OJ
4635bb83c3
Implement ssl verification toggling
...
Add support to meterpreter that allows for the querying and toggling of
SSL certificate verification on the fly.
In order to verify that the socket was SSL-enabled, some rejigging had
to be done of the type? method in the ssl socket class.
2015-04-06 14:40:59 +10:00
HD Moore
3c59519811
Add PayloadUUIDRaw for manual PUID specification
2015-04-05 23:25:52 -05:00
HD Moore
96f8a45b0d
Additional yardoc comments for the UUID class
2015-04-05 23:16:24 -05:00
HD Moore
8bcdddfd04
Fix yardoc comment, thanks @void-in!
2015-04-05 22:09:35 -05:00
jvazquez-r7
261ef51813
Add Rex::Java::Serialization exceptions
2015-04-05 18:43:03 -05:00
jvazquez-r7
2e52817b24
Add DecodeError
2015-04-05 18:16:19 -05:00
jvazquez-r7
85a70d401b
Introduce Rex::Proto::Rmi::DecodeError
2015-04-05 18:15:04 -05:00
jvazquez-r7
3570fc586f
Use constants for JMX serial version uids
2015-04-05 16:23:39 -05:00
jvazquez-r7
46a225cbec
Don't store Exception in a variable
2015-04-05 15:59:52 -05:00
jvazquez-r7
72c36eb23e
Use concatenation
2015-04-05 15:57:50 -05:00
Jon Cave
b1a7e77fa9
Correct domain controller server type constants
...
The should be specified in hex as BAKCTRL is 16, not 10. CTRL should
be 8. See documentation for NetServerEnum.
2015-04-05 11:12:18 +01:00
Meatballs
ebf77cd02d
Merge remote-tracking branch 'upstream/master' into msfvenom_psh_squash
...
Conflicts:
lib/msf/util/exe.rb
2015-04-05 00:24:48 +01:00
HD Moore
c9696d3f6c
Merge in stageless/transport work, deconflict
2015-04-04 11:52:26 -07:00
Brent Cook
57395deb1d
Land #5056 , @wchen-r7 explicit recog require
2015-04-03 17:06:47 -05:00
Brent Cook
5589717323
Land #5058 , @wvu-r7's default workspace saving
2015-04-03 16:53:21 -05:00
William Vu
6c2585cd79
Don't recreate saved workspace
2015-04-03 16:44:36 -05:00
Tod Beardsley
72b9647b31
Land #5057 , CVE fixups
2015-04-03 16:36:11 -05:00
Brent Cook
e5443e74ed
Merge branch 'upstream-master' into land-3950-chain-encoders
2015-04-03 15:18:06 -05:00
jvazquez-r7
e3bbb7c297
Solve conflicts
2015-04-03 14:57:49 -05:00
jvazquez-r7
75c6341dd8
Fix raise
2015-04-03 14:18:15 -05:00
jvazquez-r7
6c36a82f78
Land #5059 , @void-in's documentation clean up
2015-04-03 14:16:34 -05:00
jvazquez-r7
fe5ddc01ad
Fix return documentation
2015-04-03 14:16:06 -05:00
jvazquez-r7
b0042f1cf2
Undo java serialization and RMI fixes
2015-04-03 14:07:49 -05:00
jvazquez-r7
11d372b015
Fix YARD documentation
...
* Thanks @void-in
* See #5059
2015-04-03 14:01:31 -05:00
OJ
3b3e969a1c
Land #5023 : support for IE11 in fingerprint_user_agent
2015-04-03 21:12:00 +10:00
root
0dd987d873
Updated as per jlee-r7 feedback
2015-04-03 10:17:54 +05:00
OJ
c4b7426ba8
Merge branch 'upstream/master' into dynamic-transport
2015-04-03 13:57:24 +10:00
OJ
fd043d4842
Fix up build and missing uri_checksum stuff
...
Somehow this made it into a merge when it shouldn't have. This fix moves
the URI checksum module to where it needs to be and updates all the
references where required. This will result in a class with the dynamic
transport branch, but I can fix that after.
2015-04-03 13:42:25 +10:00
OJ
fc44f5b1f4
Merge branch 'upstrea/master' into dynamic-transport
...
Small merge required with the https payload proxy changes.
2015-04-03 10:14:48 +10:00
OJ
5b5dc3ef59
Merge branch 'upstream/master' into stageless-x64
...
Merge required adjustment of the proxy datastore names that were changed.
2015-04-03 08:53:09 +10:00
David Maloney
1684bfec9e
add missing data to loginscanner results
...
the chef web ui and symantec web gateway
loginscanners do not save the target(host/port/proto) info
in the Result object. This can cause modules to break as they
expected the Result to contain that information
MSP-12499
2015-04-02 13:53:45 -05:00
OJ
d2d68d76a2
Update transport switching to a full blown command
...
Transport switching should now support all of the bits and pieces
required to do full switching with all configurable transport options
2015-04-02 23:13:59 +10:00
root
27353d62ca
Discard local changes to non relevant files
2015-04-02 16:21:43 +05:00
root
4ba761986f
Correct YARD doc comments
2015-04-02 16:14:25 +05:00
OJ
47fa97816d
Code fixes as per suggestions, fix build
...
* Use of `ERROR_FAILURE_WINDOWS` in python meterpreter.
