Commit Graph

10608 Commits (d10b20b7a3effe16ad23cd3f5e735823902733c3)

Author SHA1 Message Date
OJ e0cd4a4d44
Merge branch 'upstream/master' into multi-session-stageless 2015-04-17 12:46:20 +10:00
wchen-r7 f280e5191b I forgot to move this require statement 2015-04-16 21:11:09 -05:00
wchen-r7 3493d25ff9 Move all this to Rex 2015-04-16 21:07:23 -05:00
William Vu 7a4494a81f
Land #5173, moar fail_with fixes 2015-04-16 17:27:02 -05:00
Christian Mehlmauer 153344a1dd
fix Unkown typo 2015-04-16 23:59:28 +02:00
Brent Cook 9bf897a829
Land #4744, refactor powershell for msfvenom psh-cmd 2015-04-16 15:44:57 -05:00
rwhitcroft 602e9c8df1 Update client.rb 2015-04-16 16:06:16 -04:00
Christian Mehlmauer 69d3c26746
fix documentation 2015-04-16 21:28:16 +02:00
rwhitcroft 6ef86b69a7 Fix loop spinning in HttpClient 2015-04-16 10:49:47 -04:00
Christian Mehlmauer dc8f266345
fix readme detection bug 2015-04-16 14:57:29 +02:00
Christian Mehlmauer 9df09a1d60 readme detection 2015-04-16 14:41:30 +02:00
William Vu 2bdcc178ef Remove extraneous addition 2015-04-16 02:30:09 -05:00
William Vu 42ff0decc7
Land #4722, timing options for snmp_login 2015-04-16 02:25:29 -05:00
William Vu 88062a578d Clean up PR 2015-04-16 02:25:06 -05:00
William Vu 01625e3bba
Land #5148, DRY BSD/OS X shellcode
Also fix a semi-regression in the Rootpipe exploit.
2015-04-16 02:08:18 -05:00
Luke Imhoff 9aa0159342
Green rank_modules ranks unloadable as Manual
MSP-12557

Was calling `.class` blindly on the output of `create`, but `nil` has a
class, `NilClass`, so it didn't call `module_rank` as expected and
assigned NormaLRanking to `nil` instead of ManualRanking.
2015-04-15 16:10:51 -05:00
Matt Buck e82fb5f836
Merge branch 'master' into staging/rails-4.0
Conflicts:
	Gemfile.lock
	lib/msf/ui/console/command_dispatcher/db.rb
	metasploit-framework-db.gemspec
	metasploit-framework.gemspec
2015-04-15 14:04:35 -05:00
Luke Imhoff 4de35e8832
Green Msf::ModuleSet#rank_modules with create -> nil
MSP-12557

Extract Msf::ModuleSet#module_rank to handle getting the module rank if
the Metasploit Module is already loaded, needs to be loaded, or can't be
loaded.  If a Metasploit Module can't be loaded it is ranked as
Msf::ManualRanking.  If is loaded or can be loaded and it doesn't define
Rank, it gets the Msf::NormalRanking as before.  Finally, if it is
loaded or can be loaded and defines Rank, that is used as before.
2015-04-15 12:35:01 -05:00
Meatballs 926db59a8c
credential doesn't exist in this context 2015-04-15 15:48:21 +01:00
joev 5f4ab3d2ab The setres* stubs are not implemented in OSX. 2015-04-14 23:33:16 -05:00
joev 0d19b5d4c3 Fix require order issue. 2015-04-14 23:23:02 -05:00
joev e56590e1e3 DRY up common code between BSD / OSX. 2015-04-14 23:08:57 -05:00
Luke Imhoff c971bc930c
Mark app/concerns as autoload
To work with metasploit-concern 0.4.0 prerelease not deriving
app/concerns from root and to ensure it is does not inherit eager_load
from app.
2015-04-14 15:06:59 -05:00
Luke Imhoff 4c407ce962
Merge branch 'bug/MSP-12529/missing-require-metasploit-credential' into bug/MSP-12550/app-concerns-eager-load
MSP-12550
2015-04-14 14:42:54 -05:00
Brent Cook 75b559eea3
Land #5081, meterpreter certificate hash check controls 2015-04-14 10:46:13 -05:00
Brent Cook 7f56c07b64 add missing sslhash attribute 2015-04-14 10:45:44 -05:00
Tod Beardsley 97e715b1ce
Land #5139, metasm/ruby signedness fix 2015-04-14 10:26:23 -05:00
OJ 4e49964c15 Add support for init_connect for stageless payloads
This new mode for HTTP/S stageless allows the stageless payload to be
reused without MSF believing that the session has already been
initialised.
2015-04-14 16:43:07 +10:00
sinn3r 61b709b8c5 Extra space in message "Local IP:" 2015-04-14 01:34:07 -05:00
William Vu e114c85044
Land #5127, x64 OS X prepend stubs 'n' stuff 2015-04-14 01:25:39 -05:00
William Vu 8d1126eaa5
Land #5129, x64 BSD prepend stubs 'n' stuff 2015-04-14 01:24:50 -05:00
Brent Cook 3860bbabbb Avoid generating labels with '..' in them with metasm
So, metasm generates labels for the assembler using "%x" % string.object_id. If
the pointer for string.object_id begins with the most significant digit set, it
looks like a sign-extended 2's complement number (negative), and gets formatted
by ruby as '..f1412300' or similar. On 32-bit platforms, there is rather high
chance of randomly ending up with a label like 'goto_test_uuid..f1234560:',
which is a parse error.

This patch simply takes the absolute value of the object_id to avoid negative
interpretations.  This fixes hiesenbugs using metasm's C compiler on 32-bit
platforms.
2015-04-13 22:43:18 -05:00
root 51dd88114b Fix grammer in comments 2015-04-13 13:21:41 +05:00
OJ 1c5de59d99 Add support for the set of timeout values
This removes the need for a separate get call behind the scenes as
meterpreter does get and set in a single call.
2015-04-13 10:42:05 +10:00
OJ ec7fab7ef6 Add support for getting transport timeouts 2015-04-13 10:07:50 +10:00
joev 2d3614f647 Implement x64 BSD exec and exe template.
- Fixes bug in CachedSize due to all options being set
- Adds new payload to payload_spec.
2015-04-12 12:17:25 -05:00
joev 92c12de6db Fix invalid datastore options. 2015-04-12 00:54:10 -05:00
joev eaab665a6d Remove #generate patch, specs will fail again. 2015-04-12 00:07:39 -05:00
joev 60d98ba892 Implement the remaining syscalls. 2015-04-12 00:02:29 -05:00
joev 3fe6fb44b9 Prevent this from changing cache size. 2015-04-11 23:44:56 -05:00
joev c132a3fb0a Fix OSX prepends and implement x64 setreuid. 2015-04-11 20:04:21 -05:00
jvazquez-r7 656abac13c Use keyword arguments 2015-04-10 18:03:45 -05:00
jvazquez-r7 1720d4cd83
Introduce get_file_contents 2015-04-10 17:34:00 -05:00
William Vu d5903ca5b2
Land #5126, Meterpreter edit command fix 2015-04-10 17:19:33 -05:00
William Vu 9625504f5b
Land #5121, timestomp arg/opt order fix 2015-04-10 17:18:14 -05:00
William Vu 8acc768da7 Copy documentation 2015-04-10 17:17:54 -05:00
jvazquez-r7 ca6a5cad17
support changing files 2015-04-10 16:53:12 -05:00
Matt Buck 9f15824e2a
Merge branch 'master' into staging/rails-4.0
Conflicts:
	Gemfile.lock
2015-04-10 15:35:27 -05:00
rwhitcroft 64c2bf3227 don't raise exception if file download fails 2015-04-10 16:23:33 -04:00
sinn3r 284ef5bbbb
Land #5112, Nessus REST Login Module 2015-04-10 13:32:53 -05:00
root 19fe226b30 Correct a minor typo 2015-04-10 22:37:14 +05:00
sinn3r 90d525088c Green rspec 2015-04-10 11:36:23 -05:00
root 8c0d5d66d0 Add spec file 2015-04-10 15:32:03 +05:00
OJ 91202e2447 Port of reverse_tcp payload to metasm 2015-04-10 17:46:27 +10:00
William Vu 38037062b2
Land #5115, vulns -R support 2015-04-10 01:51:41 -05:00
OJ fadb13b8ef Porting block api, exitfunk, bind to metasm
Also add the flag which lets the bind stager leave the listen socket
open.
2015-04-10 16:23:03 +10:00
rwhitcroft b5f4b72b51 fix timestomp arg parsing 2015-04-10 00:28:35 -04:00
HD Moore 1d166c1ef6 Don't lookup nil platform, prevents a stack trace w/64-bit reverse_https 2015-04-09 17:18:42 -05:00
William Vu 6fbdb51246 Clean up vulns -R and a few others 2015-04-09 16:52:23 -05:00
sekritskwurl 0d6fb3dd6b vulns command with -R --rhosts 2015-04-09 17:01:18 -04:00
sinn3r 56793d11c8 Fix #4866, msfvenom not properly handling platform & arch
This fixes #4866, an issue with msfvenom not properly handling special
cases with generic payloads. So the story behind this fix is that
we have these two problems:

