Jack64
ad86a72918
send_sms + wlan_geolocate
2015-07-20 01:16:58 +01:00
xistence
844b47e8ce
Additional changes
2015-07-18 14:10:46 +07:00
wchen-r7
da445a52aa
Update URIHOST and URIPORT
2015-07-16 14:27:46 -05:00
wchen-r7
1fdbcc71c1
Support URIHOST and URIPORT for exploit URI generation
2015-07-16 14:10:49 -05:00
xistence
7f05403ae0
Added certutil cmdstager
2015-07-16 13:20:05 +07:00
wchen-r7
73fd4bd853
Allow the notes command to save notes as a file
...
The -o option can save notes as a file.
2015-07-16 00:28:15 -05:00
wchen-r7
18ca617c23
Land #5649 , Fix undefined sysinfo method error in meterpreter.rb
2015-07-15 23:27:02 -05:00
William Vu
f6cdbb65dd
Land #5706 , Kiwi creds_* -o write to file
2015-07-15 15:43:29 +00:00
jvazquez-r7
886ca47dfb
Land #5650 , @wchen-r7's browser autopwn 2
2015-07-15 10:21:44 -05:00
OJ
b6e25506d0
Add a common user agent list, use the shortest for Meterpreter
2015-07-15 13:03:47 +10:00
wchen-r7
4f8f640189
Rename autopwnv2 to just autopwn2
2015-07-14 17:38:51 -05:00
jvazquez-r7
709676e6cc
Make exploits quiet
2015-07-14 17:00:44 -05:00
wchen-r7
219d0032fa
Do print_good to make this important stand up more
2015-07-14 15:36:35 -05:00
William Vu
6685fc479b
Add multi-glob filesystem search to Meterpreter
2015-07-14 20:23:23 +00:00
wchen-r7
1992a5648d
Make up our damn mind
2015-07-14 15:09:23 -05:00
wchen-r7
d64f4be691
Check if URIPORT is 0
2015-07-14 14:45:10 -05:00
wchen-r7
5e63b5f93e
Can't use cli
2015-07-14 14:37:45 -05:00
wchen-r7
cf714fe4aa
Change port logic too
2015-07-14 14:19:00 -05:00
wchen-r7
61d49f29e8
Check nil for SRVHOST option
2015-07-14 14:16:49 -05:00
wchen-r7
8efb4df8af
Change the HOST IP logic again
2015-07-14 14:15:32 -05:00
wchen-r7
9980e8f285
Change SRVHOST vs URIHOST vs Rex again
2015-07-14 14:06:33 -05:00
wchen-r7
f76fe07872
Fix SRVHOST
2015-07-14 13:49:28 -05:00
William Vu
9be030bbff
Fix nil in executable generation
2015-07-14 18:47:33 +00:00
wchen-r7
9dddb13d0b
Slow down on killing exploits
...
Jobs aren't thread safe, so we kind of have to take it easy.
2015-07-14 13:10:57 -05:00
wchen-r7
2264efac15
Reduce output
2015-07-14 12:22:38 -05:00
HD Moore
100d3c8d46
A number of small fixes for BAPv2
...
* Use module.register_parent() to pass WORKSPACE and other fields
* Prevent partial resource matching in URIs
* Make disclosure_date sorting resilient
2015-07-14 11:40:28 -05:00
Samuel Huckins
60444c208b
Land #5658 , MSF version includes git hash now
2015-07-14 09:21:25 -05:00
wchen-r7
0582e7e3ca
Return nil instead of "null"
...
A scenario is when FF disables Flash, BES returns "null", and when
modules try to use Gem::Version, the "null" is considered a malformed
data and it won't be able to continue.
2015-07-14 01:25:41 -05:00
wchen-r7
8384be6466
Fix rand_text_alpha and bump max exploit count to 21
2015-07-14 01:02:01 -05:00
wchen-r7
d6565a9aee
Merge branch 'bes_flash' into bapv2_flash_test
2015-07-14 00:34:54 -05:00
jvazquez-r7
8fb6bedd94
Delete as3 detecotr
2015-07-13 18:23:39 -05:00
jvazquez-r7
8928c5529c
Fix Javascript code
2015-07-13 17:43:04 -05:00
jvazquez-r7
244d9bae64
Add max timeout
2015-07-13 16:52:25 -05:00
jvazquez-r7
9116460cb0
Add prototype with AS3
2015-07-13 16:33:55 -05:00
Brent Cook
07d05828d0
Land #5688 , remove msfcli
2015-07-13 15:27:38 -05:00
William Vu
93f154b395
Land #5695 , SMTPDeliver STARTTLS unspecific SSL
2015-07-13 18:54:41 +00:00
William Vu
0a5119a4ac
Land #5702 , vprint_* optional parameter
2015-07-13 18:47:22 +00:00
William Vu
53bcee011b
Land #5709 , s/Filed/Failed/ typo fixes
2015-07-13 18:37:46 +00:00
wchen-r7
884b779b36
Land #5593 , CVE-2015-1155 Safari file:// Redirection Sandbox Escape
2015-07-13 11:28:39 -05:00
Mo Sadek
4cd6e0c72b
Added "Failed" to line 121 of kdc_request.rb
2015-07-13 11:27:32 -05:00
Mo Sadek
6a5645d747
Changed "Filed" to "Failed" in multiple files
2015-07-13 11:21:20 -05:00
rwhitcroft
0a581be9f9
put -u back for removing transports
2015-07-13 12:10:32 -04:00
OJ
4fc258ec0c
Remove duplicate entries, allow for output to file
...
This commit does a few tidies of code, as well as adds the ability to
write all the kiwi output to disk as well as to the console. We can't
yet add this stuff to the credential DB because it's tied to machine,
where the creds that come out of kiwi are often tied to domains.
This also removes duplicate creds from the output list, and gets rid of
the auth id stuff from the output too (not sure why it was useful
before).
