infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
43,344 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

8490 Commits (6fb90640b998b837bbd93b2304776dd3c2f461dd)

Author SHA1 Message Date
Brent Cook 4c0539d129
Land #8178, Add support for non-Ruby modules 2017-04-02 21:02:37 -05:00
Adam Cammack 2de8f1b97d
Fixups for specs 2017-03-31 22:19:53 -05:00
Adam Cammack a3e196e31e
Support arbitrary external command_stager exploits 
So much done, so much more to do.
 2017-03-31 17:06:28 -05:00
HD Moore b5771b0f72 Get into the DANGER ZOOOOOOONE 2017-03-31 12:26:42 -05:00
Adam Cammack 1306065c91
Always run both loaders 
How did I miss this? How did this work before??? I have a bad feeling
this may break pro.
 2017-03-31 10:42:13 -05:00
Adam Cammack bf9b0130d9
Clean up odd code 2017-03-28 11:19:30 -05:00
Adam Cammack 71df231918
Add new loader for arbitrary executables 
Still some kluges left in the shim and we have to hit the disk when
constructing the module path
 2017-03-28 10:27:12 -05:00
William Vu d47e59b04e Fix missing dll_data var in parse_pe 
Also clean up YARD.
 2017-03-27 01:17:23 -05:00
Pearce Barry 31c03840bb
Style fixes for HWBridge RF and a couple small bug fixes 
I should have tweaked these earlier, my bad.
 2017-03-26 13:45:19 -05:00
Pearce Barry 29b30217d2
Land #8149, Add -h for the check command 2017-03-24 15:47:59 -05:00
Pearce Barry 4e6cf58b22
Land #8143, Fix variable typos in rfrecv related methods. 2017-03-24 15:38:52 -05:00
wchen-r7 1c3c2ecdc6 Add -h for the check command 
Because even I don't remember what it can do anymore.
 2017-03-24 11:47:36 -05:00
dmohanty-r7 92c0748447
Land #8102, Add a plugin to notify new sessions via SMS 2017-03-24 11:17:59 -05:00
William Webb e04f01ed6b
Land #7778, RCE on Netgear WNR2000v5 2017-03-23 15:34:16 -05:00
darkbushido 271fd589f2 Revert "Land #8135, Report hosts always add ip to hostname if hostname is blank" 
This reverts commit 5a1c7ca8af, reversing
changes made to d10b3da6ec.
 2017-03-23 10:05:58 -05:00
Leon Jacobs c58e9acadd
Fix variable typos in rfrecv related methods. 2017-03-22 15:44:22 +02:00
darkbushido 60bc279eb3
removing extra whitespace 2017-03-21 10:40:59 -05:00
darkbushido 1221a20d0d
reversing the logic to check for .blank? 2017-03-21 10:35:19 -05:00
darkbushido 7ff7c707c9
setting host_name to address if host_name is blank. 2017-03-21 10:26:57 -05:00
Pearce Barry f397624a69
Land #7935, HWBridge RF transceiver extension 2017-03-21 06:12:32 -05:00
Brent Cook aa5e9cd702
Land #8058, Allow the http_payload stager to sleep before retry 2017-03-21 00:07:10 -05:00
Pearce Barry c4279a837a Minor formatting/spelling/verbiage changes. 2017-03-20 17:37:12 -05:00
Craig Smith 2fde287424 Initial patch for rftransceiver (RfCat / YardstickOne) 2017-03-20 17:36:16 -05:00
Pearce Barry 2acd941b16 Merge branch 'master' into dtc_fix 2017-03-20 14:10:01 -05:00
Pearce Barry 06ebb22a8f
Land #8065, Zigbee Hardware Bridge Extension 2017-03-20 10:44:15 -05:00
alpiste f715fee10c The option StagerRetryWait will be used by default with the value of 5 seconds 2017-03-17 20:28:14 -03:00
Brent Cook ad2222152c Merge remote-tracking branch 'upstream/master' into land-8056-outlook 2017-03-17 17:30:08 -05:00
Brent Cook e1f33f1616 Merge remote-tracking branch 'upstream/master' into land-8038- 2017-03-16 22:03:48 -05:00
Pearce Barry 095a110e65
Code and doc tweaks (minor). 
Only one behavior change in the scan loop of zstumbler.rb to, when doing a scan across all the channels, keep it from retrying channel 11 again one last time just before it exits.
 2017-03-16 21:43:36 -05:00
William Vu bad1fc9948
Land #8041, loopback warning for LHOST 2017-03-16 13:30:12 -05:00
William Vu af3cd18c9f Fix #8041 so it works 2017-03-16 13:27:47 -05:00
bwatters-r7 ab75794cd4
Land #8071, Add API to send an MMS message to mobile devices 2017-03-16 11:57:34 -05:00
Spencer McIntyre 03698ec214 Fix how the psh mixing issues meterpreter commands 2017-03-16 08:45:10 -04:00
Brent Cook 8995629037
Land #7061, allow chaining the service stub with other encoders 2017-03-15 13:56:09 -05:00
wchen-r7 18cdb2f82f Add a -l option to the load command to list plugins 
This allows the load command in msfconsole to list all the
available plugins in Framework.
 2017-03-14 14:15:52 -05:00
wchen-r7 bb4d6e17c8 Resolve #8026, Add a plugin to notify new sessions via SMS 
This plugin will notify you of a new session via SMS.

