5bcb63476d
Add high integrity level check
2015-08-01 23:10:51 +01:00
fcb7981199
Add BIND TKEY DoS
2015-08-01 06:01:35 -05:00
629afd86fc
Land #5788 , local exploit suggestor
...
Good luck getting Mr. Robot, Elliot.
2015-07-31 11:43:53 -05:00
a112ccd023
Lnad #5660 , @wchen-r7's warbird check
...
* Fixes #4380
2015-07-31 10:25:43 -05:00
08338b73b2
Add get_target_arch and get_target_os
...
We cannot use session.platform to fingerprint the target's platform
and arch, because it's not really meant to be used that way.
2015-07-30 18:26:41 -05:00
61b2ca6675
Land #5781 , Msf::Format::Webarchive rename
2015-07-29 13:38:42 -05:00
5ff46a5dbd
Fix indentation
2015-07-29 11:45:49 -05:00
bf96b34108
Tweak module->class
2015-07-28 04:13:35 -07:00
7681d73e01
Relocate Webarchive into the Exploit namespace, fixes #5717
2015-07-28 04:11:17 -07:00
768de00214
Automatically pass arch & platform from cmdstager
...
This allows the cmdstager mixin to automatically pass the arch
and platform information without changing the modules. This should
address the following tickets:
Fix #5727
Fix #5718
Fix #5761
2015-07-27 14:17:21 -05:00
eb70ecb448
Land #5752 , synchronize calls to payload.stop_handler
2015-07-24 17:49:54 -05:00
347f48b0ec
Land #5762 , adjust PHP stager to work in and outside of eval()
2015-07-24 17:43:26 -05:00
c30127cfe8
Land #5729 , add user-agent list, MeterpreterUserAgent derives from this
...
Later PRs will convert modules to use this. A random user agent might be nice
for meterpreter actually.
2015-07-24 17:39:30 -05:00
18636e3b9b
Land #5739 , @wchen-r7 fixes #5738 updating L/URI HOST/PORT options
2015-07-24 15:45:31 -05:00
75d59be87d
Resolve #5753 , Support Origin for the creds command
...
Resolve #5753 . Add an Origin column and allow the user to search
by origin.
2015-07-24 14:04:23 -05:00
1f95491b45
Drop bang method and tweak formatting
2015-07-24 10:35:47 -05:00
6720a57659
Fix #5761 , pass the correct arch and platform for exe generation
...
Fix #5761
2015-07-23 01:34:44 -05:00
0929d7695a
Fix PHP stagers
2015-07-23 14:50:04 +10:00
fe67be0ece
Land #5734 , notes -o
2015-07-22 13:52:40 -05:00
121fe1adda
Land #5654 : Python Meterpreter Transport
2015-07-22 10:39:06 +10:00
a59fa059dc
Fix #5675 Synchronize access to stop_handler
2015-07-20 16:09:13 -05:00
035c0a8a38
Fix #5078 by improving actual_timeout calculation
2015-07-20 11:27:48 -05:00
1a9664fcba
Delete default option
2015-07-20 09:54:51 -05:00
da445a52aa
Update URIHOST and URIPORT
2015-07-16 14:27:46 -05:00
1fdbcc71c1
Support URIHOST and URIPORT for exploit URI generation
2015-07-16 14:10:49 -05:00
7f05403ae0
Added certutil cmdstager
2015-07-16 13:20:05 +07:00
73fd4bd853
Allow the notes command to save notes as a file
...
The -o option can save notes as a file.
2015-07-16 00:28:15 -05:00
18ca617c23
Land #5649 , Fix undefined sysinfo method error in meterpreter.rb
2015-07-15 23:27:02 -05:00
886ca47dfb
Land #5650 , @wchen-r7's browser autopwn 2
2015-07-15 10:21:44 -05:00
b6e25506d0
Add a common user agent list, use the shortest for Meterpreter
2015-07-15 13:03:47 +10:00
4f8f640189
Rename autopwnv2 to just autopwn2
2015-07-14 17:38:51 -05:00
709676e6cc
Make exploits quiet
2015-07-14 17:00:44 -05:00
219d0032fa
Do print_good to make this important stand up more
2015-07-14 15:36:35 -05:00
1992a5648d
Make up our damn mind
2015-07-14 15:09:23 -05:00
d64f4be691
Check if URIPORT is 0
2015-07-14 14:45:10 -05:00
5e63b5f93e
Can't use cli
2015-07-14 14:37:45 -05:00
cf714fe4aa
Change port logic too
2015-07-14 14:19:00 -05:00
61d49f29e8
Check nil for SRVHOST option
2015-07-14 14:16:49 -05:00
8efb4df8af
Change the HOST IP logic again
2015-07-14 14:15:32 -05:00
9980e8f285
Change SRVHOST vs URIHOST vs Rex again
2015-07-14 14:06:33 -05:00
f76fe07872
Fix SRVHOST
2015-07-14 13:49:28 -05:00
9be030bbff
Fix nil in executable generation
2015-07-14 18:47:33 +00:00
9dddb13d0b
Slow down on killing exploits
...
