Commit Graph

10263 Commits (a02ea90824d4c88a0310b067c078722e3b804550)

Author SHA1 Message Date
jvazquez-r7 874031b96d Delete require 2015-02-18 13:44:31 -06:00
jvazquez-r7 415c671416 Move Rex code, we'll redesign as mixin 2015-02-18 13:44:02 -06:00
jvazquez-r7 ff4aa1f9da Require FileServer mixin 2015-02-18 11:43:13 -06:00
jvazquez-r7 f960a77754 Solve merging conflicts 2015-02-18 11:36:47 -06:00
jvazquez-r7 01bedb7351 Merge #3074, @0x41414141 SMBFileServer mixin 2015-02-18 10:53:05 -06:00
Matt Buck a9931cd410
Land #4725, convert Rails 3 AR calls in RPC_Db
Converts Rails 3 style ActiveRecord calls in RPC_Db to their Rails 4
counterparts.

Fixes #4725, also see MSP-12017
2015-02-18 09:59:40 -06:00
William Vu 6a9d15a8d5
Land #4785, Rex::Proto::Http::Client context fixes 2015-02-18 03:47:26 -06:00
William Vu bda96f46e6
Land #4780, stop HTTP service with HTTP handler 2015-02-18 03:34:03 -06:00
HD Moore 2847507f03 Add a chef brute force module 2015-02-17 23:49:57 -06:00
HD Moore 27d5ab45b4 Add a zabbix brute force module 2015-02-17 22:56:08 -06:00
HD Moore 85fd139ab0 Add missing context and a normalize_uri helper method 2015-02-17 22:55:53 -06:00
sinn3r 8ce1db5081 Fix #4783, raise exception if the payload arch is incompatible
Fix #4783
2015-02-17 21:47:17 -06:00
HD Moore 16932372db Calls to Rex::Proto::Http::Client.new were passing in empty context 2015-02-17 20:44:37 -06:00
rastating e0d87a8886 Update to use store_loot for CSV export 2015-02-17 19:21:31 +00:00
Brent Cook bed40a83ee fix #4337: gracefully handle resolve_sid failure when enumerating user profiles
Rather than throwing a backtrace with an unresolvable SID, try to get as
much profile data as possible if resolve_sid fails.

```
[*] Determining session platform and type...
[-] Unexpected windows error 1332
[*] Checking for Firefox directory in:
C:\Users\Administrator\AppData\Roaming\Mozilla\
[-] Firefox not found
[*] Post module execution completed
```
2015-02-17 13:03:12 -06:00
Brent Cook a8f44ca68f stop the http service when the reverse http handler stops 2015-02-17 12:38:20 -06:00
Matthew Hall 547d4d1950 Merge with master 2015-02-17 17:23:19 +00:00
Matthew Hall 9e2a483977 Add example usage to Msf::Exploit::Remote::SMBFileServer documentation 2015-02-17 17:23:18 +00:00
Matthew Hall cec817902f Add yardoc documentation for Msf::Exploit::Remote::SMBFileServer 2015-02-17 17:23:18 +00:00
Matthew Hall 5cf8833697 Tidy lib/msf/core/exploit/smb.rb following feedback from jlee-r7.
* Doc comments wrap at 78 chars to follow yardoc convention
 * Remove unused :server and SERVER vals
 * Use Utils class directly
 * Stop server within an ensure
 * Change SRVHOST to an OptAddress
2015-02-17 17:23:18 +00:00
Matthew Hall 8beed5652d Implement SMBFileServer mixin.
In order to accomplish remote file injection (e.g. DLL) this module
emulates an SMB service process to allow clients to load a file from a
network share.

This commit implements the SMBFileServer exploit module utilising the
::Rex::Proto::SMB::Server module to export the "start_smb_server"
function.

Utilising the module (example):
 include Msf::Exploit::Remote::SMBFileServer
 exe = generate_payload_dll
 @exe_file = rand_text_alpha(7) + ".dll"
 @share = rand_text_alpha(5)
 my_host = (datastore['SRVHOST'] == '0.0.0.0') ?
 Rex::Socket.source_address : datastore['SRVHOST']
 @unc = "\\#{my_host}\#{@share}\#{@exe_file}"
 start_smb_server(@unc, exe, @exe_file)
 // Inject DLL
 handle

A separate commit will provide a sample implementation of utilising this
module within a generic webserver DLL injection exploit:
./exploits/windows/http/generic_http_dllinject.rb
2015-02-17 17:23:18 +00:00
Matthew Hall 934af4cee9 Merge branch 'master' into module-smbfileserver 2015-02-17 17:01:44 +00:00
Matthew Hall 49971a6bc3 Add two more contants and handlers seen during testing. 2015-02-17 16:48:11 +00:00
sinn3r 6eaa3c264c
Land #4763, LSBackgroundOnly for safari_user_assisted_download_launch 2015-02-17 10:41:59 -06:00
Brent Cook e08206d192
Land #4768, jvazquez-r7 reorganizes the SMB mixins 2015-02-17 10:36:19 -06:00
sinn3r 0597d2defb
Land #4560, Massive Java RMI update 2015-02-17 10:07:07 -06:00
Brent Cook b4cf2f5d8c use correct response filter TLV_TYPE_VALUE_NAME 2015-02-17 08:46:25 -06:00
Matthew Hall 1f6aebe3df Move to using constant values.
This commit adds several constants for TRANS2, QUERY_PATH_INFO, MAX_DATA_COUNT,
and NT2 FLAG2 Bits to smb/constants.rb, which have then been utilised in smb/server.rb
to reduce the use of magic values.
2015-02-17 14:31:31 +00:00
Brent Cook 8f74f8eeed pass down the new permissions parameters 2015-02-17 06:11:20 -06:00
Brent Cook 503f58375b add direct registry access methods
Rather than operating on a passed-in HKEY, these open and close the registry
key directly for each operation.

This pattern better reflects the actual API usage within msf, and removes extra
round-trips to open and close the registry key, reducing traffic and increasing
performance. I did not add direct versions of every registry operation.
There was no benefit for more rarely-used operations, other than requiring more
churn in the meterpreters.

The primary beneficiary of this is post exploitation modules that do registry
or service enumeration. See #3693 for test cases.
2015-02-17 06:11:20 -06:00
Matthew Hall 3110c7b40f Adds smb_cmd_trans_find_first2_full to respond to "Find File Full Directory Info" FIND_FIRST2 requests,
as seen when using "type \\ip\share\file".
2015-02-17 11:37:44 +00:00
Meatballs 5fba54db99 Add addtional timing options 2015-02-16 19:07:55 +00:00
rastating a22f5c1287 Add extra readme check for case sensitive servers 2015-02-14 23:43:04 +00:00
jvazquez-r7 2c842ee6d7 Fix namespaces on Server 2015-02-13 17:34:55 -06:00
jvazquez-r7 9b7bbc220b Fix namespaces on Client 2015-02-13 17:33:41 -06:00
jvazquez-r7 46c6ac9ca1 Redefine namespaces and requires 2015-02-13 17:09:06 -06:00
jvazquez-r7 df1daff673 Move clients 2015-02-13 17:07:03 -06:00
jvazquez-r7 067aadf3a4 Fix namespaces 2015-02-13 17:05:46 -06:00
jvazquez-r7 f1ab7ed343 Mode smb.rb 2015-02-13 17:04:55 -06:00
jvazquez-r7 7367402bf1 Add requires 2015-02-13 17:03:48 -06:00
jvazquez-r7 ccabf30531 Move smb_server.rb 2015-02-13 16:58:19 -06:00
Samuel Huckins ce688f4247
Land #4765, Rails4 compatible finder conversion
* find_or_initialize_by_DYNAMIC
2015-02-13 15:56:09 -06:00
Samuel Huckins 7b7a6340c0
Land #4766, fixes vuln import finder query 2015-02-13 14:29:04 -06:00
Christian Catalan dc6a365a13
Fix finder query in Msf::DBManager::Vuln
MSP-12152

* This is part of updating finder queries to be Rails 4 compatibile
* In #find_vuln_by_details, pass in conditons hash crit rather than symbol :crit
2015-02-13 13:21:25 -06:00
sinn3r 6b99103cec
Land #4690 - Update Nessus plugin to support the latest REST API
Resolves #4447
2015-02-13 12:46:01 -06:00
Sonny Gonzalez dc1eab377c
Rails 4 finder conversion: convert find_or_initialize_by_x_and_y
MSP-12153

* convert to where(conditions).first_or_initialize
2015-02-13 12:39:44 -06:00
sinn3r f5e0dddd3c Correct authentication
Can't always be true
2015-02-13 11:48:10 -06:00
joev 49c9c02b53 Hide the dropped osx app. 2015-02-12 23:08:46 -06:00
jvazquez-r7 3ae3d56caa
Land #4745, fixes #4711, BrowserAutoPwn failing due to getpeername 2015-02-12 16:51:09 -06:00
William Vu 39c0065560
Land #4758, SMTPDeliver DATA header fix 2015-02-12 15:07:31 -06:00
Matt Buck f0bf881cc3
Land #4720, update Rails 3-style .find(:first)
Eliminate the Rails 3-style .find(:first) calls, and replace with
Rails 4-compatible .first().

Fixes #4720, also see MSP-12012
2015-02-12 14:30:13 -06:00
David Maloney 72878e0c14
fixes bug with smtp header order
SMTP servers that support pipelining will not accept any
commands other than MAILFROM and RCPTTO before the DATA
command. We were sending Date and Subject before Data
which would cause some mailservers to suddenly drop
the connection refusing to send the mail.

MSP-12133
2015-02-12 14:13:39 -06:00
sinn3r 50c72125a4 ::Errno::EINVAL, disable obfuscation, revoke ms14-064 2015-02-12 11:54:01 -06:00
root 199dca75a6 Implement db_import and finalize plugin 2015-02-12 13:32:49 +05:00
Sonny Gonzalez 7c57b9fb57
Fix Master - Pro build
MSP-12138

* revert to previous Rails 3 syntax.
2015-02-11 12:02:34 -06:00
root 64b69d597a Add report_download and db_scan APIs 2015-02-11 14:11:10 +05:00
sinn3r 22811257db Fix #4711 - Errno::EINVA (getpeername(2)) BrowserAutoPwn Fix
This patch fixes #4711.

The problem here is that the browser sometimes will shutdown some of our
exploit's connections (in my testing, all Java), and that will cause Ruby
to call a rb_sys_fail with "getpeername(2)". The error goes all the
way to Rex::IO::StreamServer's monitor_listener method, which triggers a
"break" to quit monitoring. And then this causes another chain of reactions
that eventually forces BrowserAutoPwn to quit completely (while the
JavaScript on the browser is still running)
2015-02-10 18:28:02 -06:00
Meatballs 33560a2657 Refactor Msf::Exploit::Powershell to Rex::Powershell to allow for
msfvenom usage.
2015-02-10 20:53:46 +00:00
jvazquez-r7 29c68ef1ec
End fixing namespaces 2015-02-10 11:55:14 -06:00
jvazquez-r7 6e635211b3
Modify include 2015-02-10 10:59:56 -06:00
jvazquez-r7 dba67bd1ee Do more code reorganization 2015-02-10 10:58:57 -06:00
jvazquez-r7 aa9e686965 Reorganize Java related mixin code 2015-02-10 10:52:44 -06:00
jvazquez-r7 1f4fdb5d18
Update from master 2015-02-10 10:47:17 -06:00
root e5fd9e70eb clean plugin/nessus.rb implement additional APIs 2015-02-10 12:40:20 +05:00
Tod Beardsley 0a42ac947a
Land #4737, fix Socket Context usages 2015-02-09 17:34:03 -06:00
Matt Buck 9a445e2027
Land #4707, updates to finder syntax
Updates some Rails 3 style ActiveRecord calls to use the Rails 4 Arel
syntax, in preparation for our move to Rails 4.

Fixes #4707, also see MSP-12018
2015-02-09 16:01:38 -06:00
Spencer McIntyre 2a3855c5af Skip the psh prepend sleep time error when it is 0 2015-02-09 14:20:04 -05:00
Meatballs 133ae4cd04
Land #4679, Windows Post Gather File from raw NTFS. 2015-02-08 18:50:50 +00:00
Bazin Danil 8cefe637df bug with testing Win2k8 correction 2015-02-08 17:28:33 +01:00
HD Moore 8d982e3286 Pass the framework/module down into LoginScanner 2015-02-07 11:50:30 -06:00
HD Moore 985641dbc4 Add missing Context, fixes #4723 2015-02-07 11:27:57 -06:00
Meatballs 358ab2590e
Small tidyup 2015-02-07 11:35:47 +00:00
sinn3r c20a81217c More work for nessus-xmlrpc.rb 2015-02-07 00:09:02 -06:00
sinn3r e8ba0b7c31 Fix broken commands 2015-02-06 19:07:43 -06:00
Matt Buck 531743eff1
Land #4697, updates to finder syntax
Updates some Rails 3 style ActiveRecord calls to use the Rails 4 Arel
syntax, in preparation for our move to Rails 4.

