Brent Cook
1762fe56c9
Land #8589 , Fix 64-bit support for the winpmem extension
2017-06-23 19:27:31 -05:00
Brent Cook
c3090a4f9c
Land #8601 , make session logging more useful, don't lose characters
2017-06-23 17:36:01 -05:00
William Webb
9eeb3dc143
use typical command option and TLV scheme instead of dumb stuff for keyscan_start
2017-06-23 13:11:12 -05:00
Dirkjan Mollema
24379f907e
Fixed timestamped logger cutting off last character ( fixes #8597 )
2017-06-23 13:19:16 +02:00
OJ
a3607c6802
Update to Mimikatz 2.1.1 20170608 to include changntlm
2017-06-23 13:40:01 +10:00
James Lee
283f36f79a
Compare headers w/process keys instead of themselves
...
Also clarifies a bunch of old bad variable names
2017-06-22 21:43:11 -05:00
Brent Cook
2617ae7609
Land #8513 , check extapi commands for dependencies
2017-06-22 20:21:26 -05:00
Brent Cook
fda2e8c73d
Land #8523 , Add support for session GUIDs
2017-06-22 20:10:10 -05:00
Brent Cook
0eaffde4b3
fix rex arguments parser to handle adjacent flags, update accordingly
2017-06-22 09:54:03 -05:00
William Webb
47a659f554
Land #8185 , Convert ntp modules to bindata
2017-06-22 09:37:58 -05:00
Brent Cook
eb4c4c911b
Land #8587 , Add android wakelock command to turn the screen on
2017-06-21 14:48:20 -05:00
Spencer McIntyre
717f9aad12
Add more OSX Railgun defs and better CDECL support
2017-06-21 08:59:42 -04:00
OJ
a9e03c1efd
Initial working version of AES encryption of TLVs
2017-06-21 21:01:59 +10:00
Brent Cook
d81d0ea4ba
print a friendlier status msg
2017-06-21 03:09:42 -05:00
Brent Cook
b9904572f9
update winpmem dump handler for 64-bit support
2017-06-21 03:02:50 -05:00
OJ
2129959d2d
Begin rework of packet handling
...
This moves some of the packet-specific stuff to the packet class itself
2017-06-20 19:18:37 +10:00
Spencer McIntyre
f7c133cdf7
Add OSX support to railgun
2017-06-19 11:11:55 -04:00
OJ
cec87a3e4f
Start of support for AES packet encryption
2017-06-19 22:27:51 +10:00
OJ
a48f0fcec6
Remove references to Meterpreter CRYPTO TLVs
...
This feature wasn't supported, and so the TLVs are no longer needed.
2017-06-19 16:53:33 +10:00
RageLtMan
32fbad7fca
Style changes for cmd_ps cleanup
2017-06-14 01:28:21 -04:00
RageLtMan
762427b447
Clean up cmd_ps table output for Mettle
...
Mettle can run in all sorts of environments where some colums of a
process table will be nil. The existing implementation compacts
rows going into the table while providing filtering for the colum
contents only by checking the output of the first row in the proc
table.
Check column filters against all rows to ensure proper table init.
Check columns going into table for match against header.
Do not compact nil values in the table rows - some things, like
kthreads/workers dont have a path while other PIDs will.
2017-06-12 01:20:59 -04:00
OJ
c4288fb35a
Update branch to include chances from upstream/master
2017-06-09 17:18:57 +10:00
OJ
6131e4bd82
Fix download lambda function to take correct param count
...
This is an emergency fix as a result of something being broken in
master. This is also being pushed straight to master because github is
down and the PR process isn't possible. This commit was reviewed by
@wvu-r7 prior to being pushed.
2017-06-07 09:37:24 +10:00
OJ
37b9cd07a2
Add support for the session GUID in the UI
...
The Session GUID will identify active sessions, and is the beginning of
work that will allow for tracking of sessions that have come back alive
after failing or switching transports.
2017-06-06 17:15:57 +10:00
Tim
871c30c0b3
refactor stdapi and lanattacks to use filter_commands
2017-06-06 14:05:07 +08:00
Tim
e9c9c852ab
check_commands -> filter_commands
2017-06-06 13:56:38 +08:00
Tim
7625d36c1c
fix #8199 , check extapi for dependencies
2017-06-05 14:56:59 +08:00
OJ
cc0ff8f3db
Enable adaptive download with variable block sizes
...
