Commit Graph

3835 Commits (e41922853ed6160977a3b5dde906638c3f615d2d)

Author SHA1 Message Date
HD Moore 4d2147f392 Adds normalize_uri() and fixes double-slash typos 2012-11-08 07:16:51 -06:00
HD Moore 0e8a3f0ea6 Merge branch 'master' into feature/udp-scanner-mixin 2012-11-08 06:09:22 -06:00
James Lee 2ebe2fa08e Merge branch 'rapid7' into bug/rm7037-hash-iteration 2012-11-07 19:27:11 -06:00
James Lee 8a4fb07a0c Merge branch 'bug/read-module-content-errno-enoent' into rapid7
Really [Closes #1025]
2012-11-07 19:25:39 -06:00
James Lee 26a145e527 Always overwrite the old module even when ambiguous 2012-11-07 18:51:12 -06:00
James Lee 3a572625f5 return inside a block returns from outer method
So no need to check its return value.
2012-11-07 17:43:22 -06:00
James Lee aaa5a3c0bb Add "Call stack:" to the log when a module load fails 2012-11-07 12:48:55 -06:00
David Maloney 04a80e0648 Fixes to the WMI setup 2012-11-07 11:26:48 -06:00
David Maloney 208e706307 Module title fixes 2012-11-07 10:33:14 -06:00
Tod Beardsley 81ed0bbcce Avoiding 1.8.7 variable assignment incompat.
Reported on twitter:

http://twitter.com/SoapyWetDish/status/266155915256938496
2012-11-07 10:10:13 -06:00
James Lee 7a6ccb92ab Unfubar the threading for #service_list
Also makes the test for service_start a little more resilient in case
W32Time is already started
2012-11-06 18:29:42 -06:00
Luke Imhoff 3ad00f7c63 Merge branch 'master' into bug/read-module-content-errno-enoent 2012-11-06 17:39:55 -06:00
Luke Imhoff 16407f91c8 Rescue Errno::ENOENT from File.open in read_module_content
[Fixes #38426061, #38097411]

Msf::Modules::Loader::Directory#read_module_content may calculate a non-existent
module_path that gets passed to File.open causing an Errno::ENOENT exception
to be raised when using the module cache with a module that has been
moved to a new path (as is the case that originally found this bug) or
deleted.  Now, the exception is rescued and read_module_content returns
an empty string (''), which load_module detects with
module_content.empty? and returns earlier without attempting to module
eval the (empty) content.

As having Msf::Modules::Loader::Directory#read_module_content rescue the
exception, meant there was another place that needed to log and error
and store an error in Msf::ModuleManager#module_load_error_by_path, I
refactored the error reporting to call
Msf::Modules::Loader::Base#load_error, which handles writing to the log
and setting the Hash, so the error reporting is consistent across the
loaders.

The exception hierarchy was also refactored so that
namespace_module.metasploit_class now has an error raising counter-part:
namespace_module.metasploit_class! that can be used with
Msf::Modules::Loader::Base#load_error as it requires an exception, and
not just a string so the exception class, message, and backtrace can be
logged.
2012-11-06 17:38:38 -06:00
James Lee 34bc92584b Refactor WindowsServices
* Pulls common code up from several methods into #open_sc_manager
* Deprecates the name Windows::WindowsServices in favor of
  Windows::Services. The platform is already clear from the namespace.
* Makes the post/test/services test module actually work

[See #1007]
[See #1012]
2012-11-06 17:30:04 -06:00
jvazquez-r7 9166d12179 Merge branch 'WinRM_piecemeal' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-WinRM_piecemeal 2012-11-05 23:08:59 +01:00
jvazquez-r7 0f5f5f966b Merge branch 'master' into feature/realport-modules 2012-11-05 22:52:38 +01:00
HD Moore 3d7e0b7b3d Fix bad indent that snuck into the comments 2012-11-04 22:50:47 -06:00
HD Moore ae9b462b99 Fix baud rate (see PR #1008) 2012-11-04 22:38:16 -06:00
David Maloney fca8208171 Some minor code cleanup 2012-11-04 14:45:15 -06:00
David Maloney f69ccc779f Unified smarter module 2012-11-04 13:14:02 -06:00
David Maloney c30ada5eac Adds temp vbs mod and tweaked decoder stub 2012-11-04 12:49:15 -06:00
HD Moore 752ae33135 Minor tweak (kill useless variable, fix gsub) 2012-11-04 01:18:40 -05:00
HD Moore 99ab722aca Dont forget our actual mixin 2012-11-04 01:14:08 -05:00
HD Moore 910a91a0f6 First commit of a udp_mixin and modified scanners 2012-11-04 01:13:38 -05:00
HD Moore 963fdd6430 Initial commit for Digi RealPort modules 2012-11-03 17:44:53 -05:00
James Lee 4a1087d3fa Merge branch 'rapid7' into bug/wrong-file_changed-argument 2012-11-01 16:53:06 -05:00
Tasos Laskos 0d2ad8734e #report_web_vuln: updated to include an owner and payload 2012-11-01 22:23:56 +02:00
Tasos Laskos a88031a02a added web exploit mixin 2012-11-01 21:37:12 +02:00
Tasos Laskos 385d225305 Updated support for Web modules and analysis techniques (committing to new clean branch due to corruption) 2012-11-01 21:14:38 +02:00
David Maloney 519eb0c2be Behold the King of Typos in all my glory 2012-11-01 11:30:52 -05:00
David Maloney 0eccfaf1bb Add a disclosure date 2012-11-01 10:24:28 -05:00
Luke Imhoff a745c3a4a0 metasploit_data_models 0.3.0 installed in gemcache 2012-11-01 08:56:00 -05:00
David Maloney dd7ab11e38 Minor cleanup 2012-10-31 16:14:34 -05:00
Luke Imhoff de07ca5f07 Merge branch 'bug/wrong-file_changed-argument' of github.com:/rapid7/metasploit-framework into bug/wrong-file_changed-argument 2012-10-31 11:49:02 -05:00
Luke Imhoff 471ac6d15d Use typed_enable?(type) instead of protected enablement_by_type[type]
Msf::Modules::Loader::Archive#each_module_reference_name tried to check
the enabled types for the module_manager by accessing the
enabledment_by_type Hash, which is protected.  Instead, it should use
the public type_enabled? method.

