47b1320d08
Add options to cmd_psh_payload
...
Fill in validated datastore options for generating custom PSH
payloads
2016-10-08 14:06:35 -05:00
fb8e025aa5
Force datastore validation by option set
...
cmd_psh_payload relies on datastore options to have a proper
data type down the call chain. When modules are created with string
values for all data store options, a conditional naively checking
what should be a boolean value for false/nil? would return true
for a string representation of "false."
Ensure that datastore options are validated prior to using them
to set variables passed into Rex methods.
2016-10-08 14:06:35 -05:00
f24bfe7d4e
Import Powershell::exec_in_place
...
Allow passing exec_in_place parameter to cmd_psh_payload in order
to execute raw powershell without the commandline wrappers of
comspec or calling the powershell binary itself.
This is useful in contexts such as the web delivery mechanism or
recent powershell sessions as it does not require the creation of
a new PSH instance.
2016-10-08 14:06:35 -05:00
36b989e6d7
Initial import of .NET compiler and persistence
...
Add Exploit::Powershell::DotNet namespace with compiler and
runtime elevator.
Add compiler modules for payloads and custom .NET code/blocks.
==============
Powershell-based persistence module to compile .NET templates
with MSF payloads into binaries which persist on host.
Templates by @hostess (way back in 2012).
C# templates for simple binaries and a service executable with
its own install wrapper.
==============
Generic .NET compiler post module
Compiles .NET source code to binary on compromised hosts.
Useful for home-grown APT deployment, decoy creation, and other
misdirection or collection activities.
Using mimikatz (kiwi), one can also extract host-resident certs
and use them to sign the generated binary, thus creating a
locally trusted exe which helps with certain defensive measures.
==============
Concept:
Microsoft has graciously included a compiler in every modern
version of Windows. Although executables which can be easily
invoked by the user may not be present on all hosts, the
shared runtime of .NET and Powershell exposes this functionality
to all users with access to Powershell.
This commit provides a way to execute the compiler entirely in
memory, seeking to avoid disk access and the associated forensic
and defensive measures. Resulting .NET assemblies can be run
from memory, or written to disk (with the option of signing
them using a pfx cert on the host). Two basic modules are
provided to showcase the functionality and execution pipeline.
Usage notes:
Binaries generated this way are dynamic by nature and avoid sig
based detection. Heuristics, sandboxing, and other isolation
mechanisms must be defeated by the user for now. Play with
compiler options, included libraries, and runtime environments
for maximum entropy before you hit the temmplates.
Defenders should watch for:
Using this in conjunction with WMI/PS remoting or other MSFT
native distributed execution mechanism can bring malware labs
to their knees with properly crafted templates.
The powershell code to generate the binaries also provides a
convenient method to leave behind complex trojans which are not
yet in binary form, nor will they be until execution (which can
occur strictly in memory avoiding disk access for the final
product).
==============
On responsible disclosure: I've received some heat over the years
for prior work in this arena. Everything here is already public,
and has been in closed PRs in the R7 repo for years. The bad guys
have had this for a while (they do their homework religiously),
defenders need to be made aware of this approach and prepare
themselves to deal with it.
2016-10-08 14:05:53 -05:00
1f36583db2
Add zeroSteiner to author.rb
2016-10-07 12:51:22 -05:00
8a6426df48
Bump version of framework to 4.12.32
2016-10-07 10:04:32 -07:00
a0ebf5ea2d
Bump version of framework to 4.12.31
2016-10-06 11:23:08 -07:00
55597d7370
Land #7394 , Gemify rex/exploitation and associated data files into rex-exploitation
2016-10-05 10:55:21 -05:00
2be551cbd3
remove leftover cruft
...
some files that got left behind in previous
gemifications that should have been removed
2016-10-05 09:05:27 -05:00
52f6265d2e
use the new rex-exploitation gem
...
use the new rex-exploitation gem instead of the packaged in lbirary code
cleans up a huge ammount of space in framework
MS-1709
2016-10-05 09:05:27 -05:00
a89607bbdb
Prefer keyword argument
2016-10-04 23:14:14 -05:00
b7ea465855
refresh sysinfo when explicitly requested on a session
2016-10-04 22:06:06 -05:00
af4f3e7a0d
use templates from the gem for psh
...
use the templates now contained within the magical
gem of rex-powershell
7309
MS-2106
2016-10-04 14:14:25 -05:00
a4efa77878
Support driver list, adjust capcom exploit
...
This commit adds MSF-side support for listing currently loaded drivers
on the machine that Meterpreter is running on. It doesn't add a UI-level
command at this point, as I didn't see the need for it. It is, however,
possible to enumerate drivers on the target using the client API.
Also, the capcom exploit is updated so that it no longer checks for the
existence of the capcom.sys file in a fixed location on disk. Instead,
it enumerates the currently loaded drivers using the new driver listing
function, and if found it checks to make sure the MD5 of the target file
is the same as the one that is expected. The has is used instead of file
version information because the capcom driver doesn't have any version
information in it.
2016-10-04 11:27:20 +10:00
3469104f7a
Add localtime command support
2016-10-03 15:18:37 +10:00
039357a714
Land #7387 , checksum command for Meterpreter
2016-10-02 21:35:34 -05:00
63d13f0f49
check if there is a stance set before checking the value
2016-10-02 19:48:49 -05:00
8e09b172f6
Add a meterpreter checksum command
2016-10-01 14:29:35 -04:00
73c11a63b4
Bump version of framework to 4.12.30
2016-09-30 10:03:42 -07:00
e628fab86e
Land #7378 , run zipalign during apk injection process
2016-09-30 12:27:27 +08:00
6241e48b34
Land #7350 , add 'sess' command for direct session switching support
2016-09-29 23:18:53 -05:00
49ed02a203
fix packet parsing when there is partial data
2016-09-29 17:21:59 -05:00
4fdb54e6a1
Fixup transport to work with upstream
...
Differences in transport configuration and the actual payload do
not allow a direct splice of the original files included.
Clean up the payload generator to work with upstream handler,
payload, and transport configuration implementation.
Initial testing shows inbound sessions are created and SSL cert
is now properly attaching to the handler.
2016-09-29 17:21:59 -05:00
a7470991d9
Bring Python reverse_tcp_ssl payload upstream
...
Adds TLS/SSL transport encryption for reverse tcp payloads in
python
2016-09-29 17:21:59 -05:00
b06a3d3c68
Refactor code that calls zipalign on injected APK
2016-09-29 07:49:50 -07:00
e8d99fb3f5
Run zipalign as last step during APK injection process
...
Running zipalign on an APK after signing and before distribution
is considered general best practice. Also, properly aligning an APK
makes it less likely to be flagged as suspicious by mobile security
solutions.
