847e630630
ensure incoming creds are all UTF-8
2018-11-22 09:20:12 -06:00
e07e5caebd
don't do a binary regex against a regular string
2018-11-22 09:19:38 -06:00
cdc9c24f6d
don't try to close a nil connection in smb login scanner mixin
2018-11-22 05:02:17 -06:00
8694d6dd19
Land #10990 , move metasploit web service code
2018-11-21 16:49:56 -06:00
77723ba2f8
Land #11002 , Support Python 3.7 in external probe scanner code
2018-11-21 16:23:34 -06:00
682ebdc234
Land #11001 , Properly error out when attempting to format ELFs
2018-11-21 16:13:40 -06:00
317f71f7f4
Land #10802 , Make `msfvenom -f` case-insensitive
2018-11-21 16:04:30 -06:00
c9f8a591e5
Land #10872 , Add --pad-nops option for msfvenom
2018-11-21 16:02:02 -06:00
44da31edb8
Support Python 3.7 in external probe scanner code
2018-11-21 15:06:54 -06:00
818c3c9f57
Properly error out when attempting to format ELFs
2018-11-21 14:57:37 -06:00
230ae70028
Land #11000 , fix DB import error messages
2018-11-21 14:52:17 -06:00
1eb4a79410
adjust error message on impart
2018-11-21 14:42:48 -06:00
7312fa774f
Return the original key if it does not exist in the datastore
2018-11-21 06:03:50 -06:00
063838fb17
ensure a value exists before returning the normalized key
2018-11-21 04:43:06 -06:00
da9e6edbf1
delete option aliases when an option is deleted
...
Otherwise the aliases will remain active and if the aliased value is redefined
2018-11-21 04:09:33 -06:00
30bf716827
Use --pad-nops as a boolean to make -n <size> the total payload size.
2018-11-20 23:26:03 -06:00
4cc9959e3f
Move MSF API App and associated servlets
...
The modules interact with the DbManager, however, are not a part of it
and belong in a more meaningful location for web services.
2018-11-19 18:46:15 -05:00
630de06f9e
Land #10972 , Rework session_compatible? check in post mixin, excluding ARCH_CMD modules
2018-11-19 16:08:15 -06:00
6d317baada
Coerce DisablePayloadHandler into a Boolean string
...
Due to discrepancies in how command dispatchers receive datastore
options, especially after a "save" of the console, Boolean values are
stored as strings.
This is a quick fix for DisablePayloadHandler specifically, since it was
driving me insane.
2018-11-19 13:18:15 -06:00
fd3ece3f9b
Land #10956 , Use new 'data_service_operation' block in 'DataProxy' modules
2018-11-16 17:24:00 -06:00
4726c58516
Update documentation
2018-11-16 12:40:42 -06:00
1e3515bddc
Clean up code
2018-11-16 05:04:54 -06:00
a58a91613a
Exclude ARCH_CMD modules, not local exploits
...
We don't want to lose SessionTypes. Brain fart.
2018-11-16 05:00:17 -06:00
8be53f8730
Land #10971 , Fix extraneous whitespace in check output
2018-11-16 03:38:32 -06:00
277ed375d6
Ensure peer_msg falls back on an empty string
...
Co-Authored-By: wvu-r7 <wvu-r7@users.noreply.github.com>
2018-11-16 03:30:52 -06:00
b60ae0ff1a
Limit session_compatible? check to post modules
...
Local exploits may define a different payload platform or arch.
2018-11-16 02:59:59 -06:00
eb90fc74a1
Fix extraneous whitespace in check output
...
Death to the peer gods.
