6a4d63ca4f
Drop explicit IPAddr to String coercion
...
MSP-12611
2015-04-27 10:48:13 -05:00
1fd601510c
Lands #5194 , merges in PowerShell session support & initial payloads
2015-04-26 16:01:51 -05:00
1cebc9f3cb
Fallback if the regex fails for some reason
2015-04-26 15:59:36 -05:00
82fe480c2e
Update session to display username and hostname
2015-04-26 21:47:49 +01:00
ea0204b7e5
updates to remove powershell from core
2015-04-26 21:25:30 +01:00
76e68fcf4c
session info
2015-04-26 20:13:18 +01:00
1cc167a7fb
Inserted ARCH_X86 payloads, removed interactive_powershell and updated base powershell session
2015-04-26 18:50:42 +01:00
0d2f97ed2d
Add support for config in the x64 bind stager
2015-04-26 14:19:36 +10:00
6da8a14f62
Initial work on x64 payloads for new config
2015-04-26 13:41:31 +10:00
6ac3ecfa7c
Refactor, add reverse_winhttps support
...
Getting closer to a normalised view of what this stuff will look like.
There URL patching is slowly being removed. Reverse HTTPS works fine,
and by default HTTP should too.
Next up, x64 for the same main ones.
2015-04-26 12:11:14 +10:00
d1a836e39c
Fix logins where SYSTEM doesnt have SYSDBA privileges
2015-04-25 19:05:11 -05:00
2455163d24
Refactor configuration for meterpreter payloads (x86)
...
RDI is now back to what it was before, as this leaves all the other RDI
style payloads alone. Instead we have a new Meterpreter loader which
does the stuff that is required to make meterpreter work well with the
new configuration options.
This is just the case for reverse_tcp and bind_tcp so far, need to do
the other payloads too, along with all the x64 versions.
2015-04-26 09:57:30 +10:00
3a24923361
Force bind to hand over the listen socket
2015-04-25 22:04:58 +10:00
4ec4868bcf
Make bind hand over the listen socket as well
2015-04-25 21:37:32 +10:00
bb77a3a0e6
First pass of refactoring to support new config block
...
This is pretty basic stuff, but at least it's reusable.
2015-04-25 21:36:28 +10:00
9f1e035c53
Changed required_space check in bind payloads
2015-04-25 21:30:54 +10:00
ff96101dba
Land #5218 , fix #3816 , remove print_debug / DEBUG
2015-04-24 13:41:07 -05:00
46361c1a19
Final round of documentation
2015-04-24 11:58:12 -05:00
6ccc4af4d8
Round 9 of documentation
2015-04-24 01:08:33 -05:00
3665c84cab
accomodate session type
2015-04-23 23:12:19 +01:00
57914b6924
new session type
2015-04-23 23:12:02 +01:00
d292cc999a
Round 8 of documentation
2015-04-23 16:15:11 -05:00
86a7e36a06
Round 7 of documentation
2015-04-23 15:37:56 -05:00
3c50feb3d6
Round 6 of documentation
2015-04-23 12:34:39 -05:00
cbac6d1a0b
Round 5 of documentation
2015-04-23 11:54:58 -05:00
1b11322618
Remove STDERR debug statement
2015-04-23 19:36:17 +10:00
f6bd747f57
Round 4 of documentation
2015-04-22 22:15:30 -05:00
6bac759a18
Round 3 of documentation
2015-04-22 17:01:31 -05:00
39f206b31a
Round 2 of documentation
2015-04-22 12:10:28 -05:00
40107577a0
Case insensitive plugin unload
2015-04-22 11:04:46 +05:00
4add4074e1
First round of RPC API documentation
...
Resolve #5209
2015-04-22 01:02:05 -05:00
b6df023c99
Land #4989 , @hmoore-r7's change to file: handling
...
