Commit Graph

6176 Commits (d771f54e354bc43cace67a1fe130c46617ff51e0)

Author SHA1 Message Date
James Lee da2e088118
Land #4536, Ruby 2.2 compat fixes
Note that ActiveRecord 3.2.21 still has a similar warning that will
probably cause bugs, preventing full support for 2.2 until that's fixed.
2015-01-07 15:33:23 -06:00
Meatballs e3e9a64064
Land #4543, Update john.conf with korelogic rules 2015-01-07 21:30:44 +00:00
Meatballs 0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post
Conflicts:
	test/modules/post/test/services.rb
2015-01-07 20:53:34 +00:00
rastating 294cd80a08 Update documentation for wordpress_login 2015-01-07 18:32:52 +00:00
David Maloney 4ad7021336
give user option to turn on KoreLogic rules
the cracker modules in framework now have a datastore option
to allow the user to select the KoreLogicRules
2015-01-07 12:32:26 -06:00
David Maloney 702511dbc5
respect DB_ALL_USERS & DB_ALL_PASS
fix last few things in authbrute
and make the CredentialCollections understand the
additional seperate components

MSP-11986
2015-01-07 11:41:41 -06:00
David Maloney 7ff2ba0725
first pass on fixing DB_ALL authbrute stuff
DB_ALL_CREDS worked but DB_ALL_USER and DB_ALL_PASS
did not. working on fixing that.
This commit also does some nice DRY work in the auth_brute mixin

MSP-11986
2015-01-07 11:30:39 -06:00
Meatballs aef8c702d7
Filter creds by type 2015-01-07 17:19:31 +00:00
rastating e90e98547b Add configurable timeout to WordPress login 2015-01-07 17:06:31 +00:00
dmooray 478505c17a ruby 2.2 compatibility
https://bugs.ruby-lang.org/issues/10314
2015-01-07 11:41:34 +02:00
sinn3r 609c490b3c I missed nobfu 2015-01-06 12:49:39 -06:00
sinn3r 2ed05869b8 Make Msf::Exploit::PDF follow the Ruby method naming convention
Just changing method names.

It will actually also fix #4520
2015-01-06 12:42:06 -06:00
William Vu 0bece137c1
Land #4494, Object.class.to_s fix 2015-01-06 02:27:35 -06:00
Meatballs dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post 2015-01-05 22:18:44 +00:00
David Maloney fc91244252
insert deprecation error message
report_auth_info will now issue an error message
stating that the method is deprecated along with the module name
that called it

MSP-11919
2015-01-05 14:02:16 -06:00
David Maloney db8f260557
add some YARD docs to report_auth_info
add yard docs for the modified report_auth_info

MSP-11919
2015-01-05 13:58:25 -06:00
David Maloney 71d600e829
make report_auth_info create new creds and logins
report_auth_info coerces old data into the new credential
types as best as it is able

MSP-11919
2015-01-05 13:41:30 -06:00
sinn3r d45cdd61aa Resolve #4507 - respond_to? + send = evil
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.

Resolve #4507
2015-01-02 13:29:17 -06:00
Sven Vetsch b121e2c3fd adds a get and getg method besides the already existing set/setg and unset/unsetg 2015-01-02 12:40:24 +01:00
Christian Mehlmauer 056046f38b
update wordpress readme regex 2015-01-01 23:13:20 +01:00
Spencer McIntyre 6d966dbbcf
Land #4203, @jvazquez-r7's cleanup for java_rmi_server 2014-12-31 11:25:19 -05:00
Christian Mehlmauer 4f11dc009a
fixes #4490, class.to_s should not be used for checks 2014-12-31 10:46:24 +01:00
sinn3r 553030b22d
Land #4473 - Log backtraces by default 2014-12-30 18:13:33 -06:00
Christian Mehlmauer 6444d8ba64
use kind_of? for checking exceptions 2014-12-30 21:16:57 +01:00
sinn3r 9af3fd01d4 Fix response_timeout
response_timeout is a method specific to a meterpreter session, not
shell. So if the user is using a shell type payload, he will never
see a backtrace before interacting with the sessions.
2014-12-29 17:03:50 -06:00
sinn3r 555713b6ae
Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support) 2014-12-29 16:09:28 -06:00
Brent Cook f9b141c1e2
Land #4442, wchen-r7's configurable session response timeout option
fixes #4431
2014-12-29 13:02:47 -06:00
Christian Mehlmauer 3a73b40a1e
more error handling 2014-12-29 00:39:00 +01:00
Christian Mehlmauer 7b52bcb657
log errors into framework.log 2014-12-29 00:20:26 +01:00
jvazquez-r7 04772c8946 Ensure stop_service closes Rex::Proto::Http::Server 2014-12-26 13:50:03 -06:00
Brent Cook 725a17c70b override default attr for OptRegexp
Rather than literally returning the default Regex object, override the accessor
to return the string representation. This allows the RPC backend to properly
serialize the options hash values, since msgpack does not know how to serialize
a Regexp object. Fixes #3798.

