Commit Graph

2245 Commits (9b773dd6f9a0e04fc6bd64eafec09d97ce088b90)

Author SHA1 Message Date
James Lee 425c245771 Axe set_cgi in favor of set_uri
They were identical except for a couple of extra bugs in set_cgi.

Also changes ```split("/")``` to ```split("/", -1)```, which behaves
correctly when the input has a seperator at the beginning or end.
2013-02-27 19:13:05 -06:00
James Lee b0745b090a Msf HTTP uses this directly, can't axe it 2013-02-27 17:54:31 -06:00
James Lee 4edd46216f Refactor config -> opts
Puts all the evasion stuff in the same place as regular HTTP options to
make it easier to deal with.
2013-02-27 17:29:26 -06:00
James Lee d5ae54cbb6 More accurate docs 2013-02-27 16:27:37 -06:00
James Lee d3b3587660 Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-27 14:01:57 -06:00
sinn3r 4085fa73c5 Merge branch 'stephenfewer-master' 2013-02-27 11:13:10 -06:00
James Lee 7a7dd8975f Hmm, turns out something actually used that
Despite comments to the contrary
2013-02-26 18:16:54 -06:00
James Lee 29df20996e Move most of the configuration into ClientRequest
Also fixes in-place modification of the query string which resulted in
duplication of the GET parameters when calling #to_s more than once.
2013-02-26 17:38:09 -06:00
David Maloney f16cec552a increase timeout with new checks 2013-02-26 14:27:04 -06:00
David Maloney 2ec2489f52 Test for general ssl before testing ciphers 2013-02-26 14:26:14 -06:00
James Lee 579c11bc69 Set reasonable defaults for more things
All current tests are passing now
2013-02-26 14:25:46 -06:00
James Lee d7de3b75a4 Format Authorization header like others
Also sorts the set_*_header methods
2013-02-26 14:18:20 -06:00
James Lee c206ac4998 Set some reasonable defaults
Fixes a number of nil deref issues
2013-02-26 14:15:51 -06:00
David Maloney 1cb2717fe7 fix weak and strong cipher enumerators 2013-02-26 14:13:17 -06:00
James Lee d463460da7 Default cgi to true when not given 2013-02-26 13:33:54 -06:00
James Lee 764bbbb8e5 Whitespace 2013-02-26 13:33:19 -06:00
James Lee 5e0161d3f7 Reflect new ClientRequst in docs 2013-02-26 13:31:24 -06:00
David Maloney 1869cb5f8d fix timeout
20 seconds is way too long for jsut opening a socket
2013-02-26 13:20:16 -06:00
James Lee 5ac20e1b02 Merge branch 'feature/http/authv2' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/http/authv2
Conflicts:
	lib/rex/proto/http/client.rb
2013-02-26 12:08:00 -06:00
David Maloney c104fa6d97 Add spec and a few fixes for set_uri 2013-02-26 11:01:16 -06:00
David Maloney d9627151c0 Add socket context option
Add the option for a socket context so pivoting will work
2013-02-25 15:01:42 -06:00
James Lee 1ce86b7adb Whitespace 2013-02-25 14:29:10 -06:00
James Lee e41922853e Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-25 14:15:22 -06:00
HD Moore 8e8fecd208 Prefer String#encode over Iconv for Ruby 2.0 compat 2013-02-24 13:10:16 -06:00
James Lee fc07bf16e7 Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-22 15:41:49 -06:00
David Maloney d15e202f19 Add some YARD docs 2013-02-20 18:47:20 -06:00
David Maloney 8d2233bbdd first minor cleanup 2013-02-20 15:33:24 -06:00
David Maloney accd620843 Clean up pry 2013-02-19 23:50:30 -06:00
David Maloney b2563dd6c2 trying to clean up the mess from the revert 2013-02-19 21:25:37 -06:00
David Maloney dac1147473 merge client config into opts 2013-02-19 19:41:42 -06:00
David Maloney de4234f0ad Some more YARD docs 2013-02-19 18:48:03 -06:00
