infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
43,344 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

8490 Commits (6fb90640b998b837bbd93b2304776dd3c2f461dd)

Author SHA1 Message Date
Pearce Barry 16de745437
Minor code cleanups/corrections. 2017-02-01 16:12:45 -06:00
OJ 72c641fcab
Land #7889 - use a better check for whether rhosts exists 2017-01-31 07:49:14 +10:00
darkbushido e5d8a64770 adding the ability to create logins 2017-01-30 10:43:27 -06:00
Brent Cook 76529278b8 make sure we can actually invoke auto targeting before adding it 2017-01-30 05:24:57 -06:00
Brent Cook 7d32166c70 use a better check for whether rhosts exists 2017-01-29 19:18:23 -06:00
OJ d8511d1ad5
Add exception when SESSION doesn't exist 2017-01-30 10:26:23 +10:00
William Vu b44e7ff733 Fix argument passing for deprecated scripts 
This allows the scripts to continue working while warning the user.

See also: c59b5eaa2f.
 2017-01-29 14:14:55 -06:00
darkbushido 39d702ebd9
changing the syntax to work with ruby 2.1 
Fixes #7881
 2017-01-27 11:20:26 -06:00
William Vu c59b5eaa2f
Fix #7823, legacy_script_to_post_module fixes 2017-01-26 16:26:00 -06:00
Craig Smith 87701ff758 Added more error handling to bail out more gracefully when things go wrong. Could 
be more common with bluetooth connections.
 2017-01-25 18:23:57 -08:00
Craig Smith 2ff4e6f57e Fixed defaults for elm327 realy. 
Array2Hex in the automotive extension how supports passing an array or integers or string hexes
Added some extra error handling for UDS calls to non-supported pids
 2017-01-25 11:30:29 -08:00
Pearce Barry 9b16cdf602
Land #7845, Fix Msf::Exploit::EXE shellcode/template mismatch 2017-01-22 16:09:41 -06:00
Brent Cook 414977125f Merge remote-tracking branch 'upstream/master' into land-7847- 2017-01-22 14:11:40 -06:00
Brent Cook ac2ceca5e3
Land #7804, Switch the creds command to use named options 2017-01-22 10:49:19 -06:00
Brent Cook 6a2d036ea8 depend on regular rb-readline, bugs fixed upstream 2017-01-22 10:20:05 -06:00
Brent Cook 99047fa8a1 be stricter in what we accept for payload uri 
datastore needs to contain something to produce a valid URI
 2017-01-22 10:20:04 -06:00
Brent Cook 836da6177f Cipher::Cipher is deprecated 2017-01-22 10:20:03 -06:00
Brent Cook f69b4a330e handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations 2017-01-22 10:20:03 -06:00
William Vu a7fac41172 Make shell_command_token time out again 2017-01-20 23:09:22 -06:00
William Vu 84513fd83c Add exception for HttpClient 
Since it uses Rex::Proto::Http, which then uses Rex::Socket::Tcp.
 2017-01-20 20:00:27 -06:00
William Vu 89b2f087fc Add TCP/UDP hint to RPORT 
Caveat: works with mixins only (tenuously).
 2017-01-20 19:50:40 -06:00
Tim 64e7f13067
improve error detection 2017-01-19 16:40:35 +07:00
Tim c1e30b632b
fix #7725, inject into the Activity constructor 2017-01-19 16:24:26 +07:00
Tim f8f764aefc
fix #7617, invalid register when hooking smali code 2017-01-19 14:52:30 +07:00
William Vu d8da7c6d43 Fix Msf::Exploit::EXE shellcode/template mismatch 
Initialize EXE options unless code is supplied with platform/arch.
 2017-01-19 00:07:35 -06:00
Brent Cook b94eefe724
Land #7771, Add history deduplication 2017-01-18 21:06:42 -06:00
William Vu ef487f6be5 Remove history clearing 2017-01-18 14:55:12 -06:00
David Maloney d564f5d60a
don't add auto targets to things without rhost 
Things like browser exploits don't have remote host options
which is what auto targeting relies on, so it does not make sense
to include the auto-targeting in these exploits

7837
 2017-01-17 11:40:07 -06:00
William Vu 77c78fa5f4 Move Rex::Text::Table workspace output to -v 2017-01-15 23:15:14 -06:00
William Vu 38382bb61a Convert workspace command to Rex::Text::Table 
Still can't get over how it's called "loots." :D
 2017-01-15 03:26:35 -06:00
William Vu b86c1f0465
Land #7823, legacy_script_to_post_module check 2017-01-13 17:37:41 -06:00
James Lee 3c0ce8eafb
Fix some rubocop complaints 2017-01-13 17:24:23 -06:00
William Vu 0800a4f816 Update RPC functionality 2017-01-12 19:35:42 -06:00
William Vu 601a88dad7 Update cmd_unload in CommandDispatcher 2017-01-12 19:29:28 -06:00
William Vu 2ad29a2351 Prefer find over each 
Since we're modifying the load method directly, there should only ever
be one previously loaded instance. Suggestion by @egypt.
 2017-01-12 19:28:06 -06:00
Brent Cook 8f6fe87400 fix assignment 2017-01-12 17:16:19 -06:00
William Vu d58db72cd0 Force unloading of already loaded plugins 2017-01-12 14:18:52 -06:00
Brent Cook c080d78922 intercept legacy meterpreter script runs and substitute post modules 2017-01-12 14:08:43 -06:00
Brent Cook b28f600aea
Land #7584, fix apk injection into proguarded apks 2017-01-11 12:45:23 -06:00
David Maloney 38a4c2aa97 fix autotargeting failure 
the fallback to the original default was failing because
it was assuming rhost was already set, so it would always
go back to the first default target. now the auto_target? method
only returns true if can pull an auto_target_host
 2017-01-10 14:12:28 -06:00
wchen-r7 18347a8de7
Land #7774, Fix pivoting of UDP sockets in scanners 2017-01-10 13:57:28 -06:00
bwatters_r7 b3e8c3376d
Land #7788, Add ability to interact with a manually backgrouned session 2017-01-10 08:55:00 -06:00
darkbushido 3e1cd0c789
adding a check to make sure you only give a signle private type 2017-01-09 15:13:36 -06:00
David Maloney 8c395338af
Land #7743, wchen's digest auth nonce fix 
land sinn3r's pr for fixing the Digest Auth nonce
 2017-01-09 14:16:09 -06:00
darkbushido 6bd2e03f37 dding realm tests showed a bug. its now squashed. 2017-01-09 13:04:34 -06:00
darkbushido 3674b25885 fixing the tests, more need to be added 2017-01-09 13:04:34 -06:00
darkbushido a3b1f7e360 the commands now work, onto tests 2017-01-09 13:04:34 -06:00
darkbushido 23cbc99341 changing the creds add command to use named params 2017-01-09 13:04:34 -06:00
darkbushido c179e0358f origin_type manual requires a user... 2017-01-09 13:04:34 -06:00
darkbushido ed3b34179b moving creds to its own dispatcher 2017-01-09 13:04:34 -06:00
William Vu 1a04691201
Fix #2504, edit command fixes I missed 3y ago 
local_editor was never nil, so there was some dead code.
 2017-01-08 03:02:19 -06:00
Craig Smith 5f07bca775 Hardware Bridge API. Initial bridge API that supports the HW rest protocol specified here: 
http://opengarages.org/hwbridge  Supports an automotive extension with UDS calls for mdoule
development.
 2017-01-06 19:51:41 -08:00
Adam Cammack dbdc558f0b
Land #7776, don't log on harmless DB errors 2017-01-06 18:25:13 -06:00
David Maloney 2108913e77
target_host method had a name collision 
this method appears to have been accidentaly overriding another
method causing sessions to never finish being established
 2017-01-06 12:44:37 -06:00
William Vu 969df408c7
Land #7786, Microsoft Edge constant for HttpClient 2017-01-05 21:07:57 -06:00
David Maloney 10cfadaf98 add optional output to merterp run_cmd 
the run_cmd method on meterpreter sessions can now
take an optiona output IO to redirect output. This allows
backgrounded sessions to also run commands and still output
to the console
 2017-01-05 12:12:20 -06:00
Carter e85721113a Add Edge to constants 2017-01-04 22:20:42 -05:00
wchen-r7 180795f209 Fix #7743, nil @cnonce in rex/proto/http/client.rb 
Fix #7743
 2017-01-04 11:50:31 -06:00
David Maloney 31d36d9112 if autotargeting fails fall back 
fallback to the original first target if auto-targeting fails
 2017-01-03 14:38:52 -06:00
David Maloney 5fd531028c ome minor guards and spec fixes 
some minor conditional guards and spec fixes
 2017-01-03 14:38:51 -06:00
David Maloney 2d5158403b add YARD docs to auto target methods 
added YARD docs

