f2405a5dc0
Create SMB_FIND_FILE_BOTH_DIRECTORY_INFO_HDR_LENGTH constant
2015-02-20 00:35:26 -06:00
571dffa317
Create template for SMB_FIND_FILE_BOTH_DIRECTORY_INFO
2015-02-20 00:22:33 -06:00
94ad64546c
Create TRANS2_PARAMETERS template
2015-02-19 23:16:52 -06:00
b24b94ddd3
Do first cleanup of find_first2 handlers
2015-02-19 19:08:56 -06:00
874031b96d
Delete require
2015-02-18 13:44:31 -06:00
415c671416
Move Rex code, we'll redesign as mixin
2015-02-18 13:44:02 -06:00
f960a77754
Solve merging conflicts
2015-02-18 11:36:47 -06:00
934af4cee9
Merge branch 'master' into module-smbfileserver
2015-02-17 17:01:44 +00:00
49971a6bc3
Add two more contants and handlers seen during testing.
2015-02-17 16:48:11 +00:00
1f6aebe3df
Move to using constant values.
...
This commit adds several constants for TRANS2, QUERY_PATH_INFO, MAX_DATA_COUNT,
and NT2 FLAG2 Bits to smb/constants.rb, which have then been utilised in smb/server.rb
to reduce the use of magic values.
2015-02-17 14:31:31 +00:00
3110c7b40f
Adds smb_cmd_trans_find_first2_full to respond to "Find File Full Directory Info" FIND_FIRST2 requests,
...
as seen when using "type \\ip\share\file".
2015-02-17 11:37:44 +00:00
1f4fdb5d18
Update from master
2015-02-10 10:47:17 -06:00
ffe0e52cb6
The iax2 stack now works properly with asterisk 1.8
...
Note that the requirecalltoken=no setting is still required in the asterisk configuration at this point.
2015-02-02 22:29:13 -06:00
0ba34422d5
Pass the debugging option for IAX2 Client
2015-02-02 21:08:16 -06:00
5cc7d5d1a8
Remove errant pry
2015-01-13 10:35:05 -08:00
0babde8c1a
Fix specs
2015-01-13 10:48:23 -06:00
4351964290
Change module filename
2015-01-13 10:46:14 -06:00
3946b95bc3
Update rex code and specs
2015-01-13 10:45:00 -06:00
1f0b986bf1
Change filenames
2015-01-13 10:43:27 -06:00
69f03f5c5d
Move ACPP default port into Rex
2015-01-12 19:43:57 -08:00
d5cdfe73ed
Big style cleanup
2015-01-12 19:11:14 -08:00
ec506af8ea
Make ACPP login work
2015-01-12 14:01:23 -08:00
691ed2cf14
More cleanup
...
Don't validate checksums by default until they are better understood
Handle the unknowns a bit better
Make checksum failures more obvious why it failed
2015-01-12 13:08:12 -08:00
97f5cbdf08
Add initial Airport ACPP login scanner
2015-01-12 13:08:12 -08:00
fba6945e9a
Doc payload oddness. Add more checksum tests
2015-01-12 13:08:12 -08:00
54eab4ea3d
Checksum validation, more tests
2015-01-12 13:08:12 -08:00
7e4dd4e55b
Add ACPP decoding capabilities
2015-01-12 13:08:12 -08:00
2af82ac987
Some preliminary Apple Airport admin protocol (ACPP?) support
2015-01-12 13:08:11 -08:00
d59805568e
Do first module refactoring try
2015-01-07 19:06:09 -06:00
98ec08ae0d
Add support for Ping and PingAck
2015-01-06 15:18:55 -06:00
1e3b24f01b
Add support for DbgAck
2015-01-06 15:00:17 -06:00
6d1d300e72
Add support for ReturnData
2015-01-06 12:52:00 -06:00
825e08f5ac
Add support for Call messages
2015-01-06 12:36:06 -06:00
f3ff42dbfb
Add support for Continuation
