Commit Graph

189 Commits (a9b9a58d4d9d7a8809eb3a5401ffbddafb0f90d8)

Author SHA1 Message Date
Brent Cook 0e3eba18b3 simplify guard logic 2017-02-17 16:00:15 -06:00
Brent Cook f4befda59b inherit the options from the default target so we can autocomplete before the rhost resolution occurs 2017-02-17 15:50:45 -06:00
Brent Cook 76529278b8 make sure we can actually invoke auto targeting before adding it 2017-01-30 05:24:57 -06:00
Brent Cook 7d32166c70 use a better check for whether rhosts exists 2017-01-29 19:18:23 -06:00
David Maloney d564f5d60a
don't add auto targets to things without rhost
Things like browser exploits don't have remote host options
which is what auto targeting relies on, so it does not make sense
to include the auto-targeting in these exploits

7837
2017-01-17 11:40:07 -06:00
David Maloney 31d36d9112 if autotargeting fails fall back
fallback to the original first target if auto-targeting fails
2017-01-03 14:38:52 -06:00
David Maloney 5fd531028c ome minor guards and spec fixes
some minor conditional guards and spec fixes
2017-01-03 14:38:51 -06:00
David Maloney a61b92aa3e tweak target selection
the target selection actually adjust the datastore
as if a user selected the target, this prevents
a mismatch between the target and the target index

MS-2325
2017-01-03 14:38:51 -06:00
David Maloney 3d2957dff1 tying it all together
insert our autotarget routine into
the main target selection process

MS-2325
2017-01-03 14:38:50 -06:00
David Maloney 44830dfc54 prefer authour's target over ours
if the module authour added an automatic target
we skip our routine, to let the module's own automatic targeting
take over as it likely be better

MS-2325
2017-01-03 14:38:50 -06:00
David Maloney 4060e63b89 add tests for auto target addition
tests to make sure we add auto targets only
in the appropriate conditions

MS-2325
2017-01-03 14:38:49 -06:00
David Maloney 84d5e42e4f start gearing up for testing
start getting auto-targeting test framework in place
so we can have unit tests for this behaviour

MS-2325
2017-01-03 14:38:45 -06:00
David Maloney 769d477e97 if no automatic target defined, add one
if an exploit does not have a defined automatic target
then we add one in for our fallback auto-targeting

MS-2325
2017-01-03 13:54:34 -06:00
William Vu f95136ce67 Prefer && over and 2016-12-21 00:16:33 -06:00
Brent Cook efb015facc make assigning payload fast again
This streamlines the check for whether the currently-selected payload is
compatible on assignment. Rather than building the entire list of
compatible payloads, and seeing if what the user typed is in it (and
making multiple giant lists on the way), we simply check the module the
user typed directly.
2016-12-20 17:39:09 -06:00
Brent Cook 743bea912a fix exploit Passive / Aggressive overrides to do the right thing 2016-09-25 19:57:41 -04:00
wchen-r7 337e48dc07 Create #make_fast_nops for huge NOP chunks
This creates a new method called #make_fast_nops for exploits that
actually need large chunks of NOPs.
2016-06-13 15:25:46 -05:00
James Lee 2563634dce
Fix inverted logic introduced by #6734
MS-385
2016-04-06 22:03:31 -05:00
David Maloney 64b94dfe3b
reimplement HD's session interrupt handler
reimplement HD's work on a session interrupt handler
so that if an exploit fails the handler does not continue
waiting for a session that will never come

MS-385
2016-04-01 14:43:16 -05:00
Brent Cook 85acfabfca remove various library workarounds for the datastore not preserving types 2016-03-05 23:10:57 -06:00
James Lee 0f7e3e954e
HttpServer's print prefix with... wait for it...
print_prefix
2016-01-20 13:44:18 -06:00
wchen-r7 a16a10aaf6 Fix #6371, being able to report an exception in #job_run_proc
Fix #6371

When a browser fails to bind (probably due to an invalid port or
server IP), the module actually fails to report this exception from
exception, the method calls exploit.handle_exception(e). But since
handle_exception is not a valid method for that object, it is unable
to do so, and as a result the module fails to properly terminate
the module, or show any error on the console. For the user, this will
make it look like the module has started, the payload listener is up,
but there is no exploit job.

Rex::BindFailed actually isn't the only error that could be raised
by #job_run_proc. As far as I can tell registering the same resource
again could, too. With this patch, the user should be able to see this
error too.