More on zipalign from Google:
https://developer.android.com/studio/command-line/zipalign.html
2016-09-28 20:05:17 -07:00
1689f10890
Land #7292 , add android stageless meterpreter_reverse_tcp
2016-09-28 16:05:22 -05:00
ea625d4ea3
Enhance #7360 , more stance fixes
2016-09-28 13:49:29 -05:00
5a611b0ec4
use the correct scope for the Stance names
2016-09-28 13:48:28 -05:00
b4a1adaf0f
refactor into android.rb
2016-09-28 18:23:34 +08:00
dc43f59dcf
dalvik -> android
2016-09-28 14:50:52 +08:00
8bef4e4ec6
Land #7360 , restore passive?/aggressive? behavior
...
This PR restores the mod.aggressive? and mod.passive? methods to the
implementation prior to 0f7e3e9
2016-09-26 15:05:41 -05:00
5ea1e7b379
Bump version of framework to 4.12.29
2016-09-26 12:06:21 -07:00
a39c4965e4
fix apk injection script to include payload service and receivers
2016-09-26 19:50:10 +08:00
006c749e6a
directly check to match the former definition of aggressive?
2016-09-25 23:57:13 -04:00
743bea912a
fix exploit Passive / Aggressive overrides to do the right thing
2016-09-25 19:57:41 -04:00
00258a4d31
Land #7351 , restore NTLM constant class shortcuts
2016-09-25 12:09:38 -05:00
00c02bb132
Land #7349 , Add initialization of RHOST value prior to calling child check()
2016-09-23 12:28:08 -05:00
3ddf80dd7a
Bump version of framework to 4.12.28
2016-09-23 10:02:37 -07:00
c13ab28a5b
remove debug statement
2016-09-22 16:27:11 +01:00
acb3e66064
fix comments
2016-09-22 16:26:26 +01:00
32c2311b86
android meterpreter_reverse_tcp
2016-09-22 16:26:26 +01:00
2ec87d1f67
check if constant aliases are already set before setting
...
(I'm presuming that was what removing was intended to help with)
2016-09-22 07:12:42 -05:00
4acb29a129
restore NTLM constant class shortcuts
2016-09-22 07:01:38 -05:00
af4b1cf48f
Add the `sess` command to MSF and Meterp shells
...
This new command is a simpler shortcut that allows for moving around sessions much faster from within the console.
* From inside MSF, `sess <id>` is shorthand for `sessions -i <id>`
* From inside Meterp, `sess <id>` is shorthand for `background; sessions -i <id>`
In the latter case, if the session being switched to is the same id, then no swiching happens.
2016-09-22 16:09:59 +10:00
52d0840a79
Land #7276 , fix clipboard tlv usage
2016-09-22 00:47:18 -05:00
b4b709d921
Land #7342 , remove OSVDB links and references from library code - leave in modules
2016-09-22 00:45:05 -05:00
88cef32ea4
Land #7339 , SSH module fixes from net:ssh updates
2016-09-22 00:27:32 -05:00
fda5faf4ed
Land #7346 , route command fixes
...
Also adds session -1 support.
2016-09-21 15:44:24 -05:00
a3e3bbf2b0
Remove unnecessary reference to idx
2016-09-21 12:42:25 -04:00
08836a317d
Fix "route add" error and support using session -1
2016-09-21 12:02:30 -04:00
0671e854a9
Default the route command to printing the table
2016-09-21 10:36:59 -04:00
b0bb5b5806
Added initialization of RHOST value prior to calling child check() functions
2016-09-20 18:18:52 -05:00
4ff8235304
Remove semicolon
2016-09-20 17:57:48 -05:00
8871673ada
Merge branch 'master' of github.com:rapid7/metasploit-framework
2016-09-20 17:48:06 -05:00
53170cca01
msfconsole command
...
resolves #7330
Warns the user if they try to run msfconsole in msfconsole and does not let them do it
2016-09-20 17:46:25 -05:00
1b31e0a63e
remove osvdb links
2016-09-20 14:27:59 -05:00
e315ec4e73
Merge branch 'master' into bug/7321/fix-ssh-modules
2016-09-19 15:27:37 -05:00
06ff7303a6
make pubkey verifier work with old module
...
make the new pubkey verifier class and
the old identify_pubkeys aux module work
together
7321
2016-09-19 15:20:35 -05:00
2f17ae0946
add pubkey_verifier class to framework
...
this class provides a new way to do
public key only verification tests
for SSH
7321
2016-09-19 14:35:59 -05:00
3f5ed75198
Relocate Rex::Platform:Windows content (fixes MS-1714)
2016-09-19 14:34:44 -05:00
27018b421c
Land #7316 , use new rex-encoder gem
2016-09-19 11:59:21 -05:00
4c4f2e45d6
Land #7283 , add jsp payload generator
2016-09-16 14:37:59 -05:00
5acc17a800
Bump version of framework to 4.12.27
2016-09-16 10:02:52 -07:00
332ba47356
refactored blob parsing to get unicode, but break everything else
2016-09-16 11:22:53 -05:00
b21daa7019
Land #7263 , Automatically generate keystore for android apk signing
2016-09-15 22:09:15 -05:00
022ab74f30
See #7089 , add some stray fixups
2016-09-15 18:50:00 -05:00
6686e91ffe
fixup some leftover debug and whitespace issues
2016-09-15 18:39:08 -05:00
50fc3b10f8
Land #7086 , Add 'continue' and 'tries' wget-like options to meterpreter 'download'
2016-09-15 17:48:21 -05:00
7e10b5c482
use new rex-encoder gem
...
remove all the encoidng lbiraries and use the new gem
rex-encoder that contains them now.
MS-1708
2016-09-14 12:07:26 -05:00
e005a3f49b
Land #7300 replace msfrop with the rex-rop_builder gem
...
MS-1722
2016-09-14 11:21:54 -05:00
32998d938f
Bump version of framework to 4.12.26
2016-09-13 16:59:37 -07:00
b5ae287235
ensure that default_name, dns_host_name, and dns_domain_name are set
2016-09-13 18:32:59 -05:00
245237d650
Land #7288 , Add LoginScannerfor Octopus Deploy server
2016-09-13 17:26:56 -05:00
8eb2c926f3
Bump version of framework to 4.12.25
2016-09-13 13:37:08 -07:00
fd3b885d83
replace msfrop with the rex-rop_builder gem
...
moved all of this code into the new gem
MS-1722
2016-09-12 16:06:53 -05:00
8cf62dc4ed
Land #7299 , Set defaults in WordpressMulticall login scanner
2016-09-12 12:26:08 -05:00
aa193bf372
Set defaults in WordpressMulticall login scanner
...
This login scanner would crash it was used like a normal login scanner.
