Commit Graph

10818 Commits (85769808ccb75f5f4724fb2e31a74dad2c1ef537)

Author SHA1 Message Date
Christian Catalan 046003acb4
Increase REXML expansion text limit
MSP-9532

* Increase to reasonable size to handle larger xml file expansion on import
* Prevents the 'RuntimeError entity expansion has grown too large' error that prevents import
2015-05-19 12:47:19 -05:00
Tim 3b8effc589
fix ext_server_android.jar error 2015-05-19 17:26:50 +01:00
William Vu c1b8cee315
Land #5369, @dmaloney-r7's snmp_login fixes 2015-05-19 10:39:03 -05:00
Tim e7c8a3b56c add support for SessionRetryTotal and SessionRetryWait on Android 2015-05-19 16:16:04 +01:00
Samuel Huckins c0b0a95d95 Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2015-05-19 08:39:10 -05:00
OJ 9fddc21cf3 Shaved another sneaky byte off the payload 2015-05-19 21:21:07 +10:00
OJ 6e96e6d118 Shellcode golf to make the payload smaller
Tried to implement some more of the stuff that egypt suggested, managed
to get some in, but not others. Ultimately, its smaller than it was, and
I'm sure there are ways to make it better as well.
2015-05-19 21:17:42 +10:00
OJ 62720ab357 Fix the wininet stager for http/s
For some reason this was only working on Windows7/2008, yet when tired
on Windows 2012 it was resulting in crashes. It was also stopping
working in exploits such as psexec_psh.

Went back to the beginning and started again. With this in place, we can
now do a bit of shellcode golf to make it a bit smaller.

Adjusted payload sizes as well.
2015-05-19 20:03:22 +10:00
HD Moore 9d7e54f360 Add the UUID subdirectory, including initial DB class 2015-05-18 23:41:22 -05:00
HD Moore c7932855f2 Move UUIDOptions to UUID::Options 2015-05-18 23:35:18 -05:00
HD Moore 448736989d Merge branch 'master' into feature/msfvenom-smallest 2015-05-18 18:41:44 -05:00
Brent Cook 84060bbaeb
Land #5370, support specifying maximum encoder space with msfvenom 2015-05-18 16:43:12 -05:00
HD Moore 9dd82d94ae Exclude Manual ranked encoders from automatic selection, these can still be specified with -e 2015-05-18 15:47:15 -05:00
HD Moore 71eab7a236 Implements msfvenom --smallest, still some blockers 2015-05-18 15:24:59 -05:00
Brent Cook 657746c97f
Land #5364, fix endian in meterpreter config block 2015-05-18 15:23:42 -05:00
HD Moore a82168d7bb Fixes #5361 by adding --encoder-space to msfvenom 2015-05-18 14:27:52 -05:00
jvazquez-r7 ea8e62f0fb
Add #file_dropper_file_exist? 2015-05-18 14:13:12 -05:00
Samuel Huckins e2c6742c1b Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2015-05-18 13:44:01 -05:00
David Maloney 7376d4d94e
account for public only credentials in #to_s
SNMP in particular will only have a public, so we need
to account for this so we don't output poorly formed text
with a trailing ':' char

5266
2015-05-18 13:42:15 -05:00
David Maloney c69b6b2b8b
only issue db warning once
cache the fact that we have issued the db warning
so we do not issue it for every credential attempt
on the module run.

5266
2015-05-18 13:41:18 -05:00
jvazquez-r7 129ed7fb7a
Add yard documentation 2015-05-18 10:27:04 -05:00
OJ e7f80042d4 Finalise work on the bind_ipv6_tcp stager for UUID support 2015-05-18 21:19:04 +10:00
OJ 593f6e5fc4 Fix issue with bind UUID 2015-05-18 20:25:15 +10:00
OJ 9296a024e2 PHP meterpreter refactoring in prep for uuid work 2015-05-18 17:40:48 +10:00
OJ 27cdc588c8
Merge module include fix from stager update 2015-05-18 15:00:05 +10:00
OJ 677acb22a4 Fix up module include in x64 winhttp 2015-05-18 14:59:49 +10:00
OJ 4488a5e634 Add uuid support to python, and rework stages/stagers 2015-05-18 14:33:35 +10:00
OJ 0d56b3ee66 Stage UUIDs, generation options, php and python meterp uuid 2015-05-18 13:29:46 +10:00
OJ bf2b113abb
Merge branch 'upstream/master' into update-x64-stagers 2015-05-18 13:28:36 +10:00
OJ 8bd41a3834
Land #5354 - transport config fallback in stager 2015-05-18 10:16:44 +10:00
OJ 8b2e5c88d9 Adjust transport config fallback to include https 2015-05-18 10:16:09 +10:00
OJ dbe4f3f1c8 Adjust single pack statement, fix up some quotes
* Moved over to using single quotes for strings that don't need
escaping or interpolation.
* Changed one pack spec to be "more correct". Thankfully, we were only
packing 0 so the endianness isn't a problem, however it should be
correct, hence the fix.
2015-05-18 09:29:48 +10:00
OJ 178ba50b98
Merge branch 'upstream/master' into rage-stager-transport 2015-05-17 20:09:50 +10:00
OJ d725554a87 Fix UUID code so that it always deals with 16 bytes
Also re-add the payload ID to session validation now that the UUID stuff
is reliable.
2015-05-17 17:49:21 +10:00
OJ 37e4d71a6a Remove check for UUID in the valid session check
This is causing sessions to fail because meterpreter isn't doing the
right thing. I have another fix in the works which will properly solve
this, but in the short term the best way of solving the problem is to
remove this line.
2015-05-17 17:13:54 +10:00
RageLtMan 11e715ae46 Configure transport from stager mixin
Transport configuration for basic session types can be performed
by the stager mixin.

