ffb319d703
Add documentation for Msf::Kerberos::Client::AsRequest
2014-12-20 18:57:49 -06:00
8929cbd6b3
Fix typo
2014-12-20 18:29:50 -06:00
e35218b6f1
Add documentation for Msf::Kerberos::Client::CacheCredential
2014-12-20 18:28:36 -06:00
ca75b4b74a
Add documentation for Msf::Client::Kerberos::Pac
2014-12-20 01:36:54 -06:00
cf13dc8d53
Do build_ap_req
2014-12-20 01:25:20 -06:00
422d3ce9b5
Take more care of options on build_tgs_request
2014-12-20 01:13:56 -06:00
ad8bbf4477
Rescue rescue Rex::TimeoutError so the iteration can keep going
2014-12-20 01:12:30 -06:00
a8e3ee033c
Fix #4431 - Support arbitrary session response timeout
...
Fix #4431
2014-12-20 00:25:02 -06:00
cd16e11b22
Make checksum from a method
2014-12-19 20:08:15 -06:00
b0ac68fbc3
Create build_subkey method
2014-12-19 19:46:57 -06:00
4a106089b9
Move options to build_tgs_request_body
2014-12-19 19:12:17 -06:00
e6781fcbea
Build AuthorizationData from the module
2014-12-19 18:59:39 -06:00
9bd454d288
Build PAC extensions from the module
2014-12-19 18:47:41 -06:00
04ef087434
Delete Microsoft namespace from the mixin
2014-12-19 18:41:27 -06:00
b78765e584
Create PAC mixin component
2014-12-19 18:36:02 -06:00
f332860c19
Clean creation of client and server principal names
2014-12-19 18:16:22 -06:00
bd85723a9d
Build pre auth array out of the mixin
2014-12-19 18:10:14 -06:00
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
9cfc52b5af
Extract build_as_request_body
2014-12-19 17:00:39 -06:00
fcb801c729
Add Timeout datastore option
2014-12-19 16:53:12 -06:00
d058bd5259
Refact extraction of kerberos cache credentials
2014-12-19 15:53:24 -06:00
f4037b1003
Clean Kerberos Rex client code
2014-12-19 11:08:48 -06:00
f325d2f60e
Add support for cache credentials in the mixin
2014-12-18 16:31:46 -06:00
723998e1d4
Land #4425 , jobs tab completion NilClass fix
2014-12-18 15:25:57 -06:00
400bd9a094
Fix jobs NilClass tab complete bug
2014-12-18 15:43:04 -05:00
80cd04d76a
Land #4332 , test optimization for Cucumber
...
* Make Cuke run faster on TravisCI
2014-12-18 09:34:55 -06:00
f3f6a64f02
Add some AS response methods to a mixin
2014-12-17 19:50:42 -06:00
8e570cc19b
Initial support to send TGS-REQ
2014-12-17 18:55:30 -06:00
549f3c69ff
Dont crash when tab complete threads command with typos
2014-12-17 19:36:04 -05:00
698ca2639b
Do not delete files that do not exist in rm_f
2014-12-17 09:18:06 -05:00
662160ef61
Refactor mixin
2014-12-16 23:48:53 -06:00
594b9bcfc2
Add support for AuthorizationData
2014-12-16 23:21:13 -06:00
9de4137aa7
Patch UA/Proxy settings during migration, lands #3632
2014-12-16 22:21:48 -06:00
370f6003e3
Refactors metsrv patching in reverse_hop_htt.rb
2014-12-17 11:57:17 -05:00
1930eb1bf8
Refactors metsrv patching in reverse_http.rb
2014-12-17 10:04:43 -05:00
a93cbac7bf
Support ticket encoding
2014-12-16 16:04:13 -06:00
c2bc79c53c
Resolves #4275 - Configurable variable name as an option
...
Resolves #4275
2014-12-15 23:59:34 -06:00
c24fdb81b5
Land #4389 , Meatballs1's fix for enum_ad_* post module regressions
...
Fixes #4387 by adjusting for the new return type from ADSI queries.
2014-12-15 10:45:12 -06:00
0abf5d147e
Add some documentation
2014-12-14 00:51:44 -06:00
e2617c7095
Return the workspace id in responses, lands #4142
2014-12-13 18:04:58 -06:00
6ea5ed1a82
Shrinks windows payloads, lands #4391
2014-12-13 17:41:50 -06:00
f67a32ef9c
Add missing commits from #3770 , lands #4393
2014-12-13 17:36:26 -06:00
5d18de2ebf
Fix legacy railgun LDAP implementation
2014-12-13 18:26:26 +00:00
92490ab5e8
Singles updated from the source
2014-12-13 12:22:07 -06:00
4681416a0f
Update block_api with @schierlm's changes
2014-12-13 12:06:38 -06:00
bde8c380c2
Make mixin run
2014-12-13 02:46:00 -06:00
f676b72767
Add Kademlia scanner, lands #4210
2014-12-12 16:40:58 -06:00
9545b6e4d6
Land #4343 , os_flavor reduction
2014-12-12 14:49:15 -06:00
177cade6a5
Merge branch 'land-4274-ssl' into temp
2014-12-12 13:25:54 -06:00
985245e8a1
Document method
...
Fix #4366 (support dynamic_base templates)
2014-12-12 01:22:32 -06:00
78eb3325bc
Add initial Rex Client and mixin
2014-12-12 01:20:14 -06:00
b8e58d0f04
Support 32 and 64-bit for exe-only, and fix -k
2014-12-12 01:13:09 -06:00
d311059e75
Fix DYNAMIC_BASE templates
2014-12-11 20:44:03 -06:00
0c1d02c940
Fix event handlers on ruby 2
...
Fixes #4219
2014-12-11 20:08:45 -06:00
0eea9a02a1
Land #3144 , psexec refactoring
2014-12-10 17:30:39 -06:00
9202c4f2a1
No mercy for os_flavor
2014-12-10 11:46:21 -06:00
d74a8f6c41
Include the datastore options for the encoder too
2014-12-09 16:32:41 -05:00
a584a5982f
Clarify about how BES uses os_flavor
...