Jobs aren't thread safe, so we kind of have to take it easy.
2015-07-14 13:10:57 -05:00
2264efac15
Reduce output
2015-07-14 12:22:38 -05:00
100d3c8d46
A number of small fixes for BAPv2
...
* Use module.register_parent() to pass WORKSPACE and other fields
* Prevent partial resource matching in URIs
* Make disclosure_date sorting resilient
2015-07-14 11:40:28 -05:00
60444c208b
Land #5658 , MSF version includes git hash now
2015-07-14 09:21:25 -05:00
0582e7e3ca
Return nil instead of "null"
...
A scenario is when FF disables Flash, BES returns "null", and when
modules try to use Gem::Version, the "null" is considered a malformed
data and it won't be able to continue.
2015-07-14 01:25:41 -05:00
8384be6466
Fix rand_text_alpha and bump max exploit count to 21
2015-07-14 01:02:01 -05:00
d6565a9aee
Merge branch 'bes_flash' into bapv2_flash_test
2015-07-14 00:34:54 -05:00
8fb6bedd94
Delete as3 detecotr
2015-07-13 18:23:39 -05:00
8928c5529c
Fix Javascript code
2015-07-13 17:43:04 -05:00
244d9bae64
Add max timeout
2015-07-13 16:52:25 -05:00
9116460cb0
Add prototype with AS3
2015-07-13 16:33:55 -05:00
07d05828d0
Land #5688 , remove msfcli
2015-07-13 15:27:38 -05:00
93f154b395
Land #5695 , SMTPDeliver STARTTLS unspecific SSL
2015-07-13 18:54:41 +00:00
0a5119a4ac
Land #5702 , vprint_* optional parameter
2015-07-13 18:47:22 +00:00
884b779b36
Land #5593 , CVE-2015-1155 Safari file:// Redirection Sandbox Escape
2015-07-13 11:28:39 -05:00
e638d85f30
Merge branch 'upstream-master' into bapv2
2015-07-12 02:01:09 -05:00
8d40d30d47
Comemnt
2015-07-11 23:24:01 -05:00
88357857a0
These datastore options don't need to set anymore
2015-07-11 23:22:05 -05:00
a4dc409c12
Add empty default vprint value
2015-07-11 19:38:27 +01:00
8349a274ea
use and include git hash of Framework as part of the version
...
Because we do not always update the version number, multiple releases have
shown version string, which is not useful for helping debug issues, or for
knowing what features are enabled.
This adds the git hash or reads from a file a copy of the git hash (useful for
doing packaged builds without git) so that it is clear the origin of a
particular metasploit-framework version.
2015-07-10 18:03:37 -05:00
89aa00cfc4
Check job workspace
2015-07-10 13:09:42 -05:00
086de2c030
Pass more options
2015-07-10 12:39:43 -05:00
513dcf3574
We don't need these methods anymore
2015-07-10 12:12:53 -05:00
493971245a
switch nsock locally to TLS - don't assume self.sock is set
2015-07-10 12:10:53 -05:00
3495d317b5
Do not lock SMTP STARTTLS to only use SSLv3
...
SSLv3 has been deprecated for some time, and is being actively disabled more
and more (http://disablessl3.com , https://tools.ietf.org/html/rfc7568 ).
To maintain forward compatibility, do not specify a maximum version
and insteady use the default from the local OpenSSL library instead. Fallbacks
to older versions will happen on handshake as needed.
2015-07-10 11:17:31 -05:00
51f59b3c8c
Re-add URI generation to reverse_http
2015-07-10 16:21:55 +10:00
f59c99e2ff
Remove msfcli, please use msfconsole -x instead
...
msfcli is no longer supported, please use msfconsole.
Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
21e44f235e
Example of doing Flash detection with Flash
2015-07-08 13:18:57 -05:00
0b59e63084
keep advanced options on the fat side of the conditional
2015-07-07 22:44:34 -05:00
23abc288c8
Resolved conflicts with master
2015-07-07 22:34:30 -05:00
fdb715c9dd
Merge branch 'upstream-master' into bapv2
2015-07-07 13:45:39 -05:00
dc0ce88279
We're note actually using Mubex, it might be causing a crash too
...
A problem we are seeing is that sometimes when BAP terminates
(ie: jobs -K), we hit a deadlock while jobs are trying to cleanup,
and sometimes that might cause msfconsole to crash and terminate.
