley 0ef4b4c982 Land #2222, remove Version from module info 2013-08-15 11:56:21 -05:00
James Lee ed00b8c19e Ensure checksum* methods return a Fixnum 
Fixes a bug in reverse_http* stagers where requests for the root URI
(i.e., "/") cause a NoMethodError on nil returned by checksum8.

[See #2216]
 2013-08-14 14:09:37 -05:00
sinn3r bd6a45fffa Get rid of version() use 2013-08-14 11:00:09 -05:00
sinn3r 83aec3b231 Remove module version display 
Since modules no longer use the 'Version' key, there's no point to
collect and show them. It's all 0 anyway.

[See RM 8278]
 2013-08-14 02:26:39 -05:00
sinn3r 92d57ef37d Fix merge conflict 
Conflicts:
	msfvenom
 2013-08-13 00:00:16 -05:00
James Lee 3827b14103 Land #1726, ssl verify mode 
Conflicts:
	lib/rex/socket/parameters.rb
Fix doc strings
 2013-08-12 17:57:10 -05:00
jvennix-r7 8278808a37 Merge pull request #2204 from todb-r7/bug/undo-optstring-validator 
Revert "OptString specs and better validation"
 2013-08-09 13:42:46 -07:00
Tod Beardsley 02f460287b Revert "OptString specs and better validation" 
This reverts commit d66779ba4c.

Specifically, this commit was causing trouble when a datastore was
getting an Integer. For some reason (as yet undiscovered), the option
normalizer wasn't trying to Integer#to_s such arguments.

This kind of thing is going to happen a lot. For now, I'd rather just
end up with the ducktype, and attack the normalizer in a seperate fix.
 2013-08-09 15:30:42 -05:00
sinn3r 4558aca7ca Land #2136 - Removed requirement for note.data to be present 2013-08-09 15:29:25 -05:00
Meatballs 08c32c250f File versions 2013-08-08 19:42:14 +01:00
James Lee ab976ddf8f Fix genarate command in msfconsole 
Thanks @Meatballs1 for spotting
 2013-08-06 14:46:53 -05:00
Spencer McIntyre 2d69174c5b Initial commit of the python meterpreter. 2013-08-05 23:38:49 -04:00
allfro 9180dd59fe Patch for string encoding issues with `msgpack` 
Fixes an issue that causes exploits to fail if the PAYLOAD option is the last option to get marshalled in an MSFRPC dictionary. The patch adjusts the string's encoding to match the internal default encoding used by Ruby. Hence, making `fetch()` succeed.
 2013-07-30 13:38:44 -04:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff 
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
 2013-07-29 21:47:52 -05:00
jvazquez-r7 05be76ecb7 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-29 16:41:22 -05:00
jvazquez-r7 593363c5f9 Land #2154, @wchen-r7's msfcli optimizations and refactoring 2013-07-29 16:38:32 -05:00
jvazquez-r7 455569aee8 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-29 12:10:12 -05:00
jvazquez-r7 0851974408 Land #2162, @Meatballs1's exploit for ms13-005 2013-07-29 11:43:31 -05:00
Meatballs 9ad99ed4ca I am a git genius 2013-07-29 17:01:57 +01:00
Meatballs 0329caec5f Revert "Fixup psh datastore" 
This reverts commit aa64f5cd58.
 2013-07-29 17:00:28 +01:00
Meatballs aa64f5cd58 Fixup psh datastore 2013-07-28 21:53:11 +01:00
sinn3r a0decf502f Refactor msfcli 2013-07-28 12:40:50 -05:00
Meatballs 234e49d982 Add type technique 2013-07-26 23:33:16 +01:00
Meatballs b99ad41a64 Add api constants and tidy 2013-07-26 01:48:39 +01:00
jvazquez-r7 4a0b33241f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-25 18:41:50 -05:00
sinn3r 7b7603a5e7 Land #2104 - reverse_https_proxy 2013-07-25 17:26:56 -05:00
Meatballs 0235e6803d Initial working 2013-07-25 23:24:11 +01:00
jvazquez-r7 33f6f7e8fc Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-25 17:03:45 -05:00
William Vu 27a540e12f Land #1215, creds reuse for AuthBrute modules 2013-07-25 16:54:44 -05:00
William Vu dac9ac4a1d Land #2159, spool command nil dereference fix 2013-07-25 15:38:35 -05:00
James Lee a5ca516435 Fix nil deref in spool command 
Occurs when no module is currently `use`d
 2013-07-25 14:51:39 -05:00
jvazquez-r7 2b3dcaf678 Land #2157, @wvu and @averagesecurityguy patch for OpenVAS XML Reports importing 2013-07-25 12:04:38 -05:00
William Vu 97680304d6 Use index, since it can apparently do regex 2013-07-25 12:00:33 -05:00
jvazquez-r7 5014919198 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-25 09:02:20 -05:00
sinn3r 56367ef69c Update documentation 2013-07-24 19:04:47 -05:00
sinn3r 0fd2c385fb Update documentation 2013-07-24 19:02:10 -05:00
sinn3r e266d1bd0a Add comment about opts 2013-07-24 19:00:58 -05:00
sinn3r a71d7eb372 Update archive.rb to handle whitelist 2013-07-24 18:59:43 -05:00
sinn3r 9ae550c883 Do if [].empty?. Avoid msfcli running as a job 2013-07-24 18:35:06 -05:00
sinn3r ed51d284fa Change name, change how data is passed, fix rspec 2013-07-24 17:15:56 -05:00
jvazquez-r7 214f337f58 Fix indentation 2013-07-24 16:55:01 -05:00
Meatballs c221360cc1 Retab 2013-07-24 22:16:41 +01:00
sinn3r e120ecfba9 msfcli is designed to load only one module (auxiliary or exploit), 
so we shouldn't have to load all of them to run this utility. The
overall goal of this PR is to narrow down what modules
(exploit/aux + payload + encoder + nop) you possibly need in order
to shave off loading time. By doing this, on my box this is 5-6
seconds faster than the original one.

