Commit Graph

10709 Commits (7f27fd0cf2c4ccbd9612e39a85c4fdcece4935ff)

Author SHA1 Message Date
OJ 9300158c9a Initial rework of POSIX stuff to handle new configuration 2015-05-04 18:58:55 +10:00
Brent Cook 7ff3044552 style cleanups and guard search where not implemented 2015-05-04 03:56:17 -05:00
Brent Cook 8cab350275 use the search API when downloading recursive patterns 2015-05-04 03:56:17 -05:00
Brent Cook eefc6f78c6 avoid redownloading files that have not changed 2015-05-04 03:56:16 -05:00
Brent Cook 9672a59b05 support download globbing 2015-05-04 03:56:16 -05:00
Brent Cook 43be856b95 keep the glob going into subdirectories 2015-05-04 03:56:16 -05:00
Brent Cook 8617115483 simplify arg parsing, compute initial stat path correctly 2015-05-04 03:56:15 -05:00
Brent Cook d934027b3b expand glob match 2015-05-04 03:56:15 -05:00
Brent Cook 866955b6fd added -R recursive, glob filtering and a dummy '-l' option 2015-05-04 03:56:14 -05:00
HD Moore a577bef9c3 Rework dirty cleanup to use skip_cleanup instead 2015-05-04 03:52:55 -05:00
HD Moore e7ba6e8a9a Speed up dead session cleanup by skipping shutdown/cleanup 2015-05-04 03:40:48 -05:00
HD Moore 3080feb188 Track the machine_id and drop non-responsive sessions automatically 2015-05-04 03:22:29 -05:00
HD Moore d00f6a8fdf Rework verbose sessions listing to work around table limits 2015-05-04 02:55:31 -05:00
root b47305ba4a Merge branch 'sqlmap_plugin_json_parse_issue' of https://github.com/void-in/metasploit-framework into sqlmap_plugin_json_parse_issue 2015-05-04 10:01:44 +05:00
root 02db66e2f6 Rescue connection refused backtrace 2015-05-04 09:57:53 +05:00
OJ 451484cb0d Add support for transport listing
Includes a verbose flag for the extra HTTP/S properties
2015-05-04 11:19:53 +10:00
William Vu c0adf7f113
Land #5291, HTTPS reference links 2015-05-03 14:33:20 -05:00
HD Moore 8ca66e03aa Track and display the last checkin time for Meterpreter sessions 2015-05-03 10:52:54 -05:00
Christian Mehlmauer 55967172be
allow custom regex 2015-05-02 21:06:15 +02:00
Christian Mehlmauer 9678479abb
check version from custom file 2015-05-02 18:34:10 +02:00
Tom Sellers 480a176415 Initial commit 2015-05-02 10:11:17 -05:00
void_in e5847f0ddc Return only json type from lib as per wchen-7 suggestion 2015-05-02 15:11:59 +05:00
OJ 2189c6d868 Pass timeouts to clients and correctly patch timeouts
Timeouts are correctly passed through to the client instances from the
handlers. The cilent also passes those values through to the RDI code so
that the binaries are correctly patched.
2015-05-02 10:01:32 +10:00
Tom Sellers c441ff81a1 Update comment in wordpress/version.rb
The comment 'All versions are vulnerable' makes sense on line 163 where there is no introduced or fixed version.  On line 175 though there is a fixed version, just no introduced version.  Adjusting comment text.
2015-05-01 17:05:31 -05:00
Brent Cook 8bd2a69112 simplify and fix rpc_get_note 2015-05-01 16:01:07 -05:00
Brent Cook 52b9fc8fca handle unknown host when generating a new note 2015-05-01 15:47:05 -05:00
Brent Cook 8d78135321 pass down the workspace for the other opt_to_* methods 2015-05-01 15:42:04 -05:00
Brent Cook f2504b84be use the same logic with 'get_note' and 'del_note' for selecting notes
factor out the selector from 'get_note' and use it in both places
2015-05-01 15:41:25 -05:00
Brent Cook 29b97f4695 remove superfluous parens on ifs 2015-05-01 15:40:45 -05:00
jvazquez-r7 c6806b4e5f
Land #5102, @wchen-r7's ManageEngine Desktop Central Login Utility 2015-05-01 15:20:21 -05:00
jvazquez-r7 3e7c790db8
Use constants 2015-05-01 15:15:18 -05:00
Brent Cook c3438955d4
Land #5169, stop reading when the HTTP socket is closed 2015-05-01 11:40:49 -05:00
darkbushido 0b608e139a
Merge branch 'upstream' into staging/rails-4.0 2015-05-01 11:26:24 -05:00
David Maloney 2bbae6b9c2
add #to_s to ntds account
added to_s method to the NTDS account
for easy output

MSP-12357
2015-05-01 11:24:23 -05:00
wchen-r7 81744384c2 Actually fix del_note 2015-04-30 17:02:06 -05:00
wchen-r7 11f9c010ce Change documentation 2015-04-30 16:46:01 -05:00
David Maloney 18874fe384
fixes Issue #5272 on report_vuln
use includes instead of joins so that refs on
the vuln are not marked as readonly
2015-04-30 15:21:56 -05:00
wchen-r7 e79780d885 Fix #5240 2015-04-30 15:20:29 -05:00
wchen-r7 3b42265c98 Fix #5239 2015-04-30 15:20:04 -05:00
wchen-r7 440005d302 Fix #5237 2015-04-30 15:10:13 -05:00
wchen-r7 f315eb4afd Fix #5236 2015-04-30 15:07:11 -05:00
David Maloney acb833bd09
NTDS::Parser class built out
the NTDS Parser class will take a meterpreter
client and a fielpath and provide an enumerator for reading
out the user accounts as ruby objects