The aim of this commit is to allow users of Meterpreter in high-latency
environments have better control over the behaviour of the download
function. This code contains two new options that manage the block size
of the downloads and the ability to set "adaptive" which means that the
block size will adjust on the fly of things continue to fail.
2017-06-02 17:16:58 +10:00
Brent Cook
a01a2ead1a
Land #8467 , Samba CVE-2017-7494 Improvements
2017-05-30 00:15:03 -05:00
Brent Cook
11b3fd9067
Land #8468 , Update system info after running getsystem
2017-05-26 23:37:00 -05:00
TheNaterz
53cbbbacd8
getsystem update session info
2017-05-26 17:28:11 -06:00
HD Moore
e8b5cc3397
Avoid a stacktrace by verifying that the share is known
2017-05-26 17:01:44 -05:00
Tim
a9e6df6f15
fix shell command on osx meterpreter
2017-05-26 15:55:14 +08:00
OJ
86aad6b7c3
Fix proxy_type references to handle nil case
2017-05-22 21:47:37 +10:00
Pearce Barry
a6f416e8df
Land #8290 , Hwbridge Automotive Fix and Extension Enhancements
2017-05-19 13:46:54 -05:00
Pearce Barry
d0b13544dd
Agreed-upon feedback updates.
2017-05-17 10:57:39 -05:00
James Lee
e3f4cc0dfd
Land #8345 , WordPress PHPMailer Exim injection
...
CVE-2016-10033
2017-05-16 15:07:21 -05:00
Brent Cook
123462bdca
Land #8293 , add initial multi-platform railgun support
2017-05-11 22:32:23 -05:00
William Vu
ee55516e06
Allow lowercase HTTP in command strings
2017-05-10 15:17:20 -05:00
William Vu
3a45c2f321
Allow complete override of Host header
2017-05-10 15:17:20 -05:00
William Vu
e026a8c663
Fix typo (s/Remote/Reverse/) in portfwd -L
...
Found by ThePortWhisperer on IRC.
2017-04-29 00:10:13 -05:00
William Vu
7a6a124272
Land #8279 , POSIX Meterpreter replaced by Mettle
2017-04-26 18:32:17 -05:00
Brent Cook
43ac2c339e
Land #8291 , Acunetix XML import improvements
2017-04-26 17:38:52 -05:00
Brent Cook
353191992f
move mettle payloads to meterpreter, add reverse_http/s stageless
2017-04-26 17:06:34 -05:00
Pearce Barry
c4f1130619
Acunetix XML import improvements.
...
This patch updates the MSF db_import functionality w.r.t. importing Acunetix XML files to do the following:
- import web vulnerabilities identified by Acunetix
- import all services for each scanned host
- does not pull in the specifc program/version name of each service, as that's pretty loosely formatted in the Acunetix XML
2017-04-26 12:16:20 -05:00
Spencer McIntyre
3347af24ba
Add some basic libc definitions for railgun
2017-04-25 15:12:39 -04:00
Spencer McIntyre
9c60c3ee46
Support platform specific railgun constants
2017-04-25 14:36:15 -04:00
Brent Cook
6f763a616d
Land #8225 , Expose the shared wifi profile dumping feature in Mimikatz
2017-04-25 11:23:34 -05:00
Craig Smith
aeed81de29
Code cleanup from Rubocop output
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
Craig Smith
c2296dcd1b
Addes 'isotpsend' command to interactive commands to send ISO-TP related queries
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
Craig Smith
36026ba8b4
Fixed active buses not being recorded. The 'connect' command now works for other extensions as well as modules. Added TesterPresent background packet transmissions to hold debugging sessions open.
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
Craig Smith
2012ebf38f
Fixed bug with a duplicate ID in hash for errors
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
Craig Smith
406051a3ff
Added more session management to hwbridge. Commands 'sessions' and 'background' added.
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
Craig Smith
5537348e28
Addes Statistics support from the API. When typing status in a hardware bridge it will also print packet statistics.
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
Spencer McIntyre
daf8833174
Refactor a bunch of windows_name references
2017-04-24 19:54:00 -04:00
Spencer McIntyre
3cc089bcef
Support loading platform specific railgun defs
2017-04-24 19:46:56 -04:00
Spencer McIntyre
d3a759d631
Make changes for initial linux railgun support
2017-04-24 17:11:27 -04:00
Brent Cook
7b936b0012
Land #8184 , convert IPMI protocol and modules to bindata
2017-04-17 07:40:15 -05:00
Brent Cook
67047cf770
Revert "Fixes MS-1716, keep sessions in progress alive."
