Commit Graph

8207 Commits (a9b9a58d4d9d7a8809eb3a5401ffbddafb0f90d8)

Author SHA1 Message Date
William Vu cb0493e5bb Recreate Msf::Exploit::Remote::Fortinet
To match the path, even though it's kinda lame including it just for the
monkeypatch.
2016-02-29 15:04:02 -06:00
William Vu 300fdc87bb Move Fortinet backdoor to module and library 2016-02-29 12:06:33 -06:00
wchen-r7 2950996cb8
Land #6612, Add aux module for Fortinet backdoor 2016-02-29 12:02:49 -06:00
William Vu 53d703355f Move Fortinet backdoor to module and library 2016-02-29 11:57:42 -06:00
Brent Cook a87cf02b50
Land #6524, fix reverse_http to try binding to LHOST first 2016-02-25 20:25:02 -06:00
Gregory Mikeska cbc5b296e4
implement engines method locally instead of adding refinement 2016-02-25 11:05:17 -06:00
wchen-r7 58ad2175b8 Raise when no network connection 2016-02-24 18:57:40 -06:00
RageLtMan d7ba37d2e6 Msf::Exploit::Remote::HttpServer print_* fix
Exploit::Remote::HttpServer and every descendant utilizes the
print_prefix method which checks whether the module which mixes in
these modules is aggressive. This is done in a proc context most
of the time since its a callback on the underlying Rex HTTP server.

When modules do not define :aggressive? the resulting exceptions
are quietly swallowed, and requestors get an empty response as the
client object dies off.

Add check for response to :aggressive? in :print_prefix to address
this issue.
2016-02-21 20:20:22 -05:00
Micheal 3e22de116f Changes to fix peer and style as recommended by jhart-r7. 2016-02-20 13:53:32 -08:00
wchen-r7 24530e2734 Scrollable list, tab name change, print_status 2016-02-19 20:46:39 -06:00
Louis Sato 9ba82453f8
Land #6584, cidr notation addition for route command 2016-02-19 12:20:00 -06:00
Brent Cook b409b2237d update to use the common bind_addresses method 2016-02-18 18:17:56 -06:00
wchen-r7 4c716a268d Set some flags 2016-02-18 16:11:34 -06:00
Brent Cook 1e58b1574a
Land #6502, add -x flag for showing extended sessions info 2016-02-18 15:37:41 -06:00
Brent Cook d316609fef put extra columns under the -x flag 2016-02-18 15:36:43 -06:00
wchen-r7 3beaeceb0e Special-case bap2 2016-02-18 15:19:39 -06:00
wchen-r7 e5ad6fa781 Support "knowledge base" 2016-02-18 15:02:24 -06:00
wchen-r7 02834d4251 Add API documentation 2016-02-18 11:44:14 -06:00
wchen-r7 68703e1955 Break down DocumenGenerator, fix a bug when opening local md 2016-02-18 10:25:40 -06:00
Brent Cook b5ae4c0322 remove the sleep 2016-02-18 08:33:44 -06:00
wchen-r7 a5f3bddfc8 Support RPC API 2016-02-18 00:39:12 -06:00
wchen-r7 089d6985b6 Add more demo templates 2016-02-18 00:17:32 -06:00
wchen-r7 1bfe1ad140 More demos 2016-02-17 19:04:06 -06:00
wchen-r7 76f2c917ee Allow no GITHUB_OAUTH_TOKEN, and gsub for demo 2016-02-17 15:38:30 -06:00
wchen-r7 0b095cf08a Remove unwanted variable 2016-02-17 15:25:31 -06:00
wchen-r7 8b267efa2d No need to gsub the first 12 spaces anymore 2016-02-17 14:29:33 -06:00
wchen-r7 714106174e Do external erb template 2016-02-17 14:27:29 -06:00
wchen-r7 d5c005d948 HTML-escape some fields 2016-02-17 13:56:03 -06:00
wchen-r7 5339bb50d8 Support targets 2016-02-17 13:48:24 -06:00
James Lee 28e6d8ef9e
Allow CIDR notation for the route command 2016-02-17 09:44:32 -06:00
wchen-r7 08dff6541d rm junk code 2016-02-16 23:29:08 -06:00
wchen-r7 509a1e8de1 Add manual for demo purposes 2016-02-16 23:18:29 -06:00
wchen-r7 b0cfb4aacf Add info -d to show module documentation in .md 2016-02-16 22:44:03 -06:00
James Lee 35e0a433ea
Make error output more useful 2016-02-16 14:45:00 -06:00
Brent Cook aff118a3a5 don't send a response on invalid UUID 2016-02-16 09:19:45 -06:00
Brent Cook 95484c81fd
Land #6526, fix browser exploit server spec 2016-02-15 16:23:04 -06:00
Brent Cook 1f58ad15ac Browser::Exploit::Server needs to have vprint* 2016-02-15 16:21:24 -06:00
Brent Cook 3d1861b3f4 Land #6526, integrate {peer} string into logging by default 2016-02-15 15:19:26 -06:00
Brent Cook 4db2840af9
Land #6385, add .apk template support for msfvenom 2016-02-15 14:27:08 -06:00
Brent Cook 2386cb1344
Land #6527, add support for importing Burp suite vuln exports 2016-02-10 13:19:21 -06:00
wchen-r7 d5c3fcae04
Land #6511, Bump Jsobfu version to support preserved_identifiers 2016-02-05 15:57:53 -06:00
Brian Patterson 4dcbd7c1ae
Add a nokogiri xml stream parser for Burp issue xml and rename original burp parser to burp session parser so both are supported. 2016-02-04 10:30:56 -06:00
Jon Hart 869bf884c6
OptPath with no value is valid 2016-02-03 14:53:47 -08:00
Jon Hart df9d46eec2
Normalization for OptPath 2016-02-03 14:37:29 -08:00
Jon Hart 53d4e31844
Allow OptPath to valid symbolic paths that need expansion 2016-02-03 14:12:03 -08:00
wchen-r7 d55e68e76b Fix bug in js_obfuscate 2016-02-02 11:25:39 -06:00
James Lee 208420d741
Sort methods 2016-02-02 10:02:32 -06:00
William Vu b4ed55b4d4 Fix reverse_http{,s} LHOST bind address 2016-02-02 09:57:11 -06:00
William Vu 93bdea0a60 Add tab completion for ReverseListenerBindAddress 2016-02-01 13:57:45 -06:00
William Vu 1828b7fda6
Land #6512, Acunetix importer missing scheme fix 2016-01-29 13:17:44 -06:00
Brent Cook cd56470759
Land #6493, move SSL to the default options, other fixes 2016-01-29 11:09:51 -06:00
OJ 7b4f3f8148 Remove -vv, restore -v and add -ci 2016-01-29 11:52:21 +10:00
Adam Cammack e542a6c8cf
Fix importing with Acunetix
Add a default scheme of `http://` to URIs without a scheme. Also update
some documentation.
2016-01-28 16:37:14 -06:00
wchen-r7 f4139f85cb Change to JsIdentifiers 2016-01-28 15:18:25 -06:00
wchen-r7 4bd2be5dfa Add preserved_identifiers support 2016-01-28 14:36:42 -06:00
James Lee c2f8e95492
Missed one 2016-01-28 14:18:19 -06:00
James Lee ad026b3a7a
Add #peer to Tcp 2016-01-28 13:58:24 -06:00
James Lee 537c7e790e
Use vprint_status instead of reimplementing it 2016-01-28 12:51:20 -06:00
wchen-r7 51efb2daee
Land #6422, Add support for native target in Android webview exploit 2016-01-27 14:27:41 -06:00
OJ 69d9ff7958 Add an extended mode to the session list 2016-01-25 22:36:13 +10:00
Brent Cook a587975f90 be more robust and careful breaking from the accept thread 2016-01-23 01:46:58 -06:00
Christian Mehlmauer e6147d60e2 fix rspecs 2016-01-22 23:43:13 +01:00
Christian Mehlmauer 158b1e473c revert value 2016-01-22 23:38:45 +01:00
Christian Mehlmauer 02841c79c3 some slight changes 2016-01-22 23:38:45 +01:00
Christian Mehlmauer 0546911eef fix error when invalid classname eg "class Metasploit1 < .." 2016-01-22 23:38:45 +01:00
Christian Mehlmauer 8f4752d11e show load warnings to the user 2016-01-22 23:38:45 +01:00
Christian Mehlmauer 7dac21f58c do not fail on old class name 2016-01-22 23:36:37 +01:00
Christian Mehlmauer 51eb79adc7 first try in changing class names 2016-01-22 23:36:37 +01:00
Brent Cook 91700f17e3 tidy up the ruby style while we're in here testing 2016-01-22 14:43:19 -06:00
Brent Cook ac8b483d32 don't break the accept loop just because we got a client connection that closed early 2016-01-22 13:52:00 -06:00
Christian Mehlmauer 0871fe25e8
change text 2016-01-22 07:38:44 +01:00
Christian Mehlmauer e0de78280d
move SSL to the default options 2016-01-22 07:05:23 +01:00
James Lee 0f7e3e954e
HttpServer's print prefix with... wait for it...
print_prefix
2016-01-20 13:44:18 -06:00
Brent Cook 28cf943bcb Fix a couple of missing requires in payloads.
This pops up occasionally. This fixes a couple of anecdotal reports of missing
requires that cause the loader to fail, depending on the directory sort order.

It also fixes the problem as reported in #6460
2016-01-14 13:17:26 -06:00
Brent Cook 8479d01029
Land #6450, add TLS support to MSSQL 2016-01-14 12:17:40 -06:00
Brent Cook 37178cda06
Land #6449, properly handle HttpServer resource collisions 2016-01-14 12:15:18 -06:00
James Lee a7869975d8
Remove useless variable 2016-01-14 10:04:23 -06:00
James Lee 1f61eb50be
Sort methods 2016-01-14 09:09:29 -06:00
Manuel Mancera 4ab58caa93 Fix the help option for vulns command 2016-01-11 22:19:44 +01:00
Jonathan Harms 5266860cec Squashed more commits back into 1 2016-01-07 17:53:49 -06:00
wchen-r7 6a2b4c2530 Fix #6445, Unexpected HttpServer terminations
Fix #6445

Problem:
When an HttpServer instance is trying to register a resource that
is already taken, it causes all HttpServers to terminate, which
is not a desired behavior.

Root Cause:
It appears the Msf::Exploit::Remote::TcpServer#stop_service method
is causing the problem. When the service is being detected as an
HttpServer, the #stop method used actually causes all servers to
stop, not just for a specific one. This stopping route was
introduced in 04772c8946, when Juan
noticed that the java_rmi_server exploit could not be run again
after the first time.

Solution:
Special case the stopping routine on the module's level, and not
universal.
2016-01-07 16:55:41 -06:00
Brent Cook eb0b66a4cf
Land #6390, report exceptions on bind/listen failure 2016-01-06 21:44:06 -06:00
James Lee 2dd59a932b
Clean up some warnings 2016-01-04 16:02:43 -06:00
James Lee 05d8f9d186
Make sure addr is not nil
See http://ruby-doc.org/stdlib-2.2.2/libdoc/socket/rdoc/Socket/Ifaddr.html#method-i-addr
Which says:
    Returns the address of *ifaddr*. nil is returned if address is not
    available in *ifaddr*.

