infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
23,366 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

4789 Commits (ae9ce962c043b41978526cd999463cd94c369089)

Author SHA1 Message Date
Joe Vennix 1235615f5f Add firefox 15 chrome privilege exploit. 
* Moves the logic for generating a firefox addon into its own mixin
* Updates the firefox_xpi_bootstrapped_addon module to use the mixin
* Module only works if you move your mouse 1px in any direction.
 2013-12-18 14:30:35 -06:00
William Vu 252909a609
Land #2448, @OJ's ReverseListenerBindPort :) 2013-12-17 11:24:09 -06:00
Meatballs 6ee1a9c6e1
Fix duplicate error 2013-12-17 00:11:37 +00:00
Meatballs 06b399ee30
Remove ERROR_ 
To access as Error::NO_ACCESS
 2013-12-16 19:52:11 +00:00
Meatballs 08a44fdfb7
Filename match module 2013-12-16 19:48:17 +00:00
Meatballs 57f2027e51
Move to module 2013-12-16 19:45:52 +00:00
Meatballs c9084bd2d5
Remove errant fullstops 2013-12-16 18:53:37 +00:00
Meatballs 75c87faaf8
Add Windows Error Codes to Windows Post Mixin 2013-12-16 18:50:18 +00:00
Meatballs 0c5ac0176f
Undo psh net change 2013-12-16 13:43:40 +00:00
Meatballs dd5b66f827
Undo psh net change 2013-12-16 13:42:37 +00:00
Meatballs 14c0096115
Update template 
Use Copy instead of memset
Remove | Out-Null
 2013-12-16 13:38:14 +00:00
Meatballs 8dfcc8aa77
WaitForThread 2013-12-16 12:44:58 +00:00
Meatballs 637be1bdfa
Should use RIG 2013-12-16 09:19:17 +00:00
Meatballs 0a29176855
Update psh_web_delivery for reflection 2013-12-16 09:08:01 +00:00
Meatballs 7cc99d76ad
Merge remote-tracking branch 'upstream/master' into powershell_auto_arch 
Conflicts:
	lib/msf/util/exe.rb
 2013-12-16 09:07:08 +00:00
Meatballs 819ba30a33 msftidy 
Conflicts:
	lib/msf/core/post/windows/services.rb
 2013-12-15 01:12:46 +00:00
Meatballs a930056d7f Added service status checks to Post::Windows::Services 
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module

Conflicts:
	lib/msf/core/post/windows/services.rb
	lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb
 2013-12-15 01:12:45 +00:00
Meatballs 28f8ac322f
Enable inject 2013-12-14 21:30:52 +00:00
Meatballs 7347cb170c Revert "Enable DLL injection in msfvenom" 
This reverts commit 64e6531bbc.
 2013-12-14 21:26:13 +00:00
jvazquez-r7 83e448f4ae Restore vprint_error message 2013-12-12 09:06:29 -06:00
jvazquez-r7 5c1ca97e21 Create a new process to host the final payload 2013-12-12 08:26:44 -06:00
William Vu ff9cb481fb Land #2464, fixes for llmnr_response and friends 
Fixed conflict in lib/msf/core/exploit/http/server.rb.
 2013-12-10 13:41:45 -06:00
Meatballs bc0c080947
Indentation 2013-12-08 18:18:44 +00:00
Meatballs 64e6531bbc
Enable DLL injection in msfvenom 2013-12-08 18:16:23 +00:00
scriptjunkie f4636c46a6
Removing unused endjunk, sections_end, cert_entry 2013-12-07 20:55:51 -06:00
scriptjunkie 77e9996501
Mitigate metasm relocation error by disabling ASLR 
Deal with import error by actually using the GetProcAddress code.
 2013-12-07 20:54:13 -06:00
scriptjunkie 8d33138489 Support silent shellcode injection into DLLs 
Only run code on DLL_PROCESS_ATTACH, preventing infinite loop otherwise:
Added code would create thread -> calls DLL entry point -> calling added code...
 2013-12-07 19:44:17 -06:00
Meatballs 3aebe968bb
Land #2721 Reflective DLL Mixin 
Adds support to load a dll and identify the ReflectiveLoader offset.
Adds support to inject dll into process and execute it.

