2cd0d3d90a
Rudamentary SOCKS5 functionality, CONNECT, IPv4, non-DNS only
2018-05-04 14:44:03 -05:00
aed4f067ba
Fix nil target_index in auto targeting
...
This exists on master when DefaultTarget < 0.
2018-05-03 21:59:24 -05:00
8881d32a45
Add target selection and tab completion by name
2018-05-03 21:03:05 -05:00
88f09dc302
Update a few stragglers in Drupalgeddon 2
...
1. I added a missed header and YARD to the Drupal mixin.
2. I decided to match discovered versions more liberally.
2018-05-03 18:35:25 -05:00
728d7bc065
Fix #9876 , second round of Drupalgeddon 2 updates
...
Thanks to a reviewer for noticing my drupal_unpatched? method was
tri-state because of an unrefactored return. Oops! :)
2018-05-03 17:38:32 -05:00
a5b9cc8cb8
Add Msf endpoint API doc
2018-05-03 17:16:04 -05:00
40c978e040
First pass at Vuln Attempt API doc
2018-05-03 16:59:30 -05:00
728850c61a
First pass at Session Event API doc
2018-05-03 16:00:56 -05:00
a11c7220b6
First pass at Event API doc
2018-05-03 14:20:23 -05:00
9338de15d3
Fix stack in payload/linux/x64/reverse_tcp
2018-05-03 15:34:00 +02:00
249db505c8
First pass at Credential API doc
...
Also get the workspace from the query string for credentials
2018-05-02 16:47:39 -05:00
6bc4e2d622
First pass for Nmap api doc
2018-05-02 15:44:07 -05:00
038fe03777
Merge branch 'master' into ms-2962
2018-05-02 15:31:57 -05:00
a7ec7b52b7
Fix error on data server due to unexpected report_exploit call
2018-05-02 14:59:02 -05:00
e3c913e104
First pass for Exploit API doc
...
Also fixed a few formatting issues in other docs
2018-05-02 14:47:17 -05:00
5e9bbb4bef
Merge branch 'master' into local_api_docs
2018-05-02 11:48:13 -05:00
e1827bb2c3
DbExport API doc first pass
2018-05-02 11:40:56 -05:00
fd8d30812e
Add swagger-ui to view formatted API docs
2018-05-02 10:27:56 -05:00
1456bbdaec
fix more whitespace issues
2018-05-01 05:23:26 -05:00
fcc38b75bf
style updates
2018-04-30 18:40:07 -05:00
28173222a8
Land #9881 , cleanup psexec code
2018-04-30 18:39:36 -05:00
1214f4d6c9
more optimizations
2018-04-30 18:25:25 -05:00
d5838e6411
First pass at sessions api doc
2018-04-30 16:17:27 -05:00
d89f403368
First pass for vuln api doc
2018-04-30 13:41:31 -05:00
cb8131ab22
Validate search cmd arguments
2018-04-30 00:02:03 -04:00
89d86b1f48
Remove code related to unused search cmd options
2018-04-29 23:16:30 -04:00
ca7b10af39
Add search cmd option to write CSV output file
2018-04-29 23:08:24 -04:00
89ab409a1a
remove unnecessary object allocation and regex
...
The regex can be removed with the default split method. The val object
can be removed by adding to the secs object directly on the result of
the case statement.
2018-04-27 23:10:28 -04:00
08d3074c79
Add blurb about potential windows issue
2018-04-27 16:38:10 -05:00
41307e62f8
remove puts
2018-04-27 15:50:21 -05:00
ee2ad8affe
move super call in merge! so that it returns the proper value
2018-04-27 14:21:57 -05:00
0a73a5007c
Removed duplicated online test
2018-04-27 09:37:17 -05:00
771e0df417
fix in method calls
2018-04-27 10:35:58 +05:30
25cf8d175a
report command execution o/p
2018-04-27 08:43:30 +05:30
5d32a3264d
Workspace API Doc first pass.