MS-2325
 2017-01-03 14:38:51 -06:00
David Maloney a61b92aa3e tweak target selection 
the target selection actually adjust the datastore
as if a user selected the target, this prevents
a mismatch between the target and the target index

MS-2325
 2017-01-03 14:38:51 -06:00
David Maloney 3d2957dff1 tying it all together 
insert our autotarget routine into
the main target selection process

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 44830dfc54 prefer authour's target over ours 
if the module authour added an automatic target
we skip our routine, to let the module's own automatic targeting
take over as it likely be better

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 1afc57da40 determine most precise filter 
drop back to our most precise level of filtering

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 201b65e43d remaining os filtering 
now can filter by os name and service pack
need to do final logic to turn that into an actual
target selection

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 05ac2ee6ed convert first stage to os_family 
added the new os-family column to Host
so now we use that as our first stage filter
for targets

MS-2325
 2017-01-03 14:38:49 -06:00
David Maloney 95d5c7a778 filtering by os_name 
targets now filtered by OS name, but a little
more processing may be needed on this part because
it looks like what you'd expect in os_flavor gets jammed
into name instead

MS-2325
 2017-01-03 14:38:49 -06:00
David Maloney 4060e63b89 add tests for auto target addition 
tests to make sure we add auto targets only
in the appropriate conditions

MS-2325
 2017-01-03 14:38:49 -06:00
David Maloney 84d5e42e4f start gearing up for testing 
start getting auto-targeting test framework in place
so we can have unit tests for this behaviour

MS-2325
 2017-01-03 14:38:45 -06:00
David Maloney 769d477e97 if no automatic target defined, add one 
if an exploit does not have a defined automatic target
then we add one in for our fallback auto-targeting

MS-2325
 2017-01-03 13:54:34 -06:00
Brent Cook 3808eebad8
Land #7704, Update jobs output to show TCP listener information 2017-01-02 15:44:49 -06:00
Brent Cook d9be9f3b2e
Land #7764, add to_handler command to launch a handler from the payload module 2017-01-02 15:40:38 -06:00
Brent Cook 35bb725f19 rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00
Brent Cook 4f0569c6ce support pivoting with UDP port scanners 
Use bound UDP sockets for each UDP service/ip that we wish to scan,
managing and closing them locally as they expire, rather than an unbound
socket.
 2017-01-02 08:55:27 -06:00
Brent Cook 225aaac8fd remove logging of expected exceptions in connection_established? method 2017-01-02 08:31:05 -06:00
William Vu 4264521354 Fix broken CVE reference and update links 
Prefer HTTPS over HTTP, too.
 2017-01-01 21:33:59 -06:00
Pedro Ribeiro 956602cbfe add final wnr2000 sploits 2016-12-31 16:49:05 +00:00
William Vu fdfa8b8fdb Remove erroneous newline 2016-12-30 19:09:37 -06:00
William Vu db90d541fb Add history deduplication and clearing 2016-12-30 19:02:47 -06:00
William Vu 73d454387c
Fix #7765, additional fixes for history command 
1. Really fix crash by restoring default behavior
2. Add whitespace padding to command number
3. Refactor logic a bit for clarity
 2016-12-30 18:21:24 -06:00
William Vu 3ff74f019d
Fix #7765, history command fixes and improvements 
1. Fix crash when no arguments are specified
2. Print history index starting at 1 like every shell
3. Fixed wording/phrasing
4. Fixed formatting/whitespace
 2016-12-30 17:35:18 -06:00
h00die 2856facdf0
Land #7765, adds the history command to msfconsole 2016-12-30 14:54:32 -05:00
Luis Fontes e729254b4f minor tweaks 
added dots to the end of lines,
checked val for nil before runing match
 2016-12-30 19:30:01 +00:00
Luis Fontes f073e78838 replaced hardcoded value variable 2016-12-30 08:49:13 +00:00
William Vu 0321000ea7 Update Http mixin for opts[:ssl] 
1. Add opts[:ssl]
2. Remove opts[:busybox]
3. Refactor logic
4. Remove resource_uri
 2016-12-30 00:56:02 -06:00
William Vu 34d358b8d7 Update CmdStager with new toys 2016-12-30 00:56:02 -06:00
William Vu 58dd59fad5 Add Http mixin for CmdStager 2016-12-30 00:56:02 -06:00
Luis Fontes e7249742b3 Added the history command 
Added the "history" command to see a list of commands used before.

```
msf exploit(handler) > history -n 4
2344  set PAYLOAD windows/meterpreter/reverse_tcp
2345  set LHOST 10.0.1.109
2346  exploit
2347  history -n 4
msf exploit(handler) > history -h
Usage: history [options]

Show the command history


OPTIONS:

    -a        Show length commands in history
    -h        Help banner.
    -n <opt>  Show the last n commands

msf exploit(handler) > 
```
 2016-12-29 17:03:54 +00:00
Luis Fontes cb0a7986bf Added to_handler command 
This commit adds a "to_handler" command to msfconsole when "using" a payload.

