jvazquez-r7
c892da44e8
Land #3181 , @dmaloney-r7's fix for metasm
2014-04-02 16:38:33 -05:00
OJ
e06ed601cf
Merge branch 'upstream/master' into ext_server_kiwi
2014-04-03 07:19:36 +10:00
Tab Assassin
6faa3d939b
Retabbed PR rapid7#3181
2014-04-02 15:51:11 -05:00
David Maloney
b426449ce7
fix the fix for 64 bit
...
JJ's fix is too specific
2014-04-02 15:24:24 -05:00
jvazquez-r7
577bd7c855
Land #3146 , @wchen-r7's flash version detection code
2014-04-02 15:13:41 -05:00
David Maloney
29c2a73a12
latest fix
...
trying to fix c comparison ops
2014-04-02 15:13:35 -05:00
agix
a71fcaeefd
add comments on change description call
2014-04-02 20:33:09 +01:00
agix
bc4cb3febf
Add DCERPC catch exception
2014-04-02 20:33:09 +01:00
agix
4a575d57ab
Try to fix Meatballs1 suggestions : optional service_description change call
2014-04-02 20:33:09 +01:00
agix
5334f2657e
Fix a bug for backwards compatibility
2014-04-02 20:33:08 +01:00
agix
631a7b9c48
Adapt to new psexec mixin (first try :D)
2014-04-02 20:33:08 +01:00
David Maloney
ab7c4a41fc
missed net new files
...
some net new files we're missing from metasm
2014-04-02 13:46:18 -05:00
David Maloney
72b1f1373f
pull JJ's latest changes in for c64
...
compiler for x86_64 has some bugs, this is JJ's
latest fixes
2014-04-02 13:44:02 -05:00
OJ
670a0c8e0f
Merge branch 'upstream/master' into ext_server_kiwi
2014-04-02 19:36:42 +10:00
OJ
e61e532223
Add support for extraction of wifi profile creds
2014-04-02 17:16:40 +10:00
OJ
1d46e65897
Update to match meterpreter changes
...
This also includes the ability to specify id and groups for the
golden ticket feature.
2014-04-02 12:29:35 +10:00
William Vu
f9a7cfaa67
Land #3168 , EICAR payload encoding
2014-04-01 09:17:10 -05:00
Tod Beardsley
42c7b85b86
Don't EICAR every time. That would be bad.
2014-04-01 09:05:55 -05:00
Christian Mehlmauer
5397fdbf02
Land #3173 , Fix ActiveRecord::ConnectionNotEstablished
2014-03-29 00:13:44 +01:00
William Vu
5a448d9f2d
Fix ActiveRecord::ConnectionNotEstablished
...
[SeeRM #8780 ]
2014-04-02 00:54:39 -05:00
William Vu
8fd4f50081
Fix NameError for "r" in Msf::Auxiliary::Nmap
...
Wasn't in scope.
2014-04-01 17:35:20 -05:00
Tod Beardsley
ec7bb6de54
Land #2969 , random name generator for phishing
2014-04-01 13:00:55 -05:00
Christian Mehlmauer
ba03890004
Land #3171 , Fix NameError for "r" in Msf::Auxiliary::Nmap
2014-03-29 00:01:03 +01:00
Tod Beardsley
1b0fe74da5
Use Array#sample in email generators.
2014-04-01 14:11:23 -05:00
Tod Beardsley
8ab03f3aeb
Use Array#sample in randomize_space
2014-04-01 14:09:07 -05:00
William Vu
8bd5d10052
Use rand_hostname in rand_mail_address
2014-03-28 16:44:49 -05:00
sinn3r
07ab05c870
Update a comment
2014-03-28 15:20:45 -05:00
sinn3r
4b7f85e47d
Adobe Flash support in BES
2014-03-28 15:14:58 -05:00
Tod Beardsley
196e07c5b1
Touch up the EICAR stuff
2014-03-28 11:45:28 -05:00
jvazquez-r7
8f1e55de5a
Use ObfuscateJS
2014-03-28 11:08:38 -05:00
jvazquez-r7
da6a428bbf
Modify libs to support explib2
2014-03-28 10:44:52 -05:00
OJ
86ddd24d26
Update to use Rex::Text and change handling a bit
...
This change also outputs blank creds so that users know which
accounts have blank passwords
2014-03-28 16:12:51 +10:00
OJ
65e204e834
Modify the menu item descriptions
2014-03-28 11:03:38 +10:00
OJ
3a42cb8a46
Fix typo in kiwi help
2014-03-28 11:03:03 +10:00
James Lee
6c36d14be1
Land #3118 , fix java payloads for msfvenom
2014-03-25 15:38:21 -05:00
sinn3r
85c0c8bb70
Add support to detect mshtml build
...
Some IE vulns are build-specific, in that case we need a way to
detect the build version. On IE9 and newer, the build version is
the same as the one you see in WinDBG when you do lmv m mshtml.
On IE8, it returns something else I don't know.
2014-03-25 03:31:08 -05:00
William Vu
8b2ee4eb8c
Disable BLANK_PASSWORDS and USER_AS_PASS
...