To verify the fix, run the steps for issue #3798 and ensure that the module
options are returned instead of a backtrace. Also, ensure that the module
continues to work as expected:

```
$ ./msfconsole -q
msf > use auxiliary/scanner/http/scraper
msf auxiliary(scraper) > info

       Name: HTTP Page Scraper
     Module: auxiliary/scanner/http/scraper
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  et <et@metasploit.com>

Basic options:
  Name     Current Setting               Required  Description
  ----     ---------------               --------  -----------
  PATH     /                             yes       The test path to the page to analize
  PATTERN  (?i-mx:<title>(.*)<\/title>)  yes       The regex to use (default regex is a sample to grab page title)
  Proxies                                no        Use a proxy chain
  RHOSTS                                 yes       The target address range or CIDR identifier
  RPORT    80                            yes       The target port
  THREADS  1                             yes       The number of concurrent threads
  VHOST                                  no        HTTP server virtual host

override default attr for OptRegexp
Description:
  Scrap defined data from a specific web page based on a regular
  expresion

msf auxiliary(scraper) > set RHOSTS lwn.net
RHOSTS => lwn.net
msf auxiliary(scraper) > set RHOSTS 72.51.34.34
RHOSTS => 72.51.34.34
msf auxiliary(scraper) > set VHOST lwn.net
VHOST => lwn.net
msf auxiliary(scraper) > run

[*] [72.51.34.34] / [Welcome to LWN.net [LWN.net]]
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
2014-12-24 09:57:14 -06:00
Meatballs c2bcde24ef
Land #4377, Support DYNAMIC_BASE templates - resolves #4366 2014-12-23 11:57:33 +00:00
Joe Vennix e974d272f0
Remove stray line comment that ruined things when minified. 2014-12-23 00:22:50 -06:00
jvazquez-r7 f37cf555bb Use random subkey 2014-12-22 15:39:08 -06:00
jvazquez-r7 ad97457a39 Move more constants to Crypto 2014-12-22 15:27:16 -06:00
jvazquez-r7 75a2846377 Add more PAC constants 2014-12-22 15:14:46 -06:00
jvazquez-r7 5a6c915123 Clean options 2014-12-22 14:37:37 -06:00
sinn3r bcf659792e Restore original timeout 2014-12-22 12:34:52 -06:00
jvazquez-r7 f3b263f57d Use more crypto constants 2014-12-22 12:13:23 -06:00
jvazquez-r7 b96d172ccc Use constant names 2014-12-22 11:58:59 -06:00
jvazquez-r7 ff208002d7 Reorganize the Crypto mixin 2014-12-22 11:57:35 -06:00
jvazquez-r7 7a45918ecc Add specs for Msf::Kerberos::Client::TgsRequest 2014-12-22 11:28:24 -06:00
jvazquez-r7 8c62822ab9 Add specs for Msf::Client::Kerberos::AsRequest 2014-12-22 09:34:21 -06:00
jvazquez-r7 b469ff3567 Add doc references to Msf::Kerberos::Client::CacheCredential 2014-12-22 08:54:09 -06:00
jvazquez-r7 1f3eded4a8 Add specs for Msf::Kerberos::Client::CacheCredential 2014-12-21 23:47:40 -06:00
jvazquez-r7 7cb27408b2 Add doc references por spec'd mixins 2014-12-21 21:03:58 -06:00
jvazquez-r7 60d4525632 Add specs for Msf::Kerberos::Client::Pac 2014-12-21 17:49:36 -06:00
jvazquez-r7 e219b0b249 Add specs for Msf::Kerberos::Client::AsResponse 2014-12-21 01:12:00 -06:00
jvazquez-r7 9f1403a63e Add initial specs for Msf::Kerberos::Client::TgsResponse 2014-12-20 20:29:00 -06:00
jvazquez-r7 5f0c3ebb2b Add documentation for Msf::Kerberos::Client::TgsResponse and TgsRequest 2014-12-20 19:32:38 -06:00
jvazquez-r7 ffb319d703 Add documentation for Msf::Kerberos::Client::AsRequest 2014-12-20 18:57:49 -06:00
jvazquez-r7 8929cbd6b3 Fix typo 2014-12-20 18:29:50 -06:00
jvazquez-r7 e35218b6f1 Add documentation for Msf::Kerberos::Client::CacheCredential 2014-12-20 18:28:36 -06:00
jvazquez-r7 ca75b4b74a Add documentation for Msf::Client::Kerberos::Pac 2014-12-20 01:36:54 -06:00
jvazquez-r7 cf13dc8d53 Do build_ap_req 2014-12-20 01:25:20 -06:00
jvazquez-r7 422d3ce9b5 Take more care of options on build_tgs_request 2014-12-20 01:13:56 -06:00
sinn3r ad8bbf4477 Rescue rescue Rex::TimeoutError so the iteration can keep going 2014-12-20 01:12:30 -06:00
sinn3r a8e3ee033c Fix #4431 - Support arbitrary session response timeout
Fix #4431
2014-12-20 00:25:02 -06:00
jvazquez-r7 cd16e11b22 Make checksum from a method 2014-12-19 20:08:15 -06:00
jvazquez-r7 b0ac68fbc3 Create build_subkey method 2014-12-19 19:46:57 -06:00
jvazquez-r7 4a106089b9 Move options to build_tgs_request_body 2014-12-19 19:12:17 -06:00
