Commit Graph

3329 Commits (d79f8b04928acb0bb3fe974e0259b2303058a5fb)

Author SHA1 Message Date
James Lee c0e9825565 Whitespace and a typo 2012-02-03 14:10:17 -07:00
David Maloney b914a97359 Fixes to a bunch of fucntions to work on more complex vmware setups
VM Enuemration now appears to work against VCenter
2012-02-03 14:17:35 -06:00
Tod Beardsley af506240cf http_fingerprint reports service info
Service info once again is reported when http_fingerprint is run against
a target, along with http status codes.
2012-02-03 12:15:11 -06:00
Tod Beardsley 786d75493c Fix up VMWware webscan to not false positive
Checks to see if a target is actually vmware based on the provided
cookie, using the http_fingerprint() function from HttpClient.

[Fixes #6340]
2012-02-02 22:19:57 -06:00
Marcus J. Carey e70f9151e5 Merge remote-tracking branch 'upstream/master' 2012-02-02 07:13:03 -06:00
David Maloney 3f48e626a2 Adding a bunch of new VIM API auxiliary stuff
Work in progress.
2012-02-01 12:05:20 -06:00
HD Moore 46d40b89a5 Make sure at least one character is returned 2012-02-01 02:08:26 -06:00
sinn3r 187f630283 Merge branch 'netrc-creds' of https://github.com/jhartftw/metasploit-framework into jhartftw-netrc-creds 2012-01-31 22:45:47 -06:00
Maciej Kotowicz 01d6903c76 fix few mistakes 2012-01-31 22:01:52 +01:00
HD Moore 77c986948c Proper fix for IPv6 postgresql connections 2012-01-31 02:08:02 -06:00
HD Moore a74cf1ee10 Missing argument 2012-01-31 01:49:42 -06:00
HD Moore 52004b1e33 A little more cleanup for IPv6 in HTTP mixins 2012-01-31 01:44:03 -06:00
HD Moore 32f2d6754c Handle ipv6 addresses, choose more obvious 'bad' password for
fingerprinting
2012-01-31 00:32:54 -06:00
sinn3r b96beb0680 Correct regex syntax. Also some whitespace fix. 2012-01-30 15:49:06 -06:00
Jon Hart 37d467ea79 Loot .netrc files, generic enum_user_directories 2012-01-29 14:03:57 -08:00
Carlos Perez 5acc0c62d2 Have the the load command also look at the ~/.msf4/plugins folder 2012-01-29 15:03:18 -04:00
sinn3r 41ca655d86 Merge pull request #135 from scriptjunkie/master
Allow RPC clients to discover supported encoding formats.
2012-01-28 18:43:05 -08:00
scriptjunkie 086b2e4bf7 Allow RPC clients to discover supported encoding formats. 2012-01-28 15:46:17 -05:00
HD Moore a2d20e25d3 Fix a regression in the workspace inclusion code (only affected
non-DB-connected instances). Add a PCA UDP scanner
2012-01-27 12:36:13 -06:00
sinn3r ac582cd0fc Change the error handling message for read_file_meterpreter(), because this one is easier to understand 2012-01-27 02:17:09 -06:00
sinn3r 3f4dbd9df6 Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework 2012-01-27 01:58:42 -06:00
Stephen Haywood efda420e5f Updates to enum_artifacts 2012-01-26 19:35:39 -05:00
Tod Beardsley 33c53b1f3f Updates vm checking 2012-01-26 13:02:39 -06:00
David Maloney 31f6c4dfff http_fingerprint now reports website isntead of just a service
fixes #6277
2012-01-26 11:05:06 -06:00
Maciej Kotowicz 87e7b10b2d `advance` linux x64 payloads 2012-01-26 01:09:35 +01:00
Maciej Kotowicz fe2caf2fe4 `advance` linux x64 payloads 2012-01-26 00:51:06 +01:00
Marcus J. Carey 9b320fa6f3 Update lib/msf/ui/banner.rb 2012-01-24 23:07:38 -06:00
Marcus J. Carey b135446cc6 Update lib/msf/ui/banner.rb 2012-01-24 23:06:24 -06:00
Marcus J. Carey 79ff641f4d adding new comic strip banner logo 2012-01-24 23:01:48 -06:00
scriptjunkie ee2823d23b Compatibility - don't assign LongPtr to Long on x64 2012-01-23 22:17:28 -05:00
Tod Beardsley 31dea3844e Reintroduces chao-mu's OptRegexp
Revert "Revert "Merge pull request #101 from chao-mu/master""

[See #101]