2018-04-26 17:55:39 -05:00
916b4b2261
Land #9936 , Narrow rescue scope to StandardError with database
2018-04-26 17:45:15 -05:00
5d43e0527f
Notes API doc first pass
2018-04-26 17:42:03 -05:00
0fd7ab6dd9
test
2018-04-26 16:52:48 -05:00
9c7db375bf
Fix broken tests after latest merge with master
2018-04-26 16:39:56 -05:00
516b61ebaa
Merged master
2018-04-26 16:02:56 -05:00
e97693d056
Cleanup
2018-04-26 16:01:15 -05:00
49baa2ce41
Initial pass for Services api doc
2018-04-26 14:38:16 -05:00
c79e39377e
Narrow rescue scope to StandardError
2018-04-26 14:55:41 -04:00
f46a3325fc
Add loot api docs
2018-04-26 11:24:05 -05:00
f5c35843a8
Move swagger docs to separate files
2018-04-26 11:08:11 -05:00
cc460e5b95
Finish documenting host endpoints
2018-04-26 10:39:27 -05:00
1aad9f0879
Revert NoteDataService to raise RuntimeError
2018-04-26 10:43:03 -04:00
dbdb35cf08
Land #9877 , Add kernel feature post API methods
2018-04-25 22:18:28 -05:00
fc83a130f8
Land #9885 , datastore fixes for stager retry code
2018-04-25 18:53:00 -05:00
31563a977c
use OO rather than duck typing for parameter copying
2018-04-25 18:41:14 -05:00
9bdba7e234
s/clone/ds/g
2018-04-25 18:35:45 -05:00
1ecd9b822e
fix whitespaces..
2018-04-26 03:05:53 +05:30
fa11657b8f
fix whitespaces
2018-04-26 02:58:27 +05:30
d59e997628
make some methods private
2018-04-26 02:55:21 +05:30
2487314821
Land #9869 , Add support for shellcode encryption for msfvenom
2018-04-25 15:51:05 -05:00
a5172e066d
Land #9926 , check remote data service before connecting
...
This PR adds a check prior to connecting to a remote data service
to verify it is online and returning expected data. This prevents
crashes that were occurring when unexpected responses were returned
2018-04-25 14:07:33 -05:00
071a191055
Merge master + workspace removal from http remote data service
2018-04-25 13:39:46 -05:00
df9df01f19
First pass on swagger/blocks documentation
2018-04-25 12:58:29 -05:00
73494593bf
updated
2018-04-25 20:19:53 +05:30
3eac989fb0
Land #9886 , ignore unused tags on host import
2018-04-25 03:41:55 -05:00
382a7f8aa3
Merge https://github.com/rapid7/metasploit-framework into psexec_cleanup
2018-04-25 09:09:48 +05:30
cbfdaf23a0
updated for requested changes
2018-04-25 08:56:54 +05:30
43edf46c43
Fix set data service for no database YAML case
2018-04-24 18:34:16 -04:00
359ef27834
Narrow rescue scope to StandardError
2018-04-24 17:19:54 -04:00
f66029d129
Validate remote data service instance
...
Adds simple data service instance validation when registering and
setting a data service.
2018-04-24 16:54:10 -04:00
01dd79173b
Add data proxy and service for online check
2018-04-24 15:11:16 -04:00
0d284197cb
Add MsfServlet to host endpoint for online check
2018-04-24 15:01:17 -04:00
e5513409db
Include :workspace in db_import opts
2018-04-24 13:53:55 -05:00
e7ac2cd155
move report_auth to psexec module
2018-04-24 23:00:55 +05:30
f43baa3ca9
fix exe and wbemexec dep
2018-04-24 22:07:34 +05:30
3353102dc1
fix opt dependencies
2018-04-24 21:55:09 +05:30
08c1cd5909
Land #9851 , add workaround require for non-powershell psexec
2018-04-24 08:22:58 -05:00
b3118193e8
add todo comment on require
2018-04-24 08:22:31 -05:00
30abdfe2fd
move copy up so it's clear what we call by default
2018-04-24 06:40:15 -05:00
7afefe07a6
aliases was not being copied, dup it
2018-04-24 06:32:54 -05:00
1d376c78e2
ensure copy exists on DataStore too
2018-04-24 06:32:38 -05:00
505810ffd6
introspect the RHS since it it is not guaranteed to be a Datastore
2018-04-24 06:15:05 -05:00
d34119548d
replace some @ with self.
