Commit Graph

7736 Commits (ca0dcf23b0d123a147f1a0fba208e696476e268e)

Author SHA1 Message Date
William Vu 9fbda3eae0
Land #3183, tab completion improvements 2014-05-14 02:20:12 -05:00
William Vu fdbfaacdf6
Land #3313, progress feedback for PASS_FILE
[FixRM #8704]
2014-05-14 02:03:39 -05:00
William Vu 1ada4831e0
Land #3293, module deprecation constants 2014-05-14 01:37:29 -05:00
William Vu de49241195
Land #3185, regex option validation 2014-05-14 01:27:18 -05:00
agix 1a3b319262 rebase to use the mixin psexec 2014-05-13 16:04:40 +02:00
agix 87be2e674a Rebase on https://github.com/rapid7/metasploit-framework/pull/2831 and adapt to the new mixin 2014-05-13 16:04:40 +02:00
Florian Gaultier 808f87d213 SERVICE_DESCRIPTION doesn't concern this PR 2014-05-13 16:04:39 +02:00
Florian Gaultier bb4e9e2d4d correct error in block service_change_description 2014-05-13 16:04:39 +02:00
Florian Gaultier 6332957bd2 Try to add SERVICE_DESCRIPTION options to psexec, but it doesn't seem to work... 2014-05-13 16:04:39 +02:00
Florian Gaultier bdbb70ab71 up block_service_stopped.asm 2014-05-13 16:04:39 +02:00
Florian Gaultier 94f97ab963 Prevent import table overwritting by shifting entry point 2014-05-13 16:04:39 +02:00
Florian Gaultier e269c1e4f1 Improve service_block with service_stopped block to cleanly terminate service 2014-05-13 16:04:38 +02:00
Florian Gaultier c43e3cf581 Improve block_create_remote_process to point on shellcode everytime 2014-05-13 16:04:38 +02:00
Florian Gaultier 25d48b7300 Add create_remote_process block, now used in exe_service generation 2014-05-13 16:04:38 +02:00
Florian Gaultier 5ecebc3427 Add options `SERVICE_NAME` and `SERVICE_DISPLAYNAME` to psexec and correct service payload generation 2014-05-13 16:04:37 +02:00
Florian Gaultier 0b462ceea6 refactor `to_winpe_only` code to be used by `to_win32pe_service` 2014-05-13 16:04:37 +02:00
Florian Gaultier 914d15c285 fix typo 2014-05-13 16:04:37 +02:00
Florian Gaultier ca7a2c7a36 Add string_to_pushes to use non fixed size service_name 2014-05-13 16:04:37 +02:00
Florian Gaultier b3fd21b98d Change to try to follow ruby guidelines 2014-05-13 16:04:37 +02:00
Florian Gaultier 72a3e49fbb fix typo 2014-05-13 16:04:36 +02:00
Florian Gaultier 513f3de0f8 new service exe creation refreshed 2014-05-13 16:04:36 +02:00
Jeff Jarmoc 2849a1bc0c Update comment again 2014-05-12 13:10:20 -05:00
Jeff Jarmoc a3cc499a17 Update comment w/ all modes 2014-05-12 13:02:54 -05:00
Jeff Jarmoc d82bc11b7d Add 'u-noslashes' and re-order cases for consistency. 2014-05-12 13:01:05 -05:00
Jeff Jarmoc 5f523e8a04 Rex::Text::uri_encode - make 'hex-all' really mean all.
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes'  It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
William Vu 453851277f
Fix missing space in prompt for back and grep 2014-05-09 17:08:45 -05:00
William Vu 4b47a9a297
Land #3339, banner updates for Pro free trial 2014-05-09 15:25:09 -05:00
nstarke a71be33091 Adjusting status message to be based on time
Previously the status message timing was determined by the number of
pairs left to process.  I have adjusted the code to rely on Time.now
in order to consistently print a message out every 60 seconds.
2014-05-09 14:39:34 +00:00
Lutz Wolf 66252ba9e5 support negation in portspec 2014-05-08 21:35:35 +02:00
William Vu ee303aa34e
Add missing formats in lib/msf/core/db.rb comment
Found outside big if block. Ugh.
2014-05-08 10:27:38 -05:00
Tod Beardsley 281b000805
Typo fix for #3339 2014-05-08 10:18:19 -05:00
William Vu b50b3820a0
Update core/db.rb comments 'n' stuff 2014-05-08 02:53:02 -05:00
William Vu 7da6a2c84c
Update db_import help with authoritative formats
Taken from import_filetype_detect in lib/msf/core/db.rb.

