sinn3r
f66fc15b9e
Add support for webrtc in meterpreter
2014-02-06 10:44:24 -06:00
Meatballs
76515092ce
Small mime changes
2014-02-03 23:28:26 +00:00
Meatballs
595e5fd8b1
Correct mime logic
2014-02-03 21:59:17 +00:00
Meatballs
83925da2f1
Refactor form_data code
2014-02-03 21:16:58 +00:00
Meatballs
8b33ef1874
Not html its form-data...
2014-02-02 13:57:29 +00:00
Meatballs
9f35407a0c
Add MIME to_html method
2014-02-01 00:37:01 +00:00
OJ
b60398b020
Merge branch 'upstream/master' into clipboard_monitor
...
Conflicts:
lib/rex/post/meterpreter/extensions/extapi/tlv.rb
2014-01-29 23:07:05 +10:00
OJ
ad1dce38d2
Final fixes before the monitor PR
2014-01-29 23:04:43 +10:00
OJ
2ef0e7e2a5
Small tidy of code
2014-01-29 17:07:06 +10:00
OJ
e27707cac3
More tweaking of the clipboard monitor with dump/purge
2014-01-29 14:51:03 +10:00
OJ
10ac7a22af
Land #2897 Sane address resolution [FixRM #7259 ]
2014-01-28 23:09:44 +10:00
Meatballs
6d9e395d40
Use LPVOID to avoid ptr trunc
2014-01-24 23:27:56 +00:00
Tod Beardsley
1ff063d7de
Test the object not the class duhhh
2014-01-24 11:46:48 -06:00
Tod Beardsley
37b11ce2e1
Use Class#kind_of? instead of ==
2014-01-24 11:31:04 -06:00
Meatballs
9fce617462
Fixup railgun utils
...
Implement DsGetDcNamea to return current domain using example
railgun utils techniques.
2014-01-24 16:22:05 +00:00
Tod Beardsley
4bac297f66
Land #1473 , add LDAP hotness
2014-01-23 18:11:39 -06:00
Joe Vennix
de06480f4f
Add a defined? check to fix older versions of OpenSSL.
...
Older versions of OpenSSL did not export the OP_NO_COMPRESSION constant,
so users running metasploit on systems with old copies of openssl
would throw a NameError since the constant did not exist.
2014-01-23 14:51:47 -06:00
Meatballs
9acd0f4b56
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-22 21:46:50 +00:00
Tod Beardsley
636c43dcdc
Land #2736 , basic ADSI support via meterp extapi
2014-01-22 15:24:01 -06:00
Tod Beardsley
90207628cc
Land #2666 , SSLCompression option
...
[SeeRM #823 ], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
OJ
83358fbbf0
More work on the clipboard monitor
2014-01-22 22:56:13 +10:00
OJ
a7d4aa5d46
Merge branch 'upstream/master' into clipboard_monitor
...
Conflicts:
lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
2014-01-22 11:51:10 +10:00
James Lee
e9ccec4755
Refactor load_session_info
...
All of this code is in sore need of some specs but I think this change
makes it a bit easier to understand what it is supposed to be doing.
2014-01-21 18:55:54 -06:00
Tod Beardsley
0b6e03df75
More comment docs on SSLCompression
2014-01-21 16:48:26 -06:00
Meatballs
720f892e2f
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-21 21:00:51 +00:00
William Vu
dc4b4218b3
Make {COUNT,SIZE}_MAX more readable
...
Good suggestion, @jlee-r7.
2014-01-21 12:13:14 -06:00
William Vu
6a16cf96ba
Fix bug in fsupload
...
Badchar analysis: file may contain form feeds.
2014-01-21 11:36:24 -06:00
OJ
9212013c3e
Add error message support
...
This commit enables returning of error messages based on the HRESULT.
They still aren't nice, but they're better than nothing.
2014-01-17 11:42:07 +10:00
jvazquez-r7
ac9e634cbb
Land #2874 , @mandreko's sercomm exploit fixes
2014-01-16 16:35:32 -06:00
sinn3r
a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules
2014-01-16 15:57:38 -06:00
William Vu
9bf90b836b
Add environment variables support
2014-01-16 14:53:25 -06:00
William Vu
0915212249
Fix socket timeout bug
2014-01-16 11:58:37 -06:00
jvazquez-r7
0b9ff43217
Make slice_up_payload easier
2014-01-16 11:03:22 -06:00
jvazquez-r7
f41849c921
Clean CmdStagerEcho
2014-01-16 11:00:57 -06:00
OJ
8e1d3c9c2a
Final tweaks for WMI support
2014-01-16 22:02:28 +10:00
OJ
69abffaff6
First pass of WMI support
...
