Commit Graph

3004 Commits (e25665853c13c7a15f135ed28ccf07546b02a4f0)

Author SHA1 Message Date
Samuel Huckins 149c3ecc63
Various merge resolutions from master <- staging
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
Meatballs 351b687759
Land #3612, Windows Local Kernel exploits refactor 2014-08-10 22:05:06 +01:00
joev af3ca19ab2
Land #3501, @AnwarMohamed's android meterpreter commands. 2014-08-09 16:29:59 -05:00
joev dbaa377aa1 Final-round of code tweaks. All commands working well. 2014-08-09 13:04:52 -05:00
Jon Hart c48cf48d85
Return the NTP message, not the string 2014-08-08 21:39:48 -07:00
Brandon Turner 91bb0b6e10 Metasploit Framework 4.9.3-2014072301
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
 iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
 mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
 6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
 gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
 783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
 /lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
 BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
 zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
 yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
 W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
 aJ0QgKJz8thZgafZc89I
 =e1z9
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
 gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
 qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
 ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
 CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
 olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
 pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
 F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
 tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
 z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
 8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
 AjGcfOzhhcsY+WAQ7OG+
 =Pjob
 -----END PGP SIGNATURE-----

Merge tag '2014072301' into staging/electro-release

Conflicts:
	Gemfile.lock
	modules/post/windows/gather/credentials/gpp.rb

This removes the active flag in the gpp.rb module.  According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
Spencer McIntyre b602e47454 Implement improvements based on feedback 2014-08-05 21:24:37 -07:00
byt3bl33d3r 77bba6e4ee fixed msfcli with missing require 2014-08-05 09:38:33 +02:00
Meatballs 4ef3de84f3
get some more test cases 2014-08-01 14:34:17 +01:00
Meatballs 53b66f3b4a Land #2075, Powershell Improvements 2014-07-31 00:49:39 +01:00
Joe Vennix ed6594ddb8
Change filename to calllog_dump. 2014-07-30 00:16:23 -07:00
Joe Vennix ece3b5583a
Revert to file-based solution. 2014-07-30 00:13:44 -07:00
AnwarMohamed 7512e04894 fixing autoload 2014-07-29 16:21:31 +02:00
AnwarMohamed 283046b25d fixing auto load on new session 2014-07-28 10:49:50 +02:00
AnwarMohamed 9f0bf67521 fixing minor bugs 2014-07-28 07:49:46 +02:00
James Lee 1470f3de30
Fix padding when a cell value is nil 2014-07-24 14:00:09 -05:00
James Lee 8a279d202c
Whitespace 2014-07-24 13:56:57 -05:00
Tod Beardsley ffafd4c01f
Add NTP fuzzer from @jhart-r7
Looks good to me!
2014-07-21 12:38:12 -05:00
HD Moore b3c7fff32a Land #3551, fix inconsistent pack/unpack usage 2014-07-20 17:11:49 -05:00
HD Moore eea0b24aec Land #3550, fix railgun use of pack/unpack Q 2014-07-20 17:09:53 -05:00
Meatballs 3daf78777b
Use native unpack for PDWORDs 2014-07-20 22:57:19 +01:00
Meatballs 4fecae084b
Q (native) to Q< (le) 2014-07-20 22:38:30 +01:00
Meatballs 5f0533677e
Cheat/Rubycop all the things 2014-07-20 21:07:59 +01:00
Meatballs 474ee81807
Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-20 21:01:54 +01:00
Meatballs b28343842f Address @jhart-r7's comments 2014-07-20 21:00:34 +01:00
scriptjunkie 8fe508207c Merge Meatballs' gpp_again pull into new branch 2014-07-19 11:10:14 -05:00
Jon Hart 17b0560dff Add rubygems check to msftidy. remove rubygems. 2014-07-17 09:29:13 -07:00
William Vu 25f74b79b8
Land #3484, bad pack/unpack specifier fix 2014-07-16 14:52:23 -05:00
Meatballs 7583ed4950
Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-16 20:34:34 +01:00
sinn3r 4fb58202fa
Land #3529 - Handle Rex::AddressInUse exception 2014-07-16 13:57:41 -05:00
David Maloney 52a29856b3
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-16 09:38:44 -05:00
James Lee 51a9a763c0
Move error_name to InvalidPacket and check for nil
MSP-10713
2014-07-15 15:02:53 -05:00
jvazquez-r7 09619abe79 Catch AddressInUse when running commands from the meterpreter console 2014-07-15 11:15:10 -05:00
James Lee de22aeba41
Land #3481, meterpreter bins 2014-07-14 15:57:52 -05:00
Tod Beardsley 96554a4967
Remove this errant test::unit test 2014-07-14 10:57:32 -05:00
Trevor Rosen cc93dbbe29 Merge pull request #102 from rapid7/feature/MSP-9707/smb-bruteforce-refactor
Feature/msp 9707/smb bruteforce refactor

