Commit Graph

859 Commits (9d076f684245ead16667195262b85b6ff20ad390)

Author SHA1 Message Date
Brent Cook 7a006e0f71 bump payloads 2017-06-23 18:13:52 -05:00
Rob Fuller fdd62ab112
Land #8604, Incorporate fix for workspace delete 2017-06-23 17:30:57 -05:00
Brent Cook 714b7d0a02 bump metasploit_data_models, speedup workspace deletion 2017-06-23 17:02:32 -05:00
OJ 87cee65a06
Bump payloads to 1.2.35 to include kiwi updates 2017-06-23 13:43:00 +10:00
Brent Cook fda2e8c73d
Land #8523, Add support for session GUIDs 2017-06-22 20:10:10 -05:00
Metasploit fad696ed58
Bump version of framework to 4.15.0 2017-06-22 18:02:38 -07:00
KINGSABRI 5528084e27 add Dnsruby 2017-06-22 15:55:04 -05:00
William Vu 3293a8fe67
Land #8594, rspec-retry Heisenspec fix 2017-06-21 19:57:57 -05:00
Brent Cook 22db17a87a bind ruby-pg back to version 0.20 2017-06-21 03:11:11 -05:00
darkbushido e873c87f0b
trying rspec-retry 2017-06-20 14:02:32 -05:00
Metasploit 9ce0bb9345
Bump version of framework to 4.14.28 2017-06-16 10:02:07 -07:00
Metasploit 0515980138
Bump version of framework to 4.14.27 2017-06-12 07:39:14 -07:00
Metasploit 77b1125e77
Bump version of framework to 4.14.26 2017-06-09 10:03:35 -07:00
OJ a3f3dc0a70
Upload payloads/mettle gems, update cache sizes
Updated both the metasploit-payload and metasploit-payload-mettle gems
to the versions that match for the session GUID pull requests. Updated
the payload cached sizes to match the new payloads.
2017-06-09 17:15:52 +10:00
Brent Cook 153611e9fa bump metasploit-credential to allow handling string addresses gracefully 2017-06-09 01:43:45 -05:00
Brent Cook 5f10e63923 bump payloads 2017-06-05 08:43:16 -05:00
Metasploit 92a65f5c63
Bump version of framework to 4.14.25 2017-06-02 10:03:44 -07:00
David Maloney 3ee77d1b50
update ruby_smb version 2017-05-30 14:17:51 -05:00
David Maloney d5e74ffdf3
Merge branch 'master' into feature/eternal_blue/rubysmb_refactor 2017-05-30 13:59:31 -05:00
Metasploit 0c792798a7
Bump version of framework to 4.14.24 2017-05-30 07:26:35 -07:00
Brent Cook a01a2ead1a
Land #8467, Samba CVE-2017-7494 Improvements 2017-05-30 00:15:03 -05:00
Brent Cook e31e3fc545 add additional architectures and targets 2017-05-30 00:07:37 -05:00
Brent Cook 63ae70f061 remove pry/method_source git binding, this is not a vital update 2017-05-26 23:03:44 -05:00
Brent Cook ce9cfa5727 bit-struct updated, no need for my branch anymore 2017-05-26 23:00:21 -05:00
David Maloney f0f99ad479
nttrans packet setup correctly,everything broken
got the nttrans packet setup correctly but somewhere
along the line i broke the whole exploit wtf?
2017-05-26 14:54:46 -05:00
David Maloney b3e99ee9d2
point to local gem copy for testing and dev
remove this later, use a local copy of rubysmb
2017-05-26 12:30:19 -05:00
Metasploit 15b3b7de41
Bump version of framework to 4.14.23 2017-05-26 10:02:14 -07:00
David Maloney dc67fcd5a8
use RubySMB for anonymous login
use the new anonymous login capabilities in
RubySMB
2017-05-24 15:40:05 -05:00
Matthew Daley 52363aec13 Add module for CVE-2017-8895, UAF in Backup Exec Windows agent
This module exploits a use-after-free vulnerability in the handling of
SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for
Windows. When SSL is re-established on a NDMP connection that previously
has had SSL established, the BIO struct for the connection's previous
SSL session is reused, even though it has previously been freed.

Successful exploitation will give remote code execution as the user of
the Backup Exec Remote Agent for Windows service, almost always
NT AUTHORITY\SYSTEM.