Add specs to test all of Msf::Modules::Loader::Archive while testing
each_module_reference_name.  In order to properly test that modules
could be found in archives, I had to produce a fastlib archive, so there
is now a spec for FastLib.dump and FastLib.load.  Some specs are marked
pending as I found a bug in FastLib, which has a work-around.  The bug
is filed in PivotalTracker as
https://www.pivotaltracker.com/story/show/38730815 and the pending tests
include the URL also in their tags.
2012-10-31 11:43:28 -05:00
James Lee be57f7ca74 Merge branch 'bug/wrong-file_changed-argument' of github.com:rapid7/metasploit-framework into bug/wrong-file_changed-argument 2012-10-30 13:07:07 -05:00
Luke Imhoff 6c11b870da Check for payload in :type instead of :modification_time
Just had a brain fart when converting the hash key names and translated
:mtype to :modification_time instead of the correct :type.  Correct key
names are in
Msf::ModuleManager::Cache#module_info_by_path_from_database!.
2012-10-30 12:10:31 -05:00
James Lee d402b3fd08 Merge branch 'bug/wrong-file_changed-argument' of github.com:rapid7/metasploit-framework into bug/wrong-file_changed-argument 2012-10-30 10:54:26 -05:00
Luke Imhoff 5709ffc42b Use Msf::Config.install_root instead of Msf.root
Msf::Config.install_root already existed, but I didn't know about it
until egypt pointed it out, so remove the new Msf.root and use
Msf::Config.install_root in the specs instead.
2012-10-30 10:46:02 -05:00
James Lee 2f41452879 Merge branch 'rapid7' into bug/wrong-file_changed-argument 2012-10-30 10:11:06 -05:00
James Lee d0650dfb25 Put a bandaid over getsockname
Depending on how a socket was created, #getsockname will return either a
struct sockaddr as a String (the default ruby Socket behavior) or an
Array (the extend'd Rex::Socket::Tcp behavior). Avoid the ambiguity when
generating SSL certificates for meterpreter handlers by always picking a
random hostname.

This is by no means a proper fix for the underlying problem of
Socket#getsockname having ambiguous behavior before and after being
extended with Rex::Socket::Tcp. It does, however, solve the immediate
problem of not being able to create tunneled meterpreter sessions over
http(s) sessions.

[SeeRM #7350]
2012-10-29 22:45:46 -05:00
sinn3r 7a1c3e7cf6 Merge branch 'dmaloney-r7-WinRM_piecemeal' 2012-10-27 18:55:24 -05:00
scriptjunkie 3efa4186df Fix search error when platform not in target name 2012-10-27 16:28:38 -05:00
Luke Imhoff 055f95898d Merge branch 'master' into bug/wrong-file_changed-argument
Conflicts:
	lib/msf/core/modules/loader/base.rb
2012-10-24 15:25:49 -05:00
Luke Imhoff 69a8739d52 Pass module_path instead of parent_path to file_changed?
[Fixes #37630057]

Modules were always being detected as having file changes because the
parent_path directory, instead of the actual module_path, was being
passed to module_manager.file_changed?, which caused the modification
times to not match.

To ensure this change fixes the ambiguous module warnings, a full spec
for Msf::Core::Modules::Loader::Base has been written.

