infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
33,394 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

10518 Commits (9a7c58ed823797152fcb95b5174460f1431cd611)

Author SHA1 Message Date
Brent Cook c3438955d4
Land #5169, stop reading when the HTTP socket is closed 2015-05-01 11:40:49 -05:00
darkbushido 0b608e139a
Merge branch 'upstream' into staging/rails-4.0 2015-05-01 11:26:24 -05:00
wchen-r7 81744384c2 Actually fix del_note 2015-04-30 17:02:06 -05:00
wchen-r7 11f9c010ce Change documentation 2015-04-30 16:46:01 -05:00
David Maloney 18874fe384
fixes Issue #5272 on report_vuln 
use includes instead of joins so that refs on
the vuln are not marked as readonly
 2015-04-30 15:21:56 -05:00
wchen-r7 e79780d885 Fix #5240 2015-04-30 15:20:29 -05:00
wchen-r7 3b42265c98 Fix #5239 2015-04-30 15:20:04 -05:00
wchen-r7 440005d302 Fix #5237 2015-04-30 15:10:13 -05:00
wchen-r7 f315eb4afd Fix #5236 2015-04-30 15:07:11 -05:00
wchen-r7 70ab938951 Fix #5229 2015-04-30 14:56:30 -05:00
wchen-r7 f43e4f9447 Fix #5238 2015-04-30 13:49:13 -05:00
wchen-r7 89d026c900 Fix merge conflict 2015-04-30 12:33:45 -05:00
Matt Buck 912f41292a
Drop some unused code 2015-04-30 11:25:57 -05:00
William Vu 2d2c946044
Land #5279, fix for msfconsole -o 2015-04-30 11:23:44 -05:00
Matt Buck 3f797e4393 Reinstate some to_s coercions that were mistakenly dropped 2015-04-30 11:13:48 -05:00
James Lee 3e40433f00
Add an alias for write 
Fixes #4971
 2015-04-30 08:56:16 -05:00
OJ 8ddd7a4891 Fix session removal code, prevent missing transport param fail 2015-04-30 22:39:48 +10:00
Brent Cook 4c9f44b00c
Revert "Land #4888, @h00die's brocade credential bruteforcer" 
There were some issues with this module that caused backtraces when run outside
of msfconsole. Reverting it for now so we can add some specs and ensure that it
works like the other login scanners.
 2015-04-29 15:36:03 -05:00
William Vu b41aa0e617 Fix NoMethodError for rhost 
Can't rely on it to be defined (kinda like peer).
 2015-04-29 15:14:41 -05:00
Brent Cook 9386d1ca6d remove unused mod_ranked attribute 2015-04-28 22:27:09 -05:00
Brent Cook 7b7f40baa4 remove modules that cannot be instantiated 2015-04-28 22:21:31 -05:00
Brent Cook 0caeee32fe replace sort with sort_by 2015-04-28 21:39:37 -05:00
Matt Buck 8163c3cdda Merge branch 'master' into staging/rails-4.0 
Conflicts:
	Gemfile.lock
	plugins/nessus.rb
 2015-04-28 15:33:46 -05:00
OJ 919b96e4cf Fix up UUID handling 2015-04-28 21:59:19 +10:00
OJ 4f9c8d04a2 Add support for moving transports and uuid fetching 
The 'next' and 'prev' commands were added so that the session can jump
transports without having to add new ones at the same time.

There's also a command which gives the UUID now so that this can be
reused across sessions.
 2015-04-28 20:24:44 +10:00
OJ f711e5dee7 Update migration support 
Migration now uses the new meterpreter loader. Migration configuration
is loaded and created by meterpreter on the fly, and supports the
multiple transport stuff that's just been wired in.
 2015-04-28 17:41:43 +10:00
OJ fca4d852a1 Remove the passing on off listen socket values 2015-04-28 13:51:48 +10:00
OJ d82bfb0692 Reorder params, fix up the transport termination 2015-04-28 13:03:40 +10:00
OJ c41f4bd59f Fix up http/s a little 
Correctly check the URL against the non-widechar version. Get the SSL
verification stuff working again.