2015-07-13 14:17:31 +10:00
wchen-r7
e638d85f30
Merge branch 'upstream-master' into bapv2
2015-07-12 02:01:09 -05:00
wchen-r7
8d40d30d47
Comemnt
2015-07-11 23:24:01 -05:00
wchen-r7
88357857a0
These datastore options don't need to set anymore
2015-07-11 23:22:05 -05:00
rwhitcroft
eaa0d0a44e
first msg was better
2015-07-11 22:50:38 -04:00
rwhitcroft
508c9f55df
specify transports by index
2015-07-11 22:22:50 -04:00
g0tmi1k
a4dc409c12
Add empty default vprint value
2015-07-11 19:38:27 +01:00
Brent Cook
8349a274ea
use and include git hash of Framework as part of the version
...
Because we do not always update the version number, multiple releases have
shown version string, which is not useful for helping debug issues, or for
knowing what features are enabled.
This adds the git hash or reads from a file a copy of the git hash (useful for
doing packaged builds without git) so that it is clear the origin of a
particular metasploit-framework version.
2015-07-10 18:03:37 -05:00
wchen-r7
89aa00cfc4
Check job workspace
2015-07-10 13:09:42 -05:00
wchen-r7
086de2c030
Pass more options
2015-07-10 12:39:43 -05:00
wchen-r7
513dcf3574
We don't need these methods anymore
2015-07-10 12:12:53 -05:00
Brent Cook
493971245a
switch nsock locally to TLS - don't assume self.sock is set
2015-07-10 12:10:53 -05:00
Brent Cook
3495d317b5
Do not lock SMTP STARTTLS to only use SSLv3
...
SSLv3 has been deprecated for some time, and is being actively disabled more
and more (http://disablessl3.com , https://tools.ietf.org/html/rfc7568 ).
To maintain forward compatibility, do not specify a maximum version
and insteady use the default from the local OpenSSL library instead. Fallbacks
to older versions will happen on handshake as needed.
2015-07-10 11:17:31 -05:00
OJ
51f59b3c8c
Re-add URI generation to reverse_http
2015-07-10 16:21:55 +10:00
wchen-r7
f59c99e2ff
Remove msfcli, please use msfconsole -x instead
...
msfcli is no longer supported, please use msfconsole.
Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
wchen-r7
21e44f235e
Example of doing Flash detection with Flash
2015-07-08 13:18:57 -05:00
Brent Cook
0b59e63084
keep advanced options on the fat side of the conditional
2015-07-07 22:44:34 -05:00
Brent Cook
23abc288c8
Resolved conflicts with master
2015-07-07 22:34:30 -05:00
wchen-r7
fdb715c9dd
Merge branch 'upstream-master' into bapv2
2015-07-07 13:45:39 -05:00
wchen-r7
dc0ce88279
We're note actually using Mubex, it might be causing a crash too
...
A problem we are seeing is that sometimes when BAP terminates
(ie: jobs -K), we hit a deadlock while jobs are trying to cleanup,
and sometimes that might cause msfconsole to crash and terminate.
We suspect this Mubex is a contributing factor but it has been hard
to prove because it's very hard to reproduce the crash.
2015-07-07 00:32:20 -05:00
wchen-r7
4a70e23f9a
Add ExploitReloadTimeout datastore option
...
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
HD Moore
0a4c6fb92f
Merge branch 'master' of github.com:rapid7/metasploit-framework
2015-07-06 14:24:52 -05:00
HD Moore
c68064ba36
Lands #5671 , re-integrates SMB fdleak/timeout settings
2015-07-06 14:23:59 -05:00
Mo Sadek
366d42a0d8
Land #5609 , Fuzzer.rb and file_info.rb YARD doc update
2015-07-06 14:12:55 -05:00
Mo Sadek
25bdf7a50a
Land #5427 , check payload compatability for set payload fix
2015-07-06 12:56:21 -05:00
jvazquez-r7
3595a23673
Restore #3738
2015-07-06 11:22:22 -05:00
Samuel Huckins
174c90ccde
Updating version to match current
...
* This will be changed to the most recent git hash for next round,
at least making accurate for now.
2015-07-06 10:28:34 -05:00
Spencer McIntyre
2a89e248d7
Pymet fix send uuid logic for Python 3.x
2015-07-06 11:20:34 -04:00
HD Moore
3150549634
Experimental output show/hide for BAPv2
2015-07-05 19:07:10 -05:00
HD Moore
d2063c92e1
Refactor datastore names to match standards
2015-07-05 18:21:45 -05:00
joev
60a896f58b
Adjust extension timeout.
2015-07-05 16:48:25 -05:00
joev
b577f79845
Fix some bugs in the safari file navigation module.
2015-07-05 16:46:18 -05:00
OJ
aaaf6807ed
Minor indentation/space fixes
2015-07-05 09:18:27 +10:00
HD Moore
3c7298ba80
Fix additional copy-pasta cases of #5662
2015-07-04 12:38:04 -05:00
HD Moore
fb2da00bfd
Fix #5662 by not generating a small uri by default
2015-07-04 09:27:18 -07:00
Spencer McIntyre
29d45e3b18
Pymet patch in timeout info on generate_stage
2015-07-03 14:12:29 -04:00
wchen-r7
2b0f6e723d
Explain the byte sequence
2015-07-03 11:12:59 -05:00
wchen-r7
5c582b76ca
Resolves #4380 , check for warbird template
...
Resolves #4380 . Adds a check for warbird (license verification)
windows template. For reference please see:
http://thisissecurity.net/2014/10/15/warbird-operation/
2015-07-03 02:38:52 -05:00
Joshua Smith
5be94c12b6
Land #5602 , adds irb -e to core
2015-07-02 16:21:20 -05:00
Joshua Smith
434cffa258
clean up so idiomatic ruby details
2015-07-02 16:16:57 -05:00
HD Moore
7858d63036
Typo
2015-07-02 15:34:44 -05:00
HD Moore
43d47ad83e
Port BAPv2 to Auxiliary
2015-07-02 15:29:24 -05:00
HD Moore
6e31b9ef53
Initialize and rename the BES mutex
2015-07-02 15:11:03 -05:00
HD Moore
c5c7de0091
Rework browser profiles, get back to functional mode
2015-07-02 14:58:43 -05:00
HD Moore
c0969d4497
Fix module.uuid references
2015-07-02 13:45:38 -05:00
HD Moore
0e7f610836
Finish browser profile rework in BES
2015-07-02 12:58:21 -05:00
HD Moore
b9a8308138
Replace BAP profiles with a framework-instance hash
2015-07-02 12:53:24 -05:00
HD Moore
87e6325737
Revert BAPv2 changes to framework/libraries/handlers
2015-07-02 12:10:21 -05:00
Spencer McIntyre
0af397217c
Merge pymet transport feature into fresh branch
2015-07-02 08:43:13 -04:00
wchen-r7
2957924c78
Merge branch 'upstream-master' into bapv2
2015-07-02 01:46:31 -05:00
root
c4875a8821
Change sysinfo to sys.config.sysinfo
2015-07-02 11:38:37 +05:00
wchen-r7
a17b27efce
Update descriptions
2015-07-01 21:47:51 -05:00
wchen-r7
caddf545c4
Make getsystem more verbose
...
