infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
23,313 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

3423 Commits (9d9149d9d80c16965ae0e48afad8f76f07be42df)

Author SHA1 Message Date
sinn3r 5851d502b5 Rename some stuff 2013-10-31 23:12:20 -05:00
sinn3r 21891a8337 Make sure the browser can't retry by going to the first URL 2013-10-31 23:08:17 -05:00
sinn3r 94d62613ab Pretty much done with these, remove these comments. 2013-10-31 19:04:11 -05:00
sinn3r 828ef9c64c Adds target-specific payload generator 2013-10-31 18:54:01 -05:00
sinn3r 8a0ebcbac7 Adds method get_module_resource 2013-10-31 14:34:38 -05:00
sinn3r 10fd892827 Fix a "undefined method to_sym" bug 
If something is undetectable, the value may be empty, which triggers
a undefined method error because the regex always assumes there is
something. So instead of +, we use *.
 2013-10-31 14:06:05 -05:00
sinn3r 6e7e5a0ff9 Put postInfo() in the js directory 2013-10-31 13:55:22 -05:00
sinn3r 00efad5c5d Initial commit for BrowserExploitServer mixin 2013-10-31 13:17:06 -05:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib 
It wasn't just cmdstager_printf.rb. :/
 2013-10-30 19:51:25 -05:00
William Vu 333a0d5820 chmod -x cmdstager_printf.rb 2013-10-28 18:47:14 -05:00
Tod Beardsley b5f26455a3
Land #2545, javascript library overhaul 2013-10-23 16:12:49 -05:00
sinn3r caf41f34bf
Land #2562 - Fix RM 8510 (FileDropper) 2013-10-22 21:45:33 -05:00
sinn3r acc73dd545
Land #2282 - BypassUAC now checks if the process is LowIntegrityLevel 2013-10-22 17:16:26 -05:00
jvazquez-r7 7d1dc3746f Use the @schierlm's command 2013-10-22 16:19:49 -05:00
Tod Beardsley dc0d9ae21d
Land #2560, ZDI references 
[FixRM #8513]
 2013-10-22 15:58:21 -05:00
Meatballs 8611a2a24c
Merge remote-tracking branch 'upstream/master' into low_integ_bypassuac 2013-10-22 21:42:36 +01:00
sinn3r ba1edc6fa8
Land #2402 - Windows Management Instrumentation Local -> Peers 2013-10-22 15:39:32 -05:00
jvazquez-r7 4ad9bc5efe Try to [FixRM #8510] 2013-10-22 08:42:14 -05:00
sinn3r afcce8a511 Merge osdetect and addonsdetect 2013-10-22 01:11:11 -05:00
sinn3r 99d5da1f03 We can simplify this 2013-10-21 20:22:45 -05:00
sinn3r 9a3e719233 Rework the naming style 2013-10-21 20:16:37 -05:00
William Vu 9258d79978 Add ZDI references to reference.rb 2013-10-21 15:13:46 -05:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
Tod Beardsley e7d3206dc9
Revert "Land #2505" to resolve new rspec fails 
This reverts commit 717dfefead, reversing
changes made to 6430fa3354.
 2013-10-21 12:47:57 -05:00
William Vu 717dfefead
Land #2505, missing source fix for sock_sendpage 2013-10-21 11:47:55 -05:00
sinn3r 8a94df7dcd Change category name for base64 2013-10-18 21:20:16 -05:00
Tod Beardsley ffcb86eba2
Land #2541, Outpost24 importer 
Sample data is currently secret. If we get a hold of non-secret sample
data, it'll be tacked on to the Redmine bug referenced below.

[FixRM #8384]
 2013-10-18 13:21:58 -05:00
Meatballs 4e4d0488ae
Rubyfy constants in privs lib 2013-10-18 18:26:07 +01:00
sinn3r 6f04a5d4d7 Cache Javascript 2013-10-18 12:23:58 -05:00
sinn3r b0d614bc6a Cleaning up requires 2013-10-18 01:47:27 -05:00
Meatballs e450e34c7e
Merge branch 'master' of github.com:rapid7/metasploit-framework into low_integ_bypassuac 
Conflicts:
	modules/exploits/windows/local/bypassuac.rb
 2013-10-17 23:35:36 +01:00
Meatballs 5a662defac
Post::Privs uses Post::Registry methods 2013-10-17 23:28:07 +01:00
sinn3r c926fa710b Move all exploitation-related JavaScript to their new home 2013-10-17 16:43:29 -05:00
Rob Fuller 8f2ba68934 move decrypt_lsa and decrypt_secret to priv too 2013-10-17 00:04:21 -04:00
Rob Fuller 541d932d77 move decrypt_lsa to priv as well 2013-10-16 23:53:33 -04:00
Rob Fuller 60d8ee1434 move capture_lsa_key to priv 2013-10-16 23:45:28 -04:00
Rob Fuller 1a9fcf2cbb move convert_des_56_to_64 to priv 2013-10-16 23:39:07 -04:00
Rob Fuller 1a85bd22a8 move capture_boot_key to post win priv 2013-10-16 22:46:15 -04:00
sinn3r 4c91f2e0f5 Add detection code MS Office 
Add detection code for MS Office XP, 2003, 2007, 2010, and 2012.

