36d27242c7
allow reverse tcp with proxies
2012-07-09 23:05:09 +02:00
c8c3c0e3e4
Correct an issue with HTTP response header parsing
2012-07-09 10:22:12 -07:00
8d9186748f
Fix logic fail
2012-07-08 20:46:37 -06:00
c82037d85b
Add an xxd decoder
2012-07-08 20:45:25 -06:00
6d6b4bfa92
Merge remote branch 'rapid7/master' into omg-post-exploits
2012-07-08 17:32:39 -06:00
a8266bd831
Fix up odd reference normalization cases
2012-07-08 11:25:32 -05:00
f75edc0ca1
Correct fix for older PG support, thanks to Patrick Fitzgerald
2012-07-08 10:16:51 -05:00
75430a0b7e
Cleanup to support v1.2 as well as 1.1
2012-07-08 01:53:32 -05:00
4199b67879
Prevent an exception from breaking the sql cache
2012-07-07 17:30:31 -05:00
1d5b7a1a69
Fix an issue with PG's handling of group by on distinct
2012-07-07 17:27:11 -05:00
881d0ff0c9
Add method to create an asset group
2012-07-07 17:27:11 -05:00
33bf2881cc
Removing cached gem for journey.
2012-07-06 22:12:50 -05:00
505b97b470
Adding new gem versions
...
Add the new gems referenced in the last commit for real.
2012-07-06 22:11:16 -05:00
63e41ee6bb
Updating gems: coderay, journey, spork, sprockets
2012-07-06 22:03:33 -05:00
3dba8273c9
Adding journey-1.0.4.
2012-07-06 17:33:16 -05:00
b102d869d7
Switch module search to the SQL backend. Fixes #565
2012-07-05 19:34:05 -07:00
d266dc6031
Revert what looks like an errant debug mode
2012-07-03 20:32:19 -05:00
64364e3f16
Handle failed reloads in a nicer way
2012-07-03 19:49:44 -05:00
bd2368d6ab
Added specific details for each policy type to output table, modified REX:Ui:Table to prevent sorting when SortIndex == -1
2012-07-02 11:47:44 +01:00
4f9106b2e5
Reverse this back now that the bins are updated
2012-07-02 00:02:21 -05:00
d7d21f1bda
Merge branch 'patch-3' of https://github.com/mubix/metasploit-framework into mubix-patch-3
2012-07-01 19:42:49 -05:00
7298840478
Fix match on User-Agent for HTTPS
2012-07-01 21:32:29 -03:00
58dd2af998
Fix match on User-Agent for HTTP
2012-07-01 21:30:31 -03:00
18e8285322
Fix up rev_http handler
2012-07-01 10:46:13 -04:00
12a6d67be4
Add support for user-agent and server control
2012-06-30 21:01:08 -07:00
9204a5b124
Move the db skip into the "web" console driver. FIXRM #7031
2012-06-29 10:46:15 -05:00
eb762b3653
Back out encoding change of empty string, done by comment
2012-06-29 01:07:58 -05:00
1627720166
Skip module loads/db connect for existing framework sessions
2012-06-29 01:03:13 -05:00
d656e3185f
Mark all libraries as defaulting to 8-bit strings
2012-06-29 00:18:28 -05:00
c45b1037f1
Make sure entries are 8-bit
2012-06-28 23:31:26 -05:00
0e55141fd9
Rename counts to count
2012-06-28 11:43:33 -05:00
5092152949
Fix the broken reload_modules method
...
When using the reload_all command, the framework will trigger an
'undefined method module_history' error, because we're missing
an accessor.
Also, even though reload_modules returns "counts". That actually
returns a hash instead of a real count of modules... the return
value is also never actually used anywhere. But to make this
part not broken, we return the actual count.
2012-06-28 11:39:14 -05:00
807142e988
'Size' may not exist in certain PDF structure.
...
This is a fix for issues related to:
'undefined method `[]' for nil:NilClass'
It is possible that a PDF may not have the 'Size' xref, and people
are running into the 'undefined method'[]' for NilClass' exception.
Because the pdf parser always assumes there is a Size field,
so it uses a match() function to find the value for Size, which
can be nil.
See the following bug report for example:
https://dev.metasploit.com/redmine/issues/7014
2012-06-26 16:09:13 -05:00
b04170b283
Unbreak loadpath
...
