Tasos Laskos
0421cff913
Exploit::Remote::Web#perform_request: timeout set to 10
2013-02-25 19:49:39 +02:00
Tod Beardsley
2141492654
Per @brandont comment, use exit status instead.
2013-02-24 15:24:21 -06:00
HD Moore
9d9d83cf8b
Implement per-target arch/platform searches SeeRM #7754
2013-02-24 11:06:29 -06:00
Tod Beardsley
5e1119e2ed
A little more error handling for browser launches
...
Implement a timeout and deal with the case where xdg-open isn't
avialable for whatever reason.
2013-02-24 10:23:12 -06:00
Tod Beardsley
8010cdbd8b
Shuffled methods around
2013-02-24 09:33:15 -06:00
Tod Beardsley
8caedd4290
Can't apt-get install inside msfconsole
...
At least, you can't and expect the service to connect correctly. You
must exit msfconsole and restart it for the migrations to take place.
2013-02-23 23:41:14 -06:00
Tod Beardsley
a7c0d62106
Cleanup after some testing
2013-02-23 23:33:08 -06:00
Tod Beardsley
d5a074283a
Fill in the details of starting, launching, etc
2013-02-23 22:38:29 -06:00
Tod Beardsley
a3886a1a6b
No smartquotes plz
2013-02-23 17:17:18 -06:00
Tod Beardsley
b80343817c
Skeleton for acutally go_pro'ing
2013-02-23 09:48:18 -06:00
Tod Beardsley
90a1dcffa3
Adds a random banner offering go_pro
2013-02-23 09:36:06 -06:00
Tod Beardsley
2af930f1ff
Adds msfbase_dir, switches on apt existance
2013-02-23 09:19:31 -06:00
Tod Beardsley
0977d1a9b0
help shouldn't go past 80 columns
2013-02-23 08:49:47 -06:00
Tod Beardsley
7509501b18
Adding a go_pro command
2013-02-23 08:46:51 -06:00
sinn3r
aa007b9e0a
Updates
2013-02-22 20:07:16 -06:00
sinn3r
56fa5ead37
Initial version of js_property_spray
2013-02-22 10:21:20 -06:00
James Lee
c423ad2583
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-02-21 15:30:43 -06:00
David Maloney
ac6fdf24a2
Fix winrm mixin from revert merge
2013-02-19 22:01:43 -06:00
David Maloney
b2563dd6c2
trying to clean up the mess from the revert
2013-02-19 21:25:37 -06:00
Tod Beardsley
3949c851a4
Was, indeed, missing an or pipe
2013-02-19 17:53:48 -06:00
Tod Beardsley
d81f177ab6
Adding Nemski's fix
...
[FixRM #7451 ]
2013-02-19 17:51:51 -06:00
James Lee
4703278183
Move SMB mixins into their own directory
2013-02-19 12:55:06 -06:00
James Lee
ede804e6af
Make psexec mixin a bit better
...
* Removes copy-pasted code from psexec_command module and uses the mixin
instead
* Uses the SMB protocol to delete files rather than psexec'ing to call
cmd.exe and del
* Replaces several instances of "rescue StandardError" with better
exception handling so we don't accidentally swallow things like
NoMethodError
* Moves file reading and existence checking into the Exploit::SMB mixin
2013-02-19 12:33:19 -06:00
James Lee
b72d2b59f8
Add logging in case of exceptions during rm
2013-02-18 18:02:51 -06:00
James Lee
0938190063
Merge branch 'rapid7' into R3dy-psexec-mixin2
2013-02-17 06:08:09 -06:00
James Lee
aea76a56de
Add some docs to FtpServer
2013-02-13 14:39:19 -06:00
Tod Beardsley
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
nemski
b8b445c834
Update lib/msf/core/auxiliary/login.rb
...
Fix for Bug #7451
2013-02-09 15:32:47 +11:00
James Lee
99218d142b
Merge branch 'rapid7' into R3dy-psexec-mixin2
2013-02-08 12:48:06 -06:00
James Lee
5b3b0a8b6d
Merge branch 'dmaloney-r7-http/auth_methods' into rapid7
2013-02-08 12:45:35 -06:00
James Lee
2b3c8a68ad
Merge remote-tracking branch 'tasos-r7/feature/web_http_request_opts_override' into rapid7
2013-02-08 12:45:02 -06:00
James Lee
d2c7dbe160
Merge remote-tracking branch 'wchen-r7/type_error_dir_scanner' into rapid7
2013-02-08 12:39:08 -06:00
sinn3r
8798567d79
Fix bug: TypeError can't convert Fixnum into String
...
wmap_target_port is retrieved from datastore['RPORT'], and that's a
Fixnum. But wmap_base_url is treating that like a String, so when a
module uses that function, it's doomed.
See:
http://dev.metasploit.com/redmine/issues/7748
2013-02-08 12:05:27 -06:00
James Lee
071df7241b
Merge branch 'rapid7' into sonicwall_gms
...
Conflicts:
modules/exploits/multi/http/sonicwall_gms_upload.rb
Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
2013-02-07 21:53:49 -06:00
James Lee
e535a3e93f
Guard against running broken method on non-windows
...
This just puts a bandaid around the issue and makes it so FileDropper
doesn't completely break java and posix meterpreter sessions.
[SeeRM #7721 ]
2013-02-07 21:10:27 -06:00
James Lee
16a0ab1933
Fix comment link and some whitespace
2013-02-07 18:37:11 -06:00
James Lee
13d1045989
Works for java and native linux targets
2013-02-07 16:56:38 -06:00
Tasos Laskos
b3e828359d
Web::HTTP#_request: allow Rex opt level overrides
...
Allow overriding options at the Rex level when performing requests
via the Auxiliary::Web::HTTP wrapper.
2013-02-06 01:02:46 +02:00
David Maloney
877fb017b6
remove negotiate requirements
...
winrm can support basic, and now these modules can too, for free
2013-02-04 16:50:43 -06:00
David Maloney
44d4e298dc
Attempting to cleanup winrm auth
2013-02-04 15:48:31 -06:00
David Maloney
c71b803413
Add invisible auth to web crawler
...
the anemone web crawler now properly supports our invisible auth scheme
for rex http.
2013-02-04 14:38:08 -06:00
David Maloney
413c37e506
Add invisible auth to Web::HTTP
...
add the invisible auth support to tasos' http class
2013-02-04 13:39:40 -06:00
David Maloney
0c57026065
Remove junk added earlier
...
i added junk to tasos' class when we were going to attempt this a
different way. housekeeping to clean it up
2013-02-04 13:13:08 -06:00
David Maloney
8d013d1034
Merge branch 'master' into http/auth_methods
2013-02-04 13:11:57 -06:00
David Maloney
9497e38ef7
Fix http login scanner
...
Fix the http_login scanner to use new buitin auth
2013-02-04 12:31:19 -06:00
Royce Davis
7faaa635d3
Fixed exception handling to use smb::proto
2013-02-03 18:46:41 -06:00
HD Moore
797e2604a0
Fix missing require in reverse_tcp_ssl
2013-02-03 17:41:45 -06:00
RageLtMan
ffb88baf4a
initial module import from SV rev_ssl branch
2013-02-03 15:06:24 -05:00
HD Moore
c3801ad083
This adds an openssl CMD payload and handler
2013-02-03 04:44:25 -06:00
David Maloney
61969d575b
remove mixin require, more datastore clenaup
2013-02-01 15:12:11 -06:00
David Maloney
efe0947286
Start fixing datastore options
2013-02-01 15:12:11 -06:00
David Maloney
ef1fc58e5e
Remove mixin, start moving into Rex
...
move auth awareness into rex itself
2013-02-01 15:12:11 -06:00
David Maloney
c407fa9e74
add mixjn
2013-02-01 15:12:11 -06:00
David Maloney
5814c59620
move httpauth to mixin
...
