infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
22,737 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

2555 Commits (9fad43da08765fe90c1b43237ecf3b76e09f9a43)

Author SHA1 Message Date
Meatballs 3ef1c0ecd6 Merge remote-tracking branch 'upstream/master' into enum_ad_perf 2013-12-19 14:25:07 +00:00
Meatballs 244cf3b3f6 Merge remote-tracking branch 'upstream/pr/2736' into enum_ad_perf 2013-12-19 13:59:57 +00:00
Meatballs ca1c887e68 Add missing ] 2013-12-15 01:12:50 +00:00
Meatballs a930056d7f Added service status checks to Post::Windows::Services 
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module

Conflicts:
	lib/msf/core/post/windows/services.rb
	lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb
 2013-12-15 01:12:45 +00:00
Spencer McIntyre a08c420862 Add railgun definitions for local exploit relevant functions. 2013-12-12 10:26:08 -05:00
OJ 64b1e78e34 Fix page size and max results 2013-12-11 00:03:05 +10:00
OJ 8a1517fde8 Fix issues with missing params on computer enum 
No more late night and rushed commits, its still and wastes people's time.

Thanks sinn3r for getting on this. Apologies for the poor quality of the PR.
 2013-12-10 21:06:28 +10:00
OJ 2237419134
Merge branch 'upstream/master' into basic_adsi_support 2013-12-10 20:58:38 +10:00
Meatballs 45a0ac9e68
Land #2602, Windows Extended API 
Retrieve clipboard data
Retrieve window handles
Retrieve service information
 2013-12-08 19:01:35 +00:00
Meatballs e5a92a18a5
and expand path 2013-12-08 19:01:03 +00:00
Meatballs 3c67f1c6a9
Fix file download 2013-12-08 18:57:10 +00:00
OJ a3c050c8b6 Added page size setting 2013-12-08 23:29:42 +10:00
OJ 8172596c0b Fix rendering of result total 2013-12-08 20:58:03 +10:00
OJ f13736d208 Add support for general domain queries 
Specific queries are just wrappers over the top of the domain query
 2013-12-08 20:41:30 +10:00
OJ 35b051174c Add basic ADSI enum of users and computers 2013-12-07 00:22:54 +10:00
OJ e90b7641ca Allow self-destruct via "kill -s" 
HTTP(s) payloads don't exit cleanly at the moment. This is an issue that's
being addressed through other work. However, there's a need to be able to
terminate the current HTTP(s) session forcably.

This commit add a -s option to kill, which (when specified) will kill
the current session.
 2013-12-06 14:56:19 +10:00
OJ 4ca48308c1 Fix downloading of files 2013-12-06 13:40:20 +10:00
OJ 1d757c40db Remove empty parens 2013-12-04 07:10:23 +10:00
OJ 8b77da4ef7 Fix non-rubyisms 2013-12-04 07:06:32 +10:00
OJ 18e1d9ce17 Revert "Start clipboard monitor functionality" 
This reverts commit ecbdfd3502.

I don't know how this got in there, as it's in another branch waiting for more work.
My bad.
 2013-12-04 07:03:12 +10:00
sinn3r 4d3d02ae01
Land #2667 - Add num and dword output format 2013-12-02 13:52:17 -06:00
jvazquez-r7 0343aef7c8
Land #2695, @wchen-r7's support to detect silverlight 2013-11-27 09:40:12 -06:00
sinn3r 5d10b44430 Add support for Silverlight 
Add support for Silverlight exploitation. [SeeRM #8705]
 2013-11-26 14:47:27 -06:00
OJ 1a65566005 Add the getenv command which pulls env vars from the victim 
This command will allow the attacker to grab environment variables from the
target, if they exist. Calling this function allows for one or more values
to be passed in, which should match the name of the variable required. If
the variable is found, it is returned. If it is not found, the variable
is not returned (ie. it's not present in the resulting hash).