Fixes #4697, also see MSP-12016
2015-02-06 15:41:11 -06:00
Sonny Gonzalez 0fc4e09466
Rails 4 finder conversions
MSP-12017

* covert all(options), mapping options hashes to the
  appropirate Rails 4 methods
2015-02-06 13:51:48 -06:00
Sonny Gonzalez 1051f0fb82
Rails 4 finder conversion
MSP-12012

* convert find(:first, options) by mapping options
  to methods
2015-02-06 10:15:50 -06:00
Sonny Gonzalez 9a53859a77
Rails 4 finder conversion
MSP-12012

* covert find(:first) to first
2015-02-06 10:13:14 -06:00
Spencer McIntyre 4e0a62cb3a
Land #4664, MS14-070 Server 2003 tcpip.sys priv esc 2015-02-05 18:49:15 -05:00
Bazin Danil 970c5d115a spellcheck 2015-02-05 22:08:39 +01:00
Spencer McIntyre 5a39ba32f6 Make the ret instruction for token stealing optional 2015-02-05 14:00:38 -05:00
root 2744db4d11 Add nessus_scan_export and nessus_scan_export_status methods 2015-02-05 22:18:22 +05:00
sinn3r 434bca0b27
Land #4613, auxiliary/server/capture/smb credential creation 2015-02-04 22:45:36 -06:00
sinn3r df22ed2132
Land #4702, Fix bug in Firefox XPCOM payload on Linux 2015-02-03 21:36:01 -06:00
jvazquez-r7 c0e1440572
Land #4685, @FireFart's module for Wordpress Platform Theme RCE 2015-02-03 17:35:59 -06:00
Christian Catalan 3deac54d3f
Convert find_or_initialize_by_X to Rails 4 compatible.
MSP-12018
2015-02-03 16:09:49 -06:00
HD Moore ffe0e52cb6 The iax2 stack now works properly with asterisk 1.8
Note that the requirecalltoken=no setting is still required in the asterisk configuration at this point.
2015-02-02 22:29:13 -06:00
HD Moore 0ba34422d5 Pass the debugging option for IAX2 Client 2015-02-02 21:08:16 -06:00
joev ee1af83cc8 Go ahead and trim whitespace on all commands coming in. 2015-02-02 16:56:22 -06:00
Christian Catalan 797b5d0d55 Convert #find_or_create_by_x to #where().first_or_create
MSP-12016
2015-02-02 12:22:26 -06:00
Trevor Rosen dda87667c9
Land #4688, fix for pcap magic number on 2.x 2015-02-02 11:00:13 -06:00
root 23af5f8c82 Nessus plugin for REST API 2015-02-01 13:54:35 +05:00
William Vu 7f0af0211d
Land #4682, exploit/http/server.rb breakup 2015-02-01 01:44:43 -06:00
Christian Catalan 7d1090baca Convert #find(:all) to #where or #all 2015-02-01 00:31:58 -06:00
Brandon Turner ad374c2e4f
Use ASCII-8BIT for comparing pcap magic number
In Ruby 2, source files are read as UTF-8 by default.  When comparing
PCAP headers, we should use ASCII-8BIT or else the comparison will not
work.  This should be backwards compatible with Ruby 1.9.

MSP-12092
2015-01-31 23:57:49 -06:00
Christian Catalan 8740fd9015 Convert #find_all_by_X to #where 2015-01-31 21:07:50 -06:00
Christian Mehlmauer 2c956c0a0f
add wordpress platform theme rce 2015-01-31 22:02:44 +01:00
Bazin Danil fbb85c0391 using string concatenation for performence 2015-01-31 05:13:44 +01:00
Bazin Danil d9c64397fd shorter the line, using more variables 2015-01-31 04:32:32 +01:00
Bazin Danil 0fce908045 add constant class 2015-01-31 04:19:27 +01:00
Bazin Danil f4ec6bdc78 - use non-native pack/unpack directives
- coding: binary
- use constant for data_attribute
2015-01-31 03:59:23 +01:00
Brent Cook cf891efc14
Land #4674, @wvu-r7 teaches msfconsole to read stdin as - 2015-01-30 18:25:09 -06:00
William Vu fdf88b9563
Land #4639, incorrect use of #class fixes
case uses === internally. :)
2015-01-30 16:57:59 -06:00
Brent Cook 253d8e60dd
Land #4388, Meatballs1's golden ticket post module 2015-01-30 16:26:04 -06:00
James Lee 1fbed1dcfc
Autoload instead of require 2015-01-30 15:42:16 -06:00
James Lee 062529ce3b
Move HttpServer::HTML into its own file 2015-01-30 15:24:15 -06:00
James Lee 3572ce9a37
Break PHPInclude into its own file 2015-01-30 15:16:54 -06:00
William Vu 3954c0e3aa
Land #4654, test module fixes 2015-01-30 15:00:54 -06:00
Bazin Danil 68b735dbda Add a NTFS parser and a post module to dump files
This commit add a draft of an NTFS Parser and a post module
to gather file using the raw NTFS device (\\.\C:)
bypassing restriction like already open file with lock
Can be used to retreive file like NTDS.DIT without volume shadow copy
2015-01-30 19:16:44 +01:00
jvazquez-r7 03169f231b Handle one redirection on wordpress_and_online? 2015-01-30 10:26:23 -06:00
jvazquez-r7 c098de27ee Do safer body check 2015-01-30 10:22:43 -06:00
jvazquez-r7 bc65d2f526 Make filename compatible with namespace 2015-01-30 10:22:07 -06:00
Christian Mehlmauer 7504358db3
code style and typos 2015-01-30 15:57:32 +01:00
Christian Mehlmauer a0eaf2f626
add wordpress ghost scanner module 2015-01-30 15:29:51 +01:00
Meatballs 39004d265b Increase default buffer sizes to reduce railgun calls 2015-01-30 11:20:03 +00:00
Meatballs 6b97618fb2 Improve resolve_sid API calls 2015-01-30 11:20:03 +00:00
Meatballs 02864b4401 Railgun DWORD handling 2015-01-30 11:20:03 +00:00
Meatballs 044e3bd608 Golden Ticketz Post module 2015-01-30 11:20:02 +00:00
William Vu aec0067d14
Land #4673, screenshot -v hardcoded false fix 2015-01-29 19:40:15 -06:00
William Vu 8f54e4d611
Implement "-" for msfconsole -r from stdin
More predictable than /dev/stdin, which is usually a symlink to
/proc/self/fd/0 or /dev/fd/0, but the feature is not guaranteed to be
present.

This isn't *terribly* useful, but it can be. -x is recommended, but it
doesn't allow for ERB directives. This is mostly for hax.
2015-01-29 19:26:56 -06:00
sinn3r 59eec8f81e
Land #4666 - Improve utility of meterpreter file upload command
Fix #4665
2015-01-29 19:12:31 -06:00
sinn3r 823c75908d Fix #4672 - Fix Hardcoded false for screenshot -v
Fix #4672
2015-01-29 16:54:41 -06:00
Brent Cook 212aeb9106 Improve utility of meterpreter file upload command
Rather than assume that the destination argument is a directory, check
first, and then do the same thing that 'cp' would do.

 - If dest exists and is a directory, copy to the directory.
 - If dest exists and is a file, copy over the file.
 - If dest does not exist and is a directory, fail.
 - If dest does not exist and is a file, create the file.
2015-01-29 13:45:15 -06:00
William Vu 6ecb36df52
Land #4653, get/set/unset description improvement 2015-01-29 13:28:06 -06:00
sinn3r 9d8d17805d
Land #4661 - Replace direct class comparison with kind_of? 2015-01-28 18:06:43 -06:00
James Lee bb17d75425
Replace direct class comparison with kind_of? 2015-01-28 17:00:15 -06:00
sinn3r cc7be4a9c1
Land #4643 - Fix blank username bug in creds -u
Fix #4634
2015-01-28 15:31:54 -06:00
sinn3r f0742a38e2 The get command too 2015-01-28 12:59:51 -06:00
sinn3r 457598eb02 print_error about unknown request.uri 2015-01-27 20:21:18 -06:00
sinn3r acf02647fb Add a check for Custom404 2015-01-27 20:18:10 -06:00
sinn3r 66703bfe5a Allow custom 404 as an option for BrowserExploitServer
When something fails, the target is given a hardcoded 404 message
generated by the framework. But the user (attacker) now can configure
this. When the Custom404 option is set, the mixin will actually
redirect (302) to that URL.

There are several scenarios that can trigger a 404 by BES (custom or
default):

* When the browser doesn't allow javascript
* When the browser directly visits the exploit URL, which is forbidden.
  If this actually happens, it probably means the attacker gave the
  wrong URL.
* The attacker doesn't allow the browser auto-recovery to retry the
  URL.
* If some browser requirements aren't met.
* The browser attempts to go to access a resource not set up by the
  mixin.
2015-01-27 18:53:02 -06:00
Meatballs c2d15f2b31
Add yarddoc note about handles 2015-01-27 21:05:00 +00:00
Meatballs c7534446aa
Add yarddocs to runas mixin 2015-01-27 20:35:55 +00:00
James Lee 895284cd12
Fix logic around empty usernames or passwords
See #4634 and #4642
2015-01-27 14:16:26 -06:00
sinn3r d29a74cd8f Fix #4641 - Explain the set/unset command a little bit better
Sometimes we forget the set command is context specific. For example,
if run from a module's context, it will set the value in the module's
datastore.

Fix #4641
2015-01-27 13:35:05 -06:00
Brent Cook f2edf21b9d fix MSF::Post::File::rename_file with meterpreter
Modify rename_file to fit the pattern of the other file methods.
Otherwise, calling this yields a backtrace in the logs and it fails.

Steps to verify:
rc script:
```
loadpath test/modules
use exploit/multi/handler
set lhost 172.28.128.1
set lport 8081
set payload windows/meterpreter/reverse_http
run -j
sleep 5
resource test/scripts/test-sessions.rc

Before:
```
[-] FAILED: should move files
[-] Exception: TypeError : true is not a symbol