Datastore options with file: are handled at set time
2015-04-21 23:21:22 -05:00
3963289519
Land #4888 , @h00die's brocade credential bruteforcer
2015-04-21 18:27:03 -05:00
8f5d222e53
Land #5156 - module ranking properly handles nil
2015-04-21 14:40:01 -05:00
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
86957d9b07
Merge branch 'upstream/master' into connection-recovery
2015-04-21 20:01:59 +10:00
66d23e3b5e
Delete file: validation on normalization again
2015-04-20 23:52:17 -05:00
57df5c4f4f
Solve conflics
2015-04-20 23:38:34 -05:00
ab33fc8eba
Land #5211 , parse nmap's tunnel attribute
2015-04-20 22:53:34 -05:00
ee07809fd8
Land #5190 , 64-bit meterpreter persistence script
2015-04-20 22:32:57 -05:00
74ad81c90c
Consolidate tunnel check into name check
2015-04-20 21:18:12 -05:00
831e65261d
Add lengths specs
2015-04-20 17:37:41 -05:00
741149058c
Report unknown service names for consistency
2015-04-20 17:22:19 -05:00
381f6ffe0a
HTA Powershell template
2015-04-20 23:19:54 +01:00
d894502148
Update legacy Nmap XML parser
2015-04-20 17:15:35 -05:00
329e28c47c
Keep the old value if value can't be loaded from file
2015-04-20 16:29:11 -05:00
c629d8593a
Solve my own concerning about race conditions, just in case...
2015-04-20 16:19:29 -05:00
d67f7a21d9
Move autoloads into OptionContainer
...
This seems like a better place for them to live
2015-04-20 15:54:42 -05:00
da0e7282d5
Replace some unnecessary eval action.
...
Metaprogramming should be reserved for when you don't know things. Here
we're making methods from literal strings, so replace the
metaprogramming with much easier to understand regular programming. Also
has the benefit that yard can parse it.
2015-04-20 15:54:41 -05:00
b64d881914
Make OptionContainer docs a little more useful
2015-04-20 15:54:40 -05:00
3a5af3939d
Split all the option classes into their own files
2015-04-20 15:54:40 -05:00
1b85cd2853
Use single quotes
2015-04-20 15:53:58 -05:00
a56dd5d1ff
Do minor style cleanup
2015-04-20 15:44:45 -05:00
668961b69d
fix some yarddoc issues
2015-04-20 00:06:59 +02:00
e7babc4acb
Fix persistence script to support x64 payloads
2015-04-19 12:41:51 +10:00
19f8a76475
Porting bind_tcp for posix to metasm
...
And supporting SO_REUSEADDR and stageless meterp
2015-04-18 19:19:40 +10:00
37613adebb
Improve developer experience for fail_with
...
The fail_with for an exploit is used differently than a non-exploit,
so it would be nice to document about this. Also, be strict about
the reason for the exploit one, because this can affect other
components of Metasploit.
2015-04-17 15:55:22 -05:00
2a327b7c91
Land #5116 , better handle platform and arch in msfvenom
2015-04-17 10:55:41 -05:00
b229e87940
Create VBA powershell
2015-04-17 16:52:12 +01:00
18225780da
cleanup HTTP and HTTPS listeners when sessions are closed
...
Rather than listening forever after a session shuts down, close the session if
there are no other URI's registered on the listener. This allows reconfiguring
the listener without restarting framework, but should be safe for situations
where multiple modules share the same listener.
2015-04-17 02:41:24 -05:00
eb7155d533
Remove debug print
2015-04-17 16:25:42 +10:00
0a8b29dd86
Merge branch 'upstream/master' into connection-recovery
...
Conflicts:
lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb
2015-04-17 14:40:21 +10:00
e0cd4a4d44
Merge branch 'upstream/master' into multi-session-stageless
2015-04-17 12:46:20 +10:00
7a4494a81f
Land #5173 , moar fail_with fixes
2015-04-16 17:27:02 -05:00
153344a1dd
fix Unkown typo
2015-04-16 23:59:28 +02:00
9bf897a829
Land #4744 , refactor powershell for msfvenom psh-cmd
2015-04-16 15:44:57 -05:00
69d3c26746
fix documentation
2015-04-16 21:28:16 +02:00
dc8f266345
fix readme detection bug
2015-04-16 14:57:29 +02:00
9df09a1d60
readme detection
2015-04-16 14:41:30 +02:00
9aa0159342
Green rank_modules ranks unloadable as Manual
...
MSP-12557
Was calling `.class` blindly on the output of `create`, but `nil` has a
class, `NilClass`, so it didn't call `module_rank` as expected and
assigned NormaLRanking to `nil` instead of ManualRanking.