jvazquez-r7 e6781fcbea Build AuthorizationData from the module 2014-12-19 18:59:39 -06:00
jvazquez-r7 9bd454d288 Build PAC extensions from the module 2014-12-19 18:47:41 -06:00
jvazquez-r7 04ef087434 Delete Microsoft namespace from the mixin 2014-12-19 18:41:27 -06:00
jvazquez-r7 b78765e584 Create PAC mixin component 2014-12-19 18:36:02 -06:00
jvazquez-r7 f332860c19 Clean creation of client and server principal names 2014-12-19 18:16:22 -06:00
jvazquez-r7 bd85723a9d Build pre auth array out of the mixin 2014-12-19 18:10:14 -06:00
Tod Beardsley d3050de862
Remove references to Redmine in code
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
jvazquez-r7 9cfc52b5af Extract build_as_request_body 2014-12-19 17:00:39 -06:00
jvazquez-r7 fcb801c729 Add Timeout datastore option 2014-12-19 16:53:12 -06:00
jvazquez-r7 d058bd5259 Refact extraction of kerberos cache credentials 2014-12-19 15:53:24 -06:00
jvazquez-r7 f4037b1003 Clean Kerberos Rex client code 2014-12-19 11:08:48 -06:00
jvazquez-r7 f325d2f60e Add support for cache credentials in the mixin 2014-12-18 16:31:46 -06:00
William Vu 723998e1d4
Land #4425, jobs tab completion NilClass fix 2014-12-18 15:25:57 -06:00
Spencer McIntyre 400bd9a094 Fix jobs NilClass tab complete bug 2014-12-18 15:43:04 -05:00
Trevor Rosen 80cd04d76a
Land #4332, test optimization for Cucumber
* Make Cuke run faster on TravisCI
2014-12-18 09:34:55 -06:00
jvazquez-r7 f3f6a64f02 Add some AS response methods to a mixin 2014-12-17 19:50:42 -06:00
jvazquez-r7 8e570cc19b Initial support to send TGS-REQ 2014-12-17 18:55:30 -06:00
Spencer McIntyre 549f3c69ff Dont crash when tab complete threads command with typos 2014-12-17 19:36:04 -05:00
Spencer McIntyre 698ca2639b Do not delete files that do not exist in rm_f 2014-12-17 09:18:06 -05:00
jvazquez-r7 662160ef61 Refactor mixin 2014-12-16 23:48:53 -06:00
jvazquez-r7 594b9bcfc2 Add support for AuthorizationData 2014-12-16 23:21:13 -06:00
HD Moore 9de4137aa7 Patch UA/Proxy settings during migration, lands #3632 2014-12-16 22:21:48 -06:00
Sean Verity 370f6003e3 Refactors metsrv patching in reverse_hop_htt.rb 2014-12-17 11:57:17 -05:00
Sean Verity 1930eb1bf8 Refactors metsrv patching in reverse_http.rb 2014-12-17 10:04:43 -05:00
jvazquez-r7 a93cbac7bf Support ticket encoding 2014-12-16 16:04:13 -06:00
sinn3r c2bc79c53c Resolves #4275 - Configurable variable name as an option
Resolves #4275
2014-12-15 23:59:34 -06:00
Brent Cook c24fdb81b5
Land #4389, Meatballs1's fix for enum_ad_* post module regressions
Fixes #4387 by adjusting for the new return type from ADSI queries.
2014-12-15 10:45:12 -06:00
jvazquez-r7 0abf5d147e Add some documentation 2014-12-14 00:51:44 -06:00
HD Moore e2617c7095
Return the workspace id in responses, lands #4142 2014-12-13 18:04:58 -06:00
HD Moore 6ea5ed1a82
Shrinks windows payloads, lands #4391 2014-12-13 17:41:50 -06:00
HD Moore f67a32ef9c
Add missing commits from #3770, lands #4393 2014-12-13 17:36:26 -06:00
Meatballs 5d18de2ebf
Fix legacy railgun LDAP implementation 2014-12-13 18:26:26 +00:00
HD Moore 92490ab5e8 Singles updated from the source 2014-12-13 12:22:07 -06:00
HD Moore 4681416a0f Update block_api with @schierlm's changes 2014-12-13 12:06:38 -06:00
jvazquez-r7 bde8c380c2 Make mixin run 2014-12-13 02:46:00 -06:00
HD Moore f676b72767
Add Kademlia scanner, lands #4210 2014-12-12 16:40:58 -06:00
Tod Beardsley 9545b6e4d6
Land #4343, os_flavor reduction 2014-12-12 14:49:15 -06:00
Tod Beardsley 177cade6a5 Merge branch 'land-4274-ssl' into temp 2014-12-12 13:25:54 -06:00
sinn3r 985245e8a1 Document method
Fix #4366 (support dynamic_base templates)
2014-12-12 01:22:32 -06:00
jvazquez-r7 78eb3325bc Add initial Rex Client and mixin 2014-12-12 01:20:14 -06:00
sinn3r b8e58d0f04 Support 32 and 64-bit for exe-only, and fix -k 2014-12-12 01:13:09 -06:00
sinn3r d311059e75 Fix DYNAMIC_BASE templates 2014-12-11 20:44:03 -06:00
James Lee 0c1d02c940
Fix event handlers on ruby 2
Fixes #4219
2014-12-11 20:08:45 -06:00
Tod Beardsley 0eea9a02a1
Land #3144, psexec refactoring 2014-12-10 17:30:39 -06:00
sinn3r 9202c4f2a1 No mercy for os_flavor 2014-12-10 11:46:21 -06:00
Spencer McIntyre d74a8f6c41 Include the datastore options for the encoder too 2014-12-09 16:32:41 -05:00
sinn3r a584a5982f Clarify about how BES uses os_flavor
We don't. We don't use os_flavor anymore because it is no longer
implemented. We get the information from os_name instead.