log file:
[01/27/2015 13:17:23] [d(0)] core: Call stack:
/home/bcook/projects/metasploit-framework/lib/msf/core/post/file.rb:357:in
`rename_file'
/home/bcook/projects/metasploit-framework/test/modules/post/test/file.rb:115:in
`block in test_file'
/home/bcook/projects/metasploit-framework/test/lib/module_test.rb:26:in
`call'
/home/bcook/projects/metasploit-framework/test/lib/module_test.rb:26:in
`it'
...
```

After, passing sessions instead:
```
post/test/file
SESSION => 1
Setup: changing working directory to %TEMP%
[*] Running against session 1
[*] Session type is meterpreter and platform is x86/win32
[+] should test for file existence
[+] should test for directory existence
[+] should create text files
[+] should read the text we just wrote
[+] should append text files
[+] should delete text files
[+] should move files
[+] should write binary data
[+] should read the binary data we just wrote
[+] should delete binary files
[+] should append binary data
[*] Passed: 11; Failed: 0
```
2015-01-27 13:19:33 -06:00
Meatballs 02da5b5c1b
Remove unnecessary get_env call 2015-01-27 17:27:56 +00:00
Meatballs b367b01998
Remove unneccessary logonuser 2015-01-27 17:07:49 +00:00
Meatballs 215a590940
Refactor and fixes for post module 2015-01-27 16:14:59 +00:00
James Lee a2c7ebc2b1
Simplify logic 2015-01-27 09:05:11 -06:00
James Lee eac7b11a87
Merge remote-tracking branch 'upstream/master' into bug/4634/blank-username
Conflicts:
	lib/msf/ui/console/command_dispatcher/db.rb
	spec/lib/msf/ui/console/command_dispatcher/db_spec.rb
2015-01-27 08:40:07 -06:00
Meatballs 12542eb938
Working 2015-01-27 14:10:35 +00:00
Meatballs ea25869312
Refactor to common module 2015-01-27 10:47:02 +00:00
sinn3r ee922d141c Fix #4646 - get_module_resource should check nil before using get_resource
Fix #4646. The get_module_resource needs to check nil first before
using the get_resource method (from HttpServer)
2015-01-27 00:21:43 -06:00
James Lee f2e0bd364a
Always include Service and Host
See #4643
2015-01-26 20:22:11 -06:00
James Lee 8dd56bb759
Do all the filtering in SQL instead of Ruby
This also has the advantage of reducing the number of queries from at
least 3 for every Core we find to more like a total of 3.
2015-01-26 20:21:55 -06:00
Tod Beardsley 2294ea0e93
Squash commit for blank creds search and test
This should fix up #4642 with respect to #4504.

Squashed commit of the following:

commit 124d53ccb00cd200bede092e893dda7e033d3e17
Merge: cb2bef8 ccad159
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Jan 26 16:23:03 2015 -0600

    Merge branch 'feature/creds-blank-finders' into temp

commit ccad159222eaa949d76e22b588d1ac7709fb2f27
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Jan 26 15:58:02 2015 -0600

    Clean out whitespace, make vars more meaningful

commit 266b45dff26e2778e43d8e4750d212b5aee5a009
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Jan 26 15:54:32 2015 -0600

    Add some specs for regular users and blank users

commit 2e51503f76e9a2f6921c57e86a2f98527f80c874
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Jan 26 15:04:03 2015 -0600

    Users should be able to find blank user/pass
2015-01-26 16:26:30 -06:00
Jon Hart cb2bef878b
Land #4504, @disenchant's get/getg improvement 2015-01-26 12:49:34 -08:00
Christian Mehlmauer bb07ec8666
fix incorrect usage of .class 2015-01-26 15:46:58 +01:00
sinn3r c62beacd31 Revert #4473 - Log backtraces by default 2015-01-24 02:44:29 -06:00
Spencer McIntyre 32746e0088
Land #4631, @bcook-r7's fix for #4625 pkt requeue logic 2015-01-23 18:02:21 -05:00
Brent Cook 52ca6b54b1 remove entire 'default' attribute acccessor override method
This reverts us to the state before
725a17c70b, making OptRegexp simply
inherit from OptBase again.
2015-01-23 14:18:05 -06:00
Brent Cook 65d71a5e18 Fix #4625 Reenable channel receive packet requeueing logic
In #4475, I incorrectly interpreted the role of the 'incomplete' array
in monitor_socket, and that change should be reverted.

What appears to happen is, we play a kind of 3-card monty with the list
of received packets that are waiting for a handler to use them.
monitor_socket continually loops between putting the packets on @pqueue,
then into backlog[] to sort them, then into incomplete[] to list all of
the packets that did not have handlers, finally back into @pqueue again.
If packets don't continually get shuffled back into incomplete, they are
not copied back into @pqueue to get rescanned again.

The only reason anything should really get into incomplete[] is if we
receive a packet, but there is nothing to handle it. This scenario
sounds like a bug, but it is exactly what happens with the Tcp Client
channel - one can open a new channel, and receive a response packet back
from the channel before the subsequent read_once code runs to register a
handler to actually process it. This would be akin to your OS
speculatively accepting data on a TCP socket with no listener, then when
you open the socket for the first time, its already there.

While it would be nice if the handlers were setup before the data was
sent back, rather than relying on a handler being registered some time
between connect and PacketTimeout, this needs to get in now to stop the
bleeding. The original meterpreter crash issue from #4475 appears to be
gone as well.
2015-01-23 08:50:37 -06:00
sinn3r f3a2d6663f Fix #4616 and Fix #3798 - Correctly use OptRegexp
This patch fixes a problem with OptRegexp. The OptRegexp class is
always forcing the value to be converted to a string first, which
causes the EXCLUDE option in browser_autopwn to kick in and match
every found autopwn module, so it ignores all of them and you load
nothing (#4616).

It is important to understand that nil actually represents an option
not being set, which is a completely different behavior than having
an empty value (technically "" is still a value, and if there's a
value, it means the option is set). We need to watcher for these
scenarios.

I am restoring the #default method to avoid forcing a to_s, which should
fix the browser autopwn loading problem. And then I changed scraper.rb's
default value for datastore option PATTERN to a string, because still
fixes #3798. The way I see it, #3798 is actually a module-specific issue.

Fix #4616
Fix #3798
2015-01-23 02:38:26 -06:00
jvazquez-r7 c507e73a02 Comment to clarify serialVersionUID fields 2015-01-22 18:40:52 -06:00
jvazquez-r7 e377ed3f83 Document the 'null' UnicastRef ObjId on the discovery package 2015-01-22 18:39:12 -06:00
William Vu 0612e1906a
Land #4614, {32,64}-bit Registry access 2015-01-22 13:25:51 -06:00
William Vu a52f491d81
Land #4615, stopgap fix for module load race 2015-01-21 07:39:07 -06:00
jvazquez-r7 c33e5faed3 Change namespace 2015-01-21 01:00:45 -06:00
William Vu 1dafedf23b
Clarify no encoder/badchars specified 2015-01-21 00:26:42 -06:00
jvazquez-r7 37ed1b1e62 Delete default values for datastore options 2015-01-21 00:14:46 -06:00
William Vu 4cc027c4c1
Move "found" message to a saner location
Thanks to Peleus for the idea.
2015-01-20 23:58:12 -06:00
jvazquez-r7 2ef57d6172 Add specs for Msf::Jmx::MBean::ServerConnection 2015-01-20 19:10:21 -06:00
jvazquez-r7 0b2d65749b Do better argument handling on Msf::Jmx::Mbean::ServerConnection 2015-01-20 18:46:09 -06:00
jvazquez-r7 dbe7afd3e7 Add dcoumentation for Msf::Jmx::Mbean::ServerConnection 2015-01-20 18:29:21 -06:00
jvazquez-r7 2f2796bfdf Add documentation for Msf::Jmx::Discovery 2015-01-20 18:16:53 -06:00
jvazquez-r7 552f0325be Add documentation for Msf::Jmx::Handshake 2015-01-20 18:11:44 -06:00
jvazquez-r7 625420120c Add documentation for extract_unicast_ref 2015-01-20 17:48:49 -06:00
jvazquez-r7 b97c0fe398 Add Msf::Jmx::Util#extract_unicast_ref 2015-01-20 17:46:42 -06:00
jvazquez-r7 7b675adf01 Add specs for Msf::Jmx::Handshake 2015-01-20 17:29:48 -06:00
Brent Cook 5954e2300f updates based on feedback
Add documentation to the view constants.
Use include? rather than regexes
2015-01-20 16:57:49 -06:00
Tod Beardsley 9017aa0f6b
Avoid magic number to make @wvu marginally happier 2015-01-20 16:29:59 -06:00
Tod Beardsley e88c4f1587
Switching from if mod.nil? to unless mod
Because it reads nicer, though `mod` will never be `FalseClass`
2015-01-20 16:21:00 -06:00
jvazquez-r7 39e3f9f892 Add specs for Msf::Jmx::Util 2015-01-20 16:18:53 -06:00
Tod Beardsley 63c66f66a0
Add a second_chance on cmd_use
This is a weak attempt to solve a race condition between modules loading
and cmd_use being fired. Upon startup, saved configurations, running
resource scripts, and running commands will sometimes jump ahead of the
module loading procedure.

I have not discovered where the race actually is and how to cause the
race to happen. However, the timing seems to be fairly close to a second;
by waiting three seconds after trying use again, we seem to be in the
clear, at least according to testing.

Fixes #4549, but better solutions are welcome!
2015-01-20 15:46:29 -06:00
Brent Cook a42cc2ef1f add support for specifying 32 or 64-bit registry access
This adds an extra parameter to most of the post/windows/registry
methods called 'view' that specifies if a registry key should be
accessed as a native process, 32-bit or 64-bit.

Support is added to both the Meterpreter and command-line backends. For
the command backend, a lot of boilerplate is removed from each method in
favor of a few shared commands. There is an error hash that never gets
used, so I removed it as well.

This passes the post/test/registry module with meterpreter, but fails
the command line backend. However, it fails in the same way without
these changes (tested on Windows 8), so I suspect that the command line
session was already not working well, at least with newer versions of
Windows. I might look into figuring out how to fix that, but it looks
pretty fragile to me, parsing for english phrases in the output.
2015-01-20 15:26:59 -06:00
jvazquez-r7 4311226840 Add documentation for Rex::Java::Serialization::Builder 2015-01-20 11:26:52 -06:00
jvazquez-r7 3c718ba5df Reorder Stream building 2015-01-20 11:18:18 -06:00
jvazquez-r7 6ee853fbe2 Use short type of BlockData.new 2015-01-20 10:52:17 -06:00
jvazquez-r7 0584ae8177 Add Rex::Java::Serialization::Builder#new_object 2015-01-20 10:31:37 -06:00
jvazquez-r7 6ca86256cf Add Rex::Java::Serialization::Builder#new_array 2015-01-20 10:23:09 -06:00
jvazquez-r7 ec57387821 Add Rex::Java::Serialization::Builder#new_class 2015-01-19 11:54:12 -06:00
jvazquez-r7 4220a5e60f Use Rex::Java::Serialization::Builder#new_class 2015-01-19 11:53:53 -06:00
William Vu cffa55b12e
Improve proxy chain description 2015-01-18 22:32:22 -06:00
jvazquez-r7 86a37b4cff First create NewClassDesc refactoring 2015-01-18 17:47:26 -06:00
Christian Mehlmauer 5b964bba6a
Land #4518, Wordpress long password DoS 2015-01-18 23:55:06 +01:00
jvazquez-r7 84f5c7ed61 Use extract_string and extract_int 2015-01-18 01:23:19 -06:00
jvazquez-r7 3a3e37ba6c Refactor extract_mbean_server 2015-01-18 01:20:13 -06:00
jvazquez-r7 4247747fc5 Refactor extract_object 2015-01-18 01:13:00 -06:00
William Vu cb0257bec7
Land #4576, OpenVAS database import fix 2015-01-18 00:45:36 -06:00
jvazquez-r7 ab391f3b32 Do minor JMX mixin cleanup 2015-01-17 22:40:43 -06:00
nstarke 55a746eeb7 Changing code to catch everything extraneous 2015-01-17 15:46:26 +00:00
jvazquez-r7 697e4fbd41
Land #4584, @sgabe's fix for egghunter searchforward 2015-01-16 19:36:52 -06:00
jvazquez-r7 a42b095472 Delete heaponly option 2015-01-16 19:35:57 -06:00
jvazquez-r7 859a8978e7 Allow searchforward to be an string 2015-01-16 19:33:19 -06:00
sgabe 3297d198f3 Fix search-forward option in regular egghunter 2015-01-16 22:16:30 +01:00
Brent Cook a2a1a90678
Land #4316, Meatballs1 streamlines payload execution for exploits/windows/local/wmi
also fixes a typo bug in WMIC
2015-01-16 11:16:22 -06:00
jvazquez-r7 c516190d07 Create Msf::Jmx::Util 2015-01-15 23:21:54 -06:00
jvazquez-r7 d9c6c56779 Refactor extract_rmi_connection_stub 2015-01-15 23:15:30 -06:00
jvazquez-r7 2d2f26a0e3 Change method names for stream builders 2015-01-15 23:01:27 -06:00
James Lee 273ba54a21
Fix server/capture/smb to use create_credential 2015-01-15 22:39:11 -06:00
jvazquez-r7 00117fc963 Do first and ugly refactoring 2015-01-15 21:18:03 -06:00
Jon Hart da1c56a65d
Add minimal tests for get/getg 2015-01-15 14:46:12 -08:00
Brent Cook bc895ab4d1
Land #4582, jhart-r7's Apple Airport Authentication Avalanche 2015-01-15 14:07:18 -06:00
Jon Hart 7a900cc889
More Ruby-ish way for cmd_get 2015-01-15 11:54:01 -08:00
Jon Hart 8aff50aed1
Make get/getg help more consistent 2015-01-15 11:36:32 -08:00
Jon Hart 45cef82f6c
Use appropriate help for get/getg 2015-01-15 11:35:39 -08:00
jvazquez-r7 621cada2ac Undo build_gc_call_data refactoring 2015-01-14 16:47:28 -06:00
William Vu f0de45c371