2015-01-06 11:34:47 -06:00
757f95a24d
Add support for ProtocolAck
2015-01-06 00:14:14 -06:00
26da73ffb8
Change class name
2015-01-05 19:23:07 -06:00
d5dfd75e71
Add initial model and support to OutputStream
2015-01-05 18:52:13 -06:00
4f11dc009a
fixes #4490 , class.to_s should not be used for checks
2014-12-31 10:46:24 +01:00
555713b6ae
Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support)
2014-12-29 16:09:28 -06:00
d148848d31
Support Kerberos error codes
2014-12-24 18:05:48 -06:00
05a9ec05e8
raise NotImplementedError
2014-12-23 19:59:37 -06:00
4493b3285c
Raise NoMethodError for methods designed to be overriden
2014-12-23 19:51:41 -06:00
fee033d6df
Use Rex::Text.md5_raw
2014-12-23 19:30:23 -06:00
3c10b04673
add start of rspec tests
2014-12-23 16:35:27 +00:00
fca0484639
fix a few bugs with the code cleanup
2014-12-23 15:28:00 +00:00
6b98a7d444
Tidy up by removing some duplicate code; add framework to track payload requests through the file id
2014-12-23 14:14:06 +00:00
13ec578d1a
Revert "Back to Create OpenSSL::BN from string"
...
This reverts commit 635a54ca94
2014-12-22 23:17:03 -06:00
635a54ca94
Revert "Create OpenSSL::BN from string"
...
This reverts commit fe99b65a62
2014-12-22 19:14:07 -06:00
fe99b65a62
Create OpenSSL::BN from string
2014-12-22 18:44:47 -06:00
d12b43d257
Use Intege.new
2014-12-22 18:37:07 -06:00
ad97457a39
Move more constants to Crypto
2014-12-22 15:27:16 -06:00
75a2846377
Add more PAC constants
2014-12-22 15:14:46 -06:00
5a6c915123
Clean options
2014-12-22 14:37:37 -06:00
ff208002d7
Reorganize the Crypto mixin
2014-12-22 11:57:35 -06:00
9f1403a63e
Add initial specs for Msf::Kerberos::Client::TgsResponse
2014-12-20 20:29:00 -06:00
5f0c3ebb2b
Add documentation for Msf::Kerberos::Client::TgsResponse and TgsRequest
2014-12-20 19:32:38 -06:00
e35218b6f1
Add documentation for Msf::Kerberos::Client::CacheCredential
2014-12-20 18:28:36 -06:00
fad08d7fca
Add specs for Rex Kerberos client
2014-12-19 12:14:33 -06:00
f4037b1003
Clean Kerberos Rex client code
2014-12-19 11:08:48 -06:00
dfa92da287
Add TODO
2014-12-19 01:13:56 -06:00
77e2d4d90d
Add documentation for the Kerberos PAC support classes
2014-12-19 01:12:14 -06:00
fda4cd3440
Fix some Rex Kerberos model documentation
2014-12-18 19:30:12 -06:00
c426cf32d0
Add specs for Rex::Proto::Kerberos::CredentialCache::Principal
2014-12-18 17:40:06 -06:00
16d5ee1aae
Add documentation for the rex credential cache support
2014-12-18 17:12:58 -06:00
7275f5a5f2
Allow Rex to load credential_cache
2014-12-18 16:32:21 -06:00
f325d2f60e
Add support for cache credentials in the mixin
2014-12-18 16:31:46 -06:00
0a61e108ea
Add code skeleton for credential_cache
2014-12-18 00:30:47 -06:00
0f19f3cf2e
Add classes templates
2014-12-17 23:16:58 -06:00
f3f6a64f02
Add some AS response methods to a mixin
2014-12-17 19:50:42 -06:00
8e570cc19b
Initial support to send TGS-REQ
2014-12-17 18:55:30 -06:00
594b9bcfc2
Add support for AuthorizationData