Note 1: POSIX environment vars are case-senstive, whereas Windows is not.
Note 2: POSIX doesn't seem to cough up user environment vars, it only returns
system vars. I'm not sure why this is, but it could be because of the way
we do linking on POSIX.
 2013-11-26 10:05:50 +10:00
OJ 86b6d647bf Merge branch 'upstream/master' into ext_server_extapi 2013-11-25 07:43:36 +10:00
corelanc0d3r 742c52711a added 2 new output types for msfencode: num and dword 2013-11-20 22:36:17 +01:00
Joe Vennix e10f9cc518 More whitespace fixes. 2013-11-20 15:07:51 -06:00
Joe Vennix 739c7b4ca2 More dead code and tweaks. 2013-11-20 14:44:53 -06:00
Joe Vennix 3ff9da5643 Remove compression options from client sockets. 
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
 2013-11-20 14:41:45 -06:00
OJ ecbdfd3502 Start clipboard monitor functionality 
Added the basics of the clipboard monitor functionality with usage
messages and stuff like that. Lots more to do.
 2013-11-21 06:29:37 +10:00
Joe Vennix b70b594a2a Kill extraneous comma. 2013-11-20 13:47:47 -06:00
Joe Vennix a7b01e3b72 Put initialize params back on one line, and move attr_accessors. 
As per @hdm's feedback
 2013-11-20 12:29:09 -06:00
Joe Vennix e74e75fe6f Revert changes to legacy rescues. 2013-11-20 12:20:34 -06:00
Joe Vennix 9f103f8621 Whitespace tweak. 2013-11-20 01:15:15 -06:00
Joe Vennix f8b57d45cd Reenable the client SSLCompression advanced option. 
Add spec for some of the additions to Rex::Proto::Http::Client
 2013-11-20 01:03:13 -06:00
Joe Vennix d51b92b06f Turns out & ~ does work. 
Decided not to expose this as a datastore option for the Client,
but it can be used internally to toggle the compression.
 2013-11-20 00:01:48 -06:00
Joe Vennix a8c55f23a7 Remove &~ bit-clearing method in favor of defaults. 
For some reason the OP_ALL & ~OP_NO_COMPRESSION method doesnt work,
but it is late and the default is false anyways.
 2013-11-19 23:42:58 -06:00
Joe Vennix 109fc5a834 Add SSLCompression datastore option. 
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.

This also kills some ruby < 1.9.3 code.
 2013-11-19 22:34:39 -06:00
jvazquez-r7 647c867c2d
Land #1681, @sempervictus Rex::Text::Ui::Table [] method 2013-11-19 16:30:09 -06:00
jvazquez-r7 e1eddc84aa Check for inexistent column names 2013-11-19 16:02:52 -06:00
jvazquez-r7 162d433014 Use snake_case for variables 2013-11-19 15:46:11 -06:00
jvazquez-r7 6a13a0eee6 fix indentation 2013-11-19 15:42:12 -06:00
jvazquez-r7 7435d74c59
Land #2093, @sempervictus MaxChar for Rex::Ui::Text::Table cols 2013-11-19 13:34:45 -06:00
jvazquez-r7 4cf16cf360
Land #2633, @OJ's port of Kitrap0d as local exploit 2013-11-14 09:27:10 -06:00
sinn3r 2fc43182be
Land #2622 - Fix up proxy/socks4a.rb 2013-11-12 18:22:32 -06:00
jvazquez-r7 ef6d9db48f
Land #2613, @wchen-r7's BrowserExploitServer mixin 2013-11-12 17:33:12 -06:00
William Vu 8d4d7dae50 Restore comment header and remove carriage returns 2013-11-11 12:16:14 -06:00
sinn3r d483f2ad79
Land #2618 - rm shebangs 2013-11-11 11:55:23 -06:00
Jonathan 36064ca886 remove EOL carriage return from socks4a.rb 2013-11-11 12:47:41 -05:00
OJ 6a25ba18be Move kitrap0d exploit from getsystem to local exploit 
This version modifies the existing meterpreter session and bumps the privs
up to SYSTEM. However it's not how local exploits are supposed to work.
More work will be done to make this create a new session with the elevated
privs instead.
 2013-11-11 17:14:40 +10:00
Jonathan 26482f9ebd reset head~2 and removed shebang from unattend.rb 2013-11-09 15:05:56 -05:00
Tod Beardsley cc9ac7695d
Land #2592, add getproxy 
Needed for new functionality in #2612
 2013-11-08 13:20:20 -06:00
Jonathan 575072585f removed shebangs from files within rex 2013-11-07 18:51:59 -05:00
scriptjunkie 7615264b17 Merge branch 'lanattacks_fix' of git://github.com/OJ/metasploit-framework into OJ-lanattacks_fix 2013-11-07 10:35:00 -06:00
sinn3r 991240a87e Support java version detection 2013-11-07 00:54:52 -06:00
OJ 1dacf7e57e Last lot of shebangs removed 2013-11-07 07:35:51 +10:00
OJ 6422e1d6e8 Remove shebang, code tidy, as per @jlee-r7's gripes 2013-11-07 07:32:04 +10:00
OJ 7dcb071f11 Remote shebang and fix pxexeploit 2013-11-06 07:10:25 +10:00
sinn3r 5f2d8358c0 Be more browser specific with Javascript generation 2013-11-05 01:04:52 -06:00
OJ d1e008387a Stop auto preview, code clean 
Removed the auto preview of captured images from the clipboard.

