OJ
9300158c9a
Initial rework of POSIX stuff to handle new configuration
2015-05-04 18:58:55 +10:00
Brent Cook
7ff3044552
style cleanups and guard search where not implemented
2015-05-04 03:56:17 -05:00
Brent Cook
8cab350275
use the search API when downloading recursive patterns
2015-05-04 03:56:17 -05:00
Brent Cook
eefc6f78c6
avoid redownloading files that have not changed
2015-05-04 03:56:16 -05:00
Brent Cook
9672a59b05
support download globbing
2015-05-04 03:56:16 -05:00
Brent Cook
43be856b95
keep the glob going into subdirectories
2015-05-04 03:56:16 -05:00
Brent Cook
8617115483
simplify arg parsing, compute initial stat path correctly
2015-05-04 03:56:15 -05:00
Brent Cook
d934027b3b
expand glob match
2015-05-04 03:56:15 -05:00
Brent Cook
866955b6fd
added -R recursive, glob filtering and a dummy '-l' option
2015-05-04 03:56:14 -05:00
HD Moore
a577bef9c3
Rework dirty cleanup to use skip_cleanup instead
2015-05-04 03:52:55 -05:00
HD Moore
e7ba6e8a9a
Speed up dead session cleanup by skipping shutdown/cleanup
2015-05-04 03:40:48 -05:00
HD Moore
3080feb188
Track the machine_id and drop non-responsive sessions automatically
2015-05-04 03:22:29 -05:00
HD Moore
d00f6a8fdf
Rework verbose sessions listing to work around table limits
2015-05-04 02:55:31 -05:00
root
b47305ba4a
Merge branch 'sqlmap_plugin_json_parse_issue' of https://github.com/void-in/metasploit-framework into sqlmap_plugin_json_parse_issue
2015-05-04 10:01:44 +05:00
root
02db66e2f6
Rescue connection refused backtrace
2015-05-04 09:57:53 +05:00
OJ
451484cb0d
Add support for transport listing
...
Includes a verbose flag for the extra HTTP/S properties
2015-05-04 11:19:53 +10:00
William Vu
c0adf7f113
Land #5291 , HTTPS reference links
2015-05-03 14:33:20 -05:00
HD Moore
8ca66e03aa
Track and display the last checkin time for Meterpreter sessions
2015-05-03 10:52:54 -05:00
Christian Mehlmauer
55967172be
allow custom regex
2015-05-02 21:06:15 +02:00
Christian Mehlmauer
9678479abb
check version from custom file
2015-05-02 18:34:10 +02:00
Tom Sellers
480a176415
Initial commit
2015-05-02 10:11:17 -05:00
void_in
e5847f0ddc
Return only json type from lib as per wchen-7 suggestion
2015-05-02 15:11:59 +05:00
OJ
2189c6d868
Pass timeouts to clients and correctly patch timeouts
...
Timeouts are correctly passed through to the client instances from the
handlers. The cilent also passes those values through to the RDI code so
that the binaries are correctly patched.
2015-05-02 10:01:32 +10:00
Tom Sellers
c441ff81a1
Update comment in wordpress/version.rb
...
The comment 'All versions are vulnerable' makes sense on line 163 where there is no introduced or fixed version. On line 175 though there is a fixed version, just no introduced version. Adjusting comment text.
2015-05-01 17:05:31 -05:00
Brent Cook
8bd2a69112
simplify and fix rpc_get_note
2015-05-01 16:01:07 -05:00
Brent Cook
52b9fc8fca
handle unknown host when generating a new note
2015-05-01 15:47:05 -05:00
Brent Cook
8d78135321
pass down the workspace for the other opt_to_* methods
2015-05-01 15:42:04 -05:00
Brent Cook
f2504b84be
use the same logic with 'get_note' and 'del_note' for selecting notes
...
factor out the selector from 'get_note' and use it in both places
2015-05-01 15:41:25 -05:00
Brent Cook
29b97f4695
remove superfluous parens on ifs
2015-05-01 15:40:45 -05:00
jvazquez-r7
c6806b4e5f
Land #5102 , @wchen-r7's ManageEngine Desktop Central Login Utility
2015-05-01 15:20:21 -05:00
jvazquez-r7
3e7c790db8
Use constants
2015-05-01 15:15:18 -05:00
Brent Cook
c3438955d4
Land #5169 , stop reading when the HTTP socket is closed
2015-05-01 11:40:49 -05:00
darkbushido
0b608e139a
Merge branch 'upstream' into staging/rails-4.0
2015-05-01 11:26:24 -05:00
David Maloney
2bbae6b9c2
add #to_s to ntds account
...
added to_s method to the NTDS account
for easy output
MSP-12357
2015-05-01 11:24:23 -05:00
wchen-r7
81744384c2
Actually fix del_note
2015-04-30 17:02:06 -05:00
wchen-r7
11f9c010ce
Change documentation
2015-04-30 16:46:01 -05:00
David Maloney
18874fe384
fixes Issue #5272 on report_vuln
...
use includes instead of joins so that refs on
the vuln are not marked as readonly
2015-04-30 15:21:56 -05:00
wchen-r7
e79780d885
Fix #5240
2015-04-30 15:20:29 -05:00
wchen-r7
3b42265c98
Fix #5239
2015-04-30 15:20:04 -05:00
wchen-r7
440005d302
Fix #5237
2015-04-30 15:10:13 -05:00
wchen-r7
f315eb4afd
Fix #5236
2015-04-30 15:07:11 -05:00
David Maloney
acb833bd09
NTDS::Parser class built out
...
the NTDS Parser class will take a meterpreter
client and a fielpath and provide an enumerator for reading
out the user accounts as ruby objects
MSP-12357
2015-04-30 14:57:30 -05:00
wchen-r7
70ab938951
Fix #5229
2015-04-30 14:56:30 -05:00
wchen-r7
f43e4f9447
Fix #5238
2015-04-30 13:49:13 -05:00
wchen-r7
89d026c900
Fix merge conflict
2015-04-30 12:33:45 -05:00
Matt Buck
912f41292a
Drop some unused code
2015-04-30 11:25:57 -05:00
William Vu
2d2c946044
Land #5279 , fix for msfconsole -o
2015-04-30 11:23:44 -05:00
Matt Buck
3f797e4393
Reinstate some to_s coercions that were mistakenly dropped
2015-04-30 11:13:48 -05:00
James Lee
3e40433f00
Add an alias for write
...
