infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
33,841 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

10709 Commits (7f27fd0cf2c4ccbd9612e39a85c4fdcece4935ff)

Author SHA1 Message Date
David Maloney 452fc6b149
Merge branch 'feature/MSP-12357/meterp-ntds' into feature/MSP-12358/ntds-dump-module 2015-05-14 10:31:28 -05:00
David Maloney 6e813f6abd
Merge branch 'master' into feature/MSP-12357/meterp-ntds 2015-05-14 10:30:48 -05:00
Samuel Huckins a5c5360afd Merge branch 'master' of github.com:rapid7/metasploit-framework 2015-05-14 08:45:53 -05:00
OJ 83fbd41970 Merge branch 'upstream/master' into multi-transport-support 
Conflicts:
	Gemfile.lock
	modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb
 2015-05-14 14:50:25 +10:00
HD Moore 5f3947312d
Lands #5327, SSL support + refactor for PowerShell 2015-05-13 23:25:15 -05:00
wchen-r7 2e61973411 Resolve #5343, Print payload size 
Resolve #5343. Prints payload size
 2015-05-13 16:33:22 -05:00
David Maloney 9308da7956
2003 code path working 
using VSS directly on server 2003 and repairing
the database with esentutl is now working

MSP-12358
 2015-05-13 12:25:44 -05:00
benpturner 1f294eac0b Updated to remove dup code 2015-05-13 17:26:21 +01:00
Samuel Huckins 9fafb645dd
Updating Rails version comment 2015-05-13 09:37:32 -05:00
OJ 60d331fe0c Add support for a "sleep" command 
This makes meterpeter shut down it's comms and sleep for a while before
it attempts to open communications again. This is effectively the same
as doing a transport change back to the same transport, but with
a timeout.
 2015-05-13 10:13:08 +10:00
Brent Cook 9549d572cc
Land #5280, update to Ruby on Rails 4.0 
This upgrades a number of other gems as a side-effect.
 2015-05-12 16:48:49 -05:00
HD Moore b1b8f86aae
Lands #5270, improvements to Msf::ModuleSet 2015-05-12 11:01:23 -05:00
OJ 06dfdbcc2c Merge updated transport changes 
Discard changes that were made for reverse_https transport in x64 as
they no longer apply here.
 2015-05-12 10:26:39 +10:00
OJ 836feaa2d8 Fix uuid setting, fix reverse_https x64 payload 
The payload changes in this PR will be fixed up/removed in the
update-x64-stagers PR.
 2015-05-12 10:24:11 +10:00
OJ 5f735c917c Add condition before overwriting payload_uuid 2015-05-12 09:56:55 +10:00
OJ 51e6c13bc4 Adjust transport configuration include for x64/reverse_http 
Not sure how I missed this, but I did!
 2015-05-12 09:54:08 +10:00
OJ 489afd5aa1 Remove redundant check for ascii_str setting 2015-05-12 09:50:58 +10:00
OJ 849f904711 Finalise style changes as per suggestions in PR 2015-05-12 09:48:50 +10:00
OJ 474461d2a4 Merge format and structure changes from multi transport 2015-05-12 09:46:02 +10:00
OJ 69d2b8ffb1 Various code format, style changes, file moves 
As per Egypt's suggestions.
 2015-05-12 09:43:41 +10:00
OJ 42f94e70c7 Add `nil` default to exit_types, transport param order swap 
This allows for checking against exit types to be super easy instead of
having to have extra checks in place. Also changed the order of scope_id
and uri in the transport URI generation. The net effect of this is NOP
because these things only appear separately.
 2015-05-12 09:05:58 +10:00
OJ 5dfab1f426 Fix exitfunk module for x64 
The exitfunk module was using asm keywords that are considered invalid
by metasm. This commit removes these keywords and also adjusts one of
the label names to reduce the chance of a collision with other files.
 2015-05-12 08:44:03 +10:00
wchen-r7 12038ed3e1 Fix #5244, Remove unnecessary check for mysql_drop_and_create_sys_exec 
Fix #5244, MySQL is always return OK so it doesn't seem to be so
important to check res for DROP FUNCTION IF EXISTS sys_exe
 2015-05-11 14:17:51 -05:00
David Maloney f3effe5fbb
some minor cleanup 
cleanup based on feedback from Kronicdeth

