Commit Graph

11727 Commits (925cc3b56fe7855edf6af79d535211b39fb24ec3)

Author SHA1 Message Date
James Lee 05d8f9d186
Make sure addr is not nil
See http://ruby-doc.org/stdlib-2.2.2/libdoc/socket/rdoc/Socket/Ifaddr.html#method-i-addr
Which says:
    Returns the address of *ifaddr*. nil is returned if address is not
    available in *ifaddr*.

I ran into this with a teql interface, but who knows what else might
trigger it.
2016-01-04 15:58:03 -06:00
Chris Doughty 44ece87480 Merge branch 'master' into framework-as-a-gem 2016-01-04 09:04:32 -06:00
joev 00f1511b46 Use the right op for the data checksum. 2016-01-03 01:48:25 -06:00
joev 00dc6364b5 Add support for native target in addjsif exploit. 2016-01-03 01:07:36 -06:00
joev 849857a418 Fix spacing issues in message.rb. 2016-01-02 22:57:26 -06:00
joev 6668dbec41 Remove stray binding.pry. 2016-01-02 22:50:06 -06:00
joev dcd36b74db Last mile polish and tweaks. 2016-01-02 22:41:38 -06:00
joev 6575f4fe4a Use the cmdstager mixin. 2016-01-02 14:09:56 -06:00
joev 9c85c5d4fe Add newline. 2016-01-02 01:17:28 -06:00
joev a88471dc8d Add ADB client and module for obtaining shell. 2016-01-02 01:13:53 -06:00
nixawk 370351ca88 chinese caidao asp/aspx/php backdoor bruteforce 2015-12-31 15:17:01 +08:00
Brent Cook bcd1a6d45e make JSON key format a little more standard, emit options 2015-12-30 16:00:09 -06:00
Chris Doughty 2a0ae144df Fixup rubocop warnings for cleanup purposes 2015-12-30 14:33:02 -06:00
Chris Doughty bb857e7a33 Add new line after json output for cleaner usability 2015-12-30 14:32:31 -06:00
Chris Doughty 8090bbc750 Changes to support framework as a gem 2015-12-30 11:00:45 -06:00
Chris Doughty 3f98511d7c Cleanup logic to force an output type 2015-12-29 15:11:16 -06:00
Chris Doughty 29ea553e03 Adding a json formatting option to the info command 2015-12-29 13:57:35 -06:00
Brent Cook e23b5c5435
Land #6179, add NTP initial crypto nak spoofing module 2015-12-24 15:46:18 -06:00
Brent Cook eec6a6f905
Land #6304, simplify Meterpreter livelness checks 2015-12-24 15:42:17 -06:00
Jon Hart beb2fa9f92
Use bind_addresses rather than bind_address; fixes #6394 2015-12-24 09:20:21 -08:00
Jon Hart efdb6a8885
Land #6392, @wchen-r7's 'def peer' cleanup, fixing #6362 2015-12-24 08:53:32 -08:00
Brent Cook 9c410e02e3 Merge branch 'master' into land-6111-android 2015-12-24 10:13:25 -06:00
Tim 5d0e868fd6 facebook.orca fixes 2015-12-24 12:21:08 +00:00
Tim 69b65e7d39 fix error handling 2015-12-24 09:13:56 +00:00
Brent Cook 17ad41070b
Land #6380, allow linux x86 meterpreter in the pref list 2015-12-23 16:10:26 -06:00
Brent Cook e4f9594646
Land #6331, ensure generic payloads raise correct exceptions on failure 2015-12-23 15:43:12 -06:00
wchen-r7 cea3bc27b9 Fix #6362, avoid overriding def peer repeatedly
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
wchen-r7 a16a10aaf6 Fix #6371, being able to report an exception in #job_run_proc
Fix #6371

When a browser fails to bind (probably due to an invalid port or
server IP), the module actually fails to report this exception from
exception, the method calls exploit.handle_exception(e). But since
handle_exception is not a valid method for that object, it is unable
to do so, and as a result the module fails to properly terminate
the module, or show any error on the console. For the user, this will
make it look like the module has started, the payload listener is up,
but there is no exploit job.

