283046b25d
fixing auto load on new session
2014-07-28 10:49:50 +02:00
96945442ff
removes unnec. retruns & uses of 'not' - has_actions.rb
2014-07-27 18:20:12 -05:00
a35e7371bb
Add simple tabbing for creds command
2014-07-27 14:08:38 -05:00
b8bb4c7bc0
Add add-ssh-key to help output, fix some warnings
2014-07-27 13:46:38 -05:00
a38a627b94
Merge branch 'staging/electro-release' into feature/MSP-9932/creds-add-subcommands
2014-07-27 13:38:33 -05:00
3e304536ea
Land #3554 , Typo3 mixin specs
2014-07-25 16:06:40 -05:00
a0a2fddee8
Land #3562 , yardoc cleanup
2014-07-24 17:25:12 -05:00
bc836f3606
Add a little easter egg in the NTLM hash
2014-07-24 16:37:24 -05:00
cd2ec0a863
Refactored jboss mixin and modules
...
Moved fail_with() from mixin to modules. Added PACKAGE datastore to
lib/msf/http/jboss/bsh.rb.
2014-07-24 22:58:58 +02:00
b8b3509c96
Re-add the ability to delete creds
2014-07-24 15:44:52 -05:00
18ce342e2a
Refactor a bit for readability
2014-07-24 15:42:36 -05:00
1a4e59e547
Add add-ssh-key subcommand
2014-07-23 17:09:02 -05:00
eee72a86ba
Fix the case when john cracks only half of LM
2014-07-23 15:25:32 -05:00
4f19a1defa
Add an origin type and actually honor realm
...
Also adds better help text
2014-07-22 19:52:10 -05:00
57839e0f4b
Fix some yardoc issues
2014-07-22 23:26:50 +02:00
b526fc50f8
Refactored jboss mixin and modules
...
Moved VERB option to the mixin. Replaced "if datastore['VERBOSE']"
by vprint_status().
2014-07-22 23:08:42 +02:00
1f007bf3c9
start adding new rpc calls
...
Signed-off-by: David Maloney <DMaloney@rapid7.com>
2014-07-22 15:46:27 -05:00
c1a0f707ef
typos
2014-07-22 22:29:01 +02:00
073a8c5233
redirection returns an URI
2014-07-22 19:55:26 +02:00
a6479a77d6
Implented feedback from @jhart-r7
2014-07-22 19:49:58 +02:00
baff003ecc
extracted check version to module
...
also added some wordpress specs and applied
rubocop
2014-07-22 17:02:35 +02:00
2013e28608
WIP: First stab at creds add-* subcommands
2014-07-22 02:05:55 -05:00
47d9a30af0
Add specs for Typo3 mixin
2014-07-21 17:39:07 -05:00
ae2cd63391
Refactored Jboss mixin
...
Moved TARGETURI option to the JBoss mixin. The mixin now includes
Msf::Exploit::Remote::HttpClient which provides USERNAME and PASSWORD
2014-07-21 23:41:58 +02:00
a62ee99d1d
Actually require NetAPI
2014-07-21 12:48:34 -05:00
5f0533677e
Cheat/Rubycop all the things
2014-07-20 21:07:59 +01:00
474ee81807
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-20 21:01:54 +01:00
8fe508207c
Merge Meatballs' gpp_again pull into new branch
2014-07-19 11:10:14 -05:00
ed1ed5d5a4
Merge pull request #117 from rapid7/feature/MSP-9943/db-import-creds
...
Deprecation warning exorcised, specs passing, export/import accuracy confirmed.
MSP-9943 #land
2014-07-18 11:56:59 -05:00
175d857611
Fix empty message and don't lie in yardoc
2014-07-18 11:36:31 -05:00
088f208c7c
Added auxiliary module jboss_bshdeployer
...
The module allows to deploy a WAR (a webshell for instance) using the
BSHDeployer.
Also refactored modules/exploits/multi/http/jboss_bshdeployer.rb to
use the new Mixin (lib/msf/http/jboss).
2014-07-18 11:51:46 +02:00
58adc350b5
Refactor: Creation of a JBoss mixin
...
The jboss_bsheployer as is does not allow to deploy a custom WAR file.
It is convenient when ports are blocked to be able to deploy a webshell
instead of just launching a payload. This will require a auxiliary
module which will use the JBoss mixin methods.
2014-07-18 00:56:32 +02:00
2dab69d67c
Use constant instead of hardcoded filename
2014-07-17 16:04:25 -05:00
7d1cd22aca
Quick and dirty import of cred zip
2014-07-17 15:59:16 -05:00
08cd2690f9
Merge branch 'bug/MSP-10724/fix-import-failure' into staging/electro-release MSP-10724 #land
2014-07-17 13:37:13 -05:00
e789d5350b
No idea why this didn't fail before
...
