e02d726213
Setting default values to the added options
2017-05-28 14:30:30 +05:30
b7620e13a3
remove special case check for invalid options
2017-05-27 00:53:14 -05:00
8caaba01f1
Add share enumeration methods to the SMB mixin
2017-05-26 17:01:18 -05:00
18a871d6a4
Delete the .so, add PID bruteforce option, cleanup
2017-05-25 16:03:14 -05:00
92a1a3ecf7
Adding for loop instead of while, removing 'counter'
2017-05-25 15:09:34 +05:30
0520d7cf76
First crack at Samba CVE-2017-7494
2017-05-24 19:42:04 -05:00
52363aec13
Add module for CVE-2017-8895, UAF in Backup Exec Windows agent
...
This module exploits a use-after-free vulnerability in the handling of
SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for
Windows. When SSL is re-established on a NDMP connection that previously
has had SSL established, the BIO struct for the connection's previous
SSL session is reused, even though it has previously been freed.
Successful exploitation will give remote code execution as the user of
the Backup Exec Remote Agent for Windows service, almost always
NT AUTHORITY\SYSTEM.
2017-05-24 00:18:20 +12:00
29d1022ae2
Fix the rake spec failures under ruby 2.4.
...
Ths typo3_spec is giving some errors under ruby 2.4+
and OpenSSL 1.1+.
2017-05-21 21:56:04 +02:00
a6f416e8df
Land #8290 , Hwbridge Automotive Fix and Extension Enhancements
2017-05-19 13:46:54 -05:00
22828fcc0f
Land #8406 , add compatibility shims for older Ruby versions
2017-05-18 21:50:45 -05:00
4def7ce6cc
Land #8327 , Simplify storing credentials
2017-05-18 16:49:01 -05:00
1af6c08356
Land #8409 , mark osx-app macho as executable
2017-05-18 09:28:01 -05:00
a68a1858a9
Fix #7703 , mark osx-app macho as executable
2017-05-18 18:24:35 +08:00
c59371dd5e
add ruby backports compat library
2017-05-17 23:41:20 -05:00
b78749bc1b
Land #8221 , move autoroute
2017-05-17 15:17:45 -05:00
58d65ce4b5
Land #8380 , check for command injection in smtp email addresses
...
aborts
2017-05-16 15:36:22 -05:00
416a5cdc3b
Land #8379 , payload opts check for RHOST warning
2017-05-14 22:21:58 -05:00
78148c7979
Prefer && instead of and
...
I think @zeroSteiner's been writing a lot of Python. :-)
2017-05-14 22:19:15 -05:00
e7be0af72e
update bad mail checks
2017-05-14 22:13:31 -05:00
cc72850847
Land #8369 , add PSH decompressor & decoder convenience methods
2017-05-14 21:28:02 -05:00
8ac5d2d377
tidy up a bit while we're in here
2017-05-14 21:27:38 -05:00
544ea6926c
trim leading and trailing whitespace in mail addresses
2017-05-14 11:22:46 -05:00
70bfdf17b2
Check payload options before showing RHOST warning
2017-05-13 14:46:07 -04:00
f39e378496
Land #8330 , fix ps_wmi_exec and psh staging
2017-05-13 14:26:47 -04:00
3cbeebe3af
Rename env_ variable to be more accurately named
2017-05-13 14:24:00 -04:00
3a1ed19a42
Making use of StagerRetryConnect
2017-05-13 17:49:53 +05:30
123462bdca
Land #8293 , add initial multi-platform railgun support
2017-05-11 22:32:23 -05:00
e414bdb876
don't try to guess intent for specified default targets, leave auto-auto targeting to unspecified modules
2017-05-11 15:19:11 -05:00
099fc0176a
move autoroute to a more sensible location
2017-05-10 23:01:02 -05:00
cf29a512d0
Upstream Msf namespace PSH decompressor & decoder
...
Present convenience interfaces in Msf::Exploit::Powershell ns for
decoding and decompressing PSH strings built with Rex::Powershell
or compatible implementations.
