Commit Graph

817 Commits (b1073b3dbbeb91bac64c83335ca78dd4717f6422)

Author SHA1 Message Date
sinn3r f715527423 Improve CVE-2012-1535 2012-08-21 19:58:21 -05:00
Tod Beardsley f46545db58 Merge pull request #700 from rsmudge/armitage
Armitage 08.16.12
2012-08-18 05:55:26 -07:00
Raphael Mudge a6e50497f0 Armitage 08.16.12 - several little fixes and updates. Nothing to write home to mom about. 2012-08-17 16:25:22 -04:00
sinn3r 13df1480c8 Add exploit for CVE-2012-1535 2012-08-17 12:16:54 -05:00
James Lee 9d2c1e36dd Store the value, not the comparison
Fixes client.sys.process.execute for posix, which previously (since
2010!) would always return nil, or a single byte. This makes sense
considering the value of bytesRead would always be either 0 or 1 because
it was being assigned the result of the comparison instead of the return
value of read().

[Fixes #681]
2012-08-09 18:18:45 -06:00
James Lee c19102c6f1 Return the PID as handle in posix
Fixes some TypeError exceptions when attempting most operations on
spawned processes, e.g.:

  p = client.sys.process.execute("/bin/sh", nil, "Channelized"=>true)
  p.close
  # raises TypeError: can't convert nil into Integer

[FIXRM #7005]
2012-08-08 15:23:00 -06:00
HD Moore fac4ba270c Merge pull request #662 from rsmudge/armitage
Armitage 08.02.12 - adds Cortana scripting technology.
2012-08-02 14:31:11 -07:00
Raphael Mudge 32ee1263f9 Armitage 08.02.12 - adds Cortana scripting technology. 2012-08-02 13:24:15 -04:00
m m 5531fd18a0 Really limit packet count and data in linux sniffer
Squashed commit of the following:

commit 57795ff9c33a53167fca85845b96b82b5c92315f
Author: James Lee <egypt@metasploit.com>
Date:   Wed Aug 1 14:13:20 2012 -0600

    Add recompiled sniffer bin for linux

commit 0e11fdb06fcb9771a11eb631e6f10ec7a2d315f3
Author: m m <gaspmat@gmail.com>
Date:   Thu Jul 12 15:08:10 2012 +0200

    really limit packet count and data in linux sniffer

[Closes #605]
2012-08-01 14:16:00 -06:00
James Lee e200f43183 Squashed commit of the following:
commit 1de16b41c8808df2919706eaa8cc89ae44d9b591
Author: m m <gaspmat@gmail.com>
Date:   Mon Jul 9 21:55:32 2012 +0200

    typo

commit a396b55018175f3eb2a83baecb1ec601cc99eef4
Author: m m <gaspmat@gmail.com>
Date:   Mon Jul 9 21:51:32 2012 +0200

    various posix meterpreter bugfixes

[Closes #584]
[FIXRM #7042]
2012-07-19 15:56:47 -06:00
m m 6605e2910c Squashed commit of the following:
commit f0a1d2ad004e5c77cc4d5dcc71935aa530f1729f
Author: m m <gaspmat@gmail.com>
Date:   Tue Jul 17 11:56:43 2012 +0200

    linux meterpreter : correct netmask computation

[Closes #613]
2012-07-19 14:22:39 -06:00
sinn3r 54576a9bbd Last touch-up
The contents of this pull request are very similar to what the msf
dev had in private, so everybody is credited for the effort.
2012-07-10 00:37:07 -05:00
LittleLightLittleFire 956ec9d1da added Makefile for CVE-2012-1723 2012-07-10 14:12:07 +10:00
LittleLightLittleFire e9ac90f7b0 added CVE-2012-1723 2012-07-10 12:20:37 +10:00
sinn3r 6dee4781df Merge branch 'armitage' of https://github.com/rsmudge/metasploit-framework into rsmudge-armitage 2012-07-05 18:47:07 -05:00
Raphael Mudge 6c53dffa50 Armitage 07.05.12
This release fixes a few small bugs.
2012-07-05 18:19:59 -04:00
Stephen Fewer df7a093eb8 force the eip() function to never be inlined under x64 in order to avoid an error being introduced when some unexpected compiler flags are being used. Now the compiler flags used (/O1, /O2, ...) shouldnt pose any problem 2012-07-02 17:40:57 +01:00
HD Moore c31f70cfb6 Switch to METERPRETER_UA as intended 2012-07-02 00:02:47 -05:00
HD Moore 27bdf78a5a Add support for user-agent control 2012-06-30 23:00:08 -05:00
jvazquez-r7 38abeeb235 changes on openfire_auth_bypass 2012-06-27 23:16:07 +02:00
jvazquez-r7 245205c6c9 changes on openfire_auth_bypass 2012-06-27 23:15:40 +02:00
jvazquez-r7 6ec990ed85 Merge branch 'Openfire-auth-bypass' of https://github.com/h0ng10/metasploit-framework into h0ng10-Openfire-auth-bypass 2012-06-27 23:09:26 +02:00
h0ng10 6cc8390da9 Module rewrite, included Java support, direct upload, plugin deletion 2012-06-26 11:56:44 -04:00
HD Moore 6556eecfda Update project 2012-06-24 14:03:58 -05:00
HD Moore 211b722ec1 Update project 2012-06-24 14:03:57 -05:00
HD Moore c1d143e580 Remove left over debug statements 2012-06-24 14:03:56 -05:00
HD Moore 3c7e87bacf Add missing project files 2012-06-24 14:03:54 -05:00
HD Moore 11b875d84d Checkin new code 2012-06-24 14:03:53 -05:00
HD Moore 2d0d5287d2 Commit EncodePointer stubs as a reference (temporary) 2012-06-24 14:03:52 -05:00
h0ng10 65197e79e2 added Exploit for CVE-2008-6508 (Openfire Auth bypass) 2012-06-24 07:35:38 -04:00
sinn3r 54309c3c3d Merge branch 'armitage' of https://github.com/rsmudge/metasploit-framework into rsmudge-armitage 2012-06-24 02:25:38 -05:00
Raphael Mudge 322e0766a1 Armitage 06.23.12 2012-06-23 13:03:55 -04:00
jvazquez-r7 b891e868f5 Added actionscript and swf needed 2012-06-23 08:36:35 +02:00
HD Moore a648c24b4e Move builds to VC10 2012-06-21 23:51:46 -05:00
HD Moore c5e9e5d374 Add Windows 8 / Server 2012 support to sysinfo 2012-06-21 23:50:29 -05:00
Steven Seeley fcf42d3e7b added adobe flashplayer array indexing exploit (CVE-2011-2110) 2012-06-20 12:52:37 +10:00
Michael Schierl 34ecc7fd18 Adding @schierlm 's AES encryption for Java
Tested with and without AES, works as advertised. Set an AESPassword,
get encryptification. Score.

Squashed commit of the following:

commit cca6c5c36ca51d585b8d2fd0840ba34776bc0668
Author: Michael Schierl <schierlm@gmx.de>
Date:   Wed Apr 4 00:45:24 2012 +0200

    Do not break other architectures
    even when using `setg AESPassword`

commit 422d1e341b3865b02591d4c135427903c8da8ac5
Author: Michael Schierl <schierlm@gmx.de>
Date:   Tue Apr 3 21:50:42 2012 +0200

    binaries

commit 27368b5675222cc1730ac22e4b7a387b88d0d2b3
Author: Michael Schierl <schierlm@gmx.de>
Date:   Tue Apr 3 21:49:10 2012 +0200

    Add AES support to Java stager

    This is compatible to the AES mode of the JavaPayload project.