HD's vuln-info merge broke add_module_path by removing an argument.
2012-06-25 16:37:16 -06:00
4dbdadfa3d
Merge pull request #523 from alexmaloteaux/fixmsfvenom
...
Fix msfvenom to correctly generate elf binaries for bsd and solaris platform
2012-06-25 11:55:49 -07:00
4afc6d698d
Merge/sync with mdm
2012-06-25 10:11:53 -05:00
3d0628debf
Handle unreachable errors better
2012-06-25 03:29:30 -05:00
a393f8d62d
Apply the console ID if specified
2012-06-25 01:37:38 -05:00
19c18a3e4e
Record the device_id correctly in the nexpose raw import
2012-06-25 01:23:16 -05:00
584e0dbd98
Load console config AFTER module path initialization
2012-06-25 01:16:35 -05:00
38cc6571de
Merge branch 'master' into feature/vuln-info
2012-06-25 01:03:52 -05:00
aa0c6d7036
Better IE 9/10 coverage
2012-06-25 01:03:34 -05:00
faf5adadd9
Merge branch 'master' into feature/vuln-info
2012-06-25 00:42:02 -05:00
4bd9b0c94a
Quick typo fix
2012-06-25 00:41:45 -05:00
f7dca272b6
IE 10/Win8 detection support
2012-06-25 00:36:49 -05:00
1989f0ab46
IE 10/Win8 detection support
2012-06-25 00:36:04 -05:00
348a0b8f6e
Merge branch 'master' into feature/vuln-info
2012-06-24 23:00:13 -05:00
2eddfa3444
fix bsd ans solaris platform when using encoder too
2012-06-25 03:12:33 +01:00
4d2e74e2ad
Need to account for the fact the server may timeout during operation
...
See the following issue for more info:
http://dev.metasploit.com/redmine/issues/4866
2012-06-24 20:17:51 -05:00
6913440d67
More progress on syscall wrappers
...
Something is still broken, my socket() is returning EAFNOSUPPORT whereas
what looks like the same syscall in wunderbar_emporium's exploit.c is
returning a socket. Similarly, my __mmap2() is returning EFAULT when
trying to map anything, not just NULL.
2012-06-22 17:45:49 -06:00
dfe0e10dc6
Adding kernelsmith's -a datastore opt
...
Works well enough on its own. Note that you cannot mix -g and -a since
set doesn't actually parse out dash options in a OptParse sort of way.
That said, setg -a seems to work well. This mixing options business
will need to be addressed soon, but that day is not today.
[Closes #514 ]
2012-06-22 16:01:38 -05:00
1bcf241ec0
adds the -a (append) option to the console 'set' command
...
if RHOST is currently 192.168.20.1
set -a RHOST 5
appends 5 to RHOST making it 192.168.20.15
2012-06-22 01:23:54 -05:00
fd8b1636b9
Add the first bits of a sock_sendpage exploit
...
This can currently build an executable that creates a socket, opens a
temporary file, truncates that file with ftruncate(2) and calls
sendfile. Still needs to mmap NULL and figure out ring0 shellcode.
Baby steps.
2012-06-22 00:03:29 -06:00
815d80a2cc
Merge branch 'rapid7' into omg-post-exploits
2012-06-21 17:02:55 -06:00
328f927829
Updated MDM, specifically the error message on tag name validation.
2012-06-20 13:50:50 -05:00
f7ecc98923
Merge branch 'master' into feature/vuln-info
2012-06-20 13:34:53 -05:00
1468a904a7
More error cleanup
2012-06-20 13:34:31 -05:00
f7f9c23a23
Revert "MDM update."
...
This reverts commit 1b8d9446c9
2012-06-20 13:27:49 -05:00
1b8d9446c9
MDM update.
2012-06-20 13:12:47 -05:00
5a5166c90b
Merge branch 'gather-ssh-cleanup' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-gather-ssh-cleanup
2012-06-20 12:07:23 -05:00
60eedc46dd
Remove nils before sorting
...