HttpAuth stuff gets it's own little mixin
mix it in to Exploit::Http::Client
mix in it to Auxiliary::Web::HTTP
2013-02-01 15:12:10 -06:00
David Maloney
8e870f3654
merge in sinn3r's changes
2013-02-01 15:12:10 -06:00
sinn3r
95cc84f5e8
Updates normalize_uri()
...
This function should not remove the trailing slash, because you may
end up getting a different HTTP response. The new function also
allows multiple URIs as argument, and will just merge & normalize
them together. [SeeRM #7733 ]
2013-01-30 15:42:21 -06:00
Tod Beardsley
6002e35460
Merge pull request #1397 from wchen-r7/target_uri_fix
...
normalize_uri fixes (double slashes and trailing slash)
2013-01-29 11:26:30 -08:00
Tod Beardsley
c42d4a6617
Merge for CVE-2013-0156 RoR Exploit
...
Also massages the RUBY payload.
2013-01-28 23:06:05 -06:00
James Lee
92c736a6a9
Move fork stuff out of exploit into payload mixin
...
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
sinn3r
9a58b7b732
Fix normalize_uri() function
...
This will make sure all the double slashes are gone. Also, the
function description is updated to clarify its purpose.
2013-01-28 12:10:21 -06:00
James Lee
3fc9b5d636
Doc cleanup
2013-01-28 00:01:45 -06:00
Tod Beardsley
2965fa480e
Some errant spaces
2013-01-25 05:41:28 -06:00
Tasos Laskos
a081389f86
Auxiliary::Web, Exploit::Remote::Web: style updates
2013-01-29 03:08:53 +02:00
Tasos Laskos
76e0305dcf
Merge remote-tracking branch 'upstream/master' into web-modules
2013-01-29 01:06:26 +02:00
scriptjunkie
d9e1653443
Use EXITFUNC if present to save space and be more correct.
...
Jump straight to payload on process failure to save space.
2013-01-24 17:14:25 -06:00
Tasos Laskos
9aaca2eae9
Auxiliary::Web::HTTP: updated exception handling
...
[FIXRM #7724 ]
Updated #run and #_requestto rescue and elog all exception.
2013-01-24 22:07:17 +02:00
Trevor Rosen
60e871b8d4
Merge pull request #1365 from todb-r7/banner-logos
...
Delivers Pro #41793473
2013-01-24 09:07:41 -08:00
Tasos Laskos
477ab65d55
Exploit::Remote::Web: added #tries method
...
#tries method indicates how many times we should run a module until
we establish a session.
2013-01-23 23:05:22 +02:00
Tod Beardsley
e920594534
Whitespace cleanup, no blank lines plz
2013-01-23 14:23:38 -06:00
Tod Beardsley
d0382b68c7
One more backslash
2013-01-23 14:18:40 -06:00
Tod Beardsley
40dcbe0e89
Fix escaping, whitespace
...
Since banners are now just data and not code, they don't need their
backslashes escaped any more.
2013-01-23 14:16:49 -06:00
Tod Beardsley
537e12cf16
Render the banners nicely
2013-01-23 13:59:34 -06:00
HD Moore
b4f5c3b6ed
Fix up set_rhosts for all db commands
2013-01-23 10:10:02 -06:00
HD Moore
1477cda3d4
fix set_rhosts behavior/bugs.
...
msf exploit(rails_xml_yaml_code_exec) > hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
10.0.0.105 00:0C:29:59:65:08 VMWIN2000SP4 Microsoft Windows client
msf exploit(rails_xml_yaml_code_exec) > hosts -R
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
10.0.0.105 00:0C:29:59:65:08 VMWIN2000SP4 Microsoft Windows client
RHOSTS => 10.0.0.105
msf exploit(rails_xml_yaml_code_exec) > exit
2013-01-23 10:00:24 -06:00
sinn3r
9e5370eb2f
Merge branch 'slight_speedup_to_db_hosts-R' of github.com:kernelsmith/metasploit-framework into kernelsmith-slight_speedup_to_db_hosts-R
2013-01-23 00:20:55 -06:00
James Lee
ff7756cd54
Make #prepends() actually work
2013-01-22 16:10:44 -06:00
Tasos Laskos
33e9f182bd
Merge remote-tracking branch 'upstream/master' into web-modules
2013-01-22 23:43:25 +02:00
Tasos Laskos
6b5c6c3a0c
Auxiliary::Web::Analysis::Differential
...
Removed payload option from #process_vulnerability call
2013-01-22 23:41:36 +02:00
Tasos Laskos
0d564c1ce8
Auxiliary::Web::Analysis::Timing
...
Updated to pick the largest matching payload from the payload list.
2013-01-22 23:40:30 +02:00
Tasos Laskos
f2beb5bf19
Auxiliary::Web#process_vulnerability: payload fix
...
Updated to pick the largest matching payload from the payload list.
2013-01-22 23:39:16 +02:00
James Lee
c37510f777
Move prependmigrate.rb for naming consistency
2013-01-22 14:15:52 -06:00
James Lee
04adaf0e9d
Unstupid the prepends callback
...
Windows#prepends was overriding PrependMigrate#prepends
2013-01-22 13:56:26 -06:00
James Lee
32aa2c6d9c
Make asm spacing easier to read
...
Also adds a #prepends callback to Payload::Windows to make it a little
clearer what's happening.
2013-01-22 13:25:27 -06:00
Tasos Laskos
fed4a836c6
Updated proof string for Web Differential Analysis
...
Manipulatable responses => Boolean manipulation
2013-01-22 20:29:57 +02:00
Royce Davis
81625121f2
Cleaned up some code spacing
2013-01-22 09:49:03 -06:00
Raphael Mudge
4740cb09a1
Fix NoMethodError if handler has no ParentModule
...
db.rb assumes that multi/handler sessions have a ParentModule defined
in their datastore. This assumption breaks when a user sets up a
multi/handler by hand to receive a session from another user (e.g.,
via multi_meter_inject).
When db.rb tries to access a member of a nil ParentModule, a
stacktrace is dumped to framework.log.
2013-01-22 02:56:43 -05:00
kernelsmith
52596ae3b4
add -R capability like hosts -R
...
moves the set_rhosts method def out into a separate file so it can be
included by both db.rb cmd_hosts and core.rb cmd_grep
2013-01-21 18:17:28 -06:00
jvazquez-r7
b2c7223108
Cleanup for mysql_file_enum.rb
2013-01-21 12:26:35 +01:00
kernelsmith
f05e358058
replace unless rhosts.include? with rhosts.uniq!
...
seems like this will speed up the process due to far less Array lookups
2013-01-21 00:46:05 -06:00
Robin Wood
23d1eb7a80
File/dir brute forcer using MySQL
2013-01-20 21:23:58 +00:00
scriptjunkie
66d5f39057
Ensure prepend_migrate? always functions correctly.
2013-01-18 18:04:09 -06:00
scriptjunkie
6c046dfa69
Move PrependMigrate to a mixin
2013-01-18 17:45:36 -06:00
scriptjunkie
07bf36f62f
Ensure shell still works if PrependMigrateProc fails to launch.
...
Don't rely on GetStartupInfoA return value.
2013-01-18 17:32:50 -06:00
scriptjunkie
52251867d8
Ensure Windows single payloads use payload backend
...
This means the singles that define their own assembly will use the payload backend to generate it.
2013-01-18 16:34:39 -06:00
scriptjunkie
16d065adfc
Fix issue with singles.
...
Single now plays more nicely with other mixins, so PrependMigrate works.
