Commit Graph

11349 Commits (d4cf9a4eb90646c15d2c8709550d8d2073a50a02)

Author SHA1 Message Date
Jack64 ad86a72918 send_sms + wlan_geolocate 2015-07-20 01:16:58 +01:00
xistence 844b47e8ce Additional changes 2015-07-18 14:10:46 +07:00
wchen-r7 da445a52aa Update URIHOST and URIPORT 2015-07-16 14:27:46 -05:00
wchen-r7 1fdbcc71c1 Support URIHOST and URIPORT for exploit URI generation 2015-07-16 14:10:49 -05:00
xistence 7f05403ae0 Added certutil cmdstager 2015-07-16 13:20:05 +07:00
wchen-r7 73fd4bd853 Allow the notes command to save notes as a file
The -o option can save notes as a file.
2015-07-16 00:28:15 -05:00
wchen-r7 18ca617c23
Land #5649, Fix undefined sysinfo method error in meterpreter.rb 2015-07-15 23:27:02 -05:00
William Vu f6cdbb65dd
Land #5706, Kiwi creds_* -o write to file 2015-07-15 15:43:29 +00:00
jvazquez-r7 886ca47dfb
Land #5650, @wchen-r7's browser autopwn 2 2015-07-15 10:21:44 -05:00
OJ b6e25506d0 Add a common user agent list, use the shortest for Meterpreter 2015-07-15 13:03:47 +10:00
wchen-r7 4f8f640189 Rename autopwnv2 to just autopwn2 2015-07-14 17:38:51 -05:00
jvazquez-r7 709676e6cc
Make exploits quiet 2015-07-14 17:00:44 -05:00
wchen-r7 219d0032fa Do print_good to make this important stand up more 2015-07-14 15:36:35 -05:00
William Vu 6685fc479b Add multi-glob filesystem search to Meterpreter 2015-07-14 20:23:23 +00:00
wchen-r7 1992a5648d Make up our damn mind 2015-07-14 15:09:23 -05:00
wchen-r7 d64f4be691 Check if URIPORT is 0 2015-07-14 14:45:10 -05:00
wchen-r7 5e63b5f93e Can't use cli 2015-07-14 14:37:45 -05:00
wchen-r7 cf714fe4aa Change port logic too 2015-07-14 14:19:00 -05:00
wchen-r7 61d49f29e8 Check nil for SRVHOST option 2015-07-14 14:16:49 -05:00
wchen-r7 8efb4df8af Change the HOST IP logic again 2015-07-14 14:15:32 -05:00
wchen-r7 9980e8f285 Change SRVHOST vs URIHOST vs Rex again 2015-07-14 14:06:33 -05:00
wchen-r7 f76fe07872 Fix SRVHOST 2015-07-14 13:49:28 -05:00
William Vu 9be030bbff Fix nil in executable generation 2015-07-14 18:47:33 +00:00
wchen-r7 9dddb13d0b Slow down on killing exploits
Jobs aren't thread safe, so we kind of have to take it easy.
2015-07-14 13:10:57 -05:00
wchen-r7 2264efac15 Reduce output 2015-07-14 12:22:38 -05:00
HD Moore 100d3c8d46 A number of small fixes for BAPv2
* Use module.register_parent() to pass WORKSPACE and other fields
* Prevent partial resource matching in URIs
* Make disclosure_date sorting resilient
2015-07-14 11:40:28 -05:00
Samuel Huckins 60444c208b
Land #5658, MSF version includes git hash now 2015-07-14 09:21:25 -05:00
wchen-r7 0582e7e3ca Return nil instead of "null"
A scenario is when FF disables Flash, BES returns "null", and when
modules try to use Gem::Version, the "null" is considered a malformed
data and it won't be able to continue.
2015-07-14 01:25:41 -05:00
wchen-r7 8384be6466 Fix rand_text_alpha and bump max exploit count to 21 2015-07-14 01:02:01 -05:00
wchen-r7 d6565a9aee Merge branch 'bes_flash' into bapv2_flash_test 2015-07-14 00:34:54 -05:00
jvazquez-r7 8fb6bedd94
Delete as3 detecotr 2015-07-13 18:23:39 -05:00
jvazquez-r7 8928c5529c
Fix Javascript code 2015-07-13 17:43:04 -05:00
jvazquez-r7 244d9bae64
Add max timeout 2015-07-13 16:52:25 -05:00
jvazquez-r7 9116460cb0
Add prototype with AS3 2015-07-13 16:33:55 -05:00
Brent Cook 07d05828d0
Land #5688, remove msfcli 2015-07-13 15:27:38 -05:00
William Vu 93f154b395
Land #5695, SMTPDeliver STARTTLS unspecific SSL 2015-07-13 18:54:41 +00:00
William Vu 0a5119a4ac
Land #5702, vprint_* optional parameter 2015-07-13 18:47:22 +00:00
William Vu 53bcee011b
Land #5709, s/Filed/Failed/ typo fixes 2015-07-13 18:37:46 +00:00
wchen-r7 884b779b36
Land #5593, CVE-2015-1155 Safari file:// Redirection Sandbox Escape 2015-07-13 11:28:39 -05:00
Mo Sadek 4cd6e0c72b Added "Failed" to line 121 of kdc_request.rb 2015-07-13 11:27:32 -05:00
Mo Sadek 6a5645d747 Changed "Filed" to "Failed" in multiple files 2015-07-13 11:21:20 -05:00
rwhitcroft 0a581be9f9 put -u back for removing transports 2015-07-13 12:10:32 -04:00
OJ 4fc258ec0c Remove duplicate entries, allow for output to file
This commit does a few tidies of code, as well as adds the ability to
write all the kiwi output to disk as well as to the console. We can't
yet add this stuff to the credential DB because it's tied to machine,
where the creds that come out of kiwi are often tied to domains.