Updates kitrap0d, ppr_flatten_rec, reflective_dll_inject modules and
payload modules to use above features.
 2013-12-06 12:26:51 +00:00
OJ 155836ddf9 Adjusted style as per egypt's points 2013-12-06 10:08:38 +10:00
OJ ccbf305de1 Remove exception stuff from the payloads 2013-12-06 09:26:46 +10:00
OJ 5a0a2217dc Add exception if DLL isn't RDI enabled 2013-12-06 09:18:08 +10:00
OJ 2cb991cace Shuffle RDI stuff into more appropriate structure 
Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
 2013-12-06 08:25:24 +10:00
OJ fb84d7e7fe Update to yardoc conventions 2013-12-06 07:54:25 +10:00
sinn3r c7bb80c1d7 Add wvu as an author to author.rb 2013-12-05 00:33:07 -06:00
OJ b936831125 Renamed the mixin module 2013-12-05 08:13:54 +10:00
OJ 7b24f815ee Missed a single module in rename 2013-12-04 22:54:07 +10:00
OJ 7e8db8662e Update name of the mixin 
Changed `RdiMixin` to `ReflectiveDLLInjection`.
 2013-12-04 22:18:29 +10:00
OJ f79af4c30e Add RDI mixin module 
MSF was starting to see more modules using RDI to load binaries into
remote processes, so it made sense to create a mixin which contained
the functionality that was being used in various locations.

This commit contains the new mixin, and adjustments to all the existing
exploits and modules which use RDI.
 2013-12-04 16:09:41 +10:00
sinn3r 4d3d02ae01
Land #2667 - Add num and dword output format 2013-12-02 13:52:17 -06:00
corelanc0d3r 474a03475f sorted out the sorts without .sort 2013-12-02 11:57:52 +01:00
yehualiu 8254c0bae2 this site is down 2013-12-01 14:26:03 +08:00
William Vu 77b036ce5d
Land #2703, uninit const fix for MSSQL_SQLI 2013-11-27 13:50:48 -06:00
jvazquez-r7 a5aca618e2 fix fail_with usage on Exploit::Remote::MSSQL_SQLI 2013-11-27 11:33:19 -06:00
jvazquez-r7 a32c9e5efc Fix fail_with on Exploit::Remote::HttpClient 2013-11-27 11:19:46 -06:00
sinn3r 5d10b44430 Add support for Silverlight 
Add support for Silverlight exploitation. [SeeRM #8705]
 2013-11-26 14:47:27 -06:00
Meatballs b015dd4f1c
Land #2532 Enum LSA Secrets 
With refactoring of common methods from smart_hashdump, hashdump,
cachedump to Windows::Post::Privs
 2013-11-24 18:09:33 +00:00
Meatballs e7dfda00db
Documentation 2013-11-23 22:03:43 +00:00
Meatballs becc521406
Constants, yey 2013-11-23 21:46:11 +00:00
Meatballs 699d13eef1
Share the wealth 
Move LDAP methods to a Post mixin.
 2013-11-23 21:42:09 +00:00
William Vu 8e23119e17
Land #2678, DB_ALL_CREDS should default to false 2013-11-22 23:42:00 -06:00
Tod Beardsley 8fc0a8199e DB_ALL_CREDS should be disabled by default 
[SeeRM #8699]
 2013-11-22 22:16:40 -06:00
corelanc0d3r 66edfe968d Sorting output 2013-11-21 00:57:08 +01:00
Tod Beardsley e88da09894
Land #2660, DLL/service creation for x64 2013-11-20 17:25:16 -06:00
corelanc0d3r 0ea0dc168c set _comment method to js for num and dword 2013-11-20 23:10:55 +01:00
corelanc0d3r 742c52711a added 2 new output types for msfencode: num and dword 2013-11-20 22:36:17 +01:00
Joe Vennix 739c7b4ca2 More dead code and tweaks. 2013-11-20 14:44:53 -06:00
Joe Vennix 3ff9da5643 Remove compression options from client sockets. 
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
 2013-11-20 14:41:45 -06:00
Meatballs 3ed84d1e0b
Remove puts 2013-11-20 20:29:54 +00:00
Meatballs 7253cc73d5
:payload_instance 2013-11-20 20:28:00 +00:00
Meatballs f27194a8ce
Always default to payload options 2013-11-20 20:14:59 +00:00
Meatballs 135dad1f4e
Fix dll/service creation 2013-11-20 20:10:47 +00:00
jvazquez-r7 110e78a1ad
Land #2507, @todb-r7's fix to allow DCERPC misin to use RPORT 2013-11-20 10:21:32 -06:00
Joe Vennix f8b57d45cd Reenable the client SSLCompression advanced option. 
Add spec for some of the additions to Rex::Proto::Http::Client
 2013-11-20 01:03:13 -06:00
Joe Vennix 109fc5a834 Add SSLCompression datastore option. 
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.

