Commit Graph

30074 Commits (bdbb26ba314817a5b0ec6684f128654596503ef4)

Author SHA1 Message Date
Meatballs bdbb26ba31
Land #4540, resolves #4532, honour DB_ALL_* options 2015-01-07 21:12:23 +00:00
Meatballs 361057ce6e
Land #4544, resolves #4511 - fix rails log location 2015-01-07 20:58:26 +00:00
Meatballs db367895a8
Land #4491, Fix test modules 2015-01-07 20:48:49 +00:00
Brent Cook 0c94536b87 make post service manipulation tests work
Fix a funny default service name, adjust test to be case-agnostic.

winmgmt on Windows XP and Windows 8 have different capitalization for this
service. I'm not sure why it's a module parameter though - the test will still
fail if its anything other than winmgmt.

The following RC script has 7 successful outputs when run against a reverse_tcp shell.

Run a reverse_tcp stager and the following RC script to run the test

```
loadpath test/modules
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.43.1
run -j
sleep 5
use post/test/services
set SESSION 1
run
```

Note: this test still doesn't run very reliably on windows 8 unless you're
using the code from rapid7/meterpreter#107 and #4411, though it runs ok on
Windows XP.
2015-01-07 13:31:16 -06:00
Brent Cook c96c8a03cf CmdStagerVBS is now in Rex::Exploitation
```
 $ ./msfconsole -qx "loadpath test/modules/; exit"
 Loaded 32 modules:
     12 auxiliarys
	 12 exploits
	 8 posts
```
2015-01-07 13:31:15 -06:00
David Maloney 9bcb3b95cd Merge branch 'master' of github.com:rapid7/metasploit-framework 2015-01-07 12:41:43 -06:00
David Maloney 5d68d48ca5
Land #4385, fixes bruteforce_speed validator
bruteforce_speed validator now accepts nil
2015-01-07 12:09:25 -06:00
David Maloney 702511dbc5
respect DB_ALL_USERS & DB_ALL_PASS
fix last few things in authbrute
and make the CredentialCollections understand the
additional seperate components

MSP-11986
2015-01-07 11:41:41 -06:00
David Maloney 7ff2ba0725
first pass on fixing DB_ALL authbrute stuff
DB_ALL_CREDS worked but DB_ALL_USER and DB_ALL_PASS
did not. working on fixing that.
This commit also does some nice DRY work in the auth_brute mixin

MSP-11986
2015-01-07 11:30:39 -06:00
James Lee 3e80efb5a8
Land #4521, Pandora FMS upload 2015-01-07 11:13:57 -06:00
James Lee 1ccef7dc3c
Shorter timeout so we get shell sooner
The request to execute our payload will never return, so waiting for the
default timeout (20 seconds) is pointless.
2015-01-07 11:11:33 -06:00
James Lee efe83a4f31
Whitespace 2015-01-07 10:19:17 -06:00
Trevor Rosen 3ba3465afb
Ensure logging in ~/.msf4/log
Fix #4511
2015-01-07 09:37:07 -06:00
rcnunez b3def856fd Applied changes recommended by jlee-r7
used Rex::ConnectionError
refactor begin/rescue blocks
removed ::URI::InvalidURIError
changed @peer with peer
used Exploit::CheckCode:Appears instead of Exploit::CheckCode::Vulnerable
2015-01-07 18:38:19 +08:00
William Vu fee49b0b85
Land #4531, Msf::Exploit::PDF method name fix 2015-01-06 14:26:58 -06:00
sinn3r 609c490b3c I missed nobfu 2015-01-06 12:49:39 -06:00
sinn3r 2ed05869b8 Make Msf::Exploit::PDF follow the Ruby method naming convention
Just changing method names.

