5d4cc7ab40
Add nodejs to list of defaults
2016-06-24 16:06:50 -05:00
6072697126
continued
2016-06-22 14:54:00 -05:00
0126ec61d8
Style
2016-06-22 10:15:23 -05:00
b3f59ebd19
Whitespace
2016-06-22 10:15:23 -05:00
07f7e5e148
Convert non-loginscanner MSSQL to rubyntlm
2016-06-22 10:15:22 -05:00
4b3f6c5d29
Use rubyntlm for mssql login scanner
2016-06-22 10:15:22 -05:00
1e053c110a
Merge branch 'master' into feature/rex-cleanup/first-gems
2016-06-22 09:20:44 -05:00
3842753ce4
Added JCL header data to mainframe payload module
...
Currently any existing and future JCL payload has to have a 'job card'
basically data that defines the job to z/OS. It has information about
the job's owner, place it will run, output creation, etc. All JCL
shares the same job card format. As such, creating a shared payload
method that allows this text to be imported into any JCL payload.
Additionally, that job card is now parameterized, allowing the
exploit/payload user to edit these job card values-as this may be needed
in order to run the job sucessfully on any given system.
This PR sets up the mf module - next PRs will update the existing
payloads to use this module.
2016-06-21 22:06:44 -05:00
69e2d05a5d
rip out old rex code and replace with gems
...
rex-text, rex-random_identifier, rex-powershell, rex-zip, and rex-registry
are now being pulled in as gems instead of part of the spgehtti code that is lib/rex
2016-06-21 13:56:36 -05:00
bf36b2c58e
Fix preamble in bind_php to include php tag+escape
2016-06-21 10:07:42 +10:00
129b449355
Add Msf::Util::EXE.to_zip
...
This adds a new method in Msf::Util::EXE to be able to create a
zip file with an array of binary data.
2016-06-20 13:36:59 -05:00
98ad2489db
Land #6970 , #make_fast_nops for HUGE nop chunks
2016-06-17 12:56:26 -05:00
c6b1955a5a
Land #6729 , Speed up the datastore
2016-06-15 17:55:42 -05:00
f5bfc84453
Land #6977 , Add a more verbose message when generating module documentation
2016-06-15 14:55:55 -07:00
78775f7833
first attempt at 6964
2016-06-15 07:44:32 -04:00
563b8206c5
Land #6962 , Apache Continuum Exploit
2016-06-13 16:41:53 -05:00
337e48dc07
Create #make_fast_nops for huge NOP chunks
...
This creates a new method called #make_fast_nops for exploits that
actually need large chunks of NOPs.
2016-06-13 15:25:46 -05:00
b7139da624
Clean up whitespace
2016-06-13 10:51:38 -05:00
776dd57803
get_uri missing port fix
2016-06-12 19:27:34 -05:00
7831cb53c5
print status of opening browser at file
2016-06-11 21:13:31 -04:00
5adc360b2a
Make opts truly optional
2016-06-10 20:35:40 -05:00
0d7b587b5d
Avoid printing rhost:rport from AuthBrute
...
When AuthBurte is mixed with other modules using the TCP mixin,
rhost:rport is printed twice. This info should come from the
protocol level mixin.
2016-06-08 14:32:58 -05:00
6d72b5b19f
Land #6946 Fix a bug with OptPort validation when not req
2016-06-07 14:43:10 -05:00
53b989f283
fix normalisation so we don't coerce to 0
...
don't coerce nil to 0
2016-06-07 14:29:13 -05:00
16030cda30
simpler fix
...
talking with adam shows that there is a simpler solution
to this problem
2016-06-07 14:13:10 -05:00
9de27e0b9c
add more specific normalise method to otpport
...
add a normalise method that prevents emtpy string
from being converted to 0 for OptPort avoiding
a bad behaviour
2016-06-07 14:03:34 -05:00
27b5d961fd
fixes a bug with OptPort validation when not req
...
OptPort lost the check for whether the option was required causing it
to incorrectly return false in certain cases
MS-1633
2016-06-07 13:48:57 -05:00
da532ecc5e
Land #6919 , Move LURI into a full URI for a new 'Payload opts" column in jobs output
2016-06-03 13:57:47 -05:00
e0cf4721c5
Land #6927 , Fix exception handling in #exploit_simple
2016-06-02 11:15:25 -05:00
ffa4177575
missed a few joins
...
missed a few joins statements before
MS-1593
2016-06-01 15:32:51 -05:00
2047475901
host tags commands eagerloaded instead of joining
...
someone tried to fix a rails deprecation warning by doing an
eager load, but caused an actual exception instead. switching to
propper joins makes everything work properly
MS-1593
2016-06-01 13:50:38 -05:00
a27d10c200
fixes the exception handling in #exploit_simple
...
The exception handling in the #exploit_simple method tries to set
error on exploit but exploit is defined within the begin block
causing a noMethodError on nilClass
MS-1608
2016-05-31 11:46:05 -05:00
61f9cc360b
Correct casing - should be HttpUsername and HttpPassword
2016-05-27 18:31:54 -05:00
4dcddb2399
Fix #4885 , Support basic and form auth at the same time
...
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.
Fix #4885
2016-05-27 16:25:42 -05:00
f7382f5b3b
Make `jobs` display a full uri
...
Addresses the problem of LURI taking the place of URIPATH, which has
different semantics.
See #4623
2016-05-27 11:15:12 -05:00
00b18c8ac5
Land #6917 , Fix minor issues with the RC4 stager
2016-05-26 10:12:54 -05:00
a3d2cba698
Land #6906 , Improve msfvenom error handling and spec coverage
2016-05-26 07:58:37 -05:00
96c459c71d
fix #6915 , handle nil payloads and alert to the user
2016-05-26 07:22:09 -05:00
8612eaa553
remove senduuid for now, give RC4PASSWORD a default
2016-05-26 06:34:51 -05:00
c65401026a
wip fixup rc4
2016-05-25 06:17:02 -05:00
05680ab6f3
Land #6887 , add a missing postgresql 9.4.1-5 matching case
2016-05-24 22:19:03 -05:00
5921ac7b47
Add a spec and fix ReverseHttp#luri
2016-05-24 17:22:14 -05:00
3dfdf1d936
Land #6528 , tilde expansion and more for OptPath
2016-05-24 16:01:59 -05:00
a23ce05752
File.exists? must cease to exist
2016-05-24 13:53:26 -07:00
14cb85250e
Land #6912 , use the correct variable for cookie expiration in BAP2
2016-05-24 14:19:03 -05:00
ff4d150449
Show IP for print_*
2016-05-24 14:12:54 -05:00
b5987e1d51
Land #6907 , Fix check command with an IP or IP range
2016-05-24 11:37:56 -05:00
77a62ff7c0
Land #6905 RC4 Stagers
2016-05-24 09:34:32 -05:00
43f79f34a9
Removed superfluous instruction
2016-05-24 09:03:14 -05:00
3bc020178f
use the correct variable for cookie expiration
2016-05-24 07:16:55 -05:00
76e8e8f6c7
really fix regex
2016-05-23 20:08:38 -05:00
eb26202961
fix regex
2016-05-23 17:33:06 -05:00
d0b87131a9
fixing import of zip workspace
...
MS-1528
2016-05-23 16:09:22 -05:00
6af9a093d2
update bool
2016-05-23 15:48:03 -05:00
5e059e0c5b
updating the error message
...
changing the exception to be a little more specific.
2016-05-23 15:40:32 -05:00
d3cdcd5f99
Having the payload generator check the payload size
...
Payload generator will raise an error if the payload is larger then the size option
2016-05-23 15:17:41 -05:00
fe1b24e666
allow nil assignment to the datastore
2016-05-23 14:56:19 -05:00
f29463f119
include {peer} in the context of the command dispatcher
2016-05-23 14:55:58 -05:00
efc64eaa5f
Implement reverse_tcp_rc4_dns payload in metasm
...
