Commit Graph

6359 Commits (d329a724bcd09409ca4e81aabc4a01be276f592d)

Author SHA1 Message Date
Matt Buck d329a724bc Revert "Merge master"
This reverts commit 2056ff6899.
2015-03-19 11:08:25 -05:00
Matt Buck 2056ff6899
Merge master
Squashed commit of the following:

commit 1dcad7c21b
Merge: 1a2f35d 35d29f5
Author: OJ <oj@buffered.io>
Date:   Thu Mar 19 14:43:27 2015 +1000

    Land #4953 : Updated POSIX meterpreter binaries

commit 35d29f5d08
Author: Brent Cook <bcook@rapid7.com>
Date:   Wed Mar 18 22:57:03 2015 -0500

    update linux meterpreter bins

commit 1a2f35d806
Merge: 076f15f 346b1d5
Author: OJ <oj@buffered.io>
Date:   Thu Mar 19 12:41:20 2015 +1000

    Land #4951: Dynamic URI generation for Java/Python reverse_http(s)

commit 076f15f933
Merge: b33e7f4 3f8ed56
Author: Spencer McIntyre <zeroSteiner@gmail.com>
Date:   Wed Mar 18 20:59:54 2015 -0400

    Land #4792 @jakxx Publish It PUI file exploit

commit 3f8ed56a9a
Author: Spencer McIntyre <zeroSteiner@gmail.com>
Date:   Wed Mar 18 20:57:58 2015 -0400

    Add available space to the payload info

commit b33e7f477c
Merge: 0d1f205 5dd718e
Author: joev <joev@metasploit.com>
Date:   Wed Mar 18 17:17:34 2015 -0500

    Land #4947, h0ng10's TWiki exploit.

commit 346b1d539f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 16:24:01 2015 -0500

    Revert Java back to static size for cache purposes (less cpu usage on startup)

commit 33bbf7cb7e
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 16:08:11 2015 -0500

    Dynamic URI generation for python/java http(s) stagers

commit 0d1f2055c5
Merge: e943cb5 dab4333
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 15:31:22 2015 -0500

    Lands #4949 which fixes #4845

commit dab4333867
Author: rwhitcroft <rw81junk@gmail.com>
Date:   Wed Mar 18 16:07:46 2015 -0400

    updated asm in block

commit 7ae97393e0
Author: rwhitcroft <rw81junk@gmail.com>
Date:   Wed Mar 18 15:34:31 2015 -0400

    fix x64/reverse_https stager shellcode

commit e943cb550f
Merge: d152c41 d1a2f58
Author: OJ <oj@buffered.io>
Date:   Wed Mar 18 22:34:52 2015 +1000

    Land #4585 : CVE-2015-0975 XXE in OpenNMS

commit d1a2f58303
Author: OJ <oj@buffered.io>
Date:   Wed Mar 18 22:17:44 2015 +1000

    Fix of regex for file capture and format tweaks

commit 5dd718e4fa
Author: Hans-Martin Münch (h0ng10) <muench@mogwaisecurity.de>
Date:   Wed Mar 18 09:51:51 2015 +0100

    Better description

commit 00de437918
Author: Hans-Martin Münch (h0ng10) <muench@mogwaisecurity.de>
Date:   Wed Mar 18 09:45:08 2015 +0100

    Initial commit

commit fa7242388b
Author: OJ <oj@buffered.io>
Date:   Wed Mar 18 18:18:54 2015 +1000

    Move the module to the correct location

commit d152c41826
Merge: b46e5f8 b62da42
Author: OJ <oj@buffered.io>
Date:   Wed Mar 18 17:42:19 2015 +1000

    Land #4934 : Proxy and auth support in reverse_http(s)

commit b62da42927
Merge: c607cf7 b46e5f8
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:51:15 2015 -0500

    Merge branch 'master' into feature/add-proxies-to-wininet

commit b46e5f8d13
Merge: bd4738b 97def50
Author: OJ <oj@buffered.io>
Date:   Wed Mar 18 16:49:13 2015 +1000

    Land #4295 : Refactory proxy-enabled payload handling

commit c607cf7b11
Merge: 0513852 bd4738b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:45:44 2015 -0500

    Merging master

commit 97def50cc2
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:26:59 2015 -0500

    Whitespace cleanup

commit 8d3cb8bde5
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:25:42 2015 -0500

    Fix up meterpreter patching arguments and names

commit ef443c83b9
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:21:53 2015 -0500

