Commit Graph

12643 Commits (98e191794a4ce937b4af4c4a50ca545bacd5aab0)

Author SHA1 Message Date
Brian Patterson c83474ea5c
Land #7488 Allows DRDoS mixin to handle empty responses 2016-10-25 13:53:39 -05:00
Louis Sato 56d5c49d4d
host was no associated with the workspace
* searching mdm host by wspace id instead
2016-10-25 12:05:06 -05:00
Louis Sato 1378e2e61a
preserve hosts should still fingerprint new hosts 2016-10-25 09:58:30 -05:00
Louis Sato 744724c083
conditionalize fingerprinting
* fix bug where host not preserved
2016-10-24 18:45:48 -05:00
Metasploit e29567f390
Bump version of framework to 4.12.38 2016-10-24 14:25:47 -07:00
Jon Hart 12508f7140
Fix DRDoS mixin to handle empty responses 2016-10-24 14:21:28 -07:00
Adam Cammack 39b889ea29
Land #7459, Delay fingerprinting during import 2016-10-24 10:47:25 -05:00
William Vu ba3830c100
Land #7485, lib/rex/post/gen.pl removal 2016-10-24 09:56:41 -05:00
Metasploit bf59ba526a
Bump version of framework to 4.12.37 2016-10-24 07:35:41 -07:00
nixawk 66a1b57c17 delete lib/rex/post/gen.pl 2016-10-24 08:53:45 -05:00
Tim ce1f3e6b9e
Land #7451, copy original signing certificate when backdooring APK 2016-10-22 18:04:22 +08:00
David Maloney 6b77f509ba
fixes bad file refs for cmdstagers
when moving to the rex-exploitation gem some of the
file references were missed, partially due to silly differences
between how each file was referenced

Fixes #7466
2016-10-21 12:31:18 -05:00
David Maloney de87fccf85
Land #7469, OJ's php preamble fix
this is OJ's fix for the bind_php payload
preamble that causes it to be missing the php
tags
2016-10-21 12:05:39 -05:00
Metasploit 8e0d866976
Bump version of framework to 4.12.36 2016-10-21 10:02:09 -07:00
dana-at-cp b8e30a241e
Copy original cert data into new signing cert created for APK injection 2016-10-20 08:43:45 -07:00
Brendan 1644a1e20b Change how we populate workgroup/domain data 2016-10-19 17:24:26 -05:00
Brendan 95294b00d1 Whitespace 2016-10-19 17:13:07 -05:00
Brendan 078496437f Make sure that the ntlm blob data is pasrsed into UTF-8 2016-10-19 17:11:04 -05:00
Louis Sato f18cbd655e
delay fingerprinting of host
MS-2073

 * imports are slow mainly caused by fingerprinting after every service creation
 * now only fingerprints after all the services are created for imports
2016-10-18 17:42:48 -05:00
Pearce Barry 43fd0a8813
Land #7436, Put Rex-exploitation Gem Back 2016-10-18 16:03:54 -05:00
OJ 786600bd09
Remove the unused binary_suffix var 2016-10-18 16:15:00 +10:00
Tim 67d07a715c
add android_hide_app_icon 2016-10-17 19:02:48 +08:00
Brent Cook 6fb418d4d2
Land #7447, unify Android meterpreter method names, add missing stageless class 2016-10-17 04:48:43 -05:00
William Vu ebf52759cc
Land #7449, unsuitable language fix 2016-10-16 03:23:05 -05:00
Justin Steven 2ae62cfce1
Fix typo: Use a better adjective 2016-10-16 18:01:42 +10:00
dana-at-cp d7ac8eba45
Create new signing certificate with dname value copied from original certificate. 2016-10-15 14:05:53 -07:00
Tim 5fad8d8efa
prefix android commands with android_ 2016-10-15 23:57:20 +08:00
Metasploit 74340e9eb7
Bump version of framework to 4.12.35 2016-10-14 15:13:45 -07:00
Brent Cook 5736b2c821
add missing require 2016-10-14 12:15:45 -05:00
Metasploit b3666ff7ab
Bump version of framework to 4.12.34 2016-10-14 10:04:05 -07:00
Brent Cook 5ab3401f98
Land #7430, Refactor Android payload configuration into a byte array, add evasions 2016-10-14 10:01:23 -05:00
Brent Cook 4c248ebe9e Merge branch 'master' into land-7430- 2016-10-14 09:48:33 -05:00
Brent Cook a2fe934c15
Land #7435, NTLM Util change to support Unicode hostnames 2016-10-14 09:46:10 -05:00
OJ 70011922a3
Remove binary suffixes for payloads that don't exist 2016-10-14 14:08:13 +10:00
OJ 022830634b
Rejig platform to use windows instead of win32/win64 2016-10-14 10:10:04 +10:00
David Maloney 7894d5b2c1 Revert "Revert "use the new rex-exploitation gem""
This reverts commit f3166070ba.
2016-10-11 17:40:43 -05:00
David Maloney 2493ff1886 Revert "Revert "remove leftover cruft""
This reverts commit 74e0256448.
2016-10-11 17:40:18 -05:00
David Maloney 13de5f9b1e fix missing require in rex
this missing required caused an unitialized
constant in browser_autopwn2 because it required
the js utils bit directly without requiring rex-exploitation
2016-10-11 17:36:55 -05:00
Brendan fe36801918 Changed to convert hostnames and domains to UTF-8 rather than ANSI
after pulling them from the NTLM blob
2016-10-11 15:51:50 -05:00
Brent Cook e5ac3eda61
Land #7362, Fix apk injection script to include android payload service and broadcast receivers 2016-10-11 07:54:10 -05:00
Tim 3d9cb7375c
store Android payload information in byte array 2016-10-11 14:41:32 +08:00
Brent Cook 0d5a23b865 Merge branch 'master' into land-7423-localtime 2016-10-10 23:54:38 -05:00
OJ 699a8e91d2
Rework XOR code to make more sense 2016-10-10 13:38:08 +10:00
OJ e139a1ee8f
Land #7383: Rebase/Fix + SSL stager support for python 2016-10-10 13:06:09 +10:00
Metasploit adb6f31e36
Bump version of framework to 4.12.33 2016-10-08 20:57:08 -07:00
Brent Cook 74e0256448
Revert "remove leftover cruft"
This reverts commit 2be551cbd3.
2016-10-08 21:55:22 -05:00
Brent Cook f3166070ba
Revert "use the new rex-exploitation gem"
This reverts commit 52f6265d2e.
2016-10-08 21:55:16 -05:00
Brent Cook 63bf93be1b code and style cleanups 2016-10-08 21:04:15 -05:00
Brent Cook 7c1fa3eb51 fix 'info -d module', it assumed active module only 2016-10-08 19:31:00 -05:00
RageLtMan 44c5fc3250 Sync build_net_code post module upstream
Fix merge conflicts and add missing lines to framework version of
the DotNet compiler example module.

