265adebd50
Fix typo
2016-08-19 10:44:24 -05:00
0f4d26af19
Update yard doc
2016-08-18 17:18:16 -05:00
2a61450511
Add new POST exploitation APIs for stealing a token
2016-08-18 17:08:21 -05:00
91417e62a8
Cleanup docs
2016-08-18 10:40:32 -05:00
bc9a402d9e
Land #7214 , print_brute ip:rport fix
2016-08-17 22:48:40 -05:00
667c3566e5
Land #7209 , Add functionality to pull .NET versions on Windows hosts
2016-08-17 12:48:05 -05:00
b25b2a5188
Cleaned up code per suggestions in the PR
2016-08-16 16:16:25 -05:00
5f8ef6682a
Fix #7202 , Make print_brute print ip:rport if available
...
Fix #7202
2016-08-16 15:34:30 -05:00
498657ab35
Fix #3860 , tearing down TCP connection for send_request_cgi
...
Fix #3860
2016-08-15 15:45:52 -05:00
0778b77f7b
Cleaned up a little
2016-08-15 12:20:28 -07:00
7730e0eb27
Added ability to retrieve .NET versions
2016-08-15 11:29:00 -07:00
906d480264
Added dotnet require
2016-08-15 11:06:29 -07:00
1e7663c704
Land #7200 , Rex::Ui::Text cleanup
2016-08-12 16:22:55 -05:00
6a035b7e48
Land #7161 , add specs for cisco mixin to use Metasploit Credentials
2016-08-12 10:07:17 -05:00
6386d9daca
Land #7178 , Add a method to check the Powershell version
2016-08-11 11:02:41 -05:00
e08c4a8bef
Remove .Net check
...
cmd_exec doesn't seem to be the best way to go because there is
some issue grabbing the output sometimes.
2016-08-11 10:49:06 -05:00
3851db7bcb
Use powershell when possible
2016-08-10 15:14:11 -05:00
eb73a6914d
replace old rex::ui::text::table refs
...
everywhere we called the class we have now rewritten it
to use the new namespace
MS-1875
2016-08-10 13:30:09 -05:00
b027176799
Land #7156 , use windows_error gem for constants
2016-08-10 11:47:37 -05:00
ae59c4ae74
Land #6687 , Fix meterpreter platform to include OS in the tuple for all meterpreters
2016-08-07 05:00:24 -05:00
4055fd1930
Do e.message instead of e.to_s
2016-08-05 14:12:50 -05:00
d59b6d99ee
Make the debug output more readable
2016-08-05 13:20:53 -05:00
766c0cc539
return nil if no .Net is installed
2016-08-05 11:36:32 -05:00
a8d9a5c02c
Print exceptions if needed
2016-08-04 18:14:22 -05:00
7538b3dcf8
Fix #7170 , Add HttpTrace option for HttpClient
...
Fix #7170
2016-08-04 16:09:17 -05:00
11f94a6efc
Do a different wmic query for newer systems
2016-08-04 14:50:46 -05:00
3ea3d95744
Add methods to check .Net and Powershell versions
2016-08-03 17:49:15 -05:00
5a1cd24350
finishing converting the last of this to credentials
2016-07-29 09:58:17 -05:00
0972005b24
updating 'ppp.*username secret'
2016-07-29 09:58:17 -05:00
1d33c9aa88
updating specs upto 'username secret'
2016-07-29 09:58:17 -05:00
73b362cade
updating more spec
2016-07-29 09:58:16 -05:00
b66621af0d
adding in a blank service_name
...
fixing myworkspace
2016-07-29 09:58:16 -05:00
219f9d5d57
updating parts of cisco to use creds
2016-07-29 09:58:15 -05:00
40240662db
converting enable password to create_credentials
2016-07-29 09:58:15 -05:00
8ad38aec2f
Land #7109 , Add final filesize to msfvenom output
2016-07-29 09:24:10 -05:00
ee40c9d809
Land #6625 , Send base64ed shellcode and decode with certutil (Actually MSXML)
2016-07-28 13:01:05 -07:00
2525eab996
persistance -> persistence
2016-07-28 12:56:04 -07:00
1f5fbd4a67
Put remaining consts in exploit mixin...
2016-07-27 17:43:29 -05:00
05afaa1162
Pull in consts from rex-arch gem...
2016-07-27 17:43:17 -05:00
bdf073516b
Switch errors over to windows_error gem...