This also removes duplicate creds from the output list, and gets rid of
the auth id stuff from the output too (not sure why it was useful
before).
2015-07-13 14:17:31 +10:00
wchen-r7 e638d85f30
Merge branch 'upstream-master' into bapv2 2015-07-12 02:01:09 -05:00
wchen-r7 8d40d30d47 Comemnt 2015-07-11 23:24:01 -05:00
wchen-r7 88357857a0 These datastore options don't need to set anymore 2015-07-11 23:22:05 -05:00
rwhitcroft eaa0d0a44e first msg was better 2015-07-11 22:50:38 -04:00
rwhitcroft 508c9f55df specify transports by index 2015-07-11 22:22:50 -04:00
g0tmi1k a4dc409c12 Add empty default vprint value 2015-07-11 19:38:27 +01:00
Brent Cook 8349a274ea use and include git hash of Framework as part of the version
Because we do not always update the version number, multiple releases have
shown version string, which is not useful for helping debug issues, or for
knowing what features are enabled.

This adds the git hash or reads from a file a copy of the git hash (useful for
doing packaged builds without git) so that it is clear the origin of a
particular metasploit-framework version.
2015-07-10 18:03:37 -05:00
wchen-r7 89aa00cfc4 Check job workspace 2015-07-10 13:09:42 -05:00
wchen-r7 086de2c030 Pass more options 2015-07-10 12:39:43 -05:00
wchen-r7 513dcf3574 We don't need these methods anymore 2015-07-10 12:12:53 -05:00
Brent Cook 493971245a switch nsock locally to TLS - don't assume self.sock is set 2015-07-10 12:10:53 -05:00
Brent Cook 3495d317b5 Do not lock SMTP STARTTLS to only use SSLv3
SSLv3 has been deprecated for some time, and is being actively disabled more
and more (http://disablessl3.com, https://tools.ietf.org/html/rfc7568).

To maintain forward compatibility, do not specify a maximum version
and insteady use the default from the local OpenSSL library instead. Fallbacks
to older versions will happen on handshake as needed.
2015-07-10 11:17:31 -05:00
OJ 51f59b3c8c Re-add URI generation to reverse_http 2015-07-10 16:21:55 +10:00
wchen-r7 f59c99e2ff Remove msfcli, please use msfconsole -x instead
msfcli is no longer supported, please use msfconsole.

Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
wchen-r7 21e44f235e Example of doing Flash detection with Flash 2015-07-08 13:18:57 -05:00
Brent Cook 0b59e63084 keep advanced options on the fat side of the conditional 2015-07-07 22:44:34 -05:00
Brent Cook 23abc288c8 Resolved conflicts with master 2015-07-07 22:34:30 -05:00
wchen-r7 fdb715c9dd
Merge branch 'upstream-master' into bapv2 2015-07-07 13:45:39 -05:00
wchen-r7 dc0ce88279 We're note actually using Mubex, it might be causing a crash too
A problem we are seeing is that sometimes when BAP terminates
(ie: jobs -K), we hit a deadlock while jobs are trying to cleanup,
and sometimes that might cause msfconsole to crash and terminate.
We suspect this Mubex is a contributing factor but it has been hard
to prove because it's very hard to reproduce the crash.
2015-07-07 00:32:20 -05:00
wchen-r7 4a70e23f9a Add ExploitReloadTimeout datastore option
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
HD Moore 0a4c6fb92f Merge branch 'master' of github.com:rapid7/metasploit-framework 2015-07-06 14:24:52 -05:00
HD Moore c68064ba36
Lands #5671, re-integrates SMB fdleak/timeout settings 2015-07-06 14:23:59 -05:00
Mo Sadek 366d42a0d8
Land #5609, Fuzzer.rb and file_info.rb YARD doc update 2015-07-06 14:12:55 -05:00
Mo Sadek 25bdf7a50a
Land #5427, check payload compatability for set payload fix 2015-07-06 12:56:21 -05:00
jvazquez-r7 3595a23673 Restore #3738 2015-07-06 11:22:22 -05:00
Samuel Huckins 174c90ccde
Updating version to match current
* This will be changed to the most recent git hash for next round,
at least making accurate for now.
2015-07-06 10:28:34 -05:00
Spencer McIntyre 2a89e248d7 Pymet fix send uuid logic for Python 3.x 2015-07-06 11:20:34 -04:00
HD Moore 3150549634 Experimental output show/hide for BAPv2 2015-07-05 19:07:10 -05:00
HD Moore d2063c92e1 Refactor datastore names to match standards 2015-07-05 18:21:45 -05:00
joev 60a896f58b Adjust extension timeout. 2015-07-05 16:48:25 -05:00
joev b577f79845 Fix some bugs in the safari file navigation module. 2015-07-05 16:46:18 -05:00
OJ aaaf6807ed Minor indentation/space fixes 2015-07-05 09:18:27 +10:00
HD Moore 3c7298ba80 Fix additional copy-pasta cases of #5662 2015-07-04 12:38:04 -05:00
HD Moore fb2da00bfd Fix #5662 by not generating a small uri by default 2015-07-04 09:27:18 -07:00
Spencer McIntyre 29d45e3b18 Pymet patch in timeout info on generate_stage 2015-07-03 14:12:29 -04:00
wchen-r7 2b0f6e723d Explain the byte sequence 2015-07-03 11:12:59 -05:00
wchen-r7 5c582b76ca Resolves #4380, check for warbird template
Resolves #4380. Adds a check for warbird (license verification)
windows template. For reference please see:
http://thisissecurity.net/2014/10/15/warbird-operation/
2015-07-03 02:38:52 -05:00
Joshua Smith 5be94c12b6
Land #5602, adds irb -e to core 2015-07-02 16:21:20 -05:00
Joshua Smith 434cffa258 clean up so idiomatic ruby details 2015-07-02 16:16:57 -05:00
HD Moore 7858d63036 Typo 2015-07-02 15:34:44 -05:00
HD Moore 43d47ad83e Port BAPv2 to Auxiliary 2015-07-02 15:29:24 -05:00
HD Moore 6e31b9ef53 Initialize and rename the BES mutex 2015-07-02 15:11:03 -05:00
HD Moore c5c7de0091 Rework browser profiles, get back to functional mode 2015-07-02 14:58:43 -05:00
HD Moore c0969d4497 Fix module.uuid references 2015-07-02 13:45:38 -05:00
HD Moore 0e7f610836 Finish browser profile rework in BES 2015-07-02 12:58:21 -05:00
HD Moore b9a8308138 Replace BAP profiles with a framework-instance hash 2015-07-02 12:53:24 -05:00
HD Moore 87e6325737 Revert BAPv2 changes to framework/libraries/handlers 2015-07-02 12:10:21 -05:00
Spencer McIntyre 0af397217c Merge pymet transport feature into fresh branch 2015-07-02 08:43:13 -04:00
wchen-r7 2957924c78
Merge branch 'upstream-master' into bapv2 2015-07-02 01:46:31 -05:00
root c4875a8821 Change sysinfo to sys.config.sysinfo 2015-07-02 11:38:37 +05:00
wchen-r7 a17b27efce Update descriptions 2015-07-01 21:47:51 -05:00
wchen-r7 caddf545c4 Make getsystem more verbose
Resolves #4401
2015-07-01 20:49:14 -05:00
wchen-r7 8051a99f4a
Merge branch 'upstream-master' into bapv2 2015-07-01 18:45:42 -05:00
OJ a5ad56754f Use full namespace for PACKET_TYPE_RESPONSE 2015-07-02 08:03:39 +10:00
HD Moore e7271e3c04 Call the Meterpreter methods directly vs pollute the namespace 2015-07-01 16:04:54 -05:00
William Vu 399b3d2810
Land #5629, moar cmd_exec refactoring 2015-07-01 00:36:19 -05:00
Brent Cook e99d63687f
Land #5608, android and java meterpreter transport and sleep support
This also includes stageless Windows meterpreter fixes for process migration.
2015-07-01 00:23:36 -05:00
OJ a2721323be Handle failure better for first recv 2015-07-01 14:02:40 +10:00
OJ 9c2cd34e92 Fix payload required space, remove WOW64 code from x64 2015-07-01 13:39:05 +10:00
OJ a44c31052b reverse_tcp x64 stager reliability fixes
Also includes a slight tweak to x86
2015-07-01 12:43:41 +10:00
OJ cf8bbbfa3d reverse_tcp 32 bit stager resiliency 2015-07-01 11:03:08 +10:00
Tod Beardsley 37ac5f0ee3 Use environment variables for Program Files
Done, thanks @Meatballs1 !
2015-06-30 17:28:21 -05:00
wchen-r7 7aeb9e555b Change ranking and support CAMPAIGN_ID 2015-06-29 12:13:46 -05:00
jvazquez-r7 02cd2a9cd9
Fix #3951 Update Windows::Registry to use cmd_exec 2015-06-29 12:07:37 -05:00
William Vu 1bfa84b37b
Land #5628, sessions -d removal 2015-06-29 11:45:27 -05:00
jvazquez-r7 834c0e594a
Update multi modules 2015-06-29 11:36:28 -05:00
Mo Sadek dde853b0a0 Fixed "linee" to "line" 2015-06-29 11:27:50 -05:00
Mo Sadek e5836fbdac Removed session -d from core.rb
Ticket #4423
2015-06-29 10:57:50 -05:00
wchen-r7 7742d85f2f I guess that's fine 2015-06-27 20:58:19 -05:00
wchen-r7 6136269ace No can't do this 2015-06-27 13:53:29 -05:00
wchen-r7 5c039ccfd7 Even faster 2015-06-27 13:51:21 -05:00
wchen-r7 9bd920b169
Merge branch 'upstream-master' into bapv2 2015-06-27 12:19:55 -05:00
wchen-r7 88e58cbdc5 Better performance 2015-06-27 12:19:07 -05:00
OJ 007da4af41 Force :init_connect for stageless 2015-06-27 18:21:15 +10:00
Brent Cook 10a6945737
Land #5617, record the success on which we stopped (fixes #5616) 2015-06-26 18:27:49 -05:00
jvazquez-r7 52b49503a0
Land #5498, @hmoore-r7's patch for a number of Net::DNS/enum_dns issues 2015-06-26 18:25:03 -05:00
wchen-r7 b4656f43a4 Fix #5616, Save username before stop_on_success breaks the task
Fix #5616
2015-06-26 18:04:18 -05:00
jvazquez-r7 a10fa02b00
Land #5606, @wchen-r7's glassfish fixes 2015-06-26 14:12:50 -05:00
Spencer McIntyre 79185e91c6 Refactor the pymet to use transport objects 2015-06-26 14:56:31 -04:00
wchen-r7 da779b1101 Fix login for 9.1 2015-06-26 13:52:44 -05:00
wchen-r7 b46e1be22f
Land #5371, Add file checking to the on_new_session cleanup 2015-06-26 13:33:57 -05:00
wchen-r7 0c608e2a4c Change doc for boolean args 2015-06-26 12:01:53 -05:00
wchen-r7 1d9caeffc0 Update documentation for fuzzer.rb and file_info.rb
See #5599
2015-06-26 11:22:30 -05:00
Spencer McIntyre 7aae9b210e Add pymet support for core_enumextcmd 2015-06-26 11:32:51 -04:00
OJ f6ae1f4223
Merge branch 'upstream/master' into android-java-transport-refactor 2015-06-26 14:12:56 +10:00
OJ a773979992 Java config wiring, tweak to include block counts
