infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
19,070 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

6307 Commits (9b773dd6f9a0e04fc6bd64eafec09d97ce088b90)

Author SHA1 Message Date
David Maloney 1869cb5f8d fix timeout 
20 seconds is way too long for jsut opening a socket
 2013-02-26 13:20:16 -06:00
James Lee 5ac20e1b02 Merge branch 'feature/http/authv2' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/http/authv2 
Conflicts:
	lib/rex/proto/http/client.rb
 2013-02-26 12:08:00 -06:00
David Maloney c104fa6d97 Add spec and a few fixes for set_uri 2013-02-26 11:01:16 -06:00
Brandon Turner 75a36ce171 Merge pull request #1154 from todb/feature/go_pro 2013-02-26 01:09:24 -06:00
Tod Beardsley 08275e8d83 Process.spawn instead of system 
Per @bturner-r7's comment here:

https://github.com/rapid7/metasploit-framework/pull/1514#discussion_r3129535
 2013-02-25 19:49:02 -06:00
Tod Beardsley 8cff88efac Change from web ui to community / pro 2013-02-25 15:45:55 -06:00
David Maloney d9627151c0 Add socket context option 
Add the option for a socket context so pivoting will work
 2013-02-25 15:01:42 -06:00
Brandon Turner b6458d2bfa Update MDM gem in gemcache 2013-02-25 15:01:08 -06:00
James Lee 1ce86b7adb Whitespace 2013-02-25 14:29:10 -06:00
James Lee e41922853e Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-25 14:15:22 -06:00
Tasos Laskos 0421cff913 Exploit::Remote::Web#perform_request: timeout set to 10 2013-02-25 19:49:39 +02:00
Tod Beardsley 2141492654 Per @brandont comment, use exit status instead. 2013-02-24 15:24:21 -06:00
HD Moore ed93a7932c Clean up Iconv usage and fix indents 2013-02-24 13:11:15 -06:00
HD Moore b1355fa326 Avoid utf8 regular expression error in Ruby 2.0 2013-02-24 13:10:40 -06:00
HD Moore 8e8fecd208 Prefer String#encode over Iconv for Ruby 2.0 compat 2013-02-24 13:10:16 -06:00
HD Moore 9d9d83cf8b Implement per-target arch/platform searches SeeRM #7754 2013-02-24 11:06:29 -06:00
Tod Beardsley 5e1119e2ed A little more error handling for browser launches 
Implement a timeout and deal with the case where xdg-open isn't
avialable for whatever reason.
 2013-02-24 10:23:12 -06:00
Tod Beardsley 8010cdbd8b Shuffled methods around 2013-02-24 09:33:15 -06:00
Tod Beardsley 8caedd4290 Can't apt-get install inside msfconsole 
At least, you can't and expect the service to connect correctly. You
must exit msfconsole and restart it for the migrations to take place.
 2013-02-23 23:41:14 -06:00
Tod Beardsley a7c0d62106 Cleanup after some testing 2013-02-23 23:33:08 -06:00
Tod Beardsley d5a074283a Fill in the details of starting, launching, etc 2013-02-23 22:38:29 -06:00
Tod Beardsley a3886a1a6b No smartquotes plz 2013-02-23 17:17:18 -06:00
Tod Beardsley b80343817c Skeleton for acutally go_pro'ing 2013-02-23 09:48:18 -06:00
Tod Beardsley 90a1dcffa3 Adds a random banner offering go_pro 2013-02-23 09:36:06 -06:00
Tod Beardsley 2af930f1ff Adds msfbase_dir, switches on apt existance 2013-02-23 09:19:31 -06:00
Tod Beardsley 0977d1a9b0 help shouldn't go past 80 columns 2013-02-23 08:49:47 -06:00
Tod Beardsley 7509501b18 Adding a go_pro command 2013-02-23 08:46:51 -06:00
sinn3r aa007b9e0a Updates 2013-02-22 20:07:16 -06:00
James Lee fc07bf16e7 Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-22 15:41:49 -06:00
sinn3r 56fa5ead37 Initial version of js_property_spray 2013-02-22 10:21:20 -06:00
James Lee c423ad2583 Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7 2013-02-21 15:30:43 -06:00
David Maloney d15e202f19 Add some YARD docs 2013-02-20 18:47:20 -06:00
David Maloney 8d2233bbdd first minor cleanup 2013-02-20 15:33:24 -06:00
David Maloney accd620843 Clean up pry 2013-02-19 23:50:30 -06:00
David Maloney 6abbbeb3ca put gemcache for methodsource back 2013-02-19 22:17:25 -06:00
David Maloney ac6fdf24a2 Fix winrm mixin from revert merge 2013-02-19 22:01:43 -06:00
David Maloney b2563dd6c2 trying to clean up the mess from the revert 2013-02-19 21:25:37 -06:00
David Maloney dac1147473 merge client config into opts 2013-02-19 19:41:42 -06:00
David Maloney de4234f0ad Some more YARD docs 2013-02-19 18:48:03 -06:00
David Maloney a4905e43a2 Fix the way creds are passed + YARD 
some ayrddocs on send_auth plus fix the wierd way i was passing creds
around
 2013-02-19 18:40:39 -06:00
Tod Beardsley 3949c851a4 Was, indeed, missing an or pipe 2013-02-19 17:53:48 -06:00
Tod Beardsley d81f177ab6 Adding Nemski's fix 
[FixRM #7451]
 2013-02-19 17:51:51 -06:00
David Maloney 0662677a72 First minor cleanup sweep 2013-02-19 17:19:16 -06:00
James Lee 4703278183 Move SMB mixins into their own directory 2013-02-19 12:55:06 -06:00
James Lee ede804e6af Make psexec mixin a bit better 
* Removes copy-pasted code from psexec_command module and uses the mixin
  instead

* Uses the SMB protocol to delete files rather than psexec'ing to call
  cmd.exe and del

* Replaces several instances of "rescue StandardError" with better
  exception handling so we don't accidentally swallow things like
  NoMethodError

* Moves file reading and existence checking into the Exploit::SMB mixin
 2013-02-19 12:33:19 -06:00
James Lee 867ab2f269 Whitespace 2013-02-18 19:01:03 -06:00
James Lee b72d2b59f8 Add logging in case of exceptions during rm 2013-02-18 18:02:51 -06:00
corelanc0d3r 0d4a6c6a04 support for searchforward option in egghunter 2013-02-18 12:45:49 +01:00
David Maloney d23ca8f599 Merge branch 'master' into feature/http/authv2 
Conflicts:
	lib/rex/proto/http/client.rb
 2013-02-17 22:58:23 -06:00
David Maloney 87d9af585e fix request_raw 2013-02-17 21:35:19 -06:00
David Maloney dd26b08197 first run at Clientrequest object 
need a reliable object class for request_raw and request_cgi so that we
can manipulate requests in a safe and sane manner. It is not a eprfect
solution, but should fix what we need for the auth work.
 2013-02-17 19:25:27 -06:00
James Lee a902480576 Break out subclasses into their own files 2013-02-17 06:57:35 -06:00
James Lee 0938190063 Merge branch 'rapid7' into R3dy-psexec-mixin2 2013-02-17 06:08:09 -06:00
James Lee aea76a56de Add some docs to FtpServer 2013-02-13 14:39:19 -06:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444 
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
 2013-02-11 20:49:55 -06:00
David Maloney adfd26eb2d Cleanup to_s output 2013-02-11 17:08:14 -06:00
jvazquez-r7 d4d41f36d4 Merge branch 'bug/basic_auth' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-bug/basic_auth 2013-02-11 21:16:35 +01:00
David Maloney f90fdcd5eb Missed nil check 2013-02-11 13:14:05 -06:00
David Maloney 0ccf7dd58a trust any manualy set basic auth header 
for now we will assume the module author knows what they are doing.
 2013-02-11 13:06:26 -06:00
sinn3r 6e9232bf72 Merge branch 'addr_hex_dump' of github.com:Meatballs1/metasploit-framework into Meatballs1-addr_hex_dump 2013-02-11 11:31:54 -06:00
David Maloney 84534caae1 Fix expliciti basic_auth for http 2013-02-11 10:32:44 -06:00
David Maloney 0f9b16d07f Scanner class finished, result needs more work 
the result class needs a nice clean to_s method to print easily readable
output. mostly working now. a few more tweaks needed.
 2013-02-09 19:06:17 -06:00
Meatballs acdd952eb2 Initial commit 2013-02-09 21:50:12 +00:00
David Maloney c25d4b4863 Test Cipher method underway 
Trying to get a clever test plan under way to actually test the network
side of this. Not quite working yet
 2013-02-09 01:07:56 -06:00
David Maloney ebb0f166ca Accept propper formats for SSL version 
we were only accepting sloppy string values and not accepting input of
the actual symbols that OpenSSL expects in the first place. Allow the
user to enter it right themselves to be compat with OpenSSL
 2013-02-09 00:40:58 -06:00
David Maloney 38d0a244fd Beginings of the actual scanner 
configuration and configuration validation in place with tests.
 2013-02-09 00:03:58 -06:00
nemski b8b445c834 Update lib/msf/core/auxiliary/login.rb 
Fix for Bug #7451
 2013-02-09 15:32:47 +11:00
Meatballs 595cace025 Fixup wldap32 mistakes 2013-02-08 22:25:07 +00:00
Meatballs a980419285 msftidy 2013-02-08 21:02:37 +00:00
Meatballs a6fea39583 Change to wldap to allow cdecl 2013-02-08 21:01:22 +00:00
Meatballs a9bf09aa06 Add calling conv to railgun 2013-02-08 19:26:33 +00:00
David Maloney 3295157f78 More support for various checks 2013-02-08 13:25:49 -06:00
James Lee 99218d142b Merge branch 'rapid7' into R3dy-psexec-mixin2 2013-02-08 12:48:06 -06:00
James Lee 5b3b0a8b6d Merge branch 'dmaloney-r7-http/auth_methods' into rapid7 2013-02-08 12:45:35 -06:00
James Lee 2b3c8a68ad Merge remote-tracking branch 'tasos-r7/feature/web_http_request_opts_override' into rapid7 2013-02-08 12:45:02 -06:00
James Lee d2c7dbe160 Merge remote-tracking branch 'wchen-r7/type_error_dir_scanner' into rapid7 2013-02-08 12:39:08 -06:00
sinn3r 8798567d79 Fix bug: TypeError can't convert Fixnum into String 
wmap_target_port is retrieved from datastore['RPORT'], and that's a
Fixnum. But wmap_base_url is treating that like a String, so when a
module uses that function, it's doomed.