Problem 1: The current payload selection design relies on the payload
module in order to set the platform and arch. Almost all MSF payloads
contain a default platform and arch, however, the bind and reverse
generic payloads don't.

Problem 2: By default, Msf::Payload::Generic also explicitly sets the
PLATFORM and ARCH datastore options to nil. So there is no way the
payload generator can figure out what platform and arch to use.

As a result of these problems, msfvenom will actually end up getting
a Msf::Module::Platform as the default platform, which doesn't
actually represent any valid platform we can use (such as
Msf::Module::Platform::Windows). And the first item of ARCH_ALL for
the arch.

In addition, msfvenom has these two arguments that the user can use:
--platform and --arch. In most cases, these arguments are used more
like checks than actually setting anything. Because remember:
Framework's payload selector retreives the platform & arch from the
module (trusted), not the user input (untrusted). But from the user's
perspective it's impossible to know this.

After experimenting different ways to fix this, I came up with this
patch. It feels sort of more like a hack than a real fix, but as
far as I can tell, this is the best you can get unless you want to
redesign generic payload selection.
2015-04-09 16:01:11 -05:00
HD Moore ec28992ce2
Lands #5113, fixes IPv6 support for stageless 2015-04-09 09:29:40 -05:00
Luke Imhoff 8b56286e66
Try to require 'metasploit/credential' when including Metasploit::Credential::Creation
MSP-12529

By convention, the top-level require of any gem should always be
required before trying to use any inner require.
2015-04-09 09:05:38 -05:00
OJ c83a763150 Fix IPv6 issues in staged and stageless
* Stageless payloads weren't adding brackets around IPv6 hosts.
* Staged HTTP handler was using an undefined function to check for IPv6
addresses when host header overriding was disabled.
2015-04-09 23:33:10 +10:00
OJ 809409d8c4 Lots of changes to support moving timeouts to common spots
Session expiry, comms timeout, retry total/wait are all now part of all
of the meterpreter payloads as these are going to be used for
maintaining access with resiliency and will aim for consistency across
the payload types.
2015-04-09 17:57:43 +10:00
Anant Shrivastava 2b5ba7d12d fixed a typo
a typo fixed in help. 
command and not commannd
2015-04-09 12:11:46 +05:30
root b6e750d7eb Nessus auxiliary scanner for updated REST API 2015-04-09 11:36:17 +05:00
sinn3r 3fc25a00d8 Make sure we are only grabbing hidden inputs 2015-04-09 01:09:00 -05:00
sinn3r 59d89f4846 rm junk comments 2015-04-09 00:59:14 -05:00
sinn3r 717120b8c5 Add #get_hidden_inputs for Metasploit::Framework::LoginScanner::HTTP 2015-04-09 00:34:09 -05:00
Roberto Soares 1591c92547 Add the "all" option for the uictl 2015-04-09 01:04:50 -03:00
OJ bc5fd4b813 A few adjustments to make bind_tcp keep listen sockets open 2015-04-09 08:46:35 +10:00
Brent Cook e03f2df691
Land #5002, RMI/JMX improvements 2015-04-08 15:23:29 -05:00
sinn3r f51eaef765 Add rspec 2015-04-08 02:33:27 -05:00
sinn3r 5f389cf3c2 Add ManageEngine Desktop Central Login Utility 2015-04-08 02:05:56 -05:00
HD Moore e7a4ee637a Port windows reverse_tcp|bind_tcp to Metasm, add error handling
Conflicts:
	lib/msf/core/payload/windows/bind_tcp.rb
	modules/payloads/stagers/windows/bind_tcp.rb

Cherry-picked form @hmoore-r7's repo.
2015-04-08 16:21:10 +10:00
OJ 9ebcb27929 Merge branch 'upstream/master' into connection-recovery 2015-04-08 15:48:21 +10:00
OJ a9804dff62 Initial work to support fault-tolerant connectivity
This code adjusts the bind_tcp stager for x86 so that the listener
socket isn't close for meterpreter payloads. This means that meterpreter
can make an educated guess as to whether or not the payload was a bind
or tcp payload, and from there can attempt to establish communications
in the same way as before should something break along the way.

Some simple adjustments to the x64 meterpreter stage as well, but more
to come here.
2015-04-08 14:41:32 +10:00
Brent Cook b22ff676e2
Land #5090: remove unused partial openssh compat code 2015-04-07 23:14:07 -05:00
Brent Cook 27fa8791f9
Land #5095 - OJ adds stageless http transports 2015-04-07 22:58:36 -05:00
OJ 9fd40870d0 Update http(s) generator functions
Methods now require a hash. I went with the hash because 1) that's what
we seem to use everywhere else, and 2) I couldn't get the new keyword
arguments working nicely with the block syntax (I'm clearly stupid).
2015-04-08 07:56:54 +10:00
Brent Cook db9a3d167a fix deletekey API usage from the meterpreter CLI
There is an old-looking bug where the deletekey command opens the key it tries
to delete, then deletes the same key name again. Basically, it uses the wrong
level of indirection.
2015-04-07 15:34:23 -05:00
Brent Cook a54182a562
Land #5088: @rwhitcroft fix premature close on connect -i 2015-04-07 14:00:16 -05:00
Brent Cook 84411be606
Land #5097: resolve UUID namespace issues with pro 2015-04-07 13:16:28 -05:00
HD Moore 8cc48e05a8 Make Polyglot happy 2015-04-07 13:08:58 -05:00
HD Moore 9bce08b813 This change avoids namespace collisions around the Abbrev class 2015-04-07 13:06:26 -05:00
Samuel Huckins bac3c80d7e
Land 5093, workaround for when cache is being built 2015-04-07 12:02:30 -05:00
OJ 53d5b97634 Add support for UUID generation in transport switching
If the session doesn't have a payload UUID we now generate one as best
we can. This code will probably go away when TCP related transports have
had the UUID stuf baked in.
2015-04-07 17:25:55 +10:00
OJ 15313243cc Use UUID instead of old skool URIs
This uses HD's UUID stuff to generate a new URI for the transport.
Currently we don't have UUID support for TCP connections, but that's
coming.