2015-04-15 16:10:51 -05:00
e82fb5f836
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
lib/msf/ui/console/command_dispatcher/db.rb
metasploit-framework-db.gemspec
metasploit-framework.gemspec
2015-04-15 14:04:35 -05:00
4de35e8832
Green Msf::ModuleSet#rank_modules with create -> nil
...
MSP-12557
Extract Msf::ModuleSet#module_rank to handle getting the module rank if
the Metasploit Module is already loaded, needs to be loaded, or can't be
loaded. If a Metasploit Module can't be loaded it is ranked as
Msf::ManualRanking. If is loaded or can be loaded and it doesn't define
Rank, it gets the Msf::NormalRanking as before. Finally, if it is
loaded or can be loaded and defines Rank, that is used as before.
2015-04-15 12:35:01 -05:00
5f4ab3d2ab
The setres* stubs are not implemented in OSX.
2015-04-14 23:33:16 -05:00
0d19b5d4c3
Fix require order issue.
2015-04-14 23:23:02 -05:00
e56590e1e3
DRY up common code between BSD / OSX.
2015-04-14 23:08:57 -05:00
4e49964c15
Add support for init_connect for stageless payloads
...
This new mode for HTTP/S stageless allows the stageless payload to be
reused without MSF believing that the session has already been
initialised.
2015-04-14 16:43:07 +10:00
61b709b8c5
Extra space in message "Local IP:"
2015-04-14 01:34:07 -05:00
e114c85044
Land #5127 , x64 OS X prepend stubs 'n' stuff
2015-04-14 01:25:39 -05:00
8d1126eaa5
Land #5129 , x64 BSD prepend stubs 'n' stuff
2015-04-14 01:24:50 -05:00
51dd88114b
Fix grammer in comments
2015-04-13 13:21:41 +05:00
2d3614f647
Implement x64 BSD exec and exe template.
...
- Fixes bug in CachedSize due to all options being set
- Adds new payload to payload_spec.
2015-04-12 12:17:25 -05:00
92c12de6db
Fix invalid datastore options.
2015-04-12 00:54:10 -05:00
eaab665a6d
Remove #generate patch, specs will fail again.
2015-04-12 00:07:39 -05:00
60d98ba892
Implement the remaining syscalls.
2015-04-12 00:02:29 -05:00
3fe6fb44b9
Prevent this from changing cache size.
2015-04-11 23:44:56 -05:00
c132a3fb0a
Fix OSX prepends and implement x64 setreuid.
2015-04-11 20:04:21 -05:00
656abac13c
Use keyword arguments
2015-04-10 18:03:45 -05:00
1720d4cd83
Introduce get_file_contents
2015-04-10 17:34:00 -05:00
ca6a5cad17
support changing files
2015-04-10 16:53:12 -05:00
9f15824e2a
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
2015-04-10 15:35:27 -05:00
91202e2447
Port of reverse_tcp payload to metasm
2015-04-10 17:46:27 +10:00
38037062b2
Land #5115 , vulns -R support
2015-04-10 01:51:41 -05:00
fadb13b8ef
Porting block api, exitfunk, bind to metasm
...
Also add the flag which lets the bind stager leave the listen socket
open.
2015-04-10 16:23:03 +10:00
1d166c1ef6
Don't lookup nil platform, prevents a stack trace w/64-bit reverse_https
2015-04-09 17:18:42 -05:00
6fbdb51246
Clean up vulns -R and a few others
2015-04-09 16:52:23 -05:00
0d6fb3dd6b
vulns command with -R --rhosts
2015-04-09 17:01:18 -04:00
56793d11c8
Fix #4866 , msfvenom not properly handling platform & arch
...
This fixes #4866 , an issue with msfvenom not properly handling special
cases with generic payloads. So the story behind this fix is that
we have these two problems:
Problem 1: The current payload selection design relies on the payload
module in order to set the platform and arch. Almost all MSF payloads
contain a default platform and arch, however, the bind and reverse
generic payloads don't.
Problem 2: By default, Msf::Payload::Generic also explicitly sets the
PLATFORM and ARCH datastore options to nil. So there is no way the
payload generator can figure out what platform and arch to use.
