The -S flag for console commands, backed by search functionality
in Rex' tables, originally pushed upstream in #1604 (iirc), lacks
coverage for a number of commands which benefit a good deal from
inline filtering of the potentially large number of results.
Push more -S flags and surrounding table functionality upstream
to provide coverage for the console commands included in framework.
Include a fix for deleting hosts when DB references are a problem.
Include a fix for the upstream route command wherein scope must be
defined for the routing target by assuming a /32 without explicit
definition.
Note:
With this in place, console behavior when filtering results is
roughly analagous to the R7 filtering in web UI, which should help
those of us trying to use both maintain corresponding workflows.
Testing:
Used in-house for years, though changes to the diff from upstream
and our fork (expunging some internal code) are untested, so would
appreciate eyes and hands on.
I made the mistake of using str.decode() which isn't a thing in python3
(works fine in 2). So this commit fixes it so that the GUID string
itself is generated directly as a byte string, so that the call to
decode() isn't needed at all.
Mettle can run in all sorts of environments where some colums of a
process table will be nil. The existing implementation compacts
rows going into the table while providing filtering for the colum
contents only by checking the output of the first row in the proc
table.
Check column filters against all rows to ensure proper table init.
Check columns going into table for match against header.
Do not compact nil values in the table rows - some things, like
kthreads/workers dont have a path while other PIDs will.
This is an emergency fix as a result of something being broken in
master. This is also being pushed straight to master because github is
down and the PR process isn't possible. This commit was reviewed by
@wvu-r7 prior to being pushed.
The Session GUID will identify active sessions, and is the beginning of
work that will allow for tracking of sessions that have come back alive
after failing or switching transports.
this moves the following methods into common
arg_host_range ( used in creds and db )
arg_port_range ( used in creds and db )
set_rhosts_from_addrs ( used in creds and db )
show_options ( used in jobs and modules )
The aim of this commit is to allow users of Meterpreter in high-latency
environments have better control over the behaviour of the download
function. This code contains two new options that manage the block size
of the downloads and the ability to set "adaptive" which means that the
block size will adjust on the fly of things continue to fail.
This module exploits a use-after-free vulnerability in the handling of
SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for
Windows. When SSL is re-established on a NDMP connection that previously
has had SSL established, the BIO struct for the connection's previous
SSL session is reused, even though it has previously been freed.
Successful exploitation will give remote code execution as the user of
the Backup Exec Remote Agent for Windows service, almost always
NT AUTHORITY\SYSTEM.
Present convenience interfaces in Msf::Exploit::Powershell ns for
decoding and decompressing PSH strings built with Rex::Powershell
or compatible implementations.
Pearce Barry
Spencer McIntyre
OJ
RageLtMan
Metasploit
SecureAB
Brent Cook
TheNaterz
Jeffrey Martin
David Maloney
William Vu
Tim
bwatters-r7
darkbushido
itsmeroy2012
tkmru
HD Moore
Matthew Daley
Renato Piccoli
James Lee
wchen-r7
Adam Cammack