2016-07-27 17:43:00 -05:00
5b8b15e578
update global constants to allow for windows 10
2016-07-27 12:45:05 -05:00
af137f3ec3
Land #7127 , Fix #6989 , scanner modules printing RHOST in progress messages
2016-07-27 09:16:08 -07:00
a0c42f5dd2
Add wordpress_url_uploads
2016-07-26 19:10:19 -05:00
cce1ae6026
Fix #6989 , scanner modules printing RHOST in progress messages
...
Fix #6989
2016-07-25 23:15:59 -05:00
bc42ac5761
Fix #7117 by fixing stack offset
2016-07-21 20:48:08 -05:00
390f69313a
Fix grammar in browser_exploit_server
2016-07-21 11:51:10 -05:00
b58931f803
Avoid error when generated payload is nil.
2016-07-19 23:43:38 -05:00
a54945c82c
whitespace
2016-07-19 17:07:17 -05:00
ff63e6e05a
Land #7018 , unvendor net-ssh
2016-07-19 17:06:35 -05:00
e90e6c4885
Use format check instead of length.
2016-07-19 09:38:09 -05:00
d6fd2a49d4
Add final filesize, useful when using different formats.
2016-07-19 02:41:37 -05:00
6d8dd24e41
Land #7104 , Update ActiveRecord syntax for framework db cred iteration
2016-07-17 17:57:06 -05:00
2041870e62
Update ActiveRecord syntax for framework db credential iteration
2016-07-15 22:01:54 -05:00
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e02167b1d9596c7
2016-07-15 12:00:31 -05:00
01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-14 09:48:28 -05:00
277950cc79
Land #6733 , psexec StackAdjustment fix
2016-07-12 11:14:16 -05:00
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
79fd648bbe
don't double-encapsulate regexes on normalize
2016-07-11 22:05:00 -05:00
108c3961e2
Make sure GATEWAY_PROBE_PORT is 0
...
This ensures that dst_port is set for UDPSocket#send.
2016-07-11 12:10:46 -05:00
cfb56211e7
Revert "Revert "Land #7009 , egypt's rubyntlm cleanup""
...
This reverts commit 1164c025a2
2016-07-07 15:00:41 -05:00
1164c025a2
Revert "Land #7009 , egypt's rubyntlm cleanup"
...
This reverts commit d90f0779f8e3e360cc83
2016-07-05 15:22:44 -05:00
6e7f07f0f3
Fix off-by-one error in #6954
...
Props to @egypt for noticing. My bad. :-)
2016-07-05 11:12:12 -05:00
5f9f3259f8
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-05 10:48:38 -05:00
e29d5b9efe
Land #6954 , Fix the available size of payload for exploit/.../payload_inject
2016-07-05 07:38:27 -07:00
5dc7d4b16e
Land #7043 , Fix-up double slash handling with the LURI parameter
2016-07-05 01:21:33 -05:00
85dfec0cf5
minor whitespace
2016-07-05 01:20:54 -05:00
ef322ab9aa
Land #7066 - revert #6581 as it causes a regression
2016-07-05 16:05:48 +10:00
b9891aab27
Land #7007 , Added JCL header data to mainframe payload module
2016-07-05 00:22:20 -05:00
9b4028d2d7
Revert #6581 , it causes regressions
...
We need a more clever solution without breaking HttpUnknownRequestResponse.
2016-07-05 00:11:15 -05:00
02d40eb576
Land #7044 , Pass exploit SRVPORT in BrowserAutopwn2
2016-07-01 09:49:05 -05:00
4b01213fb5
Rewrite the logic to be positive
...
unless is the devil. unless/else doubly so.
2016-07-01 09:15:42 -05:00
343f4010bd
Prefer newer hash syntax
2016-06-30 15:43:06 -05:00
118caa13bf
Fix #7021 , Pass exploit SRVPORT in BrowserAutopwn2
...
In BrowserAutoPwn2, the mixin forgets to pass the SRVPORT datastore
option to the exploits, so they always use the default 8080. As a
result, if a different SRVPORT is set, BAP2 would be serving the
target machine with bad exploit links.
Fix #7021
2016-06-30 14:20:53 -05:00
23399326c2
Fix up double slashes, tweak syntax
2016-06-30 12:56:29 -05:00
5e39f895cf
Fix exception on msf 'db_export' cmd (see #7008 )
...
Users reported (in GitHub issue #7008 ) hitting an exception when attempting to export the contents of the msf database (i.e. workspaces, hosts, events, etc.) via the 'db_export' command. After some digging, it appears there were a few ActiveRecord changes with the new Rails upgrade that require a couple mods to the way we are querying.
