add294d999
Fix potential nil in last_filename
...
Replacing #2060 . It is possible to get a nil in last_filename if
the sub! function doesn't find any 0x00s to replace, so instead
it's best to use sub(), which should at least return the original
filename. To make sure we don't hit any other unknown conditions
that may result in nil last_filename, it's also convert with to_s
to make sure it's always a string.
2013-07-09 12:50:19 -05:00
afa6a36df3
Make first char's character class configurable
2013-07-09 02:50:28 -05:00
273046d8f0
Add a class for generating random identifiers
...
Will be useful for all kinds of things, but brought about in discussions
specifically for Util::EXE in #2037 .
2013-07-09 02:06:44 -05:00
4541a9e49e
now with passing msftidy
2013-07-08 17:44:50 -05:00
5c93fb2849
arp_sweep is once again working
...
modified the capture mixin to use NetworkInteface instead of
pcaprub for interfaces and addresses
FIXRM #8023,#7943
2013-07-08 17:24:28 -05:00
00c7581099
Fix constant names and 'exe-only'
...
That'll teach me to commit before the specs finish.
Really [FixRM #8149 ]
2013-07-06 12:39:15 -05:00
1b504197be
Check equality instead of regex
...
Thanks, @Meatballs1 for finding the cause of this bug!
[FixRM #8149 ]
2013-07-06 12:29:37 -05:00
2bfe8b3b29
msftidy
2013-07-05 22:35:22 +01:00
0ce3fe2e7c
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
2013-07-05 22:25:04 +01:00
0e2380c115
Fix method documentation
2013-07-05 11:19:53 -05:00
bcf6d11442
Land #2049 , @wchen-r7's had_pid? method work
2013-07-05 11:19:11 -05:00
1a0bdf335e
Retab lib
2013-07-04 12:09:46 +01:00
a76ee6c2ec
Add flexibility to lib
2013-07-04 11:03:48 +01:00
1368c1c27f
Move options to lib
2013-07-04 10:25:08 +01:00
03de8c1c3d
Pull in exploit/powershell
2013-07-04 09:54:40 +01:00
e330916744
Pull out common stuff in Util::EXE/MsfVenom tests
2013-07-03 12:25:15 -05:00
38b83ba335
ui/banner~Made msftidy happy
2013-07-03 00:29:42 +01:00
67f30a6828
Land #1739 , resolve workspace rename issues
2013-07-02 16:09:59 -05:00
0f37bbe78e
Add has_pid? function
...
[SeeRM:#8123] - Add commonly used function has_pid?. Related to
redmine issue 8123.
2013-07-02 14:33:15 -05:00
28a4a05991
Land #2046 , base argument for to_hex_dump
2013-07-02 12:11:05 -05:00
98c214d2fb
Allow 0 base address, and dynamic left column length
2013-07-02 11:40:23 -05:00
2ceb404f7d
Land #2047 , @hmoore-r7 ipmi related work
2013-07-02 11:13:25 -05:00
9eb32ea9af
Allow "base" argument for to_hex_dump
...
[SeeRM:#8121] - For debugging purposes, it's useful to be able to
specify a base.
2013-07-01 23:56:51 -05:00
2751470c71
Add @jlee-r7's feedback to sapni proxies support
2013-07-01 21:37:53 -05:00
9c4d869ed8
Land #1018 , @nmonkee's support for sap router proxies
2013-07-01 21:36:02 -05:00
1466609c86
Add more supported formats to exe generation
...
- Already supported, just added calls to the the right methods in
the .to_executable_fmt method:
- Linux armle, mipsle, and mipsbe
- Mac arm, ppc
- makes the two (!?) copies of block_api for windows match more closely
with the source used elsewhere. This is still needs to be refactored
to get rid of the duplication.
