Brent Cook
55f6fe7037
Land #5510 , update x86/alpha* encoders to be SaveRegister aware
2015-10-01 15:07:10 -05:00
Brent Cook
d551f421f8
Land #5799 , refactor WinSCP module and library code to be more useful and flexible
2015-10-01 14:35:10 -05:00
Brent Cook
7cd30ef0b8
Land #6031 , delete unused -a db_export option
2015-10-01 14:12:34 -05:00
Brent Cook
144bf39038
Land #5998 , fixup PrependMigrate for stageless meterpreter
2015-10-01 11:48:33 -05:00
William Vu
eb751822d8
Remove dead option in db_export
2015-10-01 10:58:15 -05:00
William Vu
2ab779ad3d
Land #6010 , capture_sendto fixes
2015-10-01 10:54:24 -05:00
OJ
22c424a4c6
Fix CreatProcessA stack alignment in prependmigrate x64
2015-10-01 10:24:13 +10:00
OJ
b35a0166bf
Merge branch 'upstream/master' into fix-prepend-https
2015-10-01 09:07:28 +10:00
jvazquez-r7
bfbd6ad475
Add the NewClass code really
2015-09-30 12:31:18 -05:00
jvazquez-r7
8590c79021
Add support for NewClass
2015-09-30 12:30:52 -05:00
Fernando Arias
393a71cf46
Merge branch 'master' of github.com:rapid7/metasploit-framework into bug/MSP-13119/rework-match-result-creation
...
Conflicts:
Gemfile.lock
2015-09-29 15:00:22 -05:00
Brent Cook
54f9a3b25a
Land #6013 , add mainframe as a platform and architecture
2015-09-29 13:28:23 -05:00
Brent Cook
f3e8b34b4f
Land #6007 , restore original behavior when capture_sendto fails
...
we need this while fixing modules to handle exceptions
2015-09-29 09:55:47 -05:00
jvazquez-r7
9444c8c410
Fix #5988 , windows x64 stagers
...
* Also, use mov esi, esi to save an extra byte
* Also, modify the block_recv.asm code, just to have it up to date
2015-09-28 15:52:50 -05:00
bigendian smalls
31552a71cf
Added FIREFOX back as arch - inadvertantly removed
2015-09-28 14:50:46 -05:00
jvazquez-r7
19ada4b842
Revert "Add debug message"
...
This reverts commit 983bedeb85
.
2015-09-28 14:44:48 -05:00
jvazquez-r7
983bedeb85
Add debug message
2015-09-28 13:58:08 -05:00
jvazquez-r7
50249bd640
Update Metasploit::Framework::Tcp::Client to have SSLVerifyMode and SSLCipher into account
2015-09-28 13:57:08 -05:00
jvazquez-r7
1e4e5c5bae
Update ACPP login scanner to have into account advanced options
2015-09-28 13:50:20 -05:00
jvazquez-r7
3529cdad7b
Add attributes
2015-09-28 13:30:10 -05:00
jvazquez-r7
4a9ef30e9e
Use SSLVerifyMode and SSLCipher from the Exploit::Remote::Tcp mixin
2015-09-28 10:31:17 -05:00
bigendian smalls
ff87fbc976
Added a mainframe.rb in core/payload
...
Base module for payloads to be developed on the mainframe / SystemZ
(z/os mvs) architecture
2015-09-28 10:06:09 -05:00
bigendian smalls
ecf6867c35
Added mainframe as a payload constant
...
updated core/payload.rb to include 'mainframe' as a option
2015-09-28 10:04:50 -05:00
bigendian smalls
bc718da5d9
Added mainframe as a platform in core
...
To develop modules, mainframe and zArchitecture needs to be defined in
several places. This is the official platform.rb definition
2015-09-28 10:03:15 -05:00
bigendian smalls
bb769f0dca
Added mainframe ebcdic<->ascii conv ability
...
Within text.rb added 2 tables and 2 methods that allow for the
tranlsation of EBCDIC<->ASCII for mainframe modules and functionality
(SystemZ Zarchitecturer mainframe)
2015-09-28 09:55:30 -05:00
bigendian smalls
33807abeda
Updated contstants.rb with ARCH_ZARCH / mainframe
2015-09-28 09:47:24 -05:00
bigendian smalls
94e0a78050
Added zarch.rb architecture file
2015-09-28 09:41:22 -05:00
bigendian smalls
258e743f82
Added ARCH_ZARCH as architecture option
...
SystemZ (z/os, mainframe) added as a constant to the arch.rb file. This
along with other commits in this package will allow for development of
SystemZ (mainframe) based modules.
2015-09-28 09:36:31 -05:00
Jon Hart
7d9d3864c3
Add docs for capture_sendto
2015-09-27 15:40:32 -07:00
Jon Hart
fc9a757194
Fix #6008 for the 6 modules that use scanner_spoof_send
2015-09-27 15:06:29 -07:00
Jon Hart
b508625957
When unable to determine destination MAC, vprint and return false
...
Fixes #6006 .