It also changes the SMS text format to MIME.

Resolve #8026
 2017-03-13 16:13:59 -05:00
Noah Berman ad929b6427
indentation fix part 2 2017-03-09 15:44:09 -07:00
Noah Berman ef6831437a
indentation fix for clarity 2017-03-09 14:55:20 -07:00
Noah Berman ccf345f696
move method to module level 2017-03-09 14:32:51 -07:00
William Vu febe9625dd Add rcheck/recheck to aux modules and exploits 2017-03-09 15:30:34 -06:00
Noah Berman 10018e2a32
spacing fix in reverse.rb 2017-03-09 12:48:36 -07:00
Noah Berman 40204703f0
remove unnecessary newline 2017-03-09 12:26:11 -07:00
Noah Berman e7b47865be
ruby formatting fix 2017-03-09 12:23:02 -07:00
Noah Berman 274089a7f1
cleanup for lhost loopback warn 2017-03-09 11:33:27 -07:00
Noah Berman 7806173764 Merge branch 'master' of github.com:rapid7/metasploit-framework into lhost-setting-warning 2017-03-09 11:11:23 -07:00
Noah Berman 2f55b5e00e
reconfigure lhost warn for loopback address 2017-03-09 11:10:27 -07:00
William Vu 1a96fb03ae Allow start_service to specify a resource 
This overrides URIPATH and random_uri if opts['Path'] is specified.
 2017-03-09 02:33:02 -06:00
William Vu 1a0b342e68 Add srvport to HttpServer 
This allows URIPORT to override SRVPORT.
 2017-03-09 02:24:22 -06:00
wchen-r7 ed22902fd4 Support the subject field 2017-03-08 11:40:08 -06:00
Craig Smith f60dae0917 Lots of syntax fixups from rubocop 2017-03-08 09:21:33 -08:00
h00die 95683715e0
land #8069, a warning when setting rhost in rhosts modules 2017-03-07 18:42:38 -05:00
wchen-r7 dc13b84189 Bring mms branch up to date w/ master 2017-03-07 16:13:39 -06:00
Jin Qian 7e19486a97
Merge branch 'wchen-r7-sms' into upstream-master 
Merged #8047
 2017-03-07 15:56:00 -06:00
Brendan Coles 1aec2203e5 Warn when setting RHOST option for module which expects RHOSTS 2017-03-07 21:02:30 +00:00
wchen-r7 fae05f2e98 And API to send an MMS message to mobile devices 
This API allows you to send a malicious attachment to mobile
devices.
 2017-03-07 12:34:45 -06:00
= 27c2795632
Issue #7188 resolved along with checking for all loopback addresses. 2017-03-08 00:02:50 +05:30
Craig Smith 4e9b8946d8 Fixed some small msftidy issues 2017-03-06 22:47:37 -08:00
Craig Smith 97ad8be7ff Added some Zigbee Documentation 2017-03-06 22:42:15 -08:00
Craig Smith 60cd04bc7b Added module for zstumbler 2017-03-06 16:10:14 -08:00
alpiste 09442f226a Functionality was added to allow the payload to wait before trying to reconnect. 
Also the code was modified to allow the payload to infinite retry if 0 is set.
 2017-03-04 18:12:09 -03:00
wchen-r7 6ad8afb8b3 Add API to send a text message (SMS) to mobile devices 2017-03-02 16:47:55 -06:00
Noah Berman 23474dfc70
change print_error to print_warning 2017-03-02 09:46:03 -07:00
William Vu 79c01a9577 Fix ancient copypasta of Aux to Post 
Specifically a crash in the run command's help.
 2017-03-02 01:24:27 -06:00
Noah Berman f91328b122
modify warning wording 2017-03-01 15:00:15 -07:00
Noah Berman d9f5b75dc5
warn when lhost set to 127.0.0.1 2017-03-01 14:53:49 -07:00
Tim 601131f236 hook Application class if found 2017-03-01 19:22:42 +08:00
Tim ee8b70e0df fix permission shuffling 2017-03-01 14:38:47 +08:00
Tim 063d999a64 randomize the payload, service and broadcast receiver names 2017-03-01 14:20:31 +08:00
Tim b273517f9a always set first byte to 1 on stageless configs 2017-03-01 12:46:00 +08:00
Tim c8816cacb0 Remove stageless classname from staged payloads, fixes #8034 2017-03-01 12:27:12 +08:00
Brent Cook 31568320f9 Merge branch 'upstream-master' into land-8021- 2017-02-28 03:02:03 -06:00
Brent Cook bbf271f6b0
Land #7981, allow handler launched by the handler command to persist 
Merge remote-tracking branch 'upstream/pr/7981' into upstream-master
 2017-02-28 02:38:42 -06:00
Craig Smith dcb42a3e69 Initial zigbee support using killerbee. Core session setup portion 2017-02-27 17:29:54 -08:00
Spencer McIntyre 3b2e5e0785 Add a new core_native_arch method for meterpreter 2017-02-26 14:22:24 -05:00
wchen-r7 f27ef55391
Land #7992, Improve Signature Evasions for browser exploits 2017-02-23 16:32:49 -06:00
Jeff Tang e3f613ecc6 Bypass: Metasploit OS detection 
SEP is triggering on HTTP POSTs which start with `os_name`
 2017-02-23 15:42:04 -05:00
Jeff Tang 84ab3c66cc Use obfuscated JS in BES 2017-02-22 12:47:36 -05:00
Rich Whitcroft f08478e02f fix handler persistence 2017-02-20 13:51:07 -05:00
dmohanty-r7 c4f1e0db1f
Land #7913, Fix Console Route Print with ipv4 and ipv6 2017-02-17 17:42:57 -06:00
Brent Cook 0e3eba18b3 simplify guard logic 2017-02-17 16:00:15 -06:00
Brent Cook f4befda59b inherit the options from the default target so we can autocomplete before the rhost resolution occurs 2017-02-17 15:50:45 -06:00
Brent Cook da82f0891e
Land #7860, Add OverrideScheme option to reverse_http/s handler 2017-02-17 11:12:49 -06:00
Craig Smith 1214ef5b79 Replaced tabs with spaces and removed trailing spaces at EOL 2017-02-15 16:46:11 -08:00
Craig Smith 8f1856c5d1 Fixed a bug with DTC decoding. 
DTC Codes now print the English error messages next to their code with getvinfo
Frozen DTCs can also be fetched via get_frozen_dtcs()
 2017-02-15 16:26:23 -08:00
wchen-r7 f600fa1caa Be aware of logout 2017-02-14 17:03:57 -06:00
wchen-r7 81abbfba46 Resolve #7959, Automatically login to RPC service after expiration 
When the RPC client token expires, it will automatically login
again, and renew the token during the next RPC request.