2018-04-24 06:03:02 -05:00
a1027d56c9
Land #9912 , Fix type validation in the notes add operation
2018-04-23 16:58:13 -05:00
e7b8427b53
Land #9829 , add utility functions to Msf::Post::Linux::System
...
Merge branch 'landing-9829' into upstream-master
2018-04-23 16:46:13 +00:00
ec1294d3f6
Land #9858 , fix error handling in cmd_route
...
Land #9858
2018-04-23 08:46:38 -05:00
b20042abbd
Fix indent and add elog
2018-04-23 08:45:34 -05:00
d2831536ca
Fix type validation in the notes add operation
...
Make variable nil checks explicit for better style.
2018-04-23 01:46:46 -04:00
055f9ee88b
Remove get_listening_ports()
2018-04-22 16:15:33 -04:00
988063d377
Dont set default workspace if theres no DB
2018-04-21 10:26:17 -05:00
035a6a72f1
Fix undefined method error in get_listening_services
2018-04-21 11:10:01 -04:00
4c6ae0f644
Delete gcc version method
...
Also rename get_mount_path_of to get_mount_path
2018-04-21 10:24:27 -04:00
06de967b02
Pass NOP generator to exploit_simple
...
This also makes exploit_simple consistent with its documentation.
2018-04-20 18:27:53 -05:00
4aafa7b321
Land #9898 , Fix target NOP generator not passed to payload
2018-04-20 18:11:49 -05:00
d17cc757e7
Fix typo
2018-04-20 18:03:39 -05:00
fcf42c7626
Landing #9859 , add workspace remote datastore
...
Adds support for create, read, update and delete operations for the
workspace command and data model when using a remote data service.
2018-04-20 18:14:55 -04:00
1f5ece9c46
Fix target NOP generator not passed to payload
2018-04-20 17:12:55 -05:00
ea79c65b8e
Handle workspace delete if target does not exist
2018-04-20 11:33:35 -05:00
8d09f23b91
Fixes around workspace messaging
2018-04-20 11:25:24 -05:00
f4a949e649
Fix bug creating sessions when connected to remote data service
2018-04-19 16:19:39 -05:00
7e971721f0
Adjust messaging when renaming workspaces
2018-04-19 11:52:30 -05:00
31be847213
Add workspace when reporting vuln_attempt
2018-04-19 11:09:13 -05:00
33bde31eec
Fix target encoder not being passed to payload
...
Datastore functionality has been preserved as an override.
2018-04-19 02:25:18 -05:00
aa40ef1789
Grab session_dto workspace from host
2018-04-18 17:38:42 -05:00
348eb293d0
Handle case when renaming nonexistant workspace
2018-04-18 13:02:31 -05:00
81d00fa5b7
Fix edge cases in workspace update
2018-04-18 12:56:38 -05:00
3611a1dfe4
Update rex-text version
2018-04-18 10:40:11 -05:00
d4a2703ff1
Dont stop host parsing if id tag found
...
Also make clarify 'bl' variable name.
2018-04-18 10:12:12 -05:00
00d0beb188
use deep copy
2018-04-18 02:34:48 -10:00
09e86bfbd0
define merge and merge! on datastore to also merge aliases
2018-04-18 02:27:57 -10:00
c9fd5a7d2d
Add yama_installed?, yama_enabled? and selinux_enforcing?
2018-04-18 07:22:20 +00:00
a5588ec174
use same datastore retry option for x86 and x64 linux stagers
2018-04-17 15:57:54 -10:00
ff9c55207e
Move crypto methods to Rex::Crypto namespace
2018-04-17 20:12:26 -05:00
77558cd2d7
Remove unused code
2018-04-17 14:28:28 -05:00
3da48dbb10
Fix bug caused by last commit
2018-04-17 13:38:38 -04:00
7bfaae0919
Update system.rb
...