2014-12-16 23:21:13 -06:00
2649d482fe
Add support for KRB_AP_REQ
2014-12-16 18:39:42 -06:00
0f55a98450
Add support for Authenticator encoding
2014-12-16 17:45:54 -06:00
dde45a7f53
Add support for Checksum encoding
2014-12-16 17:05:35 -06:00
a93cbac7bf
Support ticket encoding
2014-12-16 16:04:13 -06:00
ce6b53b44c
Fix attribute description
2014-12-16 11:39:04 -06:00
a5f8b4319f
Add support to encode PAC-TYPE
2014-12-16 11:31:27 -06:00
1721641138
Add support for PAC-LOGON-INFO
2014-12-16 09:32:47 -06:00
c1114c180a
Add support for PAC-CLIENT-INFO
2014-12-15 17:32:51 -06:00
64a0162e3f
Add support for PAC-SERVER-CHECKSUM
2014-12-15 17:16:43 -06:00
482c883d36
Add the parent class for pac elements
2014-12-15 17:13:52 -06:00
2c7139b936
Add support for PAC-PRIVSRV-CHECKSUM
2014-12-15 17:13:22 -06:00
147ff13080
Add support to decode the encryption part of as responses
2014-12-15 11:47:08 -06:00
643279b54b
Add support to decode the encryption part of as responses
2014-12-15 11:46:11 -06:00
d81cdd6cbb
Add KdcResponse spec first draft
2014-12-14 21:20:54 -06:00
c3a2bcf956
Make KdcResponse decoding better
2014-12-14 21:01:09 -06:00
442adb080f
Add first support to decode tickets
2014-12-14 20:51:26 -06:00
35742873c7
Delete references to deleted namespaces
2014-12-14 19:23:21 -06:00
78c76092dd
Delete namespaces from model classes
2014-12-14 19:18:30 -06:00
13ae624738
Delete namespaces
2014-12-14 19:15:57 -06:00
2d0cb5acd8
Move elements to model dir
2014-12-14 19:11:21 -06:00
328e9f62e8
Add first draft for Kerberos responses
2014-12-14 19:09:41 -06:00
483c273e17
Add support to decode responses on the Rex client
2014-12-14 17:54:17 -06:00
883bfd1f46
Add support to retrieve e-data
2014-12-14 17:23:37 -06:00
7067f2ea83
Modify Rex::Proto::Kerberos::Client to read responses
2014-12-14 16:32:25 -06:00
c5dc065fde
Add support for decoding KrbError
2014-12-14 16:26:18 -06:00
704781d0ce
Modify exception message
2014-12-14 12:11:09 -06:00
8435328af7
Fix create_tcp_connection
2014-12-14 00:54:26 -06:00
0abf5d147e
Add some documentation
2014-12-14 00:51:44 -06:00
bde8c380c2
Make mixin run
2014-12-13 02:46:00 -06:00
f676b72767
Add Kademlia scanner, lands #4210
2014-12-12 16:40:58 -06:00
78eb3325bc
Add initial Rex Client and mixin
2014-12-12 01:20:14 -06:00
20836c1789
Refactor crypto usage
2014-12-11 18:18:37 -06:00
0b2fd7ffec
Update PreAuthEncTimeStamp#encrypt documentation
2014-12-11 17:08:04 -06:00
424ce6ad53
Add constant with CRYPTO_MSG_TYPE
2014-12-11 17:03:46 -06:00
38a0506f2d
Refactor Crypto
2014-12-11 17:00:46 -06:00
35f02e6796
Add support to encode KdcRequest
2014-12-11 15:51:54 -06:00
d96206b813
Support KdcRequest#encode
2014-12-11 12:44:17 -06:00
3f12c5c9c5
Redo decode_asn1
2014-12-11 12:34:47 -06:00
8d6e41fae3
Add documentation for KdcRequest
2014-12-11 12:27:26 -06:00
162d2d39b5
Add support for KdcRequestBody decoding
2014-12-11 12:19:26 -06:00
39ffc0c58a
Add support for PreAuthData#encode
2014-12-10 19:48:44 -06:00
b89dee03c6