Resolves #7959
 2017-02-14 16:41:08 -06:00
Brent Cook c1d08b9574 rename udp_sock to udp_socket to avoid mixin collisions 2017-02-12 22:31:56 -06:00
wchen-r7 4b5bc84f5c
Land #7918, Fix report_vuln for aux/scanner checks 2017-02-09 12:18:33 -06:00
Tim 095831e029
fix silly typo 2017-02-08 23:41:15 +08:00
William Vu b06895b604 Hide RPORT more intelligently 2017-02-08 09:40:42 -06:00
Tim 870621d169
Add OverrideScheme option, fixes #7841 2017-02-08 23:30:29 +08:00
William Vu 31f93de150 Update HttpClient and WordPress mixins 2017-02-06 04:40:26 -06:00
William Vu ba80e1d9e5 Fix report_vuln for aux/scanner checks 
Msf::Auxiliary::Scanner#setup sets it to nil in instance.check_simple.
 2017-02-06 01:20:18 -06:00
Josh Hale 02afc3af96 Add lines for no IPv4/IPv6 routes 2017-02-05 17:38:30 -06:00
Pearce Barry cab19dc63c
Land #7904, Fix a bug where PHP tags were in the wrong place 2017-02-05 11:43:24 -06:00
Josh Hale 79b92ccdc7 Fix for Route Print IPv6 Error 2017-02-04 16:21:55 -06:00
Brent Cook 64e475a4ee
Land #7892, Enhance the creds command to allow creating logins 2017-02-03 11:53:46 -06:00
James Lee 3c7f78167a
Push up the preamble and modernize style 2017-02-02 17:57:03 -06:00
James Lee c9560b5aa8
Add error_reporting to preamble 2017-02-02 17:48:28 -06:00
Pearce Barry 23c2787d57
Land #7795, Hardware Bridge API. 
Initial bridge API that supports the HW rest protocol.
 2017-02-02 08:47:59 -06:00
Pearce Barry 16de745437
Minor code cleanups/corrections. 2017-02-01 16:12:45 -06:00
OJ 72c641fcab
Land #7889 - use a better check for whether rhosts exists 2017-01-31 07:49:14 +10:00
darkbushido e5d8a64770 adding the ability to create logins 2017-01-30 10:43:27 -06:00
Brent Cook 76529278b8 make sure we can actually invoke auto targeting before adding it 2017-01-30 05:24:57 -06:00
Brent Cook 7d32166c70 use a better check for whether rhosts exists 2017-01-29 19:18:23 -06:00
OJ d8511d1ad5
Add exception when SESSION doesn't exist 2017-01-30 10:26:23 +10:00
William Vu b44e7ff733 Fix argument passing for deprecated scripts 
This allows the scripts to continue working while warning the user.