Since the exploit object does not have access to the methods in
Msf::Simple::Exploit, plus there is no other code using
handle_exception and setup_fail_detail_from_exception, I decided
to move these to lib/msf/core/exploit.rb so they are actually
callable.
2015-12-22 16:35:29 -06:00
jvazquez-r7 d85412b0fb
Complete fix for generation of nop sleds 2015-10-16 14:01:00 -05:00
jvazquez-r7 b788772215
break only if 'make_nops' is able generate the nop sled 2015-10-16 13:28:37 -05:00
Fernando Arias eb479318b1
Use existing run for match result or create a new one if it doesnt exist
MSP-13119
2015-09-15 14:34:44 -05:00
Fernando Arias c7f15ca940
Rework how match results get created
MSP-13119

* Create match result when we create vuln attempt
2015-09-14 12:18:47 -05:00
Fernando Arias 0bb03db786
Rework vuln lookup logic to account for vuln with no service (nexpose import vuln with -1 port)
MSP-13234
2015-09-09 13:21:05 -05:00
Fernando Arias ed1065b297
Create MatchResult with status Failure on session failure
MSP-13104
2015-08-24 12:56:32 -05:00
jvazquez-r7 af326a4f88
Use compatible_payloads instead of copy and paste 2015-05-29 16:55:19 -05:00
wchen-r7 defda01d87 Some doc 2015-05-29 15:09:29 -05:00
wchen-r7 b33ace2f44 Put is_payload_compatible? in exploit.rb 2015-05-29 15:07:59 -05:00
Christian Mehlmauer 668961b69d
fix some yarddoc issues 2015-04-20 00:06:59 +02:00
wchen-r7 37613adebb Improve developer experience for fail_with
The fail_with for an exploit is used differently than a non-exploit,
so it would be nice to document about this. Also, be strict about
the reason for the exploit one, because this can affect other
components of Metasploit.
2015-04-17 15:55:22 -05:00
Christian Mehlmauer 69d3c26746
fix documentation 2015-04-16 21:28:16 +02:00
root 51dd88114b Fix grammer in comments 2015-04-13 13:21:41 +05:00
Luke Imhoff 0c00c7cc50
Fully-qualifiy Msf::MODULE_TYPES constants
MSP-11126

Fully-qualify `Msf::MODULE_TYPES`, `Msf::MODULE_ANY`,
Msf::MODULE_ENCODER`, `Msf::MODULE_EXPLOIT`, `Msf::MODULE_NOP`,
`Msf::MODULE_AUX`, `Msf::MODULE_PAYLOAD`, `Msf::MODULE_POST` so that
their usage isn't dependent on nested lexical scoping.
2014-10-17 12:43:40 -05:00
jvazquez-r7 0c44cc5ae4 Allow Exploits to provide Encoder Compat options 2014-02-21 15:49:39 -06:00
Meatballs 56359aa99f
Merge changes from other dev machine 2014-02-07 21:22:44 +00:00
jvazquez-r7 80e7ae144b Use the platform when selecting the payload 2014-02-04 14:34:11 -06:00
Meatballs 0a3cb3377f
AppendEncoder 2014-02-04 15:41:10 +00:00
sinn3r 6ffb750633 Change Unsupported message
Auxiliary modules can use check, too. Not just exploits.
2014-01-26 01:14:11 -06:00
sinn3r ea47da5682 Add wiki link "How to write a check() method" to documentation 2014-01-20 20:10:50 -06:00
sinn3r e48b8ae14c Use a better term 2014-01-19 16:01:38 -06:00
sinn3r afd0e71457 Use the term "exploit" is a little more correctly
So Metasploit uses the term "exploit" to describe something, a module
or an action, that results popping a shell. A check normally doesn't
pop a shell, so avoid that language.
2014-01-17 13:50:23 -06:00
sinn3r 363c53e14e Clearify when to use a specific CheckCode
An example of the biggest confusion module developers face is not
actually knowing the difference between Detected vs Appears vs
Vulnerable. For example: a module might flag something as a
vulnerable by simply doing a banner check, but this is often
unreliable because either 1) that banner can be fooled, or 2)
the patch does not actually update the banner. More reasons may
apply. Just because the banner LOOKS vulnearble doesn't mean it is.
2014-01-17 13:35:17 -06:00
Tab Assassin 7e5e0f7fc8 Retab lib 2013-08-30 16:28:33 -05:00
HD Moore bec15ebf7c Remove Failure (moved to parent class) 2013-08-15 13:31:21 -05:00
James Lee f3ff5b5205 Factorize and remove includes
Speeds up compilation and removes dependency on bionic source
2013-05-28 15:46:06 -05:00
James Lee 0466cce7b1 Move PostMixin to its own file
Also replaces dead code in lib/msf/core/exploit/local.rb with what was
actually being used for the Exploit::Local class that lived in
lib/msf/core/exploit.rb.
2013-05-28 15:46:06 -05:00
Tod Beardsley a852304ba3 DRY: Move check things to the common module level
While it makes lots of sense to bring check to all modules, of course
some modules will not be able to actually use it. Namely modules like
nop and payload modules. If you're feeling creative, you could probably
come up with semantically similar checks for those, too.
2013-05-23 11:42:41 -05:00