David Maloney a4905e43a2 Fix the way creds are passed + YARD
some ayrddocs on send_auth plus fix the wierd way i was passing creds
around
2013-02-19 18:40:39 -06:00
David Maloney 0662677a72 First minor cleanup sweep 2013-02-19 17:19:16 -06:00
James Lee 867ab2f269 Whitespace 2013-02-18 19:01:03 -06:00
corelanc0d3r 0d4a6c6a04 support for searchforward option in egghunter 2013-02-18 12:45:49 +01:00
David Maloney d23ca8f599 Merge branch 'master' into feature/http/authv2
Conflicts:
	lib/rex/proto/http/client.rb
2013-02-17 22:58:23 -06:00
David Maloney 87d9af585e fix request_raw 2013-02-17 21:35:19 -06:00
David Maloney dd26b08197 first run at Clientrequest object
need a reliable object class for request_raw and request_cgi so that we
can manipulate requests in a safe and sane manner. It is not a eprfect
solution, but should fix what we need for the auth work.
2013-02-17 19:25:27 -06:00
James Lee a902480576 Break out subclasses into their own files 2013-02-17 06:57:35 -06:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
2013-02-11 20:49:55 -06:00
David Maloney adfd26eb2d Cleanup to_s output 2013-02-11 17:08:14 -06:00
jvazquez-r7 d4d41f36d4 Merge branch 'bug/basic_auth' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-bug/basic_auth 2013-02-11 21:16:35 +01:00
David Maloney f90fdcd5eb Missed nil check 2013-02-11 13:14:05 -06:00
David Maloney 0ccf7dd58a trust any manualy set basic auth header
for now we will assume the module author knows what they are doing.
2013-02-11 13:06:26 -06:00
sinn3r 6e9232bf72 Merge branch 'addr_hex_dump' of github.com:Meatballs1/metasploit-framework into Meatballs1-addr_hex_dump 2013-02-11 11:31:54 -06:00
David Maloney 84534caae1 Fix expliciti basic_auth for http 2013-02-11 10:32:44 -06:00
David Maloney 0f9b16d07f Scanner class finished, result needs more work
the result class needs a nice clean to_s method to print easily readable
output. mostly working now. a few more tweaks needed.
2013-02-09 19:06:17 -06:00
Meatballs acdd952eb2 Initial commit 2013-02-09 21:50:12 +00:00
David Maloney c25d4b4863 Test Cipher method underway
Trying to get a clever test plan under way to actually test the network
side of this. Not quite working yet
2013-02-09 01:07:56 -06:00
David Maloney ebb0f166ca Accept propper formats for SSL version
we were only accepting sloppy string values and not accepting input of
the actual symbols that OpenSSL expects in the first place. Allow the
user to enter it right themselves to be compat with OpenSSL
2013-02-09 00:40:58 -06:00
David Maloney 38d0a244fd Beginings of the actual scanner
configuration and configuration validation in place with tests.
2013-02-09 00:03:58 -06:00
Meatballs 595cace025 Fixup wldap32 mistakes 2013-02-08 22:25:07 +00:00
Meatballs a980419285 msftidy 2013-02-08 21:02:37 +00:00
Meatballs a6fea39583 Change to wldap to allow cdecl 2013-02-08 21:01:22 +00:00
Meatballs a9bf09aa06 Add calling conv to railgun 2013-02-08 19:26:33 +00:00
David Maloney 3295157f78 More support for various checks 2013-02-08 13:25:49 -06:00
James Lee 5b3b0a8b6d Merge branch 'dmaloney-r7-http/auth_methods' into rapid7 2013-02-08 12:45:35 -06:00
David Maloney dfc7ce9381 fix stupid datat structure
also supports a boolean value for whether the cipher is weak or not
2013-02-08 11:33:36 -06:00
James Lee 071df7241b Merge branch 'rapid7' into sonicwall_gms
Conflicts:
	modules/exploits/multi/http/sonicwall_gms_upload.rb

Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
2013-02-07 21:53:49 -06:00
James Lee bf28be7cff Fix some comments that yard parsed incorrectly 2013-02-07 18:36:04 -06:00
David Maloney 5c9f946927 empty shells for the scanner and its specs 2013-02-07 16:16:41 -06:00
David Maloney 096360261e De-dup cipher results 2013-02-07 16:09:47 -06:00
David Maloney 4e87bf4ab3 Add enumeration and support options
i lied, there's more. Adds two enumerators and methods to check for
specific ssl version support as well as a quick method to tell if the
server supports ssl at all.
2013-02-07 15:51:07 -06:00
David Maloney 10e017ae73 finish up the SSLScan::Result class
finishes up result class for SSLScan , compelte with tests
2013-02-07 14:56:26 -06:00
David Maloney 7036365e04 Start adding sslscan results object
Building out the result object for the SSlScan
2013-02-07 12:42:18 -06:00
James Lee a15889305a Return a Request object
Still changes the return type, but now at least .to_s will give you the
right thing and at least a Request object is a logical thing to return.
2013-02-06 18:56:06 -06:00
David Maloney ebd03ccceb Allow user to set ssl cipher
Rex::Socket::Tcp now allows the user to specify a cipher or ciphers to
try and use for the ssl connection in addition to the version.
2013-02-06 16:57:47 -06:00
David Maloney 888bb80ab6 more comments 2013-02-05 11:55:12 -06:00
David Maloney 16b4fb1faa Added some comment documentation 2013-02-05 10:36:51 -06:00
David Maloney 463a45ccaf if we don't support the auth return original res
make sure we return the original 401 if we don't support the auth.
2013-02-05 09:57:33 -06:00
David Maloney af6b0615fb fix pipelining
winrm is unforgiving of pipelining from non ntlm requests into the
challenge response cycle. we must clear our initial tcp session before
starting ntlm auth for winrm
2013-02-04 16:42:24 -06:00
David Maloney 9b84e5b3c4 Fix raw requests to work as well as cgi 2013-02-04 13:59:58 -06:00
David Maloney 9497e38ef7 Fix http login scanner
Fix the http_login scanner to use new buitin auth
2013-02-04 12:31:19 -06:00
David Maloney 8d817dcbb5 fix iis digest support mistake
Digest auth working automatically
2013-02-01 15:49:18 -06:00
David Maloney 6c12fa26bc oodles of small fixes
Basic, NTLM and Negotiate auth all working transparently
Have to test digest auth still
2013-02-01 15:12:11 -06:00
David Maloney 61969d575b remove mixin require, more datastore clenaup 2013-02-01 15:12:11 -06:00
David Maloney efe0947286 Start fixing datastore options 2013-02-01 15:12:11 -06:00
David Maloney ef1fc58e5e Remove mixin, start moving into Rex
move auth awareness into rex itself
2013-02-01 15:12:11 -06:00
jvazquez-r7 1e1cbd7445 Merge branch 'wldap32_railgun' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-wldap32_railgun 2013-01-30 21:01:31 +01:00
sinn3r fc833ea8df Catch exceptions and return value 2013-01-28 10:30:59 -06:00
rogueclown 169f91159e added 'from' PID to meterpreter migrate message 2013-01-27 21:18:49 -06:00
Rob Fuller 27aae87c18 Stop aggravating default show screenshot
A better fix would have it detect default browsers 
as being text only like lynx. But this has got to
go one way or another. Loosing shell because I forgot
to do -v false is wall punch worthy
2013-01-24 22:06:51 -05:00
HD Moore d6ed6cd5e4 Fix a stack overflow in bidirectional pipe 2013-01-22 00:27:03 -06:00
Meatballs1 567185ec65 Better cleanup and address comments 2013-01-20 00:19:17 +00:00
Meatballs1 4ee80e76bd msftidy wldap32 2013-01-19 23:15:20 +00:00
Tod Beardsley 9f42abdb95 Whitespace fixup 2013-01-18 15:44:52 -06:00
Tod Beardsley 0c3e7ee3e0 Merge remote-tracking branch 'Meatballs1/reboot_force2' 2013-01-18 15:01:51 -06:00
Tod Beardsley bfd58e9570 Add a comment doc for future parser writers 2013-01-18 14:59:41 -06:00
Tod Beardsley ef97b20cb7 Merge branch 'wds_unattend' 2013-01-18 14:42:00 -06:00
James Lee 4fd4af1f43 Fix typo that breaks record_mic command 2013-01-16 16:30:38 -06:00
kernelsmith 3210c5382e undo vestiges of attempt to add tab_complete nesting
return code to original state before I started editing
2013-01-16 00:49:54 -06:00
kernelsmith 3c44769bd8 attempt to add nested tab completion 2013-01-14 14:15:13 -06:00
sinn3r 90b0a7035b Recover the prompt again 2013-01-13 13:24:48 -06:00
Spencer McIntyre b178ce1895 allow the mixin to auto detect an available decoder binary 2013-01-12 17:31:11 -05:00
sinn3r 2f2a5c1d47 [FixRM: #2100] Rescue TerminateLineInput in irb
In irb, when you hit ^c, you will get an ugly backtrace. This
fix handles that exception.
2013-01-12 01:43:40 -06:00
sinn3r 4546d147d0 Merge branch 'master' of github.com:stephenfewer/metasploit-framework into stephenfewer-master 2013-01-11 01:43:45 -06:00
James Lee 19ff7f93ae Merge remote-tracking branch 'wchen-r7/encoder_fixes' into rapid7 2013-01-10 17:41:08 -06:00
James Lee 0f346dde9e Some whitespace and ruby -c fixes 2013-01-10 17:29:54 -06:00
James Lee ab64c428ab Merge remote-tracking branch 'kernelsmith/RM7676-migrate-h' into rapid7 2013-01-10 17:24:11 -06:00
James Lee d4854606f2 Cosmetic fixes
[FixRM #7223][See #1283]
2013-01-10 17:18:25 -06:00
sinn3r 192279544b BufferRegister should be validated.
If BufferRegister is in lower-case, then gen_decoder_prefix will
return nil.  When the return value is nil, other functions like
gen_decoder() will backtrace due to a "undefined method "+" for nil"
error.  Therefore, this input should NOT be case-sensitive.