They're as obnoxious as DB_ALL_* when enabled by default.
2014-03-24 15:51:35 -05:00
sinn3r
13f5c22536
Land #3129 - Fix 2782 with 2961 and stop stack-tracing download_exec
2014-03-21 11:36:59 -05:00
James Lee
0a141f1c02
Land #2810 , masked password format switcheroo
2014-03-20 15:12:12 -05:00
David Maloney
c4a9b4fda0
Land #3128 , Put loot in correct workspace
2014-03-20 14:11:17 -05:00
Tod Beardsley
4d3f871e9d
Land #2961 , get_env and get_envs Post mixin
...
This unbreaks the changes introduced by #2782 by introducing
get_env and get_envs for shell sessions (not just meterpreter sessions).
2014-03-20 10:53:50 -05:00
Trevor Rosen
dd4b16ad60
Remove some dead code
2014-03-20 09:38:14 -05:00
Trevor Rosen
dc85a99fbd
report_loot now sets proper Mdm::Workspace
...
* Uses an Mdm::Workspace when passed one in conf hash
2014-03-20 09:27:09 -05:00
Samuel Huckins
33ca577010
Zip Workspace imports now working.
...
MSP-9531
* Was trying to delete XML file, not sure why, running into permission
error
* General clarification and cleanup
2014-03-19 22:53:15 -05:00
Samuel Huckins
cc4c958d58
Merge remote-tracking branch 'metasploit-framework/master' into masked-cred-format-update
2014-03-19 15:47:46 -05:00
Tod Beardsley
8e7f12e30e
Land #3085 , service_control support
...
This depends on rapid7/meterpreter#77 to function
2014-03-19 08:43:17 -05:00
Tod Beardsley
04b5d71fa5
Land #3061 , enhance clipboard dump
...
This depends on rapid7/meterpreter#75 to function
2014-03-19 08:42:36 -05:00
Tod Beardsley
35b94b04bf
Land #2889 , WMI support
...
This depends on rapid7/meterpreter#69 to actually be useful.
2014-03-19 08:42:03 -05:00
OJ
11f9bfadb1
Final bits of documentation and code tweaking
2014-03-19 18:40:53 +10:00
OJ
84728c9fc9
Code tidying and defaulting to empty strings for table format
2014-03-19 16:19:23 +10:00
OJ
959cedb9b1
Bit more code tidying
2014-03-19 16:19:05 +10:00
OJ
f80c7b7b51
Fix silly typo
2014-03-19 15:55:12 +10:00
OJ
0dcf992781
Add comments to the kiwi source
2014-03-19 15:45:53 +10:00
OJ
3635fff98e
Add support for kerberos ticket enumeration
...
Fix up a bunch of other issues and do some code tidies too.
2014-03-19 14:25:11 +10:00
David Maloney
130474fdfd
Fix java payload generation
...
jsp payloads are java but do not generate JARs
also we were not merging datastore options in properly
2014-03-18 13:41:27 -05:00
OJ
91e198fd63
Add SAM key dump in LSA dumping output
2014-03-18 09:45:31 +10:00
OJ
dfb4b22015
Merge branch 'upstream/master' into ext_server_kiwi
2014-03-18 08:08:45 +10:00
William Vu
9eada528d7
Land #3097 , Rex::Text.uri_encode RFC 3986 fix
2014-03-14 15:38:24 -05:00
David Maloney
da0c37cee2
Land #2684 , Meatballs PSExec refactor
2014-03-14 13:01:20 -05:00
OJ
a9758413c0
Add lsa secret dumps plus other tweaks
2014-03-14 19:50:01 +10:00
William Vu
8393a49148
Land #3098 , check command host selection fix
...
[FixRM #8768 ]
2014-03-13 14:25:39 -05:00
sinn3r
6e37493471
Land #3091 - native shellcode payloads from a FF privileged js shell
2014-03-13 13:36:37 -05:00
Joe Vennix
db036e44ad
Use RdlCopyMemory from Kernel32.
2014-03-13 11:05:58 -05:00
sinn3r
7ead04414c
Land #3024 - Allow encoder Compat options
2014-03-13 10:59:40 -05:00
Tod Beardsley
520d1e69c4
Rapid7 Comma Inc
...
After some more discussion with Rapid7's legal fellow.
2014-03-13 09:46:20 -05:00
sinn3r
84b08a5a35
Fix check command host selection behavior
...
[SeeRM #8768 ] Instead of using the saved value for host, the check
command should use whatever the user specifies.
2014-03-12 22:54:01 -05:00
Tod Beardsley
9d4ceaa3a0
Let's try to be consistent about Rapid7 Inc.
...
According to
http://www.sec.gov/Archives/edgar/data/1560327/000156032712000001/0001560327-12-000001.txt
Rapid7 is actually "Rapid7 Inc" not "Rapid7, LLC" any more.
This does not address the few copyright/license statements around
"Metasploit LLC," whatever that is.
2014-03-12 11:20:17 -05:00
Joe Vennix
851fca2107
Add posix fork() call before running code.