This also kills some ruby < 1.9.3 code.
 2013-11-19 22:34:39 -06:00
Meatballs a327321558
Re-do 'exe-small' for scripting payloads. 
Fall back to default x64 exe for ARCH_X86_64
 2013-11-19 21:19:12 +00:00
jvazquez-r7 7435d74c59
Land #2093, @sempervictus MaxChar for Rex::Ui::Text::Table cols 2013-11-19 13:34:45 -06:00
Tod Beardsley ac1fb2d1da
Just use a straight RPORT, don't sneak 593. 
Incidentally, the endmap scanner doesn't appear to work at all for
http-rpc-epmap, so no harm done anyway (tested against Windows 2008
server).

It looks like a bigger change than it realy is, thanks to the indentaton
changes by removing the itertor. Diff this without whitespace changes to
get a better idea of what's actually different.
 2013-11-19 13:29:02 -06:00
jvazquez-r7 34dccaaa1f Clean use of -c on creds command 2013-11-19 13:26:14 -06:00
jvazquez-r7 f690667294
Land #2617, @FireFart's mixin and login bruteforcer for TYPO3 2013-11-18 13:37:16 -06:00
jvazquez-r7 7dd70d4c19 Switch to vprint_debug some mixin messages 2013-11-18 13:33:45 -06:00
jvazquez-r7 ae440130f5 Reduce code complexity easily 2013-11-18 13:25:50 -06:00
jvazquez-r7 f61c1548ee Use verbose by default on mixin error messages 2013-11-18 13:23:05 -06:00
jvazquez-r7 eb8c3ba657 Switch to normal indentation 2013-11-18 13:20:49 -06:00
James Lee 0aef145f64 Merge remote-tracking branch 'upstream/master' into land-2532-enum-lsa 2013-11-13 18:11:21 -06:00
James Lee 8471f74b75
Refactor ivar to a more reasonable method 
Also changes jtr output for cachedump to produce hashes that can be
auto-detected as mscash2 format for a better user experience.
 2013-11-13 18:09:41 -06:00
James Lee 16627c1bd3
Add spec for capture_lsa_key 2013-11-13 15:16:34 -06:00
William Vu 6bd82d8589
Land #2636, Win8 for {constants,platform}.rb 2013-11-13 14:20:52 -06:00
sinn3r 3a923422a3 Update class for Win 8 2013-11-13 13:27:44 -06:00
James Lee 3168359a82
Refactor lsa and add a spec for its crypto methods 2013-11-13 11:55:39 -06:00
Tod Beardsley 74df9bd037
Bump version number since 4.8.0 is out 2013-11-13 11:42:31 -06:00
sinn3r 8e90116c89 Add Win 8 to constants 2013-11-13 11:38:27 -06:00
jvazquez-r7 ef6d9db48f
Land #2613, @wchen-r7's BrowserExploitServer mixin 2013-11-12 17:33:12 -06:00
sinn3r fbe1b92c8f Good bye get_resource 2013-11-12 17:25:55 -06:00
Tod Beardsley 2035983d3c
Fix a handful of msftidy warnings, and XXX SSL 
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints

[SeeRM #8498]
 2013-11-11 21:23:35 -06:00
sinn3r cf8f2940b0 Oops, this is the right filename 2013-11-11 15:45:11 -06:00
sinn3r 85150823cd rename again 2013-11-11 15:44:27 -06:00
Tod Beardsley 8c1d7d936b Revert "Fix conflcit lib/msf/util/exe.rb" 
This was causing build failures:

https://travis-ci.org/rapid7/metasploit-framework/builds/13816889

It looks like there were a whole bunch of changes that weren't intended.

