5cba9b0034
Land #7747 , Add LoginScanner module for BAVision IP cameras
2017-01-06 16:25:44 -06:00
2108913e77
target_host method had a name collision
...
this method appears to have been accidentaly overriding another
method causing sessions to never finish being established
2017-01-06 12:44:37 -06:00
9dc4ee57b6
minor fixes to linux example module
...
fixed a copy paste error in the linux_autotarget
test exploit and added actual linux targets to it
2017-01-03 14:38:52 -06:00
5fd531028c
ome minor guards and spec fixes
...
some minor conditional guards and spec fixes
2017-01-03 14:38:51 -06:00
a61b92aa3e
tweak target selection
...
the target selection actually adjust the datastore
as if a user selected the target, this prevents
a mismatch between the target and the target index
MS-2325
2017-01-03 14:38:51 -06:00
3d2957dff1
tying it all together
...
insert our autotarget routine into
the main target selection process
MS-2325
2017-01-03 14:38:50 -06:00
44830dfc54
prefer authour's target over ours
...
if the module authour added an automatic target
we skip our routine, to let the module's own automatic targeting
take over as it likely be better
MS-2325
2017-01-03 14:38:50 -06:00
1afc57da40
determine most precise filter
...
drop back to our most precise level of filtering
MS-2325
2017-01-03 14:38:50 -06:00
201b65e43d
remaining os filtering
...
now can filter by os name and service pack
need to do final logic to turn that into an actual
target selection
MS-2325
2017-01-03 14:38:50 -06:00
05ac2ee6ed
convert first stage to os_family
...
added the new os-family column to Host
so now we use that as our first stage filter
for targets
MS-2325
2017-01-03 14:38:49 -06:00
95d5c7a778
filtering by os_name
...
targets now filtered by OS name, but a little
more processing may be needed on this part because
it looks like what you'd expect in os_flavor gets jammed
into name instead
MS-2325
2017-01-03 14:38:49 -06:00
f107408389
target_host specs
...
add specs for finding the 'target host' ie.
the mdm::Host object related to the RHOST value
to see what we know about our target
MS-2325
2017-01-03 14:38:49 -06:00
4060e63b89
add tests for auto target addition
...
tests to make sure we add auto targets only
in the appropriate conditions
MS-2325
2017-01-03 14:38:49 -06:00
84d5e42e4f
start gearing up for testing
...
start getting auto-targeting test framework in place
so we can have unit tests for this behaviour
MS-2325
2017-01-03 14:38:45 -06:00
144f886e8b
Add LoginScanner module for BAVision IP cameras
2016-12-23 16:22:17 -06:00
9e75866188
Land #7738 , Add sort by column to services and hosts commands
2016-12-22 01:10:45 -06:00
a8f36c2a2c
Update spec
2016-12-20 23:32:28 -06:00
fa016de78a
Land #7634 , Implement universal HTTP/S handlers for Meterpreter payloads
2016-12-13 18:13:22 -06:00
4ad42784d3
Update spec
2016-12-12 14:24:24 -06:00
ccba73b324
Add stageless mettle for Linux/zarch
2016-12-09 18:30:52 -06:00
24cf756f5b
Add stageless mettle for Linux/x86
2016-12-09 18:29:34 -06:00
62a9a31222
Add stageless mettle for Linux/x64
2016-12-09 18:28:29 -06:00
7d36d41b20
Add stageless mettle for Linux/ppc64le
2016-12-09 18:27:22 -06:00
ee7d5fc0c9
Add stageless mettle for Linux/ppc
2016-12-09 18:25:57 -06:00
4570a7198c
Add stageless mettle for Linux/mipsle
2016-12-09 18:24:12 -06:00
25b069f6b4
Add stageless mettle for Linux/mipsbe
2016-12-09 18:23:03 -06:00