Still do to: generation of a valid UUID for payloads that don't already
have one.
2015-04-07 16:00:30 +10:00
OJ 2977cbd42a Merge branch 'upstream/master' into dynamic-transport 2015-04-07 14:30:48 +10:00
OJ 84397f5db0 Remove unused commented-out code 2015-04-07 12:47:18 +10:00
OJ 8f58e08c13 Add support for stageless reverse_http payloads
This includes both x64 and x86.
2015-04-07 11:01:24 +10:00
OJ 38a77c930e
Land #5072 : Support and embed payload UUIDs 2015-04-07 10:10:36 +10:00
James Lee 83cf1ad8ce
Instantiate to get name if we don't have cache yet
Fixes #5086
2015-04-06 18:59:38 -05:00
Christian Catalan 75343ef30c
Remove unneccesary match_set in MatchResult.create
MSP-12516

* Fixes UknownAttribute error for match_set in Rails 4
2015-04-06 16:36:37 -05:00
William Vu 21d0d6ceb3 Remove dead code from Net::SSH
Triggers uninitialized constant COMPAT_OLD_DHGEX, which was removed in
1664a4b5e8. Somehow, this file was missed
when syncing with upstream.
2015-04-06 15:59:09 -05:00
rwhitcroft 8cbc98fc47 fix #5074 - missing thread join 2015-04-06 16:21:07 -04:00
William Vu 5f8d58f214 Use framework.db.active 2015-04-06 14:08:10 -05:00
Matt Buck 5e2d6c27c3
Merge branch 'master' into staging/rails-4.0
Conflicts:
	Gemfile.lock
	db/schema.rb
	lib/msf/core/db_manager/session.rb
	metasploit-framework-db.gemspec
2015-04-06 11:27:00 -05:00
HD Moore 6811aebb1c Merge pull request #11 from OJ/hd-payload-uuids
Add trailing slash to stageless URI
2015-04-06 10:57:41 -05:00
HD Moore 98c95104da Use ||= for consistency 2015-04-06 10:55:14 -05:00
James Lee 566c330b83
Add workspace to prompt format options 2015-04-06 09:19:49 -05:00
OJ 9b502b904f Add trailing slash to stageless URI
Without the trailing slash, stageless payloads take a nasty turn.
2015-04-06 19:53:02 +10:00
OJ 4635bb83c3 Implement ssl verification toggling
Add support to meterpreter that allows for the querying and toggling of
SSL certificate verification on the fly.

In order to verify that the socket was SSL-enabled, some rejigging had
to be done of the type? method in the ssl socket class.
2015-04-06 14:40:59 +10:00
HD Moore 3c59519811 Add PayloadUUIDRaw for manual PUID specification 2015-04-05 23:25:52 -05:00
HD Moore 96f8a45b0d Additional yardoc comments for the UUID class 2015-04-05 23:16:24 -05:00
HD Moore 8bcdddfd04 Fix yardoc comment, thanks @void-in! 2015-04-05 22:09:35 -05:00
jvazquez-r7 261ef51813
Add Rex::Java::Serialization exceptions 2015-04-05 18:43:03 -05:00
jvazquez-r7 2e52817b24
Add DecodeError 2015-04-05 18:16:19 -05:00
jvazquez-r7 85a70d401b
Introduce Rex::Proto::Rmi::DecodeError 2015-04-05 18:15:04 -05:00
jvazquez-r7 3570fc586f
Use constants for JMX serial version uids 2015-04-05 16:23:39 -05:00
jvazquez-r7 46a225cbec Don't store Exception in a variable 2015-04-05 15:59:52 -05:00
jvazquez-r7 72c36eb23e Use concatenation 2015-04-05 15:57:50 -05:00
Jon Cave b1a7e77fa9 Correct domain controller server type constants
The should be specified in hex as BAKCTRL is 16, not 10. CTRL should
be 8. See documentation for NetServerEnum.
2015-04-05 11:12:18 +01:00
Meatballs ebf77cd02d
Merge remote-tracking branch 'upstream/master' into msfvenom_psh_squash
Conflicts:
	lib/msf/util/exe.rb
2015-04-05 00:24:48 +01:00
HD Moore c9696d3f6c Merge in stageless/transport work, deconflict 2015-04-04 11:52:26 -07:00
Brent Cook 57395deb1d
Land #5056, @wchen-r7 explicit recog require 2015-04-03 17:06:47 -05:00
Brent Cook 5589717323
Land #5058, @wvu-r7's default workspace saving 2015-04-03 16:53:21 -05:00
William Vu 6c2585cd79 Don't recreate saved workspace 2015-04-03 16:44:36 -05:00
Tod Beardsley 72b9647b31
Land #5057, CVE fixups 2015-04-03 16:36:11 -05:00
Brent Cook e5443e74ed Merge branch 'upstream-master' into land-3950-chain-encoders 2015-04-03 15:18:06 -05:00
jvazquez-r7 e3bbb7c297 Solve conflicts 2015-04-03 14:57:49 -05:00
jvazquez-r7 75c6341dd8
Fix raise 2015-04-03 14:18:15 -05:00
jvazquez-r7 6c36a82f78
Land #5059, @void-in's documentation clean up 2015-04-03 14:16:34 -05:00
jvazquez-r7 fe5ddc01ad
Fix return documentation 2015-04-03 14:16:06 -05:00
jvazquez-r7 b0042f1cf2
Undo java serialization and RMI fixes 2015-04-03 14:07:49 -05:00
jvazquez-r7 11d372b015
Fix YARD documentation
* Thanks @void-in
* See #5059
2015-04-03 14:01:31 -05:00
Fernando Arias 6455862484 Merge branch 'staging/rails-4.0' of github.com:rapid7/metasploit-framework into staging/rails-4.0
Conflicts:
	Gemfile.lock
	metasploit-framework.gemspec
2015-04-03 13:56:38 -05:00
OJ 3b3e969a1c
Land #5023 : support for IE11 in fingerprint_user_agent 2015-04-03 21:12:00 +10:00
root 0dd987d873 Updated as per jlee-r7 feedback 2015-04-03 10:17:54 +05:00
OJ c4b7426ba8 Merge branch 'upstream/master' into dynamic-transport 2015-04-03 13:57:24 +10:00
OJ fd043d4842 Fix up build and missing uri_checksum stuff
Somehow this made it into a merge when it shouldn't have. This fix moves
the URI checksum module to where it needs to be and updates all the
references where required. This will result in a class with the dynamic
transport branch, but I can fix that after.
2015-04-03 13:42:25 +10:00
OJ fc44f5b1f4 Merge branch 'upstrea/master' into dynamic-transport
Small merge required with the https payload proxy changes.
2015-04-03 10:14:48 +10:00
OJ 5b5dc3ef59 Merge branch 'upstream/master' into stageless-x64
Merge required adjustment of the proxy datastore names that were changed.
2015-04-03 08:53:09 +10:00
David Maloney 1684bfec9e
add missing data to loginscanner results
the chef web ui and symantec web gateway
loginscanners do not save the target(host/port/proto) info
in the Result object. This can cause modules to break as they
expected the Result to contain that information

MSP-12499
2015-04-02 13:53:45 -05:00
OJ d2d68d76a2 Update transport switching to a full blown command
Transport switching should now support all of the bits and pieces
required to do full switching with all configurable transport options
2015-04-02 23:13:59 +10:00
root 27353d62ca Discard local changes to non relevant files 2015-04-02 16:21:43 +05:00
root 4ba761986f Correct YARD doc comments 2015-04-02 16:14:25 +05:00
OJ 47fa97816d Code fixes as per suggestions, fix build
* Use of `ERROR_FAILURE_WINDOWS` in python meterpreter.
* Moving of constants/logic to client_core instead of
command_dispatcher.
* Fix spec include.
2015-04-02 09:05:38 +10:00
William Vu 8140b0ee6c Update Qualys importers for the new CVE format 2015-04-01 17:50:18 -05:00
William Vu c55e200416 Add workspace saving to msfconsole's save command 2015-04-01 17:31:43 -05:00
sinn3r e972357aeb Fix #4471, uninitialized constant Msf::Exploit::Remote::SMB::Recog
Fix #4471