See also: c59b5eaa2f.
 2017-01-29 14:14:55 -06:00
darkbushido 39d702ebd9
changing the syntax to work with ruby 2.1 
Fixes #7881
 2017-01-27 11:20:26 -06:00
William Vu c59b5eaa2f
Fix #7823, legacy_script_to_post_module fixes 2017-01-26 16:26:00 -06:00
Craig Smith 87701ff758 Added more error handling to bail out more gracefully when things go wrong. Could 
be more common with bluetooth connections.
 2017-01-25 18:23:57 -08:00
Craig Smith 2ff4e6f57e Fixed defaults for elm327 realy. 
Array2Hex in the automotive extension how supports passing an array or integers or string hexes
Added some extra error handling for UDS calls to non-supported pids
 2017-01-25 11:30:29 -08:00
Pearce Barry 9b16cdf602
Land #7845, Fix Msf::Exploit::EXE shellcode/template mismatch 2017-01-22 16:09:41 -06:00
Brent Cook 414977125f Merge remote-tracking branch 'upstream/master' into land-7847- 2017-01-22 14:11:40 -06:00
Brent Cook ac2ceca5e3
Land #7804, Switch the creds command to use named options 2017-01-22 10:49:19 -06:00
Brent Cook 6a2d036ea8 depend on regular rb-readline, bugs fixed upstream 2017-01-22 10:20:05 -06:00
Brent Cook 99047fa8a1 be stricter in what we accept for payload uri 
datastore needs to contain something to produce a valid URI
 2017-01-22 10:20:04 -06:00
Brent Cook 836da6177f Cipher::Cipher is deprecated 2017-01-22 10:20:03 -06:00
Brent Cook f69b4a330e handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations 2017-01-22 10:20:03 -06:00
William Vu a7fac41172 Make shell_command_token time out again 2017-01-20 23:09:22 -06:00
William Vu 84513fd83c Add exception for HttpClient 
Since it uses Rex::Proto::Http, which then uses Rex::Socket::Tcp.
 2017-01-20 20:00:27 -06:00
William Vu 89b2f087fc Add TCP/UDP hint to RPORT 
Caveat: works with mixins only (tenuously).
 2017-01-20 19:50:40 -06:00
Tim 64e7f13067
improve error detection 2017-01-19 16:40:35 +07:00
Tim c1e30b632b
fix #7725, inject into the Activity constructor 2017-01-19 16:24:26 +07:00
Tim f8f764aefc
fix #7617, invalid register when hooking smali code 2017-01-19 14:52:30 +07:00
William Vu d8da7c6d43 Fix Msf::Exploit::EXE shellcode/template mismatch 
Initialize EXE options unless code is supplied with platform/arch.
 2017-01-19 00:07:35 -06:00
Brent Cook b94eefe724
Land #7771, Add history deduplication 2017-01-18 21:06:42 -06:00
William Vu ef487f6be5 Remove history clearing 2017-01-18 14:55:12 -06:00
David Maloney d564f5d60a
don't add auto targets to things without rhost 
Things like browser exploits don't have remote host options
which is what auto targeting relies on, so it does not make sense
to include the auto-targeting in these exploits

