975ddc9092
Add some spec mockery
2015-03-18 23:43:46 +00:00
ce0796a427
Base module for Payload UUID support
2015-03-18 17:03:47 -05:00
b62da42927
Merge branch 'master' into feature/add-proxies-to-wininet
2015-03-18 01:51:15 -05:00
c607cf7b11
Merging master
2015-03-18 01:45:44 -05:00
97def50cc2
Whitespace cleanup
2015-03-18 01:26:59 -05:00
8d3cb8bde5
Fix up meterpreter patching arguments and names
2015-03-18 01:25:42 -05:00
390a704cc7
Cleanup proxyhost/proxyport arguments to match new names
2015-03-18 01:19:05 -05:00
f7a06d8e44
Rework PROXY_{HOST|PORT|TYPE|USERNAME|PASSWORD) to the new syntax
2015-03-18 01:15:32 -05:00
3aa8cb69a4
Fix two use cases of PROXYHOST/PROXYPORT
2015-03-18 01:08:09 -05:00
2ab14e7e79
Adds IPv6 and option-related issues with the previous patch
2015-03-18 01:01:10 -05:00
a4df6d539f
Cleanup proxy handling code (consistency & bugs)
...
One subtle bug was that each time a request was received, a null byte was being appended to the datastore options for PROXY_USERNAME and PROXY_PASSWORD. Eventually this would break new sessions. This change centralizes the proxy configuration and cleans up the logic.
2015-03-18 00:59:59 -05:00
2f13988d7b
Use OptPort vs OptInt and cleanup the description
2015-03-18 00:59:25 -05:00
a01be365b0
Rework PROXYHOST/PROXYPORT to PROXY_HOST/PROXY_PORT
...
This also cleans up the windows reverse_https_proxy stager.
2015-03-18 00:59:13 -05:00
bd4738b93e
Land #4827 , capture and nbns fixups
2015-03-17 17:37:55 -05:00
d7fa0ec669
Let IPAddr#hton do the calculating
2015-03-17 17:36:45 -05:00
ff58f7d270
Add Symantec Web Gateway Login Module
2015-03-17 02:51:57 -05:00
2ea984423b
while(true)->loop, use thread.join
2015-03-16 14:08:01 -05:00
5fd3637d34
Remove the i32 size specifier (not needed)
2015-03-16 14:00:51 -05:00
69d9280748
Fix yard docs, retries, push.i8 instructions. See commit 05138524e3
...
Note that StagerRetryCount is not defined here, but will be in the parent class once #4934 lands
2015-03-16 13:52:13 -05:00
05138524e3
Fix yard docs, fix retries, trim bytes, retested and working
2015-03-16 13:35:36 -05:00
69a808b744
StagerProxy -> PayloadProxy
2015-03-16 12:14:42 -05:00
03232befc7
Add extra check to avoid crashing on startup
2015-03-16 17:14:36 +10:00
f361e4ee52
Prefer the new-style proxy datastore options when available
2015-03-16 00:22:10 -05:00
7e89281485
Adds proxy (with authentication) support to reverse_http(s)
2015-03-16 00:03:31 -05:00
8e37342c50
Comment typo
2015-03-14 16:52:04 -05:00
0d12ca49a7
Work around lack of option normalization during size calculation
2015-03-14 16:19:13 -05:00
03019cf451
Adds StagerVerifySSLCert support (SHA1 of HandlerSSLCert)
2015-03-14 15:53:21 -05:00
7a212a01eb
Land #4917 , @hmoore-r7 avoid another payload size recalc
2015-03-13 08:43:33 -05:00
b68e05e536
Land #4914 , @hmoore-r7 and @BorjaMerino winhttp stagers
2015-03-13 08:24:11 -05:00
a57f02b863
Remove invalid SECURITY_FLAG_IGNORE_REVOCATION flag
2015-03-12 23:01:04 -05:00
744b1a680e
Reworks how payload prepends work internally, see #1674
2015-03-12 02:30:06 -05:00
376d05f797
Avoid instantiating the module during recalculate
2015-03-12 01:02:37 -05:00
dfbc50ff47
Make Host header override optional
2015-03-11 23:15:45 -05:00
345b5cc8e1
Add stageless meterpreter support
...
This commit adds plumbing which allows for the creation of stageless
meterpreter payloads that include extensions. The included transprots at
this point are bind_tcp, reverse_tcp and reverse_https, all x86.
More coming for x64. Will also validate http soon.