Seems to be specific to Kali
2015-04-01 16:35:23 -05:00
sinn3r e1adcfee1e No case sensitive 2015-04-01 16:14:54 -05:00
James Lee 8c1a597a25
Make a Session record before using it
How about that.
2015-04-01 13:12:28 -05:00
Brent Cook f4977bf606
Land #5006 @jlee-r7 adds meterpreter specs 2015-04-01 11:05:47 -05:00
OJ 46dca23ffe
Land #5047: Metasploit is magic (Banner Adjustments) 2015-04-01 21:51:10 +10:00
OJ 01bdf54487 Merge branch 'upstream/master' into dynamic-transport 2015-04-01 18:53:20 +10:00
OJ 79ec2e0586 Add machine ID support to the command list 2015-04-01 14:29:04 +10:00
OJ 24171a1a08
Land #5045 : Convert stageless proxy to new format 2015-04-01 12:06:57 +10:00
OJ 1a313ad943 Fix up the proxy patching
Patching of the proxy details was failing, so this commit fixes that.
Also, added code that makes the proxy type check case-insensitive.
2015-04-01 11:48:22 +10:00
Samuel Huckins d5030f7e53
Land 5036, vuln push to NX updates into master 2015-03-31 17:32:02 -05:00
James Lee 2fc22132e0
Link the new constant as default in documentation 2015-03-31 16:48:02 -05:00
James Lee 44dd45e48d
Use a const instead of hardcoding "tcp" everywhere 2015-03-31 16:15:04 -05:00
HD Moore a39ba05383 Functional Payload UUID embedding via PayloadUUIDSeed 2015-03-31 15:44:18 -05:00
James Lee 76bfaa6ce9
Fix dumb inverted logic. Thanks, rspec! 2015-03-31 14:28:07 -05:00
James Lee 8b8ec5990a
Ask the database how long the column should be
Instead of hardcoding a number
2015-03-31 14:12:22 -05:00
Tod Beardsley 34d637c7b8
Needs more ponies 2015-03-31 13:59:37 -05:00
James Lee a8ef465b46
Use the variables we worked so hard to create 2015-03-31 13:34:27 -05:00
James Lee 3695d4b0c7
Don't modify argument in place 2015-03-31 13:32:28 -05:00
James Lee adcf88761d
Save ref names for easier debugging 2015-03-31 13:07:09 -05:00
HD Moore a9cfd7efef Merging master back into the UUID branch 2015-03-31 12:02:03 -05:00
James Lee 176cdcb836
Use sym-to-proc instead of reimplementing it 2015-03-31 11:21:53 -05:00
James Lee a1a7faa77a
Don't modify argument in place 2015-03-31 10:41:24 -05:00
James Lee 7e559f7b13
Don't modify argument in place 2015-03-31 10:16:14 -05:00
James Lee 971120ce98
Use create! instead of new ... save! 2015-03-31 10:15:23 -05:00
OJ 633b46874d Merge branch 'upstream/master' 2015-03-31 14:53:48 +10:00
OJ 86d8aab854
Land #5040: Remove wininet hack for http/s meterp 2015-03-31 14:50:13 +10:00
Brent Cook d89cd118e0 remove wininet workaround in meterpreter http/s
We had a workaround to close connections on very old wininet implementations
that would not do it themselves. With the new WinHttp API-using meterpreters
and stagers, we no longer should use this workaround. It can actually be
actively bad and prematurely close the connection.

This needs testing around different payloads, and they should be on real
networks, ideally where TCP really has to work to get data transfered.
2015-03-30 23:38:32 -05:00
James Lee 790a08a848
It's pronounced "exploit", not "assoc_exploit" 2015-03-30 16:21:17 -05:00
Tod Beardsley 3f0f659eaf
Land #5019, add rescues to some LoginScanners 2015-03-30 16:06:51 -05:00
James Lee 2394d4bae8
Merge branch 'staging/single-vuln-push' into feature/MSP-11934/refactor-report-exploit-success
Conflicts:
	Gemfile
	Gemfile.lock
	spec/support/shared/examples/msf/db_manager/exploit_attempt.rb
2015-03-30 14:08:54 -05:00
James Lee 2ab4584079
Merge remote-tracking branch 'upstream/master' into staging/single-vuln-push 2015-03-30 13:50:52 -05:00
James Lee 1b0e3f13c6
Remove unnecessary extra assignment 2015-03-30 13:14:36 -05:00
James Lee 310779d7bf
Death to hashrockets 2015-03-30 13:13:58 -05:00
James Lee e65f4e92ea
Separate the two ways to make `Mdm::Session`s
Failing spec due to reuse of Mdm::Module::Detail instead of also
instantiating an Msf::Module
2015-03-30 13:05:20 -05:00
James Lee 374db22d5b
Re-enable host lookup for _failure
Again needed when called from exploit_driver because nothing is reported
yet at that point.

Also adds some yardoc
2015-03-30 12:30:52 -05:00
David Maloney 103373a7eb
add back accidentally remvoed error
accidentally dropped Errno::ETIMEDOUT from the exception
handling

MSP-12389
2015-03-30 11:19:28 -05:00
James Lee f0eeef3cbb
Move copy-pasta into a new method 2015-03-30 01:43:56 -05:00
James Lee 49902a6395
We actually do need the port/proto for failure
Because it is called from lib/msf/core/exploit.rb Exploit#report_failure
with datstore values

Partial revert of e3605aa252
2015-03-30 01:01:34 -05:00
James Lee 415510ca6a
Fix stupid typo that made vuln_id an Array 2015-03-30 00:52:02 -05:00
Samuel Huckins 13fc498523
Land #4948, fixes several AppScan import issues 2015-03-29 23:33:01 -05:00
OJ 26792975eb Refactor of code to reduce duplication
Add mixin for the stageless http preparation
2015-03-30 13:18:56 +10:00
OJ fdcf1297a6 Tweaks to the stageless materpreter x64 payload 2015-03-30 11:09:49 +10:00
OJ 0fa812e5ba Merge upstrea/master 2015-03-30 10:17:17 +10:00
HD Moore e65ac57d1b Fix a logic check in EncodedPayload, which unbreaks stageless testing 2015-03-29 19:08:35 -05:00
OJ ce8f6d72e1 More work on x64 stageless
Testing with HD's new changes that allow for generation of larger x64
payloads
2015-03-30 09:51:04 +10:00
OJ 17dc2b184d Merging upstream/master 2015-03-30 09:12:20 +10:00
OJ c0f496197c Rejig code to support http payloads
* Move the uri checksum code to a spot that can be shared with rex.
* Adjust modules to make use of this new location.
* Fix up the tranpsort switcher to add the URI for those payloads.
2015-03-30 07:11:25 +10:00
HD Moore 607cc8fef6 Remove a stale comment 2015-03-29 01:54:07 -05:00
HD Moore 0a4a72f49d Support templates with small text sections (win32) 2015-03-29 01:51:58 -05:00
HD Moore b9b40edde9 Major speedup, especially for large shellcode (stageless) 2015-03-29 00:44:06 -05:00
Meatballs 9eca3a0ab5
Impersonation spec 2015-03-29 00:52:27 +00:00
Meatballs f7e3abf760
sqlcmd specs and fixes 2015-03-28 23:23:00 +00:00
Meatballs 3b651aecdc
Specs for sqlserver check and fixes 2015-03-28 22:59:00 +00:00
Meatballs da49709845 Add yarddoc 2015-03-28 20:31:36 +00:00
Meatballs 8e22255a40 Small tidyup/rubocop
Signed-off-by: Meatballs <eat_meatballs@hotmail.co.uk>
2015-03-28 20:31:36 +00:00
Meatballs 9529eed41d More specific matching 2015-03-28 20:31:35 +00:00
Meatballs a30d8f7040 Add requires 2015-03-28 20:31:35 +00:00
Meatballs a1d74c27c6 Check for only running services 2015-03-28 20:31:35 +00:00
Meatballs 99f79e8533 Use incognito token stealing rather than process migration if we have
the privileges required for successful impersonation.
2015-03-28 20:31:35 +00:00
Meatballs 9c2219124c Remove some comments 2015-03-28 20:31:35 +00:00
Meatballs e2af15a0df Refactor MSSQL Post 2015-03-28 20:31:35 +00:00
sinn3r c4def25e82 Resolve #4986, add support for IE11 for fingerprint_user_agent
Resolve #4986
2015-03-27 17:51:14 -05:00
sinn3r 9cfafdd8b8
Land #4649, improve post/windows/manage/run_as and as an exploit 2015-03-27 17:31:30 -05:00
Trevor Rosen 2815462375
Update Mdm to staging hash 2015-03-27 15:16:33 -05:00
David Maloney 441feec360
fix missing exception handling
a few of our http login scanners needed to
handle a couple of other exception classes
for when network communication errors occur