- Get rid of some of the logic in msfvenom duplicated from Util::EXE
2013-07-01 17:36:58 -05:00
8e4dd29a4c
Add cipher zero scanner
2013-06-30 02:35:37 -05:00
a5c3f4ca9b
Modify ruby code according to comments
2013-06-29 08:54:00 -05:00
e3989ad30c
Extra comments, no thanks
2013-06-28 15:44:06 -05:00
f4c805f5d6
Yarrrrrrrrd
2013-06-28 15:42:56 -05:00
6e1fa05757
Fix a handle leak & change thread creation flag
2013-06-28 13:23:08 -05:00
554d738f26
Update documentation
...
Fix broken English
2013-06-28 13:03:05 -05:00
b7430cb569
Add Msf::Post::Windows::Process
...
The purpose of Msf::Post::Windows::Process is have all the common
functions you might need to do something to a process, for example:
injecting something to a process and then run it.
2013-06-28 12:55:06 -05:00
ea13ac48ec
"fix" indentation to make egypt happy
2013-06-27 17:16:13 -05:00
89faba288d
damnit brandon turner
2013-06-27 17:12:37 -05:00
867be1257a
slight rearrangement
2013-06-27 17:09:20 -05:00
e3fde02eec
conditional wrapping
...
as per egypt's catch
2013-06-27 17:07:16 -05:00
70433820a9
fixes FD leak in RPC client
...
FD leak due to sockets not getting closed
on the rpc client
FIXRM #8107
2013-06-27 16:57:02 -05:00
d7eda343e9
fix typo in comment
...
change runing to running
2013-06-27 03:12:49 -05:00
4fb6fa67f2
Fix require for constants, trim useless fields from banner
2013-06-26 09:59:40 -05:00
84117e28a8
Remove stale constants.rb require
2013-06-26 09:52:15 -05:00
31ad7b50a9
Fix write_file on FreeBSD
...
[SeeRM #8083 ]
2013-06-25 17:19:00 -05:00
b3b94c7a73
Break packet classes into their own files
...
This makes the file structure match the class structure and makes the
source tree easier to grok.
2013-06-24 19:24:09 -05:00
1801a5a270
Better HP iLO compatibility (retry on session ID error)
2013-06-24 14:23:53 -05:00
c0fda81eb0
Removed options DB_ADD_ALL. Added options DB_ALL_PASS and DB_ALL_USERS
...
to add already known user and passwords to the lists.
2013-06-23 18:20:41 +02:00
c869112407
Cleanup, reporting, and automatic cracking
2013-06-23 01:35:31 -05:00
5656e0cb7a
Initial commit of IPMI library, scanner, & cracker
2013-06-22 23:38:28 -05:00
3c42fe594e
No need to have rescue around a print
2013-06-21 15:55:43 -05:00
2c12a43e77
Add a method for dealing with hardcoded URIs
2013-06-21 15:48:02 -05:00
39d011780e
Move deletion into #remove_resource
...
Doing it here means that modules manually calling remove_resource won't
screw up the cleanup
2013-06-21 15:34:54 -05:00
e8a92eb196
Keep better track of resources
...
[See #1623 ]
[SeeRM #7692 ]
2013-06-21 14:51:47 -05:00
81b4efcdb8
Fix requires for PhpEXE
...
