Commit Graph

4260 Commits (970fe2956e2be78606ed9b7c508364917686e506)

Author SHA1 Message Date
Brent Cook 1762fe56c9
Land #8589, Fix 64-bit support for the winpmem extension 2017-06-23 19:27:31 -05:00
Brent Cook c3090a4f9c
Land #8601, make session logging more useful, don't lose characters 2017-06-23 17:36:01 -05:00
William Webb 9eeb3dc143
use typical command option and TLV scheme instead of dumb stuff for keyscan_start 2017-06-23 13:11:12 -05:00
Dirkjan Mollema 24379f907e Fixed timestamped logger cutting off last character (fixes #8597) 2017-06-23 13:19:16 +02:00
OJ a3607c6802
Update to Mimikatz 2.1.1 20170608 to include changntlm 2017-06-23 13:40:01 +10:00
James Lee 283f36f79a
Compare headers w/process keys instead of themselves
Also clarifies a bunch of old bad variable names
2017-06-22 21:43:11 -05:00
Brent Cook 2617ae7609
Land #8513, check extapi commands for dependencies 2017-06-22 20:21:26 -05:00
Brent Cook fda2e8c73d
Land #8523, Add support for session GUIDs 2017-06-22 20:10:10 -05:00
Brent Cook 0eaffde4b3 fix rex arguments parser to handle adjacent flags, update accordingly 2017-06-22 09:54:03 -05:00
William Webb 47a659f554
Land #8185, Convert ntp modules to bindata 2017-06-22 09:37:58 -05:00
Brent Cook eb4c4c911b
Land #8587, Add android wakelock command to turn the screen on 2017-06-21 14:48:20 -05:00
Spencer McIntyre 717f9aad12 Add more OSX Railgun defs and better CDECL support 2017-06-21 08:59:42 -04:00
OJ a9e03c1efd
Initial working version of AES encryption of TLVs 2017-06-21 21:01:59 +10:00
Brent Cook d81d0ea4ba print a friendlier status msg 2017-06-21 03:09:42 -05:00
Brent Cook b9904572f9 update winpmem dump handler for 64-bit support 2017-06-21 03:02:50 -05:00
OJ 2129959d2d
Begin rework of packet handling
This moves some of the packet-specific stuff to the packet class itself
2017-06-20 19:18:37 +10:00
Spencer McIntyre f7c133cdf7 Add OSX support to railgun 2017-06-19 11:11:55 -04:00
OJ cec87a3e4f
Start of support for AES packet encryption 2017-06-19 22:27:51 +10:00
OJ a48f0fcec6
Remove references to Meterpreter CRYPTO TLVs
This feature wasn't supported, and so the TLVs are no longer needed.
2017-06-19 16:53:33 +10:00
RageLtMan 32fbad7fca Style changes for cmd_ps cleanup 2017-06-14 01:28:21 -04:00
RageLtMan 762427b447 Clean up cmd_ps table output for Mettle
Mettle can run in all sorts of environments where some colums of a
process table will be nil. The existing implementation compacts
rows going into the table while providing filtering for the colum
contents only by checking the output of the first row in the proc
table.

Check column filters against all rows to ensure proper table init.
Check columns going into table for match against header.
Do not compact nil values in the table rows - some things, like
kthreads/workers dont have a path while other PIDs will.
2017-06-12 01:20:59 -04:00
OJ c4288fb35a
Update branch to include chances from upstream/master 2017-06-09 17:18:57 +10:00
OJ 6131e4bd82
Fix download lambda function to take correct param count
This is an emergency fix as a result of something being broken in
master. This is also being pushed straight to master because github is
down and the PR process isn't possible. This commit was reviewed by
@wvu-r7 prior to being pushed.
2017-06-07 09:37:24 +10:00
OJ 37b9cd07a2
Add support for the session GUID in the UI
The Session GUID will identify active sessions, and is the beginning of
work that will allow for tracking of sessions that have come back alive
after failing or switching transports.
2017-06-06 17:15:57 +10:00
Tim 871c30c0b3 refactor stdapi and lanattacks to use filter_commands 2017-06-06 14:05:07 +08:00
Tim e9c9c852ab check_commands -> filter_commands 2017-06-06 13:56:38 +08:00
Tim 7625d36c1c fix #8199, check extapi for dependencies 2017-06-05 14:56:59 +08:00
OJ cc0ff8f3db
Enable adaptive download with variable block sizes
The aim of this commit is to allow users of Meterpreter in high-latency
environments have better control over the behaviour of the download
function. This code contains two new options that manage the block size
of the downloads and the ability to set "adaptive" which means that the
block size will adjust on the fly of things continue to fail.