This commit adjusts the way that the config block is set for java and
android because behind the scenes the stageless connect-backs need to
know what to discard. as a result of connecting back to staged listeners
we need to be able to discard a number of bytes/blocks before we can
continue process (at least in the case of TCP).
2015-06-26 13:59:09 +10:00
Tod Beardsley 15f9fc5d8f
Land #5599, YARD for fuzzer.rb 2015-06-25 14:37:55 -05:00
Mo Sadek 31c35715fc YARD Documentation for file_info.rb 2015-06-25 11:08:35 -05:00
OJ 98156ec944 Add user agent to the transport config
Why this was missing I will never know :)
2015-06-25 14:51:06 +10:00
OJ 5a24dc8e64 Enable the transport command for java 2015-06-25 14:08:41 +10:00
Spencer McIntyre f9642da387 Support expressions for meterpreter's irb too 2015-06-24 21:02:18 -04:00
Spencer McIntyre f6f21724a3 Support expressions for the irb command 2015-06-24 20:52:17 -04:00
wchen-r7 8e4fa80728 This looks good so far 2015-06-24 19:30:02 -05:00
Brent Cook 5c65c58fdf
Land #5598:handle nil or short machine_ids gracefully 2015-06-24 19:11:08 -05:00
OJ d9b6e46685 Merge branch 'upstream/master' into android-java-transport-refactor 2015-06-25 09:50:42 +10:00
HD Moore 24a6e4c110 Comment update 2015-06-24 16:33:07 -05:00
HD Moore 2807fb4f93 Bump the default timeout to 30 seconds based on feedback 2015-06-24 16:15:01 -05:00
HD Moore 4d58e49cdc
Land #5600, update session info after migrate 2015-06-24 15:16:58 -05:00
Meatballs 151fa2f676
Update user info on migrate 2015-06-24 20:50:29 +01:00
HD Moore aa9ea13934 Fix up the core_machine_id call to handle weirdness better 2015-06-24 11:44:54 -07:00
Mo Sadek e0c52730a0 YARD Documentation for Fuzzer.rb 2015-06-24 13:38:11 -05:00
Samuel Huckins ea4d13586c Merge pull request #5587 from trevrosen/bug/MSP-12834/crawler-choke-on-save
MSP-12834 #land
2015-06-24 09:43:51 -05:00
OJ a8c20496be Remove unused code from the java http stager 2015-06-24 22:37:40 +10:00
joev c305348a3b Fix the mixin to work in the exploit again. 2015-06-24 02:19:09 -05:00
joev 8b6fba4988 Tweak and fix some things in Safari file URL module. 2015-06-24 02:08:06 -05:00
OJ e796e56c6c Modify the staging process 2015-06-24 13:22:33 +10:00
wchen-r7 d59c418df6 Fix #5591
Fix #5591
2015-06-23 19:10:14 -05:00
wchen-r7 1af12fd11f Glassfish version 9 2015-06-23 19:09:14 -05:00
Tod Beardsley 18a9585f7a
Add safari module for CVE-2015-1155 2015-06-23 16:15:50 -05:00
William Vu dffc516d6d
Land #5583, Android Meterpreter commands fix 2015-06-23 14:39:37 -05:00
Trevor Rosen 4e3a2b2b35
Upstream merge 2015-06-23 14:11:28 -05:00
HD Moore 3141d4e465 Relocate the mkdir to synced_update 2015-06-23 10:44:15 -07:00
Brent Cook 67e711998b Do not create the payloads.json file until first usage 2015-06-23 12:21:04 -05:00
Brent Cook e75287875b hack android-specific commands back to life 2015-06-22 20:41:58 -05:00
Brent Cook e696d2f3dc Merge branch 'master' into land-5348-ntds 2015-06-22 17:18:13 -05:00
Brent Cook ba340ecec1
Land #5543, add transport delete command 2015-06-22 16:58:47 -05:00
Brent Cook 6a0a410cad fix minor issue typing 'transport remove'
meterpreter > transport remove
[-] Error running command transport: NoMethodError undefined method `end_with?' for nil:NilClass
2015-06-22 16:56:16 -05:00
Trevor Rosen 275e5ff15d Merge branch 'master' into bug/MSP-12834/crawler-choke-on-save 2015-06-22 14:20:35 -05:00
Trevor Rosen d53067b0b7
Fix ctype handling for body-less pages
#5515
2015-06-22 14:17:29 -05:00
Brent Cook 732192aeaf move ntds from priv to extapi 2015-06-22 09:04:08 -05:00
Meatballs 48102aa6eb
Strip newlines so we dont add spaces 2015-06-21 19:13:55 +01:00
Meatballs 65adb7a770
Inlcude interactive channel logging 2015-06-21 17:00:51 +01:00
jvazquez-r7 bf7e0695d0
Land #5570, @todb-r7 Removes references to Iconv gem, since it's deprecated 2015-06-19 17:19:03 -05:00
Meatballs d267efbbbe
Get the filename right 2015-06-19 22:07:00 +01:00
Meatballs 30b2a4aefe
Dont need source 2015-06-19 21:58:14 +01:00
Meatballs 50cd15c52a
Add the logsink 2015-06-19 21:56:39 +01:00
Meatballs 64449d5035
Timestamp session output 2015-06-19 21:50:42 +01:00
Brent Cook 252b573ea8
Land #5547, configurable auto session timeout 2015-06-19 15:35:33 -05:00
wchen-r7 0b0cc3631b
Land #5569, Correct service name for mssql for scanner detection 2015-06-19 15:33:05 -05:00
Meatballs a5469fd906
Remove redundant methods 2015-06-19 21:28:47 +01:00
wchen-r7 bd097e3264
Land #5497, Refactor LoginScanner::SNMP to be fast and less buggy 2015-06-19 14:57:36 -05:00
jvazquez-r7 34d5d92646
Land #5555, @Th3R3p0's support for for RFB Version 4 2015-06-19 14:15:04 -05:00
Greg Mikeska d672ac1601
Correct service name for mssql for scanner detection 2015-06-19 13:54:31 -05:00
jvazquez-r7 7eeb8805ee
Do minor code cleanup 2015-06-19 13:37:02 -05:00
wchen-r7 ef57afbfcf Explain about performance problems 2015-06-19 13:35:14 -05:00
Tod Beardsley 01e37386dd
Add some YARD docs to the ebcdic methods 2015-06-19 12:59:47 -05:00
Tod Beardsley a004c72068
Get rid of the encode test and iconv fallback 2015-06-19 12:30:20 -05:00
Tod Beardsley afe5bb54c3
Get rid of the fall through methods 2015-06-19 12:24:07 -05:00
Tod Beardsley 34ece37f26
First off, iconv is gone, and zlib is stdlib 2015-06-19 12:17:43 -05:00
wchen-r7 9da99a8265
Merge branch 'upstream-master' into bapv2 2015-06-19 11:36:27 -05:00
OJ 8656add0ad Add uri parameter when removing http/s transports 2015-06-19 10:55:22 +10:00
Brent Cook 7f27fd0cf2 adjust for user name size changes 2015-06-18 11:17:08 -05:00
g0tmi1k ce9481d2b7 Inconstancy - If datastore['VERBOSE'] vs vprint 2015-06-18 09:27:01 +01:00
wchen-r7 e549580ad2 Linux doesn't like the uppercase 2015-06-18 00:40:47 -05:00
wchen-r7 5fa864b097 done with rspec 2015-06-17 16:23:39 -05:00
Th3R3p0 8ea09532c8 removed a debugging line 2015-06-17 13:13:00 -04:00
Th3R3p0 e30b0e0cda forced client to version 3 for servers and added comments. This adds support for RFB version 4 servers. Tested on 004.001 2015-06-17 12:57:24 -04:00
Th3R3p0 772a5dd7df Created array and added support for version 4 2015-06-17 12:31:51 -04:00
William Vu dc07938668
Land #5550, custom exe_filename for to_exe_vba 2015-06-16 19:10:49 -05:00
g0tmi1k 37546c7e18 to_exe_vbs - Allow for exe_filename to be defined 2015-06-17 01:13:33 +01:00
g0tmi1k b40e9f6d46 util/exe - replace tabs with spaces
...formatting should be okay still
2015-06-17 01:10:18 +01:00
g0tmi1k 3410782fe9 Capitalized 'Accepted' 2015-06-16 19:42:32 +01:00
OJ 9dbdaf13ea Add AutoVerifySessionTimeout Meterpreter advanced option 2015-06-17 00:20:59 +10:00
OJ 9573c7e415 Implement transport remove 2015-06-16 11:38:59 +10:00
William Vu 8d640a0c8f
Land #5527, multi/handler -> exploit/multi/handler 2015-06-15 10:23:26 -05:00
benpturner b3754d750f Compression on a pre-script does not work in this context. Removed the elsif part of this code 2015-06-14 22:46:42 +01:00
RageLtMan d9c046449d Fix comparison of string to Fixnum 2015-06-14 16:55:46 -04:00
RageLtMan 6d5e0b93d3 Use random id generator appropriately
Powershell::Script includes a random generator (@rig) which can
produce non repeating randomized identifiers to be used as var
names within the PSH code.

