3b98add519
Update nuuo.rb
2019-01-23 11:16:41 +07:00
9375ee2ffc
Change only the last methods to private
2019-01-23 11:00:42 +07:00
0b109ae1bd
Land #11275 , Fix a typo in command_dispatcher/core.rb
...
Fix typo of "architectures" in pivot command help
2019-01-22 11:58:26 -06:00
2a9b65e845
Land #11268 , set AndroidWakelock=true by default
2019-01-22 11:56:37 -06:00
1b674a6bb5
Land #11272 , Tempfile over Rex for info -d for better cleanup
2019-01-22 11:38:41 -06:00
442ce7317f
Commit missed Rex::Quickfile line
2019-01-22 10:40:09 -06:00
0562aa50b4
Update nuuo.rb
2019-01-22 12:45:18 +07:00
94f5b4081f
Fix file download / upload bug
2019-01-22 11:17:47 +07:00
459598b91b
Update mixins to include new nuuo file
2019-01-21 16:40:37 +07:00
72a55fe0fc
Add nuuo NUCS core lib
2019-01-21 16:39:16 +07:00
444555d3be
Land #11261 , Add maximum word length to JtR wordlist generation
2019-01-20 04:14:57 +00:00
f8af9a9e4d
Merge remote-tracking branch 'upstream/master' into pr/10119
2019-01-18 10:43:34 -06:00
c808cbe050
Bump version of framework to 5.0.2
2019-01-17 20:41:51 -08:00
80e70a145d
Fix typo of "architectures" in pivot command help
2019-01-17 20:16:43 -06:00
e488cf4a37
Prefer Tempfile over Rex::Quickfile for info -d
...
Rex::Quickfile undefines Tempfile's finalizer, preventing cleanup.
2019-01-17 13:58:03 -06:00
a5a8c88a6e
Implement resource scripting for command shells
2019-01-17 13:39:03 -06:00
4b87d54430
Add comment explaining why we prevent loot.data update
2019-01-16 15:29:27 -06:00
fd6527bac8
Prepend loot filenames with unique string
...
This should help prevent accidentally overwriting files with the same name
2019-01-16 15:20:41 -06:00
705c269d27
Handle empty data values for loot
2019-01-16 10:59:07 -06:00
d6462fed63
Dont allow users to update loot.data
2019-01-16 10:01:22 -06:00
06de16a36f
Merge remote-tracking branch 'upstream/master' into pr/10119
2019-01-15 18:33:48 -06:00
dc7d611780
Base64 encode the data field for each loot operation
2019-01-15 18:01:43 -06:00
70c4e719c9
Land #11190 , fix multi line text in android send_sms
2019-01-15 17:18:37 -06:00
27d6fffdad
Land #11125 , Import/generate `ysoserial` Java serialization objects
2019-01-15 17:09:56 -06:00
85555b81c4
Update code for Ruby coding style standards
2019-01-15 17:08:54 -06:00
5c308b1448
Remove nested loot object from host JSON
...
The code on the framework side that was utilizing this was removed
a while ago. It was never actually being used anywhere, and was causing
issues with getting host objects back when the loot contained
non-UTF-8 characters
2019-01-15 16:45:04 -06:00
3bf4726b15
Fix pid_uid
2019-01-15 14:34:29 -06:00
42c9553283
Dont do a separate lookup for loot.host, use the included JSON
...
This is just a temporary change. Eventually we should be doing separate
lookups for associated objects as that is the RESTful way of doing it.
Implementing this now to prevent extra load on the server until we can
put a better system in place of doing multiple lookups with a single call.
2019-01-15 12:47:37 -06:00
923a4ba098
Land #11263 , uppercase KoreLogic in JTR modules
2019-01-15 08:50:11 -06:00
93f66a1f22
uppercase
2019-01-15 08:04:11 -05:00
4d847e97fc
... over -1
2019-01-14 22:41:11 -05:00
509b4e979d
max_length -1
2019-01-14 22:28:46 -05:00
2c02dbc8a6
add max_length to wordlist generation
2019-01-14 22:20:33 -05:00
ddd9ab2041
Fixed an off-by-one error in the fingerprinting randomization
2019-01-14 17:42:59 -06:00
e168458861
Make calls to get the associated host when getting loot
2019-01-14 15:51:51 -06:00
2543d60465
Use 'to_s.strip' for Msf::Post::File.pwd output
2019-01-12 08:47:23 +00:00
e9a8d5708a
Land #11234 , @bcoles revisionism
2019-01-11 20:15:34 -06:00
a575c6d7c3
revisionism
2019-01-11 16:52:26 +00:00
462f779bda
Fix conflict.