2017-06-02 17:16:58 +10:00
Brent Cook a01a2ead1a
Land #8467, Samba CVE-2017-7494 Improvements 2017-05-30 00:15:03 -05:00
Brent Cook 11b3fd9067
Land #8468, Update system info after running getsystem 2017-05-26 23:37:00 -05:00
TheNaterz 53cbbbacd8 getsystem update session info 2017-05-26 17:28:11 -06:00
HD Moore e8b5cc3397 Avoid a stacktrace by verifying that the share is known 2017-05-26 17:01:44 -05:00
Tim a9e6df6f15 fix shell command on osx meterpreter 2017-05-26 15:55:14 +08:00
OJ 86aad6b7c3
Fix proxy_type references to handle nil case 2017-05-22 21:47:37 +10:00
Pearce Barry a6f416e8df
Land #8290, Hwbridge Automotive Fix and Extension Enhancements 2017-05-19 13:46:54 -05:00
Pearce Barry d0b13544dd
Agreed-upon feedback updates. 2017-05-17 10:57:39 -05:00
James Lee e3f4cc0dfd
Land #8345, WordPress PHPMailer Exim injection
CVE-2016-10033
2017-05-16 15:07:21 -05:00
Brent Cook 123462bdca
Land #8293, add initial multi-platform railgun support 2017-05-11 22:32:23 -05:00
William Vu ee55516e06 Allow lowercase HTTP in command strings 2017-05-10 15:17:20 -05:00
William Vu 3a45c2f321 Allow complete override of Host header 2017-05-10 15:17:20 -05:00
William Vu e026a8c663
Fix typo (s/Remote/Reverse/) in portfwd -L
Found by ThePortWhisperer on IRC.
2017-04-29 00:10:13 -05:00
William Vu 7a6a124272
Land #8279, POSIX Meterpreter replaced by Mettle 2017-04-26 18:32:17 -05:00
Brent Cook 43ac2c339e
Land #8291, Acunetix XML import improvements 2017-04-26 17:38:52 -05:00
Brent Cook 353191992f move mettle payloads to meterpreter, add reverse_http/s stageless 2017-04-26 17:06:34 -05:00
Pearce Barry c4f1130619
Acunetix XML import improvements.
This patch updates the MSF db_import functionality  w.r.t. importing Acunetix XML files to do the following:

 - import web vulnerabilities identified by Acunetix
 - import all services for each scanned host
  - does not pull in the specifc program/version name of each service, as that's pretty loosely formatted in the Acunetix XML
2017-04-26 12:16:20 -05:00
Spencer McIntyre 3347af24ba Add some basic libc definitions for railgun 2017-04-25 15:12:39 -04:00
Spencer McIntyre 9c60c3ee46 Support platform specific railgun constants 2017-04-25 14:36:15 -04:00
Brent Cook 6f763a616d
Land #8225, Expose the shared wifi profile dumping feature in Mimikatz 2017-04-25 11:23:34 -05:00
Craig Smith aeed81de29 Code cleanup from Rubocop output
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
Craig Smith c2296dcd1b Addes 'isotpsend' command to interactive commands to send ISO-TP related queries
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
Craig Smith 36026ba8b4 Fixed active buses not being recorded. The 'connect' command now works for other extensions as well as modules. Added TesterPresent background packet transmissions to hold debugging sessions open.
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
Craig Smith 2012ebf38f Fixed bug with a duplicate ID in hash for errors
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
Craig Smith 406051a3ff Added more session management to hwbridge. Commands 'sessions' and 'background' added.
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
Craig Smith 5537348e28 Addes Statistics support from the API. When typing status in a hardware bridge it will also print packet statistics.
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
Spencer McIntyre daf8833174 Refactor a bunch of windows_name references 2017-04-24 19:54:00 -04:00
Spencer McIntyre 3cc089bcef Support loading platform specific railgun defs 2017-04-24 19:46:56 -04:00
Spencer McIntyre d3a759d631 Make changes for initial linux railgun support 2017-04-24 17:11:27 -04:00
Brent Cook 7b936b0012
Land #8184, convert IPMI protocol and modules to bindata 2017-04-17 07:40:15 -05:00
Brent Cook 67047cf770 Revert "Fixes MS-1716, keep sessions in progress alive."