MSP-12357
 2015-05-11 11:17:58 -05:00
wchen-r7 730135705d Resolve #5330, change print_error to print_warning for report_auth_info 
Resolve #5330 for more consistent deprecation style.
 2015-05-11 11:01:45 -05:00
wchen-r7 1cc44cfc31 An alternative for normalize_uri 
normalize_uri doesn't seem to work very well in our case, so
we do our own thing here.
 2015-05-11 10:42:26 -05:00
wchen-r7 10982f0a1a Login url should normalize too 2015-05-11 10:18:09 -05:00
wchen-r7 d8cc2c19d3 Fix #5315, User configurable options for jenkins_login 
Fix #5315. This patch allows the user to configure the HTTP method
for the login, as well as the URL.
 2015-05-11 10:15:49 -05:00
OJ e99d885b6b Final work on reverse_winhttps 2015-05-11 22:21:22 +10:00
OJ 68eadd9f51 More work on reverse_winhttps 2015-05-11 21:38:26 +10:00
OJ e69e6c4a73 Implement winhttp for x64 
Still has some quirks to fix up, but we're getting there. Everything
seems to work except for reverse_winhttps. I can't see why at this
point.
 2015-05-11 17:27:47 +10:00
OJ 800ab11abd Payload size adjustment, typo fix 
Woot, this somehow reduces the payload sizes by 2 bytes... woot.. or
something.
 2015-05-11 17:24:32 +10:00
OJ cbf06fcb02 Tweak reverse_winhttp to fix small issues 
Now working fine with proxy settings.
 2015-05-11 17:24:32 +10:00
OJ 679bb46f86 Refactoring, exitfunk fix, block_api_hash func 2015-05-11 17:24:32 +10:00
OJ 99fdfe31f1 More tidying/refactoring of the stagers 2015-05-11 17:24:31 +10:00
OJ 4686691753 Interim commit while juggling some other code 2015-05-11 17:24:31 +10:00
OJ 0820bc5dd5 Small bits of tidying up for reverse_winhttp/s 
Refactoring, ready to get the proxy stuff going.
 2015-05-11 17:24:31 +10:00
OJ 21397b46aa Add proxy user/pass to x64 reverse_http/s 2015-05-11 17:24:31 +10:00
OJ 9312c0ea46 Add proxy host support to x64 reverse_http/s 
Proxy user/pass coming shortly.
 2015-05-11 17:24:31 +10:00
OJ b922da8f80 Add support for x64 reverse_http 
Still need to bake in support for proxies in the stagers, but wer'e
getting there.
 2015-05-11 17:24:31 +10:00
OJ 15e9fb7e40 Port reverse_https (wininet) x64 to metasm 
This laid the groundwork for implementation of reverse_http as well.
 2015-05-11 17:24:31 +10:00
OJ 29649ff881 Fix proxy config not making it through 2015-05-11 17:24:02 +10:00
Tim d3ba84b378
Add TLV_TYPE_FILE_HASH 2015-05-10 14:18:16 +01:00
Meatballs 706e304849
Land 5299, implement shell_command for PS sessions 2015-05-09 11:23:43 +01:00
Meatballs 98d531e053
Check if session responds to response_timeout 2015-05-09 11:21:45 +01:00
Brent Cook 1a98c5ddc5
Land #5320, fix SSL weak cipher results 
This adds a fallback for deprecated ciphers that are no longer exported
current SSL libraries.
 2015-05-08 18:19:25 -05:00
Brent Cook d3730ae18c include a list of deprecated ciphers in the sslscan result 
Allow recording remote deprecated cipher support even if the local OpenSSL
library does not support negotiating that cipher.
 2015-05-08 18:05:00 -05:00
jvazquez-r7 c103779eab
Land #5080, @bcook-r7's 'ls' and 'download' meterpreter improvements 2015-05-08 18:02:16 -05:00
jvazquez-r7 422e261b36
Use parenthesis 2015-05-08 17:59:04 -05:00
Brent Cook 2f9205abc3 recover consistent parenthesis usage 2015-05-08 14:15:06 -05:00
Brent Cook 8d5ef42c2d be sure to pass the pattern more than one level deep 2015-05-08 14:03:12 -05:00
OJ 79753f719f Slight fix to the transport config 2015-05-08 18:36:30 +10:00
OJ ba3266803a Add transport configuration to reverse_http/s 2015-05-08 18:32:48 +10:00
OJ 5111abdd09 Add transport config entry to reverse_winhttp 2015-05-08 18:15:24 +10:00
William Vu 508574970c
Land #5307, Brocade login scanner resurrection 2015-05-07 22:43:39 -05:00
William Vu 8d3737d13c Fix some stylistic issues 2015-05-07 22:43:23 -05:00
William Vu 71518ef613
Land #5303, metasploit-payloads Java binaries 2015-05-07 22:39:54 -05:00
William Vu 2f2169af90 Use single quotes consistently 2015-05-07 22:39:36 -05:00
benpturner ef59d1f7c4 Markers 2015-05-07 22:50:09 +01:00
wchen-r7 7b5da6f266
Land #5241, sqlmap parsing fixes 2015-05-07 14:21:20 -05:00
benpturner 24abe597e4 numeric 2015-05-07 19:23:25 +01:00
benpturner 01c2bc0287 Buff 2015-05-07 19:10:33 +01:00
benpturner c234714013 Start and End Markers 2015-05-07 19:06:36 +01:00
OJ fd827db6dd Fix up bind stager payload sizes 2015-05-07 10:13:27 +10:00
Brent Cook 78c58088fe
Land #5314, set snmp defaults for constrained values 2015-05-06 16:27:41 -05:00
OJ 9d7a7cb68d Merge branch 'upstream/master' into multi-transport-support 
Conflicts:
	lib/msf/core/payload/linux/bind_tcp.rb
 2015-05-07 07:24:22 +10:00
OJ 60e25170fa
Land #5313 : fixup bind_tcp stager 2015-05-07 07:09:19 +10:00
William Vu 669df591f2 Pull default connection_timeout into constant 2015-05-06 13:18:00 -05:00
William Vu d4aed08260 Fix typo 2015-05-06 13:17:58 -05:00
William Vu 0939bbc710 Set default retries/version for SNMP LoginScanner 
Set in snmp_login but missed in the LoginScanner.