See:
http://dev.metasploit.com/redmine/issues/7748
 2013-02-08 12:05:27 -06:00
David Maloney dfc7ce9381 fix stupid datat structure 
also supports a boolean value for whether the cipher is weak or not
 2013-02-08 11:33:36 -06:00
James Lee 071df7241b Merge branch 'rapid7' into sonicwall_gms 
Conflicts:
	modules/exploits/multi/http/sonicwall_gms_upload.rb

Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
 2013-02-07 21:53:49 -06:00
James Lee e535a3e93f Guard against running broken method on non-windows 
This just puts a bandaid around the issue and makes it so FileDropper
doesn't completely break java and posix meterpreter sessions.

[SeeRM #7721]
 2013-02-07 21:10:27 -06:00
James Lee 16a0ab1933 Fix comment link and some whitespace 2013-02-07 18:37:11 -06:00
James Lee bf28be7cff Fix some comments that yard parsed incorrectly 2013-02-07 18:36:04 -06:00
James Lee 13d1045989 Works for java and native linux targets 2013-02-07 16:56:38 -06:00
David Maloney 5c9f946927 empty shells for the scanner and its specs 2013-02-07 16:16:41 -06:00
David Maloney 096360261e De-dup cipher results 2013-02-07 16:09:47 -06:00
David Maloney 4e87bf4ab3 Add enumeration and support options 
i lied, there's more. Adds two enumerators and methods to check for
specific ssl version support as well as a quick method to tell if the
server supports ssl at all.
 2013-02-07 15:51:07 -06:00
David Maloney 10e017ae73 finish up the SSLScan::Result class 
finishes up result class for SSLScan , compelte with tests
 2013-02-07 14:56:26 -06:00
David Maloney 7036365e04 Start adding sslscan results object 
Building out the result object for the SSlScan
 2013-02-07 12:42:18 -06:00
James Lee a15889305a Return a Request object 
Still changes the return type, but now at least .to_s will give you the
right thing and at least a Request object is a logical thing to return.
 2013-02-06 18:56:06 -06:00
David Maloney ebd03ccceb Allow user to set ssl cipher 
Rex::Socket::Tcp now allows the user to specify a cipher or ciphers to
try and use for the ssl connection in addition to the version.
 2013-02-06 16:57:47 -06:00
Tasos Laskos b3e828359d Web::HTTP#_request: allow Rex opt level overrides 
Allow overriding options at the Rex level when performing requests
via the Auxiliary::Web::HTTP wrapper.
 2013-02-06 01:02:46 +02:00
David Maloney 888bb80ab6 more comments 2013-02-05 11:55:12 -06:00
David Maloney 16b4fb1faa Added some comment documentation 2013-02-05 10:36:51 -06:00
David Maloney 463a45ccaf if we don't support the auth return original res 
make sure we return the original 401 if we don't support the auth.
 2013-02-05 09:57:33 -06:00
David Maloney 877fb017b6 remove negotiate requirements 
winrm can support basic, and now these modules can too, for free
 2013-02-04 16:50:43 -06:00
David Maloney af6b0615fb fix pipelining 
winrm is unforgiving of pipelining from non ntlm requests into the
challenge response cycle. we must clear our initial tcp session before
starting ntlm auth for winrm
 2013-02-04 16:42:24 -06:00
David Maloney 44d4e298dc Attempting to cleanup winrm auth 2013-02-04 15:48:31 -06:00
David Maloney c71b803413 Add invisible auth to web crawler 
the anemone web crawler now properly supports our invisible auth scheme
for rex http.
 2013-02-04 14:38:08 -06:00
David Maloney 9b84e5b3c4 Fix raw requests to work as well as cgi 2013-02-04 13:59:58 -06:00
David Maloney 413c37e506 Add invisible auth to Web::HTTP 
add the invisible auth support to tasos' http class
 2013-02-04 13:39:40 -06:00
David Maloney 0c57026065 Remove junk added earlier 
i added junk to tasos' class when we were going to attempt this a
different way. housekeeping to clean it up
 2013-02-04 13:13:08 -06:00
David Maloney 8d013d1034 Merge branch 'master' into http/auth_methods 2013-02-04 13:11:57 -06:00
David Maloney 9497e38ef7 Fix http login scanner 
Fix the http_login scanner to use new buitin auth
 2013-02-04 12:31:19 -06:00
Royce Davis 7faaa635d3 Fixed exception handling to use smb::proto 2013-02-03 18:46:41 -06:00
HD Moore 797e2604a0 Fix missing require in reverse_tcp_ssl 2013-02-03 17:41:45 -06:00
RageLtMan ffb88baf4a initial module import from SV rev_ssl branch 2013-02-03 15:06:24 -05:00
HD Moore c3801ad083 This adds an openssl CMD payload and handler 2013-02-03 04:44:25 -06:00
David Maloney 8d817dcbb5 fix iis digest support mistake 
Digest auth working automatically
 2013-02-01 15:49:18 -06:00
David Maloney 6c12fa26bc oodles of small fixes 
Basic, NTLM and Negotiate auth all working transparently
Have to test digest auth still
 2013-02-01 15:12:11 -06:00
David Maloney 61969d575b remove mixin require, more datastore clenaup 2013-02-01 15:12:11 -06:00
David Maloney efe0947286 Start fixing datastore options 2013-02-01 15:12:11 -06:00
David Maloney ef1fc58e5e Remove mixin, start moving into Rex 
move auth awareness into rex itself
 2013-02-01 15:12:11 -06:00
David Maloney c407fa9e74 add mixjn 2013-02-01 15:12:11 -06:00
David Maloney 5814c59620 move httpauth to mixin 
HttpAuth stuff gets it's own little mixin
mix it in to Exploit::Http::Client
mix in it to Auxiliary::Web::HTTP
 2013-02-01 15:12:10 -06:00
David Maloney 8e870f3654 merge in sinn3r's changes 2013-02-01 15:12:10 -06:00
jvazquez-r7 70b252dc7b Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2 2013-01-31 22:32:50 +01:00
sinn3r 95cc84f5e8 Updates normalize_uri() 
This function should not remove the trailing slash, because you may
end up getting a different HTTP response.  The new function also
allows multiple URIs as argument, and will just merge & normalize
them together. [SeeRM #7733]
 2013-01-30 15:42:21 -06:00
jvazquez-r7 1e1cbd7445 Merge branch 'wldap32_railgun' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-wldap32_railgun 2013-01-30 21:01:31 +01:00
Tod Beardsley 6002e35460 Merge pull request #1397 from wchen-r7/target_uri_fix 
normalize_uri fixes (double slashes and trailing slash)
 2013-01-29 11:26:30 -08:00
Tod Beardsley c42d4a6617 Merge for CVE-2013-0156 RoR Exploit 
Also massages the RUBY payload.
 2013-01-28 23:06:05 -06:00
James Lee 92c736a6a9 Move fork stuff out of exploit into payload mixin 
Tested xml against 3.2.10 and json against 3.0.19
 2013-01-28 21:34:39 -06:00
sinn3r 9a58b7b732 Fix normalize_uri() function 
This will make sure all the double slashes are gone.  Also, the
function description is updated to clarify its purpose.
 2013-01-28 12:10:21 -06:00
sinn3r fc833ea8df Catch exceptions and return value 2013-01-28 10:30:59 -06:00
James Lee 3fc9b5d636 Doc cleanup 2013-01-28 00:01:45 -06:00
rogueclown 169f91159e added 'from' PID to meterpreter migrate message 2013-01-27 21:18:49 -06:00
Tod Beardsley 2965fa480e Some errant spaces 2013-01-25 05:41:28 -06:00
Tasos Laskos a081389f86 Auxiliary::Web, Exploit::Remote::Web: style updates 2013-01-29 03:08:53 +02:00
Tasos Laskos 76e0305dcf Merge remote-tracking branch 'upstream/master' into web-modules 2013-01-29 01:06:26 +02:00
Rob Fuller 27aae87c18 Stop aggravating default show screenshot 
A better fix would have it detect default browsers 
as being text only like lynx. But this has got to
go one way or another. Loosing shell because I forgot
to do -v false is wall punch worthy
 2013-01-24 22:06:51 -05:00
scriptjunkie d9e1653443 Use EXITFUNC if present to save space and be more correct. 
Jump straight to payload on process failure to save space.
 2013-01-24 17:14:25 -06:00
Tasos Laskos 9aaca2eae9 Auxiliary::Web::HTTP: updated exception handling 
[FIXRM #7724]