Close but more to do.
2014-01-16 13:47:46 +10:00
William Vu
311704fc0a
Perform final cleanup
2014-01-15 13:49:37 -06:00
OJ
870349acd0
Merge branch 'upstream/master' into basic_adsi_support
2014-01-15 19:57:07 +10:00
Matt Andreko
b7b1ddf1e8
Sercomm Exploit module fixes
...
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
2014-01-13 16:58:32 -05:00
sinn3r
cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells
2014-01-10 14:29:32 -06:00
William Vu
b43a221959
Land #2855 , Rex::Socket refactor and specs
2014-01-09 16:20:50 -06:00
James Lee
ba252ec0c3
Use 'unless' instead of 'if not'
2014-01-09 16:01:58 -06:00
James Lee
7cb6836209
Replace unused var with purpose-revealing comment
2014-01-09 15:07:04 -06:00
James Lee
27133257a4
Better docs, more accurate var names
2014-01-09 15:05:19 -06:00
James Lee
20a5bf45f5
Fix beug with #next raising after the end
...
... instead of the old behavior or just returning nil again
2014-01-09 15:03:11 -06:00
William Vu
1893cbca0e
Land #2843 , RangeWalker resolution failure bug fix
2014-01-09 14:36:32 -06:00
James Lee
1519af33f5
Refactor `getaddress` in terms of `getaddresses`
2014-01-09 11:03:24 -06:00
jvazquez-r7
85203c2f2a
Land #2823 , @mandreko's exploit module for OSVDB 101653
2014-01-09 10:27:44 -06:00
James Lee
01f350964f
Add specs for some stuff in Rex::Socket
2014-01-09 10:19:19 -06:00
William Vu
27f079ad7c
Move {begin,end}_job from libs to modules
2014-01-09 01:03:01 -06:00
William Vu
025fc79683
Refactor commands for modularity
2014-01-09 01:03:01 -06:00
William Vu
3fca11e5ac
Replace magic numbers with constants
2014-01-09 01:03:01 -06:00
William Vu
2f2823e323
Remove newline from end_job to conform to spec
2014-01-09 01:03:01 -06:00
William Vu
d3bbe5b5d0
Add filesystem commands and new PoC modules
...
This commit also refactors some of the code.
2014-01-09 01:03:01 -06:00
William Vu
af66310e3a
Address @jlee-r7's comments
2014-01-09 01:03:01 -06:00
William Vu
bab32d15f3
Address @wchen-r7's comments
2014-01-09 01:03:00 -06:00
William Vu
1c889beada
Add Rex::Proto::PJL and PoC modules
2014-01-09 01:03:00 -06:00
Matt Andreko
d2458bcd2a
Code Review Feedback
...
Migrated the Sercomm module to use the CmdStager mixin to provide
uploading of the ELF binary.
Modified the CmdStagerEcho mixin to allow bypass of the "-en " since in
this case, the device messed up when it was used, and would actually
write the "-en " to the file, from some flaky busybox version of "echo".
2014-01-08 22:21:32 -05:00
James Lee
4bfe6b1b08
Remove pointless checks and add some docs
2014-01-08 14:37:40 -06:00
James Lee
4ba0020934
Simplify the logic deciding when we're finished
2014-01-08 14:22:44 -06:00
James Lee
22bdca92f4
Remove the ipv6 attr on Range
...
Makes more sense in the option hash.
2014-01-07 16:52:34 -06:00
James Lee
9c23910b69
Refactor Socket::Range
...
There was really no reason for it to inherit from Array. Also adds a few
more specs and gets coverage up to a more respectable percentage.
2014-01-07 16:31:55 -06:00
James Lee
2ed9772080
Fix unhandled exceptions when resolution fails
2014-01-07 12:00:04 -06:00
OJ
e3b90f3c4e
Fix issue with incorrect parameter parsing
...
Code was looking for -s instead of -a when dealing with domain
queries. This commit fixes that.
2014-01-05 20:06:47 +10:00
Tod Beardsley
bd2033c587
Land #2814 , streaming webcam STDAPI add
2014-01-03 12:09:25 -06:00
OJ
ef281bf31d
Adjust the getenv API
...
The getenv call in sys/config was renamed to getenvs and now uses
the splat operator so that arrays don't have to be passed in. A
new function called getenv was added which takes a single argument
and returns a single value back (for ease of use).
2014-01-03 08:05:45 +10:00
Joe Vennix
694cb11025
Add firefox platform, architecture, and payload.