[SeeRM #8413]
 2013-10-15 16:27:23 -05:00
William Vu 38965f91ee Add Outpost24 importer code to core/db.rb 2013-10-15 15:32:28 -05:00
William Vu 35dd94f0ac Land #2518, uninitialized JavascriptOSDetect fix 2013-10-14 13:32:04 -05:00
sinn3r e10dbf8a5d
Land #2508 - Add nodejs payloads 2013-10-14 12:23:31 -05:00
sinn3r da3081e1c8 [FixRM 8482] Fix uninit constant Rex::Exploitation::JavascriptOSDetect 
This fixes an uninit constant Rex::Exploitation::JavascriptOSDetect
while using a module with js_os_detect. It was originally reported
by Metasploit user @viniciuskmax

[FixRM 8482]
 2013-10-14 11:40:46 -05:00
joev c7bcc97dff Add SSL support to #nodejs_reverse_tcp. 2013-10-12 03:32:52 -05:00
joev 6440a26f04 Move shared Node.js payload logic to mixin. 
- this fixes the recursive loading issue when creating a payload
  inside the cmd payload
- also dries up some of the node cmd invocation logic.
 2013-10-12 03:19:06 -05:00
Tod Beardsley 4d76e8e9ac
Add RPORT to the list of DCERPC ports to check 
[FixRM #8479]
 2013-10-11 16:23:38 -05:00
Meatballs 9ca9b4ab29
Merge branch 'master' into data_dir 
Conflicts:
	lib/msf/core/auxiliary/jtr.rb
 2013-10-10 19:55:26 +01:00
Tod Beardsley 4f1e71e222
Also this isn't Lua. Deal with commas. 2013-10-09 17:30:57 -05:00
Tod Beardsley c8dc251042
Alphabetize authors 
Because alphabetizing is cool and makes it easy for humans to find
things in long array lists quickly.

Also, I need to keep my lines changed count up.
 2013-10-09 17:29:17 -05:00
James Lee 947925e3a3 Use a proper main signature with arguments 
Allows us to `unlink(argv[0])`
 2013-10-09 17:22:01 -05:00
Tod Beardsley 9d34a8c894
Land #2465, deal with missing cpuinfo bins 
[FixRM #8456]

Thanks @ZeroChaos!
 2013-10-09 13:03:48 -05:00
Tod Beardsley 356263df56
Litter some more rescue nil's in there 
I hate them but they were there when I got there.

A more sane way to deal with this should happen someday.
 2013-10-09 12:17:13 -05:00
Tod Beardsley f95da649f8
Deal with missing bins, too. 
This could be way more DRY. At least there's a YARD-ish comment.

This fixes up https://github.com/rapid7/metasploit-framework/pull/2465
to be a more complete solution.

[SeeRM #8465]
 2013-10-09 12:13:44 -05:00
jvazquez-r7 2593c06e7c
Land #2412, @mwulftange's printf cmd stager 2013-10-08 09:08:29 -05:00
Tod Beardsley ff6dec5eee
Promote joev to a first class citizen 
[See #2476]
 2013-10-07 12:40:43 -05:00
Markus Wulftange 836ff24998 Clean and fix CmdStagerPrintf 
Clean up of the CmdStagerPrintf as discussed in mwulftange#1
 2013-10-05 10:39:55 +02:00
ZeroChaos 5f4e4de267 fix for bug 8456 
On systems without bundled johntheripper (either by removing the bundled version or by no compatible version shipped) the system john is used.  In this case, all of the checking for compatible bundled jtr makes no sense and as such we can shortcut out of this to not only reduce the size of msf (for embedded) but also to speed execution (saving multiple calls to some random bundled binary cpuinfo*.bin).

This patch makes it very easy to simply remove cpuinfo and msf will not try to run it when missing and default to running john from the path.
 2013-10-04 15:58:47 -04:00
James Lee 541833e2cc Convert llmnr_response to use Net::DNS 
* Allows responding to AAAA requests in addition to the existing A
  support
* Prevents problems when recvfrom returns a mapped address like
  "::ffff:192.0.2.1"

Also:

* Fix a few typos
* capture: Don't shadow a method name (arp) with a local variable
* capture: Handle the case where our UDP send hits an ENETUNREACH
 2013-10-04 12:35:30 -05:00
Meatballs c460f943f7
Merge branch 'master' into data_dir 
Conflicts:
	modules/exploits/windows/local/always_install_elevated.rb
	plugins/sounds.rb
	scripts/meterpreter/powerdump.rb
	scripts/shell/spawn_meterpreter.rb
 2013-10-02 20:17:11 +01:00
James Lee b822a41004 Axe errant tabs and unused vars 2013-10-02 13:47:39 -05:00
Meatballs 29a7059eb4
Update AlwaysInstallElevated to use a generated MSI file 
Fixes bugs with MSI::UAC option, invalid logic and typo...
 2013-09-29 17:09:03 +01:00
OJ 58cd2c796e Add a bind port setting to reverse listeners 
This adds a `ReverseListenerBindPort` advanced setting to the reverse listeners whic
allows for the local bind port to be separated from the `LHOST` setting used in the
payload. This means that listeners can bind to different ports in cases where the
attacker isn't able to listen on the same port that the victim can call out on, but
there are NATs/portforwards/whatever in place that allow the connection to happen.
 2013-09-28 05:38:39 +10:00
Meatballs 8a9843cca6
Merge upstream/master 2013-09-27 20:02:23 +01:00
Meatballs 3d812742f1 Merge upstream master 2013-09-26 21:27:44 +01:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
Meatballs a25833e4d7 Fix %TEMP% path 2013-09-26 19:22:36 +01:00
Tod Beardsley 8696b5d2dc
Fix bug on missing hosts for SunRPC Portmap 
Also cleans up and normalizes the print messages to follow the
conventions of "host:port - proto - message"