Using the ruby methods for generating assembly blocks defined or
separated in prior commits, create a new payload from the existing
assembly blocks which performs a DNS lookup of the LHOST prior to
establishing a corresponding socket and downloading, and
decrypting the RC4 encrypted payload.
For anyone looking to learn how to build these payloads, these
three commits should provide a healthy primer. Small changes to
the payload structure can yield entropy enough to avoid signature
based detection by in-line or out-of-band static defenses. This
payload was completed in the time between this commit and the last.
Testing:
Win2k8r2
ToDo:
Update payload sizes when this branch is "complete"
Ensure UUIDs and adjacent black magic all work properly
2016-05-23 14:27:11 -05:00
0e69040a6a
Implement reverse_tcp_dns as metasm payload
...
Using the separation of block_recv and reverse_tcp, implement
reverse_tcp_dns using original shellcode as template with dynamic
injection of parameters. Concatenate the whole thing in the
generation call chain, and compile the resulting shellcode for
delivery.
Metasploit module pruned to bare minimum, with the LHOST OptString
moved into the library component.
Testing:
Win2k8r2
ToDo:
Update payload sizes when this branch is "complete"
Ensure UUIDs and adjacent black magic all work properly
Misc:
Clean up rc4.rb to use the rc4_keys method when generating a
stage. Makes the implementation far more readable and reduces
redundant code.
2016-05-23 14:27:11 -05:00
df2346d9e0
Implement RC4 metasm payloads for tcp bind and rev
...
Convert reverse_tcp_rc4 and bind_tcp_rc4 from static shellcode
substitution payloads to metasm compiled assembly approach.
Splits up metasm methods for bind_tcp and reverse_tcp into socket
creation and block_recv to allow for reuse of the socket methods
with the RC4 payloads, while substituting the block_recv methods
for those carrying the appropriate decryptor stubs.
Creates a new rc4 module carrying the bulk of the decryptor and
adjacent convenince methods for standard payload generation.
Testing:
Tested against Win2k8r2, Win7x64, and WinXPx86
ToDo:
Ensure all the methods around payload sizing, UUIDs, and other
new functionality, the semantics of which i do not yet fully
understand, are appropriate and do not introduce breakage.
2016-05-23 14:27:11 -05:00
9fc07eeb99
Land #6902 , Respect SSLCipher in server mixins
2016-05-20 17:34:38 -05:00
fda4c62c1f
Respect SSLCipher in server mixins
...
This allows us to set a sane cipher spec for SSL-enabled server modules.
2016-05-20 16:59:36 -05:00
6a4a9742e8
handle bad user
2016-05-17 17:24:46 -05:00
c6db5bf34a
add a missing postgresql 9.4.1-5 matching case
2016-05-17 17:12:47 -05:00
8bccfef571
Fix merge conflict
2016-05-16 17:29:45 -07:00
04d70640b1
Land #6868 , Add axis2 payload generator for msfvenom
2016-05-16 17:48:50 -05:00
7fcddd5a05
Add axis2 payload generator
2016-05-12 22:48:07 +02:00
d9abb06a5a
Merge branch 'master' into staging/rails-upgrade
2016-05-12 11:18:51 -05:00
993709e076
Land #6862 , jar payloads
...
lands FireFarts jar payload pr
2016-05-11 09:56:41 -05:00
e2dd844e34
reenable jar format
2016-05-09 21:25:23 +02:00
6142d2cef1
Merge branch 'master' into staging/rails-upgrade
2016-05-09 09:27:17 -05:00
7b1148c438
disambiguate NetBSD/OpenBSD
2016-05-09 05:11:47 -05:00
71a674434a
Solaris 11
2016-05-09 05:11:09 -05:00
bbe35ac21a
match solaris uname
2016-05-09 05:06:59 -05:00
1a97042a0d
include running CPU architecture in platform string
2016-05-09 05:06:37 -05:00
f466464e80
set a recommended number of threads per session type
2016-05-08 22:39:41 -05:00
9268f66540
auto-set the meterpreter platform based on the sysinfo os
2016-05-08 22:39:41 -05:00
a763863ff3
remove #truncate_session_desc
...
this method was absed around a char limit
for the desc column which no longer exists
trying to perform this operation generates an error
removing the method since it is not needed
2016-05-06 09:36:12 -05:00
f75009a9c6
Don't duplicate headers when sending emails
...
If Date: and Subject: are present, we should not try to add them again.
This made Amazon SES puke, and that made us sad :(.
MS-1476
2016-05-05 10:47:21 -05:00
f096c3bb99
Land #6821 Fix send_request_cgi! redirection
2016-05-05 09:09:30 -05:00
4c9eba333e
Land #6753 , MSF-side support for reverse port forwards
...
Huge thanks to @OJ for making this happen.
Tested targets Win7,10,2008,2012
Tested payloads Win32 native, Win64 native, python
2016-05-04 07:39:05 -04:00
d136844d3b
Add error handling around double-bind of ports
2016-05-03 10:42:41 +10:00
ffc91a193c
Fix #6841 , info -d [module path] not spawning module documentation
...
Fix #6841
2016-05-02 14:23:29 -05:00
be363411de
Land #6317 , Add delay(with jitter) option to auxiliary scanner and portscan modules
2016-05-02 13:09:40 -05:00
3b893cf740
Merge pull request #6581 from bcook-r7/uuidretry
...
don't send a response on invalid UUID, allow stagers to survive another day
2016-05-02 11:23:02 -05:00
20ec56d06a
Do not parse empty web_sites
...
MS-255
2016-04-28 13:17:03 -05:00
5a4e70fdf0
Fixes indentation in check_msf_xml_version!
...
MS-255
2016-04-28 13:17:02 -05:00
f4f607d815
Correct comments to use Nokogiri::XML::Element
...
MS-255
2016-04-28 13:17:02 -05:00
56fd5a745e
Do not parse element if empty
...
MS-255
2016-04-28 13:17:02 -05:00
050061762b
Fix db_manager rspec tests
...
MS-255
2016-04-28 13:17:02 -05:00
0e568674d7
Add comments on parse functions
...
MS-255
2016-04-28 13:17:01 -05:00
0759848ad5
Use Nokogiri Reader in zip import
...
MS-255
2016-04-28 13:17:01 -05:00
83ff60c111
Force encoding on import xml
...
MS-255
2016-04-28 13:17:01 -05:00
e4fcaefc8c
Unpack and pack an unsigned integer per 8 bytes
...
MS-255
2016-04-28 13:17:01 -05:00
e6a8d69b0b
Force encoding of XML import
...
MS-255
2016-04-28 13:17:00 -05:00
f1d8e1d693
Parse web_data in xml import
...
MS-255
2016-04-28 13:17:00 -05:00
802dfabbe3
Converts XML importer to use Nokogiri Reader
...
MS-255
2016-04-28 13:17:00 -05:00
47d52a250e
Fix #6806 and #6820 - Fix send_request_cgi! redirection
...
This patch fixes two problems:
1. 6820 - If the HTTP server returns a relative path
(example: /test), there is no host to extract, therefore the HOST
header in the HTTP request ends up being empty. When the web
server sees this, it might return an HTTP 400 Bad Request, and
the redirection fails.
2. 6806 - If the HTTP server returns a relative path that begins
with a dot, send_request_cgi! will literally send that in the
GET request. Since that isn't a valid GET request path format,
the redirection fails.
Fix #6806
Fix #6820
2016-04-25 14:30:46 -05:00
4676d70918
rm osvdb condition
2016-04-24 18:36:33 -05:00
f28d280199
Land #6814 , move stdapi to exist?