Fixes #4971
2015-04-30 08:56:16 -05:00
OJ
8ddd7a4891
Fix session removal code, prevent missing transport param fail
2015-04-30 22:39:48 +10:00
Brent Cook
4c9f44b00c
Revert "Land #4888 , @h00die's brocade credential bruteforcer"
...
There were some issues with this module that caused backtraces when run outside
of msfconsole. Reverting it for now so we can add some specs and ensure that it
works like the other login scanners.
2015-04-29 15:36:03 -05:00
William Vu
b41aa0e617
Fix NoMethodError for rhost
...
Can't rely on it to be defined (kinda like peer).
2015-04-29 15:14:41 -05:00
David Maloney
2847bc8a6b
a little more yard
2015-04-29 14:53:08 -05:00
David Maloney
1f66840533
add YARD docs to NTDS Account
...
added yard around the attrs for the NTDS::Account
class
MSP-12357
2015-04-29 12:53:54 -05:00
Brent Cook
9386d1ca6d
remove unused mod_ranked attribute
2015-04-28 22:27:09 -05:00
Brent Cook
7b7f40baa4
remove modules that cannot be instantiated
2015-04-28 22:21:31 -05:00
Brent Cook
0caeee32fe
replace sort with sort_by
2015-04-28 21:39:37 -05:00
Matt Buck
8163c3cdda
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
plugins/nessus.rb
2015-04-28 15:33:46 -05:00
David Maloney
e220ccfda0
Merge branch 'master' into feature/MSP-12357/meterp-ntds
2015-04-28 08:25:09 -05:00
OJ
919b96e4cf
Fix up UUID handling
2015-04-28 21:59:19 +10:00
OJ
4f9c8d04a2
Add support for moving transports and uuid fetching
...
The 'next' and 'prev' commands were added so that the session can jump
transports without having to add new ones at the same time.
There's also a command which gives the UUID now so that this can be
reused across sessions.
2015-04-28 20:24:44 +10:00
OJ
f711e5dee7
Update migration support
...
Migration now uses the new meterpreter loader. Migration configuration
is loaded and created by meterpreter on the fly, and supports the
multiple transport stuff that's just been wired in.
2015-04-28 17:41:43 +10:00
OJ
fca4d852a1
Remove the passing on off listen socket values
2015-04-28 13:51:48 +10:00
OJ
d82bfb0692
Reorder params, fix up the transport termination
2015-04-28 13:03:40 +10:00
OJ
c41f4bd59f
Fix up http/s a little
...
Correctly check the URL against the non-widechar version. Get the SSL
verification stuff working again.
2015-04-28 09:44:48 +10:00
OJ
1ca5188c5e
Change the payload to use IPv6 formats if required
2015-04-28 07:44:21 +10:00
OJ
f3e547ca92
Remvoe the exitfunk from the loader
...
Meterpreter handles the exitfunk internally as part of the config now
2015-04-28 07:43:26 +10:00
HD Moore
c3f18aa899
Complete the #4989 revert
2015-04-27 16:26:34 -05:00
HD Moore
36daee08c9
Reverts #4989 , support for file: is handled in the options again
2015-04-27 16:07:43 -05:00
Brent Cook
7443af64a6
Land #5247 , add RPC API call documentation
2015-04-27 11:13:02 -05:00
Brent Cook
a0eb7d0ad3
minor RPC documentation tweaks
2015-04-27 11:11:08 -05:00
Matt Buck
6a4d63ca4f
Drop explicit IPAddr to String coercion
...
MSP-12611
2015-04-27 10:48:13 -05:00
HD Moore
1fd601510c
Lands #5194 , merges in PowerShell session support & initial payloads
2015-04-26 16:01:51 -05:00
HD Moore
1cebc9f3cb
Fallback if the regex fails for some reason
2015-04-26 15:59:36 -05:00
Ben Turner
82fe480c2e
Update session to display username and hostname
2015-04-26 21:47:49 +01:00
Ben Turner
ea0204b7e5
updates to remove powershell from core
2015-04-26 21:25:30 +01:00
benpturner
76e68fcf4c
session info
2015-04-26 20:13:18 +01:00
benpturner
1cc167a7fb
Inserted ARCH_X86 payloads, removed interactive_powershell and updated base powershell session
2015-04-26 18:50:42 +01:00
OJ
0d2f97ed2d
Add support for config in the x64 bind stager
2015-04-26 14:19:36 +10:00
OJ
6da8a14f62
Initial work on x64 payloads for new config
2015-04-26 13:41:31 +10:00
OJ
6ac3ecfa7c
Refactor, add reverse_winhttps support
...
Getting closer to a normalised view of what this stuff will look like.
There URL patching is slowly being removed. Reverse HTTPS works fine,
and by default HTTP should too.
Next up, x64 for the same main ones.
2015-04-26 12:11:14 +10:00
HD Moore
d1a836e39c
Fix logins where SYSTEM doesnt have SYSDBA privileges
2015-04-25 19:05:11 -05:00
OJ
2455163d24
Refactor configuration for meterpreter payloads (x86)
...