This reverts commit 3996557ec6, reversing
changes made to 62102dd1f9.
 2013-11-11 13:48:39 -06:00
sinn3r 6a840fc169 Move file to get a matching name 2013-11-11 12:41:03 -06:00
sinn3r 3996557ec6 Fix conflcit lib/msf/util/exe.rb 
Conflicts:
	lib/msf/util/exe.rb
 2013-11-11 11:43:09 -06:00
sinn3r 62102dd1f9
Land #2544 - Vbs minimize 2013-11-11 11:14:56 -06:00
sinn3r 33f65dd611
Land #2577 - Use base64 to reduce psh-net payload size 2013-11-11 10:21:20 -06:00
OJ 063da8a22e Update reverse_https_proxy stager/handler 
This change updates the proxy handler code, which for some reason was
ommitted in the orginal commits. This now uses the same mechanism as
the new code. It removes `HIDDENHOST` and `HIDDENPORT`, and instead
uses `ReverseListenerBindHost` and `ReverseListenerBindAddress`.
 2013-11-11 22:21:05 +10:00
sinn3r 866f240337 A little update on documentation 2013-11-07 17:06:43 -06:00
sinn3r 32b12609bd Forgot to pass optional headers 2013-11-07 16:50:58 -06:00
FireFart bdd33d4daf implement feedback from @jlee-r7 2013-11-07 23:07:58 +01:00
FireFart aab4d4ae76 first commit for typo3 2013-11-07 22:38:27 +01:00
sinn3r 991240a87e Support java version detection 2013-11-07 00:54:52 -06:00
sinn3r 3e1771aa77 Being able to pass binding when we need to 2013-11-07 00:12:29 -06:00
sinn3r 23996ec32c Fix up some things 2013-11-06 22:47:02 -06:00
sinn3r c338f7a8c0 Change how requirements are defined, rspec, etc 2013-11-06 14:01:29 -06:00
sinn3r c92116060e Forgot to rm this line 2013-11-06 01:53:46 -06:00
sinn3r f2e4d5507c More rspec 2013-11-06 01:45:40 -06:00
sinn3r 636adc81de Add rop_junk and rop_nop 2013-11-06 01:04:33 -06:00
sinn3r 65c96a1f45 Allow the module to be target specific 2013-11-06 00:57:53 -06:00
sinn3r 63d3c7e8bb Put proxy headers in a constant 2013-11-05 16:33:36 -06:00
sinn3r 73701462ed Fix ActiveX. Use ERB for Javascript detection code. 2013-11-05 16:26:41 -06:00
James Lee 36f96d343e Revert "Revert "Land #2505" to resolve new rspec fails" 
This reverts commit e7d3206dc9.
 2013-11-05 13:45:00 -06:00
sinn3r 9c6b187cc6 stuff 2013-11-05 11:05:33 -06:00
sinn3r 0513dad789 -_- 2013-11-05 10:30:37 -06:00
sinn3r 9d1742ac47 Fix typos 2013-11-05 10:15:53 -06:00
sinn3r 8fb2b943be Add ActiveX detection 2013-11-05 01:34:56 -06:00
sinn3r 5f2d8358c0 Be more browser specific with Javascript generation 2013-11-05 01:04:52 -06:00
sinn3r 844daf0e00 No regex for get_resource checking 2013-11-04 17:49:43 -06:00
sinn3r 054a525f35 Change profile data structure 2013-11-04 17:46:36 -06:00
sinn3r ef57a38274 Move documentation about profile structure 2013-11-04 16:47:15 -06:00
OJ 12810580d6 Remove arg for bind port/addr functions 
Done to avoid masking of datastore instance variable.
 2013-11-05 06:56:21 +10:00
sinn3r 9c8ecd2ede Fix encoding order 2013-11-04 14:06:42 -06:00
sinn3r d970925cbf Fix encoding bug 2013-11-04 13:45:29 -06:00
sinn3r 23e5a9f048 Force on_request_exploit override 2013-11-04 12:54:52 -06:00
sinn3r e83f4e5120 Use a warning 2013-11-04 12:54:41 -06:00
sinn3r 25787fbaa7 Change has_proxy? 2013-11-04 12:52:15 -06:00
sinn3r c6fb570480 Correct bad method naming 2013-11-04 12:35:04 -06:00
sinn3r 016e686bcf super chomp 2013-11-04 12:28:22 -06:00
sinn3r c3d9f4064c They are symbols not strings 2013-11-04 12:10:39 -06:00
sinn3r 0337e6ff54 Do yard documentation 2013-11-04 12:09:59 -06:00
sinn3r abc06aa8aa Use mutex 2013-11-01 11:35:23 -05:00
sinn3r 5fb261a974 Change var name 2013-10-31 23:48:41 -05:00
sinn3r d54c8a359b Fix bug in proxy detection 2013-10-31 23:42:43 -05:00
sinn3r 7a33c48a0f No double slash 2013-10-31 23:17:38 -05:00
sinn3r 5851d502b5 Rename some stuff 2013-10-31 23:12:20 -05:00
sinn3r 21891a8337 Make sure the browser can't retry by going to the first URL 2013-10-31 23:08:17 -05:00
sinn3r 94d62613ab Pretty much done with these, remove these comments. 2013-10-31 19:04:11 -05:00
sinn3r 828ef9c64c Adds target-specific payload generator 2013-10-31 18:54:01 -05:00
sinn3r 8a0ebcbac7 Adds method get_module_resource 2013-10-31 14:34:38 -05:00
sinn3r 10fd892827 Fix a "undefined method to_sym" bug 
If something is undetectable, the value may be empty, which triggers
a undefined method error because the regex always assumes there is
something. So instead of +, we use *.
 2013-10-31 14:06:05 -05:00
sinn3r 6e7e5a0ff9 Put postInfo() in the js directory 2013-10-31 13:55:22 -05:00
sinn3r 00efad5c5d Initial commit for BrowserExploitServer mixin 2013-10-31 13:17:06 -05:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib 
It wasn't just cmdstager_printf.rb. :/
 2013-10-30 19:51:25 -05:00
William Vu 3e1ae4c9b3
Land #2504, @todb-r7's edit command for msfconsole 2013-10-30 15:38:07 -05:00
Tod Beardsley 900ccc7ec9
VISUAL is okay. Also doesn't need to be a path. 
I don't believe this opens an untoward attack vector -- if your attacker
can run Metasploit locally, you have much bigger problems.
 2013-10-30 15:34:23 -05:00
William Vu 333a0d5820 chmod -x cmdstager_printf.rb 2013-10-28 18:47:14 -05:00
Tod Beardsley 4bf041ec46
Use Rails, not Ruby, time formats. 
Since MSF now equires ActiveSupport, may as well reference it correctly.
 2013-10-25 11:52:54 -05:00
Tod Beardsley b781e58a67
Unformat the prompt and promptchar 2013-10-25 11:40:28 -05:00
jvazquez-r7 0084f32ca2 Print default values when unset options 2013-10-25 11:21:42 -05:00
Meatballs e18dd3ec0b
Use base64 to reduce size 2013-10-25 01:19:43 +01:00
ethicalhack3r 6f605fb009 Typo 2013-10-24 16:33:26 +02:00
Tod Beardsley b5f26455a3
Land #2545, javascript library overhaul 2013-10-23 16:12:49 -05:00
sinn3r caf41f34bf
Land #2562 - Fix RM 8510 (FileDropper) 2013-10-22 21:45:33 -05:00
sinn3r acc73dd545
Land #2282 - BypassUAC now checks if the process is LowIntegrityLevel 2013-10-22 17:16:26 -05:00
jvazquez-r7 7d1dc3746f Use the @schierlm's command 2013-10-22 16:19:49 -05:00
Tod Beardsley dc0d9ae21d
Land #2560, ZDI references 
[FixRM #8513]
 2013-10-22 15:58:21 -05:00
Meatballs 8611a2a24c
Merge remote-tracking branch 'upstream/master' into low_integ_bypassuac 2013-10-22 21:42:36 +01:00
sinn3r ba1edc6fa8
Land #2402 - Windows Management Instrumentation Local -> Peers 2013-10-22 15:39:32 -05:00
jvazquez-r7 4ad9bc5efe Try to [FixRM #8510] 2013-10-22 08:42:14 -05:00
sinn3r afcce8a511 Merge osdetect and addonsdetect 2013-10-22 01:11:11 -05:00
sinn3r 99d5da1f03 We can simplify this 2013-10-21 20:22:45 -05:00
sinn3r 9a3e719233 Rework the naming style 2013-10-21 20:16:37 -05:00
William Vu 9258d79978 Add ZDI references to reference.rb 2013-10-21 15:13:46 -05:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
Tod Beardsley e7d3206dc9
Revert "Land #2505" to resolve new rspec fails 
This reverts commit 717dfefead, reversing
changes made to 6430fa3354.
 2013-10-21 12:47:57 -05:00
William Vu 717dfefead
Land #2505, missing source fix for sock_sendpage 2013-10-21 11:47:55 -05:00
Meatballs1 58a82f0518 Update exe.rb 
Rename values
 2013-10-21 13:50:07 +01:00
sinn3r 8a94df7dcd Change category name for base64 2013-10-18 21:20:16 -05:00
Tod Beardsley ffcb86eba2
Land #2541, Outpost24 importer 
Sample data is currently secret. If we get a hold of non-secret sample
data, it'll be tacked on to the Redmine bug referenced below.