Unwrap script handling in powershell env stager to instantate a
method-local Powershell::Script object and access its :rig to
generate identifiers.
2015-06-14 14:53:51 -04:00
HD Moore ab6f3a7373 Fix #5531, the ```stage_payload``` method does not take arguments. 2015-06-13 18:26:56 -05:00
g0tmi1k 6dcc9b7dab More inconsistencies 2015-06-12 21:59:15 +01:00
HD Moore 7c91aee7a8 Dont use a "connected" to keep compat with BSD 2015-06-09 20:33:46 -05:00
David Barksdale 91a06fb6fb TFTP::Client retransmit lost data blocks on upload
Retransmit data blocks until we receieve a matching ACK.
2015-06-09 15:53:33 -05:00
wchen-r7 6eb25743e3
Merge branch 'upstream-master' into bapv2 2015-06-09 10:10:00 -05:00
jvazquez-r7 ca7d6ec2d8
Account registers correctly on geteip_fpu 2015-06-08 16:35:23 -05:00
jvazquez-r7 f8623ebdda
Add support for stage encoding to alpha_upper 2015-06-08 14:35:48 -05:00
jvazquez-r7 11f2712a43
Use push instead of concat for single registers 2015-06-08 13:53:03 -05:00
wchen-r7 07d1282afb Correct file naming for better Ruby coding style 2015-06-08 12:17:49 -05:00
jvazquez-r7 890d9890e2
Account geteip_fpu modified registers 2015-06-08 12:00:14 -05:00
David Maloney 2a474c8375
Merge branch 'master' into feature/MSP-12358/ntds-dump-module 2015-06-08 11:42:03 -05:00
wchen-r7 5a6a16c4ec Resolve #4326, remove msfpayload & msfencode. Use msfvenom instead!
msfpayload and msfencode are no longer in metasploit. Please use
msfvenom instead.

