Tim
d3ba84b378
Add TLV_TYPE_FILE_HASH
2015-05-10 14:18:16 +01:00
Meatballs
706e304849
Land 5299, implement shell_command for PS sessions
2015-05-09 11:23:43 +01:00
Meatballs
98d531e053
Check if session responds to response_timeout
2015-05-09 11:21:45 +01:00
Brent Cook
1a98c5ddc5
Land #5320 , fix SSL weak cipher results
...
This adds a fallback for deprecated ciphers that are no longer exported
current SSL libraries.
2015-05-08 18:19:25 -05:00
Brent Cook
d3730ae18c
include a list of deprecated ciphers in the sslscan result
...
Allow recording remote deprecated cipher support even if the local OpenSSL
library does not support negotiating that cipher.
2015-05-08 18:05:00 -05:00
jvazquez-r7
c103779eab
Land #5080 , @bcook-r7's 'ls' and 'download' meterpreter improvements
2015-05-08 18:02:16 -05:00
jvazquez-r7
422e261b36
Use parenthesis
2015-05-08 17:59:04 -05:00
Brent Cook
2f9205abc3
recover consistent parenthesis usage
2015-05-08 14:15:06 -05:00
Brent Cook
8d5ef42c2d
be sure to pass the pattern more than one level deep
2015-05-08 14:03:12 -05:00
OJ
79753f719f
Slight fix to the transport config
2015-05-08 18:36:30 +10:00
OJ
ba3266803a
Add transport configuration to reverse_http/s
2015-05-08 18:32:48 +10:00
OJ
5111abdd09
Add transport config entry to reverse_winhttp
2015-05-08 18:15:24 +10:00
William Vu
508574970c
Land #5307 , Brocade login scanner resurrection
2015-05-07 22:43:39 -05:00
William Vu
8d3737d13c
Fix some stylistic issues
2015-05-07 22:43:23 -05:00
William Vu
71518ef613
Land #5303 , metasploit-payloads Java binaries
2015-05-07 22:39:54 -05:00
William Vu
2f2169af90
Use single quotes consistently
2015-05-07 22:39:36 -05:00
benpturner
ef59d1f7c4
Markers
2015-05-07 22:50:09 +01:00
wchen-r7
7b5da6f266
Land #5241 , sqlmap parsing fixes
2015-05-07 14:21:20 -05:00
benpturner
24abe597e4
numeric
2015-05-07 19:23:25 +01:00
benpturner
01c2bc0287
Buff
2015-05-07 19:10:33 +01:00
benpturner
c234714013
Start and End Markers
2015-05-07 19:06:36 +01:00
OJ
fd827db6dd
Fix up bind stager payload sizes
2015-05-07 10:13:27 +10:00
Brent Cook
78c58088fe
Land #5314 , set snmp defaults for constrained values
2015-05-06 16:27:41 -05:00
OJ
9d7a7cb68d
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
lib/msf/core/payload/linux/bind_tcp.rb
2015-05-07 07:24:22 +10:00
OJ
60e25170fa
Land #5313 : fixup bind_tcp stager
2015-05-07 07:09:19 +10:00
William Vu
669df591f2
Pull default connection_timeout into constant
2015-05-06 13:18:00 -05:00
William Vu
d4aed08260
Fix typo
2015-05-06 13:17:58 -05:00
William Vu
0939bbc710
Set default retries/version for SNMP LoginScanner
...
Set in snmp_login but missed in the LoginScanner.
MSP-12668
2015-05-06 13:17:40 -05:00
Brent Cook
5a8b6e90f2
restore ecx after setting the socket options, set default size
2015-05-06 11:56:07 -05:00
wchen-r7
97807e09ca
Lad #5125 , Group Policy startup exploit
2015-05-06 11:17:01 -05:00
Brent Cook
93c785560b
remove brocade_telnet scanner, extend telnet
...
Rather than duplicate the entire telnet scanner, add a pre-login hook that a
module can use to extend the behavior on connect. This also adds a local
pass-through print_error method like http has.