Add PreAuthEncTimeStamp#encode support
2014-12-10 19:30:21 -06:00
3accdb705b
Add support for PreAuthPacRequest#encode
2014-12-10 19:18:19 -06:00
96c1370334
Add EncryptedData#encode support
2014-12-10 19:12:24 -06:00
543ec35a01
Refactor PrincipalName#encode
2014-12-10 18:57:23 -06:00
5d2ff5982e
Add support for PreAuthEncTimeStamp decoding/decrypting
2014-12-10 18:33:46 -06:00
0eea9a02a1
Land #3144 , psexec refactoring
2014-12-10 17:30:39 -06:00
785ff60d8e
Add inital support for PreAuthEncTimeStamp
2014-12-10 11:25:48 -06:00
8ec403af89
Add support for PA-PAC-REQUEST
2014-12-10 10:51:37 -06:00
6ebfbe7271
Prefix coding
2014-12-10 09:54:57 -06:00
6653502e68
Support pa_data parsing on kdc_request
2014-12-10 09:47:31 -06:00
cc909ba402
Add documentation for PreAuthData
2014-12-09 19:57:16 -06:00
0a6e42968b
Add inital support for padata
2014-12-09 19:28:40 -06:00
e62628f1cc
Make specs pass
2014-12-09 18:52:42 -06:00
2557780e7c
Add initial support to decode kdc requests
2014-12-09 18:48:08 -06:00
bed1e06d13
Mark EncryptedData encode as unsupported atm
2014-12-09 17:06:51 -06:00
82549315ff
Mark KdcRequestBody encode as unsupported atm
2014-12-09 17:05:20 -06:00
b84840a596
Add support to decode TGS_REQ body
2014-12-09 16:51:34 -06:00
f236438290
Add initial support for EncryptedData
2014-12-09 16:40:44 -06:00
2725235bc1
Add require for EncryptedData
2014-12-09 16:28:37 -06:00
c5865c6fec
Add initial design draft
2014-12-09 15:53:29 -06:00
c0dab54925
Add minor missing doc
2014-11-25 07:37:49 -08:00
bedf7ed44b
Doc cleanup
2014-11-24 14:34:20 -08:00
0ed356f71c
Move Kademlia stuff to a more OO model, etc, per reviews
...
All of the work is done in rex. The msf mixin just prevents the
desire to call rex directly from the module
2014-11-24 14:03:43 -08:00
90ae9a3ff8
Land #4173 , @wchen-r7's fix for SMB find_first
...
* Fixes #4119 , SMB find_first("\\*") does not return accurate results
* It missed initialization of sid
2014-11-21 09:51:57 -06:00
e255db9429
Partial commit
2014-11-20 13:49:36 -08:00
5d2c02f402
Initial commit of more OO version of Rex/Aux Kademlia support
2014-11-20 13:28:01 -08:00
94e5ba13a4
YARD and spec cleanup
2014-11-20 13:28:01 -08:00
df36ac910d
Mostly complete Kademlia PING / BOOTSTRAP scanner
2014-11-20 13:28:01 -08:00
f5aa3ecb57
Add proper peer decoding
2014-11-20 13:28:01 -08:00
ab49d01a1b
Add beginnings of Kademlia gather module and protocol support
2014-11-20 13:28:00 -08:00
7004c501f8
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2
...
Conflicts:
modules/exploits/windows/smb/psexec.rb
2014-11-19 14:40:50 +00:00
d94ca2b89a
Add doc for Rex::Proto::Steam
2014-11-18 11:46:28 -08:00
7098d89058
Introduce new ::Rex::Proto::SunRPC::RPCError, making run_host cleaner
2014-11-17 10:41:17 -08:00
ebf6fe4e56
Minor style cleanup
2014-11-12 16:44:43 -08:00
07a1653e57
Add gather module for Quake servers
2014-11-12 13:32:56 -08:00
719db5d2b1
Fix #4119 - SMB lost search ID (sid) in find_first method
...
