Commit Graph

10608 Commits (d10b20b7a3effe16ad23cd3f5e735823902733c3)

Author SHA1 Message Date
Tim d3ba84b378
Add TLV_TYPE_FILE_HASH 2015-05-10 14:18:16 +01:00
Meatballs 706e304849
Land 5299, implement shell_command for PS sessions 2015-05-09 11:23:43 +01:00
Meatballs 98d531e053
Check if session responds to response_timeout 2015-05-09 11:21:45 +01:00
Brent Cook 1a98c5ddc5
Land #5320, fix SSL weak cipher results
This adds a fallback for deprecated ciphers that are no longer exported
current SSL libraries.
2015-05-08 18:19:25 -05:00
Brent Cook d3730ae18c include a list of deprecated ciphers in the sslscan result
Allow recording remote deprecated cipher support even if the local OpenSSL
library does not support negotiating that cipher.
2015-05-08 18:05:00 -05:00
jvazquez-r7 c103779eab
Land #5080, @bcook-r7's 'ls' and 'download' meterpreter improvements 2015-05-08 18:02:16 -05:00
jvazquez-r7 422e261b36
Use parenthesis 2015-05-08 17:59:04 -05:00
Brent Cook 2f9205abc3 recover consistent parenthesis usage 2015-05-08 14:15:06 -05:00
Brent Cook 8d5ef42c2d be sure to pass the pattern more than one level deep 2015-05-08 14:03:12 -05:00
OJ 79753f719f Slight fix to the transport config 2015-05-08 18:36:30 +10:00
OJ ba3266803a Add transport configuration to reverse_http/s 2015-05-08 18:32:48 +10:00
OJ 5111abdd09 Add transport config entry to reverse_winhttp 2015-05-08 18:15:24 +10:00
William Vu 508574970c
Land #5307, Brocade login scanner resurrection 2015-05-07 22:43:39 -05:00
William Vu 8d3737d13c Fix some stylistic issues 2015-05-07 22:43:23 -05:00
William Vu 71518ef613
Land #5303, metasploit-payloads Java binaries 2015-05-07 22:39:54 -05:00
William Vu 2f2169af90 Use single quotes consistently 2015-05-07 22:39:36 -05:00
benpturner ef59d1f7c4 Markers 2015-05-07 22:50:09 +01:00
wchen-r7 7b5da6f266
Land #5241, sqlmap parsing fixes 2015-05-07 14:21:20 -05:00
benpturner 24abe597e4 numeric 2015-05-07 19:23:25 +01:00
benpturner 01c2bc0287 Buff 2015-05-07 19:10:33 +01:00
benpturner c234714013 Start and End Markers 2015-05-07 19:06:36 +01:00
OJ fd827db6dd Fix up bind stager payload sizes 2015-05-07 10:13:27 +10:00
Brent Cook 78c58088fe
Land #5314, set snmp defaults for constrained values 2015-05-06 16:27:41 -05:00
OJ 9d7a7cb68d Merge branch 'upstream/master' into multi-transport-support
Conflicts:
	lib/msf/core/payload/linux/bind_tcp.rb
2015-05-07 07:24:22 +10:00
OJ 60e25170fa
Land #5313 : fixup bind_tcp stager 2015-05-07 07:09:19 +10:00
William Vu 669df591f2 Pull default connection_timeout into constant 2015-05-06 13:18:00 -05:00
William Vu d4aed08260 Fix typo 2015-05-06 13:17:58 -05:00
William Vu 0939bbc710 Set default retries/version for SNMP LoginScanner
Set in snmp_login but missed in the LoginScanner.

MSP-12668
2015-05-06 13:17:40 -05:00
Brent Cook 5a8b6e90f2 restore ecx after setting the socket options, set default size 2015-05-06 11:56:07 -05:00
wchen-r7 97807e09ca
Lad #5125, Group Policy startup exploit 2015-05-06 11:17:01 -05:00
Brent Cook 93c785560b remove brocade_telnet scanner, extend telnet
Rather than duplicate the entire telnet scanner, add a pre-login hook that a
module can use to extend the behavior on connect. This also adds a local
pass-through print_error method like http has.