I ran into this with a teql interface, but who knows what else might
trigger it.
2016-01-04 15:58:03 -06:00
joev 00dc6364b5 Add support for native target in addjsif exploit. 2016-01-03 01:07:36 -06:00
Brent Cook bcd1a6d45e make JSON key format a little more standard, emit options 2015-12-30 16:00:09 -06:00
Chris Doughty 2a0ae144df Fixup rubocop warnings for cleanup purposes 2015-12-30 14:33:02 -06:00
Chris Doughty bb857e7a33 Add new line after json output for cleaner usability 2015-12-30 14:32:31 -06:00
Chris Doughty 3f98511d7c Cleanup logic to force an output type 2015-12-29 15:11:16 -06:00
Chris Doughty 29ea553e03 Adding a json formatting option to the info command 2015-12-29 13:57:35 -06:00
Jon Hart beb2fa9f92
Use bind_addresses rather than bind_address; fixes #6394 2015-12-24 09:20:21 -08:00
Jon Hart efdb6a8885
Land #6392, @wchen-r7's 'def peer' cleanup, fixing #6362 2015-12-24 08:53:32 -08:00
Tim 5d0e868fd6 facebook.orca fixes 2015-12-24 12:21:08 +00:00
Tim 69b65e7d39 fix error handling 2015-12-24 09:13:56 +00:00
Brent Cook 17ad41070b
Land #6380, allow linux x86 meterpreter in the pref list 2015-12-23 16:10:26 -06:00
Brent Cook e4f9594646
Land #6331, ensure generic payloads raise correct exceptions on failure 2015-12-23 15:43:12 -06:00
wchen-r7 cea3bc27b9 Fix #6362, avoid overriding def peer repeatedly
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
wchen-r7 a16a10aaf6 Fix #6371, being able to report an exception in #job_run_proc
Fix #6371

When a browser fails to bind (probably due to an invalid port or
server IP), the module actually fails to report this exception from
exception, the method calls exploit.handle_exception(e). But since
handle_exception is not a valid method for that object, it is unable
to do so, and as a result the module fails to properly terminate
the module, or show any error on the console. For the user, this will
make it look like the module has started, the payload listener is up,
but there is no exploit job.

Rex::BindFailed actually isn't the only error that could be raised
by #job_run_proc. As far as I can tell registering the same resource
again could, too. With this patch, the user should be able to see this
error too.

Since the exploit object does not have access to the methods in
Msf::Simple::Exploit, plus there is no other code using
handle_exception and setup_fail_detail_from_exception, I decided
to move these to lib/msf/core/exploit.rb so they are actually
callable.
2015-12-22 16:35:29 -06:00
Brent Cook 3f4c6eb370
Land #5383, allow tunneling reverse_tcp meterpreter sessions without 'route add' 2015-12-22 15:42:42 -06:00
Tim d2a9aa18d8 fix sillyness 2015-12-22 16:06:01 +00:00
Tim eeea4bde9d integrate ./msfvenom -x for android payloads 2015-12-22 15:58:27 +00:00
Tim 662a6dfd53 ¯\_(ツ)_/¯ 2015-12-22 14:49:00 +00:00
Tim d2cc32a389 integrate apk_backdoor with msfvenom 2015-12-22 14:49:00 +00:00
wchen-r7 fa390358a2 Add linux/x86/meterpreter/reverse_tcp to the preference list
linux/x86/meterpreter/reverse_tcp was not added to the preference
list, because at the time it was reliable. For example: it would
crash while running a post module. This is not the case anymore,
so it looks like linux/x86/meterpreter/reverse_tcp is ready to
serve.
2015-12-21 23:09:54 -06:00
wchen-r7 2cc54a7a43 Make joomla.xml go first
Reason is here:
https://github.com/rapid7/metasploit-framework/pull/6373#issuecomment-166446092
2015-12-21 22:59:13 -06:00
wchen-r7 17b67b8f1b Add trailing / 2015-12-19 17:18:34 -06:00
wchen-r7 5ff02956c9 Lower joomla.xml 2015-12-19 13:46:13 -06:00
wchen-r7 0fda963601 Have multiple paths to find the generator tag 2015-12-19 13:45:41 -06:00
wchen-r7 6dada5f20f add another we can check
administrator/manifests/files/joomla.xml
2015-12-19 12:06:06 -06:00
wchen-r7 7d8ecf2341 Add Joomla mixin 2015-12-18 21:14:04 -06:00
Jon Hart b78f7b4d55
Land #6319, @all3g's module for abusing redis to achieve file uploads 2015-12-14 18:00:44 -08:00
Jon Hart 6611da9239
strip, not stripgit diff. strip! returns nil if the string was unmodified 2015-12-11 19:22:57 -08:00
Jon Hart dcdc21e2db
Correct unbalanced quotes
You down with OCD (Yeah you know me).
2015-12-11 18:44:14 -08:00
Jon Hart e23908d672
Improve verbose output related to authentication handling 2015-12-11 18:32:00 -08:00
Jon Hart 1a0f71b6fa
Try to catch case where post-auth commands are failing 2015-12-11 17:23:03 -08:00
Jon Hart 9cec3d9e6b
Move redis password option to non-advanced 2015-12-11 17:03:49 -08:00
Jon Hart 1fecd9846c
Bury some helper methods behind private 2015-12-11 10:13:13 -08:00
Jon Hart 9ef46140c0
Improve output when success 2015-12-11 10:10:44 -08:00
Jon Hart 32a64c3d8e
Make auth easier, work automatically and on older redis versions
Also, improve check
2015-12-11 10:04:47 -08:00
Jon Hart ac47c87af4
Move Password option to redis mixin 2015-12-11 08:53:11 -08:00
Jon Hart 38d0b0a0f2
Wire in @all3g's redis auth code 2015-12-11 08:42:59 -08:00
Jon Hart 555e52e416
Document the redis upload process more 2015-12-10 09:35:46 -08:00
Jon Hart 00f72b279b
Cleaner printing when in verbose 2015-12-10 09:12:54 -08:00
Jon Hart 21ab4e96e5
First pass at redis mixin 2015-12-10 08:29:59 -08:00
wchen-r7 07ef09e0b6 Avoid Msf::Module::Platform
We don't know how to generate an exe payload if the platform is
Msf::Module::Platform, so don't use it.
2015-12-08 21:40:30 -06:00
wchen-r7 9e52663705 Doc
Fix #6330
2015-12-08 21:24:39 -06:00
wchen-r7 11c1eb6c78 Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
2015-12-08 21:13:23 -06:00
wchen-r7 5b27d3a99c This looks right 2015-12-08 20:42:35 -06:00
wchen-r7 cea8c40432 Fix generate_payload_exe for generic payload support
Platform can be seen from different sources:

1. From the opts argument. For example: When you are using
   generate_payload_exe, and you want to set a specific platform.
   This is the most explicit. So we check first.

2. From the metadata of a payload module. Normally, a payload module
   should include the platform information, with the exception of
   some generic payloads. For example: generic/shell_reverse_tcp.
   This is the most trusted source.

3. From the exploit module's target.

4. From the exploit module's metadata.

Architecture shares the same load order.
2015-12-08 20:26:07 -06:00
wchen-r7 080ec26afb
Land #4489, Update SMB admin modules to use Scanner & fixes 2015-12-08 14:49:26 -06:00
Stuart Morgan 0cb18004ec Rubocop 2015-12-05 15:28:56 +00:00
Stuart Morgan 61ad1a60f5 Removed EOL spaces (msftidy) 2015-12-05 15:27:13 +00:00
Stuart Morgan e190dcb61a Merge branch 'master' of https://github.com/rapid7/metasploit-framework into add_delay_jitter_to_scan 2015-12-05 15:25:11 +00:00
Stuart Morgan d645052391 Moved the 'add_delay_jitter' function to scanner.rb so that all modules can benefit from it if needed 2015-12-05 15:02:31 +00:00
wchen-r7 14b1b3a1f0
Land #6299, Stageless HTTP(S) Python Meterpreter 2015-12-04 16:16:54 -06:00
Sonny Gonzalez d7aeabbb71
Land #6293, listener bind_port fix 2015-12-02 13:16:23 -06:00
jvazquez-r7 58cf9f4fcd
Land #6301 for sure, @busterb's REALLY wants to delete go_pro :) 2015-12-02 09:38:40 -06:00
jvazquez-r7 545e8a2ea0
Land #6301, @busterb removes the go_pro command 2015-12-02 09:28:08 -06:00
William Vu 6d3c4868a3
Land #6286, bind port display in jobs 2015-12-02 02:21:14 -06:00
William Vu 098c573f82
Land #6291, DisablePayloadHandler Boolean fix
Nice call with Regexp#===, @wchen-r7. :)
2015-12-02 02:17:59 -06:00
Brent Cook fbeaeb2877 remove more unneeded machinery for go_pro 2015-12-01 22:32:50 -06:00
Brent Cook 6ab2919c40 remove go_pro command 2015-12-01 15:29:21 -06:00
Spencer McIntyre 388edd3207 Fix the scheme for the pymet ProxyHandler 2015-11-30 13:45:24 -05:00
Spencer McIntyre fba9715a56 Add stageless python meterpreter http & https payloads 2015-11-28 17:41:55 -05:00
Jon Cave 0c8eb6fb37 Display ReverseListenerBindPort if it is set
ReverseListenerBindPort overrides LPORT if it is used. The `listener_uri`
method should use the output `bind_port` to account for this.
2015-11-27 09:16:20 +00:00
wchen-r7 c888726a1a Fix #6287, check DisablePayloadHandler value in exploit.rb
It looks active_module datastore options are always strings. They
are actually different than what the module uses (normalized), so
we have to always have to check it.
2015-11-26 18:30:31 -06:00
Brent Cook e5119e6446 use payload_uri's result to derive lhost / lport 2015-11-26 15:21:51 -06:00
Brent Cook 216119c05c unfold override lhost/lport logic 2015-11-26 15:15:21 -06:00
Spencer McIntyre 1b495e73ac Further reduce python reverse_http duplicate code 2015-11-26 14:31:00 -05:00
Spencer McIntyre bd25ffa48c Consolidate py reverse http uri code into a mixin 2015-11-26 13:32:50 -05:00
Brent Cook f4d35116bd
land #6288, fix regression using non-default port with reverse_http 2015-11-26 11:04:24 -06:00
Jon Cave d9655fc882 Use LPORT if opts[:lport] is undefined
`nil.to_i` returns 0 which will short circuit the || resulting in port 0
being used. nil should be checked for prior to casting to int.
2015-11-26 16:08:22 +00:00
OJ 87507e19a9 Change job view to show bind port if applicable 2015-11-26 16:18:00 +10:00
wchen-r7 776455d10a Add another sound and event
Add sound: "We've got a shell"
Add event on_session_fail
2015-11-25 22:46:51 -06:00
Kyle Gray 8923252de7
Land #6259, NoMethodError in vim_soap.rb fix
We haven't been able to get the XML data that would cause the error, all we have is a backtrace. So "verification" is purely code reading. Thanks @wchen-r7