We don't. We don't use os_flavor anymore because it is no longer
implemented. We get the information from os_name instead.
2014-12-09 12:21:59 -06:00
42710cc32e
Error messages for the python meterpreter
2014-12-09 11:03:57 -06:00
8c0610cb7a
Merge branch 'master' into feature/MSP-11671/test-optimization
...
MSP-11671
Conflicts:
.travis.yml
2014-12-08 08:46:22 -06:00
19effa7eb9
Fix feedback's review
2014-12-06 21:47:55 -06:00
21742b6469
Test #3729
2014-12-06 21:20:52 -06:00
da92e4705c
Land #4319 , @wchen-r7's fix for #4307
2014-12-05 12:08:39 -08:00
0431720a07
Land #4294 , msfconsole speedups on module load
...
Related to #4257 and #4195 vaguely, and possibly even #4147 .
2014-12-05 13:45:11 -06:00
abf199f924
Remove junk code
2014-12-05 11:01:34 -06:00
cfc1acfcae
Fix #4307 - Check action for nil
...
Auxiiary modules already do this, but looks like we forgot to do the
same for post modules.
I also changed the error to allow "reason" in order to be more
informative about what the user should do.
Fix #4307
2014-12-04 17:07:59 -06:00
743e9fca9d
Correctly set default SECRET
2014-12-04 14:06:22 -08:00
1e423f415e
Add missing opt ,
2014-12-04 14:05:17 -08:00
7f425fc3ab
Configurable fix for #4305
...
Rename UDP_SECRET to just SECRET, as it is used for more than just UDP
Rename and properly document GATEWAY option
Introduce an option to configure what UDP port will be probed
2014-12-04 13:17:34 -08:00
186d8bd359
Fix starts_with?
2014-12-04 20:16:56 +00:00
f22d7191cd
Test fix for #4305
2014-12-04 10:59:57 -08:00
d8b1401545
Test fix for #4306
2014-12-03 19:54:31 -08:00
8f2e444aca
Land #4281 , ::Queue workarounds for 2.1.x
...
Conflicts:
lib/msf/core/handler/reverse_tcp.rb
2014-12-03 15:48:20 -06:00
f6f0050f56
Fix #3886 - Backtrace for #check when session is invalid
...
If the user supplies an invalid session (as in not on the session
list), it will cause a backtrace, because the setup method from
Msf::PostMixin isn't actually called.
We have thought about implementing this in a new OptSession instead.
But you can't use or even pass framework to option_container.rb, so
this is NOT possible.
The original PR was #3956 .
2014-12-02 17:22:46 -06:00
fb439258b9
Land #4298 , arbitrary Ruby extension for replicant
...
MSP-11673
* Adds Msf::Module#register_extensions
* Extensions are arbitrary Ruby modules
* Allows overriding of psuedo callbacks
2014-12-02 14:59:37 -06:00
f696a5ab0e
msfconsole --defer-module-loads
...
MSP-11671
Add command line option --defer-module-loads to msfconsole. It will
stop `Msf::Ui::Console::Driver` from calling
`framework.modules.init_module_paths` AND
`framework.modules.refresh_cache_from_database`. This flag is only
meant to speed up msfconsole boot when modules do not need to accessed,
such as during cucumber testing of command help or command line options.
2014-12-02 14:41:32 -06:00
2a033861dc
Just use constants directly
...
MSP-11673
2014-12-02 13:12:53 -06:00
784e138b14
Extend replicants via arbitrary Ruby code
...
MSP-11673
* Implements a #register_extensions method on Msf::Module
* Any registered Ruby modules will extend the cloned module returned by #replicant
2014-12-02 12:18:30 -06:00
35ff82c9d8
Merge branch 'bug/MSP-11672/double-init-module-paths' into feature/MSP-11671/msfconsole-defer-module-loads
...
MSP-11671
2014-12-02 11:57:47 -06:00
fc96d011ab
Python reverse_http stager, lands #4225
2014-12-02 11:47:31 -06:00
9272fe90ae
Merge branch 'master' into bug/MSP-11672/double-init-module-paths
...
MSP-11672
2014-12-02 11:23:51 -06:00
90c6764426
init_module_paths once in msfconsole
...
MSP-11672
Pass `'DeferModuleLoads' => false` to `Msf::Simple::Framework.create` so
that `framework.modules.init_module_paths` is only called once (directly
in `Msf::Ui::Console::Driver#initialize`) instead of twice (in
`Msf::Simple::Framework.create` and `Msf::Ui::Console::Driver#initialize).
2014-12-02 10:28:23 -06:00
653c71e029
Fail if init_module_paths called more than once
...
MSP-11672
Calling init_module_paths takes 6 seconds on my machine even when there are no
files to that are changed just because it takes that long to walk the
directories and gather the mtime for each file. Therefore, calling it
more than once should be avoided. Also, there is no reason to call it
twice as to add paths later, `modules.add_module_paths` should be used.
2014-12-02 10:17:09 -06:00
bd3d63a155
Land #4270 , Msf::Author cleanup and improvements
2014-12-02 01:26:42 -06:00
7e2b197f02
Document Msf::Simple::Framework.create
...
MSP-11671
2014-12-01 15:38:48 -06:00
57cabb4f10
Document Msf::Simple::Framework.simplify
...
MSP-11671
2014-12-01 15:36:38 -06:00
394d132d33
Land #2756 , tincd post-auth BOF exploit
2014-12-01 12:13:37 -06:00
c681654c10
Land #4252 - Rework meterpreter SSL & pass datastore to handle_connection()
2014-11-30 20:15:53 -06:00
f139795663
Rework queue handling and error reporting, close #4249
2014-11-28 14:56:02 -06:00
2bd7a67413
Restructure parts of Author, fix some doc bugs.