I actually tried to avoid making too many changes in the library
(such as Module Manager), because we don't have test cases for them,
and we can't really afford to risk breaking it. I also developed
a test script to actually be able to test msfcli.
 2013-07-24 14:40:46 -05:00
jvazquez-r7 e9a4f6d5da Merge branch 'dll_fix' of https://github.com/Meatballs1/metasploit-framework 2013-07-24 14:00:52 -05:00
Meatballs fee5fabb91 Revert x64 corruption changes 2013-07-24 19:59:04 +01:00
Meatballs 44cae75af1 Cleanup 2013-07-24 19:52:59 +01:00
Meatballs edc297756b Tabs 2013-07-24 19:14:11 +01:00
Meatballs 4b84b49674 Fix payload corruption 2013-07-24 19:08:02 +01:00
jvazquez-r7 47c21dfe85 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-24 11:42:11 -05:00
Tod Beardsley 00630376c3 Revert the default call to firefox 
This reverts commit 0928a370f3.

No, no, you guys are right in the comments for #2148. The call to
system is inside the else, but the tabbing made my eyes cross.
Sorry about that. Someday soon, @tabassassin will save us all from these
kinds of screw ups in mental parsing.
 2013-07-23 16:13:02 -05:00
William Vu d493346691 Land #2137, fixes and specs for Opt containers 2013-07-23 15:58:09 -05:00
jvazquez-r7 b0c17fdebc Land #2002, @jlee-r7's patch for better handling uri resources 2013-07-23 15:49:21 -05:00
David Maloney 621568bf8f Another Error Type needs caught 
Different systems throw a different error
Need to rescue that error too
 2013-07-23 15:47:42 -05:00
William Vu 86ab942435 Land #2146, Unix and Windows path normalization 2013-07-23 15:23:41 -05:00
Tod Beardsley 0928a370f3 Adding back default firefox 
the default is triggered only outside the case statement, which itself
is totally bizarre. I can't tell if anyone is relying on this behavior
right now, but it's too premature to just remove it out at this point.
 2013-07-23 14:43:30 -05:00
Tod Beardsley 53c3fd2ce7 Update comment docs on Rex::Compat.open_browser 2013-07-23 14:38:04 -05:00
ZeroChaos ce5742461a update open_browser functionality 
open_browser didn't support xdg-open or firefox-bin.  xdg-open was made the default as it is the most likely to succeed afaik.

the fallback to firefox was removed because since we check for the existence of firefox is makes no sense to try to run it after we failed to find it.  This will silently fail if no supported browser is found due to suggestions from the msf team:

< Zero_Chaos> more importantly, it would be great if someone told me how to spit out a message to the user
< Zero_Chaos> because I have no clue :-)
<@egypt> Zero_Chaos: it's in rex, so the answer is "don't"
 2013-07-23 14:58:16 -04:00
Tod Beardsley bb16683415 Land #2087, @egypt's random ID generator 2013-07-23 13:52:08 -05:00
sinn3r 958a4edd73 Keep the trailing slash if the user wishes 2013-07-22 20:46:18 -05:00
sinn3r 359009583f Drop support for UNC path parsing in normalize_win_path 
Not really a good idea to try to parse UNC format. Confuses the
purpose of the function.
 2013-07-22 20:20:45 -05:00
sinn3r 4b3fce9349 Add functions to normalize Winodws & Unix paths 
The purpose of these functions is to be able to join file/dir paths
safely without trailing slashes, basically for the same reason as
normalize_uri.  Some modules are really buggy when merging paths,
so instead of letting them do it, it's better to use these functions.
 2013-07-22 19:26:04 -05:00
jvazquez-r7 99a345f8d1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-22 13:54:26 -05:00
jvazquez-r7 77e8250349 Add support for CWE 2013-07-22 12:13:56 -05:00
jvazquez-r7 15b0e39617 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-21 13:47:40 -05:00
David Maloney 943dde5c6c OptRegexp specs 2013-07-20 18:44:55 -05:00
David Maloney d66779ba4c OptString specs and better validation 2013-07-20 17:49:03 -05:00
David Maloney d6f2b28708 More opt specs 2013-07-20 17:37:39 -05:00
sinn3r 757cf18bb4 Land #2135 - Update FF detection 2013-07-20 13:10:14 -05:00
Samuel Huckins 832db57171 Removed requirement for note.data to be present. It wasn't required in 
the model or in specs, but was in db.rb, resulting in an error during
certain import scenarios.
 2013-07-20 10:27:12 -05:00
Joe Vennix 92ae90b828 Whitespace fixes. 2013-07-19 17:27:27 -05:00
Joe Vennix 2e838d7be3 Fix minor bugs discovered when testing. 2013-07-19 17:18:39 -05:00
Joe Vennix 7e2fc147f1 Add updated versions of firefox. 2013-07-18 16:35:57 -05:00
David Maloney ec82644bd3 mo fixes mo specs 
SEERM #7536
SEERM #7537
 2013-07-18 15:00:57 -05:00
jvazquez-r7 1a5e0e10a5 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-18 13:53:57 -05:00
sinn3r 9d92b38dc7 Land #2121 - add specs for module search filter 2013-07-18 13:50:26 -05:00