Add a default transport_config method to Msf::Payload::Stager by
mixing in Msf::Payload::TransportConfig and attempting to guess
the default tranport and direction types from the currently loaded
module's (MSF module) refname.

Users with custom payloads will no longer need to update them with
transport_config methods unless they use a non standard transport,
direction, or other innovation which affects the default approach.

Testing:
  Tested with payloads lacking transport_config methods or access
to the TransportConfig module (Ruby) namespace. This also resolves
problems with the RC4 payloads in upstream as they can't currently
generate stagers for meterpreter.
2015-05-17 03:03:17 -04:00
Brent Cook b1507f6d2a
Land #5339, support for 'sleep' with meterpreter sessions 2015-05-15 18:14:37 -05:00
Brent Cook fb3a2079f2 Merge branch 'master' into land-5339-sleep 2015-05-15 18:00:52 -05:00
David Maloney 7d44d6d67a
client side for new sysinfo fields
added Domain and Logged On Users fields to
the meterpreter sysinfo command

MSP-12715
2015-05-15 15:09:33 -05:00
Brent Cook 5cf6d28c34
Land #5426, use RAW for TLV hash binary data 2015-05-15 11:54:45 -05:00
Brent Cook 93ba08738c add backward compatibility for hash responses 2015-05-15 11:53:12 -05:00
jvazquez-r7 3c92d5365e
Lnad #5334, @wchen-r7's deletes unnecessary check on mysql_drop_and_create_sys_exec 2015-05-15 11:51:21 -05:00
wchen-r7 25099dd877
Land #5212, HTA Powershell template 2015-05-15 11:49:07 -05:00
wchen-r7 3bc3614be6 Do a check for powershell.exe before running it. 2015-05-15 11:48:21 -05:00
jvazquez-r7 4c1558b398
Land #5331, @wchen-r7's fixes #5330 by using print_warning 2015-05-15 11:42:57 -05:00
jvazquez-r7 b7b00666fa
Use parenthesis 2015-05-15 11:41:14 -05:00
jvazquez-r7 d05cae5faf
Land #5329, @wchen-r7's add configurable options to jenkins_login 2015-05-15 11:38:21 -05:00
Brent Cook c614f6059d Merge branch 'master' into land-5326- 2015-05-15 11:29:54 -05:00
David Maloney ac04b8d1e7
a little bit of cleanup
constantise some of the magic numbers in
the NTDS Account class

MSP-12358
2015-05-15 10:47:31 -05:00
Brent Cook 1653acd527
Land #5344, print payload size from msfvenom 2015-05-15 09:49:05 -05:00
Samuel Huckins 3d905418f4 Merge branch 'master' of github.com:rapid7/metasploit-framework 2015-05-15 00:20:59 -05:00
OJ 7b2aee2a60
Merge branch 'upstream/master' into update-x64-stagers 2015-05-15 12:27:40 +10:00
OJ 1ff6d6298e Remove stray comma causing help to be incorrect 2015-05-15 09:23:55 +10:00
OJ 7c013c0486
Merge branch 'upstream/master' into add-transport-sleep 2015-05-15 08:00:04 +10:00
David Maloney 92799266c6
fix typo
you happy now?
2015-05-14 15:06:01 -05:00
David Maloney 724b7c6f16
save the ntlm hases as creds
the last step is now complete. the current and historical
hashes are all saved to the database for cracking and/or
replay