[FixRM #8409], reported by Chris F.
 2013-09-26 09:42:38 -05:00
jvazquez-r7 58d4096e0f Resolv conflicts on #2267 2013-09-25 13:06:14 -05:00
joev 99e46d2cdb Merge branch 'master' into cve-2013-4660_js_yaml_code_exec 
Conflicts:
	modules/exploits/multi/handler.rb
 2013-09-25 00:32:56 -05:00
Tod Beardsley 8db1a389eb
Land #2304 fix post module require order 
Incidentally resolve conflict on current_user_psexec to account for the
new powershell require.
 2013-09-23 16:52:23 -05:00
Markus Wulftange 9353929945 Add CmdStagerPrintf 2013-09-23 22:02:29 +02:00
Meatballs 695fdf836c Generate NonUAC MSIs 2013-09-21 13:13:18 +01:00
Meatballs 85ea9ca05a Merge branch 'master' of github.com:rapid7/metasploit-framework into msi_payload 2013-09-21 12:49:38 +01:00
Joe Vennix a08d195308 Add Node.js as a platform. 
* Fix some whitespace issues in platform.rb
 2013-09-20 18:14:01 -05:00
jvazquez-r7 87f75e1065 Complete CmdStagerEcho code doc 2013-09-20 13:24:53 -05:00
Meatballs 7d1c5c732a Correct powershell 2013-09-20 18:36:24 +01:00
Meatballs a00f3d8b8e initial 2013-09-20 13:40:28 +01:00
Tod Beardsley e9e1b28ba8
Land #2371, echo -e cmd stager 2013-09-19 14:47:39 -05:00
James Lee 8fe9132159
Land #2358, deprecate funny names 2013-09-18 14:55:33 -05:00
James Lee 150f0f644e Merge branch 'rapid7' into bug/osx-mods-load-order 
Conflicts:
	modules/post/windows/gather/enum_dirperms.rb
 2013-09-17 18:21:13 -05:00
Tod Beardsley dae8847c4d
Land #2374, more complete 32/64 migrate fix 
[FixRM #8395]
 2013-09-17 14:52:04 -05:00
James Lee c77d49a640 Merge branch 'rapid7' into cleanup/remove-id-tags 
Conflicts:
	lib/msf/core/payload/osx/bundleinject.rb
	lib/msf/core/payload/windows/dllinject.rb
	lib/msf/core/payload/windows/exec.rb
	lib/msf/core/payload/windows/loadlibrary.rb
	lib/msf/core/payload/windows/reflectivedllinject.rb
	lib/msf/core/payload/windows/x64/reflectivedllinject.rb
	scripts/meterpreter/netenum.rb
 2013-09-17 10:55:02 -05:00
James Lee 97d3a20f82 Remove more $Revision tags 2013-09-17 10:46:37 -05:00
James Lee d6954e9ce7 Fix migrate from 32- to 64-bit processes 
In some cases, it was possible to end up in a situation where the x64
reflective library hadn't been loaded by the time a user typed migrate.
If the target process was 64-bit, msfconsole would error out with a
NoMethodError and much sadness would ensue.

[See #2356]
 2013-09-16 16:04:50 -05:00
jvazquez-r7 a8198bc948 Add documentatio to the mixin 2013-09-16 11:55:30 -05:00
jvazquez-r7 a5049df320 Add echo CmdStager 2013-09-16 11:35:05 -05:00
Tod Beardsley 53a7e74813
Land #2360 
All the specs pass, and it's difficult to repo many of these cases to
see if bugs are actually here, but it's a good idea to enforce binary
regexs.
 2013-09-13 14:43:53 -05:00
HD Moore 72dff03426 FixRM #8396 change all lib use of regex to 8-bit pattern 2013-09-12 16:58:49 -05:00
James Lee 6cc5965123
Land #2278, exe injection refactor 2013-09-12 16:37:58 -05:00
Tod Beardsley 76f27ecde8 Require the deprecation mixin in all modules 
Because rememberin to require it, and hoping against a race is not how we
roll any more.
 2013-09-12 15:49:33 -05:00
David Maloney e80cda4ace Merge branch 'master' into spike/exe_generation 2013-09-12 12:36:10 -05:00
James Lee 30c2efe3b2 Add require for eventlog 
Even though nothing uses it except an old script
 2013-09-11 16:21:10 -05:00
Markus Wulftange 80243c6e4d Disable default sorting on MSSQL results 
When printing output using the `mssql_print_reply`, the output gets
sorted by default by the first column. This can distort the output,
especially when the row order is crucial like in case of executing
external commands with `mssql_xpcmdshell`.

This patch disables sorting by initializing Rex::Ui::Text::Table
with SortIndex = -1.
 2013-09-09 20:14:48 +02:00
David Maloney 5773a009f5 Merge branch 'spike/exe_generation' of github.com:/dmaloney-r7/metasploit-framework into spike/exe_generation 2013-09-09 12:17:36 -05:00
David Maloney d6e4e46d86 better validation of buffer register 2013-09-09 12:16:15 -05:00
jvazquez-r7 eb745af12f Land #1054, @Meatballs1 exploit for IPsec Keying and more 2013-09-05 16:53:20 -05:00
Tab Assassin 2bd1fb451b Retab changes for PR #1569 2013-09-05 16:16:05 -05:00
Tab Assassin 48cf2af685 Merge for retab 2013-09-05 16:16:00 -05:00
James Lee adfb31e30a Land #2316, don't modify datastore in authbrute 2013-09-05 16:04:15 -05:00
jvazquez-r7 368a78a963 Undo post setup change 2013-09-05 15:00:58 -05:00
Meatballs d4043a6646 Spaces and change to filedropper 2013-09-05 20:41:37 +01:00
Meatballs c5daf939d1 Stabs tabassassin 2013-09-05 20:36:52 +01:00
James Lee 41f6ab3073 Land #2294, fix post setup 
Conflicts:
	lib/msf/core/post.rb
 2013-09-05 14:11:32 -05:00
Tab Assassin f5a4c05dbc Retab changes for PR #2267 2013-09-05 14:11:03 -05:00
Tab Assassin 4703a10b64 Merge for retab 2013-09-05 14:10:58 -05:00
Tab Assassin 63612a64e9 Merge for retab 2013-09-05 14:08:09 -05:00
Tab Assassin d0360733d7 Retab changes for PR #2282 2013-09-05 14:05:34 -05:00
Tab Assassin 49dface180 Merge for retab 2013-09-05 14:05:28 -05:00
Tab Assassin 845bf7146b Retab changes for PR #2304 2013-09-05 13:41:25 -05:00
Tab Assassin adf9ff356c Merge for retab 2013-09-05 13:41:23 -05:00
Tab Assassin abb52a086c Retab changes for PR #2316 2013-09-05 13:33:59 -05:00
Tab Assassin 8665de0261 Merge for retab 2013-09-05 13:33:49 -05:00
Tab Assassin 896bb129cd Retab changes for PR #2325 2013-09-05 13:24:09 -05:00
Tab Assassin 5ff25d8b96 Merge for retab 2013-09-05 13:23:25 -05:00
James Lee b913fcf1a7 Add a proper PrependFork for linux 
Also fixes a typo bug for AppendExit
 2013-09-04 00:15:07 -05:00
Meatballs 1471a4fcef Fixes an error in file_dropper where @dropped_files is nil 
causing an exception to be raised and on_new_session to fail.