Fix get_listening_ports bug
2018-04-17 13:35:25 -04:00
82798424b2
Support getting a workspace via id
...
Also implements a helper method to sanitize sinatra injected
params since it was causing issues downstream. Updated each
use of sinatra params to use this helper method.
2018-04-17 12:35:22 -05:00
85b09a162a
Add some efficiency improvements
2018-04-17 12:09:46 -04:00
b569498250
Address more code review comments
2018-04-17 10:52:56 -05:00
a8a95a03a3
Implement remote workspace delete
2018-04-17 10:19:40 -05:00
d91ef7c9dc
Add strip to protected_* methods
2018-04-17 11:04:08 -04:00
f27490dc61
Address PR suggestions and add comments
2018-04-16 16:45:23 -05:00
68ad91763a
Merge branch 'rapid7/master' into MS-3062_workspaces
2018-04-16 15:33:59 -05:00
2ef451c349
Land #9873 , add notes functionality to remote datastore
...
This PR enables create, update, and delete functionality for the notes
command and data model when using a remote data service.
2018-04-16 15:03:27 -05:00
e283f109a7
Remove commented out code
2018-04-16 14:14:46 -04:00
74cb9c38b2
Change source for host address value in output
2018-04-16 14:09:19 -04:00
f3ee870d72
Remove selinux_enforcing? method
2018-04-16 12:16:00 +00:00
5bc24d048c
Remove kaslr_enabled? method
2018-04-16 11:51:15 +00:00
a1a4c636fb
strip
2018-04-16 10:22:41 +00:00
4de9f84dd4
fix no method error for Failure::Unknown
2018-04-16 13:51:32 +05:30
f0b9ea635a
cleanup psexec code
2018-04-16 09:04:36 +05:30
b5c8b2ed19
Add kaiser_enabled? and kaslr_enabled? methods
2018-04-15 06:53:00 +00:00
78daa283c7
Add new methods to Msf::Post::Linux::Kernel lib
2018-04-14 07:33:29 +00:00
47a324815d
Land #9872 , Fix JSONRPC fields in external modules
2018-04-13 15:00:26 -05:00
daf67999d6
Raise NotImplementedError in NoteDataService stubs
2018-04-13 12:07:35 -04:00
e65de2b56f
Conform to JSONRPC 2.0 spec in external modules
...
Responses to queries had a `response` field instead of the required
`result` field.
2018-04-12 16:55:27 -05:00
37479d8fd4
Modify notes search to handle serialized data
...
Initial Goliath notes search implementation attempted to use Arel and
decode base64 serialized data column, however, this was not without
issue. Updated implementation retrieves all records that match
conditions, thus data has been deserialized and then filters using
specified search term.
2018-04-12 17:37:16 -04:00
d2a683d2df
Add whitespace and update help
2018-04-12 15:39:04 -05:00
0b3f50ea80
show help when no arguments provided to `search`
2018-04-13 01:27:22 +05:30
4e49b99783
Add cmd notes option to sort by column number
2018-04-12 15:56:42 -04:00
f60bbdd831
Remove cmd notes make_sortable helper method
2018-04-12 10:51:03 -04:00
bf8c62f27c
change `if !` to `unless`
2018-04-12 09:54:57 -04:00
5923845f68
Merge branch 'post_linux_system_dev' of https://github.com/cbrnrd/metasploit-framework into post_linux_system_dev
2018-04-12 09:16:31 -04:00
5f725e09db
Make nosuid? and noexec? take a filepath as param
2018-04-12 09:15:44 -04:00
0abeb4fee6
Add new functions and fix return bugs attempt 2
2018-04-11 21:52:53 -04:00
892fb70fc6
Revert "Add new functions and fix return bugs"
...
This reverts commit 1e34a6d3c6
2018-04-11 21:46:34 -04:00
8c7f929636
Land #9865 , Update Meterpreter `ls`/`dir` help
2018-04-11 17:05:18 -05:00
087ae447c5
Remove cmd notes sort operation
2018-04-11 17:46:13 -04:00
86b6009999
Land #9860 , Fix DB init when database.yml is missing
...