Fixes a stack trace when one of the directory tests returns nil
2012-06-20 10:44:36 -06:00
83bf78c63b
New failure_reason messages
2012-06-19 13:31:39 -05:00
d5768080bf
Add a fail_message to attempts and fix bugs
2012-06-19 00:48:39 -05:00
bf3062aa89
Fix up opts.delete into temp storage for attempt tracking
2012-06-18 20:30:24 -05:00
5b5f3d0cf6
Merge over MDM
2012-06-18 13:35:27 -05:00
68496d364a
MDM update for report model validation
2012-06-18 08:57:32 -05:00
0696748914
Import exploit attempts
2012-06-18 01:27:50 -05:00
d674ba103d
Export exploit_attempts & module_details, fix mixin load
2012-06-18 01:13:57 -05:00
e8ad66b799
Exploit attempt tracking is mostly complete
2012-06-17 23:00:21 -05:00
a8f7ea901a
Fix cache counters for vuln_attempts, tweak nexpose
2012-06-17 21:55:11 -05:00
a892fce320
Indent only subsequent list items
2012-06-17 20:55:19 -05:00
9ceba4421a
Bullet formatting rendered poorly, remove these and keep indents
2012-06-17 20:49:22 -05:00
39a77024e2
Parse solutions/descriptions into a slightly less ugly format
2012-06-17 19:27:25 -05:00
d7d4d13076
Store platform as a shortname, tweaks to vulns_refs to fix validation
2012-06-17 12:27:58 -05:00
8709473e72
Add fullname to modules, load mixins, fix platform
2012-06-17 11:57:33 -05:00
642f2bf552
MDM update
2012-06-17 11:44:04 -05:00
999f7d7174
One more round of tweaks and finally back and running
2012-06-17 02:06:52 -05:00
37531d4486
Fix typo in table name
2012-06-17 02:01:23 -05:00
980327dddf
Fix typo, redo add(), account for it in the loader
2012-06-17 01:59:19 -05:00
38ad7230d2
Fix up a typo
2012-06-17 01:35:39 -05:00
e4fffc36de
Move to one to many instead of m2m for module_detail tracking
2012-06-17 01:21:38 -05:00
780b8ee48b
Remove the vulns_refs destroy, this causes issues
...
when the join table has no .id
2012-06-17 00:12:10 -05:00
be9b7a88fb
Complicate the matching process in the name of memory
...
and loading speed. Use optional match_details param
to find matching vuln instances.
2012-06-17 00:07:00 -05:00
7d9d6f11e5
Comitting a copy of the "old" mode of loading,
...
still hoping to avoid having to do this due to
memory bloat and slowness.
2012-06-16 22:42:31 -05:00
52150b0e89
Merge branch 'master' into feature/vuln-info
2012-06-16 15:43:52 -05:00
6dd8fd2e05
Move the cache rebuild into a background job
2012-06-16 15:41:37 -05:00
931f24b380
Merge branch 'php_apache_request_headers_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-php_apache_request_headers_bof
2012-06-16 14:56:45 -05:00
8425c8438d
Switch to a MDM/SQL-based module cache
2012-06-16 14:51:09 -05:00
122b34c703
fix missing bock transitions
...
the block objects weren't being transitioned over from the class
methods properly, so the callback blocks were never getting processed.
2012-06-15 14:25:47 -05:00
091b3bbbd9
Added module plus encoder for CVE-2012-2329
2012-06-15 00:29:52 +02:00
8177783681
Merge branch 'master' into feature/vuln-info
2012-06-14 16:21:51 -05:00
e2c1657eb4
Adds a block callback to work with the replicant
...
module instance prior to it being launched.
2012-06-14 16:21:06 -05:00
e59b33fc76
Incorporate egypt's feedback
2012-06-14 10:43:09 -05:00
bffb3571c2
Adding URL ref for db_autopwn deprecation message
2012-06-14 09:53:59 -05:00
2683bb0ba7
Add deprecation warnings for old commands
...
This should hopefully cut down a bit on support requests from people
asking about old commands they read about in _Metasploit: The
Penetration Tester's Guide_
2012-06-14 09:44:38 -05:00
03b29fff68
Merge up the latest, does not automaticlly load
...
the module tree into the database right now.