    I'm pretty sure the way I did it in the handlers (Rex::Socket::tcp_socket_pair())
    is not the supposed way, but it works :-)
2012-06-11 16:13:25 -05:00
James Lee 1be9ce8649 Fixes command parsing in Post::Common
The meterpreter API wants arguments in a seperate string (not an array,
mind you) just so it can concatenate them on the server side.
Originally, I worked around that by using Shellwords.shellwords to pull
out the first token. But! Shellwords.shellwords inexplicably and
inexcusably removes backslashes in ways that make it impossible to quote
things on Windows. This commit works around both of those things.
2012-06-07 22:24:59 -06:00
Raphael Mudge 68dd0cd497 Armitage 06.07.12 - improved collaboration performance and fixed two bugs. 2012-06-07 13:16:16 -04:00
Raphael Mudge b5f1554caf Adding rsmudge's Armitage update
Squashed commit of the following:

commit 60be1b2d1d66134c54c82857a569bbf3a005baf8
Author: Raphael Mudge <rsmudge@gmail.com>
Date:   Wed May 30 19:43:07 2012 -0400

    Armitage 05.30.12
    A small collection of bug fixes.
2012-05-30 19:20:14 -05:00
sinn3r 3f1a72932e Merge pull request #401 from rsmudge/armitage
Armitage 05.21.12
2012-05-20 20:01:12 -07:00
Raphael Mudge c14a3e655e Armitage 05.21.12
This release improves collaboration performance and fixes a few Windows specific issues.
2012-05-20 22:54:25 -04:00
jvazquez-r7 14d8ba00af Added batik svg java module 2012-05-17 16:48:38 +02:00
sinn3r a88af1dd36 Merge pull request #391 from rsmudge/armitage
add color to armitage's presentation of the Metasploit console
2012-05-16 21:57:43 -07:00
Raphael Mudge 74e4812946 add color to armitage's presentation of the Metasploit console 2012-05-16 04:23:21 -04:00
James Lee 42719ab34b Squashed commit of the following:
commit 6a3ad1d887df9d277e4878de94f8700ed8e404f9
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 16:22:49 2012 -0600

    Add register_command calls for md5 and sha1

commit dbd52c5a1edfe1818a580d4d46aac0a9ca038e9c
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 16:22:09 2012 -0600

    Read the file instead of downloading it

commit 55b84ad8e2a8532b3f8520ccb1162169b8e9c056
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 15:27:11 2012 -0600

    Re-compile linux meterp to support the loadlib api

commit d112e84e490aa30aa9533fb0bdb33a9713ce01a5
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 14:50:25 2012 -0600

    Re-compile java meterp to support the loadlib api

commit c137187b346b708487245a849b95343223e4e7b0
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 14:44:10 2012 -0600

    Don't try to get interfaces if this session doesn't implement it

commit 88bba1e6c360c5725c4174623f56bcb6d8b54228
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 14:38:17 2012 -0600

    Remove debugging load

commit 02954cbf93e2a13da967780cb703103b3f83ecf4
Merge: d9ef256 88b35a3
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 12:06:53 2012 -0600

    Merge branch 'rapid7' into feature/4905

    Conflicts:
    	data/meterpreter/ext_server_stdapi.php
    	modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb

commit d9ef2569b88ae8bce67f13316f6eff76311fd846
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 2 18:06:06 2012 -0600

    PHP doesn't support rev2self

commit bf13ea0ff25541da07b8c099218e5ad7ea6ae8ba
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 18:21:59 2012 -0600

    Add php support for returning new extension commands

commit 7e35f2d671d3797fc3fab12e54015387f44b0b33
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 16:03:26 2012 -0600

    Reset CVE-2012-0507 back to master

    Purges commits unrelated to this branch.

commit 86a77b3cd017e1e3a3f23d9fba3b9ed173761f80
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 15:59:35 2012 -0600

    Revert "Make building the jar for cve-2012-0507 a bit easier"

    This reverts commit 27ef76522ad10436ec785728445ed2cc0657f85f.

    Conflicts:

    	external/source/exploits/CVE-2012-0507/Makefile
    	external/source/exploits/CVE-2012-0507/src/msf/x/PayloadX.java

commit 8c259fb779f736be16fe972215ddff1dd32fd0f3
Merge: fe2c273 1c03c2b
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 15:35:44 2012 -0600

    Merge branch 'rapid7' into feature/4905

    Conflicts:
    	data/meterpreter/ext_server_stdapi.jar
    	data/meterpreter/meterpreter.jar
    	external/source/meterpreter/java/src/meterpreter/com/metasploit/meterpreter/Meterpreter.java
    	modules/auxiliary/server/browser_autopwn.rb

commit fe2c273a6d840c67040d6c9e337f908204337e18
Merge: 8caff47 4e955e5
Author: James Lee <egypt@metasploit.com>
Date:   Fri Apr 6 10:19:53 2012 -0600

    Merge branch 'rapid7' into feature/4905

commit 8caff47d97469f1a5459c04461fd1098487ea514
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 17:51:18 2012 -0600

    Fix requires to find the test library

commit 51c33574cee3c47f0b2900c388d3d1213dd0a90d
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 17:48:35 2012 -0600

    Fix a load order problem with solaris post mods

commit 81b658362e5e6bdd215d18b53d14429d163aff72
Merge: adad2cf 6ef4257
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 15:43:19 2012 -0600

    Merge branch 'master' into feature/4905

commit 6ef42579471c6fde4bba71d0d4ce2c6c3e836180
Merge: 70ab8c0 5852455
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 15:16:56 2012 -0600

    Merge branch 'rapid7'

    Conflicts:
    	lib/rex/exploitation/javascriptosdetect.rb

commit adad2cf04c501c2a787e5475b62abd31871c06a0
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 20:20:21 2012 -0600

    Deal with null data/jar

    Not sure why "" turns into null sometimes, but it was breaking shells;
    this fixes it.

commit 4f8a437b490e2b2774f9efd23b4891eaf007cf16
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:10:59 2012 -0600

    Prev commit moved these to src/a

commit 27ef76522ad10436ec785728445ed2cc0657f85f
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:08:32 2012 -0600

    Make building the jar for cve-2012-0507 a bit easier

    Mostly stolen from cve-2008-5353

commit db3dbad0a5ff20b05758be073c3502138ff095c2
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 14:52:23 2012 -0600

    Fix incorrect option name

commit 776976af31795bdf1b405e208a2d4b78a6b6c2cf
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:36:20 2012 -0600

    Add bap support to java_rhino

commit a611ab16e06bd324d6616d0bd69f2c09d671bca0
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:35:16 2012 -0600

    Put next_exploit on the window object so it's always in scope

    Solves some issues with Chrome not running more than one exploit

commit 5114d35de7c2f234ac7fe4288b344d4f2bb9731f
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 14:31:53 2012 -0600

    Pull common stuff up out of the body

commit 748309465a029593e2fe2fd445149745367513f4
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:04:03 2012 -0600

    Fix indentation level

commit 954d485e3b8ffea9a7451bd495c1956a098e0eda
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:02:42 2012 -0600

    Abstract out copy-pasted methods

    Need to do the same thing for OSX, but it's a different implementation.

commit cba8d7c911fb184f6358948022fd4a0e010878d0
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 23 18:04:50 2012 -0600

    Linux doesn't implement (drop|steal)_token

commit 1cfda3a7b045c08ecfae1ad688e0124e76bd0c8f
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 23 17:57:37 2012 -0600

    Add availability checks for net, sys, ui, and webcam

commit 4bdf39a8bf4b5aab293fc47cb8282d0346db0811
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 23 16:45:59 2012 -0600

    add requirement checking for fs and core commands

commit 42e35971c9f7348b57293b2b94a42dd0260ac7e4
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 21 17:20:59 2012 -0600

    Add a to_octal method that converts e.g. "A" to \0101

commit c3b9415a0a9e2b55b1effbaf2396e11f88301aaa
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 21 17:20:07 2012 -0600

    Don't use "echo -n"

    It's not portable

commit b0f3ceccfaedbeaf67fbbe76f1a0a9aec7b44548
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 20 17:01:10 2012 -0600

    Return a list of new commands after core_loadlib, java version

    Thanks mihi for the patch and the awesome responsiveness!