2015-05-05 21:19:46 -05:00
root 6b5aaa5479 brocade enable command bruteforcer 2015-05-05 21:16:23 -05:00
OJ 95e9057854 Remove typo'd stuff that shouldn't have made it past merge 2015-05-06 08:07:07 +10:00
Brent Cook 710a2a007b fix format error 2015-05-05 15:27:06 -05:00
Brent Cook a0c806c213 Update java meterpreter and payload references to use metasploit-payloads 2015-05-05 15:01:00 -05:00
benpturner 982b2381ed New shell_command markers 2015-05-05 19:20:03 +01:00
William Vu 013781fb9c
Land #5292, WordPress custom file version check 2015-05-05 11:21:18 -05:00
William Vu 18791ce933 Clean up code 2015-05-05 11:19:40 -05:00
darkbushido 26e7fe15f9
Merge branch 'upstream' into staging/rails-4.0
Conflicts:
	Gemfile.lock
2015-05-05 11:00:38 -05:00
benpturner 22d2275ecb || session.type == 'powershell' 2015-05-05 09:31:43 +01:00
OJ 62fa14326d Merge branch 'upstream/master' into multi-transport-support
Merged with HD's stuff as he fixed up a few things that I had done too.

Conflicts:
	lib/msf/base/sessions/meterpreter_options.rb
	lib/rex/post/meterpreter/client_core.rb
	lib/rex/post/meterpreter/packet_dispatcher.rb
2015-05-05 17:18:01 +10:00
OJ c540ba4b98
Land #5297 : Track machine_id and dead sessions 2015-05-05 17:08:39 +10:00
OJ 2949bf053a Remove old comment from ASM 2015-05-05 13:09:13 +10:00
OJ 852961f059 Tweaking of transport behaviour, removal of patch 2015-05-05 11:45:22 +10:00
OJ cf62d1fd7c Remove patch and old stageless stuff 2015-05-05 09:27:01 +10:00
OJ b42f4f5cd2 Merge branch 'upstream/master' into multi-transport-support
Conflicts:
	lib/msf/core/payload/windows/stageless_meterpreter.rb
	lib/msf/core/payload/windows/x64/stageless_meterpreter.rb
	lib/rex/post/meterpreter/client_core.rb
	modules/payloads/stages/linux/x86/meterpreter.rb
	modules/payloads/stages/windows/meterpreter.rb
	modules/payloads/stages/windows/x64/meterpreter.rb
2015-05-05 07:53:54 +10:00
OJ e45bf5cf51 Remove the URI patcher now that it's not used at all 2015-05-05 07:35:49 +10:00
Brent Cook 05e4af8162
Land #5214, initial meterpreter session recovery support 2015-05-04 16:25:27 -05:00
benpturner 453b1fce50 Spaces 2015-05-04 22:17:08 +01:00
benpturner 658958d8e7 Allow sessions -c command on powershell 2015-05-04 22:07:22 +01:00
Brent Cook d90c25ecea
Land #5287, RPC API fixes 2015-05-04 15:44:15 -05:00
jvazquez-r7 0ca0d3d045
Improve nt_create_andx path parsing 2015-05-04 15:20:51 -05:00
Brent Cook e6ea5511ca update linux and windows meterpreters to use metasploit-payloads 2015-05-04 09:44:36 -05:00
OJ c2dc4677fb Prevent stagless from overwriting socket
Stageless payloads need to have the socket FD left along (ie. 0)
otherwise each of them will think that the socket is already open.
Instead we need to make sure it's left as 0 as per the configuration and
from there the stageless code will fire up a new socket based on the
transport in question.
2015-05-04 22:36:59 +10:00
OJ e835f2b99c Rejig transport config into module
Adjust a few other things along the way, including tidying of code,
removing of dead stuff.
2015-05-04 22:04:34 +10:00
OJ 93bf995b32 Reverse tcp support for POSIX
Ported the stager and wired in the new work to make the configuration
function.