* Moving of constants/logic to client_core instead of
command_dispatcher.
* Fix spec include.
2015-04-02 09:05:38 +10:00
William Vu
8140b0ee6c
Update Qualys importers for the new CVE format
2015-04-01 17:50:18 -05:00
William Vu
c55e200416
Add workspace saving to msfconsole's save command
2015-04-01 17:31:43 -05:00
sinn3r
e972357aeb
Fix #4471 , uninitialized constant Msf::Exploit::Remote::SMB::Recog
...
Fix #4471
Seems to be specific to Kali
2015-04-01 16:35:23 -05:00
sinn3r
e1adcfee1e
No case sensitive
2015-04-01 16:14:54 -05:00
James Lee
8c1a597a25
Make a Session record before using it
...
How about that.
2015-04-01 13:12:28 -05:00
Brent Cook
f4977bf606
Land #5006 @jlee-r7 adds meterpreter specs
2015-04-01 11:05:47 -05:00
OJ
46dca23ffe
Land #5047 : Metasploit is magic (Banner Adjustments)
2015-04-01 21:51:10 +10:00
OJ
01bdf54487
Merge branch 'upstream/master' into dynamic-transport
2015-04-01 18:53:20 +10:00
OJ
79ec2e0586
Add machine ID support to the command list
2015-04-01 14:29:04 +10:00
OJ
24171a1a08
Land #5045 : Convert stageless proxy to new format
2015-04-01 12:06:57 +10:00
OJ
1a313ad943
Fix up the proxy patching
...
Patching of the proxy details was failing, so this commit fixes that.
Also, added code that makes the proxy type check case-insensitive.
2015-04-01 11:48:22 +10:00
Samuel Huckins
d5030f7e53
Land 5036, vuln push to NX updates into master
2015-03-31 17:32:02 -05:00
James Lee
2fc22132e0
Link the new constant as default in documentation
2015-03-31 16:48:02 -05:00
James Lee
44dd45e48d
Use a const instead of hardcoding "tcp" everywhere
2015-03-31 16:15:04 -05:00
HD Moore
a39ba05383
Functional Payload UUID embedding via PayloadUUIDSeed
2015-03-31 15:44:18 -05:00
James Lee
76bfaa6ce9
Fix dumb inverted logic. Thanks, rspec!
2015-03-31 14:28:07 -05:00
James Lee
8b8ec5990a
Ask the database how long the column should be
...
Instead of hardcoding a number
2015-03-31 14:12:22 -05:00
Tod Beardsley
34d637c7b8
Needs more ponies
2015-03-31 13:59:37 -05:00
James Lee
a8ef465b46
Use the variables we worked so hard to create
2015-03-31 13:34:27 -05:00
James Lee
3695d4b0c7
Don't modify argument in place
2015-03-31 13:32:28 -05:00
James Lee
adcf88761d
Save ref names for easier debugging
2015-03-31 13:07:09 -05:00
HD Moore
a9cfd7efef
Merging master back into the UUID branch
2015-03-31 12:02:03 -05:00
James Lee
176cdcb836
Use sym-to-proc instead of reimplementing it
2015-03-31 11:21:53 -05:00
James Lee
a1a7faa77a
Don't modify argument in place
2015-03-31 10:41:24 -05:00
James Lee
7e559f7b13
Don't modify argument in place
2015-03-31 10:16:14 -05:00
James Lee
971120ce98
Use create! instead of new ... save!
2015-03-31 10:15:23 -05:00
OJ
633b46874d
Merge branch 'upstream/master'
2015-03-31 14:53:48 +10:00
OJ
86d8aab854
Land #5040 : Remove wininet hack for http/s meterp
2015-03-31 14:50:13 +10:00
Brent Cook
d89cd118e0
remove wininet workaround in meterpreter http/s
...
We had a workaround to close connections on very old wininet implementations
that would not do it themselves. With the new WinHttp API-using meterpreters
and stagers, we no longer should use this workaround. It can actually be
actively bad and prematurely close the connection.
This needs testing around different payloads, and they should be on real
networks, ideally where TCP really has to work to get data transfered.
2015-03-30 23:38:32 -05:00
James Lee
790a08a848
It's pronounced "exploit", not "assoc_exploit"
2015-03-30 16:21:17 -05:00
Tod Beardsley
3f0f659eaf
Land #5019 , add rescues to some LoginScanners
2015-03-30 16:06:51 -05:00
James Lee
2394d4bae8
Merge branch 'staging/single-vuln-push' into feature/MSP-11934/refactor-report-exploit-success
...
Conflicts:
Gemfile
Gemfile.lock
spec/support/shared/examples/msf/db_manager/exploit_attempt.rb
2015-03-30 14:08:54 -05:00
James Lee
2ab4584079
Merge remote-tracking branch 'upstream/master' into staging/single-vuln-push
2015-03-30 13:50:52 -05:00
James Lee
1b0e3f13c6
Remove unnecessary extra assignment
2015-03-30 13:14:36 -05:00
James Lee
310779d7bf
Death to hashrockets
2015-03-30 13:13:58 -05:00
James Lee
e65f4e92ea
Separate the two ways to make `Mdm::Session`s
...
Failing spec due to reuse of Mdm::Module::Detail instead of also
instantiating an Msf::Module
2015-03-30 13:05:20 -05:00
James Lee
374db22d5b
Re-enable host lookup for _failure
...
