infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
44,394 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

13551 Commits (8c1f1696afa270ceeaf69e4f9349d513cd91b448)

Author SHA1 Message Date
Brent Cook 6615c6efc7 tighten up corner cases with option validation 2017-11-21 08:30:42 -06:00
Brent Cook 6da66e885a fix enum default logic for bools that default to false 2017-11-21 08:30:42 -06:00
Brent Cook d811a2a8c1 set good defaults 2017-11-21 02:52:05 -06:00
Brent Cook 65c58c3d55 set a good default, remove unused methods, speed up checks 2017-11-21 02:52:05 -06:00
Brent Cook ffa6d74a23 remove historical cruft 2017-11-21 02:52:05 -06:00
Brent Cook d3ee86dc5c update to new format 2017-11-21 02:52:05 -06:00
Brent Cook 249c08f597 usability improvements ith how base options are registered 
This adds named parameters for all of the current array-index based
options. It also allows specifying the description as the 2nd parameter,
allowing the 'required' parameter to be implicitly false (the most
common value).

A simple parameter like:

 OptAddress.new('ReverseListenerBindAddress',
   [false, 'The specific IP address to bind to on the local system']),

Can now be rewritten as:

 OptAddress.new('ReverseListenerBindAddress',
   'The specific IP address to bind to on the local system'),

More complex options are also now easier to read:

 OptString.new(
   'HttpUserAgent',
   'The user-agent that the payload should use',
   default: Rex::UserAgent.shortest,
   aliases: ['MeterpreterUserAgent']
 ),

This also makes dealing with enums easier because default is implicit
unless specified. This:

  OptEnum.new('PayloadProxyType',
    [true, 'The proxy type, HTTP or SOCKS', 'HTTP', ['HTTP', 'SOCKS']]),

Becomes:

  OptEnum.new('HttpProxyType',
    'The proxy type, HTTP or SOCKS', required: true, enums: ['HTTP', 'SOCKS'])