2016-04-24 13:41:11 -04:00
194a84c793
Modify stdapi so it also uses exist? over exists? for ruby parity
...
Also add an alias for backward compatibility.
2016-04-23 17:31:22 -04:00
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
45961f75d4
Fix the payload size updater for MetasploitModule
2016-04-23 11:38:42 -04:00
c1a64b1f6f
fix: issues/6803 - info command references bug
2016-04-22 15:14:35 +08:00
98f89ca23a
Land #6794 , Fixed yard doc errors
2016-04-21 13:16:45 -05:00
6cb93f2af2
Make yard doc ignore @probe
2016-04-21 13:15:58 -05:00
5e36a3128c
Fix #5197 , Fixed yard doc errors
...
Fix #5197 Fixed issues that caused errors during yard doc generation
2016-04-21 13:06:00 -05:00
57ab974737
File.exists? must die
2016-04-21 00:47:07 -04:00
6b3326eab2
Land #6707 , support for LURI handler
2016-04-20 16:26:07 -05:00
3b280d45a4
fix some yardoc issues
2016-04-18 21:00:21 +02:00
fd603102db
Land #6765 , Fixed SQL error in lib/msf/core/exploit/postgres
2016-04-18 10:44:20 -07:00
4c0a53a809
replace 'and' with '&&'
2016-04-18 08:26:02 -05:00
555352b210
Force lurl string duplication to avoid stageless issues
...
I have NO idea why this is even a problem. Mutating state is the spawn of satan.
2016-04-18 08:25:19 -05:00
a74a7dde55
More fixies for LURI in Python, and native too
2016-04-18 08:25:19 -05:00
b95267997d
Fix LURI support for stageless, transport add/change and code tidies
2016-04-18 08:24:41 -05:00
63e478c826
fix sessions -l bug
2016-04-18 08:21:50 -05:00
a45d0aed53
show LURI in new connection log message
2016-04-18 08:21:50 -05:00
7eda08aa2e
windows/x64 support
2016-04-18 08:16:35 -05:00
1e16804c63
size considerations for LURI, stageless
2016-04-18 08:16:35 -05:00
7e708e3159
sessions LURI display
2016-04-18 08:13:10 -05:00
d2d36ca043
java handler, better default, jobs -v
2016-04-18 08:13:10 -05:00
b122dffe3d
initial LURI commit. windows, python functional
2016-04-18 08:13:10 -05:00
d3a832b31d
Land #6776 , Fix #6775 update regex for Win 10 UAC
2016-04-13 17:03:45 -04:00
3898d11aa7
Add Windows 10 entry to the version check regex
2016-04-13 08:23:01 +10:00
feb1394630
Land #6752 , compact table for advanced options
2016-04-09 21:25:43 -05:00
93cb91a515
Remove an extra nil check
2016-04-08 21:18:24 -05:00
6b4dd8787b
Fix #6764 , nil SQL error in lib/msf/core/exploit/postgres
...
Fix #6764
2016-04-08 15:20:04 -05:00
ae46b5a688
Bring #6417 up to date with upstream-master
2016-04-08 13:41:40 -05:00
2563634dce
Fix inverted logic introduced by #6734
...
MS-385
2016-04-06 22:03:31 -05:00
8cc1d2ec89
Make advanced and evasion options readable
2016-04-05 15:05:58 -05:00
4d5695f7fc
Land #6743 , reimplement HD's session interrupt handler
...
MS-385
2016-04-05 11:16:32 -05:00
cde89b90cd
Land #6744 , Deprecation on host eager load
...
Lands SemperVictus' pr for fixing a deprecation warning
on eager loading the hosts table
2016-04-05 09:19:16 -05:00
3bcac49c21
Fix: badchars.present? is false for whitespace
...
badchars.present? is false in the case of badchars containing only whitespace.
Instead check for is not empty and is not nil.
2016-04-05 10:09:56 +10:00
5e8ed09b66
Merge branch 'task/MS-1354/OpenVAS-Nessus-Importer' of https://github.com/bpatterson-r7/metasploit-framework into bpatterson-r7-task/MS-1354/OpenVAS-Nessus-Importer
2016-04-04 17:07:05 -05:00
992df12fa7
Address ActiveRecord deprecation warning
...
AR will start to complain about eager loading in command_dispatcher
/db.rb:519 because it references hosts as string without explicitly
stating that the table is being referenced.
Add a call .references in the AR call chain after the where clause
to silence this abysmal warning.
2016-04-02 00:22:26 -04:00
64b94dfe3b
reimplement HD's session interrupt handler
...
reimplement HD's work on a session interrupt handler
so that if an exploit fails the handler does not continue
waiting for a session that will never come
MS-385
2016-04-01 14:43:16 -05:00
618f379488
Update auxiliary/scanner/redis/redis_server and mixin
2016-03-31 17:14:49 -05:00
2e7d07ff53
Fix PASSWORD datastore option
2016-03-31 17:12:00 -05:00
4c2e130470
fix spelling
2016-03-31 09:25:24 -05:00
8f0d664a38
Modify the open_vas importer to support both results.xml and reports.xml open_vas exports and modify the nessus importer to import what it can when it can't find a properly formatted port number
2016-03-30 17:44:26 -05:00
a808c9fe63
Bring some sanity to the datastore
...
Before, the datastore would store options case-sensitive, but would
access them case-insensitive, resulting is a number of string compares.
This commit stores options in their downcase form to reduce
update/lookup time. This adds up to reducing msfconsole boot time by
about 10% and rspec time by about 45 sec. (!) on my box.
One tricky part of this conversion is that there are several places (in
pro and framework) where we export or otherwise access the datastore as
a plain hash (case-sensitive). I believe I have caught all the ways we
access the datastore that are case-sensitive and substituted the
original key capitalization in those cases.
2016-03-30 15:17:55 -05:00
a2a522be07
Land #6716 , Add a rescue to catch method missing for stage_payload
2016-03-30 13:08:52 -05:00
280aeb0b59
Land #6727 , Show handler URI so we know which job's responding
2016-03-30 12:22:18 -05:00
ead6e6b6b6
Use a print_prefix instead
2016-03-30 11:50:45 -05:00
0a239742f5
Show handler URI so we know which job's responding
2016-03-30 11:35:04 -05:00
797acd625d
Land #6714 , Kill defanged mode
2016-03-30 10:54:56 -05:00
587f1ee7b3
Land #6708 , module documentation for msfconsole
2016-03-29 11:30:55 -07:00
e25525b4a7
avoid validating file-based datastore options on assignment
...
file:/ strings are special with some datastore options, causing them to read a
file rather than emitting the exact string. This causes a couple of problems.
1. the valid? check needs to be special on assignment, since normalization
really means normalizing the path, not playing with the value as we would do
for other types
2. there are races or simply out-of-order assignments when running commands
like 'services -p 80 -R', where the datastore option is assigned before the
file is actually written.
This is the 'easy' fix of disabling assignment validation (which we didn't have
before anyway) for types that can expect a file:/ prefix.
2016-03-28 23:03:17 -05:00
6523600952
Add a rescue to catch method missing for stage_payload
...
This allows us to provide a friendlier message to users when they are
using a stageless listener with a staged payload.
2016-03-29 09:46:09 +10:00
f1857d6350
Kill defanged mode
2016-03-28 09:02:07 -05:00
629bc00696
Use MSXML decoder instead
2016-03-25 22:52:16 +09:00
18604c3d44
Land #6705 , Rectify MSF_CFGROOT_CONFIG comment
2016-03-24 18:21:05 -05:00
57984706b8
Resolve merge conflict with Gemfile
2016-03-24 18:13:31 -05:00
7f002128ad
Rectify MSF_CFGROOT_CONFIG comment
...
Also remove reference to feature request that does not seem to be
available anymore.