2013-01-18 16:34:39 -06:00
scriptjunkie
b01374904b
tidy EOL spaces
2013-01-18 16:34:39 -06:00
scriptjunkie
15268cae73
Add X64 PrependMigrate support
2013-01-18 16:34:39 -06:00
scriptjunkie
c97be836c3
Fix error calculating payload sizes.
...
Error meant most Windows payloads were marked as incompatible with many exploits.
2013-01-18 16:34:39 -06:00
scriptjunkie
725d4d7194
Re-use block_api code in migrate stub if possible
...
Makes payload significantly smaller.
2013-01-18 16:34:38 -06:00
scriptjunkie
0b32111a9f
Revert "Revert "Merge branch 'migrator' of git://github.com/scriptjunkie/metasploit-framework into scriptjunkie-migrator""
...
This reverts commit 2436ac3a58
.
2013-01-18 16:34:38 -06:00
Royce Davis
a2f66a8fef
Fixed msftidy complaints
2013-01-18 09:33:44 -06:00
Royce Davis
00a9c72595
Fixed exception handeling. No longer using rescure StandardError
2013-01-17 19:02:13 -06:00
kernelsmith
6e8e7a407d
adds a .nil? check as well
2013-01-17 00:30:58 -06:00
kernelsmith
7090a4a82f
adds check for empty data b4 sending to parser [RM7269]
...
[fixes RM7269]
we discussed the solution to this bug a lot on IRC and in the ticket
itself, the consensus was to fix it as far upstream as possible before
sending to the parsers so as to avoid any future bugs of the same
nature, so this commit adds a check to import_nmap_xml to see if the
data is empty before passing it on to the parser, whether that parser
is nokogiri or the legacy parser.
db_nmap -h now produces the expected output and db_nmap still works as
expected.
2013-01-17 00:18:13 -06:00
Royce Davis
f7571d89de
Fixed cleanup_after funciton to mimic file_dropper but not use file_dropper
2013-01-16 09:56:27 -06:00
kernelsmith
b1dbbe3baa
msftidy eol fixes
2013-01-16 00:59:45 -06:00
kernelsmith
f7195fb5b5
handle unknown commands more informatively
...
before it just returned nothing, now it prints the familiar "Unkown
command: " message
2013-01-16 00:39:22 -06:00
sinn3r
c621e83ffe
Merge branch 'feature/stage_encoding' of github.com:jlee-r7/metasploit-framework into jlee-r7-feature/stage_encoding
2013-01-15 23:31:40 -06:00
kernelsmith
204b43b0d3
fix typo in args.shift
2013-01-15 22:44:55 -06:00
kernelsmith
2a6a833931
prompt fixes (restores prompt context) & normalization
...
Msf::Ui::Console::Driver::DefaultPrompt and
Msf::Ui::Console::Driver::Default should be used when default is desired
2013-01-15 22:24:36 -06:00
kernelsmith
ad8516eacf
fixed prompt issue, still need to restore context
...
see line 2519 area.
msf exploit(psexec) > grep -i -A 2 encoding show
<snip>
msf>
2013-01-15 17:57:28 -06:00
kernelsmith
4d33742482
fixed bug with -A
2013-01-15 17:35:57 -06:00
kernelsmith
86e4bb2db5
yard doc fixed and added for all _tabs methods
2013-01-15 16:42:02 -06:00
Royce Davis
6773a10632
Made changes to cleanup to use file_dropper instead
2013-01-15 16:24:16 -06:00
kernelsmith
c60556389f
add yard doc and allow for -A and -B at same time
2013-01-15 16:22:04 -06:00
James Lee
26b40666ce
Merge branch 'rapid7' into feature/stage_encoding
2013-01-15 15:10:58 -06:00
Royce Davis
7361e1041f
Merge commit '5e8f388ab8425bf2ef4c2fe33e6133b99ceb46d4' into psexec-mixin2
2013-01-15 14:49:21 -06:00
Royce Davis
6f17ed96db
Merge https://github.com/rapid7/metasploit-framework into psexec-mixin2
2013-01-15 14:48:20 -06:00
James Lee
af2b1ec25b
Clean up doc comments
2013-01-15 14:22:11 -06:00
James Lee
ee14c1c613
Merge remote-tracking branch 'R3dy/psexec-mixin2' into rapid7
2013-01-15 12:58:50 -06:00
James Lee
4883cf4b01
Minor doc comment additions
2013-01-15 12:49:43 -06:00
James Lee
d36e38fca6
Move encoding into handle_connection
...
* Allows payloads that override generate_stage to still take advantage
of stage encoding
* Also adds doc comments for a few methods
2013-01-15 10:34:31 -06:00
Tod Beardsley
6064dfcb71
Merge remote-tracking branch 'wchen-r7/fail_to_reload_fix'
2013-01-15 01:43:07 -08:00
kernelsmith
9ad726167e
changes to address scriptjunkie's rpc concerns
...
as described in https://github.com/rapid7/metasploit-framework/pull/820
2013-01-14 17:14:48 -06:00
James Lee
a1e853500f
Merge branch 'bug/optint_empty' into feature/stage_encoding
2013-01-14 15:50:39 -06:00
James Lee
21c18b78e6
Don't bother nil check, to_s handles it
2013-01-14 15:47:58 -06:00
James Lee
0c90171fa7
Deal with alread-normalized ints
...
[See #1308 ][See #1304 ]
2013-01-14 15:31:14 -06:00
James Lee
fb19ec1005
Merge branch 'rapid7' into feature/stage_encoding
2013-01-14 15:20:23 -06:00
sinn3r
b2ecb18a71
Allow OptInt to pass "" for special reasons
...
Cheap fix
2013-01-14 14:55:48 -06:00
kernelsmith
9bb2dddf99
adds @todo for when tab_comp norm is completed
...
tab_completion normalization is RM7649
2013-01-14 14:53:31 -06:00
sinn3r
07d15baf89
Merge branch 'bug/opt_int_hex' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/opt_int_hex
2013-01-14 14:40:25 -06:00
James Lee
bbb3fa25be
Allow negative values for OptInt
...
[FixRM #7540 ]
2013-01-14 14:18:56 -06:00
kernelsmith
7ca9a216f4
Merge remote-tracking branch 'upstream/master' into msfconsole-grep
2013-01-14 14:15:32 -06:00
kernelsmith
3c44769bd8
attempt to add nested tab completion
2013-01-14 14:15:13 -06:00
James Lee
b3b68c1b90
Make stage encoding possible
...
* Fixes a bug in shikata where input greater than 0xffff length would
still use 16-bit counter
* Short circuits finding bad xor keys if there are no bad characters to
avoid
* Fixes huge performance issue with large inputs to xor-based encoders
due to the use of String#+ instead of String#<< in a loop. It now
takes ~3 seconds on modern hardware to encode a 750kB buffer with
shikata where it used to take more than 10 minutes. The decoding side
takes a similar amount of time and will increase the wait between
sending the second stage and opening a usable session by several
seconds.
I believe this addresses the intent of pull request 905
[See #905 ]
2013-01-13 21:07:39 -06:00
James Lee
0d34e0b249
Fix regex for hex numbers
2013-01-13 20:53:40 -06:00
kernelsmith
7f90082bec
grep tab complete is working, but not fully
...
options tab complete, but not the commands at the end
2013-01-13 03:06:56 -06:00
kernelsmith
d9990829d9
fixes some issues with -k and -s
2013-01-13 02:39:56 -06:00
kernelsmith
1646fc8faa
Merge remote-tracking branch 'upstream/master' into msfconsole-grep
2013-01-13 02:18:54 -06:00
kernelsmith
e7372250d2
added -k keep and -s skip
2013-01-13 02:18:45 -06:00
Spencer McIntyre
b178ce1895
allow the mixin to auto detect an available decoder binary
2013-01-12 17:31:11 -05:00
James Lee
4703a6f737
Unbreak OptInt hex syntax
...
