Commit Graph

175 Commits (bd94f50fb02f85c16ff7ba6610d4486a031026a3)

Author SHA1 Message Date
Tod Beardsley 31eedbcfa0
Minor cleanups on recent modules
Edited modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb
first landed in #5577, MS15-034 HTTP.SYS Information Disclosure

Edited modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb
first landed in #5605, CVE-2015-3105 flash exploit

Edited modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb
first landed in #5559, Adobe Flash Player ShaderJob Buffer Overflow

Edited modules/auxiliary/test/report_auth_info.rb first landed in #5540,
@wchen-r7's changes for multiple auxiliary modules to use the new cred
API
2015-06-26 12:18:33 -05:00
wchen-r7 b6379b4d24 Update drupal_views_user_enum 2015-06-16 00:02:02 -05:00
wchen-r7 0b88e86a49 Using the new cred API for multiple auxiliary modules 2015-06-15 16:06:57 -05:00
jvazquez-r7 4224008709
Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
Brent Cook d77f8ffeeb update meterpreter tests to test utf filenames
This adds a new option BaseFileName that allows setting the base name for files
and directories used in the meterpreter test modules.
2015-03-20 22:18:19 -05:00
Brent Cook 89a0a79377 revert puts back to a vprint call 2015-01-28 16:41:12 -06:00
Brent Cook 8b3a0a0bb1 really fix the cmdweb test
this test to include the CmdStager module, not the CmdStagerVbs class

Before:
```
msf > loadpath test/modules
Loaded 32 modules:
    8 posts
    12 auxiliarys
    12 exploits
```

After:
```
msf > loadpath test/modules
Loaded 33 modules:
    8 posts
    12 auxiliarys
    13 exploits
msf > use exploit/test/cmdweb
msf exploit(cmdweb) > info

       Name: Command Stager Web Test
     Module: exploit/test/cmdweb
   Platform: Windows
 Privileged: Yes
    License: Metasploit Framework License (BSD)
       Rank: Manual
  Disclosed: 2010-02-03

Provided by:
  bannedit <bannedit@metasploit.com>

Available targets:
  Id  Name
  --  ----
  0   Automatic Targeting

Basic options:
  Name     Current Setting  Required  Description
  ----     ---------------  --------  -----------
  Proxies                   no        A proxy chain of format type:host:port[,type:host:port][...]
  RHOST                     yes       The target address
  RPORT    8080             yes       The target port
  VHOST                     no        HTTP server virtual host

Payload information:

Description:
  This module tests the command stager mixin against a shell.jsp
  application installed on an Apache Tomcat server.

msf exploit(cmdweb) > set RHOST 127.0.0.1
RHOST => 127.0.0.1
msf exploit(cmdweb) > run

[*] Started reverse handler on 127.0.0.1:4444
[*] Command Stager progress -   2.01% done (2046/101881 bytes)
[*] Command Stager progress -   4.02% done (4092/101881 bytes)
[*] Command Stager progress -   6.02% done (6138/101881 bytes)
[*] Command Stager progress -   8.03% done (8184/101881 bytes)
[*] Command Stager progress -  10.04% done (10230/101881 bytes)
[*] Command Stager progress -  12.05% done (12276/101881 bytes)
[*] Command Stager progress -  14.06% done (14322/101881 bytes)
[*] Command Stager progress -  16.07% done (16368/101881 bytes)
[*] Command Stager progress -  18.07% done (18414/101881 bytes)
...
```
2015-01-27 11:44:34 -06:00
Brent Cook 550e6efff8 improve resiliency of meterpreter session tests
- Use separate names for files and directories to avoid cascading
   failures if one test fails and leaves a file or directory behind.
 - Use %TEMP% rather than %TMP - the former is defined on all Windows
   versions, whereas the later is not defined on Windows 2012, causing
   the test to fail.
 - Don't assume 'HACKING' is in the current working directory, which
   breaks remote test harnesses. Instead, send the source code to the
   current __FILE__ as the test file to upload, since that works from
   any directory or remotely.
2015-01-27 09:07:21 -06:00
Brent Cook a42cc2ef1f add support for specifying 32 or 64-bit registry access
This adds an extra parameter to most of the post/windows/registry
methods called 'view' that specifies if a registry key should be
accessed as a native process, 32-bit or 64-bit.