2014-11-26 13:54:23 -06:00
a34e721353
Check for load errors in reload_all
2014-11-25 13:13:40 -06:00
0ed356f71c
Move Kademlia stuff to a more OO model, etc, per reviews
...
All of the work is done in rex. The msf mixin just prevents the
desire to call rex directly from the module
2014-11-24 14:03:43 -08:00
4dc1183ff5
Protecting it once seems like enough (typo)
2014-11-22 17:42:07 -06:00
673e21cfaf
Rework meterpreter SSL & pass datastore to handle_connection()
...
This allows HandlerSSLCert to be used to pass a SSL certificate into the Meterpreter handler. The datastore has to be passed into handle_connection() for this to work, as SSL needs to be initialized on Session.new. This still doesn't pass the datastore into Meterpreter directly, but allows the Session::Meterpreter code to extract and pass down the :ssl_cert option if it was specified. This also fixes SSL certificate caching by expiring the cached cert from the class variables if the configuration has changed. A final change is to create a new SSL SessionID for each connection versus reusing the SSL context, which is incorrect and may lead to problems in the future (if not already).
2014-11-22 15:35:00 -06:00
823b4e259a
Make it clear SSLVersion is not advertised since it isn't used
2014-11-22 14:25:09 -06:00
842a7a38d8
Change SSLCert to HandlerSSLCert to avoid conflicts with modules
2014-11-22 14:23:56 -06:00
9ed8c59459
Bring options over from reverse_tcp (bind address, etc).
...
Also includes the SSLCert => HandlerSSLCert change
2014-11-22 14:22:54 -06:00
e255db9429
Partial commit
2014-11-20 13:49:36 -08:00
5d2c02f402
Initial commit of more OO version of Rex/Aux Kademlia support
2014-11-20 13:28:01 -08:00
2f92a83092
Change to example.com as the default domain
2014-11-20 14:53:36 -06:00
7004c501f8
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2
...
Conflicts:
modules/exploits/windows/smb/psexec.rb
2014-11-19 14:40:50 +00:00
dff6af0747
Restore timeout
2014-11-18 12:17:10 -08:00
4844447d17
Use 20 seconds as default timeout
...
* Because it's the default timeout on Rex::Proto::SunRPC::Client
2014-11-18 12:17:10 -08:00
694561dd0f
Dont shadow methods with local variables, just in case...
2014-11-18 12:17:10 -08:00
bfde6047d5
Introduce a user-controlled timeout for SunRPC stuff
2014-11-18 12:17:10 -08:00
a9f9a8b116
Introduce new ::Rex::Proto::SunRPC::RPCError, making run_host cleaner
2014-11-18 12:17:10 -08:00
d04441f638
Merge branch 'landing/4207' into upstream-master
...
Land #4207
* Ensure that `rake spec` doesn't create too many threads
2014-11-18 09:23:20 -06:00
8249ef62c9
Merge branch 'master' into chore/MSP-11614/remove-msf-db-manager-sink
...
MSP-11614
Conflicts:
spec/lib/msf/core/task_manager_spec.rb
2014-11-18 08:54:14 -06:00
7daedac399
Land #3972 @jhart-r7's post gather module for remmina Remmina
...
* Gather credentials managed with Remmina
2014-11-17 16:44:41 -06:00
286827c6e5
Land #4186 , Samsung KNOX exploit. Ty @jvennix-r7!
2014-11-17 13:29:39 -06:00
cc8b37d619
Make directory mandatory
2014-11-17 12:15:33 -06:00
15b7435c34
Make it YARD compliant documentation
2014-11-17 12:03:37 -06:00
cd32f00ebc
Add dir doc
2014-11-17 09:15:08 -08:00
98db8b5ad9
When not a meterpreter session, split dir/ls output to match meterpreter entries output
2014-11-17 09:10:03 -08:00
5f1a1f8ed3
Use dir for Windows only, ls for the rest
2014-11-17 09:01:14 -08:00
6519b0e2cb
Add dir and ls to Msf::Post::File
2014-11-17 09:01:14 -08:00
9243cfdbb7
Minor fixes to ruby style things
2014-11-17 17:12:17 +01:00
91aa5fa3cf
Some simple ruby convention changes that hopefully make ruby people happy
2014-11-17 16:48:52 +01:00
3c1ce5072c
Replaced camel case states with snail_case
2014-11-17 16:37:04 +01:00
024b449b55
Merge branch 'master' into feature/MSP-11605/lazy-thread-creation
...
MSP-11605
2014-11-17 08:50:33 -06:00
2a24151fa8
Remove BAP target, payload is flaky. Add warning.
2014-11-17 02:02:37 -06:00
105a28d8fd
Run the tests again.
2014-11-16 23:42:40 -06:00
a7aeac5df3
Fix APK signing on osx.
2014-11-16 23:29:54 -06:00
0bf93acf6b
Pymeterp http proxy and user agent support
2014-11-16 14:29:20 -05:00
7a62b71839
Some URL fixes from @jduck and exploit ideas from Andre Moulu.
...
The exploit works with the URLs fixed, installs the APK, but hangs at the Installing...
screen and never actually launches. We tried opening the APK in a setTimeout() intent
URI, but the previously launched intent seemed unresponsive. Andre had the bright
idea of re-opening the previously launched intent with invalid args, crashing it and
allow us to launch the payload.
2014-11-15 21:33:16 -06:00
e562883ba9
Escape inserted vars and fix core_loadlib
2014-11-15 15:06:18 -05:00
d207345778
Land #4200 - report_note handling incorrect protocol names
2014-11-15 13:16:58 -06:00
7c14e818f6
Patch pymeterp http settings
2014-11-14 17:12:23 -05:00
0477c5f8fe
Land #4191 , merge_check_key update for Ruby 2.1.4
2014-11-14 15:33:47 -06:00
43511e648a
Merge branch 'chore/MSP-11614/remove-msf-db-manager-sink' into feature/MSP-11605/lazy-thread-creation
...