2015-05-05 21:19:46 -05:00
root
6b5aaa5479
brocade enable command bruteforcer
2015-05-05 21:16:23 -05:00
OJ
95e9057854
Remove typo'd stuff that shouldn't have made it past merge
2015-05-06 08:07:07 +10:00
Brent Cook
710a2a007b
fix format error
2015-05-05 15:27:06 -05:00
Brent Cook
a0c806c213
Update java meterpreter and payload references to use metasploit-payloads
2015-05-05 15:01:00 -05:00
benpturner
982b2381ed
New shell_command markers
2015-05-05 19:20:03 +01:00
William Vu
013781fb9c
Land #5292 , WordPress custom file version check
2015-05-05 11:21:18 -05:00
William Vu
18791ce933
Clean up code
2015-05-05 11:19:40 -05:00
darkbushido
26e7fe15f9
Merge branch 'upstream' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
2015-05-05 11:00:38 -05:00
benpturner
22d2275ecb
|| session.type == 'powershell'
2015-05-05 09:31:43 +01:00
OJ
62fa14326d
Merge branch 'upstream/master' into multi-transport-support
...
Merged with HD's stuff as he fixed up a few things that I had done too.
Conflicts:
lib/msf/base/sessions/meterpreter_options.rb
lib/rex/post/meterpreter/client_core.rb
lib/rex/post/meterpreter/packet_dispatcher.rb
2015-05-05 17:18:01 +10:00
OJ
c540ba4b98
Land #5297 : Track machine_id and dead sessions
2015-05-05 17:08:39 +10:00
OJ
2949bf053a
Remove old comment from ASM
2015-05-05 13:09:13 +10:00
OJ
852961f059
Tweaking of transport behaviour, removal of patch
2015-05-05 11:45:22 +10:00
OJ
cf62d1fd7c
Remove patch and old stageless stuff
2015-05-05 09:27:01 +10:00
OJ
b42f4f5cd2
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
lib/msf/core/payload/windows/stageless_meterpreter.rb
lib/msf/core/payload/windows/x64/stageless_meterpreter.rb
lib/rex/post/meterpreter/client_core.rb
modules/payloads/stages/linux/x86/meterpreter.rb
modules/payloads/stages/windows/meterpreter.rb
modules/payloads/stages/windows/x64/meterpreter.rb
2015-05-05 07:53:54 +10:00
OJ
e45bf5cf51
Remove the URI patcher now that it's not used at all
2015-05-05 07:35:49 +10:00
Brent Cook
05e4af8162
Land #5214 , initial meterpreter session recovery support
2015-05-04 16:25:27 -05:00
benpturner
453b1fce50
Spaces
2015-05-04 22:17:08 +01:00
benpturner
658958d8e7
Allow sessions -c command on powershell
2015-05-04 22:07:22 +01:00
Brent Cook
d90c25ecea
Land #5287 , RPC API fixes
2015-05-04 15:44:15 -05:00
jvazquez-r7
0ca0d3d045
Improve nt_create_andx path parsing
2015-05-04 15:20:51 -05:00
Brent Cook
e6ea5511ca
update linux and windows meterpreters to use metasploit-payloads
2015-05-04 09:44:36 -05:00
OJ
c2dc4677fb
Prevent stagless from overwriting socket
...
Stageless payloads need to have the socket FD left along (ie. 0)
otherwise each of them will think that the socket is already open.
Instead we need to make sure it's left as 0 as per the configuration and
from there the stageless code will fire up a new socket based on the
transport in question.
2015-05-04 22:36:59 +10:00
OJ
e835f2b99c
Rejig transport config into module
...
Adjust a few other things along the way, including tidying of code,
removing of dead stuff.
2015-05-04 22:04:34 +10:00
OJ
93bf995b32
Reverse tcp support for POSIX
...
Ported the stager and wired in the new work to make the configuration
function.