We suspect this Mubex is a contributing factor but it has been hard
to prove because it's very hard to reproduce the crash.
2015-07-07 00:32:20 -05:00
4a70e23f9a
Add ExploitReloadTimeout datastore option
...
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
0a4c6fb92f
Merge branch 'master' of github.com:rapid7/metasploit-framework
2015-07-06 14:24:52 -05:00
c68064ba36
Lands #5671 , re-integrates SMB fdleak/timeout settings
2015-07-06 14:23:59 -05:00
366d42a0d8
Land #5609 , Fuzzer.rb and file_info.rb YARD doc update
2015-07-06 14:12:55 -05:00
25bdf7a50a
Land #5427 , check payload compatability for set payload fix
2015-07-06 12:56:21 -05:00
3595a23673
Restore #3738
2015-07-06 11:22:22 -05:00
2a89e248d7
Pymet fix send uuid logic for Python 3.x
2015-07-06 11:20:34 -04:00
3150549634
Experimental output show/hide for BAPv2
2015-07-05 19:07:10 -05:00
d2063c92e1
Refactor datastore names to match standards
2015-07-05 18:21:45 -05:00
60a896f58b
Adjust extension timeout.
2015-07-05 16:48:25 -05:00
b577f79845
Fix some bugs in the safari file navigation module.
2015-07-05 16:46:18 -05:00
aaaf6807ed
Minor indentation/space fixes
2015-07-05 09:18:27 +10:00
3c7298ba80
Fix additional copy-pasta cases of #5662
2015-07-04 12:38:04 -05:00
fb2da00bfd
Fix #5662 by not generating a small uri by default
2015-07-04 09:27:18 -07:00
29d45e3b18
Pymet patch in timeout info on generate_stage
2015-07-03 14:12:29 -04:00
2b0f6e723d
Explain the byte sequence
2015-07-03 11:12:59 -05:00
5c582b76ca
Resolves #4380 , check for warbird template
...
Resolves #4380 . Adds a check for warbird (license verification)
windows template. For reference please see:
http://thisissecurity.net/2014/10/15/warbird-operation/
2015-07-03 02:38:52 -05:00
5be94c12b6
Land #5602 , adds irb -e to core
2015-07-02 16:21:20 -05:00
434cffa258
clean up so idiomatic ruby details
2015-07-02 16:16:57 -05:00
7858d63036
Typo
2015-07-02 15:34:44 -05:00
43d47ad83e
Port BAPv2 to Auxiliary
2015-07-02 15:29:24 -05:00
6e31b9ef53
Initialize and rename the BES mutex
2015-07-02 15:11:03 -05:00
c5c7de0091
Rework browser profiles, get back to functional mode
2015-07-02 14:58:43 -05:00
c0969d4497
Fix module.uuid references
2015-07-02 13:45:38 -05:00
0e7f610836
Finish browser profile rework in BES
2015-07-02 12:58:21 -05:00
b9a8308138
Replace BAP profiles with a framework-instance hash
2015-07-02 12:53:24 -05:00
87e6325737
Revert BAPv2 changes to framework/libraries/handlers
2015-07-02 12:10:21 -05:00
0af397217c
Merge pymet transport feature into fresh branch
2015-07-02 08:43:13 -04:00
c4875a8821
Change sysinfo to sys.config.sysinfo
2015-07-02 11:38:37 +05:00
8051a99f4a
Merge branch 'upstream-master' into bapv2
2015-07-01 18:45:42 -05:00
a5ad56754f
Use full namespace for PACKET_TYPE_RESPONSE
2015-07-02 08:03:39 +10:00
e7271e3c04
Call the Meterpreter methods directly vs pollute the namespace
2015-07-01 16:04:54 -05:00
399b3d2810
Land #5629 , moar cmd_exec refactoring
2015-07-01 00:36:19 -05:00
e99d63687f
Land #5608 , android and java meterpreter transport and sleep support
...
This also includes stageless Windows meterpreter fixes for process migration.
2015-07-01 00:23:36 -05:00
a2721323be
Handle failure better for first recv
2015-07-01 14:02:40 +10:00
9c2cd34e92
Fix payload required space, remove WOW64 code from x64
2015-07-01 13:39:05 +10:00
a44c31052b
reverse_tcp x64 stager reliability fixes
...
Also includes a slight tweak to x86
2015-07-01 12:43:41 +10:00
cf8bbbfa3d
reverse_tcp 32 bit stager resiliency
2015-07-01 11:03:08 +10:00
7aeb9e555b
Change ranking and support CAMPAIGN_ID
2015-06-29 12:13:46 -05:00
02cd2a9cd9
Fix #3951 Update Windows::Registry to use cmd_exec
2015-06-29 12:07:37 -05:00
1bfa84b37b
Land #5628 , sessions -d removal
2015-06-29 11:45:27 -05:00
834c0e594a
Update multi modules
2015-06-29 11:36:28 -05:00
dde853b0a0
Fixed "linee" to "line"
2015-06-29 11:27:50 -05:00
e5836fbdac
Removed session -d from core.rb
...