This reverts commit c5ce575543.
2012-01-23 14:21:19 -06:00
scriptjunkie c5590a6c40 Add x64 support to VBA in-mem shellcode execution. 2012-01-23 12:43:47 -05:00
scriptjunkie c6f66f6bb4 Add in-memory shellcode execution via VBA macro.
Keep old embedded exe method as 'vba-exe'.
2012-01-22 07:23:21 -05:00
scriptjunkie 9d7591467f Fix "failed to generate" error when passing a preferred encoder to "payload.generate" method using RPC from, for example, the GUI on Windows.
framework.encoders[reqs['Encoder']] returns nil when, for example, reqs['Encoder'] is in UTF-8 encoding and the corresponding key of the framework.encoders hash in US-ASCII encoding.
2012-01-20 21:06:53 -06:00
sinn3r 955b02e227 Allow 'port' option in module searching (idea originally from Brandon Perry's blog) 2012-01-18 11:19:37 -06:00
Tod Beardsley c5ce575543 Revert "Merge pull request #101 from chao-mu/master"
Reverting the OptRegexp commit from chao-mu. Before committing to
master, this option type needs to be tested on the various mainstream
UI's (Metasploit Pro, msfgui, and Armitage) to see if they behave
as reasonably as msfconsole. Each UI tends to handle option setting,
passing, and display in their own special way.

This should make it back in by Wednesday, assuming all goes well.

[See #101]

This reverts commit 84db5a21fc, reversing
changes made to 24aaf85a1b.
2012-01-17 15:33:47 -06:00
Tod Beardsley cfca791480 Version info toggle for git vs svn checkouts
Version numbers are kind of meaningless in git development branches, but
are reportedly useful for SVN checkouts.

[See #6254]
2012-01-17 14:35:33 -06:00
Tod Beardsley 84db5a21fc Merge pull request #101 from chao-mu/master
Created Regexp option type
2012-01-14 07:25:50 -08:00
Tod Beardsley 4ac6c0c3ee A great big pile of fixes to the ssh scanners
Not sure how this managed to fall out of master -- some of these fixes
are five days old, and should certianly have been merged in prior to
just now.
2012-01-13 13:49:21 -06:00
chao-mu b6b49ad672 Merge remote branch 'upstream/master' 2012-01-12 19:40:24 -05:00
chao-mu a8a3d4d2c7 Updatted railgun_reverse_lookups test module to use the new regex options. Corrected spelling mistake in a variable name (my editor ate a p) 2012-01-12 19:39:05 -05:00
sinn3r 02bd1f3407 Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework 2012-01-12 17:06:14 -06:00
Stephen Haywood 8d19bca2a9 Added remote digest methods 2012-01-12 12:47:29 -05:00
Tod Beardsley 5f121fe181 Workaround postgresql.fingerprint dlog message
Came up as a concern, this special-cases notes of
"postgresql.fingerprint". Not thrilled with this fix, though.
2012-01-11 13:17:21 -06:00
David Maloney ed0dbad243 Fix to MSSQL Ping that returns ALL known isntances onstead of jsut the first one.
Fixes #6066
2012-01-10 12:32:47 -08:00
chao-mu b23b7b8a88 Adds support for a regular expression based Option (RegexpOpt). Also introduced a method to OptBase called display_value which returns the value to be displayed to the user. 2012-01-10 09:22:14 -05:00
James Lee 753ddb27c5 Make all the EXE options OptPath 2012-01-10 03:36:47 -07:00
James Lee 1eb4900102 Make EXE::Custom an OptPath so it can be tab'd 2012-01-10 03:25:13 -07:00
Tod Beardsley 9e78eff968 Merge pull request #96 from chao-mu/master
Updates to Railgun

[Fixes #6128] among other things.
2012-01-09 06:43:02 -08:00
Tod Beardsley badf62d8e0 Add back in ssh_key_matches?() 2012-01-08 22:45:00 -06:00
Tod Beardsley a1668f2b23 Adds SSHKey gem and some other ssh goodies
Pubkeys are now stored as loot, and the Cred model has new and exciting
ways to discover which pubkeys match which privkeys.

Squashed commit of the following:

commit 036d2eb61500da7e161f50d348a44fbf615f6e17
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 22:23:32 2012 -0600

    Updates ssh credentials to easily find common keys

    Instead of making the modules do all the work of cross-checking keys,
    this introduces a few new methods to the Cred model to make this more
    universal.

    Also includes the long-overdue workspace() method for credentials.

    So far, nothing actually implements it, but it's nice that it's there
    now.

commit c28430a721fc6272e48329bed902dd5853b4a75a
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 20:10:40 2012 -0600

    Adding back cross-checking for privkeys.

    Needs to test to see if anything depends on order, but should
    be okay to mark up the privkey proof with this as well.

commit dd3563995d4d3c015173e730eebacf471c671b4f
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 16:49:56 2012 -0600

    Add SSHKey gem, convert PEM pubkeys to SSH pubkeys

commit 11fc363ebda7bda2c3ad6d940299bf4cbafac6fd
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 13:51:55 2012 -0600

    Store pubkeys as loot for reuse.