commit d65303e1b6458bd4b95138dc0d61e5354c4e8d3a
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 20 13:21:06 2012 -0600

    Make sure we have a response before doing stuff with it

commit 721001ead474a17d1a16de543f78b548879f5e7e
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 21:25:31 2012 -0600

    Add missing rmdir and mkdir protocol commands to PHP

    Now passes all the stdapi tests that it can
    	[*] Session type is meterpreter and platform is php/php
    	[+] should return a user id
    	[+] should return a sysinfo Hash
    	[-] FAILED: should return network interfaces
    	[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_interfaces: Operation failed: 1
    	[-] FAILED: should have an interface that matches session_host
    	[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_interfaces: Operation failed: 1
    	[-] FAILED: should return network routes
    	[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_routes: Operation failed: 1
    	[+] should return the proper directory separator
    	[+] should return the current working directory
    	[+] should list files in the current directory
    	[+] should stat a directory
    	[+] should create and remove a dir
    	[+] should change directories
    	[+] should create and remove files
    	[+] should upload a file
    	[-] Passed: 10; Failed: 3

commit 024e99167a025f4678a707e1ee809a1524007d4d
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 15:26:00 2012 -0600

    Use a proper TLV type instead of a generic one

commit 1836d915cbe0bfd2f536a667e74d8d6a6ccee72a
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 15:24:25 2012 -0600

    Fix a counting error that caused segfaults (Linux)

commit 1e419d3fc392e435ae0af703561ce10bd5a45eb0
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 15:06:02 2012 -0600

    Return a list of new commands after core_loadlib

    Gets Windows back in sync with Linux

commit 3d3959f720de68e2f36ebfabe8196e01f98fe904
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 14:50:55 2012 -0600

    Refactor extensionList -> extension_commands

    It's not the same as extension_list.

commit a7acb638af803732fc5f3975e0c0632f427e0deb
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sun Mar 18 00:07:27 2012 -0500

    Massive whitespace cleanup

commit ef8b9fd5cea7db43860a5b88d7397ba84393ecd5
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 16:00:20 2012 -0500

    Add back enum_protections with some new changes

commit d778eec36953bb9bf4985e967ad2c119a1acd79b
Author: ohdae <bindshell@live.com>
Date:   Sat Mar 17 13:28:31 2012 -0400

    Added fix for enum_protections

commit 64611819d43bf13ab2d68f4353513c39e5a64fe0
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 03:14:26 2012 -0500

    A bunch of fixes

commit bb1a0205d73e75a61a8fbf5ff6440dd09f9780f9
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 00:28:05 2012 -0500

    The comments in get_chatlogs need an update

commit 666477e42a734f3120dcc4282b01b5ab5819384a
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 00:25:41 2012 -0500

    Correct license format

commit 3c8eecbcd7b952abaca0b1ce14dca41e1d4cabb7
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 00:22:03 2012 -0500

    Add enum_adium.rb post module

commit d290cf4fef1309df9a1af748e7c6c259a6788576
Author: ohdae <bindshell@live.com>
Date:   Fri Mar 16 16:54:36 2012 -0300

    Changed store_note to store_loot. Fixed local/remote file retrieval

commit ccb830b594ea0f0a8ce7c29b24f2f137ecfd5c4c
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 16 11:29:07 2012 -0600

    Fall back to MIB method if we can't get netmasks

    Misses IPv6 addresses, but at least doesn't break everything.

    [Fixes #6525]

commit a9a30232dd5fcc0854c10b4d58df8511a23f3091
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Fri Mar 16 11:49:31 2012 -0500

    This module is not ready, yanked.

commit 6bb34f7fd0785d31902f1edc938a6b05b91a1495
Author: Gregory Man <man.gregory@gmail.com>
Date:   Fri Mar 16 18:09:08 2012 +0200

    sockso_traversal 1.8 compatibility fix

commit e76965ce565a8ae634dc0d3c743542f1a6d977d7
Author: ohdae <bindshell@live.com>
Date:   Fri Mar 16 09:17:35 2012 -0400

    fix

commit 61ce7b587de54363f7071bc19df5a29eb29e9aa7
Author: ohdae <bindshell@live.com>
Date:   Fri Mar 16 09:14:48 2012 -0400

    saves each config to loot instead of notes

commit f4713974fa82d8b13017cb0817b5fd36696194d9
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 16 03:46:10 2012 -0600

    Check for a 0 prefix length

    If the OnLinkPrefixLength is 0, something is wrong, try the value in the
    prefix linked list.  Appears to fix v4 addresses on XP but not 2k3.

    [See #6525]

commit cde7fcc012e04880f2faa28226a1fc5834a2e3d5
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 16 01:46:41 2012 -0600

    Return network prefixes when available

    Solves #6525 on Vista+.  Win2k still works using the old MIB method
    (which doesn't support ipv6).  Win2k3 and XP are still busted for
    unknown reasons.

commit 98bd9a7bd09149f524ebbe1501ec916bf99b078d
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 22:59:42 2012 -0400

    Enumerate important and interesting configuration files

commit 9336df2ac28ee2df10a0e66e7006df3d23493492
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Thu Mar 15 19:06:48 2012 -0500

    More Virtualisation SSL fixes

commit f24c378281ee6c85f687d4823f09ef5848812daf
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Thu Mar 15 18:15:29 2012 -0500

    Default SSL to true for esx_fingerprint module

commit d6e14c42120df0fd16b79709ac5723d0e2818810
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 15:56:24 2012 -0500

    Fix typo

commit b24dcfe43e625740ec8a1465f33be02f7ec40162
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 15:55:54 2012 -0500

    Add sockso dir traversal

commit 033052c1e075fcf43e9c17e5ee4a5006247cb375
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 15 14:31:25 2012 -0600

    Fix syntax error in 1.8, thanks Jun Koi for the patch

commit 4529efaeaa22e52c9c7c1528c68efb60af8af729
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 14:27:40 2012 -0500

    enum_protections is now find_apps

commit 49e823802bd8f2cb1940545e74db04f3788352d1
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 14:22:23 2012 -0500

    File rename, as well as design and cosmetic changes

commit ccf6b011145cf9db444f7e2d3fb3ec61738e88cb
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 15:29:52 2012 -0300

    added report_note, removed store_loot function, cleaned up info/author

commit 27d571932e51afbac0c0fcd95c52f038786a9a28
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 12:18:29 2012 -0300

    fixed output newline issue

commit 5a828e35d1629dc68825fe7d9322d1316888f8d7
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 01:05:35 2012 -0300

    fixed save line

commit 805c2ee9871c076a8c0ac62b028a7942af70b6a5
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 01:02:07 2012 -0300

    removed unneeded comments

commit 5861e1512f2949c0d7848d9ebed8241277462085
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 01:00:55 2012 -0300

    fixed output issue

commit 593a3648111f1db1f56a410250539261c2a7cd9f
Author: ohdae <bindshell@live.com>
Date:   Wed Mar 14 18:26:53 2012 -0300

    removed unneeded dependency

commit 05053e6e74b0ac99bbd4005c40ecc3b1196fd13f
Author: ohdae <bindshell@live.com>
Date:   Wed Mar 14 13:30:16 2012 -0400

    locates installed 3rd part av, fws, etc

commit 5bf512d0e9d2b412c4107228db178a7078111443
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Wed Mar 14 16:50:54 2012 -0500

    Add OSVDB-79863 NetDecision Directory Traversal

commit 18715d0367f4ef01b5998d732043cbe224e1787e
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 23:03:01 2012 -0600

    Store the retrieved commands on the session

commit b752cb8b31fd8dcd221fb6caa483f6202bf5a4fd
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 22:45:16 2012 -0600

    Retrieve the list of new commands

    The client side doesn't do anything with them yet

commit 69ce8ef42d4089a0b26644bd4d6bebf57c4cfd50
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 22:41:16 2012 -0600

    Return a list of the new commands in response to core_loadlib

    Linux

commit 354c754aa4cce63ffebb4567f3bbfd621ffef46c
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 15:13:45 2012 -0600