Rex::BindFailed actually isn't the only error that could be raised
by #job_run_proc. As far as I can tell registering the same resource
again could, too. With this patch, the user should be able to see this
error too.

Since the exploit object does not have access to the methods in
Msf::Simple::Exploit, plus there is no other code using
handle_exception and setup_fail_detail_from_exception, I decided
to move these to lib/msf/core/exploit.rb so they are actually
callable.
2015-12-22 16:35:29 -06:00
Brent Cook 84675e352b
Land #6249, check for nil when using read_exactly_n_bytes 2015-12-22 15:48:39 -06:00
Brent Cook 3f4c6eb370
Land #5383, allow tunneling reverse_tcp meterpreter sessions without 'route add' 2015-12-22 15:42:42 -06:00
Christian Mehlmauer f6eaff5d96
use the new and shiny joomla mixin 2015-12-22 21:36:42 +01:00
Tim d2a9aa18d8 fix sillyness 2015-12-22 16:06:01 +00:00
Tim eeea4bde9d integrate ./msfvenom -x for android payloads 2015-12-22 15:58:27 +00:00
Tim 662a6dfd53 ¯\_(ツ)_/¯ 2015-12-22 14:49:00 +00:00
Tim d2cc32a389 integrate apk_backdoor with msfvenom 2015-12-22 14:49:00 +00:00
wchen-r7 fa390358a2 Add linux/x86/meterpreter/reverse_tcp to the preference list
linux/x86/meterpreter/reverse_tcp was not added to the preference
list, because at the time it was reliable. For example: it would
crash while running a post module. This is not the case anymore,
so it looks like linux/x86/meterpreter/reverse_tcp is ready to
serve.
2015-12-21 23:09:54 -06:00
wchen-r7 2cc54a7a43 Make joomla.xml go first
Reason is here:
https://github.com/rapid7/metasploit-framework/pull/6373#issuecomment-166446092
2015-12-21 22:59:13 -06:00
wchen-r7 17b67b8f1b Add trailing / 2015-12-19 17:18:34 -06:00
wchen-r7 5ff02956c9 Lower joomla.xml 2015-12-19 13:46:13 -06:00
wchen-r7 0fda963601 Have multiple paths to find the generator tag 2015-12-19 13:45:41 -06:00
wchen-r7 6dada5f20f add another we can check
administrator/manifests/files/joomla.xml
2015-12-19 12:06:06 -06:00
wchen-r7 7d8ecf2341 Add Joomla mixin 2015-12-18 21:14:04 -06:00
Jon Hart b78f7b4d55
Land #6319, @all3g's module for abusing redis to achieve file uploads 2015-12-14 18:00:44 -08:00
Jon Hart 6611da9239
strip, not stripgit diff. strip! returns nil if the string was unmodified 2015-12-11 19:22:57 -08:00
Jon Hart dcdc21e2db
Correct unbalanced quotes
You down with OCD (Yeah you know me).
2015-12-11 18:44:14 -08:00
Jon Hart e23908d672
Improve verbose output related to authentication handling 2015-12-11 18:32:00 -08:00
Jon Hart 1a0f71b6fa
Try to catch case where post-auth commands are failing 2015-12-11 17:23:03 -08:00
Jon Hart 9cec3d9e6b
Move redis password option to non-advanced 2015-12-11 17:03:49 -08:00
Jon Hart 1fecd9846c
Bury some helper methods behind private 2015-12-11 10:13:13 -08:00
Jon Hart 9ef46140c0
Improve output when success 2015-12-11 10:10:44 -08:00
Jon Hart 32a64c3d8e
Make auth easier, work automatically and on older redis versions
Also, improve check
2015-12-11 10:04:47 -08:00
Jon Hart ac47c87af4
Move Password option to redis mixin 2015-12-11 08:53:11 -08:00
Jon Hart 38d0b0a0f2
Wire in @all3g's redis auth code 2015-12-11 08:42:59 -08:00
Luke Imhoff 4858ae63bd Thread class name for debugger has changed, so add new name
MSP-13484
2015-12-10 21:47:22 -06:00
Jon Hart 555e52e416
Document the redis upload process more 2015-12-10 09:35:46 -08:00
Jon Hart 00f72b279b
Cleaner printing when in verbose 2015-12-10 09:12:54 -08:00
Jon Hart 21ab4e96e5
First pass at redis mixin 2015-12-10 08:29:59 -08:00
wchen-r7 07ef09e0b6 Avoid Msf::Module::Platform
We don't know how to generate an exe payload if the platform is
Msf::Module::Platform, so don't use it.
2015-12-08 21:40:30 -06:00
wchen-r7 9e52663705 Doc
Fix #6330
2015-12-08 21:24:39 -06:00
wchen-r7 11c1eb6c78 Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
2015-12-08 21:13:23 -06:00
wchen-r7 5b27d3a99c This looks right 2015-12-08 20:42:35 -06:00
wchen-r7 cea8c40432 Fix generate_payload_exe for generic payload support
Platform can be seen from different sources:

1. From the opts argument. For example: When you are using
   generate_payload_exe, and you want to set a specific platform.
   This is the most explicit. So we check first.

2. From the metadata of a payload module. Normally, a payload module
   should include the platform information, with the exception of
   some generic payloads. For example: generic/shell_reverse_tcp.
   This is the most trusted source.

3. From the exploit module's target.

4. From the exploit module's metadata.

Architecture shares the same load order.
2015-12-08 20:26:07 -06:00
Jon Hart 39da306b1d
Land #6057, @danilbaz's module for dumping Bitlocker master key (FVEK) 2015-12-08 18:16:39 -08:00
wchen-r7 080ec26afb
Land #4489, Update SMB admin modules to use Scanner & fixes 2015-12-08 14:49:26 -06:00
OJ c747ffc05a Implement support for TLV packet XORing, and RECV removal 2015-12-08 16:37:10 +10:00
wchen-r7 ef217c4b6d
Land #6315, Support migrating to processes by process name 2015-12-07 23:53:06 -06:00
William Vu db788d1b7c
Land #6238, CmdStager BOURNE_{PATH,FILE} options 2015-12-07 12:34:42 -06:00
Jon Hart 06836d9b8a
Better handling of invalid process name/IDs 2015-12-04 14:25:57 -08:00
wchen-r7 14b1b3a1f0
Land #6299, Stageless HTTP(S) Python Meterpreter 2015-12-04 16:16:54 -06:00
Jon Hart 3ecac615a2
Support migrating to processes by process name
Fixes #6313
2015-12-04 13:33:01 -08:00
jvazquez-r7 340fe5640f
Land #6255, @wchen-r7's module for Atlassian HipChat JIRA plugin 2015-12-03 20:01:06 -06:00
Louis Sato 0bcac5e73b
Use concat instead of assignment on java proxy classes encoding
* fixes bug in java serialization encoding proxy class
2015-12-03 17:31:13 -06:00
William Vu aa9969c81a Add more normalization to temporary directory 2015-12-03 11:37:02 -06:00
James Lee 762fdbed40
Simplify meterpreter liveness check 2015-12-03 09:16:18 -06:00
James Lee 6fa2269764
PacketResponseWaiter - improve yardoc coverage 2015-12-03 09:16:17 -06:00
Sonny Gonzalez d7aeabbb71
Land #6293, listener bind_port fix 2015-12-02 13:16:23 -06:00
jvazquez-r7 58cf9f4fcd
Land #6301 for sure, @busterb's REALLY wants to delete go_pro :) 2015-12-02 09:38:40 -06:00
jvazquez-r7 545e8a2ea0
Land #6301, @busterb removes the go_pro command 2015-12-02 09:28:08 -06:00
Rory McNamara 98b3919e94 Remove .bin from default behaviour 2015-12-02 09:58:11 +00:00
Rory McNamara 15dd18dc4b use single quotes, remove explicit nil 2015-12-02 09:36:07 +00:00
William Vu 6d3c4868a3
Land #6286, bind port display in jobs 2015-12-02 02:21:14 -06:00
William Vu 098c573f82
Land #6291, DisablePayloadHandler Boolean fix
Nice call with Regexp#===, @wchen-r7. :)
2015-12-02 02:17:59 -06:00
Brent Cook fbeaeb2877 remove more unneeded machinery for go_pro 2015-12-01 22:32:50 -06:00
Brent Cook 6ab2919c40 remove go_pro command 2015-12-01 15:29:21 -06:00
Spencer McIntyre 388edd3207 Fix the scheme for the pymet ProxyHandler 2015-11-30 13:45:24 -05:00