This PR fixes a bug introduced with goliath that caused incorrect error messages
and other error messages when no database.yml was present. It also improves the
messaging around that use case and loads CommandDispatcher::Db correctly.
2018-04-11 16:13:40 -05:00
f1d426d257
Land #9833 , Remove broken feature detection
2018-04-11 15:02:53 -05:00
b9d71b7147
Renamed 'mask' to 'glob'
2018-04-11 14:50:27 -05:00
21467d7938
Update stdapi/fs help output to match searching/masking parameters
2018-04-11 14:19:33 -05:00
4e5e0f2c40
Merge branch 'master' of github.com:rapid7/metasploit-framework
2018-04-11 13:59:43 -05:00
6c6aa8db82
Print generated CmdStager with inspect, not join
...
I dun goofed. I knew I should have just printed it verbatim.
tl;dr I thought I had accounted for command compression. I was wrong.
This should also give us more information about what exactly is being
run and how many times.
2018-04-11 13:49:00 -05:00
19e76329dc
Add some checks in buffer.rb and fix option in msfvenom
2018-04-11 13:02:35 -05:00
3db19fe4f2
Fix DBManager::Service use of services method
...
services method was previously modified to use a hash as the parameter,
but each_service was passing a workspace. Make each_service method
consistent with other DBManager modules.
2018-04-11 11:43:12 -04:00
1e34a6d3c6
Add new functions and fix return bugs
2018-04-11 10:47:21 -04:00
e639fda53c
Fix DB initialization with no database YAML
2018-04-11 09:15:38 -04:00
57e243ac49
Read from /proc/mounts instead of the mount command
2018-04-10 23:20:00 -04:00
bc07ba3769
load only at use to break require loop
2018-04-10 21:05:41 -05:00
13edf66fa3
Fix options
2018-04-10 18:57:02 -05:00
41a21def80
Land #9857 , Restore services search semantics
2018-04-10 17:25:48 -05:00
cd48b47760
Fix failing tests.
...
-Was accidentally deleting opts[:workspace] instead of processing
-Update notes help text expectations
2018-04-10 17:10:32 -05:00
e51f41fa34
Merge remote-tracking branch 'msf_jbarnett/fix_services_bugs' into MS-3062_workspaces
2018-04-10 13:35:33 -05:00
f1240b0454
resolves #9855
2018-04-10 22:20:27 +05:30
b630d5c327
Add encryption support for shellcode
2018-04-10 11:14:14 -05:00
462db05f4c
Re-enable port search functionality
2018-04-10 11:10:32 -05:00
4495eea1ca
Land #9836 , Force #! for external modules
2018-04-10 11:08:15 -05:00
81ec33b0e4
Refactor script path check into base module loader
2018-04-10 11:07:21 -05:00
48c0bbfa7a
Only display the services for a given workspace
2018-04-10 10:28:02 -05:00
07b3b576f5
Fix parsing in get_cpu_info
2018-04-10 06:03:16 -04:00
1276960d88
Fix typo in raise call
2018-04-10 05:54:35 -04:00
0a79c5a15b
Add docs to nosuid?
2018-04-10 05:53:19 -04:00
6e6bc9bc6b
Add noexec and nosuid
...
Also fix some regex bugs
2018-04-10 05:51:57 -04:00
c525bc3c0a
Land #9848 , handle 'check' command on modules that do not implement it
2018-04-09 22:27:21 -05:00
2ea875d304
Fix issue preventing psexec against non-powershell targets
2018-04-09 22:01:49 -05:00
90542779ff
Audit models to ensure :workspace is passed only when needed
2018-04-09 14:50:37 -05:00
e17a788ab5
Remove stray dlog filling framework.log
2018-04-09 13:58:10 -05:00
924a336287
Fix unsupported check_simple method for modules
2018-04-09 13:43:22 -05:00
7b85edfde5
Land #9822 , Fix backgrounded aggressive exploits
2018-04-09 09:36:12 -05:00
a473dd04a8
Land #9813 , Add etcd library and version scanner
2018-04-08 07:05:31 -04:00
07c9be5130
Land #9812 , Add Msf::Post::Linux::Kernel lib
2018-04-08 00:40:03 -05:00
6c8ea2d883
also be sure to load executable modules if they don't have #!