2015-05-04 20:11:26 +10:00
Brent Cook
f42334414a
add recursion limit
2015-05-04 04:00:58 -05:00
OJ
9300158c9a
Initial rework of POSIX stuff to handle new configuration
2015-05-04 18:58:55 +10:00
Brent Cook
7ff3044552
style cleanups and guard search where not implemented
2015-05-04 03:56:17 -05:00
Brent Cook
8cab350275
use the search API when downloading recursive patterns
2015-05-04 03:56:17 -05:00
Brent Cook
eefc6f78c6
avoid redownloading files that have not changed
2015-05-04 03:56:16 -05:00
Brent Cook
9672a59b05
support download globbing
2015-05-04 03:56:16 -05:00
Brent Cook
43be856b95
keep the glob going into subdirectories
2015-05-04 03:56:16 -05:00
Brent Cook
8617115483
simplify arg parsing, compute initial stat path correctly
2015-05-04 03:56:15 -05:00
Brent Cook
d934027b3b
expand glob match
2015-05-04 03:56:15 -05:00
Brent Cook
866955b6fd
added -R recursive, glob filtering and a dummy '-l' option
2015-05-04 03:56:14 -05:00
HD Moore
a577bef9c3
Rework dirty cleanup to use skip_cleanup instead
2015-05-04 03:52:55 -05:00
HD Moore
e7ba6e8a9a
Speed up dead session cleanup by skipping shutdown/cleanup
2015-05-04 03:40:48 -05:00
HD Moore
3080feb188
Track the machine_id and drop non-responsive sessions automatically
2015-05-04 03:22:29 -05:00
HD Moore
d00f6a8fdf
Rework verbose sessions listing to work around table limits
2015-05-04 02:55:31 -05:00
root
b47305ba4a
Merge branch 'sqlmap_plugin_json_parse_issue' of https://github.com/void-in/metasploit-framework into sqlmap_plugin_json_parse_issue
2015-05-04 10:01:44 +05:00
root
02db66e2f6
Rescue connection refused backtrace
2015-05-04 09:57:53 +05:00
OJ
451484cb0d
Add support for transport listing
...
Includes a verbose flag for the extra HTTP/S properties
2015-05-04 11:19:53 +10:00
William Vu
c0adf7f113
Land #5291 , HTTPS reference links
2015-05-03 14:33:20 -05:00
HD Moore
8ca66e03aa
Track and display the last checkin time for Meterpreter sessions
2015-05-03 10:52:54 -05:00
Christian Mehlmauer
55967172be
allow custom regex
2015-05-02 21:06:15 +02:00
Christian Mehlmauer
9678479abb
check version from custom file
2015-05-02 18:34:10 +02:00
Tom Sellers
480a176415
Initial commit
2015-05-02 10:11:17 -05:00
void_in
e5847f0ddc
Return only json type from lib as per wchen-7 suggestion
2015-05-02 15:11:59 +05:00
OJ
2189c6d868
Pass timeouts to clients and correctly patch timeouts
...
Timeouts are correctly passed through to the client instances from the
handlers. The cilent also passes those values through to the RDI code so
that the binaries are correctly patched.
2015-05-02 10:01:32 +10:00
Tom Sellers
c441ff81a1
Update comment in wordpress/version.rb
...
The comment 'All versions are vulnerable' makes sense on line 163 where there is no introduced or fixed version. On line 175 though there is a fixed version, just no introduced version. Adjusting comment text.
2015-05-01 17:05:31 -05:00
Brent Cook
8bd2a69112
simplify and fix rpc_get_note
2015-05-01 16:01:07 -05:00
Brent Cook
52b9fc8fca
handle unknown host when generating a new note
2015-05-01 15:47:05 -05:00
Brent Cook
8d78135321
pass down the workspace for the other opt_to_* methods
2015-05-01 15:42:04 -05:00
Brent Cook
f2504b84be
use the same logic with 'get_note' and 'del_note' for selecting notes
...
factor out the selector from 'get_note' and use it in both places
2015-05-01 15:41:25 -05:00
Brent Cook
29b97f4695
remove superfluous parens on ifs
2015-05-01 15:40:45 -05:00
jvazquez-r7
c6806b4e5f
Land #5102 , @wchen-r7's ManageEngine Desktop Central Login Utility
2015-05-01 15:20:21 -05:00
jvazquez-r7
3e7c790db8
Use constants
2015-05-01 15:15:18 -05:00
Brent Cook
c3438955d4
Land #5169 , stop reading when the HTTP socket is closed
2015-05-01 11:40:49 -05:00
darkbushido
0b608e139a
Merge branch 'upstream' into staging/rails-4.0
2015-05-01 11:26:24 -05:00
wchen-r7
81744384c2
Actually fix del_note
2015-04-30 17:02:06 -05:00
wchen-r7
11f9c010ce
Change documentation
2015-04-30 16:46:01 -05:00
David Maloney
18874fe384
fixes Issue #5272 on report_vuln
...