Updated #run and #_requestto rescue and elog all exception.
 2013-01-24 22:07:17 +02:00
Trevor Rosen 60e871b8d4 Merge pull request #1365 from todb-r7/banner-logos 
Delivers Pro #41793473
 2013-01-24 09:07:41 -08:00
Tasos Laskos 477ab65d55 Exploit::Remote::Web: added #tries method 
#tries method indicates how many times we should run a module until
we establish a session.
 2013-01-23 23:05:22 +02:00
Tod Beardsley e920594534 Whitespace cleanup, no blank lines plz 2013-01-23 14:23:38 -06:00
Tod Beardsley d0382b68c7 One more backslash 2013-01-23 14:18:40 -06:00
Tod Beardsley 40dcbe0e89 Fix escaping, whitespace 
Since banners are now just data and not code, they don't need their
backslashes escaped any more.
 2013-01-23 14:16:49 -06:00
Tod Beardsley 537e12cf16 Render the banners nicely 2013-01-23 13:59:34 -06:00
HD Moore b4f5c3b6ed Fix up set_rhosts for all db commands 2013-01-23 10:10:02 -06:00
HD Moore 1477cda3d4 fix set_rhosts behavior/bugs. 
msf  exploit(rails_xml_yaml_code_exec) > hosts

Hosts
=====

address     mac                name          os_name            os_flavor  os_sp  purpose  info  comments
-------     ---                ----          -------            ---------  -----  -------  ----  --------
10.0.0.105  00:0C:29:59:65:08  VMWIN2000SP4  Microsoft Windows                    client

msf  exploit(rails_xml_yaml_code_exec) > hosts -R

Hosts
=====

address     mac                name          os_name            os_flavor  os_sp  purpose  info  comments
-------     ---                ----          -------            ---------  -----  -------  ----  --------
10.0.0.105  00:0C:29:59:65:08  VMWIN2000SP4  Microsoft Windows                    client

RHOSTS => 10.0.0.105

msf  exploit(rails_xml_yaml_code_exec) > exit
 2013-01-23 10:00:24 -06:00
sinn3r 9e5370eb2f Merge branch 'slight_speedup_to_db_hosts-R' of github.com:kernelsmith/metasploit-framework into kernelsmith-slight_speedup_to_db_hosts-R 2013-01-23 00:20:55 -06:00
James Lee ff7756cd54 Make #prepends() actually work 2013-01-22 16:10:44 -06:00
Tasos Laskos 33e9f182bd Merge remote-tracking branch 'upstream/master' into web-modules 2013-01-22 23:43:25 +02:00
Tasos Laskos 6b5c6c3a0c Auxiliary::Web::Analysis::Differential 
Removed payload option from #process_vulnerability call
 2013-01-22 23:41:36 +02:00
Tasos Laskos 0d564c1ce8 Auxiliary::Web::Analysis::Timing 
Updated to pick the largest matching payload from the payload list.
 2013-01-22 23:40:30 +02:00
Tasos Laskos f2beb5bf19 Auxiliary::Web#process_vulnerability: payload fix 
Updated to pick the largest matching payload from the payload list.
 2013-01-22 23:39:16 +02:00
James Lee c37510f777 Move prependmigrate.rb for naming consistency 2013-01-22 14:15:52 -06:00
James Lee 04adaf0e9d Unstupid the prepends callback 
Windows#prepends was overriding PrependMigrate#prepends
 2013-01-22 13:56:26 -06:00
James Lee 32aa2c6d9c Make asm spacing easier to read 
Also adds a #prepends callback to Payload::Windows to make it a little
clearer what's happening.
 2013-01-22 13:25:27 -06:00
Tasos Laskos fed4a836c6 Updated proof string for Web Differential Analysis 
Manipulatable responses => Boolean manipulation
 2013-01-22 20:29:57 +02:00
Royce Davis 81625121f2 Cleaned up some code spacing 2013-01-22 09:49:03 -06:00
Raphael Mudge 4740cb09a1 Fix NoMethodError if handler has no ParentModule 
db.rb assumes that multi/handler sessions have a ParentModule defined
in their datastore. This assumption breaks when a user sets up a
multi/handler by hand to receive a session from another user (e.g.,
via multi_meter_inject).