    Fix overgreed search/replace

commit 390a704cc7
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:19:05 2015 -0500

    Cleanup proxyhost/proxyport arguments to match new names

commit f7a06d8e44
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:15:32 2015 -0500

    Rework PROXY_{HOST|PORT|TYPE|USERNAME|PASSWORD) to the new syntax

commit 3aa8cb69a4
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:08:09 2015 -0500

    Fix two use cases of PROXYHOST/PROXYPORT

commit 87a489907c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Dec 15 14:48:09 2014 -0600

    Place an IPv6 proxy IP between brackets

commit 259db269bd
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Dec 2 15:36:14 2014 -0600

    Remove user/pass and invalid class from the options

commit 2ab14e7e79
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:01:10 2015 -0500

    Adds IPv6 and option-related issues with the previous patch

commit 0601946830
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Dec 2 13:29:39 2014 -0600

    Don't mandate and default PROXY_HOST (miscopy from the proxy stager)

commit a4df6d539f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 00:59:59 2015 -0500

    Cleanup proxy handling code (consistency & bugs)

    One subtle bug was that each time a request was received, a null byte was being appended to the datastore options for PROXY_USERNAME and PROXY_PASSWORD. Eventually this would break new sessions. This change centralizes the proxy configuration and cleans up the logic.

commit 85fb534e63
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Dec 2 12:57:30 2014 -0600

    Fix up the offset detection again, cleanup redundant code

commit 2f13988d7b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Dec 2 12:33:53 2014 -0600

    Use OptPort vs OptInt and cleanup the description

commit a01be365b0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 00:59:13 2015 -0500

    Rework PROXYHOST/PROXYPORT to PROXY_HOST/PROXY_PORT

    This also cleans up the windows reverse_https_proxy stager.

commit b197b7aaf0
Author: jakxx <jakx.ppr@gmail.com>
Date:   Tue Mar 17 19:24:13 2015 -0400

    Additional Updates

    -Removed unused mixin
    -Cleaned up Module name
    -Cleaned up author name

commit bd4738b93e
Merge: 47a7f99a d7fa0ec
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 17 17:37:55 2015 -0500

    Land #4827, capture and nbns fixups

commit d7fa0ec669
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 17 17:36:45 2015 -0500

    Let IPAddr#hton do the calculating

commit 47a7f99aae
Merge: d1d6378 5fd3637
Author: Brent Cook <bcook@rapid7.com>
Date:   Tue Mar 17 16:22:46 2015 -0500

    Land #4930, @hmoore-r7 winhttp stager certificate check

commit 085e6cc815
Author: jakxx <jakx.ppr@gmail.com>
Date:   Tue Mar 17 16:39:56 2015 -0400

    Implemented Recommended Changes

    -corrected spelling error
    -set only option to required
    -dumped header data to included file
    -Used Rex for jmp values

commit 0490af8ba8
Author: jstnkndy <jstnkndy@gmail.com>
Date:   Tue Mar 17 10:20:22 2015 -0400

    Added error checks, randomness, and uuid delimeter

commit f3fc4003d0
Author: jstnkndy <jstnkndy@gmail.com>
Date:   Tue Mar 17 10:19:40 2015 -0400

    typo

commit b92d243c0e
Merge: e0a7f53 766a07a
Author: jstnkndy <jstnkndy@gmail.com>
Date:   Tue Mar 17 10:18:32 2015 -0400

    Merge branch 'module-cve-2015-0975' of https://github.com/jstnkndy/metasploit-framework into module-cve-2015-0975

commit e0a7f531cc
Author: jstnkndy <jstnkndy@gmail.com>
Date:   Tue Mar 17 10:10:51 2015 -0400

    Added error checking, randomness, uuid delimiters

commit 2ea984423b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 14:08:01 2015 -0500

    while(true)->loop, use thread.join

commit 5fd3637d34
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 14:00:51 2015 -0500

    Remove the i32 size specifier (not needed)

commit 69d9280748
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 13:52:13 2015 -0500

    Fix yard docs, retries, push.i8 instructions. See commit 05138524e3

    Note that StagerRetryCount is not defined here, but will be in the parent class once #4934 lands

commit 05138524e3
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 13:35:36 2015 -0500

    Fix yard docs, fix retries, trim bytes, retested and working

commit 69a808b744
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 12:14:42 2015 -0500

