Commit Graph

30886 Commits (e0314aa7277034a632db94f0d1542b67aff9a688)

Author SHA1 Message Date
Jay Smith 064ca2d02e
Updated version checking 2015-01-28 18:25:30 -05:00
James Lee bb17d75425
Replace direct class comparison with kind_of? 2015-01-28 17:00:15 -06:00
Brent Cook 89a0a79377 revert puts back to a vprint call 2015-01-28 16:41:12 -06:00
Samuel Huckins 8c55b660fc
Using latest MDM and credential gems
* Had to revert changes related to service uniqueness validation
(MSP-11643) due to newly discovered regressions
2015-01-28 16:14:48 -06:00
sinn3r 53af758a03
Land #4660 - Add a check() for mssql_payload 2015-01-28 15:47:33 -06:00
sinn3r 0f88d0ad75 Change print_* to vprint_*
According to our wiki doc, all print_* should be vprint_* for check()
2015-01-28 15:44:14 -06:00
sinn3r cc7be4a9c1
Land #4643 - Fix blank username bug in creds -u
Fix #4634
2015-01-28 15:31:54 -06:00
Pedro Ribeiro a806cb401a Create manageengine_dir_listing.rb 2015-01-28 19:44:48 +00:00
James Lee 51764eb207
Add a check() for mssql_payload 2015-01-28 13:44:16 -06:00
Pedro Ribeiro 62ac536b7d Create manageengine_file_download.rb 2015-01-28 19:42:17 +00:00
Pedro Ribeiro 299a39a67f Merge pull request #13 from rapid7/master
a
2015-01-28 19:40:55 +00:00
sinn3r f0742a38e2 The get command too 2015-01-28 12:59:51 -06:00
Jay Smith 37c08128dc
Add in MS14-070 Priv Escalation for Windows 2003 2015-01-28 13:24:39 -05:00
Nanomebia af90c6482b Sanity Changes
Reverted failure behaviour on line 70
Removed a space that prevented line 98 from working as intended
2015-01-28 18:40:43 +08:00
Nanomebia 27c412341f Syntax Changes
Cleaned up this statement a tiny bit
2015-01-28 18:34:19 +08:00
Nanomebia fc3094ec9b Syntax changes
Fixed some more syntax - failures
2015-01-28 18:30:21 +08:00
Nanomebia 321eb452c5 Syntax Fixes
Fixed some or's to || - and's to &&.
Fixed failure if statement (fails using fail_with())
Fixed nested else (now and elsif)
Changed final execute logic - checks for success rather than failure.
2015-01-28 18:08:15 +08:00
Nanomebia fefc3d088c Cookie fix and success display
Added handling for if the server doesn't correctly assign a cookie using
Set-Cookie by changing the regex and doing an additional check.  Also
fixed the success display -  changed the if statement to match others in
this module and fixed the text output based on server response.
2015-01-28 17:11:05 +08:00
jvazquez-r7 5475cf50aa
Land #4655, @wchen-r7's custom 404 for BrowserExploitServer 2015-01-27 23:03:08 -06:00
sinn3r 457598eb02 print_error about unknown request.uri 2015-01-27 20:21:18 -06:00
sinn3r acf02647fb Add a check for Custom404 2015-01-27 20:18:10 -06:00
sinn3r 66703bfe5a Allow custom 404 as an option for BrowserExploitServer
When something fails, the target is given a hardcoded 404 message
generated by the framework. But the user (attacker) now can configure
this. When the Custom404 option is set, the mixin will actually
redirect (302) to that URL.