This will fix issue #4119 . A bug in the find_first method in rex
SMB.
When the SMB client requests a TRANS2_FIND_FIRST2 for retriving
information about what items a directory has, the server returns
a response that contains an SID - a search identifier for the
transaction. If the SMB client wants more data, it must send a
TRANS2_FIND_NEXT2 request with the same SID. And then the server
will continue sending more until it runs out.
The root cause of this bug is that after the TRANS2_FIND_FIRST2
request is sent, our SMB's find_first method forgets the SID at
the end of the loop (out of scope).
2014-11-11 12:35:07 -06:00
5b1b7c22bb
Minor test/style cleanup
2014-11-11 10:18:56 -08:00
51e84ce548
Add unit tests, complete extraction/cleanup
2014-11-11 10:18:49 -08:00
e54442af36
Fix #4089 - undefined method `downcase' for nil:NilClass
2014-11-07 02:45:22 -06:00
4f61710c9a
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2
2014-10-28 20:26:44 +00:00
ea6824c46f
WIP of NAT-PMP rework
2014-10-14 14:20:24 -07:00
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
e1f00a83bc
Fix Rex because domainname and domain_name were duplicated
2014-09-26 13:40:52 -05:00
a31b4ecad9
Merge branch 'review_3893' into test_land_3893
2014-09-26 08:41:43 -05:00
86f85a356d
Add DHCP server module for CVE-2014-6271
2014-09-26 01:24:42 -05:00
5dde73bb51
Add domain name and url options to DHCP server
2014-09-25 19:58:42 -03:00
f68628c487
Add minimal specs for rex/proto/http/packet/header
2014-09-12 14:30:27 -05:00
af24e30ae9
Return instead of crashing if no challenge is received
2014-09-06 15:51:50 -05:00
ba1f7c3bf6
Land #3687 , reworks the nat-pmp portscanner
2014-08-26 14:34:46 -05:00
5ad090e833
Add unit test for and correct parsing of NAT-PMP port map responses
2014-08-26 10:49:53 -07:00
32a14cfc43
Missed the file...
2014-08-26 10:49:53 -07:00
bfa89bb3a5
Enforce binary encoding on non-modules, no encoding on modules
2014-08-25 13:12:29 -07:00
6185721a61
Address @hmoore-r7's feedback regarding binary encoding
2014-08-25 13:11:22 -07:00
637f86f37d
Gut SIP UDP stuff, use Msf::Auxiliary::UDPScanner
2014-08-25 13:11:21 -07:00
c2e70446ed
Move SIP module stuff to Msf::Exploit::Remote::SIP
2014-08-25 13:11:21 -07:00
fc67aed174
Correct style and doc issues, tidy failure message when not SIP
2014-08-25 13:11:21 -07:00
e3753e3649
Refactor SIP response parsing for future improvements
2014-08-25 13:11:21 -07:00
02e41c27e7
Split SIP response parsing out on its own, add unit tests.
...
Passes rspec but fails in framework. WIP.
2014-08-25 13:11:20 -07:00
d4ea3e9f29
Pass protocol down to parse_reply for report_* purposes
2014-08-25 13:09:39 -07:00
a2e2e37a69
Fix SIP options scanning
2014-08-25 13:09:39 -07:00
1ee83ff57e
Land #3696 , pile of NTP DRDoS 0days
...
Dr. DoS in da house?
2014-08-25 11:47:28 -05:00
05f0d09828
Merge branch staging/electro-release into master
...
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master. Rather than merging with
history, he squashed all history into two commits (see
149c3ecc6382760bf5b319ba7772f362b81d681448f0743d1b
2014-08-22 10:50:38 -05:00
19ba7772f3
Revert "Various merge resolutions from master <- staging"
...
This reverts commit 149c3ecc63
2014-08-22 10:17:44 -05:00
5e123e024d
Add 'coding: binary' to all msf/rex library files
...