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
1aff778a79
Fix unpack
2013-06-18 09:06:44 -05:00
8ae8f25d56
Land #1961 , @wvu-r7's normalization of command_dispatcher/db.rb
2013-06-18 08:57:32 -05:00
3f665ba5a0
Skip also max-age from cookies
2013-06-17 14:04:08 -05:00
819080a147
Enable rhost/rport option overrides in HttpClient
2013-06-17 11:45:01 -05:00
53077d4c1a
Add a newline before the delete message
2013-06-14 19:58:19 -05:00
cfd05bc68f
Normalize comments
2013-06-14 17:32:33 -05:00
0a9a8a57e3
Remove double newlines
2013-06-14 17:20:26 -05:00
bb02cc8509
Normalize the syntax and output of db.rb
2013-06-14 17:11:47 -05:00
d341b825d0
Rename dirbust option to conform to style
2013-06-14 12:58:08 -05:00
2971e50d06
Land #1949 , make dirbusting optional for crawler
2013-06-14 11:54:28 -05:00
f5b00512e0
Fix sap ni proxy, hopefully
2013-06-13 17:15:48 -05:00
3cb851e4e0
Merge remote-tracking branch 'todb-r7/fix-msftidy-1944' into csharp_payload
2013-06-12 17:29:00 -05:00
0f06e9b08c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into csharp_payload
2013-06-12 17:27:55 -05:00
b509ac8504
Crawler mixin: Dirbusting opt moved to advanced
2013-06-13 00:04:31 +03:00
b474cda4aa
Crawler/Anemone: Dirbusting now optional
...
[FIXRM #8030 ]
Anemone updated to make dirbusting optional (on by default) and the Crawler core
module updated to provide an option to do so.
2013-06-13 00:00:09 +03:00
8287dd314f
Merge pull request #1941 from jlee-r7/http-server-inspect
...
Functional tests in msfconsole passing, as are MSF and Pro specs. References in Pro to items that appeared session related were either debug oriented or commented out.
2013-06-12 12:54:29 -07:00
9c75d821d1
Fix up msftidy warnings on rex/text.rb
2013-06-12 11:17:58 -05:00
d0e1e4df0a
This commit adds support for C# byte arrays for the assembly payloads.
2013-06-11 19:27:06 -05:00
132769d415
Merge branch 'release'
2013-06-11 18:52:11 -05:00
72b3ea2be0
Merge pull request #1943 from shuckins-r7:bug/nx-asset-group-push
2013-06-11 18:41:49 -05:00
d5be41617e
Uses raw-xml-v2 Nexpose export for Nexpose import as this adds device-id
...
back to XML schema and will result in hosts that can be pushed back to
Nexpose.
[Bug #51521175 ]
2013-06-11 18:37:02 -05:00
6a5d1d06b2
Make the conditional correct for print_prefix
...
Fixes a bug introduced on #1936 .
2013-06-11 16:16:17 -05:00
af613ee254
Add a more readable #inspect
2013-06-11 15:22:49 -05:00
f775a0bb01
Handle single quotes for OpenVAS import
2013-06-10 19:45:50 -04:00
e05763149a
Fixed issue downloading XML reports
...
The XML report has an extra </report> tag which prevents the .text
method from working properly. I used the .to_s method instead.
I also moved the rescue statement because it was masking other errors
that were being raised.
2013-06-10 19:45:50 -04:00
9a08090b0f
Inch toward making modules more testable
2013-06-10 16:02:19 -05:00
d4e9431633
Add Gemfile entry for PacketFu
2013-06-10 14:18:05 -05:00
7dafcc76df
Remove packetfu and pcaprub libaries
...
These should be handled by bundler's Gemfile.
2013-06-10 14:12:18 -05:00
31faf65271
Land #1929 , spool ui fix from @jsherwood0
2013-06-10 12:30:50 -05:00
7ac5b6de53
Fix prompt and color issue with cmd_spool
...
Changing spool setting caused problems with prompt and color. This
fix makes the following changes:
- Saves the color setting and re-applies it to the new output console
- Sets the prompt in the same way that cmd_use does
2013-06-09 13:35:35 -04:00
6aa7c74fdd
make anemone also rspect domain
2013-06-07 14:24:14 -05:00
78b2a0a2ac
add domain support to web spider
2013-06-07 12:41:20 -05:00
8e2de6d14f
Updates js_property_spray documentation
...
After many tests, it turns out address 0x0c0d2020 is the most
consistent location acorss various IE versions. For dev purposes,
it's rather important to have this documented somewhere.
Thanks to corelanc0d3r for the data.