Removed parens from calls to print_line.
 2013-11-05 07:15:31 +10:00
OJ f62247e731 Fix comments, indenting and pxexploit module 
Updated the comments and indentation so they're not blatantly wrong.

Adjusted the pxexploit module so that it doesn't break any more as
a result of the refactoring.
 2013-11-05 06:35:50 +10:00
OJ ff78082004 Refactor lanattacks ruby code, add command dispatcher 
The lanattacks module didn't seem to have a command dispatcher, and
hence loading the module would always result in a failure. This
commit fixes this problem.

The commit contains a bit of a refactor of the lanattacks code to be
a little more modular. It also has a shiny new dispatcher which breaks
the DHCP and TFTP functionality up into separate areas.
 2013-11-04 17:37:42 +10:00
joev bccbed2757 Rename :use_xhr_shim to :inject_xhr_shim. 2013-11-02 16:52:04 -05:00
joev 90d8da6a21 Fix some bugs in my edits, add a spec. 2013-11-02 16:46:33 -05:00
joev c7c1fcfa98 Pull shared XHR shim out, add option to static Js module method. 
* Moves shim to data/js/network/xhr_shim.js
* Add some yardoc comments
 2013-11-02 14:52:50 -05:00
OJ d658fa46b4 Updated help, removed binaries 2013-11-02 23:10:16 +10:00
OJ 67fbeacbf0 Add support for optional image downloading 
Without -d, `CF_DIB` types will just show image dimensions. Running
with -d will result in the image being looted.
 2013-11-02 23:07:13 +10:00
sinn3r 6e7e5a0ff9 Put postInfo() in the js directory 2013-10-31 13:55:22 -05:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib 
It wasn't just cmdstager_printf.rb. :/
 2013-10-30 19:51:25 -05:00
OJ 2fbac9b129 Add `getproxy` command 
This command pulls out system proxy details on windows machines.
 2013-10-30 18:40:51 +10:00
OJ 1f6c320bb3
Tidy up of extapi code, new bins 
* Rename methods to remove redundancy.
* Update bins to freshly compiled version.
* Use the Rex Table functionality instead of custom look.
* Use the `usage` feature of the Arguments class for help.
 2013-10-29 21:22:05 +10:00
OJ 606411de81 Fix mimikatz error when password is nil 
In some cases the password value that comes out of mimikatz results
is `nil`, instead of an empty string. This fixes this so that if
the string is `nil` is falls back to an empty string, resulting in
the call to `gsub` working instead of failing.
 2013-10-29 15:13:32 +10:00
Tod Beardsley b5f26455a3
Land #2545, javascript library overhaul 2013-10-23 16:12:49 -05:00
sinn3r ee95ca5e2b
Land #2158 - Fix NoMethodError undefined method `split' for nil:NilClass 2013-10-22 16:01:27 -05:00
sinn3r e1c4aef805
Land #1789 - Windows SSO Post Module 2013-10-22 15:48:15 -05:00
sinn3r afcce8a511 Merge osdetect and addonsdetect 2013-10-22 01:11:11 -05:00
sinn3r 19615ac4b7 Apparently I missed a lot of stuff 2013-10-21 21:02:01 -05:00
sinn3r fcba529ea5 Update coding format 2013-10-21 20:54:25 -05:00
sinn3r ea56c4914c Need this file 2013-10-21 20:17:38 -05:00
sinn3r 9a3e719233 Rework the naming style 2013-10-21 20:16:37 -05:00
OJ cf65f59a28 Retry shell without thread impersonation 
In certain scenarios on Windows XP there are times when creating a
shell fails with the error `ERROR_PRIVILEGE_NOT_HELD`. When this
happens the user will usuall fallback to a non-impersonated shell
via the command: `execute -f cmd.exe -H -i -c`