Ticket #4423
2015-06-29 10:57:50 -05:00
7742d85f2f
I guess that's fine
2015-06-27 20:58:19 -05:00
6136269ace
No can't do this
2015-06-27 13:53:29 -05:00
5c039ccfd7
Even faster
2015-06-27 13:51:21 -05:00
9bd920b169
Merge branch 'upstream-master' into bapv2
2015-06-27 12:19:55 -05:00
88e58cbdc5
Better performance
2015-06-27 12:19:07 -05:00
007da4af41
Force :init_connect for stageless
2015-06-27 18:21:15 +10:00
79185e91c6
Refactor the pymet to use transport objects
2015-06-26 14:56:31 -04:00
b46e1be22f
Land #5371 , Add file checking to the on_new_session cleanup
2015-06-26 13:33:57 -05:00
0c608e2a4c
Change doc for boolean args
2015-06-26 12:01:53 -05:00
1d9caeffc0
Update documentation for fuzzer.rb and file_info.rb
...
See #5599
2015-06-26 11:22:30 -05:00
f6ae1f4223
Merge branch 'upstream/master' into android-java-transport-refactor
2015-06-26 14:12:56 +10:00
a773979992
Java config wiring, tweak to include block counts
...
This commit adjusts the way that the config block is set for java and
android because behind the scenes the stageless connect-backs need to
know what to discard. as a result of connecting back to staged listeners
we need to be able to discard a number of bytes/blocks before we can
continue process (at least in the case of TCP).
2015-06-26 13:59:09 +10:00
15f9fc5d8f
Land #5599 , YARD for fuzzer.rb
2015-06-25 14:37:55 -05:00
31c35715fc
YARD Documentation for file_info.rb
2015-06-25 11:08:35 -05:00
98156ec944
Add user agent to the transport config
...
Why this was missing I will never know :)
2015-06-25 14:51:06 +10:00
f6f21724a3
Support expressions for the irb command
2015-06-24 20:52:17 -04:00
d9b6e46685
Merge branch 'upstream/master' into android-java-transport-refactor
2015-06-25 09:50:42 +10:00
2807fb4f93
Bump the default timeout to 30 seconds based on feedback
2015-06-24 16:15:01 -05:00
4d58e49cdc
Land #5600 , update session info after migrate
2015-06-24 15:16:58 -05:00
151fa2f676
Update user info on migrate
2015-06-24 20:50:29 +01:00
e0c52730a0
YARD Documentation for Fuzzer.rb
2015-06-24 13:38:11 -05:00
ea4d13586c
Merge pull request #5587 from trevrosen/bug/MSP-12834/crawler-choke-on-save
...
MSP-12834 #land
2015-06-24 09:43:51 -05:00
a8c20496be
Remove unused code from the java http stager
2015-06-24 22:37:40 +10:00
c305348a3b
Fix the mixin to work in the exploit again.
2015-06-24 02:19:09 -05:00
8b6fba4988
Tweak and fix some things in Safari file URL module.
2015-06-24 02:08:06 -05:00
e796e56c6c
Modify the staging process
2015-06-24 13:22:33 +10:00
18a9585f7a
Add safari module for CVE-2015-1155
2015-06-23 16:15:50 -05:00
dffc516d6d
Land #5583 , Android Meterpreter commands fix
2015-06-23 14:39:37 -05:00
4e3a2b2b35
Upstream merge
2015-06-23 14:11:28 -05:00
e75287875b
hack android-specific commands back to life
2015-06-22 20:41:58 -05:00
e696d2f3dc
Merge branch 'master' into land-5348-ntds
2015-06-22 17:18:13 -05:00
d53067b0b7
Fix ctype handling for body-less pages
...
#5515
2015-06-22 14:17:29 -05:00
64449d5035
Timestamp session output
2015-06-19 21:50:42 +01:00
252b573ea8
Land #5547 , configurable auto session timeout
2015-06-19 15:35:33 -05:00
a5469fd906
Remove redundant methods
2015-06-19 21:28:47 +01:00
ef57afbfcf
Explain about performance problems
2015-06-19 13:35:14 -05:00
9da99a8265
Merge branch 'upstream-master' into bapv2
2015-06-19 11:36:27 -05:00
ce9481d2b7
Inconstancy - If datastore['VERBOSE'] vs vprint
2015-06-18 09:27:01 +01:00
e549580ad2
Linux doesn't like the uppercase
2015-06-18 00:40:47 -05:00
5fa864b097
done with rspec
2015-06-17 16:23:39 -05:00
dc07938668
Land #5550 , custom exe_filename for to_exe_vba
2015-06-16 19:10:49 -05:00
37546c7e18
to_exe_vbs - Allow for exe_filename to be defined
2015-06-17 01:13:33 +01:00
b40e9f6d46
util/exe - replace tabs with spaces
...