2015-05-04 20:11:26 +10:00
Brent Cook f42334414a add recursion limit 2015-05-04 04:00:58 -05:00
OJ 9300158c9a Initial rework of POSIX stuff to handle new configuration 2015-05-04 18:58:55 +10:00
Brent Cook 7ff3044552 style cleanups and guard search where not implemented 2015-05-04 03:56:17 -05:00
Brent Cook 8cab350275 use the search API when downloading recursive patterns 2015-05-04 03:56:17 -05:00
Brent Cook eefc6f78c6 avoid redownloading files that have not changed 2015-05-04 03:56:16 -05:00
Brent Cook 9672a59b05 support download globbing 2015-05-04 03:56:16 -05:00
Brent Cook 43be856b95 keep the glob going into subdirectories 2015-05-04 03:56:16 -05:00
Brent Cook 8617115483 simplify arg parsing, compute initial stat path correctly 2015-05-04 03:56:15 -05:00
Brent Cook d934027b3b expand glob match 2015-05-04 03:56:15 -05:00
Brent Cook 866955b6fd added -R recursive, glob filtering and a dummy '-l' option 2015-05-04 03:56:14 -05:00
HD Moore a577bef9c3 Rework dirty cleanup to use skip_cleanup instead 2015-05-04 03:52:55 -05:00
HD Moore e7ba6e8a9a Speed up dead session cleanup by skipping shutdown/cleanup 2015-05-04 03:40:48 -05:00
HD Moore 3080feb188 Track the machine_id and drop non-responsive sessions automatically 2015-05-04 03:22:29 -05:00
HD Moore d00f6a8fdf Rework verbose sessions listing to work around table limits 2015-05-04 02:55:31 -05:00
root b47305ba4a Merge branch 'sqlmap_plugin_json_parse_issue' of https://github.com/void-in/metasploit-framework into sqlmap_plugin_json_parse_issue 2015-05-04 10:01:44 +05:00
root 02db66e2f6 Rescue connection refused backtrace 2015-05-04 09:57:53 +05:00
OJ 451484cb0d Add support for transport listing
Includes a verbose flag for the extra HTTP/S properties
2015-05-04 11:19:53 +10:00
William Vu c0adf7f113
Land #5291, HTTPS reference links 2015-05-03 14:33:20 -05:00
HD Moore 8ca66e03aa Track and display the last checkin time for Meterpreter sessions 2015-05-03 10:52:54 -05:00
Christian Mehlmauer 55967172be
allow custom regex 2015-05-02 21:06:15 +02:00
Christian Mehlmauer 9678479abb
check version from custom file 2015-05-02 18:34:10 +02:00
Tom Sellers 480a176415 Initial commit 2015-05-02 10:11:17 -05:00
void_in e5847f0ddc Return only json type from lib as per wchen-7 suggestion 2015-05-02 15:11:59 +05:00
OJ 2189c6d868 Pass timeouts to clients and correctly patch timeouts
Timeouts are correctly passed through to the client instances from the
handlers. The cilent also passes those values through to the RDI code so
that the binaries are correctly patched.
2015-05-02 10:01:32 +10:00
Tom Sellers c441ff81a1 Update comment in wordpress/version.rb
The comment 'All versions are vulnerable' makes sense on line 163 where there is no introduced or fixed version.  On line 175 though there is a fixed version, just no introduced version.  Adjusting comment text.