I have moved super to the top of the chain so it always gets
called regardless.
 2013-09-03 23:45:41 +01:00
Meatballs c687f23b81 Better error handling 2013-09-03 22:57:27 +01:00
Meatballs a8e77c56bd Updates 2013-09-03 22:46:20 +01:00
Meatballs ac0c493cf9 Merge branch 'master' of github.com:rapid7/metasploit-framework into local_win_priv_keyring 2013-09-03 21:33:11 +01:00
jvazquez-r7 560d384633 Do first modification to Auxiliary::Login and Auxiliary::AuthBrute 2013-08-31 23:38:04 -05:00
Tab Assassin 7e5e0f7fc8 Retab lib 2013-08-30 16:28:33 -05:00
Meatballs 53c3f6b2db Deconflict 2013-08-30 10:52:42 +01:00
James Lee 37f8d7a536 And one more. 2013-08-29 23:52:00 -05:00
James Lee 49bfc84ea6 Bah, missed changes after refactor 
Thanks, travis-ci!
 2013-08-29 23:39:29 -05:00
James Lee 63adde2429 Fix load order in posts, hopefully forever 2013-08-29 13:37:50 -05:00
jvazquez-r7 ab58e2db41 Ensure PostMixin setup is called 2013-08-27 18:03:30 -05:00
sinn3r a91b38cbf4 Land #2276 - osx webcam and record_mic post modules 2013-08-27 12:28:14 -05:00
lsanchez-r7 007b3de06d Merge pull request #2271 from bturner-r7/bug/db-leaks 
Land #2271, Fix database connection leaks
 2013-08-26 14:39:11 -07:00
David Maloney 5a424ab4df Allow user supplied buffer register 
let the user pick, otherwise default to edx
 2013-08-26 13:15:12 -05:00
Meatballs 3b9ded5a8e BypassUAC now checks if the process is LowIntegrityLevel 
and fails if so. Some small improvements made to Post::Priv
and BypassUAC module.
 2013-08-26 13:54:55 +01:00
David Maloney 383c9ed7f8 set edx as a BufferRegister 
polymorphic encoders can now always use EDX
as a BufferRegister, making it harder to catch
the decoder stub.
 2013-08-25 14:18:32 -05:00
Meatballs 96c093dce0 Fix Exploit::Exe 2013-08-25 19:56:29 +01:00
Meatballs 66ee15f461 Merge and deconflict 2013-08-25 19:14:15 +01:00
David Maloney f5e9089dd5 remove dupe comment 2013-08-25 12:46:47 -05:00
David Maloney a50fa2deec style fixups 2013-08-25 12:37:30 -05:00
Christian Mehlmauer 035258389f use feed first before trying to bruteforce 2013-08-25 10:16:43 +02:00
David Maloney 4c57af051a Revert "'remove unused framework references" 
This reverts commit 98a09b9f5c.
 2013-08-24 17:52:57 -05:00
David Maloney 98a09b9f5c 'remove unused framework references 
passing around framework references that are never used
removing these whever possible
 2013-08-24 16:59:29 -05:00
David Maloney 8f47aa6dcb Basic Injector class 
create a class for injecting payloads
into an exe template as a new section
 2013-08-24 16:11:00 -05:00
Christian Mehlmauer 7cd150b850 another module 2013-08-24 18:42:22 +02:00
Joe Vennix 2d3f599498 Moves ruby_dl helpers to proper place in repo. 
* Adds fail_with methods and moves timeouts to constants.
 2013-08-23 17:17:19 -05:00
Brandon Turner cd45c77080 Fix a few database leaks 
All database access should be wrapped in with_connection blocks.

To avoid breaking git blame with a bunch of whitespace, I outdented
the with_connection blocks as seems to be common in db.rb.

[Story #55586616]
 2013-08-21 18:53:17 -05:00
Brandon Turner c0700673e7 Fix SessionManager database leak 
All database access should be wrapped in with_connection blocks.

Much of this commit is whitespace.  It may help to view it with
--ignore-all-space or the w=0 parameter on GitHub.

[Story #55586616]
 2013-08-21 17:34:25 -05:00
Christian Mehlmauer 009d8796f6 wordpress is now a module, not a mixin 2013-08-22 00:05:58 +02:00
Christian Mehlmauer 0a2bf9e9e7 implement @limhoff-r7 feedback 2013-08-21 21:10:00 +02:00
Christian Mehlmauer 2e9a579a08 implement @limhoff-r7 feedback 2013-08-21 21:05:52 +02:00
Christian Mehlmauer ffdd057f10 -) Documentation 
-) Added Wordpress checks
 2013-08-21 14:27:11 +02:00
Christian Mehlmauer 655e2dcf6c more methods 2013-08-21 13:13:41 +02:00
Christian Mehlmauer 68a51f4055 msftidy 2013-08-21 12:50:26 +02:00
Christian Mehlmauer 11ef8d077c -) added wordpress mixin 
-) fixed typo in web mixin
 2013-08-21 12:45:15 +02:00
sinn3r f148eb4715 Land #2255 - Fix fail_with() 2013-08-20 01:28:21 -05:00
jvazquez-r7 491ea81acf Fix calls to fail_with from mixins 2013-08-19 16:42:52 -05:00
jvazquez-r7 7e37130837 Patch for [SeeRM #8315] 2013-08-19 16:34:02 -05:00
Tod Beardsley 1eb3c323ed Land #2175, force string encoding for RPC 
Metasploit takes great pains to ensure that all strings are encoded as
plain old US-ASCII. This PR enforces this conversion over RPC as well.