~20 related modules are affected by this defect and by this "fix"
2015-09-26 15:13:26 -07:00
William Vu
cb4e609dd5
Land #5997 , database cache update fix
2015-09-26 14:10:04 -05:00
William Vu
f4b4b21bfc
Land #5990 , reverse_hop_http fix
2015-09-26 13:42:46 -05:00
Brent Cook
f3451eef75
Land #5380 , pageantjacker, an SSH agent proxy
2015-09-26 10:52:44 -04:00
Brent Cook
4cbe35e1b2
specifically use shell or powershell
2015-09-23 22:08:32 -05:00
Brent Cook
157bab4f0d
Land #5518 , TFTP::Client retransmit lost data blocks on upload
2015-09-23 21:58:42 -05:00
Brent Cook
d9a76bbe0a
Land #5911 , add adsi enumerate to a file via -o
2015-09-23 21:40:01 -05:00
Meatballs
66c9222968
Make web_delivery proxy aware
2015-09-23 20:45:51 +01:00
Fernando Arias
52e3405192
Passing report_exploit_success specs
...
MSP-13119
2015-09-23 11:12:02 -05:00
Fernando Arias
dc84b3b1ba
Passing report_exploit_failure specs
...
MSP-13119
2015-09-23 10:54:13 -05:00
Stuart
853d822992
Merge pull request #1 from bcook-r7/land-5380-pageantjacker
...
update pageantjacker to run as part of extapi
2015-09-23 09:45:53 +01:00
scriptjunkie
30102d4526
No longer needed.
2015-09-22 17:05:30 -05:00
scriptjunkie
d90f87449a
Fix merge
2015-09-22 16:55:01 -05:00
scriptjunkie
7d2a2a8b64
Fix issues with using hop for new core
2015-09-22 16:54:02 -05:00
Brent Cook
6482083b6b
revert WfsDelay short-circuit on exploit failure
...
Some exploits currently succeed, but can fail during cleanup, leading to a
false-negative. Reverting this so that the affected exploits can be fixed
first.
This reverts commits b0858e9d46
and
b3f754136e
.
2015-09-22 14:43:03 -05:00
Brent Cook
66b453edd6
ensure the database cache is always updated, present accurate reporting on search
2015-09-22 12:56:26 -05:00
Samuel Huckins
1bd472107b
Land #5996
...
Missing service in looking up vulns by refs now handled.
2015-09-22 12:16:42 -05:00
dmohanty-r7
8b10cbe3fd
Query for vulns without specifying service when service is nil
...
MSP-13284
2015-09-22 10:50:23 -05:00
OJ
46e00389c4
Adjust payload size for stageless in prepend migrate
2015-09-22 18:07:53 +10:00
Fernando Arias
9230b04674
Update match result creation logic
...
MSP-13119
* Look up match on match set for the run
* If no match exists in the match set for the vuln, attempt to create a match for the vuln
2015-09-22 00:24:38 -05:00
jvazquez-r7
62ff291713
Fix msfrop metasm require
2015-09-21 13:19:23 -05:00
HD Moore
0cc6b53d59
Land #5905 , support newer OpenVAS formats.
2015-09-21 10:30:25 -05:00
Stuart Morgan
cdd39f52b1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into pageant_extension
2015-09-21 14:34:56 +02:00
Stuart Morgan
e8e4f66aaa
Merge branch 'master' of ssh://github.com/stufus/metasploit-framework into pageant_extension
2015-09-21 14:34:38 +02:00
Brent Cook
61e7e1d094
update pageantjacker to run as part of extapi
2015-09-20 20:25:00 -05:00
wchen-r7
98da192c70
Land #5615 , Updated YARD Documentation for EXE.rb
2015-09-18 13:36:11 -05:00
wchen-r7
0bf20993ec
Fix more doc
2015-09-18 13:35:31 -05:00
Fernando Arias
d3a73149a2
Add specs around match result creation in exploit attempt
...
MSP-13119
2015-09-18 12:04:45 -05:00
David Maloney
6f19e30723
Merge branch 'staging/hd-wfs' into feature/hd-wfsdelay
2015-09-17 13:07:56 -05:00
jvazquez-r7
c8b27e0563
Land #5889 , @jlee-r7's favors metasm as a gem
2015-09-16 17:01:01 -05:00
wchen-r7
c7afe4f663
Land #5930 , MS15-078 (atmfd.dll buffer overflow)
2015-09-16 15:33:38 -05:00
Fernando Arias
5cf3ac23e2
Fix no method defined error when run_id is not passed down
...
* run_id is an optional param so we handle when it isn't set on user data
MSP-13119
2015-09-16 15:32:48 -05:00
HD Moore
b0858e9d46
Style tweak re: TheLightCosine's feedback
2015-09-16 08:15:26 -07:00
HD Moore
b7572d5494
Handle both serialized & unserialized cases on import
2015-09-16 08:11:15 -07:00
HD Moore
ef043cebc3
Always use the stringified host->address during export
2015-09-16 02:59:11 -07:00
Fernando Arias
382e01d680
Add comments and use run scope on match
...
