William Vu
cb0493e5bb
Recreate Msf::Exploit::Remote::Fortinet
...
To match the path, even though it's kinda lame including it just for the
monkeypatch.
2016-02-29 15:04:02 -06:00
William Vu
300fdc87bb
Move Fortinet backdoor to module and library
2016-02-29 12:06:33 -06:00
wchen-r7
2950996cb8
Land #6612 , Add aux module for Fortinet backdoor
2016-02-29 12:02:49 -06:00
William Vu
53d703355f
Move Fortinet backdoor to module and library
2016-02-29 11:57:42 -06:00
Brent Cook
a87cf02b50
Land #6524 , fix reverse_http to try binding to LHOST first
2016-02-25 20:25:02 -06:00
Gregory Mikeska
cbc5b296e4
implement engines method locally instead of adding refinement
2016-02-25 11:05:17 -06:00
wchen-r7
58ad2175b8
Raise when no network connection
2016-02-24 18:57:40 -06:00
RageLtMan
d7ba37d2e6
Msf::Exploit::Remote::HttpServer print_* fix
...
Exploit::Remote::HttpServer and every descendant utilizes the
print_prefix method which checks whether the module which mixes in
these modules is aggressive. This is done in a proc context most
of the time since its a callback on the underlying Rex HTTP server.
When modules do not define :aggressive? the resulting exceptions
are quietly swallowed, and requestors get an empty response as the
client object dies off.
Add check for response to :aggressive? in :print_prefix to address
this issue.
2016-02-21 20:20:22 -05:00
Micheal
3e22de116f
Changes to fix peer and style as recommended by jhart-r7.
2016-02-20 13:53:32 -08:00
wchen-r7
24530e2734
Scrollable list, tab name change, print_status
2016-02-19 20:46:39 -06:00
Louis Sato
9ba82453f8
Land #6584 , cidr notation addition for route command
2016-02-19 12:20:00 -06:00
Brent Cook
b409b2237d
update to use the common bind_addresses method
2016-02-18 18:17:56 -06:00
wchen-r7
4c716a268d
Set some flags
2016-02-18 16:11:34 -06:00
Brent Cook
1e58b1574a
Land #6502 , add -x flag for showing extended sessions info
2016-02-18 15:37:41 -06:00
Brent Cook
d316609fef
put extra columns under the -x flag
2016-02-18 15:36:43 -06:00
wchen-r7
3beaeceb0e
Special-case bap2
2016-02-18 15:19:39 -06:00
wchen-r7
e5ad6fa781
Support "knowledge base"
2016-02-18 15:02:24 -06:00
wchen-r7
02834d4251
Add API documentation
2016-02-18 11:44:14 -06:00
wchen-r7
68703e1955
Break down DocumenGenerator, fix a bug when opening local md
2016-02-18 10:25:40 -06:00
Brent Cook
b5ae4c0322
remove the sleep
2016-02-18 08:33:44 -06:00
wchen-r7
a5f3bddfc8
Support RPC API
2016-02-18 00:39:12 -06:00
wchen-r7
089d6985b6
Add more demo templates
2016-02-18 00:17:32 -06:00
wchen-r7
1bfe1ad140
More demos
2016-02-17 19:04:06 -06:00
wchen-r7
76f2c917ee
Allow no GITHUB_OAUTH_TOKEN, and gsub for demo
2016-02-17 15:38:30 -06:00
wchen-r7
0b095cf08a
Remove unwanted variable
2016-02-17 15:25:31 -06:00
wchen-r7
8b267efa2d
No need to gsub the first 12 spaces anymore
2016-02-17 14:29:33 -06:00
wchen-r7
714106174e
Do external erb template
2016-02-17 14:27:29 -06:00
wchen-r7
d5c005d948
HTML-escape some fields
2016-02-17 13:56:03 -06:00
wchen-r7
5339bb50d8
Support targets
2016-02-17 13:48:24 -06:00
James Lee
28e6d8ef9e
Allow CIDR notation for the route command
2016-02-17 09:44:32 -06:00
wchen-r7
08dff6541d
rm junk code
2016-02-16 23:29:08 -06:00
wchen-r7
509a1e8de1
Add manual for demo purposes
2016-02-16 23:18:29 -06:00
wchen-r7
b0cfb4aacf
Add info -d to show module documentation in .md
2016-02-16 22:44:03 -06:00
James Lee
35e0a433ea
Make error output more useful
2016-02-16 14:45:00 -06:00
Brent Cook
aff118a3a5
don't send a response on invalid UUID
2016-02-16 09:19:45 -06:00
Brent Cook
95484c81fd
Land #6526 , fix browser exploit server spec
2016-02-15 16:23:04 -06:00
Brent Cook
1f58ad15ac
Browser::Exploit::Server needs to have vprint*
2016-02-15 16:21:24 -06:00
Brent Cook
3d1861b3f4
Land #6526 , integrate {peer} string into logging by default
2016-02-15 15:19:26 -06:00
Brent Cook
4db2840af9
Land #6385 , add .apk template support for msfvenom
2016-02-15 14:27:08 -06:00
Brent Cook
2386cb1344
Land #6527 , add support for importing Burp suite vuln exports
2016-02-10 13:19:21 -06:00
wchen-r7
d5c3fcae04
Land #6511 , Bump Jsobfu version to support preserved_identifiers
2016-02-05 15:57:53 -06:00
Brian Patterson
4dcbd7c1ae
Add a nokogiri xml stream parser for Burp issue xml and rename original burp parser to burp session parser so both are supported.
2016-02-04 10:30:56 -06:00
Jon Hart
869bf884c6
OptPath with no value is valid
2016-02-03 14:53:47 -08:00
Jon Hart
df9d46eec2
Normalization for OptPath
2016-02-03 14:37:29 -08:00
Jon Hart
53d4e31844
Allow OptPath to valid symbolic paths that need expansion
2016-02-03 14:12:03 -08:00
wchen-r7
d55e68e76b
Fix bug in js_obfuscate
2016-02-02 11:25:39 -06:00
James Lee
208420d741
Sort methods
2016-02-02 10:02:32 -06:00
William Vu
b4ed55b4d4
Fix reverse_http{,s} LHOST bind address
2016-02-02 09:57:11 -06:00
William Vu
93bdea0a60
Add tab completion for ReverseListenerBindAddress
2016-02-01 13:57:45 -06:00
William Vu
1828b7fda6
Land #6512 , Acunetix importer missing scheme fix
2016-01-29 13:17:44 -06:00
Brent Cook
cd56470759
Land #6493 , move SSL to the default options, other fixes
2016-01-29 11:09:51 -06:00
OJ
7b4f3f8148
Remove -vv, restore -v and add -ci
2016-01-29 11:52:21 +10:00
Adam Cammack
e542a6c8cf
Fix importing with Acunetix
...
Add a default scheme of `http://` to URIs without a scheme. Also update
some documentation.
2016-01-28 16:37:14 -06:00
wchen-r7
f4139f85cb
Change to JsIdentifiers
2016-01-28 15:18:25 -06:00
wchen-r7
4bd2be5dfa
Add preserved_identifiers support
2016-01-28 14:36:42 -06:00
James Lee
c2f8e95492
Missed one
2016-01-28 14:18:19 -06:00
James Lee
ad026b3a7a
Add #peer to Tcp
2016-01-28 13:58:24 -06:00
James Lee
537c7e790e
Use vprint_status instead of reimplementing it
2016-01-28 12:51:20 -06:00
wchen-r7
51efb2daee
Land #6422 , Add support for native target in Android webview exploit
2016-01-27 14:27:41 -06:00
OJ
69d9ff7958
Add an extended mode to the session list
2016-01-25 22:36:13 +10:00
Brent Cook
a587975f90
be more robust and careful breaking from the accept thread
2016-01-23 01:46:58 -06:00
Christian Mehlmauer
e6147d60e2
fix rspecs
2016-01-22 23:43:13 +01:00
Christian Mehlmauer
158b1e473c
revert value
2016-01-22 23:38:45 +01:00
Christian Mehlmauer
02841c79c3
some slight changes
2016-01-22 23:38:45 +01:00
Christian Mehlmauer
0546911eef
fix error when invalid classname eg "class Metasploit1 < .."
2016-01-22 23:38:45 +01:00
Christian Mehlmauer
8f4752d11e
show load warnings to the user
2016-01-22 23:38:45 +01:00
Christian Mehlmauer
7dac21f58c
do not fail on old class name
2016-01-22 23:36:37 +01:00
Christian Mehlmauer
51eb79adc7
first try in changing class names
2016-01-22 23:36:37 +01:00
Brent Cook
91700f17e3
tidy up the ruby style while we're in here testing
2016-01-22 14:43:19 -06:00
Brent Cook
ac8b483d32
don't break the accept loop just because we got a client connection that closed early
2016-01-22 13:52:00 -06:00
Christian Mehlmauer
0871fe25e8
change text
2016-01-22 07:38:44 +01:00
Christian Mehlmauer
e0de78280d
move SSL to the default options
2016-01-22 07:05:23 +01:00
James Lee
0f7e3e954e
HttpServer's print prefix with... wait for it...
...
print_prefix
2016-01-20 13:44:18 -06:00
Brent Cook
28cf943bcb
Fix a couple of missing requires in payloads.
...
This pops up occasionally. This fixes a couple of anecdotal reports of missing
requires that cause the loader to fail, depending on the directory sort order.
It also fixes the problem as reported in #6460
2016-01-14 13:17:26 -06:00
Brent Cook
8479d01029
Land #6450 , add TLS support to MSSQL
2016-01-14 12:17:40 -06:00
Brent Cook
37178cda06
Land #6449 , properly handle HttpServer resource collisions
2016-01-14 12:15:18 -06:00
James Lee
a7869975d8
Remove useless variable
2016-01-14 10:04:23 -06:00
James Lee
1f61eb50be
Sort methods
2016-01-14 09:09:29 -06:00
Manuel Mancera
4ab58caa93
Fix the help option for vulns command
2016-01-11 22:19:44 +01:00
Jonathan Harms
5266860cec
Squashed more commits back into 1
2016-01-07 17:53:49 -06:00
wchen-r7
6a2b4c2530
Fix #6445 , Unexpected HttpServer terminations
...
Fix #6445
Problem:
When an HttpServer instance is trying to register a resource that
is already taken, it causes all HttpServers to terminate, which
is not a desired behavior.
Root Cause:
It appears the Msf::Exploit::Remote::TcpServer#stop_service method
is causing the problem. When the service is being detected as an
HttpServer, the #stop method used actually causes all servers to
stop, not just for a specific one. This stopping route was
introduced in 04772c8946
, when Juan
noticed that the java_rmi_server exploit could not be run again
after the first time.
Solution:
Special case the stopping routine on the module's level, and not
universal.
2016-01-07 16:55:41 -06:00
Brent Cook
eb0b66a4cf
Land #6390 , report exceptions on bind/listen failure
2016-01-06 21:44:06 -06:00
James Lee
2dd59a932b
Clean up some warnings
2016-01-04 16:02:43 -06:00
James Lee
05d8f9d186
Make sure addr is not nil
...
See http://ruby-doc.org/stdlib-2.2.2/libdoc/socket/rdoc/Socket/Ifaddr.html#method-i-addr
Which says:
Returns the address of *ifaddr*. nil is returned if address is not
available in *ifaddr*.
I ran into this with a teql interface, but who knows what else might
trigger it.