MSP-9707 #land
2014-07-11 11:33:12 -05:00
Tod Beardsley 038d1e210a
Merge upstream/master to deconflict.
Conflicts:
	Gemfile.lock
2014-07-09 17:43:42 -05:00
James Lee 7d9c0da691
Record correct creds with non-success status 2014-07-09 13:26:49 -05:00
William Vu 4eeab66ebe
Land #3497, comma-separated get_cookies 2014-07-08 11:00:40 -05:00
AnwarMohamed a513f403ba fixing bugs 2014-07-08 10:58:48 +02:00
AnwarMohamed ead7b35aa9 formating 2014-07-08 10:48:24 +02:00
AnwarMohamed 6e0bc763ff formating 2014-07-08 10:46:16 +02:00
AnwarMohamed 656da8a63b android extension 2014-07-08 04:56:04 +02:00
AnwarMohamed 34dcb609e2 android extension 2014-07-08 04:52:06 +02:00
OJ bdf27b1834 Fix up the TLVs that are now QWORD values in MSF
Various values were adjusted to become QWORD values in MSF an windows
meterpreter, but the changes were not ported over to python, php and
java. This commit fixes this inconsistency.
2014-07-07 10:42:58 -05:00
jvazquez-r7 f51feb7f52 Modify get_cookies regular expression 2014-07-06 13:22:31 -05:00
HD Moore 43d65cc93a Merge branch 'master' into feature/recog
Resolves conflicts:
	Gemfile
	data/js/detect/os.js
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
Tod Beardsley a471f298a5
Merge #3476 into #3481 for meterpreter smilies
This incoporates @OJ's fixes as a result of gemification.
2014-07-03 22:54:56 -05:00
Jon Hart bc3ac1ee36 Correct private message format, update tests 2014-07-03 08:27:27 -07:00
Jon Hart 1830bdc7a5 Add rspec coverage for Rex::Proto::NTP 2014-07-01 12:29:47 -07:00
Jon Hart bc274b358f Move NTP message code to Rex::Proto::NTP, simplify option handling 2014-06-30 23:57:47 -07:00
HD Moore c9b6c05eab Fix improper use of host-endian or signed pack/unpack
Note that there are some cases of host-endian left, these
are intentional because they operate on host-local memory
or services.

When in doubt, please use:

```
ri pack
```
2014-06-30 02:50:10 -05:00
HD Moore 255e792ed3 Fix host-endian related pack errors. See below for details.
Ruby treats endianess in pack operators in the opposite way
of python. For example, using pack('<I') actually ignores the
endianess specifier. These need to be 'I<' or better yet, 'V'.
The endian specify must occur after the pack specifier and
multiple instances in meterpreter and exe generation were
broken in thier usage.

The summary:

Instead of I/L or I< use V
Instead of I/L or I> use N
For Q, you need to always use Q< (LE) or Q> (BE)
For c/s/l/i and other lowercase variants, you probably dont
need or want a *signed* value, so stick with vV nN and cC.
2014-06-30 02:46:36 -05:00
Tod Beardsley 8b63d3d467 Revert the revert of #3446
This reverts commit 9b35b0e13a.