2013-06-07 00:28:22 -05:00
9466022194
Land #1847 - Add sorting functionality to notes command
2013-06-05 12:17:54 -05:00
026c658260
Comply with the case-sensitive rule
2013-06-05 12:16:38 -05:00
2e26256217
was missing a nil check
2013-06-04 14:21:07 -05:00
c4475538e7
Report on TaskSession associations
...
add TaskSession objects so when we report
on a session, we know what Task created it, if there
was a task
2013-06-04 13:42:36 -05:00
937d7fb762
Landing #1835 - Fix a backwards disasm bug which stomps on the depth opt
2013-05-31 16:28:49 -05:00
df2140ea59
Add back the tmp include check according to bannedit's feedback
2013-05-31 16:26:52 -05:00
dacc73a60f
Improve readability based on Egypt's feedback
2013-05-31 16:24:27 -05:00
90117c322c
Landing #1874 - Post API cleanup
2013-05-31 16:15:23 -05:00
cc60c95243
Rescue Errno::ENONENT when using File.mtime for memory cache
...
[#47720609 ]
2013-05-30 13:16:43 -05:00
541d287e70
Merge branch 'master' into bug/module-load-cache-update
2013-05-30 12:59:50 -05:00
8b488c3c6b
Merge pull request #1866 from dmaloney-r7/bug/mdm_session_port
...
Add session_port to the mdm object
SEERM #7281
2013-05-30 10:05:48 -07:00
12f0448bb4
Use a LIKE test instead of equality
...
Fixes the ability to search for CVE (as well as other reference types)
with a non-exact match
[SeeRM #7989 ]
2013-05-29 16:27:33 -05:00
63694a6c87
Landing #1875 - Also remove *.ts.rb files
2013-05-28 17:29:02 -05:00
14c4dbcf8c
Also remove *.ts.rb files
...
On the heels of #1862 , this gets rid of the "test suites" that bound
together all the old unit tests.
2013-05-28 17:05:44 -05:00
f3ff5b5205
Factorize and remove includes
...
Speeds up compilation and removes dependency on bionic source
2013-05-28 15:46:06 -05:00
0466cce7b1
Move PostMixin to its own file
...
Also replaces dead code in lib/msf/core/exploit/local.rb with what was
actually being used for the Exploit::Local class that lived in
lib/msf/core/exploit.rb.
2013-05-28 15:46:06 -05:00
8cb1bdefb7
Landing #1849 - 32 and 64bit compatible to_winpe_only() function
2013-05-28 15:24:43 -05:00
e20385dd9e
Merge pull request #1864 from dmaloney-r7/feature/task_associations/cred_service_host
...
Passes specs and functional tests
2013-05-28 12:11:57 -07:00
9843dc4cb4
Land #1708 , android meterpreter
...
Conflicts:
data/meterpreter/ext_server_stdapi.jar
2013-05-28 12:19:45 -05:00
849d974463
Add session_port to the mdm object
...
Mdm::Session was not being passed the session_port
FIXRM #7281
2013-05-24 17:46:03 -05:00
4ba571346e
Spec Msf::Simple::Framework#init_module_paths
...
[#47720609 ]
2013-05-24 12:33:42 -05:00
c22178752e
Merge branch 'master' into bug/module-load-cache-update
2013-05-24 11:06:16 -05:00
e169ccab4f
Landing #1862 - Remove inline unit tests
2013-05-23 22:19:29 -05:00
cd947e2075
Landing #1861 - Implement check for auxiliary modules
...
[FixRM:#7975]
2013-05-23 22:10:54 -05:00
1a487e476d
Merge branch 'master' into bug/module-load-cache-update
2013-05-23 14:23:14 -05:00
0f21861921
Add task handling to imports
...
allow imports to carry along task info
[Story #49167601 ]
2013-05-23 13:33:19 -05:00
05916c079e
Inline unit tests are so last decade
...
