da49709845
Add yarddoc
2015-03-28 20:31:36 +00:00
8e22255a40
Small tidyup/rubocop
...
Signed-off-by: Meatballs <eat_meatballs@hotmail.co.uk>
2015-03-28 20:31:36 +00:00
9529eed41d
More specific matching
2015-03-28 20:31:35 +00:00
a30d8f7040
Add requires
2015-03-28 20:31:35 +00:00
a1d74c27c6
Check for only running services
2015-03-28 20:31:35 +00:00
99f79e8533
Use incognito token stealing rather than process migration if we have
...
the privileges required for successful impersonation.
2015-03-28 20:31:35 +00:00
9c2219124c
Remove some comments
2015-03-28 20:31:35 +00:00
e2af15a0df
Refactor MSSQL Post
2015-03-28 20:31:35 +00:00
c4def25e82
Resolve #4986 , add support for IE11 for fingerprint_user_agent
...
Resolve #4986
2015-03-27 17:51:14 -05:00
9cfafdd8b8
Land #4649 , improve post/windows/manage/run_as and as an exploit
2015-03-27 17:31:30 -05:00
2815462375
Update Mdm to staging hash
2015-03-27 15:16:33 -05:00
e3605aa252
We always pass a Service, get rid of port/proto
2015-03-27 11:54:03 -05:00
25d0b8baff
Redundant check
2015-03-27 11:35:35 -05:00
3b8d70b567
host is always an Mdm::Host, don't look it up again
2015-03-27 11:34:32 -05:00
466ef4349e
Second verse, same as the first
2015-03-27 09:59:10 -05:00
bf8146c8b5
Axe redundant check
2015-03-26 21:19:19 -05:00
88a8186a11
Pull up redundant hash literal
2015-03-26 19:33:53 -05:00
e0568e95c2
Land #4978 @zerosteiner adds reverse https for python meterpreter
2015-03-26 19:16:46 -05:00
5ac1ee1d73
fix http/s handler reference counting for pymet
...
add a persistent session counter to avoid stopping listening when pymet stages over http/s
2015-03-26 18:26:56 -05:00
a9e4961563
New hash syntax
2015-03-26 10:05:08 -05:00
a3ae0daf5a
Whitespace
2015-03-26 10:02:08 -05:00
8f03cadb92
Forgot to remove print_debug
2015-03-25 16:08:47 -05:00
72a0909e9b
Land #4992 , @wchen-r7's support for multiple ActiveX controls on BrowserExploitServerMerge
2015-03-25 13:30:36 -05:00
b0fac4824c
Stop caring about order of keys in user_data
2015-03-24 14:21:52 -05:00
414983ac8c
Merge branch 'feature/MSP-11925/create-user-data' into staging/single-vuln-push
...
Conflicts:
Gemfile.lock
2015-03-24 12:42:08 -05:00
58c5be0d72
Allow SMBDirect to be optional
...
The smb_version module needs to deregister the SMBDirect option,
but cannot do this because SMBDirect is a required option. By
having it as optional, the user no longer needs to set it. Also,
since SMBDirect already has a default value, having it as optional
should not change the mixin's default behavior.
2015-03-24 12:04:44 -05:00
3c4da5c3ff
Update BES rspec
2015-03-24 00:10:18 -05:00
25dcfc796a
Better support old binaries in rev http(s)
...
* Patch 256char URL if the 512char one doesn't work.
* Return an empty list in the case where the ext enum fails.
2015-03-24 10:14:44 +10:00
1869977921
Land #4962 : OJ adjusts MSF to new metsrv needs
...