7aec68c1fe
Add stageless mettle for Linux/mips64
2016-12-09 18:21:52 -06:00
7a654ca76c
Add stageless mettle for Linux/armle
2016-12-09 18:19:58 -06:00
b74482aa6e
Add stageless mettle for Linux/armbe
2016-12-09 18:18:22 -06:00
12b296ab1a
Add stageless mettle for Linux/aarch64
2016-12-09 18:05:34 -06:00
dd2fb2dbbe
Update rspec
2016-12-09 10:33:34 -06:00
d8d4479d55
Update rspecs
2016-12-08 16:39:45 -06:00
ef4dd80e2b
Update rspecs
2016-12-08 16:34:19 -06:00
4614b7023d
Land #7604 , @godinezj's post module for creating AWS IAM accounts
2016-12-08 14:26:22 -08:00
ce5c1f07c3
Fix rspecs
2016-12-08 16:11:06 -06:00
33add4c11f
Updated spec to match latest changes
2016-12-07 11:32:08 -08:00
2839b198ba
Update payload spec to include multi payloads
2016-12-06 11:22:12 +10:00
ffee0ff1b6
Fix payload cache size issue, fix shell/bind payloads
2016-12-06 11:12:02 +10:00
d85f9880ff
fix command dispatcher specs
2016-12-05 11:16:15 -06:00
53a66585cf
Removed dubious unit test
2016-11-28 10:07:18 -08:00
83e0a21a52
Added unit tests
2016-11-24 21:04:17 -08:00
f313389be4
Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch
2016-11-20 19:08:56 -06:00
1deacad2be
Add a print_bad alias for print_error
...
Came up on Twitter, where Justin may have been trolling a little:
https://twitter.com/jstnkndy/status/798671298302017536
We have a `print_good` method, but not a `print_bad`, which seems a
little weird for Ruby -- opposite methods should be intuitive as Justin
is implying.
Anyway, I went with alias_method, thanks to the compelling argument at
https://github.com/bbatsov/ruby-style-guide#alias-method
...since Metasploit is all about the singleton, and didn't want to risk
some unexpected scoping thing.
Also dang, we define the `print_` methods like fifty billion times!
Really should fix that some day.
2016-11-15 19:20:42 -06:00
d751c43f52
FINALLY fix the last of the tests
...
Sorry for the stupidity.
2016-11-05 06:20:43 +10:00
3bc6808278
Really fix the session test this time
2016-11-05 06:07:44 +10:00
5f5684841b
Fix the DB/Session test
2016-11-05 05:59:31 +10:00
abe46024de
Fix tests after arch refactor
2016-11-05 05:15:57 +10:00
e4edbb16fe
Fix encoded_payload_spec
2016-10-29 15:29:23 +10:00
12508f7140
Fix DRDoS mixin to handle empty responses
2016-10-24 14:21:28 -07:00
6b77f509ba
fixes bad file refs for cmdstagers
...
when moving to the rex-exploitation gem some of the
file references were missed, partially due to silly differences
between how each file was referenced
Fixes #7466
2016-10-21 12:31:18 -05:00
7894d5b2c1
Revert "Revert "use the new rex-exploitation gem""
...
This reverts commit f3166070ba
2016-10-11 17:40:43 -05:00
fabb296b15
update cache and add payload test
2016-09-29 21:19:55 -05:00
de9434870c
Land #7375 , mock some rex tests for DNS lookups
...
Fixes #6467 , as far as @lsato-r7 and I can tell.
2016-09-29 16:37:38 -05:00
075401d702
Update dynamic_size for andterp spec
2016-09-28 16:58:34 -05:00
ca683576d0
Mock rex-socket getaddress call for loginscanner
...
Since we're using the rex-socket gem, we don't need to
test the getaddress call for each one of the login scanner specs
2016-09-28 11:32:06 -05:00
de1e0aae99
add missing payload tests
2016-09-27 11:05:19 +08:00
1b31e0a63e
remove osvdb links
2016-09-20 14:27:59 -05:00
7e10b5c482
use new rex-encoder gem
...
remove all the encoidng lbiraries and use the new gem
rex-encoder that contains them now.