Fixes #6085

Merge remote-tracking branch 'origin/pr/6259'
2015-11-24 17:33:35 -06:00
Brent Cook 7ad8adf67f
Land #6240, change default SMBDomain to '.' 2015-11-24 12:58:46 -06:00
Louis Sato 5303079ba4
Land #6262, local exploit add not implemented error 2015-11-23 14:23:13 -06:00
Brent Cook 5654b6b2e2 Land #6227, reverse_hop_http updates and HTTPS unification 2015-11-23 06:29:15 -06:00
Brent Cook 25f2241aa3
Land #6246, show the user errors from create_session 2015-11-23 06:01:08 -06:00
HD Moore 353cad2cc6 Update to match active & github account merge 2015-11-22 13:38:26 -06:00
wchen-r7 b636aeb303 rm print_warning 2015-11-20 19:38:33 -06:00
wchen-r7 d405f31c35 Add a NotImplementedError if run is used to run a local exploit
Running a local exploit like a post is not currently supported,
we should at least raise a warning or something, and not just
let it backtrace and confuse the user.
2015-11-19 14:31:31 -06:00
wchen-r7 a78fa7c3d9 Fix #4273, print error in create_session
Fix #4273
2015-11-16 17:17:20 -06:00
David Maloney 708cbe9479
change the default SMBDomain to .
Due to a recent change using WORKGROUP
as the SMBDomain causes Trust errors.
Using '.' instead works fine.
2015-11-16 12:20:27 -06:00
David Maloney a1ab8f1dc7
added Session info display to module output
output from the mssql_local_auth_bypass module
is now prefixed with the Session id and address
of the target host so it is explicitly clear
where it is performing each action

MS-706
2015-11-16 12:13:26 -06:00
scriptjunkie 06a5b5b0bd
Land #6234, Host header transport 2015-11-14 11:35:47 -06:00
sammbertram cd4aa28d11 Transport priority changes
Pass in the "lhost" and "lport" options to the default transport during the native payload. This takes the following LHOST priorities:
1. OverrideLHOST, only if OverrideRequestHost is TRUE
2. The request Host: header.
3. The LHOST datastore.
2015-11-13 13:21:46 +00:00
sammbertram 9d9865150b Transport priority changes
Default transport request should set the priority to the Host: request header, and the subsequent OverrideRequestHost, OverrideLHOST, and OverrideLPORT options in the handler for reverse_http(s).
2015-11-13 13:19:01 +00:00
wchen-r7 0e121df69d Need a default template
The set_template_default actually needs the second argument,
otherwise we hit a RuntimeError.
2015-11-12 15:17:03 -06:00
wchen-r7 aaea730508 Fix #6213 - Method to_linux_x86_elf fails to set set :template
:template by default is just the base name of the file, not the
fullname. Before we use it, we need to normalize it. Methods
in this class rely on set_template_default for normalization (
which can also handle a custom path), so we'll just use that too.

Fix #6213
2015-11-12 15:07:58 -06:00
scriptjunkie 8703987535 Add HTTPS and new transport support for hop 2015-11-11 21:25:23 -06:00
Jon Hart 15eb135295
Resolve merge conflicts 2015-11-09 18:15:40 -08:00
jvazquez-r7 ceaf7440a7 Send full message 2015-11-06 12:15:17 -06:00
jvazquez-r7 19652e79c3 Delete comments 2015-11-06 12:15:07 -06:00
jvazquez-r7 ca1502c00a Fix SMTP send_message to not block 2015-11-06 12:14:59 -06:00
dmohanty-r7 a71d7ae2ae
Land #6089, @jvazquez-r7 Fix HTTP mixins namespaces 2015-11-05 16:56:41 -06:00
James Lee 596b2b025d
Land #6173, improve advanced, info, and options 2015-11-04 13:40:49 -06:00
James Lee 4d8ea7fb5c
Refactor more common stuff out of reverse handlers 2015-11-03 23:21:47 -06:00
Spencer McIntyre 1fbc4da36c Fix tab completion for set StageEncoder 2015-11-03 17:32:41 -05:00
James Lee 7c2f9531d9
Don't stack trace if listener is on a dead session 2015-11-03 08:31:33 -06:00
William Vu 9b5149fc64
Land #6147, report_vuln for CheckCode::Vulnerable 2015-11-02 17:24:06 -06:00
Jon Hart a4c260f7be
Simplify docs 2015-11-02 09:51:40 -08:00
Jon Hart 0dc6f6605b
Remove errant options print 2015-11-02 09:48:48 -08:00
void-in f629f98fdc Resolve 6174, require meterpreter_options 2015-10-31 18:47:22 +05:00
Brent Cook be23da1c1f Merge branch 'upstream-master' into land-6120-python-stageless 2015-10-30 17:26:26 -05:00
Jon Hart c54f034f62
Correct help feature 2015-10-30 12:34:34 -07:00
Jon Hart 377017a2d5 Include module name in advanced options output 2015-10-30 11:54:44 -07:00
Jon Hart 0091a05fa6 Add 'advanced' and 'options' commands to mirror 'info' 2015-10-30 11:54:40 -07:00
Jon Hart 6bfa6095c6 Add 'show info'; just calls 'info' 2015-10-30 11:54:35 -07:00
wchen-r7 977b3449b7 Fix #6085, NoMethodError in vim_soap.rb
Fix #6085
2015-10-30 11:02:02 -05:00
James Lee 344e8a6f90
Refactor common reverse options 2015-10-29 15:15:20 -05:00
James Lee 46159f5dbe
Back out the Comm stuff for HTTP 2015-10-29 14:22:34 -05:00
wchen-r7 4e20b8f369 Fix #5875, Add report_vuln for Msf::Exploit::CheckCode::Vulnerable
Msf::Exploit::CheckCode::Vulnerable requires the module to be
explicit, as in actually triggering the bug and get a vulnerable
response, therefore it should be appropriate to use report_vuln
to report it.

Other vuln check codes (such as Appears, or Detected, etc) will
not call report_vuln, because it's not explicit enough.
2015-10-29 13:22:59 -05:00
Louis Sato 657a5481dc
fix rpc session conditional to allow powershell read/write 2015-10-28 11:49:32 -05:00
bigendian smalls 43dbdcea76
Removed process_autoruns from mainframe_shell
Removed process_autoruns until we can write a fully compatible one or
fully regression test the existing.  Likely the former because of
encoding issues
2015-10-26 14:55:40 -05:00
William Vu bbc1e43149 Remove raise, since it broke things
Need to pass through silently.
2015-10-26 14:45:21 -05:00
William Vu 43eae0b97f Clean up Msf::Sessions::MainframeShell 2015-10-26 12:15:45 -05:00
bigendian smalls d53be873dc Updating master to metasploit/master 2015-10-26 09:24:24 -05:00
James Lee 71b8c97f0e
Always print PAYLOAD and LPORT in 'jobs' 2015-10-24 14:48:03 -05:00
wchen-r7 f2b4737e4a
Land #6127, Fix #3859 Add support for registry_key_exist? 2015-10-23 10:59:57 -05:00
wchen-r7 b76192dbcb
Land #6099, make_nops doesn't take into account all the compatible encoders 2015-10-22 21:26:25 -05:00
jvazquez-r7 d5a010c230
Add support for registry_key_exist? 2015-10-22 16:07:38 -05:00
Spencer McIntyre 8bb694fa5c Add stageless Python Meterpreter for reverse tcp 2015-10-21 18:23:04 -04:00
Brent Cook 4b271425c9 s/datstore/datastore/g 2015-10-20 13:05:49 -05:00
jvazquez-r7 28ca34c40a
Fix conflicts 2015-10-16 15:38:59 -05:00
James Lee d51f0ebd4c
Refactor "via" string into a method 2015-10-16 15:08:00 -05:00
jvazquez-r7 d85412b0fb
Complete fix for generation of nop sleds 2015-10-16 14:01:00 -05:00
jvazquez-r7 b788772215
break only if 'make_nops' is able generate the nop sled 2015-10-16 13:28:37 -05:00
jvazquez-r7 7da3b4958e
Change mixins namespaces 2015-10-15 10:35:07 -05:00
jvazquez-r7 6571a8f2c3
Move http apps mixins to the old convention folder 2015-10-15 10:22:54 -05:00
jvazquez-r7 8057b3edae
Fix specs to pass again 2015-10-15 09:40:39 -05:00
jvazquez-r7 db5d83a40a
Move namespaces 2015-10-15 09:17:06 -05:00
jvazquez-r7 5e39814860
Move to the old convention folder 2015-10-15 09:03:03 -05:00
Brent Cook 1c880b933f
Land #6066, remove empty, duplicate options for EXITFUNC 2015-10-14 10:34:36 -05:00
William Vu 2a2d8d941d
Land #6054, HTTP Host header injection module 2015-10-13 23:37:31 -05:00
William Vu c642057fa0 Clean up module 2015-10-13 12:03:41 -05:00
jvazquez-r7 ed0b9b0721
Land #6072, @hmoore-r7's lands Fix #6050 and moves RMI/JMX mixin namespace 2015-10-10 00:24:12 -05:00
HD Moore a590b80211 Update autoregister_ports, try both addresses for the MBean 2015-10-09 20:20:35 -07:00
HD Moore cd2e9d4232 Move Msf::Java to the normal Msf::Exploit::Remote namespace 2015-10-09 13:24:34 -07:00
jvazquez-r7 5e9faad4dc Revert "Merge branch using Rex sockets as IO"
This reverts commit c48246c91c, reversing
changes made to 3cd9dc4fde.
2015-10-09 14:09:12 -05:00
jvazquez-r7 3aa7b513d5
Delete safe_get_once 2015-10-09 13:34:38 -05:00
William Vu 8670224ea0 Prefer do/end 2015-10-09 11:26:33 -05:00
jvazquez-r7 eabe742b9d
Expose the timeout betweed reads as mixin option 2015-10-09 11:17:44 -05:00
jvazquez-r7 5fab1cc71a
Add loop timeout 2015-10-09 11:05:05 -05:00
James Lee b16c284395
Determine comm from ReverseListenerComm in reverse_http
Also some copypasta from reverse_tcp to display where we started the
listener.
2015-10-09 08:54:01 -05:00
bigendian smalls bef7562823
Fixed Typo 2015-10-09 06:39:02 -05:00
bigendian smalls 6549f48d4e
Added new class MainframeShell for mainframe(z/os)
This class is built upon and overrides certain methods in the generic
CommandShell class.  Primarily it is here to control when and if bytes
sent to/from mainframe (z/os) targets get encoded/decoded from cp1047
(ebcdic<->ascii).  This would be the default shell for upcoming
mainframe based payloads.
2015-10-08 17:11:31 -05:00
wchen-r7 8aed503ad2 Change EXITFUNC acceptable options
This gets rid of the nil option because this is the same as "".
And then we change the empty value to ''.
2015-10-08 16:52:17 -05:00
William Vu 2f50374bf9 Add SRVHOST tab completion
A trivial update to @jlee-r7's code.
2015-10-08 14:01:21 -05:00
James Lee 946401ec99
Move SSL options out to a mixin 2015-10-07 09:59:12 -05:00
James Lee fdbbb5fbf4
Whitespace 2015-10-07 09:56:28 -05:00
James Lee 711ce1e579
Move ReverseTcpComm to a new directory
Reverse::Comm
2015-10-06 14:48:49 -05:00
James Lee 645a59349a
Select comm in ReverseTcpDoubleSsl as well
And don't extend the comm object, that gets handled by the Rex::Socket
system if it's necessary.
2015-10-06 14:33:22 -05:00
James Lee 6b558010f0
Remove redundant methods included with ReverseTcp 2015-10-05 16:48:37 -05:00
OJ 32dbb8c3e0
Land #6051 : check include_send_uuid method support 2015-10-06 07:31:11 +10:00
Brent Cook 2769d66bfc Check if the payload has a include_send_uuid method before calling it
Otherwise we get an undefined method exception and the payload fails to stage.
Fixes #6040
2015-10-05 15:13:11 -05:00
HD Moore 32255a4621 Always show the URI and User-Agent for unknown requests 2015-10-05 11:05:05 -05:00
William Vu 711f11abb8 Clean up some things 2015-10-02 18:35:46 -05:00
Brent Cook dea0142da1 catch network exceptions 2015-10-02 18:26:37 -05:00
jvazquez-r7 c967b60bf8
Land #5948, @bcook-r7's fix shell_to_meterpreter from powershell 2015-10-02 15:59:43 -05:00
jvazquez-r7 953bfe1a81
Delete typo 2015-10-02 15:29:03 -05:00
Brent Cook 2445c1fa32
Land #6012, Use SSLVerifyMode and SSLCipher from the Exploit::Remote::Tcp 2015-10-02 15:27:47 -05:00
Brent Cook 40cb13609a update SSLVersion to support all options for rex TCP sockets, add 'TLS' alias 2015-10-02 15:26:49 -05:00
jvazquez-r7 6468eb51b2
Do changes to have into account powershell sesions are not cmd sessions 2015-10-02 15:26:42 -05:00
Brent Cook 7cd30ef0b8
Land #6031, delete unused -a db_export option 2015-10-01 14:12:34 -05:00
Brent Cook 144bf39038
Land #5998, fixup PrependMigrate for stageless meterpreter 2015-10-01 11:48:33 -05:00
William Vu eb751822d8 Remove dead option in db_export 2015-10-01 10:58:15 -05:00
William Vu 2ab779ad3d
Land #6010, capture_sendto fixes 2015-10-01 10:54:24 -05:00
OJ 22c424a4c6 Fix CreatProcessA stack alignment in prependmigrate x64 2015-10-01 10:24:13 +10:00
OJ b35a0166bf
Merge branch 'upstream/master' into fix-prepend-https 2015-10-01 09:07:28 +10:00
Fernando Arias 393a71cf46 Merge branch 'master' of github.com:rapid7/metasploit-framework into bug/MSP-13119/rework-match-result-creation
Conflicts:
	Gemfile.lock
2015-09-29 15:00:22 -05:00
Brent Cook 54f9a3b25a
Land #6013, add mainframe as a platform and architecture 2015-09-29 13:28:23 -05:00
Brent Cook f3e8b34b4f
Land #6007, restore original behavior when capture_sendto fails
we need this while fixing modules to handle exceptions
2015-09-29 09:55:47 -05:00
jvazquez-r7 9444c8c410
Fix #5988, windows x64 stagers
* Also, use mov esi, esi to save an extra byte
* Also, modify the block_recv.asm code, just to have it up to date
2015-09-28 15:52:50 -05:00
jvazquez-r7 4a9ef30e9e
Use SSLVerifyMode and SSLCipher from the Exploit::Remote::Tcp mixin 2015-09-28 10:31:17 -05:00
bigendian smalls ff87fbc976
Added a mainframe.rb in core/payload
Base module for payloads to be developed on the mainframe / SystemZ
(z/os mvs) architecture
2015-09-28 10:06:09 -05:00
bigendian smalls ecf6867c35
Added mainframe as a payload constant
updated core/payload.rb to include 'mainframe' as a option
2015-09-28 10:04:50 -05:00
bigendian smalls bc718da5d9
Added mainframe as a platform in core
To develop modules, mainframe and zArchitecture needs to be defined in
several places.  This is the official platform.rb definition
2015-09-28 10:03:15 -05:00
Jon Hart 7d9d3864c3
Add docs for capture_sendto 2015-09-27 15:40:32 -07:00
Jon Hart fc9a757194
Fix #6008 for the 6 modules that use scanner_spoof_send 2015-09-27 15:06:29 -07:00
Jon Hart b508625957
When unable to determine destination MAC, vprint and return false
Fixes #6006.