As a result of these problems, msfvenom will actually end up getting
a Msf::Module::Platform as the default platform, which doesn't
actually represent any valid platform we can use (such as
Msf::Module::Platform::Windows). And the first item of ARCH_ALL for
the arch.
In addition, msfvenom has these two arguments that the user can use:
--platform and --arch. In most cases, these arguments are used more
like checks than actually setting anything. Because remember:
Framework's payload selector retreives the platform & arch from the
module (trusted), not the user input (untrusted). But from the user's
perspective it's impossible to know this.
After experimenting different ways to fix this, I came up with this
patch. It feels sort of more like a hack than a real fix, but as
far as I can tell, this is the best you can get unless you want to
redesign generic payload selection.
2015-04-09 16:01:11 -05:00
ec28992ce2
Lands #5113 , fixes IPv6 support for stageless
2015-04-09 09:29:40 -05:00
c83a763150
Fix IPv6 issues in staged and stageless
...
* Stageless payloads weren't adding brackets around IPv6 hosts.
* Staged HTTP handler was using an undefined function to check for IPv6
addresses when host header overriding was disabled.
2015-04-09 23:33:10 +10:00
809409d8c4
Lots of changes to support moving timeouts to common spots
...
Session expiry, comms timeout, retry total/wait are all now part of all
of the meterpreter payloads as these are going to be used for
maintaining access with resiliency and will aim for consistency across
the payload types.
2015-04-09 17:57:43 +10:00
bc5fd4b813
A few adjustments to make bind_tcp keep listen sockets open
2015-04-09 08:46:35 +10:00
e03f2df691
Land #5002 , RMI/JMX improvements
2015-04-08 15:23:29 -05:00
e7a4ee637a
Port windows reverse_tcp|bind_tcp to Metasm, add error handling
...
Conflicts:
lib/msf/core/payload/windows/bind_tcp.rb
modules/payloads/stagers/windows/bind_tcp.rb
Cherry-picked form @hmoore-r7's repo.
2015-04-08 16:21:10 +10:00
9ebcb27929
Merge branch 'upstream/master' into connection-recovery
2015-04-08 15:48:21 +10:00
a9804dff62
Initial work to support fault-tolerant connectivity
...
This code adjusts the bind_tcp stager for x86 so that the listener
socket isn't close for meterpreter payloads. This means that meterpreter
can make an educated guess as to whether or not the payload was a bind
or tcp payload, and from there can attempt to establish communications
in the same way as before should something break along the way.
Some simple adjustments to the x64 meterpreter stage as well, but more
to come here.
2015-04-08 14:41:32 +10:00
27fa8791f9
Land #5095 - OJ adds stageless http transports
2015-04-07 22:58:36 -05:00
9fd40870d0
Update http(s) generator functions
...
Methods now require a hash. I went with the hash because 1) that's what
we seem to use everywhere else, and 2) I couldn't get the new keyword
arguments working nicely with the block syntax (I'm clearly stupid).
2015-04-08 07:56:54 +10:00
a54182a562
Land #5088 : @rwhitcroft fix premature close on connect -i
2015-04-07 14:00:16 -05:00
84411be606
Land #5097 : resolve UUID namespace issues with pro
2015-04-07 13:16:28 -05:00
8cc48e05a8
Make Polyglot happy
2015-04-07 13:08:58 -05:00
9bce08b813
This change avoids namespace collisions around the Abbrev class
2015-04-07 13:06:26 -05:00
bac3c80d7e
Land 5093, workaround for when cache is being built
2015-04-07 12:02:30 -05:00
53d5b97634
Add support for UUID generation in transport switching
...
If the session doesn't have a payload UUID we now generate one as best
we can. This code will probably go away when TCP related transports have
had the UUID stuf baked in.
2015-04-07 17:25:55 +10:00
15313243cc
Use UUID instead of old skool URIs
...
This uses HD's UUID stuff to generate a new URI for the transport.
Currently we don't have UUID support for TCP connections, but that's
coming.
Still do to: generation of a valid UUID for payloads that don't already
have one.
2015-04-07 16:00:30 +10:00
84397f5db0
Remove unused commented-out code
2015-04-07 12:47:18 +10:00
8f58e08c13
Add support for stageless reverse_http payloads
...
