Commit Graph

3798 Commits (e13f16c5f5b5379da0dab92a7be7445fedabc416)

Author SHA1 Message Date
Tod Beardsley 6064dfcb71 Merge remote-tracking branch 'wchen-r7/fail_to_reload_fix' 2013-01-15 01:43:07 -08:00
James Lee a1e853500f Merge branch 'bug/optint_empty' into feature/stage_encoding 2013-01-14 15:50:39 -06:00
James Lee 21c18b78e6 Don't bother nil check, to_s handles it 2013-01-14 15:47:58 -06:00
James Lee 0c90171fa7 Deal with alread-normalized ints
[See #1308][See #1304]
2013-01-14 15:31:14 -06:00
James Lee fb19ec1005 Merge branch 'rapid7' into feature/stage_encoding 2013-01-14 15:20:23 -06:00
sinn3r b2ecb18a71 Allow OptInt to pass "" for special reasons
Cheap fix
2013-01-14 14:55:48 -06:00
sinn3r 07d15baf89 Merge branch 'bug/opt_int_hex' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/opt_int_hex 2013-01-14 14:40:25 -06:00
James Lee bbb3fa25be Allow negative values for OptInt
[FixRM #7540]
2013-01-14 14:18:56 -06:00
James Lee b3b68c1b90 Make stage encoding possible
* Fixes a bug in shikata where input greater than 0xffff length would
  still use 16-bit counter
* Short circuits finding bad xor keys if there are no bad characters to
  avoid
* Fixes huge performance issue with large inputs to xor-based encoders
  due to the use of String#+ instead of String#<< in a loop. It now
  takes ~3 seconds on modern hardware to encode a 750kB buffer with
  shikata where it used to take more than 10 minutes. The decoding side
  takes a similar amount of time and will increase the wait between
  sending the second stage and opening a usable session by several
  seconds.

I believe this addresses the intent of pull request 905

[See #905]
2013-01-13 21:07:39 -06:00
James Lee 0d34e0b249 Fix regex for hex numbers 2013-01-13 20:53:40 -06:00
James Lee 4703a6f737 Unbreak OptInt hex syntax
* Fix spec for no-longer-pending tests
* Fix regex in OptInt#valid? to allow hex syntax again