MS-2007
2016-09-12 11:22:15 -05:00
e09fe08983
Land #7278 , fix FTP path traversal scanners
2016-09-12 10:47:36 -05:00
1d4b0de560
Land #6616 , Added an Outlook EWS NTLM login module.
2016-09-09 11:43:52 -05:00
4495b27e67
Land #7254 , Rex::SSLScan Gemification
2016-09-08 13:20:56 -05:00
1b9c37ff78
Merge branch 'master' into feature/MS-1711/rex-nop
2016-09-08 10:48:07 -05:00
a30711ddcd
Land #7279 , Use the rubyntlm gem (again)
2016-09-07 16:33:35 -05:00
17ab04829c
missed the lib/rex/socket.rb file
...
failed to delete this rather important bigt
2016-09-07 11:38:28 -05:00
7857c58655
remove all the left voer cruft
...
remove all the files that got xfered out to the gems
MS-1715
2016-09-07 11:38:28 -05:00
43942e6029
refactor pem parser to use the rex-socket gem version
...
use rex-socket's pem aprser instead of the old one we used
to have in rex::parser
MS-1715
2016-09-07 11:38:27 -05:00
405c59b8b8
move bidirectional pipe into rex/ui/text
...
this didn't really fit with the rest of rex::io and it inherits
from inside rex/ui/text so just put it there
MS-1715
2016-09-07 11:34:04 -05:00
dcf0d74428
Adding module to scan for Octopus Deploy server
...
This module tries to log into one or more Octopus Deploy servers.
More information about Octopus Deploy:
https://octopus.com
2016-09-06 20:52:49 -05:00
c6012e7947
add jsp payload generator
2016-09-06 22:17:21 +02:00
0f30d3a720
Land #7208 , use new rex-bin_tools gem
2016-09-06 13:19:35 -05:00
9d5a276e91
Fix recent metasploit-framework.gemspec conflict.
2016-09-06 13:10:28 -05:00
881effbae9
use the new rex-nop gem
...
transfer the opty2 library to rex-nop
MS-1711
2016-09-06 11:27:06 -05:00
ab6ffcc725
Add tspkg support and fix parsing a little
2016-09-07 02:04:54 +10:00
dd977c0c28
Begin work on parsing mimikatz output and handling more cmds
2016-09-07 01:41:35 +10:00
b701048ce2
Fix data_disconnect to shutdown only if datasocket
...
Seeing people use this with ensure when their data channel was never set
up. This breaks things. :)
2016-09-05 15:54:26 -05:00
f75b5569e5
fix android clipboard tlv usage
2016-09-05 17:24:32 +01:00
58112d7b4d
Bump version of framework to 4.12.24
2016-09-02 10:02:44 -07:00
e36cfa54b1
Use rex-mime gem
...
MS-1710
2016-09-01 11:38:07 -05:00
9ebe18d096
automatically generate keystore for apk signing
2016-09-01 10:19:58 +01:00
bfabb3877c
@void-in suggestions styles
2016-08-31 14:00:35 +02:00
39407dda95
Winpmem meterpreter extension
2016-08-31 11:46:15 +02:00
bd71df55c3
Merge branch 'nessus-bridge-gem' of git://github.com/kost/metasploit-framework into kost-nessus-bridge-gem
...
Also fix minor merge conflict.
2016-08-30 17:25:46 -05:00
029a28c95b
use the new rex-sslscan gem
...
remove old integerated code and replace it
with the gem. done.
MS-1693
2016-08-30 10:43:47 -05:00
fa6d1965fc
missed the lib/rex/socket.rb file
...
failed to delete this rather important bigt
2016-08-30 09:31:52 -05:00
efdf7c4c00
Clipboard now sets 'recursive' download option in new way. Improved download_file compatibility
2016-08-27 01:44:04 +00:00
3545c5f8db
Rebase after #7125 . Changed tries to -l. Added 'opts' for all download options
2016-08-27 00:55:16 +00:00
b1009ab8dc
remove all the left voer cruft
...
remove all the files that got xfered out to the gems
MS-1715
2016-08-26 14:31:27 -05:00
91fe78e9cb
refactor pem parser to use the rex-socket gem version
...
use rex-socket's pem aprser instead of the old one we used
to have in rex::parser
MS-1715
2016-08-26 14:13:38 -05:00
c6b0c0b598
move bidirectional pipe into rex/ui/text
...
this didn't really fit with the rest of rex::io and it inherits
from inside rex/ui/text so just put it there
MS-1715
2016-08-26 13:51:26 -05:00
ea32c313d3
Bump version of framework to 4.12.23
2016-08-26 10:06:44 -07:00
226ded8d7e
Land #6921 , Support basic and form auth at the same time
2016-08-25 16:31:26 -05:00
954dee752b
Sort msfvenom --help-platforms
...
Also sort --help-formats.
2016-08-25 14:02:58 -05:00
250e6676ca
Update crawler with new auth key values.
2016-08-24 16:01:46 -05:00
61f1e7e9c2
Add server_port to HTTP fingerprint
...
MS-1982
2016-08-24 13:24:24 -05:00
03e14ec86f
Land #7232 , Net::SSH Regression Fixes
...
Fixes #7160
Fixes #7175
Fixes #7229
2016-08-23 14:53:42 -05:00
95b82219a3
Land #7233 , ssh over L# pivot
...
this lands egypt's fix for using Net::SSH over L# pivots
2016-08-23 14:12:54 -05:00
222c85c343
Land #7223 , Unvendor openvas-omp gem
2016-08-23 13:40:39 -05:00
b4a7562054
Use getpeername_as_array instead of peerinfo
...
`peerinfo` is intended to be human-readable and can be things like
"Remote Pipe" so splitting it here is the wrong thing to do.
2016-08-22 14:20:53 -05:00
bcf0062d47
Make SocketInterface things be Rex::Sockets
2016-08-22 14:17:00 -05:00
3b3b4723c2
Land #7231 , Fix Android Meterpreter command autoload and sysinfo
2016-08-22 12:22:43 -05:00
455ba42f5b
Land #7218 , Add new post-exploitation APIs for stealing access tokens
2016-08-22 10:55:42 -05:00
b6dff719f3
add a hard require to the ssh mixin
...
added hard require for SSHFactory into the ssh exploit mixin
this should prevent any laod-order bugs from cropping up again
2016-08-22 09:56:07 -05:00
3955c4332d
fix android autoload commands and sysinfo
2016-08-22 14:53:58 +01:00
4478136065
Unvendor openvas-omp gem
...