Fix typo and add Subject support 2015-01-14 02:17:29 -06:00
sgabe 95eab85df4 Add support for heap-only search in regular egghunter 2015-01-13 21:31:13 +01:00
Jon Hart 5cc7d5d1a8
Remove errant pry 2015-01-13 10:35:05 -08:00
jvazquez-r7 ad082bc1af Add specs for build_dgc_ack 2015-01-13 11:02:16 -06:00
jvazquez-r7 0babde8c1a Fix specs 2015-01-13 10:48:23 -06:00
jvazquez-r7 4351964290 Change module filename 2015-01-13 10:46:14 -06:00
jvazquez-r7 3946b95bc3 Update rex code and specs 2015-01-13 10:45:00 -06:00
jvazquez-r7 1f0b986bf1 Change filenames 2015-01-13 10:43:27 -06:00
Jon Hart 69f03f5c5d
Move ACPP default port into Rex 2015-01-12 19:43:57 -08:00
Jon Hart d5cdfe73ed
Big style cleanup 2015-01-12 19:11:14 -08:00
nstarke 9baae6e494 Potential Fix For OpenVAS DB Import Issue 2015-01-13 02:46:13 +00:00
Jon Hart ec506af8ea
Make ACPP login work 2015-01-12 14:01:23 -08:00
Jon Hart e9557ffe58 Simplify module in prep for some authbrute cleanups 2015-01-12 13:08:12 -08:00
Jon Hart 691ed2cf14 More cleanup
Don't validate checksums by default until they are better understood
Handle the unknowns a bit better
Make checksum failures more obvious why it failed
2015-01-12 13:08:12 -08:00
Jon Hart 97f5cbdf08 Add initial Airport ACPP login scanner 2015-01-12 13:08:12 -08:00
Jon Hart fba6945e9a Doc payload oddness. Add more checksum tests 2015-01-12 13:08:12 -08:00
Jon Hart 54eab4ea3d Checksum validation, more tests 2015-01-12 13:08:12 -08:00
Jon Hart 7e4dd4e55b Add ACPP decoding capabilities 2015-01-12 13:08:12 -08:00
Jon Hart 2af82ac987 Some preliminary Apple Airport admin protocol (ACPP?) support 2015-01-12 13:08:11 -08:00
David Maloney 6dad66c04c
add Date header support to SMTP deliver
the SMTP mixin now supports the Date header.
The user can supply a a value for the Date Header
or else it will automatically use the current local
DateTime. This will help alleviate certain issues
caused by servers setting this field for the cliebnt incorrectly

MSP-9390
2015-01-12 11:18:07 -06:00
Jon Hart d8743ea32b
Land #4539, @Meatballs1's creds cmd now supports type filters, -R for search 2015-01-08 18:48:27 -08:00
Jon Hart 7c4b86ca4c
If an unsupported cred type is given to -t, show what is valid 2015-01-08 18:42:25 -08:00
Jon Hart e4cdac1440
Land #4559, @FireFart's fix for wordpress version detection (from wpscan) 2015-01-08 15:19:29 -08:00
Brent Cook fb5170e8b3
Land #2766, Meatballs1's refactoring of ExtAPI services
- Many code duplications are eliminated from modules in favor of shared
   implementations in the framework.
 - Paths are properly quoted in shell operations and duplicate operations are
   squashed.
 - Various subtle bugs in error handling are fixed.
 - Error handling is simpler.
 - Windows services API is revised and modules are updated to use it.
 - various API docs added
 - railgun API constants are organized and readable now.
2015-01-08 16:54:01 -06:00
Jon Hart ed74271c26
Land #4548, @dmaloney-r7's fix to allow loginscanners to work w/o a DB 2015-01-08 14:50:08 -08:00
Christian Mehlmauer 14b1d8dc5f
no space required 2015-01-08 23:43:06 +01:00
Jon Hart 98cee8249d
Move non-active DB messages to warning and clarify/simplify 2015-01-08 14:40:47 -08:00
Christian Mehlmauer f7eb9a6cf8
update wordpress version detection regex 2015-01-08 23:36:59 +01:00
sinn3r 50ecfbf64c
Land #4553 - Update bypass UAC to work on 7, 8, 8.1, and 2012 2015-01-08 16:19:55 -06:00
Brent Cook 05279ef02a consistently use double-quoted paths
allow for variable expansion if needed
2015-01-08 16:10:28 -06:00
jvazquez-r7 fa5cd928a1 Refactor exploit to use the mixin 2015-01-08 16:04:56 -06:00
jvazquez-r7 ca765e2cc5 Refactor client mixin 2015-01-08 15:46:24 -06:00
jvazquez-r7 873ade3b8a Refactor exploit module 2015-01-08 14:52:55 -06:00
jvazquez-r7 956bf0c8f9 Fix indentation 2015-01-08 14:31:37 -06:00
jvazquez-r7 e9e6c32769 Move build* calls to Streams 2015-01-08 14:13:06 -06:00
jvazquez-r7 23d0ae9488 Add Streams mixin 2015-01-08 14:01:41 -06:00
jvazquez-r7 c205ef28d4 Refactor build_gc_call 2015-01-08 14:01:04 -06:00
Christian Mehlmauer a5b56c7d09
fix error 2015-01-08 19:48:29 +01:00
David Maloney fd7e65d459
derp just check db active
the other way of doing this was stupid, jsut check if
the db is active
2015-01-08 11:58:56 -06:00
jvazquez-r7 bf482e806c Add YARD documentation for the YARD mixin 2015-01-08 09:56:32 -06:00
Meatballs 8f720ef766
Use get_env in runas 2015-01-08 11:07:40 +00:00
jvazquez-r7 73e3cd19c3 Convert java_rmi_server aux mod to use new mixin 2015-01-08 00:29:50 -06:00
OJ 844460dd87
Update bypass UAC to work on 8.1 and 2012
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.

I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
2015-01-08 15:39:19 +10:00
jvazquez-r7 7dd7e62726 Add first mixin draft 2015-01-07 20:42:44 -06:00
jvazquez-r7 d59805568e Do first module refactoring try 2015-01-07 19:06:09 -06:00
Samuel Huckins f0261a418c
Lands #4535, report_auth_info shoring up 2015-01-07 16:32:14 -06:00
David Maloney 001b6d913e
allows loginscanners to work without db
created stub methods around the credential
creation methods modules would use from
Metasploit::Credential, they try to call the real ones
but rescue a NoMethodError that arises if framework is setup
without the db. it just prints a message to the console
telling the user the cred data will not be saved

MSP-10969
2015-01-07 16:09:04 -06:00
Meatballs e6f53ebcbc
Remove duplicate rhosts 2015-01-07 22:04:01 +00:00
Meatballs dccd21a559
Resolve #3870, reinstance creds -R 2015-01-07 22:01:45 +00:00
James Lee da2e088118
Land #4536, Ruby 2.2 compat fixes
Note that ActiveRecord 3.2.21 still has a similar warning that will
probably cause bugs, preventing full support for 2.2 until that's fixed.
2015-01-07 15:33:23 -06:00
Meatballs e3e9a64064
Land #4543, Update john.conf with korelogic rules 2015-01-07 21:30:44 +00:00
jvazquez-r7 731c2f99d1 Handle better java references 2015-01-07 15:19:28 -06:00
Meatballs bdbb26ba31
Land #4540, resolves #4532, honour DB_ALL_* options 2015-01-07 21:12:23 +00:00
Meatballs 0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post
Conflicts:
	test/modules/post/test/services.rb
2015-01-07 20:53:34 +00:00
rastating 294cd80a08 Update documentation for wordpress_login 2015-01-07 18:32:52 +00:00
David Maloney 4ad7021336
give user option to turn on KoreLogic rules
the cracker modules in framework now have a datastore option
to allow the user to select the KoreLogicRules
2015-01-07 12:32:26 -06:00
David Maloney 5d68d48ca5
Land #4385, fixes bruteforce_speed validator
bruteforce_speed validator now accepts nil
2015-01-07 12:09:25 -06:00
jvazquez-r7 ba13e9d64c Add Stream spec 2015-01-07 12:05:44 -06:00
David Maloney 702511dbc5
respect DB_ALL_USERS & DB_ALL_PASS
fix last few things in authbrute
and make the CredentialCollections understand the
additional seperate components

MSP-11986
2015-01-07 11:41:41 -06:00
David Maloney 7ff2ba0725
first pass on fixing DB_ALL authbrute stuff
DB_ALL_CREDS worked but DB_ALL_USER and DB_ALL_PASS
did not. working on fixing that.
This commit also does some nice DRY work in the auth_brute mixin

MSP-11986
2015-01-07 11:30:39 -06:00
Meatballs aef8c702d7
Filter creds by type 2015-01-07 17:19:31 +00:00
rastating e90e98547b Add configurable timeout to WordPress login 2015-01-07 17:06:31 +00:00
dmooray 478505c17a ruby 2.2 compatibility
https://bugs.ruby-lang.org/issues/10314
2015-01-07 11:41:34 +02:00
jvazquez-r7 98ec08ae0d Add support for Ping and PingAck 2015-01-06 15:18:55 -06:00
jvazquez-r7 1e3b24f01b Add support for DbgAck 2015-01-06 15:00:17 -06:00
jvazquez-r7 6d1d300e72 Add support for ReturnData 2015-01-06 12:52:00 -06:00
sinn3r 609c490b3c I missed nobfu 2015-01-06 12:49:39 -06:00
sinn3r 2ed05869b8 Make Msf::Exploit::PDF follow the Ruby method naming convention
Just changing method names.

It will actually also fix #4520
2015-01-06 12:42:06 -06:00
jvazquez-r7 825e08f5ac Add support for Call messages 2015-01-06 12:36:06 -06:00
jvazquez-r7 f3ff42dbfb Add support for Continuation 2015-01-06 11:34:47 -06:00
William Vu 0bece137c1
Land #4494, Object.class.to_s fix 2015-01-06 02:27:35 -06:00
jvazquez-r7 757f95a24d Add support for ProtocolAck 2015-01-06 00:14:14 -06:00
jvazquez-r7 26da73ffb8 Change class name 2015-01-05 19:23:07 -06:00
jvazquez-r7 d5dfd75e71 Add initial model and support to OutputStream 2015-01-05 18:52:13 -06:00
Meatballs dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post 2015-01-05 22:18:44 +00:00
David Maloney fc91244252
insert deprecation error message
report_auth_info will now issue an error message
stating that the method is deprecated along with the module name
that called it

MSP-11919
2015-01-05 14:02:16 -06:00
David Maloney db8f260557
add some YARD docs to report_auth_info
add yard docs for the modified report_auth_info

MSP-11919
2015-01-05 13:58:25 -06:00
David Maloney 71d600e829
make report_auth_info create new creds and logins
report_auth_info coerces old data into the new credential
types as best as it is able

MSP-11919
2015-01-05 13:41:30 -06:00
agix f81269428d Change StageEncoder behaviour
Following https://github.com/rapid7/metasploit-framework/pull/3770, some
change have been done as multiple encoders is managed by encoded_payload
to be used by Encoder and StageEncoder in the same time.
2015-01-05 16:49:50 +01:00
agix 24bd814376 Missing iterations when encoder not setted 2015-01-05 16:46:29 +01:00
agix 2eace2b78a Forget to reset raw with encoded payload 2015-01-05 16:46:29 +01:00
agix ba5161753a Allow multiple encoding syntax in Encoder variable
From msfconsole using set Encoder or set StageEncoder
it is possible to set multiple encoders with this syntax :
<encoder>:<iteration>, <encoder2>:<iteration
This should not break compatibility
2015-01-05 16:46:29 +01:00
OJ 17ff546b0f Remove unnecessary calls to expand path
When using the Meterpreter Binaries gem to locate the path to the
meterpreter DLLs, it's not necessary to use File.expand_path on
the result because the gem's code does this already.

This commit simple removes those unnecessary calls.
2015-01-03 08:30:26 +10:00
sinn3r d45cdd61aa Resolve #4507 - respond_to? + send = evil
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.

Resolve #4507
2015-01-02 13:29:17 -06:00
Sven Vetsch b121e2c3fd adds a get and getg method besides the already existing set/setg and unset/unsetg 2015-01-02 12:40:24 +01:00
Christian Mehlmauer 056046f38b
update wordpress readme regex 2015-01-01 23:13:20 +01:00
Spencer McIntyre 6d966dbbcf
Land #4203, @jvazquez-r7's cleanup for java_rmi_server 2014-12-31 11:25:19 -05:00
Brent Cook 92bdf42496
Land #3594, jvazquez-r7's linux meterpreter migration support 2014-12-31 09:20:44 -06:00
Christian Mehlmauer 4f11dc009a
fixes #4490, class.to_s should not be used for checks 2014-12-31 10:46:24 +01:00
jvazquez-r7 722f86f361 Try to guess TMPDIR folder 2014-12-30 18:39:29 -06:00
jvazquez-r7 7596d211e9 Use length for comparision 2014-12-30 18:39:18 -06:00
jvazquez-r7 e903044fd5 Allow to provide writable dir 2014-12-30 18:36:30 -06:00
jvazquez-r7 f17a7e8a61 Better handling of the unix domain socket argument 2014-12-30 18:36:28 -06:00
jvazquez-r7 4df4e8b9d6 Add support for linux meterpreter migration 2014-12-30 18:34:24 -06:00
jvazquez-r7 56df2d0062 Add support for linux meterpreter migrate types 2014-12-30 18:30:15 -06:00
sinn3r 553030b22d
Land #4473 - Log backtraces by default 2014-12-30 18:13:33 -06:00
Tod Beardsley 135faeee29
Land #4095, specs for Rex::OLE 2014-12-30 14:25:09 -06:00
Christian Mehlmauer 6444d8ba64
use kind_of? for checking exceptions 2014-12-30 21:16:57 +01:00
William Vu ce0bbca6ed
Land #4487, no spinnerz on Windows :( 2014-12-30 14:06:05 -06:00
Tod Beardsley a8e907d68b
Land #4479, nil comparisons and missing DLLs
Also fixes #4474.
2014-12-30 13:55:54 -06:00
Brent Cook bdac5db695 remove usage of ==/!= nil
Adjust all module-loading libraries to have consistent nil?/!nil? checking and
'if' style.
2014-12-30 10:59:49 -06:00
Tod Beardsley 6ded5a7eb4
Avoid spinner on Windows
Fixes #4147, probably.
2014-12-30 10:17:56 -06:00
Jon Hart d727ac5367
Alias Rex::Ui::Text::Output::Tee print_raw to write, fixes #4469 and #4363 2014-12-29 16:47:04 -08:00
sinn3r 9af3fd01d4 Fix response_timeout
response_timeout is a method specific to a meterpreter session, not
shell. So if the user is using a shell type payload, he will never
see a backtrace before interacting with the sessions.
2014-12-29 17:03:50 -06:00
sinn3r 555713b6ae
Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support) 2014-12-29 16:09:28 -06:00
Brent Cook f9b141c1e2
Land #4442, wchen-r7's configurable session response timeout option
fixes #4431
2014-12-29 13:02:47 -06:00
Brent Cook 5d70b837ed handle nil results from MeterpreterBinaries.path
When a meterpreter binary cannot be found, give the user some hint about what
went wrong.