7837
 2017-01-17 11:40:07 -06:00
William Vu 77c78fa5f4 Move Rex::Text::Table workspace output to -v 2017-01-15 23:15:14 -06:00
William Vu 38382bb61a Convert workspace command to Rex::Text::Table 
Still can't get over how it's called "loots." :D
 2017-01-15 03:26:35 -06:00
William Vu b86c1f0465
Land #7823, legacy_script_to_post_module check 2017-01-13 17:37:41 -06:00
James Lee 3c0ce8eafb
Fix some rubocop complaints 2017-01-13 17:24:23 -06:00
William Vu 0800a4f816 Update RPC functionality 2017-01-12 19:35:42 -06:00
William Vu 601a88dad7 Update cmd_unload in CommandDispatcher 2017-01-12 19:29:28 -06:00
William Vu 2ad29a2351 Prefer find over each 
Since we're modifying the load method directly, there should only ever
be one previously loaded instance. Suggestion by @egypt.
 2017-01-12 19:28:06 -06:00
Brent Cook 8f6fe87400 fix assignment 2017-01-12 17:16:19 -06:00
William Vu d58db72cd0 Force unloading of already loaded plugins 2017-01-12 14:18:52 -06:00
Brent Cook c080d78922 intercept legacy meterpreter script runs and substitute post modules 2017-01-12 14:08:43 -06:00
Brent Cook b28f600aea
Land #7584, fix apk injection into proguarded apks 2017-01-11 12:45:23 -06:00
David Maloney 38a4c2aa97 fix autotargeting failure 
the fallback to the original default was failing because
it was assuming rhost was already set, so it would always
go back to the first default target. now the auto_target? method
only returns true if can pull an auto_target_host
 2017-01-10 14:12:28 -06:00
wchen-r7 18347a8de7
Land #7774, Fix pivoting of UDP sockets in scanners 2017-01-10 13:57:28 -06:00
bwatters_r7 b3e8c3376d
Land #7788, Add ability to interact with a manually backgrouned session 2017-01-10 08:55:00 -06:00
darkbushido 3e1cd0c789
adding a check to make sure you only give a signle private type 2017-01-09 15:13:36 -06:00
David Maloney 8c395338af
Land #7743, wchen's digest auth nonce fix 
land sinn3r's pr for fixing the Digest Auth nonce
 2017-01-09 14:16:09 -06:00
darkbushido 6bd2e03f37 dding realm tests showed a bug. its now squashed. 2017-01-09 13:04:34 -06:00
darkbushido 3674b25885 fixing the tests, more need to be added 2017-01-09 13:04:34 -06:00
darkbushido a3b1f7e360 the commands now work, onto tests 2017-01-09 13:04:34 -06:00
darkbushido 23cbc99341 changing the creds add command to use named params 2017-01-09 13:04:34 -06:00
darkbushido c179e0358f origin_type manual requires a user... 2017-01-09 13:04:34 -06:00
darkbushido ed3b34179b moving creds to its own dispatcher 2017-01-09 13:04:34 -06:00
William Vu 1a04691201
Fix #2504, edit command fixes I missed 3y ago 
local_editor was never nil, so there was some dead code.
 2017-01-08 03:02:19 -06:00
Craig Smith 5f07bca775 Hardware Bridge API. Initial bridge API that supports the HW rest protocol specified here: 
http://opengarages.org/hwbridge  Supports an automotive extension with UDS calls for mdoule
development.
 2017-01-06 19:51:41 -08:00
Adam Cammack dbdc558f0b
Land #7776, don't log on harmless DB errors 2017-01-06 18:25:13 -06:00
David Maloney 2108913e77
target_host method had a name collision 
this method appears to have been accidentaly overriding another
method causing sessions to never finish being established
 2017-01-06 12:44:37 -06:00
William Vu 969df408c7
Land #7786, Microsoft Edge constant for HttpClient 2017-01-05 21:07:57 -06:00
David Maloney 10cfadaf98 add optional output to merterp run_cmd 
the run_cmd method on meterpreter sessions can now
take an optiona output IO to redirect output. This allows
backgrounded sessions to also run commands and still output
to the console
 2017-01-05 12:12:20 -06:00
Carter e85721113a Add Edge to constants 2017-01-04 22:20:42 -05:00
wchen-r7 180795f209 Fix #7743, nil @cnonce in rex/proto/http/client.rb 
Fix #7743
 2017-01-04 11:50:31 -06:00
David Maloney 31d36d9112 if autotargeting fails fall back 
fallback to the original first target if auto-targeting fails
 2017-01-03 14:38:52 -06:00
David Maloney 5fd531028c ome minor guards and spec fixes 
some minor conditional guards and spec fixes
 2017-01-03 14:38:51 -06:00
David Maloney 2d5158403b add YARD docs to auto target methods 
added YARD docs

MS-2325
 2017-01-03 14:38:51 -06:00
David Maloney a61b92aa3e tweak target selection 
the target selection actually adjust the datastore
as if a user selected the target, this prevents
a mismatch between the target and the target index

MS-2325
 2017-01-03 14:38:51 -06:00
David Maloney 3d2957dff1 tying it all together 
insert our autotarget routine into
the main target selection process

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 44830dfc54 prefer authour's target over ours 
if the module authour added an automatic target
we skip our routine, to let the module's own automatic targeting
take over as it likely be better

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 1afc57da40 determine most precise filter 
drop back to our most precise level of filtering

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 201b65e43d remaining os filtering 
now can filter by os name and service pack
need to do final logic to turn that into an actual
target selection

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 05ac2ee6ed convert first stage to os_family 
added the new os-family column to Host
so now we use that as our first stage filter
for targets

MS-2325
 2017-01-03 14:38:49 -06:00
David Maloney 95d5c7a778 filtering by os_name 
targets now filtered by OS name, but a little
more processing may be needed on this part because
it looks like what you'd expect in os_flavor gets jammed
into name instead

MS-2325
 2017-01-03 14:38:49 -06:00
David Maloney 4060e63b89 add tests for auto target addition 
tests to make sure we add auto targets only
in the appropriate conditions