MS-1718
2016-08-19 15:14:32 -05:00
87d34cfbba
Bump version of framework to 4.12.22
2016-08-19 10:02:28 -07:00
265adebd50
Fix typo
2016-08-19 10:44:24 -05:00
3d4d7aae14
Add ps -c to show child processes of current shell
2016-08-18 19:23:21 -05:00
0f4d26af19
Update yard doc
2016-08-18 17:18:16 -05:00
2a61450511
Add new POST exploitation APIs for stealing a token
2016-08-18 17:08:21 -05:00
91417e62a8
Cleanup docs
2016-08-18 10:40:32 -05:00
bc9a402d9e
Land #7214 , print_brute ip:rport fix
2016-08-17 22:48:40 -05:00
667c3566e5
Land #7209 , Add functionality to pull .NET versions on Windows hosts
2016-08-17 12:48:05 -05:00
b37dc8ea27
Land #7210 , allow send_request_cgi to close a non-global socket
2016-08-16 22:54:23 -05:00
b25b2a5188
Cleaned up code per suggestions in the PR
2016-08-16 16:16:25 -05:00
5f8ef6682a
Fix #7202 , Make print_brute print ip:rport if available
...
Fix #7202
2016-08-16 15:34:30 -05:00
e70402a130
use the platform string verbatim on windows meterpreter
2016-08-15 23:50:57 -05:00
498657ab35
Fix #3860 , tearing down TCP connection for send_request_cgi
...
Fix #3860
2016-08-15 15:45:52 -05:00
0778b77f7b
Cleaned up a little
2016-08-15 12:20:28 -07:00
d2a6c2e9ca
move rex bintools into new gem
...
move all the *scan *parsey code out into
the new rex-bin_tools gem
MS-1691
2016-08-15 14:01:43 -05:00
7730e0eb27
Added ability to retrieve .NET versions
2016-08-15 11:29:00 -07:00
906d480264
Added dotnet require
2016-08-15 11:06:29 -07:00
46e4ee4c5b
Start using gem instead of obsolete library/tool
...
Rationale is following:
nessus-cli is obsolete
nessus is using json rest api instead of xmlrpc
xmlrpc name is therefore obsolete
Solution: with minimal changes start using nessus_rest gem.
2016-08-14 17:57:33 +02:00
1e7663c704
Land #7200 , Rex::Ui::Text cleanup
2016-08-12 16:22:55 -05:00
0fd833676e
remove unnedded codepage.map
...
this file got mvoed to rex-text earlier
2016-08-12 13:41:31 -05:00
4e678e4ce6
fix help table
...
there was a bad class refernece here that
needed to be cleaned up
MS-1875
2016-08-12 13:33:41 -05:00
a6ba386728
Bump version of framework to 4.12.21
2016-08-12 10:02:36 -07:00
6a035b7e48
Land #7161 , add specs for cisco mixin to use Metasploit Credentials
2016-08-12 10:07:17 -05:00
6386d9daca
Land #7178 , Add a method to check the Powershell version
2016-08-11 11:02:41 -05:00
e08c4a8bef
Remove .Net check
...
cmd_exec doesn't seem to be the best way to go because there is
some issue grabbing the output sometimes.
2016-08-11 10:49:06 -05:00
42d6c9443d
remove unused ProgressTracker class
...
not sure if this was ever used, but it is certainly not being used
by anything now, so let's remove it
MS-1875
2016-08-11 10:35:10 -05:00
8489485cfd
move Rex::Ui::Text::Color out to rex::text gem
...
moved the text ansi color library out to the rex-text gem
MS-1875
2016-08-11 10:28:09 -05:00
d57e4d6349
Bump version of framework to 4.12.20
2016-08-10 15:30:37 -07:00
09ad342b67
Merge branch 'master' into feature/MS-1875/rex-table
2016-08-10 15:58:27 -05:00
3851db7bcb
Use powershell when possible
2016-08-10 15:14:11 -05:00
1cb01ee876
remove architecture fidling from platform string for now
2016-08-10 14:46:48 -05:00
eb73a6914d
replace old rex::ui::text::table refs
...
everywhere we called the class we have now rewritten it
to use the new namespace
MS-1875
2016-08-10 13:30:09 -05:00
3f530f1896
remove rex::ui::text:table
...
remove the class from msf, and update the rex-text
gem to pull the code in under the new version at Rex::Text::Table
modify all requires appropriately
MS-1875
2016-08-10 13:24:25 -05:00
b027176799
Land #7156 , use windows_error gem for constants
2016-08-10 11:47:37 -05:00
280216d74d
Bump version of framework to 4.12.19
2016-08-09 14:49:58 -07:00
ae59c4ae74
Land #6687 , Fix meterpreter platform to include OS in the tuple for all meterpreters
2016-08-07 05:00:24 -05:00
009089ead7
Land #7183 , Fix #7170 Add HttpTrace option for HttpClient
2016-08-05 22:36:28 +02:00
4055fd1930
Do e.message instead of e.to_s
2016-08-05 14:12:50 -05:00
d59b6d99ee
Make the debug output more readable
2016-08-05 13:20:53 -05:00
e7aa658893
Bump version of framework to 4.12.18
2016-08-05 10:05:03 -07:00
766c0cc539
return nil if no .Net is installed
2016-08-05 11:36:32 -05:00
a8d9a5c02c
Print exceptions if needed
2016-08-04 18:14:22 -05:00
7538b3dcf8
Fix #7170 , Add HttpTrace option for HttpClient
...
Fix #7170
2016-08-04 16:09:17 -05:00
11f94a6efc
Do a different wmic query for newer systems
2016-08-04 14:50:46 -05:00
3ea3d95744
Add methods to check .Net and Powershell versions
2016-08-03 17:49:15 -05:00
f9a7d34089
Initial work to support the new kiwi extension
2016-08-02 19:12:24 +10:00
4c12c2f6c5
Improve Meterpreter ps -A experience
...
This allows us to use "x64" instead of "x86_64" in ps -A.
2016-07-31 17:19:57 -07:00
8bda3c6382
Land #7121 , Don't clobber nil strings when there are empty strings in the config file
2016-07-29 15:49:11 -05:00
190bac6e0a
Bump version of framework to 4.12.17
2016-07-29 10:02:06 -07:00
5a1cd24350
finishing converting the last of this to credentials
2016-07-29 09:58:17 -05:00
0972005b24
updating 'ppp.*username secret'
2016-07-29 09:58:17 -05:00
1d33c9aa88
updating specs upto 'username secret'
2016-07-29 09:58:17 -05:00
73b362cade
updating more spec
2016-07-29 09:58:16 -05:00
b66621af0d
adding in a blank service_name
...
fixing myworkspace
2016-07-29 09:58:16 -05:00
219f9d5d57
updating parts of cisco to use creds
2016-07-29 09:58:15 -05:00
40240662db
converting enable password to create_credentials
2016-07-29 09:58:15 -05:00
8ad38aec2f
Land #7109 , Add final filesize to msfvenom output
2016-07-29 09:24:10 -05:00
ee40c9d809
Land #6625 , Send base64ed shellcode and decode with certutil (Actually MSXML)
2016-07-28 13:01:05 -07:00
2525eab996
persistance -> persistence
2016-07-28 12:56:04 -07:00
1f5fbd4a67
Put remaining consts in exploit mixin...