2017-05-24 00:18:20 +12:00
Metasploit 18f520382b
Bump version of framework to 4.14.22 2017-05-19 12:12:27 -07:00
Metasploit c54c999efc
Bump version of framework to 4.14.21 2017-05-19 10:02:32 -07:00
Brent Cook 22828fcc0f
Land #8406, add compatibility shims for older Ruby versions 2017-05-18 21:50:45 -05:00
Metasploit 126c078ced
Bump version of framework to 4.14.20 2017-05-18 11:53:33 -07:00
David Maloney 94e4dc2938
fix for smb_login errors
do not try the TreeConnect if the SESSION_SETUP
has already failed.
2017-05-18 11:26:03 -05:00
Brent Cook c59371dd5e add ruby backports compat library 2017-05-17 23:41:20 -05:00
Metasploit 729f2a9ab8
Bump version of framework to 4.14.19 2017-05-16 14:09:45 -07:00
Metasploit 405f2c6ca1
Bump version of framework to 4.14.18 2017-05-12 10:10:30 -07:00
Brent Cook 6485042162
update rubyntlm to use the released gem 2017-05-12 05:59:11 -05:00
Brent Cook 337db56d4f bump payloads 2017-05-11 14:57:10 -05:00
William Vu 638320a848
Update rex-exploitation to 0.1.13 2017-05-10 15:07:21 -05:00
James Lee fd05cea033
Update packetfu and remove version lock 2017-05-09 11:03:32 -05:00
Brent Cook 7f1e2e6c71 bump metasploit-payloads 2017-05-08 17:34:55 -05:00
Brent Cook 0bc9d9259d meterpreter bugfixes
fixed stdapi_fs_mount_show to show full mapped drive path for Python
Meterpreter on Windows

Updated the Windows Meterpreter `getprivs` command to list all privileges
2017-05-08 16:26:32 -05:00
Metasploit a0b50390c5
Bump version of framework to 4.14.17 2017-05-05 10:02:17 -07:00
Metasploit 2f1df4d4c2
Bump version of framework to 4.14.16 2017-05-02 11:11:20 -07:00
Brent Cook 7c11e0065d update mettle 2017-04-26 18:00:50 -05:00
Metasploit 89e81253ed
Bump version of framework to 4.14.15 2017-04-21 10:02:32 -07:00
Metasploit f90911e09e
Bump version of framework to 4.14.14 2017-04-19 09:35:29 -07:00
Metasploit 05e15cee18
Bump version of framework to 4.14.13 2017-04-18 08:17:22 -07:00
David Maloney 1d52e269a7
update ruby_smb 2017-04-17 22:20:02 -05:00
Brent Cook 7613bd8964 bump metasploit-payloads, fix 64-bit builds 2017-04-16 08:52:41 -05:00
Brent Cook fe33fe5571 bump payloads with new keyscan code 2017-04-14 21:54:50 -05:00
Brent Cook 42122d2835
Land #8238, move SMB2 support back into smb_login, add simpler permissions checks 2017-04-14 14:06:46 -05:00
Brent Cook c16e2fa88e
bump to prerelease rubyntlm to get rid of Ruby 2.4 warning msgs. 2017-04-14 14:06:19 -05:00
Brent Cook 7eaba1fdee bump payloads 2017-04-14 13:17:25 -05:00
Brent Cook eedbf25f06 bump android meterpreter, adding in-app screenshot support 2017-04-14 12:38:53 -05:00
Brent Cook f8a94de671 bump metasploit-payloads, enhance windows support in python meterpreter 2017-04-14 12:28:52 -05:00
Metasploit 036d579228
Bump version of framework to 4.14.12 2017-04-14 10:04:35 -07:00
David Maloney adeb4d10d7
smb2 login scanner admin check now working
we can now check for admin privs in the smb2
login scanner

MS-2636
2017-04-13 14:40:32 -05:00
David Maloney 45d5701473
update ruby_smb to 0.0.9
update to newest version to get
TreeConnect capability

MS-2636
2017-04-13 12:01:51 -05:00