Again needed when called from exploit_driver because nothing is reported
yet at that point.
Also adds some yardoc
2015-03-30 12:30:52 -05:00
David Maloney
103373a7eb
add back accidentally remvoed error
...
accidentally dropped Errno::ETIMEDOUT from the exception
handling
MSP-12389
2015-03-30 11:19:28 -05:00
James Lee
f0eeef3cbb
Move copy-pasta into a new method
2015-03-30 01:43:56 -05:00
James Lee
49902a6395
We actually do need the port/proto for failure
...
Because it is called from lib/msf/core/exploit.rb Exploit#report_failure
with datstore values
Partial revert of e3605aa252
2015-03-30 01:01:34 -05:00
James Lee
415510ca6a
Fix stupid typo that made vuln_id an Array
2015-03-30 00:52:02 -05:00
Samuel Huckins
13fc498523
Land #4948 , fixes several AppScan import issues
2015-03-29 23:33:01 -05:00
OJ
26792975eb
Refactor of code to reduce duplication
...
Add mixin for the stageless http preparation
2015-03-30 13:18:56 +10:00
OJ
fdcf1297a6
Tweaks to the stageless materpreter x64 payload
2015-03-30 11:09:49 +10:00
OJ
0fa812e5ba
Merge upstrea/master
2015-03-30 10:17:17 +10:00
HD Moore
e65ac57d1b
Fix a logic check in EncodedPayload, which unbreaks stageless testing
2015-03-29 19:08:35 -05:00
OJ
ce8f6d72e1
More work on x64 stageless
...
Testing with HD's new changes that allow for generation of larger x64
payloads
2015-03-30 09:51:04 +10:00
OJ
17dc2b184d
Merging upstream/master
2015-03-30 09:12:20 +10:00
OJ
c0f496197c
Rejig code to support http payloads
...
* Move the uri checksum code to a spot that can be shared with rex.
* Adjust modules to make use of this new location.
* Fix up the tranpsort switcher to add the URI for those payloads.
2015-03-30 07:11:25 +10:00
HD Moore
607cc8fef6
Remove a stale comment
2015-03-29 01:54:07 -05:00
HD Moore
0a4a72f49d
Support templates with small text sections (win32)
2015-03-29 01:51:58 -05:00
HD Moore
b9b40edde9
Major speedup, especially for large shellcode (stageless)
2015-03-29 00:44:06 -05:00
Meatballs
9eca3a0ab5
Impersonation spec
2015-03-29 00:52:27 +00:00
Meatballs
f7e3abf760
sqlcmd specs and fixes
2015-03-28 23:23:00 +00:00
Meatballs
3b651aecdc
Specs for sqlserver check and fixes
2015-03-28 22:59:00 +00:00
Meatballs
da49709845
Add yarddoc
2015-03-28 20:31:36 +00:00
Meatballs
8e22255a40
Small tidyup/rubocop
...
Signed-off-by: Meatballs <eat_meatballs@hotmail.co.uk>
2015-03-28 20:31:36 +00:00
Meatballs
9529eed41d
More specific matching
2015-03-28 20:31:35 +00:00
Meatballs
a30d8f7040
Add requires
2015-03-28 20:31:35 +00:00
Meatballs
a1d74c27c6
Check for only running services
2015-03-28 20:31:35 +00:00
Meatballs
99f79e8533
Use incognito token stealing rather than process migration if we have
...
the privileges required for successful impersonation.
2015-03-28 20:31:35 +00:00
Meatballs
9c2219124c
Remove some comments
2015-03-28 20:31:35 +00:00
Meatballs
e2af15a0df
Refactor MSSQL Post
2015-03-28 20:31:35 +00:00
sinn3r
c4def25e82
Resolve #4986 , add support for IE11 for fingerprint_user_agent
...
Resolve #4986
2015-03-27 17:51:14 -05:00
sinn3r
9cfafdd8b8
Land #4649 , improve post/windows/manage/run_as and as an exploit
2015-03-27 17:31:30 -05:00
Trevor Rosen
2815462375
Update Mdm to staging hash
2015-03-27 15:16:33 -05:00
David Maloney
441feec360
fix missing exception handling
...
a few of our http login scanners needed to
handle a couple of other exception classes
for when network communication errors occur
MSP-12389
2015-03-27 12:31:14 -05:00
James Lee
e3605aa252
We always pass a Service, get rid of port/proto
2015-03-27 11:54:03 -05:00
James Lee
25d0b8baff
Redundant check
2015-03-27 11:35:35 -05:00
James Lee
3b8d70b567
host is always an Mdm::Host, don't look it up again
2015-03-27 11:34:32 -05:00
James Lee
466ef4349e
Second verse, same as the first
2015-03-27 09:59:10 -05:00
James Lee
bf8146c8b5
Axe redundant check
2015-03-26 21:19:19 -05:00
James Lee
88a8186a11
Pull up redundant hash literal
2015-03-26 19:33:53 -05:00
Brent Cook
e0568e95c2
Land #4978 @zerosteiner adds reverse https for python meterpreter
2015-03-26 19:16:46 -05:00
Brent Cook
5ac1ee1d73
fix http/s handler reference counting for pymet
...