    Yanked cross checking for now, will drop back in before pushing.

commit aad12b31a897db2952999f7be0161df1f59b6000
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 02:10:12 2012 -0600

    Fixes up a couple typos in ssh_identify_pubkeys

commit 48937728a92b9ae52d0b93cdcd20bb83f15f8803
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sat Jan 7 17:18:33 2012 -0600

    Updates to ssh_identify_pubkeys and friends

    Switches reporting to cred-based rather than note-based, accurately deal
    with DSA keys, adds disable_agent option to other ssh modules, and
    reports successful ssh_login attempts pubkey fingerprints as well.

    This last thing Leads to some double accounting of creds, so I'm not
    super-thrilled, but it sure makes searching for ssh_pubkey types a lot
    easier.... maybe a better solution is to just have a special method for
    the cred model, though.
2012-01-08 22:28:37 -06:00
chao-mu f7a9518944 In railgun mixin, "error_lookup" has been renamed "lookup_error" and now accepts a filtering regular expression. ::BUILTIN_DLLS instead of .builtin_dlls 2012-01-08 17:18:34 -05:00
chao-mu f9d123a8c8 Merge remote branch 'upstream/master' 2012-01-07 19:06:51 -05:00
James Lee c2406e0e65 Fix whitespace at EOL 2012-01-06 21:13:17 -07:00
James Lee c35c7f5fab Add tab completion for pushm
[See #6165]
2012-01-06 21:10:59 -07:00
chao-mu bd52f228a0 Merge remote branch 'upstream/master' 2012-01-06 20:27:53 -05:00
David Maloney 54bca49ef9 Slightly better fix to the digest request header issue 2012-01-05 12:25:32 -08:00
David Maloney e61b4ed65c Fixed issue with send_digest_request_cgi not keeping user supplied headers. 2012-01-05 12:02:21 -08:00
chao-mu 3772f56260 Am making use of platform_util.rb's platform symbols for standardization across railgun. Ideally only platform_util.rb will need to know what platform strings look like and how they are represented in the railgun world. Corrected railgun.rb mixin's pointer_size function. 2012-01-04 22:28:20 -05:00
chao-mu 6db2da1f76 module Rex
module Post
module Meterpreter
module Extensions
module Stdapi
module Railgun
module Type
module PlatformUtil

	X86_64 = :x86_64
	X86_32 = :x86_32

	def self.parse_client_platform(meterp_client_platform)
		meterp_client_platform =~ /win64/ ? X86_64 : X86_32
	end

end # PlatformUtil
end # Type
end # Railgun
end # Stdapi
end # Extensions
end # Meterpreter
end # Post
end # Rex
2012-01-04 22:11:09 -05:00
chao-mu d46379dda2 Merge remote branch 'upstream/master' 2012-01-04 19:32:06 -05:00
Tod Beardsley 164c80d496 Adding a comment doc to the shadowcopy lib.
Citing Tim Tomes and Mark Baggett
2012-01-04 12:03:13 -06:00
chao-mu b9b5b1e66f Merge remote branch 'upstream/master' 2012-01-02 20:07:50 -05:00
David Maloney dd0b07b2cc Adds mixin and post modules to manipulate Volume shadowcopy Service(VSS) 2011-12-30 15:03:04 -08:00
Joshua Smith 29b6d0d1e3 Adds previous, pushm, popm to msfconsole
Adds the ability to set and use a stack of modules, and to easily switch
between the last two modules used.

[Fixes #6165][Closes #84]
Squashed commit of the following:

commit e41e7f704888b1ce5ad5f23caeee1de13052e3d5
Author: Joshua Smith <kernelsmith@kernelsmith.com>
Date:   Mon Dec 26 15:52:08 2011 -0500

    pushm/popm working great, let me know if you find bugs

commit 23da8d56ea08ca196e649431e8188b4f29ba97b9
Author: Joshua Smith <kernelsmith@kernelsmith.com>
Date:   Mon Dec 26 14:37:18 2011 -0500

    Adds the 'previous' command to msfconsole which will load the previously active module as the currently active module, adds @previous_module as a class variable
2011-12-30 15:30:55 -06:00
andurin 898df592be Fix2 rpc exception handling
HD suggested a small tweak to use error_code OR res.code for the raise
2011-12-30 07:05:26 +01:00
andurin 7b4de2380f Small fix: RPC client exception handling
IMHO rpc client should transform the error code from Msf::RPC::Exception
into it's own Msf::RPC::ServerException and should not take the msgpack
response code.