    Whitespace at EOL

commit 4afcb4cb9da1921ede29b03b149433cc65d680da
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 14:30:09 2012 -0600

    Create instance methods that return extensions

    Before this change, meterpreter sessions would not #respond_to? their
    extensions despite having a pseudo-accessor for them:
    ```
    >> client.respond_to? :sys
    => false
    >> client.sys
    => #<Rex::Post::Meterpreter::ObjectAliases:0x0000000e263488 @aliases={"config"=>#<Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Config:0x0000000e268dc8 @client=#<Session:meterpreter 192.168.99.1:55882 (192.168.99.1) "uid=1000, gid=1000, euid=1000, egid=1000, suid=1000, sgid=1000 @ wpad">>, "process"=>#<Class:0x0000000e268d20>, "registry"=>#<Class:0x0000000e266da0>, "eventlog"=>#<Class:0x0000000e2654e8>, "power"=>#<Class:0x0000000e263c30>}>

    ```

    After:
    ```
    >> client.respond_to? :sys
    => true
    ```

commit 70ab8c018f67d15929b6f41322540837ab7b37c5
Merge: a8a3938 5f2bace
Author: James Lee <egypt@metasploit.com>
Date:   Tue Apr 3 11:46:25 2012 -0600

    Merge branch 'master' into bap-refactor

    Conflicts:
    	external/source/exploits/CVE-2012-0507/Help.java
    	external/source/exploits/CVE-2012-0507/Makefile
    	external/source/exploits/CVE-2012-0507/msf/x/Help.java
    	external/source/exploits/CVE-2012-0507/src/a/Exploit.java
    	external/source/exploits/CVE-2012-0507/src/a/Help.java

commit a8a393891588a8b5c18e3c2173f1cd9c2480b2d0
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 20:20:21 2012 -0600

    Deal with null data/jar

    Not sure why "" turns into null sometimes, but it was breaking shells;
    this fixes it.

commit 5e5eb39d3ccb62a9fc006be8241cfb97723caa06
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:10:59 2012 -0600

    Prev commit moved these to src/a

commit 5074eadbea426fc4f83d6d165a01e640ef42b4de
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:08:32 2012 -0600

    Make building the jar for cve-2012-0507 a bit easier

    Mostly stolen from cve-2008-5353

commit bdb3fbe7fd19aa76b4069edca5a78c53fec668c0
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 14:52:23 2012 -0600

    Fix incorrect option name

commit 78824ef60084510d3befe0ded6eed314d55eeb12
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 13:24:33 2012 -0600

    Add the detected browser version to the DOM

    Doing it this way lets modules grab the info a bit more easily.

commit 9813ccb8d6b14e0e728b8a13bacf59dd31b9c4b9
Merge: 0faa3f6 b5fc8e4
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 13:19:05 2012 -0600

    Merge branch 'master' into bap-refactor

commit 0faa3f65240c3a2b3ab0e72f4aeb2e9f50ed54ee
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:36:20 2012 -0600

    Add bap support to java_rhino

commit 66ca27f994e3b11c9c8adae85642820768158860
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:35:16 2012 -0600

    Put next_exploit on the window object so it's always in scope

    Solves some issues with Chrome not running more than one exploit

commit 7fc2ca1a0690c7a973307772aed42ab3514e1761
Merge: 325d306 e48c47e
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:10:54 2012 -0600

    Merge branch 'master' into bap-refactor

commit 325d3060599bc79674e93dd5f55a4e60061e9bdb
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 14:31:53 2012 -0600

    Pull common stuff up out of the body

commit 4f2b3260bf7f14f4d763625792adb0c3cfd1ed7c
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:04:03 2012 -0600

    Fix indentation level

commit 9b905c53b4d46beb86da8168a1c2c5b2da340f6d
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:02:42 2012 -0600

    Abstract out copy-pasted methods

    Need to do the same thing for OSX, but it's a different implementation.
2012-05-15 17:00:02 -06:00
MM 55bb7abc89 Squashed commit of the following:
commit 2027502c5c1364161854794529738344dddb5c50
Author: MM <gaspmat@gmail.com>
Date:   Thu Mar 22 18:12:07 2012 +0100

    link type must be signed, because dlt_to_linktype can return -1

commit 86027ea77d36d36e39070a54eb5caf3d3490e2e9
Author: MM <gaspmat@gmail.com>
Date:   Wed Mar 21 16:03:58 2012 +0100

    enable sniffing on any type of interface

commit df6eef12147a294d7f198d057c27e87ed4ffbeb3
Author: MM <gaspmat@gmail.com>
Date:   Tue Mar 20 18:01:50 2012 +0100

    ps support for linux meterpreter

[Closes #254]
2012-05-15 16:58:18 -06:00
MM 5d7190e8cb Squashed commit of the following:
commit df6eef12147a294d7f198d057c27e87ed4ffbeb3
Author: MM <gaspmat@gmail.com>
Date:   Tue Mar 20 18:01:50 2012 +0100

    ps support for linux meterpreter

[Closes #250]
2012-05-15 16:57:17 -06:00
sinn3r 0b817944c3 Merge pull request #386 from jlee-r7/fix-posix-execute
Fix posix execute
2012-05-13 16:17:34 -07:00
sinn3r 2e8b11ca78 Merge pull request #383 from rsmudge/armitage
Armitage 05.14.12
2012-05-13 16:15:59 -07:00
James Lee 73331b66e6 Fix execution with spaces in args by using sh -c
In posix, a command like "echo 'foo bar'" would previously get parsed
out into arguments for execve like [ "echo", "'foo", "bar'" ] which
obviously isn't what you want. After this commit, it sticks the whole
thing in an arg to sh so the execve call ends up looking like
  execve("/bin/sh", ["sh", "-c", "echo 'foo bar'"], [/* 26 vars */]) = 0
This is still a little less than ideal because shell escapes become a
problem; fortunately, that's easy to deal with on the client side as
long as module developers take it into account.
2012-05-13 14:55:57 -06:00
Raphael Mudge c7b9b711f1 Armitage 05.14.12
This release SSL-enables the red team collaboration architecture, adds several keyboard
shortcuts and it improves the workflow for viewing downloaded files/loots.
2012-05-13 13:56:10 -04:00
Michael Schierl 5bf03aff7d Squashed commit of the following:
commit db8a4fe575ec09607036ae5550adb83b345d9f2c
Author: Michael Schierl <schierlm@gmx.de>
Date:   Wed Apr 11 00:41:51 2012 +0200

    Ensure the manifest is always at the beginning of the JAR files

    Might create strange errors when loading stdapi if not.

commit fc02de4e36b3b952e256885d277e9c8e91f8f065
Author: Michael Schierl <schierlm@gmx.de>
Date:   Wed Apr 4 23:20:20 2012 +0200

    Change the build file so that it generates fixed timestamps inside meterpreter.jar / ext_server_stdapi.jar

[Closes #304]
2012-05-08 13:48:21 -06:00
sinn3r 122a3b7848 Merge pull request #366 from rsmudge/armitage
give source code a correct home.
2012-05-07 13:53:07 -07:00
Raphael Mudge 24a9cd92a6 give source code a correct home. 2012-05-06 01:52:16 -04:00
sinn3r 9a00823828 Merge branch '0a2940-CVE-2008-5499_adobe_flashplayer_aslaunch' 2012-04-19 18:08:22 -05:00
sinn3r f5e8f57497 Minor fixes 2012-04-19 18:07:35 -05:00
James Lee 15913dd92c Squashed commit of the following:
commit 97755336f2227a7db668b61e548d2956dddaccb8
Author: Michael Schierl <schierlm@gmx.de>
Date:   Thu Apr 5 22:33:40 2012 +0200

    make sure PayloadTrustManager gets dropped when using Spawn > 0

commit 0d096043e23af5d46a20b7f2c30c5d926ff66f8d
Author: Michael Schierl <schierlm@gmx.de>
Date:   Wed Apr 4 22:15:23 2012 +0200

    Fix connection hangs when using java/meterpreter/reverse_https with recent Java versions

    Reason is that Java thinks the SSL certificate presented by Metasploit is untrusted;
    therefore add a hack similar to the one in the metasploit.Payload class to trust all
    certificates here.