bump meterpreter bins to 0.0.17
2015-03-23 17:18:06 -05:00
2900f57afd
It looks like this works
2015-03-23 16:46:53 -05:00
24d74b26e3
Beginning work for stageless x64 meterpreter
2015-03-24 06:50:06 +10:00
6852475be0
Placeholder for UUID options
2015-03-23 14:35:33 -05:00
dfbaa6b42e
Typo
2015-03-23 14:35:08 -05:00
e520ace1f1
Stash
2015-03-23 14:21:46 -05:00
156520338d
Making some changes to how BES handles ActiveX
2015-03-23 12:21:27 -05:00
20131110cd
Add verify_ssl file (missed in prev commit)
2015-03-23 13:22:10 +10:00
9c9d333a1b
Create verify ssl mixin, adjust some formatting
2015-03-23 13:21:08 +10:00
bc3c73e408
Merge branch 'master' into feature/registered-payload-uuids
2015-03-22 18:51:13 -05:00
378e867486
Refactor Msf::Payload::UUID, use this in reverse_http
2015-03-22 16:17:12 -05:00
94241b2998
First attempt at rewiring HTTP handlers to use UUIDs
2015-03-21 03:15:08 -05:00
858d9b1e7a
Introduce Rex::Text.(en|de)code_base64url and use it for uri_checksum
2015-03-20 21:32:08 -05:00
1226b3656f
Land #4945 , @wchen-r7's login scanner for Symantec web gateway
2015-03-20 14:44:05 -05:00
9d20d057dd
Update Meterpreter URL length to 512
2015-03-20 13:16:43 +10:00
fd4ad9bd2e
Rework changes on top of HD's PR
...
This commit removes duplication, tidies up a couple of things and puts
some common code into the x509 module.
2015-03-20 13:06:57 +10:00
7b4161bdb4
Update code to handle cert validation properly
...
This code contains duplication from HD's PR. Once his has been landed
this code can be fixed up a bit so that duplication is removed.
2015-03-20 12:52:47 +10:00
d38e2c968e
Add required include for stageless meterpreter
2015-03-20 12:52:28 +10:00
a9f74383d0
Update patch to support both ascii and wchar
2015-03-20 12:52:18 +10:00
c0bf51e0f5
Add a timestamp to the UUID structure
2015-03-19 19:11:58 -05:00
7899881416
Update POSIX bins from master
2015-03-19 14:50:14 +10:00
2dd9dcb26c
Dont use native unpack operators!
2015-03-18 23:48:39 +00:00
975ddc9092
Add some spec mockery
2015-03-18 23:43:46 +00:00
ce0796a427
Base module for Payload UUID support
2015-03-18 17:03:47 -05:00
b62da42927
Merge branch 'master' into feature/add-proxies-to-wininet
2015-03-18 01:51:15 -05:00
c607cf7b11
Merging master
2015-03-18 01:45:44 -05:00
97def50cc2
Whitespace cleanup
2015-03-18 01:26:59 -05:00
8d3cb8bde5
Fix up meterpreter patching arguments and names
2015-03-18 01:25:42 -05:00
390a704cc7
Cleanup proxyhost/proxyport arguments to match new names
2015-03-18 01:19:05 -05:00
f7a06d8e44
Rework PROXY_{HOST|PORT|TYPE|USERNAME|PASSWORD) to the new syntax
2015-03-18 01:15:32 -05:00
3aa8cb69a4
Fix two use cases of PROXYHOST/PROXYPORT
2015-03-18 01:08:09 -05:00
2ab14e7e79
Adds IPv6 and option-related issues with the previous patch
2015-03-18 01:01:10 -05:00
a4df6d539f
Cleanup proxy handling code (consistency & bugs)
...
One subtle bug was that each time a request was received, a null byte was being appended to the datastore options for PROXY_USERNAME and PROXY_PASSWORD. Eventually this would break new sessions. This change centralizes the proxy configuration and cleans up the logic.
2015-03-18 00:59:59 -05:00
2f13988d7b
Use OptPort vs OptInt and cleanup the description
2015-03-18 00:59:25 -05:00
a01be365b0
Rework PROXYHOST/PROXYPORT to PROXY_HOST/PROXY_PORT
...
This also cleans up the windows reverse_https_proxy stager.
2015-03-18 00:59:13 -05:00
bd4738b93e
Land #4827 , capture and nbns fixups
2015-03-17 17:37:55 -05:00
d7fa0ec669
Let IPAddr#hton do the calculating
2015-03-17 17:36:45 -05:00
ff58f7d270
Add Symantec Web Gateway Login Module
2015-03-17 02:51:57 -05:00
2ea984423b
while(true)->loop, use thread.join
2015-03-16 14:08:01 -05:00
5fd3637d34
Remove the i32 size specifier (not needed)
2015-03-16 14:00:51 -05:00
69d9280748
Fix yard docs, retries, push.i8 instructions. See commit 05138524e3
...