Aside from codebase-wide changes, nearly all of these tests haven't been
touched since before 2010, and there is no effort to maintain this style
of testing. We've moved on to (correctly) seperating out our tests from
our codebase.
2013-05-23 12:41:14 -05:00
d44a158238
Land #1859 , fix trailing newlines in zip.
...
This incidentally fixes #1755 for real, where most of the discussion
of this bug took place.
2013-05-23 12:00:48 -05:00
a852304ba3
DRY: Move check things to the common module level
...
While it makes lots of sense to bring check to all modules, of course
some modules will not be able to actually use it. Namely modules like
nop and payload modules. If you're feeling creative, you could probably
come up with semantically similar checks for those, too.
2013-05-23 11:42:41 -05:00
7436fdad72
First, copy-pasta and add a test
2013-05-23 11:26:53 -05:00
d8074c0bf4
Use create not new
...
Was calling .new instead of .create
[Story #49167601 ]
2013-05-22 18:29:22 -05:00
527f969d8d
fix range
2013-05-22 18:28:14 -04:00
2b70ec2e08
Payload compatible cache_in_memory
...
[#47720609 ]
Msf::PayloadSet#add_module does NOT return an annotated module class as
Msf::ModuleSet#add_module does because a payload module is defined as a
ruby Module instead of a ruby Class. Since add_module doesn't always
return an annotated_class, the logic in
Msf::ModuleManager#on_module_load needed to change to NOT use
annotated_class and create #add_module as return [void]. Thus, it is
necessary to pass in all the metasploit module metadata to
Msf::ModuleManager#cache_in_memory instead of assuming they can be
derived from the (payload) Module or (other) Class.
2013-05-22 16:06:02 -05:00
69dd7f5c58
Update Mdm and Add Task stuff to report
...
make report_* methods aware of Tasks
[Story #49167601 ]
2013-05-22 14:59:43 -05:00
314b0698ee
address feedback
2013-05-22 13:44:25 -04:00
57576de85f
Update in-memory cache to fix file_changed?
...
[#47720609 ]
Msf::ModuleManager#module_info_by_path was not being updated when a
module was loaded, so if a load_module was called again, say during
start up of prosvc, the module would reload even though there was no
change in the file because file_changed? couldn't find an entry for the
module's path in module_info_by_path.
2013-05-22 12:28:42 -05:00
e2aad8930d
Landing #1853 - Remove ID tags
2013-05-22 12:12:55 -05:00
8483528ae0
Restore generic.rb to the correct state
2013-05-22 12:11:06 -05:00
1cf485fad1
Restore tcp.rb to its current state
2013-05-22 12:06:36 -05:00
162ecd7b45
Landing #1851 - Alias 'run' to 'exploit'
2013-05-22 11:56:04 -05:00
eede80509f
Reuse appropriate terminology in docs
...
[#47720609 ]
Fix some docs and variable names to make it clearer when methods are
expecting module instance and module classes. Change some 'name'
variables to 'reference_name' since that's the proper terminology.
2013-05-21 08:19:47 -05:00
f4498c3916
Remove $Id tags
...
Also adds binary coding magic comment to a few files
2013-05-20 16:21:03 -05:00
89bd5b4791
Reset column information after running migrations
...
[#50179803 ]
[SeeRM #7967 ]
[SeeRM #7870 ]
Because metasploit-framework runs migrations with the same process and
with the same connection as it later accesses the database, the column
information can become cached prematurely and be incorrect by the end of
the migrations. Fix the bad cache by automatically resetting the column
information for all model classes after the migrations have run.
2013-05-20 13:08:07 -05:00
398dcfa8cb
Merge branch 'master' into bug/migrations
2013-05-20 12:49:33 -05:00
0e435d378c
Move Msf::DBManager#migrate(d) to module
...