* Fix spec for no-longer-pending tests
* Fix regex in OptInt#valid? to allow hex syntax again
[See #1293 ][See #1296 ]
2013-01-12 14:17:29 -06:00
sinn3r
b388f2357c
Reset modules_cached flag when database disconnects
2013-01-12 00:08:30 -06:00
HD Moore
06fb8f5443
Merge pull request #1293 from wchen-r7/optint_valid
...
Fix OptInt's valid?() function
2013-01-11 17:29:27 -08:00
sinn3r
8c04df4a47
[FixRM: #7535 ] Missing normalize() in OptPort
...
[FixRM: #7535 ] - Sometimes OptPort can return as a String instead
of Fixnum because OptPort is missing the normalize() function.
2013-01-11 18:34:27 -06:00
sinn3r
0347b173eb
Fix OptInt's valid?() function
...
[FixRM #7539 ] - The valid?() function will first normalize() the
user-supplied input before validation. The problem is that the
normalize() function will ALWAYS convert data to integer, therefore
whatever you validate, you will always get true. For example:
when I do "yomama".to_i, that returns 0, and of course will pass
integer validation.
2013-01-11 16:27:33 -06:00
Spencer McIntyre
ce4aa606e7
change DECODER OptString to OptEnum per egypt's recommendation
2013-01-11 14:34:23 -05:00
sinn3r
aa36b65aee
[FixRM #7673 ] "Failed to reload" error.
...
When db_disconnect is issued, this funtion does not update the status
of self.migrated to false. So when another reload command is used,
the update_module_details function will still try to connect to the
database, which causes the "Failed to reload" error.
2013-01-11 01:10:56 -06:00
Royce Davis
b702263bbf
Added fix form Eric Milam to simple.disconnect
2013-01-10 16:33:03 -06:00
James Lee
7fd3440c1a
Fix hd's attempt to rename ruby payloads
2013-01-10 15:25:50 -06:00
James Lee
4fcb8b6f8d
Revert "Rename again to be consistent with payload naming"
...
This reverts commit 0fa2fcd811
.
2013-01-10 15:24:25 -06:00
Tod Beardsley
6a10857daf
Merge remote-tracking branch 'bturner-r7/set_gem_path'
2013-01-10 12:55:55 -08:00
HD Moore
0fa2fcd811
Rename again to be consistent with payload naming
2013-01-10 14:16:37 -06:00
HD Moore
88b08087bf
Renamed and made more robust
2013-01-10 14:05:29 -06:00
Spencer McIntyre
4c87b1ba36
escape ticks and spaces in paths
2013-01-10 09:15:24 -05:00
HD Moore
4c1e501ed0
Exploit for CVE-2013-0156 and new ruby-platform modules
2013-01-09 23:10:13 -06:00
Tod Beardsley
950902f856
Add a tasteful URL to some banners.
2013-01-09 22:33:30 -06:00
Tod Beardsley
6f26e9efb2
More banner sanity checking.
2013-01-09 22:32:53 -06:00
Royce Davis
13140d05b1
Added some methods for checkout output and cleanup
2013-01-09 21:14:19 -06:00
Tod Beardsley
12f0501f2f
Add a little erorr checking, another cow
2013-01-09 20:38:14 -06:00
Tod Beardsley
a0ba2f4951
Seperate data from code
...
Banners are content more than anything.
2013-01-09 19:54:08 -06:00
sinn3r
a158611c95
Merge branch 'tasos-r7-web-modules'
2013-01-09 16:14:16 -06:00
sinn3r
8b25599feb
Merge branch 'web-modules' of github.com:tasos-r7/metasploit-framework into tasos-r7-web-modules
2013-01-09 16:14:04 -06:00
jvazquez-r7
7a1a9985d5
Merge branch 'mysql_login_exceptions' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mysql_login_exceptions
2013-01-09 18:21:03 +01:00
sinn3r
6490af720b
Make failures more verbose so people know what's going on
2013-01-09 11:11:26 -06:00
Tasos Laskos
5ac6060fc1
Auxiliary::Web::HTTP_request: Updated to return an empty response on reset connections
2013-01-09 19:06:51 +02:00
Tasos Laskos
74cdd918af
Auxiliary::Web::HTTP#run: don't allow connection or callback errors to abort the whole operation
2013-01-09 18:38:09 +02:00
Spencer McIntyre
d79a3c8e6b
list valid DECODER values and add the sshexec module
2013-01-09 10:27:22 -05:00
Royce Davis
c262288541
Fixed msftidy issues
2013-01-08 15:35:20 -06:00
Royce Davis
3e1ea25207
Added Yard documentation
2013-01-08 15:20:13 -06:00
James Lee
95a95d45ec
Fix importing msfxml files containing a session
...
[See #1179 ][SeeRM #7669 ]
2013-01-08 12:13:20 -06:00
Royce Davis
c236e4e6e3
I took a stab at generating Yard documentation. I have never done it before...
2013-01-08 11:57:59 -06:00
Royce Davis
4fd196c0de
Fixed typo, capitalization and column space
2013-01-08 11:52:40 -06:00
sinn3r
824bd84990
I forgot to add this exception
2013-01-07 18:06:39 -06:00
sinn3r
fc48cc117d
Merge branch 'bug/rm7665-netsparker-import' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/rm7665-netsparker-import
2013-01-07 17:19:52 -06:00
James Lee
a0e6c7043b
Add actual cdata handler
...
Netsparker puts requests, responses, and info for vulns inside a cdata
(which makes sense because it's usually html snippets). This commit
handles that so report_web_vuln will actually be somewhat useful. Note
that the request is ignored by report_web_vuln despite there being a
place for it in the WebVuln model.
[SeeRM #7665 ]
2013-01-07 17:16:48 -06:00
sinn3r
5bc1066c69
Change how modules use the mysql login functions
2013-01-07 16:12:10 -06:00
sinn3r
261e095e5e
Handle exceptions in mysql_login
2013-01-07 16:02:59 -06:00
sinn3r
268de941c7
Merge branch 'tasos-r7-web-modules'
2013-01-07 13:37:32 -06:00
sinn3r
b53e8c794f
Fix indent level
2013-01-07 13:36:55 -06:00
Royce Davis
7dd9d30363
Added a new mixin psexec.rb
2013-01-07 11:05:23 -06:00
Rob Fuller
986435c598
Fix typo
...
Typo found by @schierlm but mentioned after the commit of pull request #1187
Info: https://github.com/rapid7/metasploit-framework/pull/1187#commitcomment-2340457
2013-01-06 01:47:15 -05:00
sinn3r
3d3799d38d
Ok... even more explicit
2013-01-05 13:39:31 -06:00
sinn3r
4ff186c23d
Change the .text-too-small error message.
...
The original error message apparently confuses people, and this
can be easily improved. See the following:
https://community.rapid7.com/thread/2356
2013-01-05 01:57:41 -06:00
Tasos Laskos
e1885cab0b
Merge remote-tracking branch 'upstream/master' into web-modules
2013-01-04 21:33:17 +02:00
Tasos Laskos
3d4d6e9860
Crawler aux mixin updated to catch the mysterious and anonymous timeout exception and re-raise it as a Timeout::Error
2013-01-04 21:32:18 +02:00
sinn3r
d17a6f99e5
Merge branch 'feature/deprecated-module-mixin' of github.com:jlee-r7/metasploit-framework into jlee-r7-feature/deprecated-module-mixin
2013-01-04 00:38:01 -06:00
jvennix-r7
2f0e4cbd39
Merge pull request #1179 from rapid7/bug/bap-compro-hosts
...