This should not land on master until the Metasploit Pro folks (@trosen-r7
and friends) get their Meterpreter path specifications working the
same way as Framework's does.
2014-06-29 17:22:21 -05:00
jvazquez-r7 8db7ec683f Fix setup and teardown stager methods 2014-06-27 08:34:55 -04:00
jvazquez-r7 7ced5927d8 Use One CMDStagermixin 2014-06-27 08:34:55 -04:00
Matt Buck 27ef12bafe
Land #3478, disallow port 0 for portspec
[Closes #3478]
2014-06-25 15:46:30 -05:00
Chris Doughty 9b35b0e13a Revert "Land #3446 -- Meterpreter bins gem switch" due to build failures
This reverts commit bba8bd3498, reversing
changes made to 002234993f.
2014-06-25 13:24:07 -05:00
David Maloney 97d08a081a
reverting port 0 behaviour in portspec
a change was made to protspec that allowed port 0
when we explicitly dissallowed port 0. This change caused
other code that depended on this behaviour to break
2014-06-25 13:07:22 -05:00
OJ 769f2e4936 Change elevator to 'elevator'
This would have made lots of people uhnappy.
2014-06-25 07:47:47 +10:00
OJ ac03b7c96a Use sorted sets extension lists 2014-06-25 03:26:25 +10:00
OJ 0fc4d10813 Fix indentation for case statements 2014-06-25 03:18:37 +10:00
OJ bba8bd3498
Land #3446 -- Meterpreter bins gem switch 2014-06-25 03:00:11 +10:00
HD Moore 002234993f
SMB lib fixes, unattend.xml cred gathering 2014-06-23 20:08:42 -05:00
HD Moore b872fa0f0d Handle smb_recv corner case with a cache, clean up find_*, cosmetic 2014-06-23 16:14:18 -05:00
HD Moore 94388e3931 Fix typo in the constant name 2014-06-23 12:51:26 -05:00
Spencer McIntyre 05d4a1ab2c
Land #3342, Support negation in portspec 2014-06-21 18:14:50 -04:00
Tod Beardsley 2626450c38
Fix indent per @jlee-r7'e eagle eye 2014-06-20 11:52:47 -05:00
jvazquez-r7 4203e75777
Land #3408, @m-1-k-3's exploit for D-Link hedwig.cgi OSVDB 95950 2014-06-20 10:27:32 -05:00
Tod Beardsley 2a4ed0e651
Replace all the obvious path calls to Meterpreter
Unfortunately, though, there seems to be a stealthy set, somewhere, of
datastore['DLL']. Not sure where yet. The stack trace in the
framework.log is:

````
[06/19/2014 17:53:34] [i(0)] core: windows/meterpreter/reverse_http: iteration 1: Successfully encoded with encoder x86/fnstenv_mov (size is
366)
[06/19/2014 17:53:35] [e(0)] rex: Proc::on_request: Errno::ENOENT: No such file or directory -
/home/todb/git/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll

/home/todb/git/rapid7/metasploit-framework/lib/msf/core/reflective_dll_loader.rb:26:in `initialize'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/reflective_dll_loader.rb:26:in `open'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/reflective_dll_loader.rb:26:in `load_rdi_dll'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/payload/windows/reflectivedllinject.rb:56:in `stage_payload'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/handler/reverse_http.rb:212:in `on_request'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/handler/reverse_http.rb:129:in `block in setup_handler'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/handler/proc.rb:38:in `call'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/handler/proc.rb:38:in `on_request'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/server.rb:365:in `dispatch_request'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/server.rb:299:in `on_client_data'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/server.rb:158:in `block in start'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:48:in `call'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:48:in `on_client_data'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:192:in `block in monitor_clients'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:190:in `each'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:190:in `monitor_clients'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:73:in `block in start'
/home/todb/git/rapid7/metasploit-framework/lib/rex/thread_factory.rb:22:in `call'
/home/todb/git/rapid7/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/thread_manager.rb💯in `call'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/thread_manager.rb💯in `block in spawn'

````

Still tracking this down.
2014-06-19 18:03:11 -05:00
jvazquez-r7 a0386f0797 Fix cmd_concat_operator 2014-06-19 15:52:55 -05:00
Michael Messner 86f523f00c concator handling 2014-06-18 18:15:58 +02:00
Michael Messner 894af92b22 echo stager, arch_cmd 2014-06-13 11:40:50 +02:00
Tod Beardsley cbedea222f
Land #3416 again, now that the bins are available
This reverts commit 3d73414530.
2014-06-12 14:53:03 -05:00
Tod Beardsley 3d73414530 Revert #3416, needs the correct bins first
This was a whoops on my part. I will reland this when I have the
Meterpreter bins all sorted.