2016-07-27 17:43:29 -05:00
05afaa1162
Pull in consts from rex-arch gem...
2016-07-27 17:43:17 -05:00
bdf073516b
Switch errors over to windows_error gem...
2016-07-27 17:43:00 -05:00
2a703d6cec
Move LOG_* and LEV_* defs out of constants.rb...
2016-07-27 17:42:42 -05:00
5b8b15e578
update global constants to allow for windows 10
2016-07-27 12:45:05 -05:00
af137f3ec3
Land #7127 , Fix #6989 , scanner modules printing RHOST in progress messages
2016-07-27 09:16:08 -07:00
3987c2c0d8
cache sysinfo (we use it a lot, it will not change)
2016-07-27 08:49:19 -05:00
9cb4880747
allow process architecture to be a string (allow more than x86)
2016-07-27 08:49:19 -05:00
a0c42f5dd2
Add wordpress_url_uploads
2016-07-26 19:10:19 -05:00
cce1ae6026
Fix #6989 , scanner modules printing RHOST in progress messages
...
Fix #6989
2016-07-25 23:15:59 -05:00
f7562c09b2
Land #7125 , Add timestamping to downloaded files
...
Fixes MS-1744.
2016-07-25 22:24:53 -05:00
c35e7fb63f
Land 7124, Remove unwanted <ruby> tag while generating module doc code
2016-07-25 21:11:21 -05:00
bebff786b7
Add timestamping to downloaded files
2016-07-25 17:18:27 -05:00
21f5da29d4
Remove unwanted <ruby> tag while generating module doc code
2016-07-25 15:38:59 -05:00
1b6bd927d0
Rex::OLE is now rex-ole gem, fixes MS-1712
2016-07-25 14:05:48 -05:00
b1efd4e749
fix VAR=VAL loading from config
2016-07-23 00:26:18 -04:00
dbbe6a831a
Land #7111 , rex-arch gem
2016-07-22 14:55:51 -05:00
4cbb3bb9b6
Bump version of framework to 4.12.16
2016-07-22 10:02:00 -07:00
bc42ac5761
Fix #7117 by fixing stack offset
2016-07-21 20:48:08 -05:00
390f69313a
Fix grammar in browser_exploit_server
2016-07-21 11:51:10 -05:00
01f08da345
Use rex-arch gem
...
MS-1703
2016-07-20 16:42:41 -05:00
b58931f803
Avoid error when generated payload is nil.
2016-07-19 23:43:38 -05:00
a54945c82c
whitespace
2016-07-19 17:07:17 -05:00
ff63e6e05a
Land #7018 , unvendor net-ssh
2016-07-19 17:06:35 -05:00
e90e6c4885
Use format check instead of length.
2016-07-19 09:38:09 -05:00
d6fd2a49d4
Add final filesize, useful when using different formats.
2016-07-19 02:41:37 -05:00
8d8e1f80f5
Land #7102 , remove struct2 code in favor of rex-struct2
2016-07-18 11:44:17 -05:00
b954b6d5c1
Bump version of framework to 4.12.15
2016-07-18 08:42:20 -07:00
6d8dd24e41
Land #7104 , Update ActiveRecord syntax for framework db cred iteration
2016-07-17 17:57:06 -05:00
01c5662b61
Land #7100 , Change Burp import to allow blank references
2016-07-17 17:35:46 -05:00
2041870e62
Update ActiveRecord syntax for framework db credential iteration
2016-07-15 22:01:54 -05:00
20d7e9a7a7
remove old struct2 code in favour of gem
...
use the new rex-struct2 gem and remove the code form it's old location
MS-1782
2016-07-15 16:01:21 -05:00
b13d0f879a
Bump version of framework to 4.12.14
2016-07-15 10:03:28 -07:00
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e02167b1d9596c7
2016-07-15 12:00:31 -05:00
3ed6632f88
Let's actually delete the line....
2016-07-15 08:47:29 -07:00
db2850b51c
Changed the Burp import to import vulns with blank references
2016-07-14 13:03:24 -07:00
b6b52952f4
set ssh to non-interactive
...
have to set the non-interactive flag so that it does not
prompt the user on an incorrect password
MS-1688
2016-07-14 11:12:03 -05:00
01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-14 09:48:28 -05:00
ed8fec255e
Fixed dir download. Retry when no network even at the download start
2016-07-12 23:05:50 +00:00
277950cc79
Land #6733 , psexec StackAdjustment fix
2016-07-12 11:14:16 -05:00
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
7b1d9596c7
Land #7068 , Introduce 'mettle' - new POSIX meterpreter
2016-07-11 22:38:40 -05:00
79fd648bbe
don't double-encapsulate regexes on normalize
2016-07-11 22:05:00 -05:00
108c3961e2
Make sure GATEWAY_PROBE_PORT is 0
...
This ensures that dst_port is set for UDPSocket#send.
2016-07-11 12:10:46 -05:00
a6e92034bf
Added glob to dir_files.entries search - thanks @OJ
2016-07-11 06:22:28 +00:00
3c2f0e814e
'Continue' and 'tries' wget-like options for meterpreter 'download'
2016-07-10 16:24:36 +00:00
48410f3ab2
Bump version of framework to 4.12.13
2016-07-08 10:01:58 -07:00
11685b7c6b
Set the server challenge key
2016-07-07 15:00:42 -05:00
cfb56211e7
Revert "Revert "Land #7009 , egypt's rubyntlm cleanup""
...
This reverts commit 1164c025a2
2016-07-07 15:00:41 -05:00
82e092c2df
Bump version of framework to 4.12.12
2016-07-05 14:57:43 -07:00
1164c025a2
Revert "Land #7009 , egypt's rubyntlm cleanup"
...
This reverts commit d90f0779f8e3e360cc83
2016-07-05 15:22:44 -05:00
049b322ae4
add x86 and x64 stagers for mettle
2016-07-05 11:24:54 -05:00
0390ed4d6e
Add MIPS O32 Linux support (big and little endian)
2016-07-05 11:24:54 -05:00
8de508c4e0
Add mettle module for ARM
2016-07-05 11:24:54 -05:00
2f3f655352
Add gem for mettle
...
This adds the gem for the mettle binaries, which contains reflective
payloads for a variety of Linux architectures (and more OSs in the
future)
2016-07-05 11:24:54 -05:00
6e7f07f0f3
Fix off-by-one error in #6954
...