2014-03-12 02:56:26 -05:00
Joe Vennix
7afcb6aee8
Add CreateThread wrapper for windows.
2014-03-12 02:49:09 -05:00
Joe Vennix
ce0c5380a5
Kill stray //.
2014-03-12 02:20:49 -05:00
Joe Vennix
9bdf570763
All working now. In-memory meterpreter even.
2014-03-12 02:19:28 -05:00
sinn3r
b431bf3da9
Land #3052 - Fix nil error in BES
2014-03-11 12:51:03 -05:00
OJ
1d70411ea7
Support service_control and new status field in query
...
This code adds support for the new service_control feature in meterpreter
and also supports the status field that comes from the service_query function.
2014-03-11 14:50:19 +10:00
AnwarMohamed
b45524ecdd
generate cert @ payload/dalvik.rb
2014-03-10 21:50:00 -05:00
AnwarMohamed
99cc94e6fc
moving string_sub() to payload/dalvik.rb
2014-03-10 21:49:59 -05:00
Joe Vennix
c07f390382
Add CookieExpiration option, add trailing slash to URI.
2014-03-10 13:07:17 -05:00
sinn3r
c76a1ab9f4
Land #3065 - Safari User-Assisted Download & Run Attack
2014-03-07 10:29:56 -06:00
Joe Vennix
9638bc7061
Allow a custom .app bundle.
...
* adds a method to Rex::Zip::Archive to allow recursive packing
2014-03-06 16:11:30 -06:00
Meatballs
311d4665ce
Re-use CreateService Handle
...
and remove unused variable
2014-03-06 21:37:49 +00:00
William Vu
ee0aa20955
Land #3013 , Metasm update
2014-03-06 14:15:42 -06:00
Joe Vennix
05067b4e33
Oops. Need to init the profile before accessed.
2014-03-06 11:48:54 -06:00
Joe Vennix
ad592fd114
Remove unnecessary method.
2014-03-05 23:36:43 -06:00
Joe Vennix
a792f85a5f
Fix re-initialize bug.
2014-03-05 23:27:04 -06:00
Joe Vennix
38a2e6e436
Minor fixes.
2014-03-05 19:03:54 -06:00
Joe Vennix
12cf5a5138
Add BES, change extra_plist -> plist_extra.
2014-03-05 18:51:42 -06:00
William Vu
096d6ad951
Land #3055 , heapLib2 integration
2014-03-05 15:48:13 -06:00
Joe Vennix
cd3c2f9979
Move osx-app format to EXE.
2014-03-04 22:54:00 -06:00
OJ
a1aef92652
Land #2431 - In-memory bypass uac
2014-03-05 11:15:54 +10:00
Joe Vennix
5790547d34
Start undoing some work.
2014-03-04 17:01:53 -06:00
Tod Beardsley
6e88bbd827
No need for that kind of language
2014-03-04 14:34:50 -06:00
sinn3r
e638c3d50a
Land #3058 - Prevent jsobfu from generating reserved js keywords
2014-03-04 11:43:39 -06:00
David Maloney
72c6b995de
adjust timeout for shadowcopy
...
WMIC defaults to 10 sec timeout but shadowcopy
often needs longer.
2014-03-04 10:18:59 -06:00
OJ
0bdce4836f
Modify clipboard dump to support new format from Meterpreter
2014-03-04 19:37:57 +10:00
Etienne Stalmans
e452b81fb1
style changes as suggested by @jlee-r7
2014-03-04 08:49:52 +02:00
Joe Vennix
3360f7004d
Update form_post vars, add Expires to cookie.
2014-03-03 23:29:02 -06:00
Joe Vennix
6c3b667152
Kill extra comma.
2014-03-03 16:48:02 -06:00
Joe Vennix
bfecf9525d
Add Rex::RandomIdentifierGenerator.
2014-03-03 16:43:49 -06:00
Meatballs
43715eeb7f
Blame @OJ
...
He changed the clipboard API underneat me.
2014-03-03 22:06:05 +00:00
Meatballs
32d83887d3
Merge remote-tracking branch 'upstream/master' into wmic_post
2014-03-03 21:56:31 +00:00
Joe Vennix
517a85d141
Remove unneeded quotes.
2014-03-03 15:42:46 -06:00
Joe Vennix
b3ab8f7ce1
Make random_var_name public, add specs for it.
2014-03-03 15:39:56 -06:00
Joe Vennix
ae9ce962c0
Add future reserved words.
...
Gotta stay ahead of the game.
2014-03-03 14:59:46 -06:00
Joe Vennix
dd86a9188c
Prevent jsobfu from generating duplicate/reserved tokens.
...
I got an error from a script that tried to 'set void = 1'.
2014-03-03 14:56:50 -06:00
sinn3r
ee1209b7fb
This should work
2014-03-03 11:53:51 -06:00
OJ
e0438f570b
Merge branch 'upstream/master' into ext_server_kiwi
2014-03-03 17:28:44 +10:00
Joe Vennix
894d16af80
Add specs for new/returning/previous visitors.
2014-03-02 20:50:10 -06:00
Joe Vennix
b458b8ad63
Add specs for new methods.