2016-06-29 16:02:31 -05:00
a796a1bc63
wierd namespace issues?
2016-06-28 16:13:49 -05:00
39fa8bf2d4
missing require
2016-06-28 15:40:56 -05:00
3d93c55174
move sshfactory into a mixin method
...
use a convience method to DRY up creation
of the SSHFactory inside modules. This will make it easier
to apply changes as needed in future. Also changed msframework attr
to just framework as per our normal convention
MS-1688
2016-06-28 15:23:12 -05:00
ee2d1d4fdc
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-06-28 15:00:35 -05:00
97f9ca4028
Merge branch 'master' into egypt/ruby-ntlm
2016-06-28 14:14:56 -05:00
d5d0b9e9b8
Revert "Land #6729 , Speed up the datastore"
...
This reverts commit c6b1955a5a4fb7472391
2016-06-28 13:39:52 -05:00
6072697126
continued
2016-06-22 14:54:00 -05:00
0126ec61d8
Style
2016-06-22 10:15:23 -05:00
b3f59ebd19
Whitespace
2016-06-22 10:15:23 -05:00
07f7e5e148
Convert non-loginscanner MSSQL to rubyntlm
2016-06-22 10:15:22 -05:00
4b3f6c5d29
Use rubyntlm for mssql login scanner
2016-06-22 10:15:22 -05:00
3842753ce4
Added JCL header data to mainframe payload module
...
Currently any existing and future JCL payload has to have a 'job card'
basically data that defines the job to z/OS. It has information about
the job's owner, place it will run, output creation, etc. All JCL
shares the same job card format. As such, creating a shared payload
method that allows this text to be imported into any JCL payload.
Additionally, that job card is now parameterized, allowing the
exploit/payload user to edit these job card values-as this may be needed
in order to run the job sucessfully on any given system.
This PR sets up the mf module - next PRs will update the existing
payloads to use this module.
2016-06-21 22:06:44 -05:00
bf36b2c58e
Fix preamble in bind_php to include php tag+escape
2016-06-21 10:07:42 +10:00
98ad2489db
Land #6970 , #make_fast_nops for HUGE nop chunks
2016-06-17 12:56:26 -05:00
c6b1955a5a
Land #6729 , Speed up the datastore
2016-06-15 17:55:42 -05:00
563b8206c5
Land #6962 , Apache Continuum Exploit
2016-06-13 16:41:53 -05:00
337e48dc07
Create #make_fast_nops for huge NOP chunks
...
This creates a new method called #make_fast_nops for exploits that
actually need large chunks of NOPs.
2016-06-13 15:25:46 -05:00
b7139da624
Clean up whitespace
2016-06-13 10:51:38 -05:00
776dd57803
get_uri missing port fix
2016-06-12 19:27:34 -05:00
5adc360b2a
Make opts truly optional
2016-06-10 20:35:40 -05:00
0d7b587b5d
Avoid printing rhost:rport from AuthBrute
...
When AuthBurte is mixed with other modules using the TCP mixin,
rhost:rport is printed twice. This info should come from the
protocol level mixin.
2016-06-08 14:32:58 -05:00
6d72b5b19f
Land #6946 Fix a bug with OptPort validation when not req
2016-06-07 14:43:10 -05:00
53b989f283
fix normalisation so we don't coerce to 0
...
don't coerce nil to 0
2016-06-07 14:29:13 -05:00
16030cda30
simpler fix
...
talking with adam shows that there is a simpler solution
to this problem
2016-06-07 14:13:10 -05:00
9de27e0b9c
add more specific normalise method to otpport
...
add a normalise method that prevents emtpy string
from being converted to 0 for OptPort avoiding
a bad behaviour
2016-06-07 14:03:34 -05:00
27b5d961fd
fixes a bug with OptPort validation when not req
...
OptPort lost the check for whether the option was required causing it
to incorrectly return false in certain cases
MS-1633
2016-06-07 13:48:57 -05:00
da532ecc5e
Land #6919 , Move LURI into a full URI for a new 'Payload opts" column in jobs output
2016-06-03 13:57:47 -05:00
61f9cc360b
Correct casing - should be HttpUsername and HttpPassword
2016-05-27 18:31:54 -05:00
4dcddb2399
Fix #4885 , Support basic and form auth at the same time
...
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.
Fix #4885
2016-05-27 16:25:42 -05:00
f7382f5b3b
Make `jobs` display a full uri
...