spec/msf has moved to spec/lib/msf to match conventional spec layout and
allow for the spec/support directory to not be confused as a lib
subdirectory being tested.
2012-10-24 15:11:53 -05:00
David Maloney bfbae5fbb7 Merge branch 'upstream-master' into WinRM_piecemeal
Conflicts:
	lib/msf/core/exploit/winrm.rb
2012-10-24 14:12:28 -05:00
David Maloney 1dcbbdf162 changed indent level 2012-10-24 13:50:44 -05:00
David Maloney a15c35091d Add the WinRM login module 2012-10-24 11:25:39 -05:00
sinn3r 77c8548855 Merge branch 'dmaloney-r7-WinRM_piecemeal' 2012-10-23 16:33:16 -05:00
sinn3r 8c1304557f Code cleanup 2012-10-23 16:32:26 -05:00
sinn3r 67c46fc97a Merge branch 'WinRM_piecemeal' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-WinRM_piecemeal 2012-10-23 14:03:44 -05:00
David Maloney e19f2d235c Actually use the timeout in winrm cmd 2012-10-23 11:29:32 -05:00
sinn3r f71f83095b Merge branch 'WinRM_piecemeal' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-WinRM_piecemeal 2012-10-22 17:13:37 -05:00
David Maloney 04fd990741 bad indent 2012-10-22 17:03:40 -05:00
David Maloney e08cedec2e Requested revisions/cleanup
minor fixes to spacing, some typos, and abse64 switched to Rex
2012-10-22 17:01:00 -05:00
Rob Fuller 28f47e9aa0 fix spacing for all authors 2012-10-22 17:22:37 -04:00
Rob Fuller a13a88ce28 fix spacing 2012-10-22 17:07:58 -04:00
Rob Fuller 7437d9844b standardizing author info 2012-10-22 17:01:58 -04:00
corelanc0d3r 7733843bf3 added option ReverseListenerBindAddress 2012-10-22 22:17:50 +02:00
HD Moore 2436ac3a58 Revert "Merge branch 'migrator' of git://github.com/scriptjunkie/metasploit-framework into scriptjunkie-migrator"
This reverts commit ca07bdbad6, reversing
changes made to ed3f87b738.
2012-10-20 22:38:31 -05:00
HD Moore 04e1856a4f Fix a copypasta error triggered by a failed load 2012-10-20 15:00:11 -05:00
sinn3r c80005b85f Merge branch 'WinRM_piecemeal' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-WinRM_piecemeal 2012-10-19 17:46:15 -05:00
David Maloney 57514e5407 Msftidyness 2012-10-19 16:56:52 -05:00
sinn3r 51c03bbf47 Merge branch 'WinRM_piecemeal' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-WinRM_piecemeal 2012-10-19 15:44:05 -05:00
sinn3r ca07bdbad6 Merge branch 'migrator' of git://github.com/scriptjunkie/metasploit-framework into scriptjunkie-migrator 2012-10-19 15:25:45 -05:00
David Maloney 56cbe6a67e Some minor fixups 2012-10-19 15:25:03 -05:00
David Maloney 3a8dd261ae WinRM mixin and basic discovery module 2012-10-19 15:08:58 -05:00
Tod Beardsley b7652b44d5 Adding prepend_migrate? 2012-10-19 14:24:13 -05:00
James Lee ffa4373242 Merge branch 'rapid7' into wchen-r7-print_warning
[Closes #899]
2012-10-19 13:49:32 -05:00
jvazquez-r7 205dc8870a Merge branch 'prependsetguid' of https://github.com/mephos/metasploit-framework into mephos-prependsetguid 2012-10-19 10:33:56 +02:00
James Lee 768d2c5921 Go back to old behavior for unknown versions
May not be correct, but it's what we used to do, so probably better than
just raising.

Also documents things a bit better.
2012-10-18 16:57:40 -05:00
James Lee 1eccb24bf8 Raise if the version isn't what we expect
Also adds some clarifying commentation and adds todb to the list of
authors since he wrote the original module for windows upon which this
one is based.
2012-10-18 15:55:55 -05:00
James Lee 0221f75f39 Merge branch 'rapid7' into midnitesnake-postgres_payload 2012-10-18 13:57:25 -05:00
scriptjunkie 0564a6eaa7 Add migrate stub option to Windows x86 payloads.
Migrate stub spawns payload in new process.
2012-10-16 20:53:36 -05:00
James Lee 46ed888ffe Don't require .rb 2012-10-15 17:27:23 -05:00
Tod Beardsley 932b8ba841 Require, not load, msf, not lib/msf 2012-10-15 07:11:15 -05:00
James Lee 9c6fdbe9d7 Compile a .so instead of being version-specific
This makes it possible to use payloads for the appropriate architecture

NOTE: need to test windows and make sure I didn't break it
2012-10-13 15:18:25 -05:00
sinn3r d36f642edc Add print_warning() 2012-10-12 21:48:15 -05:00
James Lee ad1870d819 Merge branch 'rapid7' into midnitesnake-postgres_payload 2012-10-12 14:18:34 -05:00
James Lee 13a5892e95 Add a mixin for uploading/executing bins with PHP
And use it in three modules that had copy-paste versions of the same
idea.
2012-10-12 02:57:41 -05:00
Tod Beardsley 7d848c7147 Merge remote branch 'origin/bug/fastlib-nested-pathnames' 2012-10-10 17:31:36 -05:00
m m 90b948ffb3 add PrependSet[re]gid support for unix payloads 2012-10-10 12:14:00 +02:00
sinn3r 5ce26c4524 Merge branch 'bug/activerecord-dep' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/activerecord-dep 2012-10-09 11:18:02 -05:00
sinn3r 1ba57af00a Merge branch 'master' into bug/windows-pro-modules 2012-10-09 11:15:45 -05:00
Luke Imhoff 2d1fd1c305 Pass file size to read for faster reads on Windows 2012-10-09 11:04:05 -05:00
James Lee 592851e155 Add requires for active_support deps in use
Hash for #assert_valid_keys, Module for #parent.
2012-10-09 02:05:08 -05:00
James Lee b3e27b16d5 Derp, include is a class method 2012-10-09 01:52:19 -05:00
James Lee 227418bd11 Make AR a soft dependency again
Ensures that the absence of activerecord does not prevent msfconsole
from loading. This returns us to the previous state of affairs where it
is possible to use the framework entirely without a database.

To test:
  1. rm -rf lib/gemcache/ruby/1.9.1/gems/activerecord*
  2. remove any locally installed versions of activerecord
  3. msfconsole

msfconsole should load up with a warning like so:

[-] ***
[-] * WARNING: No database support: LoadError cannot load such file -- active_record
[-] ***

... and should still be functional.
2012-10-08 23:07:04 -05:00
HD Moore 8f07a18d74 Fix comment indentation 2012-10-08 17:29:36 -05:00
HD Moore eb0f0fee0c Correct an extra parenthesis 2012-10-08 17:20:25 -05:00
HD Moore 8cdb76d269 Switch to normal String API vs ActiveSupport method 2012-10-08 17:18:40 -05:00
HD Moore 2dce6e6347 FIXRM #7292 by using hex class names 2012-10-08 17:03:41 -05:00
Luke Imhoff 93469604a7 Fix missed rename when adding fastlib under directory
I missed a spot where I referenced the nested_paths as nested_pathnams
after I renamed the variable.  Now, Msf::ModuleManager#add_module_paths
has rspec tests.