MSP-12357
2015-04-30 14:57:30 -05:00
wchen-r7 70ab938951 Fix #5229 2015-04-30 14:56:30 -05:00
wchen-r7 f43e4f9447 Fix #5238 2015-04-30 13:49:13 -05:00
wchen-r7 89d026c900 Fix merge conflict 2015-04-30 12:33:45 -05:00
Matt Buck 912f41292a
Drop some unused code 2015-04-30 11:25:57 -05:00
William Vu 2d2c946044
Land #5279, fix for msfconsole -o 2015-04-30 11:23:44 -05:00
Matt Buck 3f797e4393 Reinstate some to_s coercions that were mistakenly dropped 2015-04-30 11:13:48 -05:00
James Lee 3e40433f00
Add an alias for write
Fixes #4971
2015-04-30 08:56:16 -05:00
OJ 8ddd7a4891 Fix session removal code, prevent missing transport param fail 2015-04-30 22:39:48 +10:00
Brent Cook 4c9f44b00c
Revert "Land #4888, @h00die's brocade credential bruteforcer"
There were some issues with this module that caused backtraces when run outside
of msfconsole. Reverting it for now so we can add some specs and ensure that it
works like the other login scanners.
2015-04-29 15:36:03 -05:00
William Vu b41aa0e617 Fix NoMethodError for rhost
Can't rely on it to be defined (kinda like peer).
2015-04-29 15:14:41 -05:00
David Maloney 2847bc8a6b
a little more yard 2015-04-29 14:53:08 -05:00
David Maloney 1f66840533
add YARD docs to NTDS Account
added yard around the attrs for the NTDS::Account
class

MSP-12357
2015-04-29 12:53:54 -05:00
Brent Cook 9386d1ca6d remove unused mod_ranked attribute 2015-04-28 22:27:09 -05:00
Brent Cook 7b7f40baa4 remove modules that cannot be instantiated 2015-04-28 22:21:31 -05:00
Brent Cook 0caeee32fe replace sort with sort_by 2015-04-28 21:39:37 -05:00
Matt Buck 8163c3cdda Merge branch 'master' into staging/rails-4.0
Conflicts:
	Gemfile.lock
	plugins/nessus.rb
2015-04-28 15:33:46 -05:00
David Maloney e220ccfda0
Merge branch 'master' into feature/MSP-12357/meterp-ntds 2015-04-28 08:25:09 -05:00
OJ 919b96e4cf Fix up UUID handling 2015-04-28 21:59:19 +10:00
OJ 4f9c8d04a2 Add support for moving transports and uuid fetching
The 'next' and 'prev' commands were added so that the session can jump
transports without having to add new ones at the same time.

There's also a command which gives the UUID now so that this can be
reused across sessions.
2015-04-28 20:24:44 +10:00
OJ f711e5dee7 Update migration support
Migration now uses the new meterpreter loader. Migration configuration
is loaded and created by meterpreter on the fly, and supports the
multiple transport stuff that's just been wired in.
2015-04-28 17:41:43 +10:00
OJ fca4d852a1 Remove the passing on off listen socket values 2015-04-28 13:51:48 +10:00
OJ d82bfb0692 Reorder params, fix up the transport termination 2015-04-28 13:03:40 +10:00
OJ c41f4bd59f Fix up http/s a little
Correctly check the URL against the non-widechar version. Get the SSL
verification stuff working again.
2015-04-28 09:44:48 +10:00
OJ 1ca5188c5e Change the payload to use IPv6 formats if required 2015-04-28 07:44:21 +10:00
OJ f3e547ca92 Remvoe the exitfunk from the loader
Meterpreter handles the exitfunk internally as part of the config now
2015-04-28 07:43:26 +10:00
HD Moore c3f18aa899 Complete the #4989 revert 2015-04-27 16:26:34 -05:00
HD Moore 36daee08c9 Reverts #4989, support for file: is handled in the options again 2015-04-27 16:07:43 -05:00
Brent Cook 7443af64a6
Land #5247, add RPC API call documentation 2015-04-27 11:13:02 -05:00
Brent Cook a0eb7d0ad3 minor RPC documentation tweaks 2015-04-27 11:11:08 -05:00
Matt Buck 6a4d63ca4f Drop explicit IPAddr to String coercion
MSP-12611
2015-04-27 10:48:13 -05:00
HD Moore 1fd601510c
Lands #5194, merges in PowerShell session support & initial payloads 2015-04-26 16:01:51 -05:00
HD Moore 1cebc9f3cb Fallback if the regex fails for some reason 2015-04-26 15:59:36 -05:00
Ben Turner 82fe480c2e Update session to display username and hostname 2015-04-26 21:47:49 +01:00
Ben Turner ea0204b7e5 updates to remove powershell from core 2015-04-26 21:25:30 +01:00
benpturner 76e68fcf4c session info 2015-04-26 20:13:18 +01:00
benpturner 1cc167a7fb Inserted ARCH_X86 payloads, removed interactive_powershell and updated base powershell session 2015-04-26 18:50:42 +01:00
OJ 0d2f97ed2d Add support for config in the x64 bind stager 2015-04-26 14:19:36 +10:00
OJ 6da8a14f62 Initial work on x64 payloads for new config 2015-04-26 13:41:31 +10:00
OJ 6ac3ecfa7c Refactor, add reverse_winhttps support
Getting closer to a normalised view of what this stuff will look like.
There URL patching is slowly being removed. Reverse HTTPS works fine,
and by default HTTP should too.