Test output to come in PR #5393
2016-10-08 14:06:35 -05:00
RageLtMan 47b1320d08 Add options to cmd_psh_payload
Fill in validated datastore options for generating custom PSH
payloads
2016-10-08 14:06:35 -05:00
RageLtMan fb8e025aa5 Force datastore validation by option set
cmd_psh_payload relies on datastore options to have a proper
data type down the call chain. When modules are created with string
values for all data store options, a conditional naively checking
what should be a boolean value for false/nil? would return true
for a string representation of "false."

Ensure that datastore options are validated prior to using them
to set variables passed into Rex methods.
2016-10-08 14:06:35 -05:00
RageLtMan f24bfe7d4e Import Powershell::exec_in_place
Allow passing exec_in_place parameter to cmd_psh_payload in order
to execute raw powershell without the commandline wrappers of
comspec or calling the powershell binary itself.
This is useful in contexts such as the web delivery mechanism or
recent powershell sessions as it does not require the creation of
a new PSH instance.
2016-10-08 14:06:35 -05:00
RageLtMan 36b989e6d7 Initial import of .NET compiler and persistence
Add Exploit::Powershell::DotNet namespace with compiler and
runtime elevator.

Add compiler modules for payloads and custom .NET code/blocks.

==============

Powershell-based persistence module to compile .NET templates
with MSF payloads into binaries which persist on host.
Templates by @hostess (way back in 2012).

C# templates for simple binaries and a service executable with
its own install wrapper.

==============

Generic .NET compiler post module

Compiles .NET source code to binary on compromised hosts.
Useful for home-grown APT deployment, decoy creation, and other
misdirection or collection activities.

Using mimikatz (kiwi), one can also extract host-resident certs
and use them to sign the generated binary, thus creating a
locally trusted exe which helps with certain defensive measures.

==============

Concept:

Microsoft has graciously included a compiler in every modern
version of Windows. Although executables which can be easily
invoked by the user may not be present on all hosts, the
shared runtime of .NET and Powershell exposes this functionality
to all users with access to Powershell.

This commit provides a way to execute the compiler entirely in
memory, seeking to avoid disk access and the associated forensic
and defensive measures. Resulting .NET assemblies can be run
from memory, or written to disk (with the option of signing
them using a pfx cert on the host). Two basic modules are
provided to showcase the functionality and execution pipeline.

Usage notes:

Binaries generated this way are dynamic by nature and avoid sig
based detection. Heuristics, sandboxing, and other isolation
mechanisms must be defeated by the user for now. Play with
compiler options, included libraries, and runtime environments
for maximum entropy before you hit the temmplates.

Defenders should watch for:
Using this in conjunction with WMI/PS remoting or other MSFT
native distributed execution mechanism can bring malware labs
to their knees with properly crafted templates.
The powershell code to generate the binaries also provides a
convenient method to leave behind complex trojans which are not
yet in binary form, nor will they be until execution (which can
occur strictly in memory avoiding disk access for the final
product).

==============

On responsible disclosure: I've received some heat over the years
for prior work in this arena. Everything here is already public,
and has been in closed PRs in the R7 repo for years. The bad guys
have had this for a while (they do their homework religiously),
defenders need to be made aware of this approach and prepare
themselves to deal with it.
2016-10-08 14:05:53 -05:00
William Vu 1f36583db2 Add zeroSteiner to author.rb 2016-10-07 12:51:22 -05:00
Metasploit 8a6426df48
Bump version of framework to 4.12.32 2016-10-07 10:04:32 -07:00
Metasploit a0ebf5ea2d
Bump version of framework to 4.12.31 2016-10-06 11:23:08 -07:00
dmohanty-r7 55597d7370
Land #7394, Gemify rex/exploitation and associated data files into rex-exploitation 2016-10-05 10:55:21 -05:00
David Maloney 2be551cbd3 remove leftover cruft
some files that got left behind in previous
gemifications that should have been removed
2016-10-05 09:05:27 -05:00
David Maloney 52f6265d2e use the new rex-exploitation gem
use the new rex-exploitation gem instead of the packaged in lbirary code
cleans up a huge ammount of space in framework

MS-1709
2016-10-05 09:05:27 -05:00
William Vu a89607bbdb Prefer keyword argument 2016-10-04 23:14:14 -05:00
Brent Cook b7ea465855 refresh sysinfo when explicitly requested on a session 2016-10-04 22:06:06 -05:00
David Maloney af4f3e7a0d use templates from the gem for psh
use the templates now contained within the magical
gem of rex-powershell

7309
MS-2106
2016-10-04 14:14:25 -05:00
OJ a4efa77878
Support driver list, adjust capcom exploit
This commit adds MSF-side support for listing currently loaded drivers
on the machine that Meterpreter is running on. It doesn't add a UI-level
command at this point, as I didn't see the need for it. It is, however,
possible to enumerate drivers on the target using the client API.