Resolves #4401
2015-07-01 20:49:14 -05:00
wchen-r7
8051a99f4a
Merge branch 'upstream-master' into bapv2
2015-07-01 18:45:42 -05:00
OJ
a5ad56754f
Use full namespace for PACKET_TYPE_RESPONSE
2015-07-02 08:03:39 +10:00
HD Moore
e7271e3c04
Call the Meterpreter methods directly vs pollute the namespace
2015-07-01 16:04:54 -05:00
William Vu
399b3d2810
Land #5629 , moar cmd_exec refactoring
2015-07-01 00:36:19 -05:00
Brent Cook
e99d63687f
Land #5608 , android and java meterpreter transport and sleep support
...
This also includes stageless Windows meterpreter fixes for process migration.
2015-07-01 00:23:36 -05:00
OJ
a2721323be
Handle failure better for first recv
2015-07-01 14:02:40 +10:00
OJ
9c2cd34e92
Fix payload required space, remove WOW64 code from x64
2015-07-01 13:39:05 +10:00
OJ
a44c31052b
reverse_tcp x64 stager reliability fixes
...
Also includes a slight tweak to x86
2015-07-01 12:43:41 +10:00
OJ
cf8bbbfa3d
reverse_tcp 32 bit stager resiliency
2015-07-01 11:03:08 +10:00
Tod Beardsley
37ac5f0ee3
Use environment variables for Program Files
...
Done, thanks @Meatballs1 !
2015-06-30 17:28:21 -05:00
wchen-r7
7aeb9e555b
Change ranking and support CAMPAIGN_ID
2015-06-29 12:13:46 -05:00
jvazquez-r7
02cd2a9cd9
Fix #3951 Update Windows::Registry to use cmd_exec
2015-06-29 12:07:37 -05:00
William Vu
1bfa84b37b
Land #5628 , sessions -d removal
2015-06-29 11:45:27 -05:00
jvazquez-r7
834c0e594a
Update multi modules
2015-06-29 11:36:28 -05:00
Mo Sadek
dde853b0a0
Fixed "linee" to "line"
2015-06-29 11:27:50 -05:00
Mo Sadek
e5836fbdac
Removed session -d from core.rb
...
Ticket #4423
2015-06-29 10:57:50 -05:00
wchen-r7
7742d85f2f
I guess that's fine
2015-06-27 20:58:19 -05:00
wchen-r7
6136269ace
No can't do this
2015-06-27 13:53:29 -05:00
wchen-r7
5c039ccfd7
Even faster
2015-06-27 13:51:21 -05:00
wchen-r7
9bd920b169
Merge branch 'upstream-master' into bapv2
2015-06-27 12:19:55 -05:00
wchen-r7
88e58cbdc5
Better performance
2015-06-27 12:19:07 -05:00
OJ
007da4af41
Force :init_connect for stageless
2015-06-27 18:21:15 +10:00
Brent Cook
10a6945737
Land #5617 , record the success on which we stopped ( fixes #5616 )
2015-06-26 18:27:49 -05:00
jvazquez-r7
52b49503a0
Land #5498 , @hmoore-r7's patch for a number of Net::DNS/enum_dns issues
2015-06-26 18:25:03 -05:00
wchen-r7
b4656f43a4
Fix #5616 , Save username before stop_on_success breaks the task
...
Fix #5616
2015-06-26 18:04:18 -05:00
jvazquez-r7
a10fa02b00
Land #5606 , @wchen-r7's glassfish fixes
2015-06-26 14:12:50 -05:00
Spencer McIntyre
79185e91c6
Refactor the pymet to use transport objects
2015-06-26 14:56:31 -04:00
wchen-r7
da779b1101
Fix login for 9.1
2015-06-26 13:52:44 -05:00
wchen-r7
b46e1be22f
Land #5371 , Add file checking to the on_new_session cleanup
2015-06-26 13:33:57 -05:00
wchen-r7
0c608e2a4c
Change doc for boolean args
2015-06-26 12:01:53 -05:00
wchen-r7
1d9caeffc0
Update documentation for fuzzer.rb and file_info.rb
...
See #5599
2015-06-26 11:22:30 -05:00
Spencer McIntyre
7aae9b210e
Add pymet support for core_enumextcmd
2015-06-26 11:32:51 -04:00
OJ
f6ae1f4223
Merge branch 'upstream/master' into android-java-transport-refactor
2015-06-26 14:12:56 +10:00
OJ
a773979992
Java config wiring, tweak to include block counts
...
This commit adjusts the way that the config block is set for java and
android because behind the scenes the stageless connect-backs need to
know what to discard. as a result of connecting back to staged listeners
we need to be able to discard a number of bytes/blocks before we can
continue process (at least in the case of TCP).
2015-06-26 13:59:09 +10:00
Tod Beardsley
15f9fc5d8f
Land #5599 , YARD for fuzzer.rb
2015-06-25 14:37:55 -05:00
Mo Sadek
31c35715fc
YARD Documentation for file_info.rb
2015-06-25 11:08:35 -05:00
OJ
98156ec944
Add user agent to the transport config
...