Rspec can be invoked with `rake` as the default task or `rake spec`
explicitly.

I changed RuntimeError to ArgumentError since that error  was more
specific to having a bad argument error.  I adding missing dependencies
to the Gemfile and a require to msf/core/db_manager.rb where it errored
out trying to access Msf::Config when I just did require 'msf/core' in
the spec.
2012-10-08 16:14:37 -05:00
HD Moore 6bb1b83de3 Align the comments with the space indents for now 2012-10-08 16:09:12 -05:00
Tod Beardsley 114b7886fa Add back EOF newlines 2012-10-08 12:42:34 -05:00
James Lee 10dafcd09f Fix 1.8 compat with Module#const_defined?
Before 1.9, const_defined? only takes one parameter.
2012-10-08 12:40:18 -05:00
Luke Imhoff ef6dad2bc3 Fix loading binary modules on Windows
[#36737359, #36401509]

Failed to follow HACKING guideline #5, open files in binary mode, so
Pro modules were being truncated on Windows installs.
2012-10-08 09:12:23 -05:00
HD Moore 70061223d3 The use of to_path fails on OS X, switch to to_s 2012-10-06 23:40:08 -05:00
sinn3r 40b2c04c36 Add a redmine link 2012-10-05 00:53:23 -05:00
sinn3r d13878498d Merge branch 'post_file_rename2' of https://github.com/kernelsmith/metasploit-framework into kernelsmith-post_file_rename2 2012-10-05 00:51:53 -05:00
James Lee 9d4427270e Merge branch 'rapid7' into bug/active_support/dependencies-compatibility
[Closes #843]
2012-10-04 17:18:07 -05:00
Luke Imhoff df9db42c32 Fix module reloading
[#36737359]

The merging of reload_module and the various load_module methods
resulted in the module loading from disk, but because the Hash entry in
the module manager was not deleted before on_module_load was called, the
newly reloaded module was logged as an ambiguous module name instead of
a reload.  In order to report the reload errors correctly, I determined
that module_load_error_by_reference_name should really be
module_load_error_by_path.  I eliminated faild in favor of this new name
since failed was just calling the attribute and the attribute's name is
clearer about the format of the data.

Tested by run rexploit and then exiting over and over with
ms08_067_netapi.  When I messed up the file so it couldn't load, by
adding `inclde Exploit` (note mispelling of `include`), it reported the
error to msfconsole.  When I removed the bad line and added a puts
"RELOADING <n>", where I kept incrementing n and saving the file, the
new number appeared during each rexploit.
2012-10-04 16:32:12 -05:00
Luke Imhoff daf9f9abe8 Module load backtraces in log, but not in console
[#36737359]

Write the module_eval backtrace to the log, but only the error's class
and name to Msf::ModuleManager#module_load_error_by_reference_name as
the contents of the Hash are printed in the console, which should never
recieve backtraces.
2012-10-04 13:25:22 -05:00
Luke Imhoff ff46b15871 Fix inverted logic when checking for module load success
[#36737359]

klass should have gone to klass.nil? and and to or when I changed the
test from if to unless.
2012-10-04 11:22:57 -05:00
Luke Imhoff fb266d5eb9 Refactor demand_load_module
[#36737359]

Refactor the behavior of loading symbolic modules from cache by renaming
methods so it's clearer what they do and ensure that cached modules from
Fastlibs and directories can both be loaded, which was not previously
possible since the demand_load_module only called load_module_from_file.
2012-10-04 11:14:08 -05:00
Luke Imhoff b9bf0e6c28 Reuse Msf::Modules::Loader::Base methods
[#36737359]

Use typed_paths method instead of inlining adding MODULE_EXTENSION and
type directory to module_reference_name.
2012-10-03 17:20:23 -05:00
Luke Imhoff 1fd9659c59 Use MODULE_SEPARATOR constant
[#36737359]

Replace literal '::' with pre-existing MODULE_SEPARATOR constant that
was created specifically for this purpose.
2012-10-03 17:20:14 -05:00
Luke Imhoff 9c5350606b Fully-qualify Msf constants.
[#36737359]

On Linux, some of the unqualified constants that resolve on Mac OS X,
don't resolve, so to prevent errors (and because I can't justify why the
unqualified constants should resolve on OS X), I'm qualifying all the
Msf constants that are referenced in the code I've refactored.
2012-10-03 17:17:18 -05:00
Luke Imhoff a21c9b9832 Fix return and calling convention in Msf::ModuleManager::Reloading
[#36737359]

Fix the YARD docs to document the return values and make them consistent
with the modules being called.  Ensure the force flag is passed as an
option to load_modules instead of a positional argument.
2012-10-03 16:48:55 -05:00
Luke Imhoff 7443fed86d Explicitly require 'active_support/concern'
[#36737359]