Addresses the problem of LURI taking the place of URIPATH, which has
different semantics.
See #4623
2016-05-27 11:15:12 -05:00
00b18c8ac5
Land #6917 , Fix minor issues with the RC4 stager
2016-05-26 10:12:54 -05:00
a3d2cba698
Land #6906 , Improve msfvenom error handling and spec coverage
2016-05-26 07:58:37 -05:00
96c459c71d
fix #6915 , handle nil payloads and alert to the user
2016-05-26 07:22:09 -05:00
8612eaa553
remove senduuid for now, give RC4PASSWORD a default
2016-05-26 06:34:51 -05:00
c65401026a
wip fixup rc4
2016-05-25 06:17:02 -05:00
05680ab6f3
Land #6887 , add a missing postgresql 9.4.1-5 matching case
2016-05-24 22:19:03 -05:00
5921ac7b47
Add a spec and fix ReverseHttp#luri
2016-05-24 17:22:14 -05:00
3dfdf1d936
Land #6528 , tilde expansion and more for OptPath
2016-05-24 16:01:59 -05:00
a23ce05752
File.exists? must cease to exist
2016-05-24 13:53:26 -07:00
14cb85250e
Land #6912 , use the correct variable for cookie expiration in BAP2
2016-05-24 14:19:03 -05:00
ff4d150449
Show IP for print_*
2016-05-24 14:12:54 -05:00
b5987e1d51
Land #6907 , Fix check command with an IP or IP range
2016-05-24 11:37:56 -05:00
77a62ff7c0
Land #6905 RC4 Stagers
2016-05-24 09:34:32 -05:00
43f79f34a9
Removed superfluous instruction
2016-05-24 09:03:14 -05:00
3bc020178f
use the correct variable for cookie expiration
2016-05-24 07:16:55 -05:00
76e8e8f6c7
really fix regex
2016-05-23 20:08:38 -05:00
eb26202961
fix regex
2016-05-23 17:33:06 -05:00
d0b87131a9
fixing import of zip workspace
...
MS-1528
2016-05-23 16:09:22 -05:00
6af9a093d2
update bool
2016-05-23 15:48:03 -05:00
5e059e0c5b
updating the error message
...
changing the exception to be a little more specific.
2016-05-23 15:40:32 -05:00
d3cdcd5f99
Having the payload generator check the payload size
...
Payload generator will raise an error if the payload is larger then the size option
2016-05-23 15:17:41 -05:00
fe1b24e666
allow nil assignment to the datastore
2016-05-23 14:56:19 -05:00
efc64eaa5f
Implement reverse_tcp_rc4_dns payload in metasm
...
Using the ruby methods for generating assembly blocks defined or
separated in prior commits, create a new payload from the existing
assembly blocks which performs a DNS lookup of the LHOST prior to
establishing a corresponding socket and downloading, and
decrypting the RC4 encrypted payload.
For anyone looking to learn how to build these payloads, these
three commits should provide a healthy primer. Small changes to
the payload structure can yield entropy enough to avoid signature
based detection by in-line or out-of-band static defenses. This
payload was completed in the time between this commit and the last.
Testing:
Win2k8r2
ToDo:
Update payload sizes when this branch is "complete"
Ensure UUIDs and adjacent black magic all work properly
2016-05-23 14:27:11 -05:00
0e69040a6a
Implement reverse_tcp_dns as metasm payload
...
Using the separation of block_recv and reverse_tcp, implement
reverse_tcp_dns using original shellcode as template with dynamic
injection of parameters. Concatenate the whole thing in the
generation call chain, and compile the resulting shellcode for
delivery.
Metasploit module pruned to bare minimum, with the LHOST OptString
moved into the library component.
Testing:
Win2k8r2
ToDo:
Update payload sizes when this branch is "complete"
Ensure UUIDs and adjacent black magic all work properly
Misc:
Clean up rc4.rb to use the rc4_keys method when generating a
stage. Makes the implementation far more readable and reduces
redundant code.
2016-05-23 14:27:11 -05:00
df2346d9e0
Implement RC4 metasm payloads for tcp bind and rev
...
Convert reverse_tcp_rc4 and bind_tcp_rc4 from static shellcode
substitution payloads to metasm compiled assembly approach.
Splits up metasm methods for bind_tcp and reverse_tcp into socket
creation and block_recv to allow for reuse of the socket methods
with the RC4 payloads, while substituting the block_recv methods
for those carrying the appropriate decryptor stubs.