Why this was missing I will never know :)
2015-06-25 14:51:06 +10:00
OJ
5a24dc8e64
Enable the transport command for java
2015-06-25 14:08:41 +10:00
Spencer McIntyre
f9642da387
Support expressions for meterpreter's irb too
2015-06-24 21:02:18 -04:00
Spencer McIntyre
f6f21724a3
Support expressions for the irb command
2015-06-24 20:52:17 -04:00
wchen-r7
8e4fa80728
This looks good so far
2015-06-24 19:30:02 -05:00
Brent Cook
5c65c58fdf
Land #5598:handle nil or short machine_ids gracefully
2015-06-24 19:11:08 -05:00
OJ
d9b6e46685
Merge branch 'upstream/master' into android-java-transport-refactor
2015-06-25 09:50:42 +10:00
HD Moore
24a6e4c110
Comment update
2015-06-24 16:33:07 -05:00
HD Moore
2807fb4f93
Bump the default timeout to 30 seconds based on feedback
2015-06-24 16:15:01 -05:00
HD Moore
4d58e49cdc
Land #5600 , update session info after migrate
2015-06-24 15:16:58 -05:00
Meatballs
151fa2f676
Update user info on migrate
2015-06-24 20:50:29 +01:00
HD Moore
aa9ea13934
Fix up the core_machine_id call to handle weirdness better
2015-06-24 11:44:54 -07:00
Mo Sadek
e0c52730a0
YARD Documentation for Fuzzer.rb
2015-06-24 13:38:11 -05:00
Samuel Huckins
ea4d13586c
Merge pull request #5587 from trevrosen/bug/MSP-12834/crawler-choke-on-save
...
MSP-12834 #land
2015-06-24 09:43:51 -05:00
OJ
a8c20496be
Remove unused code from the java http stager
2015-06-24 22:37:40 +10:00
joev
c305348a3b
Fix the mixin to work in the exploit again.
2015-06-24 02:19:09 -05:00
joev
8b6fba4988
Tweak and fix some things in Safari file URL module.
2015-06-24 02:08:06 -05:00
OJ
e796e56c6c
Modify the staging process
2015-06-24 13:22:33 +10:00
wchen-r7
d59c418df6
Fix #5591
...
Fix #5591
2015-06-23 19:10:14 -05:00
wchen-r7
1af12fd11f
Glassfish version 9
2015-06-23 19:09:14 -05:00
Tod Beardsley
18a9585f7a
Add safari module for CVE-2015-1155
2015-06-23 16:15:50 -05:00
William Vu
dffc516d6d
Land #5583 , Android Meterpreter commands fix
2015-06-23 14:39:37 -05:00
Trevor Rosen
4e3a2b2b35
Upstream merge
2015-06-23 14:11:28 -05:00
HD Moore
3141d4e465
Relocate the mkdir to synced_update
2015-06-23 10:44:15 -07:00
Brent Cook
67e711998b
Do not create the payloads.json file until first usage
2015-06-23 12:21:04 -05:00
Brent Cook
e75287875b
hack android-specific commands back to life
2015-06-22 20:41:58 -05:00
Brent Cook
e696d2f3dc
Merge branch 'master' into land-5348-ntds
2015-06-22 17:18:13 -05:00
Brent Cook
ba340ecec1
Land #5543 , add transport delete command
2015-06-22 16:58:47 -05:00
Brent Cook
6a0a410cad
fix minor issue typing 'transport remove'
...
meterpreter > transport remove
[-] Error running command transport: NoMethodError undefined method `end_with?' for nil:NilClass
2015-06-22 16:56:16 -05:00
Trevor Rosen
275e5ff15d
Merge branch 'master' into bug/MSP-12834/crawler-choke-on-save
2015-06-22 14:20:35 -05:00
Trevor Rosen
d53067b0b7
Fix ctype handling for body-less pages
...
#5515
2015-06-22 14:17:29 -05:00
Brent Cook
732192aeaf
move ntds from priv to extapi
2015-06-22 09:04:08 -05:00
Meatballs
48102aa6eb
Strip newlines so we dont add spaces
2015-06-21 19:13:55 +01:00
Meatballs
65adb7a770
Inlcude interactive channel logging
2015-06-21 17:00:51 +01:00
jvazquez-r7
bf7e0695d0
Land #5570 , @todb-r7 Removes references to Iconv gem, since it's deprecated
2015-06-19 17:19:03 -05:00
Meatballs
d267efbbbe
Get the filename right
2015-06-19 22:07:00 +01:00
Meatballs
30b2a4aefe
Dont need source
2015-06-19 21:58:14 +01:00
Meatballs
50cd15c52a
Add the logsink
2015-06-19 21:56:39 +01:00
Meatballs
64449d5035
Timestamp session output
2015-06-19 21:50:42 +01:00
Brent Cook
252b573ea8
Land #5547 , configurable auto session timeout
2015-06-19 15:35:33 -05:00
wchen-r7
0b0cc3631b
Land #5569 , Correct service name for mssql for scanner detection
2015-06-19 15:33:05 -05:00
Meatballs
a5469fd906
Remove redundant methods
2015-06-19 21:28:47 +01:00
wchen-r7
bd097e3264
Land #5497 , Refactor LoginScanner::SNMP to be fast and less buggy
2015-06-19 14:57:36 -05:00
jvazquez-r7
34d5d92646
Land #5555 , @Th3R3p0's support for for RFB Version 4
2015-06-19 14:15:04 -05:00
Greg Mikeska
d672ac1601
Correct service name for mssql for scanner detection
2015-06-19 13:54:31 -05:00
jvazquez-r7
7eeb8805ee
Do minor code cleanup
2015-06-19 13:37:02 -05:00
wchen-r7
ef57afbfcf
Explain about performance problems
2015-06-19 13:35:14 -05:00
Tod Beardsley
01e37386dd
Add some YARD docs to the ebcdic methods
2015-06-19 12:59:47 -05:00
Tod Beardsley
a004c72068
Get rid of the encode test and iconv fallback
2015-06-19 12:30:20 -05:00
Tod Beardsley
afe5bb54c3
Get rid of the fall through methods
2015-06-19 12:24:07 -05:00
Tod Beardsley
34ece37f26
First off, iconv is gone, and zlib is stdlib
2015-06-19 12:17:43 -05:00
wchen-r7
9da99a8265
Merge branch 'upstream-master' into bapv2
2015-06-19 11:36:27 -05:00
OJ
8656add0ad
Add uri parameter when removing http/s transports
2015-06-19 10:55:22 +10:00
Brent Cook
7f27fd0cf2
adjust for user name size changes
2015-06-18 11:17:08 -05:00
g0tmi1k
ce9481d2b7
Inconstancy - If datastore['VERBOSE'] vs vprint
2015-06-18 09:27:01 +01:00
wchen-r7
e549580ad2
Linux doesn't like the uppercase
2015-06-18 00:40:47 -05:00
wchen-r7
5fa864b097
done with rspec
2015-06-17 16:23:39 -05:00
Th3R3p0
8ea09532c8
removed a debugging line
2015-06-17 13:13:00 -04:00
Th3R3p0
e30b0e0cda
forced client to version 3 for servers and added comments. This adds support for RFB version 4 servers. Tested on 004.001
2015-06-17 12:57:24 -04:00
Th3R3p0
772a5dd7df
Created array and added support for version 4
2015-06-17 12:31:51 -04:00
William Vu
dc07938668
Land #5550 , custom exe_filename for to_exe_vba
2015-06-16 19:10:49 -05:00
g0tmi1k
37546c7e18
to_exe_vbs - Allow for exe_filename to be defined
2015-06-17 01:13:33 +01:00
g0tmi1k
b40e9f6d46
util/exe - replace tabs with spaces
...