2012-06-14 04:35:43 -05:00
a6070f8584
Tweak schema (type gets mangled by AR), add caching routine
2012-06-14 03:27:36 -05:00
cc56f43532
Merge in new MDM with corrected relationships
2012-06-14 00:24:21 -05:00
65686824e0
Merge in the MDM with module tables
2012-06-13 21:59:55 -05:00
554defa9c0
Merge MDM changes to fix the vuln refs relationship
2012-06-13 20:43:30 -05:00
8f448c9159
Merge MDM
2012-06-13 14:06:12 -07:00
9351e3ab25
MDM update to support fusion import
2012-06-13 14:02:40 -07:00
08cbd87541
Default mime-types to octet-stream
2012-06-13 14:48:58 -05:00
d2d37f770d
Add expand_path and upload_file methods
2012-06-12 23:58:20 -06:00
2e4231d825
Fix NoMethodError when post mods call super from setup
2012-06-12 23:58:20 -06:00
8707df3abb
Allow tab-completing SESSION on exploits as well
2012-06-12 23:58:19 -06:00
5717f52246
Make the Exploit::Local class useful
...
This commit is the main infrastructure needed to run exploits in a local
context, gluing the Exploit and Post module classes together.
2012-06-12 23:58:19 -06:00
de45630092
Merge branch 'master' into feature/vuln-info
2012-06-12 15:36:16 -05:00
e820d23f73
Cleanup whitespace
2012-06-12 15:32:50 -05:00
374b5b86f7
Merge branch 'master' into feature/vuln-info
2012-06-12 15:24:50 -05:00
3756a5031f
Adding carrierwave to metasploit's gemcache.
2012-06-12 14:47:50 -05:00
6290bba71b
Merge branch 'master' into feature/vuln-info
2012-06-12 12:41:41 -05:00
34ecc7fd18
Adding @schierlm 's AES encryption for Java
...
Tested with and without AES, works as advertised. Set an AESPassword,
get encryptification. Score.
Squashed commit of the following:
commit cca6c5c36ca51d585b8d2fd0840ba34776bc0668
Author: Michael Schierl <schierlm@gmx.de>
Date: Wed Apr 4 00:45:24 2012 +0200
Do not break other architectures
even when using `setg AESPassword`
commit 422d1e341b3865b02591d4c135427903c8da8ac5
Author: Michael Schierl <schierlm@gmx.de>
Date: Tue Apr 3 21:50:42 2012 +0200
binaries
commit 27368b5675222cc1730ac22e4b7a387b88d0d2b3
Author: Michael Schierl <schierlm@gmx.de>
Date: Tue Apr 3 21:49:10 2012 +0200
Add AES support to Java stager
This is compatible to the AES mode of the JavaPayload project.
I'm pretty sure the way I did it in the handlers (Rex::Socket::tcp_socket_pair())
is not the supposed way, but it works :-)
2012-06-11 16:13:25 -05:00
bbd500aca9
Show a stack trace in auxiliary timeouts [ temp ]
2012-06-11 01:40:57 -05:00
d975d1a236
Add counter caches for host_details, vuln_details, vuln_attempts
2012-06-10 17:15:53 -05:00
fc0dc23752
Some handling around empty elements
2012-06-10 17:04:47 -05:00
a20c85a655
Remove binding.pry call
2012-06-10 17:01:31 -05:00
f9999a3033
Add FusiuonVM Importer
...
This adds a nokogiri stream parser for XML reports from
Critical Watch's FusionVM.
2012-06-10 16:38:28 -05:00
4f55452153
This adds import/export support for vuln_attempts
2012-06-10 12:50:59 -05:00
9dcb3059f8
MDM update
2012-06-10 03:46:58 -05:00
7c8cb2d79e
Add vuln_attempts, track exploit attempts when a matching vuln exists.
...
This also fixes an issue with report_vuln() from exploited hosts not
setting the service correctly. This introduces a fail_reason method
to the exploit base class, which attempts to determine why an exploit
did not work (closed port, unreachable host, missing page, etc). There
is still quite a bit of work to do around this to finish it up.
2012-06-10 03:15:48 -05:00
55bdbb6ec9
Merge branch 'master' into feature/vuln-info
2012-06-09 01:37:11 -05:00
e840f7e9ee
Add additional host detail columns and parsers
2012-06-09 00:43:03 -05:00
dabda58f17
Import host_details and vuln_details now
2012-06-08 23:27:02 -05:00
465998bc17
Export host_details and vuln_details, add missing refs to db_export
2012-06-08 22:55:55 -05:00
376aaa410b
Fix tag deuplication and reset after each vuln properly
2012-06-08 22:55:37 -05:00
1be9ce8649
Fixes command parsing in Post::Common
...