When starting msfconsole, 'bundler/setup' is not required, the
'msf/env/gemcache' is required instead. Unlike 'bundler/setup' the
msf/env gemcache does not do the automatic requires for gems in the
cache, so explicit requires on 'active_support/concern' is needed to get
ActiveSupport::Concern defined.  (I could have done require
'active_support' to match the behavior of 'bundler/setup', but a smaller
require seemed more appropriate.
2012-10-03 15:42:14 -05:00
kernelsmith 2eef83453d remove unnecessary parens and better comments
removes unnecessary parens (and yes I confirmed they are properly
paired), and adds some comments regarding this as not being an ideal
solution, but rather a stopgap
2012-10-03 15:38:06 -05:00
sinn3r 858fd9ff43 Merge branch 'ropdb' of https://github.com/wchen-r7/metasploit-framework 2012-10-03 15:21:11 -05:00
Luke Imhoff 249a251f26 Remove duplicate reloading message 2012-10-02 18:25:05 -05:00
Luke Imhoff ca0fc0f950 Fully qualify constants in Msf::ModuleSet
Changed lexical scope when I changed the declaration from module Msf;
class ModuleSet to class Msf::ModuleSet so that constants in Msf would
not automatically resolve.
2012-10-02 18:21:24 -05:00
Luke Imhoff 21397a0479 Restructure module_set.rb for easier diff
Taking egypt's advice for making module_set.rb so it will compare
correctly to master branch for diffing.
2012-10-02 16:38:25 -05:00
Luke Imhoff 2d252ab094 Remove unused extend ActiveSupport::Concern
I wasn't using any the features of ActiveSupport::Concern in
Msf::ModuleManager::Reloading, so remove the extend and just include it
as a regular module.
2012-10-02 16:33:11 -05:00
Luke Imhoff 41a0e58b16 Improved docs for ModuleManager and ModuleSet. 2012-10-02 16:26:57 -05:00
sinn3r a526e3d360 Unbreak yourself! 2012-10-01 21:48:05 -05:00
kernelsmith 3d999f13c4 add rename_file method to Msf::Post::File
Came up on IRC, I'm not attached to it, but this commit adds the
rename_file method to lib/msf/core/post/file.rb and aliases it to
move_file and mv_file
2012-10-01 18:14:44 -05:00
sinn3r d832aac629 msftidy caught the space I left in there. 2012-10-01 17:27:00 -05:00
sinn3r f2c7731b39 Add RopDb mixin 2012-10-01 17:09:01 -05:00
Luke Imhoff 555a9f2559 Refactor Msf::ModuleManager
[Fixes #36737359]

Refactor Msf::ModuleManager into concerns so its easier to understand and
duplicate code can be made DRY.  The refactoring also ensures that when
loading from directories, Fastlibs, or reloading, the wrapper module will
always be named so that activesupport/dependencies will function.
2012-10-01 13:09:30 -05:00
HD Moore 49dd19d91d Fallback to system JTR when bundle isnt available 2012-09-30 19:30:16 -07:00
Luke Imhoff 8a2dc0a09f Give ruby Modules that wrap Metasploit modules a name
[#36737359]

active_support/dependencies cannot resolve missing constants in Metasploit
modules because the wrapper module is anonymous.  In order to make the
wrapper module non-anonymous, the module must be assigned to a constant.
Since we don't want modules colliding, the wrapper module needs a unique
name, so use the module lookup name to derive the proper nested module names
to namespace the wrapper module.  All derived modules are nested under
Msf::Modules.  The name derivation handles invalid characters for constant
names such as digits as the first character or non-alphanumeric character.
The invalid constant name characters are converted to their hex value and
prefixed with X, so '-' in a name become 'X2d'.
2012-09-27 12:52:09 -05:00
Tod Beardsley b1ce969c95 Merge remote branch 'kernelsmith/msfconsole-s' 2012-09-20 14:31:55 -05:00
Tod Beardsley cf8edf8570 Touchups to msfconsole command parsing
Move from -s to -x and use a semicolon.
2012-09-20 13:40:01 -05:00
kernelsmith 56d5c13755 adds -s <string> Execute the specified string as console commands to msfconsole
for convenience when you don't need/want a full resource file, you just
want to run something quick
example usage:
# say you have a saved config ready to go on load
./msfconsole -s 'exploit -j'
# you can run multiple commands too
./msfconsole -s 'set ConsoleLogging true\nshow options'
2012-09-20 12:23:48 -05:00
David Maloney f75ff8987c updated all my authour refs to use an alias 2012-09-19 21:46:14 -05:00
Ramon de C Valle 11f82de098 Update author information 2012-09-19 14:00:51 -03:00
sinn3r c6c59b6df6 Merge branch 'jlee-r7-bug/redmine-7226-rhost-dns' 2012-09-13 11:04:51 -05:00
sinn3r 1f58458073 Merge branch 'udev_netlink' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-udev_netlink 2012-09-13 10:37:52 -05:00
midnitesnake 9629ea5d05 Got rid of methods upload_elf, write_to_disk_elf, as module uses cmd injection payload, rather than binary payload. 2012-09-13 14:42:10 +01:00
HD Moore 221eb88313 Make filename easy to override 2012-09-10 15:59:01 -05:00
James Lee bbeb6cc97a Add a privilege escalation exploit for udev < 1.4.1
Also includes a new ```rm_f``` method for Post::File for deleting remote
files in a platform-independent way.
2012-09-10 12:32:14 -05:00
James Lee ac0415eae0 Normalize hosts when doing a framework.db.get_host
Ensures that the host is an address (not a host name).