After generating a payload from msfconsole, we needed to set multi/handler and the payload with the same param as we used to generate it. That was really boring...
The to_handler command creates the handler and sets the payload and the options set for it.

### Example Output:





```
msf > use payload/windows/meterpreter_reverse_tcp 
msf payload(meterpreter_reverse_tcp) > set LHOST 10.0.1.109
LHOST => 10.0.1.109
msf payload(meterpreter_reverse_tcp) > set LPORT 3377
LPORT => 3377
msf payload(meterpreter_reverse_tcp) > show options

Module options (payload/windows/meterpreter_reverse_tcp):

   Name        Current Setting  Required  Description
   ----        ---------------  --------  -----------
   EXITFUNC    process          yes       Exit technique (Accepted: '', seh, thread, process, none)
   EXTENSIONS                   no        Comma-separate list of extensions to load
   EXTINIT                      no        Initialization strings for extensions
   LHOST       10.0.1.109       yes       The listen address
   LPORT       3377             yes       The listen port

msf payload(meterpreter_reverse_tcp) > to_handler
[*] Payload Handler Started as Job 0
[*] Started reverse TCP handler on 10.0.1.109:3377 
[*] Starting the payload handler...
msf payload(meterpreter_reverse_tcp) > 
```
 2016-12-28 20:03:40 +00:00
bwatters_r7 4906b8a85a
LAND #7760, prevent duplicate UUIDs when generating Android HTTP/S payloads 2016-12-28 10:48:36 -06:00
Brent Cook a4950a1598 add auto-complete info for 'show info' 
msf > use auxiliary/admin/http/nuuo_nvrmini_reset
msf auxiliary(nuuo_nvrmini_reset) > show
show actions    show all        show encoders   show exploits   show missing    show options    show plugins    show targets
show advanced   show auxiliary  show evasion    show info       show nops       show payloads   show post
 2016-12-27 15:48:41 -06:00
Brent Cook e74239b30f allow reusing the already-generated payload uuid in generate_uri_uuid_mode 2016-12-27 15:37:39 -06:00
William Webb 5702bd6745
Land #7674, Move migration stub generation code into msf 2016-12-22 17:53:00 -06:00
Brent Cook 9e75866188
Land #7738, Add sort by column to services and hosts commands 2016-12-22 01:10:45 -06:00
William Vu 0221d2d904
Land #7735, make assigning payloads fast again! 2016-12-21 00:16:52 -06:00
William Vu f95136ce67 Prefer && over and 2016-12-21 00:16:33 -06:00
William Vu 574ebd07d7 Update cmd_hosts 2016-12-20 23:32:10 -06:00
h00die cc293f06fe
Adds some fail safes to cmd_use 2016-12-20 22:08:41 -05:00
William Vu 60d5cefd68
Land #7727, nuke sess from orbit 
Replace with consolidated sessions command.
 2016-12-20 20:35:20 -06:00
William Vu 6e830a886e
Land #7737, print_warning on session_compatible? 2016-12-20 20:11:11 -06:00
OJ 1098bc6d90
Warn user when session not compat instead of failing 
This commit changes the post mixin so that the session compat check only
shows a warning rather than throwing an exception and stopping the
module from working completely.

This is off the back of the discussion involved with #7736
 2016-12-21 11:14:52 +10:00
William Vu 11e3e1f3dd Handle a couple more edge cases 
I don't want to go any further down the rabbit hole.
 2016-12-20 18:36:22 -06:00
William Vu 41605c533c Add reference name enforcement to cmd_use 2016-12-20 18:21:24 -06:00
Brent Cook efb015facc make assigning payload fast again 
This streamlines the check for whether the currently-selected payload is
compatible on assignment. Rather than building the entire list of
compatible payloads, and seeing if what the user typed is in it (and
making multiple giant lists on the way), we simply check the module the
user typed directly.
 2016-12-20 17:39:09 -06:00
OJ ee4caba646
Remove `terminal` and tweak `sessions` 
Hopefully everyone is now happy!
 2016-12-20 07:50:07 +10:00
OJ 74040c4ee6
Rename the `sess` command to `terminal` 
Lots of people have been frustrated by the `sess` command as it mucks
with the autocomplete for `sessions`. This is a fair concern, especially
given that `sess` was intended to be a non-annoying shortcut.

This commit changes the `sess` command so that it is instead called
`terminal`. I couldn't think of a better option that didn't already
clash with another name or meaning. At least `terminal` is something
that doesn't clash, doesn't muck with any existin autocomplete rules,
and is in some way another name for the existing sessions.