This includes both x64 and x86.
2015-04-07 11:01:24 +10:00
38a77c930e
Land #5072 : Support and embed payload UUIDs
2015-04-07 10:10:36 +10:00
83cf1ad8ce
Instantiate to get name if we don't have cache yet
...
Fixes #5086
2015-04-06 18:59:38 -05:00
75343ef30c
Remove unneccesary match_set in MatchResult.create
...
MSP-12516
* Fixes UknownAttribute error for match_set in Rails 4
2015-04-06 16:36:37 -05:00
8cbc98fc47
fix #5074 - missing thread join
2015-04-06 16:21:07 -04:00
5e2d6c27c3
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
db/schema.rb
lib/msf/core/db_manager/session.rb
metasploit-framework-db.gemspec
2015-04-06 11:27:00 -05:00
6811aebb1c
Merge pull request #11 from OJ/hd-payload-uuids
...
Add trailing slash to stageless URI
2015-04-06 10:57:41 -05:00
98c95104da
Use ||= for consistency
2015-04-06 10:55:14 -05:00
9b502b904f
Add trailing slash to stageless URI
...
Without the trailing slash, stageless payloads take a nasty turn.
2015-04-06 19:53:02 +10:00
3c59519811
Add PayloadUUIDRaw for manual PUID specification
2015-04-05 23:25:52 -05:00
96f8a45b0d
Additional yardoc comments for the UUID class
2015-04-05 23:16:24 -05:00
85a70d401b
Introduce Rex::Proto::Rmi::DecodeError
2015-04-05 18:15:04 -05:00
3570fc586f
Use constants for JMX serial version uids
2015-04-05 16:23:39 -05:00
46a225cbec
Don't store Exception in a variable
2015-04-05 15:59:52 -05:00
b1a7e77fa9
Correct domain controller server type constants
...
The should be specified in hex as BAKCTRL is 16, not 10. CTRL should
be 8. See documentation for NetServerEnum.
2015-04-05 11:12:18 +01:00
ebf77cd02d
Merge remote-tracking branch 'upstream/master' into msfvenom_psh_squash
...
Conflicts:
lib/msf/util/exe.rb
2015-04-05 00:24:48 +01:00
c9696d3f6c
Merge in stageless/transport work, deconflict
2015-04-04 11:52:26 -07:00
57395deb1d
Land #5056 , @wchen-r7 explicit recog require
2015-04-03 17:06:47 -05:00
5589717323
Land #5058 , @wvu-r7's default workspace saving
2015-04-03 16:53:21 -05:00
6c2585cd79
Don't recreate saved workspace
2015-04-03 16:44:36 -05:00
72b9647b31
Land #5057 , CVE fixups
2015-04-03 16:36:11 -05:00
e5443e74ed
Merge branch 'upstream-master' into land-3950-chain-encoders
2015-04-03 15:18:06 -05:00
e3bbb7c297
Solve conflicts
2015-04-03 14:57:49 -05:00
6c36a82f78
Land #5059 , @void-in's documentation clean up
2015-04-03 14:16:34 -05:00
fe5ddc01ad
Fix return documentation
2015-04-03 14:16:06 -05:00
b0042f1cf2
Undo java serialization and RMI fixes
2015-04-03 14:07:49 -05:00
11d372b015
Fix YARD documentation
...
* Thanks @void-in
* See #5059
2015-04-03 14:01:31 -05:00
6455862484
Merge branch 'staging/rails-4.0' of github.com:rapid7/metasploit-framework into staging/rails-4.0
...
Conflicts:
Gemfile.lock
metasploit-framework.gemspec
2015-04-03 13:56:38 -05:00
3b3e969a1c
Land #5023 : support for IE11 in fingerprint_user_agent
2015-04-03 21:12:00 +10:00
0dd987d873
Updated as per jlee-r7 feedback
2015-04-03 10:17:54 +05:00
fd043d4842
Fix up build and missing uri_checksum stuff
...
Somehow this made it into a merge when it shouldn't have. This fix moves
the URI checksum module to where it needs to be and updates all the
references where required. This will result in a class with the dynamic
transport branch, but I can fix that after.
2015-04-03 13:42:25 +10:00
5b5dc3ef59
Merge branch 'upstream/master' into stageless-x64
...