This maintains full backward compatibility with existing code as well.
 2017-11-21 02:52:05 -06:00
Adam Cammack 40a71af7ed
Add missing `end` 2017-11-20 17:50:59 -06:00
Adam Cammack 2fdc34c8fd
Add new template for DoS modules 2017-11-20 17:19:14 -06:00
Adam Cammack dd57138423
Make external module read loop more robust 
Changes from a "hope we get at most one message at a time" model to
something beginning to resemble a state machine. Also logs error output
and fails the MSF module when the external module fails.
 2017-11-20 16:52:05 -06:00
Matthew Kienow 39f06a3995
Land #8807, template for external module servers 2017-11-20 17:34:37 -05:00
Metasploit 602406a423
Bump version of framework to 4.16.19 2017-11-17 10:02:22 -08:00
Metasploit 5cdd364590
Bump version of framework to 4.16.18 2017-11-15 19:46:12 -08:00
Adam Cammack f357efd97c
Land #9208, add AArch64 ELF to Msf::Util::Exe 2017-11-15 14:22:27 -06:00
Tim 4ec0faf35d fix aarch64 cmdstager 2017-11-15 16:47:17 +08:00
Jeffrey Martin 80b381cde9
Merge released '4.x' into master 2017-11-13 14:11:23 -06:00
Spencer McIntyre bc691cbd00 Document the new tab completion functions 2017-11-11 17:17:48 -05:00
Spencer McIntyre fb7635502d Tab completion for exploit and handler commands 2017-11-11 17:11:54 -05:00
Spencer McIntyre 68a43fef36 Add the new generic tab completion functoin 2017-11-11 16:47:11 -05:00
Metasploit 4f660d7dd7
Bump version of framework to 4.16.17 2017-11-10 10:05:05 -08:00
William Vu 97859ebf8c Clarify XXX comment no user will ever see anyway 2017-11-09 15:23:37 -06:00
William Vu 577baf6070 Add a check for .rb in cmd_edit 2017-11-09 15:17:53 -06:00
Patrick Webster 2f6da89674 Change author name to nick. 2017-11-09 03:00:24 +11:00
William Vu fbbc8da8fb Fix raise(s) in MSSQL client aborting mssql_login 2017-11-07 14:30:47 -06:00
Metasploit deb5a7b015
Bump version of framework to 4.16.16 2017-11-03 10:03:38 -07:00
Metasploit a14102083c
Bump version of framework to 4.16.15 2017-11-02 10:01:12 -07:00
bwatters-r7 c2a979dd3c
Land #9134, fix buggy handling of partial ingress packet data 2017-11-01 20:06:23 -05:00
Spencer McIntyre d815e42ccf Add a generic tab completion function 2017-11-01 20:38:45 -04:00
William Vu 5de190f092
Land #9145, ERB/<ruby> for Meterpreter resource 2017-11-01 13:48:51 -05:00
Brent Cook a347dee372
Land #9150, fix broken and simplify unusual RuntimeError exceptions 2017-11-01 06:03:36 -05:00
Brent Cook 90766ceceb remove more unusual raise RuntimeError patterns 2017-11-01 05:59:12 -05:00
Spencer McIntyre 1462330f34 Add tab completion to the payload generate command 2017-10-31 20:33:31 -04:00
lvarela-r7 c36184697c
Merge pull request #9150 from bcook-r7/runtimeerror 
Fix several broken raise RuntimeError calls in error paths
 2017-10-31 14:47:42 -05:00
Brent Cook 95b6cda06e
Land #9146, add e500v2 and reduce size of x86_64 2017-10-31 09:54:07 -05:00
Brent Cook c4dcd79e41
Land #9144, fix misspelling in exploit/windows/local/wmi_persistence 2017-10-31 05:01:13 -05:00
Brent Cook aa0ac57238 use implicit RuntimeError 2017-10-31 04:53:14 -05:00
Brent Cook 9389052f61 fix more broken RuntimeError calls 2017-10-31 04:45:19 -05:00
Brent Cook f42b980cf0 fix misspelled RuntimeError 2017-10-30 15:42:11 -05:00
Brent Cook 56eb828cc5 add e500v2 payloads 2017-10-30 14:04:10 -05:00
Spencer McIntyre 940573ad49 Support ruby directives in Meterpreter rc scripts 2017-10-29 15:57:33 -04:00
h00die 3b8ef02c29 sid vs side 2017-10-29 08:36:05 -04:00
William Vu 9349e1eda5 Fix find_script_path to check only files 2017-10-27 12:28:58 -05:00
William Vu 73c9807c55 Add module support for sessions -s 2017-10-27 12:28:53 -05:00
Metasploit 140955f220
Bump version of framework to 4.16.14 2017-10-27 10:03:00 -07:00
Brent Cook d188982760 handle masked EOF from Rex sockets (TODO: kill that behavior) 2017-10-27 02:29:25 -07:00
Brent Cook 85b59c87ca fix buggy handling of partial ingress packet data 
If we have more data, and the packet parser needs more data, connect the two
together rather than bailing. This fixes reverse_tcp_ssl along with probably a
lot of other higher-latency corner cases.
 2017-10-27 02:15:08 -07:00
Jeffrey Martin 4274b76473
Land #9119, Fix #8436, allow session upgrading on meterpreter sessions 2017-10-25 10:26:27 -05:00
Jeffrey Martin 386e14828a
Land #8728, Psexec via PSH related fixes 2017-10-24 15:55:18 -05:00
Tim 40e57d7ee6 android payload options 2017-10-24 18:32:47 +08:00
Brent Cook 1b01232624
Land #9070, Fix bug copying MACE attributes between files 2017-10-23 22:15:42 -05:00
Brent Cook 402e926151
Land #9081, Fix ftp.rb to get files larger than 16384 2017-10-23 22:11:36 -05:00
Brent Cook c6bc55a175
Land #9082, Fix ftp.rb so it closes all data sockets 2017-10-23 22:10:38 -05:00
Tim ca4feb5136 fix session upgrading 2017-10-23 01:26:45 +08:00
Dave Farrow 636551aa03 Fixed help message to match test 2017-10-20 21:32:54 -07:00
Dave Farrow ea1ac3d5b3 #9108: added -C option to change default hosts columns 
The -C option saves the column list the user provided and uses that as the default column list until msfconsole is restarted
 2017-10-20 20:39:38 -07:00
Metasploit 884b68fa60
Bump version of framework to 4.16.13 2017-10-20 10:02:23 -07:00
William Vu c795cef69f
Land #9099, disconnect option for send_request_cgi 2017-10-20 10:50:56 -05:00
William Vu 8e5deac3f4 Fix nil bug in setting PromptChar without Prompt 2017-10-20 00:38:01 -05:00
RageLtMan a3912e4913 Provide disconnect option to send_request_cgi 
The HTTP client mixin provides a #send_request_cgi method which
forcibly disconnects the client after receiving a response. This
terminates certain types of resulting sessions which depend on the
connection from the client to maintain a subprocess housing the
shell invocation.