MS-1708
2016-09-14 12:07:26 -05:00
245237d650
Land #7288 , Add LoginScannerfor Octopus Deploy server
2016-09-13 17:26:56 -05:00
4495b27e67
Land #7254 , Rex::SSLScan Gemification
2016-09-08 13:20:56 -05:00
7857c58655
remove all the left voer cruft
...
remove all the files that got xfered out to the gems
MS-1715
2016-09-07 11:38:28 -05:00
dcf0d74428
Adding module to scan for Octopus Deploy server
...
This module tries to log into one or more Octopus Deploy servers.
More information about Octopus Deploy:
https://octopus.com
2016-09-06 20:52:49 -05:00
9d5a276e91
Fix recent metasploit-framework.gemspec conflict.
2016-09-06 13:10:28 -05:00
e36cfa54b1
Use rex-mime gem
...
MS-1710
2016-09-01 11:38:07 -05:00
029a28c95b
use the new rex-sslscan gem
...
remove old integerated code and replace it
with the gem. done.
MS-1693
2016-08-30 10:43:47 -05:00
b1009ab8dc
remove all the left voer cruft
...
remove all the files that got xfered out to the gems
MS-1715
2016-08-26 14:31:27 -05:00
d2a6c2e9ca
move rex bintools into new gem
...
move all the *scan *parsey code out into
the new rex-bin_tools gem
MS-1691
2016-08-15 14:01:43 -05:00
5a1cd24350
finishing converting the last of this to credentials
2016-07-29 09:58:17 -05:00
0972005b24
updating 'ppp.*username secret'
2016-07-29 09:58:17 -05:00
1d33c9aa88
updating specs upto 'username secret'
2016-07-29 09:58:17 -05:00
73b362cade
updating more spec
2016-07-29 09:58:16 -05:00
d807a83bb1
fixing some more specs
2016-07-29 09:58:16 -05:00
b66621af0d
adding in a blank service_name
...
fixing myworkspace
2016-07-29 09:58:16 -05:00
219f9d5d57
updating parts of cisco to use creds
2016-07-29 09:58:15 -05:00
40240662db
converting enable password to create_credentials
2016-07-29 09:58:15 -05:00
9fa1c597b1
specing out the cisco mixin
2016-07-29 09:55:08 -05:00
1b6bd927d0
Rex::OLE is now rex-ole gem, fixes MS-1712
2016-07-25 14:05:48 -05:00
471cc277ba
Remove rex-arch specs
...
MS-1703
2016-07-20 17:01:18 -05:00
ff63e6e05a
Land #7018 , unvendor net-ssh
2016-07-19 17:06:35 -05:00
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e02167b1d9596c7
2016-07-15 12:00:31 -05:00
1ea425aff1
update ssh login_scanner spec
...
the spec needs to be updated for the non_interactive flag
2016-07-14 15:30:20 -05:00
01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-14 09:48:28 -05:00
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
1c8556d8e0
add mettle payload tests
2016-07-06 15:53:20 -05:00
5f9f3259f8
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-05 10:48:38 -05:00
cfc368ab65
Land #6959 , Add Linux ARM big endian ipv4 bind shellcode
2016-07-05 00:41:00 -05:00
ee2d1d4fdc
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-06-28 15:00:35 -05:00
c2f3d411c3
Replace rex/java with rex-java gem
2016-06-27 14:52:49 -05:00
6072697126
continued
2016-06-22 14:54:00 -05:00
69e2d05a5d
rip out old rex code and replace with gems
...
rex-text, rex-random_identifier, rex-powershell, rex-zip, and rex-registry
are now being pulled in as gems instead of part of the spgehtti code that is lib/rex
2016-06-21 13:56:36 -05:00
cd84b42e50
linux arm big endian ipv4 bind module added
2016-06-10 00:19:43 +02:00
da532ecc5e
Land #6919 , Move LURI into a full URI for a new 'Payload opts" column in jobs output
2016-06-03 13:57:47 -05:00
c99505923f
disable SSL tests that no longer work on Travis
2016-06-01 16:33:34 -05:00
f7382f5b3b
Make `jobs` display a full uri
...
Addresses the problem of LURI taking the place of URIPATH, which has
different semantics.
