infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
32,374 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

10140 Commits (9bce08b8134f02be65a19e2178bd2324edb859de)

Author SHA1 Message Date
James Lee 971120ce98
Use create! instead of new ... save! 2015-03-31 10:15:23 -05:00
OJ 633b46874d Merge branch 'upstream/master' 2015-03-31 14:53:48 +10:00
OJ 86d8aab854
Land #5040: Remove wininet hack for http/s meterp 2015-03-31 14:50:13 +10:00
Brent Cook d89cd118e0 remove wininet workaround in meterpreter http/s 
We had a workaround to close connections on very old wininet implementations
that would not do it themselves. With the new WinHttp API-using meterpreters
and stagers, we no longer should use this workaround. It can actually be
actively bad and prematurely close the connection.

This needs testing around different payloads, and they should be on real
networks, ideally where TCP really has to work to get data transfered.
 2015-03-30 23:38:32 -05:00
James Lee 790a08a848
It's pronounced "exploit", not "assoc_exploit" 2015-03-30 16:21:17 -05:00
Tod Beardsley 3f0f659eaf
Land #5019, add rescues to some LoginScanners 2015-03-30 16:06:51 -05:00
James Lee 2394d4bae8
Merge branch 'staging/single-vuln-push' into feature/MSP-11934/refactor-report-exploit-success 
Conflicts:
	Gemfile
	Gemfile.lock
	spec/support/shared/examples/msf/db_manager/exploit_attempt.rb
 2015-03-30 14:08:54 -05:00
James Lee 2ab4584079
Merge remote-tracking branch 'upstream/master' into staging/single-vuln-push 2015-03-30 13:50:52 -05:00
James Lee 1b0e3f13c6
Remove unnecessary extra assignment 2015-03-30 13:14:36 -05:00
James Lee 310779d7bf
Death to hashrockets 2015-03-30 13:13:58 -05:00
James Lee e65f4e92ea
Separate the two ways to make `Mdm::Session`s 
Failing spec due to reuse of Mdm::Module::Detail instead of also
instantiating an Msf::Module
 2015-03-30 13:05:20 -05:00
James Lee 374db22d5b
Re-enable host lookup for _failure 
Again needed when called from exploit_driver because nothing is reported
yet at that point.

Also adds some yardoc
 2015-03-30 12:30:52 -05:00
David Maloney 103373a7eb
add back accidentally remvoed error 
accidentally dropped Errno::ETIMEDOUT from the exception
handling

MSP-12389
 2015-03-30 11:19:28 -05:00
James Lee f0eeef3cbb
Move copy-pasta into a new method 2015-03-30 01:43:56 -05:00
James Lee 49902a6395
We actually do need the port/proto for failure 
Because it is called from lib/msf/core/exploit.rb Exploit#report_failure
with datstore values

Partial revert of e3605aa252
 2015-03-30 01:01:34 -05:00
James Lee 415510ca6a
Fix stupid typo that made vuln_id an Array 2015-03-30 00:52:02 -05:00
Samuel Huckins 13fc498523
Land #4948, fixes several AppScan import issues 2015-03-29 23:33:01 -05:00
OJ 26792975eb Refactor of code to reduce duplication 
Add mixin for the stageless http preparation
 2015-03-30 13:18:56 +10:00
OJ fdcf1297a6 Tweaks to the stageless materpreter x64 payload 2015-03-30 11:09:49 +10:00
OJ 0fa812e5ba Merge upstrea/master 2015-03-30 10:17:17 +10:00
HD Moore e65ac57d1b Fix a logic check in EncodedPayload, which unbreaks stageless testing 2015-03-29 19:08:35 -05:00
OJ ce8f6d72e1 More work on x64 stageless 
Testing with HD's new changes that allow for generation of larger x64
payloads
 2015-03-30 09:51:04 +10:00
OJ 17dc2b184d Merging upstream/master 2015-03-30 09:12:20 +10:00
HD Moore 607cc8fef6 Remove a stale comment 2015-03-29 01:54:07 -05:00
HD Moore 0a4a72f49d Support templates with small text sections (win32) 2015-03-29 01:51:58 -05:00
HD Moore b9b40edde9 Major speedup, especially for large shellcode (stageless) 2015-03-29 00:44:06 -05:00
Meatballs 9eca3a0ab5
Impersonation spec 2015-03-29 00:52:27 +00:00
Meatballs f7e3abf760
sqlcmd specs and fixes 2015-03-28 23:23:00 +00:00
Meatballs 3b651aecdc
Specs for sqlserver check and fixes 2015-03-28 22:59:00 +00:00
Meatballs da49709845 Add yarddoc 2015-03-28 20:31:36 +00:00
Meatballs 8e22255a40 Small tidyup/rubocop 
Signed-off-by: Meatballs <eat_meatballs@hotmail.co.uk>
 2015-03-28 20:31:36 +00:00
Meatballs 9529eed41d More specific matching 2015-03-28 20:31:35 +00:00
Meatballs a30d8f7040 Add requires 2015-03-28 20:31:35 +00:00
Meatballs a1d74c27c6 Check for only running services 2015-03-28 20:31:35 +00:00
Meatballs 99f79e8533 Use incognito token stealing rather than process migration if we have 
the privileges required for successful impersonation.
 2015-03-28 20:31:35 +00:00
Meatballs 9c2219124c Remove some comments 2015-03-28 20:31:35 +00:00
Meatballs e2af15a0df Refactor MSSQL Post 2015-03-28 20:31:35 +00:00
sinn3r c4def25e82 Resolve #4986, add support for IE11 for fingerprint_user_agent 
Resolve #4986
 2015-03-27 17:51:14 -05:00
sinn3r 9cfafdd8b8
Land #4649, improve post/windows/manage/run_as and as an exploit 2015-03-27 17:31:30 -05:00
Trevor Rosen 2815462375
Update Mdm to staging hash 2015-03-27 15:16:33 -05:00
David Maloney 441feec360
fix missing exception handling 
a few of our http login scanners needed to
handle a couple of other exception classes
for when network communication errors occur