2015-05-01 17:05:31 -05:00
Brent Cook 8bd2a69112 simplify and fix rpc_get_note 2015-05-01 16:01:07 -05:00
Brent Cook 52b9fc8fca handle unknown host when generating a new note 2015-05-01 15:47:05 -05:00
Brent Cook 8d78135321 pass down the workspace for the other opt_to_* methods 2015-05-01 15:42:04 -05:00
Brent Cook f2504b84be use the same logic with 'get_note' and 'del_note' for selecting notes
factor out the selector from 'get_note' and use it in both places
2015-05-01 15:41:25 -05:00
Brent Cook 29b97f4695 remove superfluous parens on ifs 2015-05-01 15:40:45 -05:00
jvazquez-r7 c6806b4e5f
Land #5102, @wchen-r7's ManageEngine Desktop Central Login Utility 2015-05-01 15:20:21 -05:00
jvazquez-r7 3e7c790db8
Use constants 2015-05-01 15:15:18 -05:00
Brent Cook c3438955d4
Land #5169, stop reading when the HTTP socket is closed 2015-05-01 11:40:49 -05:00
darkbushido 0b608e139a
Merge branch 'upstream' into staging/rails-4.0 2015-05-01 11:26:24 -05:00
wchen-r7 81744384c2 Actually fix del_note 2015-04-30 17:02:06 -05:00
wchen-r7 11f9c010ce Change documentation 2015-04-30 16:46:01 -05:00
David Maloney 18874fe384
fixes Issue #5272 on report_vuln
use includes instead of joins so that refs on
the vuln are not marked as readonly
2015-04-30 15:21:56 -05:00
wchen-r7 e79780d885 Fix #5240 2015-04-30 15:20:29 -05:00
wchen-r7 3b42265c98 Fix #5239 2015-04-30 15:20:04 -05:00
wchen-r7 440005d302 Fix #5237 2015-04-30 15:10:13 -05:00
wchen-r7 f315eb4afd Fix #5236 2015-04-30 15:07:11 -05:00
wchen-r7 70ab938951 Fix #5229 2015-04-30 14:56:30 -05:00
wchen-r7 f43e4f9447 Fix #5238 2015-04-30 13:49:13 -05:00
wchen-r7 89d026c900 Fix merge conflict 2015-04-30 12:33:45 -05:00
Matt Buck 912f41292a
Drop some unused code 2015-04-30 11:25:57 -05:00
William Vu 2d2c946044
Land #5279, fix for msfconsole -o 2015-04-30 11:23:44 -05:00
Matt Buck 3f797e4393 Reinstate some to_s coercions that were mistakenly dropped 2015-04-30 11:13:48 -05:00
James Lee 3e40433f00
Add an alias for write
Fixes #4971
2015-04-30 08:56:16 -05:00
OJ 8ddd7a4891 Fix session removal code, prevent missing transport param fail 2015-04-30 22:39:48 +10:00
Brent Cook 4c9f44b00c
Revert "Land #4888, @h00die's brocade credential bruteforcer"
There were some issues with this module that caused backtraces when run outside
of msfconsole. Reverting it for now so we can add some specs and ensure that it
works like the other login scanners.
2015-04-29 15:36:03 -05:00
William Vu b41aa0e617 Fix NoMethodError for rhost
Can't rely on it to be defined (kinda like peer).
2015-04-29 15:14:41 -05:00
Brent Cook 9386d1ca6d remove unused mod_ranked attribute 2015-04-28 22:27:09 -05:00
Brent Cook 7b7f40baa4 remove modules that cannot be instantiated 2015-04-28 22:21:31 -05:00
Brent Cook 0caeee32fe replace sort with sort_by 2015-04-28 21:39:37 -05:00
Matt Buck 8163c3cdda Merge branch 'master' into staging/rails-4.0
Conflicts:
	Gemfile.lock
	plugins/nessus.rb
2015-04-28 15:33:46 -05:00
OJ 919b96e4cf Fix up UUID handling 2015-04-28 21:59:19 +10:00
OJ 4f9c8d04a2 Add support for moving transports and uuid fetching
The 'next' and 'prev' commands were added so that the session can jump
transports without having to add new ones at the same time.

There's also a command which gives the UUID now so that this can be
reused across sessions.
2015-04-28 20:24:44 +10:00
OJ f711e5dee7 Update migration support
Migration now uses the new meterpreter loader. Migration configuration
is loaded and created by meterpreter on the fly, and supports the
multiple transport stuff that's just been wired in.
2015-04-28 17:41:43 +10:00
OJ fca4d852a1 Remove the passing on off listen socket values 2015-04-28 13:51:48 +10:00
OJ d82bfb0692 Reorder params, fix up the transport termination 2015-04-28 13:03:40 +10:00
OJ c41f4bd59f Fix up http/s a little
Correctly check the URL against the non-widechar version. Get the SSL
verification stuff working again.