Feedback appreciated!
 2016-12-19 17:05:04 +10:00
Sonny Gonzalez 2e198ae2a8
Land #7721, better smtp connection error messages 2016-12-18 14:38:13 -06:00
Adam Cammack 62d8cc7b21
Handle some error conditions with SMTP delivery 2016-12-16 16:06:02 -06:00
jinq102030 f29c9a7c45 Merge pull request #7716 from acammack-r7/smtp-deliver-ssl 
Make SMTP delivery work with a range of server SSL
 2016-12-16 08:58:55 -06:00
David Maloney 8b02f422f7 add meterpreter cmd interaction to console 
add the -C flag to the sessions command to trigger
meterpreter commands on sessions without going
full interactive
 2016-12-15 23:17:06 -06:00
Adam Cammack 47df88a5cc
Make SMTP delivery work with a range of server SSL 2016-12-15 16:57:08 -06:00
Brent Cook fa016de78a
Land #7634, Implement universal HTTP/S handlers for Meterpreter payloads 2016-12-13 18:13:22 -06:00
William Vu ad7b3dac2d Account for negative indices 2016-12-12 14:24:24 -06:00
William Vu b9e9d97479 Add -O (order_by) to services (cmd_services) 2016-12-12 14:24:24 -06:00
OJ 505cc19662
Update reverse_tcp to show TCP listener information 
Also update the readable text to only output the listener information if
it differs from the payload information.
 2016-12-12 15:56:26 +10:00
Adam Cammack ccba73b324
Add stageless mettle for Linux/zarch 2016-12-09 18:30:52 -06:00
Adam Cammack 7d36d41b20
Add stageless mettle for Linux/ppc64le 2016-12-09 18:27:22 -06:00
Adam Cammack ee7d5fc0c9
Add stageless mettle for Linux/ppc 2016-12-09 18:25:57 -06:00
Adam Cammack 7aec68c1fe
Add stageless mettle for Linux/mips64 2016-12-09 18:21:52 -06:00
Adam Cammack b74482aa6e
Add stageless mettle for Linux/armbe 2016-12-09 18:18:22 -06:00
Adam Cammack 12b296ab1a
Add stageless mettle for Linux/aarch64 2016-12-09 18:05:34 -06:00
Brent Cook 50f95f9940
Land #7681, Get ready for stageless mettle 2016-12-09 09:31:47 -06:00
Adam Cammack eeef8fa6ad
Add new arches to UUIDs 2016-12-08 16:29:43 -06:00
OJ d0696a09ad
Move migration stub generation into MSF 
This code adds support for transport-specific migration stubs to be
generated in MSF rather than having them hard-coded in Meterpreter.
 2016-12-08 16:01:13 +10:00
David Maloney 74b3a00035
fix payload datastore merge 
fix the way we merge the payload datastore in so
the options actually take
 2016-12-07 14:04:42 -06:00
Adam Cammack c5641c9681
Factor out mettle configuration 
Also cleans up some stuff: s/url/uri/ and base-64 encodes UUIDs
 2016-12-06 18:28:48 -06:00
David Maloney 606232828f
freeze punk, it's rubocop! 
rubocop autocrrecting a bunch of stuff *fingers crossed*
 2016-12-06 17:17:56 -06:00
David Maloney dc53057639
more bcook fixes 
the rebase lost some of these
 2016-12-06 17:14:22 -06:00
David Maloney c8f6ac99a1
reapply bcook's indentation fixes 2016-12-06 16:52:46 -06:00
David Maloney d3225ce2fb
Merge branch 'master' into feature/handler-command 2016-12-06 16:51:57 -06:00
Brent Cook f734031804
Land #7655, Refactor/cleanup core command dispatcher 2016-12-06 16:38:42 -06:00
Brent Cook d091a32be8 whitespace/indentation 2016-12-06 16:37:22 -06:00
Adam Cammack 1ec7474067
Don't embed ELFs in ELF templates 2016-12-06 14:14:40 -06:00
David Maloney 62f0e7b20a
add the handler console command 
sometimes, as a user, you need to start a handler
but don't want to exit your current console context.
The new handler command allows a user to spin up a handler
in background job without switching contexts
 2016-12-06 14:04:39 -06:00
OJ ffee0ff1b6
Fix payload cache size issue, fix shell/bind payloads 2016-12-06 11:12:02 +10:00
Jeffrey Martin 9ba6797d19
use arch for session_compatible? to support shell sessions 2016-12-05 15:56:28 -06:00
Jeffrey Martin 483228c4ea
use platform for session_compatible? to support shell sessions 2016-12-05 14:14:37 -06:00
David Maloney f56c7f9a8e
cosmetic touchups 2016-12-05 11:25:56 -06:00
David Maloney d85f9880ff
fix command dispatcher specs 2016-12-05 11:16:15 -06:00
David Maloney ab2e88a49e
created modules command dispatcher 
moved all commands related to navigating around
modules, editing them, and viewing their info into
a new command dispatcher
 2016-12-05 10:30:18 -06:00
David Maloney 6557a84784
add resource command dispatcher 
move resource script related commands into
their own command dispatcher
 2016-12-05 09:20:07 -06:00
David Maloney 2008dcb946
create jobs command dispatcher 
split the jobs related commands into their own
command dispatcher to start cleaning up the 'core'
dispatcher
 2016-12-05 09:12:52 -06:00
Brendan 86ec5861f9
Land #7649, update session_compatible? for changes from PR#7507 
Fixing the ability to find compatible post scripts for sessions
 2016-12-02 16:29:08 -06:00
Jeffrey Martin b218c7690a
cleanup stray comment 2016-12-02 15:25:58 -06:00
Jeffrey Martin 0be166e719
update session_compatible? for changes from PR#7507 2016-12-02 14:55:38 -06:00
darkbushido 889de05af4 removing some commented code 2016-12-02 13:06:22 -06:00
darkbushido 486f8cd2a3 adding arch to search 2016-12-02 13:05:23 -06:00
darkbushido f6694992ce changing module search to use the new scopes 2016-12-02 13:05:23 -06:00
Tim 5a2eb29a1b
remove unused generate_small_uri 2016-12-01 18:33:36 +08:00
Tim 4da614532b
fix luri 2016-12-01 18:22:13 +08:00
OJ 72a20ce464
Merge timwr's changes that fix android/reverse_http 2016-12-01 09:59:41 +10:00
David Maloney 2a065cd220
Land #7591, sinn3r's warbird check fix 
Lands sinn3r's fix to the warbird license verification
check in the payload segment injector
 2016-11-30 15:45:04 -06:00
Tim 78480e31e7
remove AutoLoadAndroid 2016-11-30 21:23:14 +08:00
Tim b494d069f7
fix android/meterpreter/reverse_https 2016-11-30 20:53:09 +08:00
Tim 92751714c1
fix android/meterpreter/reverse_http 2016-11-30 20:12:00 +08:00
OJ e5db0f4610
Fix unpack causing puid breakage in some cases 2016-11-30 15:51:17 +10:00
OJ 3fad75641d
Final touches to make MSF happy with all refactorings 2016-11-30 11:30:59 +10:00
OJ 834756c337
Rework android structure to function with the multi arch payload 2016-11-29 17:55:31 +10:00
OJ bdfaaf01b2
Make multi work with https 2016-11-29 15:51:38 +10:00
OJ bd8f8fd6cb
More rework of payload structure to handle multi arch handlers 2016-11-29 15:21:13 +10:00
OJ beca63645e
Revamp of java payload structure 2016-11-29 11:54:30 +10:00
OJ e8d7a074fa
Tweak to stageless handling for python payloads 2016-11-29 07:54:51 +10:00
OJ 5e8a47ac00
Merge upstream/master into universal handler work 2016-11-28 15:26:43 +10:00
OJ 496836fc06
Remove debug junk, rejig order of ops in initializer 2016-11-28 15:25:07 +10:00
OJ e8158bd200
Add multi platform type, wire into the multi stage 2016-11-28 09:34:09 +10:00
OJ 5fdd5a7326
More progress on http universal staged handler 2016-11-25 13:00:35 +10:00
Jin Qian 9f4784354a Disconnect after making the HTTP transaction in send_request_cgi 
Add a disconnect call after cgi is done.
 2016-11-23 11:20:10 -06:00
James Lee b45a36180e
Don't complain when Proxies is an empty string 2016-11-22 09:29:04 -06:00
OJ c606eabbb9
Merge 'upstream/master' into universal-handlers 2016-11-22 14:06:46 +10:00
wchen-r7 b2cc8e2b95 Fix #7569, Fix warbird check for missing text section 
Fix #7569
 2016-11-21 14:57:01 -06:00
Tim daae46d37b
Fixes #7552, fix apk injection into proguarded apks 2016-11-21 15:05:59 +08:00
Brent Cook f313389be4 Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch 2016-11-20 19:08:56 -06:00
h00die cd01b07682
Land #7565 
Lands print_bad and vprint_bad from todb-r7
 2016-11-18 13:29:39 -05:00
Tim 66ba2b077b
Land #7567, fix apk injection when template has no permissions 2016-11-17 11:42:54 +00:00
Brian Yip 927e195e28 Generate payload apk from permissionless apk 2016-11-16 00:48:10 -04:00
Tod Beardsley 1deacad2be
Add a print_bad alias for print_error 
Came up on Twitter, where Justin may have been trolling a little:

https://twitter.com/jstnkndy/status/798671298302017536

We have a `print_good` method, but not a `print_bad`, which seems a
little weird for Ruby -- opposite methods should be intuitive as Justin
is implying.