2015-03-12 13:22:04 +10:00
8bae58d631
Updated cache sizes
2015-03-11 21:25:12 -05:00
631e1606bf
Fix WinHttpSetOption & stack parameters
2015-03-11 21:05:18 -05:00
401d553f84
Use host header in reverse_http(s)
2015-03-11 19:40:52 -05:00
1135e5e073
First take on WinHTTP stagers, untested
2015-03-11 16:27:14 -05:00
1d17e9ab5b
Remove the 256 byte limit for URLs
2015-03-10 15:27:04 -05:00
cb41154712
Make a MatchResult when sessions are reported
2015-03-10 15:17:57 -05:00
5f382e539a
Updated required_space to count all 256 bytes of the URL
2015-03-10 15:17:09 -05:00
dedf3726ea
Simplify the uri_req_len logic, thanks @bcook-r7
2015-03-10 15:12:02 -05:00
966848127a
Refactor x86 Windows reverse_http and reverse_https stagers
2015-03-10 12:48:30 -05:00
97f09b6ab0
Land #4894 : hmoore-r7 cache payload sizes on start
...
Avoid the hit of regenerating all of the static-size payloads when
loading the framework. This will facilitate conversion of payloads to
use metasm later.
2015-03-09 23:06:55 -05:00
838746b021
Add user_data_is_match? method
2015-03-09 15:35:53 -05:00
8c635243d3
Fix whitespace in the regex, implements Msf::Payload.dynamic_size?
2015-03-09 13:15:06 -05:00
603179176a
Land #4876 , @hmoore-r7 give encoders and payloads space available
2015-03-09 11:50:46 -05:00
08df0bfaca
Land #4858 , RPC client true/truthy fix
...
* Misc ruby cleanup and fixing the issue that caused MSP-12235, rolling back the
full rollback of PR 4823
2015-03-09 11:35:57 -05:00
b37a975108
Use metasploit_data_models staging branch
2015-03-09 01:28:27 -05:00
c3479ba747
Update msfvenom & PayloadGenerator to pass in available_space
2015-03-09 01:14:56 -05:00
d771f54e35
Axe unused var
2015-03-09 00:21:10 -05:00
6baff47e98
Refactor inference into its own method
2015-03-09 00:19:57 -05:00
a91a29d4e5
Add a comment explaining about the error key
2015-03-08 23:51:43 -05:00
d46635ff8b
Restore a comment lost in the code churn
2015-03-07 21:25:35 -06:00
853bf1b569
Accidental carry over from stale master
2015-03-07 20:48:22 -06:00
2e49791bef
This implements payload size caching, speeding up framework loads
2015-03-07 20:44:19 -06:00
5316e0f0ce
Land #4887 , msfconsole -n store_loot fix
2015-03-07 17:14:21 -06:00
f3494d9019
Correct grammar in BES
2015-03-07 16:04:06 -06:00
8adc4646f8
Add :user_data to Msf::Module
2015-03-06 14:23:06 -06:00
ca3b2220b5
Check to ensure Mdm is loaded to fix store_loot.
2015-03-05 23:27:13 -06:00
a13cd2bcb7
Land #4880 : @wchen-r7 check if module has session before comparison
2015-03-05 20:48:42 -06:00
9f3f8bb727
Merging #3323 work
2015-03-05 15:44:15 -06:00
7cb3e236fb
Adding back prepended colons
...
Don't seem to be needed but don't want to introduce that change.
2015-03-05 14:06:50 -06:00
02d30b3d44
Changes workspace cmd ordering to updated_at asc
2015-03-05 14:05:24 -06:00
84df403d11
Land #4852 , vuln note import/export addition
2015-03-05 13:54:22 -06:00
31191bef39
Fix #4865 , undef method 'ancestors' in lib/msf/core/payload_set.rb
...
Fix #4865
2015-03-05 12:49:51 -06:00
5ede40a39d
Change the variable name
2015-03-05 12:21:33 -06:00
e0a22a6794
Add support for folder
2015-03-05 12:19:33 -06:00
7a354f322c
Comment typo (missing i).