[SeeRM #8799]
2014-05-08 02:30:29 -05:00
Tod Beardsley eecd05ec74
Fix banner language, padding. 2014-05-07 16:12:15 -05:00
Tod Beardsley c50c929412
Treat apt and binary installs the same for banners 2014-05-07 15:59:50 -05:00
Tod Beardsley ab56583ce0
Remove dead oldwarn code, fix shortlink 2014-05-07 09:49:41 -05:00
Tod Beardsley 7ed943cead
Add new rotating banners for apt installs 2014-05-07 09:39:39 -05:00
Tod Beardsley a55e2bcf19
Rework banner trailers in sprintf padding 2014-05-07 09:38:59 -05:00
Meatballs 3542f851bf Fix some yarddoc issues 2014-05-05 22:45:41 +02:00
Brendan Coles cc8ab9bcba Support one line js payload
Add missing ';' in `run_cmd_source`
2014-05-05 18:57:15 +10:00
Joshua Smith 5b1a207377 cleans up numerous superfluous returns in msf/core/module 2014-05-02 19:52:58 -04:00
nstarke f0a8f40acd Omitting timestamp from msfconsole search output
SeeRM #8795

The disclosure date field in the results from the search command
where returning with a timestamp that was almost always 00:00:00 UTC. I added a bit of date time formatting to only
include the year (4 digit), month (2 digit), and day (2 digit)
in the following format: Y-m-d.  This date time formatting
applies to both searches conducted through the database instance
as well as searches performed without a database (slow search).
2014-05-01 13:41:15 +00:00
Rob Fuller c3fb5bf614 fix a few clarical errors and typos 2014-04-29 22:42:26 -04:00
James Lee 4bd2dabfcd
Land #3121, new kiwi extension, with compiled bins
See also rapid7/meterpreter#79
2014-04-29 17:53:37 -05:00
nstarke ace9e797e1 Adding count-based print message
This commit removes the creation of a separate, timed
thread for printing out status messages to the user
in the case of large PASS_FILEs.  This adjustment eliminates
the overheard of context switching associated with
spinning off separate threads, as well as the dangers
associated with the Thread#kill method.
2014-04-29 22:10:08 +00:00
jvazquez-r7 2b4006089b
Land #3298, @wvu-r7's fix for db_import and its spec 2014-04-28 17:29:52 -05:00
nstarke eb98ea2d31 Large pass_file hangs login modules
SeeRM #8704

When running a *_login module that contains a large PASS_FILE
the module appears to hang while it is creating the combinations over
such a large dataset.  The solution proposed in the Redmine task
requested that the user be alerted with some sort of progress feedback
if the process takes an excessive amount of time.

I have added a message that logs to the console that contains the
number of pairs left to be constructed before the module will continue.
The verbiage is fairly arbitrary and should probably be updated to
something that might be more descriptive.  Likewise, the sleep
interval may need to be adjusted.
2014-04-28 21:45:14 +00:00
sinn3r 8a4c7b22ed
Land #3296 - Refactors firefox js usage into a mixin 2014-04-28 15:22:55 -05:00
Samuel Huckins 7fad215f3e
Merge branch 'bug/9582-metasploit-imports-and-tasks' into upstream-master
Land #3299
2014-04-28 10:47:23 -05:00
nstarke 0bca3a2d54 POST module duplicate search results
Running a POST module in meterpreter was causing duplicate search
results for the executed module.  For example, running
post/windows/gather/checkvm would produce duplicate results for that
module when executing “search checkvm” in msf.