2016-03-23 22:23:30 +01:00
0c19d89655
add more space for deprecation message
2016-03-23 11:39:42 -05:00
866c4718b0
Fix OptPort validation
...
Allow a port value of 0 and don't reject empty values if the option is
not required.
2016-03-22 23:01:18 -05:00
ec3a0a108d
Change OptPort to inherit from OptInt
...
Fixes the normalize and validate methods.
2016-03-22 19:25:51 -05:00
22df7c0071
Fix datastore to validate options w/o a default
...
Options without a default were not pulled into the `@options` hash and
therefore were not used to validate options on assignment.
I am not entirely sure how this fix works, since it would seem that
non-override options would not get pulled in if an option was first set
in the global datastore. However, a previous value does not get
overridden and new values are validated. Anything further is merely
speculation on my part.
2016-03-22 19:12:53 -05:00
5c163960ed
Fix datastore to not freeze options on the default
2016-03-22 19:07:58 -05:00
67b9d053ec
Land #6679 , remove unreachable sanity checks
2016-03-18 11:25:51 -05:00
9219efa512
remove unreachable ruby 1.x check
2016-03-18 11:16:44 -05:00
1375600780
Land #6644 , datastore validation on assignment
2016-03-17 11:16:12 -05:00
1790f039c3
Land #6684 , remove obsolete warn_about_rubies
2016-03-17 08:26:57 -05:00
59a55dec5b
Land #6676 , new Postgres fingerprints
2016-03-16 16:32:10 -05:00
32fe9ae55d
Remove dead version check in db_manager.rb
...
The check appears to have been orphaned in the db_manager refactor, but
I can't track down the exact commit.
2016-03-16 15:24:55 -05:00
79c36c4f53
RPORT should be an OptPort
2016-03-16 14:13:19 -05:00
c21bad78e8
Fix some more String defaults
2016-03-16 14:13:18 -05:00
a878926f31
Remove unused datastore option
2016-03-16 14:13:17 -05:00
44e1fefa2e
when normalizing a string type, ensure we have a string first
2016-03-16 06:44:36 -05:00
5a72f2df16
remove subversion support
2016-03-15 22:00:32 -05:00
63263773d1
simplify sanity checks for Ruby 1.x
2016-03-15 21:55:25 -05:00
3b6a3374ae
prefer explicit defaults to implicit
2016-03-15 20:58:14 -05:00
05f585157d
Land #6646 , add SSL SNI and unify SSLVersion opts
2016-03-15 16:35:22 -05:00
3cbc5684e1
iadd some preuath fps for postgres 9.4
...
the preauth fingerprinting for postgres is somewhat
unmaintainable, but due to a specific customer request
i have added these two FPs for 9.4.1-5
MS-1102
2016-03-15 14:50:07 -05:00
654590911b
Enforce integrity of datastore options on assignment
2016-03-15 14:00:32 -05:00
42689df6b3
Fix a stack trace with ``set PAYLOAD`` in ``msf>`` context
2016-03-13 14:56:54 -05:00
4f09246c78
reenable module loader warnings
2016-03-13 20:04:05 +01:00
dabe5c8465
Land #6655 , use MetasploitModule as module class name
2016-03-13 13:48:31 -05:00
15ba85bac2
fix missed deprecations
...
missed some deprecation warnings
2016-03-09 13:29:35 -06:00
88697a5d3f
Merge branch 'master' into staging/rails-upgrade
2016-03-08 15:22:04 -06:00
f831d58c1c
Support tables
2016-03-08 12:19:27 -06:00
698f425821
Auto <hr>
2016-03-08 11:25:15 -06:00
b91ee232ff
Change HTML parsing
2016-03-08 10:25:29 -06:00
58b8c35146
Escape HTML for KB and update rspec
2016-03-08 10:10:10 -06:00
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
c2f99b559c
Add documentation for auxiliary/scanner/http/tomcat_enum
...
Also fix a typo in normalizer
2016-03-07 15:39:15 -06:00
eea8fa86dc
unify the SSLVersion fields between modules and mixins
...
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
2016-03-06 22:06:27 -06:00
5a0bec81cb
disable warnings for now, to be reenabled when the module base class is updated
2016-03-06 17:19:05 -06:00
a2c3b05416
Land #6405 , prefer default module base class of simply 'Metasploit'
2016-03-06 17:10:55 -06:00
85acfabfca
remove various library workarounds for the datastore not preserving types
2016-03-05 23:10:57 -06:00
694f7f0a65
stop turning all default options into strings
...
we need to adjust vprint* functions, since they now fallthrough to the
'framework.datastore' checks because the false case actually triggers.
2016-03-05 23:09:14 -06:00
c811ed8d60
Correct name: PAYLOAD_DEMO_TEMPLATE
2016-03-05 00:42:36 -06:00
934f8de9b7
Update the conditions of is_remote_exploit?
2016-03-03 00:53:00 -06:00
11964c5c1a
Add remote exploit demo and web_delivery doc
2016-03-02 19:52:11 -06:00
5f510df2ab
Resolve merge conflict with upstream's Gemfile.lock
2016-03-01 22:06:17 -06:00
f27d24fd60
Add module documentation for psexec
2016-03-01 18:52:47 -06:00
30043bc519
Changed .all to .load in workspace.rb in order to eager load the relation and fix the 4.0 rails deprecation
2016-03-01 11:48:55 -06:00
c8c5549b19
Send base64ed shellcode and decode with certutil
2016-03-01 10:48:25 +09:00
c5a9d59455
Land #6612 , one final missing change
2016-02-29 15:08:42 -06:00
cb0493e5bb
Recreate Msf::Exploit::Remote::Fortinet
...
To match the path, even though it's kinda lame including it just for the
monkeypatch.
2016-02-29 15:04:02 -06:00
300fdc87bb
Move Fortinet backdoor to module and library
2016-02-29 12:06:33 -06:00
2950996cb8
Land #6612 , Add aux module for Fortinet backdoor
2016-02-29 12:02:49 -06:00
53d703355f
Move Fortinet backdoor to module and library
2016-02-29 11:57:42 -06:00
a87cf02b50
Land #6524 , fix reverse_http to try binding to LHOST first
2016-02-25 20:25:02 -06:00
cbc5b296e4
implement engines method locally instead of adding refinement
2016-02-25 11:05:17 -06:00
58ad2175b8
Raise when no network connection
2016-02-24 18:57:40 -06:00
d7ba37d2e6
Msf::Exploit::Remote::HttpServer print_* fix
...
Exploit::Remote::HttpServer and every descendant utilizes the
print_prefix method which checks whether the module which mixes in
these modules is aggressive. This is done in a proc context most
of the time since its a callback on the underlying Rex HTTP server.
When modules do not define :aggressive? the resulting exceptions
are quietly swallowed, and requestors get an empty response as the
client object dies off.
Add check for response to :aggressive? in :print_prefix to address
this issue.
2016-02-21 20:20:22 -05:00
3e22de116f
Changes to fix peer and style as recommended by jhart-r7.