MSP-10724
2014-07-17 10:15:22 -05:00
bebf11c969
Resolves some Login::Status migration issues
...
MSP-10730
2014-07-16 21:52:08 -05:00
25f74b79b8
Land #3484 , bad pack/unpack specifier fix
2014-07-16 14:52:23 -05:00
7583ed4950
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-16 20:34:34 +01:00
52a29856b3
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-16 09:38:44 -05:00
6a1149c1ed
Add missing origin
...
MSP-9948
2014-07-15 13:27:08 -05:00
29bb788d96
Better login detection for wordpress
2014-07-15 07:04:14 +02:00
0966949203
Merge branch 'staging/electro-release' into feature/MSP-9948/update-db-import
...
Upstream merge
Conflicts:
Gemfile
Gemfile.lock
2014-07-14 17:59:54 -05:00
aca627489e
Pass workspace down in import of creds dump
...
MSP-9948
2014-07-14 16:40:41 -05:00
144c6aecba
Added WPTouch fileupload exploit
2014-07-14 21:35:18 +02:00
b05b2657bc
Now importing creds dumps inside msf zips
...
MSP-9948
2014-07-13 11:07:01 -05:00
79603c9a73
Land #3505 , a bunch o' Linux post module fixes
2014-07-11 12:39:31 -05:00
dbe9b47937
lands 3469, fixes handler deadlock in corner cases
...
May affect the following RM issues which need to be retested:
https://dev.metasploit.com/redmine/issues/8407
https://dev.metasploit.com/redmine/issues/4314
https://dev.metasploit.com/redmine/issues/6829
2014-07-10 16:20:33 -05:00
688c31cc44
Switch to a space. It gets eaten anyway.
2014-07-10 13:59:30 -05:00
5bb3c8a581
Make merged module descriptions more grammar.
2014-07-10 13:31:57 -05:00
5b1dc39caf
Filler task dropped, login results in task assoc
...
MSP-10683
* Task constraint now optional, so no need for filler
* Task ID now in service_data so it's passed to the core and the login
creation methods
2014-07-10 12:32:40 -05:00
3a41bd983e
changes 'module' back to 'script', makes more sense
2014-07-09 17:25:39 -05:00
a9e43c308e
removes lingering debug lines, changes word script to module
2014-07-09 17:05:35 -05:00
8bbaecc726
adds some additional protection against capilization issues
2014-07-09 16:46:28 -05:00
172bc450b3
adds TARGET to 'to_neuter' list
2014-07-09 16:46:28 -05:00
f4942eccd4
cleans up comments, line lengths, dup/clone
2014-07-09 16:46:28 -05:00
51db859432
uses exploit_type vs category, thx egypt
2014-07-09 16:46:28 -05:00
ee56828bf7
New updates to scriptable.rb for payload/target
...
Additional w00t for your pwning pleasure.
2014-07-09 16:46:27 -05:00
62785784c6
adds explicit TARGET setting
2014-07-09 16:46:27 -05:00
cf595d6a10
fixes alias_method call
2014-07-09 16:46:27 -05:00
13f5450e53
uses clone instead of dup
2014-07-09 16:46:27 -05:00
bb13590f02
first shot at letting scriptable.rb handle local exploits
2014-07-09 16:46:27 -05:00
c957d0a1e7
adds category to msf/core/module.rb
2014-07-09 16:46:27 -05:00
a27c1d7dcc
Importing old export, making new models
...
MSP-9948
2014-07-08 19:14:26 -05:00
c19deddfb1
Delete debug messages
2014-07-08 16:24:45 -05:00
c25c5f6806
Make linux gather post modules compatible with meterpreter
2014-07-08 16:23:57 -05:00
79054fae20
Remove credentials exportation from XML
...
MSP-9948
2014-07-08 12:03:32 -05:00
8436adb5f8
Make XML export work with new backend
...
MSP-9948
* XML data looks ok in spot check
2014-07-08 09:40:15 -05:00
a513f403ba
fixing bugs
2014-07-08 10:58:48 +02:00
6e0bc763ff
formating
2014-07-08 10:46:16 +02:00
34dcb609e2
android extension
2014-07-08 04:52:06 +02:00
aeda74f394
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-07 16:41:23 -05:00
1d7de8fef9
Mid-work commit
...
MSP-9848
2014-07-07 15:44:29 -05:00
ab7848a895
Merge master for testing of #2809
2014-07-06 22:27:58 -05:00
43d65cc93a
Merge branch 'master' into feature/recog
...
Resolves conflicts:
Gemfile
data/js/detect/os.js
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
c1fc68e1b1
Replace to_pwdump internals
...