[See #1293][See #1296]
2013-01-12 14:17:29 -06:00
sinn3r b388f2357c Reset modules_cached flag when database disconnects 2013-01-12 00:08:30 -06:00
HD Moore 06fb8f5443 Merge pull request #1293 from wchen-r7/optint_valid
Fix OptInt's valid?() function
2013-01-11 17:29:27 -08:00
sinn3r 8c04df4a47 [FixRM: #7535] Missing normalize() in OptPort
[FixRM: #7535] - Sometimes OptPort can return as a String instead
of Fixnum because OptPort is missing the normalize() function.
2013-01-11 18:34:27 -06:00
sinn3r 0347b173eb Fix OptInt's valid?() function
[FixRM #7539] - The valid?() function will first normalize() the
user-supplied input before validation.  The problem is that the
normalize() function will ALWAYS convert data to integer, therefore
whatever you validate, you will always get true.  For example:
when I do "yomama".to_i, that returns 0, and of course will pass
integer validation.
2013-01-11 16:27:33 -06:00
sinn3r aa36b65aee [FixRM #7673] "Failed to reload" error.
When db_disconnect is issued, this funtion does not update the status
of self.migrated to false.  So when another reload command is used,
the update_module_details function will still try to connect to the
database, which causes the "Failed to reload" error.
2013-01-11 01:10:56 -06:00
Royce Davis b702263bbf Added fix form Eric Milam to simple.disconnect 2013-01-10 16:33:03 -06:00
James Lee 7fd3440c1a Fix hd's attempt to rename ruby payloads 2013-01-10 15:25:50 -06:00
James Lee 4fcb8b6f8d Revert "Rename again to be consistent with payload naming"
This reverts commit 0fa2fcd811.
2013-01-10 15:24:25 -06:00
Tod Beardsley 6a10857daf Merge remote-tracking branch 'bturner-r7/set_gem_path' 2013-01-10 12:55:55 -08:00
HD Moore 0fa2fcd811 Rename again to be consistent with payload naming 2013-01-10 14:16:37 -06:00
HD Moore 88b08087bf Renamed and made more robust 2013-01-10 14:05:29 -06:00
HD Moore 4c1e501ed0 Exploit for CVE-2013-0156 and new ruby-platform modules 2013-01-09 23:10:13 -06:00
Tod Beardsley 950902f856 Add a tasteful URL to some banners. 2013-01-09 22:33:30 -06:00
Tod Beardsley 6f26e9efb2 More banner sanity checking. 2013-01-09 22:32:53 -06:00
Royce Davis 13140d05b1 Added some methods for checkout output and cleanup 2013-01-09 21:14:19 -06:00
Tod Beardsley 12f0501f2f Add a little erorr checking, another cow 2013-01-09 20:38:14 -06:00
Tod Beardsley a0ba2f4951 Seperate data from code
Banners are content more than anything.
2013-01-09 19:54:08 -06:00
sinn3r a158611c95 Merge branch 'tasos-r7-web-modules' 2013-01-09 16:14:16 -06:00
sinn3r 8b25599feb Merge branch 'web-modules' of github.com:tasos-r7/metasploit-framework into tasos-r7-web-modules 2013-01-09 16:14:04 -06:00
jvazquez-r7 7a1a9985d5 Merge branch 'mysql_login_exceptions' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mysql_login_exceptions 2013-01-09 18:21:03 +01:00
sinn3r 6490af720b Make failures more verbose so people know what's going on 2013-01-09 11:11:26 -06:00
Tasos Laskos 5ac6060fc1 Auxiliary::Web::HTTP_request: Updated to return an empty response on reset connections 2013-01-09 19:06:51 +02:00
Tasos Laskos 74cdd918af Auxiliary::Web::HTTP#run: don't allow connection or callback errors to abort the whole operation 2013-01-09 18:38:09 +02:00
Royce Davis c262288541 Fixed msftidy issues 2013-01-08 15:35:20 -06:00
Royce Davis 3e1ea25207 Added Yard documentation 2013-01-08 15:20:13 -06:00
James Lee 95a95d45ec Fix importing msfxml files containing a session
[See #1179][SeeRM #7669]
2013-01-08 12:13:20 -06:00
Royce Davis c236e4e6e3 I took a stab at generating Yard documentation. I have never done it before... 2013-01-08 11:57:59 -06:00
Royce Davis 4fd196c0de Fixed typo, capitalization and column space 2013-01-08 11:52:40 -06:00
sinn3r 824bd84990 I forgot to add this exception 2013-01-07 18:06:39 -06:00
sinn3r fc48cc117d Merge branch 'bug/rm7665-netsparker-import' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/rm7665-netsparker-import 2013-01-07 17:19:52 -06:00
James Lee a0e6c7043b Add actual cdata handler
Netsparker puts requests, responses, and info for vulns inside a cdata
(which makes sense because it's usually html snippets). This commit
handles that so report_web_vuln will actually be somewhat useful. Note
that the request is ignored by report_web_vuln despite there being a
place for it in the WebVuln model.

[SeeRM #7665]
2013-01-07 17:16:48 -06:00
sinn3r 5bc1066c69 Change how modules use the mysql login functions 2013-01-07 16:12:10 -06:00
sinn3r 261e095e5e Handle exceptions in mysql_login 2013-01-07 16:02:59 -06:00
sinn3r 268de941c7 Merge branch 'tasos-r7-web-modules' 2013-01-07 13:37:32 -06:00
sinn3r b53e8c794f Fix indent level 2013-01-07 13:36:55 -06:00
Royce Davis 7dd9d30363 Added a new mixin psexec.rb 2013-01-07 11:05:23 -06:00
Rob Fuller 986435c598 Fix typo
Typo found by @schierlm but mentioned after the commit of pull request #1187
Info: https://github.com/rapid7/metasploit-framework/pull/1187#commitcomment-2340457
2013-01-06 01:47:15 -05:00
sinn3r 3d3799d38d Ok... even more explicit 2013-01-05 13:39:31 -06:00
sinn3r 4ff186c23d Change the .text-too-small error message.
The original error message apparently confuses people, and this
can be easily improved.  See the following:
https://community.rapid7.com/thread/2356
2013-01-05 01:57:41 -06:00
Tasos Laskos e1885cab0b Merge remote-tracking branch 'upstream/master' into web-modules 2013-01-04 21:33:17 +02:00
Tasos Laskos 3d4d6e9860 Crawler aux mixin updated to catch the mysterious and anonymous timeout exception and re-raise it as a Timeout::Error 2013-01-04 21:32:18 +02:00
sinn3r d17a6f99e5 Merge branch 'feature/deprecated-module-mixin' of github.com:jlee-r7/metasploit-framework into jlee-r7-feature/deprecated-module-mixin 2013-01-04 00:38:01 -06:00
jvennix-r7 2f0e4cbd39 Merge pull request #1179 from rapid7/bug/bap-compro-hosts
Changes to BAP session storage
2013-01-03 14:27:13 -08:00
James Lee d9947a1515 Add a mixin for marking deprecated modules
* This mixin standardizes the previously ad-hoc deprecation warnings on
  modules that have been moved.