MSP-11605
Conflicts:
spec/lib/msf/core/task_manager_spec.rb
2014-11-14 11:59:12 -06:00
14fa1dba0b
Merge branch 'master' into feature/MSP-11605/lazy-thread-creation
...
MSP-11605
2014-11-14 11:58:16 -06:00
5e6400a506
Remove Msf::TaskManager
...
MSP-11614
`Msf::TaskManager` was only used for `Msf::DBManager#sink`, which was
removed because it was unused, so `Msf::TaskManager` can also be
removed.
2014-11-14 11:15:05 -06:00
55a8f6f339
Remove Msf::DBManager::Sink
...
MSP-11614
`Msf::DBManager::Sink` contains code for a `sink` that is a meant to
serialize database events, but it's unneeded because all database events
go directly through ActiveRecord, which handles threading.
2014-11-14 10:51:51 -06:00
6b2387b7fc
Prepare for a reverse_http stager
2014-11-14 11:15:22 -05:00
57aef9a6f5
Land #4177 , @hmoore-r7's fix for #4169
2014-11-13 18:29:57 -08:00
812aa9bc1a
Reduce number of calls to to_s and downcase
2014-11-13 14:56:17 -06:00
e72d9bd21f
Fix report_note handling incorrect protocol names
2014-11-13 14:30:43 -06:00
eb3ff769a9
Msf::Framework#threads?
...
MSP-11605
`Msf::Framework#threads?` returns whether `Msf::Framework#threads` was
ever initialized. If `Msf::Framework#threads?` is true, then threads
need to be cleaned up, while if it is false then no threads need to be
cleaned up from the current framework.
2014-11-13 14:21:35 -06:00
d9a25005a6
Wrap Msf::Framework#threads in Metasploit::Framework::ThreadFactoryProvider
...
MSP-11605
`Rex::ThreadFactory.provider` needs to be set in
`Msf::Framework#initialize`, but setting it directly to
`Msf::Framework#threads` eliminates the laziness of
`Msf::Framework#threads`. In order keep `framework.threads` lazy,
`framework` is wrapped in a
`Metasploit::Framework::ThreadFactoryProvider`, which responds to
`spawn`, which is needed by `Rex::ThreadFactory`, by calling
`framework.threads.spawn`, which lazily initialized `framework.threads`
when the first thread needs to be spawned.
2014-11-13 14:08:26 -06:00
0bc27334c1
Thread-safe lazy Msf::Framework#db
...
MSP-11605
Switch `Msf:Framework#db` from being set in `#initialize` to a custom
method that uses `||=` to lazily initialize the `Msf::DBManager` inside
a `synchronize` block to make it thread safe.
2014-11-13 13:38:53 -06:00
92adaa816f
Store Msf::Framework#initialize options
...
MSP-11605
Store options `Hash` passed to `Msf::Framework#new` in `#options` so
that lazily initialized children, such as DBManager, have access to
those options.
2014-11-13 13:23:17 -06:00
bc181f0294
Thread-safe lazy Msf::Framework#sessions
...
MSP-11605
Switch `Msf::Framework#sessions` from being set in `#initialize` to a
custom method that uses `||=` to lazily initialize the
`Msf::SessionManager` inside a `synchronize` block to make it thread
safe.
2014-11-13 13:17:57 -06:00
0959ef3d13
Fixes lack of support for MetasploitV5 tag
...
#4184
* Appears to have been overlooked somehow in the pre-BlackHat crunch
* V5 will not support credentials
* We are implementing full-workspace zip import/export for credentials
2014-11-13 13:01:55 -06:00
216c3d01de
Thread-safe lazy Msf::Framework#threads
...
MSP-11605
Switch Msf::Framework#threads to a custom method that uses `||=` to
lazily initialize the `Msf::ThreadManager` inside a `synchronize` block
to make it thread safe.
2014-11-13 11:12:43 -06:00
8fc683d75d
Use MonitorMixing in Msf::Framework
...
MSP-11605
To get access to `#synchronize` for thread-safe lazy initialization.
2014-11-13 11:11:34 -06:00
846dbc7432
Fix #4163 - Update merge_check_key to keep up with 2.1.4 change
...
The merge_check_key method (found in Msf::Module::ModuleInfo)) uses
respond_to? to check is our object includes a merge_info_description
method before merging descriptions. The respond_to? method in 2.1.4
by default no longer checks private and protected methods, and this
is breaking our merge_check_key method.
Fix #4163
2014-11-12 13:46:14 -06:00
ad4ee3cffd
Merge branch 'master' of rapid7.github.com:/rapid7/metasploit-framework
2014-11-12 11:10:48 -06:00
1fd8fe57df
Merge staging/great-backport to master
...
Conflicts:
spec/lib/msf/core/module_spec.rb
2014-11-12 11:08:18 -06:00
ac4b2bee4d
Land #4181 - Fix nil URIPORT in get_uri (HttpServer)
2014-11-12 10:54:16 -06:00
e658640014
Show uniq error count
2014-11-12 07:38:07 -08:00
b05198c05a
Clean up failure messaging when bad CHOST
2014-11-12 07:32:06 -08:00
89a8d27602
Fix port 0 bug in URIPORT
2014-11-11 15:57:41 -06:00
7e05f88399
Reapply PR #4113 (removed via #4175 )
2014-11-11 15:06:43 -06:00
6b4eb9a8e2
Differentiate failed binds from connects, closes #4169
...
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:
1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.
Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
017a44c0ae
Revert errored merge of deea30d
...
Revert "Merge branch 'master' of https://github.com/farias-r7/metasploit-framework into upstream-master"
This reverts commit deea30ddb414514d7b8b
2014-11-11 14:38:47 -06:00
dbd5937dc7
Limit threads to 1 when CPORT is set, closes #4170
...