2016-02-20 13:53:32 -08:00
24530e2734
Scrollable list, tab name change, print_status
2016-02-19 20:46:39 -06:00
9ba82453f8
Land #6584 , cidr notation addition for route command
2016-02-19 12:20:00 -06:00
b409b2237d
update to use the common bind_addresses method
2016-02-18 18:17:56 -06:00
4c716a268d
Set some flags
2016-02-18 16:11:34 -06:00
1e58b1574a
Land #6502 , add -x flag for showing extended sessions info
2016-02-18 15:37:41 -06:00
d316609fef
put extra columns under the -x flag
2016-02-18 15:36:43 -06:00
3beaeceb0e
Special-case bap2
2016-02-18 15:19:39 -06:00
e5ad6fa781
Support "knowledge base"
2016-02-18 15:02:24 -06:00
02834d4251
Add API documentation
2016-02-18 11:44:14 -06:00
68703e1955
Break down DocumenGenerator, fix a bug when opening local md
2016-02-18 10:25:40 -06:00
b5ae4c0322
remove the sleep
2016-02-18 08:33:44 -06:00
a5f3bddfc8
Support RPC API
2016-02-18 00:39:12 -06:00
089d6985b6
Add more demo templates
2016-02-18 00:17:32 -06:00
1bfe1ad140
More demos
2016-02-17 19:04:06 -06:00
76f2c917ee
Allow no GITHUB_OAUTH_TOKEN, and gsub for demo
2016-02-17 15:38:30 -06:00
0b095cf08a
Remove unwanted variable
2016-02-17 15:25:31 -06:00
8b267efa2d
No need to gsub the first 12 spaces anymore
2016-02-17 14:29:33 -06:00
714106174e
Do external erb template
2016-02-17 14:27:29 -06:00
d5c005d948
HTML-escape some fields
2016-02-17 13:56:03 -06:00
5339bb50d8
Support targets
2016-02-17 13:48:24 -06:00
28e6d8ef9e
Allow CIDR notation for the route command
2016-02-17 09:44:32 -06:00
08dff6541d
rm junk code
2016-02-16 23:29:08 -06:00
509a1e8de1
Add manual for demo purposes
2016-02-16 23:18:29 -06:00
b0cfb4aacf
Add info -d to show module documentation in .md
2016-02-16 22:44:03 -06:00
35e0a433ea
Make error output more useful
2016-02-16 14:45:00 -06:00
aff118a3a5
don't send a response on invalid UUID
2016-02-16 09:19:45 -06:00
95484c81fd
Land #6526 , fix browser exploit server spec
2016-02-15 16:23:04 -06:00
1f58ad15ac
Browser::Exploit::Server needs to have vprint*
2016-02-15 16:21:24 -06:00
3d1861b3f4
Land #6526 , integrate {peer} string into logging by default
2016-02-15 15:19:26 -06:00
4db2840af9
Land #6385 , add .apk template support for msfvenom
2016-02-15 14:27:08 -06:00
2386cb1344
Land #6527 , add support for importing Burp suite vuln exports
2016-02-10 13:19:21 -06:00
d5c3fcae04
Land #6511 , Bump Jsobfu version to support preserved_identifiers
2016-02-05 15:57:53 -06:00
4dcbd7c1ae
Add a nokogiri xml stream parser for Burp issue xml and rename original burp parser to burp session parser so both are supported.
2016-02-04 10:30:56 -06:00
869bf884c6
OptPath with no value is valid
2016-02-03 14:53:47 -08:00
df9d46eec2
Normalization for OptPath
2016-02-03 14:37:29 -08:00
53d4e31844
Allow OptPath to valid symbolic paths that need expansion
2016-02-03 14:12:03 -08:00
d55e68e76b
Fix bug in js_obfuscate
2016-02-02 11:25:39 -06:00
208420d741
Sort methods
2016-02-02 10:02:32 -06:00
b4ed55b4d4
Fix reverse_http{,s} LHOST bind address
2016-02-02 09:57:11 -06:00
93bdea0a60
Add tab completion for ReverseListenerBindAddress
2016-02-01 13:57:45 -06:00
1828b7fda6
Land #6512 , Acunetix importer missing scheme fix
2016-01-29 13:17:44 -06:00
cd56470759
Land #6493 , move SSL to the default options, other fixes
2016-01-29 11:09:51 -06:00
7b4f3f8148
Remove -vv, restore -v and add -ci
2016-01-29 11:52:21 +10:00
e542a6c8cf
Fix importing with Acunetix
...
Add a default scheme of `http://` to URIs without a scheme. Also update
some documentation.
2016-01-28 16:37:14 -06:00
f4139f85cb
Change to JsIdentifiers
2016-01-28 15:18:25 -06:00
4bd2be5dfa
Add preserved_identifiers support
2016-01-28 14:36:42 -06:00
c2f8e95492
Missed one
2016-01-28 14:18:19 -06:00
ad026b3a7a
Add #peer to Tcp
2016-01-28 13:58:24 -06:00
537c7e790e
Use vprint_status instead of reimplementing it
2016-01-28 12:51:20 -06:00
51efb2daee
Land #6422 , Add support for native target in Android webview exploit
2016-01-27 14:27:41 -06:00
69d9ff7958
Add an extended mode to the session list
2016-01-25 22:36:13 +10:00
a587975f90
be more robust and careful breaking from the accept thread
2016-01-23 01:46:58 -06:00
e6147d60e2
fix rspecs
2016-01-22 23:43:13 +01:00
158b1e473c
revert value
2016-01-22 23:38:45 +01:00
02841c79c3
some slight changes
2016-01-22 23:38:45 +01:00
0546911eef
fix error when invalid classname eg "class Metasploit1 < .."
2016-01-22 23:38:45 +01:00
8f4752d11e
show load warnings to the user
2016-01-22 23:38:45 +01:00
7dac21f58c
do not fail on old class name
2016-01-22 23:36:37 +01:00
51eb79adc7
first try in changing class names
2016-01-22 23:36:37 +01:00
91700f17e3
tidy up the ruby style while we're in here testing
2016-01-22 14:43:19 -06:00
ac8b483d32
don't break the accept loop just because we got a client connection that closed early
2016-01-22 13:52:00 -06:00
0871fe25e8
change text
2016-01-22 07:38:44 +01:00
e0de78280d
move SSL to the default options
2016-01-22 07:05:23 +01:00
0f7e3e954e
HttpServer's print prefix with... wait for it...
...
print_prefix
2016-01-20 13:44:18 -06:00
28cf943bcb
Fix a couple of missing requires in payloads.
...
This pops up occasionally. This fixes a couple of anecdotal reports of missing
requires that cause the loader to fail, depending on the directory sort order.
It also fixes the problem as reported in #6460
2016-01-14 13:17:26 -06:00
8479d01029
Land #6450 , add TLS support to MSSQL
2016-01-14 12:17:40 -06:00
37178cda06
Land #6449 , properly handle HttpServer resource collisions
2016-01-14 12:15:18 -06:00
a7869975d8
Remove useless variable
2016-01-14 10:04:23 -06:00
1f61eb50be
Sort methods
2016-01-14 09:09:29 -06:00
4ab58caa93
Fix the help option for vulns command
2016-01-11 22:19:44 +01:00
5266860cec
Squashed more commits back into 1
2016-01-07 17:53:49 -06:00
6a2b4c2530
Fix #6445 , Unexpected HttpServer terminations
...
Fix #6445
Problem:
When an HttpServer instance is trying to register a resource that
is already taken, it causes all HttpServers to terminate, which
is not a desired behavior.
Root Cause:
It appears the Msf::Exploit::Remote::TcpServer#stop_service method
is causing the problem. When the service is being detected as an
HttpServer, the #stop method used actually causes all servers to
stop, not just for a specific one. This stopping route was
introduced in 04772c8946
2016-01-07 16:55:41 -06:00
eb0b66a4cf
Land #6390 , report exceptions on bind/listen failure
2016-01-06 21:44:06 -06:00
2dd59a932b
Clean up some warnings
2016-01-04 16:02:43 -06:00
05d8f9d186
Make sure addr is not nil
...
See http://ruby-doc.org/stdlib-2.2.2/libdoc/socket/rdoc/Socket/Ifaddr.html#method-i-addr
Which says:
Returns the address of *ifaddr*. nil is returned if address is not
available in *ifaddr*.
I ran into this with a teql interface, but who knows what else might
trigger it.
2016-01-04 15:58:03 -06:00
00dc6364b5
Add support for native target in addjsif exploit.