Props to @egypt for noticing. My bad. :-)
2016-07-05 11:12:12 -05:00
5f9f3259f8
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-05 10:48:38 -05:00
7f341336b2
Land #7067 , bcook's rex tools fix
...
this pr fixes rex requires in the various tools that were
disrupted by the new gemification of rex
2016-07-05 10:34:59 -05:00
85937ab839
require new gems inside rex.rb
...
have the root rex namespace require the new rex gems
to prevent broken requires when things greedily require all of rex
2016-07-05 10:33:45 -05:00
054ac5ac19
Bump version of framework to 4.12.11
2016-07-05 07:49:37 -07:00
e29d5b9efe
Land #6954 , Fix the available size of payload for exploit/.../payload_inject
2016-07-05 07:38:27 -07:00
5dc7d4b16e
Land #7043 , Fix-up double slash handling with the LURI parameter
2016-07-05 01:21:33 -05:00
85dfec0cf5
minor whitespace
2016-07-05 01:20:54 -05:00
58e37931c5
Land #7040 , Decrease chance of an error when exiting a interactive shell
2016-07-05 01:15:39 -05:00
ef322ab9aa
Land #7066 - revert #6581 as it causes a regression
2016-07-05 16:05:48 +10:00
4b77de2174
Land #7030 , Ensure 'show options' reflects correct values
2016-07-05 00:48:46 -05:00
b9891aab27
Land #7007 , Added JCL header data to mainframe payload module
2016-07-05 00:22:20 -05:00
9b4028d2d7
Revert #6581 , it causes regressions
...
We need a more clever solution without breaking HttpUnknownRequestResponse.
2016-07-05 00:11:15 -05:00
2e97a08954
Land #7046 , Pad host field in notes -d command
2016-07-01 10:14:45 -05:00
02d40eb576
Land #7044 , Pass exploit SRVPORT in BrowserAutopwn2
2016-07-01 09:49:05 -05:00
4b01213fb5
Rewrite the logic to be positive
...
unless is the devil. unless/else doubly so.
2016-07-01 09:15:42 -05:00
6e1b6e96a9
Land #7032 , rm -rf lib/rex/encoders
...
Dead code!
2016-06-30 16:32:14 -05:00
f0cd25dcee
Land #7035 , lib/sshkey* swap to gem
2016-06-30 16:25:27 -05:00
343f4010bd
Prefer newer hash syntax
2016-06-30 15:43:06 -05:00
dbcdc300e5
Fix #7019 , Pad host field in notes -d command
...
The notes -d command is always expecting a host address, but
fileformat exploits don't have this type of information when the
exploit file is generated, therefore there isn't enough fields
provided for Rex table.
Fix #7019
2016-06-30 15:38:58 -05:00
118caa13bf
Fix #7021 , Pass exploit SRVPORT in BrowserAutopwn2
...
In BrowserAutoPwn2, the mixin forgets to pass the SRVPORT datastore
option to the exploits, so they always use the default 8080. As a
result, if a different SRVPORT is set, BAP2 would be serving the
target machine with bad exploit links.
Fix #7021
2016-06-30 14:20:53 -05:00
23399326c2
Fix up double slashes, tweak syntax
2016-06-30 12:56:29 -05:00
0a85f1d233
Fix an error when exiting a interactive shell
2016-06-30 16:19:10 +09:00
5e39f895cf
Fix exception on msf 'db_export' cmd (see #7008 )
...
Users reported (in GitHub issue #7008 ) hitting an exception when attempting to export the contents of the msf database (i.e. workspaces, hosts, events, etc.) via the 'db_export' command. After some digging, it appears there were a few ActiveRecord changes with the new Rails upgrade that require a couple mods to the way we are querying.
2016-06-29 16:02:31 -05:00
80563b2c0f
Merge branch 'master' into feature/MS-1700/sshkey-gem
2016-06-29 09:44:57 -05:00
a796a1bc63
wierd namespace issues?
2016-06-28 16:13:49 -05:00
2dba09a9ce
unvendor sshkey gem
...
use the actual maintained gem rather than our vendored
copy
MS-1700
2016-06-28 16:10:48 -05:00
dcddd2d671
use the bit-struct gem
...
removed vendored copy of bit-struct and use the gem
instead
MS-1699
2016-06-28 15:58:47 -05:00
39fa8bf2d4
missing require
2016-06-28 15:40:56 -05:00
3d93c55174
move sshfactory into a mixin method
...
use a convience method to DRY up creation
of the SSHFactory inside modules. This will make it easier
to apply changes as needed in future. Also changed msframework attr
to just framework as per our normal convention
MS-1688
2016-06-28 15:23:12 -05:00
ee2d1d4fdc
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-06-28 15:00:35 -05:00
356f4fd54d
delete deprecated lib/rex/encoders
...
this directory is all dead code and has been replaced with
the lib/rex/encoder directory. these files should have been
purge a long time ago for cleanlieness
MS-1692
2016-06-28 14:43:39 -05:00
0a83b34a85
Land #7025 , dev's PR for rex-java
...
lands the pr for moving Rex::Java into it's own gem
2016-06-28 14:40:02 -05:00
d90f0779f8
Land #7009 , egypt's rubyntlm cleanup
...
Land egypt's PR to replace all of our NTLM code with
the rubyntlm gem
2016-06-28 14:15:34 -05:00
97f9ca4028
Merge branch 'master' into egypt/ruby-ntlm
2016-06-28 14:14:56 -05:00
e3e360cc83
Bump version of framework to 4.12.10
2016-06-28 12:13:26 -07:00
d5d0b9e9b8
Revert "Land #6729 , Speed up the datastore"
...
This reverts commit c6b1955a5a4fb7472391
2016-06-28 13:39:52 -05:00
0660880332
Ensure 'show options' reflects correct values.
...
Small fix here to ensure that, even when boolean 'option' variables have a default value of 'true', that their current value is correctly reflected via the 'show options' command. This change should play fine with all other option variable types, I believe.
Current behavior:
```
msf > use auxiliary/gather/darkcomet_filedownloader
msf auxiliary(darkcomet_filedownloader) > show options
Module options (auxiliary/gather/darkcomet_filedownloader):
Name Current Setting Required Description
---- --------------- -------- -----------
BRUTETIMEOUT 1 no Timeout (in seconds) for bruteforce attempts
KEY no DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)
LHOST 0.0.0.0 yes This is our IP (as it appears to the DarkComet C2 server)
NEWVERSION true no Set to true if DarkComet version >= 5.1, set to false if version < 5.1
RHOST 0.0.0.0 yes The target address
RPORT 1604 yes The target port
STORE_LOOT true no Store file in loot (will simply output file to console if set to false).