[FixRM #7888]
 2013-08-16 16:09:24 -05:00
Tod Beardsley 7937fbcc49 More idiomatic ruby with symbols and spaces 2013-08-16 15:59:04 -05:00
HD Moore bec15ebf7c Remove Failure (moved to parent class) 2013-08-15 13:31:21 -05:00
HD Moore 4706f8b54c Add fail_with() stub and move Failure from Exploit 2013-08-15 13:30:47 -05:00
sinn3r bd6a45fffa Get rid of version() use 2013-08-14 11:00:09 -05:00
sinn3r 83aec3b231 Remove module version display 
Since modules no longer use the 'Version' key, there's no point to
collect and show them. It's all 0 anyway.

[See RM 8278]
 2013-08-14 02:26:39 -05:00
James Lee 3827b14103 Land #1726, ssl verify mode 
Conflicts:
	lib/rex/socket/parameters.rb
Fix doc strings
 2013-08-12 17:57:10 -05:00
jvennix-r7 8278808a37 Merge pull request #2204 from todb-r7/bug/undo-optstring-validator 
Revert "OptString specs and better validation"
 2013-08-09 13:42:46 -07:00
Tod Beardsley 02f460287b Revert "OptString specs and better validation" 
This reverts commit d66779ba4c.

Specifically, this commit was causing trouble when a datastore was
getting an Integer. For some reason (as yet undiscovered), the option
normalizer wasn't trying to Integer#to_s such arguments.

This kind of thing is going to happen a lot. For now, I'd rather just
end up with the ducktype, and attack the normalizer in a seperate fix.
 2013-08-09 15:30:42 -05:00
sinn3r 4558aca7ca Land #2136 - Removed requirement for note.data to be present 2013-08-09 15:29:25 -05:00
Meatballs 08c32c250f File versions 2013-08-08 19:42:14 +01:00
allfro 9180dd59fe Patch for string encoding issues with `msgpack` 
Fixes an issue that causes exploits to fail if the PAYLOAD option is the last option to get marshalled in an MSFRPC dictionary. The patch adjusts the string's encoding to match the internal default encoding used by Ruby. Hence, making `fetch()` succeed.
 2013-07-30 13:38:44 -04:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff 
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
 2013-07-29 21:47:52 -05:00
jvazquez-r7 05be76ecb7 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-29 16:41:22 -05:00
jvazquez-r7 593363c5f9 Land #2154, @wchen-r7's msfcli optimizations and refactoring 2013-07-29 16:38:32 -05:00
sinn3r a0decf502f Refactor msfcli 2013-07-28 12:40:50 -05:00
jvazquez-r7 4a0b33241f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-25 18:41:50 -05:00
sinn3r 7b7603a5e7 Land #2104 - reverse_https_proxy 2013-07-25 17:26:56 -05:00
jvazquez-r7 33f6f7e8fc Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-25 17:03:45 -05:00
William Vu 27a540e12f Land #1215, creds reuse for AuthBrute modules 2013-07-25 16:54:44 -05:00
jvazquez-r7 2b3dcaf678 Land #2157, @wvu and @averagesecurityguy patch for OpenVAS XML Reports importing 2013-07-25 12:04:38 -05:00
William Vu 97680304d6 Use index, since it can apparently do regex 2013-07-25 12:00:33 -05:00
sinn3r 56367ef69c Update documentation 2013-07-24 19:04:47 -05:00
sinn3r 0fd2c385fb Update documentation 2013-07-24 19:02:10 -05:00
sinn3r e266d1bd0a Add comment about opts 2013-07-24 19:00:58 -05:00
sinn3r a71d7eb372 Update archive.rb to handle whitelist 2013-07-24 18:59:43 -05:00
sinn3r 9ae550c883 Do if [].empty?. Avoid msfcli running as a job 2013-07-24 18:35:06 -05:00
sinn3r ed51d284fa Change name, change how data is passed, fix rspec 2013-07-24 17:15:56 -05:00
sinn3r e120ecfba9 msfcli is designed to load only one module (auxiliary or exploit), 
so we shouldn't have to load all of them to run this utility. The
overall goal of this PR is to narrow down what modules
(exploit/aux + payload + encoder + nop) you possibly need in order
to shave off loading time. By doing this, on my box this is 5-6
seconds faster than the original one.

I actually tried to avoid making too many changes in the library
(such as Module Manager), because we don't have test cases for them,
and we can't really afford to risk breaking it. I also developed
a test script to actually be able to test msfcli.
 2013-07-24 14:40:46 -05:00
jvazquez-r7 e9a4f6d5da Merge branch 'dll_fix' of https://github.com/Meatballs1/metasploit-framework 2013-07-24 14:00:52 -05:00
Meatballs fee5fabb91 Revert x64 corruption changes 2013-07-24 19:59:04 +01:00
Meatballs 44cae75af1 Cleanup 2013-07-24 19:52:59 +01:00
Meatballs 4b84b49674 Fix payload corruption 2013-07-24 19:08:02 +01:00
jvazquez-r7 47c21dfe85 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-24 11:42:11 -05:00
William Vu d493346691 Land #2137, fixes and specs for Opt containers 2013-07-23 15:58:09 -05:00
jvazquez-r7 b0c17fdebc Land #2002, @jlee-r7's patch for better handling uri resources 2013-07-23 15:49:21 -05:00
jvazquez-r7 99a345f8d1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-22 13:54:26 -05:00
jvazquez-r7 77e8250349 Add support for CWE 2013-07-22 12:13:56 -05:00
David Maloney 943dde5c6c OptRegexp specs 2013-07-20 18:44:55 -05:00
David Maloney d66779ba4c OptString specs and better validation 2013-07-20 17:49:03 -05:00
David Maloney d6f2b28708 More opt specs 2013-07-20 17:37:39 -05:00
Samuel Huckins 832db57171 Removed requirement for note.data to be present. It wasn't required in 
the model or in specs, but was in db.rb, resulting in an error during
certain import scenarios.
 2013-07-20 10:27:12 -05:00
David Maloney ec82644bd3 mo fixes mo specs 
SEERM #7536
SEERM #7537
 2013-07-18 15:00:57 -05:00
jvazquez-r7 1a5e0e10a5 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-18 13:53:57 -05:00
sinn3r 9d92b38dc7 Land #2121 - add specs for module search filter 2013-07-18 13:50:26 -05:00
Joe Vennix 67d8c1170b Remove unnecessary whitespace. 2013-07-18 13:43:30 -05:00
David Maloney 57dd525714 More optaddressrange specs and fixes 
SEERM #7536
 2013-07-18 13:03:32 -05:00
Joe Vennix f4b0ab8184 Adds 141 passing specs to Msf::Module#search_filter. 
* tests exclusion functionality, type: matching, port: matching, app: matching,
   platform: matching, author: matching, text: matching, name: matching, and
   path: matching.
[RM #4790]
 2013-07-18 12:47:08 -05:00
David Maloney 22e4db04e0 opening specs and fixes for OptAddressRange 2013-07-18 12:44:48 -05:00
David Maloney 27e2469d8e Specs and code changes for OptAddress 
handles wierness around Optaddress.
Still need to address isues in optaddressRange