When db.rb tries to access a member of a nil ParentModule, a
stacktrace is dumped to framework.log.
 2013-01-22 02:56:43 -05:00
HD Moore d6ed6cd5e4 Fix a stack overflow in bidirectional pipe 2013-01-22 00:27:03 -06:00
kernelsmith 52596ae3b4 add -R capability like hosts -R 
moves the set_rhosts method def out into a separate file so it can be
included by both db.rb cmd_hosts and core.rb cmd_grep
 2013-01-21 18:17:28 -06:00
jvazquez-r7 b2c7223108 Cleanup for mysql_file_enum.rb 2013-01-21 12:26:35 +01:00
kernelsmith f05e358058 replace unless rhosts.include? with rhosts.uniq! 
seems like this will speed up the process due to far less Array lookups
 2013-01-21 00:46:05 -06:00
Robin Wood 23d1eb7a80 File/dir brute forcer using MySQL 2013-01-20 21:23:58 +00:00
Meatballs1 567185ec65 Better cleanup and address comments 2013-01-20 00:19:17 +00:00
Meatballs1 4ee80e76bd msftidy wldap32 2013-01-19 23:15:20 +00:00
scriptjunkie 66d5f39057 Ensure prepend_migrate? always functions correctly. 2013-01-18 18:04:09 -06:00
scriptjunkie 6c046dfa69 Move PrependMigrate to a mixin 2013-01-18 17:45:36 -06:00
scriptjunkie 07bf36f62f Ensure shell still works if PrependMigrateProc fails to launch. 
Don't rely on GetStartupInfoA return value.
 2013-01-18 17:32:50 -06:00
scriptjunkie 52251867d8 Ensure Windows single payloads use payload backend 
This means the singles that define their own assembly will use the payload backend to generate it.
 2013-01-18 16:34:39 -06:00
scriptjunkie 16d065adfc Fix issue with singles. 
Single now plays more nicely with other mixins, so PrependMigrate works.
 2013-01-18 16:34:39 -06:00
scriptjunkie b01374904b tidy EOL spaces 2013-01-18 16:34:39 -06:00
scriptjunkie 15268cae73 Add X64 PrependMigrate support 2013-01-18 16:34:39 -06:00
scriptjunkie c97be836c3 Fix error calculating payload sizes. 
Error meant most Windows payloads were marked as incompatible with many exploits.
 2013-01-18 16:34:39 -06:00
scriptjunkie 725d4d7194 Re-use block_api code in migrate stub if possible 
Makes payload significantly smaller.
 2013-01-18 16:34:38 -06:00
scriptjunkie 0b32111a9f Revert "Revert "Merge branch 'migrator' of git://github.com/scriptjunkie/metasploit-framework into scriptjunkie-migrator"" 
This reverts commit 2436ac3a58.
 2013-01-18 16:34:38 -06:00
Tod Beardsley 9f42abdb95 Whitespace fixup 2013-01-18 15:44:52 -06:00
Tod Beardsley 0c3e7ee3e0 Merge remote-tracking branch 'Meatballs1/reboot_force2' 2013-01-18 15:01:51 -06:00
Tod Beardsley bfd58e9570 Add a comment doc for future parser writers 2013-01-18 14:59:41 -06:00
Tod Beardsley ef97b20cb7 Merge branch 'wds_unattend' 2013-01-18 14:42:00 -06:00
Royce Davis a2f66a8fef Fixed msftidy complaints 2013-01-18 09:33:44 -06:00
Royce Davis 00a9c72595 Fixed exception handeling. No longer using rescure StandardError 2013-01-17 19:02:13 -06:00
kernelsmith 6e8e7a407d adds a .nil? check as well 2013-01-17 00:30:58 -06:00
kernelsmith 7090a4a82f adds check for empty data b4 sending to parser [RM7269] 
[fixes RM7269]
we discussed the solution to this bug a lot on IRC and in the ticket
itself, the consensus was to fix it as far upstream as possible before
sending to the parsers so as to avoid any future bugs of the same
nature, so this commit adds a check to import_nmap_xml to see if the
data is empty before passing it on to the parser, whether that parser
is nokogiri or the legacy parser.
db_nmap -h now produces the expected output and db_nmap still works as
expected.
 2013-01-17 00:18:13 -06:00
James Lee 4fd4af1f43 Fix typo that breaks record_mic command 2013-01-16 16:30:38 -06:00
Royce Davis f7571d89de Fixed cleanup_after funciton to mimic file_dropper but not use file_dropper 2013-01-16 09:56:27 -06:00
kernelsmith b1dbbe3baa msftidy eol fixes 2013-01-16 00:59:45 -06:00
kernelsmith 3210c5382e undo vestiges of attempt to add tab_complete nesting 
return code to original state before I started editing
 2013-01-16 00:49:54 -06:00
kernelsmith f7195fb5b5 handle unknown commands more informatively 
before it just returned nothing, now it prints the familiar "Unkown
command: " message
 2013-01-16 00:39:22 -06:00
sinn3r c621e83ffe Merge branch 'feature/stage_encoding' of github.com:jlee-r7/metasploit-framework into jlee-r7-feature/stage_encoding 2013-01-15 23:31:40 -06:00
kernelsmith 204b43b0d3 fix typo in args.shift 2013-01-15 22:44:55 -06:00
kernelsmith 2a6a833931 prompt fixes (restores prompt context) & normalization 
Msf::Ui::Console::Driver::DefaultPrompt and
Msf::Ui::Console::Driver::Default should be used when default is desired
 2013-01-15 22:24:36 -06:00
kernelsmith ad8516eacf fixed prompt issue, still need to restore context 
see line 2519 area.
msf  exploit(psexec) > grep -i -A 2 encoding show
<snip>
msf>
 2013-01-15 17:57:28 -06:00
kernelsmith 4d33742482 fixed bug with -A 2013-01-15 17:35:57 -06:00
kernelsmith 86e4bb2db5 yard doc fixed and added for all _tabs methods 2013-01-15 16:42:02 -06:00
Royce Davis 6773a10632 Made changes to cleanup to use file_dropper instead 2013-01-15 16:24:16 -06:00
kernelsmith c60556389f add yard doc and allow for -A and -B at same time 2013-01-15 16:22:04 -06:00
James Lee 26b40666ce Merge branch 'rapid7' into feature/stage_encoding 2013-01-15 15:10:58 -06:00
Royce Davis 7361e1041f Merge commit '5e8f388ab8425bf2ef4c2fe33e6133b99ceb46d4' into psexec-mixin2 2013-01-15 14:49:21 -06:00
Royce Davis 6f17ed96db Merge https://github.com/rapid7/metasploit-framework into psexec-mixin2 2013-01-15 14:48:20 -06:00
James Lee af2b1ec25b Clean up doc comments 2013-01-15 14:22:11 -06:00
James Lee ee14c1c613 Merge remote-tracking branch 'R3dy/psexec-mixin2' into rapid7 2013-01-15 12:58:50 -06:00
James Lee 4883cf4b01 Minor doc comment additions 2013-01-15 12:49:43 -06:00
James Lee d36e38fca6 Move encoding into handle_connection 
* Allows payloads that override generate_stage to still take advantage
  of stage encoding
* Also adds doc comments for a few methods
 2013-01-15 10:34:31 -06:00
Tod Beardsley 9d4366fdab Merge remote-tracking branch 'wchen-r7/irb_terminatelineinput' 2013-01-15 01:50:15 -08:00
Tod Beardsley 6064dfcb71 Merge remote-tracking branch 'wchen-r7/fail_to_reload_fix' 2013-01-15 01:43:07 -08:00
kernelsmith 9ad726167e changes to address scriptjunkie's rpc concerns 
as described in https://github.com/rapid7/metasploit-framework/pull/820
 2013-01-14 17:14:48 -06:00
James Lee a1e853500f Merge branch 'bug/optint_empty' into feature/stage_encoding 2013-01-14 15:50:39 -06:00
James Lee 21c18b78e6 Don't bother nil check, to_s handles it 2013-01-14 15:47:58 -06:00
James Lee 0c90171fa7 Deal with alread-normalized ints 
[See #1308][See #1304]
 2013-01-14 15:31:14 -06:00
James Lee fb19ec1005 Merge branch 'rapid7' into feature/stage_encoding 2013-01-14 15:20:23 -06:00
sinn3r b2ecb18a71 Allow OptInt to pass "" for special reasons 
Cheap fix
 2013-01-14 14:55:48 -06:00
kernelsmith 9bb2dddf99 adds @todo for when tab_comp norm is completed 
tab_completion normalization is RM7649
 2013-01-14 14:53:31 -06:00
sinn3r 07d15baf89 Merge branch 'bug/opt_int_hex' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/opt_int_hex 2013-01-14 14:40:25 -06:00
James Lee bbb3fa25be Allow negative values for OptInt 
[FixRM #7540]
 2013-01-14 14:18:56 -06:00
kernelsmith 7ca9a216f4 Merge remote-tracking branch 'upstream/master' into msfconsole-grep 2013-01-14 14:15:32 -06:00
kernelsmith 3c44769bd8 attempt to add nested tab completion 2013-01-14 14:15:13 -06:00
James Lee b3b68c1b90 Make stage encoding possible 
* Fixes a bug in shikata where input greater than 0xffff length would
  still use 16-bit counter
* Short circuits finding bad xor keys if there are no bad characters to
  avoid
* Fixes huge performance issue with large inputs to xor-based encoders
  due to the use of String#+ instead of String#<< in a loop. It now
  takes ~3 seconds on modern hardware to encode a 750kB buffer with
  shikata where it used to take more than 10 minutes. The decoding side
  takes a similar amount of time and will increase the wait between
  sending the second stage and opening a usable session by several
  seconds.