...
This reverts commit e5d0370a94
.
2017-04-16 15:52:22 -05:00
Brent Cook
7950087804
Merge branch 'upstream-master' into land-8237-
2017-04-14 21:53:26 -05:00
William Webb
cbebc5dc39
really remove errant keyscan_extract() call
2017-04-14 15:21:11 -05:00
William Webb
303a767ccc
bring ukl branch up to date with upstream
2017-04-12 21:59:13 -05:00
OJ
271da4b4a5
Add new shared wifi profile dumping from kiwi
2017-04-11 22:01:52 +10:00
OJ
6983b0f857
Update the kiwi extension to show correct version number
2017-04-11 20:23:56 +10:00
Christian Mehlmauer
3c260ea452
fix #7921 , HttpTrace and chunked encoding
2017-04-05 22:58:11 +02:00
Brent Cook
5f88971ca9
convert NTP modules to bindata
2017-04-04 02:57:38 -05:00
Brent Cook
46c7e822c8
convert IPMI protocol and modules to bindata
2017-04-04 02:44:17 -05:00
William Vu
94a0b4b06c
Stop special-casing masscan
2017-04-04 00:33:13 -05:00
William Vu
7de2aa1a63
Update Nmap parser to handle masscan
...
masscan is missing <status>, meaning hosts aren't treated as alive.
Thanks to @jhart-r7 and @jlmurray for working on this previously.
2017-04-03 02:26:14 -05:00
Tim
a65936452f
Add android wakelock command to turn the screen on
2017-03-28 16:24:11 +08:00
Pearce Barry
31c03840bb
Style fixes for HWBridge RF and a couple small bug fixes
...
I should have tweaked these earlier, my bad.
2017-03-26 13:45:19 -05:00
Pearce Barry
4e6cf58b22
Land #8143 , Fix variable typos in rfrecv related methods.
2017-03-24 15:38:52 -05:00
dmohanty-r7
92c0748447
Land #8102 , Add a plugin to notify new sessions via SMS
2017-03-24 11:17:59 -05:00
Leon Jacobs
c58e9acadd
Fix variable typos in rfrecv related methods.
2017-03-22 15:44:22 +02:00
Tim
ef53e6a593
fix execute and kill cmd usage/help
2017-03-22 16:29:47 +08:00
William Vu
686f30e118
Land #8117 , p{grep,kill} for Meterpreter <3
2017-03-21 16:37:34 -05:00
Pearce Barry
7477e44d30
Use urlsafe Base64 en/decode calls.
2017-03-20 17:37:16 -05:00
Pearce Barry
c4279a837a
Minor formatting/spelling/verbiage changes.
2017-03-20 17:37:12 -05:00
Craig Smith
2fde287424
Initial patch for rftransceiver (RfCat / YardstickOne)
2017-03-20 17:36:16 -05:00
Pearce Barry
321988c282
Replace errant '.' with ','
2017-03-20 16:36:13 -05:00
Pearce Barry
2acd941b16
Merge branch 'master' into dtc_fix
2017-03-20 14:10:01 -05:00
Craig Smith
0be6b8c905
Fixes #8022
...
Adds detection for ELM327 chips reporting CAN ERROR when vehicle is off.
Addes some enhanced UDS Error codes.
Cleaned up reporting from getvinfo if the vehicle is off or not connected.
2017-03-20 13:49:39 -05:00
Pearce Barry
06ebb22a8f
Land #8065 , Zigbee Hardware Bridge Extension
2017-03-20 10:44:15 -05:00
William Vu
f9ecefe465
Land #8031 , nil fixes for HWBridge
2017-03-19 22:37:28 -05:00
Brent Cook
dd6e75986d
add -l and -f flag simulation for pgrep, XXX rex handles flag opts poorly
2017-03-16 23:48:39 -05:00
Brent Cook
70bbacf7ed
kill processes in reverse, allow children before parents more likely
2017-03-16 23:48:04 -05:00
Pearce Barry
095a110e65
Code and doc tweaks (minor).
...
Only one behavior change in the scan loop of zstumbler.rb to, when doing a scan across all the channels, keep it from retrying channel 11 again one last time just before it exits.