add a persistent session counter to avoid stopping listening when pymet stages over http/s
2015-03-26 18:26:56 -05:00
James Lee
a9e4961563
New hash syntax
2015-03-26 10:05:08 -05:00
James Lee
a3ae0daf5a
Whitespace
2015-03-26 10:02:08 -05:00
sinn3r
8f03cadb92
Forgot to remove print_debug
2015-03-25 16:08:47 -05:00
jvazquez-r7
72a0909e9b
Land #4992 , @wchen-r7's support for multiple ActiveX controls on BrowserExploitServerMerge
2015-03-25 13:30:36 -05:00
James Lee
8f0c434faa
Add specs for the new method
2015-03-25 12:34:10 -05:00
jvazquez-r7
f80978d9e9
Calculate interface and method hashes dinamically
2015-03-25 11:46:54 -05:00
jvazquez-r7
0540e25db2
Calculate the java/rmi/registry/RegistryImpl_Stub hash dinamically
2015-03-25 11:29:07 -05:00
sinn3r
6e3e696262
Use symantec_web_gateway as an example of using send_request
2015-03-25 10:55:46 -05:00
sinn3r
60f1d9c961
More yard doc
2015-03-25 10:50:11 -05:00
sinn3r
9b9e157e84
More yard doc
2015-03-25 02:26:06 -05:00
sinn3r
ded500a9ae
Use send_request
2015-03-25 02:13:40 -05:00
sinn3r
6984e5234e
Fix a typo
2015-03-25 02:01:25 -05:00
sinn3r
8a8d6fb5ab
Some more changes
2015-03-25 02:00:23 -05:00
sinn3r
855cadc6b1
Rescue more exceptions
...
The attempt_login method is rescuing these exceptions, so maybe
I should do the same.
2015-03-25 01:48:37 -05:00
sinn3r
8f95624bf7
Add #send_request to Metasploit::Framework::LoginScanner::HTTP
2015-03-25 01:40:02 -05:00
OJ
1f00b595bc
Hacked support for transport switching
2015-03-25 13:08:52 +10:00
jvazquez-r7
f43eab29ed
Delete debug puts
2015-03-24 19:14:30 -05:00
jvazquez-r7
464a6df5e0
Add specs for Msf::Java::Rmi::Client::Registry
2015-03-24 18:42:35 -05:00
Christian Mehlmauer
7bf00f8f47
Land #4789 , @rastating WPLMS wordpress module
2015-03-24 20:46:38 +01:00
James Lee
b0fac4824c
Stop caring about order of keys in user_data
2015-03-24 14:21:52 -05:00
William Vu
6d85b5fd1e
Land #4998 , non-loopback LHOST tab completion
2015-03-24 14:00:01 -05:00
William Vu
660f3dac2b
Land #4997 , smb_version SMBDirect option fix
2015-03-24 13:46:09 -05:00
James Lee
414983ac8c
Merge branch 'feature/MSP-11925/create-user-data' into staging/single-vuln-push
...
Conflicts:
Gemfile.lock
2015-03-24 12:42:08 -05:00
jvazquez-r7
6ea42f6599
Fix description
2015-03-24 12:30:27 -05:00
jvazquez-r7
7c0e17d1f7
Update RMI/JMX mixin documentation
2015-03-24 12:29:40 -05:00
James Lee
65c00dffac
Tab complete non-loopback interfaces' addresses
2015-03-24 12:10:58 -05:00
sinn3r
58c5be0d72
Allow SMBDirect to be optional
...
The smb_version module needs to deregister the SMBDirect option,
but cannot do this because SMBDirect is a required option. By
having it as optional, the user no longer needs to set it. Also,
since SMBDirect already has a default value, having it as optional
should not change the mixin's default behavior.
2015-03-24 12:04:44 -05:00
jvazquez-r7
39e87f927a
Make code consistent
2015-03-24 11:44:26 -05:00
RageLtMan
548a710745
Replace db_nmap string concat with an Array
...
16eab48012
introduced changes to
cmd_db_nmap which pass a new arguments variable to Open3 with a
list of args excluding save.
This approach created a problem wherein the address of the target
had to be passed in first and arguments could get mangled.
Reintroduce an array format, exploding when passing to Open3.
Ensure output file options are appended to the arguments being
passed to Open3, instead of the args variable.
Error example:
db_nmap -F 192.168.0.1
[*] Nmap: 'nmap: unrecognized option '- 192.168.0.1 ''
2015-03-24 04:36:58 -04:00
sinn3r
bef67d773c
Don't break untested_payloads.rb
2015-03-24 00:54:11 -05:00
sinn3r
3c4da5c3ff
Update BES rspec
2015-03-24 00:10:18 -05:00
OJ
25dcfc796a
Better support old binaries in rev http(s)
...
* Patch 256char URL if the 512char one doesn't work.
* Return an empty list in the case where the ext enum fails.
2015-03-24 10:14:44 +10:00
jvazquez-r7
04341bfc78
Support JMX_ROLE again
2015-03-23 17:32:26 -05:00
Brent Cook
1869977921
Land #4962 : OJ adjusts MSF to new metsrv needs
...
bump meterpreter bins to 0.0.17
2015-03-23 17:18:06 -05:00
jvazquez-r7
d8d4c23d60
JMX code refactoring
2015-03-23 17:06:51 -05:00
sinn3r
2900f57afd
It looks like this works
2015-03-23 16:46:53 -05:00
David Maloney
60966f3d2a
handle a blank response body
...
sometimes the response body itself can be blank
so we need to handle that properly.