MSP-12668
 2015-05-06 13:17:40 -05:00
Brent Cook 5a8b6e90f2 restore ecx after setting the socket options, set default size 2015-05-06 11:56:07 -05:00
wchen-r7 97807e09ca
Lad #5125, Group Policy startup exploit 2015-05-06 11:17:01 -05:00
Brent Cook 93c785560b remove brocade_telnet scanner, extend telnet 
Rather than duplicate the entire telnet scanner, add a pre-login hook that a
module can use to extend the behavior on connect. This also adds a local
pass-through print_error method like http has.
 2015-05-05 21:19:46 -05:00
root 6b5aaa5479 brocade enable command bruteforcer 2015-05-05 21:16:23 -05:00
OJ 95e9057854 Remove typo'd stuff that shouldn't have made it past merge 2015-05-06 08:07:07 +10:00
Brent Cook 710a2a007b fix format error 2015-05-05 15:27:06 -05:00
Brent Cook a0c806c213 Update java meterpreter and payload references to use metasploit-payloads 2015-05-05 15:01:00 -05:00
benpturner 982b2381ed New shell_command markers 2015-05-05 19:20:03 +01:00
William Vu 013781fb9c
Land #5292, WordPress custom file version check 2015-05-05 11:21:18 -05:00
William Vu 18791ce933 Clean up code 2015-05-05 11:19:40 -05:00
David Maloney 1a8e8c624c
Merge branch 'master' into feature/MSP-12357/meterp-ntds 2015-05-05 11:07:36 -05:00
darkbushido 26e7fe15f9
Merge branch 'upstream' into staging/rails-4.0 
Conflicts:
	Gemfile.lock
 2015-05-05 11:00:38 -05:00
benpturner 22d2275ecb || session.type == 'powershell' 2015-05-05 09:31:43 +01:00
OJ 62fa14326d Merge branch 'upstream/master' into multi-transport-support 
Merged with HD's stuff as he fixed up a few things that I had done too.

