7e227581a7
Rework OS fingerprinting to match Recog changes
...
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.
This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
b5561cc9ec
Report a fingerprint instead of overwriting host.os_name
2014-03-30 06:32:38 -07:00
76720e9cf8
Small tweaks, see 4611d0a8d0
2014-03-30 06:27:48 -07:00
4611d0a8d0
Update report_host() to match os_* field changes
...
This is part of a bigger change to normalize what os_name, os_flavor, and
os_sp actually mean. To summarize the changes happening in Mdm:
1) The vendor name is being removed from os_name
* "Microsoft Windows" -> "Windows 7"
2) The os_flavor field is being used for the edition of the os_name product
* "7" -> "Enterprise"
3) The os_sp field specifies a version if known and nothing if not
* "SP0" -> "", "Service Pack 2" -> "SP2", etc
2014-03-30 06:23:47 -07:00
dbb192532e
Remove obsolete call to update_host_via_sysinfo()
2014-03-30 06:23:07 -07:00
20bbf7837c
Refactor and integrate smb_fingerprint() for Recog support
2014-03-30 05:52:23 -07:00
903af02e08
Store at most one http.fingerprint per host/port, revert http_version
2014-03-23 10:42:20 -07:00
f349f85a70
Reimplement HTTP fingerprinting, backwards compatible
...
This commit changes the internals of HTTP fingerprinting to store
a whole trove of data about the HTTP response using a hash. The
current API is backwards compatible and has been tested with a
number of modules that depend on HttpFingerprint being sent.
In addition, this change paves the way for advanced fingerprints
that take advantage of the HTTP body and other headers. This is
a requested addition documented across various module comments.
Finally, this commit completes the closed loop for OS identification
by connecting MSF to MDM to Recog and applying Recog databases for
HTTP Servers, HTTP Cookies, and HTTP Authentication headers to the
results of HTTP fingerprinting runs.
For example, with the appropriate version of MDM/Recog in place,
a http_version scan of Microsoft-IIS/7.0 server will update the
host.os_name field to 'Windows 2008'.
2014-03-23 07:26:11 -07:00
9eada528d7
Land #3097 , Rex::Text.uri_encode RFC 3986 fix
2014-03-14 15:38:24 -05:00
da0c37cee2
Land #2684 , Meatballs PSExec refactor
2014-03-14 13:01:20 -05:00
8393a49148
Land #3098 , check command host selection fix
...
[FixRM #8768 ]
2014-03-13 14:25:39 -05:00
6e37493471
Land #3091 - native shellcode payloads from a FF privileged js shell
2014-03-13 13:36:37 -05:00
db036e44ad
Use RdlCopyMemory from Kernel32.
2014-03-13 11:05:58 -05:00
7ead04414c
Land #3024 - Allow encoder Compat options
2014-03-13 10:59:40 -05:00
520d1e69c4
Rapid7 Comma Inc
...
After some more discussion with Rapid7's legal fellow.
2014-03-13 09:46:20 -05:00
84b08a5a35
Fix check command host selection behavior
...
[SeeRM #8768 ] Instead of using the saved value for host, the check
command should use whatever the user specifies.
2014-03-12 22:54:01 -05:00
9d4ceaa3a0
Let's try to be consistent about Rapid7 Inc.
...
According to
http://www.sec.gov/Archives/edgar/data/1560327/000156032712000001/0001560327-12-000001.txt
Rapid7 is actually "Rapid7 Inc" not "Rapid7, LLC" any more.
This does not address the few copyright/license statements around
"Metasploit LLC," whatever that is.
2014-03-12 11:20:17 -05:00
851fca2107
Add posix fork() call before running code.
2014-03-12 02:56:26 -05:00
7afcb6aee8
Add CreateThread wrapper for windows.
2014-03-12 02:49:09 -05:00
ce0c5380a5
Kill stray //.
2014-03-12 02:20:49 -05:00
9bdf570763
All working now. In-memory meterpreter even.
2014-03-12 02:19:28 -05:00
b431bf3da9
Land #3052 - Fix nil error in BES
2014-03-11 12:51:03 -05:00
c07f390382
Add CookieExpiration option, add trailing slash to URI.
2014-03-10 13:07:17 -05:00
c76a1ab9f4
Land #3065 - Safari User-Assisted Download & Run Attack
2014-03-07 10:29:56 -06:00
9638bc7061
Allow a custom .app bundle.
...
* adds a method to Rex::Zip::Archive to allow recursive packing
2014-03-06 16:11:30 -06:00
311d4665ce
Re-use CreateService Handle
...
and remove unused variable
2014-03-06 21:37:49 +00:00
ee0aa20955
Land #3013 , Metasm update
2014-03-06 14:15:42 -06:00
05067b4e33
Oops. Need to init the profile before accessed.
2014-03-06 11:48:54 -06:00
ad592fd114
Remove unnecessary method.
2014-03-05 23:36:43 -06:00
a792f85a5f
Fix re-initialize bug.
2014-03-05 23:27:04 -06:00
38a2e6e436
Minor fixes.
2014-03-05 19:03:54 -06:00
12cf5a5138
Add BES, change extra_plist -> plist_extra.
2014-03-05 18:51:42 -06:00
096d6ad951
Land #3055 , heapLib2 integration
2014-03-05 15:48:13 -06:00
cd3c2f9979
Move osx-app format to EXE.
2014-03-04 22:54:00 -06:00
a1aef92652
Land #2431 - In-memory bypass uac
2014-03-05 11:15:54 +10:00
5790547d34
Start undoing some work.
2014-03-04 17:01:53 -06:00
6e88bbd827
No need for that kind of language
2014-03-04 14:34:50 -06:00
e638c3d50a
Land #3058 - Prevent jsobfu from generating reserved js keywords
2014-03-04 11:43:39 -06:00
72c6b995de
adjust timeout for shadowcopy
...
WMIC defaults to 10 sec timeout but shadowcopy
often needs longer.
2014-03-04 10:18:59 -06:00
3360f7004d
Update form_post vars, add Expires to cookie.
2014-03-03 23:29:02 -06:00
6c3b667152
Kill extra comma.
2014-03-03 16:48:02 -06:00
bfecf9525d
Add Rex::RandomIdentifierGenerator.
2014-03-03 16:43:49 -06:00
43715eeb7f
Blame @OJ
...
He changed the clipboard API underneat me.
2014-03-03 22:06:05 +00:00
32d83887d3
Merge remote-tracking branch 'upstream/master' into wmic_post
2014-03-03 21:56:31 +00:00
517a85d141
Remove unneeded quotes.
2014-03-03 15:42:46 -06:00
b3ab8f7ce1
Make random_var_name public, add specs for it.
2014-03-03 15:39:56 -06:00
ae9ce962c0
Add future reserved words.
...
Gotta stay ahead of the game.
2014-03-03 14:59:46 -06:00
dd86a9188c
Prevent jsobfu from generating duplicate/reserved tokens.
...
I got an error from a script that tried to 'set void = 1'.
2014-03-03 14:56:50 -06:00
ee1209b7fb
This should work
2014-03-03 11:53:51 -06:00
894d16af80
Add specs for new/returning/previous visitors.
2014-03-02 20:50:10 -06:00
HD Moore
William Vu
David Maloney
sinn3r
Joe Vennix
Tod Beardsley
Meatballs
OJ