This reverts commit e5d0370a94.
2017-04-16 15:52:22 -05:00
Brent Cook 7950087804 Merge branch 'upstream-master' into land-8237- 2017-04-14 21:53:26 -05:00
William Webb cbebc5dc39
really remove errant keyscan_extract() call 2017-04-14 15:21:11 -05:00
William Webb 303a767ccc
bring ukl branch up to date with upstream 2017-04-12 21:59:13 -05:00
OJ 271da4b4a5
Add new shared wifi profile dumping from kiwi 2017-04-11 22:01:52 +10:00
OJ 6983b0f857
Update the kiwi extension to show correct version number 2017-04-11 20:23:56 +10:00
Christian Mehlmauer 3c260ea452
fix #7921, HttpTrace and chunked encoding 2017-04-05 22:58:11 +02:00
Brent Cook 5f88971ca9 convert NTP modules to bindata 2017-04-04 02:57:38 -05:00
Brent Cook 46c7e822c8 convert IPMI protocol and modules to bindata 2017-04-04 02:44:17 -05:00
William Vu 94a0b4b06c Stop special-casing masscan 2017-04-04 00:33:13 -05:00
William Vu 7de2aa1a63 Update Nmap parser to handle masscan
masscan is missing <status>, meaning hosts aren't treated as alive.

Thanks to @jhart-r7 and @jlmurray for working on this previously.
2017-04-03 02:26:14 -05:00
Tim a65936452f Add android wakelock command to turn the screen on 2017-03-28 16:24:11 +08:00
Pearce Barry 31c03840bb
Style fixes for HWBridge RF and a couple small bug fixes
I should have tweaked these earlier, my bad.
2017-03-26 13:45:19 -05:00
Pearce Barry 4e6cf58b22
Land #8143, Fix variable typos in rfrecv related methods. 2017-03-24 15:38:52 -05:00
dmohanty-r7 92c0748447
Land #8102, Add a plugin to notify new sessions via SMS 2017-03-24 11:17:59 -05:00
Leon Jacobs c58e9acadd
Fix variable typos in rfrecv related methods. 2017-03-22 15:44:22 +02:00
Tim ef53e6a593 fix execute and kill cmd usage/help 2017-03-22 16:29:47 +08:00
William Vu 686f30e118
Land #8117, p{grep,kill} for Meterpreter <3 2017-03-21 16:37:34 -05:00
Pearce Barry 7477e44d30 Use urlsafe Base64 en/decode calls. 2017-03-20 17:37:16 -05:00
Pearce Barry c4279a837a Minor formatting/spelling/verbiage changes. 2017-03-20 17:37:12 -05:00
Craig Smith 2fde287424 Initial patch for rftransceiver (RfCat / YardstickOne) 2017-03-20 17:36:16 -05:00
Pearce Barry 321988c282 Replace errant '.' with ',' 2017-03-20 16:36:13 -05:00
Pearce Barry 2acd941b16 Merge branch 'master' into dtc_fix 2017-03-20 14:10:01 -05:00
Craig Smith 0be6b8c905 Fixes #8022
Adds detection for ELM327 chips reporting CAN ERROR when vehicle is off.
Addes some enhanced UDS Error codes.
Cleaned up reporting from getvinfo if the vehicle is off or not connected.
2017-03-20 13:49:39 -05:00
Pearce Barry 06ebb22a8f
Land #8065, Zigbee Hardware Bridge Extension 2017-03-20 10:44:15 -05:00
William Vu f9ecefe465
Land #8031, nil fixes for HWBridge 2017-03-19 22:37:28 -05:00
Brent Cook dd6e75986d add -l and -f flag simulation for pgrep, XXX rex handles flag opts poorly 2017-03-16 23:48:39 -05:00
Brent Cook 70bbacf7ed kill processes in reverse, allow children before parents more likely 2017-03-16 23:48:04 -05:00
Pearce Barry 095a110e65
Code and doc tweaks (minor).
Only one behavior change in the scan loop of zstumbler.rb to, when doing a scan across all the channels, keep it from retrying channel 11 again one last time just before it exits.