Conflicts:
	lib/msf/base/sessions/meterpreter_options.rb
	lib/rex/post/meterpreter/client_core.rb
	lib/rex/post/meterpreter/packet_dispatcher.rb
 2015-05-05 17:18:01 +10:00
OJ c540ba4b98
Land #5297 : Track machine_id and dead sessions 2015-05-05 17:08:39 +10:00
OJ 2949bf053a Remove old comment from ASM 2015-05-05 13:09:13 +10:00
OJ 852961f059 Tweaking of transport behaviour, removal of patch 2015-05-05 11:45:22 +10:00
OJ cf62d1fd7c Remove patch and old stageless stuff 2015-05-05 09:27:01 +10:00
OJ b42f4f5cd2 Merge branch 'upstream/master' into multi-transport-support 
Conflicts:
	lib/msf/core/payload/windows/stageless_meterpreter.rb
	lib/msf/core/payload/windows/x64/stageless_meterpreter.rb
	lib/rex/post/meterpreter/client_core.rb
	modules/payloads/stages/linux/x86/meterpreter.rb
	modules/payloads/stages/windows/meterpreter.rb
	modules/payloads/stages/windows/x64/meterpreter.rb
 2015-05-05 07:53:54 +10:00
OJ e45bf5cf51 Remove the URI patcher now that it's not used at all 2015-05-05 07:35:49 +10:00
Brent Cook 05e4af8162
Land #5214, initial meterpreter session recovery support 2015-05-04 16:25:27 -05:00
benpturner 453b1fce50 Spaces 2015-05-04 22:17:08 +01:00
benpturner 658958d8e7 Allow sessions -c command on powershell 2015-05-04 22:07:22 +01:00
Brent Cook d90c25ecea
Land #5287, RPC API fixes 2015-05-04 15:44:15 -05:00
jvazquez-r7 0ca0d3d045
Improve nt_create_andx path parsing 2015-05-04 15:20:51 -05:00
Brent Cook e6ea5511ca update linux and windows meterpreters to use metasploit-payloads 2015-05-04 09:44:36 -05:00
OJ c2dc4677fb Prevent stagless from overwriting socket 
Stageless payloads need to have the socket FD left along (ie. 0)
otherwise each of them will think that the socket is already open.
Instead we need to make sure it's left as 0 as per the configuration and
from there the stageless code will fire up a new socket based on the
transport in question.
 2015-05-04 22:36:59 +10:00
OJ e835f2b99c Rejig transport config into module 
Adjust a few other things along the way, including tidying of code,
removing of dead stuff.
 2015-05-04 22:04:34 +10:00
OJ 93bf995b32 Reverse tcp support for POSIX 
Ported the stager and wired in the new work to make the configuration
function.
 2015-05-04 20:11:26 +10:00
Brent Cook f42334414a add recursion limit 2015-05-04 04:00:58 -05:00
OJ 9300158c9a Initial rework of POSIX stuff to handle new configuration 2015-05-04 18:58:55 +10:00
Brent Cook 7ff3044552 style cleanups and guard search where not implemented 2015-05-04 03:56:17 -05:00
Brent Cook 8cab350275 use the search API when downloading recursive patterns 2015-05-04 03:56:17 -05:00
Brent Cook eefc6f78c6 avoid redownloading files that have not changed 2015-05-04 03:56:16 -05:00
Brent Cook 9672a59b05 support download globbing 2015-05-04 03:56:16 -05:00
Brent Cook 43be856b95 keep the glob going into subdirectories 2015-05-04 03:56:16 -05:00
Brent Cook 8617115483 simplify arg parsing, compute initial stat path correctly 2015-05-04 03:56:15 -05:00
Brent Cook d934027b3b expand glob match 2015-05-04 03:56:15 -05:00