This reverts commit 40b5405053, reversing
changes made to 86e4eaaaed.
2014-06-12 14:20:06 -05:00
Tod Beardsley 40b5405053
Land #3416, fix DWORD/QWORD bug 2014-06-12 13:59:34 -05:00
sinn3r 2a7227f443
Land #3427 - Adds webcam module for firefox privileged sessions on OSX 2014-06-11 22:27:25 -05:00
OJ a53955adb7 Updated more UINT TLVs to QWORDS
All with the goal of removing more pointer truncation issues.
2014-06-04 20:55:20 +10:00
OJ 8346e20bf1 Change memory types from DWORD to QWORD
This was causing memory allocations to fail on x64 in cases where
the higher bits were set in addresses.
2014-06-01 21:27:07 +10:00
Tom Sellers 29fc2de39b Update bourne.rb 2014-05-29 06:02:30 -05:00
Tom Sellers 5e33de3e8f Update bourne.rb 2014-05-27 06:14:12 -05:00
William Vu 704e4d78ca
Fix typo in client_request.rb comment 2014-05-26 23:55:48 -05:00
William Vu 0133e861f8
Fix typo 2014-05-26 23:55:20 -05:00
William Vu 352e14c21a
Land #3391, all vars_get msftidy warning fixes 2014-05-26 23:41:46 -05:00
Spencer McIntyre 77e70d8bbe Add 2 more variables for meterpreter irb 2014-05-25 16:28:40 -04:00
Christian Mehlmauer da0a9f66ea
Resolved all msftidy vars_get warnings 2014-05-25 19:29:39 +02:00
Lutz Wolf fc5436417b Simplification 2014-05-24 23:45:21 +02:00
Lutz Wolf 4fc6e402dc Allow port 0 2014-05-24 23:44:50 +02:00
William Vu d31908b72e
Land #3374, RPC deadlock fix
[FixRM #8794]
2014-05-22 12:07:23 -05:00
joev 14b796acbf First stab at refactoring webrtc mixin. 2014-05-21 15:32:29 -05:00
Meatballs 92669cd4d6
Use parser 2014-05-20 22:26:13 +01:00
Meatballs 0a2b79ccd1
Tidyup parser 2014-05-20 22:04:59 +01:00
Meatballs 09af023a71
Merge in parser 2014-05-20 21:56:35 +01:00
HD Moore a844b5c30a Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
James Lee d2ebab09aa
Add timeout for SSL renegotiation after migrating
[SeeRM #8794]
2014-05-16 15:42:46 -05:00
James Lee 472f029576
Fix random bug when workstation_name is < 6 chars
When the local workstation name is less than 6 characters, remote
authentication against a Windows 2008r2 WinRM service always fails. This
doesn't seem to affect authentication against IIS's negotiate
implementation.
2014-05-15 13:27:37 -05:00
Jeff Jarmoc 2849a1bc0c Update comment again 2014-05-12 13:10:20 -05:00
Jeff Jarmoc a3cc499a17 Update comment w/ all modes 2014-05-12 13:02:54 -05:00
Jeff Jarmoc d82bc11b7d Add 'u-noslashes' and re-order cases for consistency. 2014-05-12 13:01:05 -05:00
Jeff Jarmoc 5f523e8a04 Rex::Text::uri_encode - make 'hex-all' really mean all.
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes'  It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
Lutz Wolf 66252ba9e5 support negation in portspec 2014-05-08 21:35:35 +02:00
Meatballs 3542f851bf Fix some yarddoc issues 2014-05-05 22:45:41 +02:00
Meatballs dc38212741
Fix function parsing 2014-05-05 20:53:36 +01:00
Meatballs 0b886db406
Script specs and remove unknown method 2014-05-05 19:01:36 +01:00
Meatballs 0177e51148
Finish obfu specs and use rig 2014-05-05 18:47:25 +01:00
Meatballs 6ab85027a4
More spec 2014-05-05 17:47:30 +01:00
Meatballs 162b6a8ab9
Add output spec 2014-05-05 14:48:18 +01:00
Meatballs 399928cf69
Remove unnecessary requires 2014-05-05 13:37:17 +01:00
Rob Fuller c3fb5bf614 fix a few clarical errors and typos 2014-04-29 22:42:26 -04:00
James Lee 4bd2dabfcd
Land #3121, new kiwi extension, with compiled bins
See also rapid7/meterpreter#79
2014-04-29 17:53:37 -05:00
Meatballs b860cecad6
Function spec (doesnt pass) 2014-04-28 14:09:39 +01:00
Meatballs 8031e50d35
Make Exploitation::Powershell testable
Example test
2014-04-26 13:27:25 +01:00
Meatballs 98d2b2293b
Unnecessary return 2014-04-26 13:05:47 +01:00
Meatballs be10c8e4ac
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 12:59:43 +01:00
Meatballs 206184007f
Move methods and rename file so it is run by rspec 2014-04-25 15:16:15 +01:00
Meatballs 32fa8748a8
Fix up decompress 2014-04-23 05:20:54 +01:00
Meatballs e774411b63
Revert Enum removal
.NET 4.5 has two constructors with 2 args so this becomes ambiguous
2014-04-23 02:06:14 +01:00
Meatballs d2e8e07cfe
Fix old powershell generation 2014-04-23 01:58:02 +01:00