This fixes a huge number of hard-to-detect runtime bugs
that occur when a default utf-8 string from one of these
libraries is passed into a method expecting ascii-8bit
2014-08-17 17:31:53 -05:00
6d92d701d7
Merge feature/recog into post-electro master for this PR
2014-08-16 01:19:08 -05:00
149c3ecc63
Various merge resolutions from master <- staging
...
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
c48cf48d85
Return the NTP message, not the string
2014-08-08 21:39:48 -07:00
91bb0b6e10
Metasploit Framework 4.9.3-2014072301
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
/lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
aJ0QgKJz8thZgafZc89I
=e1z9
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
AjGcfOzhhcsY+WAQ7OG+
=Pjob
-----END PGP SIGNATURE-----
Merge tag '2014072301' into staging/electro-release
Conflicts:
Gemfile.lock
modules/post/windows/gather/credentials/gpp.rb
This removes the active flag in the gpp.rb module. According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
ffafd4c01f
Add NTP fuzzer from @jhart-r7
...
Looks good to me!
2014-07-21 12:38:12 -05:00
17b0560dff
Add rubygems check to msftidy. remove rubygems.
2014-07-17 09:29:13 -07:00
25f74b79b8
Land #3484 , bad pack/unpack specifier fix
2014-07-16 14:52:23 -05:00
51a9a763c0
Move error_name to InvalidPacket and check for nil
...
MSP-10713
2014-07-15 15:02:53 -05:00
cc93dbbe29
Merge pull request #102 from rapid7/feature/MSP-9707/smb-bruteforce-refactor
...
Feature/msp 9707/smb bruteforce refactor
MSP-9707 #land
2014-07-11 11:33:12 -05:00
7d9c0da691
Record correct creds with non-success status
2014-07-09 13:26:49 -05:00
f51feb7f52
Modify get_cookies regular expression
2014-07-06 13:22:31 -05:00
43d65cc93a
Merge branch 'master' into feature/recog
...
Resolves conflicts:
Gemfile
data/js/detect/os.js
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
bc3ac1ee36
Correct private message format, update tests
2014-07-03 08:27:27 -07:00
1830bdc7a5
Add rspec coverage for Rex::Proto::NTP
2014-07-01 12:29:47 -07:00
bc274b358f
Move NTP message code to Rex::Proto::NTP, simplify option handling
2014-06-30 23:57:47 -07:00
c9b6c05eab
Fix improper use of host-endian or signed pack/unpack
...
Note that there are some cases of host-endian left, these
are intentional because they operate on host-local memory
or services.
When in doubt, please use:
```
ri pack
```
2014-06-30 02:50:10 -05:00
002234993f
SMB lib fixes, unattend.xml cred gathering
2014-06-23 20:08:42 -05:00
b872fa0f0d
Handle smb_recv corner case with a cache, clean up find_*, cosmetic
2014-06-23 16:14:18 -05:00
94388e3931
Fix typo in the constant name
2014-06-23 12:51:26 -05:00
936c7088ad
Merge branch 'master' into psexec_refactor_round2
...
Conflicts:
lib/msf/core/exploit/smb/psexec.rb
modules/exploits/windows/smb/psexec.rb
2014-06-07 13:38:30 +01:00
0133e861f8
Fix typo
2014-05-26 23:55:20 -05:00
da0a9f66ea
Resolved all msftidy vars_get warnings
2014-05-25 19:29:39 +02:00
d77cb179a8
Fix return yarddoc
2014-05-23 21:16:11 +01:00
8aa2df1924
Fixup yarddoc
2014-05-23 20:47:52 +01:00
778138b0dc
Refactors
...
Add a Rex::Constants::Windows module to hold windows constants
Convert DCERPC_SERVICES to a class and move to Rex
2014-05-21 20:15:32 +01:00
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
472f029576
Fix random bug when workstation_name is < 6 chars
...
When the local workstation name is less than 6 characters, remote
authentication against a Windows 2008r2 WinRM service always fails. This
doesn't seem to affect authentication against IIS's negotiate
implementation.