Brent Cook 866955b6fd added -R recursive, glob filtering and a dummy '-l' option 2015-05-04 03:56:14 -05:00
HD Moore a577bef9c3 Rework dirty cleanup to use skip_cleanup instead 2015-05-04 03:52:55 -05:00
HD Moore e7ba6e8a9a Speed up dead session cleanup by skipping shutdown/cleanup 2015-05-04 03:40:48 -05:00
HD Moore 3080feb188 Track the machine_id and drop non-responsive sessions automatically 2015-05-04 03:22:29 -05:00
HD Moore d00f6a8fdf Rework verbose sessions listing to work around table limits 2015-05-04 02:55:31 -05:00
root b47305ba4a Merge branch 'sqlmap_plugin_json_parse_issue' of https://github.com/void-in/metasploit-framework into sqlmap_plugin_json_parse_issue 2015-05-04 10:01:44 +05:00
root 02db66e2f6 Rescue connection refused backtrace 2015-05-04 09:57:53 +05:00
OJ 451484cb0d Add support for transport listing 
Includes a verbose flag for the extra HTTP/S properties
 2015-05-04 11:19:53 +10:00
William Vu c0adf7f113
Land #5291, HTTPS reference links 2015-05-03 14:33:20 -05:00
HD Moore 8ca66e03aa Track and display the last checkin time for Meterpreter sessions 2015-05-03 10:52:54 -05:00
Christian Mehlmauer 55967172be
allow custom regex 2015-05-02 21:06:15 +02:00
Christian Mehlmauer 9678479abb
check version from custom file 2015-05-02 18:34:10 +02:00
Tom Sellers 480a176415 Initial commit 2015-05-02 10:11:17 -05:00
void_in e5847f0ddc Return only json type from lib as per wchen-7 suggestion 2015-05-02 15:11:59 +05:00
OJ 2189c6d868 Pass timeouts to clients and correctly patch timeouts 
Timeouts are correctly passed through to the client instances from the
handlers. The cilent also passes those values through to the RDI code so
that the binaries are correctly patched.
 2015-05-02 10:01:32 +10:00
Tom Sellers c441ff81a1 Update comment in wordpress/version.rb 
The comment 'All versions are vulnerable' makes sense on line 163 where there is no introduced or fixed version.  On line 175 though there is a fixed version, just no introduced version.  Adjusting comment text.
 2015-05-01 17:05:31 -05:00
Brent Cook 8bd2a69112 simplify and fix rpc_get_note 2015-05-01 16:01:07 -05:00
Brent Cook 52b9fc8fca handle unknown host when generating a new note 2015-05-01 15:47:05 -05:00
Brent Cook 8d78135321 pass down the workspace for the other opt_to_* methods 2015-05-01 15:42:04 -05:00
Brent Cook f2504b84be use the same logic with 'get_note' and 'del_note' for selecting notes 
factor out the selector from 'get_note' and use it in both places
 2015-05-01 15:41:25 -05:00
Brent Cook 29b97f4695 remove superfluous parens on ifs 2015-05-01 15:40:45 -05:00
jvazquez-r7 c6806b4e5f
Land #5102, @wchen-r7's ManageEngine Desktop Central Login Utility 2015-05-01 15:20:21 -05:00
jvazquez-r7 3e7c790db8
Use constants 2015-05-01 15:15:18 -05:00
Brent Cook c3438955d4
Land #5169, stop reading when the HTTP socket is closed 2015-05-01 11:40:49 -05:00
darkbushido 0b608e139a
Merge branch 'upstream' into staging/rails-4.0 2015-05-01 11:26:24 -05:00
David Maloney 2bbae6b9c2
add #to_s to ntds account 
added to_s method to the NTDS account
for easy output