...formatting should be okay still
2015-06-17 01:10:18 +01:00
g0tmi1k
3410782fe9
Capitalized 'Accepted'
2015-06-16 19:42:32 +01:00
OJ
9dbdaf13ea
Add AutoVerifySessionTimeout Meterpreter advanced option
2015-06-17 00:20:59 +10:00
OJ
9573c7e415
Implement transport remove
2015-06-16 11:38:59 +10:00
William Vu
8d640a0c8f
Land #5527 , multi/handler -> exploit/multi/handler
2015-06-15 10:23:26 -05:00
benpturner
b3754d750f
Compression on a pre-script does not work in this context. Removed the elsif part of this code
2015-06-14 22:46:42 +01:00
RageLtMan
d9c046449d
Fix comparison of string to Fixnum
2015-06-14 16:55:46 -04:00
RageLtMan
6d5e0b93d3
Use random id generator appropriately
...
Powershell::Script includes a random generator (@rig) which can
produce non repeating randomized identifiers to be used as var
names within the PSH code.
Unwrap script handling in powershell env stager to instantate a
method-local Powershell::Script object and access its :rig to
generate identifiers.
2015-06-14 14:53:51 -04:00
HD Moore
ab6f3a7373
Fix #5531 , the ```stage_payload``` method does not take arguments.
2015-06-13 18:26:56 -05:00
g0tmi1k
6dcc9b7dab
More inconsistencies
2015-06-12 21:59:15 +01:00
HD Moore
7c91aee7a8
Dont use a "connected" to keep compat with BSD
2015-06-09 20:33:46 -05:00
David Barksdale
91a06fb6fb
TFTP::Client retransmit lost data blocks on upload
...
Retransmit data blocks until we receieve a matching ACK.
2015-06-09 15:53:33 -05:00
wchen-r7
6eb25743e3
Merge branch 'upstream-master' into bapv2
2015-06-09 10:10:00 -05:00
jvazquez-r7
ca7d6ec2d8
Account registers correctly on geteip_fpu
2015-06-08 16:35:23 -05:00
jvazquez-r7
f8623ebdda
Add support for stage encoding to alpha_upper
2015-06-08 14:35:48 -05:00
jvazquez-r7
11f2712a43
Use push instead of concat for single registers
2015-06-08 13:53:03 -05:00
wchen-r7
07d1282afb
Correct file naming for better Ruby coding style
2015-06-08 12:17:49 -05:00
jvazquez-r7
890d9890e2
Account geteip_fpu modified registers
2015-06-08 12:00:14 -05:00
David Maloney
2a474c8375
Merge branch 'master' into feature/MSP-12358/ntds-dump-module
2015-06-08 11:42:03 -05:00
wchen-r7
5a6a16c4ec
Resolve #4326 , remove msfpayload & msfencode. Use msfvenom instead!
...
msfpayload and msfencode are no longer in metasploit. Please use
msfvenom instead.
Resolves #4326
2015-06-08 11:30:04 -05:00
jvazquez-r7
a77a4bd4c5
Account alpha_mixed modified registers
2015-06-08 11:16:24 -05:00
HD Moore
edcd1e3bf9
Land #5504 , handle cases where the script may be empty
2015-06-07 14:20:00 -05:00
HD Moore
1f11cd5470
Lands #5446 , support for 64-bit native powershell payloads
2015-06-07 14:16:19 -05:00
benpturner
20b605e7cb
Remove duplicate exec
2015-06-07 18:11:11 +01:00
RageLtMan
537dc6e218
Update Payload Cached Sizes fails in PSH Script
...
When attempting to update cached payload sizes which utilize the
Rex::Powershell functionality, the BRE block which appropriates
initial code is called with the 'code' variable being a nil which
results in:
```
lib/rex/powershell/script.rb:40:in `initialize': no implicit
conversion of nil into String (TypeError)
```
This throws a conditional into the File.open call which presents an
empty string instead of a nil. This still results in the rescue
block having to catch the exception, but manages to keep the
payload size updating script happy an retains consistent
behavior.
2015-06-07 11:42:24 -04:00
RageLtMan
a46510465d
Fix older Windows payloads to not require UUID
...
Default Windows payload to not include_send_uuid for compatibility.