Spencer McIntyre fba9715a56 Add stageless python meterpreter http & https payloads 2015-11-28 17:41:55 -05:00
BAZIN-HSC 070a156925 -Recovrey +Recovery 2015-11-27 13:58:19 +01:00
Jon Cave 0c8eb6fb37 Display ReverseListenerBindPort if it is set
ReverseListenerBindPort overrides LPORT if it is used. The `listener_uri`
method should use the output `bind_port` to account for this.
2015-11-27 09:16:20 +00:00
wchen-r7 c888726a1a Fix #6287, check DisablePayloadHandler value in exploit.rb
It looks active_module datastore options are always strings. They
are actually different than what the module uses (normalized), so
we have to always have to check it.
2015-11-26 18:30:31 -06:00
Brent Cook e5119e6446 use payload_uri's result to derive lhost / lport 2015-11-26 15:21:51 -06:00
Brent Cook 216119c05c unfold override lhost/lport logic 2015-11-26 15:15:21 -06:00
Spencer McIntyre 1b495e73ac Further reduce python reverse_http duplicate code 2015-11-26 14:31:00 -05:00
Spencer McIntyre bd25ffa48c Consolidate py reverse http uri code into a mixin 2015-11-26 13:32:50 -05:00
Brent Cook f4d35116bd
land #6288, fix regression using non-default port with reverse_http 2015-11-26 11:04:24 -06:00
Brent Cook eb57163db6
Land #6285, excellent new sound plugin scheme 2015-11-26 10:41:02 -06:00
Jon Cave d9655fc882 Use LPORT if opts[:lport] is undefined
`nil.to_i` returns 0 which will short circuit the || resulting in port 0
being used. nil should be checked for prior to casting to int.
2015-11-26 16:08:22 +00:00
OJ 87507e19a9 Change job view to show bind port if applicable 2015-11-26 16:18:00 +10:00
wchen-r7 776455d10a Add another sound and event
Add sound: "We've got a shell"
Add event on_session_fail
2015-11-25 22:46:51 -06:00
Brent Cook a7a89adfac
Land #6264, meterpreter per-extension init string support, update payloads to 1.0.17
This brings in the following changes:
	Changes to support maven 3.3+
	Don't fall back to 0.0.0.0
	Remove all debug builds from the Windows projects
	Add show_mount, ps_list, and some core tweaks
	Refactor TLV layout, add more debug output, token stealing
	Add incognito binding, code tidies
	Update packaged libs
	Add transport list binding
	Add transport add command to python binding
	Update python core lib archive
	change source perms back to non-executable
	First pass of stageless initialisation script
	Finalise stageless initialisation scripts
	add BOOT_COMPLETED receiver that starts the Payload
	Improve the implementation of the getuid command
	Switch to Utils.runCommand per timwr's suggestion
	Updated init script method

also bumps msgpack 0.7.1, which fixes a failure packing messages > 256k
2015-11-25 22:27:27 -06:00
Kyle Gray 8923252de7
Land #6259, NoMethodError in vim_soap.rb fix
We haven't been able to get the XML data that would cause the error, all we have is a backtrace. So "verification" is purely code reading. Thanks @wchen-r7