Anyway, I went with alias_method, thanks to the compelling argument at

https://github.com/bbatsov/ruby-style-guide#alias-method

...since Metasploit is all about the singleton, and didn't want to risk
some unexpected scoping thing.

Also dang, we define the `print_` methods like fifty billion times!
Really should fix that some day.
 2016-11-15 19:20:42 -06:00
Brendan 7e4645afb3
Land #7527, Add LURI support to the reverse_http/s stagers 2016-11-15 16:31:20 -06:00
dana-at-cp c0e839dfd9
Fixes keytool bug in APK inject code 2016-11-11 06:12:47 -08:00
OJ 50c2ed8509
Fix post mixin platform/session check 2016-11-05 02:41:52 +10:00
OJ b0970783ff
Another interim commit moving towards universal handlers 2016-11-04 13:25:02 +10:00
Brendan dae1f26313
Land #7521, Modernize TLS protocol configuration for SMTP / SQL Server 2016-11-03 12:56:50 -05:00
OJ 47ac122c15
Add LURI support to the reverse_http/s stagers 2016-11-03 14:51:07 +10:00
OJ 09d9733a75
Interim commit while working on multi payloads 2016-11-03 06:44:39 +10:00
OJ cc8c1adc00
Add first pass of multi x86 http/s payload (not working yet) 2016-11-03 02:44:53 +10:00
OJ 494b4e67bd
Refactor http/s handler & payloads 
This commit moves much of the platform-specific logic from the
reverse_http handler down into the payloads. This makes the handler
a bit more agnostic of what the payload is (which is a good thing).
There is more to do here though, and things can be improved.

Handling of datastore settings has been changed to make room for the
ability to override the datastore completely when generating the
payloads. If a datastore is given via the `opts` then this is used
instead otherwise it falls back to the settings specified in the usual
datatstore location.

Down the track, we'll have a payload that supports multiple stages, and
the datastore will be generated on the fly, along with the stage itself.
Without this work, there's no other nice way of getting datastore
settings to be contained per-stager.
 2016-11-02 11:33:59 +10:00
David Maloney 451686309b
fixes #7519 psh payload generation 
a few files references to the templates for pwoershell were
missed when transfering the templates over to the rex-powershell gem
 2016-11-01 14:32:40 -05:00
OJ 0fca4483c0
Correctly call generate_stage on native init 2016-11-02 00:52:25 +10:00
OJ 6ec76611c3
Fix arch typo in meterpreter_options for x64 2016-11-02 00:38:34 +10:00
Brent Cook f08a7ac10b modernize default smtp_deliver TLS options 2016-11-01 05:42:05 -05:00
OJ 294b1e5ed7
Move session_type to base, and map shell arch to string 2016-11-01 03:02:23 +10:00
OJ 44ac3f8781
Use ARCH constant in mainframe_shell 2016-11-01 02:24:44 +10:00
OJ ddd2d5e43f
Remove junk spaces from EXE exploit module 2016-11-01 01:28:21 +10:00
OJ eeff24d2ef
Change BSD regex as per Brent's suggestion 2016-11-01 01:26:45 +10:00
OJ 0730613c67
Add comment to hilight need to support ARCH_CMD in sess check 2016-10-29 14:29:05 +10:00
OJ 8605992cdf
Remove superfluous session check in the post mixin 2016-10-29 14:19:27 +10:00
OJ e5d3feebea
Final regex fix for jobs arch check 2016-10-29 14:10:01 +10:00
OJ 57eabda5dc
Merge upstream/master 2016-10-29 13:54:31 +10:00
OJ 8b97183924
Update UUID to match detected platform, fail exploit on invalid session 2016-10-29 13:45:28 +10:00
OJ 0737d7ca12
Tidy code, remove regex and use comparison for platform checks 2016-10-29 13:41:20 +10:00
OJ 9e3960f334
Update session listing to show type or platform 2016-10-29 12:46:11 +10:00
OJ 6364e93ece
Update session types to have base_platform and base_arch 2016-10-29 12:45:37 +10:00
OJ a7485c4bba
Use constants for base_arch 2016-10-29 08:10:44 +10:00
OJ 1d617ae389
Implement first pass of architecture/platform refactor 2016-10-28 07:16:05 +10:00
OJ ca377cadd7
Move the binary suffix stuff to a better location 2016-10-27 07:43:27 +10:00
Sonny Gonzalez 5ce886cf5c
Land #7490, xml importer fingerprinting fixed 2016-10-25 14:13:15 -05:00
Louis Sato 56d5c49d4d
host was no associated with the workspace 
* searching mdm host by wspace id instead
 2016-10-25 12:05:06 -05:00
Louis Sato 1378e2e61a
preserve hosts should still fingerprint new hosts 2016-10-25 09:58:30 -05:00
Louis Sato 744724c083
conditionalize fingerprinting 
* fix bug where host not preserved
 2016-10-24 18:45:48 -05:00
Jon Hart 12508f7140
Fix DRDoS mixin to handle empty responses 2016-10-24 14:21:28 -07:00
Adam Cammack 39b889ea29
Land #7459, Delay fingerprinting during import 2016-10-24 10:47:25 -05:00
Tim ce1f3e6b9e
Land #7451, copy original signing certificate when backdooring APK 2016-10-22 18:04:22 +08:00
David Maloney 6b77f509ba
fixes bad file refs for cmdstagers 
when moving to the rex-exploitation gem some of the
file references were missed, partially due to silly differences
between how each file was referenced

Fixes #7466
 2016-10-21 12:31:18 -05:00
David Maloney de87fccf85
Land #7469, OJ's php preamble fix 
this is OJ's fix for the bind_php payload
preamble that causes it to be missing the php
tags
 2016-10-21 12:05:39 -05:00
dana-at-cp b8e30a241e
Copy original cert data into new signing cert created for APK injection 2016-10-20 08:43:45 -07:00
Louis Sato f18cbd655e
delay fingerprinting of host 
MS-2073