MSP-13119
2015-09-15 15:09:26 -05:00
Fernando Arias
621af7311c
Merge branch 'master' of github.com:rapid7/metasploit-framework into bug/MSP-13119/rework-match-result-creation
2015-09-15 14:35:07 -05:00
Fernando Arias
eb479318b1
Use existing run for match result or create a new one if it doesnt exist
...
MSP-13119
2015-09-15 14:34:44 -05:00
HD Moore
b3f754136e
Skip WfsDelay when the exploit has clearly failed
2015-09-15 08:04:23 -07:00
Fernando Arias
c7f15ca940
Rework how match results get created
...
MSP-13119
* Create match result when we create vuln attempt
2015-09-14 12:18:47 -05:00
HD Moore
713ded7ca2
Ignore SMB exceptions during fingerprinting
...
This fixes smb_version in cases where the remote server throws a Login error
for the default creds (null session).
2015-09-14 09:35:44 -07:00
jvazquez-r7
ad0140e0fc
Land #5864 , @jlee-r7's fixes x64 injection
2015-09-11 16:09:37 -05:00
William Vu
a1a7471154
Land #5949 , is_root? for remove_lock_root
2015-09-11 02:09:14 -05:00
wchen-r7
f2ccca97e0
Move require 'msf/core/post/android' to post.rb
2015-09-11 01:56:21 -05:00
jvazquez-r7
53f995b9c3
Do first prototype
2015-09-10 19:35:26 -05:00
William Vu
86b9535a50
Land #5944 , Nmap parser open|filtered -> unknown
2015-09-10 16:37:42 -05:00
Fernando Arias
0bb03db786
Rework vuln lookup logic to account for vuln with no service (nexpose import vuln with -1 port)
...
MSP-13234
2015-09-09 13:21:05 -05:00
Fernando Arias
e88a14aee6
Rework exception handler for exploit simple
...
MSP-13233
2015-09-09 11:51:18 -05:00
Brent Cook
4aae9b8272
support upgrading a powershell session to meterpreter
2015-09-08 15:37:42 +02:00
Manuel Mancera
e97056a367
When the port state is open|filtered should be unknown, no open
2015-09-07 22:52:03 +02:00
jvazquez-r7
eaf51a2113
Land #5722 , @vallejocc's busybox work
2015-09-04 13:36:44 -05:00
jvazquez-r7
da221b82a8
Initialize dir
2015-09-04 11:07:49 -05:00
James Lee
7665747d1c
Land #5736 , certutil cmdstager
...
Ferreal this time.
2015-09-03 14:21:21 -05:00
James Lee
82b27c9038
Revert "Land #5736 , certutil cmdstager"
...
This reverts commit 93eb42dfa3
.
Conflicts:
spec/lib/rex/exploitation/cmdstager/certutil_spec.rb
2015-09-03 14:18:28 -05:00
James Lee
9ccd95af26
Land #5916 , fix encoding when badchars contains -
2015-09-03 13:42:45 -05:00
James Lee
93eb42dfa3
Land #5736 , certutil cmdstager
2015-09-03 13:13:24 -05:00
Brent Cook
70b5336356
Merge branch 'upstream-master' into land-5890-android-post-api
2015-09-03 09:51:35 -05:00
Brent Cook
895b692b0d
Land #5914 , prevent loading cached modules outside of the load path
2015-09-03 09:29:13 -05:00
wchen-r7
ccd0a06353
Use ===
2015-09-03 01:10:13 -05:00
Brent Cook
1440f31756
Land #5637 , resiliency improvements to TCP stagers
2015-09-02 22:50:12 -05:00
OJ
9767de9bd0
Truncate payload size to 32 bits
2015-09-03 11:56:59 +10:00
Jon Hart
6820e8dc03
Land #5926 , @hmoore-r7's fix for #5716
...
Addresses a bug with IPMI RAKP messages having a malformed length field
2015-09-02 17:50:07 -07:00
HD Moore
9f1f797031
Skip substitution if badchars is empty
2015-09-02 18:52:53 -05:00
HD Moore
01cbd842ad
Updates based on @jlee-r7's feedback
2015-09-02 18:42:34 -05:00
HD Moore
9f9bbce034
Land #5840 , add LLMNR & mDNS modules
2015-09-02 18:30:29 -05:00
HD Moore
0120e5c443
Cosmetic tweaks, don't report duplicate responses
2015-09-02 18:30:03 -05:00
Jon Hart
ab91d1cc92
More style cleanup
2015-09-02 14:01:12 -07:00
Jon Hart
4d77e777fa
Remove explicit CLASS options from llmnr mixin
...
use parent's instead
2015-09-02 13:58:48 -07:00
Jon Hart
27174e2bfd
Revert "Bump scanner THREADS to 10 by default"
...
This reverts commit f537f91943
.
2015-09-02 13:55:48 -07:00
Jon Hart
5699908240
Style cleanup
2015-09-02 13:48:01 -07:00