2015-04-28 09:44:48 +10:00
OJ 1ca5188c5e Change the payload to use IPv6 formats if required 2015-04-28 07:44:21 +10:00
OJ f3e547ca92 Remvoe the exitfunk from the loader
Meterpreter handles the exitfunk internally as part of the config now
2015-04-28 07:43:26 +10:00
HD Moore c3f18aa899 Complete the #4989 revert 2015-04-27 16:26:34 -05:00
HD Moore 36daee08c9 Reverts #4989, support for file: is handled in the options again 2015-04-27 16:07:43 -05:00
Brent Cook 7443af64a6
Land #5247, add RPC API call documentation 2015-04-27 11:13:02 -05:00
Brent Cook a0eb7d0ad3 minor RPC documentation tweaks 2015-04-27 11:11:08 -05:00
Matt Buck 6a4d63ca4f Drop explicit IPAddr to String coercion
MSP-12611
2015-04-27 10:48:13 -05:00
HD Moore 1fd601510c
Lands #5194, merges in PowerShell session support & initial payloads 2015-04-26 16:01:51 -05:00
HD Moore 1cebc9f3cb Fallback if the regex fails for some reason 2015-04-26 15:59:36 -05:00
Ben Turner 82fe480c2e Update session to display username and hostname 2015-04-26 21:47:49 +01:00
Ben Turner ea0204b7e5 updates to remove powershell from core 2015-04-26 21:25:30 +01:00
benpturner 76e68fcf4c session info 2015-04-26 20:13:18 +01:00
benpturner 1cc167a7fb Inserted ARCH_X86 payloads, removed interactive_powershell and updated base powershell session 2015-04-26 18:50:42 +01:00
OJ 0d2f97ed2d Add support for config in the x64 bind stager 2015-04-26 14:19:36 +10:00
OJ 6da8a14f62 Initial work on x64 payloads for new config 2015-04-26 13:41:31 +10:00
OJ 6ac3ecfa7c Refactor, add reverse_winhttps support
Getting closer to a normalised view of what this stuff will look like.
There URL patching is slowly being removed. Reverse HTTPS works fine,
and by default HTTP should too.

Next up, x64 for the same main ones.
2015-04-26 12:11:14 +10:00
HD Moore d1a836e39c Fix logins where SYSTEM doesnt have SYSDBA privileges 2015-04-25 19:05:11 -05:00
OJ 2455163d24 Refactor configuration for meterpreter payloads (x86)
RDI is now back to what it was before, as this leaves all the other RDI
style payloads alone. Instead we have a new Meterpreter loader which
does the stuff that is required to make meterpreter work well with the
new configuration options.

This is just the case for reverse_tcp and bind_tcp so far, need to do
the other payloads too, along with all the x64 versions.
2015-04-26 09:57:30 +10:00
OJ 3a24923361 Force bind to hand over the listen socket 2015-04-25 22:04:58 +10:00
OJ 4ec4868bcf Make bind hand over the listen socket as well 2015-04-25 21:37:32 +10:00
OJ bb77a3a0e6 First pass of refactoring to support new config block
This is pretty basic stuff, but at least it's reusable.
2015-04-25 21:36:28 +10:00
OJ 9f1e035c53 Changed required_space check in bind payloads 2015-04-25 21:30:54 +10:00
Brent Cook ff96101dba
Land #5218, fix #3816, remove print_debug / DEBUG 2015-04-24 13:41:07 -05:00
Brent Cook 27f6adcd81
Land #5110, teach Http::Response to extract hidden form inputs 2015-04-24 13:30:57 -05:00
wchen-r7 46361c1a19 Final round of documentation 2015-04-24 11:58:12 -05:00
root 4aed12f561 Include if condition in parse_response as per Meatballs1 suggestion 2015-04-24 15:40:35 +05:00
root cf481e94d3 add res.body condition 2015-04-24 12:58:58 +05:00
root 68effe0bc6 Take out irrelevant files 2015-04-24 12:04:02 +05:00
root 028f5e119d sqlmap plugin update to fix connection errors 2015-04-24 12:00:50 +05:00
wchen-r7 6ccc4af4d8 Round 9 of documentation 2015-04-24 01:08:33 -05:00
benpturner 3665c84cab accomodate session type 2015-04-23 23:12:19 +01:00
benpturner 57914b6924 new session type 2015-04-23 23:12:02 +01:00
wchen-r7 d292cc999a Round 8 of documentation 2015-04-23 16:15:11 -05:00