28d35a5bf4
Update doc
2015-05-29 18:03:56 -05:00
58c5767330
Don't need stderr.puts
2015-05-29 17:41:29 -05:00
0384b115e9
Fix reload bug
2015-05-29 17:41:02 -05:00
3dd3ef5edb
Merge branch 'upstrea/master' into winhttp-ie-proxy
2015-05-30 08:03:43 +10:00
af326a4f88
Use compatible_payloads instead of copy and paste
2015-05-29 16:55:19 -05:00
6d488c63d4
php UUIDOptions->UUID::Options
2015-05-29 16:33:03 -05:00
b8a8e65c2c
Merge branch 'master' into land-5394-uuid-tracker
2015-05-29 16:22:45 -05:00
7b0006a1b2
Merge branch 'master' into land-5394-uuid-tracker
2015-05-29 15:41:31 -05:00
defda01d87
Some doc
2015-05-29 15:09:29 -05:00
b33ace2f44
Put is_payload_compatible? in exploit.rb
2015-05-29 15:07:59 -05:00
13779adab4
Merge branch 'upstream-master' into bapv2
2015-05-29 14:59:04 -05:00
6be363d82a
Merge branch 'upstream-master' into bapv2
2015-05-29 14:58:38 -05:00
340792aae4
don't jump past the uuid sender on win32/tcp connect
2015-05-29 14:34:27 -05:00
dab9a66ea3
Use current ruby hash syntax
2015-05-29 13:43:20 -05:00
7d5af66fa0
Merge branch 'master' into land-5367-uuid-stagers
2015-05-29 13:00:35 -05:00
8f747d2541
Land #5382 , add meterpreter session reconnect RPC call
2015-05-29 12:53:15 -05:00
f575b31d58
Remove double assignment typo
2015-05-29 05:05:35 -04:00
1a08da09cb
Fix compression check logic
...
Initial check logic would compress any script, even those which
would not need it since an uncompressed script fitting the buffer
would likely fit compressed (unless its uncompressable and the
decoder stub overflows). Ensure that compression occurs only when
a compressed script would fit while the uncompressed one does not.
2015-05-29 04:15:57 -04:00
e9821f6a70
Update stage_psh_env method
...
Replace variable names with generated strings to increase entropy.
Add compression test for stager to determine if a compressed PSH
script will fit into the allowed space. If so, compress and exec
without staging.
Add variable name cleanup to stager mechanism - Remove-Variable
with -ErrorAction SilentlyContinue is called on each stager var
name after the stager executes.
TODO: Update method documentation
2015-05-29 04:04:51 -04:00
f575fb8df9
Merge branch 'feature-merge_psh_updates_201505'
...
Conflicts:
lib/msf/core/post/windows/powershell.rb
Rename upload_script_via_psh to stage_psh_env within post PSH lib.
Perform the same rename within load_script post module.
2015-05-29 03:42:25 -04:00
24b4dacec5
Land #5408 , @g0tmi1k fixes verbiage and whitespace
2015-05-27 21:02:02 -04:00
5d0053e4ef
Move iframe instead of hiding, which seems to improve Flash reliability
2015-05-27 00:43:47 -05:00
60cdf71e6c
Merge branch 'upstream-master' into bapv2
2015-05-26 15:56:48 -05:00
d76a9c6565
Land #5409 , update cmd stager documentation.
...
Merge remote-tracking branch 'upstream/pr/5409' into upstream-master
2015-05-26 10:34:03 -05:00
3102741157
Don't need print_line
2015-05-25 11:54:58 -05:00
3d5248f023
This is better
2015-05-25 11:46:18 -05:00
e06f47b2bd
Updates load_script to have support for folders and to include the stager process in the mixin module for other post mods
2015-05-25 15:48:27 +01:00
307dcd09dd
Update payload cache sizes again
2015-05-25 20:12:20 +10:00
87bc198c82
x64 winhttp ie proxy support, autoconfig ignore
2015-05-25 20:01:37 +10:00
db09b9846c
I think I found the speed back
2015-05-25 02:44:57 -05:00
72112317cc
Update
2015-05-25 01:58:34 -05:00
3efe22d5e2
This seems better, slower though
2015-05-25 01:42:34 -05:00
78176c4335
First pass of IE proxy support for winhttp x86
2015-05-25 15:44:35 +10:00
43f7054a5c
Refactor base64 stub into base module
...
As per @zeroSteiner's suggestion.
2015-05-25 11:51:01 +10:00
9e50114082
Merge branch 'upstream/master' into uuid-stagers
2015-05-25 11:22:35 +10:00
9042f141ff
Implement the IPv6 UUID bind stagers
2015-05-25 11:21:28 +10:00
7089bd945a
This payload handling looks much better
2015-05-24 12:47:20 -05:00
6fb2da4f62
Fix #5391 , cmd stager documentation fixes
2015-05-23 13:56:49 -04:00
a376464710
It kind of blew up
2015-05-23 05:26:13 -05:00
f378b45408
bug fixes, sorta
2015-05-23 05:06:15 -05:00
7f4b51f0ff
Fix nil bug
2015-05-23 02:08:51 -05:00
60b0be8e3f
Fix a lot of bugs
2015-05-23 01:59:29 -05:00
916b7b83be
Change how we load payload handlers
2015-05-22 20:35:43 -05:00
d10b20b7a3
Land #5251 , @hmoore-r7's second opportunity to Oracle connect
...
SYSTEM shouldn't have SYSDBA privileges by default anymore
2015-05-22 17:47:41 -05:00
41a86b2e9b
add vprint_status
2015-05-22 17:46:56 -05:00
6de75ffd9f
Merge branch 'upstream-master' into bapv2
2015-05-22 17:11:03 -05:00
c201955fdf
Land #5387 , @wchen-r7's user-configurable HTTP timeout
...