MS-2325
 2017-01-03 14:38:49 -06:00
David Maloney 84d5e42e4f start gearing up for testing 
start getting auto-targeting test framework in place
so we can have unit tests for this behaviour

MS-2325
 2017-01-03 14:38:45 -06:00
David Maloney 769d477e97 if no automatic target defined, add one 
if an exploit does not have a defined automatic target
then we add one in for our fallback auto-targeting

MS-2325
 2017-01-03 13:54:34 -06:00
Brent Cook 3808eebad8
Land #7704, Update jobs output to show TCP listener information 2017-01-02 15:44:49 -06:00
Brent Cook d9be9f3b2e
Land #7764, add to_handler command to launch a handler from the payload module 2017-01-02 15:40:38 -06:00
Brent Cook 35bb725f19 rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00
Brent Cook 4f0569c6ce support pivoting with UDP port scanners 
Use bound UDP sockets for each UDP service/ip that we wish to scan,
managing and closing them locally as they expire, rather than an unbound
socket.
 2017-01-02 08:55:27 -06:00
Brent Cook 225aaac8fd remove logging of expected exceptions in connection_established? method 2017-01-02 08:31:05 -06:00
William Vu 4264521354 Fix broken CVE reference and update links 
Prefer HTTPS over HTTP, too.
 2017-01-01 21:33:59 -06:00
Pedro Ribeiro 956602cbfe add final wnr2000 sploits 2016-12-31 16:49:05 +00:00
William Vu fdfa8b8fdb Remove erroneous newline 2016-12-30 19:09:37 -06:00
William Vu db90d541fb Add history deduplication and clearing 2016-12-30 19:02:47 -06:00
William Vu 73d454387c
Fix #7765, additional fixes for history command 
1. Really fix crash by restoring default behavior
2. Add whitespace padding to command number
3. Refactor logic a bit for clarity
 2016-12-30 18:21:24 -06:00
William Vu 3ff74f019d
Fix #7765, history command fixes and improvements 
1. Fix crash when no arguments are specified
2. Print history index starting at 1 like every shell
3. Fixed wording/phrasing
4. Fixed formatting/whitespace
 2016-12-30 17:35:18 -06:00
h00die 2856facdf0
Land #7765, adds the history command to msfconsole 2016-12-30 14:54:32 -05:00
Luis Fontes e729254b4f minor tweaks 
added dots to the end of lines,
checked val for nil before runing match
 2016-12-30 19:30:01 +00:00
Luis Fontes f073e78838 replaced hardcoded value variable 2016-12-30 08:49:13 +00:00
William Vu 0321000ea7 Update Http mixin for opts[:ssl] 
1. Add opts[:ssl]
2. Remove opts[:busybox]
3. Refactor logic
4. Remove resource_uri
 2016-12-30 00:56:02 -06:00
William Vu 34d358b8d7 Update CmdStager with new toys 2016-12-30 00:56:02 -06:00
William Vu 58dd59fad5 Add Http mixin for CmdStager 2016-12-30 00:56:02 -06:00
Luis Fontes e7249742b3 Added the history command 
Added the "history" command to see a list of commands used before.

```
msf exploit(handler) > history -n 4
2344  set PAYLOAD windows/meterpreter/reverse_tcp
2345  set LHOST 10.0.1.109
2346  exploit
2347  history -n 4
msf exploit(handler) > history -h
Usage: history [options]

Show the command history


OPTIONS:

    -a        Show length commands in history
    -h        Help banner.
    -n <opt>  Show the last n commands

msf exploit(handler) > 
```
 2016-12-29 17:03:54 +00:00
Luis Fontes cb0a7986bf Added to_handler command 
This commit adds a "to_handler" command to msfconsole when "using" a payload.

After generating a payload from msfconsole, we needed to set multi/handler and the payload with the same param as we used to generate it. That was really boring...
The to_handler command creates the handler and sets the payload and the options set for it.

