Commit Graph

8129 Commits (dbdc558f0b2fda3f7d21d14987a74a6f24217b29)

Author SHA1 Message Date
Adam Cammack dbdc558f0b
Land #7776, don't log on harmless DB errors 2017-01-06 18:25:13 -06:00
David Maloney 2108913e77
target_host method had a name collision
this method appears to have been accidentaly overriding another
method causing sessions to never finish being established
2017-01-06 12:44:37 -06:00
William Vu 969df408c7
Land #7786, Microsoft Edge constant for HttpClient 2017-01-05 21:07:57 -06:00
Carter e85721113a Add Edge to constants 2017-01-04 22:20:42 -05:00
David Maloney 31d36d9112 if autotargeting fails fall back
fallback to the original first target if auto-targeting fails
2017-01-03 14:38:52 -06:00
David Maloney 5fd531028c ome minor guards and spec fixes
some minor conditional guards and spec fixes
2017-01-03 14:38:51 -06:00
David Maloney 2d5158403b add YARD docs to auto target methods
added YARD docs

MS-2325
2017-01-03 14:38:51 -06:00
David Maloney a61b92aa3e tweak target selection
the target selection actually adjust the datastore
as if a user selected the target, this prevents
a mismatch between the target and the target index

MS-2325
2017-01-03 14:38:51 -06:00
David Maloney 3d2957dff1 tying it all together
insert our autotarget routine into
the main target selection process

MS-2325
2017-01-03 14:38:50 -06:00
David Maloney 44830dfc54 prefer authour's target over ours
if the module authour added an automatic target
we skip our routine, to let the module's own automatic targeting
take over as it likely be better

MS-2325
2017-01-03 14:38:50 -06:00
David Maloney 1afc57da40 determine most precise filter
drop back to our most precise level of filtering

MS-2325
2017-01-03 14:38:50 -06:00
David Maloney 201b65e43d remaining os filtering
now can filter by os name and service pack
need to do final logic to turn that into an actual
target selection

MS-2325
2017-01-03 14:38:50 -06:00
David Maloney 05ac2ee6ed convert first stage to os_family
added the new os-family column to Host
so now we use that as our first stage filter
for targets

MS-2325
2017-01-03 14:38:49 -06:00
David Maloney 95d5c7a778 filtering by os_name
targets now filtered by OS name, but a little
more processing may be needed on this part because
it looks like what you'd expect in os_flavor gets jammed
into name instead

MS-2325
2017-01-03 14:38:49 -06:00
David Maloney 4060e63b89 add tests for auto target addition
tests to make sure we add auto targets only
in the appropriate conditions

MS-2325
2017-01-03 14:38:49 -06:00
David Maloney 84d5e42e4f start gearing up for testing
start getting auto-targeting test framework in place
so we can have unit tests for this behaviour

MS-2325
2017-01-03 14:38:45 -06:00
David Maloney 769d477e97 if no automatic target defined, add one
if an exploit does not have a defined automatic target
then we add one in for our fallback auto-targeting

MS-2325
2017-01-03 13:54:34 -06:00
Brent Cook 3808eebad8
Land #7704, Update jobs output to show TCP listener information 2017-01-02 15:44:49 -06:00
Brent Cook d9be9f3b2e
Land #7764, add to_handler command to launch a handler from the payload module 2017-01-02 15:40:38 -06:00
Brent Cook 35bb725f19 rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00
Brent Cook 225aaac8fd remove logging of expected exceptions in connection_established? method 2017-01-02 08:31:05 -06:00
William Vu 4264521354 Fix broken CVE reference and update links
Prefer HTTPS over HTTP, too.
2017-01-01 21:33:59 -06:00
William Vu 73d454387c
Fix #7765, additional fixes for history command
1. Really fix crash by restoring default behavior
2. Add whitespace padding to command number
3. Refactor logic a bit for clarity
2016-12-30 18:21:24 -06:00
William Vu 3ff74f019d
Fix #7765, history command fixes and improvements
1. Fix crash when no arguments are specified
2. Print history index starting at 1 like every shell
3. Fixed wording/phrasing
4. Fixed formatting/whitespace
2016-12-30 17:35:18 -06:00
h00die 2856facdf0
Land #7765, adds the history command to msfconsole 2016-12-30 14:54:32 -05:00
Luis Fontes e729254b4f minor tweaks
added dots to the end of lines,
checked val for nil before runing match
2016-12-30 19:30:01 +00:00
Luis Fontes f073e78838 replaced hardcoded value variable 2016-12-30 08:49:13 +00:00
William Vu 0321000ea7 Update Http mixin for opts[:ssl]
1. Add opts[:ssl]
2. Remove opts[:busybox]
3. Refactor logic
4. Remove resource_uri
2016-12-30 00:56:02 -06:00
William Vu 34d358b8d7 Update CmdStager with new toys 2016-12-30 00:56:02 -06:00
William Vu 58dd59fad5 Add Http mixin for CmdStager 2016-12-30 00:56:02 -06:00
Luis Fontes e7249742b3 Added the history command
Added the "history" command to see a list of commands used before.

```
msf exploit(handler) > history -n 4
2344  set PAYLOAD windows/meterpreter/reverse_tcp
2345  set LHOST 10.0.1.109
2346  exploit
2347  history -n 4
msf exploit(handler) > history -h
Usage: history [options]

Show the command history


OPTIONS:

    -a        Show length commands in history
    -h        Help banner.
    -n <opt>  Show the last n commands

msf exploit(handler) > 
```
2016-12-29 17:03:54 +00:00
Luis Fontes cb0a7986bf Added to_handler command
This commit adds a "to_handler" command to msfconsole when "using" a payload.