Brent Cook cdccd1df19 add xmlrpc as an explicit dependency 2017-04-13 07:12:38 -05:00
Metasploit ced1412ee0
Bump version of framework to 4.14.11 2017-04-12 14:39:40 -07:00
Jeffrey Martin 157d28ab3d
make metasploit-aggregator a framework package 2017-04-12 12:33:13 -05:00
Metasploit 7fc05bcb25
Bump version of framework to 4.14.10 2017-04-07 10:07:31 -07:00
Brent Cook 2276bd0c7d switch back to released octokit gem 2017-04-06 15:36:02 -05:00
Jeffrey Martin c845745f0b
remove platform restriction on metasploit-aggregator 2017-04-06 13:09:09 -05:00
Metasploit 4e79aaccb7
Bump version of framework to 4.14.9 2017-04-04 16:14:28 -07:00
Brent Cook 3237575024 add ruby 2.1-2.4, update gems with in-flight 2.4 fixes 2017-04-04 04:06:35 -05:00
Metasploit 9edc08cd36
Bump version of framework to 4.14.8 2017-03-31 14:38:29 -07:00
Metasploit b6085e188d
Bump version of framework to 4.14.7 2017-03-31 10:02:19 -07:00
Brent Cook 9f75a1d392
Land #8174, bump rex-text to fix problems running split-line VBA code 2017-03-31 11:40:21 -05:00
Brent Cook ce87174373 bump rex-text to fix problems running split-line VBA code 2017-03-31 11:34:41 -05:00
Brent Cook a937b00f85 bump rex-core, change 'sleep' to allow < 200ms durations 2017-03-31 11:33:21 -05:00
David Maloney 2d9c2321d1
add ruby_smb as a dep
added the ruby_smb library to the gemspec

MS-2557
2017-03-28 16:12:12 -05:00
Metasploit 51646e44a1
Bump version of framework to 4.14.6 2017-03-24 10:02:24 -07:00
Metasploit 8976faa3d1
Bump version of framework to 4.14.5 2017-03-23 08:41:49 -07:00
Metasploit df181c1792
Bump version of framework to 4.14.4 2017-03-21 14:58:37 -07:00
Brent Cook 9542087642 bump mettle to 0.1.8 2017-03-21 16:45:25 -05:00
Brent Cook 2701fef34b bump to metasploit-payloads 1.2.29 2017-03-17 17:34:16 -05:00
Metasploit 6200a3abb8
Bump version of framework to 4.14.3 2017-03-17 10:02:41 -07:00
Brent Cook 0631bc4c29 bump payloads and such 2017-03-16 23:51:51 -05:00
bwatters-r7 91a4657c36 Bumped the metasploit-payloads version and cache sizes with PR#8043 2017-03-15 19:02:21 -05:00
bwatters-r7 089940dd4f Bump to metasploit-payloads v1.2.17 which has the needed code changes 2017-03-15 18:38:47 -05:00
Metasploit db581a040a
Bump version of framework to 4.14.2 2017-03-07 07:01:57 -08:00
Brent Cook 78976091df
Land #7902, add initial Metasploit Aggregator for https Meterpreter sessions. 2017-03-07 02:11:01 -05:00
Brent Cook 031285d49a update payloads 2017-02-28 03:04:53 -06:00
Brent Cook 18445cf341 bump rex-text, get IPAddr sorting 2017-02-27 11:25:06 -06:00
bwatters-r7 1c71952529 Update Gemfile.lock because I forgot to in PR#8014 2017-02-27 11:09:14 -06:00
Jeffrey Martin 5383900a54
Merge branch 'master' into feature/aggregator 2017-02-24 23:59:02 -06:00
Metasploit f9e4fd54fe
Bump version of framework to 4.14.1 2017-02-24 13:31:17 -08:00
James Barnett 2631259919 Land #7973, Enable cert validation for Nexpose
This PR enables connection to a Nexpose console using the
nexpose client gem.

It also allows you to connect using a trusted certificate
instead of simply overriding the SSL validation.