This issue also applies to TCP scanner modules.
2014-11-11 13:21:09 -06:00
96ba6da697
Add the UDP scanner template, lands #4113 .
...
There is some additional work to do regarding CHOST/CPORT, but this is not tied to the udp template changes.
2014-11-11 11:59:30 -06:00
0a68171bab
Land #4166 , @wchen-r7's fix for undefined method `rank'
...
* Fixes #4047
* undefined method `rank' due to an invalid encoder name
2014-11-10 15:00:17 -06:00
86ff5f93eb
Land #4158 , Fix for null dereference on Exploit::Remote::HttpServer#remove_resource
2014-11-10 14:14:48 -06:00
4e96833408
Check service before using it
2014-11-10 14:14:20 -06:00
1064049729
Revert "Fix buggy calls to stop_service"
...
This reverts commit 613f5309bb
2014-11-10 14:05:57 -06:00
0b51741779
Fix #4047 - undefined method `rank' due to an invalid encoder name
...
Fix #4047 caused by an invalid encoder name. Also added elog() to
avoid shutting everything up in msfvenom
2014-11-10 13:25:53 -06:00
9d848c8c3b
Adding tincd post-auth stack buffer overflow exploit module for several OS
...
Minor changes to comments
Updated URLs
Added Fedora ROP, cleaned up
Fixing URLs again, typos
Added support for Archlinux (new target)
Added support for OpenSuse (new target)
Tincd is now a separate file, uses the TCP mixin/REX sockets.
Started ARM exploiting
Style changes, improvements according to egyp7's comments
Style changes according to sane rubocop messages
RSA key length other than 256 supported. Different key lengths for client/server supported.
Drop location for binary can be customized
Refactoring: Replaced pop_inbuffer with slice
Refactoring: fail_with is called, renamed method to send_recv to match other protocol classes,
using rand_text_alpha instead of hardcoded \x90,
Fixed fail command usage
Version exploiting ARM with ASLR brute force
Cleaned up version with nicer program flow
More elegant solution for data too large for modulus
Minor changes in comments only (comment about firewalld)
Correct usage of the TCP mixin
Fixes module option so that the path to drop the binary on the server is not validated against the local filesystem
Added comments
Minor edits
Space removal at EOL according to msftidy
2014-11-10 12:03:17 +01:00
1844b3956d
Land #4063 allow session lists
...
Note: the parsing for cmd_sessions needs to be revamped and DRYd up in
a separate PR.
2014-11-09 22:40:53 -06:00
613f5309bb
Fix buggy calls to stop_service
2014-11-09 02:15:30 -06:00
7b25e3be75
Land #4139 , Visual Mining NetCharts
...
landed after some touch up
2014-11-06 22:52:41 -06:00
64fe2dd7d6
Land #4143 , @kernelsmith's get_custom_exe fix
...
* Initializes the exe variable
* Fixes #4131
2014-11-06 14:39:57 -06:00
b199820d23
init exe as nil instead of ''
2014-11-06 13:31:37 -06:00
6e51d84371
Land #4138 , @wchen-r7's reference cheking for module_reference.rb
...
* Fixes #4039
2014-11-06 10:51:29 -06:00
9295d9077e
Remove debugging output
2014-11-06 09:27:44 -06:00
8bf6a34d6c
Fix empty session ID and cleanup
...
- Fixed handling of empty session IDs for those commands that required them
- Added help text for ranges with examples
2014-11-06 07:18:55 -06:00
265c178c52
fixes #4131 , EXE::Custom NameError
2014-11-05 22:10:54 -06:00
ddb62c84b3
Removing add_host since it is not necessary :(
...
- Ups I did not needed this. I can get away with report_host and
report_client.
2014-11-05 18:03:23 -08:00
b5e6465916
Adding db.add_host() and workspace
...
- Adding add_host() Although Report host exists, this is a
straightforward method to metasploit-credential::creation::add_host()
- Add workspace.id to the responses of db.current_workspace and
db.workspace and db.get_workspace
2014-11-05 14:23:27 -08:00
c833888c32
Just randomize
2014-11-05 15:53:06 -06:00
7ba705f23a
Add some randomized variables to JSP Payloads
...
Because the JASPER engine with Tomcat has been found
complaining about the out variable.
2014-11-05 12:16:33 -06:00
f34ad57199
Check module references
2014-11-05 09:57:13 -06:00
2bec646393
rolling back a change
2014-11-05 06:49:06 -06:00
8aa6fca760
Minor fixes and status update
...
Minor tweaks after the PR from @kernelsmith
Remaining items:
1. Handle empty session IDs correctly, for example 'sessions -d' or 'sessions -k'
2. Find a method of explaining the range options in the help text
3. Retest all changed code areas
4. Edit PR Summary to reflect changes to the scope
2014-11-05 06:46:55 -06:00
78a4ee686b
modernizes & DRYs session/job ranges
2014-11-04 23:33:31 -06:00
f8593ca1b5
Land #4109 , tnftp savefile exploit from @wvu-r7
2014-11-04 15:44:13 -06:00
333d420c94
Fix refactoring bug from 23 october in util/exe
...
23 October, {} instead of #{} totally break windows service generation
f19b093529 (diff-0f5729034d8b0b321e738f2fc047854fL578)
2014-11-04 11:59:36 +01:00
0199e4d658
Land #3770 , resolve random stager bugs
2014-11-03 14:15:14 -06:00
0b39c2ed85
Land #4084 , prep for Ruby 2.1
2014-11-03 13:43:50 -06:00
8aecd5e4a5
Address the two open comments from @jlee-r7
2014-11-03 12:33:11 -06:00
8f197d4918
Move to build_probe
2014-11-03 08:41:51 -08:00
05dd3fa4ba
rport, not datastore['RPORT']
2014-11-03 08:26:11 -08:00
0b8b0499f3
- Added range support to sessions -c and sessions -s
...