...formatting should be okay still
2015-06-17 01:10:18 +01:00
3410782fe9
Capitalized 'Accepted'
2015-06-16 19:42:32 +01:00
9dbdaf13ea
Add AutoVerifySessionTimeout Meterpreter advanced option
2015-06-17 00:20:59 +10:00
8d640a0c8f
Land #5527 , multi/handler -> exploit/multi/handler
2015-06-15 10:23:26 -05:00
b3754d750f
Compression on a pre-script does not work in this context. Removed the elsif part of this code
2015-06-14 22:46:42 +01:00
d9c046449d
Fix comparison of string to Fixnum
2015-06-14 16:55:46 -04:00
6d5e0b93d3
Use random id generator appropriately
...
Powershell::Script includes a random generator (@rig) which can
produce non repeating randomized identifiers to be used as var
names within the PSH code.
Unwrap script handling in powershell env stager to instantate a
method-local Powershell::Script object and access its :rig to
generate identifiers.
2015-06-14 14:53:51 -04:00
ab6f3a7373
Fix #5531 , the ```stage_payload``` method does not take arguments.
2015-06-13 18:26:56 -05:00
6dcc9b7dab
More inconsistencies
2015-06-12 21:59:15 +01:00
6eb25743e3
Merge branch 'upstream-master' into bapv2
2015-06-09 10:10:00 -05:00
07d1282afb
Correct file naming for better Ruby coding style
2015-06-08 12:17:49 -05:00
2a474c8375
Merge branch 'master' into feature/MSP-12358/ntds-dump-module
2015-06-08 11:42:03 -05:00
5a6a16c4ec
Resolve #4326 , remove msfpayload & msfencode. Use msfvenom instead!
...
msfpayload and msfencode are no longer in metasploit. Please use
msfvenom instead.
Resolves #4326
2015-06-08 11:30:04 -05:00
1f11cd5470
Lands #5446 , support for 64-bit native powershell payloads
2015-06-07 14:16:19 -05:00
20b605e7cb
Remove duplicate exec
2015-06-07 18:11:11 +01:00
a46510465d
Fix older Windows payloads to not require UUID
...
Default Windows payload to not include_send_uuid for compatibility.
2015-06-07 02:58:31 -04:00
bd36908383
Fix #5500 by checking for session.respond_to?(:response_timeout)
2015-06-06 17:07:03 -05:00
d4ddc53856
Fix #5499 , small fix for line clearing
2015-06-06 15:58:45 -05:00
f761d411c4
Adjust line clearing to cover only the text
2015-06-06 15:58:23 -05:00
89e7dc6cf2
Land #5499 , polish dem spinners
2015-06-06 15:21:09 -05:00
2942cb165f
Land #5415 , changes spaces in PSH shell output
2015-06-06 14:55:33 -05:00
fe09d9888e
Small rework of the spinners, clear the line when done
2015-06-06 14:30:42 -05:00
4b6dcbb9d9
remove junk method
2015-06-05 22:03:56 -05:00
7ca15f1ae1
Update select_payload doc
2015-06-05 21:06:20 -05:00
4e058c942e
Fix typo
2015-06-05 21:04:22 -05:00
a7fa434e89
If exploit list is empty, have the option to return content
2015-06-05 21:03:24 -05:00
fb8abe54fc
This will continue loading the rest of the exploits
2015-06-05 17:52:40 -05:00
188b15b17f
Fix the symbol vs string prob
2015-06-05 16:18:56 -05:00
bb9439e463
land #5487 , refactor and fix save function for db_nmap
2015-06-05 12:31:23 -05:00
e1c30e973d
Fix SRVHOST
2015-06-05 12:14:43 -05:00
f8c5e5a70a
Don't show "Server stopped"
2015-06-05 11:16:43 -05:00
ecdeeea5c6
Make sure super is called
2015-06-05 11:11:40 -05:00
be60f964c6
Call super for cleanup
2015-06-05 10:50:52 -05:00
69968fc9f1
Merge branch 'upstream-master' into bapv2
2015-06-04 23:36:24 -05:00
910ae8a480
Fix #5461 , actually stop a job from the RPC service
...
Fix #5461 . The RPC service is incorrectly using the wrong method to
stop a job, this patch should fix that.