RDI is now back to what it was before, as this leaves all the other RDI
style payloads alone. Instead we have a new Meterpreter loader which
does the stuff that is required to make meterpreter work well with the
new configuration options.
This is just the case for reverse_tcp and bind_tcp so far, need to do
the other payloads too, along with all the x64 versions.
2015-04-26 09:57:30 +10:00
OJ
3a24923361
Force bind to hand over the listen socket
2015-04-25 22:04:58 +10:00
OJ
4ec4868bcf
Make bind hand over the listen socket as well
2015-04-25 21:37:32 +10:00
OJ
bb77a3a0e6
First pass of refactoring to support new config block
...
This is pretty basic stuff, but at least it's reusable.
2015-04-25 21:36:28 +10:00
OJ
9f1e035c53
Changed required_space check in bind payloads
2015-04-25 21:30:54 +10:00
David Maloney
6c77c4bb52
opening groundwork
...
added a priv extension method to open
a stream channel to read ntdsaccounts from
and an NTDS account class to accept the
data and parse it into a useable structure
MSP-12357
2015-04-24 15:50:12 -05:00
Brent Cook
ff96101dba
Land #5218 , fix #3816 , remove print_debug / DEBUG
2015-04-24 13:41:07 -05:00
Brent Cook
27f6adcd81
Land #5110 , teach Http::Response to extract hidden form inputs
2015-04-24 13:30:57 -05:00
wchen-r7
46361c1a19
Final round of documentation
2015-04-24 11:58:12 -05:00
root
4aed12f561
Include if condition in parse_response as per Meatballs1 suggestion
2015-04-24 15:40:35 +05:00
root
cf481e94d3
add res.body condition
2015-04-24 12:58:58 +05:00
root
68effe0bc6
Take out irrelevant files
2015-04-24 12:04:02 +05:00
root
028f5e119d
sqlmap plugin update to fix connection errors
2015-04-24 12:00:50 +05:00
wchen-r7
6ccc4af4d8
Round 9 of documentation
2015-04-24 01:08:33 -05:00
benpturner
3665c84cab
accomodate session type
2015-04-23 23:12:19 +01:00
benpturner
57914b6924
new session type
2015-04-23 23:12:02 +01:00
wchen-r7
d292cc999a
Round 8 of documentation
2015-04-23 16:15:11 -05:00
wchen-r7
86a7e36a06
Round 7 of documentation
2015-04-23 15:37:56 -05:00
wchen-r7
3c50feb3d6
Round 6 of documentation
2015-04-23 12:34:39 -05:00
wchen-r7
cbac6d1a0b
Round 5 of documentation
2015-04-23 11:54:58 -05:00
OJ
1b11322618
Remove STDERR debug statement
2015-04-23 19:36:17 +10:00
root
19beafe009
scan_export_status patch for issue 5217
2015-04-23 12:04:02 +05:00
wchen-r7
f6bd747f57
Round 4 of documentation
2015-04-22 22:15:30 -05:00
wchen-r7
6bac759a18
Round 3 of documentation
2015-04-22 17:01:31 -05:00
wchen-r7
39f206b31a
Round 2 of documentation
2015-04-22 12:10:28 -05:00
root
40107577a0
Case insensitive plugin unload
2015-04-22 11:04:46 +05:00
wchen-r7
4add4074e1
First round of RPC API documentation
...
Resolve #5209
2015-04-22 01:02:05 -05:00
jvazquez-r7
b6df023c99
Land #4989 , @hmoore-r7's change to file: handling
...
Datastore options with file: are handled at set time
2015-04-21 23:21:22 -05:00
Brent Cook
3963289519
Land #4888 , @h00die's brocade credential bruteforcer
2015-04-21 18:27:03 -05:00
Trevor Rosen
8f5d222e53
Land #5156 - module ranking properly handles nil
2015-04-21 14:40:01 -05:00
Spencer McIntyre
edbf9b766f
Land #5100 , @bcook-r7's deletekey API usage fix
...
Fixes #5099
2015-04-21 12:58:02 -04:00
jvazquez-r7
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
rwhitcroft
70f94bbd96
break loop if socket is closed
2015-04-21 11:09:17 -04:00
OJ
c8bab6ace1
Fix help for timeouts
2015-04-21 20:35:46 +10:00
OJ
f654fea9b3
Adjust transport command to work with posix
2015-04-21 20:16:57 +10:00
OJ
86957d9b07
Merge branch 'upstream/master' into connection-recovery
2015-04-21 20:01:59 +10:00
jvazquez-r7
66d23e3b5e
Delete file: validation on normalization again
2015-04-20 23:52:17 -05:00
jvazquez-r7
57df5c4f4f
Solve conflics
2015-04-20 23:38:34 -05:00
Brent Cook
8aca4539c9
Land #5152 , undefined var in WinRM_Login
2015-04-20 23:01:11 -05:00
Brent Cook
ab33fc8eba
Land #5211 , parse nmap's tunnel attribute
2015-04-20 22:53:34 -05:00
Brent Cook
ee07809fd8
Land #5190 , 64-bit meterpreter persistence script
2015-04-20 22:32:57 -05:00
William Vu
74ad81c90c
Consolidate tunnel check into name check
2015-04-20 21:18:12 -05:00
jvazquez-r7
831e65261d
Add lengths specs
2015-04-20 17:37:41 -05:00
William Vu
741149058c
Report unknown service names for consistency
2015-04-20 17:22:19 -05:00
Meatballs
381f6ffe0a
HTA Powershell template
2015-04-20 23:19:54 +01:00
William Vu
d894502148
Update legacy Nmap XML parser
2015-04-20 17:15:35 -05:00
William Vu
1a66786d1b
Fix Nmap XML parser for tunnel attribute
2015-04-20 17:04:19 -05:00
jvazquez-r7
329e28c47c
Keep the old value if value can't be loaded from file
2015-04-20 16:29:11 -05:00
William Vu
c7129e063c
Land #5069 , breaking up with old options
2015-04-20 16:23:44 -05:00
jvazquez-r7
c629d8593a
Solve my own concerning about race conditions, just in case...