MSP-12358
2015-05-14 13:52:11 -05:00
David Maloney 452fc6b149
Merge branch 'feature/MSP-12357/meterp-ntds' into feature/MSP-12358/ntds-dump-module 2015-05-14 10:31:28 -05:00
David Maloney 6e813f6abd
Merge branch 'master' into feature/MSP-12357/meterp-ntds 2015-05-14 10:30:48 -05:00
Samuel Huckins a5c5360afd Merge branch 'master' of github.com:rapid7/metasploit-framework 2015-05-14 08:45:53 -05:00
OJ 83fbd41970 Merge branch 'upstream/master' into multi-transport-support
Conflicts:
	Gemfile.lock
	modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb
2015-05-14 14:50:25 +10:00
HD Moore 5f3947312d
Lands #5327, SSL support + refactor for PowerShell 2015-05-13 23:25:15 -05:00
wchen-r7 2e61973411 Resolve #5343, Print payload size
Resolve #5343. Prints payload size
2015-05-13 16:33:22 -05:00
David Maloney 9308da7956
2003 code path working
using VSS directly on server 2003 and repairing
the database with esentutl is now working

MSP-12358
2015-05-13 12:25:44 -05:00
benpturner 1f294eac0b Updated to remove dup code 2015-05-13 17:26:21 +01:00
Samuel Huckins 9fafb645dd
Updating Rails version comment 2015-05-13 09:37:32 -05:00
OJ 60d331fe0c Add support for a "sleep" command
This makes meterpeter shut down it's comms and sleep for a while before
it attempts to open communications again. This is effectively the same
as doing a transport change back to the same transport, but with
a timeout.
2015-05-13 10:13:08 +10:00
Brent Cook 9549d572cc
Land #5280, update to Ruby on Rails 4.0
This upgrades a number of other gems as a side-effect.
2015-05-12 16:48:49 -05:00
HD Moore b1b8f86aae
Lands #5270, improvements to Msf::ModuleSet 2015-05-12 11:01:23 -05:00
OJ 06dfdbcc2c Merge updated transport changes
Discard changes that were made for reverse_https transport in x64 as
they no longer apply here.
2015-05-12 10:26:39 +10:00
OJ 836feaa2d8 Fix uuid setting, fix reverse_https x64 payload
The payload changes in this PR will be fixed up/removed in the
update-x64-stagers PR.
2015-05-12 10:24:11 +10:00
OJ 5f735c917c Add condition before overwriting payload_uuid 2015-05-12 09:56:55 +10:00
jvazquez-r7 0fb21af247
Verify deletion at on_new_session moment 2015-05-11 18:56:18 -05:00
OJ 51e6c13bc4 Adjust transport configuration include for x64/reverse_http
Not sure how I missed this, but I did!
2015-05-12 09:54:08 +10:00
OJ 489afd5aa1 Remove redundant check for ascii_str setting 2015-05-12 09:50:58 +10:00
OJ 849f904711 Finalise style changes as per suggestions in PR 2015-05-12 09:48:50 +10:00
OJ 474461d2a4 Merge format and structure changes from multi transport 2015-05-12 09:46:02 +10:00
OJ 69d2b8ffb1 Various code format, style changes, file moves
As per Egypt's suggestions.
2015-05-12 09:43:41 +10:00
OJ 42f94e70c7 Add `nil` default to exit_types, transport param order swap
This allows for checking against exit types to be super easy instead of
having to have extra checks in place. Also changed the order of scope_id
and uri in the transport URI generation. The net effect of this is NOP
because these things only appear separately.
2015-05-12 09:05:58 +10:00
OJ 5dfab1f426 Fix exitfunk module for x64
The exitfunk module was using asm keywords that are considered invalid
by metasm. This commit removes these keywords and also adjusts one of
the label names to reduce the chance of a collision with other files.
2015-05-12 08:44:03 +10:00
jvazquez-r7 b1dd2a63fc
On new session, check if file has been REALLY deleted 2015-05-11 17:14:42 -05:00
jvazquez-r7 ecb23d09cc
Do initial fix 2015-05-11 15:02:46 -05:00
wchen-r7 12038ed3e1 Fix #5244, Remove unnecessary check for mysql_drop_and_create_sys_exec
Fix #5244, MySQL is always return OK so it doesn't seem to be so
important to check res for DROP FUNCTION IF EXISTS sys_exe
2015-05-11 14:17:51 -05:00
David Maloney f3effe5fbb
some minor cleanup
cleanup based on feedback from Kronicdeth