MSP-12357
 2015-05-01 11:24:23 -05:00
wchen-r7 81744384c2 Actually fix del_note 2015-04-30 17:02:06 -05:00
wchen-r7 11f9c010ce Change documentation 2015-04-30 16:46:01 -05:00
David Maloney 18874fe384
fixes Issue #5272 on report_vuln 
use includes instead of joins so that refs on
the vuln are not marked as readonly
 2015-04-30 15:21:56 -05:00
wchen-r7 e79780d885 Fix #5240 2015-04-30 15:20:29 -05:00
wchen-r7 3b42265c98 Fix #5239 2015-04-30 15:20:04 -05:00
wchen-r7 440005d302 Fix #5237 2015-04-30 15:10:13 -05:00
wchen-r7 f315eb4afd Fix #5236 2015-04-30 15:07:11 -05:00
David Maloney acb833bd09
NTDS::Parser class built out 
the NTDS Parser class will take a meterpreter
client and a fielpath and provide an enumerator for reading
out the user accounts as ruby objects

MSP-12357
 2015-04-30 14:57:30 -05:00
wchen-r7 70ab938951 Fix #5229 2015-04-30 14:56:30 -05:00
wchen-r7 f43e4f9447 Fix #5238 2015-04-30 13:49:13 -05:00
wchen-r7 89d026c900 Fix merge conflict 2015-04-30 12:33:45 -05:00
Matt Buck 912f41292a
Drop some unused code 2015-04-30 11:25:57 -05:00
William Vu 2d2c946044
Land #5279, fix for msfconsole -o 2015-04-30 11:23:44 -05:00
Matt Buck 3f797e4393 Reinstate some to_s coercions that were mistakenly dropped 2015-04-30 11:13:48 -05:00
James Lee 3e40433f00
Add an alias for write 
Fixes #4971
 2015-04-30 08:56:16 -05:00
OJ 8ddd7a4891 Fix session removal code, prevent missing transport param fail 2015-04-30 22:39:48 +10:00
Brent Cook 4c9f44b00c
Revert "Land #4888, @h00die's brocade credential bruteforcer" 
There were some issues with this module that caused backtraces when run outside
of msfconsole. Reverting it for now so we can add some specs and ensure that it
works like the other login scanners.
 2015-04-29 15:36:03 -05:00
William Vu b41aa0e617 Fix NoMethodError for rhost 
Can't rely on it to be defined (kinda like peer).
 2015-04-29 15:14:41 -05:00
David Maloney 2847bc8a6b
a little more yard 2015-04-29 14:53:08 -05:00
David Maloney 1f66840533
add YARD docs to NTDS Account 
added yard around the attrs for the NTDS::Account
class

MSP-12357
 2015-04-29 12:53:54 -05:00
Brent Cook 9386d1ca6d remove unused mod_ranked attribute 2015-04-28 22:27:09 -05:00
Brent Cook 7b7f40baa4 remove modules that cannot be instantiated 2015-04-28 22:21:31 -05:00
Brent Cook 0caeee32fe replace sort with sort_by 2015-04-28 21:39:37 -05:00
Matt Buck 8163c3cdda Merge branch 'master' into staging/rails-4.0 
Conflicts:
	Gemfile.lock
	plugins/nessus.rb
 2015-04-28 15:33:46 -05:00
David Maloney e220ccfda0
Merge branch 'master' into feature/MSP-12357/meterp-ntds 2015-04-28 08:25:09 -05:00
OJ 919b96e4cf Fix up UUID handling 2015-04-28 21:59:19 +10:00
OJ 4f9c8d04a2 Add support for moving transports and uuid fetching 
The 'next' and 'prev' commands were added so that the session can jump
transports without having to add new ones at the same time.