 2015-04-28 09:44:48 +10:00
OJ 1ca5188c5e Change the payload to use IPv6 formats if required 2015-04-28 07:44:21 +10:00
OJ f3e547ca92 Remvoe the exitfunk from the loader 
Meterpreter handles the exitfunk internally as part of the config now
 2015-04-28 07:43:26 +10:00
HD Moore c3f18aa899 Complete the #4989 revert 2015-04-27 16:26:34 -05:00
HD Moore 36daee08c9 Reverts #4989, support for file: is handled in the options again 2015-04-27 16:07:43 -05:00
Brent Cook 7443af64a6
Land #5247, add RPC API call documentation 2015-04-27 11:13:02 -05:00
Brent Cook a0eb7d0ad3 minor RPC documentation tweaks 2015-04-27 11:11:08 -05:00
Matt Buck 6a4d63ca4f Drop explicit IPAddr to String coercion 
MSP-12611
 2015-04-27 10:48:13 -05:00
HD Moore 1fd601510c
Lands #5194, merges in PowerShell session support & initial payloads 2015-04-26 16:01:51 -05:00
HD Moore 1cebc9f3cb Fallback if the regex fails for some reason 2015-04-26 15:59:36 -05:00
Ben Turner 82fe480c2e Update session to display username and hostname 2015-04-26 21:47:49 +01:00
Ben Turner ea0204b7e5 updates to remove powershell from core 2015-04-26 21:25:30 +01:00
benpturner 76e68fcf4c session info 2015-04-26 20:13:18 +01:00
benpturner 1cc167a7fb Inserted ARCH_X86 payloads, removed interactive_powershell and updated base powershell session 2015-04-26 18:50:42 +01:00
OJ 0d2f97ed2d Add support for config in the x64 bind stager 2015-04-26 14:19:36 +10:00
OJ 6da8a14f62 Initial work on x64 payloads for new config 2015-04-26 13:41:31 +10:00
OJ 6ac3ecfa7c Refactor, add reverse_winhttps support 
Getting closer to a normalised view of what this stuff will look like.
There URL patching is slowly being removed. Reverse HTTPS works fine,
and by default HTTP should too.

Next up, x64 for the same main ones.
 2015-04-26 12:11:14 +10:00
OJ 2455163d24 Refactor configuration for meterpreter payloads (x86) 
RDI is now back to what it was before, as this leaves all the other RDI
style payloads alone. Instead we have a new Meterpreter loader which
does the stuff that is required to make meterpreter work well with the
new configuration options.

This is just the case for reverse_tcp and bind_tcp so far, need to do
the other payloads too, along with all the x64 versions.
 2015-04-26 09:57:30 +10:00
OJ 3a24923361 Force bind to hand over the listen socket 2015-04-25 22:04:58 +10:00
OJ 4ec4868bcf Make bind hand over the listen socket as well 2015-04-25 21:37:32 +10:00
OJ bb77a3a0e6 First pass of refactoring to support new config block 
This is pretty basic stuff, but at least it's reusable.
 2015-04-25 21:36:28 +10:00
OJ 9f1e035c53 Changed required_space check in bind payloads 2015-04-25 21:30:54 +10:00
Brent Cook ff96101dba
Land #5218, fix #3816, remove print_debug / DEBUG 2015-04-24 13:41:07 -05:00
Brent Cook 27f6adcd81
Land #5110, teach Http::Response to extract hidden form inputs 2015-04-24 13:30:57 -05:00
wchen-r7 46361c1a19 Final round of documentation 2015-04-24 11:58:12 -05:00
root 4aed12f561 Include if condition in parse_response as per Meatballs1 suggestion 2015-04-24 15:40:35 +05:00
root cf481e94d3 add res.body condition 2015-04-24 12:58:58 +05:00
root 68effe0bc6 Take out irrelevant files 2015-04-24 12:04:02 +05:00
root 028f5e119d sqlmap plugin update to fix connection errors 2015-04-24 12:00:50 +05:00
wchen-r7 6ccc4af4d8 Round 9 of documentation 2015-04-24 01:08:33 -05:00
benpturner 3665c84cab accomodate session type 2015-04-23 23:12:19 +01:00