MSP-12357
2015-05-11 11:17:58 -05:00
wchen-r7 730135705d Resolve #5330, change print_error to print_warning for report_auth_info
Resolve #5330 for more consistent deprecation style.
2015-05-11 11:01:45 -05:00
wchen-r7 1cc44cfc31 An alternative for normalize_uri
normalize_uri doesn't seem to work very well in our case, so
we do our own thing here.
2015-05-11 10:42:26 -05:00
wchen-r7 10982f0a1a Login url should normalize too 2015-05-11 10:18:09 -05:00
wchen-r7 d8cc2c19d3 Fix #5315, User configurable options for jenkins_login
Fix #5315. This patch allows the user to configure the HTTP method
for the login, as well as the URL.
2015-05-11 10:15:49 -05:00
OJ e99d885b6b Final work on reverse_winhttps 2015-05-11 22:21:22 +10:00
OJ 68eadd9f51 More work on reverse_winhttps 2015-05-11 21:38:26 +10:00
OJ e69e6c4a73 Implement winhttp for x64
Still has some quirks to fix up, but we're getting there. Everything
seems to work except for reverse_winhttps. I can't see why at this
point.
2015-05-11 17:27:47 +10:00
OJ 800ab11abd Payload size adjustment, typo fix
Woot, this somehow reduces the payload sizes by 2 bytes... woot.. or
something.
2015-05-11 17:24:32 +10:00
OJ cbf06fcb02 Tweak reverse_winhttp to fix small issues
Now working fine with proxy settings.
2015-05-11 17:24:32 +10:00
OJ 679bb46f86 Refactoring, exitfunk fix, block_api_hash func 2015-05-11 17:24:32 +10:00
OJ 99fdfe31f1 More tidying/refactoring of the stagers 2015-05-11 17:24:31 +10:00
OJ 4686691753 Interim commit while juggling some other code 2015-05-11 17:24:31 +10:00
OJ 0820bc5dd5 Small bits of tidying up for reverse_winhttp/s
Refactoring, ready to get the proxy stuff going.
2015-05-11 17:24:31 +10:00
OJ 21397b46aa Add proxy user/pass to x64 reverse_http/s 2015-05-11 17:24:31 +10:00
OJ 9312c0ea46 Add proxy host support to x64 reverse_http/s
Proxy user/pass coming shortly.
2015-05-11 17:24:31 +10:00
OJ b922da8f80 Add support for x64 reverse_http
Still need to bake in support for proxies in the stagers, but wer'e
getting there.
2015-05-11 17:24:31 +10:00
OJ 15e9fb7e40 Port reverse_https (wininet) x64 to metasm
This laid the groundwork for implementation of reverse_http as well.
2015-05-11 17:24:31 +10:00
OJ 29649ff881 Fix proxy config not making it through 2015-05-11 17:24:02 +10:00
Tim d3ba84b378
Add TLV_TYPE_FILE_HASH 2015-05-10 14:18:16 +01:00
Meatballs 706e304849
Land 5299, implement shell_command for PS sessions 2015-05-09 11:23:43 +01:00
Meatballs 98d531e053
Check if session responds to response_timeout 2015-05-09 11:21:45 +01:00
Brent Cook 1a98c5ddc5
Land #5320, fix SSL weak cipher results
This adds a fallback for deprecated ciphers that are no longer exported
current SSL libraries.
2015-05-08 18:19:25 -05:00
Brent Cook d3730ae18c include a list of deprecated ciphers in the sslscan result
Allow recording remote deprecated cipher support even if the local OpenSSL
library does not support negotiating that cipher.
2015-05-08 18:05:00 -05:00
jvazquez-r7 c103779eab
Land #5080, @bcook-r7's 'ls' and 'download' meterpreter improvements 2015-05-08 18:02:16 -05:00
jvazquez-r7 422e261b36
Use parenthesis 2015-05-08 17:59:04 -05:00
Brent Cook 2f9205abc3 recover consistent parenthesis usage 2015-05-08 14:15:06 -05:00
Brent Cook 8d5ef42c2d be sure to pass the pattern more than one level deep 2015-05-08 14:03:12 -05:00
OJ 79753f719f Slight fix to the transport config 2015-05-08 18:36:30 +10:00
OJ ba3266803a Add transport configuration to reverse_http/s 2015-05-08 18:32:48 +10:00
OJ 5111abdd09 Add transport config entry to reverse_winhttp 2015-05-08 18:15:24 +10:00
William Vu 508574970c
Land #5307, Brocade login scanner resurrection 2015-05-07 22:43:39 -05:00
William Vu 8d3737d13c Fix some stylistic issues 2015-05-07 22:43:23 -05:00
William Vu 71518ef613
Land #5303, metasploit-payloads Java binaries 2015-05-07 22:39:54 -05:00
William Vu 2f2169af90 Use single quotes consistently 2015-05-07 22:39:36 -05:00
benpturner ef59d1f7c4 Markers 2015-05-07 22:50:09 +01:00
wchen-r7 7b5da6f266
Land #5241, sqlmap parsing fixes 2015-05-07 14:21:20 -05:00
benpturner 24abe597e4 numeric 2015-05-07 19:23:25 +01:00
benpturner 01c2bc0287 Buff 2015-05-07 19:10:33 +01:00
benpturner c234714013 Start and End Markers 2015-05-07 19:06:36 +01:00
OJ fd827db6dd Fix up bind stager payload sizes 2015-05-07 10:13:27 +10:00
Brent Cook 78c58088fe
Land #5314, set snmp defaults for constrained values 2015-05-06 16:27:41 -05:00
OJ 9d7a7cb68d Merge branch 'upstream/master' into multi-transport-support
Conflicts:
	lib/msf/core/payload/linux/bind_tcp.rb
2015-05-07 07:24:22 +10:00
OJ 60e25170fa
Land #5313 : fixup bind_tcp stager 2015-05-07 07:09:19 +10:00
William Vu 669df591f2 Pull default connection_timeout into constant 2015-05-06 13:18:00 -05:00
William Vu d4aed08260 Fix typo 2015-05-06 13:17:58 -05:00
William Vu 0939bbc710 Set default retries/version for SNMP LoginScanner
Set in snmp_login but missed in the LoginScanner.