```
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.43.1
lhost => 192.168.43.1
msf exploit(handler) > exploit

[*] Started reverse handler on 192.168.43.1:4444
[*] Starting the payload handler...
[*] Sending stage (770048 bytes) to 192.168.43.252
[*] Meterpreter session 1 opened (192.168.43.1:4444 -> 192.168.43.252:49297) at 2014-12-29 12:32:37 -0600

meterpreter > use mack
Loading extension mack...
[-] Failed to load extension: No module of the name ext_server_mack.x86.dll found
```

This is also useful for not scaring away would-be developers who replaced only
half (the wrong half) of their DLLs from a fresh meterpreter build and
everything exploded. Not that thats ever happened to me :)
2014-12-29 12:34:02 -06:00
Tod Beardsley 72eb8e6503
Land #4475, inverted timeout fix 2014-12-29 11:37:28 -06:00
Brent Cook bbb41c39b8 fix backward meterpreter packet timeout logic
The current logic times out every packet almost immediately, making it possible
for almost any non-trivial meterpreter session to receive duplicate packets.

This causes problems especially with any interactions that involve passing
resource handles or pointers back and forth between MSF and meterpreter, since
meterpreter can be told to operate on freed pointers, double-closes, etc.

This probably fixes tons of heisenbugs, including #3798.

To reproduce this, I enabled all debug messages in meterpreter to slow it
down, then ran this RC script with a reverse TCP meterpreter, after linking in
the test modules:

(cd modules/post
 ln -s ../../test/modules/post/test)

die.rc:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.43.1
exploit -j
sleep 5
use post/test/services
set SESSION 1
run
2014-12-29 08:15:51 -06:00
Christian Mehlmauer 3a73b40a1e
more error handling 2014-12-29 00:39:00 +01:00
Christian Mehlmauer 7b52bcb657
log errors into framework.log 2014-12-29 00:20:26 +01:00
jvazquez-r7 04772c8946 Ensure stop_service closes Rex::Proto::Http::Server 2014-12-26 13:50:03 -06:00
jvazquez-r7 c1b0385a4b
Land #4460, @Meatballs1's ssl cert validation bypass on powershell web delivery 2014-12-26 12:07:45 -06:00
jvazquez-r7 d148848d31 Support Kerberos error codes 2014-12-24 18:05:48 -06:00
Brent Cook 725a17c70b override default attr for OptRegexp
Rather than literally returning the default Regex object, override the accessor
to return the string representation. This allows the RPC backend to properly
serialize the options hash values, since msgpack does not know how to serialize
a Regexp object. Fixes #3798.

To verify the fix, run the steps for issue #3798 and ensure that the module
options are returned instead of a backtrace. Also, ensure that the module
continues to work as expected:

```
$ ./msfconsole -q
msf > use auxiliary/scanner/http/scraper
msf auxiliary(scraper) > info

       Name: HTTP Page Scraper
     Module: auxiliary/scanner/http/scraper
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  et <et@metasploit.com>

Basic options:
  Name     Current Setting               Required  Description
  ----     ---------------               --------  -----------
  PATH     /                             yes       The test path to the page to analize
  PATTERN  (?i-mx:<title>(.*)<\/title>)  yes       The regex to use (default regex is a sample to grab page title)
  Proxies                                no        Use a proxy chain
  RHOSTS                                 yes       The target address range or CIDR identifier
  RPORT    80                            yes       The target port
  THREADS  1                             yes       The number of concurrent threads
  VHOST                                  no        HTTP server virtual host

override default attr for OptRegexp
Description:
  Scrap defined data from a specific web page based on a regular
  expresion

msf auxiliary(scraper) > set RHOSTS lwn.net
RHOSTS => lwn.net
msf auxiliary(scraper) > set RHOSTS 72.51.34.34
RHOSTS => 72.51.34.34
msf auxiliary(scraper) > set VHOST lwn.net
VHOST => lwn.net
msf auxiliary(scraper) > run

[*] [72.51.34.34] / [Welcome to LWN.net [LWN.net]]
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
2014-12-24 09:57:14 -06:00
jvazquez-r7 05a9ec05e8 raise NotImplementedError 2014-12-23 19:59:37 -06:00
jvazquez-r7 4493b3285c Raise NoMethodError for methods designed to be overriden 2014-12-23 19:51:41 -06:00
jvazquez-r7 fee033d6df Use Rex::Text.md5_raw 2014-12-23 19:30:23 -06:00
Matthew Hall 3c10b04673 add start of rspec tests 2014-12-23 16:35:27 +00:00
Matthew Hall fca0484639 fix a few bugs with the code cleanup 2014-12-23 15:28:00 +00:00
Matthew Hall 6b98a7d444 Tidy up by removing some duplicate code; add framework to track payload requests through the file id 2014-12-23 14:14:06 +00:00
Meatballs c2bcde24ef
Land #4377, Support DYNAMIC_BASE templates - resolves #4366 2014-12-23 11:57:33 +00:00
Meatballs b41e259252
Move it to a common method 2014-12-23 11:16:07 +00:00
Joe Vennix e974d272f0
Remove stray line comment that ruined things when minified. 2014-12-23 00:22:50 -06:00
jvazquez-r7 13ec578d1a Revert "Back to Create OpenSSL::BN from string"
This reverts commit 635a54ca94.
2014-12-22 23:17:03 -06:00
jvazquez-r7 635a54ca94 Revert "Create OpenSSL::BN from string"
This reverts commit fe99b65a62.
2014-12-22 19:14:07 -06:00
jvazquez-r7 fe99b65a62 Create OpenSSL::BN from string 2014-12-22 18:44:47 -06:00
jvazquez-r7 d12b43d257 Use Intege.new 2014-12-22 18:37:07 -06:00
jvazquez-r7 f37cf555bb Use random subkey 2014-12-22 15:39:08 -06:00
jvazquez-r7 ad97457a39 Move more constants to Crypto 2014-12-22 15:27:16 -06:00
jvazquez-r7 75a2846377 Add more PAC constants 2014-12-22 15:14:46 -06:00
jvazquez-r7 5a6c915123 Clean options 2014-12-22 14:37:37 -06:00
sinn3r bcf659792e Restore original timeout 2014-12-22 12:34:52 -06:00
jvazquez-r7 f3b263f57d Use more crypto constants 2014-12-22 12:13:23 -06:00
jvazquez-r7 b96d172ccc Use constant names 2014-12-22 11:58:59 -06:00
jvazquez-r7 ff208002d7 Reorganize the Crypto mixin 2014-12-22 11:57:35 -06:00
jvazquez-r7 7a45918ecc Add specs for Msf::Kerberos::Client::TgsRequest 2014-12-22 11:28:24 -06:00
jvazquez-r7 8c62822ab9 Add specs for Msf::Client::Kerberos::AsRequest 2014-12-22 09:34:21 -06:00
jvazquez-r7 b469ff3567 Add doc references to Msf::Kerberos::Client::CacheCredential 2014-12-22 08:54:09 -06:00
jvazquez-r7 1f3eded4a8 Add specs for Msf::Kerberos::Client::CacheCredential 2014-12-21 23:47:40 -06:00
jvazquez-r7 7cb27408b2 Add doc references por spec'd mixins 2014-12-21 21:03:58 -06:00
jvazquez-r7 60d4525632 Add specs for Msf::Kerberos::Client::Pac 2014-12-21 17:49:36 -06:00
jvazquez-r7 e219b0b249 Add specs for Msf::Kerberos::Client::AsResponse 2014-12-21 01:12:00 -06:00
jvazquez-r7 9f1403a63e Add initial specs for Msf::Kerberos::Client::TgsResponse 2014-12-20 20:29:00 -06:00
jvazquez-r7 5f0c3ebb2b Add documentation for Msf::Kerberos::Client::TgsResponse and TgsRequest 2014-12-20 19:32:38 -06:00
jvazquez-r7 ffb319d703 Add documentation for Msf::Kerberos::Client::AsRequest 2014-12-20 18:57:49 -06:00
jvazquez-r7 8929cbd6b3 Fix typo 2014-12-20 18:29:50 -06:00
jvazquez-r7 e35218b6f1 Add documentation for Msf::Kerberos::Client::CacheCredential 2014-12-20 18:28:36 -06:00
jvazquez-r7 ca75b4b74a Add documentation for Msf::Client::Kerberos::Pac 2014-12-20 01:36:54 -06:00
jvazquez-r7 cf13dc8d53 Do build_ap_req 2014-12-20 01:25:20 -06:00
jvazquez-r7 422d3ce9b5 Take more care of options on build_tgs_request 2014-12-20 01:13:56 -06:00
sinn3r ad8bbf4477 Rescue rescue Rex::TimeoutError so the iteration can keep going 2014-12-20 01:12:30 -06:00
sinn3r a8e3ee033c Fix #4431 - Support arbitrary session response timeout
Fix #4431
2014-12-20 00:25:02 -06:00
jvazquez-r7 cd16e11b22 Make checksum from a method 2014-12-19 20:08:15 -06:00
jvazquez-r7 b0ac68fbc3 Create build_subkey method 2014-12-19 19:46:57 -06:00
jvazquez-r7 4a106089b9 Move options to build_tgs_request_body 2014-12-19 19:12:17 -06:00
jvazquez-r7 e6781fcbea Build AuthorizationData from the module 2014-12-19 18:59:39 -06:00
jvazquez-r7 9bd454d288 Build PAC extensions from the module 2014-12-19 18:47:41 -06:00
jvazquez-r7 04ef087434 Delete Microsoft namespace from the mixin 2014-12-19 18:41:27 -06:00
jvazquez-r7 b78765e584 Create PAC mixin component 2014-12-19 18:36:02 -06:00
jvazquez-r7 f332860c19 Clean creation of client and server principal names 2014-12-19 18:16:22 -06:00
jvazquez-r7 bd85723a9d Build pre auth array out of the mixin 2014-12-19 18:10:14 -06:00
Tod Beardsley d3050de862
Remove references to Redmine in code
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
jvazquez-r7 9cfc52b5af Extract build_as_request_body 2014-12-19 17:00:39 -06:00
jvazquez-r7 fcb801c729 Add Timeout datastore option 2014-12-19 16:53:12 -06:00
jvazquez-r7 d058bd5259 Refact extraction of kerberos cache credentials 2014-12-19 15:53:24 -06:00
Fernando Arias 337b2d784f
Land #4416, define rails version dep in one place
* Bump rails to 3.2.21
2014-12-19 15:17:54 -06:00
Matt Buck db0aeb2a05
Make the version constraint a range 2014-12-19 13:54:13 -06:00
sinn3r 650a68c994 Fix jcxz to jecxz for x86_64 in metasm
This fixes "invalid opcode near 'jecxz'" for x64 metasm encoding.
2014-12-19 13:34:56 -06:00
jvazquez-r7 fad08d7fca Add specs for Rex Kerberos client 2014-12-19 12:14:33 -06:00
Matt Buck c493ccfc06
Define the Rails version constraint in a library constant 2014-12-19 11:46:39 -06:00
jvazquez-r7 f4037b1003 Clean Kerberos Rex client code 2014-12-19 11:08:48 -06:00
jvazquez-r7 dfa92da287 Add TODO 2014-12-19 01:13:56 -06:00
jvazquez-r7 77e2d4d90d Add documentation for the Kerberos PAC support classes 2014-12-19 01:12:14 -06:00
jvazquez-r7 fda4cd3440 Fix some Rex Kerberos model documentation 2014-12-18 19:30:12 -06:00
jvazquez-r7 c426cf32d0 Add specs for Rex::Proto::Kerberos::CredentialCache::Principal 2014-12-18 17:40:06 -06:00
jvazquez-r7 16d5ee1aae Add documentation for the rex credential cache support 2014-12-18 17:12:58 -06:00
jvazquez-r7 7275f5a5f2 Allow Rex to load credential_cache 2014-12-18 16:32:21 -06:00
jvazquez-r7 f325d2f60e Add support for cache credentials in the mixin 2014-12-18 16:31:46 -06:00
William Vu 723998e1d4
Land #4425, jobs tab completion NilClass fix 2014-12-18 15:25:57 -06:00
Spencer McIntyre 400bd9a094 Fix jobs NilClass tab complete bug 2014-12-18 15:43:04 -05:00
Trevor Rosen 80cd04d76a
Land #4332, test optimization for Cucumber
* Make Cuke run faster on TravisCI
2014-12-18 09:34:55 -06:00
jvazquez-r7 0a61e108ea Add code skeleton for credential_cache 2014-12-18 00:30:47 -06:00
jvazquez-r7 0f19f3cf2e Add classes templates 2014-12-17 23:16:58 -06:00
jvazquez-r7 f3f6a64f02 Add some AS response methods to a mixin 2014-12-17 19:50:42 -06:00
jvazquez-r7 8e570cc19b Initial support to send TGS-REQ 2014-12-17 18:55:30 -06:00
Spencer McIntyre 549f3c69ff Dont crash when tab complete threads command with typos 2014-12-17 19:36:04 -05:00
Spencer McIntyre 698ca2639b Do not delete files that do not exist in rm_f 2014-12-17 09:18:06 -05:00
jvazquez-r7 662160ef61 Refactor mixin 2014-12-16 23:48:53 -06:00
jvazquez-r7 594b9bcfc2 Add support for AuthorizationData 2014-12-16 23:21:13 -06:00
HD Moore 9de4137aa7 Patch UA/Proxy settings during migration, lands #3632 2014-12-16 22:21:48 -06:00
Sean Verity 370f6003e3 Refactors metsrv patching in reverse_hop_htt.rb 2014-12-17 11:57:17 -05:00
Sean Verity 1930eb1bf8 Refactors metsrv patching in reverse_http.rb 2014-12-17 10:04:43 -05:00
jvazquez-r7 2649d482fe Add support for KRB_AP_REQ 2014-12-16 18:39:42 -06:00
jvazquez-r7 0f55a98450 Add support for Authenticator encoding 2014-12-16 17:45:54 -06:00
jvazquez-r7 dde45a7f53 Add support for Checksum encoding 2014-12-16 17:05:35 -06:00
jvazquez-r7 a93cbac7bf Support ticket encoding 2014-12-16 16:04:13 -06:00
jvazquez-r7 ce6b53b44c Fix attribute description 2014-12-16 11:39:04 -06:00
jvazquez-r7 a5f8b4319f Add support to encode PAC-TYPE 2014-12-16 11:31:27 -06:00
jvazquez-r7 1721641138 Add support for PAC-LOGON-INFO 2014-12-16 09:32:47 -06:00
sinn3r c2bc79c53c Resolves #4275 - Configurable variable name as an option
Resolves #4275
2014-12-15 23:59:34 -06:00
Sean Verity 52b3025351 Reworked to avoid extending String class on blob per hdm's rec. 2014-12-15 21:40:41 -05:00
jvazquez-r7 c1114c180a Add support for PAC-CLIENT-INFO 2014-12-15 17:32:51 -06:00
jvazquez-r7 64a0162e3f Add support for PAC-SERVER-CHECKSUM 2014-12-15 17:16:43 -06:00
jvazquez-r7 482c883d36 Add the parent class for pac elements 2014-12-15 17:13:52 -06:00
jvazquez-r7 2c7139b936 Add support for PAC-PRIVSRV-CHECKSUM 2014-12-15 17:13:22 -06:00
Samuel Huckins 4c994d84e0
Updating version to 4.11 for Flood release 2014-12-15 14:42:09 -06:00
jvazquez-r7 147ff13080 Add support to decode the encryption part of as responses 2014-12-15 11:47:08 -06:00
jvazquez-r7 643279b54b Add support to decode the encryption part of as responses 2014-12-15 11:46:11 -06:00
Brent Cook c24fdb81b5
Land #4389, Meatballs1's fix for enum_ad_* post module regressions
Fixes #4387 by adjusting for the new return type from ADSI queries.
2014-12-15 10:45:12 -06:00
jvazquez-r7 d81cdd6cbb Add KdcResponse spec first draft 2014-12-14 21:20:54 -06:00
jvazquez-r7 c3a2bcf956 Make KdcResponse decoding better 2014-12-14 21:01:09 -06:00
jvazquez-r7 442adb080f Add first support to decode tickets 2014-12-14 20:51:26 -06:00
jvazquez-r7 35742873c7 Delete references to deleted namespaces 2014-12-14 19:23:21 -06:00
jvazquez-r7 78c76092dd Delete namespaces from model classes 2014-12-14 19:18:30 -06:00
jvazquez-r7 13ae624738 Delete namespaces 2014-12-14 19:15:57 -06:00
jvazquez-r7 2d0cb5acd8 Move elements to model dir 2014-12-14 19:11:21 -06:00
jvazquez-r7 328e9f62e8 Add first draft for Kerberos responses 2014-12-14 19:09:41 -06:00
jvazquez-r7 483c273e17 Add support to decode responses on the Rex client 2014-12-14 17:54:17 -06:00
jvazquez-r7 883bfd1f46 Add support to retrieve e-data 2014-12-14 17:23:37 -06:00
jvazquez-r7 7067f2ea83 Modify Rex::Proto::Kerberos::Client to read responses 2014-12-14 16:32:25 -06:00
jvazquez-r7 c5dc065fde Add support for decoding KrbError 2014-12-14 16:26:18 -06:00
jvazquez-r7 704781d0ce Modify exception message 2014-12-14 12:11:09 -06:00
jvazquez-r7 8435328af7 Fix create_tcp_connection 2014-12-14 00:54:26 -06:00
jvazquez-r7 0abf5d147e Add some documentation 2014-12-14 00:51:44 -06:00
HD Moore e2617c7095
Return the workspace id in responses, lands #4142 2014-12-13 18:04:58 -06:00
HD Moore 00590f9f26
Adds Java serialization support, lands #4327 2014-12-13 17:47:53 -06:00
HD Moore 6ea5ed1a82
Shrinks windows payloads, lands #4391 2014-12-13 17:41:50 -06:00
HD Moore f67a32ef9c
Add missing commits from #3770, lands #4393 2014-12-13 17:36:26 -06:00
HD Moore 19adfca8ce Updated stubs from source 2014-12-13 12:55:41 -06:00
Meatballs 5d18de2ebf
Fix legacy railgun LDAP implementation 2014-12-13 18:26:26 +00:00
HD Moore 92490ab5e8 Singles updated from the source 2014-12-13 12:22:07 -06:00
HD Moore 4681416a0f Update block_api with @schierlm's changes 2014-12-13 12:06:38 -06:00
jvazquez-r7 bde8c380c2 Make mixin run 2014-12-13 02:46:00 -06:00
HD Moore f676b72767
Add Kademlia scanner, lands #4210 2014-12-12 16:40:58 -06:00
Tod Beardsley 9545b6e4d6
Land #4343, os_flavor reduction 2014-12-12 14:49:15 -06:00
Tod Beardsley ac004d2770
Fix bruteforce validators to accept nil
bruteforce_speed isn't always required, because the speed checker
already handles nil (and presumes the user wants the fastest possible).