[Closes #303]
2012-04-16 13:15:33 -06:00
James Lee b1dbb50953 Squashed commit of the following:
commit 2b24a5e93da0b0dd61c29b6124794fa11c5b3d92
Author: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date:   Sun Apr 15 22:01:23 2012 -0500

    Document HTTPS options for Proxy

commit 24a8635b96d723465eb2bf212c83d31325990c28
Author: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date:   Sun Apr 15 21:52:47 2012 -0500

    Document HTTPS options

[Closes #337]
2012-04-16 12:57:03 -06:00
Michael Schierl eedd7be453 Squashed commit of the following:
commit 9afece529a33739a088c9c4d10b76dd52f23b99e
Author: Michael Schierl <schierlm@gmx.de>
Date:   Thu Apr 12 17:58:12 2012 +0200

    fix cat ... command by making stdapi_fs_stat return a sensible result

[Closes #330]
2012-04-16 12:24:54 -06:00
sinn3r 835d8b209d clear whitespace 2012-04-12 01:08:22 -05:00
0a2940 654701f1b2 new file: data/exploits/CVE-2008-5499.swf
new file:   external/source/exploits/CVE-2008-5499/Exploit.as
	new file:   modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb
2012-04-10 20:58:22 +01:00
Michael Schierl 1d56ffe225 Update javapayload and java meterpreter
* Add support for hashing commands (stdapi_fs_md5 and sha1)
* Replace MTU detection with the Proper Java Way

Squashed commit of the following:

commit 0207b6e2e0c0eb55c7c5f04bd3008f674f6239ad
Author: Michael Schierl <schierlm@gmx.de>
Date:   Sat Mar 24 22:02:15 2012 +0100

    add support for stdapi_fs_{md5|sha1} commands

commit a187e7bc79f8d89e66df8d3a3f892c6dce10307b
Author: Michael Schierl <schierlm@gmx.de>
Date:   Sat Mar 24 20:32:03 2012 +0100

    update binaries

commit 0fc553bdac76cc8997fc581141483a3efbdefdfc
Author: Michael Schierl <schierlm@gmx.de>
Date:   Sat Mar 24 20:29:48 2012 +0100

    Add support to Java Meterpreter for multiple addresses on same interface

    For more information, see https://dev.metasploit.com/redmine/issues/6476

    Tested with Java 1.4, 1.5, 1.6, 1.7.

commit fc6dba99fe0b13bf8837ed7a699c5dbad35100e6
Author: Michael Schierl <schierlm@gmx.de>
Date:   Sat Mar 24 16:55:15 2012 +0100

    Fix Eclipse warnings

commit 4168d025507c1ecfbc50164cfc7f25f3f222b0ab
Author: Michael Schierl <schierlm@gmx.de>
Date:   Sat Mar 24 16:29:37 2012 +0100

    Update pretty-printing of unsupported command TLVs

    This adds the TLVs added by commit fbc8e25aaa to the pretty-printer.

commit 4a9335abdabb1b8a7741c5ec67852d7c5d552d6b
Author: Michael Schierl <schierlm@gmx.de>
Date:   Sat Mar 24 16:17:25 2012 +0100

    Un-ghetto Java Meterpreter MTU determination

    This splits the change from commit 14dfcce63a into a 1.6-specific and a 1.4-specific implementation (the latter being empty).

    Tested with Java 1.4, 1.5, 1.6, 1.7.

commit 968edd210ed68ba4974f051e280d90f0151df222
Author: Michael Schierl <schierlm@gmx.de>
Date:   Sat Mar 24 15:52:46 2012 +0100

    update .gitignore to ignore IDE generated files in JavaPayload projects

commit 86111625bee318411cf43da7706d37ce5d7045c5
Author: Michael Schierl <schierlm@gmx.de>
Date:   Sat Mar 24 15:49:58 2012 +0100

    synchronize stages with upstream JavaPayload

commit 2360f2e6eb8703ae762868678ac952203be35d93
Author: Michael Schierl <schierlm@gmx.de>
Date:   Sat Mar 24 15:39:58 2012 +0100

    remove unused stages

[Closes #270]
2012-04-04 09:56:07 -06:00
James Lee 6b996ed9de Add checks for data being null, too, just in case 2012-03-30 16:46:49 -06:00
James Lee b424475774 Add a makefile
Compiles with an old -target so it will work on older JVMs
2012-03-30 16:25:47 -06:00
sinn3r e018c6604f Modify CVE-2012-0507 2012-03-30 02:06:56 -05:00
sinn3r 791ebdb679 Add CVE-2012-0507 (Java) 2012-03-29 10:31:14 -05:00
James Lee 4ed55dc958 Fall back to MIB method if we can't get netmasks
Misses IPv6 addresses, but at least doesn't break everything.

[Fixes #6525]
2012-03-16 11:30:25 -06:00
James Lee ba1ed93ee2 Check for a 0 prefix length
If the OnLinkPrefixLength is 0, something is wrong, try the value in the
prefix linked list.  Appears to fix v4 addresses on XP but not 2k3.

[See #6525]
2012-03-16 03:46:10 -06:00
James Lee 9aaf6af072 Return network prefixes when available
Solves #6525 on Vista+.  Win2k still works using the old MIB method
(which doesn't support ipv6).  Win2k3 and XP are still busted for
unknown reasons.
2012-03-16 01:50:26 -06:00
James Lee bd3f27afa8 Remove some debug output 2012-03-14 13:24:34 -06:00
James Lee 48486a6518 malloc properly in Linux instead of living on hopes and dreams
Also fixes a mem leak in windows.
2012-03-14 13:02:11 -06:00
James Lee 5ca9c95f1d Remove some debugging junk 2012-03-14 12:51:09 -06:00
James Lee 5fafb8bf02 Refactor entryCount -> tlv_cnt for consistency 2012-03-14 12:50:45 -06:00
James Lee 6036691517 Adjust snaplen to grab the whole packet in case mtu > 1514
Fixes an issue where pcap_dispatch would return -1 and pcap_geterror
said "corrupted frame on kernel ring mac"

[Fixes #6527]
2012-03-14 12:36:36 -06:00
gaspmat@gmail.com 248a73a73c change sniffer behaviour when stopping capture. workaround if pcap_findalldev fails 2012-03-14 11:07:31 -06:00
James Lee 6a6dd06103 Merge branch 'feature/6476-list-all-ifaces'
Conflicts:
	modules/auxiliary/scanner/afp/afp_server_info.rb
2012-03-13 13:55:45 -06:00
James Lee 89e3fee5a8 Revert "Squashed commit of the following:"
This reverts commit dd9ac8a6c0.
2012-03-13 13:38:35 -06:00
James Lee dd9ac8a6c0 Squashed commit of the following:
commit 8b4750d0dcbac0686f9403acdf5cab50c918212f
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 13 13:14:43 2012 -0600

    Add bins for listing all addresses

    [Fixes #6476]

commit 213dd92ebc9b706a45725e6515c7939d2edace0e
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 13 02:08:34 2012 -0600

    Accept multiple addresses and netmasks

    [See #6476]

commit 2e8bd3c3ecfb319bf9456485d2420bb5829b60cc
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 13 01:55:57 2012 -0600

    Make inspecting meterpreter packets a little less painful

    Not sure why I originally thought there was no way to access extensions'
    constants before.  A simple `require` makes it all happy.

commit da367907cf579bd3aefaffbc84d2f96a41b85f00
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 11 22:08:44 2012 -0600

    Fix up Linux after changes for Windows

commit ec9f04378b0155f69df95d4a94e62d33ce61977c
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 11 21:56:11 2012 -0600

    Grab IPv6 addresses on Windows when possible

    Tries to GetProcAddress of GetAdaptersAddresses and falls back to the
    old GetIpAddrTable() function when it isn't available. This should work
    on XPSP1 and newer, albeit without netmasks on versions before Vista.
    Still trying to figure that one out.

commit 1052ebdcf86114fbc03d1a37ab5d4c6a78e82daa
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 6 15:34:09 2012 -0700

    Wrap Windows-specifc headers in ifdef

commit f23f20587b3117c38a77e7e5a93d542411e9504f
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 6 14:36:34 2012 -0700

    Handle multiple addrs on one iface on the ruby side

commit d7207d075ac6462875d9da531cf20c175629a416
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 5 21:57:39 2012 -0700

    Adds IPv6 addrs to win32 get_interfaces response

commit 11ae7e8a45bd56d25841ea8724377e0fb6789d72
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 5 09:07:28 2012 -0700

    Don't distinguish between 4 and 6.