Also, the capcom exploit is updated so that it no longer checks for the
existence of the capcom.sys file in a fixed location on disk. Instead,
it enumerates the currently loaded drivers using the new driver listing
function, and if found it checks to make sure the MD5 of the target file
is the same as the one that is expected. The has is used instead of file
version information because the capcom driver doesn't have any version
information in it.
2016-10-04 11:27:20 +10:00
OJ 3469104f7a
Add localtime command support 2016-10-03 15:18:37 +10:00
William Vu 039357a714
Land #7387, checksum command for Meterpreter 2016-10-02 21:35:34 -05:00
Brent Cook 63d13f0f49
check if there is a stance set before checking the value 2016-10-02 19:48:49 -05:00
Spencer McIntyre 8e09b172f6 Add a meterpreter checksum command 2016-10-01 14:29:35 -04:00
Metasploit 73c11a63b4
Bump version of framework to 4.12.30 2016-09-30 10:03:42 -07:00
Tim e628fab86e
Land #7378, run zipalign during apk injection process 2016-09-30 12:27:27 +08:00
Brent Cook 6241e48b34
Land #7350, add 'sess' command for direct session switching support 2016-09-29 23:18:53 -05:00
Brent Cook 49ed02a203 fix packet parsing when there is partial data 2016-09-29 17:21:59 -05:00
RageLtMan 4fdb54e6a1 Fixup transport to work with upstream
Differences in transport configuration and the actual payload do
not allow a direct splice of the original files included.

Clean up the payload generator to work with upstream handler,
payload, and transport configuration implementation.

Initial testing shows inbound sessions are created and SSL cert
is now properly attaching to the handler.
2016-09-29 17:21:59 -05:00
RageLtMan a7470991d9 Bring Python reverse_tcp_ssl payload upstream
Adds TLS/SSL transport encryption for reverse tcp payloads in
python
2016-09-29 17:21:59 -05:00
dana-at-cp b06a3d3c68
Refactor code that calls zipalign on injected APK 2016-09-29 07:49:50 -07:00
dana-at-cp e8d99fb3f5
Run zipalign as last step during APK injection process
Running zipalign on an APK after signing and before distribution
is considered general best practice. Also, properly aligning an APK
makes it less likely to be flagged as suspicious by mobile security
solutions.

More on zipalign from Google:

https://developer.android.com/studio/command-line/zipalign.html
2016-09-28 20:05:17 -07:00
Jeffrey Martin 1689f10890
Land #7292, add android stageless meterpreter_reverse_tcp 2016-09-28 16:05:22 -05:00
Brent Cook ea625d4ea3
Enhance #7360, more stance fixes 2016-09-28 13:49:29 -05:00
Brent Cook 5a611b0ec4 use the correct scope for the Stance names 2016-09-28 13:48:28 -05:00
Tim b4a1adaf0f refactor into android.rb 2016-09-28 18:23:34 +08:00
Tim dc43f59dcf dalvik -> android 2016-09-28 14:50:52 +08:00
HD Moore 8bef4e4ec6
Land #7360, restore passive?/aggressive? behavior
This PR restores the mod.aggressive? and mod.passive? methods to the
implementation prior to 0f7e3e9.
2016-09-26 15:05:41 -05:00
Metasploit 5ea1e7b379
Bump version of framework to 4.12.29 2016-09-26 12:06:21 -07:00
Tim a39c4965e4 fix apk injection script to include payload service and receivers 2016-09-26 19:50:10 +08:00
Brent Cook 006c749e6a directly check to match the former definition of aggressive? 2016-09-25 23:57:13 -04:00
Brent Cook 743bea912a fix exploit Passive / Aggressive overrides to do the right thing 2016-09-25 19:57:41 -04:00
Pearce Barry 00258a4d31
Land #7351, restore NTLM constant class shortcuts 2016-09-25 12:09:38 -05:00
dmohanty-r7 00c02bb132
Land #7349, Add initialization of RHOST value prior to calling child check() 2016-09-23 12:28:08 -05:00
Metasploit 3ddf80dd7a
Bump version of framework to 4.12.28 2016-09-23 10:02:37 -07:00
Tim c13ab28a5b remove debug statement 2016-09-22 16:27:11 +01:00
Tim acb3e66064 fix comments 2016-09-22 16:26:26 +01:00
Tim 32c2311b86 android meterpreter_reverse_tcp 2016-09-22 16:26:26 +01:00
Brent Cook 2ec87d1f67 check if constant aliases are already set before setting
(I'm presuming that was what removing was intended to help with)
2016-09-22 07:12:42 -05:00
Brent Cook 4acb29a129 restore NTLM constant class shortcuts 2016-09-22 07:01:38 -05:00
OJ af4b1cf48f
Add the `sess` command to MSF and Meterp shells
This new command is a simpler shortcut that allows for moving around sessions much faster from within the console.