2015-03-04 20:11:41 -06:00
95f67dba7a
Tell payloads and encoders how much space they have to work with
2015-03-04 19:25:04 -06:00
1001061a96
Initialize @capture_count
2015-03-04 18:52:18 -06:00
36375fab28
Fix downcase path handling
2015-03-04 12:58:41 -06:00
4de1fdd020
Make SHARE prints verbose
2015-03-04 10:57:18 -06:00
1c064f6b46
Land #3074 , @0x41414141 SMB Share mixin
2015-03-04 10:16:04 -06:00
64fd818364
Land #4411 , @bcook-r7's support for direct, atomic registry key access in meterpreter
2015-03-04 10:01:33 -06:00
fb74136723
Add MIPS arches to this stupid case statement
2015-03-03 15:25:08 -06:00
a57aefb721
Add specs for QUERY information level
2015-03-03 15:24:13 -06:00
c213ed3f5f
Add specs for FIND information level
2015-03-03 14:13:36 -06:00
4237cd2c88
Add specs for QueryPathInformation
2015-03-03 13:19:06 -06:00
63a3ab16fe
Add specs for SMB_COM_SESSION_SETUP_ANDX commands
2015-03-03 10:31:43 -06:00
4fc08d7243
Add specs for Msf::Exploit::Remote::SMB::Server::Share::Command::ReadAndX
2015-03-02 17:32:03 -06:00
b0bc69b832
Add @todo comment
2015-03-02 14:25:56 -06:00
d57e220f00
Delete unnecessary case on smb_cmd_trans_query_path_info_basic
2015-03-02 14:19:20 -06:00
2004aea7b7
Add helpers for path handling on TRANS2 requests
2015-03-02 14:15:25 -06:00
8acde11aaf
Use file_contents instead of exe_contents
2015-03-02 12:56:48 -06:00
34bd6a4365
Add documentation for the Share mixin
2015-03-02 12:42:32 -06:00
9a8e17508f
Add documentation for QUERY information levels
2015-03-02 12:00:34 -06:00
750022806b
Add documentation for FIND information levels
2015-03-02 11:46:20 -06:00
0d8632dae9
Add documentation for TRANSACTION2 subcommands
2015-03-02 11:19:34 -06:00
6a5dae4549
Add documentation for SMB_COM_TRANSACTION2 handling
2015-03-02 11:12:57 -06:00
3923589286
Add documentation for SMB_COM_SESSION_SETUP_ANDX handling
2015-03-02 11:06:41 -06:00
e8dd9c1971
Add documentation for SMB_COM_READ_ANDX
2015-03-02 10:59:07 -06:00
1ad3f91c50
Add documentation for SMB_COM_NT_CREATE_ANDX handling
2015-03-02 10:52:30 -06:00
19061121b3
Add documentation for SMB_COM_NEGOTIATE handling
2015-03-02 10:45:43 -06:00
3e8bbb6c9e
Add documentation for SMB_COM_CLOSE handling
2015-03-02 10:36:13 -06:00
227cf4500d
define constants for tree connect access rights
2015-02-28 18:38:45 -06:00
eb3aedf4a7
Define constants for WordCount in responses
2015-02-28 18:15:14 -06:00
5f8c14c958
Fix check for TrueClass, plus other small changes
2015-02-28 14:11:15 -06:00
6f4259f2de
Revert #4859 , temporary solution for unbreaking client
...
This reverts commit 7ab86be72a49ae173057
2015-02-28 14:07:26 -06:00
eb7ac02d1a
Normalize handlers names
2015-02-28 12:14:58 -06:00
1d602d38c9
Refactor SessionSetupAndx handler
2015-02-28 12:10:48 -06:00
b27c9b9efc
Land #4838 , reverse_http{,s} listening service fix
2015-02-27 21:02:58 -06:00
ac81318e7a
Revert #4823 , changes for ruby style guide
...
This reverts commit 885469ca52fd73445d9b#4823 for why.
2015-02-27 17:28:00 -06:00
e5e13108ed
Refactor close handling
2015-02-26 23:50:10 -06:00
5418cdad11
Refactor negotiate handling
2015-02-26 23:49:07 -06:00
5ed1f8d44f
Make opts optional
2015-02-26 23:39:17 -06:00
882f0bdc0e
Refactor read_andx request handling
2015-02-26 23:35:12 -06:00
5b770f9f7a
Refactor nt_create_andx requests
2015-02-26 23:31:09 -06:00
70033576fe
Refactor query information level
2015-02-26 23:22:57 -06:00
d544da22b5
Always send answer
2015-02-26 16:47:05 -06:00
45be95747f
Refactor Find Information Levels
2015-02-26 16:46:34 -06:00
89a033c194
Delete unnecessary paddings due to miscalculations
2015-02-26 15:54:00 -06:00
095431c323
fix note search conditions
...
note search conditions needed to know about
vuln_id or else vuln notes would get overwritten
MSP-12183
2015-02-26 15:48:04 -06:00
387c966550
Fix unnecessary paddings
2015-02-26 15:00:53 -06:00
a72d49678a
only match by CVE refs
...
the other refs can be non-specific and refer
to multiple distinct vulns, resulting in
incorrect refs being attached to a vuln leading to
a snowball effect with more and more vulns being
misidentified.