MSP-9948
2014-07-03 15:41:26 -05:00
405de05e4b
Add specs for module_flavors
2014-07-03 10:31:39 -05:00
d93bf55435
Add a module_flavors method for all available flavors
2014-07-03 11:01:21 -04:00
2da890810a
Make db_import use Metasploit Credential
...
MSP-9948
* Special-case the pwdump file to be IO
* Had to use lotsa shims
2014-06-30 13:32:59 -05:00
84c0504b1b
MSI sections actually need to be signed after all
2014-06-30 13:08:28 -05:00
cf9c3caea3
Get the latest
...
Merge branch 'staging/electro-release' into feature/MSP-9848/db-export-refactor
2014-06-30 11:14:11 -05:00
c9b6c05eab
Fix improper use of host-endian or signed pack/unpack
...
Note that there are some cases of host-endian left, these
are intentional because they operate on host-local memory
or services.
When in doubt, please use:
```
ri pack
```
2014-06-30 02:50:10 -05:00
255e792ed3
Fix host-endian related pack errors. See below for details.
...
Ruby treats endianess in pack operators in the opposite way
of python. For example, using pack('<I') actually ignores the
endianess specifier. These need to be 'I<' or better yet, 'V'.
The endian specify must occur after the pack specifier and
multiple instances in meterpreter and exe generation were
broken in thier usage.
The summary:
Instead of I/L or I< use V
Instead of I/L or I> use N
For Q, you need to always use Q< (LE) or Q> (BE)
For c/s/l/i and other lowercase variants, you probably dont
need or want a *signed* value, so stick with vV nN and cC.
2014-06-30 02:46:36 -05:00
ea077b2f12
Improve the guess_flavor logic to pull from module info
2014-06-27 08:34:57 -04:00
952c935730
Use a semi-intelligent OptEnum for CMDSTAGER::FLAVOR
2014-06-27 08:34:57 -04:00
219153c887
Raise NotImplementedError and let :flavor be guessed
2014-06-27 08:34:56 -04:00
dcd0e77f9e
Change #compatible? method name because it's used by Module
2014-06-27 08:34:56 -04:00
31acc4a528
Fix #compatible? method
2014-06-27 08:34:56 -04:00
ddd1dd5155
The check for required decoder hasn't a lot of sense
2014-06-27 08:34:56 -04:00
9c6a521b94
Fix select_decoder
2014-06-27 08:34:56 -04:00
dad2c75592
Initialize opts arguments
2014-06-27 08:34:56 -04:00
381dea94d0
Fix typo
2014-06-27 08:34:56 -04:00
cbc1bd9966
Redesign constants
2014-06-27 08:34:56 -04:00
160147b370
Make some methods not dependant of the instance flavor
2014-06-27 08:34:56 -04:00
45248dcdec
Add YARD documentation for methods
2014-06-27 08:34:56 -04:00
68938e3d7a
Add select_cmdstager
2014-06-27 08:34:56 -04:00
35d035fa4e
Add YARD docu for execute_cmdstager
2014-06-27 08:34:56 -04:00
e8f9dde50f
Allow datastore options and opts to use strings instead of sym
2014-06-27 08:34:56 -04:00
870fa96bd4
Allow quotes in CmdStagerFlavor metadata
2014-06-27 08:34:56 -04:00
37d0dd59e8
Clean up a little CMDStager methods
2014-06-27 08:34:56 -04:00
8db7ec683f
Fix setup and teardown stager methods
2014-06-27 08:34:55 -04:00
dd7b2fc541
Use constants
2014-06-27 08:34:55 -04:00
778f34bab6
Allow targets and modules to define compatible stagers
2014-06-27 08:34:55 -04:00
74a6de828a
Cannot delete @cmd_list, is used at least by one module
2014-06-27 08:34:55 -04:00
7ced5927d8
Use One CMDStagermixin
2014-06-27 08:34:55 -04:00
0a99b549d6
Change filenames
2014-06-27 08:34:55 -04:00
cff580162b
Move stagers
2014-06-27 08:34:55 -04:00
9991316ae6
Minor code cleanup and honor the datastore decoder.
2014-06-27 08:34:55 -04:00
80bdf750e9
Multi-fy the new printf stager and add to sshexec.
2014-06-27 08:34:55 -04:00
ae25c300e5
Initial attempt to unify the command stagers.
2014-06-27 08:34:55 -04:00
a86610dad5
Gut and delegate import_msf_pwdump
...
MSP-9848
2014-06-26 16:47:42 -05:00
56b94fea4f
pcap import now creates creds
...
refactored cred creation to use Metasploit::Credential
for captured HTTP basic auth credentials gatehered on the wire
2014-06-26 15:34:40 -05:00
d6a263d538
Identify the hung host in the thread info
2014-06-22 16:01:03 -05:00
538a520445
Remove redundant option (threads are always used in reverse_tcp_double)
2014-06-22 16:00:44 -05:00
b3d83720ca
Add ReverseListenerThreaded option to prevent deadlocks
...