FIXRM #7537
 2013-07-17 20:21:24 -05:00
jvazquez-r7 58229ff8b7 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-17 20:18:48 -05:00
Tod Beardsley 72df070b80 Bump version to 4.8.0-dev, -rls is so fleeting 2013-07-17 16:43:24 -05:00
Tod Beardsley 8d1a760b1f Bump version to -rls 2013-07-17 16:42:37 -05:00
jvazquez-r7 11f8b351c0 Merge branch 'nvidia' of https://github.com/Meatballs1/metasploit-framework 2013-07-17 11:44:42 -05:00
Alexandre Maloteaux a5d526d710 remove metsrv.dll 2013-07-15 17:16:21 +01:00
Alexandre Maloteaux e28dd42992 add http authentification and socks 2013-07-15 15:36:58 +01:00
Alexandre Maloteaux f48c70d468 enable tor and small fix 2013-07-13 17:59:49 +01:00
James Lee 94f8b1d177 Land #2073, psexec_psh 2013-07-12 16:14:17 -05:00
James Lee 91b748a701 Make it clear where we failed 
Even when VERBOSE=false
 2013-07-12 15:57:30 -05:00
corelanc0d3r e8983a21c5 New meterpreter payload reverse_https_proxy 2013-07-12 16:45:16 -04:00
William Vu e8294b4f02 Add tentative fixes 2013-07-12 07:12:07 -05:00
James Lee 1ac1d322f2 Dup before modifying 
Because `remove_resource` modifies @my_resources, we can't call it while
iterating over the actual @my_resources. The following snippet
illustrates why:

```
>> a = [1,2,3,4]; a.each {|elem| a.delete(elem); puts elem }
1
3
=> [2, 4]
```

[See #2002]
 2013-07-12 00:57:10 -05:00
James Lee 38e837dc28 Remove inaccurate comment 2013-07-11 22:48:35 -05:00
William Vu f267c11bc4 Add regex fix 2013-07-10 15:43:16 -05:00
Tod Beardsley 56ffa4ae2f Fixes for network_interface PR #2085 
Implementing the suggestions from @limhoff-r7.

See #2085

FixRM #8023
FixRM #7943
 2013-07-10 13:25:06 -05:00
lsanchez-r7 4541a9e49e now with passing msftidy 2013-07-08 17:44:50 -05:00
lsanchez-r7 5c93fb2849 arp_sweep is once again working 
modified the capture mixin to use NetworkInteface instead of
pcaprub for interfaces and addresses

FIXRM #8023,#7943
 2013-07-08 17:24:28 -05:00
Meatballs 2bfe8b3b29 msftidy 2013-07-05 22:35:22 +01:00
Meatballs 0ce3fe2e7c Added service status checks to Post::Windows::Services 
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
 2013-07-05 22:25:04 +01:00
jvazquez-r7 0e2380c115 Fix method documentation 2013-07-05 11:19:53 -05:00
Meatballs 1a0bdf335e Retab lib 2013-07-04 12:09:46 +01:00
Meatballs a76ee6c2ec Add flexibility to lib 2013-07-04 11:03:48 +01:00
Meatballs 1368c1c27f Move options to lib 2013-07-04 10:25:08 +01:00
Meatballs 03de8c1c3d Pull in exploit/powershell 2013-07-04 09:54:40 +01:00
sinn3r 0f37bbe78e Add has_pid? function 
[SeeRM:#8123] - Add commonly used function has_pid?. Related to
redmine issue 8123.
 2013-07-02 14:33:15 -05:00
jvazquez-r7 a5c3f4ca9b Modify ruby code according to comments 2013-06-29 08:54:00 -05:00
sinn3r e3989ad30c Extra comments, no thanks 2013-06-28 15:44:06 -05:00
sinn3r f4c805f5d6 Yarrrrrrrrd 2013-06-28 15:42:56 -05:00
sinn3r 6e1fa05757 Fix a handle leak & change thread creation flag 2013-06-28 13:23:08 -05:00
sinn3r 554d738f26 Update documentation 
Fix broken English
 2013-06-28 13:03:05 -05:00
sinn3r b7430cb569 Add Msf::Post::Windows::Process 
The purpose of Msf::Post::Windows::Process is have all the common
functions you might need to do something to a process, for example:
injecting something to a process and then run it.
 2013-06-28 12:55:06 -05:00
David Maloney ea13ac48ec "fix" indentation to make egypt happy 2013-06-27 17:16:13 -05:00
David Maloney 89faba288d damnit brandon turner 2013-06-27 17:12:37 -05:00
David Maloney 867be1257a slight rearrangement 2013-06-27 17:09:20 -05:00
David Maloney e3fde02eec conditional wrapping 
as per egypt's catch
 2013-06-27 17:07:16 -05:00
David Maloney 70433820a9 fixes FD leak in RPC client 
FD leak due to sockets not getting closed
on the rpc client
FIXRM #8107
 2013-06-27 16:57:02 -05:00
Josh d7eda343e9 fix typo in comment 
change runing to running
 2013-06-27 03:12:49 -05:00
James Lee 31ad7b50a9 Fix write_file on FreeBSD 
[SeeRM #8083]
 2013-06-25 17:19:00 -05:00
Daniele Martini c0fda81eb0 Removed options DB_ADD_ALL. Added options DB_ALL_PASS and DB_ALL_USERS 
to add already known user and passwords to the lists.
 2013-06-23 18:20:41 +02:00
James Lee 3c42fe594e No need to have rescue around a print 2013-06-21 15:55:43 -05:00
James Lee 2c12a43e77 Add a method for dealing with hardcoded URIs 2013-06-21 15:48:02 -05:00
James Lee 39d011780e Move deletion into #remove_resource 
Doing it here means that modules manually calling remove_resource won't
screw up the cleanup
 2013-06-21 15:34:54 -05:00
James Lee e8a92eb196 Keep better track of resources 
[See #1623]
[SeeRM #7692]
 2013-06-21 14:51:47 -05:00
James Lee 81b4efcdb8 Fix requires for PhpEXE 
And incidentally fix some msftidy complaints
 2013-06-19 16:27:59 -05:00
HD Moore 819080a147 Enable rhost/rport option overrides in HttpClient 2013-06-17 11:45:01 -05:00
Tod Beardsley d341b825d0 Rename dirbust option to conform to style 2013-06-14 12:58:08 -05:00
Tasos Laskos b509ac8504 Crawler mixin: Dirbusting opt moved to advanced 2013-06-13 00:04:31 +03:00
Tasos Laskos b474cda4aa Crawler/Anemone: Dirbusting now optional 
[FIXRM #8030]