Creates a new rc4 module carrying the bulk of the decryptor and
adjacent convenince methods for standard payload generation.
Testing:
Tested against Win2k8r2, Win7x64, and WinXPx86
ToDo:
Ensure all the methods around payload sizing, UUIDs, and other
new functionality, the semantics of which i do not yet fully
understand, are appropriate and do not introduce breakage.
2016-05-23 14:27:11 -05:00
9fc07eeb99
Land #6902 , Respect SSLCipher in server mixins
2016-05-20 17:34:38 -05:00
fda4c62c1f
Respect SSLCipher in server mixins
...
This allows us to set a sane cipher spec for SSL-enabled server modules.
2016-05-20 16:59:36 -05:00
6a4a9742e8
handle bad user
2016-05-17 17:24:46 -05:00
c6db5bf34a
add a missing postgresql 9.4.1-5 matching case
2016-05-17 17:12:47 -05:00
8bccfef571
Fix merge conflict
2016-05-16 17:29:45 -07:00
04d70640b1
Land #6868 , Add axis2 payload generator for msfvenom
2016-05-16 17:48:50 -05:00
7fcddd5a05
Add axis2 payload generator
2016-05-12 22:48:07 +02:00
6142d2cef1
Merge branch 'master' into staging/rails-upgrade
2016-05-09 09:27:17 -05:00
71a674434a
Solaris 11
2016-05-09 05:11:09 -05:00
a763863ff3
remove #truncate_session_desc
...
this method was absed around a char limit
for the desc column which no longer exists
trying to perform this operation generates an error
removing the method since it is not needed
2016-05-06 09:36:12 -05:00
f75009a9c6
Don't duplicate headers when sending emails
...
If Date: and Subject: are present, we should not try to add them again.
This made Amazon SES puke, and that made us sad :(.
MS-1476
2016-05-05 10:47:21 -05:00
f096c3bb99
Land #6821 Fix send_request_cgi! redirection
2016-05-05 09:09:30 -05:00
be363411de
Land #6317 , Add delay(with jitter) option to auxiliary scanner and portscan modules
2016-05-02 13:09:40 -05:00
3b893cf740
Merge pull request #6581 from bcook-r7/uuidretry
...
don't send a response on invalid UUID, allow stagers to survive another day
2016-05-02 11:23:02 -05:00
20ec56d06a
Do not parse empty web_sites
...
MS-255
2016-04-28 13:17:03 -05:00
5a4e70fdf0
Fixes indentation in check_msf_xml_version!
...
MS-255
2016-04-28 13:17:02 -05:00
f4f607d815
Correct comments to use Nokogiri::XML::Element
...
MS-255
2016-04-28 13:17:02 -05:00
56fd5a745e
Do not parse element if empty
...
MS-255
2016-04-28 13:17:02 -05:00
050061762b
Fix db_manager rspec tests
...
MS-255
2016-04-28 13:17:02 -05:00
0e568674d7
Add comments on parse functions
...
MS-255
2016-04-28 13:17:01 -05:00
0759848ad5
Use Nokogiri Reader in zip import
...
MS-255
2016-04-28 13:17:01 -05:00
83ff60c111
Force encoding on import xml
...
MS-255
2016-04-28 13:17:01 -05:00
e4fcaefc8c
Unpack and pack an unsigned integer per 8 bytes
...
MS-255
2016-04-28 13:17:01 -05:00
e6a8d69b0b
Force encoding of XML import
...
MS-255
2016-04-28 13:17:00 -05:00
f1d8e1d693
Parse web_data in xml import
...
MS-255
2016-04-28 13:17:00 -05:00
802dfabbe3
Converts XML importer to use Nokogiri Reader
...
MS-255
2016-04-28 13:17:00 -05:00
47d52a250e
Fix #6806 and #6820 - Fix send_request_cgi! redirection
...
This patch fixes two problems:
1. 6820 - If the HTTP server returns a relative path
(example: /test), there is no host to extract, therefore the HOST
header in the HTTP request ends up being empty. When the web
server sees this, it might return an HTTP 400 Bad Request, and
the redirection fails.
2. 6806 - If the HTTP server returns a relative path that begins
with a dot, send_request_cgi! will literally send that in the
GET request. Since that isn't a valid GET request path format,
the redirection fails.
Fix #6806
Fix #6820
2016-04-25 14:30:46 -05:00
4676d70918
rm osvdb condition
2016-04-24 18:36:33 -05:00
194a84c793
Modify stdapi so it also uses exist? over exists? for ruby parity
...