Provide a disconnect boolean option to #send_request_cgi which
is checked in the disconnect(c) call after receiving the response.

Testing:
  Locally tested on in-house exploit module written for disclosure
report.

TODO:
  Discuss possibility of implementing fully asynchronous methods
like #send_request_cgi_async which won't bother getting a response
for cases such as the module mentioned above which is a command
injection via unfiltered POST var.
 2017-10-19 21:22:31 -04:00
William Vu 60a7a80ff0
Land #9095, default PromptTimeFormat (%T) 2017-10-17 16:50:47 -05:00
James Lee af42f517b8 Default PromptTimeFormat to %T 2017-10-17 16:39:44 -05:00
Evgeny Naumov d5cdd2567a add missing method 2017-10-16 16:01:53 -04:00
Jeffrey Martin b04f5bdf90
Land #9077, Enhancing the functionality on the nodejs shell_reverse_tcp payload. 2017-10-16 10:49:17 -05:00
Jeffrey Martin 6df8c40bb1
adjust whitespace 'no tabs' more reabable 2017-10-13 17:01:47 -05:00
Wei Chen 6b89f62b08 Land #9080, ensure autoruns on shell sessions 
Land #9080
 2017-10-13 15:35:31 -05:00
Wei Chen 5ce4c32213 Use session object instead of self 
The session object has :process_autoruns, not self
 2017-10-13 15:33:27 -05:00
William Vu b2de5aba07
Fix #9075, super setup fix for local exploits 2017-10-13 12:45:14 -05:00
bigendiansmalls 1b306caf39
Fixed ftp.rb to get files larger than 16384 
Existing ftp.rb did get_once, which limits file
DL to 16384 (def_block_size). Change to get and
added one more timeout variable see:
http://www.rubydoc.info/gems/librex/Rex%2FIO%2FStream:def_block_size
and
http://www.rubydoc.info/gems/librex/Rex%2FIO%2FStream:get_once
and
http://www.rubydoc.info/gems/librex/Rex%2FIO%2FStream:get
 2017-10-13 12:41:11 -05:00
Metasploit 88585a5cfd
Bump version of framework to 4.16.12 2017-10-13 10:03:48 -07:00
bigendiansmalls e5e9c7ccd6
Fixed ftp.rb so it closes all data sockets 
ftp.rb was doing a shutdown without a close on data
(not command) sockets.  This can cause CLOSE_WAIT
for extended periods in certain circumstances-ending
only when msf itself is closed.
 2017-10-13 10:09:43 -05:00
Brent Cook e209256d62 ensure we do autoruns for all session types 2017-10-12 23:11:58 -05:00
William Vu bf2fb7051a Fix session compatibility check for post modules 2017-10-12 11:57:11 -05:00
itsmeroy2012 a0abffb6c4 Adding functionality of StagerRetryWait and StagerRetryCount 2017-10-12 22:25:00 +05:30
William Vu f556a5f805 Add compatible session types to post module info 2017-10-12 11:41:02 -05:00
itsmeroy2012 374c139d33 Increasing the functionality of the nodejs shell_reverse_tcp payload 2017-10-12 19:05:59 +05:30
bwatters-r7 294230c455
Land #8509, add Winsxs bypass for UAC 2017-10-11 16:24:52 -05:00
William Webb 84fe0847bf
Land #9074, Add prints and error checking to HTTP CmdStagers 2017-10-11 14:27:52 -05:00
William Vu 27876a91d3 Add prints and better checking to HTTP CmdStagers 
Admittedly, this code is more convoluted than it needs to be.
 2017-10-11 14:01:56 -05:00
Jeffrey Martin b76c1f3647
remove invalid 'client' object reference in nodejs 
fix #9063 by removing invalid object reference introduced in PR #8825
 2017-10-11 11:09:28 -05:00
Bradley Landherr bdc00ef2df Removing unecessary comment 2017-10-11 06:34:09 -07:00