In deep:
I ran into a '401 invalid auth token' after a token timeout (300s).
RPC Daemon raised a 401 - invalid auth token as expected but rpc client
transformed it to a '200 - invalid auth token' using the successful http
transaction to transport the exception.
2011-12-30 05:44:26 +01:00
Tod Beardsley bc22b7de99 MSFConsole should display hostless loot, also typo fix.
Fixes the console to display loot not associated with a host, as when
the CorpWatch modules save loot. Also fixes a typo on
corpwatch_lookup_id.rb

Fixes #6177
2011-12-29 15:11:15 -06:00
Tod Beardsley 78da15ed15 Always check for the current workspace when calling Report#myworkspace().
Fixes #6175
2011-12-29 13:48:05 -06:00
chao-mu ebe461cce7 Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2011-12-28 20:14:01 -05:00
David Maloney 3bb2b5b7fd Fixed typo in validation routine 2011-12-28 09:40:36 -08:00
David Maloney 9e1e87508f Fix to boundary validation for when no db is present
Fixes #6171
2011-12-28 08:47:22 -08:00
chao-mu 5560c6b17e Moved and adapted code relating to looking up constant names by constant value 2011-12-28 00:40:08 -05:00
chao-mu ffcf5af9b0 Merge remote branch 'upstream/master' 2011-12-27 22:06:51 -05:00
David Maloney 9b995bc0a5 Adds boundary validation to the framework
enforces boudnary checking on netbios probes
2011-12-27 11:33:52 -08:00
chao-mu 1604162ba3 A place to add railgun convenience code for use in modules 2011-12-24 15:59:46 -05:00
Tod Beardsley b6d56e8410 Fixes VBS executable creator util
Fixes #6152, using booleans instead of ints.

Tip o' the hat to cloder for the MSDN ref:
http://msdn.microsoft.com/en-us/library/aa265018%28v=vs.60%29.aspx