JodaZ reported that the handle_connection() sock.put call can
result in the entire reverse_tcp stager hanging if the client
stops receiving or is on a very slow link. The solution emulates
what ReverseTcpDouble already does, which is stage each connection
in a new thread. However, given that a high number of threads
can be a problem on some operating systems (*ahem* win32) this
option is not enabled by default.
We should look into thread pooling and handle_connection() timeouts
as well as event-based polling of multiple clients as alternatives,
but this option will improve the situation for our existing users.
2014-06-22 15:55:20 -05:00
6e5f528332
Prevent stager deadlock if inp/out detection hangs for some reason
...
Even though there are calls to has_read_data(), it doesn't prevent
the put() call from blocking in a dead client or slowaris-like
situation. By moving the inp/out detection into the thread, we
allow the main handler to keep processing connections even if
a single connection hangs.
2014-06-22 15:25:19 -05:00
53352924d2
Merge branch 'staging/electro-release' into feature/MSP-9716/mssql_crack
...
Conflicts:
Gemfile
2014-06-19 12:45:53 -05:00
b606448976
Merge branch 'feature/MSP-9689/jtr_cracker' into staging/electro-release
2014-06-19 10:14:57 -05:00
62f4054858
startring refactor on jtr_mssql
...
started work on the mssql hash cracker
fixed some minor bugs with the underlying mixin
crackers now runs. still have to have the cred objects created
2014-06-18 14:50:08 -05:00
58b016202b
Merge branch 'staging/electro-release' into feature/MSP-9709/ssh-pubkey
2014-06-18 10:50:29 -05:00
2b0bb608b1
Merge branch 'master' into staging/electro-release
2014-06-18 10:49:58 -05:00
5879ca3340
Merge branch 'upstream/master' into meatballs x64_injection
2014-06-18 10:24:33 +10:00
34c0b00816
don't autload this mixin
...
causes laod order problems when we try to
autoload this mixin. We will just explicitly require
2014-06-17 16:10:09 -05:00
763f6f8d80
finish cleaning up jtr mixin
...
finish cleaning up the module mixin for jtr
2014-06-17 15:16:32 -05:00
432b88680b
start fixing jtr module mixin
2014-06-17 13:27:11 -05:00
6237d56398
Refactor ssh_login_pubkey
...
* Fix a bug in LoginScanner::SSHKey (which was copy-pasted from SSH)
where the ssh_socket accessor was not being set because of a
shadowing local var
* Fix a bug in the db command dispatcher where an extra column was
added to the table, causing an unhandled exception when running the
creds command
* Add a big, ugly, untested class for imitating
Metasploit::Framework::CredentialCollection for ssh keys. This class
continues the current behavoir of silently ignoring files that are a)
encrypted or b) not private keys.
* Remove unnecessary proof gathering in the module (it's already
handled by the LoginScanner class)
2014-06-16 18:38:20 -05:00
d38a95a352
Merge branch 'bugfixes/post-module-execution-causing-duplicate-search-results' of github.com:nstarke/metasploit-framework into nstarke-bugfixes/post-module-execution-causing-duplicate-search-results
2014-06-15 13:15:57 -05:00
9b43749916
Land #3418 - android adobe reader addjisf pdf exploit
...
Merge branch 'landing-3418' into upstream-master
2014-06-14 11:25:29 +01:00
96e492f572
Merge branch 'master' into staging/electro-release
2014-06-12 14:02:27 -05:00
ed84336149
Merge pull request #60 from rapid7/feature/MSP-9992/creds-command
...
Refactor the creds command
2014-06-12 12:24:09 -05:00
289bae88de
Remove lie in comment.
2014-06-12 10:02:29 -05:00
2a7227f443
Land #3427 - Adds webcam module for firefox privileged sessions on OSX
2014-06-11 22:27:25 -05:00
1903542683
Merge branch 'staging/electro-release' into bug/MSP-10004/rubyzip
...
Conflicts:
Gemfile
Gemfile.lock
2014-06-11 13:42:26 -05:00
9593422f9c
Merge branch 'master' into staging/electro-release
2014-06-11 10:23:56 -05:00
4b8961a464
Land #3428 , deprecation warns for payloads
2014-06-11 09:57:07 -05:00
c0c1bd40a9
Fix help spec
2014-06-10 17:28:55 -05:00
82b2c1deae
Make creds command show Metasploit::Credentials
...
This attempts to change the output of the command as little as possible,
but removes the ability to add and delete for now. At some point, we'll
need to add that back in.