2017-02-24 14:27:24 -06:00
Metasploit 0f4e03be7b
Bump version of framework to 4.13.27 2017-02-24 10:03:33 -08:00
wchen-r7 1ca0a24177 Up rex-exploitation 2017-02-23 15:58:19 -06:00
Jeffrey Martin 9186b3298a
Merge branch 'master' into feature/aggregator 2017-02-22 10:08:11 -06:00
Metasploit 01558d3d51
Bump version of framework to 4.13.26 2017-02-21 14:01:15 -08:00
Jeffrey Martin b2ed082c75
Merge branch 'master' into feature/aggregator 2017-02-21 15:11:08 -06:00
Jeffrey Martin 8469323519
update metasploit-aggregator in Gemfile.lock 2017-02-21 15:04:29 -06:00
Metasploit 647020289f
Bump version of framework to 4.13.25 2017-02-17 17:03:42 -08:00
Brent Cook 86c04cd9f4 update metasploit payloads with Python fixes 2017-02-17 18:52:14 -06:00
Metasploit 6e62899e1c
Bump version of framework to 4.13.24 2017-02-17 10:02:51 -08:00
Jeffrey Martin 9f5582a4e4
update Gemfile.lock for master merge 2017-02-16 15:31:40 -06:00
Jeffrey Martin cbfe18e4d7
use certificates in nexpose 2017-02-16 14:34:02 -06:00
Metasploit 184707c6fc
Bump version of framework to 4.13.23 2017-02-13 16:04:35 -08:00
Metasploit 44d229ad49
Bump version of framework to 4.13.22 2017-02-10 10:02:43 -08:00
Metasploit d81bdc1c02
Bump version of framework to 4.13.21 2017-02-07 17:27:47 -08:00
Brent Cook 2d1989ef16 bump rex-core, fix path normalization
Brings in fixes from https://github.com/rapid7/rex-core/pull/4
2017-02-07 19:17:44 -06:00
Brent Cook 40c86567aa import packetfu fix for https://github.com/packetfu/packetfu/pull/163 2017-02-06 15:51:01 -06:00
Metasploit 9a5d5eec2e
Bump version of framework to 4.13.20 2017-02-03 10:04:05 -08:00
Jeffrey Martin f8c2bd4f52
expand remote sessions list detail retrieval 2017-02-02 15:21:09 -06:00
Metasploit 321fa91c75
Bump version of framework to 4.13.19 2017-02-01 11:28:53 -08:00
Metasploit be170ab8b2
Bump version of framework to 4.13.18 2017-01-31 14:20:40 -08:00
Metasploit 95449a846b
Bump version of framework to 4.13.17 2017-01-27 10:02:17 -08:00
Brent Cook 9dbcaf7227
bump Gemfile.lock 2017-01-26 11:20:17 -06:00
Jeffrey Martin 4af1b595cd
update Gemfile.lock 2017-01-25 10:32:23 -06:00
Brent Cook 2e1d381e2e bump gem 2017-01-24 09:48:40 -06:00
Brent Cook d9602f49a2 bump payloads 2017-01-22 15:45:45 -06:00
Brent Cook 77e596263b update lock 2017-01-22 10:43:06 -06:00
Brent Cook 6a2d036ea8 depend on regular rb-readline, bugs fixed upstream 2017-01-22 10:20:05 -06:00
Brent Cook 28211c3b73 bump payloads 2017-01-22 10:02:41 -06:00
Metasploit c2e4a50924
Bump version of framework to 4.13.16 2017-01-20 10:02:29 -08:00
Metasploit 56ed8bc021
Bump version of framework to 4.13.15 2017-01-13 10:05:02 -08:00
Brent Cook f11cf92040 bump mettle gem to include pivoting support 2017-01-10 16:43:49 -06:00
Metasploit f311511e6d
Bump version of framework to 4.13.14 2017-01-10 14:03:16 -08:00
Metasploit b074042b99
Bump version of framework to 4.13.13 2017-01-06 12:00:26 -08:00
Metasploit 1ef2e54539
Bump version of framework to 4.13.12 2017-01-06 10:03:13 -08:00
Metasploit 7ef4db1465
Bump version of framework to 4.13.11 2017-01-04 14:53:33 -08:00
William Vu f25ced04af
Update rex-exploitation to 0.1.8 2017-01-03 12:04:18 -06:00
William Vu 36e0bad421 Update rex-exploitation to 0.1.7 2016-12-30 00:56:02 -06:00
Brent Cook fae4751771