2014-03-02 20:23:20 -06:00
Joe Vennix
6825fd2486
Whitespace tweaks and cleanup.
2014-03-02 19:57:48 -06:00
Joe Vennix
46f27289ed
Reorganizes form_post into separate file.
2014-03-02 19:55:21 -06:00
Joe Vennix
785a35a81a
Needed to kill objToQuery.
2014-03-02 19:48:55 -06:00
Joe Vennix
e8226f9d40
Use a keyed cookie. Moves AJAX call to a form post.
2014-03-02 19:47:24 -06:00
Joe Vennix
26db845438
Try to pthread_create. Fails.
2014-03-02 18:02:23 -06:00
sinn3r
8cf5c3b97e
Add heaplib2
...
[SeeRM #8769 ] Add heapLib2 for browser exploitation
2014-03-02 11:47:18 -06:00
FireFart
8543da0fbd
Corrected uri_encode
2014-03-01 11:30:50 +01:00
David Maloney
1a0f77edb2
Land #2739 , DLL injection in msfvenom
...
lands Meatballs PR to fix dll injection
in Msfvenom. Test to ensure it still works
in the new MsfVenom
2014-02-28 14:22:17 -06:00
David Maloney
9e355e1265
Merge branch 'master' into dll_inject
2014-02-28 14:20:46 -06:00
sinn3r
ac446d3b3f
Land #3043 - randomization for Rex::Zip::Jar and java_signed_applet
2014-02-28 14:10:55 -06:00
David Maloney
566a791ef3
Land #2992 , Fix VNC Inject Defaults
2014-02-28 14:04:56 -06:00
William Vu
fd1586ee6a
Land #2515 , plaintext creds fix for John
...
[FixRM #8481 ]
2014-02-28 09:53:47 -06:00
David Maloney
f66709b5bb
make bypassuac module clean itself up
...
since the IO redirection hangs our original process
we have the moudle wait for the session then kills
the spawning process and delete the exe we dropped
2014-02-27 12:54:40 -06:00
jvazquez-r7
6c490af75e
Add randomization to Rex::Zip::Jar and java_signed_applet
2014-02-27 12:38:52 -06:00
David Maloney
d358fe5f94
Merge branch 'payload_defaults'
2014-02-26 10:28:46 -06:00
David Maloney
f51cbfffb8
minor fix to payload generator
...
was passing platform string instead of the
platform lsit when formatting the payload
2014-02-25 15:51:06 -06:00
sinn3r
d0780cd1a2
Land #3010 - EXITFUNC as OptEnum
2014-02-24 11:07:10 -06:00
Joe Vennix
c760d37703
use the actual shellcode length.
2014-02-24 09:55:44 -06:00
jvazquez-r7
9fd635d645
Favor \! vs == false
2014-02-24 08:47:25 -06:00
Michael Messner
dbbd080fc1
a first try of the cmd stager, wget in a seperated module included
2014-02-23 20:59:17 +01:00
Meatballs
2a6258be15
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
external/source/exploits/make.bat
2014-02-28 20:26:24 +00:00
Meatballs
5a7730b495
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
2014-02-25 23:15:47 +00:00
Meatballs
8bdb22aeb9
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
lib/msf/core/post/windows.rb
2014-02-25 22:15:05 +00:00
Meatballs
bbacaa477e
Add missing require
2014-02-25 22:08:27 +00:00
Meatballs
e31a144f4d
Use better system call
2014-02-22 20:34:56 +00:00
jvazquez-r7
8af992e083
Use same coding style
2014-02-21 16:02:27 -06:00
jvazquez-r7
0c44cc5ae4
Allow Exploits to provide Encoder Compat options
2014-02-21 15:49:39 -06:00
kn0
4ac8e23e48
Changed to clearner solution proposed by @limhoff-r7.
2014-02-21 15:31:12 -06:00
kn0
fcfb48fda1
Added support for Gemfile.local
2014-02-21 13:37:31 -06:00
James Lee
0179faa66f
Fix yardoc for Post::Windows::LDAP
...
Also fix some style issues and warnings.
2014-02-21 13:25:11 -06:00
jvazquez-r7
0b5e617236
Land #3016 lsanchez-r7's send_message mod to return info
2014-02-19 17:01:06 -06:00
jvazquez-r7
c0cdea37f7
Initialize send_status at the function's start
2014-02-19 16:54:29 -06:00
lsanchez-r7
f7a483523c
changing the initial state from false to nil
2014-02-19 16:45:00 -06:00
jvazquez-r7
7c5ba3e46c
Retab metasm
2014-02-19 14:01:20 -06:00
jvazquez-r7
bdb27b2cca
Manual loading shouldn't be needed
2014-02-19 13:13:41 -06:00
jvazquez-r7
a78ccc7862
Add up to date metasm
2014-02-19 13:13:08 -06:00
jvazquez-r7
f34078a7df
Delete old version of metasm
2014-02-19 13:09:53 -06:00
Joe Vennix
212ebb568c
EXITFUNC option should be an OptEnum.