Next up, x64 for the same main ones.
2015-04-26 12:11:14 +10:00
HD Moore d1a836e39c Fix logins where SYSTEM doesnt have SYSDBA privileges 2015-04-25 19:05:11 -05:00
OJ 2455163d24 Refactor configuration for meterpreter payloads (x86)
RDI is now back to what it was before, as this leaves all the other RDI
style payloads alone. Instead we have a new Meterpreter loader which
does the stuff that is required to make meterpreter work well with the
new configuration options.

This is just the case for reverse_tcp and bind_tcp so far, need to do
the other payloads too, along with all the x64 versions.
2015-04-26 09:57:30 +10:00
OJ 3a24923361 Force bind to hand over the listen socket 2015-04-25 22:04:58 +10:00
OJ 4ec4868bcf Make bind hand over the listen socket as well 2015-04-25 21:37:32 +10:00
OJ bb77a3a0e6 First pass of refactoring to support new config block
This is pretty basic stuff, but at least it's reusable.
2015-04-25 21:36:28 +10:00
OJ 9f1e035c53 Changed required_space check in bind payloads 2015-04-25 21:30:54 +10:00
David Maloney 6c77c4bb52
opening groundwork
added a priv extension method to open
a stream channel to read ntdsaccounts from
and an NTDS account class to accept the
data and parse it into a useable structure