MSP-12668
2015-05-06 13:17:40 -05:00
Brent Cook 5a8b6e90f2 restore ecx after setting the socket options, set default size 2015-05-06 11:56:07 -05:00
wchen-r7 97807e09ca
Lad #5125, Group Policy startup exploit 2015-05-06 11:17:01 -05:00
Brent Cook 93c785560b remove brocade_telnet scanner, extend telnet
Rather than duplicate the entire telnet scanner, add a pre-login hook that a
module can use to extend the behavior on connect. This also adds a local
pass-through print_error method like http has.
2015-05-05 21:19:46 -05:00
root 6b5aaa5479 brocade enable command bruteforcer 2015-05-05 21:16:23 -05:00
OJ 95e9057854 Remove typo'd stuff that shouldn't have made it past merge 2015-05-06 08:07:07 +10:00
Brent Cook 710a2a007b fix format error 2015-05-05 15:27:06 -05:00
Brent Cook a0c806c213 Update java meterpreter and payload references to use metasploit-payloads 2015-05-05 15:01:00 -05:00
benpturner 982b2381ed New shell_command markers 2015-05-05 19:20:03 +01:00
William Vu 013781fb9c
Land #5292, WordPress custom file version check 2015-05-05 11:21:18 -05:00
William Vu 18791ce933 Clean up code 2015-05-05 11:19:40 -05:00
David Maloney 1a8e8c624c
Merge branch 'master' into feature/MSP-12357/meterp-ntds 2015-05-05 11:07:36 -05:00
darkbushido 26e7fe15f9
Merge branch 'upstream' into staging/rails-4.0
Conflicts:
	Gemfile.lock
2015-05-05 11:00:38 -05:00
benpturner 22d2275ecb || session.type == 'powershell' 2015-05-05 09:31:43 +01:00
OJ 62fa14326d Merge branch 'upstream/master' into multi-transport-support
Merged with HD's stuff as he fixed up a few things that I had done too.