Merge required adjustment of the proxy datastore names that were changed.
2015-04-03 08:53:09 +10:00
27353d62ca
Discard local changes to non relevant files
2015-04-02 16:21:43 +05:00
4ba761986f
Correct YARD doc comments
2015-04-02 16:14:25 +05:00
8140b0ee6c
Update Qualys importers for the new CVE format
2015-04-01 17:50:18 -05:00
c55e200416
Add workspace saving to msfconsole's save command
2015-04-01 17:31:43 -05:00
e972357aeb
Fix #4471 , uninitialized constant Msf::Exploit::Remote::SMB::Recog
...
Fix #4471
Seems to be specific to Kali
2015-04-01 16:35:23 -05:00
e1adcfee1e
No case sensitive
2015-04-01 16:14:54 -05:00
8c1a597a25
Make a Session record before using it
...
How about that.
2015-04-01 13:12:28 -05:00
f4977bf606
Land #5006 @jlee-r7 adds meterpreter specs
2015-04-01 11:05:47 -05:00
46dca23ffe
Land #5047 : Metasploit is magic (Banner Adjustments)
2015-04-01 21:51:10 +10:00
2fc22132e0
Link the new constant as default in documentation
2015-03-31 16:48:02 -05:00
44dd45e48d
Use a const instead of hardcoding "tcp" everywhere
2015-03-31 16:15:04 -05:00
a39ba05383
Functional Payload UUID embedding via PayloadUUIDSeed
2015-03-31 15:44:18 -05:00
76bfaa6ce9
Fix dumb inverted logic. Thanks, rspec!
2015-03-31 14:28:07 -05:00
8b8ec5990a
Ask the database how long the column should be
...
Instead of hardcoding a number
2015-03-31 14:12:22 -05:00
34d637c7b8
Needs more ponies
2015-03-31 13:59:37 -05:00
a8ef465b46
Use the variables we worked so hard to create
2015-03-31 13:34:27 -05:00
3695d4b0c7
Don't modify argument in place
2015-03-31 13:32:28 -05:00
adcf88761d
Save ref names for easier debugging
2015-03-31 13:07:09 -05:00
a9cfd7efef
Merging master back into the UUID branch
2015-03-31 12:02:03 -05:00
176cdcb836
Use sym-to-proc instead of reimplementing it
2015-03-31 11:21:53 -05:00
a1a7faa77a
Don't modify argument in place
2015-03-31 10:41:24 -05:00
7e559f7b13
Don't modify argument in place
2015-03-31 10:16:14 -05:00
971120ce98
Use create! instead of new ... save!
2015-03-31 10:15:23 -05:00
790a08a848
It's pronounced "exploit", not "assoc_exploit"
2015-03-30 16:21:17 -05:00
2394d4bae8
Merge branch 'staging/single-vuln-push' into feature/MSP-11934/refactor-report-exploit-success
...
Conflicts:
Gemfile
Gemfile.lock
spec/support/shared/examples/msf/db_manager/exploit_attempt.rb
2015-03-30 14:08:54 -05:00
2ab4584079
Merge remote-tracking branch 'upstream/master' into staging/single-vuln-push
2015-03-30 13:50:52 -05:00
1b0e3f13c6
Remove unnecessary extra assignment
2015-03-30 13:14:36 -05:00
310779d7bf
Death to hashrockets
2015-03-30 13:13:58 -05:00
e65f4e92ea
Separate the two ways to make `Mdm::Session`s
...
Failing spec due to reuse of Mdm::Module::Detail instead of also
instantiating an Msf::Module
2015-03-30 13:05:20 -05:00
374db22d5b
Re-enable host lookup for _failure
...
Again needed when called from exploit_driver because nothing is reported
yet at that point.
Also adds some yardoc
2015-03-30 12:30:52 -05:00
f0eeef3cbb
Move copy-pasta into a new method
2015-03-30 01:43:56 -05:00
49902a6395
We actually do need the port/proto for failure
...
Because it is called from lib/msf/core/exploit.rb Exploit#report_failure
with datstore values
Partial revert of e3605aa252
2015-03-30 01:01:34 -05:00
415510ca6a
Fix stupid typo that made vuln_id an Array
2015-03-30 00:52:02 -05:00
26792975eb
Refactor of code to reduce duplication
...