MSP-12389
2015-03-27 12:31:14 -05:00
James Lee e3605aa252
We always pass a Service, get rid of port/proto 2015-03-27 11:54:03 -05:00
James Lee 25d0b8baff
Redundant check 2015-03-27 11:35:35 -05:00
James Lee 3b8d70b567
host is always an Mdm::Host, don't look it up again 2015-03-27 11:34:32 -05:00
James Lee 466ef4349e
Second verse, same as the first 2015-03-27 09:59:10 -05:00
James Lee bf8146c8b5
Axe redundant check 2015-03-26 21:19:19 -05:00
James Lee 88a8186a11
Pull up redundant hash literal 2015-03-26 19:33:53 -05:00
Brent Cook e0568e95c2
Land #4978 @zerosteiner adds reverse https for python meterpreter 2015-03-26 19:16:46 -05:00
Brent Cook 5ac1ee1d73 fix http/s handler reference counting for pymet
add a persistent session counter to avoid stopping listening when pymet stages over http/s
2015-03-26 18:26:56 -05:00
James Lee a9e4961563
New hash syntax 2015-03-26 10:05:08 -05:00
James Lee a3ae0daf5a
Whitespace 2015-03-26 10:02:08 -05:00
sinn3r 8f03cadb92 Forgot to remove print_debug 2015-03-25 16:08:47 -05:00
jvazquez-r7 72a0909e9b
Land #4992, @wchen-r7's support for multiple ActiveX controls on BrowserExploitServerMerge 2015-03-25 13:30:36 -05:00
James Lee 8f0c434faa Add specs for the new method 2015-03-25 12:34:10 -05:00
jvazquez-r7 f80978d9e9
Calculate interface and method hashes dinamically 2015-03-25 11:46:54 -05:00
jvazquez-r7 0540e25db2
Calculate the java/rmi/registry/RegistryImpl_Stub hash dinamically 2015-03-25 11:29:07 -05:00
sinn3r 6e3e696262 Use symantec_web_gateway as an example of using send_request 2015-03-25 10:55:46 -05:00
sinn3r 60f1d9c961 More yard doc 2015-03-25 10:50:11 -05:00
sinn3r 9b9e157e84 More yard doc 2015-03-25 02:26:06 -05:00
sinn3r ded500a9ae Use send_request 2015-03-25 02:13:40 -05:00
sinn3r 6984e5234e Fix a typo 2015-03-25 02:01:25 -05:00
sinn3r 8a8d6fb5ab Some more changes 2015-03-25 02:00:23 -05:00
sinn3r 855cadc6b1 Rescue more exceptions
The attempt_login method is rescuing these exceptions, so maybe
I should do the same.
2015-03-25 01:48:37 -05:00
sinn3r 8f95624bf7 Add #send_request to Metasploit::Framework::LoginScanner::HTTP 2015-03-25 01:40:02 -05:00
OJ 1f00b595bc Hacked support for transport switching 2015-03-25 13:08:52 +10:00
jvazquez-r7 f43eab29ed Delete debug puts 2015-03-24 19:14:30 -05:00
jvazquez-r7 464a6df5e0
Add specs for Msf::Java::Rmi::Client::Registry 2015-03-24 18:42:35 -05:00
Matt Buck c26dfa263d
Ensure IP addresses are explicitly converted to strings
MSP-12113
2015-03-24 16:26:00 -05:00
Christian Mehlmauer 7bf00f8f47
Land #4789, @rastating WPLMS wordpress module 2015-03-24 20:46:38 +01:00
James Lee b0fac4824c
Stop caring about order of keys in user_data 2015-03-24 14:21:52 -05:00
William Vu 6d85b5fd1e
Land #4998, non-loopback LHOST tab completion 2015-03-24 14:00:01 -05:00
William Vu 660f3dac2b
Land #4997, smb_version SMBDirect option fix 2015-03-24 13:46:09 -05:00
James Lee 414983ac8c
Merge branch 'feature/MSP-11925/create-user-data' into staging/single-vuln-push
Conflicts:
	Gemfile.lock
2015-03-24 12:42:08 -05:00
jvazquez-r7 6ea42f6599
Fix description 2015-03-24 12:30:27 -05:00
jvazquez-r7 7c0e17d1f7
Update RMI/JMX mixin documentation 2015-03-24 12:29:40 -05:00
James Lee 65c00dffac
Tab complete non-loopback interfaces' addresses 2015-03-24 12:10:58 -05:00
sinn3r 58c5be0d72 Allow SMBDirect to be optional
The smb_version module needs to deregister the SMBDirect option,
but cannot do this because SMBDirect is a required option. By
having it as optional, the user no longer needs to set it. Also,
since SMBDirect already has a default value, having it as optional
should not change the mixin's default behavior.
2015-03-24 12:04:44 -05:00
jvazquez-r7 39e87f927a
Make code consistent 2015-03-24 11:44:26 -05:00
RageLtMan 548a710745 Replace db_nmap string concat with an Array
16eab48012 introduced changes to
cmd_db_nmap which pass a new arguments variable to Open3 with a
list of args excluding save.

This approach created a problem wherein the address of the target
had to be passed in first and arguments could get mangled.

Reintroduce an array format, exploding when passing to Open3.
Ensure output file options are appended to the arguments being
passed to Open3, instead of the args variable.

Error example:
db_nmap -F 192.168.0.1
[*] Nmap: 'nmap: unrecognized option '- 192.168.0.1 ''
2015-03-24 04:36:58 -04:00
sinn3r bef67d773c Don't break untested_payloads.rb 2015-03-24 00:54:11 -05:00
sinn3r 3c4da5c3ff Update BES rspec 2015-03-24 00:10:18 -05:00
OJ 25dcfc796a Better support old binaries in rev http(s)
* Patch 256char URL if the 512char one doesn't work.
* Return an empty list in the case where the ext enum fails.
2015-03-24 10:14:44 +10:00
jvazquez-r7 04341bfc78
Support JMX_ROLE again 2015-03-23 17:32:26 -05:00
Brent Cook 1869977921
Land #4962: OJ adjusts MSF to new metsrv needs
bump meterpreter bins to 0.0.17
2015-03-23 17:18:06 -05:00
jvazquez-r7 d8d4c23d60
JMX code refactoring 2015-03-23 17:06:51 -05:00
sinn3r 2900f57afd It looks like this works 2015-03-23 16:46:53 -05:00
David Maloney 60966f3d2a
handle a blank response body
sometimes the response body itself can be blank
so we need to handle that properly.