2017-05-10 22:44:56 -04:00
18d95b6625
Land #8346 , Templatize shims for external modules
2017-05-10 18:15:54 -05:00
42fd287038
remove debug
2017-05-10 13:04:12 -05:00
beea5e1a5c
use wfsdelay consistently
2017-05-08 15:34:09 -05:00
fede672a81
further revise templates
2017-05-08 14:26:24 -05:00
a2ce3743a2
move wait_status to a mixin
2017-05-08 12:23:27 -05:00
a1efa30fa2
comments adjustments & enum better
2017-05-08 11:57:06 -05:00
f213482659
small fixe
2017-05-08 11:52:37 -05:00
e2fe70d531
convert store_valid_credential to named params
2017-05-05 18:23:15 -05:00
2e880c9fdf
move module template to an ERB
2017-05-05 01:16:54 -05:00
3bc4ac68dc
merge all available keys for login storage
2017-05-04 22:51:48 -05:00
63b6ab5355
simplify valid credential storage
2017-05-04 22:51:40 -05:00
fee0fb5e90
Missed an LHOST option
...
making OptAddressLocal inherit from OptAddress
2017-05-04 12:57:50 -05:00
81bcf2ca70
updating all LHOST to use the new opt type
2017-05-04 12:57:50 -05:00
a6afd0b9bf
adding in a new option type
...
this will grab the first ipv4 address on a given iface
2017-05-04 12:55:46 -05:00
73be4f1c2e
Adding StagerRetryWait option in reverse_tcp_ssl
2017-05-04 14:51:40 +05:30
494711ee65
Land #8307 , Add lib for writing Python modules
2017-05-02 15:53:13 -05:00
ba9010730a
Minor cleanup
2017-05-02 15:52:21 -05:00
bf2abaeeaf
Make `help route` more informative
2017-05-02 11:07:08 -05:00
b7d6be05ee
split python loader from generic implementation
2017-05-01 16:10:12 -05:00
585fac0457
Fix nil bug when creating nonexistent encoder
...
Found by irthewinner on IRC.
2017-04-30 03:43:51 -05:00
f8fb03682a
Fix issue in ps_wmi_exec and powershell staging
...
The staging function in the post/windows/powershell class was broken
in a previous commit as the definition for env_variable was removed and
env_prefix alone is now used. This caused an error to be thrown when
attempting to stage the payload. This changes the reference from
env_variable to env_prefix.
Additionally, the ps_wmi_exec module created a powershell script to be
run that was intended to be used with the EncodedCommand command line
option; however the script itself was never actually encoded. This
change passes the compressed script to the encode_script function to
resolve that issue.
2017-04-28 03:31:56 -04:00
5450e96204
Land #8306 , fix #8305 , escape unadorned periods within SMTP payloads
2017-04-27 17:51:14 -05:00
cd73bd137a
Making use of while loop and solving StagerRetryWait issue
2017-04-27 11:50:13 +05:30
a57067c4a7
append metasploit lib to PYTHONPATH
2017-04-26 18:13:46 -05:00
037fdf854e
move common json-rpc bits to a library
2017-04-26 18:08:08 -05:00
353191992f
move mettle payloads to meterpreter, add reverse_http/s stageless
2017-04-26 17:06:34 -05:00
288cb6536d
fix #8305 , escape unadorned periods in the front of SMTP payloads
2017-04-26 16:05:46 -05:00
aeed81de29
Code cleanup from Rubocop output
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
c4a6cc1907
Array was being checked with even? and should be array.size.even?
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
3cc089bcef
Support loading platform specific railgun defs
2017-04-24 19:46:56 -04:00
bd2379784e
Improved error handling for the python reverse_tcp payload
...
Handling all kinds of errors
Removing 'e'
Updating payload cached sizes
Updating payload cached sizes 2.0
Adding option to set retry time
2017-04-23 20:43:57 +05:30
484a545629
Replace exe.rb double variable declare
2017-04-16 22:38:49 -05:00
a3fc6791ca
Land #8217 , don't log empty attributes if they are ignored
2017-04-13 22:08:23 -05:00
bb0a0b5cd9
apply empty attribute fix in more places, simplify and unify
2017-04-13 22:07:10 -05:00
bb64f5d7e3
Land #8230 , Sum the results of the module loaders
2017-04-12 11:51:03 -05:00
c21d78b23b
Land #8186 , Convert DNS Fuzzer to use bindata
2017-04-11 23:27:08 -05:00
2d8001aa62
Sum the results of the module loaders
...
Fixes #8229
2017-04-11 23:21:58 -05:00
3cf51b7d43
Remove external module debugging code
...
Causes EACCESS when run by separate users.
Fixes #8226
2017-04-11 09:29:02 -05:00
e0ecf0972e
dropping extra spaces
2017-04-10 15:19:36 -05:00
099cf87e54
Catching errors where we are passing invalid attributes
...