Changes to BAP session storage
2013-01-03 14:27:13 -08:00
James Lee
d9947a1515
Add a mixin for marking deprecated modules
...
* This mixin standardizes the previously ad-hoc deprecation warnings on
modules that have been moved.
* Uses the mixin in 3 existing modules that already have (or should have
had) deprecation warnings.
2013-01-02 19:14:44 -06:00
Spencer McIntyre
3c039327c0
include the new mixin
2013-01-02 13:41:57 -05:00
Spencer McIntyre
7aed6e44e1
Initial commit of the Bourne shell command stager, nothing uses it yet.
2013-01-02 13:28:08 -05:00
Brandon Turner
5777968c19
Set GEM_PATH when using built-in gemcache
...
This allows rubygems to work with gems loaded from lib/gemcache.
2013-01-01 21:25:24 -06:00
Daniele Martini
dcae55e348
Give auth_brute ability to try credentials stored in db
...
Added two options:
DB_USER_PASS: this will try each user/pass couple stored in the db
DB_ADD_ALL: this will add each user and password to the lists.
By setting this to true, auth_brute will try every user with
every known password.
2012-12-28 18:55:05 +01:00
sinn3r
d2dc7ebc2d
Merge branch 'feature/windows-postgres-payload-dll' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/windows-postgres-payload-dll
2012-12-26 11:18:21 -06:00
Tod Beardsley
179e4cf870
Moving up to 4.6.0-dev
2012-12-24 08:40:29 -06:00
James Lee
20cc2fa38d
Make Windows postgres_payload more generic
...
* Adds Exploit::EXE to windows/postgres/postgres_payload. This gives us
the ability to use generate_payload_dll() which generates a generic dll
that spawns rundll32 and runs the shellcode in that process. This is
basically what the linux version accomplishes by compiling the .so on
the fly. On major advantage of this is that the resulting DLL will
work on pretty much any version of postgres
* Adds Exploit::FileDropper to windows version as well. This gives us
the ability to delete the dll via the resulting session, which works
because the template dll contains code to shove the shellcode into a
new rundll32 process and exit, thus leaving the file closed after
Postgres calls FreeLibrary.
* Adds pre-auth fingerprints for 9.1.5 and 9.1.6 on Ubuntu and 9.2.1 on
Windows
* Adds a check method to both Windows and Linux versions that simply
makes sure that the given credentials work against the target service.
* Replaces the version-specific lo_create method with a generic
technique that works on both 9.x and 8.x
* Fixes a bug when targeting 9.x; "language C" in the UDF creation query
gets downcased and subsequently causes postgres to error out before
opening the DLL
* Cleans up lots of rdoc in Exploit::Postgres
2012-12-22 00:30:09 -06:00
sinn3r
9b768a2c62
Merge branch 'cleanup/post-windows-services' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-cleanup/post-windows-services
2012-12-21 23:42:17 -06:00
David Maloney
be7da83feb
Adds EHLO domain to smtp deliver
...
Allow the user to set the EHLO domain for the smtp deliver module.
This is needed for Pro functionality
[story #41549217 ]
2012-12-21 14:22:21 -06:00
Tod Beardsley
2bb7b5ea11
Fixes error message for badchar
...
Note that only a custom module that allows for users to pass arguments
to nmap would be capable of hitting the error condition. Right now, only
auxiliary/scanner/oracle/oracle_login traverses the codepath, and that
doesn't allow for arbitrary args passed to nmap.
So... without contriving an example, it should be impossible to
experience or test.
[FixRM #7641 ]
2012-12-21 09:59:54 -06:00
sinn3r
be85cf54ab
Why in a quote?
2012-12-20 10:47:23 -06:00
Sherif Eldeeb
f0991f3b3b
make "resp.body" as an advanced option
...
created a new advanced option "HttpUknownRequestResponse" that will be sent back in the HTML body of unknown requests instead of the old static "No site configured at this address" message.
2012-12-20 12:35:00 +03:00
sinn3r
4b56e3c862
Merge branch 'tasos-r7-web-modules'
2012-12-18 10:38:00 -06:00
Tod Beardsley
10511e8281
Merge remote branch 'origin/bug/fix-double-slashes'
...
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
2012-12-17 13:29:19 -06:00
HD Moore
36bcc1f7f5
Just show the relevant part of the error message
...
The full error is already in elog/dlog
2012-12-15 13:16:00 -06:00
Samuel Huckins
4f3c6f973d
Changes to BAP session storage.
...
[SEERM #7294 ]
[Bug #40937817 ]
* exploit/multi/handler no longer filtered out from vuln creation and
other steps
* Name changed to parent module's name in session storage so we show something more helpful
than generic handler
* Same for vuln and attempt creation
2012-12-13 15:35:34 -06:00
sinn3r
f81ef9b68e
Merge branch 'bug/reload_all' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/reload_all
2012-12-13 12:33:39 -06:00
James Lee
d7f6b0c373
Remove vestiges of ModuleManager's ModuleSet origins
2012-12-13 11:23:49 -06:00
sinn3r
c0b214c287
Merge branch 'bindaddress' of git://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-bindaddress
2012-12-13 02:06:23 -06:00
Tod Beardsley
e762ca0d9b
Merge remote branch 'jlee-r7/midnitesnake-postgres_payload'
2012-12-12 15:30:56 -06:00
Tod Beardsley
0d8d5baf6d
Resolve merge conflict from jlee-r7
2012-12-12 14:24:47 -06:00
James Lee
6b4e021607
Make ModuleManager Enumerable
...
Fixes tools/module_* and probably some other lurking bugs
2012-12-12 13:41:04 -06:00
James Lee
a673c363fd
Use a more descriptive variable name
...
Also removes commented-out code.
2012-12-10 13:36:09 -06:00
James Lee
bc7cd4b452
Loop through module sets like super used to do
...
... since super doesn't exist any more.
Also changes to using ModuleSet#[] inside ModuleManager#[] instead of
ModuleSet#create to mimic original behavior when ModuleManager was a
subclass of ModuleSet.
2012-12-05 12:59:35 -06:00
James Lee
d57c24dd5f
Use framework.payloads instead of modules
...
When we know the module we're creating is definitely a payload, don't
bother looking in the other module sets.
Also removes an exception message that gets ignored anyway because the
exception class has a hard-coded #to_s
2012-12-05 12:30:55 -06:00
Tasos Laskos
62782f0273
Auxiliary::Web::Fuzzable: removed confusing HTTP response status messages [SEERM #7586 ]
2012-12-05 18:49:07 +02:00
James Lee
77af4ba559
Missed a file in previous commit, thanks, travis!
2012-12-03 22:37:50 -06:00
James Lee
f4476cb1b7
Really fix payload recalculation
...
Instead of deleting all non-symbolics before the re-adding phase of
PayloadSet#recalculate, store a list of old module names, populate a
list of new ones during the re-adding phase, and finally remove any
non-symbolic module that was in the old list but wasn't in the new list.
Also includes a minor refactoring to make ModuleManager its own thing
instead of being an awkard subclass of ModuleSet. Now PayloadSet doesn't
need to know about the existence of framework.modules, which makes the
separation a little more natural.