Tested works on winxp and win7 targets via the persistence meterpreter
script.
2011-12-22 13:13:34 -06:00
Joshua Smith 5166bdcb01 initial, working resource file tab completion, completes from <install_dir>/scripts/resource, see redmine no. 4611 2011-12-15 17:27:52 -05:00
Jonathan Cran 6165b7a1eb This commit adds a junit_success method, which can be called to
generate a test case success xml. This is necessary for the parser to
recognize that tests were indeed run.
2011-12-13 21:13:31 -06:00
HD Moore cb94b92e9c What in nine hells was this. 2011-12-13 16:04:25 -06:00
HD Moore f38a794b1c Convert ` to ' 2011-12-13 16:02:23 -06:00
HD Moore cfa128a2c8 Show the actual module name in the stack trace (instead of eval) 2011-12-13 09:47:37 -06:00
HD Moore 1d244c4b27 Return the URL in the correct format from the model 2011-12-11 13:50:21 -06:00
HD Moore 17cc89ebad Add IPv6 specific HTTP(S) handlers and payloads (simplifies
options/usage)
2011-12-11 13:26:48 -06:00
HD Moore 8e01312d0f Formatting 2011-12-10 13:27:47 -06:00
HD Moore e33ca5a7ba Small typo fix 2011-12-10 13:26:47 -06:00
HD Moore e46745b761 Add support for link-local scopes 2011-12-10 13:24:58 -06:00
HD Moore 9c887eb457 Fix displayed host name for IPv6 targets 2011-12-10 13:24:58 -06:00
HD Moore e3f121929c Accept IPv6 addresses in the return if getaddress 2011-12-10 13:24:58 -06:00
David Maloney d939e33f1e Allows for Loot and Tasks to be imported from an MSF ZIP.
This should bring any loots and tasks along with
everything else when doing an improt from an MSF ZIP file.
2011-12-05 22:30:34 -05:00
HD Moore 18e9b99e72 Fix permission (octal not decimal) 2011-12-05 16:49:16 -06:00
HD Moore 4748bf70cd Use octal mode, duh 2011-12-05 13:07:36 -06:00
HD Moore 89caed444b Add a helper method for modules to indicate IPv6 compatibility 2011-12-05 13:07:36 -06:00
HD Moore 5362e0cd24 Accept IPv6 addresses into the database routines, start flushing out
incompatibilities.
2011-12-05 13:07:36 -06:00
HD Moore 4829968107 Purge the old RPC API 2011-12-05 13:07:25 -06:00
HD Moore f673b02308 Remove references to address6 2011-12-05 13:07:25 -06:00
HD Moore 27974c4c27 Merge branch 'master' of github.com:rapid7/metasploit-framework into fastlib
Conflicts:
	modules/auxiliary/scanner/http/axis_login.rb
	modules/exploits/multi/http/axis2_deployer.rb
	modules/post/multi/gather/thunderbird_creds.rb
	modules/post/windows/gather/credentials/imvu.rb
	msfopcode
2011-12-03 14:07:09 -06:00
David Maloney 1db9177583 Revert "Merge pull request #22 from scriptjunkie/multithread"
This reverts commit 4f76f3bbb8, reversing
changes made to e72dad4e81.
2011-12-02 13:35:43 -05:00
HD Moore 424901b4b6 Change the encapsulation method to allow multiple methods without
conflict
2011-12-02 02:02:55 -06:00
HD Moore 4f76f3bbb8 Merge pull request #22 from scriptjunkie/multithread
RPC multithreading
2011-12-01 23:43:32 -08:00
HD Moore 626389f5ba No longer track module archive paths, since the manager will load them from the main dir 2011-11-28 22:27:21 -06:00
HD Moore 591ef73f7d Merge in updated module_manager that loads all .fastlibs 2011-11-28 22:24:27 -06:00
Tod Beardsley ac33e55df5 Allow hyphens for fnames and ltypes for fileformat exploits 2011-11-28 19:16:30 -06:00
Tod Beardsley 44a47f9913 Fixing up OWA bruteforce module to conform with the usual print_status
messages.
2011-11-28 13:31:54 -06:00
David Maloney d8cd16eb65 Typo in report_auth_info
that caused snmp creds to fail reporting.
fixes #6015
2011-11-26 17:57:46 -08:00
HD Moore f714591b92 Purge the new version code, it triggers a stack and is a massive performance hit 2011-11-23 23:05:51 -06:00
Tod Beardsley 8ab41013d1 Updating the version information to check the SVN metadata first. 2011-11-23 23:05:51 -06:00
HD Moore 4285651455 Purge the new version code, it triggers a stack and is a massive performance hit 2011-11-23 14:32:38 -06:00
Tod Beardsley 94edf3a8ec Updating the version information to check the SVN metadata first. 2011-11-22 18:33:44 -06:00
David Maloney c4db49cccc Fixes issues with telnet bruteforcing where prompts were not
being recognized properly.
2011-11-22 00:06:58 -06:00
David Maloney 7d626e3ad1 Fixes issues with telnet bruteforcing where prompts were not
being recognized properly.
2011-11-21 14:07:30 -08:00
HD Moore 7059e20315 Add support for .fastlib module archives to the module manager 2011-11-21 15:58:19 -06:00
James Lee bf105f48cb massive removal of spaces at EOL and some bad tabs 2011-11-20 12:32:06 +11:00
James Lee 9261d8ec25 spaces at EOL in base 2011-11-20 12:11:40 +11:00
James Lee e7a545c483 spaces at EOL in core stuff 2011-11-20 12:10:08 +11:00
James Lee 79c2264263 more spaces at EOL and bad tabs 2011-11-20 12:05:14 +11:00
James Lee aeeed02eee more spaces at EOL 2011-11-20 12:01:19 +11:00
James Lee 441c5a22ab more spaces at EOL 2011-11-20 12:00:07 +11:00
James Lee 4ac21afcbc more spaces at EOL 2011-11-20 11:59:28 +11:00
Tod Beardsley 55367fad4f Merge pull request #25 from rapid7/post_module_sudo
Post module sudo
2011-11-18 06:30:40 -08:00
Tod Beardsley d8b77564ef Tidying up, fixing csh echo behavior 2011-11-17 16:29:02 -06:00
Tod Beardsley 9878517f80 Cleanup and light refactoring, deal with slowpoke linux telnet cmd_exec() 2011-11-17 13:19:13 -06:00
scriptjunkie c4eb32d2ff Add an optional multithreading to stream server, and enable multithreading (one thread per client) to the RPC server. 2011-11-17 08:07:34 -08:00
Tod Beardsley 93a133d5de Always try both export and setenv. Fixups to allow for correct reading from echoy nix shells. Fixes is_root? to not treat an empty string as 0 2011-11-16 16:48:19 -06:00
Wesley Cate b923d952b3 module.execute() now returns a 'uuid' element which can be cross-referenced with the 'exploit_uuid' element returned in each entry in session.list.
this was hdm's preferred solution.
2011-11-15 18:36:45 -05:00
David Maloney 6306f8888a Fix to the username normalisation routine to deal with creds that
have no username (i.e. VNC)
2011-11-15 08:52:18 -08:00
David Maloney c8142043e9 Fixes to credential handling to downcase usernames whenever they are not case sensitive.
Also report_auth_info now checks to see if a non-case sensitive version of the cred
may already exist.
2011-11-14 22:50:52 -08:00
andurin 97f62d955f Fixed very small typo 2011-11-14 11:19:16 +01:00
James Lee 16f0d6cbee Fix a misplaced comma in a comment 2011-11-14 16:06:45 +11:00
James Lee 8ac4479b13 Use railgun for deleting services.
The registry method will make Windows to delete it on reboot, but this
causes it to happen right away.
2011-11-13 21:05:40 -07:00
HD Moore 7757a2df63 Make sure we wait at least half a second for a 401 reply 2011-11-13 12:54:48 -06:00
HD Moore 69fb9aa5b1 Make brute forcing of the XMLRPC/MSGPACKRPC services less rewarding through random delays. 2011-11-13 12:45:48 -06:00
James Lee 69cd56ed42 Merge branch 'master' of github-r7:rapid7/metasploit-framework 2011-11-12 15:15:38 -07:00
James Lee f7ff350ebb doesn't work without backslashes 2011-11-12 15:15:09 -07:00
James Lee 07e170f4e4 Add a server argument to the service management methods. Allows
creating/starting/stopping services on another machine using the current
session's token for authentication.
2011-11-12 14:40:15 -07:00
HD Moore f4e42420ad Small change to abstract the actual source read 2011-11-12 14:48:11 -06:00
David Maloney 4eb80b5ee4 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-11 17:20:47 -08:00
David Maloney e3f6756e18 Quick fix to import to prevent services from being imported without a port. 2011-11-11 17:19:26 -08:00
James Lee 03f51793c2 Store john.pot in the user's config directory instead of in an
arch-specific dir under data/
2011-11-11 11:09:42 -07:00
Tod Beardsley 40614a3cf4 Merge branch 'iss5454' 2011-11-11 11:26:05 -06:00
Tom Samstag 7b7413d85e Bash format for msfencode/msfvenom
This patch adds a Bash output format for msfencode and msfvenom. This is especially useful for local exploitation with shellcode in an environment variable.
Example output:

$ echo 'this is a test' | ./msfvenom -f bash
[-] Using X86 architecture and Windows platform for stdin payload to change use -a and --platform
export buf=\
$'\x74\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74'\
$'\x0a'

It adds unit tests for the new format and also fixes a unit test that was broken (assert_equal 'AAAAAAAAA', Rex::Text.pattern_create(9,['A'])) due to a bug in the shortcut in pattern_create.
2011-11-11 00:13:17 -08:00
David Maloney a4d67f26c5 Merge branch 'iss5426' 2011-11-10 19:00:52 -08:00
David Maloney e82c3ad486 Fixes #5426 2011-11-10 18:59:30 -08:00
HD Moore c30f328560 Purge code deprecated in the 4.1.0 release 2011-11-10 20:16:14 -06:00
HD Moore 6cf59fc695 Small tweak to test mirroring 2011-11-09 22:45:49 -06:00
HD Moore 818ece916f Add missing commit 2011-11-09 21:40:02 -06:00
Jonathan Cran 7885699ab1 rename the attribute to classname so parser doesn't barf
git-svn-id: file:///home/svn/framework3/trunk@14204 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-09 22:21:39 +00:00
HD Moore 2c47475aee This adds the ability for RC scripts to generate junit/xunit style XML output files for error conditions
git-svn-id: file:///home/svn/framework3/trunk@14203 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-09 21:32:48 +00:00
HD Moore 80652126b0 This change automatically sets +x permissions for cpuinfo and jtr if the install did not set them.
git-svn-id: file:///home/svn/framework3/trunk@14202 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-09 16:44:07 +00:00
HD Moore c504d295b2 Rescue EOFErrors by default as well (handle corner cases across a swath of modules)
git-svn-id: file:///home/svn/framework3/trunk@14200 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-09 06:10:10 +00:00
Matt Weeks fdf13e5e0e Fixes #5927
git-svn-id: file:///home/svn/framework3/trunk@14196 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 21:45:17 +00:00
Matt Weeks 4629c0867b Address #5887 and #5888 for RPC DB and msfgui
git-svn-id: file:///home/svn/framework3/trunk@14167 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-05 18:12:10 +00:00
HD Moore cd3c3daae1 Allow SkipDatabaseInit to be passed to new consoles to skip over DB initialization. Combined with r14161 this fixes #5902 by allowing this option to be passed down
git-svn-id: file:///home/svn/framework3/trunk@14164 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 22:25:09 +00:00
HD Moore d7199d243d This tweak allows a hash of options to be passed to console.create() and for this to bubble up to the WebConsole driver initialization
git-svn-id: file:///home/svn/framework3/trunk@14161 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 20:38:12 +00:00
David Maloney 131ffe4ab2 Fixed inconsistencies in how data was being passed to report_auth_info(). The command dispatcher and filezilla
server cred module both used the accessor :ptype but report_auth_info looks for :type. 

While ptype is what the db field is called, almsot everything else references :type so it is better
for consistency to keep everything at :type.

Fixes #5906



git-svn-id: file:///home/svn/framework3/trunk@14141 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-02 02:47:28 +00:00
Tod Beardsley 2a6b002054 Fixes #5338. Note that defined methods are always shared across bindings, no matter what. This patch allows for local variables and other locally-scoped things to behave the same way.
git-svn-id: file:///home/svn/framework3/trunk@14126 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 17:48:03 +00:00
Tod Beardsley 667175c650 Fixes #5797, adds an environment variable controlled top level directory for msf config goodies. Thanks Kurt Grutzmacher!
git-svn-id: file:///home/svn/framework3/trunk@14125 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 16:53:45 +00:00
HD Moore a4de179793 Bump versioning
git-svn-id: file:///home/svn/framework3/trunk@14121 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-30 05:09:20 +00:00
HD Moore e4695b21ec Correct the use of auth.logout and make some other items more consistent
git-svn-id: file:///home/svn/framework3/trunk@14105 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-28 22:47:26 +00:00
Carlos Perez 0fb9aad89e Typo
git-svn-id: file:///home/svn/framework3/trunk@14096 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-28 13:34:05 +00:00
Tod Beardsley 4b4ef45e33 Fixes #3538, adds store_local, changes the dest directory of all fileformat exploits, allows "save" to be passed to db_nmap to save scan results.
git-svn-id: file:///home/svn/framework3/trunk@14091 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-27 17:01:51 +00:00
HD Moore 993a56421e Version bumpwq
git-svn-id: file:///home/svn/framework3/trunk@14072 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 09:12:44 +00:00
James Lee 5ce859d3ad add tab completion to 'route remove'. this has bugged me for years.
git-svn-id: file:///home/svn/framework3/trunk@14065 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 16:54:21 +00:00
James Lee d218852f0a allow 'route del' as a synonym for 'route remove' since i can never remember to do it right; fix a bug with improper usage for cmd_route; add Prompt* to the list of known global options
git-svn-id: file:///home/svn/framework3/trunk@14063 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 16:31:35 +00:00
Tod Beardsley e014401977 See #3472, deleting some extraneous commenting about a TODO that WASDONE.
git-svn-id: file:///home/svn/framework3/trunk@14059 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 03:08:17 +00:00
Tod Beardsley 3d2e734ac1 Fixes #3472 with Jaime Filson's patch, with some extra pizzaz for reporting notes against the service, and reporting some notes as vulns as well.
See #5837 as well.