2014-02-19 03:06:15 -06:00
Joe Vennix
50fb9b247e
Restructure some of the exploit methods.
2014-02-19 02:31:22 -06:00
jvazquez-r7
4ca4d82d89
Land #2939 , @Meatballs1 exploit for Wikimedia RCE and a lot more...
2014-02-18 17:48:02 -06:00
Meatballs
e4aedfad43
Fixup netapi call
2014-02-18 23:30:29 +00:00
lsanchez-r7
07fd3494e5
changing send_message to return more information
2014-02-18 16:48:52 -06:00
Meatballs
6f988209ab
Merge remote-tracking branch 'upstream/master' into enum_domain_users_update
2014-02-18 20:02:39 +00:00
jvazquez-r7
4f9ab0b99f
Land #2903 , @Meatballs1 SPN gather post module
2014-02-18 13:53:32 -06:00
Tod Beardsley
8e0a4aaa58
Land #2983 , webcam_chat for Meterpreter
2014-02-18 13:43:42 -06:00
Meatballs
5c8af63063
Fix regression
2014-02-18 17:41:35 +00:00
sinn3r
0519abb558
Fix the wrong conversion
2014-02-17 23:17:19 -06:00
jvazquez-r7
1bc94b8a9d
Merge for retab
2014-02-17 19:19:47 -06:00
jvazquez-r7
f07efc91a8
Land #2915 , @Meatballs1 improvements for LDAP post mixin
2014-02-17 19:14:59 -06:00
Joe Vennix
318ebdb4c8
Clean up // comments.
2014-02-17 15:34:42 -06:00
Joe Vennix
57449ac719
Adds working shellcode exec local exploit.
2014-02-17 15:31:45 -06:00
Spencer McIntyre
7f9b4a4bf4
Land #2655 , Re-do exe-small for scripting payloads.
2014-02-17 15:56:23 -05:00
scriptjunkie
022c52d087
Added bundling to handle many sessions at once.
2014-02-15 15:37:22 -06:00
scriptjunkie
b0d2949f9a
Ensure no race conditions on handlers
...
Configurable WfsDelay
2014-02-15 15:21:16 -06:00
scriptjunkie
a83ca2b8d6
Ghost sessions fix, fewer selfies, cleaner code
2014-02-15 15:21:16 -06:00
scriptjunkie
9c8c16d238
Allow multiple handlers to use same hop.
2014-02-15 15:21:16 -06:00
scriptjunkie
16e1280b8d
Style guide fixes.
2014-02-15 15:21:16 -06:00
scriptjunkie
a6a731c8ee
Keep stage until replaced, nil check, prettify.
2014-02-15 15:21:16 -06:00
scriptjunkie
85ae32775a
Fix to make migrate work; use the full URL.
2014-02-15 15:21:16 -06:00
scriptjunkie
5f7a0e162c
Add reverse_hop_http stager and handler
2014-02-15 15:21:16 -06:00
Meatballs
f58b66adf8
Docs and more robust code
2014-02-14 23:15:05 +00:00
Meatballs
f5c401bee7
Yarddocs
2014-02-14 22:59:36 +00:00
Spencer McIntyre
3299b68adf
Landing #2767 , @Meatballs1 Powershell Reflective Payload
2014-02-14 16:12:46 -05:00
Meatballs
f7858bf1a7
SnakeCase option looks better
2014-02-14 21:05:24 +00:00
Meatballs
983f5abc2f
Make vnc a bit safer to use
2014-02-14 20:59:44 +00:00
sinn3r
d606be5efb
That's funny I changed the wrong method
2014-02-13 16:41:18 -06:00
sinn3r
5d3eed8600
Add info about browser requirements in help
2014-02-13 16:37:05 -06:00
sinn3r
9c48335764
Change to google.com
2014-02-13 16:30:44 -06:00
sinn3r
a44f235a8d
Fix things based on Tod's feedback
2014-02-13 16:13:42 -06:00
sinn3r
4dd60631cb
Land #2950 - New Payload Generator for MsfVenom
2014-02-13 15:13:10 -06:00
jvazquez-r7
61563fb2af
Do minor cleanup
2014-02-13 09:10:04 -06:00
David Maloney
4565be18e3
require active_support numeric
...
ensure we have the activesupport numeric bytes extension
loaded for calling .gigabyte
2014-02-12 13:20:13 -06:00
jvazquez-r7
8b25b6e343
Land #2980 , @wvu-r7 fix to handle invalid session id on post module runs
2014-02-12 13:13:34 -06:00
jvazquez-r7
ff267a64b1
Have into account the Content-Transfer-Encoding header
2014-02-12 12:40:11 -06:00
William Vu
40db1c4d0d
s/auxiliarly/auxiliary/
2014-02-12 12:17:53 -06:00
sinn3r
45d4b1e1fd
Land #2958 - Add options: Applicaiton-Name, Permissions for jar.rb
2014-02-12 11:14:25 -06:00
sinn3r
750ce3c4db
Make server configurable
2014-02-11 23:07:43 -06:00
OJ
beca4b8bc3
Fix issue with getenv failing
...