### Example Output:





```
msf > use payload/windows/meterpreter_reverse_tcp 
msf payload(meterpreter_reverse_tcp) > set LHOST 10.0.1.109
LHOST => 10.0.1.109
msf payload(meterpreter_reverse_tcp) > set LPORT 3377
LPORT => 3377
msf payload(meterpreter_reverse_tcp) > show options

Module options (payload/windows/meterpreter_reverse_tcp):

   Name        Current Setting  Required  Description
   ----        ---------------  --------  -----------
   EXITFUNC    process          yes       Exit technique (Accepted: '', seh, thread, process, none)
   EXTENSIONS                   no        Comma-separate list of extensions to load
   EXTINIT                      no        Initialization strings for extensions
   LHOST       10.0.1.109       yes       The listen address
   LPORT       3377             yes       The listen port

msf payload(meterpreter_reverse_tcp) > to_handler
[*] Payload Handler Started as Job 0
[*] Started reverse TCP handler on 10.0.1.109:3377 
[*] Starting the payload handler...
msf payload(meterpreter_reverse_tcp) > 
```
 2016-12-28 20:03:40 +00:00
bwatters_r7 4906b8a85a
LAND #7760, prevent duplicate UUIDs when generating Android HTTP/S payloads 2016-12-28 10:48:36 -06:00
Brent Cook a4950a1598 add auto-complete info for 'show info' 
msf > use auxiliary/admin/http/nuuo_nvrmini_reset
msf auxiliary(nuuo_nvrmini_reset) > show
show actions    show all        show encoders   show exploits   show missing    show options    show plugins    show targets
show advanced   show auxiliary  show evasion    show info       show nops       show payloads   show post
 2016-12-27 15:48:41 -06:00
Brent Cook e74239b30f allow reusing the already-generated payload uuid in generate_uri_uuid_mode 2016-12-27 15:37:39 -06:00
William Webb 5702bd6745
Land #7674, Move migration stub generation code into msf 2016-12-22 17:53:00 -06:00
Brent Cook 9e75866188
Land #7738, Add sort by column to services and hosts commands 2016-12-22 01:10:45 -06:00
William Vu 0221d2d904
Land #7735, make assigning payloads fast again! 2016-12-21 00:16:52 -06:00
William Vu f95136ce67 Prefer && over and 2016-12-21 00:16:33 -06:00
William Vu 574ebd07d7 Update cmd_hosts 2016-12-20 23:32:10 -06:00
h00die cc293f06fe
Adds some fail safes to cmd_use 2016-12-20 22:08:41 -05:00
William Vu 60d5cefd68
Land #7727, nuke sess from orbit 
Replace with consolidated sessions command.
 2016-12-20 20:35:20 -06:00
William Vu 6e830a886e
Land #7737, print_warning on session_compatible? 2016-12-20 20:11:11 -06:00
OJ 1098bc6d90
Warn user when session not compat instead of failing 
This commit changes the post mixin so that the session compat check only
shows a warning rather than throwing an exception and stopping the
module from working completely.

This is off the back of the discussion involved with #7736
 2016-12-21 11:14:52 +10:00
William Vu 11e3e1f3dd Handle a couple more edge cases 
I don't want to go any further down the rabbit hole.
 2016-12-20 18:36:22 -06:00
William Vu 41605c533c Add reference name enforcement to cmd_use 2016-12-20 18:21:24 -06:00
Brent Cook efb015facc make assigning payload fast again 
This streamlines the check for whether the currently-selected payload is
compatible on assignment. Rather than building the entire list of
compatible payloads, and seeing if what the user typed is in it (and
making multiple giant lists on the way), we simply check the module the
user typed directly.
 2016-12-20 17:39:09 -06:00
OJ ee4caba646
Remove `terminal` and tweak `sessions` 
Hopefully everyone is now happy!
 2016-12-20 07:50:07 +10:00
OJ 74040c4ee6
Rename the `sess` command to `terminal` 
Lots of people have been frustrated by the `sess` command as it mucks
with the autocomplete for `sessions`. This is a fair concern, especially
given that `sess` was intended to be a non-annoying shortcut.

This commit changes the `sess` command so that it is instead called
`terminal`. I couldn't think of a better option that didn't already
clash with another name or meaning. At least `terminal` is something
that doesn't clash, doesn't muck with any existin autocomplete rules,
and is in some way another name for the existing sessions.