MSP-12389
 2015-03-27 12:31:14 -05:00
James Lee e3605aa252
We always pass a Service, get rid of port/proto 2015-03-27 11:54:03 -05:00
James Lee 25d0b8baff
Redundant check 2015-03-27 11:35:35 -05:00
James Lee 3b8d70b567
host is always an Mdm::Host, don't look it up again 2015-03-27 11:34:32 -05:00
James Lee 466ef4349e
Second verse, same as the first 2015-03-27 09:59:10 -05:00
James Lee bf8146c8b5
Axe redundant check 2015-03-26 21:19:19 -05:00
James Lee 88a8186a11
Pull up redundant hash literal 2015-03-26 19:33:53 -05:00
Brent Cook e0568e95c2
Land #4978 @zerosteiner adds reverse https for python meterpreter 2015-03-26 19:16:46 -05:00
Brent Cook 5ac1ee1d73 fix http/s handler reference counting for pymet 
add a persistent session counter to avoid stopping listening when pymet stages over http/s
 2015-03-26 18:26:56 -05:00
James Lee a9e4961563
New hash syntax 2015-03-26 10:05:08 -05:00
James Lee a3ae0daf5a
Whitespace 2015-03-26 10:02:08 -05:00
sinn3r 8f03cadb92 Forgot to remove print_debug 2015-03-25 16:08:47 -05:00
jvazquez-r7 72a0909e9b
Land #4992, @wchen-r7's support for multiple ActiveX controls on BrowserExploitServerMerge 2015-03-25 13:30:36 -05:00
James Lee 8f0c434faa Add specs for the new method 2015-03-25 12:34:10 -05:00
sinn3r 6e3e696262 Use symantec_web_gateway as an example of using send_request 2015-03-25 10:55:46 -05:00
sinn3r 60f1d9c961 More yard doc 2015-03-25 10:50:11 -05:00
sinn3r 9b9e157e84 More yard doc 2015-03-25 02:26:06 -05:00
sinn3r ded500a9ae Use send_request 2015-03-25 02:13:40 -05:00
sinn3r 6984e5234e Fix a typo 2015-03-25 02:01:25 -05:00
sinn3r 8a8d6fb5ab Some more changes 2015-03-25 02:00:23 -05:00
sinn3r 855cadc6b1 Rescue more exceptions 
The attempt_login method is rescuing these exceptions, so maybe
I should do the same.
 2015-03-25 01:48:37 -05:00
sinn3r 8f95624bf7 Add #send_request to Metasploit::Framework::LoginScanner::HTTP 2015-03-25 01:40:02 -05:00
Christian Mehlmauer 7bf00f8f47
Land #4789, @rastating WPLMS wordpress module 2015-03-24 20:46:38 +01:00
James Lee b0fac4824c
Stop caring about order of keys in user_data 2015-03-24 14:21:52 -05:00
William Vu 6d85b5fd1e
Land #4998, non-loopback LHOST tab completion 2015-03-24 14:00:01 -05:00
William Vu 660f3dac2b
Land #4997, smb_version SMBDirect option fix 2015-03-24 13:46:09 -05:00
James Lee 414983ac8c
Merge branch 'feature/MSP-11925/create-user-data' into staging/single-vuln-push 
Conflicts:
	Gemfile.lock
 2015-03-24 12:42:08 -05:00
James Lee 65c00dffac
Tab complete non-loopback interfaces' addresses 2015-03-24 12:10:58 -05:00
sinn3r 58c5be0d72 Allow SMBDirect to be optional 
The smb_version module needs to deregister the SMBDirect option,
but cannot do this because SMBDirect is a required option. By
having it as optional, the user no longer needs to set it. Also,
since SMBDirect already has a default value, having it as optional
should not change the mixin's default behavior.
 2015-03-24 12:04:44 -05:00
RageLtMan 548a710745 Replace db_nmap string concat with an Array 
16eab48012 introduced changes to
cmd_db_nmap which pass a new arguments variable to Open3 with a
list of args excluding save.