* Uses the mixin in 3 existing modules that already have (or should have
  had) deprecation warnings.
2013-01-02 19:14:44 -06:00
Brandon Turner 5777968c19 Set GEM_PATH when using built-in gemcache
This allows rubygems to work with gems loaded from lib/gemcache.
2013-01-01 21:25:24 -06:00
sinn3r d2dc7ebc2d Merge branch 'feature/windows-postgres-payload-dll' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/windows-postgres-payload-dll 2012-12-26 11:18:21 -06:00
Tod Beardsley 179e4cf870 Moving up to 4.6.0-dev 2012-12-24 08:40:29 -06:00
James Lee 20cc2fa38d Make Windows postgres_payload more generic
* Adds Exploit::EXE to windows/postgres/postgres_payload. This gives us
  the ability to use generate_payload_dll() which generates a generic dll
  that spawns rundll32 and runs the shellcode in that process. This is
  basically what the linux version accomplishes by compiling the .so on
  the fly. On major advantage of this is that the resulting DLL will
  work on pretty much any version of postgres

* Adds Exploit::FileDropper to windows version as well. This gives us
  the ability to delete the dll via the resulting session, which works
  because the template dll contains code to shove the shellcode into a
  new rundll32 process and exit, thus leaving the file closed after
  Postgres calls FreeLibrary.

* Adds pre-auth fingerprints for 9.1.5 and 9.1.6 on Ubuntu and 9.2.1 on
  Windows

* Adds a check method to both Windows and Linux versions that simply
  makes sure that the given credentials work against the target service.

* Replaces the version-specific lo_create method with a generic
  technique that works on both 9.x and 8.x

* Fixes a bug when targeting 9.x; "language C" in the UDF creation query
  gets downcased and subsequently causes postgres to error out before
  opening the DLL

* Cleans up lots of rdoc in Exploit::Postgres
2012-12-22 00:30:09 -06:00
sinn3r 9b768a2c62 Merge branch 'cleanup/post-windows-services' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-cleanup/post-windows-services 2012-12-21 23:42:17 -06:00
David Maloney be7da83feb Adds EHLO domain to smtp deliver
Allow the user to set the EHLO domain for the smtp deliver module.
This is needed for Pro functionality

[story #41549217]
2012-12-21 14:22:21 -06:00
Tod Beardsley 2bb7b5ea11 Fixes error message for badchar
Note that only a custom module that allows for users to pass arguments
to nmap would be capable of hitting the error condition. Right now, only
auxiliary/scanner/oracle/oracle_login traverses the codepath, and that
doesn't allow for arbitrary args passed to nmap.

So... without contriving an example, it should be impossible to
experience or test.

[FixRM #7641]
2012-12-21 09:59:54 -06:00
sinn3r be85cf54ab Why in a quote? 2012-12-20 10:47:23 -06:00
Sherif Eldeeb f0991f3b3b make "resp.body" as an advanced option
created a new advanced option "HttpUknownRequestResponse" that will be sent back in the HTML body of unknown requests instead of the old static "No site configured at this address" message.
2012-12-20 12:35:00 +03:00
sinn3r 4b56e3c862 Merge branch 'tasos-r7-web-modules' 2012-12-18 10:38:00 -06:00
Tod Beardsley 10511e8281 Merge remote branch 'origin/bug/fix-double-slashes'
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
2012-12-17 13:29:19 -06:00
HD Moore 36bcc1f7f5 Just show the relevant part of the error message
The full error is already in elog/dlog
2012-12-15 13:16:00 -06:00
Samuel Huckins 4f3c6f973d Changes to BAP session storage.
[SEERM #7294]
[Bug #40937817]

* exploit/multi/handler no longer filtered out from vuln creation and
other steps
* Name changed to parent module's name in session storage so we show something more helpful
than generic handler
* Same for vuln and attempt creation
2012-12-13 15:35:34 -06:00
sinn3r f81ef9b68e Merge branch 'bug/reload_all' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/reload_all 2012-12-13 12:33:39 -06:00
James Lee d7f6b0c373 Remove vestiges of ModuleManager's ModuleSet origins 2012-12-13 11:23:49 -06:00
sinn3r c0b214c287 Merge branch 'bindaddress' of git://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-bindaddress 2012-12-13 02:06:23 -06:00
Tod Beardsley e762ca0d9b Merge remote branch 'jlee-r7/midnitesnake-postgres_payload' 2012-12-12 15:30:56 -06:00
Tod Beardsley 0d8d5baf6d Resolve merge conflict from jlee-r7 2012-12-12 14:24:47 -06:00
James Lee 6b4e021607 Make ModuleManager Enumerable
Fixes tools/module_* and probably some other lurking bugs
2012-12-12 13:41:04 -06:00
James Lee a673c363fd Use a more descriptive variable name
Also removes commented-out code.
2012-12-10 13:36:09 -06:00
James Lee bc7cd4b452 Loop through module sets like super used to do
... since super doesn't exist any more.