~20 related modules are affected by this defect and by this "fix"
2015-09-26 15:13:26 -07:00
William Vu cb4e609dd5
Land #5997, database cache update fix 2015-09-26 14:10:04 -05:00
Brent Cook 4cbe35e1b2 specifically use shell or powershell 2015-09-23 22:08:32 -05:00
Fernando Arias 52e3405192
Passing report_exploit_success specs
MSP-13119
2015-09-23 11:12:02 -05:00
Fernando Arias dc84b3b1ba
Passing report_exploit_failure specs
MSP-13119
2015-09-23 10:54:13 -05:00
scriptjunkie 30102d4526 No longer needed. 2015-09-22 17:05:30 -05:00
scriptjunkie d90f87449a Fix merge 2015-09-22 16:55:01 -05:00
scriptjunkie 7d2a2a8b64 Fix issues with using hop for new core 2015-09-22 16:54:02 -05:00
Brent Cook 6482083b6b revert WfsDelay short-circuit on exploit failure
Some exploits currently succeed, but can fail during cleanup, leading to a
false-negative. Reverting this so that the affected exploits can be fixed
first.

This reverts commits b0858e9d46 and
b3f754136e.
2015-09-22 14:43:03 -05:00
Brent Cook 66b453edd6 ensure the database cache is always updated, present accurate reporting on search 2015-09-22 12:56:26 -05:00
dmohanty-r7 8b10cbe3fd
Query for vulns without specifying service when service is nil
MSP-13284
2015-09-22 10:50:23 -05:00
OJ 46e00389c4 Adjust payload size for stageless in prepend migrate 2015-09-22 18:07:53 +10:00
Fernando Arias 9230b04674
Update match result creation logic
MSP-13119

* Look up match on match set for the run
* If no match exists in the match set for the vuln, attempt to create a match for the vuln
2015-09-22 00:24:38 -05:00
wchen-r7 98da192c70
Land #5615, Updated YARD Documentation for EXE.rb 2015-09-18 13:36:11 -05:00
wchen-r7 0bf20993ec Fix more doc 2015-09-18 13:35:31 -05:00
Fernando Arias d3a73149a2
Add specs around match result creation in exploit attempt
MSP-13119
2015-09-18 12:04:45 -05:00
David Maloney 6f19e30723 Merge branch 'staging/hd-wfs' into feature/hd-wfsdelay 2015-09-17 13:07:56 -05:00
wchen-r7 c7afe4f663
Land #5930, MS15-078 (atmfd.dll buffer overflow) 2015-09-16 15:33:38 -05:00
Fernando Arias 5cf3ac23e2
Fix no method defined error when run_id is not passed down
* run_id is an optional param so we handle when it isn't set on user data

MSP-13119
2015-09-16 15:32:48 -05:00
HD Moore b0858e9d46 Style tweak re: TheLightCosine's feedback 2015-09-16 08:15:26 -07:00
HD Moore b7572d5494 Handle both serialized & unserialized cases on import 2015-09-16 08:11:15 -07:00
HD Moore ef043cebc3 Always use the stringified host->address during export 2015-09-16 02:59:11 -07:00
Fernando Arias 382e01d680
Add comments and use run scope on match
MSP-13119
2015-09-15 15:09:26 -05:00
Fernando Arias 621af7311c Merge branch 'master' of github.com:rapid7/metasploit-framework into bug/MSP-13119/rework-match-result-creation 2015-09-15 14:35:07 -05:00
Fernando Arias eb479318b1
Use existing run for match result or create a new one if it doesnt exist
MSP-13119
2015-09-15 14:34:44 -05:00
HD Moore b3f754136e Skip WfsDelay when the exploit has clearly failed 2015-09-15 08:04:23 -07:00
Fernando Arias c7f15ca940
Rework how match results get created
MSP-13119

* Create match result when we create vuln attempt
2015-09-14 12:18:47 -05:00
HD Moore 713ded7ca2 Ignore SMB exceptions during fingerprinting
This fixes smb_version in cases where the remote server throws a Login error
for the default creds (null session).
2015-09-14 09:35:44 -07:00
jvazquez-r7 ad0140e0fc
Land #5864, @jlee-r7's fixes x64 injection 2015-09-11 16:09:37 -05:00
William Vu a1a7471154
Land #5949, is_root? for remove_lock_root 2015-09-11 02:09:14 -05:00
wchen-r7 f2ccca97e0 Move require 'msf/core/post/android' to post.rb 2015-09-11 01:56:21 -05:00
jvazquez-r7 53f995b9c3
Do first prototype 2015-09-10 19:35:26 -05:00
Fernando Arias 0bb03db786
Rework vuln lookup logic to account for vuln with no service (nexpose import vuln with -1 port)
MSP-13234
2015-09-09 13:21:05 -05:00
Fernando Arias e88a14aee6
Rework exception handler for exploit simple
MSP-13233
2015-09-09 11:51:18 -05:00
Brent Cook 4aae9b8272 support upgrading a powershell session to meterpreter 2015-09-08 15:37:42 +02:00
jvazquez-r7 eaf51a2113
Land #5722, @vallejocc's busybox work 2015-09-04 13:36:44 -05:00
jvazquez-r7 da221b82a8
Initialize dir 2015-09-04 11:07:49 -05:00
Meatballs a10bf76c29
Merge remote-tracking branch 'upstream/master' into reverse-listener-comm
Conflicts:
	lib/msf/core/handler/reverse_http.rb
2015-09-04 10:36:00 +01:00
James Lee 7665747d1c
Land #5736, certutil cmdstager
Ferreal this time.
2015-09-03 14:21:21 -05:00
James Lee 82b27c9038 Revert "Land #5736, certutil cmdstager"
This reverts commit 93eb42dfa3.