Fixes #5219 , Add connection timeout and response timeout for HttpClient
2015-05-22 15:36:11 -05:00
e0d9ee062f
Use HttpClientTimeout
2015-05-22 13:35:37 -05:00
8fd468a89f
Get the dry-run feature right this time
2015-05-22 13:07:30 -05:00
905fe73d78
Track clicks
2015-05-22 12:57:06 -05:00
e8a32bdd10
Make MaxSessions/RealList/Custom404 work better
2015-05-22 12:40:56 -05:00
2bb6f390c0
Add session limiter and fix a race bug in notes removal
2015-05-22 12:22:41 -05:00
078438f66e
Update UUIDOptions -> UUID::Options
2015-05-22 00:30:05 -05:00
c17ee64d81
Merge branch 'master' into feature/uuid-registration
2015-05-22 00:29:16 -05:00
c07ff70f19
Add check for UUID payloads
...
Thankfully those payloads already had a flag that could be reused.
2015-05-22 15:11:12 +10:00
9ce669f878
Land #5328 : reworked x64 http/https stagers
2015-05-21 23:26:34 -05:00
10bd75348c
Merge branch 'upstream/master' into uuid-stagers
2015-05-22 13:07:25 +10:00
a6a274d3a3
Merge recent stager changes
2015-05-22 13:01:45 +10:00
c29bb35e28
Change datastore name
2015-05-21 10:15:03 -05:00
356f361b40
add sid to the the yard docs
...
you win this round OJ ;)
MSP-12722
2015-05-21 09:30:09 -05:00
3ee02d3626
Hmm bug
2015-05-21 00:36:40 -05:00
4622fa60eb
Register the init_* URLs and whitelist these
2015-05-21 00:22:41 -05:00
31c60b48c8
Don't forget to doc
2015-05-21 00:08:04 -05:00
6e8ee2f3ba
Add whitelist feature
2015-05-21 00:05:14 -05:00
27406204ed
Disable payload UUID registration by default
2015-05-20 23:56:15 -05:00
bdf30dd383
Land #5374 , --smallest option in msfvenom
2015-05-20 21:06:10 -05:00
a8d111ce89
Merge branch 'master' into feature/uuid-registration
2015-05-20 19:48:39 -05:00
ac0004ea0a
Implement IgnoreUnknownPayloads
2015-05-20 19:47:17 -05:00
27e12754fe
Import Powershell libraries and sample post module
...
Sync critical functionality from Rex and Msf namespaces dealing
with encoding and processing of powershell script for exploit
or post namespaces.
Import Post module. Primarily adds a psh_exec method which will be
replaced in the next PR with @benpturner's work integrated into
the Post module namespace.
Provide a sample metasploit windows post module to show the
execution pipeline - entire subs process can be removed and the
module reduced to a psh_exec(datastore['SCRIPT']).
This commit is designed to provide sync between the SVIT fork and
upstream. Pending commits to be based on this work will provide
access to .NET compiler in the Post namespace to be used for
dynamic persistent payload creation on target and the import of
@benpturner's work.
2015-05-20 18:18:51 -04:00
93900087c7
Resolve #5219 , user-configurable HTTP timeout
...
Resolve #5219
2015-05-20 13:30:45 -05:00
44f8cf4124
Add more size to stagers, adjust psexec payloads
...
This psexec payload size should be evaluated to make sure I'm not doing
anything stupid. i can't see a reason why increasing these sizes would
be bad. They seem to work fine.
2015-05-20 17:07:56 +10:00
5963a5833a
Fix up php stageless payload includes
2015-05-20 16:50:00 +10:00
d0a5b803e8
Use generate_payload_uuid instead of manual obj creation
2015-05-20 16:25:52 +10:00
818d8b186c
Implement tracking
2015-05-20 01:10:19 -05:00
289873c25f
Merge all the stager changes
2015-05-20 16:02:37 +10:00
6859b24c1c
Fix missing label, update payload sizes
2015-05-20 15:42:31 +10:00
d43e11f5af
WinHTTP rework with proxy support, and SSL verification
...
This commit fixes up the winhttps stuff properly too. PHEW!
2015-05-20 15:32:34 +10:00
513a81e340
Add framework.uuid_db as a JSONHashFile
2015-05-20 00:28:32 -05:00
fd2534914d
Small tweaks to reverse_http
2015-05-20 12:15:38 +10:00
48c50a897c
add rpc call to change meterp transport
...
this rpc method allows the user to change transport
on an existing meterp session. if it's successful
it will close the old 'session' tied to the rpevious transport
MSP-12722
2015-05-19 14:43:25 -05:00
046003acb4
Increase REXML expansion text limit
...
MSP-9532
* Increase to reasonable size to handle larger xml file expansion on import
* Prevents the 'RuntimeError entity expansion has grown too large' error that prevents import
2015-05-19 12:47:19 -05:00
c1b8cee315
Land #5369 , @dmaloney-r7's snmp_login fixes
2015-05-19 10:39:03 -05:00
e7c8a3b56c
add support for SessionRetryTotal and SessionRetryWait on Android
2015-05-19 16:16:04 +01:00
9fddc21cf3
Shaved another sneaky byte off the payload
2015-05-19 21:21:07 +10:00
6e96e6d118
Shellcode golf to make the payload smaller
...
Tried to implement some more of the stuff that egypt suggested, managed
to get some in, but not others. Ultimately, its smaller than it was, and
I'm sure there are ways to make it better as well.
2015-05-19 21:17:42 +10:00
62720ab357
Fix the wininet stager for http/s
...
For some reason this was only working on Windows7/2008, yet when tired
on Windows 2012 it was resulting in crashes. It was also stopping
working in exploits such as psexec_psh.
Went back to the beginning and started again. With this in place, we can
now do a bit of shellcode golf to make it a bit smaller.
Adjusted payload sizes as well.
2015-05-19 20:03:22 +10:00
9d7e54f360
Add the UUID subdirectory, including initial DB class
2015-05-18 23:41:22 -05:00
c7932855f2
Move UUIDOptions to UUID::Options
2015-05-18 23:35:18 -05:00
46f389fecd
Documentation
2015-05-18 18:41:37 -05:00
fbbd25f4bc
I never use this thing
2015-05-18 17:56:17 -05:00
89be3fc1f2
Do global requirement comparison in BAP
2015-05-18 16:27:18 -05:00
9dd82d94ae
Exclude Manual ranked encoders from automatic selection, these can still be specified with -e
2015-05-18 15:47:15 -05:00
71eab7a236
Implements msfvenom --smallest, still some blockers
2015-05-18 15:24:59 -05:00
a82168d7bb
Fixes #5361 by adding --encoder-space to msfvenom
2015-05-18 14:27:52 -05:00
ea8e62f0fb
Add #file_dropper_file_exist?