2015-06-07 02:58:31 -04:00
HD Moore
bd36908383
Fix #5500 by checking for session.respond_to?(:response_timeout)
2015-06-06 17:07:03 -05:00
William Vu
d4ddc53856
Fix #5499 , small fix for line clearing
2015-06-06 15:58:45 -05:00
William Vu
f761d411c4
Adjust line clearing to cover only the text
2015-06-06 15:58:23 -05:00
William Vu
89e7dc6cf2
Land #5499 , polish dem spinners
2015-06-06 15:21:09 -05:00
HD Moore
2942cb165f
Land #5415 , changes spaces in PSH shell output
2015-06-06 14:55:33 -05:00
HD Moore
fe09d9888e
Small rework of the spinners, clear the line when done
2015-06-06 14:30:42 -05:00
HD Moore
c80017992a
A dirty patch for a number of Net::DNS/dns_enum issues
2015-06-06 13:48:52 -05:00
HD Moore
cec20ec5d9
Handle a rare corner case
2015-06-06 11:46:19 -05:00
HD Moore
6b05302059
Fixes #5459 , refactors LoginScanner::SNMP
2015-06-06 00:50:55 -05:00
wchen-r7
4b6dcbb9d9
remove junk method
2015-06-05 22:03:56 -05:00
wchen-r7
7ca15f1ae1
Update select_payload doc
2015-06-05 21:06:20 -05:00
wchen-r7
4e058c942e
Fix typo
2015-06-05 21:04:22 -05:00
wchen-r7
a7fa434e89
If exploit list is empty, have the option to return content
2015-06-05 21:03:24 -05:00
wchen-r7
fb8abe54fc
This will continue loading the rest of the exploits
2015-06-05 17:52:40 -05:00
wchen-r7
188b15b17f
Fix the symbol vs string prob
2015-06-05 16:18:56 -05:00
Brent Cook
0f4304c2dd
Land #5494 , handle short reads from mysql
2015-06-05 12:52:04 -05:00
Brent Cook
bb9439e463
land #5487 , refactor and fix save function for db_nmap
2015-06-05 12:31:23 -05:00
wchen-r7
e1c30e973d
Fix SRVHOST
2015-06-05 12:14:43 -05:00
William Vu
15916f0ab0
Backport an upstream fix for a nil header
...
353d5951da
7c984ea66e
2015-06-05 11:51:40 -05:00
wchen-r7
f8c5e5a70a
Don't show "Server stopped"
2015-06-05 11:16:43 -05:00
wchen-r7
ecdeeea5c6
Make sure super is called
2015-06-05 11:11:40 -05:00
wchen-r7
be60f964c6
Call super for cleanup
2015-06-05 10:50:52 -05:00
wchen-r7
69968fc9f1
Merge branch 'upstream-master' into bapv2
2015-06-04 23:36:24 -05:00
wchen-r7
910ae8a480
Fix #5461 , actually stop a job from the RPC service
...
Fix #5461 . The RPC service is incorrectly using the wrong method to
stop a job, this patch should fix that.
2015-06-04 23:09:55 -05:00
William Vu
a53a68cfc2
Refactor db_nmap and fix the save option
2015-06-04 18:40:19 -05:00
OJ
26785b34f1
Land #5483 : Use the correct help output for the ps command
2015-06-05 07:30:15 +10:00
Brent Cook
346ea40d66
fix some alignment, add usage
2015-06-04 16:14:31 -05:00
Brent Cook
06cc759080
Use the correct help output for the ps command
...
It should not look like this:
```
meterpreter > ps -h
Usage: ps [ options ]
OPTIONS:
-S Search string to filter by
-h This help menu
```
It should not not look like this:
```
meterpreter > ps -h
Use the command with no arguments to see all running processes.
The following options can be used to filter those results:
OPTIONS:
-A <opt> Filters processes on architecture (x86 or x86_64)
-S <opt> String to search for (converts to regex)
-U <opt> Filters processes on the user using the supplied RegEx
-h Help menu.
-s Show only SYSTEM processes
```
2015-06-04 16:06:07 -05:00
wchen-r7
7de78c1d69
Land #5447 , more info about using the deprecated report_auth_info
2015-06-04 12:37:22 -05:00
wchen-r7
be709ba370
Merge branch 'upstream-master' into bapv2
2015-06-04 10:33:07 -05:00
David Maloney
5d68a8167b
handle unicode changes
...
changed everything to utf-8 , so several sizes
on the ruby side needed to be changed to account for this
MSP-12358
2015-06-02 12:46:21 -05:00
Samuel Huckins
27ddee4241
Merge branch 'master' of github.com:rapid7/metasploit-framework
2015-06-02 08:54:47 -05:00
jvazquez-r7
d22dda2bab
Provide more context and references
2015-06-01 10:33:40 -05:00
benpturner
9d1a7cead4
New modules to support 64bit process powershell.
2015-06-01 16:11:23 +01:00
Samuel Huckins
a0bcbd1fe5
Merge branch 'master' of github.com:rapid7/metasploit-framework
2015-06-01 09:55:20 -05:00
Brent Cook
64e86165ef
remove android meterpreter bins, update to payloads 1.0.2
...
This switches us to using the Android payload files from the
metasploit-payloads gem
2015-06-01 09:14:31 -05:00
Brent Cook
70ef1b83f9
Merge branch 'master' into land-5366-android
2015-06-01 09:07:55 -05:00
wchen-r7
5c890004b8
Do stop_service in cleanup
2015-05-29 18:32:57 -05:00
wchen-r7
28d35a5bf4
Update doc
2015-05-29 18:03:56 -05:00
wchen-r7
58c5767330
Don't need stderr.puts
2015-05-29 17:41:29 -05:00
wchen-r7
0384b115e9
Fix reload bug
2015-05-29 17:41:02 -05:00
OJ
3dd3ef5edb
Merge branch 'upstrea/master' into winhttp-ie-proxy
2015-05-30 08:03:43 +10:00
jvazquez-r7
af326a4f88
Use compatible_payloads instead of copy and paste
2015-05-29 16:55:19 -05:00
Brent Cook
6d488c63d4
php UUIDOptions->UUID::Options
2015-05-29 16:33:03 -05:00
Brent Cook
b8a8e65c2c
Merge branch 'master' into land-5394-uuid-tracker
2015-05-29 16:22:45 -05:00
Brent Cook
7b0006a1b2
Merge branch 'master' into land-5394-uuid-tracker
2015-05-29 15:41:31 -05:00
Brent Cook
96a1e1b344
Land #5367 , add UUID stagers
2015-05-29 15:18:53 -05:00
wchen-r7
defda01d87
Some doc
2015-05-29 15:09:29 -05:00
wchen-r7
b33ace2f44
Put is_payload_compatible? in exploit.rb
2015-05-29 15:07:59 -05:00
wchen-r7
13779adab4
Merge branch 'upstream-master' into bapv2
2015-05-29 14:59:04 -05:00
wchen-r7
6be363d82a
Merge branch 'upstream-master' into bapv2
2015-05-29 14:58:38 -05:00
jvazquez-r7
1be04a9e7e
Land #5182 , @m-1-k-3's exploit for Dlink UPnP SOAP-Header Injection
2015-05-29 14:49:09 -05:00
jvazquez-r7
8b2e49eabc
Do code cleanup
2015-05-29 14:45:47 -05:00
Brent Cook
340792aae4
don't jump past the uuid sender on win32/tcp connect
2015-05-29 14:34:27 -05:00
wchen-r7
dab9a66ea3
Use current ruby hash syntax
2015-05-29 13:43:20 -05:00
Brent Cook
7d5af66fa0
Merge branch 'master' into land-5367-uuid-stagers
2015-05-29 13:00:35 -05:00
Brent Cook
8f747d2541
Land #5382 , add meterpreter session reconnect RPC call
2015-05-29 12:53:15 -05:00
Samuel Huckins
f6a8982fd7
Merge branch 'master' of github.com:rapid7/metasploit-framework
...