 * imports are slow mainly caused by fingerprinting after every service creation
 * now only fingerprints after all the services are created for imports
 2016-10-18 17:42:48 -05:00
William Vu ebf52759cc
Land #7449, unsuitable language fix 2016-10-16 03:23:05 -05:00
Justin Steven 2ae62cfce1
Fix typo: Use a better adjective 2016-10-16 18:01:42 +10:00
dana-at-cp d7ac8eba45
Create new signing certificate with dname value copied from original certificate. 2016-10-15 14:05:53 -07:00
Brent Cook 5736b2c821
add missing require 2016-10-14 12:15:45 -05:00
Brent Cook 4c248ebe9e Merge branch 'master' into land-7430- 2016-10-14 09:48:33 -05:00
OJ 70011922a3
Remove binary suffixes for payloads that don't exist 2016-10-14 14:08:13 +10:00
OJ 022830634b
Rejig platform to use windows instead of win32/win64 2016-10-14 10:10:04 +10:00
Brent Cook e5ac3eda61
Land #7362, Fix apk injection script to include android payload service and broadcast receivers 2016-10-11 07:54:10 -05:00
Tim 3d9cb7375c
store Android payload information in byte array 2016-10-11 14:41:32 +08:00
OJ e139a1ee8f
Land #7383: Rebase/Fix + SSL stager support for python 2016-10-10 13:06:09 +10:00
Brent Cook 63bf93be1b code and style cleanups 2016-10-08 21:04:15 -05:00
Brent Cook 7c1fa3eb51 fix 'info -d module', it assumed active module only 2016-10-08 19:31:00 -05:00
RageLtMan 44c5fc3250 Sync build_net_code post module upstream 
Fix merge conflicts and add missing lines to framework version of
the DotNet compiler example module.

Test output to come in PR #5393
 2016-10-08 14:06:35 -05:00
RageLtMan 47b1320d08 Add options to cmd_psh_payload 
Fill in validated datastore options for generating custom PSH
payloads
 2016-10-08 14:06:35 -05:00
RageLtMan fb8e025aa5 Force datastore validation by option set 
cmd_psh_payload relies on datastore options to have a proper
data type down the call chain. When modules are created with string
values for all data store options, a conditional naively checking
what should be a boolean value for false/nil? would return true
for a string representation of "false."

Ensure that datastore options are validated prior to using them
to set variables passed into Rex methods.
 2016-10-08 14:06:35 -05:00
RageLtMan f24bfe7d4e Import Powershell::exec_in_place 
Allow passing exec_in_place parameter to cmd_psh_payload in order
to execute raw powershell without the commandline wrappers of
comspec or calling the powershell binary itself.
This is useful in contexts such as the web delivery mechanism or
recent powershell sessions as it does not require the creation of
a new PSH instance.
 2016-10-08 14:06:35 -05:00
RageLtMan 36b989e6d7 Initial import of .NET compiler and persistence 
Add Exploit::Powershell::DotNet namespace with compiler and
runtime elevator.

Add compiler modules for payloads and custom .NET code/blocks.

==============

Powershell-based persistence module to compile .NET templates
with MSF payloads into binaries which persist on host.
Templates by @hostess (way back in 2012).

C# templates for simple binaries and a service executable with
its own install wrapper.

==============

Generic .NET compiler post module

Compiles .NET source code to binary on compromised hosts.
Useful for home-grown APT deployment, decoy creation, and other
misdirection or collection activities.

Using mimikatz (kiwi), one can also extract host-resident certs
and use them to sign the generated binary, thus creating a
locally trusted exe which helps with certain defensive measures.

==============

Concept:

Microsoft has graciously included a compiler in every modern
version of Windows. Although executables which can be easily
invoked by the user may not be present on all hosts, the
shared runtime of .NET and Powershell exposes this functionality
to all users with access to Powershell.

This commit provides a way to execute the compiler entirely in
memory, seeking to avoid disk access and the associated forensic
and defensive measures. Resulting .NET assemblies can be run
from memory, or written to disk (with the option of signing
them using a pfx cert on the host). Two basic modules are
provided to showcase the functionality and execution pipeline.

Usage notes:

Binaries generated this way are dynamic by nature and avoid sig
based detection. Heuristics, sandboxing, and other isolation
mechanisms must be defeated by the user for now. Play with
compiler options, included libraries, and runtime environments
for maximum entropy before you hit the temmplates.

Defenders should watch for:
Using this in conjunction with WMI/PS remoting or other MSFT
native distributed execution mechanism can bring malware labs
to their knees with properly crafted templates.
The powershell code to generate the binaries also provides a
convenient method to leave behind complex trojans which are not
yet in binary form, nor will they be until execution (which can
occur strictly in memory avoiding disk access for the final
product).

==============

On responsible disclosure: I've received some heat over the years
for prior work in this arena. Everything here is already public,
and has been in closed PRs in the R7 repo for years. The bad guys
have had this for a while (they do their homework religiously),
defenders need to be made aware of this approach and prepare
themselves to deal with it.
 2016-10-08 14:05:53 -05:00
William Vu 1f36583db2 Add zeroSteiner to author.rb 2016-10-07 12:51:22 -05:00
David Maloney af4f3e7a0d use templates from the gem for psh 
use the templates now contained within the magical
gem of rex-powershell

7309
MS-2106
 2016-10-04 14:14:25 -05:00
Brent Cook 63d13f0f49
check if there is a stance set before checking the value 2016-10-02 19:48:49 -05:00
Tim e628fab86e
Land #7378, run zipalign during apk injection process 2016-09-30 12:27:27 +08:00
Brent Cook 6241e48b34
Land #7350, add 'sess' command for direct session switching support 2016-09-29 23:18:53 -05:00
RageLtMan 4fdb54e6a1 Fixup transport to work with upstream 
Differences in transport configuration and the actual payload do
not allow a direct splice of the original files included.

Clean up the payload generator to work with upstream handler,
payload, and transport configuration implementation.

Initial testing shows inbound sessions are created and SSL cert
is now properly attaching to the handler.
 2016-09-29 17:21:59 -05:00
RageLtMan a7470991d9 Bring Python reverse_tcp_ssl payload upstream 
Adds TLS/SSL transport encryption for reverse tcp payloads in
python
 2016-09-29 17:21:59 -05:00
dana-at-cp b06a3d3c68
Refactor code that calls zipalign on injected APK 2016-09-29 07:49:50 -07:00
dana-at-cp e8d99fb3f5
Run zipalign as last step during APK injection process 
Running zipalign on an APK after signing and before distribution
is considered general best practice. Also, properly aligning an APK
makes it less likely to be flagged as suspicious by mobile security
solutions.