TARGETFILE no Target file to download (assumes password is set)
msf auxiliary(darkcomet_filedownloader) > set STORE_LOOT false
STORE_LOOT => false
msf auxiliary(darkcomet_filedownloader) > get STORE_LOOT
STORE_LOOT => false
msf auxiliary(darkcomet_filedownloader) > set NEW_VERSION false
NEW_VERSION => false
msf auxiliary(darkcomet_filedownloader) > get NEW_VERSION
NEW_VERSION => false
msf auxiliary(darkcomet_filedownloader) > show options
Module options (auxiliary/gather/darkcomet_filedownloader):
Name Current Setting Required Description
---- --------------- -------- -----------
BRUTETIMEOUT 1 no Timeout (in seconds) for bruteforce attempts
KEY no DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)
LHOST 0.0.0.0 yes This is our IP (as it appears to the DarkComet C2 server)
NEWVERSION true no Set to true if DarkComet version >= 5.1, set to false if version < 5.1
RHOST 0.0.0.0 yes The target address
RPORT 1604 yes The target port
STORE_LOOT true no Store file in loot (will simply output file to console if set to false).
TARGETFILE no Target file to download (assumes password is set)
```
New behavior with this change:
```
msf > use auxiliary/gather/darkcomet_filedownloader
msf auxiliary(darkcomet_filedownloader) > show options
Module options (auxiliary/gather/darkcomet_filedownloader):
Name Current Setting Required Description
---- --------------- -------- -----------
BRUTETIMEOUT 1 no Timeout (in seconds) for bruteforce attempts
KEY no DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)
LHOST 0.0.0.0 yes This is our IP (as it appears to the DarkComet C2 server)
NEWVERSION true no Set to true if DarkComet version >= 5.1, set to false if version < 5.1
RHOST 0.0.0.0 yes The target address
RPORT 1604 yes The target port
STORE_LOOT true no Store file in loot (will simply output file to console if set to false).
TARGETFILE no Target file to download (assumes password is set)
msf auxiliary(darkcomet_filedownloader) > set STORE_LOOT false
STORE_LOOT => false
msf auxiliary(darkcomet_filedownloader) > get STORE_LOOT
STORE_LOOT => false
msf auxiliary(darkcomet_filedownloader) > set NEWVERSION false
NEWVERSION => false
msf auxiliary(darkcomet_filedownloader) > get NEWVERSION
NEWVERSION => false
msf auxiliary(darkcomet_filedownloader) > show options
Module options (auxiliary/gather/darkcomet_filedownloader):
Name Current Setting Required Description
---- --------------- -------- -----------
BRUTETIMEOUT 1 no Timeout (in seconds) for bruteforce attempts
KEY no DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)
LHOST 0.0.0.0 yes This is our IP (as it appears to the DarkComet C2 server)
NEWVERSION false no Set to true if DarkComet version >= 5.1, set to false if version < 5.1
RHOST 0.0.0.0 yes The target address
RPORT 1604 yes The target port
STORE_LOOT false no Store file in loot (will simply output file to console if set to false).
TARGETFILE no Target file to download (assumes password is set)
```
2016-06-28 13:12:34 -05:00
c2f3d411c3
Replace rex/java with rex-java gem
2016-06-27 14:52:49 -05:00
fd07da3519
Bump version of framework to 4.12.9
2016-06-27 11:54:04 -07:00
058115c21f
Land #7015 , sdavis' swagger exploit
2016-06-24 16:13:51 -05:00
5d4cc7ab40
Add nodejs to list of defaults
2016-06-24 16:06:50 -05:00
5bc513d6cd
get ssh sessions working properly
...
ssh sessions now working correctly
MD-1688
2016-06-24 12:14:48 -05:00
3e94abe555
put net:ssh::commandstream back
...
this was apparently our own creation for doing
ssh sessions
MD-1688
2016-06-22 15:02:36 -05:00
6072697126
continued
2016-06-22 14:54:00 -05:00
140621ad9b
start to move to canonical net-ssh
...
removed vendored net::ssh
pulled in net:ssh gem
made Rex::Socket::SSHFactory clas to bridge rex sockets in
Renamed getpeername to getpeername-as_array to not override
core socket behaviour
MS-1688
2016-06-22 14:52:33 -05:00
0126ec61d8
Style
2016-06-22 10:15:23 -05:00
b3f59ebd19
Whitespace
2016-06-22 10:15:23 -05:00
07f7e5e148
Convert non-loginscanner MSSQL to rubyntlm
2016-06-22 10:15:22 -05:00
4b3f6c5d29
Use rubyntlm for mssql login scanner
2016-06-22 10:15:22 -05:00
039e8f5899
Use rubyntlm for HTTP Negotiate auth
2016-06-22 10:15:22 -05:00
c2a063c8ae
Start using rubyntlm for ssp auth
2016-06-22 10:15:16 -05:00
1e053c110a
Merge branch 'master' into feature/rex-cleanup/first-gems
2016-06-22 09:20:44 -05:00
3842753ce4
Added JCL header data to mainframe payload module
...
Currently any existing and future JCL payload has to have a 'job card'
basically data that defines the job to z/OS. It has information about
the job's owner, place it will run, output creation, etc. All JCL
shares the same job card format. As such, creating a shared payload
method that allows this text to be imported into any JCL payload.
Additionally, that job card is now parameterized, allowing the
exploit/payload user to edit these job card values-as this may be needed
in order to run the job sucessfully on any given system.
This PR sets up the mf module - next PRs will update the existing
payloads to use this module.
2016-06-21 22:06:44 -05:00
69e2d05a5d
rip out old rex code and replace with gems
...
rex-text, rex-random_identifier, rex-powershell, rex-zip, and rex-registry
are now being pulled in as gems instead of part of the spgehtti code that is lib/rex
2016-06-21 13:56:36 -05:00
bf36b2c58e
Fix preamble in bind_php to include php tag+escape
2016-06-21 10:07:42 +10:00
129b449355
Add Msf::Util::EXE.to_zip
...
This adds a new method in Msf::Util::EXE to be able to create a
zip file with an array of binary data.
2016-06-20 13:36:59 -05:00
98ad2489db
Land #6970 , #make_fast_nops for HUGE nop chunks
2016-06-17 12:56:26 -05:00
c6b1955a5a
Land #6729 , Speed up the datastore
2016-06-15 17:55:42 -05:00
f5bfc84453
Land #6977 , Add a more verbose message when generating module documentation
2016-06-15 14:55:55 -07:00
78775f7833
first attempt at 6964
2016-06-15 07:44:32 -04:00
563b8206c5
Land #6962 , Apache Continuum Exploit
2016-06-13 16:41:53 -05:00
337e48dc07
Create #make_fast_nops for huge NOP chunks
...
This creates a new method called #make_fast_nops for exploits that
actually need large chunks of NOPs.