2016-01-04 15:58:03 -06:00
joev
00dc6364b5
Add support for native target in addjsif exploit.
2016-01-03 01:07:36 -06:00
Brent Cook
bcd1a6d45e
make JSON key format a little more standard, emit options
2015-12-30 16:00:09 -06:00
Chris Doughty
2a0ae144df
Fixup rubocop warnings for cleanup purposes
2015-12-30 14:33:02 -06:00
Chris Doughty
bb857e7a33
Add new line after json output for cleaner usability
2015-12-30 14:32:31 -06:00
Chris Doughty
3f98511d7c
Cleanup logic to force an output type
2015-12-29 15:11:16 -06:00
Chris Doughty
29ea553e03
Adding a json formatting option to the info command
2015-12-29 13:57:35 -06:00
Jon Hart
beb2fa9f92
Use bind_addresses rather than bind_address; fixes #6394
2015-12-24 09:20:21 -08:00
Jon Hart
efdb6a8885
Land #6392 , @wchen-r7's 'def peer' cleanup, fixing #6362
2015-12-24 08:53:32 -08:00
Tim
5d0e868fd6
facebook.orca fixes
2015-12-24 12:21:08 +00:00
Tim
69b65e7d39
fix error handling
2015-12-24 09:13:56 +00:00
Brent Cook
17ad41070b
Land #6380 , allow linux x86 meterpreter in the pref list
2015-12-23 16:10:26 -06:00
Brent Cook
e4f9594646
Land #6331 , ensure generic payloads raise correct exceptions on failure
2015-12-23 15:43:12 -06:00
wchen-r7
cea3bc27b9
Fix #6362 , avoid overriding def peer repeatedly
...
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
wchen-r7
a16a10aaf6
Fix #6371 , being able to report an exception in #job_run_proc
...
Fix #6371
When a browser fails to bind (probably due to an invalid port or
server IP), the module actually fails to report this exception from
exception, the method calls exploit.handle_exception(e). But since
handle_exception is not a valid method for that object, it is unable
to do so, and as a result the module fails to properly terminate
the module, or show any error on the console. For the user, this will
make it look like the module has started, the payload listener is up,
but there is no exploit job.
Rex::BindFailed actually isn't the only error that could be raised
by #job_run_proc. As far as I can tell registering the same resource
again could, too. With this patch, the user should be able to see this
error too.
Since the exploit object does not have access to the methods in
Msf::Simple::Exploit, plus there is no other code using
handle_exception and setup_fail_detail_from_exception, I decided
to move these to lib/msf/core/exploit.rb so they are actually
callable.
2015-12-22 16:35:29 -06:00
Brent Cook
3f4c6eb370
Land #5383 , allow tunneling reverse_tcp meterpreter sessions without 'route add'
2015-12-22 15:42:42 -06:00
Tim
d2a9aa18d8
fix sillyness
2015-12-22 16:06:01 +00:00
Tim
eeea4bde9d
integrate ./msfvenom -x for android payloads
2015-12-22 15:58:27 +00:00
Tim
662a6dfd53
¯\_(ツ)_/¯
2015-12-22 14:49:00 +00:00
Tim
d2cc32a389
integrate apk_backdoor with msfvenom
2015-12-22 14:49:00 +00:00
wchen-r7
fa390358a2
Add linux/x86/meterpreter/reverse_tcp to the preference list
...
linux/x86/meterpreter/reverse_tcp was not added to the preference
list, because at the time it was reliable. For example: it would
crash while running a post module. This is not the case anymore,
so it looks like linux/x86/meterpreter/reverse_tcp is ready to
serve.
2015-12-21 23:09:54 -06:00
wchen-r7
2cc54a7a43
Make joomla.xml go first
...
Reason is here:
https://github.com/rapid7/metasploit-framework/pull/6373#issuecomment-166446092
2015-12-21 22:59:13 -06:00
wchen-r7
17b67b8f1b
Add trailing /
2015-12-19 17:18:34 -06:00
wchen-r7
5ff02956c9
Lower joomla.xml
2015-12-19 13:46:13 -06:00
wchen-r7
0fda963601
Have multiple paths to find the generator tag
2015-12-19 13:45:41 -06:00
wchen-r7
6dada5f20f
add another we can check
...
administrator/manifests/files/joomla.xml
2015-12-19 12:06:06 -06:00
wchen-r7
7d8ecf2341
Add Joomla mixin
2015-12-18 21:14:04 -06:00
Jon Hart
b78f7b4d55
Land #6319 , @all3g's module for abusing redis to achieve file uploads
2015-12-14 18:00:44 -08:00
Jon Hart
6611da9239
strip, not stripgit diff. strip! returns nil if the string was unmodified
2015-12-11 19:22:57 -08:00
Jon Hart
dcdc21e2db
Correct unbalanced quotes
...
You down with OCD (Yeah you know me).
2015-12-11 18:44:14 -08:00
Jon Hart
e23908d672
Improve verbose output related to authentication handling
2015-12-11 18:32:00 -08:00
Jon Hart
1a0f71b6fa
Try to catch case where post-auth commands are failing
2015-12-11 17:23:03 -08:00
Jon Hart
9cec3d9e6b
Move redis password option to non-advanced
2015-12-11 17:03:49 -08:00
Jon Hart
1fecd9846c
Bury some helper methods behind private
2015-12-11 10:13:13 -08:00
Jon Hart
9ef46140c0
Improve output when success
2015-12-11 10:10:44 -08:00
Jon Hart
32a64c3d8e
Make auth easier, work automatically and on older redis versions
...
Also, improve check
2015-12-11 10:04:47 -08:00
Jon Hart
ac47c87af4
Move Password option to redis mixin
2015-12-11 08:53:11 -08:00
Jon Hart
38d0b0a0f2
Wire in @all3g's redis auth code
2015-12-11 08:42:59 -08:00
Jon Hart
555e52e416
Document the redis upload process more
2015-12-10 09:35:46 -08:00
Jon Hart
00f72b279b
Cleaner printing when in verbose
2015-12-10 09:12:54 -08:00
Jon Hart
21ab4e96e5
First pass at redis mixin
2015-12-10 08:29:59 -08:00
wchen-r7
07ef09e0b6
Avoid Msf::Module::Platform
...
We don't know how to generate an exe payload if the platform is
Msf::Module::Platform, so don't use it.
2015-12-08 21:40:30 -06:00
wchen-r7
9e52663705
Doc
...
Fix #6330
2015-12-08 21:24:39 -06:00
wchen-r7
11c1eb6c78
Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails
...
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
2015-12-08 21:13:23 -06:00
wchen-r7
5b27d3a99c
This looks right
2015-12-08 20:42:35 -06:00
wchen-r7
cea8c40432
Fix generate_payload_exe for generic payload support
...
Platform can be seen from different sources:
1. From the opts argument. For example: When you are using
generate_payload_exe, and you want to set a specific platform.
This is the most explicit. So we check first.
2. From the metadata of a payload module. Normally, a payload module
should include the platform information, with the exception of
some generic payloads. For example: generic/shell_reverse_tcp.
This is the most trusted source.
3. From the exploit module's target.
4. From the exploit module's metadata.
Architecture shares the same load order.
2015-12-08 20:26:07 -06:00
wchen-r7
080ec26afb
Land #4489 , Update SMB admin modules to use Scanner & fixes
2015-12-08 14:49:26 -06:00
Stuart Morgan
0cb18004ec
Rubocop
2015-12-05 15:28:56 +00:00
Stuart Morgan
61ad1a60f5
Removed EOL spaces (msftidy)
2015-12-05 15:27:13 +00:00
Stuart Morgan
e190dcb61a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into add_delay_jitter_to_scan
2015-12-05 15:25:11 +00:00
Stuart Morgan
d645052391
Moved the 'add_delay_jitter' function to scanner.rb so that all modules can benefit from it if needed
2015-12-05 15:02:31 +00:00
wchen-r7
14b1b3a1f0
Land #6299 , Stageless HTTP(S) Python Meterpreter
2015-12-04 16:16:54 -06:00
Sonny Gonzalez
d7aeabbb71
Land #6293 , listener bind_port fix
2015-12-02 13:16:23 -06:00
jvazquez-r7
58cf9f4fcd
Land #6301 for sure, @busterb's REALLY wants to delete go_pro :)
2015-12-02 09:38:40 -06:00
jvazquez-r7
545e8a2ea0
Land #6301 , @busterb removes the go_pro command
2015-12-02 09:28:08 -06:00
William Vu
6d3c4868a3
Land #6286 , bind port display in jobs
2015-12-02 02:21:14 -06:00
William Vu
098c573f82
Land #6291 , DisablePayloadHandler Boolean fix
...
Nice call with Regexp#===, @wchen-r7. :)
2015-12-02 02:17:59 -06:00
Brent Cook
fbeaeb2877
remove more unneeded machinery for go_pro
2015-12-01 22:32:50 -06:00
Brent Cook
6ab2919c40
remove go_pro command
2015-12-01 15:29:21 -06:00
Spencer McIntyre
388edd3207
Fix the scheme for the pymet ProxyHandler
2015-11-30 13:45:24 -05:00
Spencer McIntyre
fba9715a56
Add stageless python meterpreter http & https payloads
2015-11-28 17:41:55 -05:00
Jon Cave
0c8eb6fb37
Display ReverseListenerBindPort if it is set
...
ReverseListenerBindPort overrides LPORT if it is used. The `listener_uri`
method should use the output `bind_port` to account for this.
2015-11-27 09:16:20 +00:00
wchen-r7
c888726a1a
Fix #6287 , check DisablePayloadHandler value in exploit.rb
...
It looks active_module datastore options are always strings. They
are actually different than what the module uses (normalized), so
we have to always have to check it.
2015-11-26 18:30:31 -06:00
Brent Cook
e5119e6446
use payload_uri's result to derive lhost / lport
2015-11-26 15:21:51 -06:00
Brent Cook
216119c05c
unfold override lhost/lport logic
2015-11-26 15:15:21 -06:00
Spencer McIntyre
1b495e73ac
Further reduce python reverse_http duplicate code
2015-11-26 14:31:00 -05:00
Spencer McIntyre
bd25ffa48c
Consolidate py reverse http uri code into a mixin
2015-11-26 13:32:50 -05:00
Brent Cook
f4d35116bd
land #6288 , fix regression using non-default port with reverse_http
2015-11-26 11:04:24 -06:00
Jon Cave
d9655fc882
Use LPORT if opts[:lport] is undefined
...
`nil.to_i` returns 0 which will short circuit the || resulting in port 0
being used. nil should be checked for prior to casting to int.
2015-11-26 16:08:22 +00:00
OJ
87507e19a9
Change job view to show bind port if applicable
2015-11-26 16:18:00 +10:00
wchen-r7
776455d10a
Add another sound and event
...
Add sound: "We've got a shell"
Add event on_session_fail
2015-11-25 22:46:51 -06:00
Kyle Gray
8923252de7
Land #6259 , NoMethodError in vim_soap.rb fix
...
We haven't been able to get the XML data that would cause the error, all we have is a backtrace. So "verification" is purely code reading. Thanks @wchen-r7
Fixes #6085
Merge remote-tracking branch 'origin/pr/6259'
2015-11-24 17:33:35 -06:00
Brent Cook
7ad8adf67f
Land #6240 , change default SMBDomain to '.'