...
* Enables chrome privilege exploits in firefox to run a javascript cmd
shell session without touching the disk.
* Adds a spec for the addon_generator.
2014-01-02 10:48:28 -06:00
sinn3r
e6823c39c2
Incorrect variable used
2014-01-02 00:50:32 -06:00
sinn3r
92a0ff1096
Add webcam livestream feature for meterpreter
...
[SeeRM #8729 ] - This meterpreter command allows the attacker to observe the target at real-time
by turning their webcam live. There is also a HTML-based player provided, which does not require
a plugin or anything, just open it with a browser. The HTML-based player also allows the attacker
to put livestream on the web (evil? yeah, kind of.)
2013-12-30 18:38:13 -06:00
jvazquez-r7
8986659861
Land #2804 , @rcvalle's support for disasm on msfelfscan
2013-12-30 12:24:22 -06:00
Ramon de C Valle
c1f377fda6
Add disasm option to msfelfscan
2013-12-26 16:26:45 -02:00
Meatballs
3ef1c0ecd6
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2013-12-19 14:25:07 +00:00
Meatballs
244cf3b3f6
Merge remote-tracking branch 'upstream/pr/2736' into enum_ad_perf
2013-12-19 13:59:57 +00:00
Meatballs
ca1c887e68
Add missing ]
2013-12-15 01:12:50 +00:00
Meatballs
a930056d7f
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
Conflicts:
lib/msf/core/post/windows/services.rb
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb
2013-12-15 01:12:45 +00:00
Spencer McIntyre
a08c420862
Add railgun definitions for local exploit relevant functions.
2013-12-12 10:26:08 -05:00
OJ
64b1e78e34
Fix page size and max results
2013-12-11 00:03:05 +10:00
OJ
8a1517fde8
Fix issues with missing params on computer enum
...
No more late night and rushed commits, its still and wastes people's time.
Thanks sinn3r for getting on this. Apologies for the poor quality of the PR.
2013-12-10 21:06:28 +10:00
OJ
2237419134
Merge branch 'upstream/master' into basic_adsi_support
2013-12-10 20:58:38 +10:00
Meatballs
45a0ac9e68
Land #2602 , Windows Extended API
...
Retrieve clipboard data
Retrieve window handles
Retrieve service information
2013-12-08 19:01:35 +00:00
Meatballs
e5a92a18a5
and expand path
2013-12-08 19:01:03 +00:00
Meatballs
3c67f1c6a9
Fix file download
2013-12-08 18:57:10 +00:00
OJ
a3c050c8b6
Added page size setting
2013-12-08 23:29:42 +10:00
OJ
8172596c0b
Fix rendering of result total
2013-12-08 20:58:03 +10:00
OJ
f13736d208
Add support for general domain queries
...
Specific queries are just wrappers over the top of the domain query
2013-12-08 20:41:30 +10:00
OJ
35b051174c
Add basic ADSI enum of users and computers
2013-12-07 00:22:54 +10:00
OJ
e90b7641ca
Allow self-destruct via "kill -s"
...
HTTP(s) payloads don't exit cleanly at the moment. This is an issue that's
being addressed through other work. However, there's a need to be able to
terminate the current HTTP(s) session forcably.
This commit add a -s option to kill, which (when specified) will kill
the current session.
2013-12-06 14:56:19 +10:00
OJ
4ca48308c1
Fix downloading of files
2013-12-06 13:40:20 +10:00
OJ
1d757c40db
Remove empty parens
2013-12-04 07:10:23 +10:00
OJ
8b77da4ef7
Fix non-rubyisms
2013-12-04 07:06:32 +10:00
OJ
18e1d9ce17
Revert "Start clipboard monitor functionality"
...
This reverts commit ecbdfd3502
.
I don't know how this got in there, as it's in another branch waiting for more work.
My bad.
2013-12-04 07:03:12 +10:00
sinn3r
4d3d02ae01
Land #2667 - Add num and dword output format
2013-12-02 13:52:17 -06:00
jvazquez-r7
0343aef7c8
Land #2695 , @wchen-r7's support to detect silverlight
2013-11-27 09:40:12 -06:00
sinn3r
5d10b44430
Add support for Silverlight
...
Add support for Silverlight exploitation. [SeeRM #8705 ]
2013-11-26 14:47:27 -06:00
OJ
1a65566005
Add the getenv command which pulls env vars from the victim
...
This command will allow the attacker to grab environment variables from the
target, if they exist. Calling this function allows for one or more values
to be passed in, which should match the name of the variable required. If
the variable is found, it is returned. If it is not found, the variable
is not returned (ie. it's not present in the resulting hash).