[FixRM #8384]
 2013-10-18 13:21:58 -05:00
Meatballs 2ef89eaf35
Randomize exe name 2013-10-18 19:01:28 +01:00
Meatballs 56aa9ab01c
Reduce size 2013-10-18 18:59:30 +01:00
Meatballs 4e4d0488ae
Rubyfy constants in privs lib 2013-10-18 18:26:07 +01:00
sinn3r 6f04a5d4d7 Cache Javascript 2013-10-18 12:23:58 -05:00
sinn3r b0d614bc6a Cleaning up requires 2013-10-18 01:47:27 -05:00
Meatballs e450e34c7e
Merge branch 'master' of github.com:rapid7/metasploit-framework into low_integ_bypassuac 
Conflicts:
	modules/exploits/windows/local/bypassuac.rb
 2013-10-17 23:35:36 +01:00
Meatballs 5a662defac
Post::Privs uses Post::Registry methods 2013-10-17 23:28:07 +01:00
sinn3r c926fa710b Move all exploitation-related JavaScript to their new home 2013-10-17 16:43:29 -05:00
Tod Beardsley 72a052942f
Methodize the editor variable as local_editor 2013-10-17 14:11:20 -05:00
Rob Fuller 8f2ba68934 move decrypt_lsa and decrypt_secret to priv too 2013-10-17 00:04:21 -04:00
Rob Fuller 541d932d77 move decrypt_lsa to priv as well 2013-10-16 23:53:33 -04:00
Rob Fuller 60d8ee1434 move capture_lsa_key to priv 2013-10-16 23:45:28 -04:00
Rob Fuller 1a9fcf2cbb move convert_des_56_to_64 to priv 2013-10-16 23:39:07 -04:00
Rob Fuller 1a85bd22a8 move capture_boot_key to post win priv 2013-10-16 22:46:15 -04:00
sinn3r 4c91f2e0f5 Add detection code MS Office 
Add detection code for MS Office XP, 2003, 2007, 2010, and 2012.