MSP-12183
2015-02-26 14:57:16 -06:00
500e4707ab
Use smb_error
2015-02-26 14:35:52 -06:00
c73ffea1b9
Do minor cleanup
2015-02-26 12:50:45 -06:00
8351920d1e
don't match based on URL refs
...
multiple vulns may be listed for
the same URL making matches based on
these refs entirely unreliable
MSP-12183
2015-02-26 11:40:15 -06:00
b1e6de2eeb
Add todo
2015-02-26 11:39:17 -06:00
26bfebf1bb
Add dummy wildcard handling
2015-02-26 11:39:05 -06:00
d0ab9206b9
Do minor cleanup
2015-02-26 10:58:36 -06:00
970f0c94b2
Create CREATE_ANDX constants
2015-02-26 10:44:07 -06:00
ab1bb0e50d
bugfixes to https://github.com/jvazquez-r7/metasploit-framework/tree/review_3074_clean_server
...
to provide consistent support for various exploits and OS SMB Commands.
Reintroduces smb_cmd_trans_query_path_info_network for use with the Struts2 JSP injection vulnerability.
Reintroduces smb_cmd_trans_query_file_info_basic for common use with rundll32.
Corrects some issues with filename formatting and pattern matching for file requests (can still be improved).
2015-02-26 16:10:34 +00:00
993c75ec77
Update Offset counts with constants
2015-02-25 16:25:16 -06:00
ee18cf592b
Calculate ParamCount and DataCount
2015-02-25 16:00:26 -06:00
df50aa0f06
Use constants for DataCount and DataCountTotal
2015-02-25 14:11:38 -06:00
f35e03b21b
Use constants
2015-02-25 13:44:56 -06:00
f21959a8a2
Add constants for session setup actions
2015-02-25 13:31:57 -06:00
e967cfbfb3
Create Access rights constants
2015-02-25 13:22:16 -06:00
1caffbea2d
Add constants for Negotiation Capabilities
2015-02-25 12:50:33 -06:00
50d50d5353
Define constants for SMB Flags
2015-02-25 12:28:25 -06:00
e5d9bb0a47
Update from master
2015-02-25 11:37:13 -06:00
ec9be4531b
Add SMB_CREATE_ANDX_RES_PKT template
2015-02-25 11:33:08 -06:00
50f8731980
Parse SMB_CMD_CREATE requests
2015-02-25 11:09:14 -06:00
0ad3473ebb
Implement case-insensitive datastore.delete
2015-02-24 20:47:00 -06:00
d10385cfed
Add template for SMB_TREE_CONN_ANDX_RES_PKT
2015-02-24 19:27:25 -06:00
1f1d95bb37
Delete one more extra comment
2015-02-24 18:27:39 -06:00
aeb7f05158
Delete extra comment
2015-02-24 18:27:21 -06:00
bb36899699
Do templates names consistent
2015-02-24 18:26:46 -06:00
744e338ddc
Do cleanup
2015-02-24 18:15:55 -06:00
ec53e27249
Do better handling of TRAN2_QUERY_FILE_INFORMATION requests
2015-02-24 17:20:41 -06:00
d29e9fc20b
Parse TRAN2_FIND_FIRST2 commands
2015-02-24 17:02:49 -06:00
231a2f3110
Fix handlers
2015-02-24 16:03:13 -06:00
e4a58a2ec5
import notes attached to vulns
...
add the ability to import notes that
are attached to vulns instead of hosts
MSP-12183
2015-02-24 13:36:57 -06:00
389bcbd343
refactor note import into sep method
...
we will now be importing notes from multiple
place within the XML document. the importing
of notes has been refactored into a seperate
method to be easily reused in this fashion
MSP-12183
2015-02-24 12:18:32 -06:00
2389185376
export notes associated to a vuln
...
in addition to ntoes asscoiated directly
to a host, the XML export will now
export notes that are tied to a vuln
MSP-12183
2015-02-24 12:17:44 -06:00
c5d36ec24d
remove unused handler methods
...
already defined in the base class
2015-02-24 11:23:08 -06:00
ca7aabe9bc
handle SMB_QUERY_FILE_NETWORK_OPEN_INFO
2015-02-24 11:13:18 -06:00
3bed2d5136
fix for properly stopping the reverse_http/https handler
...
The issue seems to be at the root of #4669 is that reverse_http
registers an HTTP service but never releases its reference to it. If
we stop it directly, there may be a session already connected to it that
we kill, so we can't do that. Instead, track if we got a connection or
not, and conditionally release our reference based on whether the
connection succeeded.
This should fix #4669
2015-02-24 11:06:50 -06:00
31d1ba7100
Simplify debug to inspect smb_cmd_trans_query_file_info_network
2015-02-24 10:54:45 -06:00
Meatballs
HD Moore
James Lee
sinn3r
OJ
Brent Cook
scriptjunkie
Samuel Huckins
William Vu
joev
jvazquez-r7
David Barksdale
David Maloney
Matthew Hall