2017-03-16 21:43:36 -05:00
bwatters-r7 ab75794cd4
Land #8071, Add API to send an MMS message to mobile devices 2017-03-16 11:57:34 -05:00
Brent Cook 85f7d73d4d add pgrep as well 2017-03-16 04:14:45 -05:00
Brent Cook c9a85f58c0 add pkill command, rework to share filtering logic with ps 2017-03-16 03:57:49 -05:00
Brent Cook a1be63e449 fix warnings in rex argument parser 2017-03-16 03:57:49 -05:00
bwatters-r7 91a4657c36 Bumped the metasploit-payloads version and cache sizes with PR#8043 2017-03-15 19:02:21 -05:00
Spencer McIntyre befc5e05e5 Fix more kernel32 railgun definitions using DWORD 2017-03-14 18:42:52 -04:00
Spencer McIntyre d759c603b2 Fix more kernel32 railgun definitions using DWORD
Some railgun definitions for the kernel32 module define DWORD for the
functions return type when it should be HANDLE. This causes errors on
64-bit systems when the return value is truncated.
2017-03-14 16:58:22 -04:00
wchen-r7 bb4d6e17c8 Resolve #8026, Add a plugin to notify new sessions via SMS
This plugin will notify you of a new session via SMS.

It also changes the SMS text format to MIME.

Resolve #8026
2017-03-13 16:13:59 -05:00
wchen-r7 702d1c2b7e Fix bug for subject 2017-03-08 11:43:36 -06:00
wchen-r7 ed22902fd4 Support the subject field 2017-03-08 11:40:08 -06:00
Craig Smith f60dae0917 Lots of syntax fixups from rubocop 2017-03-08 09:21:33 -08:00
wchen-r7 036a443a41 Add Google Fi gateway 2017-03-07 17:02:32 -06:00
wchen-r7 dc36bc4a0d Add rspec 2017-03-07 16:49:42 -06:00
wchen-r7 dc13b84189 Bring mms branch up to date w/ master 2017-03-07 16:13:39 -06:00
wchen-r7 d32f08f969 Add doc and fix mms message class 2017-03-07 14:40:37 -06:00
wchen-r7 fae05f2e98 And API to send an MMS message to mobile devices
This API allows you to send a malicious attachment to mobile
devices.
2017-03-07 12:34:45 -06:00
Craig Smith 97ad8be7ff Added some Zigbee Documentation 2017-03-06 22:42:15 -08:00
Craig Smith 60cd04bc7b Added module for zstumbler 2017-03-06 16:10:14 -08:00
wchen-r7 a466dc44c6 Do exception handling for sms client 2017-03-06 10:54:08 -06:00
wchen-r7 4d44911d5c Do doc for google fi 2017-03-03 11:38:47 -06:00
wchen-r7 d9b21b16a9 Support Google Project Fi gateway 2017-03-03 11:36:13 -06:00
wchen-r7 2edb116855 Send texts individually
If we pass all the phone numbers at once in one email, it becomes
a group chat, and that allows the recipients to see each other's
number, which isn't the intended behavior.
2017-03-03 11:12:59 -06:00
wchen-r7 c61f8ded78 Comment out Sprint
It looks like the Sprint gateways won't accept our email for
some reason, so we can't use it.
2017-03-03 11:09:04 -06:00
wchen-r7 6ad8afb8b3 Add API to send a text message (SMS) to mobile devices 2017-03-02 16:47:55 -06:00
Spencer McIntyre 2d51801b01 Use native_arch for railfun multi and test it 2017-03-01 13:07:04 -05:00
Craig Smith d4e5cb7993 Fixes #8022
Adds detection for ELM327 chips reporting CAN ERROR when vehicle is off.
Addes some enhanced UDS Error codes.
Cleaned up reporting from getvinfo if the vehicle is off or not connected.