I believe this addresses the intent of pull request 905

[See #905]
 2013-01-13 21:07:39 -06:00
James Lee 0d34e0b249 Fix regex for hex numbers 2013-01-13 20:53:40 -06:00
sinn3r 90b0a7035b Recover the prompt again 2013-01-13 13:24:48 -06:00
kernelsmith 7f90082bec grep tab complete is working, but not fully 
options tab complete, but not the commands at the end
 2013-01-13 03:06:56 -06:00
kernelsmith d9990829d9 fixes some issues with -k and -s 2013-01-13 02:39:56 -06:00
kernelsmith 1646fc8faa Merge remote-tracking branch 'upstream/master' into msfconsole-grep 2013-01-13 02:18:54 -06:00
kernelsmith e7372250d2 added -k keep and -s skip 2013-01-13 02:18:45 -06:00
Spencer McIntyre b178ce1895 allow the mixin to auto detect an available decoder binary 2013-01-12 17:31:11 -05:00
James Lee 4703a6f737 Unbreak OptInt hex syntax 
* Fix spec for no-longer-pending tests
* Fix regex in OptInt#valid? to allow hex syntax again

[See #1293][See #1296]
 2013-01-12 14:17:29 -06:00
sinn3r 2f2a5c1d47 [FixRM: #2100] Rescue TerminateLineInput in irb 
In irb, when you hit ^c, you will get an ugly backtrace. This
fix handles that exception.
 2013-01-12 01:43:40 -06:00
sinn3r b388f2357c Reset modules_cached flag when database disconnects 2013-01-12 00:08:30 -06:00
HD Moore 06fb8f5443 Merge pull request #1293 from wchen-r7/optint_valid 
Fix OptInt's valid?() function
 2013-01-11 17:29:27 -08:00
sinn3r 8c04df4a47 [FixRM: #7535] Missing normalize() in OptPort 
[FixRM: #7535] - Sometimes OptPort can return as a String instead
of Fixnum because OptPort is missing the normalize() function.
 2013-01-11 18:34:27 -06:00
sinn3r 0347b173eb Fix OptInt's valid?() function 
[FixRM #7539] - The valid?() function will first normalize() the
user-supplied input before validation.  The problem is that the
normalize() function will ALWAYS convert data to integer, therefore
whatever you validate, you will always get true.  For example:
when I do "yomama".to_i, that returns 0, and of course will pass
integer validation.
 2013-01-11 16:27:33 -06:00
Spencer McIntyre ce4aa606e7 change DECODER OptString to OptEnum per egypt's recommendation 2013-01-11 14:34:23 -05:00
sinn3r 4546d147d0 Merge branch 'master' of github.com:stephenfewer/metasploit-framework into stephenfewer-master 2013-01-11 01:43:45 -06:00
sinn3r aa36b65aee [FixRM #7673] "Failed to reload" error. 
When db_disconnect is issued, this funtion does not update the status
of self.migrated to false.  So when another reload command is used,
the update_module_details function will still try to connect to the
database, which causes the "Failed to reload" error.
 2013-01-11 01:10:56 -06:00
James Lee 19ff7f93ae Merge remote-tracking branch 'wchen-r7/encoder_fixes' into rapid7 2013-01-10 17:41:08 -06:00
James Lee 0f346dde9e Some whitespace and ruby -c fixes 2013-01-10 17:29:54 -06:00
James Lee ab64c428ab Merge remote-tracking branch 'kernelsmith/RM7676-migrate-h' into rapid7 2013-01-10 17:24:11 -06:00
James Lee d4854606f2 Cosmetic fixes 
[FixRM #7223][See #1283]
 2013-01-10 17:18:25 -06:00
sinn3r 192279544b BufferRegister should be validated. 
If BufferRegister is in lower-case, then gen_decoder_prefix will
return nil.  When the return value is nil, other functions like
gen_decoder() will backtrace due to a "undefined method "+" for nil"
error.  Therefore, this input should NOT be case-sensitive.

Also, if for some reason the user supplies an invalid BufferRegister,
the function should be aware of that and warn the user about the
bad input.
 2013-01-10 17:14:38 -06:00
James Lee afb12983ab Merge branch 'rapid7' into kernelsmith-msfconsole-suspend 2013-01-10 16:40:27 -06:00
kernelsmith e8c239dc81 changed TODO to @todo per egypt 2013-01-10 16:35:01 -06:00
Royce Davis b702263bbf Added fix form Eric Milam to simple.disconnect 2013-01-10 16:33:03 -06:00
kernelsmith b3266823ba Addressed egypt's comments 
-changed the suspend/resume loop logic to reduce code duplication.
-fixed up some print_*'s to remove embedded \n's
-changed formatting on some error messages
-switched comment to a TODO:
-change host_processes.select (blah} to use .find instead
-adjusted code due to remvoal of the pids.dup, resulting in arr_pids
disappearing
 2013-01-10 15:40:54 -06:00
James Lee 7fd3440c1a Fix hd's attempt to rename ruby payloads 2013-01-10 15:25:50 -06:00
James Lee 4fcb8b6f8d Revert "Rename again to be consistent with payload naming" 
This reverts commit 0fa2fcd811.
 2013-01-10 15:24:25 -06:00
kernelsmith b11f941387 cleaned up at validate_pids conversion, fixed YARD doc 
in validate_pids no longer need dup as conversion to ints was cleaned
up to use map.  Which also improved readability and allowed adding uniq
and compact, thanks egypt.
YARD doc on cmd_suspend was incorrectly organized
 2013-01-10 14:59:02 -06:00
Tod Beardsley 6a10857daf Merge remote-tracking branch 'bturner-r7/set_gem_path' 2013-01-10 12:55:55 -08:00
HD Moore 0fa2fcd811 Rename again to be consistent with payload naming 2013-01-10 14:16:37 -06:00
HD Moore 88b08087bf Renamed and made more robust 2013-01-10 14:05:29 -06:00
Stephen Fewer 8e6e1bc164 open up the bloxor encoder. 2013-01-10 17:39:40 +00:00
Spencer McIntyre 4c87b1ba36 escape ticks and spaces in paths 2013-01-10 09:15:24 -05:00
kernelsmith 92e8def889 adds suspend to meterp and adds full pid validation 
This fully fixes RM7223 and adds the suspend command to the meterpreter
interface.
Suspend allows you to suspend and resume running processes on the
targethost.  It was originally written as a post module (and the dll
version will be submitted as such later), but egypt suggested I add it
to meterpreter
 2013-01-09 23:25:32 -06:00
HD Moore 4c1e501ed0 Exploit for CVE-2013-0156 and new ruby-platform modules 2013-01-09 23:10:13 -06:00
Tod Beardsley 950902f856 Add a tasteful URL to some banners. 2013-01-09 22:33:30 -06:00
Tod Beardsley 6f26e9efb2 More banner sanity checking. 2013-01-09 22:32:53 -06:00
Royce Davis 13140d05b1 Added some methods for checkout output and cleanup 2013-01-09 21:14:19 -06:00
Tod Beardsley 12f0501f2f Add a little erorr checking, another cow 2013-01-09 20:38:14 -06:00
Tod Beardsley a0ba2f4951 Seperate data from code 
Banners are content more than anything.
 2013-01-09 19:54:08 -06:00
kernelsmith 4728a59189 fixes RM7676 migrate -h doesn't produce help 
also adds YARD doc to cmd_migrate in collusion with egypt.
low threat change, but still tested on Win7-32 sp0, ruby 1.9.3-p125,
Framework Version: 4.6.0-dev just for kicks
 2013-01-09 16:28:04 -06:00
sinn3r a158611c95 Merge branch 'tasos-r7-web-modules' 2013-01-09 16:14:16 -06:00
sinn3r 8b25599feb Merge branch 'web-modules' of github.com:tasos-r7/metasploit-framework into tasos-r7-web-modules 2013-01-09 16:14:04 -06:00
kernelsmith 3b8914c270 skeleton & YARD doc for cmd_suspend added 
functionality untested atm.
cmd_suspend_help also added
 2013-01-09 15:34:04 -06:00
jvazquez-r7 7a1a9985d5 Merge branch 'mysql_login_exceptions' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mysql_login_exceptions 2013-01-09 18:21:03 +01:00
sinn3r 6490af720b Make failures more verbose so people know what's going on 2013-01-09 11:11:26 -06:00
Tasos Laskos 5ac6060fc1 Auxiliary::Web::HTTP_request: Updated to return an empty response on reset connections 2013-01-09 19:06:51 +02:00
Tasos Laskos 74cdd918af Auxiliary::Web::HTTP#run: don't allow connection or callback errors to abort the whole operation 2013-01-09 18:38:09 +02:00
Spencer McIntyre d79a3c8e6b list valid DECODER values and add the sshexec module 2013-01-09 10:27:22 -05:00
Spencer McIntyre 1a98393ffa fix for OSX and remove unnecessary lines 2013-01-09 10:10:56 -05:00
Royce Davis c262288541 Fixed msftidy issues 2013-01-08 15:35:20 -06:00
Royce Davis 3e1ea25207 Added Yard documentation 2013-01-08 15:20:13 -06:00
James Lee 95a95d45ec Fix importing msfxml files containing a session 
[See #1179][SeeRM #7669]
 2013-01-08 12:13:20 -06:00
Royce Davis c236e4e6e3 I took a stab at generating Yard documentation. I have never done it before... 2013-01-08 11:57:59 -06:00
Royce Davis 4fd196c0de Fixed typo, capitalization and column space 2013-01-08 11:52:40 -06:00
sinn3r be36c4ebef Some machines are sensitive about this. 2013-01-07 22:32:43 -06:00
sinn3r 1d3c1ec7fc Merge branch 'master' of github.com:CharlieEriksen/metasploit-framework into CharlieEriksen-master 2013-01-07 19:03:35 -06:00
sinn3r 824bd84990 I forgot to add this exception 2013-01-07 18:06:39 -06:00
sinn3r fc48cc117d Merge branch 'bug/rm7665-netsparker-import' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/rm7665-netsparker-import 2013-01-07 17:19:52 -06:00
sinn3r 83ce282a75 Merge branch 'bug/rm7665-netsparker-import' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/rm7665-netsparker-import 2013-01-07 17:18:04 -06:00
James Lee a0e6c7043b Add actual cdata handler 
Netsparker puts requests, responses, and info for vulns inside a cdata
(which makes sense because it's usually html snippets). This commit
handles that so report_web_vuln will actually be somewhat useful. Note
that the request is ignored by report_web_vuln despite there being a
place for it in the WebVuln model.