Add mixin for the stageless http preparation
2015-03-30 13:18:56 +10:00
fdcf1297a6
Tweaks to the stageless materpreter x64 payload
2015-03-30 11:09:49 +10:00
0fa812e5ba
Merge upstrea/master
2015-03-30 10:17:17 +10:00
e65ac57d1b
Fix a logic check in EncodedPayload, which unbreaks stageless testing
2015-03-29 19:08:35 -05:00
ce8f6d72e1
More work on x64 stageless
...
Testing with HD's new changes that allow for generation of larger x64
payloads
2015-03-30 09:51:04 +10:00
17dc2b184d
Merging upstream/master
2015-03-30 09:12:20 +10:00
607cc8fef6
Remove a stale comment
2015-03-29 01:54:07 -05:00
0a4a72f49d
Support templates with small text sections (win32)
2015-03-29 01:51:58 -05:00
b9b40edde9
Major speedup, especially for large shellcode (stageless)
2015-03-29 00:44:06 -05:00
9eca3a0ab5
Impersonation spec
2015-03-29 00:52:27 +00:00
f7e3abf760
sqlcmd specs and fixes
2015-03-28 23:23:00 +00:00
3b651aecdc
Specs for sqlserver check and fixes
2015-03-28 22:59:00 +00:00
da49709845
Add yarddoc
2015-03-28 20:31:36 +00:00
8e22255a40
Small tidyup/rubocop
...
Signed-off-by: Meatballs <eat_meatballs@hotmail.co.uk>
2015-03-28 20:31:36 +00:00
9529eed41d
More specific matching
2015-03-28 20:31:35 +00:00
a30d8f7040
Add requires
2015-03-28 20:31:35 +00:00
a1d74c27c6
Check for only running services
2015-03-28 20:31:35 +00:00
99f79e8533
Use incognito token stealing rather than process migration if we have
...
the privileges required for successful impersonation.
2015-03-28 20:31:35 +00:00
9c2219124c
Remove some comments
2015-03-28 20:31:35 +00:00
e2af15a0df
Refactor MSSQL Post
2015-03-28 20:31:35 +00:00
c4def25e82
Resolve #4986 , add support for IE11 for fingerprint_user_agent
...
Resolve #4986
2015-03-27 17:51:14 -05:00
9cfafdd8b8
Land #4649 , improve post/windows/manage/run_as and as an exploit
2015-03-27 17:31:30 -05:00
2815462375
Update Mdm to staging hash
2015-03-27 15:16:33 -05:00
e3605aa252
We always pass a Service, get rid of port/proto
2015-03-27 11:54:03 -05:00
25d0b8baff
Redundant check
2015-03-27 11:35:35 -05:00
3b8d70b567
host is always an Mdm::Host, don't look it up again
2015-03-27 11:34:32 -05:00
466ef4349e
Second verse, same as the first
2015-03-27 09:59:10 -05:00
bf8146c8b5
Axe redundant check
2015-03-26 21:19:19 -05:00
88a8186a11
Pull up redundant hash literal
2015-03-26 19:33:53 -05:00
e0568e95c2
Land #4978 @zerosteiner adds reverse https for python meterpreter
2015-03-26 19:16:46 -05:00
5ac1ee1d73
fix http/s handler reference counting for pymet
...
add a persistent session counter to avoid stopping listening when pymet stages over http/s
2015-03-26 18:26:56 -05:00
a9e4961563
New hash syntax
2015-03-26 10:05:08 -05:00
a3ae0daf5a
Whitespace
2015-03-26 10:02:08 -05:00
8f03cadb92
Forgot to remove print_debug
2015-03-25 16:08:47 -05:00
72a0909e9b
Land #4992 , @wchen-r7's support for multiple ActiveX controls on BrowserExploitServerMerge
2015-03-25 13:30:36 -05:00
8f0c434faa
Add specs for the new method
2015-03-25 12:34:10 -05:00
f80978d9e9
Calculate interface and method hashes dinamically
2015-03-25 11:46:54 -05:00
0540e25db2
Calculate the java/rmi/registry/RegistryImpl_Stub hash dinamically
2015-03-25 11:29:07 -05:00
f43eab29ed
Delete debug puts
2015-03-24 19:14:30 -05:00
464a6df5e0
Add specs for Msf::Java::Rmi::Client::Registry
2015-03-24 18:42:35 -05:00
c26dfa263d
Ensure IP addresses are explicitly converted to strings
...