Conflicts:
	lib/msf/base/sessions/meterpreter_options.rb
	lib/rex/post/meterpreter/client_core.rb
	lib/rex/post/meterpreter/packet_dispatcher.rb
2015-05-05 17:18:01 +10:00
OJ c540ba4b98
Land #5297 : Track machine_id and dead sessions 2015-05-05 17:08:39 +10:00
OJ 2949bf053a Remove old comment from ASM 2015-05-05 13:09:13 +10:00
OJ 852961f059 Tweaking of transport behaviour, removal of patch 2015-05-05 11:45:22 +10:00
OJ cf62d1fd7c Remove patch and old stageless stuff 2015-05-05 09:27:01 +10:00
OJ b42f4f5cd2 Merge branch 'upstream/master' into multi-transport-support
Conflicts:
	lib/msf/core/payload/windows/stageless_meterpreter.rb
	lib/msf/core/payload/windows/x64/stageless_meterpreter.rb
	lib/rex/post/meterpreter/client_core.rb
	modules/payloads/stages/linux/x86/meterpreter.rb
	modules/payloads/stages/windows/meterpreter.rb
	modules/payloads/stages/windows/x64/meterpreter.rb
2015-05-05 07:53:54 +10:00
OJ e45bf5cf51 Remove the URI patcher now that it's not used at all 2015-05-05 07:35:49 +10:00
Brent Cook 05e4af8162
Land #5214, initial meterpreter session recovery support 2015-05-04 16:25:27 -05:00
benpturner 453b1fce50 Spaces 2015-05-04 22:17:08 +01:00
benpturner 658958d8e7 Allow sessions -c command on powershell 2015-05-04 22:07:22 +01:00
Brent Cook d90c25ecea
Land #5287, RPC API fixes 2015-05-04 15:44:15 -05:00
jvazquez-r7 0ca0d3d045
Improve nt_create_andx path parsing 2015-05-04 15:20:51 -05:00
Brent Cook e6ea5511ca update linux and windows meterpreters to use metasploit-payloads 2015-05-04 09:44:36 -05:00
OJ c2dc4677fb Prevent stagless from overwriting socket
Stageless payloads need to have the socket FD left along (ie. 0)
otherwise each of them will think that the socket is already open.
Instead we need to make sure it's left as 0 as per the configuration and
from there the stageless code will fire up a new socket based on the
transport in question.
2015-05-04 22:36:59 +10:00
OJ e835f2b99c Rejig transport config into module
Adjust a few other things along the way, including tidying of code,
removing of dead stuff.
2015-05-04 22:04:34 +10:00
OJ 93bf995b32 Reverse tcp support for POSIX
Ported the stager and wired in the new work to make the configuration
function.
2015-05-04 20:11:26 +10:00
Brent Cook f42334414a add recursion limit 2015-05-04 04:00:58 -05:00
OJ 9300158c9a Initial rework of POSIX stuff to handle new configuration 2015-05-04 18:58:55 +10:00
Brent Cook 7ff3044552 style cleanups and guard search where not implemented 2015-05-04 03:56:17 -05:00
Brent Cook 8cab350275 use the search API when downloading recursive patterns 2015-05-04 03:56:17 -05:00
Brent Cook eefc6f78c6 avoid redownloading files that have not changed 2015-05-04 03:56:16 -05:00
Brent Cook 9672a59b05 support download globbing 2015-05-04 03:56:16 -05:00
Brent Cook 43be856b95 keep the glob going into subdirectories 2015-05-04 03:56:16 -05:00
Brent Cook 8617115483 simplify arg parsing, compute initial stat path correctly 2015-05-04 03:56:15 -05:00
Brent Cook d934027b3b expand glob match 2015-05-04 03:56:15 -05:00
Brent Cook 866955b6fd added -R recursive, glob filtering and a dummy '-l' option 2015-05-04 03:56:14 -05:00
HD Moore a577bef9c3 Rework dirty cleanup to use skip_cleanup instead 2015-05-04 03:52:55 -05:00
HD Moore e7ba6e8a9a Speed up dead session cleanup by skipping shutdown/cleanup 2015-05-04 03:40:48 -05:00
HD Moore 3080feb188 Track the machine_id and drop non-responsive sessions automatically 2015-05-04 03:22:29 -05:00
HD Moore d00f6a8fdf Rework verbose sessions listing to work around table limits 2015-05-04 02:55:31 -05:00
root b47305ba4a Merge branch 'sqlmap_plugin_json_parse_issue' of https://github.com/void-in/metasploit-framework into sqlmap_plugin_json_parse_issue 2015-05-04 10:01:44 +05:00
root 02db66e2f6 Rescue connection refused backtrace 2015-05-04 09:57:53 +05:00
OJ 451484cb0d Add support for transport listing
Includes a verbose flag for the extra HTTP/S properties
2015-05-04 11:19:53 +10:00
William Vu c0adf7f113
Land #5291, HTTPS reference links 2015-05-03 14:33:20 -05:00
HD Moore 8ca66e03aa Track and display the last checkin time for Meterpreter sessions 2015-05-03 10:52:54 -05:00
Christian Mehlmauer 55967172be
allow custom regex 2015-05-02 21:06:15 +02:00
Christian Mehlmauer 9678479abb
check version from custom file 2015-05-02 18:34:10 +02:00
Tom Sellers 480a176415 Initial commit 2015-05-02 10:11:17 -05:00
void_in e5847f0ddc Return only json type from lib as per wchen-7 suggestion 2015-05-02 15:11:59 +05:00
OJ 2189c6d868 Pass timeouts to clients and correctly patch timeouts
Timeouts are correctly passed through to the client instances from the
handlers. The cilent also passes those values through to the RDI code so
that the binaries are correctly patched.
2015-05-02 10:01:32 +10:00
Tom Sellers c441ff81a1 Update comment in wordpress/version.rb
The comment 'All versions are vulnerable' makes sense on line 163 where there is no introduced or fixed version.  On line 175 though there is a fixed version, just no introduced version.  Adjusting comment text.
2015-05-01 17:05:31 -05:00
Brent Cook 8bd2a69112 simplify and fix rpc_get_note 2015-05-01 16:01:07 -05:00
Brent Cook 52b9fc8fca handle unknown host when generating a new note 2015-05-01 15:47:05 -05:00
Brent Cook 8d78135321 pass down the workspace for the other opt_to_* methods 2015-05-01 15:42:04 -05:00
Brent Cook f2504b84be use the same logic with 'get_note' and 'del_note' for selecting notes
factor out the selector from 'get_note' and use it in both places
2015-05-01 15:41:25 -05:00
Brent Cook 29b97f4695 remove superfluous parens on ifs 2015-05-01 15:40:45 -05:00
jvazquez-r7 c6806b4e5f
Land #5102, @wchen-r7's ManageEngine Desktop Central Login Utility 2015-05-01 15:20:21 -05:00
jvazquez-r7 3e7c790db8
Use constants 2015-05-01 15:15:18 -05:00
Brent Cook c3438955d4
Land #5169, stop reading when the HTTP socket is closed 2015-05-01 11:40:49 -05:00
darkbushido 0b608e139a
Merge branch 'upstream' into staging/rails-4.0 2015-05-01 11:26:24 -05:00
David Maloney 2bbae6b9c2
add #to_s to ntds account
added to_s method to the NTDS account
for easy output