The call to `getenv` failed when `%` or `$` were used because of the
differences between Meterpreter handling and MSF handling.
Meterpreter effectively ignores (ie. strips out) the platform-specific
characters which are used for environment variables. In the `getenv`
call, MSF was invoking `getenvs` and getting a full hash of values, then
attempting to index into the hash using a string which may be "polluted"
with those platform-specific characters. This meant that there was a
discrepency between what was returned and what was used to index and
as a result, the value would come out as `nil`.
For example, calling `getenv('%FOO%')` would result in a hash with
`{'FOO'=>'bar'}`, so looking for '%FOO%' in this result would yield
nothing.
This commit changes this so that the name is ignored and the first
value is returned.
2014-02-12 13:51:30 +10:00
William Vu
5a488b310d
Use a more correct error message
...
-1 is a valid session ID, even though it's a fake one.
2014-02-11 18:06:43 -06:00
William Vu
4a603b9a8d
Merge remote-tracking branch 'upstream/master' into beug/session
...
Conflicts:
lib/msf/base/simple/post.rb
2014-02-11 16:38:16 -06:00
William Vu
18816f3d5e
Land #2952 , -1 for last session ID
2014-02-11 16:22:36 -06:00
William Vu
2476d9be2d
Fix invalid session ID bug
...
This fix should work seamlessly with #2952 .
2014-02-11 15:43:35 -06:00
jvazquez-r7
1f0020a61c
Land #2946 , @jlee-r7's optimization of the x86 block_api code
2014-02-11 15:00:00 -06:00
jvazquez-r7
e3aa838e52
Fix on_session_module_run bug
2014-02-11 11:37:58 -06:00
jvazquez-r7
51df2d8b51
Use the fixed API on the mediawiki exploit
2014-02-11 08:28:58 -06:00
sinn3r
2bb15d3a87
answerer's interface gets a makeover
2014-02-11 02:15:22 -06:00
jvazquez-r7
79d559a0c9
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
Spencer McIntyre
a67a14ff60
Land #2975 @wchen-r7's extra vprint_debug statements for ms13-090
2014-02-10 20:57:55 -05:00
sinn3r
fdd696fc31
Drop Opera support
...
It's sad nobody is actually using it. See article: "Across desktop and
mobile, Chrome is used more than Firefox, IE, and Opera combined" -
thenextweb.com
2014-02-10 18:03:42 -06:00
sinn3r
1414f6794c
Change the name of the video chat command
2014-02-10 17:44:47 -06:00
Meatballs
d8ea11b851
Redirect HTTP too
2014-02-10 23:41:15 +00:00
sinn3r
442d212a94
Add vprint_debug to show what requirements are being compared
2014-02-10 17:33:36 -06:00
Meatballs
4a0f37dc21
Save lost changes
2014-02-10 23:24:26 +00:00
sinn3r
44282d8a83
Add an exception handling
2014-02-10 17:06:56 -06:00
sinn3r
1114913298
Automatically turn on webcam in Firefox
2014-02-10 17:05:08 -06:00
Meatballs
a87f604c98
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-10 21:43:56 +00:00
sinn3r
48fdb08164
Add flag --use-fake-ui-for-media-stream
...
Thanks Joev!!
2014-02-10 14:47:25 -06:00
Matteo Cantoni
427fece52c
Add random mail address function
2014-02-10 21:04:44 +01:00
James Lee
fab8e16a87
Unbreak server exploits
2014-02-10 10:54:14 -06:00
jvazquez-r7
57320a59f1
Do small clean up for mediawiki_thumb pr
2014-02-10 08:57:09 -06:00
Spencer McIntyre
4eb9a16b2c
Remove unnecessary return statement.
2014-02-09 13:06:21 -05:00
sinn3r
93ef3c784d
Update some JavaScript and other things
2014-02-08 22:23:19 -06:00
sinn3r
b279c45db5
Update open_webrtc_browser method
2014-02-08 20:47:02 -06:00
sinn3r
0d24f06109
Not adding remote support for Linux meterpreter, here's why
2014-02-08 20:30:53 -06:00
sinn3r
be8538f3bd
Tweak video attributes
2014-02-08 19:56:43 -06:00
sinn3r
8d55104712
Random channel
2014-02-08 19:36:33 -06:00
sinn3r
e25767ceab
More progress
2014-02-08 17:28:15 -06:00
sinn3r
2cfc662e43
Use en-us instead
2014-02-08 16:16:09 -06:00
sinn3r
3f9ad8a6d5
Fix bugs and stuff
2014-02-08 16:11:39 -06:00
sinn3r
22cc665115
More error handling
2014-02-08 16:06:51 -06:00
sinn3r
07ad99ba3a
Remove unnecessary methods
2014-02-08 15:51:33 -06:00
sinn3r
a70c77c9eb
Handle some more exceptions
2014-02-08 15:51:11 -06:00
sinn3r
325214e37f
Fix bugs and stuff
2014-02-08 15:41:44 -06:00
Meatballs
d1f3afeacc
Correct MSB refs
2014-02-08 13:32:56 +00:00
Meatballs
76f0783eef
Raise error if no domain found or specified
2014-02-08 12:16:48 +00:00
Meatballs
a5cb03e409
Copy Meterpreter return hash
...