Meatballs dd38a81dfc
Fix a @parma 2014-04-23 01:10:13 +01:00
Meatballs 647936e291
Add more yarddoc to Rex::Exploitation::Powershell
encode_code doesn't use eof
no need to unicode encode in gzip as this is handled by encode_code
2014-04-23 01:07:54 +01:00
Meatballs 86cfecdd95
Shave some chars off compression code 2014-04-22 14:52:30 +01:00
Meatballs 354311d191
No need to out-null if no windows is shown 2014-04-22 14:42:03 +01:00
Meatballs cec12edd99
Use enum integer values 2014-04-22 14:40:32 +01:00
Meatballs 71b43d392b
Dont need to specify ASCII mode 2014-04-22 14:36:02 +01:00
James Lee 49bd86f077
Clean up yardocs and a few style issues 2014-04-21 03:12:23 -05:00
Meatballs c936dc963c
Shorten compression 2014-04-19 18:55:45 +01:00
Meatballs 67f44072ca
Merge remote-tracking branch 'upstream/master' into pr2075 2014-04-19 18:45:55 +01:00
RageLtMan 9f05760c50 Merge with Meatballs' initial changes
Clean up arch detection code and dedup Msf/Rex
Reduce generated payload size
2014-04-18 00:28:48 -04:00
RageLtMan 5c3289bbc6 merge fix 2014-04-17 21:26:04 -04:00
Meatballs 38d8df4040
Merge remote-tracking branch 'upstream/master' into pr2075
Conflicts:
	modules/exploits/windows/local/wmi.rb
2014-04-15 22:06:45 +01:00
Meatballs 02b11afddc
Merge remote-tracking branch 'upstream/master' into netapi_change_passwd
Conflicts:
	lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb
2014-04-15 21:23:45 +01:00
Meatballs fc018eb32e
Initial commit 2014-04-15 21:05:06 +01:00
joev e09f887c4c Revert "Fixes large-string expansion in JSObfu."
This reverts commit 14fed8c610.
2014-04-11 16:51:47 -05:00
joev 4cb04b6b9a Revert "Use implicit return for assignment."
This reverts commit 49139cc07f.
2014-04-11 16:51:40 -05:00
joev 21b2697b95 Revert "Use tiny var names by default."
This reverts commit 52432ef482.
2014-04-11 16:51:34 -05:00
joev d41b3467f8 Revert "Re-add the #random_string(len) method to pass specs."
This reverts commit bd8918e4e1.
2014-04-11 16:51:21 -05:00
sinn3r a6a6ad2217
Land #3227 - Remove bundled rkelly, to Gemfile 2014-04-10 12:31:59 -05:00
sinn3r 68a50e3663
Land #3224 - Fixes large-string expansion in JSObfu 2014-04-10 12:09:22 -05:00
Joe Vennix bd8918e4e1
Re-add the #random_string(len) method to pass specs. 2014-04-09 17:44:48 -05:00
Joe Vennix 57aa1eec11
Kick rkelly out to a gem, add rkelly-remixed.
rkelly-remixed is a faster fork of rkelly that is more frequently updated
nowadays. With the new gem, jsobfu obfuscates os.js about twice as fast on
my dev environment.
2014-04-09 17:21:22 -05:00
Joe Vennix 52432ef482 Use tiny var names by default. 2014-04-09 16:54:02 -05:00
Joe Vennix 49139cc07f Use implicit return for assignment. 2014-04-09 15:48:07 -05:00
Joe Vennix 14fed8c610 Fixes large-string expansion in JSObfu. 2014-04-09 15:45:48 -05:00
Meatballs ae3ead6ef9
Land #2107 Post Enum Domain Users 2014-04-09 11:32:12 +01:00
jvazquez-r7 80b069f161 Add support for spoofed zip Central Dir names at Entry level 2014-04-07 09:21:26 -05:00
jvazquez-r7 46e6f937f1 Revert "Add central directory zip spoofing"
This reverts commit d0700e8ac4.
2014-04-07 08:50:33 -05:00
jvazquez-r7 d0700e8ac4 Add central directory zip spoofing 2014-04-07 08:49:49 -05:00
jvazquez-r7 6d72860d58
Land #3004, @m-1-k-3's linksys moon exploit 2014-04-04 14:04:48 -05:00
William Vu 9779913060
Land #3184, Rex::Proto::Http::Client IOError fix 2014-04-03 15:58:50 -05:00
joev 42d59d269e Check #closed? instead of rescuing. 2014-04-03 14:20:48 -05:00
joev 98628b814e Prevent Rex::Proto::Http::Client from raising on close. 2014-04-03 11:36:18 -05:00
HD Moore 231138da1b Fix a typo in the nexpose raw importer 2014-04-03 07:12:45 -07:00
OJ 670a0c8e0f
Merge branch 'upstream/master' into ext_server_kiwi 2014-04-02 19:36:42 +10:00
OJ e61e532223 Add support for extraction of wifi profile creds 2014-04-02 17:16:40 +10:00
OJ 1d46e65897 Update to match meterpreter changes
This also includes the ability to specify id and groups for the
golden ticket feature.
2014-04-02 12:29:35 +10:00
HD Moore 7e227581a7 Rework OS fingerprinting to match Recog changes
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.