[#50179803 ]
Move Msf::DBManager#migrate and the migrated attribute to
Msf::DBManager::Migration module to lower complexity of db_manager.rb
and in preparation for more migration related code on this branch.
2013-05-20 12:45:17 -05:00
5e65976089
Alias 'run' to 'exploit'
...
Allows console users to use the 'run' command for exploits as well as
auxiliary and post, in the same way that 'exploit' works for all three.
Saves some typing and makes it do the right thing so users don't have to
remember what kind of module they're using.
2013-05-20 11:20:12 -05:00
e48cfcae8e
delete a debug puts
2013-05-19 19:21:10 +02:00
e844247163
Little change in exe-only to work with x64 arch.
2013-05-19 19:01:03 +02:00
b22c5a0120
Add sorting functionality to cmd_notes
...
- Added sorting to cmd_notes
- Added make_sortable function so that sorts work happily even
when the disparate notes don't have content of the same types
in the fields the sort is requested over.
2013-05-17 23:02:38 -04:00
82867fbb66
Prevent duplicate migrations_paths
...
[#50099107 ]
If Msf::DBManager#initialize_metasploit_data_models is run multiple
times, such as during specs, ActiveRecord::Migrator.migrations_paths was
getting populated with multiple copies of the metasploit_data_models
db/migrate path, which would lead to 'DB.migrate threw an exception:
Multiple migrations have the version number 0' errors in framework.log.
2013-05-17 14:56:17 -05:00
2a9dbb2654
msfvenom and exe-small fmt bug fix
2013-05-16 21:13:45 +01:00
031bb2eb0b
Fix a backwards disasm bug which stomps on the depth option
2013-05-15 22:08:50 -04:00
61afe1449e
Landing #1275 , bash cmdstager
...
Conflicts:
lib/rex/exploitation/cmdstager.rb
Conflict was just the $Id$ tag, which is no longer used anyway.
2013-05-15 10:44:05 -05:00
6457a968c9
Land #1829 , uninvert note searching.
2013-05-15 07:14:19 -05:00
063ef487e2
Fix typo in cmd_notes
2013-05-14 18:58:31 -04:00
2ee11f70f8
Landing #1824 - Support Python when generating payloads via msfpayload
...
We love Python users too.
2013-05-14 14:14:31 -05:00
0a55c7e4b6
Proofs can be omitted if they contain sensitive data
2013-05-14 20:46:17 +03:00
96104c5860
Fix hard vs soft tabs
2013-05-13 20:44:51 -05:00
c71b57764e
Add a Python buffer formatter and update msfpayload to enable using it
2013-05-13 20:41:15 -05:00
a12e59ef1f
Merge branch 'master' into bug/web-match_and_log_fingerprint
2013-05-14 01:55:37 +03:00
f4bc3096b2
#match_and_log_fingerprint: store match not fingerprint
2013-05-10 19:59:12 +03:00
afa04ac9d0
Merge branch 'master' into feature/mdm-module-namespace
2013-05-09 16:13:06 -05:00
bc92b43408
Update to metasploit_data_models 0.11.0
...
[#47979793 ]
2013-05-09 13:25:26 -05:00
f9f769cec8
Landing #1805 - Fix unintelligible error when importing empty file
2013-05-08 20:10:45 -05:00
a5648a8830
Merge branch 'master' into feature/mdm-module-namespace
...
Conflicts:
Gemfile
Gemfile.lock
lib/msf/core/db_manager.rb
2013-05-08 13:22:41 -05:00
sinn3r
James Lee
lsanchez-r7
Meatballs
jvazquez-r7
g0tmi1k
William Vu
HD Moore
David Maloney
Josh
Daniele Martini
Tod Beardsley
Brandon Perry
Tasos Laskos
Samuel Huckins
Brandon Turner
AverageSecurityGuy
John Sherwood
Luke Imhoff
xard4s
agix
Alexandre Maloteaux
bannedit
Joshua J. Drake