2016-01-03 01:07:36 -06:00
bcd1a6d45e
make JSON key format a little more standard, emit options
2015-12-30 16:00:09 -06:00
2a0ae144df
Fixup rubocop warnings for cleanup purposes
2015-12-30 14:33:02 -06:00
bb857e7a33
Add new line after json output for cleaner usability
2015-12-30 14:32:31 -06:00
3f98511d7c
Cleanup logic to force an output type
2015-12-29 15:11:16 -06:00
29ea553e03
Adding a json formatting option to the info command
2015-12-29 13:57:35 -06:00
beb2fa9f92
Use bind_addresses rather than bind_address; fixes #6394
2015-12-24 09:20:21 -08:00
efdb6a8885
Land #6392 , @wchen-r7's 'def peer' cleanup, fixing #6362
2015-12-24 08:53:32 -08:00
5d0e868fd6
facebook.orca fixes
2015-12-24 12:21:08 +00:00
69b65e7d39
fix error handling
2015-12-24 09:13:56 +00:00
17ad41070b
Land #6380 , allow linux x86 meterpreter in the pref list
2015-12-23 16:10:26 -06:00
e4f9594646
Land #6331 , ensure generic payloads raise correct exceptions on failure
2015-12-23 15:43:12 -06:00
cea3bc27b9
Fix #6362 , avoid overriding def peer repeatedly
...
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
a16a10aaf6
Fix #6371 , being able to report an exception in #job_run_proc
...
Fix #6371
When a browser fails to bind (probably due to an invalid port or
server IP), the module actually fails to report this exception from
exception, the method calls exploit.handle_exception(e). But since
handle_exception is not a valid method for that object, it is unable
to do so, and as a result the module fails to properly terminate
the module, or show any error on the console. For the user, this will
make it look like the module has started, the payload listener is up,
but there is no exploit job.
Rex::BindFailed actually isn't the only error that could be raised
by #job_run_proc. As far as I can tell registering the same resource
again could, too. With this patch, the user should be able to see this
error too.
Since the exploit object does not have access to the methods in
Msf::Simple::Exploit, plus there is no other code using
handle_exception and setup_fail_detail_from_exception, I decided
to move these to lib/msf/core/exploit.rb so they are actually
callable.
2015-12-22 16:35:29 -06:00
3f4c6eb370
Land #5383 , allow tunneling reverse_tcp meterpreter sessions without 'route add'
2015-12-22 15:42:42 -06:00
d2a9aa18d8
fix sillyness
2015-12-22 16:06:01 +00:00
eeea4bde9d
integrate ./msfvenom -x for android payloads
2015-12-22 15:58:27 +00:00
662a6dfd53
¯\_(ツ)_/¯
2015-12-22 14:49:00 +00:00
d2cc32a389
integrate apk_backdoor with msfvenom
2015-12-22 14:49:00 +00:00
fa390358a2
Add linux/x86/meterpreter/reverse_tcp to the preference list
...
linux/x86/meterpreter/reverse_tcp was not added to the preference
list, because at the time it was reliable. For example: it would
crash while running a post module. This is not the case anymore,
so it looks like linux/x86/meterpreter/reverse_tcp is ready to
serve.
2015-12-21 23:09:54 -06:00
2cc54a7a43
Make joomla.xml go first
...
Reason is here:
https://github.com/rapid7/metasploit-framework/pull/6373#issuecomment-166446092
2015-12-21 22:59:13 -06:00
17b67b8f1b
Add trailing /
2015-12-19 17:18:34 -06:00
5ff02956c9
Lower joomla.xml
2015-12-19 13:46:13 -06:00
0fda963601
Have multiple paths to find the generator tag
2015-12-19 13:45:41 -06:00
6dada5f20f
add another we can check
...
administrator/manifests/files/joomla.xml
2015-12-19 12:06:06 -06:00
7d8ecf2341
Add Joomla mixin
2015-12-18 21:14:04 -06:00
b78f7b4d55
Land #6319 , @all3g's module for abusing redis to achieve file uploads
2015-12-14 18:00:44 -08:00
6611da9239
strip, not stripgit diff. strip! returns nil if the string was unmodified
2015-12-11 19:22:57 -08:00
dcdc21e2db
Correct unbalanced quotes
...
You down with OCD (Yeah you know me).
2015-12-11 18:44:14 -08:00
e23908d672
Improve verbose output related to authentication handling
2015-12-11 18:32:00 -08:00
1a0f71b6fa
Try to catch case where post-auth commands are failing
2015-12-11 17:23:03 -08:00
9cec3d9e6b
Move redis password option to non-advanced
2015-12-11 17:03:49 -08:00
1fecd9846c
Bury some helper methods behind private
2015-12-11 10:13:13 -08:00
9ef46140c0
Improve output when success
2015-12-11 10:10:44 -08:00
32a64c3d8e
Make auth easier, work automatically and on older redis versions
...
Also, improve check
2015-12-11 10:04:47 -08:00
ac47c87af4
Move Password option to redis mixin
2015-12-11 08:53:11 -08:00
38d0b0a0f2
Wire in @all3g's redis auth code
2015-12-11 08:42:59 -08:00
555e52e416
Document the redis upload process more
2015-12-10 09:35:46 -08:00
00f72b279b
Cleaner printing when in verbose
2015-12-10 09:12:54 -08:00
21ab4e96e5
First pass at redis mixin
2015-12-10 08:29:59 -08:00
07ef09e0b6
Avoid Msf::Module::Platform
...
We don't know how to generate an exe payload if the platform is
Msf::Module::Platform, so don't use it.
2015-12-08 21:40:30 -06:00
9e52663705
Doc
...
Fix #6330
2015-12-08 21:24:39 -06:00
11c1eb6c78
Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails
...
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
2015-12-08 21:13:23 -06:00
5b27d3a99c
This looks right
2015-12-08 20:42:35 -06:00
cea8c40432
Fix generate_payload_exe for generic payload support
...
Platform can be seen from different sources:
1. From the opts argument. For example: When you are using
generate_payload_exe, and you want to set a specific platform.
This is the most explicit. So we check first.
2. From the metadata of a payload module. Normally, a payload module
should include the platform information, with the exception of
some generic payloads. For example: generic/shell_reverse_tcp.
This is the most trusted source.
3. From the exploit module's target.
4. From the exploit module's metadata.
Architecture shares the same load order.
2015-12-08 20:26:07 -06:00
080ec26afb
Land #4489 , Update SMB admin modules to use Scanner & fixes
2015-12-08 14:49:26 -06:00
0cb18004ec
Rubocop
2015-12-05 15:28:56 +00:00
61ad1a60f5
Removed EOL spaces (msftidy)
2015-12-05 15:27:13 +00:00
e190dcb61a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into add_delay_jitter_to_scan
2015-12-05 15:25:11 +00:00
d645052391
Moved the 'add_delay_jitter' function to scanner.rb so that all modules can benefit from it if needed
2015-12-05 15:02:31 +00:00
14b1b3a1f0
Land #6299 , Stageless HTTP(S) Python Meterpreter
2015-12-04 16:16:54 -06:00
d7aeabbb71
Land #6293 , listener bind_port fix
2015-12-02 13:16:23 -06:00
58cf9f4fcd
Land #6301 for sure, @busterb's REALLY wants to delete go_pro :)
2015-12-02 09:38:40 -06:00
545e8a2ea0
Land #6301 , @busterb removes the go_pro command
2015-12-02 09:28:08 -06:00
6d3c4868a3
Land #6286 , bind port display in jobs
2015-12-02 02:21:14 -06:00
098c573f82
Land #6291 , DisablePayloadHandler Boolean fix
...