2014-06-10 15:03:03 -05:00
b379dc014a
Avoid double-printing with setup and init_ui
2014-06-10 13:57:25 -05:00
4d923a4809
Update to Rubyzip 1.X API
...
MSP-10004
`require 'zip'` instead of `'zip/zip'` and rename all classes to remove
redundant Zip prefix inside the Zip namespace.
2014-06-10 13:41:42 -05:00
92414d3688
Merge pull request #53 from rapid7/bug/MSP-9994/framework-db-driver
...
Set `framework.db.driver` when connection already established.
2014-06-10 10:49:00 -05:00
2cbbaad6b4
Set drivers and driver when connection already established
...
MSP-9994
3 database commands in msfconsole check for framework.db.driver to be
set, so driver must be set when the connection is already established by
the Rails initialization.
2014-06-09 14:26:59 -05:00
1ee35ec68a
Handle unconnected config in connection_established?
...
MSP-9994
Rescue `ActiveRecord::ConnectionNotEstablished` in
`Msf::DBManager#connection_established?` in addition to
`PG::ConnectionBad` to handle when the connection has been removed.
2014-06-09 14:26:45 -05:00
482aa2ea08
Merge branch 'master' into staging/electro-release
2014-06-09 10:27:22 -05:00
bf1a665259
Land #2657 , Dynamic generation of windows service executable functions
...
Allows a user to specify non service executables as EXE::Template as
long as the file has enough size to store the payload.
2014-06-07 13:28:20 +01:00
897ad6f963
Some service yarddoc
2014-06-07 13:27:32 +01:00
5218ca4d89
Give warning on module load
2014-06-06 23:04:40 +01:00
d990fb4999
Remove a number of stray edits and bs.
2014-06-06 16:24:45 -05:00
4a9f50bb60
Clean up some dead code.
2014-06-06 16:20:40 -05:00
7c762ad42c
Fix some minor bugs in webrtc stuff, inline API code.
2014-06-06 16:18:39 -05:00
bacf82acb1
Merge branch 'release' into 'master'
2014-06-06 09:59:00 -05:00
21be4f21a6
Bump version to 4.9.3
2014-06-06 09:52:01 -05:00
f2a56c041b
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
...
MSP-9653
Conflicts:
Gemfile
Gemfile.lock
2014-06-05 16:22:02 -05:00
28bf29980e
Merge branch 'master' into staging/electro-release
2014-06-04 10:21:08 -05:00
cf6b181959
Revert change to trailer(). Kill dead method.
...
* I verified that changes to PDF mixin do not affect any older modules that
generate PDF. I did this by (on each branch) running in irb, then
running the module and diffing the pdf's generated by each branch. There were
no changes.
2014-06-02 22:26:14 -05:00
9f5dfab9ea
Add better interface for specifying custom #eol.
2014-06-02 22:26:11 -05:00
09e965d54e
Remove extraneous method from pdf.rb
2014-06-02 22:26:03 -05:00
feca6c4700
Add exploit for ajsif vuln in Adobe Reader.
...
* This refactors the logic of webview_addjavascriptinterface into a mixin (android.rb).
* Additionally, some behavior in pdf.rb had to be modified (in backwards-compatible ways).
Conflicts:
lib/msf/core/exploit/mixins.rb
2014-06-02 22:25:55 -05:00
d0d389598a
Land #3086 , Android Java Meterpreter updates
...
w00t.
2014-06-02 17:28:38 -05:00
9e78509aac
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
...
MSP-9653
Conflicts:
Gemfile
Gemfile.lock
2014-06-02 13:40:11 -05:00
9d326fcb24
Extra common engine and fix default encoding
...
MSP-9653
Extra config and initializers that can we shared between
Metasploit::Framework::Application and the future
Metasploit::Framework::Engine. Move the default encoding setup from
lib/msf/sanity.rb to a before_initialize callback for the shared config
so that gems, like gherkin that depend on the utf-8 default internal
encoding can be loaded.
2014-06-02 12:57:48 -05:00
3ebe7dfbc8
Gem version
...
MSP-9653
Move version information to standard location for gems.
2014-06-02 12:54:46 -05:00
21fad7163d
Msf::DBManager#connection_established?
...
MSP-9653
Calling `ActiveRecord::Base.establish_connection`, followed by
`ActiveRecord::Base.connected?` returns false unless some other code
requires a connection to be checked out first. The correct way to check
if the spec passed to `ActiveRecord::Base.establish_connection` is to
checkout a connection and then ask if it is active.
`Msf::DBManager#connection_established?` does the checkout, active check
and checkin, and should be used in place of
`ActiveRecord::Base.connected?` and
`ActiveRecord::Base.connection_pool.connected?`.