There are several scenarios that can trigger a 404 by BES (custom or
default):

* When the browser doesn't allow javascript
* When the browser directly visits the exploit URL, which is forbidden.
  If this actually happens, it probably means the attacker gave the
  wrong URL.
* The attacker doesn't allow the browser auto-recovery to retry the
  URL.
* If some browser requirements aren't met.
* The browser attempts to go to access a resource not set up by the
  mixin.
2015-01-27 18:53:02 -06:00
James Lee 895284cd12
Fix logic around empty usernames or passwords
See #4634 and #4642
2015-01-27 14:16:26 -06:00
James Lee 9f4daa4e03
Add a couple more specs 2015-01-27 14:09:00 -06:00
sinn3r 68fec0fee5 Update output for set/unset 2015-01-27 13:58:54 -06:00
jvazquez-r7 465b4a5c1b
Land #4652, @wchen-r7's ms13-037 svg exploit update to use BES 2015-01-27 13:47:35 -06:00
sinn3r d29a74cd8f Fix #4641 - Explain the set/unset command a little bit better
Sometimes we forget the set command is context specific. For example,
if run from a module's context, it will set the value in the module's
datastore.

Fix #4641
2015-01-27 13:35:05 -06:00
Brent Cook f2edf21b9d fix MSF::Post::File::rename_file with meterpreter
Modify rename_file to fit the pattern of the other file methods.
Otherwise, calling this yields a backtrace in the logs and it fails.

Steps to verify:
rc script:
```
loadpath test/modules
use exploit/multi/handler
set lhost 172.28.128.1
set lport 8081
set payload windows/meterpreter/reverse_http
run -j
sleep 5
resource test/scripts/test-sessions.rc

Before:
```
[-] FAILED: should move files
[-] Exception: TypeError : true is not a symbol

log file:
[01/27/2015 13:17:23] [d(0)] core: Call stack:
/home/bcook/projects/metasploit-framework/lib/msf/core/post/file.rb:357:in
`rename_file'
/home/bcook/projects/metasploit-framework/test/modules/post/test/file.rb:115:in
`block in test_file'
/home/bcook/projects/metasploit-framework/test/lib/module_test.rb:26:in
`call'
/home/bcook/projects/metasploit-framework/test/lib/module_test.rb:26:in
`it'
...
```

After, passing sessions instead:
```
post/test/file
SESSION => 1
Setup: changing working directory to %TEMP%
[*] Running against session 1
[*] Session type is meterpreter and platform is x86/win32
[+] should test for file existence
[+] should test for directory existence
[+] should create text files
[+] should read the text we just wrote
[+] should append text files
[+] should delete text files
[+] should move files
[+] should write binary data
[+] should read the binary data we just wrote
[+] should delete binary files
[+] should append binary data
[*] Passed: 11; Failed: 0
```
2015-01-27 13:19:33 -06:00
sinn3r ffd1257bff
Make sure this branch is up to date. 2015-01-27 12:16:15 -06:00
sinn3r bb9c961847 Change description a bit 2015-01-27 12:14:55 -06:00
William Vu b030327965
Land #4647, get_module_resource NilClass fix 2015-01-27 12:07:08 -06:00
sinn3r 2dedaee9ca Working version after the upgrade 2015-01-27 12:02:36 -06:00
Brent Cook 8b3a0a0bb1 really fix the cmdweb test
this test to include the CmdStager module, not the CmdStagerVbs class

Before:
```
msf > loadpath test/modules
Loaded 32 modules:
    8 posts
    12 auxiliarys
    12 exploits
```

After:
```
msf > loadpath test/modules
Loaded 33 modules:
    8 posts
    12 auxiliarys
    13 exploits
msf > use exploit/test/cmdweb
msf exploit(cmdweb) > info

       Name: Command Stager Web Test
     Module: exploit/test/cmdweb
   Platform: Windows
 Privileged: Yes
    License: Metasploit Framework License (BSD)
       Rank: Manual
  Disclosed: 2010-02-03

Provided by:
  bannedit <bannedit@metasploit.com>

Available targets:
  Id  Name
  --  ----
  0   Automatic Targeting

Basic options:
  Name     Current Setting  Required  Description
  ----     ---------------  --------  -----------
  Proxies                   no        A proxy chain of format type:host:port[,type:host:port][...]
  RHOST                     yes       The target address
  RPORT    8080             yes       The target port
  VHOST                     no        HTTP server virtual host