Nice call with Regexp#===, @wchen-r7. :)
2015-12-02 02:17:59 -06:00
fbeaeb2877
remove more unneeded machinery for go_pro
2015-12-01 22:32:50 -06:00
6ab2919c40
remove go_pro command
2015-12-01 15:29:21 -06:00
388edd3207
Fix the scheme for the pymet ProxyHandler
2015-11-30 13:45:24 -05:00
fba9715a56
Add stageless python meterpreter http & https payloads
2015-11-28 17:41:55 -05:00
0c8eb6fb37
Display ReverseListenerBindPort if it is set
...
ReverseListenerBindPort overrides LPORT if it is used. The `listener_uri`
method should use the output `bind_port` to account for this.
2015-11-27 09:16:20 +00:00
c888726a1a
Fix #6287 , check DisablePayloadHandler value in exploit.rb
...
It looks active_module datastore options are always strings. They
are actually different than what the module uses (normalized), so
we have to always have to check it.
2015-11-26 18:30:31 -06:00
e5119e6446
use payload_uri's result to derive lhost / lport
2015-11-26 15:21:51 -06:00
216119c05c
unfold override lhost/lport logic
2015-11-26 15:15:21 -06:00
1b495e73ac
Further reduce python reverse_http duplicate code
2015-11-26 14:31:00 -05:00
bd25ffa48c
Consolidate py reverse http uri code into a mixin
2015-11-26 13:32:50 -05:00
f4d35116bd
land #6288 , fix regression using non-default port with reverse_http
2015-11-26 11:04:24 -06:00
d9655fc882
Use LPORT if opts[:lport] is undefined
...
`nil.to_i` returns 0 which will short circuit the || resulting in port 0
being used. nil should be checked for prior to casting to int.
2015-11-26 16:08:22 +00:00
87507e19a9
Change job view to show bind port if applicable
2015-11-26 16:18:00 +10:00
776455d10a
Add another sound and event
...
Add sound: "We've got a shell"
Add event on_session_fail
2015-11-25 22:46:51 -06:00
8923252de7
Land #6259 , NoMethodError in vim_soap.rb fix
...
We haven't been able to get the XML data that would cause the error, all we have is a backtrace. So "verification" is purely code reading. Thanks @wchen-r7
Fixes #6085
Merge remote-tracking branch 'origin/pr/6259'
2015-11-24 17:33:35 -06:00
7ad8adf67f
Land #6240 , change default SMBDomain to '.'
2015-11-24 12:58:46 -06:00
5303079ba4
Land #6262 , local exploit add not implemented error
2015-11-23 14:23:13 -06:00
5654b6b2e2
Land #6227 , reverse_hop_http updates and HTTPS unification
2015-11-23 06:29:15 -06:00
25f2241aa3
Land #6246 , show the user errors from create_session
2015-11-23 06:01:08 -06:00
353cad2cc6
Update to match active & github account merge
2015-11-22 13:38:26 -06:00
b636aeb303
rm print_warning
2015-11-20 19:38:33 -06:00
d405f31c35
Add a NotImplementedError if run is used to run a local exploit
...
Running a local exploit like a post is not currently supported,
we should at least raise a warning or something, and not just
let it backtrace and confuse the user.
2015-11-19 14:31:31 -06:00
a78fa7c3d9
Fix #4273 , print error in create_session
...
Fix #4273
2015-11-16 17:17:20 -06:00
708cbe9479
change the default SMBDomain to .
...
Due to a recent change using WORKGROUP
as the SMBDomain causes Trust errors.
Using '.' instead works fine.
2015-11-16 12:20:27 -06:00
a1ab8f1dc7
added Session info display to module output
...
output from the mssql_local_auth_bypass module
is now prefixed with the Session id and address
of the target host so it is explicitly clear
where it is performing each action
MS-706
2015-11-16 12:13:26 -06:00
06a5b5b0bd
Land #6234 , Host header transport
2015-11-14 11:35:47 -06:00
cd4aa28d11
Transport priority changes
...
Pass in the "lhost" and "lport" options to the default transport during the native payload. This takes the following LHOST priorities:
1. OverrideLHOST, only if OverrideRequestHost is TRUE
2. The request Host: header.
3. The LHOST datastore.
2015-11-13 13:21:46 +00:00
9d9865150b
Transport priority changes
...
Default transport request should set the priority to the Host: request header, and the subsequent OverrideRequestHost, OverrideLHOST, and OverrideLPORT options in the handler for reverse_http(s).
2015-11-13 13:19:01 +00:00
0e121df69d
Need a default template
...
The set_template_default actually needs the second argument,
otherwise we hit a RuntimeError.
2015-11-12 15:17:03 -06:00
aaea730508
Fix #6213 - Method to_linux_x86_elf fails to set set :template
...
:template by default is just the base name of the file, not the
fullname. Before we use it, we need to normalize it. Methods
in this class rely on set_template_default for normalization (
which can also handle a custom path), so we'll just use that too.
Fix #6213
2015-11-12 15:07:58 -06:00
8703987535
Add HTTPS and new transport support for hop
2015-11-11 21:25:23 -06:00
15eb135295
Resolve merge conflicts
2015-11-09 18:15:40 -08:00
ceaf7440a7
Send full message
2015-11-06 12:15:17 -06:00
19652e79c3
Delete comments
2015-11-06 12:15:07 -06:00
ca1502c00a
Fix SMTP send_message to not block
2015-11-06 12:14:59 -06:00
a71d7ae2ae
Land #6089 , @jvazquez-r7 Fix HTTP mixins namespaces
2015-11-05 16:56:41 -06:00
596b2b025d
Land #6173 , improve advanced, info, and options
2015-11-04 13:40:49 -06:00
4d8ea7fb5c
Refactor more common stuff out of reverse handlers
2015-11-03 23:21:47 -06:00
1fbc4da36c
Fix tab completion for set StageEncoder
2015-11-03 17:32:41 -05:00
7c2f9531d9
Don't stack trace if listener is on a dead session
2015-11-03 08:31:33 -06:00
9b5149fc64
Land #6147 , report_vuln for CheckCode::Vulnerable
2015-11-02 17:24:06 -06:00
a4c260f7be
Simplify docs
2015-11-02 09:51:40 -08:00
0dc6f6605b
Remove errant options print
2015-11-02 09:48:48 -08:00
f629f98fdc
Resolve 6174, require meterpreter_options
2015-10-31 18:47:22 +05:00
be23da1c1f
Merge branch 'upstream-master' into land-6120-python-stageless
2015-10-30 17:26:26 -05:00
c54f034f62
Correct help feature
2015-10-30 12:34:34 -07:00
377017a2d5
Include module name in advanced options output
2015-10-30 11:54:44 -07:00
0091a05fa6
Add 'advanced' and 'options' commands to mirror 'info'
2015-10-30 11:54:40 -07:00
6bfa6095c6
Add 'show info'; just calls 'info'
2015-10-30 11:54:35 -07:00
977b3449b7
Fix #6085 , NoMethodError in vim_soap.rb
...
Fix #6085
2015-10-30 11:02:02 -05:00
344e8a6f90
Refactor common reverse options
2015-10-29 15:15:20 -05:00
46159f5dbe
Back out the Comm stuff for HTTP
2015-10-29 14:22:34 -05:00
4e20b8f369
Fix #5875 , Add report_vuln for Msf::Exploit::CheckCode::Vulnerable
...
Msf::Exploit::CheckCode::Vulnerable requires the module to be
explicit, as in actually triggering the bug and get a vulnerable
response, therefore it should be appropriate to use report_vuln
to report it.
Other vuln check codes (such as Appears, or Detected, etc) will
not call report_vuln, because it's not explicit enough.
2015-10-29 13:22:59 -05:00
657a5481dc
fix rpc session conditional to allow powershell read/write
2015-10-28 11:49:32 -05:00
43dbdcea76
Removed process_autoruns from mainframe_shell
...