    The client can figure it out from the length.

commit 2c7490bdf3e4079f30857ee323d2ce23ab1bd9a5
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 4 04:25:26 2012 -0700

    Append to the list instead of assigning to it

    All addresses are being sent to the client now.  Just need a way to
    parse them out correctly on the other side and meterpreter will be able
    to list all addresses on all interfaces on Linux.  Next step is to
    allocate the proper number of TLVs to avoid good ol' stack smashes on
    systems with lots of addresses and then make sure we clean all the
    memory leaks.

    [See #6476]

commit 73bba037ad968b922341c02459017afcc8407a76
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 4 03:12:28 2012 -0700

    Lay the groundwork for returning all addresses

    This commit only sends the last interface in the list, but it is looping
    through all of them as evidenced by the log, just need to make sure
    we're not overwriting as we go.

    [See #6476]
2012-03-13 13:19:18 -06:00
James Lee 3ba471176e Return an appropriate error when stat() fails
Tested on Linux and Windows

[Fixes #6517]
2012-03-13 01:45:58 -06:00
James Lee 5dc03c6ac0 Fix up Linux after changes for Windows 2012-03-11 22:08:44 -06:00
James Lee 602408743c Grab IPv6 addresses on Windows when possible
Tries to GetProcAddress of GetAdaptersAddresses and falls back to the
old GetIpAddrTable() function when it isn't available. This should work
on XPSP1 and newer, albeit without netmasks on versions before Vista.
Still trying to figure that one out.
2012-03-11 21:56:11 -06:00
sinn3r befb60217c Add CVE-2012-0754 .as source 2012-03-07 19:25:51 -06:00
James Lee 806a3c01b7 Wrap Windows-specifc headers in ifdef 2012-03-06 15:34:09 -07:00
James Lee 085b3b5640 Adds IPv6 addrs to win32 get_interfaces response 2012-03-05 21:57:39 -07:00
James Lee cd990917be Don't distinguish between 4 and 6.
The client can figure it out from the length.
2012-03-05 09:10:47 -07:00
James Lee c81dce2013 Append to the list instead of assigning to it
All addresses are being sent to the client now.  Just need a way to
parse them out correctly on the other side and meterpreter will be able
to list all addresses on all interfaces on Linux.  Next step is to
allocate the proper number of TLVs to avoid good ol' stack smashes on
systems with lots of addresses and then make sure we clean all the
memory leaks.

[See #6476]
2012-03-05 09:10:47 -07:00
James Lee cb998b91e5 Lay the groundwork for returning all addresses
This commit only sends the last interface in the list, but it is looping
through all of them as evidenced by the log, just need to make sure
we're not overwriting as we go.

[See #6476]
2012-03-05 09:10:46 -07:00
HD Moore cea4529f5e Add an example of preconfigured proxy stager 2012-03-05 00:59:47 -06:00
James Lee 9f05562a18 Don't distinguish between IPv4 and IPv6 routes
It's easier to deal with one Array of all routes regardless of INET
family than having get_routes() return a two-element Array of Arrays.
Also fixes a bug in each_route() which was expecting get_routes() to
return a single Array of all routes. Thanks to valsmith for reporting.
2012-03-02 18:26:57 -07:00
HD Moore 165257db75 Remove unused "plus" code 2012-03-02 17:46:59 -06:00
HD Moore b70b41091b Tested fairly well - this randomizes the URLs and removes the user-agent string from the request 2012-03-02 17:44:23 -06:00
HD Moore ce94ffd755 First round of changes to http(s) payloads 2012-03-02 17:13:51 -06:00
James Lee 2d0d7b4470 777 is not the same as 0777
Fixes a bug where meterpreter created directories with absurd
permissions on posix (777 = 01411 = dr----x--t).
2012-03-02 13:16:52 -07:00
James Lee fbc8e25aaa Add the new stdapi/net TLVs to java 2012-02-29 20:31:12 -07:00
James Lee 14dfcce63a Add the MTU when it's available
This doesn't work on 1.4, but I'm not Java-savvy enough to figure out
how to only compile it for 1.4, so do a ghetto try-catch block in case
the method doesn't exist.
2012-02-29 20:30:03 -07:00
James Lee 4a5d7debd5 Add the usleep back in
MM convinced me.
2012-02-29 02:20:23 -07:00
James Lee ed3700b5da Fix a few more compiler warnings 2012-02-28 08:23:35 -07:00
James Lee 98157475af Fix a type-safety warning 2012-02-28 08:17:39 -07:00
James Lee ae37f74864 Fix a couple of warnings and a typo 2012-02-28 08:16:06 -07:00
James Lee a80056e6e5 Get rid of an unnecessary sleep() 2012-02-24 16:42:12 -07:00
MM f83a7f14ac Switch to netlink for listing interfaces
* Adds support for listing IPv6 addresses on POSIX meterpreter
* Ensures crash logs are only created if debugging is enabled
* Fixes a bug in sniffer where a lock was not acquired correctly

Squashed commit of the following:

commit 955124b264a675c7d67187703bf23b58f0aba6d8
Author: MM <gaspmat@gmail.com>
Date:   Thu Feb 23 23:42:26 2012 +0100

    posix meterpreter - IPv6 support for route and ipconfig using netlink sockets

[Closes #196]
2012-02-24 16:42:12 -07:00
James Lee 0ef8d8bb3a Ensure the dir exists before copying files there
Thanks MM for pointing out that this was missed.  The other dirs
referenced in #183 were addressed in 134b6c874f

[Closes #183]
2012-02-22 20:54:20 -07:00
James Lee c39f14591f No need for pcap in stdapi anymore
Pcap used to be required for the ipconfig command but since the fix
for #6328, it is no longer necessary.

[See #6328]
2012-02-18 12:46:13 -07:00
James Lee 134b6c874f Ensure output paths exist for compiled object files
Fixes build on clean checkout
2012-02-18 11:42:27 -07:00
James Lee a0bbbb0b7d Compile pcap without libnl since bionic doesn't have headers
Fixes build on systems that have libnl installed.
2012-02-18 11:41:09 -07:00
juan e69037959f Added CVE-2010-0842 2012-02-15 23:32:31 +01:00
James Lee 8e8188d752 Add the missing include that broke Windows build
I swear I committed this before...

[See #6372]
2012-02-15 11:51:00 -07:00
James Lee 64cf8bb7ee Fix brokenness with the debug target
If a test returns false, make exits.  Duh.

[Fixes #6343]
2012-02-14 16:56:48 -07:00
James Lee bd86bfc6d5 Remove redundant __FUNCTION__ references in dprintf calls
From the Department of Redundancy Department.
2012-02-13 18:40:25 -07:00
James Lee 3e61fc1154 Adds a depclean target
Don't blow away libc with the "clean" target because I'm tired of
rebuilding everything.
2012-02-13 17:59:01 -07:00
James Lee 9e814bdf19 Whitespace cleanup 2012-02-13 15:21:01 -07:00
James Lee 60706033f4 Remove unnecessary -gstabs and fix a logic error
This drops the sniffer extension to a size of around 55k bytes.
2012-02-10 15:57:01 -07:00
James Lee 13c231afbc Really set the flag so we don't strip later
Oversight from last commit
2012-02-10 15:57:01 -07:00
James Lee d44c7896b6 Add a 'debug' target for posix meterpreter build
This new target adds debugging symbols and doesn't strip binaries. New
bins are considerably bigger, but may be more helpful when diagnosing
problems or adding new features.