Anemone updated to make dirbusting optional (on by default) and the Crawler core
module updated to provide an option to do so.
 2013-06-13 00:00:09 +03:00
Tod Beardsley 6a5d1d06b2 Make the conditional correct for print_prefix 
Fixes a bug introduced on #1936.
 2013-06-11 16:16:17 -05:00
Tod Beardsley f775a0bb01 Handle single quotes for OpenVAS import 2013-06-10 19:45:50 -04:00
Tod Beardsley 9a08090b0f Inch toward making modules more testable 2013-06-10 16:02:19 -05:00
Tod Beardsley d4e9431633 Add Gemfile entry for PacketFu 2013-06-10 14:18:05 -05:00
David Maloney 6aa7c74fdd make anemone also rspect domain 2013-06-07 14:24:14 -05:00
David Maloney 78b2a0a2ac add domain support to web spider 2013-06-07 12:41:20 -05:00
sinn3r 8e2de6d14f Updates js_property_spray documentation 
After many tests, it turns out address 0x0c0d2020 is the most
consistent location acorss various IE versions.  For dev purposes,
it's rather important to have this documented somewhere.

Thanks to corelanc0d3r for the data.
 2013-06-07 00:28:22 -05:00
David Maloney 2e26256217 was missing a nil check 2013-06-04 14:21:07 -05:00
David Maloney c4475538e7 Report on TaskSession associations 
add TaskSession objects so when we report
on a session, we know what Task created it, if there
was a task
 2013-06-04 13:42:36 -05:00
sinn3r 90117c322c Landing #1874 - Post API cleanup 2013-05-31 16:15:23 -05:00
Luke Imhoff cc60c95243 Rescue Errno::ENONENT when using File.mtime for memory cache 
[#47720609]
 2013-05-30 13:16:43 -05:00
Luke Imhoff 541d287e70 Merge branch 'master' into bug/module-load-cache-update 2013-05-30 12:59:50 -05:00
lsanchez-r7 8b488c3c6b Merge pull request #1866 from dmaloney-r7/bug/mdm_session_port 
Add session_port to the mdm object

SEERM #7281
 2013-05-30 10:05:48 -07:00
James Lee 12f0448bb4 Use a LIKE test instead of equality 
Fixes the ability to search for CVE (as well as other reference types)
with a non-exact match

[SeeRM #7989]
 2013-05-29 16:27:33 -05:00
James Lee f3ff5b5205 Factorize and remove includes 
Speeds up compilation and removes dependency on bionic source
 2013-05-28 15:46:06 -05:00
James Lee 0466cce7b1 Move PostMixin to its own file 
Also replaces dead code in lib/msf/core/exploit/local.rb with what was
actually being used for the Exploit::Local class that lived in
lib/msf/core/exploit.rb.
 2013-05-28 15:46:06 -05:00
Samuel Huckins e20385dd9e Merge pull request #1864 from dmaloney-r7/feature/task_associations/cred_service_host 
Passes specs and functional tests
 2013-05-28 12:11:57 -07:00
James Lee 9843dc4cb4 Land #1708, android meterpreter 
Conflicts:
	data/meterpreter/ext_server_stdapi.jar
 2013-05-28 12:19:45 -05:00
David Maloney 849d974463 Add session_port to the mdm object 
Mdm::Session was not being passed the session_port
FIXRM #7281
 2013-05-24 17:46:03 -05:00
Luke Imhoff c22178752e Merge branch 'master' into bug/module-load-cache-update 2013-05-24 11:06:16 -05:00
sinn3r e169ccab4f Landing #1862 - Remove inline unit tests 2013-05-23 22:19:29 -05:00
Luke Imhoff 1a487e476d Merge branch 'master' into bug/module-load-cache-update 2013-05-23 14:23:14 -05:00
David Maloney 0f21861921 Add task handling to imports 
allow imports to carry along task info