Note that StagerRetryCount is not defined here, but will be in the parent class once #4934 lands
2015-03-16 13:52:13 -05:00
05138524e3
Fix yard docs, fix retries, trim bytes, retested and working
2015-03-16 13:35:36 -05:00
69a808b744
StagerProxy -> PayloadProxy
2015-03-16 12:14:42 -05:00
03232befc7
Add extra check to avoid crashing on startup
2015-03-16 17:14:36 +10:00
f361e4ee52
Prefer the new-style proxy datastore options when available
2015-03-16 00:22:10 -05:00
7e89281485
Adds proxy (with authentication) support to reverse_http(s)
2015-03-16 00:03:31 -05:00
8e37342c50
Comment typo
2015-03-14 16:52:04 -05:00
0d12ca49a7
Work around lack of option normalization during size calculation
2015-03-14 16:19:13 -05:00
03019cf451
Adds StagerVerifySSLCert support (SHA1 of HandlerSSLCert)
2015-03-14 15:53:21 -05:00
7a212a01eb
Land #4917 , @hmoore-r7 avoid another payload size recalc
2015-03-13 08:43:33 -05:00
b68e05e536
Land #4914 , @hmoore-r7 and @BorjaMerino winhttp stagers
2015-03-13 08:24:11 -05:00
a57f02b863
Remove invalid SECURITY_FLAG_IGNORE_REVOCATION flag
2015-03-12 23:01:04 -05:00
744b1a680e
Reworks how payload prepends work internally, see #1674
2015-03-12 02:30:06 -05:00
376d05f797
Avoid instantiating the module during recalculate
2015-03-12 01:02:37 -05:00
dfbc50ff47
Make Host header override optional
2015-03-11 23:15:45 -05:00
345b5cc8e1
Add stageless meterpreter support
...
This commit adds plumbing which allows for the creation of stageless
meterpreter payloads that include extensions. The included transprots at
this point are bind_tcp, reverse_tcp and reverse_https, all x86.
More coming for x64. Will also validate http soon.
2015-03-12 13:22:04 +10:00
8bae58d631
Updated cache sizes
2015-03-11 21:25:12 -05:00
631e1606bf
Fix WinHttpSetOption & stack parameters
2015-03-11 21:05:18 -05:00
401d553f84
Use host header in reverse_http(s)
2015-03-11 19:40:52 -05:00
1135e5e073
First take on WinHTTP stagers, untested
2015-03-11 16:27:14 -05:00
1d17e9ab5b
Remove the 256 byte limit for URLs
2015-03-10 15:27:04 -05:00
cb41154712
Make a MatchResult when sessions are reported
2015-03-10 15:17:57 -05:00
5f382e539a
Updated required_space to count all 256 bytes of the URL
2015-03-10 15:17:09 -05:00
dedf3726ea
Simplify the uri_req_len logic, thanks @bcook-r7
2015-03-10 15:12:02 -05:00
966848127a
Refactor x86 Windows reverse_http and reverse_https stagers
2015-03-10 12:48:30 -05:00
97f09b6ab0
Land #4894 : hmoore-r7 cache payload sizes on start
...
Avoid the hit of regenerating all of the static-size payloads when
loading the framework. This will facilitate conversion of payloads to
use metasm later.
2015-03-09 23:06:55 -05:00
838746b021
Add user_data_is_match? method
2015-03-09 15:35:53 -05:00
8c635243d3
Fix whitespace in the regex, implements Msf::Payload.dynamic_size?
2015-03-09 13:15:06 -05:00
603179176a
Land #4876 , @hmoore-r7 give encoders and payloads space available
2015-03-09 11:50:46 -05:00
08df0bfaca
Land #4858 , RPC client true/truthy fix
...
* Misc ruby cleanup and fixing the issue that caused MSP-12235, rolling back the
full rollback of PR 4823
2015-03-09 11:35:57 -05:00
b37a975108
Use metasploit_data_models staging branch
2015-03-09 01:28:27 -05:00
c3479ba747
Update msfvenom & PayloadGenerator to pass in available_space
2015-03-09 01:14:56 -05:00
Meatballs
sinn3r
Trevor Rosen
James Lee
Brent Cook
jvazquez-r7
OJ
HD Moore
scriptjunkie
Samuel Huckins