benpturner 57914b6924 new session type 2015-04-23 23:12:02 +01:00
wchen-r7 d292cc999a Round 8 of documentation 2015-04-23 16:15:11 -05:00
wchen-r7 86a7e36a06 Round 7 of documentation 2015-04-23 15:37:56 -05:00
wchen-r7 3c50feb3d6 Round 6 of documentation 2015-04-23 12:34:39 -05:00
wchen-r7 cbac6d1a0b Round 5 of documentation 2015-04-23 11:54:58 -05:00
OJ 1b11322618 Remove STDERR debug statement 2015-04-23 19:36:17 +10:00
root 19beafe009 scan_export_status patch for issue 5217 2015-04-23 12:04:02 +05:00
wchen-r7 f6bd747f57 Round 4 of documentation 2015-04-22 22:15:30 -05:00
wchen-r7 6bac759a18 Round 3 of documentation 2015-04-22 17:01:31 -05:00
wchen-r7 39f206b31a Round 2 of documentation 2015-04-22 12:10:28 -05:00
root 40107577a0 Case insensitive plugin unload 2015-04-22 11:04:46 +05:00
wchen-r7 4add4074e1 First round of RPC API documentation 
Resolve #5209
 2015-04-22 01:02:05 -05:00
jvazquez-r7 b6df023c99
Land #4989, @hmoore-r7's change to file: handling 
Datastore options with file: are handled at set time
 2015-04-21 23:21:22 -05:00
Brent Cook 3963289519
Land #4888, @h00die's brocade credential bruteforcer 2015-04-21 18:27:03 -05:00
Trevor Rosen 8f5d222e53
Land #5156 - module ranking properly handles nil 2015-04-21 14:40:01 -05:00
Spencer McIntyre edbf9b766f
Land #5100, @bcook-r7's deletekey API usage fix 
Fixes #5099
 2015-04-21 12:58:02 -04:00
jvazquez-r7 4224008709
Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
rwhitcroft 70f94bbd96 break loop if socket is closed 2015-04-21 11:09:17 -04:00
OJ c8bab6ace1 Fix help for timeouts 2015-04-21 20:35:46 +10:00
OJ f654fea9b3 Adjust transport command to work with posix 2015-04-21 20:16:57 +10:00
OJ 86957d9b07
Merge branch 'upstream/master' into connection-recovery 2015-04-21 20:01:59 +10:00
jvazquez-r7 66d23e3b5e
Delete file: validation on normalization again 2015-04-20 23:52:17 -05:00
jvazquez-r7 57df5c4f4f
Solve conflics 2015-04-20 23:38:34 -05:00
Brent Cook 8aca4539c9
Land #5152, undefined var in WinRM_Login 2015-04-20 23:01:11 -05:00
Brent Cook ab33fc8eba
Land #5211, parse nmap's tunnel attribute 2015-04-20 22:53:34 -05:00
Brent Cook ee07809fd8
Land #5190, 64-bit meterpreter persistence script 2015-04-20 22:32:57 -05:00
William Vu 74ad81c90c Consolidate tunnel check into name check 2015-04-20 21:18:12 -05:00
jvazquez-r7 831e65261d
Add lengths specs 2015-04-20 17:37:41 -05:00
William Vu 741149058c Report unknown service names for consistency 2015-04-20 17:22:19 -05:00
William Vu d894502148 Update legacy Nmap XML parser 2015-04-20 17:15:35 -05:00
William Vu 1a66786d1b Fix Nmap XML parser for tunnel attribute 2015-04-20 17:04:19 -05:00
jvazquez-r7 329e28c47c
Keep the old value if value can't be loaded from file 2015-04-20 16:29:11 -05:00
William Vu c7129e063c
Land #5069, breaking up with old options 2015-04-20 16:23:44 -05:00
jvazquez-r7 c629d8593a
Solve my own concerning about race conditions, just in case... 2015-04-20 16:19:29 -05:00
James Lee d67f7a21d9
Move autoloads into OptionContainer 
This seems like a better place for them to live
 2015-04-20 15:54:42 -05:00
James Lee da0e7282d5
Replace some unnecessary eval action. 
Metaprogramming should be reserved for when you don't know things. Here
we're making methods from literal strings, so replace the
metaprogramming with much easier to understand regular programming. Also
has the benefit that yard can parse it.