See #4623
2016-05-27 11:15:12 -05:00
a3d2cba698
Land #6906 , Improve msfvenom error handling and spec coverage
2016-05-26 07:58:37 -05:00
c2cf992560
added spec for #6915
2016-05-26 07:57:17 -05:00
a298129463
adding specs and expanding options
...
Tests shouldnt be DRY, they need to be easy to understand.
2016-05-25 13:17:47 -05:00
5921ac7b47
Add a spec and fix ReverseHttp#luri
2016-05-24 17:22:14 -05:00
3dfdf1d936
Land #6528 , tilde expansion and more for OptPath
2016-05-24 16:01:59 -05:00
d709229f52
fix spec warnings
2016-05-24 07:51:36 -05:00
8bccfef571
Fix merge conflict
2016-05-16 17:29:45 -07:00
19af279ce9
Merge branch 'master' into staging/rails-upgrade
2016-05-05 10:46:12 -05:00
f096c3bb99
Land #6821 Fix send_request_cgi! redirection
2016-05-05 09:09:30 -05:00
55b38ad089
Land #6398 , content length header
...
lands wei's content length header pr
2016-05-04 11:53:46 -05:00
fb5b228984
Merge branch 'master' into staging/rails-upgrade
2016-05-02 11:33:35 -05:00
050061762b
Fix db_manager rspec tests
...
MS-255
2016-04-28 13:17:02 -05:00
d4b89edf9c
Fix #6398 , Missing Content-Length header in HTTP POST
...
RFC-7230 states that a Content-Length header is normally sent in
a POST request even when the value (length) is 0, indicating an
empty payload body. Rex HTTP client failed to follow this spec,
and caused some modules to fail (such as winrm_login).
Fix #6398
2016-04-28 11:44:10 -05:00
e7f0163c2e
Apparently super doesn't work the same here in 2.3
...
But it doesn't matter, the value just needs to be before the current
time, so replace it with a simpler solution.
2016-04-26 10:35:41 -05:00
47d52a250e
Fix #6806 and #6820 - Fix send_request_cgi! redirection
...
This patch fixes two problems:
1. 6820 - If the HTTP server returns a relative path
(example: /test), there is no host to extract, therefore the HOST
header in the HTTP request ends up being empty. When the web
server sees this, it might return an HTTP 400 Bad Request, and
the redirection fails.
2. 6806 - If the HTTP server returns a relative path that begins
with a dot, send_request_cgi! will literally send that in the
GET request. Since that isn't a valid GET request path format,
the redirection fails.
Fix #6806
Fix #6820
2016-04-25 14:30:46 -05:00
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
7ff5a5fd7e
switch mainframe payloads to fixed size
2016-04-23 11:40:05 -04:00
e75ce8b248
update test to hook exist? rather than exists?
2016-04-21 06:56:48 -04:00
e70d967b4e
Land #6763 , Add rspec for lib/metasploit/framework/login_scanner/redis
2016-04-18 10:05:24 -07:00
3a623862e3
Merge branch 'master' into staging/rails-upgrade
2016-04-15 10:55:43 -05:00
d3e5dffe26
whitespace
2016-04-13 22:20:42 -05:00
6ce7055130
Land #6737 , Added reverse shell JCL payload for z/OS
2016-04-13 22:19:15 -05:00
09873f2f9c
Land #6717 , Add new cmd mainframe payload (generic_jcl) for z/OS
2016-04-13 22:10:23 -05:00
6c5886afba
Resolve #6736 , Add rspec for login_scanner/redis lib
...
Resolve #6736
2016-04-08 11:41:08 -05:00
8f3f2f74b4
Move shared example from pro into framework
...
MS-1361
2016-04-07 13:09:52 -05:00
f5415c8058
Move pro concern logic into framework
...
MS-1361
2016-04-07 10:59:40 -05:00
22d08fdf39
Revert #6748 , premature Gemfile* changes
2016-04-06 14:52:22 -05:00
8de58e4b80
Merge branch 'master' into staging/rails-upgrade
2016-04-04 09:30:01 -05:00
f7dd326b16
Land #6455 , Fix dns labels/names size limits for lib/net/dns/names/names
2016-04-01 21:57:09 -05:00
6a4d7e3b58
Revshell cmd JCL payload for z/OS
...