use includes instead of joins so that refs on
the vuln are not marked as readonly
2015-04-30 15:21:56 -05:00
wchen-r7
e79780d885
Fix #5240
2015-04-30 15:20:29 -05:00
wchen-r7
3b42265c98
Fix #5239
2015-04-30 15:20:04 -05:00
wchen-r7
440005d302
Fix #5237
2015-04-30 15:10:13 -05:00
wchen-r7
f315eb4afd
Fix #5236
2015-04-30 15:07:11 -05:00
wchen-r7
70ab938951
Fix #5229
2015-04-30 14:56:30 -05:00
wchen-r7
f43e4f9447
Fix #5238
2015-04-30 13:49:13 -05:00
wchen-r7
89d026c900
Fix merge conflict
2015-04-30 12:33:45 -05:00
Matt Buck
912f41292a
Drop some unused code
2015-04-30 11:25:57 -05:00
William Vu
2d2c946044
Land #5279 , fix for msfconsole -o
2015-04-30 11:23:44 -05:00
Matt Buck
3f797e4393
Reinstate some to_s coercions that were mistakenly dropped
2015-04-30 11:13:48 -05:00
James Lee
3e40433f00
Add an alias for write
...
Fixes #4971
2015-04-30 08:56:16 -05:00
OJ
8ddd7a4891
Fix session removal code, prevent missing transport param fail
2015-04-30 22:39:48 +10:00
Brent Cook
4c9f44b00c
Revert "Land #4888 , @h00die's brocade credential bruteforcer"
...
There were some issues with this module that caused backtraces when run outside
of msfconsole. Reverting it for now so we can add some specs and ensure that it
works like the other login scanners.
2015-04-29 15:36:03 -05:00
William Vu
b41aa0e617
Fix NoMethodError for rhost
...
Can't rely on it to be defined (kinda like peer).
2015-04-29 15:14:41 -05:00
Brent Cook
9386d1ca6d
remove unused mod_ranked attribute
2015-04-28 22:27:09 -05:00
Brent Cook
7b7f40baa4
remove modules that cannot be instantiated
2015-04-28 22:21:31 -05:00
Brent Cook
0caeee32fe
replace sort with sort_by
2015-04-28 21:39:37 -05:00
Matt Buck
8163c3cdda
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
plugins/nessus.rb
2015-04-28 15:33:46 -05:00
OJ
919b96e4cf
Fix up UUID handling
2015-04-28 21:59:19 +10:00
OJ
4f9c8d04a2
Add support for moving transports and uuid fetching
...
The 'next' and 'prev' commands were added so that the session can jump
transports without having to add new ones at the same time.
There's also a command which gives the UUID now so that this can be
reused across sessions.
2015-04-28 20:24:44 +10:00
OJ
f711e5dee7
Update migration support
...
Migration now uses the new meterpreter loader. Migration configuration
is loaded and created by meterpreter on the fly, and supports the
multiple transport stuff that's just been wired in.
2015-04-28 17:41:43 +10:00
OJ
fca4d852a1
Remove the passing on off listen socket values
2015-04-28 13:51:48 +10:00
OJ
d82bfb0692
Reorder params, fix up the transport termination
2015-04-28 13:03:40 +10:00
OJ
c41f4bd59f
Fix up http/s a little
...
Correctly check the URL against the non-widechar version. Get the SSL
verification stuff working again.
2015-04-28 09:44:48 +10:00
OJ
1ca5188c5e
Change the payload to use IPv6 formats if required
2015-04-28 07:44:21 +10:00
OJ
f3e547ca92
Remvoe the exitfunk from the loader
...