Also, if for some reason the user supplies an invalid BufferRegister,
the function should be aware of that and warn the user about the
bad input.
2013-01-10 17:14:38 -06:00
James Lee afb12983ab Merge branch 'rapid7' into kernelsmith-msfconsole-suspend 2013-01-10 16:40:27 -06:00
kernelsmith e8c239dc81 changed TODO to @todo per egypt 2013-01-10 16:35:01 -06:00
kernelsmith b3266823ba Addressed egypt's comments
-changed the suspend/resume loop logic to reduce code duplication.
-fixed up some print_*'s to remove embedded \n's
-changed formatting on some error messages
-switched comment to a TODO:
-change host_processes.select (blah} to use .find instead
-adjusted code due to remvoal of the pids.dup, resulting in arr_pids
disappearing
2013-01-10 15:40:54 -06:00
kernelsmith b11f941387 cleaned up at validate_pids conversion, fixed YARD doc
in validate_pids no longer need dup as conversion to ints was cleaned
up to use map.  Which also improved readability and allowed adding uniq
and compact, thanks egypt.
YARD doc on cmd_suspend was incorrectly organized
2013-01-10 14:59:02 -06:00
Stephen Fewer 8e6e1bc164 open up the bloxor encoder. 2013-01-10 17:39:40 +00:00
Spencer McIntyre 4c87b1ba36 escape ticks and spaces in paths 2013-01-10 09:15:24 -05:00
kernelsmith 92e8def889 adds suspend to meterp and adds full pid validation
This fully fixes RM7223 and adds the suspend command to the meterpreter
interface.
Suspend allows you to suspend and resume running processes on the
targethost.  It was originally written as a post module (and the dll
version will be submitted as such later), but egypt suggested I add it
to meterpreter
2013-01-09 23:25:32 -06:00
HD Moore 4c1e501ed0 Exploit for CVE-2013-0156 and new ruby-platform modules 2013-01-09 23:10:13 -06:00
kernelsmith 4728a59189 fixes RM7676 migrate -h doesn't produce help
also adds YARD doc to cmd_migrate in collusion with egypt.
low threat change, but still tested on Win7-32 sp0, ruby 1.9.3-p125,
Framework Version: 4.6.0-dev just for kicks
2013-01-09 16:28:04 -06:00
kernelsmith 3b8914c270 skeleton & YARD doc for cmd_suspend added
functionality untested atm.
cmd_suspend_help also added
2013-01-09 15:34:04 -06:00
Spencer McIntyre 1a98393ffa fix for OSX and remove unnecessary lines 2013-01-09 10:10:56 -05:00
sinn3r be36c4ebef Some machines are sensitive about this. 2013-01-07 22:32:43 -06:00
sinn3r 1d3c1ec7fc Merge branch 'master' of github.com:CharlieEriksen/metasploit-framework into CharlieEriksen-master 2013-01-07 19:03:35 -06:00
James Lee a0e6c7043b Add actual cdata handler
Netsparker puts requests, responses, and info for vulns inside a cdata
(which makes sense because it's usually html snippets). This commit
handles that so report_web_vuln will actually be somewhat useful. Note
that the request is ignored by report_web_vuln despite there being a
place for it in the WebVuln model.