[SeeRM #8413]
 2013-10-15 16:27:23 -05:00
William Vu 38965f91ee Add Outpost24 importer code to core/db.rb 2013-10-15 15:32:28 -05:00
James Lee 676f12e50e Import the new plaintext export format 
Also:
* Import John the Ripper's plaintext from cracked NTLM hashes in the
  same way
* Don't choke on : in passwords when reading JtR's output
* Fix some whitespace
* Show a count of inactive creds if there are any instead of acting like
  they don't exist
 2013-10-15 15:12:18 -05:00
William Vu 35dd94f0ac Land #2518, uninitialized JavascriptOSDetect fix 2013-10-14 13:32:04 -05:00
sinn3r e10dbf8a5d
Land #2508 - Add nodejs payloads 2013-10-14 12:23:31 -05:00
sinn3r da3081e1c8 [FixRM 8482] Fix uninit constant Rex::Exploitation::JavascriptOSDetect 
This fixes an uninit constant Rex::Exploitation::JavascriptOSDetect
while using a module with js_os_detect. It was originally reported
by Metasploit user @viniciuskmax

[FixRM 8482]
 2013-10-14 11:40:46 -05:00
James Lee 60f5567511 Output plaintext creds in a way john can use them 2013-10-13 13:36:03 -05:00
joev c7bcc97dff Add SSL support to #nodejs_reverse_tcp. 2013-10-12 03:32:52 -05:00
joev 6440a26f04 Move shared Node.js payload logic to mixin. 
- this fixes the recursive loading issue when creating a payload
  inside the cmd payload
- also dries up some of the node cmd invocation logic.
 2013-10-12 03:19:06 -05:00
Tod Beardsley 4d76e8e9ac
Add RPORT to the list of DCERPC ports to check 
[FixRM #8479]
 2013-10-11 16:23:38 -05:00
Tod Beardsley 423b490168
Use Rex::Compat.getenv instead 
Also, this would deprecate out the editor plugin.
 2013-10-11 10:42:13 -05:00
Tod Beardsley a7025fca3d
msfconsole 'edit' command 
Useful for quick editing a module during development / bug fixing. I
don't really see a security issue with running a command defined in the
user's VISUAL or EDITOR environment variables;  if the user can run
msfconsole to begin with, there are better ways to get into trouble.
 2013-10-10 23:00:25 -05:00
Meatballs 9ca9b4ab29
Merge branch 'master' into data_dir 
Conflicts:
	lib/msf/core/auxiliary/jtr.rb
 2013-10-10 19:55:26 +01:00
Tod Beardsley 4f1e71e222
Also this isn't Lua. Deal with commas. 2013-10-09 17:30:57 -05:00
Tod Beardsley c8dc251042
Alphabetize authors 
Because alphabetizing is cool and makes it easy for humans to find
things in long array lists quickly.

Also, I need to keep my lines changed count up.
 2013-10-09 17:29:17 -05:00
James Lee 947925e3a3 Use a proper main signature with arguments 
Allows us to `unlink(argv[0])`
 2013-10-09 17:22:01 -05:00
Tod Beardsley 9d34a8c894
Land #2465, deal with missing cpuinfo bins 
[FixRM #8456]

Thanks @ZeroChaos!
 2013-10-09 13:03:48 -05:00
Tod Beardsley 356263df56
Litter some more rescue nil's in there 
I hate them but they were there when I got there.

A more sane way to deal with this should happen someday.
 2013-10-09 12:17:13 -05:00
Tod Beardsley f95da649f8
Deal with missing bins, too. 
This could be way more DRY. At least there's a YARD-ish comment.

This fixes up https://github.com/rapid7/metasploit-framework/pull/2465
to be a more complete solution.