See also MSP-11842
2014-12-12 13:57:37 -06:00
Tod Beardsley 177cade6a5 Merge branch 'land-4274-ssl' into temp 2014-12-12 13:25:54 -06:00
sinn3r 985245e8a1 Document method
Fix #4366 (support dynamic_base templates)
2014-12-12 01:22:32 -06:00
jvazquez-r7 78eb3325bc Add initial Rex Client and mixin 2014-12-12 01:20:14 -06:00
sinn3r b8e58d0f04 Support 32 and 64-bit for exe-only, and fix -k 2014-12-12 01:13:09 -06:00
Brent Cook fef9c67b0e
Land #3175, OJ's TLV group refactoring 2014-12-11 22:12:35 -06:00
Brent Cook 8140ed4a45 Merge branch 'upstream-master' into land-3175 2014-12-11 22:03:03 -06:00
sinn3r d311059e75 Fix DYNAMIC_BASE templates 2014-12-11 20:44:03 -06:00
James Lee 0c1d02c940
Fix event handlers on ruby 2
Fixes #4219
2014-12-11 20:08:45 -06:00
jvazquez-r7 20836c1789 Refactor crypto usage 2014-12-11 18:18:37 -06:00
jvazquez-r7 0b2fd7ffec Update PreAuthEncTimeStamp#encrypt documentation 2014-12-11 17:08:04 -06:00
jvazquez-r7 424ce6ad53 Add constant with CRYPTO_MSG_TYPE 2014-12-11 17:03:46 -06:00
jvazquez-r7 38a0506f2d Refactor Crypto 2014-12-11 17:00:46 -06:00
jvazquez-r7 35f02e6796 Add support to encode KdcRequest 2014-12-11 15:51:54 -06:00
dmaloney-r7 47c38ed04e Merge pull request #4364 from todb-r7/bug/bruteforce-speed-3904
Modules should respect bruteforce_speed again
2014-12-11 13:19:42 -06:00
jvazquez-r7 d96206b813 Support KdcRequest#encode 2014-12-11 12:44:17 -06:00
Tod Beardsley 4eaf64afef
Don't lie about stop_on_success
This absolutely needs to be honored too, though.

See #4365.
2014-12-11 12:37:13 -06:00
jvazquez-r7 3f12c5c9c5 Redo decode_asn1 2014-12-11 12:34:47 -06:00
jvazquez-r7 8d6e41fae3 Add documentation for KdcRequest 2014-12-11 12:27:26 -06:00
jvazquez-r7 162d2d39b5 Add support for KdcRequestBody decoding 2014-12-11 12:19:26 -06:00
Tod Beardsley edf541fabe
Fix some double spacing 2014-12-11 09:39:15 -06:00
jvazquez-r7 39ffc0c58a Add support for PreAuthData#encode 2014-12-10 19:48:44 -06:00
jvazquez-r7 b89dee03c6 Add PreAuthEncTimeStamp#encode support 2014-12-10 19:30:21 -06:00
jvazquez-r7 3accdb705b Add support for PreAuthPacRequest#encode 2014-12-10 19:18:19 -06:00
jvazquez-r7 96c1370334 Add EncryptedData#encode support 2014-12-10 19:12:24 -06:00
jvazquez-r7 543ec35a01 Refactor PrincipalName#encode 2014-12-10 18:57:23 -06:00
jvazquez-r7 5d2ff5982e Add support for PreAuthEncTimeStamp decoding/decrypting 2014-12-10 18:33:46 -06:00
Tod Beardsley 0eea9a02a1
Land #3144, psexec refactoring 2014-12-10 17:30:39 -06:00
sinn3r 9202c4f2a1 No mercy for os_flavor 2014-12-10 11:46:21 -06:00
jvazquez-r7 785ff60d8e Add inital support for PreAuthEncTimeStamp 2014-12-10 11:25:48 -06:00
jvazquez-r7 8ec403af89 Add support for PA-PAC-REQUEST 2014-12-10 10:51:37 -06:00
jvazquez-r7 6ebfbe7271 Prefix coding 2014-12-10 09:54:57 -06:00
jvazquez-r7 11acba3324 Prefix coding 2014-12-10 09:52:23 -06:00
jvazquez-r7 6653502e68 Support pa_data parsing on kdc_request 2014-12-10 09:47:31 -06:00
jvazquez-r7 cc909ba402 Add documentation for PreAuthData 2014-12-09 19:57:16 -06:00
jvazquez-r7 18819ad6b9 Prefix Rex 2014-12-09 19:37:42 -06:00
jvazquez-r7 0a6e42968b Add inital support for padata 2014-12-09 19:28:40 -06:00
jvazquez-r7 e62628f1cc Make specs pass 2014-12-09 18:52:42 -06:00
jvazquez-r7 2557780e7c Add initial support to decode kdc requests 2014-12-09 18:48:08 -06:00
jvazquez-r7 bed1e06d13 Mark EncryptedData encode as unsupported atm 2014-12-09 17:06:51 -06:00
jvazquez-r7 82549315ff Mark KdcRequestBody encode as unsupported atm 2014-12-09 17:05:20 -06:00
jvazquez-r7 b84840a596 Add support to decode TGS_REQ body 2014-12-09 16:51:34 -06:00
jvazquez-r7 f236438290 Add initial support for EncryptedData 2014-12-09 16:40:44 -06:00
jvazquez-r7 2725235bc1 Add require for EncryptedData 2014-12-09 16:28:37 -06:00
jvazquez-r7 c5865c6fec Add initial design draft 2014-12-09 15:53:29 -06:00
Tod Beardsley 09617f990b Implement BRUTEFORCE_SPEED respect (telnet)
This implements just for telnet, but assuming this strategy is kosher,
it's not too painful to add for the rest of the LoginScanner using the
old defaults used by `AuthBrute`.