2019-01-11 11:39:16 +08:00
96173c101a
Fix bug when the cidr of rhosts is 32.
2019-01-11 11:31:54 +08:00
689355e47f
Support multiple rhosts for auxiliary modules.
2019-01-11 11:31:28 +08:00
d18c6bd158
Land #11188 , Correct authentication logic in host and event servlets
2019-01-10 13:09:26 -06:00
16f152f6e3
Bump version of framework to 5.0.1
2019-01-10 09:41:50 -08:00
65f127a66f
Land #11222 , Display error when update operation has invalid fields
2019-01-10 11:33:22 -06:00
0435d7e1d6
Return the updated objects
2019-01-10 11:04:42 -06:00
5055e421f5
Add ! to cred update
2019-01-10 10:56:28 -06:00
0ad89528ea
Update pattern for creds
2019-01-10 10:55:36 -06:00
f125526e09
Land #11207 , implement db_import for web service
2019-01-10 10:28:29 -06:00
d686303cff
Land #11228 , Move msfdb_ws to tools/dev since it is deprecated by msfdb
2019-01-10 09:28:34 -06:00
4074913b60
Dont log every request when using HTTP data service
2019-01-10 00:30:54 -06:00
43f8a543e1
Land #11213 , enable starting JSONRPC server from msfrpcd
2019-01-09 23:37:47 -06:00
c3f71a1692
Update Rspec expected thread count
...
When REMOTE_DB is set there is a thread for the web service, in
addition to the External modules thread manager, so there is one or two
threads by the end of the test run in addition to the main VM thread.
2019-01-09 23:56:16 -05:00
24f5422db9
use analyze.host to reflect final location of util
2019-01-09 16:59:50 -06:00
f93497de8f
refactor to allow analyze via rpc
2019-01-09 16:48:54 -06:00
f636982b09
Land #11211 , change db_connect persistence logic
2019-01-09 15:11:08 -05:00
b6cfb5f697
Add Msf::Util::ServiceHelper class
2019-01-08 22:39:26 -05:00
a2548fe92d
Only lookup db connections by name
...
Matching on all attributes was causing issues when the connection
criteria would change for a db service at a host that already existed.
It would find the existing connection and load that outdated connection
and fail to connect.
The new functionality will save a new, valid connection with a randomly
generated name, unless the -n flag is specified to overwrite an existing
connection.
2019-01-08 15:21:14 -06:00
84a8c9b638
Minor method comment change
2019-01-08 14:02:40 -05:00
8c29319b25
Add session_events method
2019-01-08 14:02:40 -05:00
fa783256eb
Remove unnecessary argument default value
2019-01-08 14:02:39 -05:00
d677eb16a9
Enhance session_events query
2019-01-08 14:02:32 -05:00
d117e6a1d1
Land #11142 , use POST for API token generation
2019-01-08 11:59:30 -05:00
466b0004e1
Land #11163 , add API endpoint for retrieving Mdm::Events
2019-01-08 09:26:53 -06:00
69ee3a4a26
Land #11187 , Conform LoginServlet to API standards
2019-01-07 17:03:39 -06:00
f23142c19c
Land #11183 , add authentication to LoginServlet endpoints
2019-01-07 17:02:31 -06:00
cfa22bb4ec
Exclude key from VulnDetail update
2019-01-07 16:33:50 -06:00
771469f4cd
Update all Mdm::xx.update() instances
2019-01-07 16:24:13 -06:00
6641c606b2
Add support for db import from remote data service
2019-01-07 14:32:27 -06:00
02fda8625a
Address code review comments.
...
- Fix CSS on submit button
- Dont generate a new token when logging in to web form
- Also added text to account page to send the user to the login page when not logged in
2019-01-07 13:52:01 -06:00
0ca4dd829e
Fixed an off-by-one error in fingerprinting string randomization
2019-01-04 16:31:43 -06:00
101fbb7aa5
Address code review comments
2019-01-04 15:23:24 -06:00
83267d08e0
Update jquery version and use SRI
2019-01-04 15:23:24 -06:00
4bbf84b949
Update login test page to use POST for generate-token
2019-01-04 15:22:32 -06:00
60681e4385
Use POST for token generation
2019-01-04 15:22:32 -06:00
1b29e17827
Dont array wrap refs
2019-01-04 15:10:21 -06:00
b875d391fc
WIP: updating ref lookup based on code review comments
2019-01-04 15:10:20 -06:00
5f43ec0a79
Address code review comment
2019-01-04 15:10:20 -06:00
0281ddf78c
Remove vuln_refs from Vuln JSON schema
...