Debugging revealed that the cmd_exec function in meterpreter’s ui
command_dispatcher core was creating the specified module, and then
promptly reloading it.  The reload function was causing the duplicate
module_detail record to be written to the msg postgres database
instance.  Further analysis revealed that the “original_mod” could be
used for running the post module, so the “reloaded_mod” was removed
and the “original_mod” used in it’s place to run the post module.

SeeRM #8754
2014-04-27 20:31:32 +00:00
William Vu 696eee1ada
Add Outpost24 to db_import help 2014-04-25 14:27:44 -05:00
lsanchez-r7 8f43c229b1
Passing the Mdm::Task down the chain
when reporting hosts from an Mdm::Task we need to pass the task all
the way down. this wasnt done for the metasploit import format.
2014-04-25 11:15:39 -05:00
joev f94d1f6546 Refactors firefox js usage into a mixin. 2014-04-24 15:09:48 -05:00
Trevor Rosen e556997bf7
Land #3269 (Pro) fix report import issue 2014-04-24 08:27:06 -05:00
Spencer McIntyre ec1f7d644c Support deprecation information from constants 2014-04-23 23:03:02 -04:00
James Lee 49bd86f077
Clean up yardocs and a few style issues 2014-04-21 03:12:23 -05:00
William Vu 7d801e3acc
Land #3200, goodbye LORCON modules :( 2014-04-18 12:32:22 -05:00
Samuel Huckins 2ed7a739c3
New reports in new exports can now import
MSP-9783

* Extracted import_report from monstrous import_msf_collateral;
simplified and clarified approach
* Updated report_report: includes all attrs provided vs subset, provides
more helpful error message
* Added report_artifact: adds child artifact for reports, handles
various troublesome cases
* Tested on all report types with a legion of option variants
2014-04-16 15:15:47 -05:00
sinn3r 54346f3f92
Land #3265 - Windows Post Manage Change Password 2014-04-15 18:45:48 -05:00
sinn3r 7a4e12976c
First little bit at Bug 8498
[FixRM #8489] rhost/rport modification
2014-04-15 18:20:16 -05:00
Meatballs 02b11afddc
Merge remote-tracking branch 'upstream/master' into netapi_change_passwd
Conflicts:
	lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb
2014-04-15 21:23:45 +01:00
Meatballs fc018eb32e
Initial commit 2014-04-15 21:05:06 +01:00
Tod Beardsley 9db01770ec
Add custom rhost/rport, remove editorializing desc
Verification:

````
resource (./a.rc)> run
[*] Connecting to FTP server ....
[*] FTP recv: "220 ProFTPD 1.3.3a Server (My FTP server)
[*] Connected to target FTP server.
[*] Authenticating as anonymous with password mozilla@example.com...
[*] FTP send: "USER anonymous\r\n"
[*] FTP recv: "331 Anonymous login ok, send your complete email address
as your password\r\n"
````

...etc.
2014-04-14 21:46:05 -05:00
David Maloney c537aebf0f
Land #3228, JtR colon Seperation 2014-04-14 11:19:16 -05:00
Tod Beardsley 2aecab89bb
14-day free trial banner for non-binary installs 2014-04-14 11:00:41 -05:00
agix ac63e84d02 Fix little bug when using msfencode and exe-only
When arch is not defined, arch is null so it crashs.
It should be 'x86' by default
2014-04-14 01:02:31 +02:00
sinn3r 7b6b94acd5
Land #3247 - Revert #3224 jsobfu string size fixes 2014-04-12 00:58:27 -05:00
joev e09f887c4c Revert "Fixes large-string expansion in JSObfu."
This reverts commit 14fed8c610.
2014-04-11 16:51:47 -05:00
joev 4cb04b6b9a Revert "Use implicit return for assignment."
This reverts commit 49139cc07f.
2014-04-11 16:51:40 -05:00
joev 21b2697b95 Revert "Use tiny var names by default."
This reverts commit 52432ef482.
2014-04-11 16:51:34 -05:00
joev d41b3467f8 Revert "Re-add the #random_string(len) method to pass specs."
This reverts commit bd8918e4e1.
2014-04-11 16:51:21 -05:00
Tod Beardsley 91293fd0db
Allow vhost to be maybe opts['rhost']
This enables passing rhost and rport directly to send_request_cgi
without having to monkey with the datastore.