Conflicts:
	spec/lib/rex/exploitation/cmdstager/certutil_spec.rb
2015-09-03 14:18:28 -05:00
James Lee 93eb42dfa3
Land #5736, certutil cmdstager 2015-09-03 13:13:24 -05:00
Brent Cook 70b5336356 Merge branch 'upstream-master' into land-5890-android-post-api 2015-09-03 09:51:35 -05:00
Brent Cook 895b692b0d
Land #5914, prevent loading cached modules outside of the load path 2015-09-03 09:29:13 -05:00
wchen-r7 ccd0a06353 Use === 2015-09-03 01:10:13 -05:00
Brent Cook 1440f31756
Land #5637, resiliency improvements to TCP stagers 2015-09-02 22:50:12 -05:00
OJ 9767de9bd0 Truncate payload size to 32 bits 2015-09-03 11:56:59 +10:00
HD Moore 9f9bbce034
Land #5840, add LLMNR & mDNS modules 2015-09-02 18:30:29 -05:00
HD Moore 0120e5c443 Cosmetic tweaks, don't report duplicate responses 2015-09-02 18:30:03 -05:00
Jon Hart ab91d1cc92
More style cleanup 2015-09-02 14:01:12 -07:00
Jon Hart 4d77e777fa
Remove explicit CLASS options from llmnr mixin
use parent's instead
2015-09-02 13:58:48 -07:00
Jon Hart 27174e2bfd Revert "Bump scanner THREADS to 10 by default"
This reverts commit f537f91943.
2015-09-02 13:55:48 -07:00
Jon Hart 5699908240
Style cleanup 2015-09-02 13:48:01 -07:00
Jon Hart 25a22860b7
Summarize MDNS/LLMNR responses 2015-09-02 13:43:26 -07:00
Jon Hart 55251ffe17
Slightly better output. Unsure if this will work with all response types 2015-09-02 11:21:54 -07:00
Jon Hart 3d04d53e3a
first pass at better output and report_service 2015-09-02 10:31:46 -07:00
HD Moore 1aa7c596ce
Land #5967, add PACKETSTORM reference types. 2015-09-01 23:25:26 -05:00
HD Moore 77f56c563b Land #5867, add PACKETSTORM reference types 2015-09-01 23:25:01 -05:00
HD Moore de8205a42e Fix the defaults for module_info_by_path_from_database! 2015-09-01 17:48:56 -05:00
James Lee 409f2bd016
Agh, didn't mean to enable that
It's never worked
2015-09-01 16:34:28 -05:00
HD Moore 148a5ba78e A better solution for the spec coverage 2015-09-01 13:45:46 -05:00
HD Moore 31087ff33e Refresh after cache rebuild should use the active module paths 2015-09-01 13:39:15 -05:00
HD Moore 5addf899b2 Refactor, same intent as before, just faster and correct. 2015-09-01 13:15:44 -05:00
HD Moore 2b03487e1f Fix the module cache rebuild logic 2015-09-01 12:38:20 -05:00
HD Moore d84caeca72 Ignore cached modules outside of load path, only load cache once on startup 2015-09-01 12:31:05 -05:00
jvazquez-r7 8d0e0b973e
Fix array syntax 2015-08-28 14:12:23 -05:00
jvazquez-r7 06712817cf
Fix specs 2015-08-28 14:06:04 -05:00
jvazquez-r7 9c7f97d124
Fix methods name schema 2015-08-28 13:26:52 -05:00
jvazquez-r7 6a75ad0162
Fix yard documentation 2015-08-28 13:23:30 -05:00
jvazquez-r7 be7db10e7d
Fix busybox_write_file 2015-08-28 13:15:07 -05:00
jvazquez-r7 50f7d99674
Clean get_writable_directory 2015-08-28 13:02:10 -05:00
Jon Hart 3f7c8e03e2
Update workspace command to support deleting all workspaces 2015-08-28 10:23:41 -07:00
jvazquez-r7 c4a3b4f18e
Add busy_box_file_exist? 2015-08-28 11:56:12 -05:00
jvazquez-r7 8faf6f9cd0
Fix require 2015-08-28 11:51:26 -05:00
jvazquez-r7 9db65ea8e5
Change module filename 2015-08-28 11:48:55 -05:00
jvazquez-r7 0a95a1543f
Add spaces 2015-08-28 11:47:50 -05:00
HD Moore a2d5511e39
Land #5379, new post modules to load into powershell sessions 2015-08-26 17:11:40 -05:00
HD Moore b14889ad5c Small typo fix 2015-08-26 17:09:33 -05:00
wchen-r7 3f994e964d Change method name and update rspec 2015-08-25 23:23:26 -05:00
Mo Sadek 7ff828d000
Land #5573, console and session log timestamps 2015-08-25 15:35:25 -05:00
wchen-r7 3412f31f85 Add Android POST API 2015-08-24 18:37:25 -05:00
James Lee ec7a07e0bb
Move DLL prefix calculation to its own method 2015-08-24 14:05:24 -05:00
James Lee 3c90ae1ebd
Use mov instead of lea for 64-bit absolute addrs 2015-08-24 13:51:54 -05:00
Fernando Arias ed1065b297
Create MatchResult with status Failure on session failure
MSP-13104
2015-08-24 12:56:32 -05:00
jvicente b37efd29b0 Modified module busybox_pingnet.rb to avoid sending an ash script but executing each ping command separately. Added some fixes. Modified spec file for busybox.rb. 2015-08-23 12:17:17 +02:00
wchen-r7 b99f5bc672
Land #5874, Consistency and API conformance changes to LES 2015-08-22 21:57:24 -05:00
jvazquez-r7 83ca4e984f
Land #5772, @wchen-r7's fixes #5753, support Origin for the creds command 2015-08-21 16:07:45 -05:00
wchen-r7 717b1bdd6a Fix bugs: Empty -O, empty origins 2015-08-21 15:46:18 -05:00
HD Moore d264802ce0 Consistency and API conformance changes to LES 2015-08-21 12:38:58 -05:00
Jon Hart 0bb9324c8d
Pass HTTP::version_random_valid and HTTP::version_random_invalid
Fixes #5871
2015-08-20 10:05:42 -07:00
Roberto Soares 870e9f448e Added PacketStorm (PKT) in References Display 2015-08-20 00:36:27 -03:00
James Lee 21c349494f
Fix default buffer_register for x64 2015-08-19 19:01:35 -05:00
James Lee d71467f9e7
Allow x64 registers for buffer_register 2015-08-19 17:06:29 -05:00
James Lee bf39f53066
Add proper CreateThread stub for x64 2015-08-19 16:16:58 -05:00
Dev Mohanty 68a802b980 Merge pull request #5834 from gmikeska-r7/bug/MSP-13064/SVV-validations-not-created
Bug/msp 13064/svv validations not created
2015-08-19 12:47:59 -05:00
Brent Cook f1ec92aba0
Land #5749, http large file download fixes 2015-08-18 15:57:31 -05:00
jvicente 56db3f2f87 Added YARD comments for busybox mixin. 2015-08-18 21:15:02 +02:00
Brent Cook 98f6c7f01f
Land #5857, use correct deserialization for hosts data 2015-08-17 17:33:07 -05:00
William Vu 0bb01c8b6b Fix nil bug with an empty database.yml
Use an empty hash instead of false.
2015-08-17 14:45:11 -05:00
jvazquez-r7 0aa958dac0
Allow unserialization on hosts v5 2015-08-17 13:47:52 -05:00
jvicente a9ad7b7c6f Modifications to use cmd_exec instead of session.shell_write.
Refactoring of common functions to a new Post mixin /lib/msf/core/post/linux/busybox.rb.
2015-08-17 18:24:22 +02:00
Brent Cook bf631869a7
Land #5835, allow overriding stage2 lhost and lport values 2015-08-16 11:22:13 -05:00
Brent Cook 92958bdf8b prefer && to 'and' for consistent order-of-operations 2015-08-16 11:21:22 -05:00
Brent Cook ad149a1aec
Land #5819, update stage_payload call arguments 2015-08-16 11:17:28 -05:00
Brent Cook 5dd015150c
Land #5748, refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter 2015-08-16 10:58:17 -05:00
Brent Cook 875ac289e0 wait up to time_out seconds for output from the command 2015-08-15 19:44:48 -05:00
Brent Cook 470779aae7 some doc fixes 2015-08-14 16:36:41 -05:00
jvazquez-r7 f25a5da46f
Do Minor fixes 2015-08-14 12:37:49 -05:00
Brent Cook 6b1e911041 Instantiate payload modules so parameter validation occurs
Calling .new on payload modules does not perform parameter validation, leading
to a number cached sizes based on invalid parameters. Most notably,
normalization does not occur either, which makes all OptBool params default to
true.
2015-08-14 11:35:39 -05:00
Jon Hart c257f8945b
Don't use now-removed files 2015-08-13 11:51:39 -07:00
Jon Hart 92d0e212d9
Update Auxiliary::UDPScanner to collect all responses by default 2015-08-13 11:30:20 -07:00
Jon Hart 61e23ad23e
Switch back to ::Net::DNS::Packet.new 2015-08-13 11:29:56 -07:00
Jon Hart 3a7cea51b4
Merge master and fix Net::DNS::RR merge conflicts 2015-08-13 08:53:25 -07:00
HD Moore 6e75db090f Fix comment 2015-08-12 21:11:48 -05:00
HD Moore e9203060b0 Allow the hostname and port to be overridden, necessary for complex NAT setups 2015-08-12 16:20:14 -05:00
Greg Mikeska 790356bac8
add infer_vuln_from_session to other valid case
MSP-13065
2015-08-12 15:45:37 -05:00
Greg Mikeska 01b3ae2dd8 Revert "added infer_vuln_from_session to other valid case"
This reverts commit 53e747ce2e.
2015-08-12 15:43:16 -05:00
Greg Mikeska 53e747ce2e
added infer_vuln_from_session to other valid case
MSP-13064
2015-08-12 15:35:03 -05:00
Mo Sadek 802e35ff67 YARD Documentation for EXE.rb 2015-08-11 11:48:35 -05:00
OJ e141d1451c Fix calls to stage_payload 2015-08-10 09:33:38 +10:00
Meatballs ef33f36bda
Remove untrusted il 2015-08-01 23:20:00 +01:00
Meatballs 2d9bc64457
Fix WMIC Post Library for SYSTEM
SYSTEM doesn't have a proper clipboard?
2015-08-01 23:11:09 +01:00
Meatballs 5bcb63476d
Add high integrity level check 2015-08-01 23:10:51 +01:00
William Vu fcb7981199 Add BIND TKEY DoS 2015-08-01 06:01:35 -05:00
wchen-r7 629afd86fc
Land #5788, local exploit suggestor
Good luck getting Mr. Robot, Elliot.
2015-07-31 11:43:53 -05:00
jvazquez-r7 a112ccd023
Lnad #5660, @wchen-r7's warbird check
* Fixes #4380
2015-07-31 10:25:43 -05:00
wchen-r7 08338b73b2 Add get_target_arch and get_target_os
We cannot use session.platform to fingerprint the target's platform
and arch, because it's not really meant to be used that way.
2015-07-30 18:26:41 -05:00
William Vu 61b2ca6675
Land #5781, Msf::Format::Webarchive rename 2015-07-29 13:38:42 -05:00
William Vu 5ff46a5dbd Fix indentation 2015-07-29 11:45:49 -05:00
HD Moore bf96b34108 Tweak module->class 2015-07-28 04:13:35 -07:00
HD Moore 7681d73e01 Relocate Webarchive into the Exploit namespace, fixes #5717 2015-07-28 04:11:17 -07:00
wchen-r7 768de00214 Automatically pass arch & platform from cmdstager
This allows the cmdstager mixin to automatically pass the arch
and platform information without changing the modules. This should
address the following tickets:

Fix #5727
Fix #5718
Fix #5761
2015-07-27 14:17:21 -05:00
Brent Cook eb70ecb448
Land #5752, synchronize calls to payload.stop_handler 2015-07-24 17:49:54 -05:00
Brent Cook 347f48b0ec
Land #5762, adjust PHP stager to work in and outside of eval() 2015-07-24 17:43:26 -05:00
Brent Cook c30127cfe8
Land #5729, add user-agent list, MeterpreterUserAgent derives from this
Later PRs will convert modules to use this. A random user agent might be nice
for meterpreter actually.
2015-07-24 17:39:30 -05:00
jvazquez-r7 18636e3b9b
Land #5739, @wchen-r7 fixes #5738 updating L/URI HOST/PORT options 2015-07-24 15:45:31 -05:00
wchen-r7 75d59be87d Resolve #5753, Support Origin for the creds command
Resolve #5753. Add an Origin column and allow the user to search
by origin.
2015-07-24 14:04:23 -05:00
William Vu 1f95491b45 Drop bang method and tweak formatting 2015-07-24 10:35:47 -05:00
wchen-r7 6720a57659 Fix #5761, pass the correct arch and platform for exe generation
Fix #5761
2015-07-23 01:34:44 -05:00
OJ 0929d7695a Fix PHP stagers 2015-07-23 14:50:04 +10:00
William Vu fe67be0ece
Land #5734, notes -o 2015-07-22 13:52:40 -05:00
OJ 121fe1adda
Land #5654 : Python Meterpreter Transport 2015-07-22 10:39:06 +10:00
jvazquez-r7 a59fa059dc
Fix #5675 Synchronize access to stop_handler 2015-07-20 16:09:13 -05:00
jvazquez-r7 035c0a8a38
Fix #5078 by improving actual_timeout calculation 2015-07-20 11:27:48 -05:00
jvazquez-r7 1a9664fcba
Delete default option 2015-07-20 09:54:51 -05:00
wchen-r7 da445a52aa Update URIHOST and URIPORT 2015-07-16 14:27:46 -05:00
wchen-r7 1fdbcc71c1 Support URIHOST and URIPORT for exploit URI generation 2015-07-16 14:10:49 -05:00
xistence 7f05403ae0 Added certutil cmdstager 2015-07-16 13:20:05 +07:00
wchen-r7 73fd4bd853 Allow the notes command to save notes as a file
The -o option can save notes as a file.
2015-07-16 00:28:15 -05:00
wchen-r7 18ca617c23
Land #5649, Fix undefined sysinfo method error in meterpreter.rb 2015-07-15 23:27:02 -05:00
jvazquez-r7 886ca47dfb
Land #5650, @wchen-r7's browser autopwn 2 2015-07-15 10:21:44 -05:00
OJ b6e25506d0 Add a common user agent list, use the shortest for Meterpreter 2015-07-15 13:03:47 +10:00
wchen-r7 4f8f640189 Rename autopwnv2 to just autopwn2 2015-07-14 17:38:51 -05:00
jvazquez-r7 709676e6cc
Make exploits quiet 2015-07-14 17:00:44 -05:00
wchen-r7 219d0032fa Do print_good to make this important stand up more 2015-07-14 15:36:35 -05:00
wchen-r7 1992a5648d Make up our damn mind 2015-07-14 15:09:23 -05:00
wchen-r7 d64f4be691 Check if URIPORT is 0 2015-07-14 14:45:10 -05:00
wchen-r7 5e63b5f93e Can't use cli 2015-07-14 14:37:45 -05:00
wchen-r7 cf714fe4aa Change port logic too 2015-07-14 14:19:00 -05:00
wchen-r7 61d49f29e8 Check nil for SRVHOST option 2015-07-14 14:16:49 -05:00
wchen-r7 8efb4df8af Change the HOST IP logic again 2015-07-14 14:15:32 -05:00
wchen-r7 9980e8f285 Change SRVHOST vs URIHOST vs Rex again 2015-07-14 14:06:33 -05:00
wchen-r7 f76fe07872 Fix SRVHOST 2015-07-14 13:49:28 -05:00
William Vu 9be030bbff Fix nil in executable generation 2015-07-14 18:47:33 +00:00
wchen-r7 9dddb13d0b Slow down on killing exploits
Jobs aren't thread safe, so we kind of have to take it easy.
2015-07-14 13:10:57 -05:00
wchen-r7 2264efac15 Reduce output 2015-07-14 12:22:38 -05:00
HD Moore 100d3c8d46 A number of small fixes for BAPv2
* Use module.register_parent() to pass WORKSPACE and other fields
* Prevent partial resource matching in URIs
* Make disclosure_date sorting resilient
2015-07-14 11:40:28 -05:00
Samuel Huckins 60444c208b
Land #5658, MSF version includes git hash now 2015-07-14 09:21:25 -05:00
wchen-r7 0582e7e3ca Return nil instead of "null"
A scenario is when FF disables Flash, BES returns "null", and when
modules try to use Gem::Version, the "null" is considered a malformed
data and it won't be able to continue.
2015-07-14 01:25:41 -05:00
wchen-r7 8384be6466 Fix rand_text_alpha and bump max exploit count to 21 2015-07-14 01:02:01 -05:00
wchen-r7 d6565a9aee Merge branch 'bes_flash' into bapv2_flash_test 2015-07-14 00:34:54 -05:00
jvazquez-r7 8fb6bedd94
Delete as3 detecotr 2015-07-13 18:23:39 -05:00
jvazquez-r7 8928c5529c
Fix Javascript code 2015-07-13 17:43:04 -05:00
jvazquez-r7 244d9bae64
Add max timeout 2015-07-13 16:52:25 -05:00
jvazquez-r7 9116460cb0
Add prototype with AS3 2015-07-13 16:33:55 -05:00
Brent Cook 07d05828d0
Land #5688, remove msfcli 2015-07-13 15:27:38 -05:00
William Vu 93f154b395
Land #5695, SMTPDeliver STARTTLS unspecific SSL 2015-07-13 18:54:41 +00:00
William Vu 0a5119a4ac
Land #5702, vprint_* optional parameter 2015-07-13 18:47:22 +00:00
wchen-r7 884b779b36
Land #5593, CVE-2015-1155 Safari file:// Redirection Sandbox Escape 2015-07-13 11:28:39 -05:00
wchen-r7 e638d85f30
Merge branch 'upstream-master' into bapv2 2015-07-12 02:01:09 -05:00
wchen-r7 8d40d30d47 Comemnt 2015-07-11 23:24:01 -05:00
wchen-r7 88357857a0 These datastore options don't need to set anymore 2015-07-11 23:22:05 -05:00
g0tmi1k a4dc409c12 Add empty default vprint value 2015-07-11 19:38:27 +01:00
Brent Cook 8349a274ea use and include git hash of Framework as part of the version
Because we do not always update the version number, multiple releases have
shown version string, which is not useful for helping debug issues, or for
knowing what features are enabled.

This adds the git hash or reads from a file a copy of the git hash (useful for
doing packaged builds without git) so that it is clear the origin of a
particular metasploit-framework version.
2015-07-10 18:03:37 -05:00
wchen-r7 89aa00cfc4 Check job workspace 2015-07-10 13:09:42 -05:00
wchen-r7 086de2c030 Pass more options 2015-07-10 12:39:43 -05:00
wchen-r7 513dcf3574 We don't need these methods anymore 2015-07-10 12:12:53 -05:00
Brent Cook 493971245a switch nsock locally to TLS - don't assume self.sock is set 2015-07-10 12:10:53 -05:00
Brent Cook 3495d317b5 Do not lock SMTP STARTTLS to only use SSLv3
SSLv3 has been deprecated for some time, and is being actively disabled more
and more (http://disablessl3.com, https://tools.ietf.org/html/rfc7568).

To maintain forward compatibility, do not specify a maximum version
and insteady use the default from the local OpenSSL library instead. Fallbacks
to older versions will happen on handshake as needed.
2015-07-10 11:17:31 -05:00
OJ 51f59b3c8c Re-add URI generation to reverse_http 2015-07-10 16:21:55 +10:00
wchen-r7 f59c99e2ff Remove msfcli, please use msfconsole -x instead
msfcli is no longer supported, please use msfconsole.

Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
wchen-r7 21e44f235e Example of doing Flash detection with Flash 2015-07-08 13:18:57 -05:00
Brent Cook 0b59e63084 keep advanced options on the fat side of the conditional 2015-07-07 22:44:34 -05:00
Brent Cook 23abc288c8 Resolved conflicts with master 2015-07-07 22:34:30 -05:00
wchen-r7 fdb715c9dd
Merge branch 'upstream-master' into bapv2 2015-07-07 13:45:39 -05:00
wchen-r7 dc0ce88279 We're note actually using Mubex, it might be causing a crash too
A problem we are seeing is that sometimes when BAP terminates
(ie: jobs -K), we hit a deadlock while jobs are trying to cleanup,
and sometimes that might cause msfconsole to crash and terminate.
We suspect this Mubex is a contributing factor but it has been hard
to prove because it's very hard to reproduce the crash.
2015-07-07 00:32:20 -05:00
wchen-r7 4a70e23f9a Add ExploitReloadTimeout datastore option
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
HD Moore 0a4c6fb92f Merge branch 'master' of github.com:rapid7/metasploit-framework 2015-07-06 14:24:52 -05:00
HD Moore c68064ba36
Lands #5671, re-integrates SMB fdleak/timeout settings 2015-07-06 14:23:59 -05:00
Mo Sadek 366d42a0d8
Land #5609, Fuzzer.rb and file_info.rb YARD doc update 2015-07-06 14:12:55 -05:00
Mo Sadek 25bdf7a50a
Land #5427, check payload compatability for set payload fix 2015-07-06 12:56:21 -05:00
jvazquez-r7 3595a23673 Restore #3738 2015-07-06 11:22:22 -05:00
Spencer McIntyre 2a89e248d7 Pymet fix send uuid logic for Python 3.x 2015-07-06 11:20:34 -04:00
HD Moore 3150549634 Experimental output show/hide for BAPv2 2015-07-05 19:07:10 -05:00
HD Moore d2063c92e1 Refactor datastore names to match standards 2015-07-05 18:21:45 -05:00
joev 60a896f58b Adjust extension timeout. 2015-07-05 16:48:25 -05:00
joev b577f79845 Fix some bugs in the safari file navigation module. 2015-07-05 16:46:18 -05:00
OJ aaaf6807ed Minor indentation/space fixes 2015-07-05 09:18:27 +10:00
HD Moore 3c7298ba80 Fix additional copy-pasta cases of #5662 2015-07-04 12:38:04 -05:00
HD Moore fb2da00bfd Fix #5662 by not generating a small uri by default 2015-07-04 09:27:18 -07:00
Spencer McIntyre 29d45e3b18 Pymet patch in timeout info on generate_stage 2015-07-03 14:12:29 -04:00
wchen-r7 2b0f6e723d Explain the byte sequence 2015-07-03 11:12:59 -05:00
wchen-r7 5c582b76ca Resolves #4380, check for warbird template
Resolves #4380. Adds a check for warbird (license verification)
windows template. For reference please see:
http://thisissecurity.net/2014/10/15/warbird-operation/
2015-07-03 02:38:52 -05:00
Joshua Smith 5be94c12b6
Land #5602, adds irb -e to core 2015-07-02 16:21:20 -05:00
Joshua Smith 434cffa258 clean up so idiomatic ruby details 2015-07-02 16:16:57 -05:00
HD Moore 7858d63036 Typo 2015-07-02 15:34:44 -05:00
HD Moore 43d47ad83e Port BAPv2 to Auxiliary 2015-07-02 15:29:24 -05:00
HD Moore 6e31b9ef53 Initialize and rename the BES mutex 2015-07-02 15:11:03 -05:00
HD Moore c5c7de0091 Rework browser profiles, get back to functional mode 2015-07-02 14:58:43 -05:00
HD Moore c0969d4497 Fix module.uuid references 2015-07-02 13:45:38 -05:00
HD Moore 0e7f610836 Finish browser profile rework in BES 2015-07-02 12:58:21 -05:00
HD Moore b9a8308138 Replace BAP profiles with a framework-instance hash 2015-07-02 12:53:24 -05:00
HD Moore 87e6325737 Revert BAPv2 changes to framework/libraries/handlers 2015-07-02 12:10:21 -05:00
Spencer McIntyre 0af397217c Merge pymet transport feature into fresh branch 2015-07-02 08:43:13 -04:00
root c4875a8821 Change sysinfo to sys.config.sysinfo 2015-07-02 11:38:37 +05:00
wchen-r7 8051a99f4a
Merge branch 'upstream-master' into bapv2 2015-07-01 18:45:42 -05:00
OJ a5ad56754f Use full namespace for PACKET_TYPE_RESPONSE 2015-07-02 08:03:39 +10:00
HD Moore e7271e3c04 Call the Meterpreter methods directly vs pollute the namespace 2015-07-01 16:04:54 -05:00
William Vu 399b3d2810
Land #5629, moar cmd_exec refactoring 2015-07-01 00:36:19 -05:00
Brent Cook e99d63687f
Land #5608, android and java meterpreter transport and sleep support
This also includes stageless Windows meterpreter fixes for process migration.
2015-07-01 00:23:36 -05:00
OJ a2721323be Handle failure better for first recv 2015-07-01 14:02:40 +10:00
OJ 9c2cd34e92 Fix payload required space, remove WOW64 code from x64 2015-07-01 13:39:05 +10:00
OJ a44c31052b reverse_tcp x64 stager reliability fixes
Also includes a slight tweak to x86
2015-07-01 12:43:41 +10:00
OJ cf8bbbfa3d reverse_tcp 32 bit stager resiliency 2015-07-01 11:03:08 +10:00
wchen-r7 7aeb9e555b Change ranking and support CAMPAIGN_ID 2015-06-29 12:13:46 -05:00
jvazquez-r7 02cd2a9cd9
Fix #3951 Update Windows::Registry to use cmd_exec 2015-06-29 12:07:37 -05:00
William Vu 1bfa84b37b
Land #5628, sessions -d removal 2015-06-29 11:45:27 -05:00
jvazquez-r7 834c0e594a
Update multi modules 2015-06-29 11:36:28 -05:00
Mo Sadek dde853b0a0 Fixed "linee" to "line" 2015-06-29 11:27:50 -05:00
Mo Sadek e5836fbdac Removed session -d from core.rb
Ticket #4423
2015-06-29 10:57:50 -05:00
wchen-r7 7742d85f2f I guess that's fine 2015-06-27 20:58:19 -05:00
wchen-r7 6136269ace No can't do this 2015-06-27 13:53:29 -05:00
wchen-r7 5c039ccfd7 Even faster 2015-06-27 13:51:21 -05:00
wchen-r7 9bd920b169
Merge branch 'upstream-master' into bapv2 2015-06-27 12:19:55 -05:00
wchen-r7 88e58cbdc5 Better performance 2015-06-27 12:19:07 -05:00
OJ 007da4af41 Force :init_connect for stageless 2015-06-27 18:21:15 +10:00
Spencer McIntyre 79185e91c6 Refactor the pymet to use transport objects 2015-06-26 14:56:31 -04:00
wchen-r7 b46e1be22f
Land #5371, Add file checking to the on_new_session cleanup 2015-06-26 13:33:57 -05:00
wchen-r7 0c608e2a4c Change doc for boolean args 2015-06-26 12:01:53 -05:00
wchen-r7 1d9caeffc0 Update documentation for fuzzer.rb and file_info.rb
See #5599
2015-06-26 11:22:30 -05:00
OJ f6ae1f4223
Merge branch 'upstream/master' into android-java-transport-refactor 2015-06-26 14:12:56 +10:00
OJ a773979992 Java config wiring, tweak to include block counts
This commit adjusts the way that the config block is set for java and
android because behind the scenes the stageless connect-backs need to
know what to discard. as a result of connecting back to staged listeners
we need to be able to discard a number of bytes/blocks before we can
continue process (at least in the case of TCP).
2015-06-26 13:59:09 +10:00
Tod Beardsley 15f9fc5d8f
Land #5599, YARD for fuzzer.rb 2015-06-25 14:37:55 -05:00
Mo Sadek 31c35715fc YARD Documentation for file_info.rb 2015-06-25 11:08:35 -05:00
OJ 98156ec944 Add user agent to the transport config
Why this was missing I will never know :)
2015-06-25 14:51:06 +10:00
Spencer McIntyre f6f21724a3 Support expressions for the irb command 2015-06-24 20:52:17 -04:00
OJ d9b6e46685 Merge branch 'upstream/master' into android-java-transport-refactor 2015-06-25 09:50:42 +10:00
HD Moore 2807fb4f93 Bump the default timeout to 30 seconds based on feedback 2015-06-24 16:15:01 -05:00
HD Moore 4d58e49cdc
Land #5600, update session info after migrate 2015-06-24 15:16:58 -05:00
Meatballs 151fa2f676
Update user info on migrate 2015-06-24 20:50:29 +01:00
Meatballs e2f0dcb078
Raise an exception on invalid comms 2015-06-24 20:38:28 +01:00
Mo Sadek e0c52730a0 YARD Documentation for Fuzzer.rb 2015-06-24 13:38:11 -05:00
Samuel Huckins ea4d13586c Merge pull request #5587 from trevrosen/bug/MSP-12834/crawler-choke-on-save
MSP-12834 #land
2015-06-24 09:43:51 -05:00
OJ a8c20496be Remove unused code from the java http stager 2015-06-24 22:37:40 +10:00
joev c305348a3b Fix the mixin to work in the exploit again. 2015-06-24 02:19:09 -05:00
joev 8b6fba4988 Tweak and fix some things in Safari file URL module. 2015-06-24 02:08:06 -05:00
OJ e796e56c6c Modify the staging process 2015-06-24 13:22:33 +10:00
Tod Beardsley 18a9585f7a
Add safari module for CVE-2015-1155 2015-06-23 16:15:50 -05:00
William Vu dffc516d6d
Land #5583, Android Meterpreter commands fix 2015-06-23 14:39:37 -05:00
Trevor Rosen 4e3a2b2b35
Upstream merge 2015-06-23 14:11:28 -05:00
Brent Cook e75287875b hack android-specific commands back to life 2015-06-22 20:41:58 -05:00
Brent Cook e696d2f3dc Merge branch 'master' into land-5348-ntds 2015-06-22 17:18:13 -05:00
Trevor Rosen d53067b0b7
Fix ctype handling for body-less pages
#5515
2015-06-22 14:17:29 -05:00
Meatballs 64449d5035
Timestamp session output 2015-06-19 21:50:42 +01:00
Brent Cook 252b573ea8
Land #5547, configurable auto session timeout 2015-06-19 15:35:33 -05:00
Meatballs a5469fd906
Remove redundant methods 2015-06-19 21:28:47 +01:00
wchen-r7 ef57afbfcf Explain about performance problems 2015-06-19 13:35:14 -05:00
wchen-r7 9da99a8265
Merge branch 'upstream-master' into bapv2 2015-06-19 11:36:27 -05:00
g0tmi1k ce9481d2b7 Inconstancy - If datastore['VERBOSE'] vs vprint 2015-06-18 09:27:01 +01:00
wchen-r7 e549580ad2 Linux doesn't like the uppercase 2015-06-18 00:40:47 -05:00
wchen-r7 5fa864b097 done with rspec 2015-06-17 16:23:39 -05:00
William Vu dc07938668
Land #5550, custom exe_filename for to_exe_vba 2015-06-16 19:10:49 -05:00
g0tmi1k 37546c7e18 to_exe_vbs - Allow for exe_filename to be defined 2015-06-17 01:13:33 +01:00
g0tmi1k b40e9f6d46 util/exe - replace tabs with spaces
...formatting should be okay still
2015-06-17 01:10:18 +01:00
g0tmi1k 3410782fe9 Capitalized 'Accepted' 2015-06-16 19:42:32 +01:00
OJ 9dbdaf13ea Add AutoVerifySessionTimeout Meterpreter advanced option 2015-06-17 00:20:59 +10:00
William Vu 8d640a0c8f
Land #5527, multi/handler -> exploit/multi/handler 2015-06-15 10:23:26 -05:00
benpturner b3754d750f Compression on a pre-script does not work in this context. Removed the elsif part of this code 2015-06-14 22:46:42 +01:00
RageLtMan d9c046449d Fix comparison of string to Fixnum 2015-06-14 16:55:46 -04:00
RageLtMan 6d5e0b93d3 Use random id generator appropriately
Powershell::Script includes a random generator (@rig) which can
produce non repeating randomized identifiers to be used as var
names within the PSH code.

Unwrap script handling in powershell env stager to instantate a
method-local Powershell::Script object and access its :rig to
generate identifiers.
2015-06-14 14:53:51 -04:00
HD Moore ab6f3a7373 Fix #5531, the ```stage_payload``` method does not take arguments. 2015-06-13 18:26:56 -05:00
g0tmi1k 6dcc9b7dab More inconsistencies 2015-06-12 21:59:15 +01:00
wchen-r7 6eb25743e3
Merge branch 'upstream-master' into bapv2 2015-06-09 10:10:00 -05:00
wchen-r7 07d1282afb Correct file naming for better Ruby coding style 2015-06-08 12:17:49 -05:00
David Maloney 2a474c8375
Merge branch 'master' into feature/MSP-12358/ntds-dump-module 2015-06-08 11:42:03 -05:00
wchen-r7 5a6a16c4ec Resolve #4326, remove msfpayload & msfencode. Use msfvenom instead!
msfpayload and msfencode are no longer in metasploit. Please use
msfvenom instead.