Fixes #6085

Merge remote-tracking branch 'origin/pr/6259'
2015-11-24 17:33:35 -06:00
wchen-r7 b1abfe898d Update wordpress_xmlrpc_login
Replace the wordpress_xmlrpc_login code with
wordpress_xmlrpc_massive_bruteforce.rb, which should run a lot
faster.
2015-11-24 16:30:34 -06:00
James Lee bd9ebeea53
Land #5851, meterpreter dispatcher queue 2015-11-24 15:32:15 -06:00
Brent Cook 7ad8adf67f
Land #6240, change default SMBDomain to '.' 2015-11-24 12:58:46 -06:00
Louis Sato 5303079ba4
Land #6262, local exploit add not implemented error 2015-11-23 14:23:13 -06:00
Brent Cook 5654b6b2e2 Land #6227, reverse_hop_http updates and HTTPS unification 2015-11-23 06:29:15 -06:00
Brent Cook 25f2241aa3
Land #6246, show the user errors from create_session 2015-11-23 06:01:08 -06:00
HD Moore 353cad2cc6 Update to match active & github account merge 2015-11-22 13:38:26 -06:00
HD Moore b9e176cd77 Fix up cell result parsing 2015-11-21 11:15:00 -06:00
Jon Cave c03ff13377 Don't wait if the response has already been set
Fixes a race condition which could leave the waiter sitting indefinitely
if notify() is called before wait().
2015-11-21 14:21:42 +00:00
Jon Cave 12b24fecee Return true/false if a waiter was/wasn't notified
The method is used as follows:

  if notify_response_waiter(response)
    # Proceed as if a waiter was notified
  end

Previously the return value would be `nil` whenever the loop broke early
due to a waiter being found. This meant that the dispatcher thread often
believed that a packet was not being handled. As a result the
backlog == incomplete sleep kicked in unnecessarily.
2015-11-21 14:20:51 +00:00
Jon Cave 6509696eb1 Switch back to Mutex/CV for response waiters
Makes use of the wait() method's timeout parameter instead of using the
Timeout class.
2015-11-21 14:20:51 +00:00
Jon Cave 640a302b78 Switch to a Queue for the dispatcher's packet queue
The select() based sleep can be replaced by a blocking pop(). The thread
will be suspended until data is pushed onto the queue.
2015-11-21 14:20:51 +00:00
wchen-r7 b636aeb303 rm print_warning 2015-11-20 19:38:33 -06:00
Jon Hart 07767cd803
Fix #6265 2015-11-20 15:17:15 -08:00
HD Moore 99a74fd4d2 Merge branch 'master' into feature/interval-collect-geo 2015-11-20 14:06:22 -06:00
BAZIN-HSC 5592e4e4ea seek_relative suppression (use seek instead) 2015-11-20 18:30:51 +01:00
BAZIN-HSC f49d6905a6 Fix comments by @jhart-r7 2015-11-20 18:30:50 +01:00
BAZIN-HSC c8847182d7 Add module to dump Bitlocker master key (FVEK) 2015-11-20 18:30:48 +01:00
wchen-r7 d405f31c35 Add a NotImplementedError if run is used to run a local exploit
Running a local exploit like a post is not currently supported,
we should at least raise a warning or something, and not just
let it backtrace and confuse the user.
2015-11-19 14:31:31 -06:00
wchen-r7 d6921fa133 Add Atlassian HipChat for Jira Plugin Velocity Template Injection
CVE-2015-5603

Also fixes a bug in response.rb (Fix #6254)
2015-11-18 11:34:25 -06:00
Jon Hart 089a006408
Land #6248 2015-11-17 14:28:55 -08:00
wchen-r7 f6fdabfd77
Land #6239, added Session info display to module output
MS-706
2015-11-16 18:10:58 -06:00
Dev Mohanty ce62984e52 Fix #6079, Check nil when using read_exactly_n_bytes 2015-11-16 18:06:49 -06:00
wchen-r7 038d367d58 Fix #6247, Update Meterpreter Usage on "Interact"
The "interact" command does not actually exist. Instead, users
should do "channel -i" to interact with a channel.