[FixRM #7037 ]
2012-12-03 22:23:40 -06:00
Tasos Laskos
beffd1feda
Auxiliary::Web::Analysis::Taint#taint_analysis: added a bit of differential logic to avoid false positives in case the default responce matches the pattern we're looking for [FIXRM #7559 ]
2012-12-04 00:09:54 +02:00
Tasos Laskos
dafa984166
Auxiliary::Web::Fuzzable#submit: bugfixed to call http.request instead of http.request_async
2012-12-04 00:06:17 +02:00
Tasos Laskos
f6c27a4494
Auxiliary::Web#find_proof: updated doc comments
2012-12-04 00:05:12 +02:00
HD Moore
30d7de3157
The db search already prints results, return after
2012-12-02 01:14:56 -06:00
HD Moore
3ae47e2089
Move the thread tracking into the update method
2012-12-02 01:07:40 -06:00
HD Moore
51673ca152
Search reference values as well (ms08-067,etc)
2012-12-02 00:44:25 -06:00
HD Moore
f17ea91d7c
Whitespace changes only
2012-12-02 00:44:03 -06:00
Brandon Turner
7f822fabd7
Fix typo
2012-12-01 15:53:51 -06:00
Tod Beardsley
7ada8aeac1
Correct bug number
2012-12-01 14:16:24 -06:00
Tod Beardsley
725b085ef2
If there are no search results, try harder.
...
Sometimes, the database is active but the cache isn't filled out, or
doesn't contain the module you want. This can come up especially when
msfconsole first starts and you are programmatically searching for
modules, for whatever reason.
This allows for falling back to the regular (slow) search in the event
no hits have been returned. It does not actually address the caching
problem seen in QA, but it's generally going to be Good Enough. Search
is getting overhauled Real Soon Now anyway.
[FixRM #7533 ]
2012-12-01 14:06:32 -06:00
James Lee
bc63ee9c46
Merge branch 'jvazquez-r7-file_dropper_support_local' into rapid7
2012-11-30 13:43:02 -06:00
James Lee
1da3388194
Fix missing require
...
[Closes #1106 ]
2012-11-30 13:42:31 -06:00
HD Moore
a3c8e54d0a
Catch exceptions from broken modules
2012-11-30 11:04:23 -08:00
HD Moore
fee6ad9799
Bump to 4.5.0-release for testing
2012-11-30 11:04:23 -08:00
jvazquez-r7
087ff328b6
correct comments documentation
2012-11-28 22:18:56 +01:00
jvazquez-r7
17518f035c
support for local exploits on file_dropper
2012-11-28 22:17:27 +01:00
Tod Beardsley
95f084b296
Use cvedetails not mitre.
2012-11-28 13:24:08 -06:00
James Lee
17d8d3692b
Merge branch 'rapid7' into midnitesnake-postgres_payload
2012-11-27 11:14:54 -06:00
Tasos Laskos
26b3b4577d
Merge remote-tracking branch 'upstream/master' into web-modules
2012-11-21 23:57:42 +02:00
Tasos Laskos
b656554769
Exploit::Remote::Web: moved status printing calls out of #perform_request and into #exploit
2012-11-21 23:28:26 +02:00
James Lee
fcf1c87f64
Fix alignment of one of the banners
...
Lots of backslashes in a string make it hard to see in the code what it
will look like on on the console. Use single quotes and unescaped
backslashes.
2012-11-20 17:22:38 -06:00
HD Moore
f5c7f4c41a
Remove trailing whitespace
2012-11-19 19:42:22 -06:00
sinn3r
527ba0e401
Merge branch 'feature/automatic-fs-cleanup' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/automatic-fs-cleanup
2012-11-19 15:59:19 -06:00
James Lee
2526dce20a
Add attrib.exe for removing read-only files
...
This really should be a standard part of session.fs.file.rm
2012-11-19 15:18:03 -06:00
sinn3r
d4749ff009
Merge branch 'feature/automatic-fs-cleanup' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/automatic-fs-cleanup
2012-11-16 19:02:46 -06:00
James Lee
c81a289d5d
Fix a few bad tabs and some 1.9-only syntax
2012-11-16 16:07:12 -06:00
James Lee
591b085858
Add support for shell sessions in FileDropper
2012-11-16 15:51:54 -06:00
Tasos Laskos
c659b37c94
Updated indentation to use tabs
2012-11-16 23:11:48 +02:00
James Lee
3363475f99
Fix backwards order of @param comment
2012-11-15 17:55:17 -06:00
James Lee
83708a5a48
Add a FileDropper mixin for recording cleanup targets
...
Doesn't cover shell sessions yet, so needs a bit more work
2012-11-15 17:52:10 -06:00
James Lee
0e7c3a82f5
Prepend unlink instead of appending
...
Makes it work when using meterpreter. Because "quit" or "exit" in the
console ends up calling die() instead of falling through to whatever's
left in the file, a meterpreter session would never reach the code to
delete itself before this change.
2012-11-15 16:22:21 -06:00
Tasos Laskos
7032ef0f6f
Merge remote-tracking branch 'upstream/master' into web-modules
2012-11-09 00:21:38 +02:00
jvazquez-r7
b75c622813
Merge branch 'master' into feature/udp-scanner-mixin
2012-11-08 20:15:25 +01:00
HD Moore
4d2147f392
Adds normalize_uri() and fixes double-slash typos
2012-11-08 07:16:51 -06:00
HD Moore
0e8a3f0ea6
Merge branch 'master' into feature/udp-scanner-mixin
2012-11-08 06:09:22 -06:00
James Lee
2ebe2fa08e
Merge branch 'rapid7' into bug/rm7037-hash-iteration
2012-11-07 19:27:11 -06:00
James Lee
8a4fb07a0c
Merge branch 'bug/read-module-content-errno-enoent' into rapid7
...
Really [Closes #1025 ]
2012-11-07 19:25:39 -06:00
James Lee
26a145e527
Always overwrite the old module even when ambiguous
2012-11-07 18:51:12 -06:00
James Lee
3a572625f5
return inside a block returns from outer method
...
So no need to check its return value.
2012-11-07 17:43:22 -06:00
James Lee
aaa5a3c0bb
Add "Call stack:" to the log when a module load fails
2012-11-07 12:48:55 -06:00
David Maloney
04a80e0648
Fixes to the WMI setup
2012-11-07 11:26:48 -06:00
David Maloney
208e706307
Module title fixes
2012-11-07 10:33:14 -06:00
Tod Beardsley
81ed0bbcce
Avoiding 1.8.7 variable assignment incompat.
...
Reported on twitter:
http://twitter.com/SoapyWetDish/status/266155915256938496
2012-11-07 10:10:13 -06:00
James Lee
7a6ccb92ab
Unfubar the threading for #service_list
...
Also makes the test for service_start a little more resilient in case
W32Time is already started
2012-11-06 18:29:42 -06:00
Luke Imhoff
3ad00f7c63
Merge branch 'master' into bug/read-module-content-errno-enoent
2012-11-06 17:39:55 -06:00
Luke Imhoff
16407f91c8
Rescue Errno::ENOENT from File.open in read_module_content
...
[Fixes #38426061 , #38097411 ]
Msf::Modules::Loader::Directory#read_module_content may calculate a non-existent
module_path that gets passed to File.open causing an Errno::ENOENT exception
to be raised when using the module cache with a module that has been
moved to a new path (as is the case that originally found this bug) or
deleted. Now, the exception is rescued and read_module_content returns
an empty string (''), which load_module detects with
module_content.empty? and returns earlier without attempting to module
eval the (empty) content.
As having Msf::Modules::Loader::Directory#read_module_content rescue the
exception, meant there was another place that needed to log and error
and store an error in Msf::ModuleManager#module_load_error_by_path, I
refactored the error reporting to call
Msf::Modules::Loader::Base#load_error, which handles writing to the log
and setting the Hash, so the error reporting is consistent across the
loaders.
The exception hierarchy was also refactored so that
namespace_module.metasploit_class now has an error raising counter-part:
namespace_module.metasploit_class! that can be used with
Msf::Modules::Loader::Base#load_error as it requires an exception, and
not just a string so the exception class, message, and backtrace can be
logged.
2012-11-06 17:38:38 -06:00
James Lee
34bc92584b
Refactor WindowsServices
...