MSP-9972
2015-03-23 16:03:30 -05:00
OJ
24d74b26e3
Beginning work for stageless x64 meterpreter
2015-03-24 06:50:06 +10:00
jvazquez-r7
6934fde5a1
Finish first draft of new jmx mixin
2015-03-23 15:49:18 -05:00
jvazquez-r7
962bb670de
Remove old JMX mixin
2015-03-23 15:48:10 -05:00
William Vu
809bc52dfc
Land #4982 , tagging for msfconsole
2015-03-23 15:28:50 -05:00
HD Moore
dbe3fe38fd
Sanity check file: arguments for size and move into msfconsole
2015-03-23 14:57:44 -05:00
sinn3r
0e1b9f90b4
Small details
2015-03-23 14:40:20 -05:00
HD Moore
6852475be0
Placeholder for UUID options
2015-03-23 14:35:33 -05:00
HD Moore
dfbaa6b42e
Typo
2015-03-23 14:35:08 -05:00
sinn3r
e520ace1f1
Stash
2015-03-23 14:21:46 -05:00
sinn3r
156520338d
Making some changes to how BES handles ActiveX
2015-03-23 12:21:27 -05:00
jvazquez-r7
79068c8ec2
Delete JMX discovery stream
2015-03-23 10:21:37 -05:00
William Vu
2f83a53884
Add missing fix for #4921
2015-03-23 00:26:18 -05:00
William Vu
8165ae35d0
Remove extraneous semicolon
2015-03-23 00:26:03 -05:00
William Vu
e176b21bcd
Land #4921 , db_nmap help and tab completion
2015-03-23 00:22:46 -05:00
OJ
20131110cd
Add verify_ssl file (missed in prev commit)
2015-03-23 13:22:10 +10:00
OJ
9c9d333a1b
Create verify ssl mixin, adjust some formatting
2015-03-23 13:21:08 +10:00
sinn3r
23685694ad
The tags column should be a virtual column
2015-03-22 21:04:37 -05:00
sinn3r
182018786b
This is probably the proper way to delete tags
2015-03-22 20:55:20 -05:00
sinn3r
ffe48e1ec8
Don't need order to delete
2015-03-22 20:43:11 -05:00
sinn3r
ef62fc3df7
Allow the delete mode for tags
2015-03-22 20:08:23 -05:00
HD Moore
bc3c73e408
Merge branch 'master' into feature/registered-payload-uuids
2015-03-22 18:51:13 -05:00
sinn3r
b2cc3c4954
I found more bugs and fixed them
2015-03-22 18:21:57 -05:00
sinn3r
708eb42984
I fix bugs for tagging
2015-03-22 18:13:40 -05:00
nstarke
dac5b078f0
Minor fixes for format and style
...
This commit contains a few minor tweaks
for style and format. Some whitespace removed,
an erroneous 'return' removed, and using single
quotes for consistency. Updated as per request.
2015-03-22 22:51:21 +00:00
nstarke
16eab48012
Adding help and tab functions for db_nmap
...
These functions address certain problems
listed in GitHub issue #4353 , but do not
address all issues in that ticket. Most
notably, this commit adds basic tab
completion for db_nmap.
2015-03-22 22:45:56 +00:00
HD Moore
378e867486
Refactor Msf::Payload::UUID, use this in reverse_http
2015-03-22 16:17:12 -05:00
HD Moore
0d1fe37710
Ignore non-base64url characters during decode
2015-03-22 16:16:47 -05:00
sinn3r
863cbcbddb
Add real tagging for the hosts command
2015-03-22 15:34:37 -05:00
HD Moore
94241b2998
First attempt at rewiring HTTP handlers to use UUIDs
2015-03-21 03:15:08 -05:00
sinn3r
97b919923e
Fix undefined esize in Rex::Exploitation::Egghunter
...
esize is not a valid variable, and we don't need it either.
2015-03-20 21:32:46 -05:00
HD Moore
858d9b1e7a
Introduce Rex::Text.(en|de)code_base64url and use it for uri_checksum
2015-03-20 21:32:08 -05:00
HD Moore
1eafb21741
Lands #4970 , fixes exception about msfconsole.rc
2015-03-20 16:49:04 -05:00
William Vu
259e95ed21
Add load_resource exception for msfconsole.rc
...
This prevents msfconsole from erroring on a nonexistent msfconsole.rc.
2015-03-20 16:50:27 -05:00
jvazquez-r7
1226b3656f
Land #4945 , @wchen-r7's login scanner for Symantec web gateway
2015-03-20 14:44:05 -05:00
jvazquez-r7
62871255b0
Match class and file names
2015-03-20 14:25:20 -05:00
William Vu
4d00114428
Add parens around print_error
2015-03-20 13:53:14 -05:00
sinn3r
2c5c94288d
Fix #4966 , tell the user the resource script path is invalid
...
Fix #4966
2015-03-20 13:38:12 -05:00
jvazquez-r7
179177d5c0
Fix typo
2015-03-20 13:27:41 -05:00
sinn3r
b19f766728
Land #4942 , Gitlab Login Scanner
2015-03-20 13:02:12 -05:00
OJ
9d20d057dd
Update Meterpreter URL length to 512
2015-03-20 13:16:43 +10:00
oj@buffered.io
fd4ad9bd2e
Rework changes on top of HD's PR
...