[SeeRM #7665]
 2013-01-07 17:16:48 -06:00
James Lee 8bfca52941 Clear state for new vulns 
[FixRM #7665]
 2013-01-07 16:27:40 -06:00
sinn3r 5bc1066c69 Change how modules use the mysql login functions 2013-01-07 16:12:10 -06:00
sinn3r 261e095e5e Handle exceptions in mysql_login 2013-01-07 16:02:59 -06:00
sinn3r 268de941c7 Merge branch 'tasos-r7-web-modules' 2013-01-07 13:37:32 -06:00
sinn3r b53e8c794f Fix indent level 2013-01-07 13:36:55 -06:00
James Lee 3f9c459545 Fix ArgumentError when importing netsparker xml 2013-01-07 12:21:08 -06:00
Royce Davis 7dd9d30363 Added a new mixin psexec.rb 2013-01-07 11:05:23 -06:00
Rob Fuller 986435c598 Fix typo 
Typo found by @schierlm but mentioned after the commit of pull request #1187
Info: https://github.com/rapid7/metasploit-framework/pull/1187#commitcomment-2340457
 2013-01-06 01:47:15 -05:00
sinn3r 3d3799d38d Ok... even more explicit 2013-01-05 13:39:31 -06:00
Charlie Eriksen 25cadf8b87 Adding exploit for CVE 2012-4915 
Initial commit.

Major functionality working. A bit of polish is still needed in a few
spots to handle exceptions and such.
 2013-01-05 14:21:02 +00:00
sinn3r 4ff186c23d Change the .text-too-small error message. 
The original error message apparently confuses people, and this
can be easily improved.  See the following:
https://community.rapid7.com/thread/2356
 2013-01-05 01:57:41 -06:00
Tasos Laskos e1885cab0b Merge remote-tracking branch 'upstream/master' into web-modules 2013-01-04 21:33:17 +02:00
Tasos Laskos 3d4d6e9860 Crawler aux mixin updated to catch the mysterious and anonymous timeout exception and re-raise it as a Timeout::Error 2013-01-04 21:32:18 +02:00
Meatballs1 04714893c8 Add force option to reboot command 2013-01-04 09:20:56 +00:00
sinn3r d17a6f99e5 Merge branch 'feature/deprecated-module-mixin' of github.com:jlee-r7/metasploit-framework into jlee-r7-feature/deprecated-module-mixin 2013-01-04 00:38:01 -06:00
jvennix-r7 2f0e4cbd39 Merge pull request #1179 from rapid7/bug/bap-compro-hosts 
Changes to BAP session storage
 2013-01-03 14:27:13 -08:00
James Lee d9947a1515 Add a mixin for marking deprecated modules 
* This mixin standardizes the previously ad-hoc deprecation warnings on
  modules that have been moved.

* Uses the mixin in 3 existing modules that already have (or should have
  had) deprecation warnings.
 2013-01-02 19:14:44 -06:00
Spencer McIntyre 3c039327c0 include the new mixin 2013-01-02 13:41:57 -05:00
Spencer McIntyre 7aed6e44e1 Initial commit of the Bourne shell command stager, nothing uses it yet. 2013-01-02 13:28:08 -05:00
Brandon Turner 5777968c19 Set GEM_PATH when using built-in gemcache 
This allows rubygems to work with gems loaded from lib/gemcache.
 2013-01-01 21:25:24 -06:00
Meatballs1 0b3143ff45 Fix railgun EOL 2012-12-30 16:32:15 +00:00
Tod Beardsley 8cd7c2783e Indentation fixes 2012-12-28 14:36:06 -06:00
Tod Beardsley 7a0a230e92 Put the coding: binary magic comment back 2012-12-28 14:16:56 -06:00
Tod Beardsley 4002759fcf Bring some sanity to the Array#packs 2012-12-28 14:16:08 -06:00
sinn3r e05b55f32d Add new functions 2012-12-28 03:48:35 -06:00
Tod Beardsley c695f429d5 Mirror upstream PacketFu fix on ICMP size 2012-12-27 14:56:49 -06:00
sinn3r d2dc7ebc2d Merge branch 'feature/windows-postgres-payload-dll' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/windows-postgres-payload-dll 2012-12-26 11:18:21 -06:00
Tod Beardsley 179e4cf870 Moving up to 4.6.0-dev 2012-12-24 08:40:29 -06:00
James Lee 20cc2fa38d Make Windows postgres_payload more generic 
* Adds Exploit::EXE to windows/postgres/postgres_payload. This gives us
  the ability to use generate_payload_dll() which generates a generic dll
  that spawns rundll32 and runs the shellcode in that process. This is
  basically what the linux version accomplishes by compiling the .so on
  the fly. On major advantage of this is that the resulting DLL will
  work on pretty much any version of postgres

* Adds Exploit::FileDropper to windows version as well. This gives us
  the ability to delete the dll via the resulting session, which works
  because the template dll contains code to shove the shellcode into a
  new rundll32 process and exit, thus leaving the file closed after
  Postgres calls FreeLibrary.

* Adds pre-auth fingerprints for 9.1.5 and 9.1.6 on Ubuntu and 9.2.1 on
  Windows

* Adds a check method to both Windows and Linux versions that simply
  makes sure that the given credentials work against the target service.

* Replaces the version-specific lo_create method with a generic
  technique that works on both 9.x and 8.x

* Fixes a bug when targeting 9.x; "language C" in the UDF creation query
  gets downcased and subsequently causes postgres to error out before
  opening the DLL

* Cleans up lots of rdoc in Exploit::Postgres
 2012-12-22 00:30:09 -06:00
sinn3r 9b768a2c62 Merge branch 'cleanup/post-windows-services' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-cleanup/post-windows-services 2012-12-21 23:42:17 -06:00
David Maloney be7da83feb Adds EHLO domain to smtp deliver 
Allow the user to set the EHLO domain for the smtp deliver module.
This is needed for Pro functionality

[story #41549217]
 2012-12-21 14:22:21 -06:00
Tod Beardsley 2bb7b5ea11 Fixes error message for badchar 
Note that only a custom module that allows for users to pass arguments
to nmap would be capable of hitting the error condition. Right now, only
auxiliary/scanner/oracle/oracle_login traverses the codepath, and that
doesn't allow for arbitrary args passed to nmap.

So... without contriving an example, it should be impossible to
experience or test.