2014-05-15 13:27:37 -05:00
2849a1bc0c
Update comment again
2014-05-12 13:10:20 -05:00
a3cc499a17
Update comment w/ all modes
2014-05-12 13:02:54 -05:00
5f523e8a04
Rex::Text::uri_encode - make 'hex-all' really mean all.
...
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes' It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
e8f46f97e1
Remove bin_to_hex function and replace with Rex::Text.to_hex
2014-05-01 15:42:04 +01:00
ff14cf9bfb
Implement QUERY_FILE_INFO_NETWORK SMB command
...
This commit adds support for the TRANS2 request 'query file info
network' (smb_cmd_trans_query_file_info_network) used in some SMB client
requests. This adds specific support for functions used by Apache Tomcat
in the Struts2 JSP injection exploit (CVE-2014-0094).
2014-05-01 12:23:31 +01:00
b899504580
Bugfixes and additional protocol support for extra FIND_FIRST2 functions
...
These additions queue up support for the SMB functions used by the
ms13_071_theme expoit developed by Juan Vazquez, including support for
the FIND_FIRST2 functions:
* Find File Both Directory Info
* Find File Names Info
Additionally this commit fixes a few bugs in how the client SMB payload
is handled to determine whether a file, directory or "not found"
response needs to be returned and allows metasploit to serve arbitrary
files directly over SMB in addition to files being loaded in runtime
processes calling "LoadLibrary".
2014-04-30 11:58:34 +01:00
42d59d269e
Check #closed? instead of rescuing.
2014-04-03 14:20:48 -05:00
98628b814e
Prevent Rex::Proto::Http::Client from raising on close.
2014-04-03 11:36:18 -05:00
7e227581a7
Rework OS fingerprinting to match Recog changes
...
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.
This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
c1db8e260f
Add yardoc documentation for the SMBFileServer Class
2014-03-12 17:28:18 +00:00
0f259d3032
Tidy lib/rex/proto/smb/server.rb following feedback from jlee-r7
...
* Remove redundant ServerClient class
* Use dlog/elog/ilog instead of printing to $stdout
2014-03-12 15:41:21 +00:00
c6d92796e6
Clean with msftidy.rb
2014-03-12 10:06:02 +00:00
d380435113
This commit adds support for implementing the SMBFileServer Module
...
within Rex, allowing exploit modules to create a payload to be sent
to an SMBFileServer instance. This can be useful in cases where
you would find DLL injection in an system which will read files
over a UNC share, or other instances where a payload can be delivered
over SMB.
This code borrows heavily from the ms13_071_theme module written
by Juan Vazquez, however I have performed a fair amount of protocol
analysis and debugging to provide support for delivering an arbitrary
MSF payload over UNC.
The main differences being the presence of functions to support:
-SMB CMD Trans Query Path Info (Basic and Standard)
- SMB CMD Trans Query File Info (Standard and Internal)
This code can be considered "alpha", as I have only implemented support
for the SMB functions discovered during development of an exploit of an
arbitrary DLL injection into a server performing a "LoadLibraryA" call.*
However, this provides a basis upon which additional SMB functions can
be implemented to extend delivery of payloads over SMB.
A separate commit will expose the SMBFileServer Module within
./lib/msf/core/exploit/smb.rb
* This exploit will be committed separately once a fix has been confirmed
by the vendor.
2014-03-07 15:00:45 +00:00
57320a59f1
Do small clean up for mediawiki_thumb pr
2014-02-10 08:57:09 -06:00
90207628cc
Land #2666 , SSLCompression option
...
[SeeRM #823 ], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
dc4b4218b3
Make {COUNT,SIZE}_MAX more readable
...
Good suggestion, @jlee-r7.
2014-01-21 12:13:14 -06:00
6a16cf96ba
Fix bug in fsupload
...
Badchar analysis: file may contain form feeds.