Note 1: POSIX environment vars are case-senstive, whereas Windows is not.
Note 2: POSIX doesn't seem to cough up user environment vars, it only returns
system vars. I'm not sure why this is, but it could be because of the way
we do linking on POSIX.
2013-11-26 10:05:50 +10:00
OJ
86b6d647bf
Merge branch 'upstream/master' into ext_server_extapi
2013-11-25 07:43:36 +10:00
OJ
4d1c3c1f01
Start clipboard monitor functionality
...
Added the basics of the clipboard monitor functionality with usage
messages and stuff like that. Lots more to do.
2013-11-22 13:31:40 +10:00
corelanc0d3r
742c52711a
added 2 new output types for msfencode: num and dword
2013-11-20 22:36:17 +01:00
Joe Vennix
e10f9cc518
More whitespace fixes.
2013-11-20 15:07:51 -06:00
Joe Vennix
739c7b4ca2
More dead code and tweaks.
2013-11-20 14:44:53 -06:00
Joe Vennix
3ff9da5643
Remove compression options from client sockets.
...
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
2013-11-20 14:41:45 -06:00
OJ
ecbdfd3502
Start clipboard monitor functionality
...
Added the basics of the clipboard monitor functionality with usage
messages and stuff like that. Lots more to do.
2013-11-21 06:29:37 +10:00
Joe Vennix
b70b594a2a
Kill extraneous comma.
2013-11-20 13:47:47 -06:00
Joe Vennix
a7b01e3b72
Put initialize params back on one line, and move attr_accessors.
...
As per @hdm's feedback
2013-11-20 12:29:09 -06:00
Joe Vennix
e74e75fe6f
Revert changes to legacy rescues.
2013-11-20 12:20:34 -06:00
Joe Vennix
9f103f8621
Whitespace tweak.
2013-11-20 01:15:15 -06:00
Joe Vennix
f8b57d45cd
Reenable the client SSLCompression advanced option.
...
Add spec for some of the additions to Rex::Proto::Http::Client
2013-11-20 01:03:13 -06:00
Joe Vennix
d51b92b06f
Turns out & ~ does work.
...
Decided not to expose this as a datastore option for the Client,
but it can be used internally to toggle the compression.
2013-11-20 00:01:48 -06:00
Joe Vennix
a8c55f23a7
Remove &~ bit-clearing method in favor of defaults.
...
For some reason the OP_ALL & ~OP_NO_COMPRESSION method doesnt work,
but it is late and the default is false anyways.
2013-11-19 23:42:58 -06:00
Joe Vennix
109fc5a834
Add SSLCompression datastore option.
...
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.
This also kills some ruby < 1.9.3 code.
2013-11-19 22:34:39 -06:00
jvazquez-r7
647c867c2d
Land #1681 , @sempervictus Rex::Text::Ui::Table [] method
2013-11-19 16:30:09 -06:00
jvazquez-r7
e1eddc84aa
Check for inexistent column names
2013-11-19 16:02:52 -06:00
jvazquez-r7
162d433014
Use snake_case for variables
2013-11-19 15:46:11 -06:00
jvazquez-r7
6a13a0eee6
fix indentation
2013-11-19 15:42:12 -06:00
jvazquez-r7
7435d74c59
Land #2093 , @sempervictus MaxChar for Rex::Ui::Text::Table cols
2013-11-19 13:34:45 -06:00
jvazquez-r7
4cf16cf360
Land #2633 , @OJ's port of Kitrap0d as local exploit
2013-11-14 09:27:10 -06:00
sinn3r
2fc43182be
Land #2622 - Fix up proxy/socks4a.rb
2013-11-12 18:22:32 -06:00
jvazquez-r7
ef6d9db48f
Land #2613 , @wchen-r7's BrowserExploitServer mixin
2013-11-12 17:33:12 -06:00
William Vu
8d4d7dae50
Restore comment header and remove carriage returns
2013-11-11 12:16:14 -06:00
sinn3r
d483f2ad79
Land #2618 - rm shebangs
2013-11-11 11:55:23 -06:00
Jonathan
36064ca886
remove EOL carriage return from socks4a.rb
2013-11-11 12:47:41 -05:00
OJ
6a25ba18be
Move kitrap0d exploit from getsystem to local exploit
...
This version modifies the existing meterpreter session and bumps the privs
up to SYSTEM. However it's not how local exploits are supposed to work.
More work will be done to make this create a new session with the elevated
privs instead.