`Msf::DBManager#active` should still be used as it also checks for
adapter/driver usability and that migrations have run.
2014-06-02 12:49:09 -05:00
1055efbeaa
Add module paths from paths['modules'] from Rails app and engines
...
MSP-9653
Allow rails engines (and other applications, like
Metasploit::Pro::Engine::Application) to define their own module paths
using the paths['modules'] entry for Rails Applications/Engines.
2014-06-02 12:32:54 -05:00
34004908bb
Merge branch 'master' into staging/electro-release
...
Conflicts:
.ruby-version
2014-06-02 11:10:33 -05:00
bba741897e
Land #3413 , improved FileDropper cleanup message
2014-06-02 11:05:48 -05:00
428df19739
Changed message
2014-06-02 17:28:09 +02:00
f0e9a9010e
Return nil if fail
2014-06-01 11:55:40 +01:00
a4ecd8e02d
Should return the thread object
2014-06-01 11:49:56 +01:00
58ee2ccd6e
Land #3390 , Fix have_powershell
2014-06-01 10:43:35 +01:00
03b4a29662
Clarify filedropper error message
2014-05-31 22:17:32 +02:00
dee4acdb2a
Merge pull request #27 from rapid7/feature/MSP-9725/windows_hashdump
...
Windows Hashdump post module refactor
MSP-9725 #land
2014-05-30 14:04:31 -05:00
8bcd763039
Merge pull request #26 from rapid7/feature/MSP-9685/telnet_login_scanner
...
Feature/msp 9685/telnet login scanner
MSP-9685 #land
2014-05-30 13:40:18 -05:00
782c8bd172
Merge branch 'staging/electro-release' into feature/MSP-9725/windows_hashdump
2014-05-30 13:28:35 -05:00
ba525c7b78
use metasploit-credential creation methods
2014-05-30 13:07:11 -05:00
98a23881ee
remove cred creation methods
...
removed cred creation methods from framework
and include them from the metasploit-credential gem instead
2014-05-30 11:28:53 -05:00
e3c4745879
Windows Hashdump post module refactor
...
refactor the Hashdump post module for window
to use the new cred creation methods.
Also some extra methods to do db safe checks
for record ids that we need
2014-05-29 13:20:32 -05:00
eb04a3774a
fixes for telnet wierdness
...
had to work around the way the old
Auxiliary::Login mixin worked. Scanner
now works properly
2014-05-29 10:43:00 -05:00
aa85cb8195
Update powershell.rb
2014-05-29 05:46:32 -05:00
c7366b4361
Fix a small typo in the regex
2014-05-28 14:40:09 -05:00
583dab62b2
Introduce and use OS matching constants
2014-05-28 14:35:22 -05:00
0e60f08e51
Don't re-establish connection
...
MSP-9653
If ActiveRecord::Base is already connected, then don't attempt to create
the database (as it involves establishing a new connection) or
establishing a new connection after the creation. Still run the
migrations as the normal Rails::Application.initialize! will result in
ActiveRecord::Base.connected? being true even if migrations are missing.
2014-05-28 14:34:36 -05:00
ca4c942ceb
Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation
2014-05-28 09:40:44 -05:00
967b0d49b1
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-05-28 09:39:56 -05:00
deabd1c3b0
tidy the YARD
...
some more cleanup, in the YARD
docs this time.
2014-05-28 09:30:45 -05:00
ae1b7e564b
Update powershell.rb
2014-05-27 05:18:00 -05:00
42a17cc085
Update powershell.rb
...
To be clear, the shell that was tested with was 'windows/shell_reverse_tcp' delivered via 'exploit/windows/smb/psexec'
Additional changes required to fix regex to support the multiline output. Also, InstanceId uses a lower case 'D' on the platforms I tested - PowerShell 2.0 on Windows 2003, Windows 7, Windows 2008 R2 as well as PowerShell 4.0 on Windows 2012 R2.
This method doesn't appear to be used anywhere in the Metasploit codebase currently.
2014-05-25 08:59:42 -05:00
76b9273f10
Improve reliability of have_powershell
...
I have a case where on a Windows 2008 R2 host with PowerShell 2.0 the 'have_powershell' method times out. When I interactively run the command I find that the output stops after the PowerShell command and the token from 'cmd_exec' is NOT displayed. When I hit return the shell then processes the '&echo <randomstring>' and generates the token that 'cmd_exec' was looking for. I tried various versions of the PowerShell command string such as 'Get-Host;Exit(0)', '$PSVErsionTable.PSVersion', and '-Command Get-Host' but was unable to change the behavior. I found that adding 'echo. | ' simulated pressing enter and did not disrupt the results on this host or on another host where the 'have_powershell' method functioned as expected.
There may be a better solution, but this was the only one that I could find.