MSP-12113
2015-03-24 16:26:00 -05:00
7bf00f8f47
Land #4789 , @rastating WPLMS wordpress module
2015-03-24 20:46:38 +01:00
b0fac4824c
Stop caring about order of keys in user_data
2015-03-24 14:21:52 -05:00
6d85b5fd1e
Land #4998 , non-loopback LHOST tab completion
2015-03-24 14:00:01 -05:00
660f3dac2b
Land #4997 , smb_version SMBDirect option fix
2015-03-24 13:46:09 -05:00
414983ac8c
Merge branch 'feature/MSP-11925/create-user-data' into staging/single-vuln-push
...
Conflicts:
Gemfile.lock
2015-03-24 12:42:08 -05:00
7c0e17d1f7
Update RMI/JMX mixin documentation
2015-03-24 12:29:40 -05:00
65c00dffac
Tab complete non-loopback interfaces' addresses
2015-03-24 12:10:58 -05:00
58c5be0d72
Allow SMBDirect to be optional
...
The smb_version module needs to deregister the SMBDirect option,
but cannot do this because SMBDirect is a required option. By
having it as optional, the user no longer needs to set it. Also,
since SMBDirect already has a default value, having it as optional
should not change the mixin's default behavior.
2015-03-24 12:04:44 -05:00
39e87f927a
Make code consistent
2015-03-24 11:44:26 -05:00
548a710745
Replace db_nmap string concat with an Array
...
16eab48012
2015-03-24 04:36:58 -04:00
3c4da5c3ff
Update BES rspec
2015-03-24 00:10:18 -05:00
25dcfc796a
Better support old binaries in rev http(s)
...
* Patch 256char URL if the 512char one doesn't work.
* Return an empty list in the case where the ext enum fails.
2015-03-24 10:14:44 +10:00
04341bfc78
Support JMX_ROLE again
2015-03-23 17:32:26 -05:00
1869977921
Land #4962 : OJ adjusts MSF to new metsrv needs
...
bump meterpreter bins to 0.0.17
2015-03-23 17:18:06 -05:00
d8d4c23d60
JMX code refactoring
2015-03-23 17:06:51 -05:00
2900f57afd
It looks like this works
2015-03-23 16:46:53 -05:00
24d74b26e3
Beginning work for stageless x64 meterpreter
2015-03-24 06:50:06 +10:00
6934fde5a1
Finish first draft of new jmx mixin
2015-03-23 15:49:18 -05:00
962bb670de
Remove old JMX mixin
2015-03-23 15:48:10 -05:00
809bc52dfc
Land #4982 , tagging for msfconsole
2015-03-23 15:28:50 -05:00
dbe3fe38fd
Sanity check file: arguments for size and move into msfconsole
2015-03-23 14:57:44 -05:00
0e1b9f90b4
Small details
2015-03-23 14:40:20 -05:00
6852475be0
Placeholder for UUID options
2015-03-23 14:35:33 -05:00
dfbaa6b42e
Typo
2015-03-23 14:35:08 -05:00
e520ace1f1
Stash
2015-03-23 14:21:46 -05:00
156520338d
Making some changes to how BES handles ActiveX
2015-03-23 12:21:27 -05:00
79068c8ec2
Delete JMX discovery stream
2015-03-23 10:21:37 -05:00
2f83a53884
Add missing fix for #4921
2015-03-23 00:26:18 -05:00
8165ae35d0
Remove extraneous semicolon
2015-03-23 00:26:03 -05:00
Matt Buck
HD Moore
Ben Turner
benpturner
OJ
Brent Cook
wchen-r7
root
jvazquez-r7
Trevor Rosen
William Vu
Meatballs
James Lee
Christian Mehlmauer
Luke Imhoff
joev
sekritskwurl
Samuel Huckins
Christian Catalan
rwhitcroft
Jon Cave
Tod Beardsley
Fernando Arias
RageLtMan