 2015-04-20 15:54:41 -05:00
James Lee b64d881914
Make OptionContainer docs a little more useful 2015-04-20 15:54:40 -05:00
James Lee 3a5af3939d
Split all the option classes into their own files 2015-04-20 15:54:40 -05:00
jvazquez-r7 1b85cd2853
Use single quotes 2015-04-20 15:53:58 -05:00
jvazquez-r7 a56dd5d1ff
Do minor style cleanup 2015-04-20 15:44:45 -05:00
William Vu 79ca0a56f9
Land #4171, Steam protocol support 2015-04-20 15:35:06 -05:00
Christian Mehlmauer 668961b69d
fix some yarddoc issues 2015-04-20 00:06:59 +02:00
OJ e7babc4acb Fix persistence script to support x64 payloads 2015-04-19 12:41:51 +10:00
OJ 19f8a76475 Porting bind_tcp for posix to metasm 
And supporting SO_REUSEADDR and stageless meterp
 2015-04-18 19:19:40 +10:00
wchen-r7 37613adebb Improve developer experience for fail_with 
The fail_with for an exploit is used differently than a non-exploit,
so it would be nice to document about this. Also, be strict about
the reason for the exploit one, because this can affect other
components of Metasploit.
 2015-04-17 15:55:22 -05:00
Brent Cook 2a327b7c91
Land #5116, better handle platform and arch in msfvenom 2015-04-17 10:55:41 -05:00
OJ 97912882ca Adjustments for POSIX meterpreter patching 2015-04-17 19:53:05 +10:00
Brent Cook 3107d99b9a Use the same URI that was registered when we deregister 
The original URI is registered as '/foobar/' but is deregistered as
'//foobar/', causing it to never get deregistered. Changing this fixes
unregistration of the service handler for staged payloads, but stageless
doesn't work properly if the URI actually gets deregistered.
 2015-04-17 03:20:24 -05:00
Brent Cook 18225780da cleanup HTTP and HTTPS listeners when sessions are closed 
Rather than listening forever after a session shuts down, close the session if
there are no other URI's registered on the listener. This allows reconfiguring
the listener without restarting framework, but should be safe for situations
where multiple modules share the same listener.
 2015-04-17 02:41:24 -05:00
OJ eb7155d533 Remove debug print 2015-04-17 16:25:42 +10:00
OJ 0a8b29dd86 Merge branch 'upstream/master' into connection-recovery 
Conflicts:
	lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb
 2015-04-17 14:40:21 +10:00
OJ e0cd4a4d44
Merge branch 'upstream/master' into multi-session-stageless 2015-04-17 12:46:20 +10:00
wchen-r7 f280e5191b I forgot to move this require statement 2015-04-16 21:11:09 -05:00
wchen-r7 3493d25ff9 Move all this to Rex 2015-04-16 21:07:23 -05:00
William Vu 7a4494a81f
Land #5173, moar fail_with fixes 2015-04-16 17:27:02 -05:00
Christian Mehlmauer 153344a1dd
fix Unkown typo 2015-04-16 23:59:28 +02:00
Brent Cook 9bf897a829
Land #4744, refactor powershell for msfvenom psh-cmd 2015-04-16 15:44:57 -05:00
rwhitcroft 602e9c8df1 Update client.rb 2015-04-16 16:06:16 -04:00
Christian Mehlmauer 69d3c26746
fix documentation 2015-04-16 21:28:16 +02:00
rwhitcroft 6ef86b69a7 Fix loop spinning in HttpClient 2015-04-16 10:49:47 -04:00
Christian Mehlmauer dc8f266345
fix readme detection bug 2015-04-16 14:57:29 +02:00
Christian Mehlmauer 9df09a1d60 readme detection 2015-04-16 14:41:30 +02:00
William Vu 2bdcc178ef Remove extraneous addition 2015-04-16 02:30:09 -05:00
William Vu 42ff0decc7
Land #4722, timing options for snmp_login 2015-04-16 02:25:29 -05:00
William Vu 88062a578d Clean up PR 2015-04-16 02:25:06 -05:00
William Vu 01625e3bba
Land #5148, DRY BSD/OS X shellcode 
Also fix a semi-regression in the Rootpipe exploit.
 2015-04-16 02:08:18 -05:00
Luke Imhoff 9aa0159342
Green rank_modules ranks unloadable as Manual 
MSP-12557

Was calling `.class` blindly on the output of `create`, but `nil` has a
class, `NilClass`, so it didn't call `module_rank` as expected and
assigned NormaLRanking to `nil` instead of ManualRanking.