2015-05-18 14:13:12 -05:00
7376d4d94e
account for public only credentials in #to_s
...
SNMP in particular will only have a public, so we need
to account for this so we don't output poorly formed text
with a trailing ':' char
5266
2015-05-18 13:42:15 -05:00
c69b6b2b8b
only issue db warning once
...
cache the fact that we have issued the db warning
so we do not issue it for every credential attempt
on the module run.
5266
2015-05-18 13:41:18 -05:00
129ed7fb7a
Add yard documentation
2015-05-18 10:27:04 -05:00
e7f80042d4
Finalise work on the bind_ipv6_tcp stager for UUID support
2015-05-18 21:19:04 +10:00
593f6e5fc4
Fix issue with bind UUID
2015-05-18 20:25:15 +10:00
9296a024e2
PHP meterpreter refactoring in prep for uuid work
2015-05-18 17:40:48 +10:00
27cdc588c8
Merge module include fix from stager update
2015-05-18 15:00:05 +10:00
677acb22a4
Fix up module include in x64 winhttp
2015-05-18 14:59:49 +10:00
4488a5e634
Add uuid support to python, and rework stages/stagers
2015-05-18 14:33:35 +10:00
0d56b3ee66
Stage UUIDs, generation options, php and python meterp uuid
2015-05-18 13:29:46 +10:00
bf2b113abb
Merge branch 'upstream/master' into update-x64-stagers
2015-05-18 13:28:36 +10:00
8b2e5c88d9
Adjust transport config fallback to include https
2015-05-18 10:16:09 +10:00
11e715ae46
Configure transport from stager mixin
...
Transport configuration for basic session types can be performed
by the stager mixin.
Add a default transport_config method to Msf::Payload::Stager by
mixing in Msf::Payload::TransportConfig and attempting to guess
the default tranport and direction types from the currently loaded
module's (MSF module) refname.
Users with custom payloads will no longer need to update them with
transport_config methods unless they use a non standard transport,
direction, or other innovation which affects the default approach.
Testing:
Tested with payloads lacking transport_config methods or access
to the TransportConfig module (Ruby) namespace. This also resolves
problems with the RC4 payloads in upstream as they can't currently
generate stagers for meterpreter.
2015-05-17 03:03:17 -04:00
3c92d5365e
Lnad #5334 , @wchen-r7's deletes unnecessary check on mysql_drop_and_create_sys_exec
2015-05-15 11:51:21 -05:00
4c1558b398
Land #5331 , @wchen-r7's fixes #5330 by using print_warning
2015-05-15 11:42:57 -05:00
b7b00666fa
Use parenthesis
2015-05-15 11:41:14 -05:00
1653acd527
Land #5344 , print payload size from msfvenom
2015-05-15 09:49:05 -05:00
2d310a473b
Do some documentation
2015-05-14 23:32:11 -05:00
7b2aee2a60
Merge branch 'upstream/master' into update-x64-stagers
2015-05-15 12:27:40 +10:00
8bcdd08f34
Some basic code in place for real-time exploit list generation
2015-05-14 19:09:38 -05:00
92799266c6
fix typo
...
you happy now?
2015-05-14 15:06:01 -05:00
452fc6b149
Merge branch 'feature/MSP-12357/meterp-ntds' into feature/MSP-12358/ntds-dump-module
2015-05-14 10:31:28 -05:00
83fbd41970
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
Gemfile.lock
modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb
2015-05-14 14:50:25 +10:00
104e0456ec
Do cleanup for jobs
2015-05-13 23:41:05 -05:00
5f3947312d
Lands #5327 , SSL support + refactor for PowerShell
2015-05-13 23:25:15 -05:00
a2ebfe2bf8
Make parse_rank a little bit smarter
2015-05-13 18:05:10 -05:00
2e61973411
Resolve #5343 , Print payload size
...
Resolve #5343 . Prints payload size
2015-05-13 16:33:22 -05:00
1a8ab91ce3
Configurable max exploits
2015-05-13 16:23:22 -05:00
7617217eff
Add ability to exclude
2015-05-13 15:55:19 -05:00
66391493f4
Pass only the datastore options we need
2015-05-13 15:34:01 -05:00
e4fed019ac
Hide exploit paths
...
As an user, you shouldn't be using exploit paths so we hide them
by default.
2015-05-13 13:51:59 -05:00
a7e265b07e
Proper cleanup for notes
2015-05-13 13:46:06 -05:00
9308da7956
2003 code path working
...
using VSS directly on server 2003 and repairing
the database with esentutl is now working
MSP-12358
2015-05-13 12:25:44 -05:00
1f294eac0b
Updated to remove dup code
2015-05-13 17:26:21 +01:00
9549d572cc
Land #5280 , update to Ruby on Rails 4.0
...
This upgrades a number of other gems as a side-effect.
2015-05-12 16:48:49 -05:00
b1b8f86aae
Lands #5270 , improvements to Msf::ModuleSet
2015-05-12 11:01:23 -05:00
605e492781
Avoid #create if possible
2015-05-12 01:55:22 -05:00
9bba95c2a3
Include more options
2015-05-12 01:47:03 -05:00
06dfdbcc2c
Merge updated transport changes
...
Discard changes that were made for reverse_https transport in x64 as
they no longer apply here.
2015-05-12 10:26:39 +10:00
836feaa2d8
Fix uuid setting, fix reverse_https x64 payload
...
The payload changes in this PR will be fixed up/removed in the
update-x64-stagers PR.
2015-05-12 10:24:11 +10:00
0fb21af247
Verify deletion at on_new_session moment
2015-05-11 18:56:18 -05:00
51e6c13bc4
Adjust transport configuration include for x64/reverse_http
...