See #8498
2014-04-10 16:47:49 -05:00
sinn3r 80faaf86d8 Add a link to explain about unmet exploit requirements 2014-04-10 14:01:16 -05:00
sinn3r a6a6ad2217
Land #3227 - Remove bundled rkelly, to Gemfile 2014-04-10 12:31:59 -05:00
sinn3r 68a50e3663
Land #3224 - Fixes large-string expansion in JSObfu 2014-04-10 12:09:22 -05:00
Tod Beardsley bc5f87b01a
Land #3195, check() fix 2014-04-10 08:59:53 -05:00
Tod Beardsley 3109f42a55
Merge release back into master 2014-04-11 15:07:16 -05:00
Brandon Turner 2f2692f4bf
Bump version to 4.9.2 2014-04-10 17:45:42 -05:00
James Lee 95399b0de7
Don't try to be too helpful
John cares not one whit how many colons are in a hash line, only that
there are enough for the format (at least 2 for regular /etc/passwd, at
least 3 for NTLM, etc). So there is no simple way to programmatically
determine whether a password had a colon or there was just an extra on
the end of the original hash line.

[MSP-9778]
See #2515
2014-04-09 19:24:26 -05:00
Joe Vennix bd8918e4e1
Re-add the #random_string(len) method to pass specs. 2014-04-09 17:44:48 -05:00
Joe Vennix 57aa1eec11
Kick rkelly out to a gem, add rkelly-remixed.
rkelly-remixed is a faster fork of rkelly that is more frequently updated
nowadays. With the new gem, jsobfu obfuscates os.js about twice as fast on
my dev environment.
2014-04-09 17:21:22 -05:00
Joe Vennix 52432ef482 Use tiny var names by default. 2014-04-09 16:54:02 -05:00
Joe Vennix 49139cc07f Use implicit return for assignment. 2014-04-09 15:48:07 -05:00
Joe Vennix 14fed8c610 Fixes large-string expansion in JSObfu. 2014-04-09 15:45:48 -05:00
Tod Beardsley 062175128b
Update @Meatballs and @FireFart in authors.rb 2014-04-09 10:46:10 -05:00
Meatballs ae3ead6ef9
Land #2107 Post Enum Domain Users 2014-04-09 11:32:12 +01:00
Tod Beardsley eab938c7b4
Get rid of requires, too 2014-04-07 16:39:19 -05:00
Tod Beardsley 17ddbccc34
Remove the broken lorcon module set
None of the lorcon / lorcon2 modules have been functional for a long
time, due to the lack of a "Lorcon" gem. It's unclear where it went.

I'm happy to include it and get these working again, but until someone
comes up with some functional code (hint: 'gem install' doesn't work) I
don't see any reason to keep shipping these.