2017-03-16 21:43:36 -05:00
bwatters-r7
ab75794cd4
Land #8071 , Add API to send an MMS message to mobile devices
2017-03-16 11:57:34 -05:00
Brent Cook
85f7d73d4d
add pgrep as well
2017-03-16 04:14:45 -05:00
Brent Cook
c9a85f58c0
add pkill command, rework to share filtering logic with ps
2017-03-16 03:57:49 -05:00
Brent Cook
a1be63e449
fix warnings in rex argument parser
2017-03-16 03:57:49 -05:00
bwatters-r7
91a4657c36
Bumped the metasploit-payloads version and cache sizes with PR#8043
2017-03-15 19:02:21 -05:00
Spencer McIntyre
befc5e05e5
Fix more kernel32 railgun definitions using DWORD
2017-03-14 18:42:52 -04:00
Spencer McIntyre
d759c603b2
Fix more kernel32 railgun definitions using DWORD
...
Some railgun definitions for the kernel32 module define DWORD for the
functions return type when it should be HANDLE. This causes errors on
64-bit systems when the return value is truncated.
2017-03-14 16:58:22 -04:00
wchen-r7
bb4d6e17c8
Resolve #8026 , Add a plugin to notify new sessions via SMS
...
This plugin will notify you of a new session via SMS.
It also changes the SMS text format to MIME.
Resolve #8026
2017-03-13 16:13:59 -05:00
wchen-r7
702d1c2b7e
Fix bug for subject
2017-03-08 11:43:36 -06:00
wchen-r7
ed22902fd4
Support the subject field
2017-03-08 11:40:08 -06:00
Craig Smith
f60dae0917
Lots of syntax fixups from rubocop
2017-03-08 09:21:33 -08:00
wchen-r7
036a443a41
Add Google Fi gateway
2017-03-07 17:02:32 -06:00
wchen-r7
dc36bc4a0d
Add rspec
2017-03-07 16:49:42 -06:00
wchen-r7
dc13b84189
Bring mms branch up to date w/ master
2017-03-07 16:13:39 -06:00
wchen-r7
d32f08f969
Add doc and fix mms message class
2017-03-07 14:40:37 -06:00
wchen-r7
fae05f2e98
And API to send an MMS message to mobile devices
...
This API allows you to send a malicious attachment to mobile
devices.
2017-03-07 12:34:45 -06:00
Craig Smith
97ad8be7ff
Added some Zigbee Documentation
2017-03-06 22:42:15 -08:00
Craig Smith
60cd04bc7b
Added module for zstumbler
2017-03-06 16:10:14 -08:00
wchen-r7
a466dc44c6
Do exception handling for sms client
2017-03-06 10:54:08 -06:00
wchen-r7
4d44911d5c
Do doc for google fi
2017-03-03 11:38:47 -06:00
wchen-r7
d9b21b16a9
Support Google Project Fi gateway
2017-03-03 11:36:13 -06:00
wchen-r7
2edb116855
Send texts individually
...
If we pass all the phone numbers at once in one email, it becomes
a group chat, and that allows the recipients to see each other's
number, which isn't the intended behavior.
2017-03-03 11:12:59 -06:00
wchen-r7
c61f8ded78
Comment out Sprint
...
It looks like the Sprint gateways won't accept our email for
some reason, so we can't use it.
2017-03-03 11:09:04 -06:00
wchen-r7
6ad8afb8b3
Add API to send a text message (SMS) to mobile devices
2017-03-02 16:47:55 -06:00
Spencer McIntyre
2d51801b01
Use native_arch for railfun multi and test it
2017-03-01 13:07:04 -05:00
Craig Smith
d4e5cb7993
Fixes #8022
...
Adds detection for ELM327 chips reporting CAN ERROR when vehicle is off.
Addes some enhanced UDS Error codes.
Cleaned up reporting from getvinfo if the vehicle is off or not connected.
2017-02-27 21:09:57 -08:00
Craig Smith
dcb42a3e69
Initial zigbee support using killerbee. Core session setup portion
2017-02-27 17:29:54 -08:00
Spencer McIntyre
0ebd51d224
Use native_arch for railgun sizes
2017-02-26 14:42:55 -05:00
Spencer McIntyre
3b2e5e0785
Add a new core_native_arch method for meterpreter
2017-02-26 14:22:24 -05:00
William Webb
076848e904
Land #7993 , Keep sessions in progress alive
2017-02-24 16:57:47 -06:00
Pearce Barry
e5d0370a94
Fixes MS-1716, keep sessions in progress alive.