[SeeRM #8465]
 2013-10-09 12:13:44 -05:00
jvazquez-r7 2593c06e7c
Land #2412, @mwulftange's printf cmd stager 2013-10-08 09:08:29 -05:00
Tod Beardsley ff6dec5eee
Promote joev to a first class citizen 
[See #2476]
 2013-10-07 12:40:43 -05:00
Markus Wulftange 836ff24998 Clean and fix CmdStagerPrintf 
Clean up of the CmdStagerPrintf as discussed in mwulftange#1
 2013-10-05 10:39:55 +02:00
ZeroChaos 5f4e4de267 fix for bug 8456 
On systems without bundled johntheripper (either by removing the bundled version or by no compatible version shipped) the system john is used.  In this case, all of the checking for compatible bundled jtr makes no sense and as such we can shortcut out of this to not only reduce the size of msf (for embedded) but also to speed execution (saving multiple calls to some random bundled binary cpuinfo*.bin).

This patch makes it very easy to simply remove cpuinfo and msf will not try to run it when missing and default to running john from the path.
 2013-10-04 15:58:47 -04:00
James Lee 541833e2cc Convert llmnr_response to use Net::DNS 
* Allows responding to AAAA requests in addition to the existing A
  support
* Prevents problems when recvfrom returns a mapped address like
  "::ffff:192.0.2.1"

Also:

* Fix a few typos
* capture: Don't shadow a method name (arp) with a local variable
* capture: Handle the case where our UDP send hits an ENETUNREACH
 2013-10-04 12:35:30 -05:00
Meatballs c460f943f7
Merge branch 'master' into data_dir 
Conflicts:
	modules/exploits/windows/local/always_install_elevated.rb
	plugins/sounds.rb
	scripts/meterpreter/powerdump.rb
	scripts/shell/spawn_meterpreter.rb
 2013-10-02 20:17:11 +01:00
James Lee b822a41004 Axe errant tabs and unused vars 2013-10-02 13:47:39 -05:00
Meatballs 29a7059eb4
Update AlwaysInstallElevated to use a generated MSI file 
Fixes bugs with MSI::UAC option, invalid logic and typo...
 2013-09-29 17:09:03 +01:00
Meatballs 8aeb134581
Retab... 2013-09-27 20:40:16 +01:00
OJ 58cd2c796e Add a bind port setting to reverse listeners 
This adds a `ReverseListenerBindPort` advanced setting to the reverse listeners whic
allows for the local bind port to be separated from the `LHOST` setting used in the
payload. This means that listeners can bind to different ports in cases where the
attacker isn't able to listen on the same port that the victim can call out on, but
there are NATs/portforwards/whatever in place that allow the connection to happen.
 2013-09-28 05:38:39 +10:00
Meatballs 6ca01adf1d
Merge branch 'master' into msi_payload 
Conflicts:
	lib/msf/util/exe.rb
 2013-09-27 20:37:40 +01:00
Meatballs 34c443f346
Forgot msi-nouac 2013-09-27 20:36:00 +01:00
Meatballs 8a9843cca6
Merge upstream/master 2013-09-27 20:02:23 +01:00
Tab Assassin c94e8a616f Retabbed to catch new bad tabs 2013-09-27 13:34:13 -05:00
Meatballs 8b800cf5de Merge and resolve conflicts 2013-09-27 18:19:23 +01:00
Tod Beardsley 869c10af04
Land #2396, aspx-exe shellcode generator 
Looks good to me, specs are all happy (also added a #to_h spec)
 2013-09-27 11:42:16 -05:00
Meatballs 3d812742f1 Merge upstream master 2013-09-26 21:27:44 +01:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
Meatballs a25833e4d7 Fix %TEMP% path 2013-09-26 19:22:36 +01:00
Tod Beardsley 8696b5d2dc
Fix bug on missing hosts for SunRPC Portmap 
Also cleans up and normalizes the print messages to follow the
conventions of "host:port - proto - message"