We need to pass :task down for some functionality in pro.
while the error is valid we really shouldnt be passing the task all the way down if its blank but we need
the check there or we will end up with the same problem with pro.
2017-04-10 15:05:53 -05:00
0189c40317
compromise
2017-04-09 15:03:05 -05:00
d9ba993d25
handle general failure getting module info for external modules
2017-04-09 11:50:03 -05:00
b1bd92d57c
Land #8197 , fix HttpTrace with chunked encoding
2017-04-07 11:52:50 -05:00
5a754a0333
Land #8157 - Fix missing dll_data var in parse_pe
2017-04-07 09:55:12 +10:00
3c260ea452
fix #7921 , HttpTrace and chunked encoding
2017-04-05 22:58:11 +02:00
9e89567ce5
Fix #8191 (msfvenom cannot create exe-service)
...
Fixes issue #8191 : Cannot create exe-service from msfvenom
2017-04-05 12:49:46 -04:00
bd21d2811b
Update client to use TLS1.2
2017-04-04 17:57:07 -05:00
ed0e539249
handle sending bindata structs
2017-04-04 03:03:27 -05:00
95c4dd8108
Prefer start_with? over =~
...
Oops, old habit.
2017-04-03 02:38:50 -05:00
7de2aa1a63
Update Nmap parser to handle masscan
...
masscan is missing <status>, meaning hosts aren't treated as alive.
Thanks to @jhart-r7 and @jlmurray for working on this previously.
2017-04-03 02:26:14 -05:00
4c0539d129
Land #8178 , Add support for non-Ruby modules
2017-04-02 21:02:37 -05:00
2de8f1b97d
Fixups for specs
2017-03-31 22:19:53 -05:00
a3e196e31e
Support arbitrary external command_stager exploits
...
So much done, so much more to do.
2017-03-31 17:06:28 -05:00
b5771b0f72
Get into the DANGER ZOOOOOOONE
2017-03-31 12:26:42 -05:00
1306065c91
Always run both loaders
...
How did I miss this? How did this work before??? I have a bad feeling
this may break pro.
2017-03-31 10:42:13 -05:00
bf9b0130d9
Clean up odd code
2017-03-28 11:19:30 -05:00
71df231918
Add new loader for arbitrary executables
...
Still some kluges left in the shim and we have to hit the disk when
constructing the module path
2017-03-28 10:27:12 -05:00
d47e59b04e
Fix missing dll_data var in parse_pe
...
Also clean up YARD.
2017-03-27 01:17:23 -05:00
31c03840bb
Style fixes for HWBridge RF and a couple small bug fixes
...
I should have tweaked these earlier, my bad.
2017-03-26 13:45:19 -05:00
29b30217d2
Land #8149 , Add -h for the check command
2017-03-24 15:47:59 -05:00
4e6cf58b22
Land #8143 , Fix variable typos in rfrecv related methods.
2017-03-24 15:38:52 -05:00
1c3c2ecdc6
Add -h for the check command
...
Because even I don't remember what it can do anymore.
2017-03-24 11:47:36 -05:00
92c0748447
Land #8102 , Add a plugin to notify new sessions via SMS
2017-03-24 11:17:59 -05:00
e04f01ed6b
Land #7778 , RCE on Netgear WNR2000v5
2017-03-23 15:34:16 -05:00
271fd589f2
Revert "Land #8135 , Report hosts always add ip to hostname if hostname is blank"
...
This reverts commit 5a1c7ca8afd10b3da6ec
2017-03-23 10:05:58 -05:00
c58e9acadd
Fix variable typos in rfrecv related methods.
2017-03-22 15:44:22 +02:00
60bc279eb3
removing extra whitespace
2017-03-21 10:40:59 -05:00
1221a20d0d
reversing the logic to check for .blank?
2017-03-21 10:35:19 -05:00
7ff7c707c9
setting host_name to address if host_name is blank.
2017-03-21 10:26:57 -05:00
f397624a69
Land #7935 , HWBridge RF transceiver extension
2017-03-21 06:12:32 -05:00
itsmeroy2012
Brent Cook
HD Moore
Matthew Daley
Renato Piccoli
Pearce Barry
James Lee
Jeffrey Martin
Tim
wchen-r7
William Vu
Spencer McIntyre
RageLtMan
Adam Cammack
darkbushido
Brandon Knight
Brent Cook
Craig Smith
nixawk
William Webb
OJ
Christian Mehlmauer
Elijah Frederickson
James Barnett
dmohanty-r7
Leon Jacobs