Support is added to both the Meterpreter and command-line backends. For
the command backend, a lot of boilerplate is removed from each method in
favor of a few shared commands. There is an error hash that never gets
used, so I removed it as well.

This passes the post/test/registry module with meterpreter, but fails
the command line backend. However, it fails in the same way without
these changes (tested on Windows 8), so I suspect that the command line
session was already not working well, at least with newer versions of
Windows. I might look into figuring out how to fix that, but it looks
pretty fragile to me, parsing for english phrases in the output.
2015-01-20 15:26:59 -06:00
Meatballs 0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post
Conflicts:
	test/modules/post/test/services.rb
2015-01-07 20:53:34 +00:00
Brent Cook 0c94536b87 make post service manipulation tests work
Fix a funny default service name, adjust test to be case-agnostic.

winmgmt on Windows XP and Windows 8 have different capitalization for this
service. I'm not sure why it's a module parameter though - the test will still
fail if its anything other than winmgmt.

The following RC script has 7 successful outputs when run against a reverse_tcp shell.

Run a reverse_tcp stager and the following RC script to run the test

```
loadpath test/modules
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.43.1
run -j
sleep 5
use post/test/services
set SESSION 1
run
```

Note: this test still doesn't run very reliably on windows 8 unless you're
using the code from rapid7/meterpreter#107 and #4411, though it runs ok on
Windows XP.
2015-01-07 13:31:16 -06:00
Brent Cook c96c8a03cf CmdStagerVBS is now in Rex::Exploitation
```
 $ ./msfconsole -qx "loadpath test/modules/; exit"
 Loaded 32 modules:
     12 auxiliarys
	 12 exploits
	 8 posts
```
2015-01-07 13:31:15 -06:00
Meatballs 42b6c5425f
Update tests 2015-01-05 22:25:14 +00:00
Meatballs dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post 2015-01-05 22:18:44 +00:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Luke Imhoff b863978028
Remove fastlib
MSP-11368
MSP-11143

Remove fastlib as it slows down the code loading process.  From the
previous commit, the mean loading for
`METASPLOIT_FRAMEWORK_PROFILE=true msfconsole -q -x exit` was
27.9530±0.3485 seconds (N=10).  The mean after removal of fastlib
was 17.9820±0.6497 seconds (N=10).  This means an average 35.67%
reduction in boot time.
2014-09-18 15:24:21 -05:00
Meatballs d2bc0baa87
Merge remote-tracking branch 'upstream/master' into extapi_service_post
Conflicts:
	lib/msf/core/post/windows/services.rb
2014-08-24 19:46:19 +01:00
Brandon Turner 05f0d09828
Merge branch staging/electro-release into master
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master.  Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63 and
82760bf5b3).

We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3).

This merge commit merges the staging/electro-release branch
(62b81d6814) into master
(48f0743d1b).  It ensures that any changes
committed to master since the original squashed merge are retained.

As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
Brandon Turner 19ba7772f3
Revert "Various merge resolutions from master <- staging"
This reverts commit 149c3ecc63.

