853d822992
Merge pull request #1 from bcook-r7/land-5380-pageantjacker
...
update pageantjacker to run as part of extapi
2015-09-23 09:45:53 +01:00
30102d4526
No longer needed.
2015-09-22 17:05:30 -05:00
d90f87449a
Fix merge
2015-09-22 16:55:01 -05:00
7d2a2a8b64
Fix issues with using hop for new core
2015-09-22 16:54:02 -05:00
6482083b6b
revert WfsDelay short-circuit on exploit failure
...
Some exploits currently succeed, but can fail during cleanup, leading to a
false-negative. Reverting this so that the affected exploits can be fixed
first.
This reverts commits b0858e9d46b3f754136e
2015-09-22 14:43:03 -05:00
66b453edd6
ensure the database cache is always updated, present accurate reporting on search
2015-09-22 12:56:26 -05:00
1bd472107b
Land #5996
...
Missing service in looking up vulns by refs now handled.
2015-09-22 12:16:42 -05:00
8b10cbe3fd
Query for vulns without specifying service when service is nil
...
MSP-13284
2015-09-22 10:50:23 -05:00
46e00389c4
Adjust payload size for stageless in prepend migrate
2015-09-22 18:07:53 +10:00
9230b04674
Update match result creation logic
...
MSP-13119
* Look up match on match set for the run
* If no match exists in the match set for the vuln, attempt to create a match for the vuln
2015-09-22 00:24:38 -05:00
62ff291713
Fix msfrop metasm require
2015-09-21 13:19:23 -05:00
0cc6b53d59
Land #5905 , support newer OpenVAS formats.
2015-09-21 10:30:25 -05:00
cdd39f52b1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into pageant_extension
2015-09-21 14:34:56 +02:00
e8e4f66aaa
Merge branch 'master' of ssh://github.com/stufus/metasploit-framework into pageant_extension
2015-09-21 14:34:38 +02:00
61e7e1d094
update pageantjacker to run as part of extapi
2015-09-20 20:25:00 -05:00
98da192c70
Land #5615 , Updated YARD Documentation for EXE.rb
2015-09-18 13:36:11 -05:00
0bf20993ec
Fix more doc
2015-09-18 13:35:31 -05:00
d3a73149a2
Add specs around match result creation in exploit attempt
...
MSP-13119
2015-09-18 12:04:45 -05:00
6f19e30723
Merge branch 'staging/hd-wfs' into feature/hd-wfsdelay
2015-09-17 13:07:56 -05:00
c8b27e0563
Land #5889 , @jlee-r7's favors metasm as a gem
2015-09-16 17:01:01 -05:00
c7afe4f663
Land #5930 , MS15-078 (atmfd.dll buffer overflow)
2015-09-16 15:33:38 -05:00
5cf3ac23e2
Fix no method defined error when run_id is not passed down
...
* run_id is an optional param so we handle when it isn't set on user data
MSP-13119
2015-09-16 15:32:48 -05:00
b0858e9d46
Style tweak re: TheLightCosine's feedback
2015-09-16 08:15:26 -07:00
b7572d5494
Handle both serialized & unserialized cases on import
2015-09-16 08:11:15 -07:00
ef043cebc3
Always use the stringified host->address during export
2015-09-16 02:59:11 -07:00
382e01d680
Add comments and use run scope on match
...
MSP-13119
2015-09-15 15:09:26 -05:00
621af7311c
Merge branch 'master' of github.com:rapid7/metasploit-framework into bug/MSP-13119/rework-match-result-creation
2015-09-15 14:35:07 -05:00
eb479318b1
Use existing run for match result or create a new one if it doesnt exist
...
MSP-13119
2015-09-15 14:34:44 -05:00
b3f754136e
Skip WfsDelay when the exploit has clearly failed
2015-09-15 08:04:23 -07:00
c7f15ca940
Rework how match results get created
...
MSP-13119
* Create match result when we create vuln attempt
2015-09-14 12:18:47 -05:00
713ded7ca2
Ignore SMB exceptions during fingerprinting
...
This fixes smb_version in cases where the remote server throws a Login error
for the default creds (null session).