2015-11-24 12:58:46 -06:00
Louis Sato
5303079ba4
Land #6262 , local exploit add not implemented error
2015-11-23 14:23:13 -06:00
Brent Cook
5654b6b2e2
Land #6227 , reverse_hop_http updates and HTTPS unification
2015-11-23 06:29:15 -06:00
Brent Cook
25f2241aa3
Land #6246 , show the user errors from create_session
2015-11-23 06:01:08 -06:00
HD Moore
353cad2cc6
Update to match active & github account merge
2015-11-22 13:38:26 -06:00
wchen-r7
b636aeb303
rm print_warning
2015-11-20 19:38:33 -06:00
wchen-r7
d405f31c35
Add a NotImplementedError if run is used to run a local exploit
...
Running a local exploit like a post is not currently supported,
we should at least raise a warning or something, and not just
let it backtrace and confuse the user.
2015-11-19 14:31:31 -06:00
wchen-r7
a78fa7c3d9
Fix #4273 , print error in create_session
...
Fix #4273
2015-11-16 17:17:20 -06:00
David Maloney
708cbe9479
change the default SMBDomain to .
...
Due to a recent change using WORKGROUP
as the SMBDomain causes Trust errors.
Using '.' instead works fine.
2015-11-16 12:20:27 -06:00
David Maloney
a1ab8f1dc7
added Session info display to module output
...
output from the mssql_local_auth_bypass module
is now prefixed with the Session id and address
of the target host so it is explicitly clear
where it is performing each action
MS-706
2015-11-16 12:13:26 -06:00
scriptjunkie
06a5b5b0bd
Land #6234 , Host header transport
2015-11-14 11:35:47 -06:00
sammbertram
cd4aa28d11
Transport priority changes
...
Pass in the "lhost" and "lport" options to the default transport during the native payload. This takes the following LHOST priorities:
1. OverrideLHOST, only if OverrideRequestHost is TRUE
2. The request Host: header.
3. The LHOST datastore.
2015-11-13 13:21:46 +00:00
sammbertram
9d9865150b
Transport priority changes
...
Default transport request should set the priority to the Host: request header, and the subsequent OverrideRequestHost, OverrideLHOST, and OverrideLPORT options in the handler for reverse_http(s).
2015-11-13 13:19:01 +00:00
wchen-r7
0e121df69d
Need a default template
...
The set_template_default actually needs the second argument,
otherwise we hit a RuntimeError.
2015-11-12 15:17:03 -06:00
wchen-r7
aaea730508
Fix #6213 - Method to_linux_x86_elf fails to set set :template
...
:template by default is just the base name of the file, not the
fullname. Before we use it, we need to normalize it. Methods
in this class rely on set_template_default for normalization (
which can also handle a custom path), so we'll just use that too.
Fix #6213
2015-11-12 15:07:58 -06:00
scriptjunkie
8703987535
Add HTTPS and new transport support for hop
2015-11-11 21:25:23 -06:00
Jon Hart
15eb135295
Resolve merge conflicts
2015-11-09 18:15:40 -08:00
jvazquez-r7
ceaf7440a7
Send full message
2015-11-06 12:15:17 -06:00
jvazquez-r7
19652e79c3
Delete comments
2015-11-06 12:15:07 -06:00
jvazquez-r7
ca1502c00a
Fix SMTP send_message to not block
2015-11-06 12:14:59 -06:00
dmohanty-r7
a71d7ae2ae
Land #6089 , @jvazquez-r7 Fix HTTP mixins namespaces
2015-11-05 16:56:41 -06:00
James Lee
596b2b025d
Land #6173 , improve advanced, info, and options
2015-11-04 13:40:49 -06:00
James Lee
4d8ea7fb5c
Refactor more common stuff out of reverse handlers
2015-11-03 23:21:47 -06:00
Spencer McIntyre
1fbc4da36c
Fix tab completion for set StageEncoder
2015-11-03 17:32:41 -05:00
James Lee
7c2f9531d9
Don't stack trace if listener is on a dead session
2015-11-03 08:31:33 -06:00
William Vu
9b5149fc64
Land #6147 , report_vuln for CheckCode::Vulnerable
2015-11-02 17:24:06 -06:00
Jon Hart
a4c260f7be
Simplify docs
2015-11-02 09:51:40 -08:00
Jon Hart
0dc6f6605b
Remove errant options print
2015-11-02 09:48:48 -08:00
void-in
f629f98fdc
Resolve 6174, require meterpreter_options
2015-10-31 18:47:22 +05:00
Brent Cook
be23da1c1f
Merge branch 'upstream-master' into land-6120-python-stageless
2015-10-30 17:26:26 -05:00
Jon Hart
c54f034f62
Correct help feature
2015-10-30 12:34:34 -07:00
Jon Hart
377017a2d5
Include module name in advanced options output
2015-10-30 11:54:44 -07:00
Jon Hart
0091a05fa6
Add 'advanced' and 'options' commands to mirror 'info'
2015-10-30 11:54:40 -07:00
Jon Hart
6bfa6095c6
Add 'show info'; just calls 'info'
2015-10-30 11:54:35 -07:00
wchen-r7
977b3449b7
Fix #6085 , NoMethodError in vim_soap.rb
...
Fix #6085
2015-10-30 11:02:02 -05:00
James Lee
344e8a6f90
Refactor common reverse options
2015-10-29 15:15:20 -05:00
James Lee
46159f5dbe
Back out the Comm stuff for HTTP
2015-10-29 14:22:34 -05:00
wchen-r7
4e20b8f369
Fix #5875 , Add report_vuln for Msf::Exploit::CheckCode::Vulnerable
...
Msf::Exploit::CheckCode::Vulnerable requires the module to be
explicit, as in actually triggering the bug and get a vulnerable
response, therefore it should be appropriate to use report_vuln
to report it.
Other vuln check codes (such as Appears, or Detected, etc) will
not call report_vuln, because it's not explicit enough.
2015-10-29 13:22:59 -05:00
Louis Sato
657a5481dc
fix rpc session conditional to allow powershell read/write
2015-10-28 11:49:32 -05:00
bigendian smalls
43dbdcea76
Removed process_autoruns from mainframe_shell
...
Removed process_autoruns until we can write a fully compatible one or
fully regression test the existing. Likely the former because of
encoding issues
2015-10-26 14:55:40 -05:00
William Vu
bbc1e43149
Remove raise, since it broke things
...
Need to pass through silently.
2015-10-26 14:45:21 -05:00
William Vu
43eae0b97f
Clean up Msf::Sessions::MainframeShell
2015-10-26 12:15:45 -05:00
bigendian smalls
d53be873dc
Updating master to metasploit/master
2015-10-26 09:24:24 -05:00
James Lee
71b8c97f0e
Always print PAYLOAD and LPORT in 'jobs'
2015-10-24 14:48:03 -05:00
wchen-r7
f2b4737e4a
Land #6127 , Fix #3859 Add support for registry_key_exist?
2015-10-23 10:59:57 -05:00
wchen-r7
b76192dbcb
Land #6099 , make_nops doesn't take into account all the compatible encoders
2015-10-22 21:26:25 -05:00
jvazquez-r7
d5a010c230
Add support for registry_key_exist?
2015-10-22 16:07:38 -05:00
Spencer McIntyre
8bb694fa5c
Add stageless Python Meterpreter for reverse tcp
2015-10-21 18:23:04 -04:00
Brent Cook
4b271425c9
s/datstore/datastore/g
2015-10-20 13:05:49 -05:00
jvazquez-r7
28ca34c40a
Fix conflicts
2015-10-16 15:38:59 -05:00
James Lee
d51f0ebd4c
Refactor "via" string into a method
2015-10-16 15:08:00 -05:00
jvazquez-r7
d85412b0fb
Complete fix for generation of nop sleds
2015-10-16 14:01:00 -05:00
jvazquez-r7
b788772215
break only if 'make_nops' is able generate the nop sled
2015-10-16 13:28:37 -05:00
jvazquez-r7
7da3b4958e
Change mixins namespaces
2015-10-15 10:35:07 -05:00
jvazquez-r7
6571a8f2c3
Move http apps mixins to the old convention folder
2015-10-15 10:22:54 -05:00
jvazquez-r7
8057b3edae
Fix specs to pass again
2015-10-15 09:40:39 -05:00
jvazquez-r7
db5d83a40a
Move namespaces
2015-10-15 09:17:06 -05:00
jvazquez-r7
5e39814860
Move to the old convention folder
2015-10-15 09:03:03 -05:00
Brent Cook
1c880b933f
Land #6066 , remove empty, duplicate options for EXITFUNC
2015-10-14 10:34:36 -05:00
William Vu
2a2d8d941d
Land #6054 , HTTP Host header injection module
2015-10-13 23:37:31 -05:00
William Vu
c642057fa0
Clean up module
2015-10-13 12:03:41 -05:00
jvazquez-r7
ed0b9b0721
Land #6072 , @hmoore-r7's lands Fix #6050 and moves RMI/JMX mixin namespace
2015-10-10 00:24:12 -05:00
HD Moore
a590b80211
Update autoregister_ports, try both addresses for the MBean
2015-10-09 20:20:35 -07:00
HD Moore
cd2e9d4232
Move Msf::Java to the normal Msf::Exploit::Remote namespace
2015-10-09 13:24:34 -07:00
jvazquez-r7
5e9faad4dc
Revert "Merge branch using Rex sockets as IO"
...
This reverts commit c48246c91c
, reversing
changes made to 3cd9dc4fde
.
2015-10-09 14:09:12 -05:00
jvazquez-r7
3aa7b513d5
Delete safe_get_once
2015-10-09 13:34:38 -05:00
William Vu
8670224ea0
Prefer do/end
2015-10-09 11:26:33 -05:00
jvazquez-r7
eabe742b9d
Expose the timeout betweed reads as mixin option
2015-10-09 11:17:44 -05:00
jvazquez-r7
5fab1cc71a
Add loop timeout
2015-10-09 11:05:05 -05:00
James Lee
b16c284395
Determine comm from ReverseListenerComm in reverse_http
...
Also some copypasta from reverse_tcp to display where we started the
listener.
2015-10-09 08:54:01 -05:00
bigendian smalls
bef7562823
Fixed Typo
2015-10-09 06:39:02 -05:00
bigendian smalls
6549f48d4e
Added new class MainframeShell for mainframe(z/os)
...
This class is built upon and overrides certain methods in the generic
CommandShell class. Primarily it is here to control when and if bytes
sent to/from mainframe (z/os) targets get encoded/decoded from cp1047
(ebcdic<->ascii). This would be the default shell for upcoming
mainframe based payloads.
2015-10-08 17:11:31 -05:00
wchen-r7
8aed503ad2
Change EXITFUNC acceptable options
...
This gets rid of the nil option because this is the same as "".
And then we change the empty value to ''.
2015-10-08 16:52:17 -05:00
William Vu
2f50374bf9
Add SRVHOST tab completion
...
A trivial update to @jlee-r7's code.
2015-10-08 14:01:21 -05:00
James Lee
946401ec99
Move SSL options out to a mixin
2015-10-07 09:59:12 -05:00
James Lee
fdbbb5fbf4
Whitespace
2015-10-07 09:56:28 -05:00
James Lee
711ce1e579
Move ReverseTcpComm to a new directory
...
Reverse::Comm
2015-10-06 14:48:49 -05:00
James Lee
645a59349a
Select comm in ReverseTcpDoubleSsl as well
...
And don't extend the comm object, that gets handled by the Rex::Socket
system if it's necessary.