2014-12-09 12:21:59 -06:00
Spencer McIntyre 42710cc32e Error messages for the python meterpreter 2014-12-09 11:03:57 -06:00
Luke Imhoff 8c0610cb7a
Merge branch 'master' into feature/MSP-11671/test-optimization
MSP-11671

Conflicts:
	.travis.yml
2014-12-08 08:46:22 -06:00
jvazquez-r7 19effa7eb9 Fix feedback's review 2014-12-06 21:47:55 -06:00
jvazquez-r7 21742b6469 Test #3729 2014-12-06 21:20:52 -06:00
Jon Hart da92e4705c
Land #4319, @wchen-r7's fix for #4307 2014-12-05 12:08:39 -08:00
Tod Beardsley 0431720a07
Land #4294, msfconsole speedups on module load
Related to #4257 and #4195 vaguely, and possibly even #4147.
2014-12-05 13:45:11 -06:00
sinn3r abf199f924 Remove junk code 2014-12-05 11:01:34 -06:00
sinn3r cfc1acfcae Fix #4307 - Check action for nil
Auxiiary modules already do this, but looks like we forgot to do the
same for post modules.

I also changed the error to allow "reason" in order to be more
informative about what the user should do.

Fix #4307
2014-12-04 17:07:59 -06:00
Jon Hart 743e9fca9d
Correctly set default SECRET 2014-12-04 14:06:22 -08:00
Jon Hart 1e423f415e
Add missing opt , 2014-12-04 14:05:17 -08:00
Jon Hart 7f425fc3ab
Configurable fix for #4305
Rename UDP_SECRET to just SECRET, as it is used for more than just UDP

Rename and properly document GATEWAY option

Introduce an option to configure what UDP port will be probed
2014-12-04 13:17:34 -08:00
Meatballs 186d8bd359
Fix starts_with? 2014-12-04 20:16:56 +00:00
Jon Hart f22d7191cd Test fix for #4305 2014-12-04 10:59:57 -08:00
Jon Hart d8b1401545
Test fix for #4306 2014-12-03 19:54:31 -08:00
James Lee 8f2e444aca
Land #4281, ::Queue workarounds for 2.1.x
Conflicts:
	lib/msf/core/handler/reverse_tcp.rb
2014-12-03 15:48:20 -06:00
sinn3r f6f0050f56 Fix #3886 - Backtrace for #check when session is invalid
If the user supplies an invalid session (as in not on the session
list), it will cause a backtrace, because the setup method from
Msf::PostMixin isn't actually called.

We have thought about implementing this in a new OptSession instead.
But you can't use or even pass framework to option_container.rb, so
this is NOT possible.

The original PR was #3956.
2014-12-02 17:22:46 -06:00
Fernando Arias fb439258b9
Land #4298, arbitrary Ruby extension for replicant
MSP-11673

* Adds Msf::Module#register_extensions
* Extensions are arbitrary Ruby modules
* Allows overriding of psuedo callbacks
2014-12-02 14:59:37 -06:00
Luke Imhoff f696a5ab0e
msfconsole --defer-module-loads
MSP-11671

Add command line option --defer-module-loads to msfconsole.  It will
stop `Msf::Ui::Console::Driver` from calling
`framework.modules.init_module_paths` AND
`framework.modules.refresh_cache_from_database`.  This flag is only
meant to speed up msfconsole boot when modules do not need to accessed,
such as during cucumber testing of command help or command line options.
2014-12-02 14:41:32 -06:00
Trevor Rosen 2a033861dc
Just use constants directly
MSP-11673
2014-12-02 13:12:53 -06:00
Trevor Rosen 784e138b14
Extend replicants via arbitrary Ruby code
MSP-11673

* Implements a #register_extensions method on Msf::Module
* Any registered Ruby modules will extend the cloned module returned by #replicant
2014-12-02 12:18:30 -06:00
Luke Imhoff 35ff82c9d8
Merge branch 'bug/MSP-11672/double-init-module-paths' into feature/MSP-11671/msfconsole-defer-module-loads
MSP-11671
2014-12-02 11:57:47 -06:00
HD Moore fc96d011ab
Python reverse_http stager, lands #4225 2014-12-02 11:47:31 -06:00
Luke Imhoff 9272fe90ae
Merge branch 'master' into bug/MSP-11672/double-init-module-paths
MSP-11672
2014-12-02 11:23:51 -06:00
Luke Imhoff 90c6764426
init_module_paths once in msfconsole
MSP-11672

Pass `'DeferModuleLoads' => false` to `Msf::Simple::Framework.create` so
that `framework.modules.init_module_paths` is only called once (directly
in `Msf::Ui::Console::Driver#initialize`) instead of twice (in
`Msf::Simple::Framework.create` and `Msf::Ui::Console::Driver#initialize).
2014-12-02 10:28:23 -06:00
Luke Imhoff 653c71e029
Fail if init_module_paths called more than once
MSP-11672

Calling init_module_paths takes 6 seconds on my machine even when there are no
files to that are changed just because it takes that long to walk the
directories and gather the mtime for each file.  Therefore, calling it
more than once should be avoided.  Also, there is no reason to call it
twice as to add paths later, `modules.add_module_paths` should be used.