Is there some trick people are doing to make these work? As far as I can
see, they are broken by default.

````
msf auxiliary(wifun) > show options

Module options (auxiliary/dos/wifi/wifun):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   CHANNEL    11               yes       The initial channel
   DRIVER     autodetect       yes       The name of the wireless driver
for lorcon
   INTERFACE  wlan0            yes       The name of the wireless
interface

msf auxiliary(wifun) > run

[*] The Lorcon2 module is not available: cannot load such file --
Lorcon2
[-] Auxiliary failed: RuntimeError Lorcon2 not available
[-] Call stack:
[-]
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/lorcon2.rb:67:in
`open_wifi'
[-]
/home/todb/git/rapid7/metasploit-framework/modules/auxiliary/dos/wifi/wifun.rb:29:in
`run'
[*] Auxiliary module execution completed
````
2014-04-07 16:37:10 -05:00
sinn3r d385c5ad4b Fix undefined method `rport' for the check command 2014-04-07 11:48:28 -05:00
jvazquez-r7 80b069f161 Add support for spoofed zip Central Dir names at Entry level 2014-04-07 09:21:26 -05:00
jvazquez-r7 46e6f937f1 Revert "Add central directory zip spoofing"
This reverts commit d0700e8ac4.
2014-04-07 08:50:33 -05:00
jvazquez-r7 d0700e8ac4 Add central directory zip spoofing 2014-04-07 08:49:49 -05:00
jvazquez-r7 6d72860d58
Land #3004, @m-1-k-3's linksys moon exploit 2014-04-04 14:04:48 -05:00
William Vu 9779913060
Land #3184, Rex::Proto::Http::Client IOError fix 2014-04-03 15:58:50 -05:00
joev 42d59d269e Check #closed? instead of rescuing. 2014-04-03 14:20:48 -05:00
joev 98628b814e Prevent Rex::Proto::Http::Client from raising on close. 2014-04-03 11:36:18 -05:00
Spencer McIntyre aecd13d314 Tab complete the same case 2014-04-03 09:54:48 -04:00
Spencer McIntyre 1c57c0092c Tab complete case insensitive module options too 2014-04-02 23:27:11 -04:00
Spencer McIntyre 7d93d28f1d Support more tab completion features 2014-04-02 21:57:17 -04:00
Christian Mehlmauer 4bf6481242
Added regex option to validate options 2014-04-02 23:51:33 +02:00
jvazquez-r7 c892da44e8
Land #3181, @dmaloney-r7's fix for metasm 2014-04-02 16:38:33 -05:00
OJ e06ed601cf
Merge branch 'upstream/master' into ext_server_kiwi 2014-04-03 07:19:36 +10:00
Tab Assassin 6faa3d939b
Retabbed PR rapid7#3181 2014-04-02 15:51:11 -05:00
David Maloney b426449ce7
fix the fix for 64 bit
JJ's fix is too specific
2014-04-02 15:24:24 -05:00
jvazquez-r7 577bd7c855
Land #3146, @wchen-r7's flash version detection code 2014-04-02 15:13:41 -05:00
David Maloney 29c2a73a12
latest fix
trying to fix c comparison ops
2014-04-02 15:13:35 -05:00
agix a71fcaeefd add comments on change description call 2014-04-02 20:33:09 +01:00
agix bc4cb3febf Add DCERPC catch exception 2014-04-02 20:33:09 +01:00
agix 4a575d57ab Try to fix Meatballs1 suggestions : optional service_description change call 2014-04-02 20:33:09 +01:00
agix 5334f2657e Fix a bug for backwards compatibility 2014-04-02 20:33:08 +01:00
agix 631a7b9c48 Adapt to new psexec mixin (first try :D) 2014-04-02 20:33:08 +01:00
David Maloney ab7c4a41fc
missed net new files
some net new files we're missing from metasm
2014-04-02 13:46:18 -05:00
David Maloney 72b1f1373f
pull JJ's latest changes in for c64
compiler for x86_64 has some bugs, this is JJ's
latest fixes
2014-04-02 13:44:02 -05:00
OJ 670a0c8e0f