This commit removes duplication, tidies up a couple of things and puts
some common code into the x509 module.
2015-03-20 13:06:57 +10:00
OJ
7b4161bdb4
Update code to handle cert validation properly
...
This code contains duplication from HD's PR. Once his has been landed
this code can be fixed up a bit so that duplication is removed.
2015-03-20 12:52:47 +10:00
OJ
7ca91b2eb5
Add support for ssl to the patcher
2015-03-20 12:52:38 +10:00
OJ
d38e2c968e
Add required include for stageless meterpreter
2015-03-20 12:52:28 +10:00
OJ
a9f74383d0
Update patch to support both ascii and wchar
2015-03-20 12:52:18 +10:00
OJ
acd802c5fd
Initial work for WinHTTP comms support in Meterpreter
2015-03-20 12:51:47 +10:00
William Vu
cf645772b6
Land #4960 , hosts -i, -n, and -m support
2015-03-19 21:34:14 -05:00
William Vu
38dbd1889e
Fix report_note to use :data
...
:note doesn't do what we want.
2015-03-19 21:33:17 -05:00
William Vu
83ce967d75
Clean up hash syntax as per style guide
2015-03-19 21:23:28 -05:00
Brent Cook
564962042e
Land #4925 , OJ adds self-contained windows meterpreter options
2015-03-19 21:07:32 -05:00
HD Moore
c0bf51e0f5
Add a timestamp to the UUID structure
2015-03-19 19:11:58 -05:00
jvazquez-r7
6094d1bfb1
Add specs for Msf::Java::Rmi::Client::Registry::Parser
2015-03-19 19:07:03 -05:00
jvazquez-r7
b839547dc3
Add documentation for Registry modules and methods
2015-03-19 17:57:21 -05:00
jvazquez-r7
a7f1244251
Finish the java_rmi_registry gather module
2015-03-19 17:33:45 -05:00
sinn3r
f38ad13094
Resolve #4891 , new arguments for the hosts command
...
Resolve #4891
2015-03-19 17:00:41 -05:00
jvazquez-r7
1d69e15d1a
Fix registry lookup parser
2015-03-19 16:19:55 -05:00
Brent Cook
24ce0118b8
reenable UTF filtering support where needed
...
revert d22231bdc8
2015-03-19 16:02:21 -05:00
HD Moore
d53ccb32a0
Turn off unicode filtering by default for non-Windows platforms (UTF-8 consoles)
...
This is a followup to support for unicode added in #4950
2015-03-19 15:45:45 -05:00
jvazquez-r7
ec90594f7e
Add support for Rex::Java::Serialization::ProxyClassDesc
2015-03-19 15:41:24 -05:00
OJ
a582e05b6d
Merge gemfile changes in master
2015-03-20 06:29:38 +10:00
OJ
040ef1e3e9
Land #4950 : ls unicode and sorting in meterpreter
2015-03-20 06:28:29 +10:00
jvazquez-r7
5c3134a616
Add first support to gather information from RMI registries
2015-03-19 11:16:04 -05:00
OJ
7899881416
Update POSIX bins from master
2015-03-19 14:50:14 +10:00
Meatballs
2dd9dcb26c
Dont use native unpack operators!
2015-03-18 23:48:39 +00:00
Meatballs
975ddc9092
Add some spec mockery
2015-03-18 23:43:46 +00:00
HD Moore
ce0796a427
Base module for Payload UUID support
2015-03-18 17:03:47 -05:00
HD Moore
ae621c83c5
Add a URL-safe base64 encoder/decoder
2015-03-18 17:03:29 -05:00
Brent Cook
c774038fe6
improve ls output by providing various new options
2015-03-18 16:02:03 -05:00
jvazquez-r7
9628415ca2
Delete more comments
2015-03-18 15:53:50 -05:00
jvazquez-r7
c3dd4035ef
Make jmx module work again
2015-03-18 15:48:07 -05:00
jvazquez-r7
f956ba1a46
Do first JMX cleaning try
2015-03-18 15:37:07 -05:00
David Maloney
4293af01b1
make sure we strip leading whitespace
...
in the aforementiond record_request_and_response method
we need to still make sure to strip leading whitespace
from the front of our data before saving it
MSP-9972
2015-03-18 11:23:45 -05:00
David Maloney
dacaa9e82b
simplify request-response parsing in apsscan
...
the record_request_and_response method for the
nokogiri appscan parser was way overcomplicated
it was trying to do way too much trickiness
when the data could be very simply split and consumed
MSP-9972
2015-03-18 11:19:00 -05:00
David Maloney
3269817b29
remove bad truthiness checks
...