2014-12-02 10:17:09 -06:00
William Vu bd3d63a155
Land #4270, Msf::Author cleanup and improvements 2014-12-02 01:26:42 -06:00
Luke Imhoff 7e2b197f02
Document Msf::Simple::Framework.create
MSP-11671
2014-12-01 15:38:48 -06:00
Luke Imhoff 57cabb4f10
Document Msf::Simple::Framework.simplify
MSP-11671
2014-12-01 15:36:38 -06:00
William Vu 394d132d33
Land #2756, tincd post-auth BOF exploit 2014-12-01 12:13:37 -06:00
sinn3r c681654c10
Land #4252 - Rework meterpreter SSL & pass datastore to handle_connection() 2014-11-30 20:15:53 -06:00
HD Moore f139795663 Rework queue handling and error reporting, close #4249 2014-11-28 14:56:02 -06:00
Joe Vennix 2bd7a67413
Restructure parts of Author, fix some doc bugs. 2014-11-26 13:54:23 -06:00
William Vu a34e721353
Check for load errors in reload_all 2014-11-25 13:13:40 -06:00
Jon Hart 0ed356f71c
Move Kademlia stuff to a more OO model, etc, per reviews
All of the work is done in rex.  The msf mixin just prevents the
desire to call rex directly from the module
2014-11-24 14:03:43 -08:00
HD Moore 4dc1183ff5 Protecting it once seems like enough (typo) 2014-11-22 17:42:07 -06:00
HD Moore 673e21cfaf Rework meterpreter SSL & pass datastore to handle_connection()
This allows HandlerSSLCert to be used to pass a SSL certificate into the Meterpreter handler. The datastore has to be passed into handle_connection() for this to work, as SSL needs to be initialized on Session.new. This still doesn't pass the datastore into Meterpreter directly, but allows the Session::Meterpreter code to extract and pass down the :ssl_cert option if it was specified. This also fixes SSL certificate caching by expiring the cached cert from the class variables if the configuration has changed. A final change is to create a new SSL SessionID for each connection versus reusing the SSL context, which is incorrect and may lead to problems in the future (if not already).
2014-11-22 15:35:00 -06:00
HD Moore 823b4e259a Make it clear SSLVersion is not advertised since it isn't used 2014-11-22 14:25:09 -06:00
HD Moore 842a7a38d8 Change SSLCert to HandlerSSLCert to avoid conflicts with modules 2014-11-22 14:23:56 -06:00
HD Moore 9ed8c59459 Bring options over from reverse_tcp (bind address, etc).
Also includes the SSLCert => HandlerSSLCert change
2014-11-22 14:22:54 -06:00
Jon Hart e255db9429
Partial commit 2014-11-20 13:49:36 -08:00
Jon Hart 5d2c02f402 Initial commit of more OO version of Rex/Aux Kademlia support 2014-11-20 13:28:01 -08:00
HD Moore 2f92a83092 Change to example.com as the default domain 2014-11-20 14:53:36 -06:00
Meatballs 7004c501f8
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2
Conflicts:
	modules/exploits/windows/smb/psexec.rb
2014-11-19 14:40:50 +00:00
jvazquez-r7 dff6af0747 Restore timeout 2014-11-18 12:17:10 -08:00
jvazquez-r7 4844447d17 Use 20 seconds as default timeout
* Because it's the default timeout on Rex::Proto::SunRPC::Client
2014-11-18 12:17:10 -08:00
jvazquez-r7 694561dd0f Dont shadow methods with local variables, just in case... 2014-11-18 12:17:10 -08:00
Jon Hart bfde6047d5 Introduce a user-controlled timeout for SunRPC stuff 2014-11-18 12:17:10 -08:00
Jon Hart a9f9a8b116 Introduce new ::Rex::Proto::SunRPC::RPCError, making run_host cleaner 2014-11-18 12:17:10 -08:00
Trevor Rosen d04441f638
Merge branch 'landing/4207' into upstream-master
Land #4207

* Ensure that `rake spec` doesn't create too many threads
2014-11-18 09:23:20 -06:00
Luke Imhoff 8249ef62c9
Merge branch 'master' into chore/MSP-11614/remove-msf-db-manager-sink
MSP-11614

Conflicts:
	spec/lib/msf/core/task_manager_spec.rb
2014-11-18 08:54:14 -06:00
jvazquez-r7 7daedac399
Land #3972 @jhart-r7's post gather module for remmina Remmina
* Gather credentials managed with Remmina
2014-11-17 16:44:41 -06:00
Tod Beardsley 286827c6e5
Land #4186, Samsung KNOX exploit. Ty @jvennix-r7! 2014-11-17 13:29:39 -06:00
jvazquez-r7 cc8b37d619 Make directory mandatory 2014-11-17 12:15:33 -06:00
jvazquez-r7 15b7435c34 Make it YARD compliant documentation 2014-11-17 12:03:37 -06:00
Jon Hart cd32f00ebc
Add dir doc 2014-11-17 09:15:08 -08:00
Jon Hart 98db8b5ad9
When not a meterpreter session, split dir/ls output to match meterpreter entries output 2014-11-17 09:10:03 -08:00
Jon Hart 5f1a1f8ed3 Use dir for Windows only, ls for the rest 2014-11-17 09:01:14 -08:00
Jon Hart 6519b0e2cb Add dir and ls to Msf::Post::File 2014-11-17 09:01:14 -08:00
floyd 9243cfdbb7 Minor fixes to ruby style things 2014-11-17 17:12:17 +01:00
floyd 91aa5fa3cf Some simple ruby convention changes that hopefully make ruby people happy 2014-11-17 16:48:52 +01:00
floyd 3c1ce5072c Replaced camel case states with snail_case 2014-11-17 16:37:04 +01:00
Luke Imhoff 024b449b55
Merge branch 'master' into feature/MSP-11605/lazy-thread-creation
MSP-11605
2014-11-17 08:50:33 -06:00
Joe Vennix 2a24151fa8
Remove BAP target, payload is flaky. Add warning. 2014-11-17 02:02:37 -06:00
Joe Vennix 105a28d8fd
Run the tests again. 2014-11-16 23:42:40 -06:00
Joe Vennix a7aeac5df3
Fix APK signing on osx. 2014-11-16 23:29:54 -06:00
Spencer McIntyre 0bf93acf6b Pymeterp http proxy and user agent support 2014-11-16 14:29:20 -05:00
Joe Vennix 7a62b71839
Some URL fixes from @jduck and exploit ideas from Andre Moulu.