MSP-12357
2015-05-01 11:24:23 -05:00
wchen-r7 81744384c2 Actually fix del_note 2015-04-30 17:02:06 -05:00
wchen-r7 11f9c010ce Change documentation 2015-04-30 16:46:01 -05:00
David Maloney 18874fe384
fixes Issue #5272 on report_vuln
use includes instead of joins so that refs on
the vuln are not marked as readonly
2015-04-30 15:21:56 -05:00
wchen-r7 e79780d885 Fix #5240 2015-04-30 15:20:29 -05:00
wchen-r7 3b42265c98 Fix #5239 2015-04-30 15:20:04 -05:00
wchen-r7 440005d302 Fix #5237 2015-04-30 15:10:13 -05:00
wchen-r7 f315eb4afd Fix #5236 2015-04-30 15:07:11 -05:00
David Maloney acb833bd09
NTDS::Parser class built out
the NTDS Parser class will take a meterpreter
client and a fielpath and provide an enumerator for reading
out the user accounts as ruby objects

MSP-12357
2015-04-30 14:57:30 -05:00
wchen-r7 70ab938951 Fix #5229 2015-04-30 14:56:30 -05:00
wchen-r7 f43e4f9447 Fix #5238 2015-04-30 13:49:13 -05:00
wchen-r7 89d026c900 Fix merge conflict 2015-04-30 12:33:45 -05:00
Matt Buck 912f41292a
Drop some unused code 2015-04-30 11:25:57 -05:00
William Vu 2d2c946044
Land #5279, fix for msfconsole -o 2015-04-30 11:23:44 -05:00
Matt Buck 3f797e4393 Reinstate some to_s coercions that were mistakenly dropped 2015-04-30 11:13:48 -05:00
James Lee 3e40433f00
Add an alias for write
Fixes #4971
2015-04-30 08:56:16 -05:00
OJ 8ddd7a4891 Fix session removal code, prevent missing transport param fail 2015-04-30 22:39:48 +10:00
Brent Cook 4c9f44b00c
Revert "Land #4888, @h00die's brocade credential bruteforcer"
There were some issues with this module that caused backtraces when run outside
of msfconsole. Reverting it for now so we can add some specs and ensure that it
works like the other login scanners.
2015-04-29 15:36:03 -05:00
William Vu b41aa0e617 Fix NoMethodError for rhost
Can't rely on it to be defined (kinda like peer).
2015-04-29 15:14:41 -05:00
David Maloney 2847bc8a6b
a little more yard 2015-04-29 14:53:08 -05:00
David Maloney 1f66840533
add YARD docs to NTDS Account
added yard around the attrs for the NTDS::Account
class

MSP-12357
2015-04-29 12:53:54 -05:00
Brent Cook 9386d1ca6d remove unused mod_ranked attribute 2015-04-28 22:27:09 -05:00
Brent Cook 7b7f40baa4 remove modules that cannot be instantiated 2015-04-28 22:21:31 -05:00
Brent Cook 0caeee32fe replace sort with sort_by 2015-04-28 21:39:37 -05:00
Matt Buck 8163c3cdda Merge branch 'master' into staging/rails-4.0
Conflicts:
	Gemfile.lock
	plugins/nessus.rb
2015-04-28 15:33:46 -05:00
David Maloney e220ccfda0
Merge branch 'master' into feature/MSP-12357/meterp-ntds 2015-04-28 08:25:09 -05:00
OJ 919b96e4cf Fix up UUID handling 2015-04-28 21:59:19 +10:00
OJ 4f9c8d04a2 Add support for moving transports and uuid fetching
The 'next' and 'prev' commands were added so that the session can jump
transports without having to add new ones at the same time.