Not sure how I missed this, but I did!
2015-05-12 09:54:08 +10:00
849f904711
Finalise style changes as per suggestions in PR
2015-05-12 09:48:50 +10:00
474461d2a4
Merge format and structure changes from multi transport
2015-05-12 09:46:02 +10:00
69d2b8ffb1
Various code format, style changes, file moves
...
As per Egypt's suggestions.
2015-05-12 09:43:41 +10:00
c5be193357
Maybe put custom content at the bottom?
2015-05-11 18:21:50 -05:00
42f94e70c7
Add `nil` default to exit_types, transport param order swap
...
This allows for checking against exit types to be super easy instead of
having to have extra checks in place. Also changed the order of scope_id
and uri in the transport URI generation. The net effect of this is NOP
because these things only appear separately.
2015-05-12 09:05:58 +10:00
5dfab1f426
Fix exitfunk module for x64
...
The exitfunk module was using asm keywords that are considered invalid
by metasm. This commit removes these keywords and also adjusts one of
the label names to reduce the chance of a collision with other files.
2015-05-12 08:44:03 +10:00
b1dd2a63fc
On new session, check if file has been REALLY deleted
2015-05-11 17:14:42 -05:00
ecb23d09cc
Do initial fix
2015-05-11 15:02:46 -05:00
12038ed3e1
Fix #5244 , Remove unnecessary check for mysql_drop_and_create_sys_exec
...
Fix #5244 , MySQL is always return OK so it doesn't seem to be so
important to check res for DROP FUNCTION IF EXISTS sys_exe
2015-05-11 14:17:51 -05:00
730135705d
Resolve #5330 , change print_error to print_warning for report_auth_info
...
Resolve #5330 for more consistent deprecation style.
2015-05-11 11:01:45 -05:00
e99d885b6b
Final work on reverse_winhttps
2015-05-11 22:21:22 +10:00
68eadd9f51
More work on reverse_winhttps
2015-05-11 21:38:26 +10:00
e69e6c4a73
Implement winhttp for x64
...
Still has some quirks to fix up, but we're getting there. Everything
seems to work except for reverse_winhttps. I can't see why at this
point.
2015-05-11 17:27:47 +10:00
800ab11abd
Payload size adjustment, typo fix
...
Woot, this somehow reduces the payload sizes by 2 bytes... woot.. or
something.
2015-05-11 17:24:32 +10:00
cbf06fcb02
Tweak reverse_winhttp to fix small issues
...
Now working fine with proxy settings.
2015-05-11 17:24:32 +10:00
679bb46f86
Refactoring, exitfunk fix, block_api_hash func
2015-05-11 17:24:32 +10:00
99fdfe31f1
More tidying/refactoring of the stagers
2015-05-11 17:24:31 +10:00
4686691753
Interim commit while juggling some other code
2015-05-11 17:24:31 +10:00
0820bc5dd5
Small bits of tidying up for reverse_winhttp/s
...
Refactoring, ready to get the proxy stuff going.
2015-05-11 17:24:31 +10:00
21397b46aa
Add proxy user/pass to x64 reverse_http/s
2015-05-11 17:24:31 +10:00
9312c0ea46
Add proxy host support to x64 reverse_http/s
...
Proxy user/pass coming shortly.
2015-05-11 17:24:31 +10:00
b922da8f80
Add support for x64 reverse_http
...
Still need to bake in support for proxies in the stagers, but wer'e
getting there.
2015-05-11 17:24:31 +10:00
15e9fb7e40
Port reverse_https (wininet) x64 to metasm
...
This laid the groundwork for implementation of reverse_http as well.
2015-05-11 17:24:31 +10:00
29649ff881
Fix proxy config not making it through
2015-05-11 17:24:02 +10:00
30b1c508f1
javascript portion
2015-05-10 16:50:32 -05:00
79753f719f
Slight fix to the transport config
2015-05-08 18:36:30 +10:00
ba3266803a
Add transport configuration to reverse_http/s
2015-05-08 18:32:48 +10:00
5111abdd09
Add transport config entry to reverse_winhttp
2015-05-08 18:15:24 +10:00
2ea5d49902
Update set payload description
2015-05-08 00:53:25 -05:00
785a1f4205
Modify set payload
2015-05-08 00:48:04 -05:00
2e2b536e8f
Update
2015-05-08 00:28:46 -05:00
8e86a92210
Update
2015-05-08 00:25:34 -05:00
508574970c
Land #5307 , Brocade login scanner resurrection
2015-05-07 22:43:39 -05:00
71518ef613
Land #5303 , metasploit-payloads Java binaries
2015-05-07 22:39:54 -05:00
2f2169af90
Use single quotes consistently
2015-05-07 22:39:36 -05:00
8cd2d442ff
Modify show options
2015-05-07 20:54:30 -05:00
95f087ffd3
Some progress
2015-05-07 19:26:38 -05:00
fd827db6dd
Fix up bind stager payload sizes
2015-05-07 10:13:27 +10:00
9d7a7cb68d
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
lib/msf/core/payload/linux/bind_tcp.rb
2015-05-07 07:24:22 +10:00
60e25170fa
Land #5313 : fixup bind_tcp stager
2015-05-07 07:09:19 +10:00
5a8b6e90f2
restore ecx after setting the socket options, set default size
2015-05-06 11:56:07 -05:00
97807e09ca
Lad #5125 , Group Policy startup exploit
2015-05-06 11:17:01 -05:00
6b5aaa5479
brocade enable command bruteforcer
2015-05-05 21:16:23 -05:00
a0c806c213
Update java meterpreter and payload references to use metasploit-payloads
2015-05-05 15:01:00 -05:00
26e7fe15f9
Merge branch 'upstream' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
2015-05-05 11:00:38 -05:00
62fa14326d
Merge branch 'upstream/master' into multi-transport-support
...
Merged with HD's stuff as he fixed up a few things that I had done too.