Resolves #4326
2015-06-08 11:30:04 -05:00
jvazquez-r7 a77a4bd4c5
Account alpha_mixed modified registers 2015-06-08 11:16:24 -05:00
HD Moore edcd1e3bf9
Land #5504, handle cases where the script may be empty 2015-06-07 14:20:00 -05:00
HD Moore 1f11cd5470
Lands #5446, support for 64-bit native powershell payloads 2015-06-07 14:16:19 -05:00
benpturner 20b605e7cb Remove duplicate exec 2015-06-07 18:11:11 +01:00
RageLtMan 537dc6e218 Update Payload Cached Sizes fails in PSH Script
When attempting to update cached payload sizes which utilize the
Rex::Powershell functionality, the BRE block which appropriates
initial code is called with the 'code' variable being a nil which
results in:

```
lib/rex/powershell/script.rb:40:in `initialize': no implicit
conversion of nil into String (TypeError)
```

This throws a conditional into the File.open call which presents an
empty string instead of a nil. This still results in the rescue
block having to catch the exception, but manages to keep the
payload size updating script happy an retains consistent
behavior.
2015-06-07 11:42:24 -04:00
RageLtMan a46510465d Fix older Windows payloads to not require UUID
Default Windows payload to not include_send_uuid for compatibility.
2015-06-07 02:58:31 -04:00
HD Moore bd36908383 Fix #5500 by checking for session.respond_to?(:response_timeout) 2015-06-06 17:07:03 -05:00
William Vu d4ddc53856
Fix #5499, small fix for line clearing 2015-06-06 15:58:45 -05:00
William Vu f761d411c4 Adjust line clearing to cover only the text 2015-06-06 15:58:23 -05:00
William Vu 89e7dc6cf2
Land #5499, polish dem spinners 2015-06-06 15:21:09 -05:00
HD Moore 2942cb165f
Land #5415, changes spaces in PSH shell output 2015-06-06 14:55:33 -05:00
HD Moore fe09d9888e Small rework of the spinners, clear the line when done 2015-06-06 14:30:42 -05:00
HD Moore c80017992a A dirty patch for a number of Net::DNS/dns_enum issues 2015-06-06 13:48:52 -05:00
HD Moore cec20ec5d9 Handle a rare corner case 2015-06-06 11:46:19 -05:00
HD Moore 6b05302059 Fixes #5459, refactors LoginScanner::SNMP 2015-06-06 00:50:55 -05:00
wchen-r7 4b6dcbb9d9 remove junk method 2015-06-05 22:03:56 -05:00
wchen-r7 7ca15f1ae1 Update select_payload doc 2015-06-05 21:06:20 -05:00
wchen-r7 4e058c942e Fix typo 2015-06-05 21:04:22 -05:00
wchen-r7 a7fa434e89 If exploit list is empty, have the option to return content 2015-06-05 21:03:24 -05:00
wchen-r7 fb8abe54fc This will continue loading the rest of the exploits 2015-06-05 17:52:40 -05:00
wchen-r7 188b15b17f Fix the symbol vs string prob 2015-06-05 16:18:56 -05:00
Brent Cook 0f4304c2dd
Land #5494, handle short reads from mysql 2015-06-05 12:52:04 -05:00
Brent Cook bb9439e463
land #5487, refactor and fix save function for db_nmap 2015-06-05 12:31:23 -05:00
wchen-r7 e1c30e973d Fix SRVHOST 2015-06-05 12:14:43 -05:00
William Vu 15916f0ab0 Backport an upstream fix for a nil header
353d5951da
7c984ea66e
2015-06-05 11:51:40 -05:00
wchen-r7 f8c5e5a70a Don't show "Server stopped" 2015-06-05 11:16:43 -05:00
wchen-r7 ecdeeea5c6 Make sure super is called 2015-06-05 11:11:40 -05:00
wchen-r7 be60f964c6 Call super for cleanup 2015-06-05 10:50:52 -05:00
wchen-r7 69968fc9f1 Merge branch 'upstream-master' into bapv2 2015-06-04 23:36:24 -05:00
wchen-r7 910ae8a480 Fix #5461, actually stop a job from the RPC service
Fix #5461. The RPC service is incorrectly using the wrong method to
stop a job, this patch should fix that.
2015-06-04 23:09:55 -05:00
William Vu a53a68cfc2 Refactor db_nmap and fix the save option 2015-06-04 18:40:19 -05:00
OJ 26785b34f1
Land #5483 : Use the correct help output for the ps command 2015-06-05 07:30:15 +10:00
Brent Cook 346ea40d66 fix some alignment, add usage 2015-06-04 16:14:31 -05:00
Brent Cook 06cc759080 Use the correct help output for the ps command
It should not look like this:

```
meterpreter > ps -h
Usage: ps [ options ]

OPTIONS:
 -S       Search string to filter by
 -h 		This help menu
```

It should not not look like this:

```
meterpreter > ps -h
Use the command with no arguments to see all running processes.
The following options can be used to filter those results:

OPTIONS:

    -A <opt>  Filters processes on architecture (x86 or x86_64)
    -S <opt>  String to search for (converts to regex)
    -U <opt>  Filters processes on the user using the supplied RegEx
    -h        Help menu.
    -s        Show only SYSTEM processes
```
2015-06-04 16:06:07 -05:00
wchen-r7 7de78c1d69
Land #5447, more info about using the deprecated report_auth_info 2015-06-04 12:37:22 -05:00
wchen-r7 be709ba370
Merge branch 'upstream-master' into bapv2 2015-06-04 10:33:07 -05:00
David Maloney 5d68a8167b
handle unicode changes
changed everything to utf-8 , so several sizes
on the ruby side needed to be changed to account for this

MSP-12358
2015-06-02 12:46:21 -05:00
Samuel Huckins 27ddee4241 Merge branch 'master' of github.com:rapid7/metasploit-framework 2015-06-02 08:54:47 -05:00
jvazquez-r7 d22dda2bab
Provide more context and references 2015-06-01 10:33:40 -05:00
benpturner 9d1a7cead4 New modules to support 64bit process powershell. 2015-06-01 16:11:23 +01:00
Samuel Huckins a0bcbd1fe5 Merge branch 'master' of github.com:rapid7/metasploit-framework 2015-06-01 09:55:20 -05:00
Brent Cook 64e86165ef remove android meterpreter bins, update to payloads 1.0.2
This switches us to using the Android payload files from the
metasploit-payloads gem
2015-06-01 09:14:31 -05:00
Brent Cook 70ef1b83f9 Merge branch 'master' into land-5366-android 2015-06-01 09:07:55 -05:00
wchen-r7 5c890004b8 Do stop_service in cleanup 2015-05-29 18:32:57 -05:00
wchen-r7 28d35a5bf4 Update doc 2015-05-29 18:03:56 -05:00
wchen-r7 58c5767330 Don't need stderr.puts 2015-05-29 17:41:29 -05:00
wchen-r7 0384b115e9 Fix reload bug 2015-05-29 17:41:02 -05:00
OJ 3dd3ef5edb
Merge branch 'upstrea/master' into winhttp-ie-proxy 2015-05-30 08:03:43 +10:00
jvazquez-r7 af326a4f88
Use compatible_payloads instead of copy and paste 2015-05-29 16:55:19 -05:00
Brent Cook 6d488c63d4 php UUIDOptions->UUID::Options 2015-05-29 16:33:03 -05:00
Brent Cook b8a8e65c2c Merge branch 'master' into land-5394-uuid-tracker 2015-05-29 16:22:45 -05:00
Brent Cook 7b0006a1b2 Merge branch 'master' into land-5394-uuid-tracker 2015-05-29 15:41:31 -05:00
Brent Cook 96a1e1b344
Land #5367, add UUID stagers 2015-05-29 15:18:53 -05:00
wchen-r7 defda01d87 Some doc 2015-05-29 15:09:29 -05:00
wchen-r7 b33ace2f44 Put is_payload_compatible? in exploit.rb 2015-05-29 15:07:59 -05:00
wchen-r7 13779adab4
Merge branch 'upstream-master' into bapv2 2015-05-29 14:59:04 -05:00
wchen-r7 6be363d82a
Merge branch 'upstream-master' into bapv2 2015-05-29 14:58:38 -05:00
jvazquez-r7 1be04a9e7e
Land #5182, @m-1-k-3's exploit for Dlink UPnP SOAP-Header Injection 2015-05-29 14:49:09 -05:00
jvazquez-r7 8b2e49eabc
Do code cleanup 2015-05-29 14:45:47 -05:00
Brent Cook 340792aae4 don't jump past the uuid sender on win32/tcp connect 2015-05-29 14:34:27 -05:00
wchen-r7 dab9a66ea3 Use current ruby hash syntax 2015-05-29 13:43:20 -05:00
Brent Cook 7d5af66fa0 Merge branch 'master' into land-5367-uuid-stagers 2015-05-29 13:00:35 -05:00
Brent Cook 8f747d2541
Land #5382, add meterpreter session reconnect RPC call 2015-05-29 12:53:15 -05:00
Samuel Huckins f6a8982fd7 Merge branch 'master' of github.com:rapid7/metasploit-framework
Please enter a commit message to explain why this merge is necessary,
2015-05-29 12:49:45 -05:00
RageLtMan 0d0dbaab60 Fix :gsub! delegator for Powershell::Script 2015-05-29 05:08:27 -04:00
RageLtMan f575b31d58 Remove double assignment typo 2015-05-29 05:05:35 -04:00
RageLtMan 1a08da09cb Fix compression check logic
Initial check logic would compress any script, even those which
would not need it since an uncompressed script fitting the buffer
would likely fit compressed (unless its uncompressable and the
decoder stub overflows). Ensure that compression occurs only when
a compressed script would fit while the uncompressed one does not.
2015-05-29 04:15:57 -04:00
RageLtMan e9821f6a70 Update stage_psh_env method
Replace variable names with generated strings to increase entropy.