Also add an alias for backward compatibility.
2016-04-23 17:31:22 -04:00
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
98f89ca23a
Land #6794 , Fixed yard doc errors
2016-04-21 13:16:45 -05:00
6cb93f2af2
Make yard doc ignore @probe
2016-04-21 13:15:58 -05:00
5e36a3128c
Fix #5197 , Fixed yard doc errors
...
Fix #5197 Fixed issues that caused errors during yard doc generation
2016-04-21 13:06:00 -05:00
57ab974737
File.exists? must die
2016-04-21 00:47:07 -04:00
6b3326eab2
Land #6707 , support for LURI handler
2016-04-20 16:26:07 -05:00
3b280d45a4
fix some yardoc issues
2016-04-18 21:00:21 +02:00
fd603102db
Land #6765 , Fixed SQL error in lib/msf/core/exploit/postgres
2016-04-18 10:44:20 -07:00
555352b210
Force lurl string duplication to avoid stageless issues
...
I have NO idea why this is even a problem. Mutating state is the spawn of satan.
2016-04-18 08:25:19 -05:00
a74a7dde55
More fixies for LURI in Python, and native too
2016-04-18 08:25:19 -05:00
b95267997d
Fix LURI support for stageless, transport add/change and code tidies
2016-04-18 08:24:41 -05:00
a45d0aed53
show LURI in new connection log message
2016-04-18 08:21:50 -05:00
7eda08aa2e
windows/x64 support
2016-04-18 08:16:35 -05:00
1e16804c63
size considerations for LURI, stageless
2016-04-18 08:16:35 -05:00
d2d36ca043
java handler, better default, jobs -v
2016-04-18 08:13:10 -05:00
b122dffe3d
initial LURI commit. windows, python functional
2016-04-18 08:13:10 -05:00
d3a832b31d
Land #6776 , Fix #6775 update regex for Win 10 UAC
2016-04-13 17:03:45 -04:00
3898d11aa7
Add Windows 10 entry to the version check regex
2016-04-13 08:23:01 +10:00
93cb91a515
Remove an extra nil check
2016-04-08 21:18:24 -05:00
6b4dd8787b
Fix #6764 , nil SQL error in lib/msf/core/exploit/postgres
...
Fix #6764
2016-04-08 15:20:04 -05:00
ae46b5a688
Bring #6417 up to date with upstream-master
2016-04-08 13:41:40 -05:00
2563634dce
Fix inverted logic introduced by #6734
...
MS-385
2016-04-06 22:03:31 -05:00
4d5695f7fc
Land #6743 , reimplement HD's session interrupt handler
...
MS-385
2016-04-05 11:16:32 -05:00
3bcac49c21
Fix: badchars.present? is false for whitespace
...
badchars.present? is false in the case of badchars containing only whitespace.
Instead check for is not empty and is not nil.
2016-04-05 10:09:56 +10:00
5e8ed09b66
Merge branch 'task/MS-1354/OpenVAS-Nessus-Importer' of https://github.com/bpatterson-r7/metasploit-framework into bpatterson-r7-task/MS-1354/OpenVAS-Nessus-Importer
2016-04-04 17:07:05 -05:00
64b94dfe3b
reimplement HD's session interrupt handler
...
reimplement HD's work on a session interrupt handler
so that if an exploit fails the handler does not continue
waiting for a session that will never come
MS-385
2016-04-01 14:43:16 -05:00
618f379488
Update auxiliary/scanner/redis/redis_server and mixin
2016-03-31 17:14:49 -05:00
2e7d07ff53
Fix PASSWORD datastore option
2016-03-31 17:12:00 -05:00
4c2e130470
fix spelling
2016-03-31 09:25:24 -05:00
8f0d664a38
Modify the open_vas importer to support both results.xml and reports.xml open_vas exports and modify the nessus importer to import what it can when it can't find a properly formatted port number
2016-03-30 17:44:26 -05:00
a808c9fe63
Bring some sanity to the datastore
...
Before, the datastore would store options case-sensitive, but would
access them case-insensitive, resulting is a number of string compares.
This commit stores options in their downcase form to reduce
update/lookup time. This adds up to reducing msfconsole boot time by
about 10% and rspec time by about 45 sec. (!) on my box.
One tricky part of this conversion is that there are several places (in
pro and framework) where we export or otherwise access the datastore as
a plain hash (case-sensitive). I believe I have caught all the ways we
access the datastore that are case-sensitive and substituted the
original key capitalization in those cases.