The exploit works with the URLs fixed, installs the APK, but hangs at the Installing...
screen and never actually launches. We tried opening the APK in a setTimeout() intent
URI, but the previously launched intent seemed unresponsive. Andre had the bright
idea of re-opening the previously launched intent with invalid args, crashing it and
allow us to launch the payload.
2014-11-15 21:33:16 -06:00
Spencer McIntyre e562883ba9 Escape inserted vars and fix core_loadlib 2014-11-15 15:06:18 -05:00
sinn3r d207345778
Land #4200 - report_note handling incorrect protocol names 2014-11-15 13:16:58 -06:00
Spencer McIntyre 7c14e818f6 Patch pymeterp http settings 2014-11-14 17:12:23 -05:00
William Vu 0477c5f8fe
Land #4191, merge_check_key update for Ruby 2.1.4 2014-11-14 15:33:47 -06:00
Luke Imhoff 43511e648a
Merge branch 'chore/MSP-11614/remove-msf-db-manager-sink' into feature/MSP-11605/lazy-thread-creation
MSP-11605

Conflicts:
	spec/lib/msf/core/task_manager_spec.rb
2014-11-14 11:59:12 -06:00
Luke Imhoff 14fa1dba0b
Merge branch 'master' into feature/MSP-11605/lazy-thread-creation
MSP-11605
2014-11-14 11:58:16 -06:00
Luke Imhoff 5e6400a506
Remove Msf::TaskManager
MSP-11614

`Msf::TaskManager` was only used for `Msf::DBManager#sink`, which was
removed because it was unused, so `Msf::TaskManager` can also be
removed.
2014-11-14 11:15:05 -06:00
Luke Imhoff 55a8f6f339
Remove Msf::DBManager::Sink
MSP-11614

`Msf::DBManager::Sink` contains code for a `sink` that is a meant to
serialize database events, but it's unneeded because all database events
go directly through ActiveRecord, which handles threading.
2014-11-14 10:51:51 -06:00
Spencer McIntyre 6b2387b7fc Prepare for a reverse_http stager 2014-11-14 11:15:22 -05:00
Jon Hart 57aef9a6f5
Land #4177, @hmoore-r7's fix for #4169 2014-11-13 18:29:57 -08:00
Julio Auto 812aa9bc1a Reduce number of calls to to_s and downcase 2014-11-13 14:56:17 -06:00
Julio Auto e72d9bd21f Fix report_note handling incorrect protocol names 2014-11-13 14:30:43 -06:00
Luke Imhoff eb3ff769a9
Msf::Framework#threads?
MSP-11605

`Msf::Framework#threads?` returns whether `Msf::Framework#threads` was
ever initialized.  If `Msf::Framework#threads?` is true, then threads
need to be cleaned up, while if it is false then no threads need to be
cleaned up from the current framework.
2014-11-13 14:21:35 -06:00
Luke Imhoff d9a25005a6
Wrap Msf::Framework#threads in Metasploit::Framework::ThreadFactoryProvider
MSP-11605

`Rex::ThreadFactory.provider` needs to be set in
`Msf::Framework#initialize`, but setting it directly to
`Msf::Framework#threads` eliminates the laziness of
`Msf::Framework#threads`.  In order keep `framework.threads` lazy,
`framework` is wrapped in a
`Metasploit::Framework::ThreadFactoryProvider`, which responds to
`spawn`, which is needed by `Rex::ThreadFactory`, by calling
`framework.threads.spawn`, which lazily initialized `framework.threads`
when the first thread needs to be spawned.
2014-11-13 14:08:26 -06:00
Luke Imhoff 0bc27334c1
Thread-safe lazy Msf::Framework#db
MSP-11605

Switch `Msf:Framework#db` from being set in `#initialize` to a custom
method that uses `||=` to lazily initialize the `Msf::DBManager` inside
a `synchronize` block to make it thread safe.
2014-11-13 13:38:53 -06:00
Luke Imhoff 92adaa816f
Store Msf::Framework#initialize options
MSP-11605

Store options `Hash` passed to `Msf::Framework#new` in `#options` so
that lazily initialized children, such as DBManager, have access to
those options.
2014-11-13 13:23:17 -06:00
Luke Imhoff bc181f0294
Thread-safe lazy Msf::Framework#sessions
MSP-11605

Switch `Msf::Framework#sessions` from being set in `#initialize` to a
custom method that uses `||=` to lazily initialize the
`Msf::SessionManager` inside a `synchronize` block to make it thread
safe.
2014-11-13 13:17:57 -06:00
Trevor Rosen 0959ef3d13
Fixes lack of support for MetasploitV5 tag
#4184

* Appears to have been overlooked somehow in the pre-BlackHat crunch
* V5 will not support credentials
* We are implementing full-workspace zip import/export for credentials
2014-11-13 13:01:55 -06:00
Luke Imhoff 216c3d01de
Thread-safe lazy Msf::Framework#threads
MSP-11605

Switch Msf::Framework#threads to a custom method that uses `||=` to
lazily initialize the `Msf::ThreadManager` inside a `synchronize` block
to make it thread safe.