MSP-9972
2015-03-23 16:03:30 -05:00
OJ 24d74b26e3 Beginning work for stageless x64 meterpreter 2015-03-24 06:50:06 +10:00
jvazquez-r7 6934fde5a1
Finish first draft of new jmx mixin 2015-03-23 15:49:18 -05:00
jvazquez-r7 962bb670de
Remove old JMX mixin 2015-03-23 15:48:10 -05:00
William Vu 809bc52dfc
Land #4982, tagging for msfconsole 2015-03-23 15:28:50 -05:00
HD Moore dbe3fe38fd Sanity check file: arguments for size and move into msfconsole 2015-03-23 14:57:44 -05:00
sinn3r 0e1b9f90b4 Small details 2015-03-23 14:40:20 -05:00
HD Moore 6852475be0 Placeholder for UUID options 2015-03-23 14:35:33 -05:00
HD Moore dfbaa6b42e Typo 2015-03-23 14:35:08 -05:00
sinn3r e520ace1f1 Stash 2015-03-23 14:21:46 -05:00
sinn3r 156520338d Making some changes to how BES handles ActiveX 2015-03-23 12:21:27 -05:00
jvazquez-r7 79068c8ec2
Delete JMX discovery stream 2015-03-23 10:21:37 -05:00
William Vu 2f83a53884
Add missing fix for #4921 2015-03-23 00:26:18 -05:00
William Vu 8165ae35d0 Remove extraneous semicolon 2015-03-23 00:26:03 -05:00
William Vu e176b21bcd
Land #4921, db_nmap help and tab completion 2015-03-23 00:22:46 -05:00
OJ 20131110cd Add verify_ssl file (missed in prev commit) 2015-03-23 13:22:10 +10:00
OJ 9c9d333a1b Create verify ssl mixin, adjust some formatting 2015-03-23 13:21:08 +10:00
sinn3r 23685694ad The tags column should be a virtual column 2015-03-22 21:04:37 -05:00
sinn3r 182018786b This is probably the proper way to delete tags 2015-03-22 20:55:20 -05:00
sinn3r ffe48e1ec8 Don't need order to delete 2015-03-22 20:43:11 -05:00
sinn3r ef62fc3df7 Allow the delete mode for tags 2015-03-22 20:08:23 -05:00
HD Moore bc3c73e408 Merge branch 'master' into feature/registered-payload-uuids 2015-03-22 18:51:13 -05:00
sinn3r b2cc3c4954 I found more bugs and fixed them 2015-03-22 18:21:57 -05:00
sinn3r 708eb42984 I fix bugs for tagging 2015-03-22 18:13:40 -05:00
nstarke dac5b078f0 Minor fixes for format and style
This commit contains a few minor tweaks
for style and format.  Some whitespace removed,
an erroneous 'return' removed, and using single
quotes for consistency.  Updated as per request.
2015-03-22 22:51:21 +00:00
nstarke 16eab48012 Adding help and tab functions for db_nmap
These functions address certain problems
listed in GitHub issue #4353, but do not
address all issues in that ticket.  Most
notably, this commit adds basic tab
completion for db_nmap.
2015-03-22 22:45:56 +00:00
HD Moore 378e867486 Refactor Msf::Payload::UUID, use this in reverse_http 2015-03-22 16:17:12 -05:00
HD Moore 0d1fe37710 Ignore non-base64url characters during decode 2015-03-22 16:16:47 -05:00
sinn3r 863cbcbddb Add real tagging for the hosts command 2015-03-22 15:34:37 -05:00
HD Moore 94241b2998 First attempt at rewiring HTTP handlers to use UUIDs 2015-03-21 03:15:08 -05:00
sinn3r 97b919923e Fix undefined esize in Rex::Exploitation::Egghunter
esize is not a valid variable, and we don't need it either.
2015-03-20 21:32:46 -05:00
HD Moore 858d9b1e7a Introduce Rex::Text.(en|de)code_base64url and use it for uri_checksum 2015-03-20 21:32:08 -05:00
HD Moore 1eafb21741
Lands #4970, fixes exception about msfconsole.rc 2015-03-20 16:49:04 -05:00
William Vu 259e95ed21 Add load_resource exception for msfconsole.rc
This prevents msfconsole from erroring on a nonexistent msfconsole.rc.
2015-03-20 16:50:27 -05:00
jvazquez-r7 1226b3656f
Land #4945, @wchen-r7's login scanner for Symantec web gateway 2015-03-20 14:44:05 -05:00
jvazquez-r7 62871255b0
Match class and file names 2015-03-20 14:25:20 -05:00
William Vu 4d00114428 Add parens around print_error 2015-03-20 13:53:14 -05:00
sinn3r 2c5c94288d Fix #4966, tell the user the resource script path is invalid
Fix #4966
2015-03-20 13:38:12 -05:00
jvazquez-r7 179177d5c0
Fix typo 2015-03-20 13:27:41 -05:00
sinn3r b19f766728
Land #4942, Gitlab Login Scanner 2015-03-20 13:02:12 -05:00
OJ 9d20d057dd Update Meterpreter URL length to 512 2015-03-20 13:16:43 +10:00
oj@buffered.io fd4ad9bd2e Rework changes on top of HD's PR
This commit removes duplication, tidies up a couple of things and puts
some common code into the x509 module.
2015-03-20 13:06:57 +10:00
OJ 7b4161bdb4 Update code to handle cert validation properly
This code contains duplication from HD's PR. Once his has been landed
this code can be fixed up a bit so that duplication is removed.
2015-03-20 12:52:47 +10:00
OJ 7ca91b2eb5 Add support for ssl to the patcher 2015-03-20 12:52:38 +10:00
OJ d38e2c968e Add required include for stageless meterpreter 2015-03-20 12:52:28 +10:00
OJ a9f74383d0 Update patch to support both ascii and wchar 2015-03-20 12:52:18 +10:00
OJ acd802c5fd Initial work for WinHTTP comms support in Meterpreter 2015-03-20 12:51:47 +10:00
William Vu cf645772b6
Land #4960, hosts -i, -n, and -m support 2015-03-19 21:34:14 -05:00
William Vu 38dbd1889e Fix report_note to use :data
:note doesn't do what we want.
2015-03-19 21:33:17 -05:00
William Vu 83ce967d75 Clean up hash syntax as per style guide 2015-03-19 21:23:28 -05:00
Brent Cook 564962042e
Land #4925, OJ adds self-contained windows meterpreter options 2015-03-19 21:07:32 -05:00
HD Moore c0bf51e0f5 Add a timestamp to the UUID structure 2015-03-19 19:11:58 -05:00
jvazquez-r7 6094d1bfb1
Add specs for Msf::Java::Rmi::Client::Registry::Parser 2015-03-19 19:07:03 -05:00
jvazquez-r7 b839547dc3 Add documentation for Registry modules and methods 2015-03-19 17:57:21 -05:00
jvazquez-r7 a7f1244251
Finish the java_rmi_registry gather module 2015-03-19 17:33:45 -05:00
sinn3r f38ad13094 Resolve #4891, new arguments for the hosts command
Resolve #4891
2015-03-19 17:00:41 -05:00
jvazquez-r7 1d69e15d1a
Fix registry lookup parser 2015-03-19 16:19:55 -05:00
Brent Cook 24ce0118b8 reenable UTF filtering support where needed
revert d22231bdc8
2015-03-19 16:02:21 -05:00
HD Moore d53ccb32a0 Turn off unicode filtering by default for non-Windows platforms (UTF-8 consoles)
This is a followup to support for unicode added in #4950
2015-03-19 15:45:45 -05:00
jvazquez-r7 ec90594f7e
Add support for Rex::Java::Serialization::ProxyClassDesc 2015-03-19 15:41:24 -05:00
OJ a582e05b6d Merge gemfile changes in master 2015-03-20 06:29:38 +10:00
OJ 040ef1e3e9
Land #4950: ls unicode and sorting in meterpreter 2015-03-20 06:28:29 +10:00
jvazquez-r7 5c3134a616
Add first support to gather information from RMI registries 2015-03-19 11:16:04 -05:00
Matt Buck 38ded90700
Merge branch 'master' into staging/rails-4.0 2015-03-19 11:08:35 -05:00
Matt Buck d329a724bc Revert "Merge master"
This reverts commit 2056ff6899.
2015-03-19 11:08:25 -05:00
Matt Buck 2056ff6899
Merge master
Squashed commit of the following:

commit 1dcad7c21b
Merge: 1a2f35d 35d29f5
Author: OJ <oj@buffered.io>
Date:   Thu Mar 19 14:43:27 2015 +1000