* From inside MSF, `sess <id>` is shorthand for `sessions -i <id>`
* From inside Meterp, `sess <id>` is shorthand for `background; sessions -i <id>`

In the latter case, if the session being switched to is the same id, then no swiching happens.
2016-09-22 16:09:59 +10:00
Brent Cook 52d0840a79
Land #7276, fix clipboard tlv usage 2016-09-22 00:47:18 -05:00
Brent Cook b4b709d921
Land #7342, remove OSVDB links and references from library code - leave in modules 2016-09-22 00:45:05 -05:00
Brent Cook 88cef32ea4
Land #7339, SSH module fixes from net:ssh updates 2016-09-22 00:27:32 -05:00
William Vu fda5faf4ed
Land #7346, route command fixes
Also adds session -1 support.
2016-09-21 15:44:24 -05:00
Spencer McIntyre a3e3bbf2b0 Remove unnecessary reference to idx 2016-09-21 12:42:25 -04:00
Spencer McIntyre 08836a317d Fix "route add" error and support using session -1 2016-09-21 12:02:30 -04:00
Spencer McIntyre 0671e854a9 Default the route command to printing the table 2016-09-21 10:36:59 -04:00
Brendan b0bb5b5806 Added initialization of RHOST value prior to calling child check() functions 2016-09-20 18:18:52 -05:00
“Brian 4ff8235304
Remove semicolon 2016-09-20 17:57:48 -05:00
“Brian 8871673ada Merge branch 'master' of github.com:rapid7/metasploit-framework 2016-09-20 17:48:06 -05:00
“Brian 53170cca01 msfconsole command
resolves #7330

Warns the user if they try to run msfconsole in msfconsole and does not let them do it
2016-09-20 17:46:25 -05:00
Brent Cook 1b31e0a63e remove osvdb links 2016-09-20 14:27:59 -05:00
David Maloney e315ec4e73
Merge branch 'master' into bug/7321/fix-ssh-modules 2016-09-19 15:27:37 -05:00
David Maloney 06ff7303a6
make pubkey verifier work with old module
make the new pubkey verifier class and
the old identify_pubkeys aux module work
together

7321
2016-09-19 15:20:35 -05:00
David Maloney 2f17ae0946
add pubkey_verifier class to framework
this class provides a new way to do
public key only verification tests
for SSH

7321
2016-09-19 14:35:59 -05:00
Pearce Barry 3f5ed75198
Relocate Rex::Platform:Windows content (fixes MS-1714) 2016-09-19 14:34:44 -05:00
Pearce Barry 27018b421c
Land #7316, use new rex-encoder gem 2016-09-19 11:59:21 -05:00
dmohanty-r7 4c4f2e45d6
Land #7283, add jsp payload generator 2016-09-16 14:37:59 -05:00
Metasploit 5acc17a800
Bump version of framework to 4.12.27 2016-09-16 10:02:52 -07:00
Brendan 332ba47356 refactored blob parsing to get unicode, but break everything else 2016-09-16 11:22:53 -05:00
Brent Cook b21daa7019
Land #7263, Automatically generate keystore for android apk signing 2016-09-15 22:09:15 -05:00
Brent Cook 022ab74f30
See #7089, add some stray fixups 2016-09-15 18:50:00 -05:00
Brent Cook 6686e91ffe
fixup some leftover debug and whitespace issues 2016-09-15 18:39:08 -05:00
Brent Cook 50fc3b10f8
Land #7086, Add 'continue' and 'tries' wget-like options to meterpreter 'download' 2016-09-15 17:48:21 -05:00
David Maloney 7e10b5c482
use new rex-encoder gem
remove all the encoidng lbiraries and use the new gem
rex-encoder that contains them now.

MS-1708
2016-09-14 12:07:26 -05:00
dmohanty-r7 e005a3f49b
Land #7300 replace msfrop with the rex-rop_builder gem
MS-1722
2016-09-14 11:21:54 -05:00
Metasploit 32998d938f
Bump version of framework to 4.12.26 2016-09-13 16:59:37 -07:00
Brent Cook b5ae287235 ensure that default_name, dns_host_name, and dns_domain_name are set 2016-09-13 18:32:59 -05:00
wchen-r7 245237d650
Land #7288, Add LoginScannerfor Octopus Deploy server 2016-09-13 17:26:56 -05:00
Metasploit 8eb2c926f3
Bump version of framework to 4.12.25 2016-09-13 13:37:08 -07:00
David Maloney fd3b885d83
replace msfrop with the rex-rop_builder gem
moved all of this code into the new gem

MS-1722
2016-09-12 16:06:53 -05:00
Brent Cook 8cf62dc4ed
Land #7299, Set defaults in WordpressMulticall login scanner 2016-09-12 12:26:08 -05:00
Adam Cammack aa193bf372
Set defaults in WordpressMulticall login scanner
This login scanner would crash it was used like a normal login scanner.

MS-2007
2016-09-12 11:22:15 -05:00
Brent Cook e09fe08983
Land #7278, fix FTP path traversal scanners 2016-09-12 10:47:36 -05:00
Brent Cook 1d4b0de560
Land #6616, Added an Outlook EWS NTLM login module. 2016-09-09 11:43:52 -05:00
Pearce Barry 4495b27e67
Land #7254, Rex::SSLScan Gemification 2016-09-08 13:20:56 -05:00
David Maloney 1b9c37ff78
Merge branch 'master' into feature/MS-1711/rex-nop 2016-09-08 10:48:07 -05:00
Brendan a30711ddcd
Land #7279, Use the rubyntlm gem (again) 2016-09-07 16:33:35 -05:00
David Maloney 17ab04829c missed the lib/rex/socket.rb file
failed to delete this rather important bigt
2016-09-07 11:38:28 -05:00
David Maloney 7857c58655 remove all the left voer cruft
remove all the files that got xfered out to the gems

MS-1715
2016-09-07 11:38:28 -05:00
David Maloney 43942e6029 refactor pem parser to use the rex-socket gem version
use rex-socket's pem aprser instead of the old one we used
to have in rex::parser

MS-1715
2016-09-07 11:38:27 -05:00
David Maloney 405c59b8b8 move bidirectional pipe into rex/ui/text
this didn't really fit with the rest of rex::io and it inherits
from inside rex/ui/text so just put it there

MS-1715
2016-09-07 11:34:04 -05:00
james-otten dcf0d74428 Adding module to scan for Octopus Deploy server
This module tries to log into one or more Octopus Deploy servers.