Merge branch 'upstream/master' into ext_server_kiwi 2014-04-02 19:36:42 +10:00
OJ e61e532223 Add support for extraction of wifi profile creds 2014-04-02 17:16:40 +10:00
OJ 1d46e65897 Update to match meterpreter changes
This also includes the ability to specify id and groups for the
golden ticket feature.
2014-04-02 12:29:35 +10:00
William Vu f9a7cfaa67
Land #3168, EICAR payload encoding 2014-04-01 09:17:10 -05:00
Tod Beardsley 42c7b85b86
Don't EICAR every time. That would be bad. 2014-04-01 09:05:55 -05:00
Christian Mehlmauer 5397fdbf02
Land #3173, Fix ActiveRecord::ConnectionNotEstablished 2014-03-29 00:13:44 +01:00
William Vu 5a448d9f2d
Fix ActiveRecord::ConnectionNotEstablished
[SeeRM #8780]
2014-04-02 00:54:39 -05:00
William Vu 8fd4f50081
Fix NameError for "r" in Msf::Auxiliary::Nmap
Wasn't in scope.
2014-04-01 17:35:20 -05:00
Tod Beardsley ec7bb6de54
Land #2969, random name generator for phishing 2014-04-01 13:00:55 -05:00
Christian Mehlmauer ba03890004
Land #3171, Fix NameError for "r" in Msf::Auxiliary::Nmap 2014-03-29 00:01:03 +01:00
Tod Beardsley 1b0fe74da5
Use Array#sample in email generators. 2014-04-01 14:11:23 -05:00
Tod Beardsley 8ab03f3aeb
Use Array#sample in randomize_space 2014-04-01 14:09:07 -05:00
William Vu 8bd5d10052
Use rand_hostname in rand_mail_address 2014-03-28 16:44:49 -05:00
sinn3r 07ab05c870 Update a comment 2014-03-28 15:20:45 -05:00
sinn3r 4b7f85e47d Adobe Flash support in BES 2014-03-28 15:14:58 -05:00
Tod Beardsley 196e07c5b1
Touch up the EICAR stuff 2014-03-28 11:45:28 -05:00
jvazquez-r7 8f1e55de5a Use ObfuscateJS 2014-03-28 11:08:38 -05:00
jvazquez-r7 da6a428bbf Modify libs to support explib2 2014-03-28 10:44:52 -05:00
OJ 86ddd24d26 Update to use Rex::Text and change handling a bit
This change also outputs blank creds so that users know which
accounts have blank passwords
2014-03-28 16:12:51 +10:00
OJ 65e204e834 Modify the menu item descriptions 2014-03-28 11:03:38 +10:00
OJ 3a42cb8a46 Fix typo in kiwi help 2014-03-28 11:03:03 +10:00
James Lee 6c36d14be1
Land #3118, fix java payloads for msfvenom 2014-03-25 15:38:21 -05:00
sinn3r 85c0c8bb70 Add support to detect mshtml build
Some IE vulns are build-specific, in that case we need a way to
detect the build version. On IE9 and newer, the build version is
the same as the one you see in WinDBG when you do lmv m mshtml.
On IE8, it returns something else I don't know.
2014-03-25 03:31:08 -05:00
William Vu 8b2ee4eb8c
Disable BLANK_PASSWORDS and USER_AS_PASS
They're as obnoxious as DB_ALL_* when enabled by default.
2014-03-24 15:51:35 -05:00
sinn3r 13f5c22536
Land #3129 - Fix 2782 with 2961 and stop stack-tracing download_exec 2014-03-21 11:36:59 -05:00
James Lee 0a141f1c02
Land #2810, masked password format switcheroo 2014-03-20 15:12:12 -05:00
David Maloney c4a9b4fda0
Land #3128, Put loot in correct workspace 2014-03-20 14:11:17 -05:00
Tod Beardsley 4d3f871e9d
Land #2961, get_env and get_envs Post mixin
This unbreaks the changes introduced by #2782 by introducing
get_env and get_envs for shell sessions (not just meterpreter sessions).
2014-03-20 10:53:50 -05:00
Trevor Rosen dd4b16ad60 Remove some dead code 2014-03-20 09:38:14 -05:00
Trevor Rosen dc85a99fbd report_loot now sets proper Mdm::Workspace
* Uses an Mdm::Workspace when passed one in conf hash
2014-03-20 09:27:09 -05:00
Samuel Huckins 33ca577010 Zip Workspace imports now working.
MSP-9531