    Land #4953 : Updated POSIX meterpreter binaries

commit 35d29f5d08
Author: Brent Cook <bcook@rapid7.com>
Date:   Wed Mar 18 22:57:03 2015 -0500

    update linux meterpreter bins

commit 1a2f35d806
Merge: 076f15f 346b1d5
Author: OJ <oj@buffered.io>
Date:   Thu Mar 19 12:41:20 2015 +1000

    Land #4951: Dynamic URI generation for Java/Python reverse_http(s)

commit 076f15f933
Merge: b33e7f4 3f8ed56
Author: Spencer McIntyre <zeroSteiner@gmail.com>
Date:   Wed Mar 18 20:59:54 2015 -0400

    Land #4792 @jakxx Publish It PUI file exploit

commit 3f8ed56a9a
Author: Spencer McIntyre <zeroSteiner@gmail.com>
Date:   Wed Mar 18 20:57:58 2015 -0400

    Add available space to the payload info

commit b33e7f477c
Merge: 0d1f205 5dd718e
Author: joev <joev@metasploit.com>
Date:   Wed Mar 18 17:17:34 2015 -0500

    Land #4947, h0ng10's TWiki exploit.

commit 346b1d539f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 16:24:01 2015 -0500

    Revert Java back to static size for cache purposes (less cpu usage on startup)

commit 33bbf7cb7e
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 16:08:11 2015 -0500

    Dynamic URI generation for python/java http(s) stagers

commit 0d1f2055c5
Merge: e943cb5 dab4333
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 15:31:22 2015 -0500

    Lands #4949 which fixes #4845

commit dab4333867
Author: rwhitcroft <rw81junk@gmail.com>
Date:   Wed Mar 18 16:07:46 2015 -0400

    updated asm in block

commit 7ae97393e0
Author: rwhitcroft <rw81junk@gmail.com>
Date:   Wed Mar 18 15:34:31 2015 -0400

    fix x64/reverse_https stager shellcode

commit e943cb550f
Merge: d152c41 d1a2f58
Author: OJ <oj@buffered.io>
Date:   Wed Mar 18 22:34:52 2015 +1000

    Land #4585 : CVE-2015-0975 XXE in OpenNMS

commit d1a2f58303
Author: OJ <oj@buffered.io>
Date:   Wed Mar 18 22:17:44 2015 +1000

    Fix of regex for file capture and format tweaks

commit 5dd718e4fa
Author: Hans-Martin Münch (h0ng10) <muench@mogwaisecurity.de>
Date:   Wed Mar 18 09:51:51 2015 +0100

    Better description

commit 00de437918
Author: Hans-Martin Münch (h0ng10) <muench@mogwaisecurity.de>
Date:   Wed Mar 18 09:45:08 2015 +0100

    Initial commit

commit fa7242388b
Author: OJ <oj@buffered.io>
Date:   Wed Mar 18 18:18:54 2015 +1000

    Move the module to the correct location

commit d152c41826
Merge: b46e5f8 b62da42
Author: OJ <oj@buffered.io>
Date:   Wed Mar 18 17:42:19 2015 +1000

    Land #4934 : Proxy and auth support in reverse_http(s)

commit b62da42927
Merge: c607cf7 b46e5f8
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:51:15 2015 -0500

    Merge branch 'master' into feature/add-proxies-to-wininet

commit b46e5f8d13
Merge: bd4738b 97def50
Author: OJ <oj@buffered.io>
Date:   Wed Mar 18 16:49:13 2015 +1000

    Land #4295 : Refactory proxy-enabled payload handling

commit c607cf7b11
Merge: 0513852 bd4738b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:45:44 2015 -0500

    Merging master

commit 97def50cc2
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:26:59 2015 -0500

    Whitespace cleanup

commit 8d3cb8bde5
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:25:42 2015 -0500

    Fix up meterpreter patching arguments and names

commit ef443c83b9
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:21:53 2015 -0500

    Fix overgreed search/replace

commit 390a704cc7
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:19:05 2015 -0500

    Cleanup proxyhost/proxyport arguments to match new names

commit f7a06d8e44
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:15:32 2015 -0500

    Rework PROXY_{HOST|PORT|TYPE|USERNAME|PASSWORD) to the new syntax

commit 3aa8cb69a4
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:08:09 2015 -0500

    Fix two use cases of PROXYHOST/PROXYPORT

commit 87a489907c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Dec 15 14:48:09 2014 -0600

    Place an IPv6 proxy IP between brackets

commit 259db269bd
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Dec 2 15:36:14 2014 -0600

    Remove user/pass and invalid class from the options

commit 2ab14e7e79
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:01:10 2015 -0500

    Adds IPv6 and option-related issues with the previous patch

commit 0601946830
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Dec 2 13:29:39 2014 -0600

    Don't mandate and default PROXY_HOST (miscopy from the proxy stager)

commit a4df6d539f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 00:59:59 2015 -0500

    Cleanup proxy handling code (consistency & bugs)

    One subtle bug was that each time a request was received, a null byte was being appended to the datastore options for PROXY_USERNAME and PROXY_PASSWORD. Eventually this would break new sessions. This change centralizes the proxy configuration and cleans up the logic.

commit 85fb534e63
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Dec 2 12:57:30 2014 -0600

    Fix up the offset detection again, cleanup redundant code

commit 2f13988d7b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Dec 2 12:33:53 2014 -0600

    Use OptPort vs OptInt and cleanup the description

commit a01be365b0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 00:59:13 2015 -0500

    Rework PROXYHOST/PROXYPORT to PROXY_HOST/PROXY_PORT

    This also cleans up the windows reverse_https_proxy stager.

commit b197b7aaf0
Author: jakxx <jakx.ppr@gmail.com>
Date:   Tue Mar 17 19:24:13 2015 -0400

    Additional Updates

    -Removed unused mixin
    -Cleaned up Module name
    -Cleaned up author name

commit bd4738b93e
Merge: 47a7f99a d7fa0ec
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 17 17:37:55 2015 -0500

    Land #4827, capture and nbns fixups

commit d7fa0ec669
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 17 17:36:45 2015 -0500

    Let IPAddr#hton do the calculating

commit 47a7f99aae
Merge: d1d6378 5fd3637
Author: Brent Cook <bcook@rapid7.com>
Date:   Tue Mar 17 16:22:46 2015 -0500

    Land #4930, @hmoore-r7 winhttp stager certificate check

commit 085e6cc815
Author: jakxx <jakx.ppr@gmail.com>
Date:   Tue Mar 17 16:39:56 2015 -0400

    Implemented Recommended Changes

    -corrected spelling error
    -set only option to required
    -dumped header data to included file
    -Used Rex for jmp values

commit 0490af8ba8
Author: jstnkndy <jstnkndy@gmail.com>
Date:   Tue Mar 17 10:20:22 2015 -0400

    Added error checks, randomness, and uuid delimeter

commit f3fc4003d0
Author: jstnkndy <jstnkndy@gmail.com>
Date:   Tue Mar 17 10:19:40 2015 -0400

    typo

commit b92d243c0e
Merge: e0a7f53 766a07a
Author: jstnkndy <jstnkndy@gmail.com>
Date:   Tue Mar 17 10:18:32 2015 -0400