It will actually also fix #4520
2015-01-06 12:42:06 -06:00
William Vu 0bece137c1
Land #4494, Object.class.to_s fix 2015-01-06 02:27:35 -06:00
William Vu f2710f6ba7
Land #4443, BulletProof FTP client exploit 2015-01-06 02:10:42 -06:00
William Vu 482cfb8d59
Clean up some stuff 2015-01-06 02:10:25 -06:00
William Vu 46aa165ca5
Land #4481, enum_users_history improvements 2015-01-06 01:52:38 -06:00
William Vu 745bfb2f35
Clean things up 2015-01-06 01:48:18 -06:00
Brent Cook a69609fe04
Land #4523: wchen-r7's #inspect->to_s conversions
Keep custom object display behavior the same between Ruby 1.9 and 2.1.
2015-01-05 13:26:08 -06:00
Brent Cook e73ff61f42
Land #4512, OJ's removal of superfluous path expansion 2015-01-05 13:14:59 -06:00
sinn3r 44dfa746eb Resolve #4513 - Change #inspect to #to_s
Resolve #4513
2015-01-05 11:50:51 -06:00
sinn3r 4257fef91b
Land #4101 - Konica MFP FTP and SMB credential gathering module 2015-01-05 10:31:28 -06:00
rcnunez 547b7f2752 Syntax and File Upload BugFix
Fix unexpected ) in line 118
Fix file cleanup missing _
Fix more robust version check script
Fix file upload
2015-01-05 19:23:22 +08:00
William Vu 1f4d62aff3
Land #4514, invalid splat URL fix 2015-01-05 03:44:40 -06:00
jvazquez-r7 e7affb9048
Land #4493, @pedrib's module for ManageEngine Central Desktop create admin 2015-01-04 23:46:31 -06:00
jvazquez-r7 c5e72fb324 Change module filename 2015-01-04 23:14:12 -06:00
jvazquez-r7 4798f2328d Change module filename 2015-01-04 23:13:17 -06:00
jvazquez-r7 6bb3171328 Do minor cleanup 2015-01-04 23:12:42 -06:00
jvazquez-r7 711b97ecc5 Beautify metadata 2015-01-04 23:08:46 -06:00
jvazquez-r7 4653e48dba
Land #4515, @bcook-r7's linux meterpreter binaries update 2015-01-04 16:59:24 -06:00
Brent Cook 7ae56865f1 Update linux meterpreter binaries for rapid7/meterpreter#111
This rebuilds the binaries on Ubuntu 10.04 i386 for metepreter PR #111,
improving the reliability and fixing some bugs in linux process migration.

Tested against Ubuntu 10.04 i386 and Ubuntu 14.04 x86_64:

```
meterpreter > ps
...
 55994  48270  server                   0        bcook       ../metasploit-framework/server
 56009  44199  bash                     0        bcook       -bash
 56094  56009  dummy                    0        bcook       ./dummy

meterpreter > migrate 56094
[*] Migrating to 56094
[*] Migration completed successfully.
meterpreter > sysinfo
Computer     : mint
OS           : Linux mint 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:28:38 UTC 2014 (x86_64)
Architecture : x86_64
Meterpreter  : x86/linux
meterpreter > ps
...
 55994  48270  [server] <defunct>        0        bcook
 56009  44199  bash                      0        bcook       -bash
 56094  56009  dummy                     0        bcook       ./dummy

meterpreter >
```

Verified presence of call stub when debugging a session:

```
(gdb) x/32b 0x61cc28
0x61cc28:	0x90	0x90	0x90	0x90	0x90	0x90	0x90	0x90
0x61cc30:	0x90	0x90	0x90	0x90	0x90	0x90	0x90	0x90
0x61cc38:	0x90	0x90	0x68	0x04	0x00	0x00	0x00	0x68
0x61cc40:	0xff	0xff	0xff	0xff	0xb8	0x5a	0x5a	0x5a
```
2015-01-04 10:47:44 -06:00
Pedro Ribeiro 32d4bf03c3 Add OSVDB id and full disclosure URL 2015-01-04 12:36:51 +00:00
Joshua J. Drake 7295cd34aa One more http// fix 2015-01-03 02:32:08 -06:00
William Vu 327f2839bb
Land #4508, default Ruby 2.1.5 for everyone 2015-01-02 17:15:53 -06:00
OJ 17ff546b0f Remove unnecessary calls to expand path
When using the Meterpreter Binaries gem to locate the path to the
meterpreter DLLs, it's not necessary to use File.expand_path on
the result because the gem's code does this already.

This commit simple removes those unnecessary calls.
2015-01-03 08:30:26 +10:00
Tod Beardsley ff43fbd8de
Land #4509, private/protected workaround for 2.1.5
Fixes #4507. See also #4506 (but does not fix this yet).
2015-01-02 15:53:58 -06:00
sinn3r d45cdd61aa Resolve #4507 - respond_to? + send = evil
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.

Resolve #4507
2015-01-02 13:29:17 -06:00
Tod Beardsley a6e23e5e4d
Default Ruby 2.1.5 for everyone
See #4506
2015-01-02 11:33:36 -06:00
OJ 5596cee803
Land #4502 - Update linux meterpreter bins 2015-01-02 12:41:35 +10:00
jvazquez-r7 69bda63ef6 Update linux meterpreter binaries 2015-01-01 20:05:36 -06:00
William Vu b64bfd87ca
Land #4501, Wordpress readme regex update 2015-01-01 18:03:15 -06:00
Christian Mehlmauer 056046f38b
update wordpress readme regex 2015-01-01 23:13:20 +01:00
Tod Beardsley c1718fa490
Land #4440, git client exploit from @jhart-r7
Also fixes #4435 and makes progress against #4445.
2015-01-01 13:18:43 -06:00
Tod Beardsley d7564f47cc
Move Mercurial option to advanced, update ref url
See #4440
2015-01-01 13:08:36 -06:00
Tod Beardsley 914c724abe
Rename module
See rapid7#4440
2015-01-01 13:03:17 -06:00
William Vu 2d6571c735
Land #4497, end-of-year .mailmap refresh 2015-01-01 09:10:59 -06:00