2018-04-07 21:15:51 -05:00
28ebe9d102
sanity check that external modules start with #! before executing
2018-04-07 16:31:34 -05:00
6fb6570f99
delete old feature detection code from exploit base
...
This deletes some old code that apparently has been broken and somewhat unused for many years.
The 'derived_implementor?' method for modules relies on the debug output from Ruby in order to tell of a class implements a method, but the regex it used didn't work properly with any modern Ruby version until 2.5.x. This caused a random sleep to get inserted into certain payload staging operations, which actively breaks staging in certain scenarios (I'm not trying to address that here).
This also removes some ancient module feature detection code, which also is entirely unused today.
2018-04-07 12:47:42 -05:00
04d5e8a765
Switch text processing to ruby
...
Also add pidof() and command_exists?()
2018-04-06 23:31:11 -04:00
c303859c11
Fix #9827
2018-04-06 11:06:52 -05:00
c97eb42eba
Finish up additions and add doc
2018-04-06 12:04:35 -04:00
1cc16a55a8
Add other linux kernel post helpers
2018-04-06 08:28:53 -07:00
ba88118d7a
Update kernel_modules method to return Array
2018-04-06 15:02:43 +00:00
a85f118bf2
Begin adding functions to Msf::Post::Linux::System
2018-04-05 21:32:58 -04:00
7cc82a14b6
Update exploit driver with correct method
2018-04-05 18:56:19 -05:00
17ed88b766
Fix backgrounded aggressive exploits
...
Any exploit that includes an aggressive stance is aggressive, regardless
of whether or not it has passive components.
This fix should prevent known-aggressive exploits from backgrounding.
2018-04-05 18:34:36 -05:00
fe224f628b
Remove update_host_via_sysinfo since it is unused
2018-04-05 14:20:25 -05:00
499b0a857f
Add kernel_modules method
2018-04-05 05:25:36 +00:00
852bc3d237
Dont inject :workspace into every HTTP request.
2018-04-04 16:30:25 -05:00
6a02712674
Merge remote-tracking branch 'mkienow/MS-3061-remote-notes-read-update-delete' into MS-3062_workspaces
2018-04-04 16:03:43 -05:00
bc81cfad1f
Fix error handling when trying to delete non-existent workspace
2018-04-04 11:40:21 -07:00
63aabc00f1
etcd rubocop style
2018-04-04 11:01:38 -07:00
a6c31aceb2
Refactor common etc capabilities; add separate version scanner
2018-04-04 10:48:27 -07:00
6d92c319f8
Add Msf::Post::Linux::Kernel lib
2018-04-04 17:13:49 +00:00
d9039d43ef
Land #9734 , Remove unwanted 'pop RAX' from windows/x64/reverse_(win)http
2018-04-03 14:23:41 -05:00
2ee7b1ec5c
Fix native 'readline' (msfconsole -L) support for Ruby 2.5 onward
2018-04-03 08:00:08 -05:00
bd3c00dfd0
Land #9726 , add simple Rex::Tar wrapper for consistency with other archive types
2018-04-02 23:35:22 -05:00
226ef160ff
Land #9748 , Convert the smbloris DoS into an external module
...
Help reliability and performance. This some Ruby-specific external module
tooling as a result as well.
2018-04-02 23:25:10 -05:00
Aaron Soto
William Vu
James Barnett
Pierre Lestringant
christopher lee
Brent Cook
Jeffrey Martin
Matthew Kienow
Kent Gruber
Auxilus
Brendan Coles
Wei Chen
Carter Brainerd
Adam Cammack
scriptjunkie
h00die
Jon Hart
bwatters-r7