More information about Octopus Deploy:
https://octopus.com
2016-09-06 20:52:49 -05:00
Christian Mehlmauer c6012e7947
add jsp payload generator 2016-09-06 22:17:21 +02:00
Pearce Barry 0f30d3a720
Land #7208, use new rex-bin_tools gem 2016-09-06 13:19:35 -05:00
Pearce Barry 9d5a276e91
Fix recent metasploit-framework.gemspec conflict. 2016-09-06 13:10:28 -05:00
David Maloney 881effbae9
use the new rex-nop gem
transfer the opty2 library to rex-nop

MS-1711
2016-09-06 11:27:06 -05:00
OJ ab6ffcc725
Add tspkg support and fix parsing a little 2016-09-07 02:04:54 +10:00
OJ dd977c0c28
Begin work on parsing mimikatz output and handling more cmds 2016-09-07 01:41:35 +10:00
William Vu b701048ce2 Fix data_disconnect to shutdown only if datasocket
Seeing people use this with ensure when their data channel was never set
up. This breaks things. :)
2016-09-05 15:54:26 -05:00
Tim f75b5569e5
fix android clipboard tlv usage 2016-09-05 17:24:32 +01:00
Metasploit 58112d7b4d
Bump version of framework to 4.12.24 2016-09-02 10:02:44 -07:00
dmohanty-r7 e36cfa54b1
Use rex-mime gem
MS-1710
2016-09-01 11:38:07 -05:00
Tim 9ebe18d096
automatically generate keystore for apk signing 2016-09-01 10:19:58 +01:00
Danil Bazin bfabb3877c @void-in suggestions styles 2016-08-31 14:00:35 +02:00
Danil Bazin 39407dda95 Winpmem meterpreter extension 2016-08-31 11:46:15 +02:00
Pearce Barry bd71df55c3
Merge branch 'nessus-bridge-gem' of git://github.com/kost/metasploit-framework into kost-nessus-bridge-gem
Also fix minor merge conflict.
2016-08-30 17:25:46 -05:00
David Maloney 029a28c95b
use the new rex-sslscan gem
remove old integerated code and replace it
with the gem. done.

MS-1693
2016-08-30 10:43:47 -05:00
David Maloney fa6d1965fc
missed the lib/rex/socket.rb file
failed to delete this rather important bigt
2016-08-30 09:31:52 -05:00
caye efdf7c4c00
Clipboard now sets 'recursive' download option in new way. Improved download_file compatibility 2016-08-27 01:44:04 +00:00
caye 3545c5f8db
Rebase after #7125. Changed tries to -l. Added 'opts' for all download options 2016-08-27 00:55:16 +00:00
David Maloney b1009ab8dc
remove all the left voer cruft
remove all the files that got xfered out to the gems

MS-1715
2016-08-26 14:31:27 -05:00
David Maloney 91fe78e9cb
refactor pem parser to use the rex-socket gem version
use rex-socket's pem aprser instead of the old one we used
to have in rex::parser

MS-1715
2016-08-26 14:13:38 -05:00
David Maloney c6b0c0b598
move bidirectional pipe into rex/ui/text
this didn't really fit with the rest of rex::io and it inherits
from inside rex/ui/text so just put it there

MS-1715
2016-08-26 13:51:26 -05:00
Metasploit ea32c313d3
Bump version of framework to 4.12.23 2016-08-26 10:06:44 -07:00
Pearce Barry 226ded8d7e
Land #6921, Support basic and form auth at the same time 2016-08-25 16:31:26 -05:00
William Vu 954dee752b Sort msfvenom --help-platforms
Also sort --help-formats.
2016-08-25 14:02:58 -05:00
Pearce Barry 250e6676ca
Update crawler with new auth key values. 2016-08-24 16:01:46 -05:00
William Vu 61f1e7e9c2 Add server_port to HTTP fingerprint
MS-1982
2016-08-24 13:24:24 -05:00
Pearce Barry 03e14ec86f
Land #7232, Net::SSH Regression Fixes
Fixes #7160
Fixes #7175
Fixes #7229
2016-08-23 14:53:42 -05:00
David Maloney 95b82219a3
Land #7233, ssh over L# pivot
this lands egypt's fix for using Net::SSH over L# pivots
2016-08-23 14:12:54 -05:00
Pearce Barry 222c85c343
Land #7223, Unvendor openvas-omp gem 2016-08-23 13:40:39 -05:00
James Lee b4a7562054
Use getpeername_as_array instead of peerinfo
`peerinfo` is intended to be human-readable and can be things like
"Remote Pipe" so splitting it here is the wrong thing to do.
2016-08-22 14:20:53 -05:00
James Lee bcf0062d47
Make SocketInterface things be Rex::Sockets 2016-08-22 14:17:00 -05:00
William Webb 3b3b4723c2
Land #7231, Fix Android Meterpreter command autoload and sysinfo 2016-08-22 12:22:43 -05:00
William Webb 455ba42f5b
Land #7218, Add new post-exploitation APIs for stealing access tokens 2016-08-22 10:55:42 -05:00
David Maloney b6dff719f3
add a hard require to the ssh mixin
added hard require for SSHFactory into the ssh exploit mixin
this should prevent any laod-order bugs from cropping up again
2016-08-22 09:56:07 -05:00
Tim Wright 3955c4332d fix android autoload commands and sysinfo 2016-08-22 14:53:58 +01:00
dmohanty-r7 4478136065 Unvendor openvas-omp gem
MS-1718
2016-08-19 15:14:32 -05:00
Metasploit 87d34cfbba
Bump version of framework to 4.12.22 2016-08-19 10:02:28 -07:00
wchen-r7 265adebd50 Fix typo 2016-08-19 10:44:24 -05:00
William Vu 3d4d7aae14 Add ps -c to show child processes of current shell 2016-08-18 19:23:21 -05:00
wchen-r7 0f4d26af19 Update yard doc 2016-08-18 17:18:16 -05:00
wchen-r7 2a61450511 Add new POST exploitation APIs for stealing a token 2016-08-18 17:08:21 -05:00
James Lee 91417e62a8
Cleanup docs 2016-08-18 10:40:32 -05:00
William Vu bc9a402d9e
Land #7214, print_brute ip:rport fix 2016-08-17 22:48:40 -05:00
William Webb 667c3566e5
Land #7209, Add functionality to pull .NET versions on Windows hosts 2016-08-17 12:48:05 -05:00
Brent Cook b37dc8ea27
Land #7210, allow send_request_cgi to close a non-global socket 2016-08-16 22:54:23 -05:00
Brendan b25b2a5188 Cleaned up code per suggestions in the PR 2016-08-16 16:16:25 -05:00
wchen-r7 5f8ef6682a Fix #7202, Make print_brute print ip:rport if available
Fix #7202
2016-08-16 15:34:30 -05:00
Brent Cook e70402a130 use the platform string verbatim on windows meterpreter 2016-08-15 23:50:57 -05:00
wchen-r7 498657ab35 Fix #3860, tearing down TCP connection for send_request_cgi
Fix #3860
2016-08-15 15:45:52 -05:00
Brendan 0778b77f7b Cleaned up a little 2016-08-15 12:20:28 -07:00
David Maloney d2a6c2e9ca
move rex bintools into new gem
move all the *scan *parsey code out into
the new rex-bin_tools gem