* Pulls common code up from several methods into #open_sc_manager
* Deprecates the name Windows::WindowsServices in favor of
Windows::Services. The platform is already clear from the namespace.
* Makes the post/test/services test module actually work
[See #1007 ]
[See #1012 ]
2012-11-06 17:30:04 -06:00
jvazquez-r7
9166d12179
Merge branch 'WinRM_piecemeal' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-WinRM_piecemeal
2012-11-05 23:08:59 +01:00
jvazquez-r7
0f5f5f966b
Merge branch 'master' into feature/realport-modules
2012-11-05 22:52:38 +01:00
HD Moore
3d7e0b7b3d
Fix bad indent that snuck into the comments
2012-11-04 22:50:47 -06:00
HD Moore
ae9b462b99
Fix baud rate (see PR #1008 )
2012-11-04 22:38:16 -06:00
David Maloney
fca8208171
Some minor code cleanup
2012-11-04 14:45:15 -06:00
David Maloney
f69ccc779f
Unified smarter module
2012-11-04 13:14:02 -06:00
David Maloney
c30ada5eac
Adds temp vbs mod and tweaked decoder stub
2012-11-04 12:49:15 -06:00
HD Moore
752ae33135
Minor tweak (kill useless variable, fix gsub)
2012-11-04 01:18:40 -05:00
HD Moore
99ab722aca
Dont forget our actual mixin
2012-11-04 01:14:08 -05:00
HD Moore
910a91a0f6
First commit of a udp_mixin and modified scanners
2012-11-04 01:13:38 -05:00
HD Moore
963fdd6430
Initial commit for Digi RealPort modules
2012-11-03 17:44:53 -05:00
James Lee
4a1087d3fa
Merge branch 'rapid7' into bug/wrong-file_changed-argument
2012-11-01 16:53:06 -05:00
Tasos Laskos
0d2ad8734e
#report_web_vuln: updated to include an owner and payload
2012-11-01 22:23:56 +02:00
Tasos Laskos
a88031a02a
added web exploit mixin
2012-11-01 21:37:12 +02:00
Tasos Laskos
385d225305
Updated support for Web modules and analysis techniques (committing to new clean branch due to corruption)
2012-11-01 21:14:38 +02:00
David Maloney
519eb0c2be
Behold the King of Typos in all my glory
2012-11-01 11:30:52 -05:00
David Maloney
0eccfaf1bb
Add a disclosure date
2012-11-01 10:24:28 -05:00
Luke Imhoff
a745c3a4a0
metasploit_data_models 0.3.0 installed in gemcache
2012-11-01 08:56:00 -05:00
David Maloney
dd7ab11e38
Minor cleanup
2012-10-31 16:14:34 -05:00
Luke Imhoff
de07ca5f07
Merge branch 'bug/wrong-file_changed-argument' of github.com:/rapid7/metasploit-framework into bug/wrong-file_changed-argument
2012-10-31 11:49:02 -05:00
Luke Imhoff
471ac6d15d
Use typed_enable?(type) instead of protected enablement_by_type[type]
...
Msf::Modules::Loader::Archive#each_module_reference_name tried to check
the enabled types for the module_manager by accessing the
enabledment_by_type Hash, which is protected. Instead, it should use
the public type_enabled? method.
Add specs to test all of Msf::Modules::Loader::Archive while testing
each_module_reference_name. In order to properly test that modules
could be found in archives, I had to produce a fastlib archive, so there
is now a spec for FastLib.dump and FastLib.load. Some specs are marked
pending as I found a bug in FastLib, which has a work-around. The bug
is filed in PivotalTracker as
https://www.pivotaltracker.com/story/show/38730815 and the pending tests
include the URL also in their tags.
2012-10-31 11:43:28 -05:00
James Lee
be57f7ca74
Merge branch 'bug/wrong-file_changed-argument' of github.com:rapid7/metasploit-framework into bug/wrong-file_changed-argument
2012-10-30 13:07:07 -05:00
Luke Imhoff
6c11b870da
Check for payload in :type instead of :modification_time
...
Just had a brain fart when converting the hash key names and translated
:mtype to :modification_time instead of the correct :type. Correct key
names are in
Msf::ModuleManager::Cache#module_info_by_path_from_database!.
2012-10-30 12:10:31 -05:00
James Lee
d402b3fd08
Merge branch 'bug/wrong-file_changed-argument' of github.com:rapid7/metasploit-framework into bug/wrong-file_changed-argument
2012-10-30 10:54:26 -05:00
Luke Imhoff
5709ffc42b
Use Msf::Config.install_root instead of Msf.root
...
Msf::Config.install_root already existed, but I didn't know about it
until egypt pointed it out, so remove the new Msf.root and use
Msf::Config.install_root in the specs instead.
2012-10-30 10:46:02 -05:00
James Lee
2f41452879
Merge branch 'rapid7' into bug/wrong-file_changed-argument
2012-10-30 10:11:06 -05:00
James Lee
d0650dfb25
Put a bandaid over getsockname
...
Depending on how a socket was created, #getsockname will return either a
struct sockaddr as a String (the default ruby Socket behavior) or an
Array (the extend'd Rex::Socket::Tcp behavior). Avoid the ambiguity when
generating SSL certificates for meterpreter handlers by always picking a
random hostname.
This is by no means a proper fix for the underlying problem of
Socket#getsockname having ambiguous behavior before and after being
extended with Rex::Socket::Tcp. It does, however, solve the immediate
problem of not being able to create tunneled meterpreter sessions over
http(s) sessions.
[SeeRM #7350 ]
2012-10-29 22:45:46 -05:00
sinn3r
7a1c3e7cf6
Merge branch 'dmaloney-r7-WinRM_piecemeal'
2012-10-27 18:55:24 -05:00
scriptjunkie
3efa4186df
Fix search error when platform not in target name
2012-10-27 16:28:38 -05:00
Luke Imhoff
055f95898d
Merge branch 'master' into bug/wrong-file_changed-argument
...
Conflicts:
lib/msf/core/modules/loader/base.rb
2012-10-24 15:25:49 -05:00
Luke Imhoff
69a8739d52
Pass module_path instead of parent_path to file_changed?
...
[Fixes #37630057 ]
Modules were always being detected as having file changes because the
parent_path directory, instead of the actual module_path, was being
passed to module_manager.file_changed?, which caused the modification
times to not match.
To ensure this change fixes the ambiguous module warnings, a full spec
for Msf::Core::Modules::Loader::Base has been written.
spec/msf has moved to spec/lib/msf to match conventional spec layout and
allow for the spec/support directory to not be confused as a lib
subdirectory being tested.
2012-10-24 15:11:53 -05:00
David Maloney
bfbae5fbb7
Merge branch 'upstream-master' into WinRM_piecemeal
...
Conflicts:
lib/msf/core/exploit/winrm.rb
2012-10-24 14:12:28 -05:00
David Maloney
1dcbbdf162
changed indent level
2012-10-24 13:50:44 -05:00
David Maloney
a15c35091d
Add the WinRM login module
2012-10-24 11:25:39 -05:00
sinn3r
77c8548855
Merge branch 'dmaloney-r7-WinRM_piecemeal'
2012-10-23 16:33:16 -05:00
sinn3r
8c1304557f
Code cleanup
2012-10-23 16:32:26 -05:00
sinn3r
67c46fc97a
Merge branch 'WinRM_piecemeal' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-WinRM_piecemeal
2012-10-23 14:03:44 -05:00
David Maloney
e19f2d235c
Actually use the timeout in winrm cmd
2012-10-23 11:29:32 -05:00
sinn3r
f71f83095b
Merge branch 'WinRM_piecemeal' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-WinRM_piecemeal
2012-10-22 17:13:37 -05:00
David Maloney
04fd990741
bad indent
2012-10-22 17:03:40 -05:00
David Maloney
e08cedec2e
Requested revisions/cleanup
...
minor fixes to spacing, some typos, and abse64 switched to Rex
2012-10-22 17:01:00 -05:00
Rob Fuller
28f47e9aa0
fix spacing for all authors
2012-10-22 17:22:37 -04:00
Rob Fuller
a13a88ce28
fix spacing
2012-10-22 17:07:58 -04:00
Rob Fuller
7437d9844b
standardizing author info
2012-10-22 17:01:58 -04:00
corelanc0d3r
7733843bf3
added option ReverseListenerBindAddress
2012-10-22 22:17:50 +02:00
HD Moore
2436ac3a58
Revert "Merge branch 'migrator' of git://github.com/scriptjunkie/metasploit-framework into scriptjunkie-migrator"
...