Dont add a key if no value is found
2014-02-08 12:12:45 +00:00
Meatballs
6e197ce535
Post get_envs library methods
2014-02-08 11:37:25 +00:00
sinn3r
e8ec6d1062
Rename command name
2014-02-08 03:53:49 -06:00
sinn3r
ee1900c273
progress
2014-02-08 03:29:15 -06:00
sinn3r
b188943bd1
Progress
2014-02-08 02:57:49 -06:00
sinn3r
526bf9f6bc
This should work
2014-02-07 22:17:42 -06:00
sinn3r
bd23fcf4b7
Land #2936 - Windows Command Shell Upgrade (Powershell)
2014-02-07 17:39:06 -06:00
David Maloney
f189b753e5
use more clear syntax for space
...
use 1.gigabyte as kronicdeth suggested, for great awesomeness
2014-02-07 15:52:19 -06:00
Meatballs
56359aa99f
Merge changes from other dev machine
2014-02-07 21:22:44 +00:00
Meatballs
103780c3da
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-07 20:07:04 +00:00
James Lee
f0fd2f0598
Land #2944 , add platforms to encoders
...
This allows encoders to advertise compatibility with a particular
platform (or more accurately, non-compatibility with everything that
isn't that platform).
See also #2939
2014-02-07 13:38:05 -06:00
sinn3r
36f3a82b5c
A wise man once said do not abuse the power of expand_path
2014-02-07 12:10:58 -06:00
sinn3r
bab9a5522b
You will go deaf with the default volume value. No thanks.
2014-02-07 11:35:57 -06:00
sinn3r
3c3bd11aca
Oh look, more progress
2014-02-07 11:25:20 -06:00
David Maloney
aa3985c5e3
relign attribute tags
2014-02-07 11:04:17 -06:00
David Maloney
5d8dc76f48
put verbose messages to stderr
...
egypt pointed out we'll stomp on the payload output
otherwise. Good catch
2014-02-07 10:22:39 -06:00
grimmlin
2d93b38e2a
Fixed java_signed_applet for Java 7u51
2014-02-07 16:29:50 +01:00
sinn3r
43be99f31b
Save some progress
2014-02-07 03:06:52 -06:00
Spencer McIntyre
27d7df554c
Use a single return statement defaulting to nil.
2014-02-06 14:50:59 -05:00
Spencer McIntyre
b9fb8decad
Support a (latest) session id of -1.
2014-02-06 14:11:38 -05:00
sinn3r
3a95a169e1
Land #2930 - clipboard monitor for meterpreter
2014-02-06 11:29:22 -06:00
David Maloney
9d9305d2c0
more yardtag cleanup
2014-02-06 11:16:00 -06:00
sinn3r
f66fc15b9e
Add support for webrtc in meterpreter
2014-02-06 10:44:24 -06:00
David Maloney
34c4718e95
more style fixups
...
further kronicdeth appeasement
2014-02-05 18:12:44 -06:00
David Maloney
1bf11e5b92
some alpha-sorting
...
begining to appease KronicDeth
2014-02-05 17:47:32 -06:00
James Lee
b226ecf591
Add block_api changes to prepend_migrate
2014-02-05 15:32:59 -06:00
David Maloney
ca48fb6590
fix encoding cycle if all encoders fail
...
we need to raise an exception if all encoders fail
2014-02-05 15:25:14 -06:00
David Maloney
1227a47342
fix exe template
...
don't pass an emtpy string for templates
this causes read errors. pass no value instead
2014-02-05 12:10:14 -06:00
David Maloney
508f251db2
add cli compat
...
add cli capability to putut verbose info to the console
2014-02-05 11:00:57 -06:00
David Maloney
293c231dfe
alpha-sort methods for ease
...
lexically sorted methods to make it easier to
look through code
2014-02-04 18:05:03 -06:00
David Maloney
fc9105d862
final generation and specs
...
generation wrapped method complete with specs
2014-02-04 17:52:20 -06:00
David Maloney
4dcae920f8
add specs for generate_java_payload
...
pretty self-explanatory
2014-02-04 17:40:59 -06:00
David Maloney
70d8246791
finish wiring up the final generation
...
formating and main generate methods wired up
still need to add some final tests
2014-02-04 15:52:18 -06:00
sinn3r
bda93c2bbc
Land #2811 - Add generate_war to jsp_shell payloads
2014-02-04 15:06:45 -06:00
jvazquez-r7
80e7ae144b
Use the platform when selecting the payload
2014-02-04 14:34:11 -06:00
William Vu
a58698c177
Land #2922 , multithreaded check command
2014-02-04 11:21:05 -06:00
Meatballs
0a3cb3377f
AppendEncoder
2014-02-04 15:41:10 +00:00
Meatballs
26c506da42
Naming of follow method
2014-02-04 15:25:51 +00:00
David Maloney
c8b7dc30b4
added encoding routines
...
now has a method for encoding the shellcode
and tests to go with
2014-02-03 17:51:22 -06:00
Meatballs
76515092ce
Small mime changes
2014-02-03 23:28:26 +00:00
Meatballs
595e5fd8b1
Correct mime logic
2014-02-03 21:59:17 +00:00
Meatballs
a8ff6eb429
Refactor send_request_cgi_follow_redirect
2014-02-03 21:49:49 +00:00
Meatballs
83925da2f1
Refactor form_data code
2014-02-03 21:16:58 +00:00
Meatballs
08493f2670
Merge remote-tracking branch 'upstream/master' into upgrade_psh
...