2015-09-14 09:35:44 -07:00
ad0140e0fc
Land #5864 , @jlee-r7's fixes x64 injection
2015-09-11 16:09:37 -05:00
a1a7471154
Land #5949 , is_root? for remove_lock_root
2015-09-11 02:09:14 -05:00
f2ccca97e0
Move require 'msf/core/post/android' to post.rb
2015-09-11 01:56:21 -05:00
53f995b9c3
Do first prototype
2015-09-10 19:35:26 -05:00
86b9535a50
Land #5944 , Nmap parser open|filtered -> unknown
2015-09-10 16:37:42 -05:00
0bb03db786
Rework vuln lookup logic to account for vuln with no service (nexpose import vuln with -1 port)
...
MSP-13234
2015-09-09 13:21:05 -05:00
e88a14aee6
Rework exception handler for exploit simple
...
MSP-13233
2015-09-09 11:51:18 -05:00
4aae9b8272
support upgrading a powershell session to meterpreter
2015-09-08 15:37:42 +02:00
e97056a367
When the port state is open|filtered should be unknown, no open
2015-09-07 22:52:03 +02:00
eaf51a2113
Land #5722 , @vallejocc's busybox work
2015-09-04 13:36:44 -05:00
da221b82a8
Initialize dir
2015-09-04 11:07:49 -05:00
7665747d1c
Land #5736 , certutil cmdstager
...
Ferreal this time.
2015-09-03 14:21:21 -05:00
82b27c9038
Revert "Land #5736 , certutil cmdstager"
...
This reverts commit 93eb42dfa3
2015-09-03 14:18:28 -05:00
9ccd95af26
Land #5916 , fix encoding when badchars contains -
2015-09-03 13:42:45 -05:00
93eb42dfa3
Land #5736 , certutil cmdstager
2015-09-03 13:13:24 -05:00
70b5336356
Merge branch 'upstream-master' into land-5890-android-post-api
2015-09-03 09:51:35 -05:00
895b692b0d
Land #5914 , prevent loading cached modules outside of the load path
2015-09-03 09:29:13 -05:00
ccd0a06353
Use ===
2015-09-03 01:10:13 -05:00
1440f31756
Land #5637 , resiliency improvements to TCP stagers
2015-09-02 22:50:12 -05:00
9767de9bd0
Truncate payload size to 32 bits
2015-09-03 11:56:59 +10:00
6820e8dc03
Land #5926 , @hmoore-r7's fix for #5716
...
Addresses a bug with IPMI RAKP messages having a malformed length field
2015-09-02 17:50:07 -07:00
9f1f797031
Skip substitution if badchars is empty
2015-09-02 18:52:53 -05:00
01cbd842ad
Updates based on @jlee-r7's feedback
2015-09-02 18:42:34 -05:00
9f9bbce034
Land #5840 , add LLMNR & mDNS modules
2015-09-02 18:30:29 -05:00
0120e5c443
Cosmetic tweaks, don't report duplicate responses
2015-09-02 18:30:03 -05:00
ab91d1cc92
More style cleanup
2015-09-02 14:01:12 -07:00
4d77e777fa
Remove explicit CLASS options from llmnr mixin
...
use parent's instead
2015-09-02 13:58:48 -07:00
27174e2bfd
Revert "Bump scanner THREADS to 10 by default"
...
This reverts commit f537f91943
2015-09-02 13:55:48 -07:00
5699908240
Style cleanup
2015-09-02 13:48:01 -07:00
25a22860b7
Summarize MDNS/LLMNR responses
2015-09-02 13:43:26 -07:00
9e98385417
Fix #5716 by correctly setting the data length
2015-09-02 15:16:25 -05:00
55251ffe17
Slightly better output. Unsure if this will work with all response types
2015-09-02 11:21:54 -07:00
24dd454127
Land #5912 , adds timeout option to migrate
2015-09-02 13:08:22 -05:00
54f79e72bb
Initialize writable_dir in the main block
2015-09-02 13:08:07 -05:00
3d04d53e3a
first pass at better output and report_service
2015-09-02 10:31:46 -07:00
cefb7c83f3
Fix call to migrate
2015-09-02 15:37:34 +10:00
1aa7c596ce
Land #5967 , add PACKETSTORM reference types.