2014-11-13 11:12:43 -06:00
Luke Imhoff 8fc683d75d
Use MonitorMixing in Msf::Framework
MSP-11605

To get access to `#synchronize` for thread-safe lazy initialization.
2014-11-13 11:11:34 -06:00
sinn3r 846dbc7432 Fix #4163 - Update merge_check_key to keep up with 2.1.4 change
The merge_check_key method (found in Msf::Module::ModuleInfo)) uses
respond_to? to check is our object includes a merge_info_description
method before merging descriptions. The respond_to? method in 2.1.4
by default no longer checks private and protected methods, and this
is breaking our merge_check_key method.

Fix #4163
2014-11-12 13:46:14 -06:00
Luke Imhoff ad4ee3cffd Merge branch 'master' of rapid7.github.com:/rapid7/metasploit-framework 2014-11-12 11:10:48 -06:00
Luke Imhoff 1fd8fe57df
Merge staging/great-backport to master
Conflicts:
	spec/lib/msf/core/module_spec.rb
2014-11-12 11:08:18 -06:00
sinn3r ac4b2bee4d
Land #4181 - Fix nil URIPORT in get_uri (HttpServer) 2014-11-12 10:54:16 -06:00
Jon Hart e658640014
Show uniq error count 2014-11-12 07:38:07 -08:00
Jon Hart b05198c05a
Clean up failure messaging when bad CHOST 2014-11-12 07:32:06 -08:00
William Vu 89a8d27602
Fix port 0 bug in URIPORT 2014-11-11 15:57:41 -06:00
Tod Beardsley 7e05f88399
Reapply PR #4113 (removed via #4175) 2014-11-11 15:06:43 -06:00
HD Moore 6b4eb9a8e2 Differentiate failed binds from connects, closes #4169
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:

1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.

Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
Tod Beardsley 017a44c0ae
Revert errored merge of deea30d
Revert "Merge branch 'master' of https://github.com/farias-r7/metasploit-framework into upstream-master"

This reverts commit deea30ddb4, reversing
changes made to 14514d7b8b.
2014-11-11 14:38:47 -06:00
HD Moore dbd5937dc7 Limit threads to 1 when CPORT is set, closes #4170
This issue also applies to TCP scanner modules.
2014-11-11 13:21:09 -06:00
HD Moore 96ba6da697
Add the UDP scanner template, lands #4113.
There is some additional work to do regarding CHOST/CPORT, but this is not tied to the udp template changes.
2014-11-11 11:59:30 -06:00
jvazquez-r7 0a68171bab
Land #4166, @wchen-r7's fix for undefined method `rank'
* Fixes #4047
* undefined method `rank' due to an invalid encoder name
2014-11-10 15:00:17 -06:00
jvazquez-r7 86ff5f93eb
Land #4158, Fix for null dereference on Exploit::Remote::HttpServer#remove_resource 2014-11-10 14:14:48 -06:00
jvazquez-r7 4e96833408 Check service before using it 2014-11-10 14:14:20 -06:00
jvazquez-r7 1064049729 Revert "Fix buggy calls to stop_service"
This reverts commit 613f5309bb.
2014-11-10 14:05:57 -06:00
sinn3r 0b51741779 Fix #4047 - undefined method `rank' due to an invalid encoder name
Fix #4047 caused by an invalid encoder name. Also added elog() to
avoid shutting everything up in msfvenom
2014-11-10 13:25:53 -06:00
floyd 9d848c8c3b Adding tincd post-auth stack buffer overflow exploit module for several OS
Minor changes to comments

Updated URLs

Added Fedora ROP, cleaned up

Fixing URLs again, typos

Added support for Archlinux (new target)

Added support for OpenSuse (new target)

Tincd is now a separate file, uses the TCP mixin/REX sockets.

Started ARM exploiting

Style changes, improvements according to egyp7's comments

Style changes according to sane rubocop messages

RSA key length other than 256 supported. Different key lengths for client/server supported.

Drop location for binary can be customized

Refactoring: Replaced pop_inbuffer with slice

Refactoring: fail_with is called, renamed method to send_recv to match other protocol classes,
using rand_text_alpha instead of hardcoded \x90,

Fixed fail command usage

Version exploiting ARM with ASLR brute force

Cleaned up version with nicer program flow

More elegant solution for data too large for modulus

Minor changes in comments only (comment about firewalld)

Correct usage of the TCP mixin

Fixes module option so that the path to drop the binary on the server is not validated against the local filesystem

Added comments

Minor edits

Space removal at EOL according to msftidy
2014-11-10 12:03:17 +01:00
Joshua Smith 1844b3956d
Land #4063 allow session lists
Note: the parsing for cmd_sessions  needs to be revamped and DRYd up in
a separate PR.