    StagerProxy -> PayloadProxy

commit f361e4ee52
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 00:22:10 2015 -0500

    Prefer the new-style proxy datastore options when available

commit 7e89281485
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 00:03:31 2015 -0500

    Adds proxy (with authentication) support to reverse_http(s)

commit 8e37342c50
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Mar 14 16:52:04 2015 -0500

    Comment typo

commit 0d12ca49a7
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Mar 14 16:19:13 2015 -0500

    Work around lack of option normalization during size calculation

commit 03019cf451
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Mar 14 15:53:21 2015 -0500

    Adds StagerVerifySSLCert support (SHA1 of HandlerSSLCert)

commit 11593800b6
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Mar 14 15:52:23 2015 -0500

    Move X509 PEM parsing into Rex::Parser::X509Certificate

commit 1001061a96
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 4 18:52:18 2015 -0600

    Initialize @capture_count

commit 1b1716bcf6
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Feb 22 22:01:01 2015 -0600

    Fix a handful of bugs that broke this modules. Fixes #4799

commit 9730a1655e
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Feb 22 22:00:42 2015 -0600

    Small cleanups to the LLMR responder module

commit bdd5276524
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Feb 22 21:53:47 2015 -0600

    This fixes a number of issues with the Capture mixin

     * The use of www.metasploit.com in a datastore option results in a DNS lookup (infoleak). Switch to 8.8.8.8 (TTL=1)
     * The hackey code around #each_packet is no longer necessary in newer Ruby versions
     * The arp()/probe_gateway() calls to inject_reply() had broken logic leading to early exit and missed replies
     * The arp() function now tries up to three times to get a reply (helpful with lossy L2)
     * GC.start is extraneous and should be removed
     * Increased timeouts

commit 615d71de6e
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Feb 22 21:51:33 2015 -0600

    Remove extraneous calls to GC.start()

commit 44a7e7e4bc
Author: jakxx <jakx.ppr@gmail.com>
Date:   Wed Feb 18 13:22:54 2015 -0500

    publish-it fileformat exploit

commit 766a07a904
Author: jstnkndy <jstnkndy@gmail.com>
Date:   Tue Jan 13 22:08:08 2015 -0500