Conflicts:
lib/msf/core/post/file.rb
2014-02-03 18:02:09 +00:00
sinn3r
2ee1764ceb
Add method rhost, rport, and peer for post modules
...
[SeeRM #8761 ]
2014-02-03 01:05:43 -06:00
David Maloney
3b648346da
starting in on encoders
...
added get_encoders method to find propper encoders
started on encode_payload, incomplete
added specs
2014-02-03 00:59:08 -06:00
sinn3r
0d02f6d589
Add support for win shells for file?
2014-02-02 23:37:26 -06:00
David Maloney
4a82bc74cf
added nop sled generator
...
added code to prepend a nop sled
with tests to match
2014-02-02 22:51:12 -06:00
James Lee
b9e234f62d
Log the size if it doesn't fit
2014-02-02 22:28:23 -06:00
David Maloney
bb5f5542f0
generating raw payload bits now
...
added raw payload generation, arch selection,
and specs for everything thus far
2014-02-02 21:09:17 -06:00
David Maloney
f9c31f988e
test platform selection
...
added tests around platform selection
2014-02-02 16:52:41 -06:00
David Maloney
f5d730e874
write specs around initialiser
...
added specs around object initialisation
2014-02-02 16:05:11 -06:00
David Maloney
e265d6f54c
begining of payload generator
...
started basics of generator
started adding specs
added option to simple framework to disable logging
2014-02-02 14:35:16 -06:00
Meatballs
95eb758642
Initial commit
2014-02-02 19:04:38 +00:00
Meatballs
9fa9402eb2
Better check and better follow redirect
2014-02-02 16:07:46 +00:00
Meatballs
0d3a40613e
Add auto 30x redirect to send_request_cgi
2014-02-02 15:03:44 +00:00
Meatballs
8b33ef1874
Not html its form-data...
2014-02-02 13:57:29 +00:00
Meatballs
9f35407a0c
Add MIME to_html method
2014-02-01 00:37:01 +00:00
sinn3r
4d008ca3f3
Fix ::Interrupt exception handling
2014-01-30 18:57:27 -06:00
sinn3r
9f669a8e39
Make check_multiple() thread-safe
2014-01-30 16:46:36 -06:00
OJ
b60398b020
Merge branch 'upstream/master' into clipboard_monitor
...
Conflicts:
lib/rex/post/meterpreter/extensions/extapi/tlv.rb
2014-01-29 23:07:05 +10:00
OJ
ad1dce38d2
Final fixes before the monitor PR
2014-01-29 23:04:43 +10:00
OJ
2ef0e7e2a5
Small tidy of code
2014-01-29 17:07:06 +10:00
OJ
e27707cac3
More tweaking of the clipboard monitor with dump/purge
2014-01-29 14:51:03 +10:00
OJ
10ac7a22af
Land #2897 Sane address resolution [FixRM #7259 ]
2014-01-28 23:09:44 +10:00
sinn3r
6435ddd162
loop do this too
2014-01-26 16:35:44 -06:00
sinn3r
0ffacc3420
{ } block this
2014-01-26 16:33:21 -06:00
sinn3r
45bb336c51
Loop do it
2014-01-26 16:27:36 -06:00
sinn3r
eec01e79ff
No explicit "return"
2014-01-26 16:25:30 -06:00
sinn3r
48836b45cf
Last commit before PR
...
Code changes address these feature requests:
[SeeRM #8737 ]
[SeeRM #8752 ]
[SeeRM #8755 ]
2014-01-26 12:15:47 -06:00
sinn3r
a14dddd1ef
Show warning
2014-01-26 12:08:20 -06:00
sinn3r
f0ebd13447
Make sure all threads are killed after interrupt
...
If threads aren't killed, then when the user triggers interrupt,
the console will keep the threads (vuln checks) running, which
looks weird.
2014-01-26 02:49:16 -06:00
sinn3r
6ffb750633
Change Unsupported message
...
Auxiliary modules can use check, too. Not just exploits.
2014-01-26 01:14:11 -06:00
sinn3r
60f1688bb8
Fix option validation
2014-01-26 00:57:02 -06:00
sinn3r
2d12c0a368
NoMethod check and stuff
2014-01-25 20:25:01 -06:00
sinn3r
3bb17dad72
Check argument
2014-01-25 20:10:22 -06:00
Meatballs
33da3a414b
Remove unnecessary options
2014-01-25 13:52:52 +00:00
Meatballs
27a434205c
More flexible domain and DN
2014-01-25 13:17:00 +00:00