Bradley Landherr 8dee369eb7 Fixing the -f option, removing reference to undefined 'path' variable & get_file_mace already returns a 'Time' object instance 2017-10-11 06:28:03 -07:00
Adam Cammack 88f53352c7
Land #9056, Check for /etc/issue before reading 2017-10-10 15:05:27 -05:00
Jeffrey Martin 57afc3b939
Land #9044, Address generation issues with pure PSH payloads 2017-10-10 10:40:33 -05:00
h00die bf731b4f5e look before leap issues 2017-10-09 14:27:09 -04:00
Adam Cammack 436b72d4cc
Land #9023, Add tab completion to the edit command 2017-10-09 11:37:12 -05:00
William Vu 27dcc162b2 Revert to Vim because ed is the standard editor 
https://www.gnu.org/fun/jokes/ed-msg.html
 2017-10-09 11:34:45 -05:00
William Webb 14308fb77d
Land #9045, Copy original request ID into TLV response 2017-10-09 10:58:02 -05:00
bwatters-r7 fc5ab96ad6 Merging to prep for testing 
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
 2017-10-09 10:31:30 -05:00
bwatters-r7 7df18e378d Fix conflicts in PR 8509 by mergeing to master 2017-10-09 10:30:21 -05:00
James Barnett 56e95f15c9
Land #9024, fix bug when manually adding loot 
cmd_loot was throwing a stack trace when the host was not properly defined.
This fixes it to give a useful error message.
 2017-10-06 16:02:12 -05:00
Jeffrey Martin d0a1fb6019
tlv response to ID based request with original ID 
When a tlv response is created the request ID being responded to
needs to be copied into response created.
 2017-10-06 13:58:38 -05:00
William Webb d9e0d891a1
Land #9010, Remove checks for hardcoded SYSTEM account name 2017-10-06 13:42:18 -05:00
RageLtMan 124a1531f4 Clean up powershell exec string 
The scriptblock invocation is already coming from Rex, so there's
no need to re-wrap the executed code in more of the same.
 2017-10-06 13:19:36 -04:00
Metasploit 4acef04e0d
Bump version of framework to 4.16.11 2017-10-06 10:01:51 -07:00
RageLtMan 9afdde2938 Address generation issues with pure PSH payloads 
Powershell payloads were generating using the :generate method
mixed in from Payload::Windows::Exec which is a binary payload
mixin.

Address the breakage by implementing a generate method which simply
outputs the script code produced by the module with no additional
content prepended or appended.

While here, cleanup the commandline generation for the script being
produced by having Rex do it (this permits changes made in Rex to
benefit all consumers).

As a bonus, drop the IEX invocation since it'll trip up AMSI and
upgrade to the scripblock execution semantic.

Credit for finding this little gem goes to bperry - i dont usually
use the native powershell command shells, and managed to miss this
for a long time. Thanks boss.

Testing:
  Local in pry

@bperry: Could you test and ping me back if this is right?
 2017-10-06 12:32:52 -04:00
Brent Cook 809d0f79a1
Land #9026, Fix cache invalidation bug in tab completion 2017-10-05 16:41:00 -05:00
Brent Cook b7e209a5f3
Land #9033, Geolocate API update 2017-10-05 16:39:09 -05:00
Tim e534d3cdc8 fix transport and sleep commands on java 2017-10-04 10:36:01 +08:00
William Vu 5b9a4d73ee Readd hostless loot display 
In the chance event someone actually managed to store it.
 2017-10-02 23:31:44 -05:00
William Vu 403b5e2fa8 Move TARGET check into option_values_payloads 2017-10-02 23:22:42 -05:00