Add compression test for stager to determine if a compressed PSH
script will fit into the allowed space. If so, compress and exec
without staging.

Add variable name cleanup to stager mechanism - Remove-Variable
with -ErrorAction SilentlyContinue is called on each stager var
name after the stager executes.

TODO: Update method documentation
2015-05-29 04:04:51 -04:00
RageLtMan f575fb8df9 Merge branch 'feature-merge_psh_updates_201505'
Conflicts:
	lib/msf/core/post/windows/powershell.rb

Rename upload_script_via_psh to stage_psh_env within post PSH lib.
Perform the same rename within load_script post module.
2015-05-29 03:42:25 -04:00
wchen-r7 737559bcbb
Land #5180, VBA Powershell for Office Macro 2015-05-28 19:55:27 -05:00
Samuel Huckins 19106a3ea4 Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2015-05-28 08:15:12 -05:00
Spencer McIntyre 24b4dacec5
Land #5408, @g0tmi1k fixes verbiage and whitespace 2015-05-27 21:02:02 -04:00
wchen-r7 583fccdbc8 Resolve #5404, Check payload compatibility when using set payload
Resolve #5404. This patch will check payload compatibility when
you are using set payload in msfconsole.
2015-05-27 18:28:08 -05:00
wchen-r7 5d0053e4ef Move iframe instead of hiding, which seems to improve Flash reliability 2015-05-27 00:43:47 -05:00
wchen-r7 60cdf71e6c
Merge branch 'upstream-master' into bapv2 2015-05-26 15:56:48 -05:00
Brent Cook d76a9c6565
Land #5409, update cmd stager documentation.
Merge remote-tracking branch 'upstream/pr/5409' into upstream-master
2015-05-26 10:34:03 -05:00
benpturner abd4ab548d Edit spaces within the powershell session command 2015-05-25 20:10:29 +01:00
wchen-r7 3102741157 Don't need print_line 2015-05-25 11:54:58 -05:00
wchen-r7 3d5248f023 This is better 2015-05-25 11:46:18 -05:00
benpturner e06f47b2bd Updates load_script to have support for folders and to include the stager process in the mixin module for other post mods 2015-05-25 15:48:27 +01:00
OJ 307dcd09dd Update payload cache sizes again 2015-05-25 20:12:20 +10:00
OJ 87bc198c82 x64 winhttp ie proxy support, autoconfig ignore 2015-05-25 20:01:37 +10:00
wchen-r7 db09b9846c I think I found the speed back 2015-05-25 02:44:57 -05:00
wchen-r7 72112317cc Update 2015-05-25 01:58:34 -05:00
wchen-r7 3efe22d5e2 This seems better, slower though 2015-05-25 01:42:34 -05:00
OJ 78176c4335 First pass of IE proxy support for winhttp x86 2015-05-25 15:44:35 +10:00
OJ 43f7054a5c Refactor base64 stub into base module
As per @zeroSteiner's suggestion.
2015-05-25 11:51:01 +10:00
OJ 9e50114082
Merge branch 'upstream/master' into uuid-stagers 2015-05-25 11:22:35 +10:00
OJ 9042f141ff Implement the IPv6 UUID bind stagers 2015-05-25 11:21:28 +10:00
wchen-r7 7089bd945a This payload handling looks much better 2015-05-24 12:47:20 -05:00
Spencer McIntyre 6fb2da4f62 Fix #5391, cmd stager documentation fixes 2015-05-23 13:56:49 -04:00
Michael Messner 10baf1ebb6 echo stager 2015-05-23 15:50:35 +02:00
wchen-r7 a376464710 It kind of blew up 2015-05-23 05:26:13 -05:00
wchen-r7 f378b45408 bug fixes, sorta 2015-05-23 05:06:15 -05:00
wchen-r7 7f4b51f0ff Fix nil bug 2015-05-23 02:08:51 -05:00
wchen-r7 60b0be8e3f Fix a lot of bugs 2015-05-23 01:59:29 -05:00
wchen-r7 916b7b83be Change how we load payload handlers 2015-05-22 20:35:43 -05:00
jvazquez-r7 d10b20b7a3
Land #5251, @hmoore-r7's second opportunity to Oracle connect
SYSTEM shouldn't have SYSDBA privileges by default anymore
2015-05-22 17:47:41 -05:00
jvazquez-r7 41a86b2e9b
add vprint_status 2015-05-22 17:46:56 -05:00
wchen-r7 6de75ffd9f
Merge branch 'upstream-master' into bapv2 2015-05-22 17:11:03 -05:00
jvazquez-r7 c201955fdf
Land #5387, @wchen-r7's user-configurable HTTP timeout
Fixes #5219, Add connection timeout and response timeout for HttpClient
2015-05-22 15:36:11 -05:00
jvazquez-r7 e0d9ee062f
Use HttpClientTimeout 2015-05-22 13:35:37 -05:00
wchen-r7 8fd468a89f Get the dry-run feature right this time 2015-05-22 13:07:30 -05:00
wchen-r7 905fe73d78 Track clicks 2015-05-22 12:57:06 -05:00
wchen-r7 e8a32bdd10 Make MaxSessions/RealList/Custom404 work better 2015-05-22 12:40:56 -05:00
wchen-r7 2bb6f390c0 Add session limiter and fix a race bug in notes removal 2015-05-22 12:22:41 -05:00
Samuel Huckins 7a566ef347 Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2015-05-22 08:00:17 -05:00
HD Moore 078438f66e Update UUIDOptions -> UUID::Options 2015-05-22 00:30:05 -05:00
HD Moore c17ee64d81 Merge branch 'master' into feature/uuid-registration 2015-05-22 00:29:16 -05:00
OJ c07ff70f19 Add check for UUID payloads
Thankfully those payloads already had a flag that could be reused.
2015-05-22 15:11:12 +10:00
OJ 1c73c190fc Add machine_id support to windows php meterp 2015-05-22 14:55:29 +10:00
Brent Cook 9ce669f878
Land #5328: reworked x64 http/https stagers 2015-05-21 23:26:34 -05:00
OJ 10bd75348c
Merge branch 'upstream/master' into uuid-stagers 2015-05-22 13:07:25 +10:00
OJ a6a274d3a3
Merge recent stager changes 2015-05-22 13:01:45 +10:00
HD Moore 9b17b63259 Switch to append mode for x86 service templates, fixes #5403 2015-05-21 20:42:20 -05:00
HD Moore ea9059f930 Fix broken endian specification (<I vs I<) 2015-05-21 20:00:22 -05:00
Samuel Huckins 4890882beb Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2015-05-21 15:03:17 -05:00
wchen-r7 c29bb35e28 Change datastore name 2015-05-21 10:15:03 -05:00
David Maloney 356f361b40
add sid to the the yard docs
you win this round OJ ;)