2015-09-01 23:25:26 -05:00
77f56c563b
Land #5867 , add PACKETSTORM reference types
2015-09-01 23:25:01 -05:00
8191fac90f
Fix #5907 by replacing String#delete with String#gsub
...
The String#delete method treats the argument as a transliteration. This means that hyphens (-) either
turn into a character range or they throw an error if the range is invalid. This ended up breaking
one encoder and may be the root cause of other hard-to-reproduce bugs.
2015-09-01 18:37:28 -05:00
0d2df33900
Fix two typos, add help detail
2015-09-02 09:35:51 +10:00
27cd0597d7
Land #5908 , default to SSL autoneg, add explicit TLS 1.1/1.2 support
2015-09-01 18:21:51 -05:00
de8205a42e
Fix the defaults for module_info_by_path_from_database!
2015-09-01 17:48:56 -05:00
409f2bd016
Agh, didn't mean to enable that
...
It's never worked
2015-09-01 16:34:28 -05:00
2cd6b1c2df
Update parser, fix UseMasterPassword bug
2015-09-01 22:05:47 +01:00
21ab4531d2
Land #5910 , move help fxn for ps
2015-09-01 14:23:25 -05:00
b8458d6ec7
Land #5705 , allow removing transports by index
2015-09-01 14:08:48 -05:00
b273893947
use URI.parse over a custom regex
2015-09-01 14:07:05 -05:00
148a5ba78e
A better solution for the spec coverage
2015-09-01 13:45:46 -05:00
31087ff33e
Refresh after cache rebuild should use the active module paths
2015-09-01 13:39:15 -05:00
5addf899b2
Refactor, same intent as before, just faster and correct.
2015-09-01 13:15:44 -05:00
2b03487e1f
Fix the module cache rebuild logic
2015-09-01 12:38:20 -05:00
d84caeca72
Ignore cached modules outside of load path, only load cache once on startup
2015-09-01 12:31:05 -05:00
299ceb7087
Add timeout option for migration
...
This commit changes the migrate function so that an optional timeout parameter can be given. This means that people in high-latency scenarios can extend the timeout when migration in order to increase the chances that things will work.
2015-09-01 22:53:30 +10:00
696bc95838
Merge branch 'upstream/master' into adsi-file-output
2015-09-01 17:25:13 +10:00
ef73f56201
Add -o parameter to adsi query functions
...
This allows for the output of the query to be written to a file.
2015-09-01 17:03:41 +10:00
abfeb204b3
Move help functionality for ps command
2015-09-01 16:45:35 +10:00
ff6fbfa738
Land #5895 , rework of ADSI modules
2015-08-31 14:10:41 -07:00
92d74ffb3b
Default to SSLv23 (autonegotiate), fixes #5870
2015-08-31 13:30:05 -07:00
30830ad9e5
Land #5262 , fix webcam_chat and tidy adjacent code
2015-08-31 14:21:24 -05:00
fe69fc84de
expand the path environment variables before executing
2015-08-31 13:38:08 -05:00
fba751a986
Disable early returns
2015-08-31 12:13:42 -05:00
80f21b50c9
Fix #4227 by improving parsing of nested elements
2015-08-31 11:47:43 -05:00
8d0e0b973e
Fix array syntax
2015-08-28 14:12:23 -05:00
06712817cf
Fix specs
2015-08-28 14:06:04 -05:00
9c7f97d124
Fix methods name schema
2015-08-28 13:26:52 -05:00
6a75ad0162
Fix yard documentation
2015-08-28 13:23:30 -05:00
be7db10e7d
Fix busybox_write_file
2015-08-28 13:15:07 -05:00
50f7d99674
Clean get_writable_directory
2015-08-28 13:02:10 -05:00
3f7c8e03e2
Update workspace command to support deleting all workspaces
2015-08-28 10:23:41 -07:00
c4a3b4f18e
Add busy_box_file_exist?