    Add CVE-2015-0975 XXE for OpenNMS <= 14.0.2
2015-03-19 10:47:33 -05:00
Matt Buck f29a3f69e9 Merge branch 'master' into staging/rails-4.0
Conflicts:
	Gemfile.lock
	metasploit-framework-db.gemspec
2015-03-17 15:47:48 -05:00
Brent Cook 7a212a01eb
Land #4917, @hmoore-r7 avoid another payload size recalc 2015-03-13 08:43:33 -05:00
Brent Cook b68e05e536
Land #4914, @hmoore-r7 and @BorjaMerino winhttp stagers 2015-03-13 08:24:11 -05:00
HD Moore a57f02b863 Remove invalid SECURITY_FLAG_IGNORE_REVOCATION flag 2015-03-12 23:01:04 -05:00
HD Moore 744b1a680e Reworks how payload prepends work internally, see #1674 2015-03-12 02:30:06 -05:00
HD Moore 376d05f797 Avoid instantiating the module during recalculate 2015-03-12 01:02:37 -05:00
scriptjunkie dfbc50ff47 Make Host header override optional 2015-03-11 23:15:45 -05:00
HD Moore 8bae58d631 Updated cache sizes 2015-03-11 21:25:12 -05:00
HD Moore 631e1606bf Fix WinHttpSetOption & stack parameters 2015-03-11 21:05:18 -05:00
scriptjunkie 401d553f84 Use host header in reverse_http(s) 2015-03-11 19:40:52 -05:00
HD Moore 1135e5e073 First take on WinHTTP stagers, untested 2015-03-11 16:27:14 -05:00
Brent Cook ceeee4446f
Land #4904, @hmoore-r7 reworks reverse_http/s stagers
They are now assembled dynamically and support more flexible options,
such as long URLs.
2015-03-11 10:41:59 -05:00
HD Moore 1d17e9ab5b Remove the 256 byte limit for URLs 2015-03-10 15:27:04 -05:00
HD Moore 5f382e539a Updated required_space to count all 256 bytes of the URL 2015-03-10 15:17:09 -05:00
HD Moore dedf3726ea Simplify the uri_req_len logic, thanks @bcook-r7 2015-03-10 15:12:02 -05:00
William Vu 736f0b34be
Land #4902, @nstarke's db_connect warning message 2015-03-10 14:12:47 -05:00
William Vu 3c7b061e05 Use single quotes
But I like double quotes. :(
2015-03-10 14:03:13 -05:00
William Vu 72e7691300 Change print_status to print_error
And drop db_disconnect note to another line.
2015-03-10 13:31:35 -05:00
HD Moore 966848127a Refactor x86 Windows reverse_http and reverse_https stagers 2015-03-10 12:48:30 -05:00
William Vu e81f2e366c Refactor db_{status,connect} a bit
Also allow for db_connect help.
2015-03-10 12:35:58 -05:00
nstarke ee8318d5c4 Adding db_disconnect qualifying statement 2015-03-10 11:58:04 +00:00
Brent Cook 97f09b6ab0
Land #4894: hmoore-r7 cache payload sizes on start
Avoid the hit of regenerating all of the static-size payloads when
loading the framework. This will facilitate conversion of payloads to
use metasm later.
2015-03-09 23:06:55 -05:00
nstarke 187a0445f3 Issue #4868 - Adding warning message to db_connect when already connected 2015-03-10 00:02:34 +00:00
HD Moore 78456fb2e0 Correct a typo (stringified symbol loses the :) 2015-03-09 15:42:23 -05:00
HD Moore 038591497f YARD docs for the Msf::Util::PayloadCachedSize class 2015-03-09 15:39:19 -05:00
HD Moore 99e2b05597 Move the cache update logic into a utility class 2015-03-09 15:29:58 -05:00
HD Moore 8c635243d3 Fix whitespace in the regex, implements Msf::Payload.dynamic_size? 2015-03-09 13:15:06 -05:00
Brent Cook 603179176a
Land #4876, @hmoore-r7 give encoders and payloads space available 2015-03-09 11:50:46 -05:00
Samuel Huckins 08df0bfaca
Land #4858, RPC client true/truthy fix
* Misc ruby cleanup and fixing the issue that caused MSP-12235, rolling back the
full rollback of PR 4823
2015-03-09 11:35:57 -05:00
HD Moore c3479ba747 Update msfvenom & PayloadGenerator to pass in available_space 2015-03-09 01:14:56 -05:00
sinn3r a91a29d4e5 Add a comment explaining about the error key 2015-03-08 23:51:43 -05:00
HD Moore d46635ff8b Restore a comment lost in the code churn 2015-03-07 21:25:35 -06:00
HD Moore 853bf1b569 Accidental carry over from stale master 2015-03-07 20:48:22 -06:00
HD Moore 2e49791bef This implements payload size caching, speeding up framework loads 2015-03-07 20:44:19 -06:00
William Vu 5316e0f0ce
Land #4887, msfconsole -n store_loot fix 2015-03-07 17:14:21 -06:00
sinn3r f3494d9019 Correct grammar in BES 2015-03-07 16:04:06 -06:00
joev ca3b2220b5 Check to ensure Mdm is loaded to fix store_loot. 2015-03-05 23:27:13 -06:00
Brent Cook a13cd2bcb7
Land #4880: @wchen-r7 check if module has session before comparison 2015-03-05 20:48:42 -06:00
jvazquez-r7 9f3f8bb727
Merging #3323 work 2015-03-05 15:44:15 -06:00
Samuel Huckins 7cb3e236fb
Adding back prepended colons
Don't seem to be needed but don't want to introduce that change.
2015-03-05 14:06:50 -06:00
Samuel Huckins 02d30b3d44
Changes workspace cmd ordering to updated_at asc 2015-03-05 14:05:24 -06:00
Samuel Huckins 84df403d11
Land #4852, vuln note import/export addition 2015-03-05 13:54:22 -06:00
sinn3r 31191bef39 Fix #4865, undef method 'ancestors' in lib/msf/core/payload_set.rb
Fix #4865
2015-03-05 12:49:51 -06:00
jvazquez-r7 5ede40a39d Change the variable name 2015-03-05 12:21:33 -06:00
jvazquez-r7 e0a22a6794 Add support for folder 2015-03-05 12:19:33 -06:00
HD Moore 7a354f322c Comment typo (missing i). 2015-03-04 20:11:41 -06:00
HD Moore 95f67dba7a Tell payloads and encoders how much space they have to work with 2015-03-04 19:25:04 -06:00
jvazquez-r7 36375fab28 Fix downcase path handling 2015-03-04 12:58:41 -06:00