More on zipalign from Google:

https://developer.android.com/studio/command-line/zipalign.html
 2016-09-28 20:05:17 -07:00
Jeffrey Martin 1689f10890
Land #7292, add android stageless meterpreter_reverse_tcp 2016-09-28 16:05:22 -05:00
Brent Cook 5a611b0ec4 use the correct scope for the Stance names 2016-09-28 13:48:28 -05:00
Tim b4a1adaf0f refactor into android.rb 2016-09-28 18:23:34 +08:00
Tim dc43f59dcf dalvik -> android 2016-09-28 14:50:52 +08:00
Tim a39c4965e4 fix apk injection script to include payload service and receivers 2016-09-26 19:50:10 +08:00
Brent Cook 006c749e6a directly check to match the former definition of aggressive? 2016-09-25 23:57:13 -04:00
Brent Cook 743bea912a fix exploit Passive / Aggressive overrides to do the right thing 2016-09-25 19:57:41 -04:00
Pearce Barry 00258a4d31
Land #7351, restore NTLM constant class shortcuts 2016-09-25 12:09:38 -05:00
dmohanty-r7 00c02bb132
Land #7349, Add initialization of RHOST value prior to calling child check() 2016-09-23 12:28:08 -05:00
Tim c13ab28a5b remove debug statement 2016-09-22 16:27:11 +01:00
Tim acb3e66064 fix comments 2016-09-22 16:26:26 +01:00
Tim 32c2311b86 android meterpreter_reverse_tcp 2016-09-22 16:26:26 +01:00
Brent Cook 2ec87d1f67 check if constant aliases are already set before setting 
(I'm presuming that was what removing was intended to help with)
 2016-09-22 07:12:42 -05:00
Brent Cook 4acb29a129 restore NTLM constant class shortcuts 2016-09-22 07:01:38 -05:00
OJ af4b1cf48f
Add the `sess` command to MSF and Meterp shells 
This new command is a simpler shortcut that allows for moving around sessions much faster from within the console.

* From inside MSF, `sess <id>` is shorthand for `sessions -i <id>`
* From inside Meterp, `sess <id>` is shorthand for `background; sessions -i <id>`

In the latter case, if the session being switched to is the same id, then no swiching happens.
 2016-09-22 16:09:59 +10:00
Brent Cook b4b709d921
Land #7342, remove OSVDB links and references from library code - leave in modules 2016-09-22 00:45:05 -05:00
William Vu fda5faf4ed
Land #7346, route command fixes 
Also adds session -1 support.
 2016-09-21 15:44:24 -05:00
Spencer McIntyre a3e3bbf2b0 Remove unnecessary reference to idx 2016-09-21 12:42:25 -04:00
Spencer McIntyre 08836a317d Fix "route add" error and support using session -1 2016-09-21 12:02:30 -04:00
Spencer McIntyre 0671e854a9 Default the route command to printing the table 2016-09-21 10:36:59 -04:00
Brendan b0bb5b5806 Added initialization of RHOST value prior to calling child check() functions 2016-09-20 18:18:52 -05:00
“Brian 4ff8235304
Remove semicolon 2016-09-20 17:57:48 -05:00
“Brian 8871673ada Merge branch 'master' of github.com:rapid7/metasploit-framework 2016-09-20 17:48:06 -05:00
“Brian 53170cca01 msfconsole command 
resolves #7330

Warns the user if they try to run msfconsole in msfconsole and does not let them do it
 2016-09-20 17:46:25 -05:00
Brent Cook 1b31e0a63e remove osvdb links 2016-09-20 14:27:59 -05:00
Pearce Barry 3f5ed75198
Relocate Rex::Platform:Windows content (fixes MS-1714) 2016-09-19 14:34:44 -05:00
dmohanty-r7 4c4f2e45d6
Land #7283, add jsp payload generator 2016-09-16 14:37:59 -05:00
Brent Cook b21daa7019
Land #7263, Automatically generate keystore for android apk signing 2016-09-15 22:09:15 -05:00
Brent Cook e09fe08983
Land #7278, fix FTP path traversal scanners 2016-09-12 10:47:36 -05:00
Brendan a30711ddcd
Land #7279, Use the rubyntlm gem (again) 2016-09-07 16:33:35 -05:00
David Maloney 43942e6029 refactor pem parser to use the rex-socket gem version 
use rex-socket's pem aprser instead of the old one we used
to have in rex::parser

MS-1715
 2016-09-07 11:38:27 -05:00
David Maloney 405c59b8b8 move bidirectional pipe into rex/ui/text 
this didn't really fit with the rest of rex::io and it inherits
from inside rex/ui/text so just put it there

MS-1715
 2016-09-07 11:34:04 -05:00
Christian Mehlmauer c6012e7947
add jsp payload generator 2016-09-06 22:17:21 +02:00
William Vu b701048ce2 Fix data_disconnect to shutdown only if datasocket 
Seeing people use this with ensure when their data channel was never set
up. This breaks things. :)
 2016-09-05 15:54:26 -05:00
Tim 9ebe18d096
automatically generate keystore for apk signing 2016-09-01 10:19:58 +01:00
Pearce Barry 226ded8d7e
Land #6921, Support basic and form auth at the same time 2016-08-25 16:31:26 -05:00
William Vu 954dee752b Sort msfvenom --help-platforms 
Also sort --help-formats.
 2016-08-25 14:02:58 -05:00
Pearce Barry 250e6676ca
Update crawler with new auth key values. 2016-08-24 16:01:46 -05:00
William Vu 61f1e7e9c2 Add server_port to HTTP fingerprint 
MS-1982
 2016-08-24 13:24:24 -05:00
Pearce Barry 03e14ec86f
Land #7232, Net::SSH Regression Fixes 
Fixes #7160
Fixes #7175
Fixes #7229
 2016-08-23 14:53:42 -05:00
David Maloney 95b82219a3
Land #7233, ssh over L# pivot 
this lands egypt's fix for using Net::SSH over L# pivots
 2016-08-23 14:12:54 -05:00
William Webb 3b3b4723c2
Land #7231, Fix Android Meterpreter command autoload and sysinfo 2016-08-22 12:22:43 -05:00
David Maloney b6dff719f3
add a hard require to the ssh mixin 
added hard require for SSHFactory into the ssh exploit mixin
this should prevent any laod-order bugs from cropping up again
 2016-08-22 09:56:07 -05:00
Tim Wright 3955c4332d fix android autoload commands and sysinfo 2016-08-22 14:53:58 +01:00
wchen-r7 265adebd50 Fix typo 2016-08-19 10:44:24 -05:00
wchen-r7 0f4d26af19 Update yard doc 2016-08-18 17:18:16 -05:00
wchen-r7 2a61450511 Add new POST exploitation APIs for stealing a token 2016-08-18 17:08:21 -05:00
James Lee 91417e62a8
Cleanup docs 2016-08-18 10:40:32 -05:00
William Vu bc9a402d9e
Land #7214, print_brute ip:rport fix 2016-08-17 22:48:40 -05:00
William Webb 667c3566e5
Land #7209, Add functionality to pull .NET versions on Windows hosts 2016-08-17 12:48:05 -05:00
Brent Cook b37dc8ea27
Land #7210, allow send_request_cgi to close a non-global socket 2016-08-16 22:54:23 -05:00
Brendan b25b2a5188 Cleaned up code per suggestions in the PR 2016-08-16 16:16:25 -05:00
wchen-r7 5f8ef6682a Fix #7202, Make print_brute print ip:rport if available 
Fix #7202
 2016-08-16 15:34:30 -05:00
Brent Cook e70402a130 use the platform string verbatim on windows meterpreter 2016-08-15 23:50:57 -05:00
wchen-r7 498657ab35 Fix #3860, tearing down TCP connection for send_request_cgi 
Fix #3860
 2016-08-15 15:45:52 -05:00
Brendan 0778b77f7b Cleaned up a little 2016-08-15 12:20:28 -07:00
Brendan 7730e0eb27 Added ability to retrieve .NET versions 2016-08-15 11:29:00 -07:00
Brendan 906d480264 Added dotnet require 2016-08-15 11:06:29 -07:00
Pearce Barry 1e7663c704
Land #7200, Rex::Ui::Text cleanup 2016-08-12 16:22:55 -05:00
Brent Cook 6a035b7e48
Land #7161, add specs for cisco mixin to use Metasploit Credentials 2016-08-12 10:07:17 -05:00
Pearce Barry 6386d9daca
Land #7178, Add a method to check the Powershell version 2016-08-11 11:02:41 -05:00
wchen-r7 e08c4a8bef Remove .Net check 
cmd_exec doesn't seem to be the best way to go because there is
some issue grabbing the output sometimes.
 2016-08-11 10:49:06 -05:00
David Maloney 09ad342b67
Merge branch 'master' into feature/MS-1875/rex-table 2016-08-10 15:58:27 -05:00
wchen-r7 3851db7bcb Use powershell when possible 2016-08-10 15:14:11 -05:00
Brent Cook 1cb01ee876 remove architecture fidling from platform string for now 2016-08-10 14:46:48 -05:00
David Maloney eb73a6914d
replace old rex::ui::text::table refs 
everywhere we called the class we have now rewritten it
to use the new namespace