MS-1691
2016-08-15 14:01:43 -05:00
Brendan 7730e0eb27 Added ability to retrieve .NET versions 2016-08-15 11:29:00 -07:00
Brendan 906d480264 Added dotnet require 2016-08-15 11:06:29 -07:00
Vlatko Kosturjak 46e4ee4c5b Start using gem instead of obsolete library/tool
Rationale is following:
nessus-cli is obsolete
nessus is using json rest api instead of xmlrpc
xmlrpc name is therefore obsolete

Solution: with minimal changes start using nessus_rest gem.
2016-08-14 17:57:33 +02:00
Pearce Barry 1e7663c704
Land #7200, Rex::Ui::Text cleanup 2016-08-12 16:22:55 -05:00
David Maloney 0fd833676e
remove unnedded codepage.map
this file got mvoed to rex-text earlier
2016-08-12 13:41:31 -05:00
David Maloney 4e678e4ce6
fix help table
there was a bad class refernece here that
needed to be cleaned up

MS-1875
2016-08-12 13:33:41 -05:00
Metasploit a6ba386728
Bump version of framework to 4.12.21 2016-08-12 10:02:36 -07:00
Brent Cook 6a035b7e48
Land #7161, add specs for cisco mixin to use Metasploit Credentials 2016-08-12 10:07:17 -05:00
Pearce Barry 6386d9daca
Land #7178, Add a method to check the Powershell version 2016-08-11 11:02:41 -05:00
wchen-r7 e08c4a8bef Remove .Net check
cmd_exec doesn't seem to be the best way to go because there is
some issue grabbing the output sometimes.
2016-08-11 10:49:06 -05:00
David Maloney 42d6c9443d
remove unused ProgressTracker class
not sure if this was ever used, but it is certainly not being used
by anything now, so let's remove it

MS-1875
2016-08-11 10:35:10 -05:00
David Maloney 8489485cfd
move Rex::Ui::Text::Color out to rex::text gem
moved the text ansi color library out to the rex-text gem

MS-1875
2016-08-11 10:28:09 -05:00
Metasploit d57e4d6349
Bump version of framework to 4.12.20 2016-08-10 15:30:37 -07:00
David Maloney 09ad342b67
Merge branch 'master' into feature/MS-1875/rex-table 2016-08-10 15:58:27 -05:00
wchen-r7 3851db7bcb Use powershell when possible 2016-08-10 15:14:11 -05:00
Brent Cook 1cb01ee876 remove architecture fidling from platform string for now 2016-08-10 14:46:48 -05:00
David Maloney eb73a6914d
replace old rex::ui::text::table refs
everywhere we called the class we have now rewritten it
to use the new namespace

MS-1875
2016-08-10 13:30:09 -05:00
David Maloney 3f530f1896
remove rex::ui::text:table
remove the class from msf, and update the rex-text
gem to pull the code in under the new version at Rex::Text::Table
modify all requires appropriately