This object is just a pointer between Vulns and refs. We don't need to surface it
2019-01-04 15:10:20 -06:00
10cceb0e9b
Fix a couple of bugs introduced by symbolizing to_ar
2019-01-04 15:10:20 -06:00
e9931fa70e
Fix bug when updating Mdm::Vuln.refs
2019-01-04 15:10:19 -06:00
bcfe434d1e
Update to_ar to use symbolized keys
2019-01-04 15:10:19 -06:00
f4e84da495
add comment
2019-01-03 18:00:06 +08:00
cfec99b1a8
Land #11154 , tab completion for aux rerun/exploit
2019-01-02 18:44:04 -06:00
c0dd020ff5
fix linux meterpreter ls
2019-01-02 19:09:46 +08:00
79c58cd786
fix #11158 , fix multi line text in android send_sms
2019-01-02 03:51:59 +08:00
05d78e23ea
fix #11189 , fix meterpreter ls handling of large files
2019-01-02 03:34:13 +08:00
4fc65b39a1
Make position of warden call the same as others
...
Minor correction for consistent usage since a previous refactoring moved
the authenticate call into the begin block.
2018-12-31 16:38:26 -05:00
7b22527f8f
Make error message use same language as others
2018-12-31 16:37:08 -05:00
05d810ac23
Add support for GET with ID in the path
2018-12-31 15:46:00 -05:00
0e56c30ab2
Use data object wrapper for JSON response
2018-12-31 15:43:16 -05:00
12f4222b2e
Fix to ensure authentication
2018-12-28 16:29:33 -05:00
8361dab983
Minor method comment change
2018-12-27 21:57:31 -05:00
66505790f9
Land #11179 , Replace Sysrandom with Ruby default SecureRandom
2018-12-27 11:33:29 -06:00
34e99c3857
Modify GET error message to match other servlets
2018-12-26 22:45:33 -05:00
0d0356ccdd
Land #11126 , Update sessions through the DBManager
2018-12-26 13:15:43 -06:00
ebc7a3a315
Replace sysrandom with ruby default securerandom
2018-12-26 13:40:44 -05:00
f5210abb55
Add rspec
2018-12-26 11:18:44 -06:00
12a948dde5
Move down cmd_rerun to fix rspec issue.
2018-12-24 11:30:02 +08:00
b5bc65c3bd
Add GET handler to query events
2018-12-21 22:18:10 -05:00
a448b26f73
Remove unnecessary argument default value
2018-12-21 22:13:52 -05:00
5e971132f3
Enhance events method to fully query events
2018-12-21 22:07:43 -05:00
7e10b38421
Add events method
2018-12-21 21:37:42 -05:00
9736e8252c
Merge branch 'master' into land-11038-
2018-12-21 16:31:53 -06:00
b4ff3b544f
Add CMDSTAGER::SSL datastore option
...
It has come to my attention that since I added the HTTP(S) command
stagers, no one has used HTTPS. This is probably why.
The CmdStager options hash takes precedence over any datastore options.
2018-12-21 14:51:49 -06:00
5cff330a38
Land #11128 , Rex::Exploitation::CmdStagerFetch
2018-12-21 14:16:57 -06:00
3021a05553
Fix typo in report.rb
2018-12-21 17:51:46 +05:30
06de47ce68
Enhance the command auto-complete in aux.
2018-12-21 18:03:57 +08:00
f7eb3452be
Land #11083 , set user agent in Windows reverse_http(s) stagers
2018-12-19 11:38:12 -06:00
09f9b887b9
don't bother handholding the empty string
2018-12-19 10:52:51 -06:00
847e3232ab
Land #11102 , remove old metasm remnants
2018-12-18 08:53:53 -06:00
8d93812c0a
Add Rex::Exploitation::CmdStagerFetch
2018-12-15 03:30:00 +00:00
a2a38bb72f
ysoserial: Distracted halfway through a comment 🙃
2018-12-14 15:07:13 -06:00
74b4ba1c50
ysoserial: Change class name to camelcase to align with Ruby style guide
2018-12-14 14:44:58 -06:00
212454b1fb
ysoserial: Support larger payloads, Randomize fingerprintable string
2018-12-14 14:43:30 -06:00
fa74a1839a
Initial support for dynamic ysoserial Java serialization payloads
2018-12-14 12:51:08 -06:00
eec7a3dafc
Remove debug code
2018-12-14 13:33:16 -05:00
ad6b80bd08
Remove unused session_dto flag
2018-12-14 13:01:20 -05:00
a683cedcce
Enhance race condition workaround in report_host
2018-12-14 12:28:16 -05:00
c2af36f405
Use update_session rather than Mdm save method
...