2013-11-11 17:14:40 +10:00
Jonathan
26482f9ebd
reset head~2 and removed shebang from unattend.rb
2013-11-09 15:05:56 -05:00
Tod Beardsley
cc9ac7695d
Land #2592 , add getproxy
...
Needed for new functionality in #2612
2013-11-08 13:20:20 -06:00
Jonathan
575072585f
removed shebangs from files within rex
2013-11-07 18:51:59 -05:00
scriptjunkie
7615264b17
Merge branch 'lanattacks_fix' of git://github.com/OJ/metasploit-framework into OJ-lanattacks_fix
2013-11-07 10:35:00 -06:00
sinn3r
991240a87e
Support java version detection
2013-11-07 00:54:52 -06:00
OJ
1dacf7e57e
Last lot of shebangs removed
2013-11-07 07:35:51 +10:00
OJ
6422e1d6e8
Remove shebang, code tidy, as per @jlee-r7's gripes
2013-11-07 07:32:04 +10:00
OJ
7dcb071f11
Remote shebang and fix pxexeploit
2013-11-06 07:10:25 +10:00
sinn3r
5f2d8358c0
Be more browser specific with Javascript generation
2013-11-05 01:04:52 -06:00
OJ
d1e008387a
Stop auto preview, code clean
...
Removed the auto preview of captured images from the clipboard.
Removed parens from calls to print_line.
2013-11-05 07:15:31 +10:00
OJ
f62247e731
Fix comments, indenting and pxexploit module
...
Updated the comments and indentation so they're not blatantly wrong.
Adjusted the pxexploit module so that it doesn't break any more as
a result of the refactoring.
2013-11-05 06:35:50 +10:00
OJ
ff78082004
Refactor lanattacks ruby code, add command dispatcher
...
The lanattacks module didn't seem to have a command dispatcher, and
hence loading the module would always result in a failure. This
commit fixes this problem.
The commit contains a bit of a refactor of the lanattacks code to be
a little more modular. It also has a shiny new dispatcher which breaks
the DHCP and TFTP functionality up into separate areas.
2013-11-04 17:37:42 +10:00
joev
bccbed2757
Rename :use_xhr_shim to :inject_xhr_shim.
2013-11-02 16:52:04 -05:00
joev
90d8da6a21
Fix some bugs in my edits, add a spec.
2013-11-02 16:46:33 -05:00
joev
c7c1fcfa98
Pull shared XHR shim out, add option to static Js module method.
...
* Moves shim to data/js/network/xhr_shim.js
* Add some yardoc comments
2013-11-02 14:52:50 -05:00
OJ
d658fa46b4
Updated help, removed binaries
2013-11-02 23:10:16 +10:00
OJ
67fbeacbf0
Add support for optional image downloading
...
Without -d, `CF_DIB` types will just show image dimensions. Running
with -d will result in the image being looted.
2013-11-02 23:07:13 +10:00
sinn3r
6e7e5a0ff9
Put postInfo() in the js directory
2013-10-31 13:55:22 -05:00
William Vu
f5d1d8eace
chmod -x .rb files without #! in modules and lib
...
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
OJ
2fbac9b129
Add `getproxy` command
...
This command pulls out system proxy details on windows machines.
2013-10-30 18:40:51 +10:00
OJ
1f6c320bb3
Tidy up of extapi code, new bins
...
* Rename methods to remove redundancy.
* Update bins to freshly compiled version.
* Use the Rex Table functionality instead of custom look.
* Use the `usage` feature of the Arguments class for help.
2013-10-29 21:22:05 +10:00
OJ
606411de81
Fix mimikatz error when password is nil
...
In some cases the password value that comes out of mimikatz results
is `nil`, instead of an empty string. This fixes this so that if
the string is `nil` is falls back to an empty string, resulting in
the call to `gsub` working instead of failing.
2013-10-29 15:13:32 +10:00
Tod Beardsley
b5f26455a3
Land #2545 , javascript library overhaul
2013-10-23 16:12:49 -05:00
sinn3r
ee95ca5e2b
Land #2158 - Fix NoMethodError undefined method `split' for nil:NilClass
2013-10-22 16:01:27 -05:00
sinn3r
e1c4aef805
Land #1789 - Windows SSO Post Module
2013-10-22 15:48:15 -05:00
sinn3r
afcce8a511
Merge osdetect and addonsdetect
2013-10-22 01:11:11 -05:00
sinn3r
19615ac4b7
Apparently I missed a lot of stuff
2013-10-21 21:02:01 -05:00
sinn3r
fcba529ea5
Update coding format
2013-10-21 20:54:25 -05:00