This approach created a problem wherein the address of the target
had to be passed in first and arguments could get mangled.

Reintroduce an array format, exploding when passing to Open3.
Ensure output file options are appended to the arguments being
passed to Open3, instead of the args variable.

Error example:
db_nmap -F 192.168.0.1
[*] Nmap: 'nmap: unrecognized option '- 192.168.0.1 ''
 2015-03-24 04:36:58 -04:00
sinn3r bef67d773c Don't break untested_payloads.rb 2015-03-24 00:54:11 -05:00
sinn3r 3c4da5c3ff Update BES rspec 2015-03-24 00:10:18 -05:00
OJ 25dcfc796a Better support old binaries in rev http(s) 
* Patch 256char URL if the 512char one doesn't work.
* Return an empty list in the case where the ext enum fails.
 2015-03-24 10:14:44 +10:00
Brent Cook 1869977921
Land #4962: OJ adjusts MSF to new metsrv needs 
bump meterpreter bins to 0.0.17
 2015-03-23 17:18:06 -05:00
sinn3r 2900f57afd It looks like this works 2015-03-23 16:46:53 -05:00
David Maloney 60966f3d2a
handle a blank response body 
sometimes the response body itself can be blank
so we need to handle that properly.

MSP-9972
 2015-03-23 16:03:30 -05:00
OJ 24d74b26e3 Beginning work for stageless x64 meterpreter 2015-03-24 06:50:06 +10:00
William Vu 809bc52dfc
Land #4982, tagging for msfconsole 2015-03-23 15:28:50 -05:00
sinn3r 0e1b9f90b4 Small details 2015-03-23 14:40:20 -05:00
HD Moore 6852475be0 Placeholder for UUID options 2015-03-23 14:35:33 -05:00
HD Moore dfbaa6b42e Typo 2015-03-23 14:35:08 -05:00
sinn3r e520ace1f1 Stash 2015-03-23 14:21:46 -05:00
sinn3r 156520338d Making some changes to how BES handles ActiveX 2015-03-23 12:21:27 -05:00
William Vu 2f83a53884
Add missing fix for #4921 2015-03-23 00:26:18 -05:00
William Vu 8165ae35d0 Remove extraneous semicolon 2015-03-23 00:26:03 -05:00
William Vu e176b21bcd
Land #4921, db_nmap help and tab completion 2015-03-23 00:22:46 -05:00
OJ 20131110cd Add verify_ssl file (missed in prev commit) 2015-03-23 13:22:10 +10:00
OJ 9c9d333a1b Create verify ssl mixin, adjust some formatting 2015-03-23 13:21:08 +10:00
sinn3r 23685694ad The tags column should be a virtual column 2015-03-22 21:04:37 -05:00
sinn3r 182018786b This is probably the proper way to delete tags 2015-03-22 20:55:20 -05:00
sinn3r ffe48e1ec8 Don't need order to delete 2015-03-22 20:43:11 -05:00
sinn3r ef62fc3df7 Allow the delete mode for tags 2015-03-22 20:08:23 -05:00
HD Moore bc3c73e408 Merge branch 'master' into feature/registered-payload-uuids 2015-03-22 18:51:13 -05:00
sinn3r b2cc3c4954 I found more bugs and fixed them 2015-03-22 18:21:57 -05:00
sinn3r 708eb42984 I fix bugs for tagging 2015-03-22 18:13:40 -05:00
nstarke dac5b078f0 Minor fixes for format and style 
This commit contains a few minor tweaks
for style and format.  Some whitespace removed,
an erroneous 'return' removed, and using single
quotes for consistency.  Updated as per request.
 2015-03-22 22:51:21 +00:00
nstarke 16eab48012 Adding help and tab functions for db_nmap 
These functions address certain problems
listed in GitHub issue #4353, but do not
address all issues in that ticket.  Most
notably, this commit adds basic tab
completion for db_nmap.
 2015-03-22 22:45:56 +00:00
HD Moore 378e867486 Refactor Msf::Payload::UUID, use this in reverse_http 2015-03-22 16:17:12 -05:00
HD Moore 0d1fe37710 Ignore non-base64url characters during decode 2015-03-22 16:16:47 -05:00
sinn3r 863cbcbddb Add real tagging for the hosts command 2015-03-22 15:34:37 -05:00