[FixRM #7226]
2012-09-06 17:23:21 -05:00
David Maloney a07f521969 Minor fix to broken interpolation 2012-09-06 11:31:10 -05:00
sinn3r 2cb2b281d6 Fix NoMethodError for nil:NilClass bug
The 'unless' statement expects there's always a value for USERNAME
and PASSWORD. We might as well just set '' as the default value
to avoid the NoMethodError mistake.  Related to bug #7140.
2012-09-06 01:09:40 -05:00
sinn3r 5f9e310e85 Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework 2012-09-05 13:47:25 -05:00
Stephen Haywood 8f142c74e5 Adding documentation to the methods in the post exploitation library. Will eventually generate an rdoc file and a post exploitation How To. 2012-09-04 22:21:47 -04:00
sinn3r af211d9455 Change how it looks a little 2012-09-01 12:51:52 -05:00
eddiezab c13d24c0db Update lib/msf/ui/console/framework_event_manager.rb
Includes the session host IP when displaying closed sessions. Useful for users who have large numbers of sessions open.
2012-08-31 21:24:45 -03:00
Tod Beardsley d4cccda8e1 Add in missing require
Reverse_https handler needs to specifically require reverse_http in
order to ensure that the Msf::Handler::ReverseHttp mixin is available at
run time.
2012-08-25 15:43:32 -04:00
midnitesnake 25ee8fd357 Run postgres.rb & postgres_payload through msftidy, and cleaned up the files 2012-08-25 01:44:49 +01:00
Stephen Haywood b6d64b770a Adding documentation to the post modules library. 2012-08-23 23:57:55 -04:00
Tod Beardsley a93c7836bd Fixes load order with reverse http
This was originally intended to fix #664.

SEERM #7141 also.
2012-08-23 12:16:47 -05:00
Tod Beardsley ac0198690c Revert "Egypt's code is broken. Revert to old code until he fixes it agai"
This reverts commit 10cf466a99.
2012-08-23 12:01:49 -05:00
Tod Beardsley e7b11575a5 Revert "Reapplying commit d266dc60"
This reverts commit d612d2a040.
2012-08-23 12:01:24 -05:00
James Lee aac56fc29b Fix load order issue
[See #664][SeeRM #7141]
2012-08-23 10:54:23 -05:00
Tod Beardsley d612d2a040 Reapplying commit d266dc60
Somewhere along the way, commit d266dc6031
was dropped. Reimplementing.
2012-08-22 16:20:27 -05:00
sinn3r 10cf466a99 Egypt's code is broken. Revert to old code until he fixes it agai
See pull request:
https://github.com/rapid7/metasploit-framework/pull/664n
2012-08-21 20:33:24 -05:00
midnitesnake 5cf7f22a13 corrections following on from jlee-r7 comments 2012-08-21 23:57:07 +01:00
sinn3r 5e89c546c5 Merge branch 'reverse-http-redmine-7141' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-reverse-http-redmine-7141 2012-08-21 14:33:42 -05:00
midnitesnake ad2b457fda Added linux port for postgres payload 2012-08-14 17:46:35 +01:00
Tod Beardsley 1485f74670 Out of 4.4.0, and into 4.5.0-dev 2012-08-07 09:53:01 -05:00
Tod Beardsley 58ce6fbac4 Adding author info for juan 2012-08-06 08:55:54 -05:00
James Lee 66c5d8b617 Refactor reverse_*http(s) handlers
De-dups a whole bunch of copy pasted code. Should be a bit easier to
maintain now.
2012-08-03 13:27:40 -06:00
James Lee bf9d59003c Always start a session when CONN comes in
Also gets rid of the conn_ids array, which was never pruned (and
without some extra gymnastics in meterpreter/client.rb *can't* be) when
handler URLs were removed.
2012-08-02 18:58:58 -06:00
sinn3r 832f47d467 Merge branch 'master' into jtr_seeding 2012-08-01 15:04:31 -05:00
David Maloney fa2b0c26bb Fixes password seeding for JtR modules 2012-08-01 14:15:51 -05:00
James Lee 46312d9035 Add a comment describing function prototype 2012-08-01 00:28:18 -06:00
James Lee 99aa78a371 Tab complete LHOST based on RHOST if it is set 2012-07-20 23:10:22 -06:00
James Lee c1cf71c4e9 Remove debugging load() 2012-07-18 11:02:21 -06:00
sinn3r f4547527a8 Merge branch 'omg-post-exploits' of https://github.com/jlee-r7/metasploit-framework 2012-07-17 17:43:40 -05:00
James Lee 6b0196eccc Add a require for File in Common 2012-07-17 15:48:06 -06:00
HD Moore c887e0aaff Re-add AFP changes due to mangled merge 2012-07-17 00:42:49 -05:00
HD Moore b6d05c77ca No, really. Bump 2012-07-17 00:36:19 -05:00
HD Moore f62e0b1cca AFP fixes and JTR typo fix 2012-07-16 21:45:45 -05:00
HD Moore 7e50f91d59 Bump 2012-07-16 21:02:40 -05:00
HD Moore bc2edeace2 Cleanup AFP module output 2012-07-16 21:02:40 -05:00
James Lee efe478f847 Merge branch 'master' into omg-post-exploits 2012-07-16 09:20:23 -06:00
James Lee 7091d1c65b Add an exploit for sock_sendpage
Unfortunately, adds a dep on bionic for runtime compilation.

Gets ring0, sets the (res)uid to 0 and jumps to the payload.  Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into.  Single payloads work fine, though.

Also cleans up and improves local exploits' ability to compile C.