This patch catches the error, warns the use of the failure and then retries
to create the interactive shell without the `-t` flag.
 2013-10-21 15:29:19 +10:00
OJ 4e90394c7f
Add support for CF_DIB clipboard formats 
Image data copied to the clipboard, such as a screenshot, is converted to a JPEG using GDI+, and downloaded to the local loot folder.

This feature doesn't work with W2K as a result, but that doesn't really bother me. The code is simpler and much smaller as a result and doesn't require the inclusion of the jpeg library code.
 2013-10-21 00:05:42 +10:00
sinn3r 2d24824e78 Use data_directory instead of install_root 2013-10-19 17:55:03 -05:00
sinn3r 8a94df7dcd Change category name for base64 2013-10-18 21:20:16 -05:00
sinn3r 62dadc80d3 Make sure the data type for the return value is a string 2013-10-18 21:08:46 -05:00
sinn3r 298f23c91c Fix extra slashes that cause browser autopwn to fail. 2013-10-18 20:43:39 -05:00
Tod Beardsley ffcb86eba2
Land #2541, Outpost24 importer 
Sample data is currently secret. If we get a hold of non-secret sample
data, it'll be tacked on to the Redmine bug referenced below.

[FixRM #8384]
 2013-10-18 13:21:58 -05:00
Tod Beardsley f6675f3120
Reordered case statements 2013-10-18 13:21:28 -05:00
sinn3r 8579cb8322 Use obfuscation 2013-10-18 13:06:19 -05:00
William Vu 93ff9ec501 Create methods for start_element for readability 2013-10-18 12:20:43 -05:00
William Vu ff69e9fd05 Move product info code to a better location 2013-10-18 12:07:34 -05:00
sinn3r 3af38b9602 I bet "../" will drive people crazy, avoid that. 2013-10-18 11:56:03 -05:00
William Vu e6cccedad0 Append vuln info to vuln description 2013-10-18 11:31:54 -05:00
sinn3r b0d614bc6a Cleaning up requires 2013-10-18 01:47:27 -05:00
sinn3r c926fa710b Move all exploitation-related JavaScript to their new home 2013-10-17 16:43:29 -05:00
William Vu 12151650e4 Add product info to hosts and services :) 2013-10-17 16:18:27 -05:00
William Vu 06c7943f54 Import hostnames without breaking everything 2013-10-17 15:31:48 -05:00
William Vu 920e406526 Import CVE refs and db.emit all the things 2013-10-17 14:29:54 -05:00
OJ d4d4839dc2
Add size (bytes) of the files on the clipboard 
Output of the `clipboard_get_data` call now includes the size
of each file in bytes.
 2013-10-16 22:54:55 +10:00
OJ afc5e282a9
Add CF_HDROP file support to the clipboard 
`clipboard_get_data` has been changed so that raw text is supported and file listings are supported.

If files are on the clipboard, those files and folders are listed when this command is run. To download the files, pass in the `-d` option.
 2013-10-16 17:46:22 +10:00