truthy checks were used here, but you'll get
an empty hash which will be treated as true causing
the test to be invalid and allowing for errors further in the method
MSP-9972
2015-03-18 10:52:24 -05:00
jvazquez-r7
17e1f7d34f
Move Streams code
2015-03-18 09:25:53 -05:00
HD Moore
b62da42927
Merge branch 'master' into feature/add-proxies-to-wininet
2015-03-18 01:51:15 -05:00
HD Moore
c607cf7b11
Merging master
2015-03-18 01:45:44 -05:00
HD Moore
97def50cc2
Whitespace cleanup
2015-03-18 01:26:59 -05:00
HD Moore
8d3cb8bde5
Fix up meterpreter patching arguments and names
2015-03-18 01:25:42 -05:00
HD Moore
390a704cc7
Cleanup proxyhost/proxyport arguments to match new names
2015-03-18 01:19:05 -05:00
HD Moore
f7a06d8e44
Rework PROXY_{HOST|PORT|TYPE|USERNAME|PASSWORD) to the new syntax
2015-03-18 01:15:32 -05:00
HD Moore
3aa8cb69a4
Fix two use cases of PROXYHOST/PROXYPORT
2015-03-18 01:08:09 -05:00
HD Moore
2ab14e7e79
Adds IPv6 and option-related issues with the previous patch
2015-03-18 01:01:10 -05:00
HD Moore
a4df6d539f
Cleanup proxy handling code (consistency & bugs)
...
One subtle bug was that each time a request was received, a null byte was being appended to the datastore options for PROXY_USERNAME and PROXY_PASSWORD. Eventually this would break new sessions. This change centralizes the proxy configuration and cleans up the logic.
2015-03-18 00:59:59 -05:00
HD Moore
2f13988d7b
Use OptPort vs OptInt and cleanup the description
2015-03-18 00:59:25 -05:00
HD Moore
a01be365b0
Rework PROXYHOST/PROXYPORT to PROXY_HOST/PROXY_PORT
...
This also cleans up the windows reverse_https_proxy stager.
2015-03-18 00:59:13 -05:00
jvazquez-r7
14be07a2c4
Update java_rmi_server modules
2015-03-17 21:29:52 -05:00
jvazquez-r7
d6048d0978
Use rex support for build_call
2015-03-17 21:05:45 -05:00
jvazquez-r7
6315e07312
Add specs for UniqueIdentifier
2015-03-17 20:38:43 -05:00
James Lee
bd4738b93e
Land #4827 , capture and nbns fixups
2015-03-17 17:37:55 -05:00
James Lee
d7fa0ec669
Let IPAddr#hton do the calculating
2015-03-17 17:36:45 -05:00
jvazquez-r7
87b777e923
Refactor moving code to rex
2015-03-17 17:15:32 -05:00
sinn3r
608bf55b79
Update
2015-03-17 11:54:38 -05:00
jvazquez-r7
dd6ecefe39
Fix endianess
2015-03-17 11:40:50 -05:00
sinn3r
27b6fbb648
I don't need :ssl and :ssl_version
2015-03-17 11:31:38 -05:00
jvazquez-r7
ebe7ad07b0
Add specs, plus modify java_rmi_server modules
2015-03-17 11:26:27 -05:00
Brent Cook
d22231bdc8
remove unicode_filter_encode calls
...
Let the underlying utf8 messages through to the console.
2015-03-17 11:07:07 -05:00
Meatballs
69453c1955
Missing ?
2015-03-17 12:00:58 +00:00
Meatballs
fcc21ff928
Stylish like @limhoff-r7
2015-03-17 11:44:02 +00:00
Meatballs
d18224e3cb
Correct capitilzation of GitLab
2015-03-17 11:32:14 +00:00
Meatballs
25840c41cf
Rubocop
2015-03-17 11:21:05 +00:00
Meatballs
f4a1e981ab
Add gitlab login scanner
2015-03-17 11:19:23 +00:00
sinn3r
ff58f7d270
Add Symantec Web Gateway Login Module
2015-03-17 02:51:57 -05:00
jvazquez-r7
0a37df67a0
Add initial support for better RMI calls
2015-03-16 23:44:16 -05:00
HD Moore
2ea984423b
while(true)->loop, use thread.join
2015-03-16 14:08:01 -05:00
HD Moore
5fd3637d34
Remove the i32 size specifier (not needed)
2015-03-16 14:00:51 -05:00
HD Moore
69d9280748
Fix yard docs, retries, push.i8 instructions. See commit 05138524e3
...
Note that StagerRetryCount is not defined here, but will be in the parent class once #4934 lands
2015-03-16 13:52:13 -05:00
HD Moore
05138524e3
Fix yard docs, fix retries, trim bytes, retested and working
2015-03-16 13:35:36 -05:00
HD Moore
69a808b744
StagerProxy -> PayloadProxy
2015-03-16 12:14:42 -05:00
OJ
03232befc7
Add extra check to avoid crashing on startup
2015-03-16 17:14:36 +10:00
HD Moore
f361e4ee52
Prefer the new-style proxy datastore options when available
2015-03-16 00:22:10 -05:00
HD Moore
7e89281485
Adds proxy (with authentication) support to reverse_http(s)
2015-03-16 00:03:31 -05:00
HD Moore
8e37342c50
Comment typo
2015-03-14 16:52:04 -05:00
HD Moore
0d12ca49a7
Work around lack of option normalization during size calculation
2015-03-14 16:19:13 -05:00
HD Moore
03019cf451
Adds StagerVerifySSLCert support (SHA1 of HandlerSSLCert)
2015-03-14 15:53:21 -05:00
HD Moore
11593800b6
Move X509 PEM parsing into Rex::Parser::X509Certificate
2015-03-14 15:52:23 -05:00
Brent Cook
74ee2d8408
Land #4916 , @hmoore-r7 annotate Interlock Target param as 'in' only
2015-03-13 08:59:59 -05:00
Brent Cook
7a212a01eb
Land #4917 , @hmoore-r7 avoid another payload size recalc
2015-03-13 08:43:33 -05:00
Brent Cook
b68e05e536
Land #4914 , @hmoore-r7 and @BorjaMerino winhttp stagers
2015-03-13 08:24:11 -05:00
OJ
1338a55b0d
Adjust error handling for extension enumeration
...