Fix #6247
2015-11-16 17:58:39 -06:00
wchen-r7 a78fa7c3d9 Fix #4273, print error in create_session
Fix #4273
2015-11-16 17:17:20 -06:00
William Vu 24c41c9261
Land #6225, wall(1)/write(1) post module 2015-11-16 12:47:35 -06:00
David Maloney 708cbe9479
change the default SMBDomain to .
Due to a recent change using WORKGROUP
as the SMBDomain causes Trust errors.
Using '.' instead works fine.
2015-11-16 12:20:27 -06:00
David Maloney a1ab8f1dc7
added Session info display to module output
output from the mssql_local_auth_bypass module
is now prefixed with the Session id and address
of the target host so it is explicitly clear
where it is performing each action

MS-706
2015-11-16 12:13:26 -06:00
PsychoMario 2b99969f9a quote paths to allow spaces 2015-11-15 00:14:30 +00:00
PsychoMario e3f25fd6e2 Add support for specifying path, file in bourne dropper 2015-11-14 18:31:11 +00:00
scriptjunkie 06a5b5b0bd
Land #6234, Host header transport 2015-11-14 11:35:47 -06:00
Jon Hart 4a707b33a2
Add rspec coverage for cowsay. Achievement unlocked 2015-11-13 10:26:47 -08:00
Jon Hart 4604f8cd83
Move cowsay to Rex::Text so that everyone can enjoy it ;) 2015-11-13 08:57:48 -08:00
sammbertram cd4aa28d11 Transport priority changes
Pass in the "lhost" and "lport" options to the default transport during the native payload. This takes the following LHOST priorities:
1. OverrideLHOST, only if OverrideRequestHost is TRUE
2. The request Host: header.
3. The LHOST datastore.
2015-11-13 13:21:46 +00:00
sammbertram 9d9865150b Transport priority changes
Default transport request should set the priority to the Host: request header, and the subsequent OverrideRequestHost, OverrideLHOST, and OverrideLPORT options in the handler for reverse_http(s).
2015-11-13 13:19:01 +00:00
wchen-r7 0e121df69d Need a default template
The set_template_default actually needs the second argument,
otherwise we hit a RuntimeError.
2015-11-12 15:17:03 -06:00
wchen-r7 aaea730508 Fix #6213 - Method to_linux_x86_elf fails to set set :template
:template by default is just the base name of the file, not the
fullname. Before we use it, we need to normalize it. Methods
in this class rely on set_template_default for normalization (
which can also handle a custom path), so we'll just use that too.

