- Many code duplications are eliminated from modules in favor of shared
implementations in the framework.
- Paths are properly quoted in shell operations and duplicate operations are
squashed.
- Various subtle bugs in error handling are fixed.
- Error handling is simpler.
- Windows services API is revised and modules are updated to use it.
- various API docs added
- railgun API constants are organized and readable now.
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.
I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
created stub methods around the credential
creation methods modules would use from
Metasploit::Credential, they try to call the real ones
but rescue a NoMethodError that arises if framework is setup
without the db. it just prints a message to the console
telling the user the cred data will not be saved
MSP-10969
Fix a funny default service name, adjust test to be case-agnostic.
winmgmt on Windows XP and Windows 8 have different capitalization for this
service. I'm not sure why it's a module parameter though - the test will still
fail if its anything other than winmgmt.
The following RC script has 7 successful outputs when run against a reverse_tcp shell.
Run a reverse_tcp stager and the following RC script to run the test
```
loadpath test/modules
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.43.1
run -j
sleep 5
use post/test/services
set SESSION 1
run
```
Note: this test still doesn't run very reliably on windows 8 unless you're
using the code from rapid7/meterpreter#107 and #4411, though it runs ok on
Windows XP.
sinn3r
Jon Hart
Brent Cook
Christian Mehlmauer
rastating
David Maloney
Trevor Rosen
OJ
Meatballs
William Vu
EricGershman
Samuel Huckins
James Lee