2016-03-30 15:17:55 -05:00
a2a522be07
Land #6716 , Add a rescue to catch method missing for stage_payload
2016-03-30 13:08:52 -05:00
ead6e6b6b6
Use a print_prefix instead
2016-03-30 11:50:45 -05:00
0a239742f5
Show handler URI so we know which job's responding
2016-03-30 11:35:04 -05:00
587f1ee7b3
Land #6708 , module documentation for msfconsole
2016-03-29 11:30:55 -07:00
e25525b4a7
avoid validating file-based datastore options on assignment
...
file:/ strings are special with some datastore options, causing them to read a
file rather than emitting the exact string. This causes a couple of problems.
1. the valid? check needs to be special on assignment, since normalization
really means normalizing the path, not playing with the value as we would do
for other types
2. there are races or simply out-of-order assignments when running commands
like 'services -p 80 -R', where the datastore option is assigned before the
file is actually written.
This is the 'easy' fix of disabling assignment validation (which we didn't have
before anyway) for types that can expect a file:/ prefix.
2016-03-28 23:03:17 -05:00
6523600952
Add a rescue to catch method missing for stage_payload
...
This allows us to provide a friendlier message to users when they are
using a stageless listener with a staged payload.
2016-03-29 09:46:09 +10:00
57984706b8
Resolve merge conflict with Gemfile
2016-03-24 18:13:31 -05:00
0c19d89655
add more space for deprecation message
2016-03-23 11:39:42 -05:00
866c4718b0
Fix OptPort validation
...
Allow a port value of 0 and don't reject empty values if the option is
not required.
2016-03-22 23:01:18 -05:00
ec3a0a108d
Change OptPort to inherit from OptInt
...
Fixes the normalize and validate methods.
2016-03-22 19:25:51 -05:00
22df7c0071
Fix datastore to validate options w/o a default
...
Options without a default were not pulled into the `@options` hash and
therefore were not used to validate options on assignment.
I am not entirely sure how this fix works, since it would seem that
non-override options would not get pulled in if an option was first set
in the global datastore. However, a previous value does not get
overridden and new values are validated. Anything further is merely
speculation on my part.
2016-03-22 19:12:53 -05:00
5c163960ed
Fix datastore to not freeze options on the default
2016-03-22 19:07:58 -05:00
1375600780
Land #6644 , datastore validation on assignment
2016-03-17 11:16:12 -05:00
1790f039c3
Land #6684 , remove obsolete warn_about_rubies
2016-03-17 08:26:57 -05:00
59a55dec5b
Land #6676 , new Postgres fingerprints
2016-03-16 16:32:10 -05:00
32fe9ae55d
Remove dead version check in db_manager.rb
...
The check appears to have been orphaned in the db_manager refactor, but
I can't track down the exact commit.
2016-03-16 15:24:55 -05:00
79c36c4f53
RPORT should be an OptPort
2016-03-16 14:13:19 -05:00
c21bad78e8
Fix some more String defaults
2016-03-16 14:13:18 -05:00
a878926f31
Remove unused datastore option
2016-03-16 14:13:17 -05:00
44e1fefa2e
when normalizing a string type, ensure we have a string first
2016-03-16 06:44:36 -05:00
5a72f2df16
remove subversion support
2016-03-15 22:00:32 -05:00
05f585157d
Land #6646 , add SSL SNI and unify SSLVersion opts
2016-03-15 16:35:22 -05:00
3cbc5684e1
iadd some preuath fps for postgres 9.4
...
the preauth fingerprinting for postgres is somewhat
unmaintainable, but due to a specific customer request
i have added these two FPs for 9.4.1-5
MS-1102
2016-03-15 14:50:07 -05:00
654590911b
Enforce integrity of datastore options on assignment
2016-03-15 14:00:32 -05:00
4f09246c78
reenable module loader warnings
2016-03-13 20:04:05 +01:00
dabe5c8465
Land #6655 , use MetasploitModule as module class name
2016-03-13 13:48:31 -05:00
15ba85bac2
fix missed deprecations
...
missed some deprecation warnings
2016-03-09 13:29:35 -06:00
88697a5d3f
Merge branch 'master' into staging/rails-upgrade
2016-03-08 15:22:04 -06:00
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
eea8fa86dc
unify the SSLVersion fields between modules and mixins
...