2015-08-28 11:56:12 -05:00
8faf6f9cd0
Fix require
2015-08-28 11:51:26 -05:00
9db65ea8e5
Change module filename
2015-08-28 11:48:55 -05:00
0a95a1543f
Add spaces
2015-08-28 11:47:50 -05:00
b8b68983b0
Merge remote-tracking branch 'upstream/master' into adsi_group_enum_improvements
2015-08-28 15:11:27 +01:00
3a5ce02e8e
Changed the other print\n lines to print_line() for consistency
2015-08-28 14:05:44 +01:00
266a6e7dc4
Changed to print_line() at the request of hdm
2015-08-28 11:35:51 +01:00
a2d5511e39
Land #5379 , new post modules to load into powershell sessions
2015-08-26 17:11:40 -05:00
b14889ad5c
Small typo fix
2015-08-26 17:09:33 -05:00
c1ba0aae7a
Land #5884 , fixes #5816 , nil exception in DNS resolver.
2015-08-26 14:55:58 -07:00
5cdf1aeef4
Added examples to the usage-help and run through msftidy
2015-08-26 19:33:09 +01:00
4bac21b7b9
Added command to list the domain controllers
...
Also added more information relating to the computers from LDAP
2015-08-26 15:33:54 +01:00
59cf75c5a8
Updated description to make it more obvious & added specific DC enumeration
2015-08-26 15:03:28 +01:00
7cee4d0ad1
Added the following commands:
...
adsi_group_enum - Lists all groups on the specified domain
adsi_nested_group_user_enum - Lists all users on the specified domain who are members of a given group DN (taking into account recursive/nested groups)
2015-08-26 14:14:15 +01:00
3f994e964d
Change method name and update rspec
2015-08-25 23:23:26 -05:00
6c89d0997c
Land #5855 , android offline collection support
2015-08-25 17:44:51 -05:00
1181600a69
Land #5575 , interactive channel logging
2015-08-25 16:23:51 -05:00
7ff828d000
Land #5573 , console and session log timestamps
2015-08-25 15:35:25 -05:00
026e6626f2
Added regular expression filtering for excess characters
2015-08-25 14:59:20 -05:00
3412f31f85
Add Android POST API
2015-08-24 18:37:25 -05:00
54dcd312f6
more style issues resolved
2015-08-24 18:07:31 -05:00
90a46fbcd0
update style issues
2015-08-24 17:58:24 -05:00
573f2b51a5
fix some crashes running webcam commands on webcamless machines
2015-08-24 16:51:43 -05:00
dfd00ad50b
prefer catching RuntimeError
2015-08-24 16:42:33 -05:00
6977a12dd8
whitespace fixups
2015-08-24 16:39:17 -05:00
f96236d61f
remove redundant to_s and RuntimeError
2015-08-24 16:21:34 -05:00
4e8cc47299
remove superfluous SYSTEMDRIVE path
2015-08-24 16:19:16 -05:00
d372a6a16d
Gemify metasm
2015-08-24 15:53:24 -05:00
ec7a07e0bb
Move DLL prefix calculation to its own method
2015-08-24 14:05:24 -05:00
3c90ae1ebd
Use mov instead of lea for 64-bit absolute addrs
2015-08-24 13:51:54 -05:00
ed1065b297
Create MatchResult with status Failure on session failure
...
MSP-13104
2015-08-24 12:56:32 -05:00
6962fcf2fd
Check the query result before accessing the header
2015-08-24 09:22:42 -05:00
b37efd29b0
Modified module busybox_pingnet.rb to avoid sending an ash script but executing each ping command separately. Added some fixes. Modified spec file for busybox.rb.
2015-08-23 12:17:17 +02:00
b99f5bc672
Land #5874 , Consistency and API conformance changes to LES
2015-08-22 21:57:24 -05:00
83ca4e984f
Land #5772 , @wchen-r7's fixes #5753 , support Origin for the creds command
2015-08-21 16:07:45 -05:00
717b1bdd6a
Fix bugs: Empty -O, empty origins
2015-08-21 15:46:18 -05:00
d264802ce0
Consistency and API conformance changes to LES
2015-08-21 12:38:58 -05:00
0bb9324c8d
Pass HTTP::version_random_valid and HTTP::version_random_invalid
...