There's also a command which gives the UUID now so that this can be
reused across sessions.
2015-04-28 20:24:44 +10:00
OJ f711e5dee7 Update migration support
Migration now uses the new meterpreter loader. Migration configuration
is loaded and created by meterpreter on the fly, and supports the
multiple transport stuff that's just been wired in.
2015-04-28 17:41:43 +10:00
OJ fca4d852a1 Remove the passing on off listen socket values 2015-04-28 13:51:48 +10:00
OJ d82bfb0692 Reorder params, fix up the transport termination 2015-04-28 13:03:40 +10:00
OJ c41f4bd59f Fix up http/s a little
Correctly check the URL against the non-widechar version. Get the SSL
verification stuff working again.
2015-04-28 09:44:48 +10:00
OJ 1ca5188c5e Change the payload to use IPv6 formats if required 2015-04-28 07:44:21 +10:00
OJ f3e547ca92 Remvoe the exitfunk from the loader
Meterpreter handles the exitfunk internally as part of the config now
2015-04-28 07:43:26 +10:00
HD Moore c3f18aa899 Complete the #4989 revert 2015-04-27 16:26:34 -05:00
HD Moore 36daee08c9 Reverts #4989, support for file: is handled in the options again 2015-04-27 16:07:43 -05:00
Brent Cook 7443af64a6
Land #5247, add RPC API call documentation 2015-04-27 11:13:02 -05:00
Brent Cook a0eb7d0ad3 minor RPC documentation tweaks 2015-04-27 11:11:08 -05:00
Matt Buck 6a4d63ca4f Drop explicit IPAddr to String coercion
MSP-12611
2015-04-27 10:48:13 -05:00
HD Moore 1fd601510c
Lands #5194, merges in PowerShell session support & initial payloads 2015-04-26 16:01:51 -05:00
HD Moore 1cebc9f3cb Fallback if the regex fails for some reason 2015-04-26 15:59:36 -05:00
Ben Turner 82fe480c2e Update session to display username and hostname 2015-04-26 21:47:49 +01:00
Ben Turner ea0204b7e5 updates to remove powershell from core 2015-04-26 21:25:30 +01:00
benpturner 76e68fcf4c session info 2015-04-26 20:13:18 +01:00
benpturner 1cc167a7fb Inserted ARCH_X86 payloads, removed interactive_powershell and updated base powershell session 2015-04-26 18:50:42 +01:00
OJ 0d2f97ed2d Add support for config in the x64 bind stager 2015-04-26 14:19:36 +10:00
OJ 6da8a14f62 Initial work on x64 payloads for new config 2015-04-26 13:41:31 +10:00
OJ 6ac3ecfa7c Refactor, add reverse_winhttps support
Getting closer to a normalised view of what this stuff will look like.
There URL patching is slowly being removed. Reverse HTTPS works fine,
and by default HTTP should too.

Next up, x64 for the same main ones.
2015-04-26 12:11:14 +10:00
HD Moore d1a836e39c Fix logins where SYSTEM doesnt have SYSDBA privileges 2015-04-25 19:05:11 -05:00
OJ 2455163d24 Refactor configuration for meterpreter payloads (x86)
RDI is now back to what it was before, as this leaves all the other RDI
style payloads alone. Instead we have a new Meterpreter loader which
does the stuff that is required to make meterpreter work well with the
new configuration options.

This is just the case for reverse_tcp and bind_tcp so far, need to do
the other payloads too, along with all the x64 versions.
2015-04-26 09:57:30 +10:00
OJ 3a24923361 Force bind to hand over the listen socket 2015-04-25 22:04:58 +10:00
OJ 4ec4868bcf Make bind hand over the listen socket as well 2015-04-25 21:37:32 +10:00
OJ bb77a3a0e6 First pass of refactoring to support new config block
This is pretty basic stuff, but at least it's reusable.
2015-04-25 21:36:28 +10:00
OJ 9f1e035c53 Changed required_space check in bind payloads 2015-04-25 21:30:54 +10:00
David Maloney 6c77c4bb52
opening groundwork
added a priv extension method to open
a stream channel to read ntdsaccounts from
and an NTDS account class to accept the
data and parse it into a useable structure

MSP-12357
2015-04-24 15:50:12 -05:00
Brent Cook ff96101dba
Land #5218, fix #3816, remove print_debug / DEBUG 2015-04-24 13:41:07 -05:00
Brent Cook 27f6adcd81
Land #5110, teach Http::Response to extract hidden form inputs 2015-04-24 13:30:57 -05:00
wchen-r7 46361c1a19 Final round of documentation 2015-04-24 11:58:12 -05:00