Conflicts:
	lib/metasploit/framework/command/base.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/require.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/smb/smb_login.rb
	msfconsole
2014-08-22 10:17:44 -05:00
Samuel Huckins 149c3ecc63
Various merge resolutions from master <- staging
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
Joshua Smith 6884c87cfa removes IDs/Revisions, resplats test/modules 2014-08-04 01:04:23 -05:00
James Lee 23b04c8ece Fix post/test/* modules' loadpath
Allows loading when pwd is not framework's install root
2014-07-30 14:21:42 -05:00
Luke Imhoff 3448b601ee
Remove old, unused cucumber features
MSP-9606
2014-05-13 09:26:16 -05:00
Meatballs c474ff4465
Merge remote-tracking branch 'upstream/master' into extapi_service_post
Conflicts:
	modules/exploits/windows/local/service_permissions.rb
	modules/post/windows/manage/rpcapd_start.rb
2014-05-05 13:19:25 +01:00
jvazquez-r7 ce02f8a7c5 Allow easier control of sprayed memory 2014-03-28 11:58:41 -05:00
jvazquez-r7 0523d9e625 Add comments 2014-03-28 11:09:39 -05:00
jvazquez-r7 04bfe55ae0 Add test modules 2014-03-28 11:09:10 -05:00
Tod Beardsley cfdd64d5b1
Title, description grammar and spelling 2014-03-24 12:16:59 -05:00
Tod Beardsley 4d3f871e9d
Land #2961, get_env and get_envs Post mixin
This unbreaks the changes introduced by #2782 by introducing
get_env and get_envs for shell sessions (not just meterpreter sessions).
2014-03-20 10:53:50 -05:00
James Lee 9aaf111523
Only test routes when they are implemented 2014-03-13 13:05:09 -05:00
Tod Beardsley 2086224a4c
Minor fixes. Includes a test module. 2014-03-10 14:49:45 -05:00
sinn3r ee1209b7fb This should work 2014-03-03 11:53:51 -06:00
Meatballs 6e197ce535
Post get_envs library methods 2014-02-08 11:37:25 +00:00
Meatballs 73d978d5f6
Add some negative tests 2013-12-17 15:24:27 +00:00
Meatballs 41a00101b0
Add change_config test 2013-12-17 14:18:26 +00:00
Meatballs ba335d6c91
Update Service Tests
And small fixes
2013-12-17 14:03:19 +00:00
Tod Beardsley 040619c373
Minor description changes
No code changes (one comment made on play_youtube to suggest xdg-open
rather than firefox for linux targets).
2013-12-16 14:57:33 -06:00
jvazquez-r7 2284763922
Land #2720, @wchen-r7's httpserver test module 2013-12-13 16:29:26 -06:00
jvazquez-r7 3d18273bcf Make msftidy happy 2013-12-13 16:28:14 -06:00
Tod Beardsley e737b136cc
Minor grammar/caps fixup for release 2013-12-09 14:01:27 -06:00
Meatballs 45a0ac9e68
Land #2602, Windows Extended API
Retrieve clipboard data
Retrieve window handles
Retrieve service information
2013-12-08 19:01:35 +00:00
OJ bea0f8c18e Change client to session in tests 2013-12-06 13:43:47 +10:00
sinn3r a147102f54 Oops, I didn't even catch this 2013-12-03 16:55:44 -06:00
sinn3r 46e2a0ecd5 Add an example for PRs that don't have anything to prove functionality
Some module submissions don't have a pcap, screenshot/video or anything
to prove the module is actually functional or not, because often due to
the author not having the test box anymore, or unable to share info
because of their NDA. We nee a way to prove the module runs by basically
simulating the vulnerable environment live, and this is the answer to that.

This test module is specifically for the cisco_asa_asdm.rb, but future
PRs with the same scenario can also borrow the same idea.
2013-12-03 16:43:28 -06:00
Meatballs 6ca35283d8
Parent Window - Program Manager instead of Start Menu 2013-12-03 21:20:31 +00:00
Meatballs 7a1e282aac
Parent window fix 2013-12-03 21:09:49 +00:00
Meatballs 221c1ba6be
EXTAPI Test Module 2013-12-03 20:54:17 +00:00
sinn3r 5d10b44430 Add support for Silverlight
Add support for Silverlight exploitation. [SeeRM #8705]
2013-11-26 14:47:27 -06:00
sinn3r d9d04fa3a3 Correct test file 2013-11-07 00:59:00 -06:00
sinn3r b34b4ac2b6 Update the java stuff again 2013-11-07 00:57:20 -06:00