- Added check for un-detach-able sessions
- Added back the check for session.interactive? when detaching sessions
- Collapse build_jobs_array and build_sessions_array to build_range_array
- Added check for empty or invalid parameters to detach and kill [session | job]
- Reworked session id sanity check around line 1660
- RuboCop/Style guide change: Array.new -> []
- Misc RuboCop/Style guide spacing changes
2014-10-31 15:02:17 -05:00
c921611821
Move default probe and result store to UDPScanner, since most need it
2014-10-31 12:02:21 -07:00
1f6658639f
More sane % printing for aux scanner
2014-10-31 10:25:01 -07:00
f16720bb55
Trailing ,
2014-10-31 09:39:34 -07:00
f66c43475b
More sane % printing for aux scanner
2014-10-31 09:39:21 -07:00
77cd6dbc8b
Usability improvements to UDPScanner
...
* Add RPORT as a regular option, define rport
* Add CPORT as an advanced option, define cport
* Change CHOST to an advanced option
* Use a more sane THREADS value since hosts are scanned in batches
2014-10-31 09:20:14 -07:00
9b61ae5f63
This is halloween.
...
THISISHALLOWEEN=1 ./msfconsole
2014-10-30 23:35:12 -05:00
e3ed7905f1
Add tnftp_savefile exploit
...
Also add URI{HOST,PORT} and {,v}print_good to HttpServer.
2014-10-30 20:38:16 -05:00
667f1ca876
Move readline choice into a method
2014-10-29 22:33:23 -05:00
7b77bbedaa
Better explanations
2014-10-29 22:32:56 -05:00
867329d4b3
Fix readline by mucking with load path
2014-10-29 22:14:49 -05:00
4f61710c9a
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2
2014-10-28 20:26:44 +00:00
c6bbc5bccf
Merge branch 'landing-4055' into upstream-master
2014-10-28 11:18:20 -05:00
4251ad199e
Change killing back to stopping
...
Got a little excited with the copypasta, I guess.
2014-10-28 05:49:30 -05:00
5547890002
Add support for sessions -d ranges
2014-10-28 03:07:46 -05:00
36c85b7150
Add support for jobs -k ranges
2014-10-28 03:01:53 -05:00
d8cf45ef67
Allow FTP server exploits pick a PASV port
...
This makes it somewhat easier to use FTP server exploit modules in
somewhat more restrictive networks, where you might only have a few
inbound ports to choose from.
2014-10-27 22:21:54 -05:00
7d34452448
TCP and TCPServer should use TLS1 by default
2014-10-27 15:55:50 -05:00
1508be6254
Fix whitespace in lib/msf/ui/banner.rb for #4073
2014-10-27 14:49:44 -05:00
7f66d18cfd
Clean up whitespace a bit
2014-10-27 14:49:27 -05:00
626cd55b5e
Land #4073 , improved banner selection
2014-10-27 14:20:10 -05:00
aba25cb28c
Make RPC creds work again
2014-10-26 15:50:40 -05:00
13b6f1cf48
Syntax changes
2014-10-25 09:39:15 -05:00
c1a61e3b4e
Support an MSFLOGO env var and logo enumeration
2014-10-24 13:07:28 -04:00
a9e52437f0
fixes inverted EICAR corruption logic
2014-10-24 10:27:13 -05:00
82f41d56a6
Add [user_]logos_directory to Msf::Config
2014-10-24 10:52:05 -04:00
3b8067e9a2
fixes refactor error in msf/util/exe
2014-10-23 22:15:19 -05:00
34f29f218c
really resolve merge conflicts
2014-10-23 21:51:33 -05:00
bf63d85e5c
fixes merge conflicts msfpayload & exe
2014-10-23 21:43:46 -05:00
7cb4320a76
Land #3561 - unix cmd generic_sh encoder
2014-10-23 15:48:00 -05:00
2a6a8245cf
Allow killing multiple specific sessions
2014-10-23 05:56:26 -05:00
f19b093529
cleans & DRYs exploit/exe & util/exe & msfpayload
2014-10-23 01:10:38 -05:00
7f7f257426
fix session.shell_upgrade after #3401
2014-10-22 21:22:10 +01:00
22fc6496ac
Merge branch 'pr/3401' into landing-3401
2014-10-22 19:23:01 +01:00
79d393c5aa
Resolve merge conflicts
...
Conflicts:
lib/msf/core/exploit/smb.rb
lib/msf/core/exploit/tcp.rb
modules/auxiliary/scanner/http/axis_login.rb
2014-10-21 13:06:35 -05:00
9dfbbbde7d
Add missing require
...
MSP-11145
2014-10-21 09:39:31 -05:00
85f48a3fb2
Land #3738 , SMBServer file descriptor updates
2014-10-20 12:40:43 -05:00
935a23296d
Updates to NAT-PMP, lands #4041
2014-10-20 11:26:26 -05:00
ce40c1152a
Land #4014 , msfconsole spinnerz
2014-10-17 16:25:31 -05:00
080ea3e56a
Merge branch 'staging/great-backport' into feature/MSP-11126/msf-module-reorg
...
MSP-11126
2014-10-17 14:28:13 -05:00
06fbbf7001
Fully-qualified Msf::NormalRanking in Msf::Module::Ranking
...
MSP-11126
Needed due to loss of `Msf` lexical scope.
2014-10-17 13:58:57 -05:00
43354774e1
Fully qualified Msf::RankingName in Msf::Module::Ranking
...
MSP-11126
To compensate for loss of `Msf` lexical scope.
2014-10-17 13:43:51 -05:00
ae45c1b9d3
Msf::Module::Rank -> Msf::Module::Ranking
...
MSP-11126
So that mixin module won't appear as Rank constant that Msf::Module
subclasses are supposed to define.
2014-10-17 13:39:53 -05:00
a431bff13f
@wvu-r7 is a skilled negotiator. s/stdout/stderr/
2014-10-17 13:13:44 -05:00
a6a2886faa
Fully-qualify Msf::OptionContainer references
...