This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
Tod Beardsley 1b0fe74da5
Use Array#sample in email generators. 2014-04-01 14:11:23 -05:00
Tod Beardsley 8ab03f3aeb
Use Array#sample in randomize_space 2014-04-01 14:09:07 -05:00
Tod Beardsley ec7bb6de54
Land #2969, random name generator for phishing 2014-04-01 13:00:55 -05:00
William Vu 8bd5d10052
Use rand_hostname in rand_mail_address 2014-03-28 16:44:49 -05:00
jvazquez-r7 8f1e55de5a Use ObfuscateJS 2014-03-28 11:08:38 -05:00
jvazquez-r7 da6a428bbf Modify libs to support explib2 2014-03-28 10:44:52 -05:00
OJ 86ddd24d26 Update to use Rex::Text and change handling a bit
This change also outputs blank creds so that users know which
accounts have blank passwords
2014-03-28 16:12:51 +10:00
OJ 65e204e834 Modify the menu item descriptions 2014-03-28 11:03:38 +10:00
OJ 3a42cb8a46 Fix typo in kiwi help 2014-03-28 11:03:03 +10:00
Tod Beardsley 8e7f12e30e
Land #3085, service_control support
This depends on rapid7/meterpreter#77 to function
2014-03-19 08:43:17 -05:00
Tod Beardsley 04b5d71fa5
Land #3061, enhance clipboard dump
This depends on rapid7/meterpreter#75 to function
2014-03-19 08:42:36 -05:00
Tod Beardsley 35b94b04bf
Land #2889, WMI support
This depends on rapid7/meterpreter#69 to actually be useful.
2014-03-19 08:42:03 -05:00
OJ 11f9bfadb1 Final bits of documentation and code tweaking 2014-03-19 18:40:53 +10:00
OJ 84728c9fc9 Code tidying and defaulting to empty strings for table format 2014-03-19 16:19:23 +10:00
OJ 959cedb9b1 Bit more code tidying 2014-03-19 16:19:05 +10:00
OJ f80c7b7b51 Fix silly typo 2014-03-19 15:55:12 +10:00
OJ 0dcf992781 Add comments to the kiwi source 2014-03-19 15:45:53 +10:00
OJ 3635fff98e Add support for kerberos ticket enumeration
Fix up a bunch of other issues and do some code tidies too.
2014-03-19 14:25:11 +10:00
OJ 91e198fd63 Add SAM key dump in LSA dumping output 2014-03-18 09:45:31 +10:00
OJ dfb4b22015
Merge branch 'upstream/master' into ext_server_kiwi 2014-03-18 08:08:45 +10:00
William Vu 9eada528d7
Land #3097, Rex::Text.uri_encode RFC 3986 fix 2014-03-14 15:38:24 -05:00
OJ a9758413c0 Add lsa secret dumps plus other tweaks 2014-03-14 19:50:01 +10:00
Tod Beardsley 520d1e69c4
Rapid7 Comma Inc
After some more discussion with Rapid7's legal fellow.
2014-03-13 09:46:20 -05:00
Tod Beardsley 9d4ceaa3a0
Let's try to be consistent about Rapid7 Inc.
According to