2014-05-25 08:07:38 -05:00
32b88c2db6
final fixes to login creation
2014-05-23 10:58:21 -05:00
ae3c334232
Getting closer. Still something f'd with local answerer.html.
2014-05-22 17:14:35 -05:00
ac9af000af
full cred creation rotuine done
...
creating Logins as a seperate method, both
methods are done and fully documented.
2014-05-22 13:53:26 -05:00
1dbe972377
Fix URIPATH / for BrowserExploitServer
...
[SeeRM #8804 ] Fix URIPATH / for BrowserExploitServer
2014-05-22 12:18:49 -05:00
19e36cccb3
Credential Core creation now complete
2014-05-21 16:37:13 -05:00
14b796acbf
First stab at refactoring webrtc mixin.
2014-05-21 15:32:29 -05:00
3ea99a9d43
private creation w/ specs and docs
...
the private creation method is now done
with specs and YARD docs
2014-05-21 13:21:56 -05:00
2629549f6f
added realm creation
...
added method for creating credential realm
creation.
2014-05-21 11:22:22 -05:00
15313a9ab1
Dont try to read 0 structs
2014-05-20 21:55:04 +01:00
ce69f742a4
add yarddocs to origin methods
...
added YARD docs to the creation methods for
Credential::Origins
2014-05-20 11:16:19 -05:00
38fbbdc1b5
Print tm_call one caller per line
...
MSP-9653
The inspect format was difficult to read so convert to standard
backtrace format of one caller per line.
2014-05-20 10:59:29 -05:00
9cdddb08d9
origin specs for realsies
...
final specs and fixes for the origin creation
methods
2014-05-20 10:19:03 -05:00
b84aaaad19
specs and fixes for origin creation
2014-05-20 09:59:15 -05:00
ddfa4f1ee7
some origin creation specs
...
started getting working specs
for the origin creation methods. feel
into the weeds for a bit, but making progress at last.
2014-05-19 15:16:02 -05:00
9efb97d465
origin creation method
...
added base behaviour for creating generic
credential origin objects from report
2014-05-19 10:00:19 -05:00
a8bf53479d
Fix a merge error
2014-05-18 11:08:04 -05:00
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
a4d85ad61b
Merge branch 'master' into staging/electro-release
2014-05-16 11:24:18 -05:00
048aebbdf2
Search Result Uniqueness
...
SeeRM #8754
Cast the results of the query to an array and perform the uniq
function passing a block which provides uniqueness based
on the return value, which in this instance is ‘fullname’
This was done because the uniq function in AREL cannot take
a specific field for uniqueness, and the sophistication of the query
make grouping nearly impossible. Initial testing showed negligible
speed difference to the user.
2014-05-15 17:52:11 +00:00
773fd7a9cb
Fix up whitespace
2014-05-14 15:31:40 -05:00
340956f294
Add a newline after DISCLOSURE_DATE_FORMAT
2014-05-14 15:28:07 -05:00
dc7a8d32d8
Land #3324 , msfconsole search timestamp fixes
2014-05-14 21:30:02 +02:00
fb671c72a7
Merge branch 'master' into staging/electro-release
2014-05-14 13:00:37 -05:00
acaf713229
Merge pull request #17 from rapid7/feature/MSP-9606/metasploit-credential
...
Run migrations from Metasploit::Credential and initialize its concerns which patch Mdm
2014-05-14 11:15:07 -05:00
bb6201d66d
Fixing nil bug and making format constant
...
The date format has been moved into a constant variable.
Certain modules do not have a disclosure_date. For example,
‘checkvm’. This necessitated checking disclosure_date for nil
before attempting a format conversion. Also, there was an additional
location in core.rb that needed the formatting / nil check added. Specs
were also updated appropriately.
2014-05-14 15:51:42 +00:00
9fbda3eae0
Land #3183 , tab completion improvements
2014-05-14 02:20:12 -05:00
fdbfaacdf6
Land #3313 , progress feedback for PASS_FILE
...
[FixRM #8704 ]
2014-05-14 02:03:39 -05:00
1ada4831e0
Land #3293 , module deprecation constants
2014-05-14 01:37:29 -05:00
de49241195
Land #3185 , regex option validation
2014-05-14 01:27:18 -05:00
91cc9dc2d6
Add missing Msf::DBManager#drivers initialization
...
MSP-9606
2014-05-13 13:01:59 -05:00
1a3b319262
rebase to use the mixin psexec
2014-05-13 16:04:40 +02:00
87be2e674a
Rebase on https://github.com/rapid7/metasploit-framework/pull/2831 and adapt to the new mixin
2014-05-13 16:04:40 +02:00
808f87d213
SERVICE_DESCRIPTION doesn't concern this PR
2014-05-13 16:04:39 +02:00
bb4e9e2d4d
correct error in block service_change_description
2014-05-13 16:04:39 +02:00
6332957bd2
Try to add SERVICE_DESCRIPTION options to psexec, but it doesn't seem to work...