MSP-11126
2014-10-17 13:09:27 -05:00
112b5988f2
Add missing autoload to fix loading on travis-ci
...
MSP-11126
`Msf::Module::Failure` fails to load on travis-ci probably due to a load
order difference, so add `:Failure` to autoloads in `Msf::Module`.
2014-10-17 13:05:59 -05:00
0c00c7cc50
Fully-qualifiy Msf::MODULE_TYPES constants
...
MSP-11126
Fully-qualify `Msf::MODULE_TYPES`, `Msf::MODULE_ANY`,
Msf::MODULE_ENCODER`, `Msf::MODULE_EXPLOIT`, `Msf::MODULE_NOP`,
`Msf::MODULE_AUX`, `Msf::MODULE_PAYLOAD`, `Msf::MODULE_POST` so that
their usage isn't dependent on nested lexical scoping.
2014-10-17 12:43:40 -05:00
200d64040d
Fully-qualify Msf::ServiceState
...
MSP-11152
Replace unqualified `ServiceState` with `Msf::ServiceState`.
2014-10-17 11:58:11 -05:00
172afd180a
Extract Msf::Module::Privileged
...
MSP-11126
2014-10-17 11:45:03 -05:00
cbae9be5b5
Extract Msf::Module::UUID
...
MSP-11126
2014-10-17 11:31:56 -05:00
a59e635913
Extract Msf::Module::Author
...
MSP-11126
2014-10-17 11:17:12 -05:00
9f32cbd476
Use :: to force top-level constant resolution
...
MSP-11152
When `Msf::DBManager::Import::MetasploitFramework` is included in
`Msf::DBManager::Import`, it's child namespace of
`Msf::DBManager::Import::MetasploitFramework::Zip becomes resolvable as
`Zip` in `Msf::DBManager::Import` methods, so need to use `::Zip` to
cause `Zip` to be resolved from rubyzip gem.
2014-10-17 10:15:59 -05:00
13923a8ca5
Fully-qualify Msf::DBImportError
...
MSP-11152
Constant was unqualified in some of the reorganized Msf::DBManager code
because that code was take advantage of the old nested lexical scope
that included `Msf`.
2014-10-17 09:29:01 -05:00
e822920298
Msf::Module::Author -> Msf::Author
...
MSP-11126
`Msf::Module::Author` was already aliased to `Msf::Author`. This just
moved `Msf::Module::Author` to that alias to free up
`Msf::Module::Author` so it can be used for a concern for
`Msf::Module`'s author methods.
2014-10-17 08:59:54 -05:00
b5039c3817
Extract Msf::Module::Network
...
MSP-11126
2014-10-16 15:51:59 -05:00
2e538bd72d
Extract Msf::Module::Search
...
MSP-11126
2014-10-16 15:27:54 -05:00
7743fdb2f9
Extract Msf::Module::FullName
...
MSP-11126
2014-10-16 15:24:59 -05:00
8fdae8fbfb
Move protocol and lifetime to mixin, use correct map_target if CHOST
2014-10-16 13:24:17 -07:00
0e53548c82
Extract Msf::Target
...
MSP-11126
2014-10-16 15:13:18 -05:00
e5cc456be7
Extract Msf::Platform
...
MSP-11126
2014-10-16 15:11:59 -05:00
27c006a8f9
Extract Msf::SiteReference
...
MSP-11126
2014-10-16 15:09:55 -05:00
9981271e2a
extract Msf::Reference
...
MSP-11126
2014-10-16 15:03:21 -05:00
c8730ca55b
Extract Msf::Author
...
MSP-11126
2014-10-16 14:59:15 -05:00
fe5ffa9cec
Standardize on autoload over require
...
MSP-11126
Standardize on autoload to prevent trying to use colliding names for
included Module with Modules/Classes just under the namespace.
2014-10-16 14:58:08 -05:00
d5c7a50e86
Extract Msf::Module::Rank
...
MSP-11126
2014-10-16 14:39:33 -05:00
e6f442697b
Extract Msf::Module::Type
...
MSP-11126
2014-10-16 14:23:21 -05:00
e418f98d45
arch -> Msf::Module::Arch
...
MSP-11126
2014-10-16 13:21:11 -05:00
44b2e5e35c
Extract Msf::Module::Arch
...
MSP-11126
2014-10-16 13:14:56 -05:00
31c93e9dbc
Extract Msf::Module::ModuleInfo
...
MSP-11126
2014-10-16 13:01:42 -05:00
c503e8a3d8
Merge branch 'landing/4026' into upstream-master
...
Land #4026
* db.rb (DBManager) now in multiple files
* Cucumber coverage for DB-related msfconsole commands
2014-10-16 11:52:57 -05:00
f9caa4d25e
Extract Msf::Module::Options
...
MSP-11126
Methods for registering, derigsterings, and validating options.
2014-10-16 11:14:42 -05:00
c50cb2eb8a
Extract Msf::Module::UI::*::Verbose and shared examples
...
MSP-11126
2014-10-16 10:05:45 -05:00
a9a6f0c5f9
Extract Msf::Module::UI::Line
...
MSP-11126
2014-10-16 09:50:07 -05:00
bc2bd99698
Extract Msf::Module::UI::Message
...
MSP-11126
2014-10-16 09:39:30 -05:00
f5d09f735e
Extract Msf::Module::Compatibility
...
MSP-11126
2014-10-16 09:14:57 -05:00
85169d5e8d
Extract Msf::Module::DataStore
...
MSP-11126
2014-10-16 09:03:23 -05:00
f068d669d6
Extract Msf::Module::ModuleStore
...
MSP-11126
2014-10-16 09:03:07 -05:00
370daaed5e
Extract Msf::Module::Failure
...
MSP-11126
Move `Msf::Module::Failure` to a file of its own.
2014-10-16 09:02:55 -05:00
62be638258
Add 'Auto' to tcp.rb as well.