There's also a command which gives the UUID now so that this can be
reused across sessions.
 2015-04-28 20:24:44 +10:00
OJ f711e5dee7 Update migration support 
Migration now uses the new meterpreter loader. Migration configuration
is loaded and created by meterpreter on the fly, and supports the
multiple transport stuff that's just been wired in.
 2015-04-28 17:41:43 +10:00
OJ fca4d852a1 Remove the passing on off listen socket values 2015-04-28 13:51:48 +10:00
OJ d82bfb0692 Reorder params, fix up the transport termination 2015-04-28 13:03:40 +10:00
OJ c41f4bd59f Fix up http/s a little 
Correctly check the URL against the non-widechar version. Get the SSL
verification stuff working again.
 2015-04-28 09:44:48 +10:00
OJ 1ca5188c5e Change the payload to use IPv6 formats if required 2015-04-28 07:44:21 +10:00
OJ f3e547ca92 Remvoe the exitfunk from the loader 
Meterpreter handles the exitfunk internally as part of the config now
 2015-04-28 07:43:26 +10:00
HD Moore c3f18aa899 Complete the #4989 revert 2015-04-27 16:26:34 -05:00
HD Moore 36daee08c9 Reverts #4989, support for file: is handled in the options again 2015-04-27 16:07:43 -05:00
Brent Cook 7443af64a6
Land #5247, add RPC API call documentation 2015-04-27 11:13:02 -05:00
Brent Cook a0eb7d0ad3 minor RPC documentation tweaks 2015-04-27 11:11:08 -05:00
Matt Buck 6a4d63ca4f Drop explicit IPAddr to String coercion 
MSP-12611
 2015-04-27 10:48:13 -05:00
HD Moore 1fd601510c
Lands #5194, merges in PowerShell session support & initial payloads 2015-04-26 16:01:51 -05:00
HD Moore 1cebc9f3cb Fallback if the regex fails for some reason 2015-04-26 15:59:36 -05:00
Ben Turner 82fe480c2e Update session to display username and hostname 2015-04-26 21:47:49 +01:00
Ben Turner ea0204b7e5 updates to remove powershell from core 2015-04-26 21:25:30 +01:00
benpturner 76e68fcf4c session info 2015-04-26 20:13:18 +01:00
benpturner 1cc167a7fb Inserted ARCH_X86 payloads, removed interactive_powershell and updated base powershell session 2015-04-26 18:50:42 +01:00
OJ 0d2f97ed2d Add support for config in the x64 bind stager 2015-04-26 14:19:36 +10:00
OJ 6da8a14f62 Initial work on x64 payloads for new config 2015-04-26 13:41:31 +10:00
OJ 6ac3ecfa7c Refactor, add reverse_winhttps support 
Getting closer to a normalised view of what this stuff will look like.
There URL patching is slowly being removed. Reverse HTTPS works fine,
and by default HTTP should too.

Next up, x64 for the same main ones.
 2015-04-26 12:11:14 +10:00
HD Moore d1a836e39c Fix logins where SYSTEM doesnt have SYSDBA privileges 2015-04-25 19:05:11 -05:00
OJ 2455163d24 Refactor configuration for meterpreter payloads (x86) 
RDI is now back to what it was before, as this leaves all the other RDI
style payloads alone. Instead we have a new Meterpreter loader which
does the stuff that is required to make meterpreter work well with the
new configuration options.

This is just the case for reverse_tcp and bind_tcp so far, need to do
the other payloads too, along with all the x64 versions.
 2015-04-26 09:57:30 +10:00
OJ 3a24923361 Force bind to hand over the listen socket 2015-04-25 22:04:58 +10:00
OJ 4ec4868bcf Make bind hand over the listen socket as well 2015-04-25 21:37:32 +10:00
OJ bb77a3a0e6 First pass of refactoring to support new config block 
This is pretty basic stuff, but at least it's reusable.
 2015-04-25 21:36:28 +10:00
OJ 9f1e035c53 Changed required_space check in bind payloads 2015-04-25 21:30:54 +10:00
David Maloney 6c77c4bb52
opening groundwork 
added a priv extension method to open
a stream channel to read ntdsaccounts from
and an NTDS account class to accept the
data and parse it into a useable structure

MSP-12357
 2015-04-24 15:50:12 -05:00
Brent Cook ff96101dba
Land #5218, fix #3816, remove print_debug / DEBUG 2015-04-24 13:41:07 -05:00
Brent Cook 27f6adcd81
Land #5110, teach Http::Response to extract hidden form inputs 2015-04-24 13:30:57 -05:00
wchen-r7 46361c1a19 Final round of documentation 2015-04-24 11:58:12 -05:00
root 4aed12f561 Include if condition in parse_response as per Meatballs1 suggestion 2015-04-24 15:40:35 +05:00
root cf481e94d3 add res.body condition 2015-04-24 12:58:58 +05:00
root 68effe0bc6 Take out irrelevant files 2015-04-24 12:04:02 +05:00
root 028f5e119d sqlmap plugin update to fix connection errors 2015-04-24 12:00:50 +05:00
wchen-r7 6ccc4af4d8 Round 9 of documentation 2015-04-24 01:08:33 -05:00
benpturner 3665c84cab accomodate session type 2015-04-23 23:12:19 +01:00
benpturner 57914b6924 new session type 2015-04-23 23:12:02 +01:00
wchen-r7 d292cc999a Round 8 of documentation 2015-04-23 16:15:11 -05:00
wchen-r7 86a7e36a06 Round 7 of documentation 2015-04-23 15:37:56 -05:00