2014-05-13 16:04:39 +02:00
bdbb70ab71
up block_service_stopped.asm
2014-05-13 16:04:39 +02:00
94f97ab963
Prevent import table overwritting by shifting entry point
2014-05-13 16:04:39 +02:00
e269c1e4f1
Improve service_block with service_stopped block to cleanly terminate service
2014-05-13 16:04:38 +02:00
c43e3cf581
Improve block_create_remote_process to point on shellcode everytime
2014-05-13 16:04:38 +02:00
25d48b7300
Add create_remote_process block, now used in exe_service generation
2014-05-13 16:04:38 +02:00
5ecebc3427
Add options `SERVICE_NAME` and `SERVICE_DISPLAYNAME` to psexec and correct service payload generation
2014-05-13 16:04:37 +02:00
0b462ceea6
refactor `to_winpe_only` code to be used by `to_win32pe_service`
2014-05-13 16:04:37 +02:00
914d15c285
fix typo
2014-05-13 16:04:37 +02:00
ca7a2c7a36
Add string_to_pushes to use non fixed size service_name
2014-05-13 16:04:37 +02:00
b3fd21b98d
Change to try to follow ruby guidelines
2014-05-13 16:04:37 +02:00
72a3e49fbb
fix typo
2014-05-13 16:04:36 +02:00
513f3de0f8
new service exe creation refreshed
2014-05-13 16:04:36 +02:00
b1598e83c3
Re-enable `bundle install --without db` support
...
MSP-9606
Catch LoadError in config/application.rb when trying to require
'active_record/railtie` so that end-users can run without any of the
database gems installed. NOTE: you can't run in the development or
test environment without the database because factory_girl needs
ActiveRecord.
2014-05-12 15:39:34 -05:00
3370465d84
Use railties to load Metasploit::Credential correctly
...
MSP-9606
In order to support Metasploit::Credential correctly,
metasploit-framework needs to support Metasploit::Concern, which does
all its magic using a Rails::Engine initializer, so the easiest path is
to make metasploit-framework be able to use Rails::Engines. To make
Rails::Engine use Rails::Engine, make a dummy Rails::Application
subclass so that all the initializers will be run when anything requires
msfenv.
2014-05-12 15:03:51 -05:00
5f523e8a04
Rex::Text::uri_encode - make 'hex-all' really mean all.
...
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes' It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
f83e8a4a4f
Add missing requires
...
MSP-9606
require 'msf/base/config' when required directly was not working.
2014-05-12 10:16:10 -05:00
453851277f
Fix missing space in prompt for back and grep
2014-05-09 17:08:45 -05:00
4b47a9a297
Land #3339 , banner updates for Pro free trial
2014-05-09 15:25:09 -05:00
a71be33091
Adjusting status message to be based on time
...
Previously the status message timing was determined by the number of
pairs left to process. I have adjusted the code to rely on Time.now
in order to consistently print a message out every 60 seconds.
2014-05-09 14:39:34 +00:00
ee303aa34e
Add missing formats in lib/msf/core/db.rb comment
...
Found outside big if block. Ugh.
2014-05-08 10:27:38 -05:00
281b000805
Typo fix for #3339
2014-05-08 10:18:19 -05:00
b50b3820a0
Update core/db.rb comments 'n' stuff
2014-05-08 02:53:02 -05:00
7da6a2c84c
Update db_import help with authoritative formats
...
Taken from import_filetype_detect in lib/msf/core/db.rb.
[SeeRM #8799 ]
2014-05-08 02:30:29 -05:00
eecd05ec74
Fix banner language, padding.
2014-05-07 16:12:15 -05:00
c50c929412
Treat apt and binary installs the same for banners
2014-05-07 15:59:50 -05:00
ab56583ce0
Remove dead oldwarn code, fix shortlink
2014-05-07 09:49:41 -05:00
7ed943cead
Add new rotating banners for apt installs
2014-05-07 09:39:39 -05:00
a55e2bcf19
Rework banner trailers in sprintf padding
2014-05-07 09:38:59 -05:00
AnwarMohamed
Joshua Smith
James Lee
Tod Beardsley
us3r777
Christian Mehlmauer
David Maloney
jvazquez-r7
Meatballs
scriptjunkie
Samuel Huckins
Kyle Gray
Trevor Rosen
William Vu
linuxchuck
HD Moore
Spencer McIntyre
OJ
Tim Wright
joev
sinn3r
Luke Imhoff
Brandon Turner
Tom Sellers
nstarke
agix
Florian Gaultier
Jeff Jarmoc