2015-06-04 23:09:55 -05:00
a53a68cfc2
Refactor db_nmap and fix the save option
2015-06-04 18:40:19 -05:00
7de78c1d69
Land #5447 , more info about using the deprecated report_auth_info
2015-06-04 12:37:22 -05:00
be709ba370
Merge branch 'upstream-master' into bapv2
2015-06-04 10:33:07 -05:00
d22dda2bab
Provide more context and references
2015-06-01 10:33:40 -05:00
9d1a7cead4
New modules to support 64bit process powershell.
2015-06-01 16:11:23 +01:00
64e86165ef
remove android meterpreter bins, update to payloads 1.0.2
...
This switches us to using the Android payload files from the
metasploit-payloads gem
2015-06-01 09:14:31 -05:00
70ef1b83f9
Merge branch 'master' into land-5366-android
2015-06-01 09:07:55 -05:00
5c890004b8
Do stop_service in cleanup
2015-05-29 18:32:57 -05:00
28d35a5bf4
Update doc
2015-05-29 18:03:56 -05:00
58c5767330
Don't need stderr.puts
2015-05-29 17:41:29 -05:00
0384b115e9
Fix reload bug
2015-05-29 17:41:02 -05:00
3dd3ef5edb
Merge branch 'upstrea/master' into winhttp-ie-proxy
2015-05-30 08:03:43 +10:00
af326a4f88
Use compatible_payloads instead of copy and paste
2015-05-29 16:55:19 -05:00
6d488c63d4
php UUIDOptions->UUID::Options
2015-05-29 16:33:03 -05:00
b8a8e65c2c
Merge branch 'master' into land-5394-uuid-tracker
2015-05-29 16:22:45 -05:00
7b0006a1b2
Merge branch 'master' into land-5394-uuid-tracker
2015-05-29 15:41:31 -05:00
defda01d87
Some doc
2015-05-29 15:09:29 -05:00
b33ace2f44
Put is_payload_compatible? in exploit.rb
2015-05-29 15:07:59 -05:00
13779adab4
Merge branch 'upstream-master' into bapv2
2015-05-29 14:59:04 -05:00
6be363d82a
Merge branch 'upstream-master' into bapv2
2015-05-29 14:58:38 -05:00
340792aae4
don't jump past the uuid sender on win32/tcp connect
2015-05-29 14:34:27 -05:00
dab9a66ea3
Use current ruby hash syntax
2015-05-29 13:43:20 -05:00
7d5af66fa0
Merge branch 'master' into land-5367-uuid-stagers
2015-05-29 13:00:35 -05:00
8f747d2541
Land #5382 , add meterpreter session reconnect RPC call
2015-05-29 12:53:15 -05:00
f575b31d58
Remove double assignment typo
2015-05-29 05:05:35 -04:00
1a08da09cb
Fix compression check logic
...
Initial check logic would compress any script, even those which
would not need it since an uncompressed script fitting the buffer
would likely fit compressed (unless its uncompressable and the
decoder stub overflows). Ensure that compression occurs only when
a compressed script would fit while the uncompressed one does not.
2015-05-29 04:15:57 -04:00
e9821f6a70
Update stage_psh_env method
...
Replace variable names with generated strings to increase entropy.
Add compression test for stager to determine if a compressed PSH
script will fit into the allowed space. If so, compress and exec
without staging.
Add variable name cleanup to stager mechanism - Remove-Variable
with -ErrorAction SilentlyContinue is called on each stager var
name after the stager executes.
TODO: Update method documentation
2015-05-29 04:04:51 -04:00
f575fb8df9
Merge branch 'feature-merge_psh_updates_201505'
...
Conflicts:
lib/msf/core/post/windows/powershell.rb
Rename upload_script_via_psh to stage_psh_env within post PSH lib.
Perform the same rename within load_script post module.
2015-05-29 03:42:25 -04:00
737559bcbb
Land #5180 , VBA Powershell for Office Macro
2015-05-28 19:55:27 -05:00
24b4dacec5
Land #5408 , @g0tmi1k fixes verbiage and whitespace
2015-05-27 21:02:02 -04:00
583fccdbc8
Resolve #5404 , Check payload compatibility when using set payload
...
Resolve #5404 . This patch will check payload compatibility when
you are using set payload in msfconsole.
2015-05-27 18:28:08 -05:00
5d0053e4ef
Move iframe instead of hiding, which seems to improve Flash reliability
2015-05-27 00:43:47 -05:00
60cdf71e6c
Merge branch 'upstream-master' into bapv2
2015-05-26 15:56:48 -05:00
d76a9c6565
Land #5409 , update cmd stager documentation.
...