After generating a payload from msfconsole, we needed to set multi/handler and the payload with the same param as we used to generate it. That was really boring...
The to_handler command creates the handler and sets the payload and the options set for it.

### Example Output:





```
msf > use payload/windows/meterpreter_reverse_tcp 
msf payload(meterpreter_reverse_tcp) > set LHOST 10.0.1.109
LHOST => 10.0.1.109
msf payload(meterpreter_reverse_tcp) > set LPORT 3377
LPORT => 3377
msf payload(meterpreter_reverse_tcp) > show options

Module options (payload/windows/meterpreter_reverse_tcp):

   Name        Current Setting  Required  Description
   ----        ---------------  --------  -----------
   EXITFUNC    process          yes       Exit technique (Accepted: '', seh, thread, process, none)
   EXTENSIONS                   no        Comma-separate list of extensions to load
   EXTINIT                      no        Initialization strings for extensions
   LHOST       10.0.1.109       yes       The listen address
   LPORT       3377             yes       The listen port

msf payload(meterpreter_reverse_tcp) > to_handler
[*] Payload Handler Started as Job 0
[*] Started reverse TCP handler on 10.0.1.109:3377 
[*] Starting the payload handler...
msf payload(meterpreter_reverse_tcp) > 
```
2016-12-28 20:03:40 +00:00
bwatters_r7 4906b8a85a
LAND #7760, prevent duplicate UUIDs when generating Android HTTP/S payloads 2016-12-28 10:48:36 -06:00
Brent Cook a4950a1598 add auto-complete info for 'show info'
msf > use auxiliary/admin/http/nuuo_nvrmini_reset
msf auxiliary(nuuo_nvrmini_reset) > show
show actions    show all        show encoders   show exploits   show missing    show options    show plugins    show targets
show advanced   show auxiliary  show evasion    show info       show nops       show payloads   show post
2016-12-27 15:48:41 -06:00
Brent Cook e74239b30f allow reusing the already-generated payload uuid in generate_uri_uuid_mode 2016-12-27 15:37:39 -06:00
William Webb 5702bd6745
Land #7674, Move migration stub generation code into msf 2016-12-22 17:53:00 -06:00
Brent Cook 9e75866188
Land #7738, Add sort by column to services and hosts commands 2016-12-22 01:10:45 -06:00
William Vu 0221d2d904
Land #7735, make assigning payloads fast again! 2016-12-21 00:16:52 -06:00
William Vu f95136ce67 Prefer && over and 2016-12-21 00:16:33 -06:00
William Vu 574ebd07d7 Update cmd_hosts 2016-12-20 23:32:10 -06:00
h00die cc293f06fe
Adds some fail safes to cmd_use 2016-12-20 22:08:41 -05:00
William Vu 60d5cefd68
Land #7727, nuke sess from orbit
Replace with consolidated sessions command.
2016-12-20 20:35:20 -06:00
William Vu 6e830a886e
Land #7737, print_warning on session_compatible? 2016-12-20 20:11:11 -06:00
OJ 1098bc6d90
Warn user when session not compat instead of failing
This commit changes the post mixin so that the session compat check only
shows a warning rather than throwing an exception and stopping the
module from working completely.

This is off the back of the discussion involved with #7736
2016-12-21 11:14:52 +10:00
William Vu 11e3e1f3dd Handle a couple more edge cases
I don't want to go any further down the rabbit hole.
2016-12-20 18:36:22 -06:00
William Vu 41605c533c Add reference name enforcement to cmd_use 2016-12-20 18:21:24 -06:00
Brent Cook efb015facc make assigning payload fast again
This streamlines the check for whether the currently-selected payload is
compatible on assignment. Rather than building the entire list of
compatible payloads, and seeing if what the user typed is in it (and
making multiple giant lists on the way), we simply check the module the
user typed directly.
2016-12-20 17:39:09 -06:00
OJ ee4caba646
Remove `terminal` and tweak `sessions`
Hopefully everyone is now happy!
2016-12-20 07:50:07 +10:00
OJ 74040c4ee6
Rename the `sess` command to `terminal`
Lots of people have been frustrated by the `sess` command as it mucks
with the autocomplete for `sessions`. This is a fair concern, especially
given that `sess` was intended to be a non-annoying shortcut.

This commit changes the `sess` command so that it is instead called
`terminal`. I couldn't think of a better option that didn't already
clash with another name or meaning. At least `terminal` is something
that doesn't clash, doesn't muck with any existin autocomplete rules,
and is in some way another name for the existing sessions.

Feedback appreciated!
2016-12-19 17:05:04 +10:00
Sonny Gonzalez 2e198ae2a8
Land #7721, better smtp connection error messages 2016-12-18 14:38:13 -06:00