http://www.sec.gov/Archives/edgar/data/1560327/000156032712000001/0001560327-12-000001.txt

Rapid7 is actually "Rapid7 Inc" not "Rapid7, LLC" any more.

This does not address the few copyright/license statements around
"Metasploit LLC," whatever that is.
2014-03-12 11:20:17 -05:00
sinn3r b431bf3da9
Land #3052 - Fix nil error in BES 2014-03-11 12:51:03 -05:00
OJ 1d70411ea7 Support service_control and new status field in query
This code adds support for the new service_control feature in meterpreter
and also supports the status field that comes from the service_query function.
2014-03-11 14:50:19 +10:00
sinn3r c76a1ab9f4
Land #3065 - Safari User-Assisted Download & Run Attack 2014-03-07 10:29:56 -06:00
Joe Vennix 9638bc7061 Allow a custom .app bundle.
* adds a method to Rex::Zip::Archive to allow recursive packing
2014-03-06 16:11:30 -06:00
William Vu 096d6ad951
Land #3055, heapLib2 integration 2014-03-05 15:48:13 -06:00
Joe Vennix 5790547d34 Start undoing some work. 2014-03-04 17:01:53 -06:00
Tod Beardsley 6e88bbd827
No need for that kind of language 2014-03-04 14:34:50 -06:00
OJ 0bdce4836f Modify clipboard dump to support new format from Meterpreter 2014-03-04 19:37:57 +10:00
Joe Vennix 3360f7004d Update form_post vars, add Expires to cookie. 2014-03-03 23:29:02 -06:00
Joe Vennix 6c3b667152 Kill extra comma. 2014-03-03 16:48:02 -06:00
Joe Vennix bfecf9525d Add Rex::RandomIdentifierGenerator. 2014-03-03 16:43:49 -06:00
Joe Vennix 517a85d141 Remove unneeded quotes. 2014-03-03 15:42:46 -06:00
Joe Vennix b3ab8f7ce1 Make random_var_name public, add specs for it. 2014-03-03 15:39:56 -06:00
Joe Vennix ae9ce962c0 Add future reserved words.
Gotta stay ahead of the game.
2014-03-03 14:59:46 -06:00
Joe Vennix dd86a9188c Prevent jsobfu from generating duplicate/reserved tokens.
I got an error from a script that tried to 'set void = 1'.
2014-03-03 14:56:50 -06:00
sinn3r ee1209b7fb This should work 2014-03-03 11:53:51 -06:00
OJ e0438f570b
Merge branch 'upstream/master' into ext_server_kiwi 2014-03-03 17:28:44 +10:00
Joe Vennix b458b8ad63 Add specs for new methods. 2014-03-02 20:23:20 -06:00
Joe Vennix 46f27289ed Reorganizes form_post into separate file. 2014-03-02 19:55:21 -06:00
Meatballs 8dee9b22c3
Reinstate to_byte_array 2014-03-02 22:07:47 +00:00