The meterpreter API wants arguments in a seperate string (not an array,
mind you) just so it can concatenate them on the server side.
Originally, I worked around that by using Shellwords.shellwords to pull
out the first token. But! Shellwords.shellwords inexplicably and
inexcusably removes backslashes in ways that make it impossible to quote
things on Windows. This commit works around both of those things.
2012-06-07 22:24:59 -06:00
d393dbb28f
MDM update
2012-06-07 21:27:41 -05:00
49b3c9b0e8
More cleanup related to vuln schema
2012-06-07 04:42:16 -05:00
42c3bedfad
Merge MDM, add migrations, tweak report_vuln
2012-06-07 00:40:26 -05:00
a2751e3ccd
Rdoc fixes
2012-06-06 17:04:54 -06:00
a20cec75cc
Rollback activerecord to 3.2.2 to prevent asset inclusion issues.
2012-06-06 11:08:39 -05:00
fc7293baae
Arguments have to be joined with a space
...
Fixes cmd_exec() calls with more than one argument
2012-06-04 18:12:45 -06:00
7be365c299
Ignores SMTP Auth when no creds provided
...
Do not try to auth if the suer provided no creds
2012-06-04 16:41:36 -05:00
f633281870
Straighten out the login error path for nexpose API calls
2012-06-04 15:21:04 -05:00
2e15ecfbd7
MDM Update
2012-06-01 11:01:08 -05:00
9d6fc93ed3
Merge branch 'rubinius-gethostbyname' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-rubinius-gethostbyname
2012-06-01 00:39:52 -05:00
35543d691d
Now only loading MetasploitDataModels when not already loaded and
...
contained objects not in namespace
[Story #30430877 ]
2012-05-31 18:11:42 -05:00
fb1bf0b356
Work around a bug in rubinius
2012-05-31 16:48:34 -06:00
daf5ae8e4b
Updating to Rails 3.2.4.
...
Among other fixes, this addresses the Rails security advisory
from 5/31/2012:
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/7546a238e1962f59
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/f1203e3376acec0f
Thanks Joe and Trevor!
Squashed commit of the following:
commit d7031cebcc8a0f42f6980729c84b0ea6d24e0a9b
Author: Joe Vennix <Joe_Vennix@rapid7.com>
Date: Thu May 31 16:57:29 2012 -0500
Update activerecord in gemcache to support rails 3.2.4. [#30507689 ]
commit c7369f6d6631647907a5d67ac163020a5ab5d6dc
Author: Joe Vennix <Joe_Vennix@rapid7.com>
Date: Thu May 31 16:53:01 2012 -0500
Bump rails version.
2012-05-31 17:09:59 -05:00
03b65c6a48
Handle cases where a user-agent was set via headers
2012-05-31 14:59:25 -05:00
fd67f7c37c
Add cd and pwd to Post::File API
...
Also changes working dir to /tmp (or %TMP% on Windows) when testing file
stuff.
2012-05-30 13:52:48 -06:00
e889d93924
missed @state[:bid]
2012-05-28 14:12:09 -05:00
a3a308f74d
fix tabs
2012-05-28 13:56:18 -05:00
820d5d2ec7
be a bit more defensive, check to make sur ethe data we think is there is there
2012-05-28 13:53:30 -05:00
7c85a2796a
Whitespace cleanup
2012-05-24 17:10:26 -06:00
5bf973871c
Space at EOF cleanup
2012-05-24 16:28:20 -06:00
e88501789c
Make sure state is initialized
...
Fixes a stack trace when the xml has osmatch before osclass. Thanks Sean
Carolan for the report!
2012-05-24 10:43:30 -06:00
0ecffd22b1
Make domain option requirement more clear
2012-05-24 10:11:08 -05:00
22601180f3
Save the pilfered file as loot
2012-05-23 18:07:13 -06:00
m m
HD Moore
James Lee
Tod Beardsley
Meatballs1
sinn3r
Rob Fuller
RageLtMan
Alexandre Maloteaux
kernelsmith
Joe Vennix
Samuel Huckins
David Maloney
jvazquez-r7
Jeff Jarmoc
Michael Schierl
Brandon Perry