MS-1875
2016-08-10 13:24:25 -05:00
dmohanty-r7 b027176799
Land #7156, use windows_error gem for constants 2016-08-10 11:47:37 -05:00
Metasploit 280216d74d
Bump version of framework to 4.12.19 2016-08-09 14:49:58 -07:00
Pearce Barry ae59c4ae74
Land #6687, Fix meterpreter platform to include OS in the tuple for all meterpreters 2016-08-07 05:00:24 -05:00
Christian Mehlmauer 009089ead7
Land #7183, Fix #7170 Add HttpTrace option for HttpClient 2016-08-05 22:36:28 +02:00
wchen-r7 4055fd1930 Do e.message instead of e.to_s 2016-08-05 14:12:50 -05:00
wchen-r7 d59b6d99ee Make the debug output more readable 2016-08-05 13:20:53 -05:00
Metasploit e7aa658893
Bump version of framework to 4.12.18 2016-08-05 10:05:03 -07:00
wchen-r7 766c0cc539 return nil if no .Net is installed 2016-08-05 11:36:32 -05:00
wchen-r7 a8d9a5c02c Print exceptions if needed 2016-08-04 18:14:22 -05:00
wchen-r7 7538b3dcf8 Fix #7170, Add HttpTrace option for HttpClient
Fix #7170
2016-08-04 16:09:17 -05:00
wchen-r7 11f94a6efc Do a different wmic query for newer systems 2016-08-04 14:50:46 -05:00
wchen-r7 3ea3d95744 Add methods to check .Net and Powershell versions 2016-08-03 17:49:15 -05:00
OJ f9a7d34089
Initial work to support the new kiwi extension 2016-08-02 19:12:24 +10:00
William Vu 4c12c2f6c5 Improve Meterpreter ps -A experience
This allows us to use "x64" instead of "x86_64" in ps -A.
2016-07-31 17:19:57 -07:00
Brent Cook 8bda3c6382
Land #7121, Don't clobber nil strings when there are empty strings in the config file 2016-07-29 15:49:11 -05:00
Metasploit 190bac6e0a
Bump version of framework to 4.12.17 2016-07-29 10:02:06 -07:00
darkbushido 5a1cd24350 finishing converting the last of this to credentials 2016-07-29 09:58:17 -05:00
darkbushido 0972005b24 updating 'ppp.*username secret' 2016-07-29 09:58:17 -05:00
darkbushido 1d33c9aa88 updating specs upto 'username secret' 2016-07-29 09:58:17 -05:00
darkbushido 73b362cade updating more spec 2016-07-29 09:58:16 -05:00
darkbushido b66621af0d adding in a blank service_name
fixing myworkspace
2016-07-29 09:58:16 -05:00
darkbushido 219f9d5d57 updating parts of cisco to use creds 2016-07-29 09:58:15 -05:00
darkbushido 40240662db converting enable password to create_credentials 2016-07-29 09:58:15 -05:00
Brent Cook 8ad38aec2f
Land #7109, Add final filesize to msfvenom output 2016-07-29 09:24:10 -05:00
Brendan ee40c9d809
Land #6625, Send base64ed shellcode and decode with certutil (Actually MSXML) 2016-07-28 13:01:05 -07:00
Brendan 2525eab996 persistance -> persistence 2016-07-28 12:56:04 -07:00
Pearce Barry 1f5fbd4a67
Put remaining consts in exploit mixin... 2016-07-27 17:43:29 -05:00
Pearce Barry 05afaa1162
Pull in consts from rex-arch gem... 2016-07-27 17:43:17 -05:00
Pearce Barry bdf073516b
Switch errors over to windows_error gem... 2016-07-27 17:43:00 -05:00
Pearce Barry 2a703d6cec
Move LOG_* and LEV_* defs out of constants.rb... 2016-07-27 17:42:42 -05:00
William Webb 5b8b15e578 update global constants to allow for windows 10 2016-07-27 12:45:05 -05:00
Brendan af137f3ec3
Land #7127, Fix #6989, scanner modules printing RHOST in progress messages 2016-07-27 09:16:08 -07:00
Brent Cook 3987c2c0d8 cache sysinfo (we use it a lot, it will not change) 2016-07-27 08:49:19 -05:00
Brent Cook 9cb4880747 allow process architecture to be a string (allow more than x86) 2016-07-27 08:49:19 -05:00
William Vu a0c42f5dd2 Add wordpress_url_uploads 2016-07-26 19:10:19 -05:00
wchen-r7 cce1ae6026 Fix #6989, scanner modules printing RHOST in progress messages
Fix #6989
2016-07-25 23:15:59 -05:00
Pearce Barry f7562c09b2
Land #7125, Add timestamping to downloaded files
Fixes MS-1744.
2016-07-25 22:24:53 -05:00
Pearce Barry c35e7fb63f
Land 7124, Remove unwanted <ruby> tag while generating module doc code 2016-07-25 21:11:21 -05:00
William Vu bebff786b7 Add timestamping to downloaded files 2016-07-25 17:18:27 -05:00
wchen-r7 21f5da29d4 Remove unwanted <ruby> tag while generating module doc code 2016-07-25 15:38:59 -05:00
Pearce Barry 1b6bd927d0 Rex::OLE is now rex-ole gem, fixes MS-1712 2016-07-25 14:05:48 -05:00
Rich Whitcroft b1efd4e749 fix VAR=VAL loading from config 2016-07-23 00:26:18 -04:00
James Lee dbbe6a831a
Land #7111, rex-arch gem 2016-07-22 14:55:51 -05:00
Metasploit 4cbb3bb9b6
Bump version of framework to 4.12.16 2016-07-22 10:02:00 -07:00
scriptjunkie bc42ac5761 Fix #7117 by fixing stack offset 2016-07-21 20:48:08 -05:00
wchen-r7 390f69313a Fix grammar in browser_exploit_server 2016-07-21 11:51:10 -05:00
dmohanty-r7 01f08da345
Use rex-arch gem
MS-1703
2016-07-20 16:42:41 -05:00
forzoni b58931f803 Avoid error when generated payload is nil. 2016-07-19 23:43:38 -05:00
James Lee a54945c82c
whitespace 2016-07-19 17:07:17 -05:00
James Lee ff63e6e05a
Land #7018, unvendor net-ssh 2016-07-19 17:06:35 -05:00
forzoni e90e6c4885 Use format check instead of length. 2016-07-19 09:38:09 -05:00
forzoni d6fd2a49d4 Add final filesize, useful when using different formats. 2016-07-19 02:41:37 -05:00
dmohanty-r7 8d8e1f80f5
Land #7102, remove struct2 code in favor of rex-struct2 2016-07-18 11:44:17 -05:00
Metasploit b954b6d5c1
Bump version of framework to 4.12.15 2016-07-18 08:42:20 -07:00
wchen-r7 6d8dd24e41
Land #7104, Update ActiveRecord syntax for framework db cred iteration 2016-07-17 17:57:06 -05:00
wchen-r7 01c5662b61
Land #7100, Change Burp import to allow blank references 2016-07-17 17:35:46 -05:00
Brent Cook 2041870e62 Update ActiveRecord syntax for framework db credential iteration 2016-07-15 22:01:54 -05:00
David Maloney 20d7e9a7a7
remove old struct2 code in favour of gem
use the new rex-struct2 gem and remove the code form it's old location