2015-04-20 16:19:29 -05:00
James Lee
d67f7a21d9
Move autoloads into OptionContainer
...
This seems like a better place for them to live
2015-04-20 15:54:42 -05:00
James Lee
da0e7282d5
Replace some unnecessary eval action.
...
Metaprogramming should be reserved for when you don't know things. Here
we're making methods from literal strings, so replace the
metaprogramming with much easier to understand regular programming. Also
has the benefit that yard can parse it.
2015-04-20 15:54:41 -05:00
James Lee
b64d881914
Make OptionContainer docs a little more useful
2015-04-20 15:54:40 -05:00
James Lee
3a5af3939d
Split all the option classes into their own files
2015-04-20 15:54:40 -05:00
jvazquez-r7
1b85cd2853
Use single quotes
2015-04-20 15:53:58 -05:00
jvazquez-r7
a56dd5d1ff
Do minor style cleanup
2015-04-20 15:44:45 -05:00
William Vu
79ca0a56f9
Land #4171 , Steam protocol support
2015-04-20 15:35:06 -05:00
Christian Mehlmauer
668961b69d
fix some yarddoc issues
2015-04-20 00:06:59 +02:00
OJ
e7babc4acb
Fix persistence script to support x64 payloads
2015-04-19 12:41:51 +10:00
OJ
19f8a76475
Porting bind_tcp for posix to metasm
...
And supporting SO_REUSEADDR and stageless meterp
2015-04-18 19:19:40 +10:00
wchen-r7
37613adebb
Improve developer experience for fail_with
...
The fail_with for an exploit is used differently than a non-exploit,
so it would be nice to document about this. Also, be strict about
the reason for the exploit one, because this can affect other
components of Metasploit.
2015-04-17 15:55:22 -05:00
Brent Cook
2a327b7c91
Land #5116 , better handle platform and arch in msfvenom
2015-04-17 10:55:41 -05:00
Meatballs
b229e87940
Create VBA powershell
2015-04-17 16:52:12 +01:00
OJ
97912882ca
Adjustments for POSIX meterpreter patching
2015-04-17 19:53:05 +10:00
Brent Cook
3107d99b9a
Use the same URI that was registered when we deregister
...
The original URI is registered as '/foobar/' but is deregistered as
'//foobar/', causing it to never get deregistered. Changing this fixes
unregistration of the service handler for staged payloads, but stageless
doesn't work properly if the URI actually gets deregistered.
2015-04-17 03:20:24 -05:00
Brent Cook
18225780da
cleanup HTTP and HTTPS listeners when sessions are closed
...
Rather than listening forever after a session shuts down, close the session if
there are no other URI's registered on the listener. This allows reconfiguring
the listener without restarting framework, but should be safe for situations
where multiple modules share the same listener.
2015-04-17 02:41:24 -05:00
OJ
eb7155d533
Remove debug print
2015-04-17 16:25:42 +10:00
OJ
0a8b29dd86
Merge branch 'upstream/master' into connection-recovery
...
Conflicts:
lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb
2015-04-17 14:40:21 +10:00
OJ
e0cd4a4d44
Merge branch 'upstream/master' into multi-session-stageless
2015-04-17 12:46:20 +10:00
wchen-r7
f280e5191b
I forgot to move this require statement
2015-04-16 21:11:09 -05:00
wchen-r7
3493d25ff9
Move all this to Rex
2015-04-16 21:07:23 -05:00
William Vu
7a4494a81f
Land #5173 , moar fail_with fixes
2015-04-16 17:27:02 -05:00
Christian Mehlmauer
153344a1dd
fix Unkown typo
2015-04-16 23:59:28 +02:00
Brent Cook
9bf897a829
Land #4744 , refactor powershell for msfvenom psh-cmd
2015-04-16 15:44:57 -05:00
rwhitcroft
602e9c8df1
Update client.rb
2015-04-16 16:06:16 -04:00
Christian Mehlmauer
69d3c26746
fix documentation
2015-04-16 21:28:16 +02:00
rwhitcroft
6ef86b69a7
Fix loop spinning in HttpClient
2015-04-16 10:49:47 -04:00
Christian Mehlmauer
dc8f266345
fix readme detection bug
2015-04-16 14:57:29 +02:00
Christian Mehlmauer
9df09a1d60
readme detection
2015-04-16 14:41:30 +02:00
William Vu
2bdcc178ef
Remove extraneous addition
2015-04-16 02:30:09 -05:00
William Vu
42ff0decc7
Land #4722 , timing options for snmp_login
2015-04-16 02:25:29 -05:00
William Vu
88062a578d
Clean up PR
2015-04-16 02:25:06 -05:00
William Vu
01625e3bba
Land #5148 , DRY BSD/OS X shellcode
...
Also fix a semi-regression in the Rootpipe exploit.
2015-04-16 02:08:18 -05:00
Luke Imhoff
9aa0159342
Green rank_modules ranks unloadable as Manual
...
MSP-12557
Was calling `.class` blindly on the output of `create`, but `nil` has a
class, `NilClass`, so it didn't call `module_rank` as expected and
assigned NormaLRanking to `nil` instead of ManualRanking.