[SeeRM #7665]
2013-01-07 17:16:48 -06:00
James Lee 8bfca52941 Clear state for new vulns
[FixRM #7665]
2013-01-07 16:27:40 -06:00
James Lee 3f9c459545 Fix ArgumentError when importing netsparker xml 2013-01-07 12:21:08 -06:00
Charlie Eriksen 25cadf8b87 Adding exploit for CVE 2012-4915
Initial commit.

Major functionality working. A bit of polish is still needed in a few
spots to handle exceptions and such.
2013-01-05 14:21:02 +00:00
Meatballs1 04714893c8 Add force option to reboot command 2013-01-04 09:20:56 +00:00
Spencer McIntyre 3c039327c0 include the new mixin 2013-01-02 13:41:57 -05:00
Spencer McIntyre 7aed6e44e1 Initial commit of the Bourne shell command stager, nothing uses it yet. 2013-01-02 13:28:08 -05:00
Meatballs1 0b3143ff45 Fix railgun EOL 2012-12-30 16:32:15 +00:00
Tod Beardsley 8cd7c2783e Indentation fixes 2012-12-28 14:36:06 -06:00
Tod Beardsley 7a0a230e92 Put the coding: binary magic comment back 2012-12-28 14:16:56 -06:00
Tod Beardsley 4002759fcf Bring some sanity to the Array#packs 2012-12-28 14:16:08 -06:00
sinn3r e05b55f32d Add new functions 2012-12-28 03:48:35 -06:00
sinn3r 0344c568fd Merge branch 'smb_fixes' of git://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-smb_fixes 2012-12-18 11:38:14 -06:00
Meatballs1 378038afab Merge remote-tracking branch 'upstream/master' into wldap32_railgun 2012-12-17 17:23:43 +00:00
Meatballs1 6a92bd609a Tidying and refactoring 2012-12-17 15:29:04 +00:00
Meatballs1 b5fd3463d7 Initial working AD_LDAP lookup 2012-12-17 14:07:35 +00:00
Rob Fuller b3118afcbb Correct Railgun WriteProcessMemory var type
This is described here:
https://dev.metasploit.com/redmine/issues/7237

After change operates as expected.
2012-12-15 23:11:52 -05:00
Meatballs1 3127808f76 Revert/remove unnecessary files 2012-12-13 11:02:54 +00:00
Meatballs1 e60d10bd3d Repackage as single module pull 2012-12-13 09:40:36 +00:00
kernelsmith 11fec0bc07 adds rudimentary validity checking to pids for meterp kill
addresses redmine https://dev.metasploit.com/redmine/issues/7223, but
may not be a truly encompassing solution.  'good bandaid' as egypt put
it
2012-12-05 13:17:33 -06:00
Alexandre Maloteaux c0c3dff4e6 Several fixes for smb, mainly win 8 compatibility 2012-11-28 22:49:40 +01:00
nmonkee 937e49378c Syntax fix
Doh, missed one.
2012-11-22 09:57:08 +00:00
nmonkee 79c0507077 Fix syntax errors 2012-11-22 09:43:16 +00:00
nmonkee 088d20c5a9 Made requested changes 2012-11-22 09:28:50 +00:00
Meatballs1 e057467329 Initial attempt 2012-11-18 21:24:49 +00:00
Tasos Laskos c659b37c94 Updated indentation to use tabs 2012-11-16 23:11:48 +02:00
nmonkee f04dc587b6 made requested changes 2012-11-15 00:13:06 +00:00
Tasos Laskos 7032ef0f6f Merge remote-tracking branch 'upstream/master' into web-modules 2012-11-09 00:21:38 +02:00
nmonkee bdbf6ea9bb SAP NI Proxy Support (SAProuter) - see http://labs.mwrinfosecurity.com/blog/2012/09/13/sap-smashing-internet-windows 2012-11-06 21:16:32 +00:00
HD Moore 0d6acad1a0 Updates for PR #981 (cleanup) 2012-11-02 15:47:52 -05:00
HD Moore 0bf5f63d67 Merge branch 'master' into feature/addp-modules 2012-11-02 15:41:03 -05:00
HD Moore 52f0bca9be Merge branch 'master' into feature/addp-modules 2012-11-02 15:40:36 -05:00
Tasos Laskos 33502b52b0 Rex::Text.refine: removed redundant Array operations 2012-11-02 16:10:42 +02:00
Tasos Laskos 385d225305 Updated support for Web modules and analysis techniques (committing to new clean branch due to corruption) 2012-11-01 21:14:38 +02:00
jvazquez-r7 c27a4d5de2 Merge branch 'master' into bug/handle-100-continue 2012-10-31 18:56:33 +01:00
James Lee d0650dfb25 Put a bandaid over getsockname
Depending on how a socket was created, #getsockname will return either a
struct sockaddr as a String (the default ruby Socket behavior) or an
Array (the extend'd Rex::Socket::Tcp behavior). Avoid the ambiguity when
generating SSL certificates for meterpreter handlers by always picking a
random hostname.

This is by no means a proper fix for the underlying problem of
Socket#getsockname having ambiguous behavior before and after being
extended with Rex::Socket::Tcp. It does, however, solve the immediate
problem of not being able to create tunneled meterpreter sessions over
http(s) sessions.

[SeeRM #7350]
2012-10-29 22:45:46 -05:00