2017-02-27 21:09:57 -08:00
Craig Smith dcb42a3e69 Initial zigbee support using killerbee. Core session setup portion 2017-02-27 17:29:54 -08:00
Spencer McIntyre 0ebd51d224 Use native_arch for railgun sizes 2017-02-26 14:42:55 -05:00
Spencer McIntyre 3b2e5e0785 Add a new core_native_arch method for meterpreter 2017-02-26 14:22:24 -05:00
William Webb 076848e904
Land #7993, Keep sessions in progress alive 2017-02-24 16:57:47 -06:00
Pearce Barry e5d0370a94
Fixes MS-1716, keep sessions in progress alive. 2017-02-24 12:56:05 -06:00
bwatters-r7 4f839299f1
Land #7978, Add a test module for railgun API calls 2017-02-21 17:15:49 -06:00
William Webb 2a20d24c29
Land #7966, Fix 'rm' to handle multiple files 2017-02-21 13:32:19 -06:00
Spencer McIntyre 7d1fadb84f Add a test module for railgun api calls 2017-02-18 17:37:49 -05:00
Brent Cook 566bafe65d
Land #7962, Uploading files without specifying the destination closes a Meterpreter session. 2017-02-17 17:04:22 -06:00
Brent Cook 5207cb6c3a
Land #7914, send the correct exception on channel open failure 2017-02-17 17:00:30 -06:00
Brent Cook 807a27e73d clarify error handling when a channel cannot be opened 2017-02-17 16:59:09 -06:00
Rich Whitcroft 5bd38af8d6 fix rm to handle multiple files 2017-02-15 19:22:39 -05:00
Rich Whitcroft 24a4211bb9 fix upload when dest not specified 2017-02-14 22:08:49 -05:00
Brent Cook b741c8b2f7 fix typo in failure path, pointed out by rw- 2017-02-13 21:16:48 -06:00
Brent Cook 74e029f3b1
Land #7932, Fix CVE-2017-5229 2017-02-07 19:22:36 -06:00
Brent Cook 522c6dce8e
Land #7931, Fix CVE-2017-5231 and respect user's dest 2017-02-07 19:22:17 -06:00
Brent Cook 68a5d300fe minor style issues 2017-02-07 18:35:35 -06:00
Brent Cook b370dd0654 Fix CVE-2017-5229 - extapi Clipboard.parse_dump() Directory Traversal 2017-02-07 18:24:06 -06:00
Justin Steven 56cf6b129d
Fix CVE-2017-5228 2017-02-07 23:44:23 +10:00
Justin Steven cb74d3b05b
Fix CVE-2017-5231 and respect user's dest 2017-02-07 23:41:59 +10:00
Artem 9db2cdb33a Fix close session
Fix close session if remote file is permission deined
2017-02-05 02:00:05 +03:00
Pearce Barry 23c2787d57
Land #7795, Hardware Bridge API.
Initial bridge API that supports the HW rest protocol.
2017-02-02 08:47:59 -06:00
Pearce Barry 16de745437
Minor code cleanups/corrections. 2017-02-01 16:12:45 -06:00
Craig Smith 2ff4e6f57e Fixed defaults for elm327 realy.
Array2Hex in the automotive extension how supports passing an array or integers or string hexes
Added some extra error handling for UDS calls to non-supported pids
2017-01-25 11:30:29 -08:00
OJ a3cf400566
Re-set the TLV names for migration stuff 2017-01-24 07:36:56 +10:00
Jeffrey Martin 2c8cd80a2b
revert change to TLV_TYPE_MIGRATE_LEN in #7856 2017-01-23 09:23:32 -06:00
Jeffrey Martin 677d070179 make tlv enum of migrate length consistent 2017-01-23 09:19:53 -06:00
Craig Smith 198d6e00ff Fixed bug in array2hex that did not convert hex values to integers before formatting 2017-01-22 17:50:33 -08:00
Brent Cook f61314d2d6
Land #7856, Fix incorrect translations in TLV inspection code 2017-01-22 11:08:05 -06:00
Brent Cook 836da6177f Cipher::Cipher is deprecated 2017-01-22 10:20:03 -06:00
Brent Cook f69b4a330e handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations 2017-01-22 10:20:03 -06:00
Brent Cook 441222c2b5 Merge remote-tracking branch 'upstream/master' into land-7787- 2017-01-22 09:44:11 -06:00
William Vu e0094897a1 Add CSV and vCard support to dump_contacts 2017-01-20 19:18:50 -06:00
OJ 7e50ce09c0
Fix TLV inspect issue 2017-01-21 09:17:20 +10:00
Brent Cook 5b2e76b981
Land #7794, Fix #7793, incorrect command name in android meterpreter extension 2017-01-11 12:38:36 -06:00
wchen-r7 18347a8de7
Land #7774, Fix pivoting of UDP sockets in scanners 2017-01-10 13:57:28 -06:00
Craig Smith 5f07bca775 Hardware Bridge API. Initial bridge API that supports the HW rest protocol specified here:
http://opengarages.org/hwbridge  Supports an automotive extension with UDS calls for mdoule
development.
2017-01-06 19:51:41 -08:00