 2015-04-15 16:10:51 -05:00
Matt Buck e82fb5f836
Merge branch 'master' into staging/rails-4.0 
Conflicts:
	Gemfile.lock
	lib/msf/ui/console/command_dispatcher/db.rb
	metasploit-framework-db.gemspec
	metasploit-framework.gemspec
 2015-04-15 14:04:35 -05:00
Luke Imhoff 4de35e8832
Green Msf::ModuleSet#rank_modules with create -> nil 
MSP-12557

Extract Msf::ModuleSet#module_rank to handle getting the module rank if
the Metasploit Module is already loaded, needs to be loaded, or can't be
loaded.  If a Metasploit Module can't be loaded it is ranked as
Msf::ManualRanking.  If is loaded or can be loaded and it doesn't define
Rank, it gets the Msf::NormalRanking as before.  Finally, if it is
loaded or can be loaded and defines Rank, that is used as before.
 2015-04-15 12:35:01 -05:00
Meatballs 926db59a8c
credential doesn't exist in this context 2015-04-15 15:48:21 +01:00
joev 5f4ab3d2ab The setres* stubs are not implemented in OSX. 2015-04-14 23:33:16 -05:00
joev 0d19b5d4c3 Fix require order issue. 2015-04-14 23:23:02 -05:00
joev e56590e1e3 DRY up common code between BSD / OSX. 2015-04-14 23:08:57 -05:00
Luke Imhoff c971bc930c
Mark app/concerns as autoload 
To work with metasploit-concern 0.4.0 prerelease not deriving
app/concerns from root and to ensure it is does not inherit eager_load
from app.
 2015-04-14 15:06:59 -05:00
Luke Imhoff 4c407ce962
Merge branch 'bug/MSP-12529/missing-require-metasploit-credential' into bug/MSP-12550/app-concerns-eager-load 
MSP-12550
 2015-04-14 14:42:54 -05:00
Brent Cook 75b559eea3
Land #5081, meterpreter certificate hash check controls 2015-04-14 10:46:13 -05:00
Brent Cook 7f56c07b64 add missing sslhash attribute 2015-04-14 10:45:44 -05:00
Tod Beardsley 97e715b1ce
Land #5139, metasm/ruby signedness fix 2015-04-14 10:26:23 -05:00
OJ 4e49964c15 Add support for init_connect for stageless payloads 
This new mode for HTTP/S stageless allows the stageless payload to be
reused without MSF believing that the session has already been
initialised.
 2015-04-14 16:43:07 +10:00
sinn3r 61b709b8c5 Extra space in message "Local IP:" 2015-04-14 01:34:07 -05:00
William Vu e114c85044
Land #5127, x64 OS X prepend stubs 'n' stuff 2015-04-14 01:25:39 -05:00
William Vu 8d1126eaa5
Land #5129, x64 BSD prepend stubs 'n' stuff 2015-04-14 01:24:50 -05:00
Brent Cook 3860bbabbb Avoid generating labels with '..' in them with metasm 
So, metasm generates labels for the assembler using "%x" % string.object_id. If
the pointer for string.object_id begins with the most significant digit set, it
looks like a sign-extended 2's complement number (negative), and gets formatted
by ruby as '..f1412300' or similar. On 32-bit platforms, there is rather high
chance of randomly ending up with a label like 'goto_test_uuid..f1234560:',
which is a parse error.

This patch simply takes the absolute value of the object_id to avoid negative
interpretations.  This fixes hiesenbugs using metasm's C compiler on 32-bit
platforms.
 2015-04-13 22:43:18 -05:00
root 51dd88114b Fix grammer in comments 2015-04-13 13:21:41 +05:00
OJ 1c5de59d99 Add support for the set of timeout values 
This removes the need for a separate get call behind the scenes as
meterpreter does get and set in a single call.
 2015-04-13 10:42:05 +10:00
OJ ec7fab7ef6 Add support for getting transport timeouts 2015-04-13 10:07:50 +10:00
joev 2d3614f647 Implement x64 BSD exec and exe template. 
- Fixes bug in CachedSize due to all options being set
- Adds new payload to payload_spec.
 2015-04-12 12:17:25 -05:00
joev 92c12de6db Fix invalid datastore options. 2015-04-12 00:54:10 -05:00
joev eaab665a6d Remove #generate patch, specs will fail again. 2015-04-12 00:07:39 -05:00
joev 60d98ba892 Implement the remaining syscalls. 2015-04-12 00:02:29 -05:00
joev 3fe6fb44b9 Prevent this from changing cache size. 2015-04-11 23:44:56 -05:00