[Fixes #6343]
2012-02-10 15:57:01 -07:00
James Lee fc088fa379 Don't use the verboten 127.0.0.1
Alleviates some unnecessary headaches with the database
2012-02-10 15:57:01 -07:00
James Lee b5dc50968b Simplify creation of .h files from libs
Suffix rules are awesome.
2012-02-10 15:57:00 -07:00
James Lee 3d1c8ae383 Fix another errant use of dprintf 2012-02-08 16:45:12 -07:00
Joshua J. Drake 1a6cbd2bf0 Fix another dprintf from #6334, oops 2012-02-06 11:42:12 -06:00
Joshua J. Drake 4b2d8f88e8 Fix dprintf statements in meterpreter C src #6334 2012-02-06 11:38:14 -06:00
Joshua J. Drake d6616cd8a9 Fix up posix meterpreter rtld/Makefile rule 2012-02-06 11:28:59 -06:00
James Lee e045accfc3 Refactor interface listing
[See #6328]
2012-02-02 00:14:38 -07:00
James Lee 026c24c184 Replace the root-only pcap iface listing technique
Leaks memory, will remedy momentarily

[See #6328]
2012-02-02 00:14:38 -07:00
James Lee 10bd708a69 Just rm libpcap add re-extract instead of cleaning
It's faster.
2012-02-02 00:14:38 -07:00
HD Moore 0c2a18d765 Fix up reverse_tcp ipv6 stager for freebsd 2012-02-01 01:41:24 -06:00
HD Moore 45a785fde0 Adds BSD IPv6 payloads and stagers 2012-02-01 00:54:42 -06:00
HD Moore 7630ef17e3 Add BSD IPv6 payloads (source only for now) 2012-02-01 00:54:42 -06:00
James Lee c56d326368 Use the proper dirsep and allocate correctly
Thanks, mm__ for the bug report and the patch!

[Fixes #6322]
2012-01-31 17:31:15 -07:00
James Lee ba50f84229 More i386 and -m32 fixes for compiling meterpreter
This should be the last change necessary to compile a 32-bit meterpreter
from a 64-bit build host.

See #6268
2012-01-31 10:12:42 -07:00
scriptjunkie fd9aab4de1 Get output format list in msfgui dynamically from RPC. 2012-01-28 23:38:46 -05:00
James Lee e48da7b7db Merge branch 'stat-struct-fixes'
Conflicts:
	data/meterpreter/ext_server_stdapi.lso
2012-01-27 19:07:27 -07:00
James Lee e0a312e38d Get the return values in the right place
This should convert stat values to something portable enough to work on
POSIX and Windows.

Fixes #6294
2012-01-27 18:56:01 -07:00
James Lee 628f85cea3 Add -m32 and -march=i386 to the Jam build for bionic
This is hopefully the last thing that needs to be fixed up for i386
compatibility.

See #6268
2012-01-27 18:02:37 -07:00
James Lee 5bc1701a5a Ensure make.sh returns success 2012-01-27 17:20:36 -07:00
James Lee e7b15180d1 Add clean targets for openssl and libpcap
Also, a 'really-clean' target that does everything
2012-01-27 17:20:36 -07:00
James Lee 289dc81d60 Add -m32 to all the Makefiles
This is in an attempt to get it compilation working on 64-bit hosts.
2012-01-27 17:20:36 -07:00
James Lee 1a187c00aa Add a platform-independent stat struct
This should help with various issues on linux
2012-01-27 17:13:46 -07:00
James Lee 5be58513f9 Ensure make.sh returns success 2012-01-27 16:37:48 -07:00
James Lee 8108bf888e Add clean targets for openssl and libpcap
Also, a 'really-clean' target that does everything
2012-01-27 16:33:27 -07:00
James Lee abf031f224 Add -m32 to all the Makefiles
This is in an attempt to get it compilation working on 64-bit hosts.
2012-01-27 15:14:47 -07:00
James Lee 10237f7c12 Changes openssl/build.sh to create its own target
This should ensure we build everything for i386 and only link the lib
files we mean to.  Also no longer builds any of the superfluous openssl
executables since all we need are the .so files.

See #6268
2012-01-25 17:54:13 -07:00
James Lee e928efaa8c Force gcc to compile for i386
Makes meterpreter for linux work on older CPUs.

Fixes #6268
2012-01-23 15:20:36 -07:00
scriptjunkie 9fe18cdc86 Add x64 LoadLibraryA payload. Because it should exist. 2012-01-17 21:16:26 -06:00
scriptjunkie 1e811aed02 Adds scriptjunkie's multilingual admin fie for pxexploit
Also removes duplicated code between external/source/exploits/pxesploit
and external/source/pxesploit.

[Closes #63]

Squashed commit of the following:

commit 325f52527233ded1bf6506c366ec8cb9efdc2610
Author: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date:   Fri Dec 16 12:14:18 2011 -0600

    Jetzt auf Deutsch! y español! 中國人!
    [update pxexploit to resolve administrators' group name rather than assume the English 'Administrators']
    Also remove duplicate/old pxexploit source code from the tree.
2011-12-23 12:24:45 -06:00
scriptjunkie 5bad92e021 Gui Bugfixen: Msgpack-error-fixen, Unneccessary-error-message-removen, popup-showen, und lock-contention-reducen.
Viel besser!
2011-12-16 09:52:12 -06:00
scriptjunkie e34555dc22 Remove XML RPC option for msfgui. 2011-12-11 14:44:12 -06:00
sinn3r e7c179d0b5 The more description the better 2011-12-01 03:03:37 -06:00
sinn3r 9e71be8ed0 Add source for CVE-2011-3544 2011-11-29 18:04:31 -06:00
scriptjunkie 8d58ea227f Add UAC bypass to default pxesploit attack. 2011-11-16 08:16:22 -08:00
scriptjunkie 8358edac2e Add badchars field to msfgui payload popup, so badchars can be added (in hex form) 2011-11-11 14:05:58 -06:00
Matt Buck 16f45fc894 Add empty directories from svn repo. 2011-11-09 18:41:40 -06:00
Matt Weeks ce5b999e5e Change of case on error message and convert db time field to date.
git-svn-id: file:///home/svn/framework3/trunk@14199 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-09 03:48:50 +00:00
Matt Weeks fb6e828a30 Only poll for sessions/jobs once a connection comes in.
git-svn-id: file:///home/svn/framework3/trunk@14198 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-09 03:13:29 +00:00
Matt Weeks 2dd0417941 Fix progress bar on initial start.
git-svn-id: file:///home/svn/framework3/trunk@14195 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 21:28:39 +00:00
Matt Weeks 0b4996a38c Put tables into an array.
git-svn-id: file:///home/svn/framework3/trunk@14178 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-07 01:54:24 +00:00
Matt Weeks b1bb0ae729 Backward-compatible for recent DB changes.
git-svn-id: file:///home/svn/framework3/trunk@14177 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-07 00:17:09 +00:00
Matt Weeks 4629c0867b Address #5887 and #5888 for RPC DB and msfgui
git-svn-id: file:///home/svn/framework3/trunk@14167 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-05 18:12:10 +00:00
Matt Weeks 11c5801895 Clean up error opening Events table and reading new database credentials.
git-svn-id: file:///home/svn/framework3/trunk@14123 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-30 22:24:29 +00:00
Matt Weeks cf9ad43683 Specify MsgPack API Version.
git-svn-id: file:///home/svn/framework3/trunk@14019 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-20 22:21:36 +00:00
Matt Weeks a82adb14f9 Allow boolean options of true and True as well as 0 and 1.
git-svn-id: file:///home/svn/framework3/trunk@13796 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-26 19:16:02 +00:00
Matt Weeks ab4026cfb5 And do the same for pivoted PXE attacks.
git-svn-id: file:///home/svn/framework3/trunk@13780 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-23 16:16:47 +00:00
Matt Weeks 7a3be4fe38 Allow hidden windows to resurrect properly after restart.
git-svn-id: file:///home/svn/framework3/trunk@13770 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-22 03:04:34 +00:00
Matt Weeks b3f29cbddf Fix MsgRPC over SSL support.
git-svn-id: file:///home/svn/framework3/trunk@13754 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-18 23:02:31 +00:00
Matt Weeks 10bf0fbe84 Whoops. Reset would be reset, not stop.
git-svn-id: file:///home/svn/framework3/trunk@13752 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-18 20:26:09 +00:00
Matt Weeks 9ada448a16 Replace references to tabbedPane since that may not exist.
git-svn-id: file:///home/svn/framework3/trunk@13746 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-17 15:09:04 +00:00
James Lee c6c133673f add reverse_https support for java meterpreter, fixes #5288; thanks mihi!
git-svn-id: file:///home/svn/framework3/trunk@13741 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-16 21:10:11 +00:00
Matt Weeks 0293417c29 Whoops - make status bar visible again.
git-svn-id: file:///home/svn/framework3/trunk@13732 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-15 00:29:11 +00:00
Matt Weeks 5847de9435 Whoops fix pane splitting.
And minor scroll speed improvement on payload popup.