Please enter a commit message to explain why this merge is necessary,
2015-05-29 12:49:45 -05:00
RageLtMan
0d0dbaab60
Fix :gsub! delegator for Powershell::Script
2015-05-29 05:08:27 -04:00
RageLtMan
f575b31d58
Remove double assignment typo
2015-05-29 05:05:35 -04:00
RageLtMan
1a08da09cb
Fix compression check logic
...
Initial check logic would compress any script, even those which
would not need it since an uncompressed script fitting the buffer
would likely fit compressed (unless its uncompressable and the
decoder stub overflows). Ensure that compression occurs only when
a compressed script would fit while the uncompressed one does not.
2015-05-29 04:15:57 -04:00
RageLtMan
e9821f6a70
Update stage_psh_env method
...
Replace variable names with generated strings to increase entropy.
Add compression test for stager to determine if a compressed PSH
script will fit into the allowed space. If so, compress and exec
without staging.
Add variable name cleanup to stager mechanism - Remove-Variable
with -ErrorAction SilentlyContinue is called on each stager var
name after the stager executes.
TODO: Update method documentation
2015-05-29 04:04:51 -04:00
RageLtMan
f575fb8df9
Merge branch 'feature-merge_psh_updates_201505'
...
Conflicts:
lib/msf/core/post/windows/powershell.rb
Rename upload_script_via_psh to stage_psh_env within post PSH lib.
Perform the same rename within load_script post module.
2015-05-29 03:42:25 -04:00
wchen-r7
737559bcbb
Land #5180 , VBA Powershell for Office Macro
2015-05-28 19:55:27 -05:00
Samuel Huckins
19106a3ea4
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2015-05-28 08:15:12 -05:00
Spencer McIntyre
24b4dacec5
Land #5408 , @g0tmi1k fixes verbiage and whitespace
2015-05-27 21:02:02 -04:00
wchen-r7
583fccdbc8
Resolve #5404 , Check payload compatibility when using set payload
...
Resolve #5404 . This patch will check payload compatibility when
you are using set payload in msfconsole.
2015-05-27 18:28:08 -05:00
wchen-r7
5d0053e4ef
Move iframe instead of hiding, which seems to improve Flash reliability
2015-05-27 00:43:47 -05:00
wchen-r7
60cdf71e6c
Merge branch 'upstream-master' into bapv2
2015-05-26 15:56:48 -05:00
Brent Cook
d76a9c6565
Land #5409 , update cmd stager documentation.
...
Merge remote-tracking branch 'upstream/pr/5409' into upstream-master
2015-05-26 10:34:03 -05:00
benpturner
abd4ab548d
Edit spaces within the powershell session command
2015-05-25 20:10:29 +01:00
wchen-r7
3102741157
Don't need print_line
2015-05-25 11:54:58 -05:00
wchen-r7
3d5248f023
This is better
2015-05-25 11:46:18 -05:00
benpturner
e06f47b2bd
Updates load_script to have support for folders and to include the stager process in the mixin module for other post mods
2015-05-25 15:48:27 +01:00
OJ
307dcd09dd
Update payload cache sizes again
2015-05-25 20:12:20 +10:00
OJ
87bc198c82
x64 winhttp ie proxy support, autoconfig ignore
2015-05-25 20:01:37 +10:00
wchen-r7
db09b9846c
I think I found the speed back
2015-05-25 02:44:57 -05:00
wchen-r7
72112317cc
Update
2015-05-25 01:58:34 -05:00
wchen-r7
3efe22d5e2
This seems better, slower though
2015-05-25 01:42:34 -05:00
OJ
78176c4335
First pass of IE proxy support for winhttp x86
2015-05-25 15:44:35 +10:00
OJ
43f7054a5c
Refactor base64 stub into base module
...
As per @zeroSteiner's suggestion.
2015-05-25 11:51:01 +10:00
OJ
9e50114082
Merge branch 'upstream/master' into uuid-stagers
2015-05-25 11:22:35 +10:00
OJ
9042f141ff
Implement the IPv6 UUID bind stagers
2015-05-25 11:21:28 +10:00
wchen-r7
7089bd945a
This payload handling looks much better
2015-05-24 12:47:20 -05:00
Spencer McIntyre
6fb2da4f62
Fix #5391 , cmd stager documentation fixes
2015-05-23 13:56:49 -04:00
Michael Messner
10baf1ebb6
echo stager
2015-05-23 15:50:35 +02:00
wchen-r7
a376464710
It kind of blew up
2015-05-23 05:26:13 -05:00
wchen-r7
f378b45408
bug fixes, sorta
2015-05-23 05:06:15 -05:00
wchen-r7
7f4b51f0ff
Fix nil bug
2015-05-23 02:08:51 -05:00
wchen-r7
60b0be8e3f
Fix a lot of bugs
2015-05-23 01:59:29 -05:00
wchen-r7
916b7b83be
Change how we load payload handlers
2015-05-22 20:35:43 -05:00
jvazquez-r7
d10b20b7a3
Land #5251 , @hmoore-r7's second opportunity to Oracle connect
...
SYSTEM shouldn't have SYSDBA privileges by default anymore
2015-05-22 17:47:41 -05:00
jvazquez-r7
41a86b2e9b
add vprint_status
2015-05-22 17:46:56 -05:00
wchen-r7
6de75ffd9f
Merge branch 'upstream-master' into bapv2
2015-05-22 17:11:03 -05:00
jvazquez-r7
c201955fdf
Land #5387 , @wchen-r7's user-configurable HTTP timeout
...