* Was trying to delete XML file, not sure why, running into permission
error
* General clarification and cleanup
2014-03-19 22:53:15 -05:00
Samuel Huckins cc4c958d58 Merge remote-tracking branch 'metasploit-framework/master' into masked-cred-format-update 2014-03-19 15:47:46 -05:00
Tod Beardsley 8e7f12e30e
Land #3085, service_control support
This depends on rapid7/meterpreter#77 to function
2014-03-19 08:43:17 -05:00
Tod Beardsley 04b5d71fa5
Land #3061, enhance clipboard dump
This depends on rapid7/meterpreter#75 to function
2014-03-19 08:42:36 -05:00
Tod Beardsley 35b94b04bf
Land #2889, WMI support
This depends on rapid7/meterpreter#69 to actually be useful.
2014-03-19 08:42:03 -05:00
OJ 11f9bfadb1 Final bits of documentation and code tweaking 2014-03-19 18:40:53 +10:00
OJ 84728c9fc9 Code tidying and defaulting to empty strings for table format 2014-03-19 16:19:23 +10:00
OJ 959cedb9b1 Bit more code tidying 2014-03-19 16:19:05 +10:00
OJ f80c7b7b51 Fix silly typo 2014-03-19 15:55:12 +10:00
OJ 0dcf992781 Add comments to the kiwi source 2014-03-19 15:45:53 +10:00
OJ 3635fff98e Add support for kerberos ticket enumeration
Fix up a bunch of other issues and do some code tidies too.
2014-03-19 14:25:11 +10:00
David Maloney 130474fdfd
Fix java payload generation
jsp payloads are java but do not generate JARs
also we were not merging datastore options in properly
2014-03-18 13:41:27 -05:00
OJ 91e198fd63 Add SAM key dump in LSA dumping output 2014-03-18 09:45:31 +10:00
OJ dfb4b22015
Merge branch 'upstream/master' into ext_server_kiwi 2014-03-18 08:08:45 +10:00
William Vu 9eada528d7
Land #3097, Rex::Text.uri_encode RFC 3986 fix 2014-03-14 15:38:24 -05:00
David Maloney da0c37cee2
Land #2684, Meatballs PSExec refactor 2014-03-14 13:01:20 -05:00
OJ a9758413c0 Add lsa secret dumps plus other tweaks 2014-03-14 19:50:01 +10:00
William Vu 8393a49148
Land #3098, check command host selection fix
[FixRM #8768]
2014-03-13 14:25:39 -05:00
sinn3r 6e37493471
Land #3091 - native shellcode payloads from a FF privileged js shell 2014-03-13 13:36:37 -05:00
Joe Vennix db036e44ad Use RdlCopyMemory from Kernel32. 2014-03-13 11:05:58 -05:00
sinn3r 7ead04414c
Land #3024 - Allow encoder Compat options 2014-03-13 10:59:40 -05:00
Tod Beardsley 520d1e69c4
Rapid7 Comma Inc
After some more discussion with Rapid7's legal fellow.
2014-03-13 09:46:20 -05:00
sinn3r 84b08a5a35 Fix check command host selection behavior
[SeeRM #8768] Instead of using the saved value for host, the check
command should use whatever the user specifies.
2014-03-12 22:54:01 -05:00
Tod Beardsley 9d4ceaa3a0
Let's try to be consistent about Rapid7 Inc.
According to