2014-11-09 22:40:53 -06:00
Julio Auto 613f5309bb Fix buggy calls to stop_service 2014-11-09 02:15:30 -06:00
Joshua Smith 7b25e3be75
Land #4139, Visual Mining NetCharts
landed after some touch up
2014-11-06 22:52:41 -06:00
jvazquez-r7 64fe2dd7d6
Land #4143, @kernelsmith's get_custom_exe fix
* Initializes the exe variable
* Fixes #4131
2014-11-06 14:39:57 -06:00
Joshua Smith b199820d23 init exe as nil instead of '' 2014-11-06 13:31:37 -06:00
jvazquez-r7 6e51d84371
Land #4138, @wchen-r7's reference cheking for module_reference.rb
* Fixes #4039
2014-11-06 10:51:29 -06:00
Tom Sellers 9295d9077e Remove debugging output 2014-11-06 09:27:44 -06:00
Tom Sellers 8bf6a34d6c Fix empty session ID and cleanup
- Fixed handling of empty session IDs for those commands that required them
- Added help text for ranges with examples
2014-11-06 07:18:55 -06:00
Joshua Smith 265c178c52 fixes #4131, EXE::Custom NameError 2014-11-05 22:10:54 -06:00
Matias P. Brutti ddb62c84b3 Removing add_host since it is not necessary :(
- Ups I did not needed this. I can get away with report_host and
report_client.
2014-11-05 18:03:23 -08:00
Matias P. Brutti b5e6465916 Adding db.add_host() and workspace
- Adding add_host() Although Report host exists, this is a
straightforward method to metasploit-credential::creation::add_host()
- Add workspace.id to the responses of db.current_workspace and
db.workspace and  db.get_workspace
2014-11-05 14:23:27 -08:00
jvazquez-r7 c833888c32 Just randomize 2014-11-05 15:53:06 -06:00
jvazquez-r7 7ba705f23a Add some randomized variables to JSP Payloads
Because the JASPER engine with Tomcat has been found
complaining about the out variable.
2014-11-05 12:16:33 -06:00
sinn3r f34ad57199 Check module references 2014-11-05 09:57:13 -06:00
Tom Sellers 2bec646393 rolling back a change 2014-11-05 06:49:06 -06:00
Tom Sellers 8aa6fca760 Minor fixes and status update
Minor tweaks after the PR from @kernelsmith

Remaining items:

1. Handle empty session IDs correctly, for example 'sessions -d' or 'sessions -k'
2. Find a method of explaining the range options in the help text
3. Retest all changed code areas
4. Edit PR Summary to reflect changes to the scope
2014-11-05 06:46:55 -06:00
Joshua Smith 78a4ee686b modernizes & DRYs session/job ranges 2014-11-04 23:33:31 -06:00
Tod Beardsley f8593ca1b5
Land #4109, tnftp savefile exploit from @wvu-r7 2014-11-04 15:44:13 -06:00
agix 333d420c94 Fix refactoring bug from 23 october in util/exe
23 October, {} instead of #{} totally break windows service generation
f19b093529 (diff-0f5729034d8b0b321e738f2fc047854fL578)
2014-11-04 11:59:36 +01:00
Tod Beardsley 0199e4d658
Land #3770, resolve random stager bugs 2014-11-03 14:15:14 -06:00
Tod Beardsley 0b39c2ed85
Land #4084, prep for Ruby 2.1 2014-11-03 13:43:50 -06:00
HD Moore 8aecd5e4a5 Address the two open comments from @jlee-r7 2014-11-03 12:33:11 -06:00
Jon Hart 8f197d4918 Move to build_probe 2014-11-03 08:41:51 -08:00
Jon Hart 05dd3fa4ba rport, not datastore['RPORT'] 2014-11-03 08:26:11 -08:00
Tom Sellers 0b8b0499f3 - Added range support to sessions -c and sessions -s
- Added check for un-detach-able sessions
- Added back the check for session.interactive? when detaching sessions
- Collapse build_jobs_array and build_sessions_array to build_range_array
- Added check for empty or invalid parameters to detach and kill [session | job]
- Reworked session id sanity check around line 1660
- RuboCop/Style guide change: Array.new -> []
- Misc RuboCop/Style guide spacing changes
2014-10-31 15:02:17 -05:00
Jon Hart c921611821 Move default probe and result store to UDPScanner, since most need it 2014-10-31 12:02:21 -07:00
Jon Hart 1f6658639f More sane % printing for aux scanner 2014-10-31 10:25:01 -07:00
Jon Hart f16720bb55 Trailing , 2014-10-31 09:39:34 -07:00
Jon Hart f66c43475b More sane % printing for aux scanner 2014-10-31 09:39:21 -07:00
Jon Hart 77cd6dbc8b Usability improvements to UDPScanner
* Add RPORT as a regular option, define rport
* Add CPORT as an advanced option, define cport
* Change CHOST to an advanced option
* Use a more sane THREADS value since hosts are scanned in batches
2014-10-31 09:20:14 -07:00
HD Moore 9b61ae5f63 This is halloween.
THISISHALLOWEEN=1 ./msfconsole
2014-10-30 23:35:12 -05:00
William Vu e3ed7905f1
Add tnftp_savefile exploit
Also add URI{HOST,PORT} and {,v}print_good to HttpServer.
2014-10-30 20:38:16 -05:00
James Lee 667f1ca876
Move readline choice into a method 2014-10-29 22:33:23 -05:00
James Lee 7b77bbedaa
Better explanations 2014-10-29 22:32:56 -05:00
James Lee 867329d4b3 Fix readline by mucking with load path 2014-10-29 22:14:49 -05:00
Meatballs 4f61710c9a
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2 2014-10-28 20:26:44 +00:00
Joe Vennix c6bbc5bccf
Merge branch 'landing-4055' into upstream-master 2014-10-28 11:18:20 -05:00