MSP-12357
2015-04-24 15:50:12 -05:00
Brent Cook ff96101dba
Land #5218, fix #3816, remove print_debug / DEBUG 2015-04-24 13:41:07 -05:00
Brent Cook 27f6adcd81
Land #5110, teach Http::Response to extract hidden form inputs 2015-04-24 13:30:57 -05:00
wchen-r7 46361c1a19 Final round of documentation 2015-04-24 11:58:12 -05:00
root 4aed12f561 Include if condition in parse_response as per Meatballs1 suggestion 2015-04-24 15:40:35 +05:00
root cf481e94d3 add res.body condition 2015-04-24 12:58:58 +05:00
root 68effe0bc6 Take out irrelevant files 2015-04-24 12:04:02 +05:00
root 028f5e119d sqlmap plugin update to fix connection errors 2015-04-24 12:00:50 +05:00
wchen-r7 6ccc4af4d8 Round 9 of documentation 2015-04-24 01:08:33 -05:00
benpturner 3665c84cab accomodate session type 2015-04-23 23:12:19 +01:00
benpturner 57914b6924 new session type 2015-04-23 23:12:02 +01:00
wchen-r7 d292cc999a Round 8 of documentation 2015-04-23 16:15:11 -05:00
wchen-r7 86a7e36a06 Round 7 of documentation 2015-04-23 15:37:56 -05:00
wchen-r7 3c50feb3d6 Round 6 of documentation 2015-04-23 12:34:39 -05:00
wchen-r7 cbac6d1a0b Round 5 of documentation 2015-04-23 11:54:58 -05:00
OJ 1b11322618 Remove STDERR debug statement 2015-04-23 19:36:17 +10:00
root 19beafe009 scan_export_status patch for issue 5217 2015-04-23 12:04:02 +05:00
wchen-r7 f6bd747f57 Round 4 of documentation 2015-04-22 22:15:30 -05:00
wchen-r7 6bac759a18 Round 3 of documentation 2015-04-22 17:01:31 -05:00
wchen-r7 39f206b31a Round 2 of documentation 2015-04-22 12:10:28 -05:00
root 40107577a0 Case insensitive plugin unload 2015-04-22 11:04:46 +05:00
wchen-r7 4add4074e1 First round of RPC API documentation
Resolve #5209
2015-04-22 01:02:05 -05:00
jvazquez-r7 b6df023c99
Land #4989, @hmoore-r7's change to file: handling
Datastore options with file: are handled at set time
2015-04-21 23:21:22 -05:00
Brent Cook 3963289519
Land #4888, @h00die's brocade credential bruteforcer 2015-04-21 18:27:03 -05:00
Trevor Rosen 8f5d222e53
Land #5156 - module ranking properly handles nil 2015-04-21 14:40:01 -05:00
Spencer McIntyre edbf9b766f
Land #5100, @bcook-r7's deletekey API usage fix
Fixes #5099
2015-04-21 12:58:02 -04:00
jvazquez-r7 4224008709
Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
rwhitcroft 70f94bbd96 break loop if socket is closed 2015-04-21 11:09:17 -04:00
OJ c8bab6ace1 Fix help for timeouts 2015-04-21 20:35:46 +10:00
OJ f654fea9b3 Adjust transport command to work with posix 2015-04-21 20:16:57 +10:00
OJ 86957d9b07
Merge branch 'upstream/master' into connection-recovery 2015-04-21 20:01:59 +10:00
jvazquez-r7 66d23e3b5e
Delete file: validation on normalization again 2015-04-20 23:52:17 -05:00
jvazquez-r7 57df5c4f4f
Solve conflics 2015-04-20 23:38:34 -05:00
Brent Cook 8aca4539c9
Land #5152, undefined var in WinRM_Login 2015-04-20 23:01:11 -05:00
Brent Cook ab33fc8eba
Land #5211, parse nmap's tunnel attribute 2015-04-20 22:53:34 -05:00
Brent Cook ee07809fd8
Land #5190, 64-bit meterpreter persistence script 2015-04-20 22:32:57 -05:00
William Vu 74ad81c90c Consolidate tunnel check into name check 2015-04-20 21:18:12 -05:00
jvazquez-r7 831e65261d
Add lengths specs 2015-04-20 17:37:41 -05:00
William Vu 741149058c Report unknown service names for consistency 2015-04-20 17:22:19 -05:00
Meatballs 381f6ffe0a
HTA Powershell template 2015-04-20 23:19:54 +01:00
William Vu d894502148 Update legacy Nmap XML parser 2015-04-20 17:15:35 -05:00
William Vu 1a66786d1b Fix Nmap XML parser for tunnel attribute 2015-04-20 17:04:19 -05:00
jvazquez-r7 329e28c47c
Keep the old value if value can't be loaded from file 2015-04-20 16:29:11 -05:00
William Vu c7129e063c
Land #5069, breaking up with old options 2015-04-20 16:23:44 -05:00
jvazquez-r7 c629d8593a
Solve my own concerning about race conditions, just in case... 2015-04-20 16:19:29 -05:00
James Lee d67f7a21d9
Move autoloads into OptionContainer
This seems like a better place for them to live
2015-04-20 15:54:42 -05:00
James Lee da0e7282d5
Replace some unnecessary eval action.
Metaprogramming should be reserved for when you don't know things. Here
we're making methods from literal strings, so replace the
metaprogramming with much easier to understand regular programming. Also
has the benefit that yard can parse it.
2015-04-20 15:54:41 -05:00
James Lee b64d881914
Make OptionContainer docs a little more useful 2015-04-20 15:54:40 -05:00
James Lee 3a5af3939d
Split all the option classes into their own files 2015-04-20 15:54:40 -05:00
jvazquez-r7 1b85cd2853
Use single quotes 2015-04-20 15:53:58 -05:00
jvazquez-r7 a56dd5d1ff
Do minor style cleanup 2015-04-20 15:44:45 -05:00
William Vu 79ca0a56f9
Land #4171, Steam protocol support 2015-04-20 15:35:06 -05:00
Christian Mehlmauer 668961b69d
fix some yarddoc issues 2015-04-20 00:06:59 +02:00
OJ e7babc4acb Fix persistence script to support x64 payloads 2015-04-19 12:41:51 +10:00
OJ 19f8a76475 Porting bind_tcp for posix to metasm
And supporting SO_REUSEADDR and stageless meterp
2015-04-18 19:19:40 +10:00
wchen-r7 37613adebb Improve developer experience for fail_with
The fail_with for an exploit is used differently than a non-exploit,
so it would be nice to document about this. Also, be strict about
the reason for the exploit one, because this can affect other
components of Metasploit.
2015-04-17 15:55:22 -05:00
Brent Cook 2a327b7c91
Land #5116, better handle platform and arch in msfvenom 2015-04-17 10:55:41 -05:00
Meatballs b229e87940
Create VBA powershell 2015-04-17 16:52:12 +01:00
OJ 97912882ca Adjustments for POSIX meterpreter patching 2015-04-17 19:53:05 +10:00
Brent Cook 3107d99b9a Use the same URI that was registered when we deregister
The original URI is registered as '/foobar/' but is deregistered as
'//foobar/', causing it to never get deregistered. Changing this fixes
unregistration of the service handler for staged payloads, but stageless
doesn't work properly if the URI actually gets deregistered.
2015-04-17 03:20:24 -05:00
Brent Cook 18225780da cleanup HTTP and HTTPS listeners when sessions are closed
Rather than listening forever after a session shuts down, close the session if
there are no other URI's registered on the listener. This allows reconfiguring
the listener without restarting framework, but should be safe for situations
where multiple modules share the same listener.
2015-04-17 02:41:24 -05:00
OJ eb7155d533 Remove debug print 2015-04-17 16:25:42 +10:00
OJ 0a8b29dd86 Merge branch 'upstream/master' into connection-recovery
Conflicts:
	lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb
2015-04-17 14:40:21 +10:00
OJ e0cd4a4d44
Merge branch 'upstream/master' into multi-session-stageless 2015-04-17 12:46:20 +10:00
wchen-r7 f280e5191b I forgot to move this require statement 2015-04-16 21:11:09 -05:00
wchen-r7 3493d25ff9 Move all this to Rex 2015-04-16 21:07:23 -05:00
William Vu 7a4494a81f
Land #5173, moar fail_with fixes 2015-04-16 17:27:02 -05:00
Christian Mehlmauer 153344a1dd
fix Unkown typo 2015-04-16 23:59:28 +02:00
Brent Cook 9bf897a829
Land #4744, refactor powershell for msfvenom psh-cmd 2015-04-16 15:44:57 -05:00
rwhitcroft 602e9c8df1 Update client.rb 2015-04-16 16:06:16 -04:00
Christian Mehlmauer 69d3c26746
fix documentation 2015-04-16 21:28:16 +02:00
rwhitcroft 6ef86b69a7 Fix loop spinning in HttpClient 2015-04-16 10:49:47 -04:00
Christian Mehlmauer dc8f266345
fix readme detection bug 2015-04-16 14:57:29 +02:00
Christian Mehlmauer 9df09a1d60 readme detection 2015-04-16 14:41:30 +02:00
William Vu 2bdcc178ef Remove extraneous addition 2015-04-16 02:30:09 -05:00
William Vu 42ff0decc7
Land #4722, timing options for snmp_login 2015-04-16 02:25:29 -05:00
William Vu 88062a578d Clean up PR 2015-04-16 02:25:06 -05:00
William Vu 01625e3bba
Land #5148, DRY BSD/OS X shellcode
Also fix a semi-regression in the Rootpipe exploit.
2015-04-16 02:08:18 -05:00
Luke Imhoff 9aa0159342
Green rank_modules ranks unloadable as Manual
MSP-12557