MS-1875
 2016-08-10 13:30:09 -05:00
dmohanty-r7 b027176799
Land #7156, use windows_error gem for constants 2016-08-10 11:47:37 -05:00
Pearce Barry ae59c4ae74
Land #6687, Fix meterpreter platform to include OS in the tuple for all meterpreters 2016-08-07 05:00:24 -05:00
wchen-r7 4055fd1930 Do e.message instead of e.to_s 2016-08-05 14:12:50 -05:00
wchen-r7 d59b6d99ee Make the debug output more readable 2016-08-05 13:20:53 -05:00
wchen-r7 766c0cc539 return nil if no .Net is installed 2016-08-05 11:36:32 -05:00
wchen-r7 a8d9a5c02c Print exceptions if needed 2016-08-04 18:14:22 -05:00
wchen-r7 7538b3dcf8 Fix #7170, Add HttpTrace option for HttpClient 
Fix #7170
 2016-08-04 16:09:17 -05:00
wchen-r7 11f94a6efc Do a different wmic query for newer systems 2016-08-04 14:50:46 -05:00
wchen-r7 3ea3d95744 Add methods to check .Net and Powershell versions 2016-08-03 17:49:15 -05:00
darkbushido 5a1cd24350 finishing converting the last of this to credentials 2016-07-29 09:58:17 -05:00
darkbushido 0972005b24 updating 'ppp.*username secret' 2016-07-29 09:58:17 -05:00
darkbushido 1d33c9aa88 updating specs upto 'username secret' 2016-07-29 09:58:17 -05:00
darkbushido 73b362cade updating more spec 2016-07-29 09:58:16 -05:00
darkbushido b66621af0d adding in a blank service_name 
fixing myworkspace
 2016-07-29 09:58:16 -05:00
darkbushido 219f9d5d57 updating parts of cisco to use creds 2016-07-29 09:58:15 -05:00
darkbushido 40240662db converting enable password to create_credentials 2016-07-29 09:58:15 -05:00
Brent Cook 8ad38aec2f
Land #7109, Add final filesize to msfvenom output 2016-07-29 09:24:10 -05:00
Brendan ee40c9d809
Land #6625, Send base64ed shellcode and decode with certutil (Actually MSXML) 2016-07-28 13:01:05 -07:00
Brendan 2525eab996 persistance -> persistence 2016-07-28 12:56:04 -07:00
Pearce Barry 1f5fbd4a67
Put remaining consts in exploit mixin... 2016-07-27 17:43:29 -05:00
Pearce Barry 05afaa1162
Pull in consts from rex-arch gem... 2016-07-27 17:43:17 -05:00
Pearce Barry bdf073516b
Switch errors over to windows_error gem... 2016-07-27 17:43:00 -05:00
William Webb 5b8b15e578 update global constants to allow for windows 10 2016-07-27 12:45:05 -05:00
Brendan af137f3ec3
Land #7127, Fix #6989, scanner modules printing RHOST in progress messages 2016-07-27 09:16:08 -07:00
William Vu a0c42f5dd2 Add wordpress_url_uploads 2016-07-26 19:10:19 -05:00
wchen-r7 cce1ae6026 Fix #6989, scanner modules printing RHOST in progress messages 
Fix #6989
 2016-07-25 23:15:59 -05:00
wchen-r7 21f5da29d4 Remove unwanted <ruby> tag while generating module doc code 2016-07-25 15:38:59 -05:00
scriptjunkie bc42ac5761 Fix #7117 by fixing stack offset 2016-07-21 20:48:08 -05:00
wchen-r7 390f69313a Fix grammar in browser_exploit_server 2016-07-21 11:51:10 -05:00
forzoni b58931f803 Avoid error when generated payload is nil. 2016-07-19 23:43:38 -05:00
James Lee a54945c82c
whitespace 2016-07-19 17:07:17 -05:00
James Lee ff63e6e05a
Land #7018, unvendor net-ssh 2016-07-19 17:06:35 -05:00
forzoni e90e6c4885 Use format check instead of length. 2016-07-19 09:38:09 -05:00
forzoni d6fd2a49d4 Add final filesize, useful when using different formats. 2016-07-19 02:41:37 -05:00
wchen-r7 6d8dd24e41
Land #7104, Update ActiveRecord syntax for framework db cred iteration 2016-07-17 17:57:06 -05:00
Brent Cook 2041870e62 Update ActiveRecord syntax for framework db credential iteration 2016-07-15 22:01:54 -05:00
Brent Cook b08d1ad8d8
Revert "Land #6812, remove broken OSVDB references" 
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
 2016-07-15 12:00:31 -05:00
David Maloney 01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-14 09:48:28 -05:00
William Vu 277950cc79
Land #6733, psexec StackAdjustment fix 2016-07-12 11:14:16 -05:00
Brent Cook 2b016e0216
Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
Pearce Barry 7b1d9596c7
Land #7068, Introduce 'mettle' - new POSIX meterpreter 2016-07-11 22:38:40 -05:00
Brent Cook 79fd648bbe don't double-encapsulate regexes on normalize 2016-07-11 22:05:00 -05:00