2016-06-13 15:25:46 -05:00
f7d261516d
Land #6968 , get_uri URIPORT fix (again)
2016-06-13 10:52:29 -05:00
b7139da624
Clean up whitespace
2016-06-13 10:51:38 -05:00
776dd57803
get_uri missing port fix
2016-06-12 19:27:34 -05:00
7831cb53c5
print status of opening browser at file
2016-06-11 21:13:31 -04:00
5adc360b2a
Make opts truly optional
2016-06-10 20:35:40 -05:00
fd4a51cadb
Bump version of framework to 4.12.8
2016-06-10 10:01:27 -07:00
0d7b587b5d
Avoid printing rhost:rport from AuthBrute
...
When AuthBurte is mixed with other modules using the TCP mixin,
rhost:rport is printed twice. This info should come from the
protocol level mixin.
2016-06-08 14:32:58 -05:00
815685992a
Bump version of framework to 4.12.7
2016-06-07 13:14:34 -07:00
6d72b5b19f
Land #6946 Fix a bug with OptPort validation when not req
2016-06-07 14:43:10 -05:00
53b989f283
fix normalisation so we don't coerce to 0
...
don't coerce nil to 0
2016-06-07 14:29:13 -05:00
16030cda30
simpler fix
...
talking with adam shows that there is a simpler solution
to this problem
2016-06-07 14:13:10 -05:00
9de27e0b9c
add more specific normalise method to otpport
...
add a normalise method that prevents emtpy string
from being converted to 0 for OptPort avoiding
a bad behaviour
2016-06-07 14:03:34 -05:00
27b5d961fd
fixes a bug with OptPort validation when not req
...
OptPort lost the check for whether the option was required causing it
to incorrectly return false in certain cases
MS-1633
2016-06-07 13:48:57 -05:00
d3a13f4b0c
Merge pull request #6942 from acammack-r7/bug/MS-1517/fix-acunetix-again
...
Fix Acunetix import with a blacklist
2016-06-05 23:00:48 -05:00
08f1e68487
Fix Acunetix import with a blacklist
...
If a host is blacklisted, we won't create the service for it. If we
don't create the service, we don't want to create entries for the web
pages.
MS-1517
2016-06-03 19:40:29 -05:00
da532ecc5e
Land #6919 , Move LURI into a full URI for a new 'Payload opts" column in jobs output
2016-06-03 13:57:47 -05:00
e0cf4721c5
Land #6927 , Fix exception handling in #exploit_simple
2016-06-02 11:15:25 -05:00
ffa4177575
missed a few joins
...
missed a few joins statements before
MS-1593
2016-06-01 15:32:51 -05:00
2047475901
host tags commands eagerloaded instead of joining
...
someone tried to fix a rails deprecation warning by doing an
eager load, but caused an actual exception instead. switching to
propper joins makes everything work properly
MS-1593
2016-06-01 13:50:38 -05:00
a27d10c200
fixes the exception handling in #exploit_simple
...
The exception handling in the #exploit_simple method tries to set
error on exploit but exploit is defined within the begin block
causing a noMethodError on nilClass
MS-1608
2016-05-31 11:46:05 -05:00
c35322ec3f
Bump version of framework to 4.12.6
2016-05-30 22:34:13 -07:00
61f9cc360b
Correct casing - should be HttpUsername and HttpPassword
2016-05-27 18:31:54 -05:00
4dcddb2399
Fix #4885 , Support basic and form auth at the same time
...
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.
Fix #4885
2016-05-27 16:25:42 -05:00
f7382f5b3b
Make `jobs` display a full uri
...
Addresses the problem of LURI taking the place of URIPATH, which has
different semantics.
See #4623
2016-05-27 11:15:12 -05:00
00b18c8ac5
Land #6917 , Fix minor issues with the RC4 stager
2016-05-26 10:12:54 -05:00
a3d2cba698
Land #6906 , Improve msfvenom error handling and spec coverage
2016-05-26 07:58:37 -05:00
96c459c71d
fix #6915 , handle nil payloads and alert to the user
2016-05-26 07:22:09 -05:00
8612eaa553
remove senduuid for now, give RC4PASSWORD a default
2016-05-26 06:34:51 -05:00
c65401026a
wip fixup rc4
2016-05-25 06:17:02 -05:00
05680ab6f3
Land #6887 , add a missing postgresql 9.4.1-5 matching case
2016-05-24 22:19:03 -05:00
5921ac7b47
Add a spec and fix ReverseHttp#luri
2016-05-24 17:22:14 -05:00
3dfdf1d936
Land #6528 , tilde expansion and more for OptPath
2016-05-24 16:01:59 -05:00
a23ce05752
File.exists? must cease to exist
2016-05-24 13:53:26 -07:00
14cb85250e
Land #6912 , use the correct variable for cookie expiration in BAP2
2016-05-24 14:19:03 -05:00
ff4d150449
Show IP for print_*
2016-05-24 14:12:54 -05:00
b5987e1d51
Land #6907 , Fix check command with an IP or IP range
2016-05-24 11:37:56 -05:00
9807f9b796
Move Rex::Job into its own file
2016-05-24 11:24:47 -05:00
54f4389d31
Bump version of framework to 4.12.5
2016-05-24 08:54:14 -07:00
77a62ff7c0
Land #6905 RC4 Stagers
2016-05-24 09:34:32 -05:00
43f79f34a9
Removed superfluous instruction
2016-05-24 09:03:14 -05:00
3bc020178f
use the correct variable for cookie expiration
2016-05-24 07:16:55 -05:00
76e8e8f6c7
really fix regex
2016-05-23 20:08:38 -05:00
eb26202961
fix regex
2016-05-23 17:33:06 -05:00
d0b87131a9
fixing import of zip workspace
...
MS-1528
2016-05-23 16:09:22 -05:00
6af9a093d2
update bool
2016-05-23 15:48:03 -05:00
5e059e0c5b
updating the error message
...
changing the exception to be a little more specific.
2016-05-23 15:40:32 -05:00
d3cdcd5f99
Having the payload generator check the payload size
...
Payload generator will raise an error if the payload is larger then the size option
2016-05-23 15:17:41 -05:00
fe1b24e666
allow nil assignment to the datastore
2016-05-23 14:56:19 -05:00
f29463f119
include {peer} in the context of the command dispatcher
2016-05-23 14:55:58 -05:00
RageLtMan
William Vu
Metasploit
dmohanty-r7
David Maloney
Brent Cook
OJ
Spencer McIntyre
Tim
dana-at-cp
Jeffrey Martin
HD Moore
Pearce Barry
Brendan
“Brian
wchen-r7
Adam Cammack
james-otten
Christian Mehlmauer
Danil Bazin
caye
James Lee
William Webb
Tim Wright
Brent Cook
Vlatko Kosturjak
darkbushido
Rich Whitcroft
scriptjunkie
forzoni
ssyy201506
Louis Sato
Bigendian Smalls
thao doan
h00die
Trenton Ivey
Brian Patterson
James Barnett
Jon Hart