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
2016-03-06 22:06:27 -06:00
5a0bec81cb
disable warnings for now, to be reenabled when the module base class is updated
2016-03-06 17:19:05 -06:00
a2c3b05416
Land #6405 , prefer default module base class of simply 'Metasploit'
2016-03-06 17:10:55 -06:00
85acfabfca
remove various library workarounds for the datastore not preserving types
2016-03-05 23:10:57 -06:00
694f7f0a65
stop turning all default options into strings
...
we need to adjust vprint* functions, since they now fallthrough to the
'framework.datastore' checks because the false case actually triggers.
2016-03-05 23:09:14 -06:00
5f510df2ab
Resolve merge conflict with upstream's Gemfile.lock
2016-03-01 22:06:17 -06:00
30043bc519
Changed .all to .load in workspace.rb in order to eager load the relation and fix the 4.0 rails deprecation
2016-03-01 11:48:55 -06:00
c5a9d59455
Land #6612 , one final missing change
2016-02-29 15:08:42 -06:00
cb0493e5bb
Recreate Msf::Exploit::Remote::Fortinet
...
To match the path, even though it's kinda lame including it just for the
monkeypatch.
2016-02-29 15:04:02 -06:00
300fdc87bb
Move Fortinet backdoor to module and library
2016-02-29 12:06:33 -06:00
2950996cb8
Land #6612 , Add aux module for Fortinet backdoor
2016-02-29 12:02:49 -06:00
53d703355f
Move Fortinet backdoor to module and library
2016-02-29 11:57:42 -06:00
a87cf02b50
Land #6524 , fix reverse_http to try binding to LHOST first
2016-02-25 20:25:02 -06:00
cbc5b296e4
implement engines method locally instead of adding refinement
2016-02-25 11:05:17 -06:00
d7ba37d2e6
Msf::Exploit::Remote::HttpServer print_* fix
...
Exploit::Remote::HttpServer and every descendant utilizes the
print_prefix method which checks whether the module which mixes in
these modules is aggressive. This is done in a proc context most
of the time since its a callback on the underlying Rex HTTP server.
When modules do not define :aggressive? the resulting exceptions
are quietly swallowed, and requestors get an empty response as the
client object dies off.
Add check for response to :aggressive? in :print_prefix to address
this issue.
2016-02-21 20:20:22 -05:00
3e22de116f
Changes to fix peer and style as recommended by jhart-r7.
2016-02-20 13:53:32 -08:00
b409b2237d
update to use the common bind_addresses method
2016-02-18 18:17:56 -06:00
b5ae4c0322
remove the sleep
2016-02-18 08:33:44 -06:00
a5f3bddfc8
Support RPC API
2016-02-18 00:39:12 -06:00
aff118a3a5
don't send a response on invalid UUID
2016-02-16 09:19:45 -06:00
95484c81fd
Land #6526 , fix browser exploit server spec
2016-02-15 16:23:04 -06:00
1f58ad15ac
Browser::Exploit::Server needs to have vprint*
2016-02-15 16:21:24 -06:00
3d1861b3f4
Land #6526 , integrate {peer} string into logging by default
2016-02-15 15:19:26 -06:00
4db2840af9
Land #6385 , add .apk template support for msfvenom
2016-02-15 14:27:08 -06:00
2386cb1344
Land #6527 , add support for importing Burp suite vuln exports
2016-02-10 13:19:21 -06:00
d5c3fcae04
Land #6511 , Bump Jsobfu version to support preserved_identifiers
2016-02-05 15:57:53 -06:00
4dcbd7c1ae
Add a nokogiri xml stream parser for Burp issue xml and rename original burp parser to burp session parser so both are supported.
2016-02-04 10:30:56 -06:00
869bf884c6
OptPath with no value is valid
2016-02-03 14:53:47 -08:00
df9d46eec2
Normalization for OptPath
2016-02-03 14:37:29 -08:00
53d4e31844
Allow OptPath to valid symbolic paths that need expansion
2016-02-03 14:12:03 -08:00
d55e68e76b
Fix bug in js_obfuscate
2016-02-02 11:25:39 -06:00
wchen-r7
James Lee
William Vu
William Webb
Brendan
Pearce Barry
Brent Cook
David Maloney
dmohanty-r7
darkbushido
scriptjunkie
forzoni
Brent Cook
OJ
HD Moore
Louis Sato
Bigendian Smalls
Trenton Ivey
Brian Patterson
Jon Hart
RageLtMan
Adam Cammack
Christian Mehlmauer
thao doan
Rory McNamara
Spencer McIntyre
Justin Steven
greg.mikeska@rapid7.com
Gregory Mikeska
Micheal