2015-04-15 16:10:51 -05:00
Matt Buck
e82fb5f836
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
lib/msf/ui/console/command_dispatcher/db.rb
metasploit-framework-db.gemspec
metasploit-framework.gemspec
2015-04-15 14:04:35 -05:00
Luke Imhoff
4de35e8832
Green Msf::ModuleSet#rank_modules with create -> nil
...
MSP-12557
Extract Msf::ModuleSet#module_rank to handle getting the module rank if
the Metasploit Module is already loaded, needs to be loaded, or can't be
loaded. If a Metasploit Module can't be loaded it is ranked as
Msf::ManualRanking. If is loaded or can be loaded and it doesn't define
Rank, it gets the Msf::NormalRanking as before. Finally, if it is
loaded or can be loaded and defines Rank, that is used as before.
2015-04-15 12:35:01 -05:00
Meatballs
926db59a8c
credential doesn't exist in this context
2015-04-15 15:48:21 +01:00
joev
5f4ab3d2ab
The setres* stubs are not implemented in OSX.
2015-04-14 23:33:16 -05:00
joev
0d19b5d4c3
Fix require order issue.
2015-04-14 23:23:02 -05:00
joev
e56590e1e3
DRY up common code between BSD / OSX.
2015-04-14 23:08:57 -05:00
Luke Imhoff
c971bc930c
Mark app/concerns as autoload
...
To work with metasploit-concern 0.4.0 prerelease not deriving
app/concerns from root and to ensure it is does not inherit eager_load
from app.
2015-04-14 15:06:59 -05:00
Luke Imhoff
4c407ce962
Merge branch 'bug/MSP-12529/missing-require-metasploit-credential' into bug/MSP-12550/app-concerns-eager-load
...
MSP-12550
2015-04-14 14:42:54 -05:00
Brent Cook
75b559eea3
Land #5081 , meterpreter certificate hash check controls
2015-04-14 10:46:13 -05:00
Brent Cook
7f56c07b64
add missing sslhash attribute
2015-04-14 10:45:44 -05:00
Tod Beardsley
97e715b1ce
Land #5139 , metasm/ruby signedness fix
2015-04-14 10:26:23 -05:00
OJ
4e49964c15
Add support for init_connect for stageless payloads
...
This new mode for HTTP/S stageless allows the stageless payload to be
reused without MSF believing that the session has already been
initialised.
2015-04-14 16:43:07 +10:00
sinn3r
61b709b8c5
Extra space in message "Local IP:"
2015-04-14 01:34:07 -05:00
William Vu
e114c85044
Land #5127 , x64 OS X prepend stubs 'n' stuff
2015-04-14 01:25:39 -05:00
William Vu
8d1126eaa5
Land #5129 , x64 BSD prepend stubs 'n' stuff
2015-04-14 01:24:50 -05:00
Brent Cook
3860bbabbb
Avoid generating labels with '..' in them with metasm
...
So, metasm generates labels for the assembler using "%x" % string.object_id. If
the pointer for string.object_id begins with the most significant digit set, it
looks like a sign-extended 2's complement number (negative), and gets formatted
by ruby as '..f1412300' or similar. On 32-bit platforms, there is rather high
chance of randomly ending up with a label like 'goto_test_uuid..f1234560:',
which is a parse error.
This patch simply takes the absolute value of the object_id to avoid negative
interpretations. This fixes hiesenbugs using metasm's C compiler on 32-bit
platforms.
2015-04-13 22:43:18 -05:00
root
51dd88114b
Fix grammer in comments
2015-04-13 13:21:41 +05:00
OJ
1c5de59d99
Add support for the set of timeout values
...
This removes the need for a separate get call behind the scenes as
meterpreter does get and set in a single call.
2015-04-13 10:42:05 +10:00
OJ
ec7fab7ef6
Add support for getting transport timeouts
2015-04-13 10:07:50 +10:00
joev
2d3614f647
Implement x64 BSD exec and exe template.
...
- Fixes bug in CachedSize due to all options being set
- Adds new payload to payload_spec.
2015-04-12 12:17:25 -05:00
joev
92c12de6db
Fix invalid datastore options.
2015-04-12 00:54:10 -05:00
joev
eaab665a6d
Remove #generate patch, specs will fail again.
2015-04-12 00:07:39 -05:00
joev
60d98ba892
Implement the remaining syscalls.
2015-04-12 00:02:29 -05:00
joev
3fe6fb44b9
Prevent this from changing cache size.
2015-04-11 23:44:56 -05:00
joev
c132a3fb0a
Fix OSX prepends and implement x64 setreuid.
2015-04-11 20:04:21 -05:00
jvazquez-r7
656abac13c
Use keyword arguments
2015-04-10 18:03:45 -05:00
jvazquez-r7
1720d4cd83
Introduce get_file_contents
2015-04-10 17:34:00 -05:00
William Vu
d5903ca5b2
Land #5126 , Meterpreter edit command fix
2015-04-10 17:19:33 -05:00
William Vu
9625504f5b
Land #5121 , timestomp arg/opt order fix
2015-04-10 17:18:14 -05:00
William Vu
8acc768da7
Copy documentation
2015-04-10 17:17:54 -05:00
jvazquez-r7
ca6a5cad17
support changing files
2015-04-10 16:53:12 -05:00
Matt Buck
9f15824e2a
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
2015-04-10 15:35:27 -05:00
rwhitcroft
64c2bf3227
don't raise exception if file download fails
2015-04-10 16:23:33 -04:00
sinn3r
284ef5bbbb
Land #5112 , Nessus REST Login Module
2015-04-10 13:32:53 -05:00
root
19fe226b30
Correct a minor typo
2015-04-10 22:37:14 +05:00
sinn3r
90d525088c
Green rspec
2015-04-10 11:36:23 -05:00
root
8c0d5d66d0
Add spec file
2015-04-10 15:32:03 +05:00
OJ
91202e2447
Port of reverse_tcp payload to metasm
2015-04-10 17:46:27 +10:00
William Vu
38037062b2
Land #5115 , vulns -R support
2015-04-10 01:51:41 -05:00
OJ
fadb13b8ef
Porting block api, exitfunk, bind to metasm
...