Fix #6213
2015-11-12 15:07:58 -06:00
scriptjunkie 8703987535 Add HTTPS and new transport support for hop 2015-11-11 21:25:23 -06:00
Brent Cook a2fe2fbd5e
Land #6214, #6060, simplify framework gem layout and version scheme
This merges things up and removes duplicate gemspecs so we can easily make
framework gem releases for embedding in 3rd-party projects.
2015-11-11 15:04:21 -06:00
OJ 0afc5be3bc Finalise set up of stageless init 2015-11-10 20:01:23 +10:00
OJ a28ab216d3 Adding stageless init script support 2015-11-10 19:18:47 +10:00
Jon Hart 15eb135295
Resolve merge conflicts 2015-11-09 18:15:40 -08:00
Chris Doughty f8a215e3cd Adding changes to allow for easier version bumping 2015-11-09 15:56:03 -06:00
jvazquez-r7 ceaf7440a7 Send full message 2015-11-06 12:15:17 -06:00
jvazquez-r7 19652e79c3 Delete comments 2015-11-06 12:15:07 -06:00
jvazquez-r7 ca1502c00a Fix SMTP send_message to not block 2015-11-06 12:14:59 -06:00
dmohanty-r7 a71d7ae2ae
Land #6089, @jvazquez-r7 Fix HTTP mixins namespaces 2015-11-05 16:56:41 -06:00
James Lee 596b2b025d
Land #6173, improve advanced, info, and options 2015-11-04 13:40:49 -06:00
James Lee 4d8ea7fb5c
Refactor more common stuff out of reverse handlers 2015-11-03 23:21:47 -06:00
Spencer McIntyre 1fbc4da36c Fix tab completion for set StageEncoder 2015-11-03 17:32:41 -05:00
jvazquez-r7 00d09744fb
Land #6118, @wchen-r7's new methods for Rex HTTP response 2015-11-03 10:42:42 -06:00
James Lee 7c2f9531d9
Don't stack trace if listener is on a dead session 2015-11-03 08:31:33 -06:00
HD Moore 07b34e8906 Missing types and parsing, more work left to go 2015-11-03 00:23:29 -06:00
William Vu 9b5149fc64
Land #6147, report_vuln for CheckCode::Vulnerable 2015-11-02 17:24:06 -06:00
James Lee 2e837b26e8
Use a Queue instead of Array 2015-11-02 16:02:45 -06:00
Jon Hart ced20ba51c
Refactor NTP symmetric packet creation; add vuln detection to NAK to the future 2015-11-02 12:46:58 -08:00
Jon Hart a4c260f7be
Simplify docs 2015-11-02 09:51:40 -08:00
Jon Hart 0dc6f6605b
Remove errant options print 2015-11-02 09:48:48 -08:00
void-in f629f98fdc Resolve 6174, require meterpreter_options 2015-10-31 18:47:22 +05:00
Brent Cook 7f19d95ad8
Land #6146, add show_mount command (initially for windows meterpreter sessions) 2015-10-30 17:37:30 -05:00
Brent Cook cb403b8a36
Land #6077, initial python meterpreter module support 2015-10-30 17:29:05 -05:00
Brent Cook be23da1c1f Merge branch 'upstream-master' into land-6120-python-stageless 2015-10-30 17:26:26 -05:00
Brent Cook cddbcc52ab
Land #6171, update to metasploit 4.11.5 2015-10-30 17:09:57 -05:00
Jon Hart c54f034f62
Correct help feature 2015-10-30 12:34:34 -07:00
Jon Hart 377017a2d5 Include module name in advanced options output 2015-10-30 11:54:44 -07:00
Jon Hart 0091a05fa6 Add 'advanced' and 'options' commands to mirror 'info' 2015-10-30 11:54:40 -07:00
Jon Hart 6bfa6095c6 Add 'show info'; just calls 'info' 2015-10-30 11:54:35 -07:00
William Vu f8a39ecc21
Land #6145, better RPC exception handling 2015-10-30 13:25:52 -05:00
wchen-r7 977b3449b7 Fix #6085, NoMethodError in vim_soap.rb
Fix #6085
2015-10-30 11:02:02 -05:00
Samuel Huckins f064fec0f1
Bumped version to 4.11.5
MSP-13377
2015-10-30 09:37:00 -05:00
James Lee 344e8a6f90
Refactor common reverse options 2015-10-29 15:15:20 -05:00
James Lee 46159f5dbe
Back out the Comm stuff for HTTP 2015-10-29 14:22:34 -05:00
wchen-r7 4e20b8f369 Fix #5875, Add report_vuln for Msf::Exploit::CheckCode::Vulnerable
Msf::Exploit::CheckCode::Vulnerable requires the module to be
explicit, as in actually triggering the bug and get a vulnerable
response, therefore it should be appropriate to use report_vuln
to report it.