2014-01-21 11:36:24 -06:00
9bf90b836b
Add environment variables support
2014-01-16 14:53:25 -06:00
0915212249
Fix socket timeout bug
2014-01-16 11:58:37 -06:00
311704fc0a
Perform final cleanup
2014-01-15 13:49:37 -06:00
27f079ad7c
Move {begin,end}_job from libs to modules
2014-01-09 01:03:01 -06:00
025fc79683
Refactor commands for modularity
2014-01-09 01:03:01 -06:00
3fca11e5ac
Replace magic numbers with constants
2014-01-09 01:03:01 -06:00
2f2823e323
Remove newline from end_job to conform to spec
2014-01-09 01:03:01 -06:00
d3bbe5b5d0
Add filesystem commands and new PoC modules
...
This commit also refactors some of the code.
2014-01-09 01:03:01 -06:00
af66310e3a
Address @jlee-r7's comments
2014-01-09 01:03:01 -06:00
bab32d15f3
Address @wchen-r7's comments
2014-01-09 01:03:00 -06:00
1c889beada
Add Rex::Proto::PJL and PoC modules
2014-01-09 01:03:00 -06:00
feaf6c23cf
Merge and Unconflict client.rb, new module splat
...
The only conflict was the regex option for no encoding, which was added
after @Meatballs1's original PR for rapid7/metasploit-framework#1421
Also fixes the module with the new license splat.
Conflicts:
lib/rex/proto/smb/client.rb
2013-12-30 16:53:13 -06:00
e10f9cc518
More whitespace fixes.
2013-11-20 15:07:51 -06:00
3ff9da5643
Remove compression options from client sockets.
...
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
2013-11-20 14:41:45 -06:00
b70b594a2a
Kill extraneous comma.
2013-11-20 13:47:47 -06:00
a7b01e3b72
Put initialize params back on one line, and move attr_accessors.
...
As per @hdm's feedback
2013-11-20 12:29:09 -06:00
9f103f8621
Whitespace tweak.
2013-11-20 01:15:15 -06:00
f8b57d45cd
Reenable the client SSLCompression advanced option.
...
Add spec for some of the additions to Rex::Proto::Http::Client
2013-11-20 01:03:13 -06:00
109fc5a834
Add SSLCompression datastore option.
...
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.
This also kills some ruby < 1.9.3 code.
2013-11-19 22:34:39 -06:00
8d4d7dae50
Restore comment header and remove carriage returns
2013-11-11 12:16:14 -06:00
36064ca886
remove EOL carriage return from socks4a.rb
2013-11-11 12:47:41 -05:00
575072585f
removed shebangs from files within rex
2013-11-07 18:51:59 -05:00
cad717a186
Use NDR 32bit syntax.
...
Compatible with both x86 and x64 systems.
Tidy up the module...
2013-10-12 18:52:45 +01:00
876d4e0aa8
Land #1420 , WDS scanner
2013-10-11 16:53:25 -05:00
d04c47d2b7
Remove comment since it was addressed in 4500d09c2f
2013-09-26 19:47:54 -05:00
9cc446ae2a
Get cookies with empty values
2013-09-25 14:31:34 -05:00
58d4096e0f
Resolv conflicts on #2267
2013-09-25 13:06:14 -05:00
7c4708b1df
-) Fix get_cookies to return multiple cookies. Before it only returned the first cookie
...
-) Bugfix
2013-09-23 23:59:45 +02:00
72dff03426
FixRM #8396 change all lib use of regex to 8-bit pattern
2013-09-12 16:58:49 -05:00
8bc83f4922
Retab changes for PR #1420
2013-09-05 16:21:26 -05:00
jvazquez-r7
Matthew Hall
HD Moore
Jon Hart
Christian Mehlmauer
sinn3r
Tod Beardsley
Meatballs
James Lee
Ramon de C Valle
William Vu
Brandon Turner
Samuel Huckins
Trevor Rosen
Jeff Jarmoc
joev
Jonathan
Joshua J. Drake
jvazquez-r7
Tab Assassin