Make the catch case more generic for when the target doesn't support the
command for extension enumeration. This supports more than just windows
now.
2015-03-13 21:49:45 +10:00
William Vu
fa2fbc387c
Land #4922 , REG_MULTI_SZ for type2str
2015-03-13 01:07:27 -05:00
James Lee
14a5efce58
Add yardoc
2015-03-13 01:04:23 -05:00
HD Moore
a57f02b863
Remove invalid SECURITY_FLAG_IGNORE_REVOCATION flag
2015-03-12 23:01:04 -05:00
HD Moore
744b1a680e
Reworks how payload prepends work internally, see #1674
2015-03-12 02:30:06 -05:00
HD Moore
376d05f797
Avoid instantiating the module during recalculate
2015-03-12 01:02:37 -05:00
HD Moore
f676dc03c8
Lands #4849 , prevents the target from running out of memory during NTFS reads
2015-03-12 00:01:47 -05:00
HD Moore
7252ba284a
Tweak memory usage from 64Mb to 4Mb
2015-03-11 23:58:13 -05:00
HD Moore
aa79b71e35
Fixes #4897 by corrected kernel32!Interlocked function definitions
2015-03-11 23:26:32 -05:00
scriptjunkie
dfbc50ff47
Make Host header override optional
2015-03-11 23:15:45 -05:00
OJ
345b5cc8e1
Add stageless meterpreter support
...
This commit adds plumbing which allows for the creation of stageless
meterpreter payloads that include extensions. The included transprots at
this point are bind_tcp, reverse_tcp and reverse_https, all x86.
More coming for x64. Will also validate http soon.
2015-03-12 13:22:04 +10:00
HD Moore
8bae58d631
Updated cache sizes
2015-03-11 21:25:12 -05:00
HD Moore
631e1606bf
Fix WinHttpSetOption & stack parameters
2015-03-11 21:05:18 -05:00
scriptjunkie
401d553f84
Use host header in reverse_http(s)
2015-03-11 19:40:52 -05:00
HD Moore
1135e5e073
First take on WinHTTP stagers, untested
2015-03-11 16:27:14 -05:00
Brent Cook
ceeee4446f
Land #4904 , @hmoore-r7 reworks reverse_http/s stagers
...
They are now assembled dynamically and support more flexible options,
such as long URLs.
2015-03-11 10:41:59 -05:00
HD Moore
1d17e9ab5b
Remove the 256 byte limit for URLs
2015-03-10 15:27:04 -05:00
James Lee
cb41154712
Make a MatchResult when sessions are reported
2015-03-10 15:17:57 -05:00
HD Moore
5f382e539a
Updated required_space to count all 256 bytes of the URL
2015-03-10 15:17:09 -05:00
HD Moore
dedf3726ea
Simplify the uri_req_len logic, thanks @bcook-r7
2015-03-10 15:12:02 -05:00
William Vu
736f0b34be
Land #4902 , @nstarke's db_connect warning message
2015-03-10 14:12:47 -05:00
William Vu
3c7b061e05
Use single quotes
...
But I like double quotes. :(
2015-03-10 14:03:13 -05:00
William Vu
72e7691300
Change print_status to print_error
...
And drop db_disconnect note to another line.
2015-03-10 13:31:35 -05:00
HD Moore
966848127a
Refactor x86 Windows reverse_http and reverse_https stagers
2015-03-10 12:48:30 -05:00
William Vu
e81f2e366c
Refactor db_{status,connect} a bit
...
Also allow for db_connect help.
2015-03-10 12:35:58 -05:00
nstarke
ee8318d5c4
Adding db_disconnect qualifying statement
2015-03-10 11:58:04 +00:00
Brent Cook
97f09b6ab0
Land #4894 : hmoore-r7 cache payload sizes on start
...
Avoid the hit of regenerating all of the static-size payloads when
loading the framework. This will facilitate conversion of payloads to
use metasm later.
2015-03-09 23:06:55 -05:00
nstarke
187a0445f3
Issue #4868 - Adding warning message to db_connect when already connected
2015-03-10 00:02:34 +00:00
HD Moore
78456fb2e0
Correct a typo (stringified symbol loses the :)
2015-03-09 15:42:23 -05:00
HD Moore
038591497f
YARD docs for the Msf::Util::PayloadCachedSize class
2015-03-09 15:39:19 -05:00
James Lee
838746b021
Add user_data_is_match? method
2015-03-09 15:35:53 -05:00
HD Moore
99e2b05597
Move the cache update logic into a utility class
2015-03-09 15:29:58 -05:00
HD Moore
8c635243d3
Fix whitespace in the regex, implements Msf::Payload.dynamic_size?
2015-03-09 13:15:06 -05:00
Brent Cook
603179176a
Land #4876 , @hmoore-r7 give encoders and payloads space available
2015-03-09 11:50:46 -05:00