Removed process_autoruns until we can write a fully compatible one or
fully regression test the existing. Likely the former because of
encoding issues
2015-10-26 14:55:40 -05:00
bbc1e43149
Remove raise, since it broke things
...
Need to pass through silently.
2015-10-26 14:45:21 -05:00
43eae0b97f
Clean up Msf::Sessions::MainframeShell
2015-10-26 12:15:45 -05:00
d53be873dc
Updating master to metasploit/master
2015-10-26 09:24:24 -05:00
71b8c97f0e
Always print PAYLOAD and LPORT in 'jobs'
2015-10-24 14:48:03 -05:00
f2b4737e4a
Land #6127 , Fix #3859 Add support for registry_key_exist?
2015-10-23 10:59:57 -05:00
b76192dbcb
Land #6099 , make_nops doesn't take into account all the compatible encoders
2015-10-22 21:26:25 -05:00
d5a010c230
Add support for registry_key_exist?
2015-10-22 16:07:38 -05:00
8bb694fa5c
Add stageless Python Meterpreter for reverse tcp
2015-10-21 18:23:04 -04:00
4b271425c9
s/datstore/datastore/g
2015-10-20 13:05:49 -05:00
28ca34c40a
Fix conflicts
2015-10-16 15:38:59 -05:00
d51f0ebd4c
Refactor "via" string into a method
2015-10-16 15:08:00 -05:00
d85412b0fb
Complete fix for generation of nop sleds
2015-10-16 14:01:00 -05:00
b788772215
break only if 'make_nops' is able generate the nop sled
2015-10-16 13:28:37 -05:00
7da3b4958e
Change mixins namespaces
2015-10-15 10:35:07 -05:00
6571a8f2c3
Move http apps mixins to the old convention folder
2015-10-15 10:22:54 -05:00
8057b3edae
Fix specs to pass again
2015-10-15 09:40:39 -05:00
db5d83a40a
Move namespaces
2015-10-15 09:17:06 -05:00
5e39814860
Move to the old convention folder
2015-10-15 09:03:03 -05:00
1c880b933f
Land #6066 , remove empty, duplicate options for EXITFUNC
2015-10-14 10:34:36 -05:00
2a2d8d941d
Land #6054 , HTTP Host header injection module
2015-10-13 23:37:31 -05:00
c642057fa0
Clean up module
2015-10-13 12:03:41 -05:00
ed0b9b0721
Land #6072 , @hmoore-r7's lands Fix #6050 and moves RMI/JMX mixin namespace
2015-10-10 00:24:12 -05:00
a590b80211
Update autoregister_ports, try both addresses for the MBean
2015-10-09 20:20:35 -07:00
cd2e9d4232
Move Msf::Java to the normal Msf::Exploit::Remote namespace
2015-10-09 13:24:34 -07:00
5e9faad4dc
Revert "Merge branch using Rex sockets as IO"
...
This reverts commit c48246c91c3cd9dc4fde
2015-10-09 14:09:12 -05:00
3aa7b513d5
Delete safe_get_once
2015-10-09 13:34:38 -05:00
8670224ea0
Prefer do/end
2015-10-09 11:26:33 -05:00
eabe742b9d
Expose the timeout betweed reads as mixin option
2015-10-09 11:17:44 -05:00
5fab1cc71a
Add loop timeout
2015-10-09 11:05:05 -05:00
b16c284395
Determine comm from ReverseListenerComm in reverse_http
...
Also some copypasta from reverse_tcp to display where we started the
listener.
2015-10-09 08:54:01 -05:00
bef7562823
Fixed Typo
2015-10-09 06:39:02 -05:00
6549f48d4e
Added new class MainframeShell for mainframe(z/os)
...
This class is built upon and overrides certain methods in the generic
CommandShell class. Primarily it is here to control when and if bytes
sent to/from mainframe (z/os) targets get encoded/decoded from cp1047
(ebcdic<->ascii). This would be the default shell for upcoming
mainframe based payloads.
2015-10-08 17:11:31 -05:00
8aed503ad2
Change EXITFUNC acceptable options
...
This gets rid of the nil option because this is the same as "".
And then we change the empty value to ''.
2015-10-08 16:52:17 -05:00
2f50374bf9
Add SRVHOST tab completion
...
A trivial update to @jlee-r7's code.
2015-10-08 14:01:21 -05:00
946401ec99
Move SSL options out to a mixin
2015-10-07 09:59:12 -05:00
fdbbb5fbf4
Whitespace
2015-10-07 09:56:28 -05:00
711ce1e579
Move ReverseTcpComm to a new directory
...
Reverse::Comm
2015-10-06 14:48:49 -05:00
645a59349a
Select comm in ReverseTcpDoubleSsl as well
...
And don't extend the comm object, that gets handled by the Rex::Socket
system if it's necessary.
2015-10-06 14:33:22 -05:00
6b558010f0
Remove redundant methods included with ReverseTcp
2015-10-05 16:48:37 -05:00
32dbb8c3e0
Land #6051 : check include_send_uuid method support
2015-10-06 07:31:11 +10:00
2769d66bfc
Check if the payload has a include_send_uuid method before calling it
...
Otherwise we get an undefined method exception and the payload fails to stage.
Fixes #6040
2015-10-05 15:13:11 -05:00
32255a4621
Always show the URI and User-Agent for unknown requests
2015-10-05 11:05:05 -05:00
711f11abb8
Clean up some things
2015-10-02 18:35:46 -05:00
dea0142da1
catch network exceptions
2015-10-02 18:26:37 -05:00
c967b60bf8
Land #5948 , @bcook-r7's fix shell_to_meterpreter from powershell
2015-10-02 15:59:43 -05:00
953bfe1a81
Delete typo
2015-10-02 15:29:03 -05:00
2445c1fa32
Land #6012 , Use SSLVerifyMode and SSLCipher from the Exploit::Remote::Tcp
2015-10-02 15:27:47 -05:00
40cb13609a
update SSLVersion to support all options for rex TCP sockets, add 'TLS' alias
2015-10-02 15:26:49 -05:00
6468eb51b2
Do changes to have into account powershell sesions are not cmd sessions
2015-10-02 15:26:42 -05:00
7cd30ef0b8
Land #6031 , delete unused -a db_export option
2015-10-01 14:12:34 -05:00
144bf39038
Land #5998 , fixup PrependMigrate for stageless meterpreter
2015-10-01 11:48:33 -05:00
eb751822d8
Remove dead option in db_export
2015-10-01 10:58:15 -05:00
2ab779ad3d
Land #6010 , capture_sendto fixes
2015-10-01 10:54:24 -05:00
22c424a4c6
Fix CreatProcessA stack alignment in prependmigrate x64
2015-10-01 10:24:13 +10:00
b35a0166bf
Merge branch 'upstream/master' into fix-prepend-https
2015-10-01 09:07:28 +10:00
James Lee
David Maloney
Bigendian Smalls
OJ
wchen-r7
William Webb
thao doan
h00die
William Vu
Trenton Ivey
Brian Patterson
Brent Cook
James Barnett
Brendan Watters
Jon Hart
Louis Sato
darkbushido
RageLtMan
Adam Cammack
Christian Mehlmauer
dmohanty-r7
Rob Fuller
join-us
Rory McNamara
Spencer McIntyre
Justin Steven
greg.mikeska@rapid7.com
f7b053223a9e
Till Maas
HD Moore
Gregory Mikeska
Micheal
Manuel Mancera
Jonathan Harms
joev
Chris Doughty
Tim
Stuart Morgan
Sonny Gonzalez
jvazquez-r7
Jon Cave
Kyle Gray
HD Moore
scriptjunkie
sammbertram
void-in