git-svn-id: file:///home/svn/framework3/trunk@14058 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 03:07:15 +00:00
James Lee b016d8944e whitespace at eol
git-svn-id: file:///home/svn/framework3/trunk@14056 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 00:13:32 +00:00
James Lee 06a3913910 print the number of loots deleted, fixes #5825, thanks CJR!
git-svn-id: file:///home/svn/framework3/trunk@14049 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 19:33:00 +00:00
James Lee 07b402f29b more whitespace, in HttpClient
git-svn-id: file:///home/svn/framework3/trunk@14044 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 04:58:59 +00:00
Jonathan Cran 78e507fe9b erb processing for RC files. Allows you to do more generic things w/ rc files:
<rc_file>
<%
rhost = "192.168.1.1"
smbuser = "test"
smbpass = "pass"
payload = "windows/meterpreter/reverse_http"
puts "This will happen while i preprocess an erb-enabled rc file" 
%>

use windows/smb/psexec
set RHOST <%= rhost %>
set SMBUser <%= smbuser %>
set SMBPass <%= smbpass %>
set PAYLOAD <%= payload %>
save

<ruby>
 puts "Now, i should print the system path while running the actual resource file! "
 puts ENV["PATH"]
 puts "end"
</ruby>

<%= puts "This will also happen when i preprocess too" %>

</rc_file>

which will give you output like this: 
<output>
[*] Processing /home/jcran/Desktop/test_erb_rc for ERB directives.
This will happen while i preprocess an erb-enabled rc file
This will also happen when i preprocess too
resource (/home/jcran/Desktop/test_erb_rc)> use windows/smb/psexec
resource (/home/jcran/Desktop/test_erb_rc)> set RHOST 192.168.1.1
RHOST => 192.168.1.1
resource (/home/jcran/Desktop/test_erb_rc)> set SMBUser test
SMBUser => test
resource (/home/jcran/Desktop/test_erb_rc)> set SMBPass pass
SMBPass => pass
resource (/home/jcran/Desktop/test_erb_rc)> set PAYLOAD windows/meterpreter/reverse_http
PAYLOAD => windows/meterpreter/reverse_http
resource (/home/jcran/Desktop/test_erb_rc)> save
Saved configuration to: /home/jcran/.msf4/config
[*] resource (/home/jcran/Desktop/test_erb_rc)> Ruby Code (115 bytes)
Now, i should print the system path while running the actual resource file! 
/home/jcran/.rvm/gems/ruby-1.9.4-p1/bin:/home/jcran/.rvm/gems/ruby-1.9.4-p1@global/bin:/home/jcran/.rvm/rubies/ruby-1.9.4-p1/bin:/home/jcran/.rvm/bin
end
msf  exploit(psexec) >
</output>