http://www.sec.gov/Archives/edgar/data/1560327/000156032712000001/0001560327-12-000001.txt

Rapid7 is actually "Rapid7 Inc" not "Rapid7, LLC" any more.

This does not address the few copyright/license statements around
"Metasploit LLC," whatever that is.
2014-03-12 11:20:17 -05:00
Joe Vennix 851fca2107 Add posix fork() call before running code. 2014-03-12 02:56:26 -05:00
Joe Vennix 7afcb6aee8 Add CreateThread wrapper for windows. 2014-03-12 02:49:09 -05:00
Joe Vennix ce0c5380a5
Kill stray //. 2014-03-12 02:20:49 -05:00
Joe Vennix 9bdf570763
All working now. In-memory meterpreter even. 2014-03-12 02:19:28 -05:00
sinn3r b431bf3da9
Land #3052 - Fix nil error in BES 2014-03-11 12:51:03 -05:00
OJ 1d70411ea7 Support service_control and new status field in query
This code adds support for the new service_control feature in meterpreter
and also supports the status field that comes from the service_query function.
2014-03-11 14:50:19 +10:00
AnwarMohamed b45524ecdd generate cert @ payload/dalvik.rb 2014-03-10 21:50:00 -05:00
AnwarMohamed 99cc94e6fc moving string_sub() to payload/dalvik.rb 2014-03-10 21:49:59 -05:00
Joe Vennix c07f390382 Add CookieExpiration option, add trailing slash to URI. 2014-03-10 13:07:17 -05:00
sinn3r c76a1ab9f4
Land #3065 - Safari User-Assisted Download & Run Attack 2014-03-07 10:29:56 -06:00
Joe Vennix 9638bc7061 Allow a custom .app bundle.
* adds a method to Rex::Zip::Archive to allow recursive packing
2014-03-06 16:11:30 -06:00
Meatballs 311d4665ce
Re-use CreateService Handle
and remove unused variable
2014-03-06 21:37:49 +00:00
William Vu ee0aa20955
Land #3013, Metasm update 2014-03-06 14:15:42 -06:00
Joe Vennix 05067b4e33 Oops. Need to init the profile before accessed. 2014-03-06 11:48:54 -06:00
Joe Vennix ad592fd114 Remove unnecessary method. 2014-03-05 23:36:43 -06:00
Joe Vennix a792f85a5f Fix re-initialize bug. 2014-03-05 23:27:04 -06:00
Joe Vennix 38a2e6e436 Minor fixes. 2014-03-05 19:03:54 -06:00
Joe Vennix 12cf5a5138 Add BES, change extra_plist -> plist_extra. 2014-03-05 18:51:42 -06:00
William Vu 096d6ad951
Land #3055, heapLib2 integration 2014-03-05 15:48:13 -06:00
Joe Vennix cd3c2f9979 Move osx-app format to EXE. 2014-03-04 22:54:00 -06:00
OJ a1aef92652
Land #2431 - In-memory bypass uac 2014-03-05 11:15:54 +10:00
Joe Vennix 5790547d34 Start undoing some work. 2014-03-04 17:01:53 -06:00
Tod Beardsley 6e88bbd827
No need for that kind of language 2014-03-04 14:34:50 -06:00
sinn3r e638c3d50a
Land #3058 - Prevent jsobfu from generating reserved js keywords 2014-03-04 11:43:39 -06:00
David Maloney 72c6b995de
adjust timeout for shadowcopy
WMIC defaults to 10 sec timeout but shadowcopy
often needs longer.
2014-03-04 10:18:59 -06:00
OJ 0bdce4836f Modify clipboard dump to support new format from Meterpreter 2014-03-04 19:37:57 +10:00
Etienne Stalmans e452b81fb1 style changes as suggested by @jlee-r7 2014-03-04 08:49:52 +02:00
Joe Vennix 3360f7004d Update form_post vars, add Expires to cookie. 2014-03-03 23:29:02 -06:00
Joe Vennix 6c3b667152 Kill extra comma. 2014-03-03 16:48:02 -06:00
Joe Vennix bfecf9525d Add Rex::RandomIdentifierGenerator. 2014-03-03 16:43:49 -06:00
Meatballs 43715eeb7f
Blame @OJ
He changed the clipboard API underneat me.
2014-03-03 22:06:05 +00:00
Meatballs 32d83887d3
Merge remote-tracking branch 'upstream/master' into wmic_post 2014-03-03 21:56:31 +00:00
Joe Vennix 517a85d141 Remove unneeded quotes. 2014-03-03 15:42:46 -06:00