2015-10-06 14:33:22 -05:00
James Lee
6b558010f0
Remove redundant methods included with ReverseTcp
2015-10-05 16:48:37 -05:00
OJ
32dbb8c3e0
Land #6051 : check include_send_uuid method support
2015-10-06 07:31:11 +10:00
Brent Cook
2769d66bfc
Check if the payload has a include_send_uuid method before calling it
...
Otherwise we get an undefined method exception and the payload fails to stage.
Fixes #6040
2015-10-05 15:13:11 -05:00
HD Moore
32255a4621
Always show the URI and User-Agent for unknown requests
2015-10-05 11:05:05 -05:00
William Vu
711f11abb8
Clean up some things
2015-10-02 18:35:46 -05:00
Brent Cook
dea0142da1
catch network exceptions
2015-10-02 18:26:37 -05:00
jvazquez-r7
c967b60bf8
Land #5948 , @bcook-r7's fix shell_to_meterpreter from powershell
2015-10-02 15:59:43 -05:00
jvazquez-r7
953bfe1a81
Delete typo
2015-10-02 15:29:03 -05:00
Brent Cook
2445c1fa32
Land #6012 , Use SSLVerifyMode and SSLCipher from the Exploit::Remote::Tcp
2015-10-02 15:27:47 -05:00
Brent Cook
40cb13609a
update SSLVersion to support all options for rex TCP sockets, add 'TLS' alias
2015-10-02 15:26:49 -05:00
jvazquez-r7
6468eb51b2
Do changes to have into account powershell sesions are not cmd sessions
2015-10-02 15:26:42 -05:00
Brent Cook
7cd30ef0b8
Land #6031 , delete unused -a db_export option
2015-10-01 14:12:34 -05:00
Brent Cook
144bf39038
Land #5998 , fixup PrependMigrate for stageless meterpreter
2015-10-01 11:48:33 -05:00
William Vu
eb751822d8
Remove dead option in db_export
2015-10-01 10:58:15 -05:00
William Vu
2ab779ad3d
Land #6010 , capture_sendto fixes
2015-10-01 10:54:24 -05:00
OJ
22c424a4c6
Fix CreatProcessA stack alignment in prependmigrate x64
2015-10-01 10:24:13 +10:00
OJ
b35a0166bf
Merge branch 'upstream/master' into fix-prepend-https
2015-10-01 09:07:28 +10:00
Fernando Arias
393a71cf46
Merge branch 'master' of github.com:rapid7/metasploit-framework into bug/MSP-13119/rework-match-result-creation
...
Conflicts:
Gemfile.lock
2015-09-29 15:00:22 -05:00
Brent Cook
54f9a3b25a
Land #6013 , add mainframe as a platform and architecture
2015-09-29 13:28:23 -05:00
Brent Cook
f3e8b34b4f
Land #6007 , restore original behavior when capture_sendto fails
...
we need this while fixing modules to handle exceptions
2015-09-29 09:55:47 -05:00
jvazquez-r7
9444c8c410
Fix #5988 , windows x64 stagers
...
* Also, use mov esi, esi to save an extra byte
* Also, modify the block_recv.asm code, just to have it up to date
2015-09-28 15:52:50 -05:00
jvazquez-r7
4a9ef30e9e
Use SSLVerifyMode and SSLCipher from the Exploit::Remote::Tcp mixin
2015-09-28 10:31:17 -05:00
bigendian smalls
ff87fbc976
Added a mainframe.rb in core/payload
...
Base module for payloads to be developed on the mainframe / SystemZ
(z/os mvs) architecture
2015-09-28 10:06:09 -05:00
bigendian smalls
ecf6867c35
Added mainframe as a payload constant
...
updated core/payload.rb to include 'mainframe' as a option
2015-09-28 10:04:50 -05:00
bigendian smalls
bc718da5d9
Added mainframe as a platform in core
...
To develop modules, mainframe and zArchitecture needs to be defined in
several places. This is the official platform.rb definition
2015-09-28 10:03:15 -05:00
Jon Hart
7d9d3864c3
Add docs for capture_sendto
2015-09-27 15:40:32 -07:00
Jon Hart
fc9a757194
Fix #6008 for the 6 modules that use scanner_spoof_send
2015-09-27 15:06:29 -07:00
Jon Hart
b508625957
When unable to determine destination MAC, vprint and return false
...
Fixes #6006 .
~20 related modules are affected by this defect and by this "fix"
2015-09-26 15:13:26 -07:00
William Vu
cb4e609dd5
Land #5997 , database cache update fix
2015-09-26 14:10:04 -05:00
Brent Cook
4cbe35e1b2
specifically use shell or powershell
2015-09-23 22:08:32 -05:00
Fernando Arias
52e3405192
Passing report_exploit_success specs
...
MSP-13119
2015-09-23 11:12:02 -05:00
Fernando Arias
dc84b3b1ba
Passing report_exploit_failure specs
...
MSP-13119
2015-09-23 10:54:13 -05:00
scriptjunkie
30102d4526
No longer needed.
2015-09-22 17:05:30 -05:00
scriptjunkie
d90f87449a
Fix merge
2015-09-22 16:55:01 -05:00
scriptjunkie
7d2a2a8b64
Fix issues with using hop for new core
2015-09-22 16:54:02 -05:00
Brent Cook
6482083b6b
revert WfsDelay short-circuit on exploit failure
...
Some exploits currently succeed, but can fail during cleanup, leading to a
false-negative. Reverting this so that the affected exploits can be fixed
first.
This reverts commits b0858e9d46
and
b3f754136e
.
2015-09-22 14:43:03 -05:00
Brent Cook
66b453edd6
ensure the database cache is always updated, present accurate reporting on search
2015-09-22 12:56:26 -05:00
dmohanty-r7
8b10cbe3fd
Query for vulns without specifying service when service is nil
...
MSP-13284
2015-09-22 10:50:23 -05:00
OJ
46e00389c4
Adjust payload size for stageless in prepend migrate
2015-09-22 18:07:53 +10:00
Fernando Arias
9230b04674
Update match result creation logic
...
MSP-13119
* Look up match on match set for the run
* If no match exists in the match set for the vuln, attempt to create a match for the vuln
2015-09-22 00:24:38 -05:00
wchen-r7
98da192c70
Land #5615 , Updated YARD Documentation for EXE.rb
2015-09-18 13:36:11 -05:00
wchen-r7
0bf20993ec
Fix more doc
2015-09-18 13:35:31 -05:00
Fernando Arias
d3a73149a2
Add specs around match result creation in exploit attempt
...
MSP-13119
2015-09-18 12:04:45 -05:00
David Maloney
6f19e30723
Merge branch 'staging/hd-wfs' into feature/hd-wfsdelay
2015-09-17 13:07:56 -05:00
wchen-r7
c7afe4f663
Land #5930 , MS15-078 (atmfd.dll buffer overflow)
2015-09-16 15:33:38 -05:00
Fernando Arias
5cf3ac23e2
Fix no method defined error when run_id is not passed down
...
* run_id is an optional param so we handle when it isn't set on user data
MSP-13119
2015-09-16 15:32:48 -05:00
HD Moore
b0858e9d46
Style tweak re: TheLightCosine's feedback
2015-09-16 08:15:26 -07:00
HD Moore
b7572d5494
Handle both serialized & unserialized cases on import
2015-09-16 08:11:15 -07:00
HD Moore
ef043cebc3
Always use the stringified host->address during export
2015-09-16 02:59:11 -07:00
Fernando Arias
382e01d680
Add comments and use run scope on match
...
MSP-13119
2015-09-15 15:09:26 -05:00
Fernando Arias
621af7311c
Merge branch 'master' of github.com:rapid7/metasploit-framework into bug/MSP-13119/rework-match-result-creation
2015-09-15 14:35:07 -05:00
Fernando Arias
eb479318b1
Use existing run for match result or create a new one if it doesnt exist
...
MSP-13119
2015-09-15 14:34:44 -05:00
HD Moore
b3f754136e
Skip WfsDelay when the exploit has clearly failed
2015-09-15 08:04:23 -07:00
Fernando Arias
c7f15ca940
Rework how match results get created
...
MSP-13119
* Create match result when we create vuln attempt
2015-09-14 12:18:47 -05:00
HD Moore
713ded7ca2
Ignore SMB exceptions during fingerprinting
...
This fixes smb_version in cases where the remote server throws a Login error
for the default creds (null session).
2015-09-14 09:35:44 -07:00
jvazquez-r7
ad0140e0fc
Land #5864 , @jlee-r7's fixes x64 injection
2015-09-11 16:09:37 -05:00
William Vu
a1a7471154
Land #5949 , is_root? for remove_lock_root
2015-09-11 02:09:14 -05:00
wchen-r7
f2ccca97e0
Move require 'msf/core/post/android' to post.rb
2015-09-11 01:56:21 -05:00
jvazquez-r7
53f995b9c3
Do first prototype
2015-09-10 19:35:26 -05:00
Fernando Arias
0bb03db786
Rework vuln lookup logic to account for vuln with no service (nexpose import vuln with -1 port)
...
MSP-13234
2015-09-09 13:21:05 -05:00
Fernando Arias
e88a14aee6
Rework exception handler for exploit simple
...
MSP-13233
2015-09-09 11:51:18 -05:00
Brent Cook
4aae9b8272
support upgrading a powershell session to meterpreter
2015-09-08 15:37:42 +02:00
jvazquez-r7
eaf51a2113
Land #5722 , @vallejocc's busybox work
2015-09-04 13:36:44 -05:00
jvazquez-r7
da221b82a8
Initialize dir
2015-09-04 11:07:49 -05:00
Meatballs
a10bf76c29
Merge remote-tracking branch 'upstream/master' into reverse-listener-comm
...
Conflicts:
lib/msf/core/handler/reverse_http.rb
2015-09-04 10:36:00 +01:00
James Lee
7665747d1c
Land #5736 , certutil cmdstager
...
Ferreal this time.
2015-09-03 14:21:21 -05:00
James Lee
82b27c9038
Revert "Land #5736 , certutil cmdstager"
...
This reverts commit 93eb42dfa3
.
Conflicts:
spec/lib/rex/exploitation/cmdstager/certutil_spec.rb
2015-09-03 14:18:28 -05:00
James Lee
93eb42dfa3
Land #5736 , certutil cmdstager
2015-09-03 13:13:24 -05:00
Brent Cook
70b5336356
Merge branch 'upstream-master' into land-5890-android-post-api
2015-09-03 09:51:35 -05:00
Brent Cook
895b692b0d
Land #5914 , prevent loading cached modules outside of the load path
2015-09-03 09:29:13 -05:00
wchen-r7
ccd0a06353
Use ===
2015-09-03 01:10:13 -05:00
Brent Cook
1440f31756
Land #5637 , resiliency improvements to TCP stagers
2015-09-02 22:50:12 -05:00
OJ
9767de9bd0
Truncate payload size to 32 bits
2015-09-03 11:56:59 +10:00
HD Moore
9f9bbce034
Land #5840 , add LLMNR & mDNS modules
2015-09-02 18:30:29 -05:00
HD Moore
0120e5c443
Cosmetic tweaks, don't report duplicate responses
2015-09-02 18:30:03 -05:00
Jon Hart
ab91d1cc92
More style cleanup
2015-09-02 14:01:12 -07:00
Jon Hart
4d77e777fa
Remove explicit CLASS options from llmnr mixin
...
use parent's instead
2015-09-02 13:58:48 -07:00
Jon Hart
27174e2bfd
Revert "Bump scanner THREADS to 10 by default"
...