The changes ensure that updates to an Mdm::Session are reflected on a
remote data service.
2018-12-14 12:22:49 -05:00
b6cdf7aa9d
Add update_session method
2018-12-14 12:04:55 -05:00
a8ed971f12
Move convert_msf_session_to_hash to data proxy
2018-12-14 11:46:12 -05:00
3f9b2dadc8
Remove unnecessary single object selection
2018-12-14 11:20:19 -05:00
4cefb8d06e
Fix typo
2018-12-14 11:19:40 -05:00
288cbd2386
add analyze command
2018-12-13 18:21:00 -06:00
4963647bf6
remove call to method not defined
2018-12-13 17:00:41 -06:00
564814c4db
Land #10676 , Add support for ext_server_unhook
...
Merge branch 'land-10676' into upstream-master
2018-12-13 09:46:37 -06:00
a415063acd
Reword CreateSession option description
2018-12-12 15:32:31 -06:00
eceb47a9da
Move CREATE_SESSION option to advanced option CreateSession
2018-12-12 15:32:31 -06:00
8a7187ad79
Add CREATE_SESSION option to CommanShell
...
Register the CREATE_SESSION option in command_shell_options so it
can be used with all modules that use start_session.
Modify ssh_login.rb, ssh_login_pubkey.rb, and telnet_login.rb to
use the new CREATE_SESSION option.
When CREATE_SESSION is set to true (default) a new session is
created with each successful login. When set to false a new session
is not created but the successful login is still registered in the
credentials database.
2018-12-12 15:32:31 -06:00
0c9d5b7d51
refactor `unless !` to `if`
2018-12-11 10:04:55 -06:00
4ff6f0171d
remove old metasm remnants
...
Noticed while @asoto-r7 was reviewing Code Climate results, and it
highlighted some metasm code as having unusual code structure. Rather
than fixing it, we can delete it, since this is from upstream metasm
presumably, which we've used as a Gem for some time (thanks @egypt).
All payloads should still be regenerable, and evasion modules as well.
2018-12-10 18:58:53 -06:00
43842ad41d
Land #11082 , Update show plugins to show all available plugins as well
2018-12-10 10:20:51 -06:00
733c2f637d
Land #11081 , Add Msf::Post::Linux::Kernel.lkrg_installed? method
2018-12-08 09:14:57 -06:00
3dca52510d
pass NULL if the UA field is empty
2018-12-08 06:23:35 -06:00
6f8fc55b86
set user agent in Windows reverse_http(s) stagers
2018-12-07 14:03:03 -06:00
42c5a7d245
Update show plugins to show all available plugins as well as the loaded ones.
...
Fixes #11051
2018-12-08 01:19:44 +05:30
df76521100
Land #11066 , add rpc output locking, fix logging
2018-12-07 13:49:10 -06:00
09ffce4ec5
fix mutex locking, push to rpcSend
2018-12-07 13:28:34 -06:00
80d83720df
Add Msf::Post::Linux::Kernel.lkrg_installed? method
2018-12-07 14:42:16 +00:00
9e110eb9fc
Land #10940 , add default service mapping to imports
2018-12-06 21:04:05 -06:00
f4282bfb56
Land #11064 , Add Msf::Post::Linux::Kernel.kernel_config method
2018-12-06 20:52:12 -06:00
310d6f0170
Land #11068 , Update db_connect help text
2018-12-06 20:32:13 -06:00
e36e27d91a
Port is optional for HTTP data services
2018-12-05 16:05:09 -06:00
1e57f025d9
Update db_connect help
2018-12-05 14:52:26 -06:00
b0560c1ec8
Centralize logging sync, fix minor logging issues
2018-12-05 12:42:44 -06:00
25e4c4734f
return nil rather than empty array
2018-12-05 23:44:13 +11:00
9d690f4f8c
Add Msf::Post::Linux::Kernel.kernel_config method
2018-12-05 11:19:36 +00:00
6040f779c5
Supress 'Permission denied' error in get_suid_files
2018-12-05 00:35:32 +00:00
c7acbc08ab
Land #11058 , fix SSH key displayed by creds cmd
2018-12-04 15:25:51 -06:00
5e29d1206d
Land #11059 , provide meaningful error when workspace doesnt exist
2018-12-04 14:53:43 -06:00
Pedro Ribeiro
sinn3r
William Vu
Brendan Coles
Metasploit
James Barnett
Jacob Robles
h00die
asoto-r7
Green-m
Erin Bleiweiss
Brent Cook
Matthew Kienow
Jeffrey Martin
Tim W
Garvit Dewan
bwatters-r7
Stephen Haywood
Christopher Lee