    Merge branch 'module-cve-2015-0975' of https://github.com/jstnkndy/metasploit-framework into module-cve-2015-0975

commit e0a7f531cc
Author: jstnkndy <jstnkndy@gmail.com>
Date:   Tue Mar 17 10:10:51 2015 -0400

    Added error checking, randomness, uuid delimiters

commit 2ea984423b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 14:08:01 2015 -0500

    while(true)->loop, use thread.join

commit 5fd3637d34
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 14:00:51 2015 -0500

    Remove the i32 size specifier (not needed)

commit 69d9280748
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 13:52:13 2015 -0500

    Fix yard docs, retries, push.i8 instructions. See commit 05138524e3

    Note that StagerRetryCount is not defined here, but will be in the parent class once #4934 lands

commit 05138524e3
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 13:35:36 2015 -0500

    Fix yard docs, fix retries, trim bytes, retested and working

commit 69a808b744
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 12:14:42 2015 -0500

    StagerProxy -> PayloadProxy

commit f361e4ee52
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 00:22:10 2015 -0500

    Prefer the new-style proxy datastore options when available

commit 7e89281485
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 00:03:31 2015 -0500

    Adds proxy (with authentication) support to reverse_http(s)

commit 8e37342c50
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Mar 14 16:52:04 2015 -0500

    Comment typo

commit 0d12ca49a7
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Mar 14 16:19:13 2015 -0500

    Work around lack of option normalization during size calculation

commit 03019cf451
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Mar 14 15:53:21 2015 -0500

    Adds StagerVerifySSLCert support (SHA1 of HandlerSSLCert)

commit 11593800b6
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Mar 14 15:52:23 2015 -0500

    Move X509 PEM parsing into Rex::Parser::X509Certificate

commit 1001061a96
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 4 18:52:18 2015 -0600

    Initialize @capture_count

commit 1b1716bcf6
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Feb 22 22:01:01 2015 -0600

    Fix a handful of bugs that broke this modules. Fixes #4799

commit 9730a1655e
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Feb 22 22:00:42 2015 -0600

    Small cleanups to the LLMR responder module

commit bdd5276524
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Feb 22 21:53:47 2015 -0600

    This fixes a number of issues with the Capture mixin

     * The use of www.metasploit.com in a datastore option results in a DNS lookup (infoleak). Switch to 8.8.8.8 (TTL=1)
     * The hackey code around #each_packet is no longer necessary in newer Ruby versions
     * The arp()/probe_gateway() calls to inject_reply() had broken logic leading to early exit and missed replies
     * The arp() function now tries up to three times to get a reply (helpful with lossy L2)
     * GC.start is extraneous and should be removed
     * Increased timeouts

commit 615d71de6e
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Feb 22 21:51:33 2015 -0600

    Remove extraneous calls to GC.start()

commit 44a7e7e4bc
Author: jakxx <jakx.ppr@gmail.com>
Date:   Wed Feb 18 13:22:54 2015 -0500

    publish-it fileformat exploit

commit 766a07a904
Author: jstnkndy <jstnkndy@gmail.com>
Date:   Tue Jan 13 22:08:08 2015 -0500

    Add CVE-2015-0975 XXE for OpenNMS <= 14.0.2
2015-03-19 10:47:33 -05:00
OJ 7899881416 Update POSIX bins from master 2015-03-19 14:50:14 +10:00
Meatballs 2dd9dcb26c
Dont use native unpack operators! 2015-03-18 23:48:39 +00:00
Meatballs 975ddc9092
Add some spec mockery 2015-03-18 23:43:46 +00:00
HD Moore ce0796a427 Base module for Payload UUID support 2015-03-18 17:03:47 -05:00
HD Moore ae621c83c5 Add a URL-safe base64 encoder/decoder 2015-03-18 17:03:29 -05:00
Brent Cook c774038fe6 improve ls output by providing various new options 2015-03-18 16:02:03 -05:00
jvazquez-r7 9628415ca2
Delete more comments 2015-03-18 15:53:50 -05:00
jvazquez-r7 c3dd4035ef Make jmx module work again 2015-03-18 15:48:07 -05:00
jvazquez-r7 f956ba1a46 Do first JMX cleaning try 2015-03-18 15:37:07 -05:00
David Maloney 4293af01b1
make sure we strip leading whitespace
in the aforementiond record_request_and_response method
we need to still make sure to strip leading whitespace
from the front of our data before saving it

MSP-9972
2015-03-18 11:23:45 -05:00
David Maloney dacaa9e82b
simplify request-response parsing in apsscan
the record_request_and_response method for the
nokogiri appscan parser was way overcomplicated
it was trying to do way too much trickiness
when the data could be very simply split and consumed

MSP-9972
2015-03-18 11:19:00 -05:00
David Maloney 3269817b29
remove bad truthiness checks
truthy checks were used here, but you'll get
an empty hash which will be treated as true causing
the test to be invalid and allowing for errors further in the method

MSP-9972
2015-03-18 10:52:24 -05:00
jvazquez-r7 17e1f7d34f
Move Streams code 2015-03-18 09:25:53 -05:00
HD Moore b62da42927 Merge branch 'master' into feature/add-proxies-to-wininet 2015-03-18 01:51:15 -05:00
HD Moore c607cf7b11 Merging master 2015-03-18 01:45:44 -05:00
HD Moore 97def50cc2 Whitespace cleanup 2015-03-18 01:26:59 -05:00
HD Moore 8d3cb8bde5 Fix up meterpreter patching arguments and names 2015-03-18 01:25:42 -05:00
HD Moore 390a704cc7 Cleanup proxyhost/proxyport arguments to match new names 2015-03-18 01:19:05 -05:00
HD Moore f7a06d8e44 Rework PROXY_{HOST|PORT|TYPE|USERNAME|PASSWORD) to the new syntax 2015-03-18 01:15:32 -05:00
HD Moore 3aa8cb69a4 Fix two use cases of PROXYHOST/PROXYPORT 2015-03-18 01:08:09 -05:00
HD Moore 2ab14e7e79 Adds IPv6 and option-related issues with the previous patch 2015-03-18 01:01:10 -05:00
HD Moore a4df6d539f Cleanup proxy handling code (consistency & bugs)
One subtle bug was that each time a request was received, a null byte was being appended to the datastore options for PROXY_USERNAME and PROXY_PASSWORD. Eventually this would break new sessions. This change centralizes the proxy configuration and cleans up the logic.
2015-03-18 00:59:59 -05:00
HD Moore 2f13988d7b Use OptPort vs OptInt and cleanup the description 2015-03-18 00:59:25 -05:00
HD Moore a01be365b0 Rework PROXYHOST/PROXYPORT to PROXY_HOST/PROXY_PORT
This also cleans up the windows reverse_https_proxy stager.
2015-03-18 00:59:13 -05:00
jvazquez-r7 14be07a2c4
Update java_rmi_server modules 2015-03-17 21:29:52 -05:00
jvazquez-r7 d6048d0978 Use rex support for build_call 2015-03-17 21:05:45 -05:00
jvazquez-r7 6315e07312 Add specs for UniqueIdentifier 2015-03-17 20:38:43 -05:00
James Lee bd4738b93e
Land #4827, capture and nbns fixups 2015-03-17 17:37:55 -05:00
James Lee d7fa0ec669
Let IPAddr#hton do the calculating 2015-03-17 17:36:45 -05:00
jvazquez-r7 87b777e923
Refactor moving code to rex 2015-03-17 17:15:32 -05:00
Matt Buck f29a3f69e9 Merge branch 'master' into staging/rails-4.0
Conflicts:
	Gemfile.lock
	metasploit-framework-db.gemspec
2015-03-17 15:47:48 -05:00
sinn3r 608bf55b79 Update 2015-03-17 11:54:38 -05:00
jvazquez-r7 dd6ecefe39 Fix endianess 2015-03-17 11:40:50 -05:00