Other vuln check codes (such as Appears, or Detected, etc) will
not call report_vuln, because it's not explicit enough.
2015-10-29 13:22:59 -05:00
OJ c5643e52ff Add support for the show_mount command (windows) 2015-10-29 07:28:33 +10:00
Louis Sato 657a5481dc
fix rpc session conditional to allow powershell read/write 2015-10-28 11:49:32 -05:00
wchen-r7 1805774b16 Resolve #6020, Better RPC exception handling
Resolve #6020. Avoid trying to rescue RuntimeError.
2015-10-28 11:16:44 -05:00
Jon Hart f2b6d37630 Add WIP module for Cisco Talos' NTP 'NAK to the future' 2015-10-27 18:10:07 -07:00
bigendian smalls 43dbdcea76
Removed process_autoruns from mainframe_shell
Removed process_autoruns until we can write a fully compatible one or
fully regression test the existing.  Likely the former because of
encoding issues
2015-10-26 14:55:40 -05:00
William Vu bbc1e43149 Remove raise, since it broke things
Need to pass through silently.
2015-10-26 14:45:21 -05:00
William Vu 43eae0b97f Clean up Msf::Sessions::MainframeShell 2015-10-26 12:15:45 -05:00
bigendian smalls d53be873dc Updating master to metasploit/master 2015-10-26 09:24:24 -05:00
James Lee 71b8c97f0e
Always print PAYLOAD and LPORT in 'jobs' 2015-10-24 14:48:03 -05:00
wchen-r7 f6b9f38326 This method is not needed because Nokogiri does that already 2015-10-23 19:38:17 -05:00
wchen-r7 f2b4737e4a
Land #6127, Fix #3859 Add support for registry_key_exist? 2015-10-23 10:59:57 -05:00
wchen-r7 b76192dbcb
Land #6099, make_nops doesn't take into account all the compatible encoders 2015-10-22 21:26:25 -05:00
HD Moore 4bc2437e0b Temporary hack to test 2015-10-22 20:00:47 -05:00
jvazquez-r7 d5a010c230
Add support for registry_key_exist? 2015-10-22 16:07:38 -05:00
Spencer McIntyre 810665847b Add stageless python meterpreter to the payloads spec 2015-10-22 08:40:50 -04:00
Spencer McIntyre 8bb694fa5c Add stageless Python Meterpreter for reverse tcp 2015-10-21 18:23:04 -04:00
wchen-r7 065d042ec4 Update doc a little bit 2015-10-21 16:29:27 -05:00
wchen-r7 12cdd786a6 Add more Nokogiri and RKelly support for Rex::Proto::Http::Response
These new methods allow the module writer to being able to parse
HTML/XML/JSON responses properly without using regex first.
2015-10-21 16:26:31 -05:00
HD Moore ba14d6e77f Add support for the TBD interval geo collection on Android 2015-10-20 15:39:51 -05:00
Brent Cook 4b271425c9 s/datstore/datastore/g 2015-10-20 13:05:49 -05:00
HD Moore 6748ccbb82 This method was moved to Rex::Ui::Text::Output 2015-10-19 10:43:38 -05:00
HD Moore d7b8767afc Fix #6105 by moving ``puts`` into the base class 2015-10-19 10:42:46 -05:00
jvazquez-r7 28ca34c40a
Fix conflicts 2015-10-16 15:38:59 -05:00
James Lee d51f0ebd4c
Refactor "via" string into a method 2015-10-16 15:08:00 -05:00
jvazquez-r7 d85412b0fb
Complete fix for generation of nop sleds 2015-10-16 14:01:00 -05:00
jvazquez-r7 b788772215
break only if 'make_nops' is able generate the nop sled 2015-10-16 13:28:37 -05:00
Brent Cook 28685f0e55
Land #6090, improve display of framework version in msfconsole 2015-10-16 12:09:00 -05:00