git-svn-id: file:///home/svn/framework3/trunk@13720 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-12 00:49:41 +00:00
Matt Weeks ea2a1be834 Save and restore splitpane layout
fix issues with splitpane layout - focus locking with multiple panes & splitting panes that can't be split


git-svn-id: file:///home/svn/framework3/trunk@13719 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-11 20:59:28 +00:00
Matt Weeks adcc9fcbbb Fix issue with URI decoding.
git-svn-id: file:///home/svn/framework3/trunk@13717 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-11 03:47:01 +00:00
Matt Weeks 35a6f26654 Add pane-splitting.
git-svn-id: file:///home/svn/framework3/trunk@13714 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-11 00:21:01 +00:00
Matt Weeks 135e4c25e3 Start msfrpcd in root of metasploit tree to avoid path issues.
git-svn-id: file:///home/svn/framework3/trunk@13693 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-04 21:55:08 +00:00
Matt Weeks a57769f336 Address a few remaining MsgPack/XML differences,
remove Msg warning.



git-svn-id: file:///home/svn/framework3/trunk@13649 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-28 21:09:03 +00:00
Matt Weeks b3d169b590 Standardize locking and tabbing for GUI.
git-svn-id: file:///home/svn/framework3/trunk@13648 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-28 20:29:06 +00:00
Matt Weeks 6853221762 Fixes #5313 by adding logging support to pivoted PXE attacks, and displaying results as the module runs.
git-svn-id: file:///home/svn/framework3/trunk@13646 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-27 15:46:49 +00:00
Matt Weeks 06c3dabe31 Fixes #5312 for pivoted PXE attacks.
git-svn-id: file:///home/svn/framework3/trunk@13634 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-25 02:07:35 +00:00
Matt Weeks 53e43fa847 whoops. Use these, not the dhcpserv.cpp/h
git-svn-id: file:///home/svn/framework3/trunk@13633 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-25 01:41:57 +00:00
Matt Weeks 4ec69f3dfd Fix more encoding issues with msgpack RPC, especially with payload generation/encoding.
git-svn-id: file:///home/svn/framework3/trunk@13623 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-24 20:31:18 +00:00
Matt Weeks 161b4eacb5 Fix some base64 encoding issues with MsgPack.
Use "busy" indicator in console.



git-svn-id: file:///home/svn/framework3/trunk@13617 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-24 03:05:09 +00:00
Matt Weeks 7a933bdf2c MessagePack support for GUI. Woohoo! Still backend errors though; see #5309
git-svn-id: file:///home/svn/framework3/trunk@13616 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-24 01:06:53 +00:00
Matt Weeks 31d1628dde Some payload fixes
git-svn-id: file:///home/svn/framework3/trunk@13596 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-20 02:18:20 +00:00
James Lee 851bc8d7b8 add a single shell payload for java, partially reverts r13213
git-svn-id: file:///home/svn/framework3/trunk@13588 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 16:31:19 +00:00
HD Moore 521b95b0c2 This fixes garbled characters in lsass hashdump on some platforms
git-svn-id: file:///home/svn/framework3/trunk@13582 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 05:09:49 +00:00
Matt Weeks 3e0c3e5f76 Add source for pxesploit tools.
git-svn-id: file:///home/svn/framework3/trunk@13534 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 22:57:21 +00:00
Matt Weeks b2733c04db More PXE dust for extra magic!
git-svn-id: file:///home/svn/framework3/trunk@13493 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-05 17:10:27 +00:00
Matt Weeks f866b3ecdf Use different check to see if SSL will work.
git-svn-id: file:///home/svn/framework3/trunk@13440 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-31 00:56:40 +00:00
Matt Weeks 630fb999f8 Don't display or load events table by default. Also, only reload visible windows on refresh.
git-svn-id: file:///home/svn/framework3/trunk@13436 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-30 21:51:07 +00:00
Matt Weeks 8447141a0c Include check for crypto algorithm support.
git-svn-id: file:///home/svn/framework3/trunk@13430 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-30 19:38:35 +00:00
Matt Weeks b4a58989c4 Give choice of rpcd to connect to when last remembered connection is still running.
git-svn-id: file:///home/svn/framework3/trunk@13424 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-30 15:22:27 +00:00
James Lee 0f95070f3f add a request type for grabbing the host's directory separator, fixes #4892
git-svn-id: file:///home/svn/framework3/trunk@13346 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-26 20:51:33 +00:00
James Lee 6b1dfd5908 meterpreter compiles on modern linux! see #2418
git-svn-id: file:///home/svn/framework3/trunk@13333 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-25 07:59:51 +00:00
James Lee dd84169187 tell the linker to make DT_HASH sections instead of DT_GNU_HASH which msflinker can't handle
git-svn-id: file:///home/svn/framework3/trunk@13332 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-24 23:50:55 +00:00
James Lee 5c5861cc9b add a 'clean' target
git-svn-id: file:///home/svn/framework3/trunk@13328 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-24 19:25:19 +00:00
HD Moore 75bef2b98a Apply a diff to fix bad ifdef usage
git-svn-id: file:///home/svn/framework3/trunk@13324 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-23 20:31:58 +00:00
HD Moore 47eb4cbd86 Add an ifdef around the wininet setup routine
git-svn-id: file:///home/svn/framework3/trunk@13323 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-23 20:16:19 +00:00
Matt Weeks 9ebbe84a4a Update to version 4.
Add first-run detection that farms out database initialization to msfconsole.
Autostart RPC if no other option is selected.
Check for RPC death in startup.
More lenient socket timeouts.



git-svn-id: file:///home/svn/framework3/trunk@13301 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-23 00:05:38 +00:00
James Lee 3c261c346f add support for java/meterpreter/reverse_http. assuming i didn't miss any files, fixes #4946, thanks mihi!
git-svn-id: file:///home/svn/framework3/trunk@13213 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 23:15:06 +00:00
James Lee 0d585ffb4c add the source files for RMILoader and RMIPayload. fixes #4738, which has nothing to do with #4378 that i dyslexified in r13185
git-svn-id: file:///home/svn/framework3/trunk@13187 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-15 22:28:40 +00:00
James Lee 1d25a6d7d1 add an exploit for java's rmid and rmiregistry code-execution-by-design and supporting source. fixes #4378, thanks mihi!
git-svn-id: file:///home/svn/framework3/trunk@13185 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-15 20:42:31 +00:00
Matt Weeks 8f79fd1e5f Add "crack passwords" option.
git-svn-id: file:///home/svn/framework3/trunk@13169 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-14 03:06:07 +00:00