Feedback appreciated!
 2016-12-19 17:05:04 +10:00
Sonny Gonzalez 2e198ae2a8
Land #7721, better smtp connection error messages 2016-12-18 14:38:13 -06:00
Adam Cammack 62d8cc7b21
Handle some error conditions with SMTP delivery 2016-12-16 16:06:02 -06:00
jinq102030 f29c9a7c45 Merge pull request #7716 from acammack-r7/smtp-deliver-ssl 
Make SMTP delivery work with a range of server SSL
 2016-12-16 08:58:55 -06:00
David Maloney 8b02f422f7 add meterpreter cmd interaction to console 
add the -C flag to the sessions command to trigger
meterpreter commands on sessions without going
full interactive
 2016-12-15 23:17:06 -06:00
Adam Cammack 47df88a5cc
Make SMTP delivery work with a range of server SSL 2016-12-15 16:57:08 -06:00
Brent Cook fa016de78a
Land #7634, Implement universal HTTP/S handlers for Meterpreter payloads 2016-12-13 18:13:22 -06:00
William Vu ad7b3dac2d Account for negative indices 2016-12-12 14:24:24 -06:00
William Vu b9e9d97479 Add -O (order_by) to services (cmd_services) 2016-12-12 14:24:24 -06:00
OJ 505cc19662
Update reverse_tcp to show TCP listener information 
Also update the readable text to only output the listener information if
it differs from the payload information.
 2016-12-12 15:56:26 +10:00
Adam Cammack ccba73b324
Add stageless mettle for Linux/zarch 2016-12-09 18:30:52 -06:00
Adam Cammack 7d36d41b20
Add stageless mettle for Linux/ppc64le 2016-12-09 18:27:22 -06:00
Adam Cammack ee7d5fc0c9
Add stageless mettle for Linux/ppc 2016-12-09 18:25:57 -06:00
Adam Cammack 7aec68c1fe
Add stageless mettle for Linux/mips64 2016-12-09 18:21:52 -06:00
Adam Cammack b74482aa6e
Add stageless mettle for Linux/armbe 2016-12-09 18:18:22 -06:00
Adam Cammack 12b296ab1a
Add stageless mettle for Linux/aarch64 2016-12-09 18:05:34 -06:00
Brent Cook 50f95f9940
Land #7681, Get ready for stageless mettle 2016-12-09 09:31:47 -06:00
Adam Cammack eeef8fa6ad
Add new arches to UUIDs 2016-12-08 16:29:43 -06:00
OJ d0696a09ad
Move migration stub generation into MSF 
This code adds support for transport-specific migration stubs to be
generated in MSF rather than having them hard-coded in Meterpreter.
 2016-12-08 16:01:13 +10:00
David Maloney 74b3a00035
fix payload datastore merge 
fix the way we merge the payload datastore in so
the options actually take
 2016-12-07 14:04:42 -06:00
Adam Cammack c5641c9681
Factor out mettle configuration 
Also cleans up some stuff: s/url/uri/ and base-64 encodes UUIDs
 2016-12-06 18:28:48 -06:00
David Maloney 606232828f
freeze punk, it's rubocop! 
rubocop autocrrecting a bunch of stuff *fingers crossed*
 2016-12-06 17:17:56 -06:00
David Maloney dc53057639
more bcook fixes 
the rebase lost some of these
 2016-12-06 17:14:22 -06:00
David Maloney c8f6ac99a1
reapply bcook's indentation fixes 2016-12-06 16:52:46 -06:00
David Maloney d3225ce2fb
Merge branch 'master' into feature/handler-command 2016-12-06 16:51:57 -06:00
Brent Cook f734031804
Land #7655, Refactor/cleanup core command dispatcher 2016-12-06 16:38:42 -06:00
Brent Cook d091a32be8 whitespace/indentation 2016-12-06 16:37:22 -06:00
Adam Cammack 1ec7474067
Don't embed ELFs in ELF templates 2016-12-06 14:14:40 -06:00
David Maloney 62f0e7b20a
add the handler console command 
sometimes, as a user, you need to start a handler
but don't want to exit your current console context.
The new handler command allows a user to spin up a handler
in background job without switching contexts
 2016-12-06 14:04:39 -06:00
OJ ffee0ff1b6
Fix payload cache size issue, fix shell/bind payloads 2016-12-06 11:12:02 +10:00
Jeffrey Martin 9ba6797d19
use arch for session_compatible? to support shell sessions 2016-12-05 15:56:28 -06:00
Jeffrey Martin 483228c4ea
use platform for session_compatible? to support shell sessions 2016-12-05 14:14:37 -06:00
David Maloney f56c7f9a8e
cosmetic touchups 2016-12-05 11:25:56 -06:00
David Maloney d85f9880ff
fix command dispatcher specs 2016-12-05 11:16:15 -06:00
David Maloney ab2e88a49e
created modules command dispatcher 
moved all commands related to navigating around
modules, editing them, and viewing their info into
a new command dispatcher
 2016-12-05 10:30:18 -06:00
David Maloney 6557a84784
add resource command dispatcher 
move resource script related commands into
their own command dispatcher
 2016-12-05 09:20:07 -06:00
David Maloney 2008dcb946
create jobs command dispatcher 
split the jobs related commands into their own
command dispatcher to start cleaning up the 'core'
dispatcher
 2016-12-05 09:12:52 -06:00
Brendan 86ec5861f9
Land #7649, update session_compatible? for changes from PR#7507 
Fixing the ability to find compatible post scripts for sessions
 2016-12-02 16:29:08 -06:00
Jeffrey Martin b218c7690a
cleanup stray comment 2016-12-02 15:25:58 -06:00
Jeffrey Martin 0be166e719
update session_compatible? for changes from PR#7507 2016-12-02 14:55:38 -06:00
darkbushido 889de05af4 removing some commented code 2016-12-02 13:06:22 -06:00
darkbushido 486f8cd2a3 adding arch to search 2016-12-02 13:05:23 -06:00
darkbushido f6694992ce changing module search to use the new scopes 2016-12-02 13:05:23 -06:00
Tim 5a2eb29a1b
remove unused generate_small_uri 2016-12-01 18:33:36 +08:00