Resolves #4326
2015-06-08 11:30:04 -05:00
HD Moore 1f11cd5470
Lands #5446, support for 64-bit native powershell payloads 2015-06-07 14:16:19 -05:00
benpturner 20b605e7cb Remove duplicate exec 2015-06-07 18:11:11 +01:00
RageLtMan a46510465d Fix older Windows payloads to not require UUID
Default Windows payload to not include_send_uuid for compatibility.
2015-06-07 02:58:31 -04:00
HD Moore bd36908383 Fix #5500 by checking for session.respond_to?(:response_timeout) 2015-06-06 17:07:03 -05:00
William Vu d4ddc53856
Fix #5499, small fix for line clearing 2015-06-06 15:58:45 -05:00
William Vu f761d411c4 Adjust line clearing to cover only the text 2015-06-06 15:58:23 -05:00
William Vu 89e7dc6cf2
Land #5499, polish dem spinners 2015-06-06 15:21:09 -05:00
HD Moore 2942cb165f
Land #5415, changes spaces in PSH shell output 2015-06-06 14:55:33 -05:00
HD Moore fe09d9888e Small rework of the spinners, clear the line when done 2015-06-06 14:30:42 -05:00
wchen-r7 4b6dcbb9d9 remove junk method 2015-06-05 22:03:56 -05:00
wchen-r7 7ca15f1ae1 Update select_payload doc 2015-06-05 21:06:20 -05:00
wchen-r7 4e058c942e Fix typo 2015-06-05 21:04:22 -05:00
wchen-r7 a7fa434e89 If exploit list is empty, have the option to return content 2015-06-05 21:03:24 -05:00
wchen-r7 fb8abe54fc This will continue loading the rest of the exploits 2015-06-05 17:52:40 -05:00
wchen-r7 188b15b17f Fix the symbol vs string prob 2015-06-05 16:18:56 -05:00
Brent Cook bb9439e463
land #5487, refactor and fix save function for db_nmap 2015-06-05 12:31:23 -05:00
wchen-r7 e1c30e973d Fix SRVHOST 2015-06-05 12:14:43 -05:00
wchen-r7 f8c5e5a70a Don't show "Server stopped" 2015-06-05 11:16:43 -05:00
wchen-r7 ecdeeea5c6 Make sure super is called 2015-06-05 11:11:40 -05:00
wchen-r7 be60f964c6 Call super for cleanup 2015-06-05 10:50:52 -05:00
wchen-r7 69968fc9f1 Merge branch 'upstream-master' into bapv2 2015-06-04 23:36:24 -05:00
wchen-r7 910ae8a480 Fix #5461, actually stop a job from the RPC service
Fix #5461. The RPC service is incorrectly using the wrong method to
stop a job, this patch should fix that.
2015-06-04 23:09:55 -05:00
William Vu a53a68cfc2 Refactor db_nmap and fix the save option 2015-06-04 18:40:19 -05:00
wchen-r7 7de78c1d69
Land #5447, more info about using the deprecated report_auth_info 2015-06-04 12:37:22 -05:00
wchen-r7 be709ba370
Merge branch 'upstream-master' into bapv2 2015-06-04 10:33:07 -05:00
jvazquez-r7 d22dda2bab
Provide more context and references 2015-06-01 10:33:40 -05:00
benpturner 9d1a7cead4 New modules to support 64bit process powershell. 2015-06-01 16:11:23 +01:00
Brent Cook 64e86165ef remove android meterpreter bins, update to payloads 1.0.2
This switches us to using the Android payload files from the
metasploit-payloads gem
2015-06-01 09:14:31 -05:00
Brent Cook 70ef1b83f9 Merge branch 'master' into land-5366-android 2015-06-01 09:07:55 -05:00
wchen-r7 5c890004b8 Do stop_service in cleanup 2015-05-29 18:32:57 -05:00
wchen-r7 28d35a5bf4 Update doc 2015-05-29 18:03:56 -05:00
wchen-r7 58c5767330 Don't need stderr.puts 2015-05-29 17:41:29 -05:00
wchen-r7 0384b115e9 Fix reload bug 2015-05-29 17:41:02 -05:00
OJ 3dd3ef5edb
Merge branch 'upstrea/master' into winhttp-ie-proxy 2015-05-30 08:03:43 +10:00
jvazquez-r7 af326a4f88
Use compatible_payloads instead of copy and paste 2015-05-29 16:55:19 -05:00
Brent Cook 6d488c63d4 php UUIDOptions->UUID::Options 2015-05-29 16:33:03 -05:00
Brent Cook b8a8e65c2c Merge branch 'master' into land-5394-uuid-tracker 2015-05-29 16:22:45 -05:00
Brent Cook 7b0006a1b2 Merge branch 'master' into land-5394-uuid-tracker 2015-05-29 15:41:31 -05:00
wchen-r7 defda01d87 Some doc 2015-05-29 15:09:29 -05:00
wchen-r7 b33ace2f44 Put is_payload_compatible? in exploit.rb 2015-05-29 15:07:59 -05:00
wchen-r7 13779adab4
Merge branch 'upstream-master' into bapv2 2015-05-29 14:59:04 -05:00
wchen-r7 6be363d82a
Merge branch 'upstream-master' into bapv2 2015-05-29 14:58:38 -05:00
Brent Cook 340792aae4 don't jump past the uuid sender on win32/tcp connect 2015-05-29 14:34:27 -05:00
wchen-r7 dab9a66ea3 Use current ruby hash syntax 2015-05-29 13:43:20 -05:00
Brent Cook 7d5af66fa0 Merge branch 'master' into land-5367-uuid-stagers 2015-05-29 13:00:35 -05:00
Brent Cook 8f747d2541
Land #5382, add meterpreter session reconnect RPC call 2015-05-29 12:53:15 -05:00
RageLtMan f575b31d58 Remove double assignment typo 2015-05-29 05:05:35 -04:00
RageLtMan 1a08da09cb Fix compression check logic
Initial check logic would compress any script, even those which
would not need it since an uncompressed script fitting the buffer
would likely fit compressed (unless its uncompressable and the
decoder stub overflows). Ensure that compression occurs only when
a compressed script would fit while the uncompressed one does not.
2015-05-29 04:15:57 -04:00
RageLtMan e9821f6a70 Update stage_psh_env method
Replace variable names with generated strings to increase entropy.

Add compression test for stager to determine if a compressed PSH
script will fit into the allowed space. If so, compress and exec
without staging.

Add variable name cleanup to stager mechanism - Remove-Variable
with -ErrorAction SilentlyContinue is called on each stager var
name after the stager executes.

TODO: Update method documentation
2015-05-29 04:04:51 -04:00
RageLtMan f575fb8df9 Merge branch 'feature-merge_psh_updates_201505'
Conflicts:
	lib/msf/core/post/windows/powershell.rb

Rename upload_script_via_psh to stage_psh_env within post PSH lib.
Perform the same rename within load_script post module.
2015-05-29 03:42:25 -04:00
wchen-r7 737559bcbb
Land #5180, VBA Powershell for Office Macro 2015-05-28 19:55:27 -05:00
Spencer McIntyre 24b4dacec5
Land #5408, @g0tmi1k fixes verbiage and whitespace 2015-05-27 21:02:02 -04:00
wchen-r7 583fccdbc8 Resolve #5404, Check payload compatibility when using set payload
Resolve #5404. This patch will check payload compatibility when
you are using set payload in msfconsole.
2015-05-27 18:28:08 -05:00
wchen-r7 5d0053e4ef Move iframe instead of hiding, which seems to improve Flash reliability 2015-05-27 00:43:47 -05:00
wchen-r7 60cdf71e6c
Merge branch 'upstream-master' into bapv2 2015-05-26 15:56:48 -05:00
Brent Cook d76a9c6565
Land #5409, update cmd stager documentation.
Merge remote-tracking branch 'upstream/pr/5409' into upstream-master
2015-05-26 10:34:03 -05:00
benpturner abd4ab548d Edit spaces within the powershell session command 2015-05-25 20:10:29 +01:00
wchen-r7 3102741157 Don't need print_line 2015-05-25 11:54:58 -05:00
wchen-r7 3d5248f023 This is better 2015-05-25 11:46:18 -05:00
benpturner e06f47b2bd Updates load_script to have support for folders and to include the stager process in the mixin module for other post mods 2015-05-25 15:48:27 +01:00
OJ 307dcd09dd Update payload cache sizes again 2015-05-25 20:12:20 +10:00
OJ 87bc198c82 x64 winhttp ie proxy support, autoconfig ignore 2015-05-25 20:01:37 +10:00
wchen-r7 db09b9846c I think I found the speed back 2015-05-25 02:44:57 -05:00
wchen-r7 72112317cc Update 2015-05-25 01:58:34 -05:00
wchen-r7 3efe22d5e2 This seems better, slower though 2015-05-25 01:42:34 -05:00
OJ 78176c4335 First pass of IE proxy support for winhttp x86 2015-05-25 15:44:35 +10:00
OJ 43f7054a5c Refactor base64 stub into base module
As per @zeroSteiner's suggestion.
2015-05-25 11:51:01 +10:00
OJ 9e50114082
Merge branch 'upstream/master' into uuid-stagers 2015-05-25 11:22:35 +10:00
OJ 9042f141ff Implement the IPv6 UUID bind stagers 2015-05-25 11:21:28 +10:00
wchen-r7 7089bd945a This payload handling looks much better 2015-05-24 12:47:20 -05:00
Spencer McIntyre 6fb2da4f62 Fix #5391, cmd stager documentation fixes 2015-05-23 13:56:49 -04:00
wchen-r7 a376464710 It kind of blew up 2015-05-23 05:26:13 -05:00
wchen-r7 f378b45408 bug fixes, sorta 2015-05-23 05:06:15 -05:00
wchen-r7 7f4b51f0ff Fix nil bug 2015-05-23 02:08:51 -05:00
wchen-r7 60b0be8e3f Fix a lot of bugs 2015-05-23 01:59:29 -05:00
wchen-r7 916b7b83be Change how we load payload handlers 2015-05-22 20:35:43 -05:00
jvazquez-r7 d10b20b7a3
Land #5251, @hmoore-r7's second opportunity to Oracle connect
SYSTEM shouldn't have SYSDBA privileges by default anymore
2015-05-22 17:47:41 -05:00
jvazquez-r7 41a86b2e9b
add vprint_status 2015-05-22 17:46:56 -05:00
wchen-r7 6de75ffd9f
Merge branch 'upstream-master' into bapv2 2015-05-22 17:11:03 -05:00
jvazquez-r7 c201955fdf
Land #5387, @wchen-r7's user-configurable HTTP timeout
Fixes #5219, Add connection timeout and response timeout for HttpClient
2015-05-22 15:36:11 -05:00
jvazquez-r7 e0d9ee062f
Use HttpClientTimeout 2015-05-22 13:35:37 -05:00
wchen-r7 8fd468a89f Get the dry-run feature right this time 2015-05-22 13:07:30 -05:00
wchen-r7 905fe73d78 Track clicks 2015-05-22 12:57:06 -05:00
wchen-r7 e8a32bdd10 Make MaxSessions/RealList/Custom404 work better 2015-05-22 12:40:56 -05:00
wchen-r7 2bb6f390c0 Add session limiter and fix a race bug in notes removal 2015-05-22 12:22:41 -05:00
HD Moore 078438f66e Update UUIDOptions -> UUID::Options 2015-05-22 00:30:05 -05:00
HD Moore c17ee64d81 Merge branch 'master' into feature/uuid-registration 2015-05-22 00:29:16 -05:00
OJ c07ff70f19 Add check for UUID payloads
Thankfully those payloads already had a flag that could be reused.
2015-05-22 15:11:12 +10:00
Brent Cook 9ce669f878
Land #5328: reworked x64 http/https stagers 2015-05-21 23:26:34 -05:00
OJ 10bd75348c
Merge branch 'upstream/master' into uuid-stagers 2015-05-22 13:07:25 +10:00
OJ a6a274d3a3
Merge recent stager changes 2015-05-22 13:01:45 +10:00
HD Moore 9b17b63259 Switch to append mode for x86 service templates, fixes #5403 2015-05-21 20:42:20 -05:00
HD Moore ea9059f930 Fix broken endian specification (<I vs I<) 2015-05-21 20:00:22 -05:00
wchen-r7 c29bb35e28 Change datastore name 2015-05-21 10:15:03 -05:00
David Maloney 356f361b40
add sid to the the yard docs
you win this round OJ ;)

MSP-12722
2015-05-21 09:30:09 -05:00