Added a JCL-based reverse shell. Uses the same source code as the
shellcode version does. Source code is in
external/source/shellcode/mainframe/shell_reverse_tcp.s
2016-03-31 20:42:42 -05:00
46d4b533f3
Add rspec for lib/net/dns/names/names.rb
2016-03-31 11:29:30 -05:00
bc48ebd43b
Use patch_finder for msu_finder
2016-03-29 23:21:01 -05:00
1bcd3fac25
Land #6724 , Import workspace IP validation from Mdm
...
MS-902
2016-03-29 18:31:47 -05:00
3b0170e87d
Import workspace IP validation from Mdm
...
This allows us to actually test the validations, since the code calls
out to Rex::Socket::RangeWalker.
MS-902
2016-03-29 17:56:22 -05:00
a6518b5273
Add generic JCL cmd payload for z/OS (mainframe)
...
This payload does nothing but return successfully. It can be used to
test exploits and as a basis for other JCL cmd payloads.
2016-03-28 21:01:39 -05:00
c4735bd72a
Fix rspec pull_request_finder_spec.rb
2016-03-24 20:56:46 -05:00
57984706b8
Resolve merge conflict with Gemfile
2016-03-24 18:13:31 -05:00
1375600780
Land #6644 , datastore validation on assignment
2016-03-17 11:16:12 -05:00
32fe9ae55d
Remove dead version check in db_manager.rb
...
The check appears to have been orphaned in the db_manager refactor, but
I can't track down the exact commit.
2016-03-16 15:24:55 -05:00
903807d039
update spec for pre-check
2016-03-15 14:21:01 -05:00
dabe5c8465
Land #6655 , use MetasploitModule as module class name
2016-03-13 13:48:31 -05:00
88697a5d3f
Merge branch 'master' into staging/rails-upgrade
2016-03-08 15:22:04 -06:00
860159fa00
Update rspec
2016-03-08 11:37:25 -06:00
58b8c35146
Escape HTML for KB and update rspec
2016-03-08 10:10:10 -06:00
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
659af68b16
Land #6388 , update msftidy check for new preferred Metasploit module base class
2016-03-06 17:12:20 -06:00
cc436fe438
update to new preferred base class for modules
2016-03-06 17:11:51 -06:00
a2c3b05416
Land #6405 , prefer default module base class of simply 'Metasploit'
2016-03-06 17:10:55 -06:00
e1db3ef369
Land #6388 , Update msftidy to error when module super class is incorrect
2016-03-06 16:53:11 -06:00
0fc4ebf4ab
Land #6618 , Improve Content-Length behavior in Rex HTTP
2016-03-06 16:38:44 -06:00
8faae94338
Land #6592 , make linux/x86/shell_reverse_tcp's shell path configurable and remove shell_reverse_tcp2
2016-03-06 15:33:53 -06:00
c2f7360a9a
replace deprecated 'ignore' with 'transient'
2016-02-29 14:57:09 -06:00
bff4b4d5fc
Fix #6609 and #6587 - Change Content-Length behavior in Rex HTTP
...
This patches changes two things:
1. If a module has a custom Content-Length, it will respect that
instead of forcing its own.
2. If a request does not have anything in the body, the
Content-Length header will not be set.
Fix #6609
Fix #6587
2016-02-29 10:50:21 -06:00
814d53aee0
Add rspec for Msf::Util::DocumentGenerator::PullrequestFinder
2016-02-24 15:13:04 -06:00
753e0f7693
Add rspec for Msf::Util::DocumentGenerator::DocumentNormalizer
2016-02-23 15:34:34 -06:00
39f1113bca
Remove unused spec.
2016-02-18 22:20:13 -06:00
dmohanty-r7
David Maloney
wchen-r7
Brent Cook
William Vu
Adam Cammack
Jon Hart
Javier Godinez
OJ
Tod Beardsley
Louis Sato
Tim
Pearce Barry
james-otten
darkbushido
James Lee
earthquake
thao doan
Fernando Arias
Bigendian Smalls
Christian Mehlmauer
Gregory Mikeska
joev