See #3904, @dmaloney-r7 or @jlee-r7
2014-12-09 15:40:43 -06:00
Spencer McIntyre d74a8f6c41 Include the datastore options for the encoder too 2014-12-09 16:32:41 -05:00
sinn3r a584a5982f Clarify about how BES uses os_flavor
We don't. We don't use os_flavor anymore because it is no longer
implemented. We get the information from os_name instead.
2014-12-09 12:21:59 -06:00
sinn3r c670bb72df
Land #4337 - Fix prompt coloring on Windows 2014-12-09 11:53:35 -06:00
Spencer McIntyre 42710cc32e Error messages for the python meterpreter 2014-12-09 11:03:57 -06:00
Luke Imhoff 5f730277cf
Fix prompt coloring on Windows
MSP-11669

Set output stream for RbReadline (rl_outstream) to the
Rex::Ui::Text::Output::Stdio, which will use translate the ANSI color
escapes to set_color calls in Windows.
2014-12-08 14:31:00 -06:00
Luke Imhoff 8c0610cb7a
Merge branch 'master' into feature/MSP-11671/test-optimization
MSP-11671

Conflicts:
	.travis.yml
2014-12-08 08:46:22 -06:00
jvazquez-r7 564da4446e Add print friendly to_s 2014-12-07 17:52:09 -06:00
jvazquez-r7 19effa7eb9 Fix feedback's review 2014-12-06 21:47:55 -06:00
jvazquez-r7 21742b6469 Test #3729 2014-12-06 21:20:52 -06:00
jvazquez-r7 2c290e2004 Use classes short name 2014-12-05 20:16:50 -06:00
jvazquez-r7 8f403f3eea Update documentation 2014-12-05 20:11:45 -06:00
jvazquez-r7 03740df931 Support serialization 2014-12-05 19:55:52 -06:00
jvazquez-r7 785006b684 Use references 2014-12-05 19:12:05 -06:00
jvazquez-r7 ae608b1311 Add references to stream when possible 2014-12-05 17:35:38 -06:00
jvazquez-r7 13d8058fe5 Fill stream attribute 2014-12-05 17:14:37 -06:00
Jon Hart 39790a95a0
Land #4313, @wchen-r7's fix for #4304 2014-12-05 15:08:35 -08:00
jvazquez-r7 ca164cd99f Support the stream attribute 2014-12-05 16:52:59 -06:00
jvazquez-r7 90e2bbbff5 Refactor Contents 2014-12-05 16:05:35 -06:00
Jon Hart da92e4705c
Land #4319, @wchen-r7's fix for #4307 2014-12-05 12:08:39 -08:00
Tod Beardsley 0431720a07
Land #4294, msfconsole speedups on module load
Related to #4257 and #4195 vaguely, and possibly even #4147.
2014-12-05 13:45:11 -06:00
jvazquez-r7 2241653cb6 Delete self.stream initialization 2014-12-05 12:44:04 -06:00
jvazquez-r7 f5a19b9b41 Add support to decode TC_REFERENCE 2014-12-05 12:42:27 -06:00
sinn3r abf199f924 Remove junk code 2014-12-05 11:01:34 -06:00
jvazquez-r7 1653101da4 Add support for Arrays of Objects 2014-12-04 20:31:38 -06:00
jvazquez-r7 8e5dc27546 Support Objects with super classes 2014-12-04 19:19:42 -06:00
jvazquez-r7 4b8bdad44b Refactor contents serialization 2014-12-04 18:28:25 -06:00
sinn3r cfc1acfcae Fix #4307 - Check action for nil
Auxiiary modules already do this, but looks like we forgot to do the
same for post modules.

I also changed the error to allow "reason" in order to be more
informative about what the user should do.

Fix #4307
2014-12-04 17:07:59 -06:00
Jon Hart 743e9fca9d
Correctly set default SECRET 2014-12-04 14:06:22 -08:00
Jon Hart 1e423f415e
Add missing opt , 2014-12-04 14:05:17 -08:00
Jon Hart 7f425fc3ab
Configurable fix for #4305
Rename UDP_SECRET to just SECRET, as it is used for more than just UDP

Rename and properly document GATEWAY option

Introduce an option to configure what UDP port will be probed
2014-12-04 13:17:34 -08:00
Meatballs 186d8bd359
Fix starts_with? 2014-12-04 20:16:56 +00:00
Jon Hart f22d7191cd Test fix for #4305 2014-12-04 10:59:57 -08:00
sinn3r 9cc04e59eb Fix #4304 - Blank password is tried when it shouldn't happen
Fix #4304
2014-12-04 12:59:51 -06:00
jvazquez-r7 08f69da41a Undo to_s methods 2014-12-04 12:48:05 -06:00
jvazquez-r7 b80f6c34c0 Add tool to deserialize streams from files 2014-12-04 12:47:02 -06:00
Jon Hart d8b1401545
Test fix for #4306 2014-12-03 19:54:31 -08:00
jvazquez-r7 08fe467452 Add Stream specs 2014-12-03 19:31:46 -06:00
jvazquez-r7 2c8f66bba2 Add support for Reset 2014-12-03 18:50:56 -06:00
jvazquez-r7 fb246ac943 Add support for (de)serialization of contents 2014-12-03 18:50:31 -06:00
jvazquez-r7 3e8b8390dd Add support for Java Streams 2014-12-03 17:59:00 -06:00
jvazquez-r7 6cb6252914 Add YARD documentation for NewObject 2014-12-03 17:34:12 -06:00
jvazquez-r7 d0fcbf2cdb Add support for simple Objects really 2014-12-03 17:22:23 -06:00
jvazquez-r7 2b91d5013e Add support for simple Objects 2014-12-03 17:21:11 -06:00
James Lee 8f2e444aca
Land #4281, ::Queue workarounds for 2.1.x
Conflicts:
	lib/msf/core/handler/reverse_tcp.rb
2014-12-03 15:48:20 -06:00
jvazquez-r7 fbea369043 Check nils before encoding 2014-12-03 15:06:28 -06:00
jvazquez-r7 0560cc2fe9 Fix typos 2014-12-03 14:59:38 -06:00
jvazquez-r7 268157d42f Add support for Java Enums 2014-12-03 14:50:03 -06:00
jvazquez-r7 f0139d6aad Fix some docu typos 2014-12-03 14:34:17 -06:00
jvazquez-r7 0cd51553ed Raise error on unsupported ClassDesc 2014-12-03 14:00:10 -06:00
jvazquez-r7 6deb88af6b Add support for arrays 2014-12-03 13:55:12 -06:00
jvazquez-r7 b9023e8fcc Split ClassDescription into ClassDesc and NewClassDesc 2014-12-03 00:38:27 -06:00
jvazquez-r7 db45f4c620 Delete ClassDescription 2014-12-02 23:56:55 -06:00
jvazquez-r7 1f535a41ca Move types to the Serialization module 2014-12-02 20:02:42 -06:00
jvazquez-r7 2c070c450b Add support for ClassDescription 2014-12-02 17:31:53 -06:00
sinn3r f6f0050f56 Fix #3886 - Backtrace for #check when session is invalid
If the user supplies an invalid session (as in not on the session
list), it will cause a backtrace, because the setup method from
Msf::PostMixin isn't actually called.

We have thought about implementing this in a new OptSession instead.
But you can't use or even pass framework to option_container.rb, so
this is NOT possible.

The original PR was #3956.
2014-12-02 17:22:46 -06:00
jvazquez-r7 e9e584e107 Raise exceptions when unserialization isn't possible 2014-12-02 15:31:31 -06:00
Fernando Arias fb439258b9
Land #4298, arbitrary Ruby extension for replicant
MSP-11673

* Adds Msf::Module#register_extensions
* Extensions are arbitrary Ruby modules
* Allows overriding of psuedo callbacks
2014-12-02 14:59:37 -06:00
Luke Imhoff f696a5ab0e
msfconsole --defer-module-loads
MSP-11671

Add command line option --defer-module-loads to msfconsole.  It will
stop `Msf::Ui::Console::Driver` from calling
`framework.modules.init_module_paths` AND
`framework.modules.refresh_cache_from_database`.  This flag is only
meant to speed up msfconsole boot when modules do not need to accessed,
such as during cucumber testing of command help or command line options.
2014-12-02 14:41:32 -06:00
Trevor Rosen 2a033861dc
Just use constants directly
MSP-11673
2014-12-02 13:12:53 -06:00
Trevor Rosen 784e138b14
Extend replicants via arbitrary Ruby code
MSP-11673

* Implements a #register_extensions method on Msf::Module
* Any registered Ruby modules will extend the cloned module returned by #replicant
2014-12-02 12:18:30 -06:00
Luke Imhoff 35ff82c9d8
Merge branch 'bug/MSP-11672/double-init-module-paths' into feature/MSP-11671/msfconsole-defer-module-loads
MSP-11671
2014-12-02 11:57:47 -06:00
HD Moore fc96d011ab
Python reverse_http stager, lands #4225 2014-12-02 11:47:31 -06:00
jvazquez-r7 622a18bc22 Add support for annotations 2014-12-02 11:42:41 -06:00
Luke Imhoff 9272fe90ae
Merge branch 'master' into bug/MSP-11672/double-init-module-paths
MSP-11672
2014-12-02 11:23:51 -06:00
jvazquez-r7 a68540cfa2 Add support for Data Block Long 2014-12-02 10:49:15 -06:00
jvazquez-r7 9c5d7e66d4 Add block data support 2014-12-02 10:46:29 -06:00
Luke Imhoff 90c6764426
init_module_paths once in msfconsole
MSP-11672

Pass `'DeferModuleLoads' => false` to `Msf::Simple::Framework.create` so
that `framework.modules.init_module_paths` is only called once (directly
in `Msf::Ui::Console::Driver#initialize`) instead of twice (in
`Msf::Simple::Framework.create` and `Msf::Ui::Console::Driver#initialize).
2014-12-02 10:28:23 -06:00
Luke Imhoff 653c71e029
Fail if init_module_paths called more than once
MSP-11672

Calling init_module_paths takes 6 seconds on my machine even when there are no
files to that are changed just because it takes that long to walk the
directories and gather the mtime for each file.  Therefore, calling it
more than once should be avoided.  Also, there is no reason to call it
twice as to add paths later, `modules.add_module_paths` should be used.
2014-12-02 10:17:09 -06:00
jvazquez-r7 8923b87def Don't redefine the static decode method 2014-12-02 09:02:24 -06:00
William Vu bd3d63a155
Land #4270, Msf::Author cleanup and improvements 2014-12-02 01:26:42 -06:00
jvazquez-r7 ef2bf5b935 Add support for long-utf 2014-12-01 19:50:33 -06:00
jvazquez-r7 705cd4c308 Add initial requiring file 2014-12-01 19:08:16 -06:00
jvazquez-r7 5f11c70d7f Add initial support for Java serialization 2014-12-01 19:07:45 -06:00
Luke Imhoff 7e2b197f02
Document Msf::Simple::Framework.create
MSP-11671
2014-12-01 15:38:48 -06:00
Luke Imhoff 57cabb4f10
Document Msf::Simple::Framework.simplify
MSP-11671
2014-12-01 15:36:38 -06:00
William Vu 394d132d33
Land #2756, tincd post-auth BOF exploit 2014-12-01 12:13:37 -06:00
sinn3r c681654c10
Land #4252 - Rework meterpreter SSL & pass datastore to handle_connection() 2014-11-30 20:15:53 -06:00
HD Moore f139795663 Rework queue handling and error reporting, close #4249 2014-11-28 14:56:02 -06:00
HD Moore 335d1ef287 Only cache auto-generated certificates 2014-11-26 21:23:08 -06:00
Joe Vennix 2bd7a67413
Restructure parts of Author, fix some doc bugs. 2014-11-26 13:54:23 -06:00
William Vu a34e721353
Check for load errors in reload_all 2014-11-25 13:13:40 -06:00
Jon Hart c0dab54925
Add minor missing doc 2014-11-25 07:37:49 -08:00
Jon Hart bedf7ed44b
Doc cleanup 2014-11-24 14:34:20 -08:00
Jon Hart 0ed356f71c
Move Kademlia stuff to a more OO model, etc, per reviews
All of the work is done in rex.  The msf mixin just prevents the
desire to call rex directly from the module
2014-11-24 14:03:43 -08:00
HD Moore 4dc1183ff5 Protecting it once seems like enough (typo) 2014-11-22 17:42:07 -06:00
HD Moore 8becf417a7 Qualify ::File to prevent a stacktrace 2014-11-22 17:16:13 -06:00
HD Moore 673e21cfaf Rework meterpreter SSL & pass datastore to handle_connection()
This allows HandlerSSLCert to be used to pass a SSL certificate into the Meterpreter handler. The datastore has to be passed into handle_connection() for this to work, as SSL needs to be initialized on Session.new. This still doesn't pass the datastore into Meterpreter directly, but allows the Session::Meterpreter code to extract and pass down the :ssl_cert option if it was specified. This also fixes SSL certificate caching by expiring the cached cert from the class variables if the configuration has changed. A final change is to create a new SSL SessionID for each connection versus reusing the SSL context, which is incorrect and may lead to problems in the future (if not already).
2014-11-22 15:35:00 -06:00
HD Moore 823b4e259a Make it clear SSLVersion is not advertised since it isn't used 2014-11-22 14:25:09 -06:00
HD Moore 842a7a38d8 Change SSLCert to HandlerSSLCert to avoid conflicts with modules 2014-11-22 14:23:56 -06:00
HD Moore 9ed8c59459 Bring options over from reverse_tcp (bind address, etc).
Also includes the SSLCert => HandlerSSLCert change
2014-11-22 14:22:54 -06:00
HD Moore ba9c763f7e Auto-generated SSL certs now match "snakeoil" defaults
This change emulates the auto-generated snakeoil certificate from Ubuntu 14.04. The main changes including moving to 2048-bit RSA, SHA256, a single name CN for subject/issuer, and the removal of most certificate extensions.
2014-11-21 18:25:04 -06:00
jvazquez-r7 90ae9a3ff8
Land #4173, @wchen-r7's fix for SMB find_first
* Fixes #4119, SMB find_first("\\*") does not return accurate results
* It missed initialization of sid
2014-11-21 09:51:57 -06:00
sinn3r f2add929d7
Land #4239 - Support SSL intermediate certs 2014-11-21 02:09:40 -06:00
Jon Hart e255db9429
Partial commit 2014-11-20 13:49:36 -08:00
Jon Hart 5d2c02f402 Initial commit of more OO version of Rex/Aux Kademlia support 2014-11-20 13:28:01 -08:00
Jon Hart 94e5ba13a4 YARD and spec cleanup 2014-11-20 13:28:01 -08:00
Jon Hart df36ac910d Mostly complete Kademlia PING / BOOTSTRAP scanner 2014-11-20 13:28:01 -08:00
Jon Hart f5aa3ecb57 Add proper peer decoding 2014-11-20 13:28:01 -08:00
Jon Hart ab49d01a1b Add beginnings of Kademlia gather module and protocol support 2014-11-20 13:28:00 -08:00
HD Moore 2f92a83092 Change to example.com as the default domain 2014-11-20 14:53:36 -06:00
HD Moore d530046164 Bugfix. Chrome is a liar (chain certs properly) 2014-11-19 16:08:03 -06:00
HD Moore 0d091f1c03 Support SSL intermediate certs, closes #4238
Note that this does not apply to reverse_tcp meterpreter clients yet, as
they do not allow certificates to be supplied. I abstracted out the SSL
certificate generation and parsing methods so that we can address this
next.
2014-11-19 15:56:49 -06:00
Meatballs 7004c501f8
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2
Conflicts:
	modules/exploits/windows/smb/psexec.rb
2014-11-19 14:40:50 +00:00
jvazquez-r7 dff6af0747 Restore timeout 2014-11-18 12:17:10 -08:00
jvazquez-r7 4844447d17 Use 20 seconds as default timeout
* Because it's the default timeout on Rex::Proto::SunRPC::Client
2014-11-18 12:17:10 -08:00
jvazquez-r7 694561dd0f Dont shadow methods with local variables, just in case... 2014-11-18 12:17:10 -08:00
Jon Hart bfde6047d5 Introduce a user-controlled timeout for SunRPC stuff 2014-11-18 12:17:10 -08:00
Jon Hart a9f9a8b116 Introduce new ::Rex::Proto::SunRPC::RPCError, making run_host cleaner 2014-11-18 12:17:10 -08:00
Trevor Rosen d04441f638
Merge branch 'landing/4207' into upstream-master
Land #4207