MSP-12722
2015-05-21 09:30:09 -05:00
root ee1a366e2b Use select with ActiveRecord::Associations::CollectionProxy for subset selection 2015-05-21 11:04:03 +05:00
HD Moore eac1663fed Ensure that the base directory exists before creating the file 2015-05-21 00:40:49 -05:00
wchen-r7 3ee02d3626 Hmm bug 2015-05-21 00:36:40 -05:00
HD Moore 4622fa60eb Register the init_* URLs and whitelist these 2015-05-21 00:22:41 -05:00
wchen-r7 31c60b48c8 Don't forget to doc 2015-05-21 00:08:04 -05:00
wchen-r7 6e8ee2f3ba Add whitelist feature 2015-05-21 00:05:14 -05:00
HD Moore 27406204ed Disable payload UUID registration by default 2015-05-20 23:56:15 -05:00
HD Moore e07576ce20 Indicate whether a session has a registered UUID 2015-05-20 23:55:49 -05:00
wchen-r7 bdf30dd383
Land #5374, --smallest option in msfvenom 2015-05-20 21:06:10 -05:00
HD Moore a8d111ce89 Merge branch 'master' into feature/uuid-registration 2015-05-20 19:48:39 -05:00
HD Moore ac0004ea0a Implement IgnoreUnknownPayloads 2015-05-20 19:47:17 -05:00
RageLtMan 27e12754fe Import Powershell libraries and sample post module
Sync critical functionality from Rex and Msf namespaces dealing
with encoding and processing of powershell script for exploit
or post namespaces.

Import Post module. Primarily adds a psh_exec method which will be
replaced in the next PR with @benpturner's work integrated into
the Post module namespace.

Provide a sample metasploit windows post module to show the
execution pipeline - entire subs process can be removed and the
module reduced to a psh_exec(datastore['SCRIPT']).

This commit is designed to provide sync between the SVIT fork and
upstream. Pending commits to be based on this work will provide
access to .NET compiler in the Post namespace to be used for
dynamic persistent payload creation on target and the import of
@benpturner's work.
2015-05-20 18:18:51 -04:00
wchen-r7 93900087c7 Resolve #5219, user-configurable HTTP timeout
Resolve #5219
2015-05-20 13:30:45 -05:00
Brent Cook e34c751034 only use regex matches if they are specified 2015-05-20 12:22:36 -05:00
RageLtMan e9be0d3f7a Allow cmd_arp to use -S flag
Allow searching for regex' through ARP output using Table's new
'SearchTerm' parameter.

Example:
```
meterpreter > arp -S 10.2.1.1

ARP cache
=========

    IP address   MAC address        Interface
    ----------   -----------        ---------
    10.2.1.1     00:01:02:03:04:05  15
```
2015-05-20 11:26:06 -05:00
RageLtMan b20c1c51b5 Import -S option for netstat
Allow searching through netstat output tables for specific strings.

Example:
```
meterpreter > netstat -S 192

Connection list
===============

    Proto  Local address    Remote address         State        User  Inode  PID/Program name
    -----  -------------    --------------         -----        ----  -----  ----------------
    tcp    10.1.1.20:3389   192.168.100.186:38470  ESTABLISHED  0     0      3076/svchost.exe
    tcp    10.1.1.20:63826  192.168.100.186:31158  ESTABLISHED  0     0      4568/powershell.exe
    tcp    10.1.1.20:64887  192.168.100.186:31158  ESTABLISHED  0     0      -
```
2015-05-20 11:26:06 -05:00
Brent Cook e4165d3ae0 whitespace fixes
from @sempervictus
2015-05-20 11:26:04 -05:00
Brent Cook 66bd881ac5 support filtering on processes with a regex
from @sempervictus

Merge forked changes to cmd_ps allowing for the use of string
matching on listing output via Rex::Ui::Text::Table's SearchTerm
facility

Example:
```
meterpreter > ps -S x64.*Auth.*Sys

Process list
============

 PID   Name                       Arch  Session  User                          Path
 ---   ----                       ----  -------  ----                          ----
 400   smss.exe                   x64   0        NT AUTHORITY\SYSTEM           C:\Windows\System32\smss.exe
...
```
2015-05-20 11:25:56 -05:00