Also add the flag which lets the bind stager leave the listen socket
open.
2015-04-10 16:23:03 +10:00
rwhitcroft
b5f4b72b51
fix timestomp arg parsing
2015-04-10 00:28:35 -04:00
HD Moore
1d166c1ef6
Don't lookup nil platform, prevents a stack trace w/64-bit reverse_https
2015-04-09 17:18:42 -05:00
William Vu
6fbdb51246
Clean up vulns -R and a few others
2015-04-09 16:52:23 -05:00
sekritskwurl
0d6fb3dd6b
vulns command with -R --rhosts
2015-04-09 17:01:18 -04:00
sinn3r
56793d11c8
Fix #4866 , msfvenom not properly handling platform & arch
...
This fixes #4866 , an issue with msfvenom not properly handling special
cases with generic payloads. So the story behind this fix is that
we have these two problems:
Problem 1: The current payload selection design relies on the payload
module in order to set the platform and arch. Almost all MSF payloads
contain a default platform and arch, however, the bind and reverse
generic payloads don't.
Problem 2: By default, Msf::Payload::Generic also explicitly sets the
PLATFORM and ARCH datastore options to nil. So there is no way the
payload generator can figure out what platform and arch to use.
As a result of these problems, msfvenom will actually end up getting
a Msf::Module::Platform as the default platform, which doesn't
actually represent any valid platform we can use (such as
Msf::Module::Platform::Windows). And the first item of ARCH_ALL for
the arch.
In addition, msfvenom has these two arguments that the user can use:
--platform and --arch. In most cases, these arguments are used more
like checks than actually setting anything. Because remember:
Framework's payload selector retreives the platform & arch from the
module (trusted), not the user input (untrusted). But from the user's
perspective it's impossible to know this.
After experimenting different ways to fix this, I came up with this
patch. It feels sort of more like a hack than a real fix, but as
far as I can tell, this is the best you can get unless you want to
redesign generic payload selection.
2015-04-09 16:01:11 -05:00
HD Moore
ec28992ce2
Lands #5113 , fixes IPv6 support for stageless
2015-04-09 09:29:40 -05:00
Luke Imhoff
8b56286e66
Try to require 'metasploit/credential' when including Metasploit::Credential::Creation
...
MSP-12529
By convention, the top-level require of any gem should always be
required before trying to use any inner require.
2015-04-09 09:05:38 -05:00
OJ
c83a763150
Fix IPv6 issues in staged and stageless
...
* Stageless payloads weren't adding brackets around IPv6 hosts.
* Staged HTTP handler was using an undefined function to check for IPv6
addresses when host header overriding was disabled.
2015-04-09 23:33:10 +10:00
OJ
809409d8c4
Lots of changes to support moving timeouts to common spots
...
Session expiry, comms timeout, retry total/wait are all now part of all
of the meterpreter payloads as these are going to be used for
maintaining access with resiliency and will aim for consistency across
the payload types.
2015-04-09 17:57:43 +10:00
Anant Shrivastava
2b5ba7d12d
fixed a typo
...
a typo fixed in help.
command and not commannd
2015-04-09 12:11:46 +05:30
root
b6e750d7eb
Nessus auxiliary scanner for updated REST API
2015-04-09 11:36:17 +05:00
sinn3r
3fc25a00d8
Make sure we are only grabbing hidden inputs
2015-04-09 01:09:00 -05:00
sinn3r
59d89f4846
rm junk comments
2015-04-09 00:59:14 -05:00
sinn3r
717120b8c5
Add #get_hidden_inputs for Metasploit::Framework::LoginScanner::HTTP
2015-04-09 00:34:09 -05:00
Roberto Soares
1591c92547
Add the "all" option for the uictl
2015-04-09 01:04:50 -03:00
OJ
bc5fd4b813
A few adjustments to make bind_tcp keep listen sockets open
2015-04-09 08:46:35 +10:00
Brent Cook
e03f2df691
Land #5002 , RMI/JMX improvements
2015-04-08 15:23:29 -05:00
sinn3r
f51eaef765
Add rspec
2015-04-08 02:33:27 -05:00
sinn3r
5f389cf3c2
Add ManageEngine Desktop Central Login Utility
2015-04-08 02:05:56 -05:00
HD Moore
e7a4ee637a
Port windows reverse_tcp|bind_tcp to Metasm, add error handling
...
Conflicts:
lib/msf/core/payload/windows/bind_tcp.rb
modules/payloads/stagers/windows/bind_tcp.rb
Cherry-picked form @hmoore-r7's repo.
2015-04-08 16:21:10 +10:00
OJ
9ebcb27929
Merge branch 'upstream/master' into connection-recovery
2015-04-08 15:48:21 +10:00
OJ
a9804dff62
Initial work to support fault-tolerant connectivity
...
This code adjusts the bind_tcp stager for x86 so that the listener
socket isn't close for meterpreter payloads. This means that meterpreter
can make an educated guess as to whether or not the payload was a bind
or tcp payload, and from there can attempt to establish communications
in the same way as before should something break along the way.
Some simple adjustments to the x64 meterpreter stage as well, but more
to come here.