git-svn-id: file:///home/svn/framework3/trunk@14013 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-20 06:41:07 +00:00
HD Moore fadeada83c Bump this to 4.1.0-release (incoming!)
git-svn-id: file:///home/svn/framework3/trunk@13988 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 08:09:08 +00:00
HD Moore ef3c8aa70c Trailing slash is required after all
git-svn-id: file:///home/svn/framework3/trunk@13986 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 07:17:13 +00:00
Tod Beardsley 39ecc19546 Give a warning about an unreadable db config file.
git-svn-id: file:///home/svn/framework3/trunk@13982 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 21:41:22 +00:00
Tod Beardsley 3972fb1788 Just because you can't read database.yml shouldn't mean you crash.
git-svn-id: file:///home/svn/framework3/trunk@13981 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 21:23:59 +00:00
HD Moore 8a0eddc795 Handle closed_at in a consistent way as it applies to UTC (closes #5572)
git-svn-id: file:///home/svn/framework3/trunk@13955 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 19:03:59 +00:00
HD Moore 6d06ac3be1 Fixes #5405 by applying thelightcosine's patch
git-svn-id: file:///home/svn/framework3/trunk@13954 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 18:59:27 +00:00
HD Moore 729cfe713c Applies a patch from Kieth Faber that fixes #5080
git-svn-id: file:///home/svn/framework3/trunk@13951 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 09:58:18 +00:00
HD Moore cf8524b1b4 Fixes #5414 by applying Joshua Taylor's patch that corrects bad reference types
git-svn-id: file:///home/svn/framework3/trunk@13949 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 09:53:53 +00:00
HD Moore 62740172e4 Officially remove support for the buggy/non-functional MySQL backend
git-svn-id: file:///home/svn/framework3/trunk@13948 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 09:42:04 +00:00
James Lee 5c9ddb293d add a few comments to reduce the sanity-blasting-ness
git-svn-id: file:///home/svn/framework3/trunk@13942 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 00:17:13 +00:00
James Lee b615055c89 Fix a bug where we weren't actually trying to get the correct case for lm/ntlm hashes
git-svn-id: file:///home/svn/framework3/trunk@13927 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 04:35:06 +00:00
HD Moore 3c73c3c2f8 Pile of small bug fixes for the FTP server and mixin
git-svn-id: file:///home/svn/framework3/trunk@13924 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 23:07:09 +00:00
James Lee ceb095b189 add -R and -o to the creds command
git-svn-id: file:///home/svn/framework3/trunk@13921 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 02:46:03 +00:00
Tod Beardsley 550746e7c2 Adding a fingerprint for Metasploit. Turnabout is fair play and all.
git-svn-id: file:///home/svn/framework3/trunk@13918 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 01:32:46 +00:00
HD Moore 0ff7f17cba Cosmetic module and service name fixes
git-svn-id: file:///home/svn/framework3/trunk@13917 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 00:52:15 +00:00
HD Moore d0ab01d332 Bump the revision to match
git-svn-id: file:///home/svn/framework3/trunk@13916 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-13 23:41:52 +00:00
Carlos Perez f6d1fcd591 Add Cisco as a platform
git-svn-id: file:///home/svn/framework3/trunk@13914 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-13 22:41:48 +00:00
James Lee 4d56a8cad7 treat the user arg like a regex if it was given for a creds search; also, print the vulns help instead of creds help when the user types 'help vulns'
git-svn-id: file:///home/svn/framework3/trunk@13902 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 23:50:14 +00:00
Tod Beardsley d9ea38d553 I blame bannedit for all his unless unless talk lately.
git-svn-id: file:///home/svn/framework3/trunk@13893 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 21:34:03 +00:00
Tod Beardsley 153a73c75f Fixes #5684 by backing off of post module setup if we don't have enough of a meterpreter session to work with yet.
git-svn-id: file:///home/svn/framework3/trunk@13892 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 21:25:56 +00:00
HD Moore a2f4e5ea28 Make it clear that db_autopwn is deprecated
git-svn-id: file:///home/svn/framework3/trunk@13849 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 01:19:58 +00:00
Chao Mu 9575bb3780 Fixes #5639. added vprint_debug to module.rb alongside the other vprint_ methods. It calls print_debug when datastore['verbose']
git-svn-id: file:///home/svn/framework3/trunk@13840 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 05:34:30 +00:00
HD Moore 292aae8ab5 This small patch causes any input to RangeWalker that contains a host name to expand to all A records returned for that name. This allows RHOSTS to be set to a dns name that returns multiple addresses and for all addresses corresponding to the name to be tested.
git-svn-id: file:///home/svn/framework3/trunk@13837 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 01:07:51 +00:00
Jonathan Cran 1b4559199d add the ability to read an environment variable in an rc file. resolves #5334
git-svn-id: file:///home/svn/framework3/trunk@13820 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-06 00:02:51 +00:00
HD Moore 77c86a2406 Fix a couple cosmetic warnings
git-svn-id: file:///home/svn/framework3/trunk@13818 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-05 15:31:56 +00:00
Tod Beardsley f3663520f8 Deal with Windows 7 nexpose fingerprints a little better.
git-svn-id: file:///home/svn/framework3/trunk@13807 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-30 20:46:20 +00:00
Tod Beardsley b79f4324f9 Quick model for my new table
git-svn-id: file:///home/svn/framework3/trunk@13806 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-30 15:49:01 +00:00
HD Moore 616913c4c1 Handle situations where the user set LHOST to 0.0.0.0 in the handler by defaulting LHOST to our locally visible IP for the specific client. Solves some integration issues where 0.0.0.0 was accidentally used
git-svn-id: file:///home/svn/framework3/trunk@13782 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-23 17:04:24 +00:00
Tod Beardsley 00f21c08ae Fixes bug reported by Jérôme to the framework list.
git-svn-id: file:///home/svn/framework3/trunk@13776 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-23 01:22:00 +00:00
James Lee 7163710bcf fix a typo and some whitespace, fixes #5480. Thanks Kurt!
git-svn-id: file:///home/svn/framework3/trunk@13764 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-20 17:17:20 +00:00