This reverts commit f537f91943
.
2015-09-02 13:55:48 -07:00
Jon Hart
5699908240
Style cleanup
2015-09-02 13:48:01 -07:00
Jon Hart
25a22860b7
Summarize MDNS/LLMNR responses
2015-09-02 13:43:26 -07:00
Jon Hart
55251ffe17
Slightly better output. Unsure if this will work with all response types
2015-09-02 11:21:54 -07:00
Jon Hart
3d04d53e3a
first pass at better output and report_service
2015-09-02 10:31:46 -07:00
HD Moore
1aa7c596ce
Land #5967 , add PACKETSTORM reference types.
2015-09-01 23:25:26 -05:00
HD Moore
77f56c563b
Land #5867 , add PACKETSTORM reference types
2015-09-01 23:25:01 -05:00
HD Moore
de8205a42e
Fix the defaults for module_info_by_path_from_database!
2015-09-01 17:48:56 -05:00
James Lee
409f2bd016
Agh, didn't mean to enable that
...
It's never worked
2015-09-01 16:34:28 -05:00
HD Moore
148a5ba78e
A better solution for the spec coverage
2015-09-01 13:45:46 -05:00
HD Moore
31087ff33e
Refresh after cache rebuild should use the active module paths
2015-09-01 13:39:15 -05:00
HD Moore
5addf899b2
Refactor, same intent as before, just faster and correct.
2015-09-01 13:15:44 -05:00
HD Moore
2b03487e1f
Fix the module cache rebuild logic
2015-09-01 12:38:20 -05:00
HD Moore
d84caeca72
Ignore cached modules outside of load path, only load cache once on startup
2015-09-01 12:31:05 -05:00
jvazquez-r7
8d0e0b973e
Fix array syntax
2015-08-28 14:12:23 -05:00
jvazquez-r7
06712817cf
Fix specs
2015-08-28 14:06:04 -05:00
jvazquez-r7
9c7f97d124
Fix methods name schema
2015-08-28 13:26:52 -05:00
jvazquez-r7
6a75ad0162
Fix yard documentation
2015-08-28 13:23:30 -05:00
jvazquez-r7
be7db10e7d
Fix busybox_write_file
2015-08-28 13:15:07 -05:00
jvazquez-r7
50f7d99674
Clean get_writable_directory
2015-08-28 13:02:10 -05:00
Jon Hart
3f7c8e03e2
Update workspace command to support deleting all workspaces
2015-08-28 10:23:41 -07:00
jvazquez-r7
c4a3b4f18e
Add busy_box_file_exist?
2015-08-28 11:56:12 -05:00
jvazquez-r7
8faf6f9cd0
Fix require
2015-08-28 11:51:26 -05:00
jvazquez-r7
9db65ea8e5
Change module filename
2015-08-28 11:48:55 -05:00
jvazquez-r7
0a95a1543f
Add spaces
2015-08-28 11:47:50 -05:00
HD Moore
a2d5511e39
Land #5379 , new post modules to load into powershell sessions
2015-08-26 17:11:40 -05:00
HD Moore
b14889ad5c
Small typo fix
2015-08-26 17:09:33 -05:00
wchen-r7
3f994e964d
Change method name and update rspec
2015-08-25 23:23:26 -05:00
Mo Sadek
7ff828d000
Land #5573 , console and session log timestamps
2015-08-25 15:35:25 -05:00
wchen-r7
3412f31f85
Add Android POST API
2015-08-24 18:37:25 -05:00
James Lee
ec7a07e0bb
Move DLL prefix calculation to its own method
2015-08-24 14:05:24 -05:00
James Lee
3c90ae1ebd
Use mov instead of lea for 64-bit absolute addrs
2015-08-24 13:51:54 -05:00
Fernando Arias
ed1065b297
Create MatchResult with status Failure on session failure
...
MSP-13104
2015-08-24 12:56:32 -05:00
jvicente
b37efd29b0
Modified module busybox_pingnet.rb to avoid sending an ash script but executing each ping command separately. Added some fixes. Modified spec file for busybox.rb.
2015-08-23 12:17:17 +02:00
wchen-r7
b99f5bc672
Land #5874 , Consistency and API conformance changes to LES
2015-08-22 21:57:24 -05:00
jvazquez-r7
83ca4e984f
Land #5772 , @wchen-r7's fixes #5753 , support Origin for the creds command
2015-08-21 16:07:45 -05:00
wchen-r7
717b1bdd6a
Fix bugs: Empty -O, empty origins
2015-08-21 15:46:18 -05:00
HD Moore
d264802ce0
Consistency and API conformance changes to LES
2015-08-21 12:38:58 -05:00
Jon Hart
0bb9324c8d
Pass HTTP::version_random_valid and HTTP::version_random_invalid
...
Fixes #5871
2015-08-20 10:05:42 -07:00
Roberto Soares
870e9f448e
Added PacketStorm (PKT) in References Display
2015-08-20 00:36:27 -03:00
James Lee
21c349494f
Fix default buffer_register for x64
2015-08-19 19:01:35 -05:00
James Lee
d71467f9e7
Allow x64 registers for buffer_register
2015-08-19 17:06:29 -05:00
James Lee
bf39f53066
Add proper CreateThread stub for x64
2015-08-19 16:16:58 -05:00
Dev Mohanty
68a802b980
Merge pull request #5834 from gmikeska-r7/bug/MSP-13064/SVV-validations-not-created
...
Bug/msp 13064/svv validations not created
2015-08-19 12:47:59 -05:00
Brent Cook
f1ec92aba0
Land #5749 , http large file download fixes
2015-08-18 15:57:31 -05:00
jvicente
56db3f2f87
Added YARD comments for busybox mixin.
2015-08-18 21:15:02 +02:00
Brent Cook
98f6c7f01f
Land #5857 , use correct deserialization for hosts data
2015-08-17 17:33:07 -05:00
William Vu
0bb01c8b6b
Fix nil bug with an empty database.yml
...
Use an empty hash instead of false.
2015-08-17 14:45:11 -05:00
jvazquez-r7
0aa958dac0
Allow unserialization on hosts v5
2015-08-17 13:47:52 -05:00
jvicente
a9ad7b7c6f
Modifications to use cmd_exec instead of session.shell_write.
...
Refactoring of common functions to a new Post mixin /lib/msf/core/post/linux/busybox.rb.
2015-08-17 18:24:22 +02:00
Brent Cook
bf631869a7
Land #5835 , allow overriding stage2 lhost and lport values
2015-08-16 11:22:13 -05:00
Brent Cook
92958bdf8b
prefer && to 'and' for consistent order-of-operations
2015-08-16 11:21:22 -05:00
Brent Cook
ad149a1aec
Land #5819 , update stage_payload call arguments
2015-08-16 11:17:28 -05:00
Brent Cook
5dd015150c
Land #5748 , refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter
2015-08-16 10:58:17 -05:00
Brent Cook
875ac289e0
wait up to time_out seconds for output from the command
2015-08-15 19:44:48 -05:00
Brent Cook
470779aae7
some doc fixes
2015-08-14 16:36:41 -05:00
jvazquez-r7
f25a5da46f
Do Minor fixes
2015-08-14 12:37:49 -05:00
Brent Cook
6b1e911041
Instantiate payload modules so parameter validation occurs
...
Calling .new on payload modules does not perform parameter validation, leading
to a number cached sizes based on invalid parameters. Most notably,
normalization does not occur either, which makes all OptBool params default to
true.
2015-08-14 11:35:39 -05:00
Jon Hart
c257f8945b
Don't use now-removed files
2015-08-13 11:51:39 -07:00
Jon Hart
92d0e212d9
Update Auxiliary::UDPScanner to collect all responses by default
2015-08-13 11:30:20 -07:00
Jon Hart
61e23ad23e
Switch back to ::Net::DNS::Packet.new
2015-08-13 11:29:56 -07:00
Jon Hart
3a7cea51b4
Merge master and fix Net::DNS::RR merge conflicts
2015-08-13 08:53:25 -07:00
HD Moore
6e75db090f
Fix comment
2015-08-12 21:11:48 -05:00
HD Moore
e9203060b0
Allow the hostname and port to be overridden, necessary for complex NAT setups
2015-08-12 16:20:14 -05:00
Greg Mikeska
790356bac8
add infer_vuln_from_session to other valid case
...
MSP-13065
2015-08-12 15:45:37 -05:00
Greg Mikeska
01b3ae2dd8
Revert "added infer_vuln_from_session to other valid case"
...
This reverts commit 53e747ce2e
.
2015-08-12 15:43:16 -05:00
Greg Mikeska
53e747ce2e
added infer_vuln_from_session to other valid case
...
MSP-13064
2015-08-12 15:35:03 -05:00
Mo Sadek
802e35ff67
YARD Documentation for EXE.rb
2015-08-11 11:48:35 -05:00
OJ
e141d1451c
Fix calls to stage_payload
2015-08-10 09:33:38 +10:00
Meatballs
ef33f36bda
Remove untrusted il
2015-08-01 23:20:00 +01:00
Meatballs
2d9bc64457
Fix WMIC Post Library for SYSTEM
...
SYSTEM doesn't have a proper clipboard?
2015-08-01 23:11:09 +01:00
Meatballs
5bcb63476d
Add high integrity level check
2015-08-01 23:10:51 +01:00
William Vu
fcb7981199
Add BIND TKEY DoS
2015-08-01 06:01:35 -05:00
wchen-r7
629afd86fc
Land #5788 , local exploit suggestor
...
Good luck getting Mr. Robot, Elliot.
2015-07-31 11:43:53 -05:00
jvazquez-r7
a112ccd023
Lnad #5660 , @wchen-r7's warbird check
...
* Fixes #4380
2015-07-31 10:25:43 -05:00
wchen-r7
08338b73b2
Add get_target_arch and get_target_os
...
We cannot use session.platform to fingerprint the target's platform
and arch, because it's not really meant to be used that way.
2015-07-30 18:26:41 -05:00
William Vu
61b2ca6675
Land #5781 , Msf::Format::Webarchive rename
2015-07-29 13:38:42 -05:00
William Vu
5ff46a5dbd
Fix indentation
2015-07-29 11:45:49 -05:00
HD Moore
bf96b34108
Tweak module->class
2015-07-28 04:13:35 -07:00
HD Moore
7681d73e01
Relocate Webarchive into the Exploit namespace, fixes #5717
2015-07-28 04:11:17 -07:00
wchen-r7
768de00214
Automatically pass arch & platform from cmdstager
...
This allows the cmdstager mixin to automatically pass the arch
and platform information without changing the modules. This should
address the following tickets:
Fix #5727
Fix #5718
Fix #5761
2015-07-27 14:17:21 -05:00
Brent Cook
eb70ecb448
Land #5752 , synchronize calls to payload.stop_handler
2015-07-24 17:49:54 -05:00
Brent Cook
347f48b0ec
Land #5762 , adjust PHP stager to work in and outside of eval()
2015-07-24 17:43:26 -05:00
Brent Cook
c30127cfe8
Land #5729 , add user-agent list, MeterpreterUserAgent derives from this
...
Later PRs will convert modules to use this. A random user agent might be nice
for meterpreter actually.
2015-07-24 17:39:30 -05:00
jvazquez-r7
18636e3b9b
Land #5739 , @wchen-r7 fixes #5738 updating L/URI HOST/PORT options
2015-07-24 15:45:31 -05:00
wchen-r7
75d59be87d
Resolve #5753 , Support Origin for the creds command
...