Meterpreter handles the exitfunk internally as part of the config now
2015-04-28 07:43:26 +10:00
HD Moore
c3f18aa899
Complete the #4989 revert
2015-04-27 16:26:34 -05:00
HD Moore
36daee08c9
Reverts #4989 , support for file: is handled in the options again
2015-04-27 16:07:43 -05:00
Brent Cook
7443af64a6
Land #5247 , add RPC API call documentation
2015-04-27 11:13:02 -05:00
Brent Cook
a0eb7d0ad3
minor RPC documentation tweaks
2015-04-27 11:11:08 -05:00
Matt Buck
6a4d63ca4f
Drop explicit IPAddr to String coercion
...
MSP-12611
2015-04-27 10:48:13 -05:00
HD Moore
1fd601510c
Lands #5194 , merges in PowerShell session support & initial payloads
2015-04-26 16:01:51 -05:00
HD Moore
1cebc9f3cb
Fallback if the regex fails for some reason
2015-04-26 15:59:36 -05:00
Ben Turner
82fe480c2e
Update session to display username and hostname
2015-04-26 21:47:49 +01:00
Ben Turner
ea0204b7e5
updates to remove powershell from core
2015-04-26 21:25:30 +01:00
benpturner
76e68fcf4c
session info
2015-04-26 20:13:18 +01:00
benpturner
1cc167a7fb
Inserted ARCH_X86 payloads, removed interactive_powershell and updated base powershell session
2015-04-26 18:50:42 +01:00
OJ
0d2f97ed2d
Add support for config in the x64 bind stager
2015-04-26 14:19:36 +10:00
OJ
6da8a14f62
Initial work on x64 payloads for new config
2015-04-26 13:41:31 +10:00
OJ
6ac3ecfa7c
Refactor, add reverse_winhttps support
...
Getting closer to a normalised view of what this stuff will look like.
There URL patching is slowly being removed. Reverse HTTPS works fine,
and by default HTTP should too.
Next up, x64 for the same main ones.
2015-04-26 12:11:14 +10:00
HD Moore
d1a836e39c
Fix logins where SYSTEM doesnt have SYSDBA privileges
2015-04-25 19:05:11 -05:00
OJ
2455163d24
Refactor configuration for meterpreter payloads (x86)
...
RDI is now back to what it was before, as this leaves all the other RDI
style payloads alone. Instead we have a new Meterpreter loader which
does the stuff that is required to make meterpreter work well with the
new configuration options.
This is just the case for reverse_tcp and bind_tcp so far, need to do
the other payloads too, along with all the x64 versions.
2015-04-26 09:57:30 +10:00
OJ
3a24923361
Force bind to hand over the listen socket
2015-04-25 22:04:58 +10:00
OJ
4ec4868bcf
Make bind hand over the listen socket as well
2015-04-25 21:37:32 +10:00
OJ
bb77a3a0e6
First pass of refactoring to support new config block
...
This is pretty basic stuff, but at least it's reusable.
2015-04-25 21:36:28 +10:00
OJ
9f1e035c53
Changed required_space check in bind payloads
2015-04-25 21:30:54 +10:00
Brent Cook
ff96101dba
Land #5218 , fix #3816 , remove print_debug / DEBUG
2015-04-24 13:41:07 -05:00
Brent Cook
27f6adcd81
Land #5110 , teach Http::Response to extract hidden form inputs
2015-04-24 13:30:57 -05:00
wchen-r7
46361c1a19
Final round of documentation
2015-04-24 11:58:12 -05:00
root
4aed12f561
Include if condition in parse_response as per Meatballs1 suggestion
2015-04-24 15:40:35 +05:00
root
cf481e94d3
add res.body condition
2015-04-24 12:58:58 +05:00
root
68effe0bc6
Take out irrelevant files
2015-04-24 12:04:02 +05:00
root
028f5e119d
sqlmap plugin update to fix connection errors
2015-04-24 12:00:50 +05:00
wchen-r7
6ccc4af4d8
Round 9 of documentation
2015-04-24 01:08:33 -05:00
benpturner
3665c84cab
accomodate session type
2015-04-23 23:12:19 +01:00
benpturner
57914b6924
new session type
2015-04-23 23:12:02 +01:00
wchen-r7
d292cc999a
Round 8 of documentation
2015-04-23 16:15:11 -05:00