2018-11-16 02:59:36 -06:00
691b9276a6
Fix issue when re-establishing DB connection
2018-11-15 21:00:19 -05:00
420be60900
add CVE-2018-4237
2018-11-15 08:48:10 +08:00
38bea6c29c
Added msmailprobe to msf
2018-11-14 16:15:11 -06:00
795aa3c99c
Land #10828 , git submodule url exec CVE-2018-17456
2018-11-14 12:39:13 -06:00
97ee965c6e
Landing #10884 - Add JSON-RPC Client
2018-11-13 08:31:55 -06:00
2571c8cd86
Use data_service_operation block to perform work
2018-11-12 23:45:29 -05:00
d2a78cecd0
improvements to code commente and floe
2018-11-12 17:31:43 -06:00
1b44fd0ade
Remove conditional for path
2018-11-12 11:05:40 -06:00
a80ac67373
Prepend GO path
2018-11-12 11:03:19 -06:00
8dc974b51e
Prepend python path
2018-11-12 07:58:43 -06:00
e231fd0623
next if onlyup
2018-11-10 16:21:06 +00:00
8ea4ed6314
land #10927 proper identification of centos/alpine linux in post libs
2018-11-10 08:33:35 -05:00
5ba44ff12d
add default service mapping to imports
2018-11-08 18:14:22 -06:00
7127792fcf
tidy up external go modules
2018-11-06 20:23:10 +01:00
407a9f3de1
remove debug
2018-11-06 11:12:02 -06:00
76531cb818
gofmt all the things
2018-11-06 11:12:02 -06:00
97bee891ce
remove some ruby vestiges
2018-11-06 11:12:02 -06:00
df43b372fa
initial golang module support
2018-11-06 11:12:02 -06:00
cfbc0a9a0c
properly bubble up errors on external module load
2018-11-06 11:12:02 -06:00
dea460c813
golang module loader support
2018-11-06 11:12:02 -06:00
08d4e2265d
Add CentOS and Alpine Linux detection to Linux system lib
2018-11-06 03:16:07 +00:00
a8ff9b27f7
Land #10823 , store host system data from post/system libs in database
2018-11-06 02:54:02 +00:00
e7f5c0cfbf
additional solaris-ish regexes
2018-11-05 19:25:08 -05:00
cb229411bc
Land #10888 , Fix Net::SSH::CommandStream session open failure
2018-11-05 11:15:09 -06:00
ad58930e9b
Dump formats when invalid format is selected
2018-11-04 09:25:37 -05:00
9f77966ec9
Revert downcase throughout, instead use single downcase within option parsing
2018-11-04 08:57:45 -05:00
7326453024
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into hosts_data
2018-11-03 17:06:00 -04:00
ca0249c539
enhancements to solaris host info db regex
2018-11-03 17:05:47 -04:00
e9b3502f98
Fix Net::SSH::CommandStream session open failure
...
I suspected this might be a problem for libssh servers.
2018-11-02 01:08:05 -05:00
8372007576
Prefer method_defined? for the class
2018-11-02 00:34:17 -05:00
c3311da6e2
Be specific about report_on_exception
2018-11-02 00:24:16 -05:00
0592420ea4
Fix thread exception reporting for Ruby 2.3.8
...
Thread::report_on_exception doesn't exist.
2018-11-01 18:59:23 -05:00
7cf384405e
only change thread behavior if on Ruby 2.5 or above
2018-11-01 18:24:12 -05:00
4dcb31f26b
only turn off thread reporting if it is already on
2018-11-01 18:08:52 -05:00
0b682b6300
Preserve old thread exception reporting behavior
...
https://ruby-doc.org/core-2.5.0/Thread.html#method-c-report_on_exception
2018-11-01 17:30:49 -05:00
08ec8e1ef9
Land #10553 , add x86/xor_dynamic and x64/xor_dynamic encoders
...
Merge branch 'land-10553' into upstream-master
2018-10-30 09:56:15 -05:00
06966312c1
Remove unused code
2018-10-30 00:40:33 -04:00
04e4c2941c
Remove unnecessary require
2018-10-30 00:19:21 -04:00
3c3022902f
Add JSON-RPC Client
2018-10-30 00:15:58 -04:00
24b1898e21
Fix comment
2018-10-29 23:27:50 -04:00
ffc193f49b
Issue #6100 : Finalized changes to pass rake spec Msf::PayloadGenerator
2018-10-26 13:06:37 -05:00
bd7c867485
Land #10862 , fix issue with session reporting when DB is disabled
2018-10-26 10:58:06 -05:00
eb9dd311ce
Add check that data service is active
2018-10-25 23:07:31 -04:00
2f8aacbf8d
Remove debug output
2018-10-25 14:44:11 -04:00
64f8852797
Use data_service_operation block to perform work
...