Land #7744, update kiwi extension to Mimikatz 2.1 2016-12-29 16:22:45 -06:00
Brent Cook cd950e91a9 bump payloads gem 2016-12-29 15:59:07 -06:00
Metasploit f50fa516f4
Bump version of framework to 4.13.10 2016-12-23 10:01:58 -08:00
William Webb 5702bd6745
Land #7674, Move migration stub generation code into msf 2016-12-22 17:53:00 -06:00
William Webb ea704211ca incorporate payload stub generation changes 2016-12-22 17:50:43 -06:00
Metasploit 3a998fada2
Bump version of framework to 4.13.9 2016-12-18 13:22:52 -08:00
Metasploit c5c710f837
Bump version of framework to 4.13.8 2016-12-16 10:02:02 -08:00
Metasploit 12af07d8cb
Bump version of framework to 4.13.7 2016-12-09 10:03:22 -08:00
Brent Cook 50f95f9940
Land #7681, Get ready for stageless mettle 2016-12-09 09:31:47 -06:00
Brent Cook 6dcdf74850 bump mettle gem 2016-12-09 09:27:56 -06:00
Adam Cammack eeef8fa6ad
Add new arches to UUIDs 2016-12-08 16:29:43 -06:00
Metasploit a54c0c4e1f
Bump version of framework to 4.13.6 2016-12-07 09:00:16 -08:00
OJ a99042a54d
Update Gemfile.lock 2016-12-07 14:58:27 +10:00
Brent Cook 7346223a65
update payloads 2016-12-06 07:16:44 -06:00
Metasploit 7edb5e19e2
Bump version of framework to 4.13.5 2016-12-05 15:09:06 -08:00
Metasploit 76db530a86
Bump version of framework to 4.13.4 2016-12-02 10:02:53 -08:00
Metasploit f46ca66858
Bump version of framework to 4.13.3 2016-11-28 06:35:44 -08:00
Metasploit 79e8ffd983
Bump version of framework to 4.13.2 2016-11-25 10:03:24 -08:00
Brent Cook d7dce28018 bump mettle to get fix for UUID encoding 2016-11-21 00:57:50 -06:00
Brent Cook 05cb5edaac update payload gems 2016-11-20 19:10:27 -06:00
Brent Cook f313389be4 Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch 2016-11-20 19:08:56 -06:00
Metasploit 643a5511cf
Bump version of framework to 4.13.1 2016-11-18 10:01:48 -08:00
Metasploit 383314530a
Bump version of framework to 4.13.0 2016-11-16 07:48:26 -08:00
Brent Cook 8d1d017188
Land #7562, fix rex-text column padding for unicode values 2016-11-15 07:12:37 -06:00
Brent Cook fafc749447 update metasploit payloads 2016-11-14 16:51:38 -06:00
Brendan 203c8132c5 Update the Gemfile to pull in the new rex-text Gem 2016-11-14 14:16:36 -06:00
Brent Cook 422ff57335 update metasploit-payloads 2016-11-14 02:53:18 -06:00
Metasploit f116ad2c59
Bump version of framework to 4.12.42 2016-11-11 10:02:14 -08:00
Brent Cook 77bacacb9c
Land rapid7/rex-exploitation#2, Fix heap_spray method's return value type
This fixes #7520
2016-11-09 20:39:01 -06:00
Brent Cook 5d5a4baaf7 back out rex-arch to avoid conflict with arch fixup PR 2016-11-08 17:42:42 -06:00
Brent Cook aeeefc46da update gems 2016-11-08 17:31:33 -06:00
Metasploit 2c39a14ada
Bump version of framework to 4.12.41 2016-11-04 10:02:13 -07:00
OJ 57eabda5dc
Merge upstream/master 2016-10-29 13:54:31 +10:00
OJ e936a6d7ce
Update Gemfile to include rex-arch update 2016-10-29 08:19:29 +10:00
Metasploit ffc62964d6
Bump version of framework to 4.12.40 2016-10-28 10:02:36 -07:00
Brent Cook 1a1841d441 rebuilt metasploit-payloads without debug info 2016-10-26 05:43:36 -05:00
Metasploit 6a23168800
Bump version of framework to 4.12.39 2016-10-25 12:22:52 -07:00
Metasploit e29567f390
Bump version of framework to 4.12.38 2016-10-24 14:25:47 -07:00