Merge remote-tracking branch 'upstream/pr/5409' into upstream-master
2015-05-26 10:34:03 -05:00
abd4ab548d
Edit spaces within the powershell session command
2015-05-25 20:10:29 +01:00
3102741157
Don't need print_line
2015-05-25 11:54:58 -05:00
3d5248f023
This is better
2015-05-25 11:46:18 -05:00
e06f47b2bd
Updates load_script to have support for folders and to include the stager process in the mixin module for other post mods
2015-05-25 15:48:27 +01:00
307dcd09dd
Update payload cache sizes again
2015-05-25 20:12:20 +10:00
87bc198c82
x64 winhttp ie proxy support, autoconfig ignore
2015-05-25 20:01:37 +10:00
db09b9846c
I think I found the speed back
2015-05-25 02:44:57 -05:00
72112317cc
Update
2015-05-25 01:58:34 -05:00
3efe22d5e2
This seems better, slower though
2015-05-25 01:42:34 -05:00
78176c4335
First pass of IE proxy support for winhttp x86
2015-05-25 15:44:35 +10:00
43f7054a5c
Refactor base64 stub into base module
...
As per @zeroSteiner's suggestion.
2015-05-25 11:51:01 +10:00
9e50114082
Merge branch 'upstream/master' into uuid-stagers
2015-05-25 11:22:35 +10:00
9042f141ff
Implement the IPv6 UUID bind stagers
2015-05-25 11:21:28 +10:00
7089bd945a
This payload handling looks much better
2015-05-24 12:47:20 -05:00
6fb2da4f62
Fix #5391 , cmd stager documentation fixes
2015-05-23 13:56:49 -04:00
a376464710
It kind of blew up
2015-05-23 05:26:13 -05:00
f378b45408
bug fixes, sorta
2015-05-23 05:06:15 -05:00
7f4b51f0ff
Fix nil bug
2015-05-23 02:08:51 -05:00
60b0be8e3f
Fix a lot of bugs
2015-05-23 01:59:29 -05:00
916b7b83be
Change how we load payload handlers
2015-05-22 20:35:43 -05:00
d10b20b7a3
Land #5251 , @hmoore-r7's second opportunity to Oracle connect
...
SYSTEM shouldn't have SYSDBA privileges by default anymore
2015-05-22 17:47:41 -05:00
41a86b2e9b
add vprint_status
2015-05-22 17:46:56 -05:00
6de75ffd9f
Merge branch 'upstream-master' into bapv2
2015-05-22 17:11:03 -05:00
c201955fdf
Land #5387 , @wchen-r7's user-configurable HTTP timeout
...
Fixes #5219 , Add connection timeout and response timeout for HttpClient
2015-05-22 15:36:11 -05:00
e0d9ee062f
Use HttpClientTimeout
2015-05-22 13:35:37 -05:00
8fd468a89f
Get the dry-run feature right this time
2015-05-22 13:07:30 -05:00
905fe73d78
Track clicks
2015-05-22 12:57:06 -05:00
e8a32bdd10
Make MaxSessions/RealList/Custom404 work better
2015-05-22 12:40:56 -05:00
2bb6f390c0
Add session limiter and fix a race bug in notes removal
2015-05-22 12:22:41 -05:00
078438f66e
Update UUIDOptions -> UUID::Options
2015-05-22 00:30:05 -05:00
c17ee64d81
Merge branch 'master' into feature/uuid-registration
2015-05-22 00:29:16 -05:00
c07ff70f19
Add check for UUID payloads
...
Thankfully those payloads already had a flag that could be reused.
2015-05-22 15:11:12 +10:00
9ce669f878
Land #5328 : reworked x64 http/https stagers
2015-05-21 23:26:34 -05:00
10bd75348c
Merge branch 'upstream/master' into uuid-stagers
2015-05-22 13:07:25 +10:00
a6a274d3a3
Merge recent stager changes
2015-05-22 13:01:45 +10:00
9b17b63259
Switch to append mode for x86 service templates, fixes #5403
2015-05-21 20:42:20 -05:00
ea9059f930
Fix broken endian specification (<I vs I<)
2015-05-21 20:00:22 -05:00
c29bb35e28
Change datastore name
2015-05-21 10:15:03 -05:00
356f361b40
add sid to the the yard docs
...
you win this round OJ ;)
MSP-12722
2015-05-21 09:30:09 -05:00
ee1a366e2b
Use select with ActiveRecord::Associations::CollectionProxy for subset selection
2015-05-21 11:04:03 +05:00
3ee02d3626
Hmm bug
2015-05-21 00:36:40 -05:00
4622fa60eb
Register the init_* URLs and whitelist these
2015-05-21 00:22:41 -05:00
31c60b48c8
Don't forget to doc
2015-05-21 00:08:04 -05:00
6e8ee2f3ba
Add whitelist feature
2015-05-21 00:05:14 -05:00
27406204ed
Disable payload UUID registration by default
2015-05-20 23:56:15 -05:00
e07576ce20
Indicate whether a session has a registered UUID
2015-05-20 23:55:49 -05:00
bdf30dd383
Land #5374 , --smallest option in msfvenom
2015-05-20 21:06:10 -05:00
a8d111ce89
Merge branch 'master' into feature/uuid-registration
2015-05-20 19:48:39 -05:00
ac0004ea0a
Implement IgnoreUnknownPayloads
2015-05-20 19:47:17 -05:00
27e12754fe
Import Powershell libraries and sample post module
...