2015-04-08 14:41:32 +10:00
Brent Cook
b22ff676e2
Land #5090 : remove unused partial openssh compat code
2015-04-07 23:14:07 -05:00
Brent Cook
27fa8791f9
Land #5095 - OJ adds stageless http transports
2015-04-07 22:58:36 -05:00
OJ
9fd40870d0
Update http(s) generator functions
...
Methods now require a hash. I went with the hash because 1) that's what
we seem to use everywhere else, and 2) I couldn't get the new keyword
arguments working nicely with the block syntax (I'm clearly stupid).
2015-04-08 07:56:54 +10:00
Brent Cook
db9a3d167a
fix deletekey API usage from the meterpreter CLI
...
There is an old-looking bug where the deletekey command opens the key it tries
to delete, then deletes the same key name again. Basically, it uses the wrong
level of indirection.
2015-04-07 15:34:23 -05:00
Brent Cook
a54182a562
Land #5088 : @rwhitcroft fix premature close on connect -i
2015-04-07 14:00:16 -05:00
Brent Cook
84411be606
Land #5097 : resolve UUID namespace issues with pro
2015-04-07 13:16:28 -05:00
HD Moore
8cc48e05a8
Make Polyglot happy
2015-04-07 13:08:58 -05:00
HD Moore
9bce08b813
This change avoids namespace collisions around the Abbrev class
2015-04-07 13:06:26 -05:00
Samuel Huckins
bac3c80d7e
Land 5093, workaround for when cache is being built
2015-04-07 12:02:30 -05:00
OJ
53d5b97634
Add support for UUID generation in transport switching
...
If the session doesn't have a payload UUID we now generate one as best
we can. This code will probably go away when TCP related transports have
had the UUID stuf baked in.
2015-04-07 17:25:55 +10:00
OJ
15313243cc
Use UUID instead of old skool URIs
...
This uses HD's UUID stuff to generate a new URI for the transport.
Currently we don't have UUID support for TCP connections, but that's
coming.
Still do to: generation of a valid UUID for payloads that don't already
have one.
2015-04-07 16:00:30 +10:00
OJ
2977cbd42a
Merge branch 'upstream/master' into dynamic-transport
2015-04-07 14:30:48 +10:00
OJ
84397f5db0
Remove unused commented-out code
2015-04-07 12:47:18 +10:00
OJ
8f58e08c13
Add support for stageless reverse_http payloads
...
This includes both x64 and x86.
2015-04-07 11:01:24 +10:00
OJ
38a77c930e
Land #5072 : Support and embed payload UUIDs
2015-04-07 10:10:36 +10:00
James Lee
83cf1ad8ce
Instantiate to get name if we don't have cache yet
...
Fixes #5086
2015-04-06 18:59:38 -05:00
Christian Catalan
75343ef30c
Remove unneccesary match_set in MatchResult.create
...
MSP-12516
* Fixes UknownAttribute error for match_set in Rails 4
2015-04-06 16:36:37 -05:00
William Vu
21d0d6ceb3
Remove dead code from Net::SSH
...
Triggers uninitialized constant COMPAT_OLD_DHGEX, which was removed in
1664a4b5e8
. Somehow, this file was missed
when syncing with upstream.
2015-04-06 15:59:09 -05:00
rwhitcroft
8cbc98fc47
fix #5074 - missing thread join
2015-04-06 16:21:07 -04:00
William Vu
5f8d58f214
Use framework.db.active
2015-04-06 14:08:10 -05:00
Matt Buck
5e2d6c27c3
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
db/schema.rb
lib/msf/core/db_manager/session.rb
metasploit-framework-db.gemspec
2015-04-06 11:27:00 -05:00
HD Moore
6811aebb1c
Merge pull request #11 from OJ/hd-payload-uuids
...
Add trailing slash to stageless URI
2015-04-06 10:57:41 -05:00
HD Moore
98c95104da
Use ||= for consistency
2015-04-06 10:55:14 -05:00
James Lee
566c330b83
Add workspace to prompt format options
2015-04-06 09:19:49 -05:00
OJ
9b502b904f
Add trailing slash to stageless URI
...
Without the trailing slash, stageless payloads take a nasty turn.
2015-04-06 19:53:02 +10:00
OJ
4635bb83c3
Implement ssl verification toggling
...
Add support to meterpreter that allows for the querying and toggling of
SSL certificate verification on the fly.
In order to verify that the socket was SSL-enabled, some rejigging had
to be done of the type? method in the ssl socket class.
2015-04-06 14:40:59 +10:00
HD Moore
3c59519811
Add PayloadUUIDRaw for manual PUID specification
2015-04-05 23:25:52 -05:00
HD Moore
96f8a45b0d
Additional yardoc comments for the UUID class
2015-04-05 23:16:24 -05:00
HD Moore
8bcdddfd04
Fix yardoc comment, thanks @void-in!
2015-04-05 22:09:35 -05:00
jvazquez-r7
261ef51813
Add Rex::Java::Serialization exceptions
2015-04-05 18:43:03 -05:00
jvazquez-r7
2e52817b24
Add DecodeError
2015-04-05 18:16:19 -05:00
jvazquez-r7
85a70d401b
Introduce Rex::Proto::Rmi::DecodeError
2015-04-05 18:15:04 -05:00
jvazquez-r7
3570fc586f
Use constants for JMX serial version uids
2015-04-05 16:23:39 -05:00
jvazquez-r7
46a225cbec
Don't store Exception in a variable
2015-04-05 15:59:52 -05:00
jvazquez-r7
72c36eb23e
Use concatenation
2015-04-05 15:57:50 -05:00
Jon Cave
b1a7e77fa9
Correct domain controller server type constants
...