[SEERM #3038]
2012-07-15 20:29:48 -06:00
HD Moore 4509c11916 Fingerprint dd-wrt even when auth is required 2012-07-15 21:21:13 -05:00
HD Moore f111ae097e Bail early if the user did not configure an injection parameter 2012-07-15 21:14:39 -05:00
HD Moore 0230ef60f6 Cosmetic 2012-07-15 15:46:54 -05:00
HD Moore d6c6a3d0c5 Correct an issue with payload recalc during iteration 2012-07-15 15:45:25 -05:00
HD Moore 2254086dbe Replace event handler with a straightforward filter 2012-07-11 03:00:44 -05:00
HD Moore 430351fe79 Better handle of module cache when db_connect is run manually 2012-07-10 23:56:48 -05:00
HD Moore a7d1a61af2 Handle non-failure module exits as well 2012-07-10 19:55:43 -05:00
HD Moore 64e8956319 More small tweaks to import/export of attempts 2012-07-10 00:18:06 -05:00
HD Moore 25fee46020 Quick typo fix 2012-07-09 23:31:53 -05:00
HD Moore 6c977535d0 Fix up attempt/detail import/export structure 2012-07-09 22:47:05 -05:00
HD Moore bfde053cf4 Correct a flaw in vuln_attempt/vuln_detail import 2012-07-09 22:28:42 -05:00
m m 36d27242c7 allow reverse tcp with proxies 2012-07-09 23:05:09 +02:00
James Lee 8d9186748f Fix logic fail 2012-07-08 20:46:37 -06:00
James Lee c82037d85b Add an xxd decoder 2012-07-08 20:45:25 -06:00
James Lee 6d6b4bfa92 Merge remote branch 'rapid7/master' into omg-post-exploits 2012-07-08 17:32:39 -06:00
HD Moore f75edc0ca1 Correct fix for older PG support, thanks to Patrick Fitzgerald 2012-07-08 10:16:51 -05:00
HD Moore 4199b67879 Prevent an exception from breaking the sql cache 2012-07-07 17:30:31 -05:00
HD Moore 1d5b7a1a69 Fix an issue with PG's handling of group by on distinct 2012-07-07 17:27:11 -05:00
HD Moore b102d869d7 Switch module search to the SQL backend. Fixes #565 2012-07-05 19:34:05 -07:00
HD Moore d266dc6031 Revert what looks like an errant debug mode 2012-07-03 20:32:19 -05:00
HD Moore 64364e3f16 Handle failed reloads in a nicer way 2012-07-03 19:49:44 -05:00
HD Moore 4f9106b2e5 Reverse this back now that the bins are updated 2012-07-02 00:02:21 -05:00
sinn3r d7d21f1bda Merge branch 'patch-3' of https://github.com/mubix/metasploit-framework into mubix-patch-3 2012-07-01 19:42:49 -05:00
Rob Fuller 7298840478 Fix match on User-Agent for HTTPS 2012-07-01 21:32:29 -03:00
Rob Fuller 58dd2af998 Fix match on User-Agent for HTTP 2012-07-01 21:30:31 -03:00
RageLtMan 18e8285322 Fix up rev_http handler 2012-07-01 10:46:13 -04:00
HD Moore 12a6d67be4 Add support for user-agent and server control 2012-06-30 21:01:08 -07:00
HD Moore 9204a5b124 Move the db skip into the "web" console driver. FIXRM #7031 2012-06-29 10:46:15 -05:00
HD Moore 1627720166 Skip module loads/db connect for existing framework sessions 2012-06-29 01:03:13 -05:00
HD Moore d656e3185f Mark all libraries as defaulting to 8-bit strings 2012-06-29 00:18:28 -05:00
sinn3r 0e55141fd9 Rename counts to count 2012-06-28 11:43:33 -05:00
sinn3r 5092152949 Fix the broken reload_modules method
When using the reload_all command, the framework will trigger an
'undefined method module_history' error, because we're missing
an accessor.

Also, even though reload_modules returns "counts". That actually
returns a hash instead of a real count of modules... the return
value is also never actually used anywhere.  But to make this
part not broken, we return the actual count.
2012-06-28 11:39:14 -05:00
sinn3r 807142e988 'Size' may not exist in certain PDF structure.
This is a fix for issues related to:
'undefined method `[]' for nil:NilClass'

It is possible that a PDF may not have the 'Size' xref, and people
are running into the 'undefined method'[]' for NilClass' exception.
Because the pdf parser always assumes there is a Size field,
so it uses a match() function to find the value for Size, which
can be nil.

See the following bug report for example:
https://dev.metasploit.com/redmine/issues/7014
2012-06-26 16:09:13 -05:00
James Lee b04170b283 Unbreak loadpath
HD's vuln-info merge broke add_module_path by removing an argument.
2012-06-25 16:37:16 -06:00
HD Moore 4dbdadfa3d Merge pull request #523 from alexmaloteaux/fixmsfvenom
Fix msfvenom to correctly generate elf binaries for bsd and solaris platform
2012-06-25 11:55:49 -07:00
HD Moore 3d0628debf Handle unreachable errors better 2012-06-25 03:29:30 -05:00
HD Moore 584e0dbd98 Load console config AFTER module path initialization 2012-06-25 01:16:35 -05:00
HD Moore 1989f0ab46 IE 10/Win8 detection support 2012-06-25 00:36:04 -05:00
HD Moore 348a0b8f6e Merge branch 'master' into feature/vuln-info 2012-06-24 23:00:13 -05:00
Alexandre Maloteaux 2eddfa3444 fix bsd ans solaris platform when using encoder too 2012-06-25 03:12:33 +01:00
sinn3r 4d2e74e2ad Need to account for the fact the server may timeout during operation
See the following issue for more info:
http://dev.metasploit.com/redmine/issues/4866
2012-06-24 20:17:51 -05:00
James Lee 6913440d67 More progress on syscall wrappers
Something is still broken, my socket() is returning EAFNOSUPPORT whereas
what looks like the same syscall in wunderbar_emporium's exploit.c is
returning a socket. Similarly, my __mmap2() is returning EFAULT when
trying to map anything, not just NULL.
2012-06-22 17:45:49 -06:00
Tod Beardsley dfe0e10dc6 Adding kernelsmith's -a datastore opt
Works well enough on its own. Note that you cannot mix -g and -a since
set doesn't actually parse out dash options in a OptParse sort of way.