Resolve #5753 . Add an Origin column and allow the user to search
by origin.
2015-07-24 14:04:23 -05:00
William Vu
1f95491b45
Drop bang method and tweak formatting
2015-07-24 10:35:47 -05:00
wchen-r7
6720a57659
Fix #5761 , pass the correct arch and platform for exe generation
...
Fix #5761
2015-07-23 01:34:44 -05:00
OJ
0929d7695a
Fix PHP stagers
2015-07-23 14:50:04 +10:00
William Vu
fe67be0ece
Land #5734 , notes -o
2015-07-22 13:52:40 -05:00
OJ
121fe1adda
Land #5654 : Python Meterpreter Transport
2015-07-22 10:39:06 +10:00
jvazquez-r7
a59fa059dc
Fix #5675 Synchronize access to stop_handler
2015-07-20 16:09:13 -05:00
jvazquez-r7
035c0a8a38
Fix #5078 by improving actual_timeout calculation
2015-07-20 11:27:48 -05:00
jvazquez-r7
1a9664fcba
Delete default option
2015-07-20 09:54:51 -05:00
wchen-r7
da445a52aa
Update URIHOST and URIPORT
2015-07-16 14:27:46 -05:00
wchen-r7
1fdbcc71c1
Support URIHOST and URIPORT for exploit URI generation
2015-07-16 14:10:49 -05:00
xistence
7f05403ae0
Added certutil cmdstager
2015-07-16 13:20:05 +07:00
wchen-r7
73fd4bd853
Allow the notes command to save notes as a file
...
The -o option can save notes as a file.
2015-07-16 00:28:15 -05:00
wchen-r7
18ca617c23
Land #5649 , Fix undefined sysinfo method error in meterpreter.rb
2015-07-15 23:27:02 -05:00
jvazquez-r7
886ca47dfb
Land #5650 , @wchen-r7's browser autopwn 2
2015-07-15 10:21:44 -05:00
OJ
b6e25506d0
Add a common user agent list, use the shortest for Meterpreter
2015-07-15 13:03:47 +10:00
wchen-r7
4f8f640189
Rename autopwnv2 to just autopwn2
2015-07-14 17:38:51 -05:00
jvazquez-r7
709676e6cc
Make exploits quiet
2015-07-14 17:00:44 -05:00
wchen-r7
219d0032fa
Do print_good to make this important stand up more
2015-07-14 15:36:35 -05:00
wchen-r7
1992a5648d
Make up our damn mind
2015-07-14 15:09:23 -05:00
wchen-r7
d64f4be691
Check if URIPORT is 0
2015-07-14 14:45:10 -05:00
wchen-r7
5e63b5f93e
Can't use cli
2015-07-14 14:37:45 -05:00
wchen-r7
cf714fe4aa
Change port logic too
2015-07-14 14:19:00 -05:00
wchen-r7
61d49f29e8
Check nil for SRVHOST option
2015-07-14 14:16:49 -05:00
wchen-r7
8efb4df8af
Change the HOST IP logic again
2015-07-14 14:15:32 -05:00
wchen-r7
9980e8f285
Change SRVHOST vs URIHOST vs Rex again
2015-07-14 14:06:33 -05:00
wchen-r7
f76fe07872
Fix SRVHOST
2015-07-14 13:49:28 -05:00
William Vu
9be030bbff
Fix nil in executable generation
2015-07-14 18:47:33 +00:00
wchen-r7
9dddb13d0b
Slow down on killing exploits
...
Jobs aren't thread safe, so we kind of have to take it easy.
2015-07-14 13:10:57 -05:00
wchen-r7
2264efac15
Reduce output
2015-07-14 12:22:38 -05:00
HD Moore
100d3c8d46
A number of small fixes for BAPv2
...
* Use module.register_parent() to pass WORKSPACE and other fields
* Prevent partial resource matching in URIs
* Make disclosure_date sorting resilient
2015-07-14 11:40:28 -05:00
Samuel Huckins
60444c208b
Land #5658 , MSF version includes git hash now
2015-07-14 09:21:25 -05:00
wchen-r7
0582e7e3ca
Return nil instead of "null"
...
A scenario is when FF disables Flash, BES returns "null", and when
modules try to use Gem::Version, the "null" is considered a malformed
data and it won't be able to continue.
2015-07-14 01:25:41 -05:00
wchen-r7
8384be6466
Fix rand_text_alpha and bump max exploit count to 21
2015-07-14 01:02:01 -05:00
wchen-r7
d6565a9aee
Merge branch 'bes_flash' into bapv2_flash_test
2015-07-14 00:34:54 -05:00
jvazquez-r7
8fb6bedd94
Delete as3 detecotr
2015-07-13 18:23:39 -05:00
jvazquez-r7
8928c5529c
Fix Javascript code
2015-07-13 17:43:04 -05:00
jvazquez-r7
244d9bae64
Add max timeout
2015-07-13 16:52:25 -05:00
jvazquez-r7
9116460cb0
Add prototype with AS3
2015-07-13 16:33:55 -05:00
Brent Cook
07d05828d0
Land #5688 , remove msfcli
2015-07-13 15:27:38 -05:00
William Vu
93f154b395
Land #5695 , SMTPDeliver STARTTLS unspecific SSL
2015-07-13 18:54:41 +00:00
William Vu
0a5119a4ac
Land #5702 , vprint_* optional parameter
2015-07-13 18:47:22 +00:00
wchen-r7
884b779b36
Land #5593 , CVE-2015-1155 Safari file:// Redirection Sandbox Escape
2015-07-13 11:28:39 -05:00
wchen-r7
e638d85f30
Merge branch 'upstream-master' into bapv2
2015-07-12 02:01:09 -05:00
wchen-r7
8d40d30d47
Comemnt
2015-07-11 23:24:01 -05:00
wchen-r7
88357857a0
These datastore options don't need to set anymore
2015-07-11 23:22:05 -05:00
g0tmi1k
a4dc409c12
Add empty default vprint value
2015-07-11 19:38:27 +01:00
Brent Cook
8349a274ea
use and include git hash of Framework as part of the version
...
Because we do not always update the version number, multiple releases have
shown version string, which is not useful for helping debug issues, or for
knowing what features are enabled.
This adds the git hash or reads from a file a copy of the git hash (useful for
doing packaged builds without git) so that it is clear the origin of a
particular metasploit-framework version.
2015-07-10 18:03:37 -05:00
wchen-r7
89aa00cfc4
Check job workspace
2015-07-10 13:09:42 -05:00
wchen-r7
086de2c030
Pass more options
2015-07-10 12:39:43 -05:00
wchen-r7
513dcf3574
We don't need these methods anymore
2015-07-10 12:12:53 -05:00
Brent Cook
493971245a
switch nsock locally to TLS - don't assume self.sock is set
2015-07-10 12:10:53 -05:00
Brent Cook
3495d317b5
Do not lock SMTP STARTTLS to only use SSLv3
...
SSLv3 has been deprecated for some time, and is being actively disabled more
and more (http://disablessl3.com , https://tools.ietf.org/html/rfc7568 ).
To maintain forward compatibility, do not specify a maximum version
and insteady use the default from the local OpenSSL library instead. Fallbacks
to older versions will happen on handshake as needed.
2015-07-10 11:17:31 -05:00
OJ
51f59b3c8c
Re-add URI generation to reverse_http
2015-07-10 16:21:55 +10:00
wchen-r7
f59c99e2ff
Remove msfcli, please use msfconsole -x instead
...
msfcli is no longer supported, please use msfconsole.
Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
wchen-r7
21e44f235e
Example of doing Flash detection with Flash
2015-07-08 13:18:57 -05:00
Brent Cook
0b59e63084
keep advanced options on the fat side of the conditional
2015-07-07 22:44:34 -05:00
Brent Cook
23abc288c8
Resolved conflicts with master
2015-07-07 22:34:30 -05:00
wchen-r7
fdb715c9dd
Merge branch 'upstream-master' into bapv2
2015-07-07 13:45:39 -05:00
wchen-r7
dc0ce88279
We're note actually using Mubex, it might be causing a crash too
...
A problem we are seeing is that sometimes when BAP terminates
(ie: jobs -K), we hit a deadlock while jobs are trying to cleanup,
and sometimes that might cause msfconsole to crash and terminate.
We suspect this Mubex is a contributing factor but it has been hard
to prove because it's very hard to reproduce the crash.
2015-07-07 00:32:20 -05:00
wchen-r7
4a70e23f9a
Add ExploitReloadTimeout datastore option
...
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
HD Moore
0a4c6fb92f
Merge branch 'master' of github.com:rapid7/metasploit-framework
2015-07-06 14:24:52 -05:00
HD Moore
c68064ba36
Lands #5671 , re-integrates SMB fdleak/timeout settings
2015-07-06 14:23:59 -05:00
Mo Sadek
366d42a0d8
Land #5609 , Fuzzer.rb and file_info.rb YARD doc update
2015-07-06 14:12:55 -05:00
Mo Sadek
25bdf7a50a
Land #5427 , check payload compatability for set payload fix
2015-07-06 12:56:21 -05:00
jvazquez-r7
3595a23673
Restore #3738
2015-07-06 11:22:22 -05:00
Spencer McIntyre
2a89e248d7
Pymet fix send uuid logic for Python 3.x
2015-07-06 11:20:34 -04:00
HD Moore
3150549634
Experimental output show/hide for BAPv2
2015-07-05 19:07:10 -05:00
HD Moore
d2063c92e1
Refactor datastore names to match standards
2015-07-05 18:21:45 -05:00
joev
60a896f58b
Adjust extension timeout.
2015-07-05 16:48:25 -05:00
joev
b577f79845
Fix some bugs in the safari file navigation module.
2015-07-05 16:46:18 -05:00
OJ
aaaf6807ed
Minor indentation/space fixes
2015-07-05 09:18:27 +10:00
HD Moore
3c7298ba80
Fix additional copy-pasta cases of #5662
2015-07-04 12:38:04 -05:00
HD Moore
fb2da00bfd
Fix #5662 by not generating a small uri by default
2015-07-04 09:27:18 -07:00
Spencer McIntyre
29d45e3b18
Pymet patch in timeout info on generate_stage
2015-07-03 14:12:29 -04:00
wchen-r7
2b0f6e723d
Explain the byte sequence
2015-07-03 11:12:59 -05:00
wchen-r7
5c582b76ca
Resolves #4380 , check for warbird template
...