Was calling `.class` blindly on the output of `create`, but `nil` has a
class, `NilClass`, so it didn't call `module_rank` as expected and
assigned NormaLRanking to `nil` instead of ManualRanking.
2015-04-15 16:10:51 -05:00
Matt Buck e82fb5f836
Merge branch 'master' into staging/rails-4.0
Conflicts:
	Gemfile.lock
	lib/msf/ui/console/command_dispatcher/db.rb
	metasploit-framework-db.gemspec
	metasploit-framework.gemspec
2015-04-15 14:04:35 -05:00
Luke Imhoff 4de35e8832
Green Msf::ModuleSet#rank_modules with create -> nil
MSP-12557

Extract Msf::ModuleSet#module_rank to handle getting the module rank if
the Metasploit Module is already loaded, needs to be loaded, or can't be
loaded.  If a Metasploit Module can't be loaded it is ranked as
Msf::ManualRanking.  If is loaded or can be loaded and it doesn't define
Rank, it gets the Msf::NormalRanking as before.  Finally, if it is
loaded or can be loaded and defines Rank, that is used as before.
2015-04-15 12:35:01 -05:00
Meatballs 926db59a8c
credential doesn't exist in this context 2015-04-15 15:48:21 +01:00
joev 5f4ab3d2ab The setres* stubs are not implemented in OSX. 2015-04-14 23:33:16 -05:00
joev 0d19b5d4c3 Fix require order issue. 2015-04-14 23:23:02 -05:00
joev e56590e1e3 DRY up common code between BSD / OSX. 2015-04-14 23:08:57 -05:00
Luke Imhoff c971bc930c
Mark app/concerns as autoload
To work with metasploit-concern 0.4.0 prerelease not deriving
app/concerns from root and to ensure it is does not inherit eager_load
from app.
2015-04-14 15:06:59 -05:00
Luke Imhoff 4c407ce962
Merge branch 'bug/MSP-12529/missing-require-metasploit-credential' into bug/MSP-12550/app-concerns-eager-load
MSP-12550
2015-04-14 14:42:54 -05:00
Brent Cook 75b559eea3
Land #5081, meterpreter certificate hash check controls 2015-04-14 10:46:13 -05:00
Brent Cook 7f56c07b64 add missing sslhash attribute 2015-04-14 10:45:44 -05:00
Tod Beardsley 97e715b1ce
Land #5139, metasm/ruby signedness fix 2015-04-14 10:26:23 -05:00
OJ 4e49964c15 Add support for init_connect for stageless payloads
This new mode for HTTP/S stageless allows the stageless payload to be
reused without MSF believing that the session has already been
initialised.
2015-04-14 16:43:07 +10:00
sinn3r 61b709b8c5 Extra space in message "Local IP:" 2015-04-14 01:34:07 -05:00
William Vu e114c85044
Land #5127, x64 OS X prepend stubs 'n' stuff 2015-04-14 01:25:39 -05:00
William Vu 8d1126eaa5
Land #5129, x64 BSD prepend stubs 'n' stuff 2015-04-14 01:24:50 -05:00
Brent Cook 3860bbabbb Avoid generating labels with '..' in them with metasm
So, metasm generates labels for the assembler using "%x" % string.object_id. If
the pointer for string.object_id begins with the most significant digit set, it
looks like a sign-extended 2's complement number (negative), and gets formatted
by ruby as '..f1412300' or similar. On 32-bit platforms, there is rather high
chance of randomly ending up with a label like 'goto_test_uuid..f1234560:',
which is a parse error.

This patch simply takes the absolute value of the object_id to avoid negative
interpretations.  This fixes hiesenbugs using metasm's C compiler on 32-bit
platforms.
2015-04-13 22:43:18 -05:00
root 51dd88114b Fix grammer in comments 2015-04-13 13:21:41 +05:00
OJ 1c5de59d99 Add support for the set of timeout values
This removes the need for a separate get call behind the scenes as
meterpreter does get and set in a single call.
2015-04-13 10:42:05 +10:00
OJ ec7fab7ef6 Add support for getting transport timeouts 2015-04-13 10:07:50 +10:00
joev 2d3614f647 Implement x64 BSD exec and exe template.
- Fixes bug in CachedSize due to all options being set
- Adds new payload to payload_spec.
2015-04-12 12:17:25 -05:00
joev 92c12de6db Fix invalid datastore options. 2015-04-12 00:54:10 -05:00
joev eaab665a6d Remove #generate patch, specs will fail again. 2015-04-12 00:07:39 -05:00
joev 60d98ba892 Implement the remaining syscalls. 2015-04-12 00:02:29 -05:00
joev 3fe6fb44b9 Prevent this from changing cache size. 2015-04-11 23:44:56 -05:00
joev c132a3fb0a Fix OSX prepends and implement x64 setreuid. 2015-04-11 20:04:21 -05:00
jvazquez-r7 656abac13c Use keyword arguments 2015-04-10 18:03:45 -05:00
jvazquez-r7 1720d4cd83
Introduce get_file_contents 2015-04-10 17:34:00 -05:00
William Vu d5903ca5b2
Land #5126, Meterpreter edit command fix 2015-04-10 17:19:33 -05:00
William Vu 9625504f5b
Land #5121, timestomp arg/opt order fix 2015-04-10 17:18:14 -05:00
William Vu 8acc768da7 Copy documentation 2015-04-10 17:17:54 -05:00
jvazquez-r7 ca6a5cad17
support changing files 2015-04-10 16:53:12 -05:00
Matt Buck 9f15824e2a
Merge branch 'master' into staging/rails-4.0
Conflicts:
	Gemfile.lock
2015-04-10 15:35:27 -05:00
rwhitcroft 64c2bf3227 don't raise exception if file download fails 2015-04-10 16:23:33 -04:00
sinn3r 284ef5bbbb
Land #5112, Nessus REST Login Module 2015-04-10 13:32:53 -05:00
root 19fe226b30 Correct a minor typo 2015-04-10 22:37:14 +05:00
sinn3r 90d525088c Green rspec 2015-04-10 11:36:23 -05:00
root 8c0d5d66d0 Add spec file 2015-04-10 15:32:03 +05:00
OJ 91202e2447 Port of reverse_tcp payload to metasm 2015-04-10 17:46:27 +10:00
William Vu 38037062b2
Land #5115, vulns -R support 2015-04-10 01:51:41 -05:00
OJ fadb13b8ef Porting block api, exitfunk, bind to metasm
Also add the flag which lets the bind stager leave the listen socket
open.
2015-04-10 16:23:03 +10:00
rwhitcroft b5f4b72b51 fix timestomp arg parsing 2015-04-10 00:28:35 -04:00
HD Moore 1d166c1ef6 Don't lookup nil platform, prevents a stack trace w/64-bit reverse_https 2015-04-09 17:18:42 -05:00
William Vu 6fbdb51246 Clean up vulns -R and a few others 2015-04-09 16:52:23 -05:00
sekritskwurl 0d6fb3dd6b vulns command with -R --rhosts 2015-04-09 17:01:18 -04:00
sinn3r 56793d11c8 Fix #4866, msfvenom not properly handling platform & arch
This fixes #4866, an issue with msfvenom not properly handling special
cases with generic payloads. So the story behind this fix is that
we have these two problems:

Problem 1: The current payload selection design relies on the payload
module in order to set the platform and arch. Almost all MSF payloads
contain a default platform and arch, however, the bind and reverse
generic payloads don't.

Problem 2: By default, Msf::Payload::Generic also explicitly sets the
PLATFORM and ARCH datastore options to nil. So there is no way the
payload generator can figure out what platform and arch to use.

As a result of these problems, msfvenom will actually end up getting
a Msf::Module::Platform as the default platform, which doesn't
actually represent any valid platform we can use (such as
Msf::Module::Platform::Windows). And the first item of ARCH_ALL for
the arch.

In addition, msfvenom has these two arguments that the user can use:
--platform and --arch. In most cases, these arguments are used more
like checks than actually setting anything. Because remember:
Framework's payload selector retreives the platform & arch from the
module (trusted), not the user input (untrusted). But from the user's
perspective it's impossible to know this.

After experimenting different ways to fix this, I came up with this
patch. It feels sort of more like a hack than a real fix, but as
far as I can tell, this is the best you can get unless you want to
redesign generic payload selection.
2015-04-09 16:01:11 -05:00
HD Moore ec28992ce2
Lands #5113, fixes IPv6 support for stageless 2015-04-09 09:29:40 -05:00
Luke Imhoff 8b56286e66
Try to require 'metasploit/credential' when including Metasploit::Credential::Creation
MSP-12529

By convention, the top-level require of any gem should always be
required before trying to use any inner require.
2015-04-09 09:05:38 -05:00
OJ c83a763150 Fix IPv6 issues in staged and stageless
* Stageless payloads weren't adding brackets around IPv6 hosts.
* Staged HTTP handler was using an undefined function to check for IPv6
addresses when host header overriding was disabled.
2015-04-09 23:33:10 +10:00
OJ 809409d8c4 Lots of changes to support moving timeouts to common spots
Session expiry, comms timeout, retry total/wait are all now part of all
of the meterpreter payloads as these are going to be used for
maintaining access with resiliency and will aim for consistency across
the payload types.
2015-04-09 17:57:43 +10:00
Anant Shrivastava 2b5ba7d12d fixed a typo
a typo fixed in help. 
command and not commannd
2015-04-09 12:11:46 +05:30
root b6e750d7eb Nessus auxiliary scanner for updated REST API 2015-04-09 11:36:17 +05:00
sinn3r 3fc25a00d8 Make sure we are only grabbing hidden inputs 2015-04-09 01:09:00 -05:00
sinn3r 59d89f4846 rm junk comments 2015-04-09 00:59:14 -05:00
sinn3r 717120b8c5 Add #get_hidden_inputs for Metasploit::Framework::LoginScanner::HTTP 2015-04-09 00:34:09 -05:00
Roberto Soares 1591c92547 Add the "all" option for the uictl 2015-04-09 01:04:50 -03:00
OJ bc5fd4b813 A few adjustments to make bind_tcp keep listen sockets open 2015-04-09 08:46:35 +10:00
Brent Cook e03f2df691
Land #5002, RMI/JMX improvements 2015-04-08 15:23:29 -05:00
sinn3r f51eaef765 Add rspec 2015-04-08 02:33:27 -05:00
sinn3r 5f389cf3c2 Add ManageEngine Desktop Central Login Utility 2015-04-08 02:05:56 -05:00
HD Moore e7a4ee637a Port windows reverse_tcp|bind_tcp to Metasm, add error handling
Conflicts:
	lib/msf/core/payload/windows/bind_tcp.rb
	modules/payloads/stagers/windows/bind_tcp.rb

Cherry-picked form @hmoore-r7's repo.
2015-04-08 16:21:10 +10:00
OJ 9ebcb27929 Merge branch 'upstream/master' into connection-recovery 2015-04-08 15:48:21 +10:00
OJ a9804dff62 Initial work to support fault-tolerant connectivity
This code adjusts the bind_tcp stager for x86 so that the listener
socket isn't close for meterpreter payloads. This means that meterpreter
can make an educated guess as to whether or not the payload was a bind
or tcp payload, and from there can attempt to establish communications
in the same way as before should something break along the way.