[Story #49167601]
 2013-05-23 13:33:19 -05:00
Tod Beardsley 05916c079e Inline unit tests are so last decade 
Aside from codebase-wide changes, nearly all of these tests haven't been
touched since before 2010, and there is no effort to maintain this style
of testing. We've moved on to (correctly) seperating out our tests from
our codebase.
 2013-05-23 12:41:14 -05:00
Tod Beardsley a852304ba3 DRY: Move check things to the common module level 
While it makes lots of sense to bring check to all modules, of course
some modules will not be able to actually use it. Namely modules like
nop and payload modules. If you're feeling creative, you could probably
come up with semantically similar checks for those, too.
 2013-05-23 11:42:41 -05:00
Tod Beardsley 7436fdad72 First, copy-pasta and add a test 2013-05-23 11:26:53 -05:00
David Maloney d8074c0bf4 Use create not new 
Was calling .new instead of .create
[Story #49167601]
 2013-05-22 18:29:22 -05:00
Luke Imhoff 2b70ec2e08 Payload compatible cache_in_memory 
[#47720609]

Msf::PayloadSet#add_module does NOT return an annotated module class as
Msf::ModuleSet#add_module does because a payload module is defined as a
ruby Module instead of a ruby Class.   Since add_module doesn't always
return an annotated_class, the logic in
Msf::ModuleManager#on_module_load needed to change to NOT use
annotated_class and create #add_module as return [void].  Thus, it is
necessary to pass in all the metasploit module metadata to
Msf::ModuleManager#cache_in_memory instead of assuming they can be
derived from the (payload) Module or (other) Class.
 2013-05-22 16:06:02 -05:00
David Maloney 69dd7f5c58 Update Mdm and Add Task stuff to report 
make report_* methods aware of Tasks

[Story #49167601]
 2013-05-22 14:59:43 -05:00
Luke Imhoff 57576de85f Update in-memory cache to fix file_changed? 
[#47720609]

Msf::ModuleManager#module_info_by_path was not being updated when a
module was loaded, so if a load_module was called again, say during
start up of prosvc, the module would reload even though there was no
change in the file because file_changed? couldn't find an entry for the
module's path in module_info_by_path.
 2013-05-22 12:28:42 -05:00
sinn3r e2aad8930d Landing #1853 - Remove ID tags 2013-05-22 12:12:55 -05:00
sinn3r 8483528ae0 Restore generic.rb to the correct state 2013-05-22 12:11:06 -05:00
sinn3r 1cf485fad1 Restore tcp.rb to its current state 2013-05-22 12:06:36 -05:00
Luke Imhoff eede80509f Reuse appropriate terminology in docs 
[#47720609]

Fix some docs and variable names to make it clearer when methods are
expecting module instance and module classes.  Change some 'name'
variables to 'reference_name' since that's the proper terminology.
 2013-05-21 08:19:47 -05:00
James Lee f4498c3916 Remove $Id tags 
Also adds binary coding magic comment to a few files
 2013-05-20 16:21:03 -05:00
Luke Imhoff 89bd5b4791 Reset column information after running migrations 
[#50179803]
[SeeRM #7967]
[SeeRM #7870]

Because metasploit-framework runs migrations with the same process and
with the same connection as it later accesses the database, the column
information can become cached prematurely and be incorrect by the end of
the migrations.  Fix the bad cache by automatically resetting the column
information for all model classes after the migrations have run.
 2013-05-20 13:08:07 -05:00
Luke Imhoff 398dcfa8cb Merge branch 'master' into bug/migrations 2013-05-20 12:49:33 -05:00
Luke Imhoff 0e435d378c Move Msf::DBManager#migrate(d) to module 
[#50179803]

Move Msf::DBManager#migrate and the migrated attribute to
Msf::DBManager::Migration module to lower complexity of db_manager.rb
and in preparation for more migration related code on this branch.
 2013-05-20 12:45:17 -05:00
Luke Imhoff 82867fbb66 Prevent duplicate migrations_paths 
[#50099107]

If Msf::DBManager#initialize_metasploit_data_models is run multiple
times, such as during specs, ActiveRecord::Migrator.migrations_paths was
getting populated with multiple copies of the metasploit_data_models
db/migrate path, which would lead to 'DB.migrate threw an exception:
Multiple migrations have the version number 0' errors in framework.log.
 2013-05-17 14:56:17 -05:00
James Lee 61afe1449e Landing #1275, bash cmdstager 
Conflicts:
	lib/rex/exploitation/cmdstager.rb

Conflict was just the $Id$ tag, which is no longer used anyway.
 2013-05-15 10:44:05 -05:00
Tasos Laskos 0a55c7e4b6 Proofs can be omitted if they contain sensitive data 2013-05-14 20:46:17 +03:00
Tasos Laskos a12e59ef1f Merge branch 'master' into bug/web-match_and_log_fingerprint 2013-05-14 01:55:37 +03:00
Tasos Laskos f4bc3096b2 #match_and_log_fingerprint: store match not fingerprint 2013-05-10 19:59:12 +03:00
Luke Imhoff afa04ac9d0 Merge branch 'master' into feature/mdm-module-namespace 2013-05-09 16:13:06 -05:00
Luke Imhoff bc92b43408 Update to metasploit_data_models 0.11.0 
[#47979793]
 2013-05-09 13:25:26 -05:00
Luke Imhoff a5648a8830 Merge branch 'master' into feature/mdm-module-namespace 
Conflicts:
	Gemfile
	Gemfile.lock
	lib/msf/core/db_manager.rb
 2013-05-08 13:22:41 -05:00
James Lee 9ab68ac935 Fix unintelligible error when importing empty file 
IO#read returns nil for an empty file if given a length argument, which
caused a stack trace when attempting to import a file instead of a
useful error message.
 2013-05-07 18:05:45 -05:00
James Lee 9e7885857c Land #1776, assembly payload blob cache fix 2013-05-02 16:58:14 -05:00
James Lee 0d9b120bac Get rid of the suffix 
This makes blob cache a little cleaner

[FixRM #7898]
 2013-05-02 16:55:14 -05:00