Also changes to using ModuleSet#[] inside ModuleManager#[] instead of
ModuleSet#create to mimic original behavior when ModuleManager was a
subclass of ModuleSet.
2012-12-05 12:59:35 -06:00
James Lee d57c24dd5f Use framework.payloads instead of modules
When we know the module we're creating is definitely a payload, don't
bother looking in the other module sets.

Also removes an exception message that gets ignored anyway because the
exception class has a hard-coded #to_s
2012-12-05 12:30:55 -06:00
Tasos Laskos 62782f0273 Auxiliary::Web::Fuzzable: removed confusing HTTP response status messages [SEERM #7586] 2012-12-05 18:49:07 +02:00
James Lee 77af4ba559 Missed a file in previous commit, thanks, travis! 2012-12-03 22:37:50 -06:00
James Lee f4476cb1b7 Really fix payload recalculation
Instead of deleting all non-symbolics before the re-adding phase of
PayloadSet#recalculate, store a list of old module names, populate a
list of new ones during the re-adding phase, and finally remove any
non-symbolic module that was in the old list but wasn't in the new list.

Also includes a minor refactoring to make ModuleManager its own thing
instead of being an awkard subclass of ModuleSet. Now PayloadSet doesn't
need to know about the existence of framework.modules, which makes the
separation a little more natural.

[FixRM #7037]
2012-12-03 22:23:40 -06:00
Tasos Laskos beffd1feda Auxiliary::Web::Analysis::Taint#taint_analysis: added a bit of differential logic to avoid false positives in case the default responce matches the pattern we're looking for [FIXRM #7559] 2012-12-04 00:09:54 +02:00
Tasos Laskos dafa984166 Auxiliary::Web::Fuzzable#submit: bugfixed to call http.request instead of http.request_async 2012-12-04 00:06:17 +02:00
Tasos Laskos f6c27a4494 Auxiliary::Web#find_proof: updated doc comments 2012-12-04 00:05:12 +02:00
HD Moore 30d7de3157 The db search already prints results, return after 2012-12-02 01:14:56 -06:00
HD Moore 3ae47e2089 Move the thread tracking into the update method 2012-12-02 01:07:40 -06:00
HD Moore 51673ca152 Search reference values as well (ms08-067,etc) 2012-12-02 00:44:25 -06:00
HD Moore f17ea91d7c Whitespace changes only 2012-12-02 00:44:03 -06:00
Brandon Turner 7f822fabd7 Fix typo 2012-12-01 15:53:51 -06:00
Tod Beardsley 7ada8aeac1 Correct bug number 2012-12-01 14:16:24 -06:00
Tod Beardsley 725b085ef2 If there are no search results, try harder.
Sometimes, the database is active but the cache isn't filled out, or
doesn't contain the module you want. This can come up especially when
msfconsole first starts and you are programmatically searching for
modules, for whatever reason.

This allows for falling back to the regular (slow) search in the event
no hits have been returned. It does not actually address the caching
problem seen in QA, but it's generally going to be Good Enough. Search
is getting overhauled Real Soon Now anyway.

[FixRM #7533]
2012-12-01 14:06:32 -06:00
James Lee bc63ee9c46 Merge branch 'jvazquez-r7-file_dropper_support_local' into rapid7 2012-11-30 13:43:02 -06:00
James Lee 1da3388194 Fix missing require
[Closes #1106]
2012-11-30 13:42:31 -06:00
HD Moore a3c8e54d0a Catch exceptions from broken modules 2012-11-30 11:04:23 -08:00
HD Moore fee6ad9799 Bump to 4.5.0-release for testing 2012-11-30 11:04:23 -08:00
jvazquez-r7 087ff328b6 correct comments documentation 2012-11-28 22:18:56 +01:00
jvazquez-r7 17518f035c support for local exploits on file_dropper 2012-11-28 22:17:27 +01:00
Tod Beardsley 95f084b296 Use cvedetails not mitre. 2012-11-28 13:24:08 -06:00
James Lee 17d8d3692b Merge branch 'rapid7' into midnitesnake-postgres_payload 2012-11-27 11:14:54 -06:00
Tasos Laskos 26b3b4577d Merge remote-tracking branch 'upstream/master' into web-modules 2012-11-21 23:57:42 +02:00
Tasos Laskos b656554769 Exploit::Remote::Web: moved status printing calls out of #perform_request and into #exploit 2012-11-21 23:28:26 +02:00