Fixes #5871
2015-08-20 10:05:42 -07:00
407d701fd9
Remove unnecessary version_random_case option
2015-08-20 10:05:16 -07:00
2e4944b8ec
Remove unnecessary version_random_case option
2015-08-20 10:05:04 -07:00
870e9f448e
Added PacketStorm (PKT) in References Display
2015-08-20 00:36:27 -03:00
21c349494f
Fix default buffer_register for x64
2015-08-19 19:01:35 -05:00
d71467f9e7
Allow x64 registers for buffer_register
2015-08-19 17:06:29 -05:00
bf39f53066
Add proper CreateThread stub for x64
2015-08-19 16:16:58 -05:00
68a802b980
Merge pull request #5834 from gmikeska-r7/bug/MSP-13064/SVV-validations-not-created
...
Bug/msp 13064/svv validations not created
2015-08-19 12:47:59 -05:00
99ab64727d
Land #5859 , add comparison cases for IP/IPv6 addresses in rex tables
2015-08-19 11:52:33 -05:00
f1ec92aba0
Land #5749 , http large file download fixes
2015-08-18 15:57:31 -05:00
015d045730
read max_size bytes at a time
2015-08-18 15:56:57 -05:00
56db3f2f87
Added YARD comments for busybox mixin.
2015-08-18 21:15:02 +02:00
5b173319f2
Fix up level rendering
2015-08-19 00:22:26 +10:00
884760f11d
Update the output format for the Wifi collection
2015-08-18 17:27:48 +10:00
5b35134f98
Land #5820 , DispatcherShell: Ensure exceptions don't interfere with busy state
2015-08-17 17:53:55 -05:00
98f6c7f01f
Land #5857 , use correct deserialization for hosts data
2015-08-17 17:33:07 -05:00
02e3e9af16
Allow to compare ipv4 vs ipv6 hosts
2015-08-17 14:52:26 -05:00
0bb01c8b6b
Fix nil bug with an empty database.yml
...
Use an empty hash instead of false.
2015-08-17 14:45:11 -05:00
0aa958dac0
Allow unserialization on hosts v5
2015-08-17 13:47:52 -05:00
a9ad7b7c6f
Modifications to use cmd_exec instead of session.shell_write.
...
Refactoring of common functions to a new Post mixin /lib/msf/core/post/linux/busybox.rb.
2015-08-17 18:24:22 +02:00
241593117b
First pass of the android interval collection
2015-08-18 00:53:25 +10:00
bf631869a7
Land #5835 , allow overriding stage2 lhost and lport values
2015-08-16 11:22:13 -05:00
92958bdf8b
prefer && to 'and' for consistent order-of-operations
2015-08-16 11:21:22 -05:00
ad149a1aec
Land #5819 , update stage_payload call arguments
2015-08-16 11:17:28 -05:00
5dd015150c
Land #5748 , refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter
2015-08-16 10:58:17 -05:00
422bba87d3
style fixes, moved google_geolocate to google/geolocate
2015-08-15 19:49:32 -05:00
875ac289e0
wait up to time_out seconds for output from the command
2015-08-15 19:44:48 -05:00
3615bd094d
limit the # of bssids sent to google, log more error details
2015-08-14 17:58:33 -05:00
f4031d87fc
light ruby style cleanups
2015-08-14 17:26:05 -05:00
3aab9aa74c
move BSSID checker to tools, fixup rubocop warnings, add OS X example
2015-08-14 17:13:11 -05:00
470779aae7
some doc fixes
2015-08-14 16:36:41 -05:00
3d92e9d71c
Land #5802 , add support for background colors in prompts
2015-08-14 15:02:51 -05:00
f25a5da46f
Do Minor fixes
2015-08-14 12:37:49 -05:00
3aa1f93196
Fixed string->uint
2015-08-14 17:45:47 +01:00
6b1e911041
Instantiate payload modules so parameter validation occurs
...