Conflicts:
lib/msf/base/sessions/meterpreter_options.rb
lib/rex/post/meterpreter/client_core.rb
lib/rex/post/meterpreter/packet_dispatcher.rb
2015-05-05 17:18:01 +10:00
c540ba4b98
Land #5297 : Track machine_id and dead sessions
2015-05-05 17:08:39 +10:00
2949bf053a
Remove old comment from ASM
2015-05-05 13:09:13 +10:00
852961f059
Tweaking of transport behaviour, removal of patch
2015-05-05 11:45:22 +10:00
cf62d1fd7c
Remove patch and old stageless stuff
2015-05-05 09:27:01 +10:00
b42f4f5cd2
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
lib/msf/core/payload/windows/stageless_meterpreter.rb
lib/msf/core/payload/windows/x64/stageless_meterpreter.rb
lib/rex/post/meterpreter/client_core.rb
modules/payloads/stages/linux/x86/meterpreter.rb
modules/payloads/stages/windows/meterpreter.rb
modules/payloads/stages/windows/x64/meterpreter.rb
2015-05-05 07:53:54 +10:00
e45bf5cf51
Remove the URI patcher now that it's not used at all
2015-05-05 07:35:49 +10:00
05e4af8162
Land #5214 , initial meterpreter session recovery support
2015-05-04 16:25:27 -05:00
d90c25ecea
Land #5287 , RPC API fixes
2015-05-04 15:44:15 -05:00
0ca0d3d045
Improve nt_create_andx path parsing
2015-05-04 15:20:51 -05:00
e6ea5511ca
update linux and windows meterpreters to use metasploit-payloads
2015-05-04 09:44:36 -05:00
c2dc4677fb
Prevent stagless from overwriting socket
...
Stageless payloads need to have the socket FD left along (ie. 0)
otherwise each of them will think that the socket is already open.
Instead we need to make sure it's left as 0 as per the configuration and
from there the stageless code will fire up a new socket based on the
transport in question.
2015-05-04 22:36:59 +10:00
e835f2b99c
Rejig transport config into module
...
Adjust a few other things along the way, including tidying of code,
removing of dead stuff.
2015-05-04 22:04:34 +10:00
93bf995b32
Reverse tcp support for POSIX
...
Ported the stager and wired in the new work to make the configuration
function.
2015-05-04 20:11:26 +10:00
9300158c9a
Initial rework of POSIX stuff to handle new configuration
2015-05-04 18:58:55 +10:00
3080feb188
Track the machine_id and drop non-responsive sessions automatically
2015-05-04 03:22:29 -05:00
480a176415
Initial commit
2015-05-02 10:11:17 -05:00
2189c6d868
Pass timeouts to clients and correctly patch timeouts
...
Timeouts are correctly passed through to the client instances from the
handlers. The cilent also passes those values through to the RDI code so
that the binaries are correctly patched.
2015-05-02 10:01:32 +10:00
8bd2a69112
simplify and fix rpc_get_note
2015-05-01 16:01:07 -05:00
52b9fc8fca
handle unknown host when generating a new note
2015-05-01 15:47:05 -05:00
8d78135321
pass down the workspace for the other opt_to_* methods
2015-05-01 15:42:04 -05:00
f2504b84be
use the same logic with 'get_note' and 'del_note' for selecting notes
...
factor out the selector from 'get_note' and use it in both places
2015-05-01 15:41:25 -05:00
29b97f4695
remove superfluous parens on ifs
2015-05-01 15:40:45 -05:00
0b608e139a
Merge branch 'upstream' into staging/rails-4.0
2015-05-01 11:26:24 -05:00
81744384c2
Actually fix del_note
2015-04-30 17:02:06 -05:00
11f9c010ce
Change documentation
2015-04-30 16:46:01 -05:00
18874fe384
fixes Issue #5272 on report_vuln
...
use includes instead of joins so that refs on
the vuln are not marked as readonly
2015-04-30 15:21:56 -05:00
e79780d885
Fix #5240
2015-04-30 15:20:29 -05:00
3b42265c98
Fix #5239
2015-04-30 15:20:04 -05:00
440005d302
Fix #5237
2015-04-30 15:10:13 -05:00
f315eb4afd
Fix #5236
2015-04-30 15:07:11 -05:00
70ab938951
Fix #5229
2015-04-30 14:56:30 -05:00
f43e4f9447
Fix #5238
2015-04-30 13:49:13 -05:00
912f41292a
Drop some unused code
2015-04-30 11:25:57 -05:00
3f797e4393
Reinstate some to_s coercions that were mistakenly dropped
2015-04-30 11:13:48 -05:00
35f564d03e
I just shaved off 8 seconds, oh yeah
2015-04-30 00:32:33 -05:00
62e3f5e56a
Small cleanup
2015-04-29 23:15:56 -05:00
a34531ba5d
Msgpack cannot handle symbols, so we're forced to strings
2015-04-29 23:14:52 -05:00
3fef6362bd
Fix sorting
2015-04-29 21:55:21 -05:00
ca32db3e23
Merge branch 'upstream-master' into BAPv2
2015-04-29 18:53:37 -05:00
f3e026db6c
Profile sharing works for the first time
2015-04-29 18:45:08 -05:00
4c9f44b00c
Revert "Land #4888 , @h00die's brocade credential bruteforcer"
...
There were some issues with this module that caused backtraces when run outside
of msfconsole. Reverting it for now so we can add some specs and ensure that it
works like the other login scanners.
2015-04-29 15:36:03 -05:00
c18c5c7b6e
Actually take apart profiling?
2015-04-29 11:06:00 -05:00
943fc18092
Take apart browser profiling
2015-04-29 11:04:54 -05:00
9cebe769c2
Change plan
2015-04-29 01:29:24 -05:00
39663a7e18
Some progress
2015-04-29 01:19:39 -05:00
65b7659d27
Some progress
2015-04-29 01:01:36 -05:00
9386d1ca6d
remove unused mod_ranked attribute
2015-04-28 22:27:09 -05:00
7b7f40baa4
remove modules that cannot be instantiated
2015-04-28 22:21:31 -05:00
0caeee32fe
replace sort with sort_by
2015-04-28 21:39:37 -05:00
43f5323e8d
More progress
2015-04-28 21:26:31 -05:00
43492b7c67
Some progress
2015-04-28 18:17:32 -05:00
8163c3cdda
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
plugins/nessus.rb
2015-04-28 15:33:46 -05:00
4f9c8d04a2
Add support for moving transports and uuid fetching
...