Some simple adjustments to the x64 meterpreter stage as well, but more
to come here.
2015-04-08 14:41:32 +10:00
Brent Cook b22ff676e2
Land #5090: remove unused partial openssh compat code 2015-04-07 23:14:07 -05:00
Brent Cook 27fa8791f9
Land #5095 - OJ adds stageless http transports 2015-04-07 22:58:36 -05:00
OJ 9fd40870d0 Update http(s) generator functions
Methods now require a hash. I went with the hash because 1) that's what
we seem to use everywhere else, and 2) I couldn't get the new keyword
arguments working nicely with the block syntax (I'm clearly stupid).
2015-04-08 07:56:54 +10:00
Brent Cook db9a3d167a fix deletekey API usage from the meterpreter CLI
There is an old-looking bug where the deletekey command opens the key it tries
to delete, then deletes the same key name again. Basically, it uses the wrong
level of indirection.
2015-04-07 15:34:23 -05:00
Brent Cook a54182a562
Land #5088: @rwhitcroft fix premature close on connect -i 2015-04-07 14:00:16 -05:00
Brent Cook 84411be606
Land #5097: resolve UUID namespace issues with pro 2015-04-07 13:16:28 -05:00
HD Moore 8cc48e05a8 Make Polyglot happy 2015-04-07 13:08:58 -05:00
HD Moore 9bce08b813 This change avoids namespace collisions around the Abbrev class 2015-04-07 13:06:26 -05:00
Samuel Huckins bac3c80d7e
Land 5093, workaround for when cache is being built 2015-04-07 12:02:30 -05:00
OJ 53d5b97634 Add support for UUID generation in transport switching
If the session doesn't have a payload UUID we now generate one as best
we can. This code will probably go away when TCP related transports have
had the UUID stuf baked in.
2015-04-07 17:25:55 +10:00
OJ 15313243cc Use UUID instead of old skool URIs
This uses HD's UUID stuff to generate a new URI for the transport.
Currently we don't have UUID support for TCP connections, but that's
coming.

Still do to: generation of a valid UUID for payloads that don't already
have one.
2015-04-07 16:00:30 +10:00
OJ 2977cbd42a Merge branch 'upstream/master' into dynamic-transport 2015-04-07 14:30:48 +10:00
OJ 84397f5db0 Remove unused commented-out code 2015-04-07 12:47:18 +10:00
OJ 8f58e08c13 Add support for stageless reverse_http payloads
This includes both x64 and x86.
2015-04-07 11:01:24 +10:00
OJ 38a77c930e
Land #5072 : Support and embed payload UUIDs 2015-04-07 10:10:36 +10:00
James Lee 83cf1ad8ce
Instantiate to get name if we don't have cache yet
Fixes #5086
2015-04-06 18:59:38 -05:00
Christian Catalan 75343ef30c
Remove unneccesary match_set in MatchResult.create
MSP-12516

* Fixes UknownAttribute error for match_set in Rails 4
2015-04-06 16:36:37 -05:00
William Vu 21d0d6ceb3 Remove dead code from Net::SSH
Triggers uninitialized constant COMPAT_OLD_DHGEX, which was removed in
1664a4b5e8. Somehow, this file was missed
when syncing with upstream.
2015-04-06 15:59:09 -05:00
rwhitcroft 8cbc98fc47 fix #5074 - missing thread join 2015-04-06 16:21:07 -04:00
William Vu 5f8d58f214 Use framework.db.active 2015-04-06 14:08:10 -05:00
Matt Buck 5e2d6c27c3
Merge branch 'master' into staging/rails-4.0
Conflicts:
	Gemfile.lock
	db/schema.rb
	lib/msf/core/db_manager/session.rb
	metasploit-framework-db.gemspec
2015-04-06 11:27:00 -05:00
HD Moore 6811aebb1c Merge pull request #11 from OJ/hd-payload-uuids
Add trailing slash to stageless URI
2015-04-06 10:57:41 -05:00
HD Moore 98c95104da Use ||= for consistency 2015-04-06 10:55:14 -05:00
James Lee 566c330b83
Add workspace to prompt format options 2015-04-06 09:19:49 -05:00
OJ 9b502b904f Add trailing slash to stageless URI
Without the trailing slash, stageless payloads take a nasty turn.
2015-04-06 19:53:02 +10:00
OJ 4635bb83c3 Implement ssl verification toggling
Add support to meterpreter that allows for the querying and toggling of
SSL certificate verification on the fly.