Calling .new on payload modules does not perform parameter validation, leading
to a number cached sizes based on invalid parameters. Most notably,
normalization does not occur either, which makes all OptBool params default to
true.
2015-08-14 11:35:39 -05:00
02a58d459b
Merge remote-tracking branch 'upstream/master' into pageant_extension
2015-08-14 17:05:38 +01:00
c257f8945b
Don't use now-removed files
2015-08-13 11:51:39 -07:00
9c77669ebf
Remove unnecessary files
2015-08-13 11:41:05 -07:00
92d0e212d9
Update Auxiliary::UDPScanner to collect all responses by default
2015-08-13 11:30:20 -07:00
61e23ad23e
Switch back to ::Net::DNS::Packet.new
2015-08-13 11:29:56 -07:00
4b41e8e42c
Fix Net::DNS::RR merge conflicts. really
2015-08-13 08:55:09 -07:00
3a7cea51b4
Merge master and fix Net::DNS::RR merge conflicts
2015-08-13 08:53:25 -07:00
6e75db090f
Fix comment
2015-08-12 21:11:48 -05:00
e9203060b0
Allow the hostname and port to be overridden, necessary for complex NAT setups
2015-08-12 16:20:14 -05:00
790356bac8
add infer_vuln_from_session to other valid case
...
MSP-13065
2015-08-12 15:45:37 -05:00
01b3ae2dd8
Revert "added infer_vuln_from_session to other valid case"
...
This reverts commit 53e747ce2e
2015-08-12 15:43:16 -05:00
53e747ce2e
added infer_vuln_from_session to other valid case
...
MSP-13064
2015-08-12 15:35:03 -05:00
802e35ff67
YARD Documentation for EXE.rb
2015-08-11 11:48:35 -05:00
6e684d46f2
Ensure exceptions don't interfere with `busy`
2015-08-10 12:11:37 -04:00
e141d1451c
Fix calls to stage_payload
2015-08-10 09:33:38 +10:00
0b6a52e162
bump metasploit-framework gemspec version to match pro
2015-08-04 14:25:44 -05:00
ef33f36bda
Remove untrusted il
2015-08-01 23:20:00 +01:00
2d9bc64457
Fix WMIC Post Library for SYSTEM
...
SYSTEM doesn't have a proper clipboard?
2015-08-01 23:11:09 +01:00
5bcb63476d
Add high integrity level check
2015-08-01 23:10:51 +01:00
de47f4752b
Added feature to add color background (Prompt)
2015-08-01 18:54:01 -03:00
deb6f5638e
Update WinSCP Gather
...
* Refactor parsing to common library to support command line tool
* Look in APPDATA not just ProgramFiles
* Iterate over user APPDATA
2015-08-01 20:44:14 +01:00
fcb7981199
Add BIND TKEY DoS
2015-08-01 06:01:35 -05:00
b40c36688c
check send retry count and abort in excess
2015-07-31 16:17:34 -05:00
6e146794a2
fix indents and style
2015-07-31 14:48:02 -05:00
629afd86fc
Land #5788 , local exploit suggestor
...
Good luck getting Mr. Robot, Elliot.
2015-07-31 11:43:53 -05:00
a112ccd023
Lnad #5660 , @wchen-r7's warbird check
...
* Fixes #4380
2015-07-31 10:25:43 -05:00
08338b73b2
Add get_target_arch and get_target_os
...
We cannot use session.platform to fingerprint the target's platform
and arch, because it's not really meant to be used that way.
2015-07-30 18:26:41 -05:00
61b2ca6675
Land #5781 , Msf::Format::Webarchive rename
2015-07-29 13:38:42 -05:00
Stuart
scriptjunkie
Brent Cook
Samuel Huckins
dmohanty-r7
OJ
Fernando Arias
jvazquez-r7
HD Moore
Stuart Morgan
wchen-r7
David Maloney
William Vu
Manuel Mancera
James Lee
Jon Hart
Meatballs
Joshua Smith
Mo Sadek
jvicente
Roberto Soares
Greg Mikeska
Alex Watt