Resolves #4380 . Adds a check for warbird (license verification)
windows template. For reference please see:
http://thisissecurity.net/2014/10/15/warbird-operation/
2015-07-03 02:38:52 -05:00
Joshua Smith
5be94c12b6
Land #5602 , adds irb -e to core
2015-07-02 16:21:20 -05:00
Joshua Smith
434cffa258
clean up so idiomatic ruby details
2015-07-02 16:16:57 -05:00
HD Moore
7858d63036
Typo
2015-07-02 15:34:44 -05:00
HD Moore
43d47ad83e
Port BAPv2 to Auxiliary
2015-07-02 15:29:24 -05:00
HD Moore
6e31b9ef53
Initialize and rename the BES mutex
2015-07-02 15:11:03 -05:00
HD Moore
c5c7de0091
Rework browser profiles, get back to functional mode
2015-07-02 14:58:43 -05:00
HD Moore
c0969d4497
Fix module.uuid references
2015-07-02 13:45:38 -05:00
HD Moore
0e7f610836
Finish browser profile rework in BES
2015-07-02 12:58:21 -05:00
HD Moore
b9a8308138
Replace BAP profiles with a framework-instance hash
2015-07-02 12:53:24 -05:00
HD Moore
87e6325737
Revert BAPv2 changes to framework/libraries/handlers
2015-07-02 12:10:21 -05:00
Spencer McIntyre
0af397217c
Merge pymet transport feature into fresh branch
2015-07-02 08:43:13 -04:00
root
c4875a8821
Change sysinfo to sys.config.sysinfo
2015-07-02 11:38:37 +05:00
wchen-r7
8051a99f4a
Merge branch 'upstream-master' into bapv2
2015-07-01 18:45:42 -05:00
OJ
a5ad56754f
Use full namespace for PACKET_TYPE_RESPONSE
2015-07-02 08:03:39 +10:00
HD Moore
e7271e3c04
Call the Meterpreter methods directly vs pollute the namespace
2015-07-01 16:04:54 -05:00
William Vu
399b3d2810
Land #5629 , moar cmd_exec refactoring
2015-07-01 00:36:19 -05:00
Brent Cook
e99d63687f
Land #5608 , android and java meterpreter transport and sleep support
...
This also includes stageless Windows meterpreter fixes for process migration.
2015-07-01 00:23:36 -05:00
OJ
a2721323be
Handle failure better for first recv
2015-07-01 14:02:40 +10:00
OJ
9c2cd34e92
Fix payload required space, remove WOW64 code from x64
2015-07-01 13:39:05 +10:00
OJ
a44c31052b
reverse_tcp x64 stager reliability fixes
...
Also includes a slight tweak to x86
2015-07-01 12:43:41 +10:00
OJ
cf8bbbfa3d
reverse_tcp 32 bit stager resiliency
2015-07-01 11:03:08 +10:00
wchen-r7
7aeb9e555b
Change ranking and support CAMPAIGN_ID
2015-06-29 12:13:46 -05:00
jvazquez-r7
02cd2a9cd9
Fix #3951 Update Windows::Registry to use cmd_exec
2015-06-29 12:07:37 -05:00
William Vu
1bfa84b37b
Land #5628 , sessions -d removal
2015-06-29 11:45:27 -05:00
jvazquez-r7
834c0e594a
Update multi modules
2015-06-29 11:36:28 -05:00
Mo Sadek
dde853b0a0
Fixed "linee" to "line"
2015-06-29 11:27:50 -05:00
Mo Sadek
e5836fbdac
Removed session -d from core.rb
...
Ticket #4423
2015-06-29 10:57:50 -05:00
wchen-r7
7742d85f2f
I guess that's fine
2015-06-27 20:58:19 -05:00
wchen-r7
6136269ace
No can't do this
2015-06-27 13:53:29 -05:00
wchen-r7
5c039ccfd7
Even faster
2015-06-27 13:51:21 -05:00
wchen-r7
9bd920b169
Merge branch 'upstream-master' into bapv2
2015-06-27 12:19:55 -05:00
wchen-r7
88e58cbdc5
Better performance
2015-06-27 12:19:07 -05:00
OJ
007da4af41
Force :init_connect for stageless
2015-06-27 18:21:15 +10:00
Spencer McIntyre
79185e91c6
Refactor the pymet to use transport objects
2015-06-26 14:56:31 -04:00
wchen-r7
b46e1be22f
Land #5371 , Add file checking to the on_new_session cleanup
2015-06-26 13:33:57 -05:00
wchen-r7
0c608e2a4c
Change doc for boolean args
2015-06-26 12:01:53 -05:00
wchen-r7
1d9caeffc0
Update documentation for fuzzer.rb and file_info.rb
...
See #5599
2015-06-26 11:22:30 -05:00
OJ
f6ae1f4223
Merge branch 'upstream/master' into android-java-transport-refactor
2015-06-26 14:12:56 +10:00
OJ
a773979992
Java config wiring, tweak to include block counts
...
This commit adjusts the way that the config block is set for java and
android because behind the scenes the stageless connect-backs need to
know what to discard. as a result of connecting back to staged listeners
we need to be able to discard a number of bytes/blocks before we can
continue process (at least in the case of TCP).
2015-06-26 13:59:09 +10:00
Tod Beardsley
15f9fc5d8f
Land #5599 , YARD for fuzzer.rb
2015-06-25 14:37:55 -05:00
Mo Sadek
31c35715fc
YARD Documentation for file_info.rb
2015-06-25 11:08:35 -05:00
OJ
98156ec944
Add user agent to the transport config
...
Why this was missing I will never know :)
2015-06-25 14:51:06 +10:00
Spencer McIntyre
f6f21724a3
Support expressions for the irb command
2015-06-24 20:52:17 -04:00
OJ
d9b6e46685
Merge branch 'upstream/master' into android-java-transport-refactor
2015-06-25 09:50:42 +10:00
HD Moore
2807fb4f93
Bump the default timeout to 30 seconds based on feedback
2015-06-24 16:15:01 -05:00
HD Moore
4d58e49cdc
Land #5600 , update session info after migrate
2015-06-24 15:16:58 -05:00
Meatballs
151fa2f676
Update user info on migrate
2015-06-24 20:50:29 +01:00
Meatballs
e2f0dcb078
Raise an exception on invalid comms
2015-06-24 20:38:28 +01:00
Mo Sadek
e0c52730a0
YARD Documentation for Fuzzer.rb
2015-06-24 13:38:11 -05:00
Samuel Huckins
ea4d13586c
Merge pull request #5587 from trevrosen/bug/MSP-12834/crawler-choke-on-save
...
MSP-12834 #land
2015-06-24 09:43:51 -05:00
OJ
a8c20496be
Remove unused code from the java http stager
2015-06-24 22:37:40 +10:00
joev
c305348a3b
Fix the mixin to work in the exploit again.
2015-06-24 02:19:09 -05:00
joev
8b6fba4988
Tweak and fix some things in Safari file URL module.
2015-06-24 02:08:06 -05:00
OJ
e796e56c6c
Modify the staging process
2015-06-24 13:22:33 +10:00
Tod Beardsley
18a9585f7a
Add safari module for CVE-2015-1155
2015-06-23 16:15:50 -05:00
William Vu
dffc516d6d
Land #5583 , Android Meterpreter commands fix
2015-06-23 14:39:37 -05:00
Trevor Rosen
4e3a2b2b35
Upstream merge
2015-06-23 14:11:28 -05:00
Brent Cook
e75287875b
hack android-specific commands back to life
2015-06-22 20:41:58 -05:00
Brent Cook
e696d2f3dc
Merge branch 'master' into land-5348-ntds
2015-06-22 17:18:13 -05:00
Trevor Rosen
d53067b0b7
Fix ctype handling for body-less pages
...
#5515
2015-06-22 14:17:29 -05:00
Meatballs
64449d5035
Timestamp session output
2015-06-19 21:50:42 +01:00
Brent Cook
252b573ea8
Land #5547 , configurable auto session timeout
2015-06-19 15:35:33 -05:00
Meatballs
a5469fd906
Remove redundant methods
2015-06-19 21:28:47 +01:00
wchen-r7
ef57afbfcf
Explain about performance problems
2015-06-19 13:35:14 -05:00
wchen-r7
9da99a8265
Merge branch 'upstream-master' into bapv2
2015-06-19 11:36:27 -05:00
g0tmi1k
ce9481d2b7
Inconstancy - If datastore['VERBOSE'] vs vprint
2015-06-18 09:27:01 +01:00
wchen-r7
e549580ad2
Linux doesn't like the uppercase
2015-06-18 00:40:47 -05:00
wchen-r7
5fa864b097
done with rspec
2015-06-17 16:23:39 -05:00
William Vu
dc07938668
Land #5550 , custom exe_filename for to_exe_vba
2015-06-16 19:10:49 -05:00
g0tmi1k
37546c7e18
to_exe_vbs - Allow for exe_filename to be defined
2015-06-17 01:13:33 +01:00
g0tmi1k
b40e9f6d46
util/exe - replace tabs with spaces
...
...formatting should be okay still
2015-06-17 01:10:18 +01:00
g0tmi1k
3410782fe9
Capitalized 'Accepted'
2015-06-16 19:42:32 +01:00
OJ
9dbdaf13ea
Add AutoVerifySessionTimeout Meterpreter advanced option
2015-06-17 00:20:59 +10:00
William Vu
8d640a0c8f
Land #5527 , multi/handler -> exploit/multi/handler
2015-06-15 10:23:26 -05:00
benpturner
b3754d750f
Compression on a pre-script does not work in this context. Removed the elsif part of this code
2015-06-14 22:46:42 +01:00
RageLtMan
d9c046449d
Fix comparison of string to Fixnum
2015-06-14 16:55:46 -04:00
RageLtMan
6d5e0b93d3
Use random id generator appropriately
...
Powershell::Script includes a random generator (@rig) which can
produce non repeating randomized identifiers to be used as var
names within the PSH code.
Unwrap script handling in powershell env stager to instantate a
method-local Powershell::Script object and access its :rig to
generate identifiers.
2015-06-14 14:53:51 -04:00
HD Moore
ab6f3a7373
Fix #5531 , the ```stage_payload``` method does not take arguments.
2015-06-13 18:26:56 -05:00
g0tmi1k
6dcc9b7dab
More inconsistencies
2015-06-12 21:59:15 +01:00
wchen-r7
6eb25743e3
Merge branch 'upstream-master' into bapv2
2015-06-09 10:10:00 -05:00
wchen-r7
07d1282afb
Correct file naming for better Ruby coding style
2015-06-08 12:17:49 -05:00
David Maloney
2a474c8375
Merge branch 'master' into feature/MSP-12358/ntds-dump-module
2015-06-08 11:42:03 -05:00
wchen-r7
5a6a16c4ec
Resolve #4326 , remove msfpayload & msfencode. Use msfvenom instead!
...
msfpayload and msfencode are no longer in metasploit. Please use
msfvenom instead.
Resolves #4326
2015-06-08 11:30:04 -05:00
HD Moore
1f11cd5470
Lands #5446 , support for 64-bit native powershell payloads
2015-06-07 14:16:19 -05:00
benpturner
20b605e7cb
Remove duplicate exec
2015-06-07 18:11:11 +01:00
RageLtMan
a46510465d
Fix older Windows payloads to not require UUID
...
Default Windows payload to not include_send_uuid for compatibility.