Sync critical functionality from Rex and Msf namespaces dealing
with encoding and processing of powershell script for exploit
or post namespaces.
Import Post module. Primarily adds a psh_exec method which will be
replaced in the next PR with @benpturner's work integrated into
the Post module namespace.
Provide a sample metasploit windows post module to show the
execution pipeline - entire subs process can be removed and the
module reduced to a psh_exec(datastore['SCRIPT']).
This commit is designed to provide sync between the SVIT fork and
upstream. Pending commits to be based on this work will provide
access to .NET compiler in the Post namespace to be used for
dynamic persistent payload creation on target and the import of
@benpturner's work.
2015-05-20 18:18:51 -04:00
93900087c7
Resolve #5219 , user-configurable HTTP timeout
...
Resolve #5219
2015-05-20 13:30:45 -05:00
44f8cf4124
Add more size to stagers, adjust psexec payloads
...
This psexec payload size should be evaluated to make sure I'm not doing
anything stupid. i can't see a reason why increasing these sizes would
be bad. They seem to work fine.
2015-05-20 17:07:56 +10:00
5963a5833a
Fix up php stageless payload includes
2015-05-20 16:50:00 +10:00
d0a5b803e8
Use generate_payload_uuid instead of manual obj creation
2015-05-20 16:25:52 +10:00
818d8b186c
Implement tracking
2015-05-20 01:10:19 -05:00
289873c25f
Merge all the stager changes
2015-05-20 16:02:37 +10:00
6859b24c1c
Fix missing label, update payload sizes
2015-05-20 15:42:31 +10:00
d43e11f5af
WinHTTP rework with proxy support, and SSL verification
...
This commit fixes up the winhttps stuff properly too. PHEW!
2015-05-20 15:32:34 +10:00
513a81e340
Add framework.uuid_db as a JSONHashFile
2015-05-20 00:28:32 -05:00
fd2534914d
Small tweaks to reverse_http
2015-05-20 12:15:38 +10:00
48c50a897c
add rpc call to change meterp transport
...
this rpc method allows the user to change transport
on an existing meterp session. if it's successful
it will close the old 'session' tied to the rpevious transport
MSP-12722
2015-05-19 14:43:25 -05:00
046003acb4
Increase REXML expansion text limit
...
MSP-9532
* Increase to reasonable size to handle larger xml file expansion on import
* Prevents the 'RuntimeError entity expansion has grown too large' error that prevents import
2015-05-19 12:47:19 -05:00
3b8effc589
fix ext_server_android.jar error
2015-05-19 17:26:50 +01:00
c1b8cee315
Land #5369 , @dmaloney-r7's snmp_login fixes
2015-05-19 10:39:03 -05:00
e7c8a3b56c
add support for SessionRetryTotal and SessionRetryWait on Android
2015-05-19 16:16:04 +01:00
9fddc21cf3
Shaved another sneaky byte off the payload
2015-05-19 21:21:07 +10:00
6e96e6d118
Shellcode golf to make the payload smaller
...
Tried to implement some more of the stuff that egypt suggested, managed
to get some in, but not others. Ultimately, its smaller than it was, and
I'm sure there are ways to make it better as well.
2015-05-19 21:17:42 +10:00
62720ab357
Fix the wininet stager for http/s
...
For some reason this was only working on Windows7/2008, yet when tired
on Windows 2012 it was resulting in crashes. It was also stopping
working in exploits such as psexec_psh.
Went back to the beginning and started again. With this in place, we can
now do a bit of shellcode golf to make it a bit smaller.
Adjusted payload sizes as well.
2015-05-19 20:03:22 +10:00
9d7e54f360
Add the UUID subdirectory, including initial DB class
2015-05-18 23:41:22 -05:00
c7932855f2
Move UUIDOptions to UUID::Options
2015-05-18 23:35:18 -05:00
46f389fecd
Documentation
2015-05-18 18:41:37 -05:00
Meatballs
William Vu
wchen-r7
jvazquez-r7
HD Moore
Brent Cook
OJ
xistence
Samuel Huckins
g0tmi1k
Mo Sadek
Spencer McIntyre
joev
Joshua Smith
root
Tod Beardsley
Trevor Rosen
benpturner
RageLtMan
David Maloney
Christian Catalan
Tim