The 'next' and 'prev' commands were added so that the session can jump
transports without having to add new ones at the same time.
There's also a command which gives the UUID now so that this can be
reused across sessions.
2015-04-28 20:24:44 +10:00
f711e5dee7
Update migration support
...
Migration now uses the new meterpreter loader. Migration configuration
is loaded and created by meterpreter on the fly, and supports the
multiple transport stuff that's just been wired in.
2015-04-28 17:41:43 +10:00
fca4d852a1
Remove the passing on off listen socket values
2015-04-28 13:51:48 +10:00
c41f4bd59f
Fix up http/s a little
...
Correctly check the URL against the non-widechar version. Get the SSL
verification stuff working again.
2015-04-28 09:44:48 +10:00
f3e547ca92
Remvoe the exitfunk from the loader
...
Meterpreter handles the exitfunk internally as part of the config now
2015-04-28 07:43:26 +10:00
36daee08c9
Reverts #4989 , support for file: is handled in the options again
2015-04-27 16:07:43 -05:00
7443af64a6
Land #5247 , add RPC API call documentation
2015-04-27 11:13:02 -05:00
a0eb7d0ad3
minor RPC documentation tweaks
2015-04-27 11:11:08 -05:00
6a4d63ca4f
Drop explicit IPAddr to String coercion
...
MSP-12611
2015-04-27 10:48:13 -05:00
0d2f97ed2d
Add support for config in the x64 bind stager
2015-04-26 14:19:36 +10:00
6da8a14f62
Initial work on x64 payloads for new config
2015-04-26 13:41:31 +10:00
6ac3ecfa7c
Refactor, add reverse_winhttps support
...
Getting closer to a normalised view of what this stuff will look like.
There URL patching is slowly being removed. Reverse HTTPS works fine,
and by default HTTP should too.
Next up, x64 for the same main ones.
2015-04-26 12:11:14 +10:00
d1a836e39c
Fix logins where SYSTEM doesnt have SYSDBA privileges
2015-04-25 19:05:11 -05:00
2455163d24
Refactor configuration for meterpreter payloads (x86)
...
RDI is now back to what it was before, as this leaves all the other RDI
style payloads alone. Instead we have a new Meterpreter loader which
does the stuff that is required to make meterpreter work well with the
new configuration options.
This is just the case for reverse_tcp and bind_tcp so far, need to do
the other payloads too, along with all the x64 versions.
2015-04-26 09:57:30 +10:00
3a24923361
Force bind to hand over the listen socket
2015-04-25 22:04:58 +10:00
4ec4868bcf
Make bind hand over the listen socket as well
2015-04-25 21:37:32 +10:00
bb77a3a0e6
First pass of refactoring to support new config block
...
This is pretty basic stuff, but at least it's reusable.
2015-04-25 21:36:28 +10:00
9f1e035c53
Changed required_space check in bind payloads
2015-04-25 21:30:54 +10:00
ff96101dba
Land #5218 , fix #3816 , remove print_debug / DEBUG
2015-04-24 13:41:07 -05:00
46361c1a19
Final round of documentation
2015-04-24 11:58:12 -05:00
6ccc4af4d8
Round 9 of documentation
2015-04-24 01:08:33 -05:00
d292cc999a
Round 8 of documentation
2015-04-23 16:15:11 -05:00
86a7e36a06
Round 7 of documentation
2015-04-23 15:37:56 -05:00
3c50feb3d6
Round 6 of documentation
2015-04-23 12:34:39 -05:00
cbac6d1a0b
Round 5 of documentation
2015-04-23 11:54:58 -05:00
1b11322618
Remove STDERR debug statement
2015-04-23 19:36:17 +10:00
f6bd747f57
Round 4 of documentation
2015-04-22 22:15:30 -05:00
6bac759a18
Round 3 of documentation
2015-04-22 17:01:31 -05:00
39f206b31a
Round 2 of documentation
2015-04-22 12:10:28 -05:00
4add4074e1
First round of RPC API documentation
...
Resolve #5209
2015-04-22 01:02:05 -05:00
b6df023c99
Land #4989 , @hmoore-r7's change to file: handling
...
Datastore options with file: are handled at set time
2015-04-21 23:21:22 -05:00
3963289519
Land #4888 , @h00die's brocade credential bruteforcer
2015-04-21 18:27:03 -05:00
8f5d222e53
Land #5156 - module ranking properly handles nil
2015-04-21 14:40:01 -05:00
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
86957d9b07
Merge branch 'upstream/master' into connection-recovery
2015-04-21 20:01:59 +10:00
66d23e3b5e
Delete file: validation on normalization again
2015-04-20 23:52:17 -05:00
74ad81c90c
Consolidate tunnel check into name check
2015-04-20 21:18:12 -05:00
741149058c
Report unknown service names for consistency
2015-04-20 17:22:19 -05:00
d894502148
Update legacy Nmap XML parser
2015-04-20 17:15:35 -05:00
d67f7a21d9
Move autoloads into OptionContainer
...
This seems like a better place for them to live
2015-04-20 15:54:42 -05:00
da0e7282d5
Replace some unnecessary eval action.
...
Metaprogramming should be reserved for when you don't know things. Here
we're making methods from literal strings, so replace the
metaprogramming with much easier to understand regular programming. Also
has the benefit that yard can parse it.
2015-04-20 15:54:41 -05:00
b64d881914
Make OptionContainer docs a little more useful
2015-04-20 15:54:40 -05:00
3a5af3939d
Split all the option classes into their own files
2015-04-20 15:54:40 -05:00
668961b69d
fix some yarddoc issues
2015-04-20 00:06:59 +02:00
19f8a76475
Porting bind_tcp for posix to metasm
...
And supporting SO_REUSEADDR and stageless meterp
2015-04-18 19:19:40 +10:00
37613adebb
Improve developer experience for fail_with
...