Metasploit bf59ba526a
Bump version of framework to 4.12.37 2016-10-24 07:35:41 -07:00
Brent Cook 672e275877 update gems 2016-10-23 16:43:02 -05:00
Metasploit 8e0d866976
Bump version of framework to 4.12.36 2016-10-21 10:02:09 -07:00
Pearce Barry 85c26c64e2
Bump rex-exploitation gem version, see #7452. 2016-10-19 08:04:10 -05:00
Pearce Barry 43fd0a8813
Land #7436, Put Rex-exploitation Gem Back 2016-10-18 16:03:54 -05:00
Brent Cook c5faffddbd
bump gems 2016-10-17 04:48:12 -05:00
Metasploit 74340e9eb7
Bump version of framework to 4.12.35 2016-10-14 15:13:45 -07:00
Metasploit b3666ff7ab
Bump version of framework to 4.12.34 2016-10-14 10:04:05 -07:00
Brent Cook 741c4b8916 updated android payload gem, removed unused extension jar 2016-10-14 09:59:06 -05:00
Brent Cook 933dc1df84 updated gems 2016-10-14 09:17:27 -05:00
Brent Cook aa748ecc83 update to working mettle gem 0.0.8 2016-10-11 21:12:00 -05:00
David Maloney 7894d5b2c1 Revert "Revert "use the new rex-exploitation gem""
This reverts commit f3166070ba.
2016-10-11 17:40:43 -05:00
Brent Cook 8f8a54bf8c update to really-working payloads 1.1.21 2016-10-11 07:00:01 -05:00
Brent Cook deaa4047df bump payloads (and sqlite too) 2016-10-10 23:58:19 -05:00
Metasploit adb6f31e36
Bump version of framework to 4.12.33 2016-10-08 20:57:08 -07:00
Brent Cook f3166070ba
Revert "use the new rex-exploitation gem"
This reverts commit 52f6265d2e.
2016-10-08 21:55:16 -05:00
Metasploit 8a6426df48
Bump version of framework to 4.12.32 2016-10-07 10:04:32 -07:00
Metasploit a0ebf5ea2d
Bump version of framework to 4.12.31 2016-10-06 11:23:08 -07:00
Pearce Barry a41281034a
Bump to latest rex-powershell gem... 2016-10-05 18:10:13 -05:00
David Maloney 52f6265d2e use the new rex-exploitation gem
use the new rex-exploitation gem instead of the packaged in lbirary code
cleans up a huge ammount of space in framework

MS-1709
2016-10-05 09:05:27 -05:00
Pearce Barry a68e9d33e1
Bump rex-powershell gem to latest. 2016-10-04 14:25:10 -05:00
Brent Cook 55d267730e
bump metasploit-payloads 2016-10-04 07:16:39 -05:00
Brent Cook f6b2a3a173
bump gems 2016-10-02 21:23:34 -05:00
Metasploit 73c11a63b4
Bump version of framework to 4.12.30 2016-09-30 10:03:42 -07:00
Pearce Barry e0cd4d082a
Bump MDM ver to get pro and msf back in sync.
Per discussion with @dmaloney-r7
2016-09-29 13:42:13 -05:00
Jeffrey Martin a457f64e2a
update to latest release payload gem 2016-09-28 16:14:29 -05:00
Jeffrey Martin cdf544be9e
Land #7364, update to latest metasploit-payloads 2016-09-27 11:26:16 -05:00
Brent Cook 8f9be92b1b update to latest metasploit-payloads 2016-09-27 11:06:34 -05:00
Metasploit 5ea1e7b379
Bump version of framework to 4.12.29 2016-09-26 12:06:21 -07:00
Metasploit 3ddf80dd7a
Bump version of framework to 4.12.28 2016-09-23 10:02:37 -07:00
Pearce Barry 11e2de4756
Bump to lastest metasploit_data_models gem.
Fixes MS-1598.
2016-09-21 13:06:41 -05:00
Pearce Barry 27018b421c
Land #7316, use new rex-encoder gem 2016-09-19 11:59:21 -05:00
Metasploit 5acc17a800
Bump version of framework to 4.12.27 2016-09-16 10:02:52 -07:00
David Maloney 7e10b5c482
use new rex-encoder gem
remove all the encoidng lbiraries and use the new gem
rex-encoder that contains them now.

MS-1708
2016-09-14 12:07:26 -05:00