This fixes the session report issue when the database is disabled,
because no exceptions are thrown from the DataProxy under these
conditions.
2018-10-25 14:38:13 -04:00
7f8aeeb498
Raise RuntimeError rather than Exception
2018-10-25 14:29:24 -04:00
8e2d6a62b1
Add block process data service operation method
2018-10-25 14:24:47 -04:00
6920470f99
Land #10821 , Enhance windows compiler w/ new functions
2018-10-24 20:28:36 -05:00
2ab9a003d4
Land #10864 , Add Cisco WebEx RCE Modules
2018-10-24 16:20:00 -05:00
b875a102fe
remove report_host data for another PR
2018-10-24 16:26:38 -04:00
4dd2147d60
Land #10857 , ensure os_flavor can be supplied for non Windows OS
2018-10-24 14:28:32 -05:00
3c5aa93a0d
Fix for style consistency.
2018-10-24 15:17:37 +08:00
129425ca94
Fix session report bug when database disabled.
2018-10-24 14:48:03 +08:00
34ae9c38f9
added WebEx modules, arch check
2018-10-23 15:51:23 -05:00
efeacf8666
ensure os_flavor can be supplied for no Windows OS
2018-10-23 12:22:57 -05:00
b65f467ada
Land #10851 , add ndkstager to data/exploits
2018-10-23 12:04:57 -05:00
4182777488
Support SSH shell/exec channel request output
...
Looks like channel[:data] was initialized but never used.
2018-10-23 09:34:12 -05:00
f742d3bd9a
Land #10450 , Implementation of CTRL+Z in reverse shell session
...
Additionally, a check was added to disable this new functionality on
Windows command shell payloads.
2018-10-22 15:50:41 -05:00
dd5ac16240
re-add report
2018-10-22 15:42:47 -04:00
4426e4131a
remove unecessary include
2018-10-20 15:01:40 -04:00
da38dfb29a
Clarify we never receive CHANNEL_OPEN_FAILURE
2018-10-19 13:25:19 -05:00
cc283d9def
Add testing note about session channel opens
2018-10-19 13:13:22 -05:00
21397330f8
Refactor fortinet_backdoor copypasta
2018-10-19 00:07:18 -05:00
d1354cc1f7
Add libssh auth bypass packet
2018-10-18 23:03:23 -05:00
cf00f20e11
Update Net::SSH::CommandStream exception handling
2018-10-18 22:45:16 -05:00
64e257649f
cleanup module
2018-10-18 11:45:59 +08:00
290d4428c1
create git mixin
2018-10-18 11:31:31 +08:00
6fd53fcb6a
Fix whitespace further
2018-10-17 15:45:02 -05:00
1e1950c83d
Prefer keyword args after all
...
SINCE we've been using only the first two params, we're fine!
2018-10-17 15:41:19 -05:00
a453760aa4
Add PTY option to Net::SSH::CommandStream
...
This allows us to spawn a PTY for our shell session. Note that this will
write us to {u,w}tmp and lastlog, so use this option with care.
And yes, I did change the API, but up until now, we've been using only
the first two parameters. We should be using keyword args. /shrug
2018-10-17 15:40:13 -05:00
e78b760678
database host info from post modules
2018-10-17 12:43:05 -04:00
ef3b1df647
Fix regular
2018-10-17 18:34:35 +08:00
7b1b2198cb
resolve confiict.
2018-10-17 17:33:01 +08:00
Brent Cook
Adam Cammack
Jeffrey Martin
Patrick
Matthew Kienow
William Vu
Erin Bleiweiss
Brendan Coles
Tim W
Christopher Lee
Jacob Robles
h00die
Christian Mehlmauer
Kevin Kirsche
bwatters-r7
James Barnett
Wei Chen
Green-m
Shelby Pace
asoto-r7