The should be specified in hex as BAKCTRL is 16, not 10. CTRL should
be 8. See documentation for NetServerEnum.
2015-04-05 11:12:18 +01:00
Meatballs
ebf77cd02d
Merge remote-tracking branch 'upstream/master' into msfvenom_psh_squash
...
Conflicts:
lib/msf/util/exe.rb
2015-04-05 00:24:48 +01:00
HD Moore
c9696d3f6c
Merge in stageless/transport work, deconflict
2015-04-04 11:52:26 -07:00
Brent Cook
57395deb1d
Land #5056 , @wchen-r7 explicit recog require
2015-04-03 17:06:47 -05:00
Brent Cook
5589717323
Land #5058 , @wvu-r7's default workspace saving
2015-04-03 16:53:21 -05:00
William Vu
6c2585cd79
Don't recreate saved workspace
2015-04-03 16:44:36 -05:00
Tod Beardsley
72b9647b31
Land #5057 , CVE fixups
2015-04-03 16:36:11 -05:00
Brent Cook
e5443e74ed
Merge branch 'upstream-master' into land-3950-chain-encoders
2015-04-03 15:18:06 -05:00
jvazquez-r7
e3bbb7c297
Solve conflicts
2015-04-03 14:57:49 -05:00
jvazquez-r7
75c6341dd8
Fix raise
2015-04-03 14:18:15 -05:00
jvazquez-r7
6c36a82f78
Land #5059 , @void-in's documentation clean up
2015-04-03 14:16:34 -05:00
jvazquez-r7
fe5ddc01ad
Fix return documentation
2015-04-03 14:16:06 -05:00
jvazquez-r7
b0042f1cf2
Undo java serialization and RMI fixes
2015-04-03 14:07:49 -05:00
jvazquez-r7
11d372b015
Fix YARD documentation
...
* Thanks @void-in
* See #5059
2015-04-03 14:01:31 -05:00
Fernando Arias
6455862484
Merge branch 'staging/rails-4.0' of github.com:rapid7/metasploit-framework into staging/rails-4.0
...
Conflicts:
Gemfile.lock
metasploit-framework.gemspec
2015-04-03 13:56:38 -05:00
OJ
3b3e969a1c
Land #5023 : support for IE11 in fingerprint_user_agent
2015-04-03 21:12:00 +10:00
root
0dd987d873
Updated as per jlee-r7 feedback
2015-04-03 10:17:54 +05:00
OJ
c4b7426ba8
Merge branch 'upstream/master' into dynamic-transport
2015-04-03 13:57:24 +10:00
OJ
fd043d4842
Fix up build and missing uri_checksum stuff
...
Somehow this made it into a merge when it shouldn't have. This fix moves
the URI checksum module to where it needs to be and updates all the
references where required. This will result in a class with the dynamic
transport branch, but I can fix that after.
2015-04-03 13:42:25 +10:00
OJ
fc44f5b1f4
Merge branch 'upstrea/master' into dynamic-transport
...
Small merge required with the https payload proxy changes.
2015-04-03 10:14:48 +10:00
OJ
5b5dc3ef59
Merge branch 'upstream/master' into stageless-x64
...
Merge required adjustment of the proxy datastore names that were changed.
2015-04-03 08:53:09 +10:00
David Maloney
1684bfec9e
add missing data to loginscanner results
...
the chef web ui and symantec web gateway
loginscanners do not save the target(host/port/proto) info
in the Result object. This can cause modules to break as they
expected the Result to contain that information
MSP-12499
2015-04-02 13:53:45 -05:00
OJ
d2d68d76a2
Update transport switching to a full blown command
...
Transport switching should now support all of the bits and pieces
required to do full switching with all configurable transport options
2015-04-02 23:13:59 +10:00
root
27353d62ca
Discard local changes to non relevant files
2015-04-02 16:21:43 +05:00
root
4ba761986f
Correct YARD doc comments
2015-04-02 16:14:25 +05:00
OJ
47fa97816d
Code fixes as per suggestions, fix build
...
* Use of `ERROR_FAILURE_WINDOWS` in python meterpreter.
* Moving of constants/logic to client_core instead of
command_dispatcher.
* Fix spec include.
2015-04-02 09:05:38 +10:00
William Vu
8140b0ee6c
Update Qualys importers for the new CVE format
2015-04-01 17:50:18 -05:00
William Vu
c55e200416
Add workspace saving to msfconsole's save command
2015-04-01 17:31:43 -05:00
sinn3r
e972357aeb
Fix #4471 , uninitialized constant Msf::Exploit::Remote::SMB::Recog
...
Fix #4471
Seems to be specific to Kali
2015-04-01 16:35:23 -05:00
sinn3r
e1adcfee1e
No case sensitive
2015-04-01 16:14:54 -05:00
James Lee
8c1a597a25
Make a Session record before using it
...
How about that.
2015-04-01 13:12:28 -05:00
Brent Cook
f4977bf606
Land #5006 @jlee-r7 adds meterpreter specs
2015-04-01 11:05:47 -05:00
OJ
46dca23ffe
Land #5047 : Metasploit is magic (Banner Adjustments)
2015-04-01 21:51:10 +10:00
OJ
01bdf54487
Merge branch 'upstream/master' into dynamic-transport
2015-04-01 18:53:20 +10:00
OJ
79ec2e0586
Add machine ID support to the command list
2015-04-01 14:29:04 +10:00
OJ
24171a1a08
Land #5045 : Convert stageless proxy to new format
2015-04-01 12:06:57 +10:00
OJ
1a313ad943
Fix up the proxy patching
...
Patching of the proxy details was failing, so this commit fixes that.
Also, added code that makes the proxy type check case-insensitive.
2015-04-01 11:48:22 +10:00