In order to verify that the socket was SSL-enabled, some rejigging had
to be done of the type? method in the ssl socket class.
2015-04-06 14:40:59 +10:00
HD Moore 3c59519811 Add PayloadUUIDRaw for manual PUID specification 2015-04-05 23:25:52 -05:00
HD Moore 96f8a45b0d Additional yardoc comments for the UUID class 2015-04-05 23:16:24 -05:00
HD Moore 8bcdddfd04 Fix yardoc comment, thanks @void-in! 2015-04-05 22:09:35 -05:00
jvazquez-r7 261ef51813
Add Rex::Java::Serialization exceptions 2015-04-05 18:43:03 -05:00
jvazquez-r7 2e52817b24
Add DecodeError 2015-04-05 18:16:19 -05:00
jvazquez-r7 85a70d401b
Introduce Rex::Proto::Rmi::DecodeError 2015-04-05 18:15:04 -05:00
jvazquez-r7 3570fc586f
Use constants for JMX serial version uids 2015-04-05 16:23:39 -05:00
jvazquez-r7 46a225cbec Don't store Exception in a variable 2015-04-05 15:59:52 -05:00
jvazquez-r7 72c36eb23e Use concatenation 2015-04-05 15:57:50 -05:00
Jon Cave b1a7e77fa9 Correct domain controller server type constants
The should be specified in hex as BAKCTRL is 16, not 10. CTRL should
be 8. See documentation for NetServerEnum.
2015-04-05 11:12:18 +01:00
Meatballs ebf77cd02d
Merge remote-tracking branch 'upstream/master' into msfvenom_psh_squash
Conflicts:
	lib/msf/util/exe.rb
2015-04-05 00:24:48 +01:00
HD Moore c9696d3f6c Merge in stageless/transport work, deconflict 2015-04-04 11:52:26 -07:00
Brent Cook 57395deb1d
Land #5056, @wchen-r7 explicit recog require 2015-04-03 17:06:47 -05:00
Brent Cook 5589717323
Land #5058, @wvu-r7's default workspace saving 2015-04-03 16:53:21 -05:00
William Vu 6c2585cd79 Don't recreate saved workspace 2015-04-03 16:44:36 -05:00
Tod Beardsley 72b9647b31
Land #5057, CVE fixups 2015-04-03 16:36:11 -05:00
Brent Cook e5443e74ed Merge branch 'upstream-master' into land-3950-chain-encoders 2015-04-03 15:18:06 -05:00
jvazquez-r7 e3bbb7c297 Solve conflicts 2015-04-03 14:57:49 -05:00
jvazquez-r7 75c6341dd8
Fix raise 2015-04-03 14:18:15 -05:00
jvazquez-r7 6c36a82f78
Land #5059, @void-in's documentation clean up 2015-04-03 14:16:34 -05:00
jvazquez-r7 fe5ddc01ad
Fix return documentation 2015-04-03 14:16:06 -05:00
jvazquez-r7 b0042f1cf2
Undo java serialization and RMI fixes 2015-04-03 14:07:49 -05:00
jvazquez-r7 11d372b015
Fix YARD documentation
* Thanks @void-in
* See #5059
2015-04-03 14:01:31 -05:00
Fernando Arias 6455862484 Merge branch 'staging/rails-4.0' of github.com:rapid7/metasploit-framework into staging/rails-4.0
Conflicts:
	Gemfile.lock
	metasploit-framework.gemspec
2015-04-03 13:56:38 -05:00
OJ 3b3e969a1c
Land #5023 : support for IE11 in fingerprint_user_agent 2015-04-03 21:12:00 +10:00
root 0dd987d873 Updated as per jlee-r7 feedback 2015-04-03 10:17:54 +05:00
OJ c4b7426ba8 Merge branch 'upstream/master' into dynamic-transport 2015-04-03 13:57:24 +10:00
OJ fd043d4842 Fix up build and missing uri_checksum stuff
Somehow this made it into a merge when it shouldn't have. This fix moves
the URI checksum module to where it needs to be and updates all the
references where required. This will result in a class with the dynamic
transport branch, but I can fix that after.
2015-04-03 13:42:25 +10:00
OJ fc44f5b1f4 Merge branch 'upstrea/master' into dynamic-transport
Small merge required with the https payload proxy changes.
2015-04-03 10:14:48 +10:00
OJ 5b5dc3ef59 Merge branch 'upstream/master' into stageless-x64
Merge required adjustment of the proxy datastore names that were changed.
2015-04-03 08:53:09 +10:00
David Maloney 1684bfec9e
add missing data to loginscanner results
the chef web ui and symantec web gateway
loginscanners do not save the target(host/port/proto) info
in the Result object. This can cause modules to break as they
expected the Result to contain that information

MSP-12499
2015-04-02 13:53:45 -05:00
OJ d2d68d76a2 Update transport switching to a full blown command
Transport switching should now support all of the bits and pieces
required to do full switching with all configurable transport options
2015-04-02 23:13:59 +10:00
root 27353d62ca Discard local changes to non relevant files 2015-04-02 16:21:43 +05:00
root 4ba761986f Correct YARD doc comments 2015-04-02 16:14:25 +05:00
OJ 47fa97816d Code fixes as per suggestions, fix build
* Use of `ERROR_FAILURE_WINDOWS` in python meterpreter.
* Moving of constants/logic to client_core instead of
command_dispatcher.
* Fix spec include.
2015-04-02 09:05:38 +10:00
William Vu 8140b0ee6c Update Qualys importers for the new CVE format 2015-04-01 17:50:18 -05:00
William Vu c55e200416 Add workspace saving to msfconsole's save command 2015-04-01 17:31:43 -05:00
sinn3r e972357aeb Fix #4471, uninitialized constant Msf::Exploit::Remote::SMB::Recog
Fix #4471

Seems to be specific to Kali
2015-04-01 16:35:23 -05:00
sinn3r e1adcfee1e No case sensitive 2015-04-01 16:14:54 -05:00
James Lee 8c1a597a25
Make a Session record before using it
How about that.
2015-04-01 13:12:28 -05:00
Brent Cook f4977bf606
Land #5006 @jlee-r7 adds meterpreter specs 2015-04-01 11:05:47 -05:00
OJ 46dca23ffe
Land #5047: Metasploit is magic (Banner Adjustments) 2015-04-01 21:51:10 +10:00
OJ 01bdf54487 Merge branch 'upstream/master' into dynamic-transport 2015-04-01 18:53:20 +10:00
OJ 79ec2e0586 Add machine ID support to the command list 2015-04-01 14:29:04 +10:00
OJ 24171a1a08
Land #5045 : Convert stageless proxy to new format 2015-04-01 12:06:57 +10:00
OJ 1a313ad943 Fix up the proxy patching
Patching of the proxy details was failing, so this commit fixes that.
Also, added code that makes the proxy type check case-insensitive.
2015-04-01 11:48:22 +10:00