That said, setg -a seems to work well. This mixing options business
will need to be addressed soon, but that day is not today.

[Closes #514]
2012-06-22 16:01:38 -05:00
kernelsmith 1bcf241ec0 adds the -a (append) option to the console 'set' command
if RHOST is currently 192.168.20.1
set -a RHOST 5
appends 5 to RHOST making it 192.168.20.15
2012-06-22 01:23:54 -05:00
James Lee fd8b1636b9 Add the first bits of a sock_sendpage exploit
This can currently build an executable that creates a socket, opens a
temporary file, truncates that file with ftruncate(2) and calls
sendfile. Still needs to mmap NULL and figure out ring0 shellcode.

Baby steps.
2012-06-22 00:03:29 -06:00
James Lee 815d80a2cc Merge branch 'rapid7' into omg-post-exploits 2012-06-21 17:02:55 -06:00
HD Moore f7ecc98923 Merge branch 'master' into feature/vuln-info 2012-06-20 13:34:53 -05:00
HD Moore 1468a904a7 More error cleanup 2012-06-20 13:34:31 -05:00
sinn3r 5a5166c90b Merge branch 'gather-ssh-cleanup' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-gather-ssh-cleanup 2012-06-20 12:07:23 -05:00
James Lee 60eedc46dd Remove nils before sorting
Fixes a stack trace when one of the directory tests returns nil
2012-06-20 10:44:36 -06:00
HD Moore 83bf78c63b New failure_reason messages 2012-06-19 13:31:39 -05:00
HD Moore d5768080bf Add a fail_message to attempts and fix bugs 2012-06-19 00:48:39 -05:00
HD Moore bf3062aa89 Fix up opts.delete into temp storage for attempt tracking 2012-06-18 20:30:24 -05:00
HD Moore 0696748914 Import exploit attempts 2012-06-18 01:27:50 -05:00
HD Moore d674ba103d Export exploit_attempts & module_details, fix mixin load 2012-06-18 01:13:57 -05:00
HD Moore e8ad66b799 Exploit attempt tracking is mostly complete 2012-06-17 23:00:21 -05:00
HD Moore a8f7ea901a Fix cache counters for vuln_attempts, tweak nexpose 2012-06-17 21:55:11 -05:00
HD Moore d7d4d13076 Store platform as a shortname, tweaks to vulns_refs to fix validation 2012-06-17 12:27:58 -05:00
HD Moore 8709473e72 Add fullname to modules, load mixins, fix platform 2012-06-17 11:57:33 -05:00
HD Moore 999f7d7174 One more round of tweaks and finally back and running 2012-06-17 02:06:52 -05:00
HD Moore 980327dddf Fix typo, redo add(), account for it in the loader 2012-06-17 01:59:19 -05:00
HD Moore be9b7a88fb Complicate the matching process in the name of memory
and loading speed. Use optional match_details param
to find matching vuln instances.
2012-06-17 00:07:00 -05:00
HD Moore 52150b0e89 Merge branch 'master' into feature/vuln-info 2012-06-16 15:43:52 -05:00
HD Moore 6dd8fd2e05 Move the cache rebuild into a background job 2012-06-16 15:41:37 -05:00
sinn3r 931f24b380 Merge branch 'php_apache_request_headers_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-php_apache_request_headers_bof 2012-06-16 14:56:45 -05:00
HD Moore 8425c8438d Switch to a MDM/SQL-based module cache 2012-06-16 14:51:09 -05:00
David Maloney 122b34c703 fix missing bock transitions
the block objects weren't being transitioned over from the class
methods properly, so the callback blocks were never getting processed.
2012-06-15 14:25:47 -05:00
jvazquez-r7 091b3bbbd9 Added module plus encoder for CVE-2012-2329 2012-06-15 00:29:52 +02:00
HD Moore 8177783681 Merge branch 'master' into feature/vuln-info 2012-06-14 16:21:51 -05:00
HD Moore e2c1657eb4 Adds a block callback to work with the replicant
module instance prior to it being launched.
2012-06-14 16:21:06 -05:00
HD Moore e59b33fc76 Incorporate egypt's feedback 2012-06-14 10:43:09 -05:00
James Lee 2683bb0ba7 Add deprecation warnings for old commands
This should hopefully cut down a bit on support requests from people
asking about old commands  they read about in _Metasploit: The
Penetration Tester's Guide_
2012-06-14 09:44:38 -05:00
HD Moore 03b29fff68 Merge up the latest, does not automaticlly load
the module tree into the database right now.
2012-06-14 04:35:43 -05:00
HD Moore a6070f8584 Tweak schema (type gets mangled by AR), add caching routine 2012-06-14 03:27:36 -05:00
HD Moore 8f448c9159 Merge MDM 2012-06-13 14:06:12 -07:00
David Maloney 08cbd87541 Default mime-types to octet-stream 2012-06-13 14:48:58 -05:00
James Lee d2d37f770d Add expand_path and upload_file methods 2012-06-12 23:58:20 -06:00
James Lee 2e4231d825 Fix NoMethodError when post mods call super from setup 2012-06-12 23:58:20 -06:00
James Lee 8707df3abb Allow tab-completing SESSION on exploits as well 2012-06-12 23:58:19 -06:00