2017-02-24 12:56:05 -06:00
bwatters-r7
4f839299f1
Land #7978 , Add a test module for railgun API calls
2017-02-21 17:15:49 -06:00
William Webb
2a20d24c29
Land #7966 , Fix 'rm' to handle multiple files
2017-02-21 13:32:19 -06:00
Spencer McIntyre
7d1fadb84f
Add a test module for railgun api calls
2017-02-18 17:37:49 -05:00
Brent Cook
566bafe65d
Land #7962 , Uploading files without specifying the destination closes a Meterpreter session.
2017-02-17 17:04:22 -06:00
Brent Cook
5207cb6c3a
Land #7914 , send the correct exception on channel open failure
2017-02-17 17:00:30 -06:00
Brent Cook
807a27e73d
clarify error handling when a channel cannot be opened
2017-02-17 16:59:09 -06:00
Rich Whitcroft
5bd38af8d6
fix rm to handle multiple files
2017-02-15 19:22:39 -05:00
Rich Whitcroft
24a4211bb9
fix upload when dest not specified
2017-02-14 22:08:49 -05:00
Brent Cook
b741c8b2f7
fix typo in failure path, pointed out by rw-
2017-02-13 21:16:48 -06:00
Brent Cook
74e029f3b1
Land #7932 , Fix CVE-2017-5229
2017-02-07 19:22:36 -06:00
Brent Cook
522c6dce8e
Land #7931 , Fix CVE-2017-5231 and respect user's dest
2017-02-07 19:22:17 -06:00
Brent Cook
68a5d300fe
minor style issues
2017-02-07 18:35:35 -06:00
Brent Cook
b370dd0654
Fix CVE-2017-5229 - extapi Clipboard.parse_dump() Directory Traversal
2017-02-07 18:24:06 -06:00
Justin Steven
56cf6b129d
Fix CVE-2017-5228
2017-02-07 23:44:23 +10:00
Justin Steven
cb74d3b05b
Fix CVE-2017-5231 and respect user's dest
2017-02-07 23:41:59 +10:00
Artem
9db2cdb33a
Fix close session
...
Fix close session if remote file is permission deined
2017-02-05 02:00:05 +03:00
Pearce Barry
23c2787d57
Land #7795 , Hardware Bridge API.
...
Initial bridge API that supports the HW rest protocol.
2017-02-02 08:47:59 -06:00
Pearce Barry
16de745437
Minor code cleanups/corrections.
2017-02-01 16:12:45 -06:00
Craig Smith
2ff4e6f57e
Fixed defaults for elm327 realy.
...
Array2Hex in the automotive extension how supports passing an array or integers or string hexes
Added some extra error handling for UDS calls to non-supported pids
2017-01-25 11:30:29 -08:00
OJ
a3cf400566
Re-set the TLV names for migration stuff
2017-01-24 07:36:56 +10:00
Jeffrey Martin
2c8cd80a2b
revert change to TLV_TYPE_MIGRATE_LEN in #7856
2017-01-23 09:23:32 -06:00
Jeffrey Martin
677d070179
make tlv enum of migrate length consistent
2017-01-23 09:19:53 -06:00
Craig Smith
198d6e00ff
Fixed bug in array2hex that did not convert hex values to integers before formatting
2017-01-22 17:50:33 -08:00
Brent Cook
f61314d2d6
Land #7856 , Fix incorrect translations in TLV inspection code
2017-01-22 11:08:05 -06:00
Brent Cook
836da6177f
Cipher::Cipher is deprecated
2017-01-22 10:20:03 -06:00
Brent Cook
f69b4a330e
handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations
2017-01-22 10:20:03 -06:00
Brent Cook
441222c2b5
Merge remote-tracking branch 'upstream/master' into land-7787-
2017-01-22 09:44:11 -06:00
William Vu
e0094897a1
Add CSV and vCard support to dump_contacts
2017-01-20 19:18:50 -06:00
OJ
7e50ce09c0
Fix TLV inspect issue
2017-01-21 09:17:20 +10:00
Brent Cook
5b2e76b981
Land #7794 , Fix #7793 , incorrect command name in android meterpreter extension
2017-01-11 12:38:36 -06:00
wchen-r7
18347a8de7
Land #7774 , Fix pivoting of UDP sockets in scanners
2017-01-10 13:57:28 -06:00
Craig Smith
5f07bca775
Hardware Bridge API. Initial bridge API that supports the HW rest protocol specified here:
...
http://opengarages.org/hwbridge Supports an automotive extension with UDS calls for mdoule
development.
2017-01-06 19:51:41 -08:00