Payload information:

Description:
  This module tests the command stager mixin against a shell.jsp
  application installed on an Apache Tomcat server.

msf exploit(cmdweb) > set RHOST 127.0.0.1
RHOST => 127.0.0.1
msf exploit(cmdweb) > run

[*] Started reverse handler on 127.0.0.1:4444
[*] Command Stager progress -   2.01% done (2046/101881 bytes)
[*] Command Stager progress -   4.02% done (4092/101881 bytes)
[*] Command Stager progress -   6.02% done (6138/101881 bytes)
[*] Command Stager progress -   8.03% done (8184/101881 bytes)
[*] Command Stager progress -  10.04% done (10230/101881 bytes)
[*] Command Stager progress -  12.05% done (12276/101881 bytes)
[*] Command Stager progress -  14.06% done (14322/101881 bytes)
[*] Command Stager progress -  16.07% done (16368/101881 bytes)
[*] Command Stager progress -  18.07% done (18414/101881 bytes)
...
```
2015-01-27 11:44:34 -06:00
William Vu ae22cf1b47
Land #4650, #strip NilClass fix 2015-01-27 11:13:33 -06:00
William Vu 7d7139d769
Consistent-ize whitespace 2015-01-27 11:11:02 -06:00
Tod Beardsley d8200c65a8
Strip safely, avoid nil.strip errors 2015-01-27 11:06:55 -06:00
William Vu 5b3d877b25
Land #4648, for real 2015-01-27 11:00:22 -06:00
William Vu 2b706f222a
Land #4648, YAML parsing fix
Prefer regex. For reasons...
2015-01-27 10:59:05 -06:00
William Vu a88a631b66
Fix #strip 2015-01-27 10:58:24 -06:00
Tod Beardsley d2bf1a73ff
Don't need to require YAML anymore either 2015-01-27 10:40:57 -06:00
William Vu bf39a7a933
Land #4648, YAML parsing fix
Prefer regex. For reasons...
2015-01-27 10:39:03 -06:00
Tod Beardsley cafbd1af51
Prefer a regex over YAML parsing
Fixes a bug introduced in #4645
2015-01-27 10:34:56 -06:00
Brent Cook 550e6efff8 improve resiliency of meterpreter session tests
- Use separate names for files and directories to avoid cascading
   failures if one test fails and leaves a file or directory behind.
 - Use %TEMP% rather than %TMP - the former is defined on all Windows
   versions, whereas the later is not defined on Windows 2012, causing
   the test to fail.
 - Don't assume 'HACKING' is in the current working directory, which
   breaks remote test harnesses. Instead, send the source code to the
   current __FILE__ as the test file to upload, since that works from
   any directory or remotely.
2015-01-27 09:07:21 -06:00
James Lee a2c7ebc2b1
Simplify logic 2015-01-27 09:05:11 -06:00
James Lee 5985f37fe8
Only need one origin 2015-01-27 09:02:30 -06:00
James Lee ca44ae2109
Consistent commas 2015-01-27 08:41:24 -06:00
James Lee eac7b11a87
Merge remote-tracking branch 'upstream/master' into bug/4634/blank-username
Conflicts:
	lib/msf/ui/console/command_dispatcher/db.rb
	spec/lib/msf/ui/console/command_dispatcher/db_spec.rb
2015-01-27 08:40:07 -06:00
James Lee aea26e1e21
Add negative spec 2015-01-27 08:14:48 -06:00
sinn3r ee922d141c Fix #4646 - get_module_resource should check nil before using get_resource
Fix #4646. The get_module_resource needs to check nil first before
using the get_resource method (from HttpServer)
2015-01-27 00:21:43 -06:00
sinn3r 9e3388df34 Use BES for MS13-037 and default to ntdll 2015-01-27 00:18:36 -06:00