The fail_with for an exploit is used differently than a non-exploit,
so it would be nice to document about this. Also, be strict about
the reason for the exploit one, because this can affect other
components of Metasploit.
2015-04-17 15:55:22 -05:00
2a327b7c91
Land #5116 , better handle platform and arch in msfvenom
2015-04-17 10:55:41 -05:00
18225780da
cleanup HTTP and HTTPS listeners when sessions are closed
...
Rather than listening forever after a session shuts down, close the session if
there are no other URI's registered on the listener. This allows reconfiguring
the listener without restarting framework, but should be safe for situations
where multiple modules share the same listener.
2015-04-17 02:41:24 -05:00
eb7155d533
Remove debug print
2015-04-17 16:25:42 +10:00
0a8b29dd86
Merge branch 'upstream/master' into connection-recovery
...
Conflicts:
lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb
2015-04-17 14:40:21 +10:00
e0cd4a4d44
Merge branch 'upstream/master' into multi-session-stageless
2015-04-17 12:46:20 +10:00
7a4494a81f
Land #5173 , moar fail_with fixes
2015-04-16 17:27:02 -05:00
153344a1dd
fix Unkown typo
2015-04-16 23:59:28 +02:00
9bf897a829
Land #4744 , refactor powershell for msfvenom psh-cmd
2015-04-16 15:44:57 -05:00
69d3c26746
fix documentation
2015-04-16 21:28:16 +02:00
9aa0159342
Green rank_modules ranks unloadable as Manual
...
MSP-12557
Was calling `.class` blindly on the output of `create`, but `nil` has a
class, `NilClass`, so it didn't call `module_rank` as expected and
assigned NormaLRanking to `nil` instead of ManualRanking.
2015-04-15 16:10:51 -05:00
e82fb5f836
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
lib/msf/ui/console/command_dispatcher/db.rb
metasploit-framework-db.gemspec
metasploit-framework.gemspec
2015-04-15 14:04:35 -05:00
4de35e8832
Green Msf::ModuleSet#rank_modules with create -> nil
...
MSP-12557
Extract Msf::ModuleSet#module_rank to handle getting the module rank if
the Metasploit Module is already loaded, needs to be loaded, or can't be
loaded. If a Metasploit Module can't be loaded it is ranked as
Msf::ManualRanking. If is loaded or can be loaded and it doesn't define
Rank, it gets the Msf::NormalRanking as before. Finally, if it is
loaded or can be loaded and defines Rank, that is used as before.
2015-04-15 12:35:01 -05:00
71728c5c03
Changes
2015-04-15 01:10:55 -05:00
5f4ab3d2ab
The setres* stubs are not implemented in OSX.
2015-04-14 23:33:16 -05:00
0d19b5d4c3
Fix require order issue.
2015-04-14 23:23:02 -05:00
e56590e1e3
DRY up common code between BSD / OSX.
2015-04-14 23:08:57 -05:00
0282b433e9
Payload sort of works
2015-04-14 21:33:10 -05:00
b5335ab266
Some progress, mostly documentation
2015-04-14 19:03:08 -05:00
d9b77b0629
Sorting
2015-04-14 17:05:33 -05:00
6c9cc7c725
Some progress
2015-04-14 13:30:34 -05:00
4e49964c15
Add support for init_connect for stageless payloads
...
This new mode for HTTP/S stageless allows the stageless payload to be
reused without MSF believing that the session has already been
initialised.
2015-04-14 16:43:07 +10:00
61b709b8c5
Extra space in message "Local IP:"
2015-04-14 01:34:07 -05:00
4486831ba3
Module loading portion
2015-04-14 01:33:02 -05:00
e114c85044
Land #5127 , x64 OS X prepend stubs 'n' stuff
2015-04-14 01:25:39 -05:00
8d1126eaa5
Land #5129 , x64 BSD prepend stubs 'n' stuff
2015-04-14 01:24:50 -05:00
51dd88114b
Fix grammer in comments
2015-04-13 13:21:41 +05:00
2d3614f647
Implement x64 BSD exec and exe template.
...
- Fixes bug in CachedSize due to all options being set
- Adds new payload to payload_spec.
2015-04-12 12:17:25 -05:00
92c12de6db
Fix invalid datastore options.
2015-04-12 00:54:10 -05:00
eaab665a6d
Remove #generate patch, specs will fail again.
2015-04-12 00:07:39 -05:00
60d98ba892
Implement the remaining syscalls.
2015-04-12 00:02:29 -05:00
3fe6fb44b9
Prevent this from changing cache size.
2015-04-11 23:44:56 -05:00
c132a3fb0a
Fix OSX prepends and implement x64 setreuid.
2015-04-11 20:04:21 -05:00
656abac13c
Use keyword arguments
2015-04-10 18:03:45 -05:00
1720d4cd83
Introduce get_file_contents
2015-04-10 17:34:00 -05:00
ca6a5cad17
support changing files
2015-04-10 16:53:12 -05:00
9f15824e2a
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
2015-04-10 15:35:27 -05:00
91202e2447
Port of reverse_tcp payload to metasm
2015-04-10 17:46:27 +10:00
fadb13b8ef
Porting block api, exitfunk, bind to metasm
...
Also add the flag which lets the bind stager leave the listen socket
open.
2015-04-10 16:23:03 +10:00
1d166c1ef6
Don't lookup nil platform, prevents a stack trace w/64-bit reverse_https
2015-04-09 17:18:42 -05:00
56793d11c8
Fix #4866 , msfvenom not properly handling platform & arch
...
This fixes #4866 , an issue with msfvenom not properly handling special
cases with generic payloads. So the story behind this fix is that
we have these two problems:
Problem 1: The current payload selection design relies on the payload
module in order to set the platform and arch. Almost all MSF payloads
contain a default platform and arch, however, the bind and reverse
generic payloads don't.
Problem 2: By default, Msf::Payload::Generic also explicitly sets the
PLATFORM and ARCH datastore options to nil. So there is no way the
payload generator can figure out what platform and arch to use.
As a result of these problems, msfvenom will actually end up getting
a Msf::Module::Platform as the default platform, which doesn't
actually represent any valid platform we can use (such as
Msf::Module::Platform::Windows). And the first item of ARCH_ALL for
the arch.