[FixRM #7641]
 2012-12-21 09:59:54 -06:00
sinn3r be85cf54ab Why in a quote? 2012-12-20 10:47:23 -06:00
Sherif Eldeeb f0991f3b3b make "resp.body" as an advanced option 
created a new advanced option "HttpUknownRequestResponse" that will be sent back in the HTML body of unknown requests instead of the old static "No site configured at this address" message.
 2012-12-20 12:35:00 +03:00
sinn3r 0344c568fd Merge branch 'smb_fixes' of git://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-smb_fixes 2012-12-18 11:38:14 -06:00
sinn3r 4b56e3c862 Merge branch 'tasos-r7-web-modules' 2012-12-18 10:38:00 -06:00
sinn3r 7602e6f3ca Merge branch 'patch-6' of git://github.com/mubix/metasploit-framework into mubix-patch-6 2012-12-18 01:15:01 -06:00
Tod Beardsley 10511e8281 Merge remote branch 'origin/bug/fix-double-slashes' 
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
 2012-12-17 13:29:19 -06:00
Meatballs1 378038afab Merge remote-tracking branch 'upstream/master' into wldap32_railgun 2012-12-17 17:23:43 +00:00
Meatballs1 6a92bd609a Tidying and refactoring 2012-12-17 15:29:04 +00:00
Meatballs1 b5fd3463d7 Initial working AD_LDAP lookup 2012-12-17 14:07:35 +00:00
Rob Fuller b3118afcbb Correct Railgun WriteProcessMemory var type 
This is described here:
https://dev.metasploit.com/redmine/issues/7237

After change operates as expected.
 2012-12-15 23:11:52 -05:00
HD Moore 36bcc1f7f5 Just show the relevant part of the error message 
The full error is already in elog/dlog
 2012-12-15 13:16:00 -06:00
Samuel Huckins 4f3c6f973d Changes to BAP session storage. 
[SEERM #7294]
[Bug #40937817]

* exploit/multi/handler no longer filtered out from vuln creation and
other steps
* Name changed to parent module's name in session storage so we show something more helpful
than generic handler
* Same for vuln and attempt creation
 2012-12-13 15:35:34 -06:00
sinn3r f81ef9b68e Merge branch 'bug/reload_all' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/reload_all 2012-12-13 12:33:39 -06:00
James Lee d7f6b0c373 Remove vestiges of ModuleManager's ModuleSet origins 2012-12-13 11:23:49 -06:00
Meatballs1 3127808f76 Revert/remove unnecessary files 2012-12-13 11:02:54 +00:00
Meatballs1 e60d10bd3d Repackage as single module pull 2012-12-13 09:40:36 +00:00
sinn3r c0b214c287 Merge branch 'bindaddress' of git://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-bindaddress 2012-12-13 02:06:23 -06:00
Tod Beardsley e762ca0d9b Merge remote branch 'jlee-r7/midnitesnake-postgres_payload' 2012-12-12 15:30:56 -06:00
Tod Beardsley 0d8d5baf6d Resolve merge conflict from jlee-r7 2012-12-12 14:24:47 -06:00
James Lee 6b4e021607 Make ModuleManager Enumerable 
Fixes tools/module_* and probably some other lurking bugs
 2012-12-12 13:41:04 -06:00
Tod Beardsley e09f4e609c Merge remote branch 'jlee-r7/bug/rm7037-hash-iteration-redux' 2012-12-11 16:08:28 -06:00
James Lee a673c363fd Use a more descriptive variable name 
Also removes commented-out code.
 2012-12-10 13:36:09 -06:00
kernelsmith 11fec0bc07 adds rudimentary validity checking to pids for meterp kill 
addresses redmine https://dev.metasploit.com/redmine/issues/7223, but
may not be a truly encompassing solution.  'good bandaid' as egypt put
it
 2012-12-05 13:17:33 -06:00
James Lee bc7cd4b452 Loop through module sets like super used to do 
... since super doesn't exist any more.

Also changes to using ModuleSet#[] inside ModuleManager#[] instead of
ModuleSet#create to mimic original behavior when ModuleManager was a
subclass of ModuleSet.
 2012-12-05 12:59:35 -06:00
James Lee d57c24dd5f Use framework.payloads instead of modules 
When we know the module we're creating is definitely a payload, don't
bother looking in the other module sets.

Also removes an exception message that gets ignored anyway because the
exception class has a hard-coded #to_s
 2012-12-05 12:30:55 -06:00
Tasos Laskos 62782f0273 Auxiliary::Web::Fuzzable: removed confusing HTTP response status messages [SEERM #7586] 2012-12-05 18:49:07 +02:00
James Lee 77af4ba559 Missed a file in previous commit, thanks, travis! 2012-12-03 22:37:50 -06:00
James Lee f4476cb1b7 Really fix payload recalculation 
Instead of deleting all non-symbolics before the re-adding phase of
PayloadSet#recalculate, store a list of old module names, populate a
list of new ones during the re-adding phase, and finally remove any
non-symbolic module that was in the old list but wasn't in the new list.

Also includes a minor refactoring to make ModuleManager its own thing
instead of being an awkard subclass of ModuleSet. Now PayloadSet doesn't
need to know about the existence of framework.modules, which makes the
separation a little more natural.

[FixRM #7037]
 2012-12-03 22:23:40 -06:00
Tasos Laskos beffd1feda Auxiliary::Web::Analysis::Taint#taint_analysis: added a bit of differential logic to avoid false positives in case the default responce matches the pattern we're looking for [FIXRM #7559] 2012-12-04 00:09:54 +02:00
Tasos Laskos dafa984166 Auxiliary::Web::Fuzzable#submit: bugfixed to call http.request instead of http.request_async 2012-12-04 00:06:17 +02:00
Tasos Laskos f6c27a4494 Auxiliary::Web#find_proof: updated doc comments 2012-12-04 00:05:12 +02:00
HD Moore 30d7de3157 The db search already prints results, return after 2012-12-02 01:14:56 -06:00
HD Moore 3ae47e2089 Move the thread tracking into the update method 2012-12-02 01:07:40 -06:00
HD Moore 51673ca152 Search reference values as well (ms08-067,etc) 2012-12-02 00:44:25 -06:00
HD Moore f17ea91d7c Whitespace changes only 2012-12-02 00:44:03 -06:00
Brandon Turner 7f822fabd7 Fix typo 2012-12-01 15:53:51 -06:00
Tod Beardsley 7ada8aeac1 Correct bug number 2012-12-01 14:16:24 -06:00
Tod Beardsley 725b085ef2 If there are no search results, try harder. 
Sometimes, the database is active but the cache isn't filled out, or
doesn't contain the module you want. This can come up especially when
msfconsole first starts and you are programmatically searching for
modules, for whatever reason.

This allows for falling back to the regular (slow) search in the event
no hits have been returned. It does not actually address the caching
problem seen in QA, but it's generally going to be Good Enough. Search
is getting overhauled Real Soon Now anyway.

[FixRM #7533]
 2012-12-01 14:06:32 -06:00
James Lee bc63ee9c46 Merge branch 'jvazquez-r7-file_dropper_support_local' into rapid7 2012-11-30 13:43:02 -06:00
James Lee 1da3388194 Fix missing require 
[Closes #1106]
 2012-11-30 13:42:31 -06:00
HD Moore a3c8e54d0a Catch exceptions from broken modules 2012-11-30 11:04:23 -08:00
HD Moore fee6ad9799 Bump to 4.5.0-release for testing 2012-11-30 11:04:23 -08:00
Brandon Turner fc2feaaea3 Don't set BUNDLE_GEMFILE env var if already set 
This allows setting BUNDLE_GEMFILE with `bundle exec` or some other
command in special cases.
 2012-11-30 00:54:36 -06:00
HD Moore 213b3352fa This adds report_last_detail() to Nexpose 2012-11-29 13:07:31 -08:00
Alexandre Maloteaux c0c3dff4e6 Several fixes for smb, mainly win 8 compatibility 2012-11-28 22:49:40 +01:00
jvazquez-r7 087ff328b6 correct comments documentation 2012-11-28 22:18:56 +01:00
jvazquez-r7 17518f035c support for local exploits on file_dropper 2012-11-28 22:17:27 +01:00
Tod Beardsley 95f084b296 Use cvedetails not mitre. 2012-11-28 13:24:08 -06:00
James Lee 17d8d3692b Merge branch 'rapid7' into midnitesnake-postgres_payload 2012-11-27 11:14:54 -06:00
sinn3r 541ecd49d6 Merge branch 'web-modules' of git://github.com/tasos-r7/metasploit-framework into tasos-r7-web-modules 2012-11-26 12:17:24 -06:00
nmonkee 937e49378c Syntax fix 
Doh, missed one.
 2012-11-22 09:57:08 +00:00
nmonkee 79c0507077 Fix syntax errors 2012-11-22 09:43:16 +00:00
nmonkee 088d20c5a9 Made requested changes 2012-11-22 09:28:50 +00:00
sinn3r d95220da59 Merge branch 'jlee-r7-bug/rm7499-fastlib-1.8.7' 2012-11-21 20:39:11 -06:00
Tasos Laskos 26b3b4577d Merge remote-tracking branch 'upstream/master' into web-modules 2012-11-21 23:57:42 +02:00
Tasos Laskos b656554769 Exploit::Remote::Web: moved status printing calls out of #perform_request and into #exploit 2012-11-21 23:28:26 +02:00
James Lee 3640a344d4 Fix whitespace and long lines 2012-11-20 19:29:12 -06:00
James Lee 084398b611 Fix 1.8.7 incompatibility 
::File.find did not return an Enumerable when not given a block in
1.8.7; instead it un-idiomatically just raised an exception.  The
solution is just to give the block directly to .find instead of trying
to call #each on its return value.