This reverts commit ca07bdbad6
, reversing
changes made to ed3f87b738
.
2012-10-20 22:38:31 -05:00
HD Moore
04e1856a4f
Fix a copypasta error triggered by a failed load
2012-10-20 15:00:11 -05:00
sinn3r
c80005b85f
Merge branch 'WinRM_piecemeal' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-WinRM_piecemeal
2012-10-19 17:46:15 -05:00
David Maloney
57514e5407
Msftidyness
2012-10-19 16:56:52 -05:00
sinn3r
51c03bbf47
Merge branch 'WinRM_piecemeal' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-WinRM_piecemeal
2012-10-19 15:44:05 -05:00
sinn3r
ca07bdbad6
Merge branch 'migrator' of git://github.com/scriptjunkie/metasploit-framework into scriptjunkie-migrator
2012-10-19 15:25:45 -05:00
David Maloney
56cbe6a67e
Some minor fixups
2012-10-19 15:25:03 -05:00
David Maloney
3a8dd261ae
WinRM mixin and basic discovery module
2012-10-19 15:08:58 -05:00
Tod Beardsley
b7652b44d5
Adding prepend_migrate?
2012-10-19 14:24:13 -05:00
James Lee
ffa4373242
Merge branch 'rapid7' into wchen-r7-print_warning
...
[Closes #899 ]
2012-10-19 13:49:32 -05:00
jvazquez-r7
205dc8870a
Merge branch 'prependsetguid' of https://github.com/mephos/metasploit-framework into mephos-prependsetguid
2012-10-19 10:33:56 +02:00
James Lee
768d2c5921
Go back to old behavior for unknown versions
...
May not be correct, but it's what we used to do, so probably better than
just raising.
Also documents things a bit better.
2012-10-18 16:57:40 -05:00
James Lee
1eccb24bf8
Raise if the version isn't what we expect
...
Also adds some clarifying commentation and adds todb to the list of
authors since he wrote the original module for windows upon which this
one is based.
2012-10-18 15:55:55 -05:00
James Lee
0221f75f39
Merge branch 'rapid7' into midnitesnake-postgres_payload
2012-10-18 13:57:25 -05:00
scriptjunkie
0564a6eaa7
Add migrate stub option to Windows x86 payloads.
...
Migrate stub spawns payload in new process.
2012-10-16 20:53:36 -05:00
James Lee
46ed888ffe
Don't require .rb
2012-10-15 17:27:23 -05:00
Tod Beardsley
932b8ba841
Require, not load, msf, not lib/msf
2012-10-15 07:11:15 -05:00
agix
23b6890959
added exe-only options to win32pe generation
2012-10-14 14:23:45 +02:00
James Lee
9c6fdbe9d7
Compile a .so instead of being version-specific
...
This makes it possible to use payloads for the appropriate architecture
NOTE: need to test windows and make sure I didn't break it
2012-10-13 15:18:25 -05:00
sinn3r
d36f642edc
Add print_warning()
2012-10-12 21:48:15 -05:00
James Lee
ad1870d819
Merge branch 'rapid7' into midnitesnake-postgres_payload
2012-10-12 14:18:34 -05:00
James Lee
13a5892e95
Add a mixin for uploading/executing bins with PHP
...
And use it in three modules that had copy-paste versions of the same
idea.
2012-10-12 02:57:41 -05:00
Tod Beardsley
7d848c7147
Merge remote branch 'origin/bug/fastlib-nested-pathnames'
2012-10-10 17:31:36 -05:00
m m
90b948ffb3
add PrependSet[re]gid support for unix payloads
2012-10-10 12:14:00 +02:00
sinn3r
5ce26c4524
Merge branch 'bug/activerecord-dep' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/activerecord-dep
2012-10-09 11:18:02 -05:00
sinn3r
1ba57af00a
Merge branch 'master' into bug/windows-pro-modules
2012-10-09 11:15:45 -05:00
Luke Imhoff
2d1fd1c305
Pass file size to read for faster reads on Windows
2012-10-09 11:04:05 -05:00
James Lee
592851e155
Add requires for active_support deps in use
...
Hash for #assert_valid_keys, Module for #parent.
2012-10-09 02:05:08 -05:00
James Lee
b3e27b16d5
Derp, include is a class method
2012-10-09 01:52:19 -05:00
James Lee
227418bd11
Make AR a soft dependency again
...
Ensures that the absence of activerecord does not prevent msfconsole
from loading. This returns us to the previous state of affairs where it
is possible to use the framework entirely without a database.
To test:
1. rm -rf lib/gemcache/ruby/1.9.1/gems/activerecord*
2. remove any locally installed versions of activerecord
3. msfconsole
msfconsole should load up with a warning like so:
[-] ***
[-] * WARNING: No database support: LoadError cannot load such file -- active_record
[-] ***
... and should still be functional.
2012-10-08 23:07:04 -05:00
HD Moore
8f07a18d74
Fix comment indentation
2012-10-08 17:29:36 -05:00
HD Moore
eb0f0fee0c
Correct an extra parenthesis
2012-10-08 17:20:25 -05:00
HD Moore
8cdb76d269
Switch to normal String API vs ActiveSupport method
2012-10-08 17:18:40 -05:00
HD Moore
2dce6e6347
FIXRM #7292 by using hex class names
2012-10-08 17:03:41 -05:00
Luke Imhoff
93469604a7
Fix missed rename when adding fastlib under directory
...
I missed a spot where I referenced the nested_paths as nested_pathnams
after I renamed the variable. Now, Msf::ModuleManager#add_module_paths
has rspec tests.
Rspec can be invoked with `rake` as the default task or `rake spec`
explicitly.
I changed RuntimeError to ArgumentError since that error was more
specific to having a bad argument error. I adding missing dependencies
to the Gemfile and a require to msf/core/db_manager.rb where it errored
out trying to access Msf::Config when I just did require 'msf/core' in
the spec.
2012-10-08 16:14:37 -05:00
HD Moore
6bb1b83de3
Align the comments with the space indents for now
2012-10-08 16:09:12 -05:00
Tod Beardsley
114b7886fa
Add back EOF newlines
2012-10-08 12:42:34 -05:00
James Lee
10dafcd09f
Fix 1.8 compat with Module#const_defined?
...
Before 1.9, const_defined? only takes one parameter.
2012-10-08 12:40:18 -05:00
Luke Imhoff
ef6dad2bc3
Fix loading binary modules on Windows
...
[#36737359 , #36401509 ]
Failed to follow HACKING guideline #5 , open files in binary mode, so
Pro modules were being truncated on Windows installs.
2012-10-08 09:12:23 -05:00
HD Moore
70061223d3
The use of to_path fails on OS X, switch to to_s
2012-10-06 23:40:08 -05:00
sinn3r
40b2c04c36
Add a redmine link
2012-10-05 00:53:23 -05:00