Fixes #5219 , Add connection timeout and response timeout for HttpClient
2015-05-22 15:36:11 -05:00
jvazquez-r7
e0d9ee062f
Use HttpClientTimeout
2015-05-22 13:35:37 -05:00
wchen-r7
8fd468a89f
Get the dry-run feature right this time
2015-05-22 13:07:30 -05:00
wchen-r7
905fe73d78
Track clicks
2015-05-22 12:57:06 -05:00
wchen-r7
e8a32bdd10
Make MaxSessions/RealList/Custom404 work better
2015-05-22 12:40:56 -05:00
wchen-r7
2bb6f390c0
Add session limiter and fix a race bug in notes removal
2015-05-22 12:22:41 -05:00
Samuel Huckins
7a566ef347
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2015-05-22 08:00:17 -05:00
HD Moore
078438f66e
Update UUIDOptions -> UUID::Options
2015-05-22 00:30:05 -05:00
HD Moore
c17ee64d81
Merge branch 'master' into feature/uuid-registration
2015-05-22 00:29:16 -05:00
OJ
c07ff70f19
Add check for UUID payloads
...
Thankfully those payloads already had a flag that could be reused.
2015-05-22 15:11:12 +10:00
OJ
1c73c190fc
Add machine_id support to windows php meterp
2015-05-22 14:55:29 +10:00
Brent Cook
9ce669f878
Land #5328 : reworked x64 http/https stagers
2015-05-21 23:26:34 -05:00
OJ
10bd75348c
Merge branch 'upstream/master' into uuid-stagers
2015-05-22 13:07:25 +10:00
OJ
a6a274d3a3
Merge recent stager changes
2015-05-22 13:01:45 +10:00
HD Moore
9b17b63259
Switch to append mode for x86 service templates, fixes #5403
2015-05-21 20:42:20 -05:00
HD Moore
ea9059f930
Fix broken endian specification (<I vs I<)
2015-05-21 20:00:22 -05:00
Samuel Huckins
4890882beb
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2015-05-21 15:03:17 -05:00
wchen-r7
c29bb35e28
Change datastore name
2015-05-21 10:15:03 -05:00
David Maloney
356f361b40
add sid to the the yard docs
...
you win this round OJ ;)
MSP-12722
2015-05-21 09:30:09 -05:00
root
ee1a366e2b
Use select with ActiveRecord::Associations::CollectionProxy for subset selection
2015-05-21 11:04:03 +05:00
HD Moore
eac1663fed
Ensure that the base directory exists before creating the file
2015-05-21 00:40:49 -05:00
wchen-r7
3ee02d3626
Hmm bug
2015-05-21 00:36:40 -05:00
HD Moore
4622fa60eb
Register the init_* URLs and whitelist these
2015-05-21 00:22:41 -05:00
wchen-r7
31c60b48c8
Don't forget to doc
2015-05-21 00:08:04 -05:00
wchen-r7
6e8ee2f3ba
Add whitelist feature
2015-05-21 00:05:14 -05:00
HD Moore
27406204ed
Disable payload UUID registration by default
2015-05-20 23:56:15 -05:00
HD Moore
e07576ce20
Indicate whether a session has a registered UUID
2015-05-20 23:55:49 -05:00
wchen-r7
bdf30dd383
Land #5374 , --smallest option in msfvenom
2015-05-20 21:06:10 -05:00
HD Moore
a8d111ce89
Merge branch 'master' into feature/uuid-registration
2015-05-20 19:48:39 -05:00
HD Moore
ac0004ea0a
Implement IgnoreUnknownPayloads
2015-05-20 19:47:17 -05:00
RageLtMan
27e12754fe
Import Powershell libraries and sample post module
...
Sync critical functionality from Rex and Msf namespaces dealing
with encoding and processing of powershell script for exploit
or post namespaces.
Import Post module. Primarily adds a psh_exec method which will be
replaced in the next PR with @benpturner's work integrated into
the Post module namespace.
Provide a sample metasploit windows post module to show the
execution pipeline - entire subs process can be removed and the
module reduced to a psh_exec(datastore['SCRIPT']).
This commit is designed to provide sync between the SVIT fork and
upstream. Pending commits to be based on this work will provide
access to .NET compiler in the Post namespace to be used for
dynamic persistent payload creation on target and the import of
@benpturner's work.
2015-05-20 18:18:51 -04:00
wchen-r7
93900087c7
Resolve #5219 , user-configurable HTTP timeout
...
Resolve #5219
2015-05-20 13:30:45 -05:00
Brent Cook
e34c751034
only use regex matches if they are specified
2015-05-20 12:22:36 -05:00
RageLtMan
e9be0d3f7a
Allow cmd_arp to use -S flag
...
Allow searching for regex' through ARP output using Table's new
'SearchTerm' parameter.
Example:
```
meterpreter > arp -S 10.2.1.1
ARP cache
=========
IP address MAC address Interface
---------- ----------- ---------
10.2.1.1 00:01:02:03:04:05 15
```
2015-05-20 11:26:06 -05:00
RageLtMan
b20c1c51b5
Import -S option for netstat
...
Allow searching through netstat output tables for specific strings.
Example:
```
meterpreter > netstat -S 192
Connection list
===============
Proto Local address Remote address State User Inode PID/Program name
----- ------------- -------------- ----- ---- ----- ----------------
tcp 10.1.1.20:3389 192.168.100.186:38470 ESTABLISHED 0 0 3076/svchost.exe
tcp 10.1.1.20:63826 192.168.100.186:31158 ESTABLISHED 0 0 4568/powershell.exe
tcp 10.1.1.20:64887 192.168.100.186:31158 ESTABLISHED 0 0 -
```
2015-05-20 11:26:06 -05:00
Brent Cook
e4165d3ae0
whitespace fixes
...
from @sempervictus
2015-05-20 11:26:04 -05:00
Brent Cook
66bd881ac5
support filtering on processes with a regex
...
from @sempervictus
Merge forked changes to cmd_ps allowing for the use of string
matching on listing output via Rex::Ui::Text::Table's SearchTerm
facility
Example:
```
meterpreter > ps -S x64.*Auth.*Sys
Process list
============
PID Name Arch Session User Path
--- ---- ---- ------- ---- ----
400 smss.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\smss.exe
...
```
2015-05-20 11:25:56 -05:00