[FixRM #7499]
 2012-11-20 19:28:33 -06:00
James Lee fcf1c87f64 Fix alignment of one of the banners 
Lots of backslashes in a string make it hard to see in the code what it
will look like on on the console. Use single quotes and unescaped
backslashes.
 2012-11-20 17:22:38 -06:00
HD Moore f5c7f4c41a Remove trailing whitespace 2012-11-19 19:42:22 -06:00
sinn3r 527ba0e401 Merge branch 'feature/automatic-fs-cleanup' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/automatic-fs-cleanup 2012-11-19 15:59:19 -06:00
James Lee 2526dce20a Add attrib.exe for removing read-only files 
This really should be a standard part of session.fs.file.rm
 2012-11-19 15:18:03 -06:00
Meatballs1 e057467329 Initial attempt 2012-11-18 21:24:49 +00:00
sinn3r d4749ff009 Merge branch 'feature/automatic-fs-cleanup' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/automatic-fs-cleanup 2012-11-16 19:02:46 -06:00
James Lee c81a289d5d Fix a few bad tabs and some 1.9-only syntax 2012-11-16 16:07:12 -06:00
James Lee 591b085858 Add support for shell sessions in FileDropper 2012-11-16 15:51:54 -06:00
Tasos Laskos c659b37c94 Updated indentation to use tabs 2012-11-16 23:11:48 +02:00
James Lee 3363475f99 Fix backwards order of @param comment 2012-11-15 17:55:17 -06:00
James Lee 83708a5a48 Add a FileDropper mixin for recording cleanup targets 
Doesn't cover shell sessions yet, so needs a bit more work
 2012-11-15 17:52:10 -06:00
James Lee 0e7c3a82f5 Prepend unlink instead of appending 
Makes it work when using meterpreter.  Because "quit" or "exit" in the
console ends up calling die() instead of falling through to whatever's
left in the file, a meterpreter session would never reach the code to
delete itself before this change.
 2012-11-15 16:22:21 -06:00
nmonkee f04dc587b6 made requested changes 2012-11-15 00:13:06 +00:00
Tasos Laskos 7032ef0f6f Merge remote-tracking branch 'upstream/master' into web-modules 2012-11-09 00:21:38 +02:00
jvazquez-r7 b75c622813 Merge branch 'master' into feature/udp-scanner-mixin 2012-11-08 20:15:25 +01:00
HD Moore 4d2147f392 Adds normalize_uri() and fixes double-slash typos 2012-11-08 07:16:51 -06:00
HD Moore 0e8a3f0ea6 Merge branch 'master' into feature/udp-scanner-mixin 2012-11-08 06:09:22 -06:00
James Lee 2ebe2fa08e Merge branch 'rapid7' into bug/rm7037-hash-iteration 2012-11-07 19:27:11 -06:00
James Lee 8a4fb07a0c Merge branch 'bug/read-module-content-errno-enoent' into rapid7 
Really [Closes #1025]
 2012-11-07 19:25:39 -06:00
James Lee 26a145e527 Always overwrite the old module even when ambiguous 2012-11-07 18:51:12 -06:00
James Lee 3a572625f5 return inside a block returns from outer method 
So no need to check its return value.
 2012-11-07 17:43:22 -06:00
James Lee aaa5a3c0bb Add "Call stack:" to the log when a module load fails 2012-11-07 12:48:55 -06:00
David Maloney 04a80e0648 Fixes to the WMI setup 2012-11-07 11:26:48 -06:00
David Maloney 208e706307 Module title fixes 2012-11-07 10:33:14 -06:00
Tod Beardsley 81ed0bbcce Avoiding 1.8.7 variable assignment incompat. 
Reported on twitter:

http://twitter.com/SoapyWetDish/status/266155915256938496
 2012-11-07 10:10:13 -06:00
James Lee 7a6ccb92ab Unfubar the threading for #service_list 
Also makes the test for service_start a little more resilient in case
W32Time is already started
 2012-11-06 18:29:42 -06:00
Luke Imhoff 3ad00f7c63 Merge branch 'master' into bug/read-module-content-errno-enoent 2012-11-06 17:39:55 -06:00
Luke Imhoff 16407f91c8 Rescue Errno::ENOENT from File.open in read_module_content 
[Fixes #38426061, #38097411]

Msf::Modules::Loader::Directory#read_module_content may calculate a non-existent
module_path that gets passed to File.open causing an Errno::ENOENT exception
to be raised when using the module cache with a module that has been
moved to a new path (as is the case that originally found this bug) or
deleted.  Now, the exception is rescued and read_module_content returns
an empty string (''), which load_module detects with
module_content.empty? and returns earlier without attempting to module
eval the (empty) content.

As having Msf::Modules::Loader::Directory#read_module_content rescue the
exception, meant there was another place that needed to log and error
and store an error in Msf::ModuleManager#module_load_error_by_path, I
refactored the error reporting to call
Msf::Modules::Loader::Base#load_error, which handles writing to the log
and setting the Hash, so the error reporting is consistent across the
loaders.

The exception hierarchy was also refactored so that
namespace_module.metasploit_class now has an error raising counter-part:
namespace_module.metasploit_class! that can be used with
Msf::Modules::Loader::Base#load_error as it requires an exception, and
not just a string so the exception class, message, and backtrace can be
logged.
 2012-11-06 17:38:38 -06:00
James Lee 34bc92584b Refactor WindowsServices 
* Pulls common code up from several methods into #open_sc_manager
* Deprecates the name Windows::WindowsServices in favor of
  Windows::Services. The platform is already clear from the namespace.
* Makes the post/test/services test module actually work

[See #1007]
[See #1012]
 2012-11-06 17:30:04 -06:00
nmonkee bdbf6ea9bb SAP NI Proxy Support (SAProuter) - see http://labs.mwrinfosecurity.com/blog/2012/09/13/sap-smashing-internet-windows 2012-11-06 21:16:32 +00:00
jvazquez-r7 9166d12179 Merge branch 'WinRM_piecemeal' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-WinRM_piecemeal 2012-11-05 23:08:59 +01:00
Tod Beardsley 23cc2bd1a1 Merge remote branch 'origin/master' 2012-11-05 15:56:21 -06:00
Tod Beardsley 6a4d398b5d Merge remote branch 'origin/feature/addp-modules' 2012-11-05 15:55:30 -06:00
jvazquez-r7 0f5f5f966b Merge branch 'master' into feature/realport-modules 2012-11-05 22:52:38 +01:00
HD Moore 3d7e0b7b3d Fix bad indent that snuck into the comments 2012-11-04 22:50:47 -06:00
HD Moore ae9b462b99 Fix baud rate (see PR #1008) 2012-11-04 22:38:16 -06:00
David Maloney fca8208171 Some minor code cleanup 2012-11-04 14:45:15 -06:00
David Maloney f69ccc779f Unified smarter module 2012-11-04 13:14:02 -06:00
David Maloney c30ada5eac Adds temp vbs mod and tweaked decoder stub 2012-11-04 12:49:15 -06:00