[FixRM #8409], reported by Chris F.
 2013-09-26 09:42:38 -05:00
jvazquez-r7 58d4096e0f Resolv conflicts on #2267 2013-09-25 13:06:14 -05:00
joev 99e46d2cdb Merge branch 'master' into cve-2013-4660_js_yaml_code_exec 
Conflicts:
	modules/exploits/multi/handler.rb
 2013-09-25 00:32:56 -05:00
FireFart 617f6d53fe user_id starts at 1 2013-09-24 23:41:02 +02:00
FireFart 7a2762f4a7 more regexes 2013-09-24 20:20:06 +02:00
FireFart dc8f94bac1 Added wordpress version detection 2013-09-24 08:59:56 +02:00
FireFart e1aefe07e1 clarify documentation 2013-09-24 00:08:33 +02:00
FireFart 7c4708b1df -) Fix get_cookies to return multiple cookies. Before it only returned the first cookie 
-) Bugfix
 2013-09-23 23:59:45 +02:00
Tod Beardsley 8db1a389eb
Land #2304 fix post module require order 
Incidentally resolve conflict on current_user_psexec to account for the
new powershell require.
 2013-09-23 16:52:23 -05:00
FireFart bfe88fa089 added wordpress login checks for 2.0 and 2.5 2013-09-23 23:32:31 +02:00
Markus Wulftange 9353929945 Add CmdStagerPrintf 2013-09-23 22:02:29 +02:00
Meatballs 695fdf836c Generate NonUAC MSIs 2013-09-21 13:13:18 +01:00
Meatballs 85ea9ca05a Merge branch 'master' of github.com:rapid7/metasploit-framework into msi_payload 2013-09-21 12:49:38 +01:00
Joe Vennix a08d195308 Add Node.js as a platform. 
* Fix some whitespace issues in platform.rb
 2013-09-20 18:14:01 -05:00
jvazquez-r7 87f75e1065 Complete CmdStagerEcho code doc 2013-09-20 13:24:53 -05:00
Meatballs 7d1c5c732a Correct powershell 2013-09-20 18:36:24 +01:00
Meatballs 3dd75db584 Address feedback 2013-09-20 17:20:42 +01:00
Meatballs a00f3d8b8e initial 2013-09-20 13:40:28 +01:00
Tod Beardsley e9e1b28ba8
Land #2371, echo -e cmd stager 2013-09-19 14:47:39 -05:00
Meatballs 11bdf5d332 New pull 2013-09-19 19:57:38 +01:00
James Lee 8fe9132159
Land #2358, deprecate funny names 2013-09-18 14:55:33 -05:00
James Lee 595820382e Fix lying documentation 2013-09-17 20:58:29 -05:00
James Lee a0d113d754 Fix a bug that deleted too many hosts 
When running a command that takes host ranges as arguments (e.g.,
`hosts`, `services`), the arguments get parsed by
Rex::Socket::RangeWalker. If RangeWalker was unable to parse, it would
return nil, which in this context means "all hosts." If the user is
searching, they get all hosts instead of the ones they were interested
in -- this is annoying, but not too big a deal. Unfortunately, the same
logic applied when *deleting* hosts, with `hosts -d ...`, causing all
hosts to be deleted when giving it an invalid range.
 2013-09-17 20:51:41 -05:00
James Lee 150f0f644e Merge branch 'rapid7' into bug/osx-mods-load-order 
Conflicts:
	modules/post/windows/gather/enum_dirperms.rb
 2013-09-17 18:21:13 -05:00
Tod Beardsley dae8847c4d
Land #2374, more complete 32/64 migrate fix 
[FixRM #8395]
 2013-09-17 14:52:04 -05:00
James Lee c77d49a640 Merge branch 'rapid7' into cleanup/remove-id-tags 
Conflicts:
	lib/msf/core/payload/osx/bundleinject.rb
	lib/msf/core/payload/windows/dllinject.rb
	lib/msf/core/payload/windows/exec.rb
	lib/msf/core/payload/windows/loadlibrary.rb
	lib/msf/core/payload/windows/reflectivedllinject.rb
	lib/msf/core/payload/windows/x64/reflectivedllinject.rb
	scripts/meterpreter/netenum.rb
 2013-09-17 10:55:02 -05:00
James Lee 97d3a20f82 Remove more $Revision tags 2013-09-17 10:46:37 -05:00
James Lee 21055f6856 Add x86 to meterpreter's binary suffix 
This makes x86 more consistent with x64.

Also replaces a bunch of instances of:
  File.join(Msf::Config.install_root, 'data', ...)
with the simpler
  File.join(Msf::Config.data_directory, ...)

[See rapid7/meterpreter#19]
 2013-09-16 21:52:04 -05:00
James Lee d6954e9ce7 Fix migrate from 32- to 64-bit processes 
In some cases, it was possible to end up in a situation where the x64
reflective library hadn't been loaded by the time a user typed migrate.
If the target process was 64-bit, msfconsole would error out with a
NoMethodError and much sadness would ensue.

[See #2356]
 2013-09-16 16:04:50 -05:00
jvazquez-r7 a8198bc948 Add documentatio to the mixin 2013-09-16 11:55:30 -05:00
jvazquez-r7 a5049df320 Add echo CmdStager 2013-09-16 11:35:05 -05:00
sinn3r 4be0601c73 Land #2352 - Expand path to database config 2013-09-16 01:51:51 -05:00
Tod Beardsley 53a7e74813
Land #2360 
All the specs pass, and it's difficult to repo many of these cases to
see if bugs are actually here, but it's a good idea to enforce binary
regexs.
 2013-09-13 14:43:53 -05:00
HD Moore 72dff03426 FixRM #8396 change all lib use of regex to 8-bit pattern 2013-09-12 16:58:49 -05:00