MS-1782
2016-07-15 16:01:21 -05:00
Metasploit b13d0f879a
Bump version of framework to 4.12.14 2016-07-15 10:03:28 -07:00
Brent Cook b08d1ad8d8
Revert "Land #6812, remove broken OSVDB references"
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
2016-07-15 12:00:31 -05:00
Brendan 3ed6632f88 Let's actually delete the line.... 2016-07-15 08:47:29 -07:00
Brendan db2850b51c Changed the Burp import to import vulns with blank references 2016-07-14 13:03:24 -07:00
David Maloney b6b52952f4
set ssh to non-interactive
have to set the non-interactive flag so that it does not
prompt the user on an incorrect password

MS-1688
2016-07-14 11:12:03 -05:00
David Maloney 01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-14 09:48:28 -05:00
caye ed8fec255e
Fixed dir download. Retry when no network even at the download start 2016-07-12 23:05:50 +00:00
William Vu 277950cc79
Land #6733, psexec StackAdjustment fix 2016-07-12 11:14:16 -05:00
Brent Cook 2b016e0216
Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
Pearce Barry 7b1d9596c7
Land #7068, Introduce 'mettle' - new POSIX meterpreter 2016-07-11 22:38:40 -05:00
Brent Cook 79fd648bbe don't double-encapsulate regexes on normalize 2016-07-11 22:05:00 -05:00
William Vu 108c3961e2 Make sure GATEWAY_PROBE_PORT is 0
This ensures that dst_port is set for UDPSocket#send.
2016-07-11 12:10:46 -05:00
caye a6e92034bf
Added glob to dir_files.entries search - thanks @OJ 2016-07-11 06:22:28 +00:00
caye 3c2f0e814e
'Continue' and 'tries' wget-like options for meterpreter 'download' 2016-07-10 16:24:36 +00:00
Metasploit 48410f3ab2
Bump version of framework to 4.12.13 2016-07-08 10:01:58 -07:00
James Lee 11685b7c6b
Set the server challenge key 2016-07-07 15:00:42 -05:00
James Lee cfb56211e7
Revert "Revert "Land #7009, egypt's rubyntlm cleanup""
This reverts commit 1164c025a2.
2016-07-07 15:00:41 -05:00
Metasploit 82e092c2df
Bump version of framework to 4.12.12 2016-07-05 14:57:43 -07:00
James Lee 1164c025a2 Revert "Land #7009, egypt's rubyntlm cleanup"
This reverts commit d90f0779f8, reversing
changes made to e3e360cc83.
2016-07-05 15:22:44 -05:00
Brent Cook 049b322ae4 add x86 and x64 stagers for mettle 2016-07-05 11:24:54 -05:00
Adam Cammack 0390ed4d6e Add MIPS O32 Linux support (big and little endian) 2016-07-05 11:24:54 -05:00
Adam Cammack 8de508c4e0 Add mettle module for ARM 2016-07-05 11:24:54 -05:00
Adam Cammack 2f3f655352 Add gem for mettle
This adds the gem for the mettle binaries, which contains reflective
payloads for a variety of Linux architectures (and more OSs in the
future)
2016-07-05 11:24:54 -05:00
William Vu 6e7f07f0f3 Fix off-by-one error in #6954
Props to @egypt for noticing. My bad. :-)
2016-07-05 11:12:12 -05:00
David Maloney 5f9f3259f8
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-05 10:48:38 -05:00
David Maloney 7f341336b2
Land #7067, bcook's rex tools fix
this pr fixes rex requires in the various tools that were
disrupted by the new gemification of rex
2016-07-05 10:34:59 -05:00
David Maloney 85937ab839
require new gems inside rex.rb
have the root rex namespace require the new rex gems
to prevent broken requires when things greedily require all of rex
2016-07-05 10:33:45 -05:00
Metasploit 054ac5ac19
Bump version of framework to 4.12.11 2016-07-05 07:49:37 -07:00
Brendan e29d5b9efe
Land #6954, Fix the available size of payload for exploit/.../payload_inject 2016-07-05 07:38:27 -07:00
Brent Cook 5dc7d4b16e
Land #7043, Fix-up double slash handling with the LURI parameter 2016-07-05 01:21:33 -05:00
Brent Cook 85dfec0cf5 minor whitespace 2016-07-05 01:20:54 -05:00
Brent Cook 58e37931c5
Land #7040, Decrease chance of an error when exiting a interactive shell 2016-07-05 01:15:39 -05:00
OJ ef322ab9aa
Land #7066 - revert #6581 as it causes a regression 2016-07-05 16:05:48 +10:00
Brent Cook 4b77de2174
Land #7030, Ensure 'show options' reflects correct values 2016-07-05 00:48:46 -05:00
Brent Cook b9891aab27
Land #7007, Added JCL header data to mainframe payload module 2016-07-05 00:22:20 -05:00