2014-10-15 16:01:42 -05:00
3a9c2f95c9
Add magic encoding to new files
2014-10-15 14:23:34 -05:00
2986031db5
Move SMBServer into its own file
2014-10-15 14:22:23 -05:00
1064488ada
Whitespace
2014-10-15 14:21:39 -05:00
9456506e3d
Merge branch 'master' into feature/MSP-11124/msf-dbmanager-reorg
...
MSP-11124
2014-10-15 14:08:55 -05:00
1f7ad1cac9
unserialize_object -> Msf::DBManager::Import::MetasploitFramework
...
MSP-11124
2014-10-15 14:03:18 -05:00
bed98fe43b
nils_for_nulls -> Msf::DBManager::Import::MetasploitFramework
...
MSP-11124
2014-10-15 13:59:03 -05:00
ac30990177
Move libpcap helpers to Libpcap module
...
MSP-11124
2014-10-15 13:55:24 -05:00
7aed88f11b
Extract Msf::DBManager::Import::Report
...
MSP-11124
2014-10-15 13:51:57 -05:00
e5e051c905
Extract Msf::DBManager::Import::Wapiti
...
MSP-11124
2014-10-15 13:42:54 -05:00
e65a386d3d
Extract Msf::DBManager::Import::Spiceworks
...
MSP-11124
2014-10-15 13:37:35 -05:00
a762d871bf
Autonegotiate SSL/TLS versions when not explicit
2014-10-15 13:26:40 -05:00
dfe690ac52
Extract Msf::DBManager::Import::Retina
...
MSP-11124
2014-10-15 13:23:12 -05:00
8af280b1cb
Extract Msf::DBManager::Import::Outpost24
...
MSP-11124
2014-10-15 13:16:11 -05:00
eff95221da
Order methods
...
MSP-11124
2014-10-15 13:14:20 -05:00
cf555e2390
Extract Msf::DBManager::Import::OpenVAS
...
MSP-11124
2014-10-15 13:11:49 -05:00
5d6044786a
Extract Msf::DBManager::Import::Nmap
...
MSP-11124
2014-10-15 13:06:28 -05:00
cf3a3a0d65
Move nexpose requires to appropriate module
...
MSP-11124
2014-10-15 12:54:30 -05:00
16f143c2ed
Extract Msf::DBManager::Import::Nikto
...
MSP-11124
2014-10-15 12:51:16 -05:00
e64a14c748
Extract Msf::DBManager::Import::Nexpose::Simple
...
MSP-11124
2014-10-15 12:40:04 -05:00
c4d1a4c7dc
Revert #4022 , as the solution is incomplete
...
Revert "Land 4022, datastore should default TLS1 vs SSL3"
This reverts commit 4c8662c6c10937f32ff9
2014-10-15 12:32:08 -05:00
2b861f91e9
Extract Msf::DBManager::Import::Nexpose::Raw
...
MSP-11124
2014-10-15 11:59:03 -05:00
c371eab26a
Extract Msf::DBManager::Import::Netsparker
...
MSP-11124
2014-10-15 11:46:38 -05:00
a73b0e2283
Move requires for nessus parses to appropriate module
...
MSP-11124
2014-10-15 11:42:00 -05:00
b43035145d
Move nessus helper function to closest module
...
MSP-11124
2014-10-15 11:39:23 -05:00
aae6dc9066
Extract Msf::DBManager::Import::Nessus::XML::V*
...
MSP-11124
Extract different versions of Nessus XML format.
2014-10-15 11:34:37 -05:00
a0494b2eeb
Extract Msf::DBManager::Import::Nessus::XML
...
MSP-11124
2014-10-15 11:27:23 -05:00
0c861848bc
Extract Msf::DBManager::Import::Nessus::NBE
...
MSP-11124
2014-10-15 11:21:26 -05:00
d0d0c478aa
Extract Msf::DBManager::Import::MetasploitFramework::Credential
...
MSP-11124
2014-10-15 11:12:13 -05:00
46a2c47dfe
Extract Msf::DBManager::Import::MetasploitFramework::Zip
...
MSP-11124
2014-10-15 10:59:41 -05:00
1754b23ffb
Datastore options should default to TLS1, not SSL3
...
Otherwise, we risk getting our connections killed by particularly
aggressive DPI devices (IPS, firewalls, etc)
Squashed commit of the following:
commit 5e203851d5c9dce1fe984b106ce3031a3653e54b
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Wed Oct 15 10:19:04 2014 -0500
Whoops missed one
commit 477b15a08e06e74d725f1c45486b37e4b403e3c2
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Wed Oct 15 10:16:59 2014 -0500
Other datastore options also want TLS1 as default
commit 8d397bd9b500ff6a8462170b4c39849228494795
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Wed Oct 15 10:12:06 2014 -0500
TCP datastore opts default to TLS1
Old encryption is old. See also: POODLE
2014-10-15 10:28:53 -05:00
65885c8cc8
MsfXml -> MetasploitFramework::XML
...
MSP-11124
2014-10-15 10:25:42 -05:00
ac9a593b43
import_msf_file -> Msf::DBManager::Import::MsfXml
...
MSP-11124
2014-10-15 10:02:42 -05:00
d870188377
Extract Msf::DBManager::Import::MBSA
...
MSP-11124
2014-10-15 09:54:03 -05:00
f29408680f
Extract Msf::DBManager::Import::Libpcap
...
MSP-11124
2014-10-15 09:48:23 -05:00
jvazquez-r7
sinn3r
Tod Beardsley
William Vu
Spencer McIntyre
Trevor Rosen
HD Moore
Sean Verity
Brent Cook
Meatballs
James Lee
Luke Imhoff
Jon Hart
Fernando Arias
Joe Vennix
floyd
Julio Auto
Joshua Smith
Tom Sellers
Matias P. Brutti
agix
scriptjunkie
Tim Wright