* Ensure that `rake spec` doesn't create too many threads
2014-11-18 09:23:20 -06:00
Luke Imhoff 8249ef62c9
Merge branch 'master' into chore/MSP-11614/remove-msf-db-manager-sink
MSP-11614

Conflicts:
	spec/lib/msf/core/task_manager_spec.rb
2014-11-18 08:54:14 -06:00
Trevor Rosen fff36f5968
Merge branch 'landing/4189' into upstream-master
Land #4189

* Detect leaked threads during spec runs
* Manage threads before/after spec runs
2014-11-18 08:33:38 -06:00
jvazquez-r7 7daedac399
Land #3972 @jhart-r7's post gather module for remmina Remmina
* Gather credentials managed with Remmina
2014-11-17 16:44:41 -06:00
Tod Beardsley 286827c6e5
Land #4186, Samsung KNOX exploit. Ty @jvennix-r7! 2014-11-17 13:29:39 -06:00
Spencer McIntyre 2b36c1bb43 Fix pymeterp bugs from testing in osx and python3 2014-11-17 14:04:30 -05:00
jvazquez-r7 cc8b37d619 Make directory mandatory 2014-11-17 12:15:33 -06:00
jvazquez-r7 15b7435c34 Make it YARD compliant documentation 2014-11-17 12:03:37 -06:00
Jon Hart cd32f00ebc
Add dir doc 2014-11-17 09:15:08 -08:00
Jon Hart 98db8b5ad9
When not a meterpreter session, split dir/ls output to match meterpreter entries output 2014-11-17 09:10:03 -08:00
Jon Hart 5f1a1f8ed3 Use dir for Windows only, ls for the rest 2014-11-17 09:01:14 -08:00
Jon Hart 6519b0e2cb Add dir and ls to Msf::Post::File 2014-11-17 09:01:14 -08:00
floyd 9243cfdbb7 Minor fixes to ruby style things 2014-11-17 17:12:17 +01:00
floyd 91aa5fa3cf Some simple ruby convention changes that hopefully make ruby people happy 2014-11-17 16:48:52 +01:00
floyd 3c1ce5072c Replaced camel case states with snail_case 2014-11-17 16:37:04 +01:00
Luke Imhoff 33b42389f0
Merge branch 'feature/MSP-11147/thread-leak-detection' into feature/MSP-11605/lazy-thread-creation
MSP-11605
2014-11-17 09:35:47 -06:00
Luke Imhoff e3869ee1ae
Include Thread status when printing leaked threads
MSP-11147

Sometime travis-ci is showing leaked threads even when
'Msf::Framework#threads cleaner' is being used, so I'm adding the
`Thread#status` to the data printed about the Thread to see if the
sometimes leaked threads have an odd status.  There's still a chance
that there will be a race-condition between when I call Thread.list and
I ask for each Thread's status that the VM could finish aborting a
Thread so that status I print isn't the same as the one that caused the
Thread to be returned in Thread.list.
2014-11-17 09:30:46 -06:00
Luke Imhoff ba836f2383
Only calculate thread UUIDs if they are needed
MSP-11147

Only calculate thread UUIDs if the thread count exceeds
EXPECTED_THREAD_COUNT_AROUND_SUITE.
2014-11-17 09:17:44 -06:00
Luke Imhoff 024b449b55
Merge branch 'master' into feature/MSP-11605/lazy-thread-creation
MSP-11605
2014-11-17 08:50:33 -06:00
Joe Vennix 2a24151fa8
Remove BAP target, payload is flaky. Add warning. 2014-11-17 02:02:37 -06:00
Joe Vennix 105a28d8fd
Run the tests again. 2014-11-16 23:42:40 -06:00
Joe Vennix a7aeac5df3
Fix APK signing on osx. 2014-11-16 23:29:54 -06:00
Spencer McIntyre 0bf93acf6b Pymeterp http proxy and user agent support 2014-11-16 14:29:20 -05:00
Joe Vennix 7a62b71839
Some URL fixes from @jduck and exploit ideas from Andre Moulu.
The exploit works with the URLs fixed, installs the APK, but hangs at the Installing...
screen and never actually launches. We tried opening the APK in a setTimeout() intent
URI, but the previously launched intent seemed unresponsive. Andre had the bright
idea of re-opening the previously launched intent with invalid args, crashing it and
allow us to launch the payload.
2014-11-15 21:33:16 -06:00
William Vu a521d469ed
Land #4194, Quake protocol support 2014-11-15 17:44:19 -06:00
Spencer McIntyre e562883ba9 Escape inserted vars and fix core_loadlib 2014-11-15 15:06:18 -05:00
sinn3r d207345778
Land #4200 - report_note handling incorrect protocol names 2014-11-15 13:16:58 -06:00
Luke Imhoff ceb7a63a5c
Merge branch 'master' into feature/MSP-11147/thread-leak-detection
MSP-11147
2014-11-14 18:20:55 -06:00
Spencer McIntyre 7c14e818f6 Patch pymeterp http settings 2014-11-14 17:12:23 -05:00
William Vu 0477c5f8fe
Land #4191, merge_check_key update for Ruby 2.1.4 2014-11-14 15:33:47 -06:00
Trevor Rosen 3b558624f3
Merge branch 'landing/4129' into upstream-master
Landing #4129

* Detect leaked constants in spec runs
2014-11-14 12:55:56 -06:00
Luke Imhoff 43511e648a
Merge branch 'chore/MSP-11614/remove-msf-db-manager-sink' into feature/MSP-11605/lazy-thread-creation
MSP-11605

Conflicts:
	spec/lib/msf/core/task_manager_spec.rb
2014-11-14 11:59:12 -06:00
Luke Imhoff 14fa1dba0b
Merge branch 'master' into feature/MSP-11605/lazy-thread-creation
MSP-11605
2014-11-14 11:58:16 -06:00
Luke Imhoff 5e6400a506
Remove Msf::TaskManager
MSP-11614

`Msf::TaskManager` was only used for `Msf::DBManager#sink`, which was
removed because it was unused, so `Msf::TaskManager` can also be
removed.
2014-11-14 11:15:05 -06:00
Luke Imhoff 55a8f6f339
Remove Msf::DBManager::Sink
MSP-11614

`Msf::DBManager::Sink` contains code for a `sink` that is a meant to
serialize database events, but it's unneeded because all database events
go directly through ActiveRecord, which handles threading.
2014-11-14 10:51:51 -06:00
Spencer McIntyre 6b2387b7fc Prepare for a reverse_http stager 2014-11-14 11:15:22 -05:00
Jon Hart 57aef9a6f5
Land #4177, @hmoore-r7's fix for #4169 2014-11-13 18:29:57 -08:00
Matt Buck 651beb9acb
Land #4192, enable specifying mode for Rex output file 2014-11-13 14:57:48 -06:00
Julio Auto 812aa9bc1a Reduce number of calls to to_s and downcase 2014-11-13 14:56:17 -06:00
Julio Auto e72d9bd21f Fix report_note handling incorrect protocol names 2014-11-13 14:30:43 -06:00
Luke Imhoff eb3ff769a9
Msf::Framework#threads?
MSP-11605

`Msf::Framework#threads?` returns whether `Msf::Framework#threads` was
ever initialized.  If `Msf::Framework#threads?` is true, then threads
need to be cleaned up, while if it is false then no threads need to be
cleaned up from the current framework.
2014-11-13 14:21:35 -06:00
Luke Imhoff d9a25005a6
Wrap Msf::Framework#threads in Metasploit::Framework::ThreadFactoryProvider
MSP-11605

`Rex::ThreadFactory.provider` needs to be set in
`Msf::Framework#initialize`, but setting it directly to
`Msf::Framework#threads` eliminates the laziness of
`Msf::Framework#threads`.  In order keep `framework.threads` lazy,
`framework` is wrapped in a
`Metasploit::Framework::ThreadFactoryProvider`, which responds to
`spawn`, which is needed by `Rex::ThreadFactory`, by calling
`framework.threads.spawn`, which lazily initialized `framework.threads`
when the first thread needs to be spawned.
2014-11-13 14:08:26 -06:00
Luke Imhoff 0bc27334c1
Thread-safe lazy Msf::Framework#db
MSP-11605

Switch `Msf:Framework#db` from being set in `#initialize` to a custom
method that uses `||=` to lazily initialize the `Msf::DBManager` inside
a `synchronize` block to make it thread safe.
2014-11-13 13:38:53 -06:00
Luke Imhoff 92adaa816f
Store Msf::Framework#initialize options
MSP-11605

Store options `Hash` passed to `Msf::Framework#new` in `#options` so
that lazily initialized children, such as DBManager, have access to
those options.
2014-11-13 13:23:17 -06:00
Luke Imhoff bc181f0294
Thread-safe lazy Msf::Framework#sessions
MSP-11605

Switch `Msf::Framework#sessions` from being set in `#initialize` to a
custom method that uses `||=` to lazily initialize the
`Msf::SessionManager` inside a `synchronize` block to make it thread
safe.
2014-11-13 13:17:57 -06:00
Trevor Rosen 0959ef3d13
Fixes lack of support for MetasploitV5 tag
#4184

* Appears to have been overlooked somehow in the pre-BlackHat crunch
* V5 will not support credentials
* We are implementing full-workspace zip import/export for credentials
2014-11-13 13:01:55 -06:00
Luke Imhoff 216c3d01de
Thread-safe lazy Msf::Framework#threads
MSP-11605

Switch Msf::Framework#threads to a custom method that uses `||=` to
lazily initialize the `Msf::ThreadManager` inside a `synchronize` block
to make it thread safe.
2014-11-13 11:12:43 -06:00
Luke Imhoff 8fc683d75d
Use MonitorMixing in Msf::Framework
MSP-11605

To get access to `#synchronize` for thread-safe lazy initialization.
2014-11-13 11:11:34 -06:00
Luke Imhoff b17b263cc7
Ignore debugger threads
MSP-11147

When using the debugger, it adds a thread that should be allowed and not
go towards the count.
2014-11-13 09:49:08 -06:00
Luke Imhoff 535f69b56d
Append to RUBYOPT for debugger compatibility
MSP-11147

When using Rubymine's debugger, the tests would run and say there were
no tests and no break points would be hit.  It was determined that this
was due the Rubymine's debugger injecting itself into RUBYOPTS and only
working if it's first in RUBYOPT, which means that
'metasploit:framework:spec:threads:suite' must inject '-Ilib
-rmetasploit/framework/spec/threads/logger' at the end of RUBOPT instead
of the beginning.
2014-11-13 09:19:07 -06:00
Jon Hart ebf6fe4e56
Minor style cleanup 2014-11-12 16:44:43 -08:00
Trevor Rosen f658efe144
Add the ability to specify mode in Rex output file
* Because sometimes you might want to append
* Preserves original hardcoded 'wb' as default
* http://pubs.opengroup.org/onlinepubs/009695399/functions/fopen.html
2014-11-12 16:08:03 -06:00