2015-06-07 02:58:31 -04:00
HD Moore
bd36908383
Fix #5500 by checking for session.respond_to?(:response_timeout)
2015-06-06 17:07:03 -05:00
William Vu
d4ddc53856
Fix #5499 , small fix for line clearing
2015-06-06 15:58:45 -05:00
William Vu
f761d411c4
Adjust line clearing to cover only the text
2015-06-06 15:58:23 -05:00
William Vu
89e7dc6cf2
Land #5499 , polish dem spinners
2015-06-06 15:21:09 -05:00
HD Moore
2942cb165f
Land #5415 , changes spaces in PSH shell output
2015-06-06 14:55:33 -05:00
HD Moore
fe09d9888e
Small rework of the spinners, clear the line when done
2015-06-06 14:30:42 -05:00
wchen-r7
4b6dcbb9d9
remove junk method
2015-06-05 22:03:56 -05:00
wchen-r7
7ca15f1ae1
Update select_payload doc
2015-06-05 21:06:20 -05:00
wchen-r7
4e058c942e
Fix typo
2015-06-05 21:04:22 -05:00
wchen-r7
a7fa434e89
If exploit list is empty, have the option to return content
2015-06-05 21:03:24 -05:00
wchen-r7
fb8abe54fc
This will continue loading the rest of the exploits
2015-06-05 17:52:40 -05:00
wchen-r7
188b15b17f
Fix the symbol vs string prob
2015-06-05 16:18:56 -05:00
Brent Cook
bb9439e463
land #5487 , refactor and fix save function for db_nmap
2015-06-05 12:31:23 -05:00
wchen-r7
e1c30e973d
Fix SRVHOST
2015-06-05 12:14:43 -05:00
wchen-r7
f8c5e5a70a
Don't show "Server stopped"
2015-06-05 11:16:43 -05:00
wchen-r7
ecdeeea5c6
Make sure super is called
2015-06-05 11:11:40 -05:00
wchen-r7
be60f964c6
Call super for cleanup
2015-06-05 10:50:52 -05:00
wchen-r7
69968fc9f1
Merge branch 'upstream-master' into bapv2
2015-06-04 23:36:24 -05:00
wchen-r7
910ae8a480
Fix #5461 , actually stop a job from the RPC service
...
Fix #5461 . The RPC service is incorrectly using the wrong method to
stop a job, this patch should fix that.
2015-06-04 23:09:55 -05:00
William Vu
a53a68cfc2
Refactor db_nmap and fix the save option
2015-06-04 18:40:19 -05:00
wchen-r7
7de78c1d69
Land #5447 , more info about using the deprecated report_auth_info
2015-06-04 12:37:22 -05:00
wchen-r7
be709ba370
Merge branch 'upstream-master' into bapv2
2015-06-04 10:33:07 -05:00
jvazquez-r7
d22dda2bab
Provide more context and references
2015-06-01 10:33:40 -05:00
benpturner
9d1a7cead4
New modules to support 64bit process powershell.
2015-06-01 16:11:23 +01:00
Brent Cook
64e86165ef
remove android meterpreter bins, update to payloads 1.0.2
...
This switches us to using the Android payload files from the
metasploit-payloads gem
2015-06-01 09:14:31 -05:00
Brent Cook
70ef1b83f9
Merge branch 'master' into land-5366-android
2015-06-01 09:07:55 -05:00
wchen-r7
5c890004b8
Do stop_service in cleanup
2015-05-29 18:32:57 -05:00
wchen-r7
28d35a5bf4
Update doc
2015-05-29 18:03:56 -05:00
wchen-r7
58c5767330
Don't need stderr.puts
2015-05-29 17:41:29 -05:00
wchen-r7
0384b115e9
Fix reload bug
2015-05-29 17:41:02 -05:00
OJ
3dd3ef5edb
Merge branch 'upstrea/master' into winhttp-ie-proxy
2015-05-30 08:03:43 +10:00
jvazquez-r7
af326a4f88
Use compatible_payloads instead of copy and paste
2015-05-29 16:55:19 -05:00
Brent Cook
6d488c63d4
php UUIDOptions->UUID::Options
2015-05-29 16:33:03 -05:00
Brent Cook
b8a8e65c2c
Merge branch 'master' into land-5394-uuid-tracker
2015-05-29 16:22:45 -05:00
Brent Cook
7b0006a1b2
Merge branch 'master' into land-5394-uuid-tracker
2015-05-29 15:41:31 -05:00
wchen-r7
defda01d87
Some doc
2015-05-29 15:09:29 -05:00
wchen-r7
b33ace2f44
Put is_payload_compatible? in exploit.rb
2015-05-29 15:07:59 -05:00
wchen-r7
13779adab4
Merge branch 'upstream-master' into bapv2
2015-05-29 14:59:04 -05:00
wchen-r7
6be363d82a
Merge branch 'upstream-master' into bapv2
2015-05-29 14:58:38 -05:00
Brent Cook
340792aae4
don't jump past the uuid sender on win32/tcp connect
2015-05-29 14:34:27 -05:00
wchen-r7
dab9a66ea3
Use current ruby hash syntax
2015-05-29 13:43:20 -05:00
Brent Cook
7d5af66fa0
Merge branch 'master' into land-5367-uuid-stagers
2015-05-29 13:00:35 -05:00
Brent Cook
8f747d2541
Land #5382 , add meterpreter session reconnect RPC call
2015-05-29 12:53:15 -05:00
RageLtMan
f575b31d58
Remove double assignment typo
2015-05-29 05:05:35 -04:00
RageLtMan
1a08da09cb
Fix compression check logic
...
Initial check logic would compress any script, even those which
would not need it since an uncompressed script fitting the buffer
would likely fit compressed (unless its uncompressable and the
decoder stub overflows). Ensure that compression occurs only when
a compressed script would fit while the uncompressed one does not.
2015-05-29 04:15:57 -04:00
RageLtMan
e9821f6a70
Update stage_psh_env method
...
Replace variable names with generated strings to increase entropy.
Add compression test for stager to determine if a compressed PSH
script will fit into the allowed space. If so, compress and exec
without staging.
Add variable name cleanup to stager mechanism - Remove-Variable
with -ErrorAction SilentlyContinue is called on each stager var
name after the stager executes.
TODO: Update method documentation
2015-05-29 04:04:51 -04:00
RageLtMan
f575fb8df9
Merge branch 'feature-merge_psh_updates_201505'
...
Conflicts:
lib/msf/core/post/windows/powershell.rb
Rename upload_script_via_psh to stage_psh_env within post PSH lib.
Perform the same rename within load_script post module.
2015-05-29 03:42:25 -04:00
wchen-r7
737559bcbb
Land #5180 , VBA Powershell for Office Macro
2015-05-28 19:55:27 -05:00
Spencer McIntyre
24b4dacec5
Land #5408 , @g0tmi1k fixes verbiage and whitespace
2015-05-27 21:02:02 -04:00
wchen-r7
583fccdbc8
Resolve #5404 , Check payload compatibility when using set payload
...
Resolve #5404 . This patch will check payload compatibility when
you are using set payload in msfconsole.
2015-05-27 18:28:08 -05:00
wchen-r7
5d0053e4ef
Move iframe instead of hiding, which seems to improve Flash reliability
2015-05-27 00:43:47 -05:00
wchen-r7
60cdf71e6c
Merge branch 'upstream-master' into bapv2
2015-05-26 15:56:48 -05:00
Brent Cook
d76a9c6565
Land #5409 , update cmd stager documentation.
...
Merge remote-tracking branch 'upstream/pr/5409' into upstream-master
2015-05-26 10:34:03 -05:00
benpturner
abd4ab548d
Edit spaces within the powershell session command
2015-05-25 20:10:29 +01:00
wchen-r7
3102741157
Don't need print_line
2015-05-25 11:54:58 -05:00
wchen-r7
3d5248f023
This is better
2015-05-25 11:46:18 -05:00
benpturner
e06f47b2bd
Updates load_script to have support for folders and to include the stager process in the mixin module for other post mods
2015-05-25 15:48:27 +01:00
OJ
307dcd09dd
Update payload cache sizes again
2015-05-25 20:12:20 +10:00
OJ
87bc198c82
x64 winhttp ie proxy support, autoconfig ignore
2015-05-25 20:01:37 +10:00
wchen-r7
db09b9846c
I think I found the speed back
2015-05-25 02:44:57 -05:00
wchen-r7
72112317cc
Update
2015-05-25 01:58:34 -05:00
wchen-r7
3efe22d5e2
This seems better, slower though
2015-05-25 01:42:34 -05:00
OJ
78176c4335
First pass of IE proxy support for winhttp x86
2015-05-25 15:44:35 +10:00
OJ
43f7054a5c
Refactor base64 stub into base module
...
As per @zeroSteiner's suggestion.
2015-05-25 11:51:01 +10:00
OJ
9e50114082
Merge branch 'upstream/master' into uuid-stagers
2015-05-25 11:22:35 +10:00
OJ
9042f141ff
Implement the IPv6 UUID bind stagers
2015-05-25 11:21:28 +10:00
wchen-r7
7089bd945a
This payload handling looks much better
2015-05-24 12:47:20 -05:00
Spencer McIntyre
6fb2da4f62
Fix #5391 , cmd stager documentation fixes
2015-05-23 13:56:49 -04:00
wchen-r7
a376464710
It kind of blew up
2015-05-23 05:26:13 -05:00
wchen-r7
f378b45408
bug fixes, sorta
2015-05-23 05:06:15 -05:00
wchen-r7
7f4b51f0ff
Fix nil bug
2015-05-23 02:08:51 -05:00
wchen-r7
60b0be8e3f
Fix a lot of bugs
2015-05-23 01:59:29 -05:00
wchen-r7
916b7b83be
Change how we load payload handlers
2015-05-22 20:35:43 -05:00
jvazquez-r7
d10b20b7a3
Land #5251 , @hmoore-r7's second opportunity to Oracle connect
...
SYSTEM shouldn't have SYSDBA privileges by default anymore
2015-05-22 17:47:41 -05:00
jvazquez-r7
41a86b2e9b
add vprint_status
2015-05-22 17:46:56 -05:00
wchen-r7
6de75ffd9f
Merge branch 'upstream-master' into bapv2
2015-05-22 17:11:03 -05:00
jvazquez-r7
c201955fdf
Land #5387 , @wchen-r7's user-configurable HTTP timeout
...
Fixes #5219 , Add connection timeout and response timeout for HttpClient
2015-05-22 15:36:11 -05:00
jvazquez-r7
e0d9ee062f
Use HttpClientTimeout
2015-05-22 13:35:37 -05:00
wchen-r7
8fd468a89f
Get the dry-run feature right this time
2015-05-22 13:07:30 -05:00
wchen-r7
905fe73d78
Track clicks
2015-05-22 12:57:06 -05:00
wchen-r7
e8a32bdd10
Make MaxSessions/RealList/Custom404 work better
2015-05-22 12:40:56 -05:00
wchen-r7
2bb6f390c0
Add session limiter and fix a race bug in notes removal
2015-05-22 12:22:41 -05:00
HD Moore
078438f66e
Update UUIDOptions -> UUID::Options
2015-05-22 00:30:05 -05:00
HD Moore
c17ee64d81
Merge branch 'master' into feature/uuid-registration
2015-05-22 00:29:16 -05:00
OJ
c07ff70f19
Add check for UUID payloads
...
Thankfully those payloads already had a flag that could be reused.
2015-05-22 15:11:12 +10:00
Brent Cook
9ce669f878
Land #5328 : reworked x64 http/https stagers
2015-05-21 23:26:34 -05:00
OJ
10bd75348c
Merge branch 'upstream/master' into uuid-stagers
2015-05-22 13:07:25 +10:00
OJ
a6a274d3a3
Merge recent stager changes
2015-05-22 13:01:45 +10:00
HD Moore
9b17b63259
Switch to append mode for x86 service templates, fixes #5403
2015-05-21 20:42:20 -05:00
HD Moore
ea9059f930
Fix broken endian specification (<I vs I<)
2015-05-21 20:00:22 -05:00
wchen-r7
c29bb35e28
Change datastore name
2015-05-21 10:15:03 -05:00
David Maloney
356f361b40
add sid to the the yard docs
...
you win this round OJ ;)
MSP-12722
2015-05-21 09:30:09 -05:00