In addition, msfvenom has these two arguments that the user can use:
--platform and --arch. In most cases, these arguments are used more
like checks than actually setting anything. Because remember:
Framework's payload selector retreives the platform & arch from the
module (trusted), not the user input (untrusted). But from the user's
perspective it's impossible to know this.
After experimenting different ways to fix this, I came up with this
patch. It feels sort of more like a hack than a real fix, but as
far as I can tell, this is the best you can get unless you want to
redesign generic payload selection.
2015-04-09 16:01:11 -05:00
c83a763150
Fix IPv6 issues in staged and stageless
...
* Stageless payloads weren't adding brackets around IPv6 hosts.
* Staged HTTP handler was using an undefined function to check for IPv6
addresses when host header overriding was disabled.
2015-04-09 23:33:10 +10:00
809409d8c4
Lots of changes to support moving timeouts to common spots
...
Session expiry, comms timeout, retry total/wait are all now part of all
of the meterpreter payloads as these are going to be used for
maintaining access with resiliency and will aim for consistency across
the payload types.
2015-04-09 17:57:43 +10:00
bc5fd4b813
A few adjustments to make bind_tcp keep listen sockets open
2015-04-09 08:46:35 +10:00
e7a4ee637a
Port windows reverse_tcp|bind_tcp to Metasm, add error handling
...
Conflicts:
lib/msf/core/payload/windows/bind_tcp.rb
modules/payloads/stagers/windows/bind_tcp.rb
Cherry-picked form @hmoore-r7's repo.
2015-04-08 16:21:10 +10:00
9ebcb27929
Merge branch 'upstream/master' into connection-recovery
2015-04-08 15:48:21 +10:00
a9804dff62
Initial work to support fault-tolerant connectivity
...
This code adjusts the bind_tcp stager for x86 so that the listener
socket isn't close for meterpreter payloads. This means that meterpreter
can make an educated guess as to whether or not the payload was a bind
or tcp payload, and from there can attempt to establish communications
in the same way as before should something break along the way.
Some simple adjustments to the x64 meterpreter stage as well, but more
to come here.
2015-04-08 14:41:32 +10:00
27fa8791f9
Land #5095 - OJ adds stageless http transports
2015-04-07 22:58:36 -05:00
9fd40870d0
Update http(s) generator functions
...
Methods now require a hash. I went with the hash because 1) that's what
we seem to use everywhere else, and 2) I couldn't get the new keyword
arguments working nicely with the block syntax (I'm clearly stupid).
2015-04-08 07:56:54 +10:00
84411be606
Land #5097 : resolve UUID namespace issues with pro
2015-04-07 13:16:28 -05:00
8cc48e05a8
Make Polyglot happy
2015-04-07 13:08:58 -05:00
9bce08b813
This change avoids namespace collisions around the Abbrev class
2015-04-07 13:06:26 -05:00
bac3c80d7e
Land 5093, workaround for when cache is being built
2015-04-07 12:02:30 -05:00
53d5b97634
Add support for UUID generation in transport switching
...
If the session doesn't have a payload UUID we now generate one as best
we can. This code will probably go away when TCP related transports have
had the UUID stuf baked in.
2015-04-07 17:25:55 +10:00
15313243cc
Use UUID instead of old skool URIs
...
This uses HD's UUID stuff to generate a new URI for the transport.
Currently we don't have UUID support for TCP connections, but that's
coming.
Still do to: generation of a valid UUID for payloads that don't already
have one.
2015-04-07 16:00:30 +10:00
84397f5db0
Remove unused commented-out code
2015-04-07 12:47:18 +10:00
8f58e08c13
Add support for stageless reverse_http payloads
...
This includes both x64 and x86.
2015-04-07 11:01:24 +10:00
38a77c930e
Land #5072 : Support and embed payload UUIDs
2015-04-07 10:10:36 +10:00
83cf1ad8ce
Instantiate to get name if we don't have cache yet
...
Fixes #5086
2015-04-06 18:59:38 -05:00
75343ef30c
Remove unneccesary match_set in MatchResult.create
...
MSP-12516
* Fixes UknownAttribute error for match_set in Rails 4
2015-04-06 16:36:37 -05:00
5e2d6c27c3
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
db/schema.rb
lib/msf/core/db_manager/session.rb
metasploit-framework-db.gemspec
2015-04-06 11:27:00 -05:00
6811aebb1c
Merge pull request #11 from OJ/hd-payload-uuids
...
Add trailing slash to stageless URI
2015-04-06 10:57:41 -05:00
98c95104da
Use ||= for consistency
2015-04-06 10:55:14 -05:00
9b502b904f
Add trailing slash to stageless URI
...
Without the trailing slash, stageless payloads take a nasty turn.
2015-04-06 19:53:02 +10:00
3c59519811
Add PayloadUUIDRaw for manual PUID specification
2015-04-05 23:25:52 -05:00
96f8a45b0d
Additional yardoc comments for the UUID class
2015-04-05 23:16:24 -05:00
b1a7e77fa9
Correct domain controller server type constants
...
The should be specified in hex as BAKCTRL is 16, not 10. CTRL should
be 8. See documentation for NetServerEnum.
2015-04-05 11:12:18 +01:00
ebf77cd02d
Merge remote-tracking branch 'upstream/master' into msfvenom_psh_squash
...
Conflicts:
lib/msf/util/exe.rb
2015-04-05 00:24:48 +01:00
c9696d3f6c
Merge in stageless/transport work, deconflict
2015-04-04 11:52:26 -07:00
57395deb1d
Land #5056 , @wchen-r7 explicit recog require
2015-04-03 17:06:47 -05:00
wchen-r7
OJ
jvazquez-r7
Brent Cook
RageLtMan
Spencer McIntyre
benpturner
HD Moore
David Maloney
Christian Catalan
William Vu
Tim
root
darkbushido
Tom Sellers
Matt Buck
Trevor Rosen
James Lee
Christian Mehlmauer
Luke Imhoff
joev
root
Samuel Huckins
Jon Cave
Meatballs