Commit Graph

4205 Commits (e6781fcbea5319bfe73bb9da21526dccce537536)

Author SHA1 Message Date
jvazquez-r7 dbc199ad77 space after commas 2014-10-08 13:56:59 -05:00
Luke Imhoff 6b3d70ce00
Fix code style in Msf::ServiceState
MSP-11124
2014-10-08 13:52:42 -05:00
Luke Imhoff 46156fbbc6
Fix indentation in Msf::ServiceState
MSP-11124
2014-10-08 13:50:26 -05:00
Luke Imhoff 57d9dc306c
Extract Msf::ServiceState
MSP-11124

Extract Msf::ServiceState from `lib/msf/core/db.rb` and put it into
`lib/msf/core/service_state.rb`.
2014-10-08 13:45:15 -05:00
Luke Imhoff 0708ac1361
Fix comment style in Msf::HostState
MSP-11124
2014-10-08 11:47:04 -05:00
Luke Imhoff 5ecd194a0d
Fix indent in Msf::HostState
MSP-11124
2014-10-08 11:43:28 -05:00
Luke Imhoff 6e6780da86
Split Msf::HostState into own file
MSP-11124
2014-10-08 11:37:59 -05:00
jvazquez-r7 0ec855cd07 Add debug log for ARCH_CMD encoder results 2014-10-06 22:34:09 -05:00
jvazquez-r7 260e829a59 Fix PayloadGenerator to have platform into account, so msfvenom works as expected 2014-10-06 19:20:59 -05:00
jvazquez-r7 0089810026 Merge to update 2014-10-06 19:09:31 -05:00
jvazquez-r7 212762e1d6 Delete RequiredCmd for unix cmd encoders, favor EncoderType 2014-10-06 18:42:21 -05:00
James Lee a65ee6cf30
Land #3373, recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
William Vu f7e709dcb3
Land #3941, new WPVDB reference 2014-10-03 10:17:02 -05:00
Christian Mehlmauer f45b89503d change WPVULNDBID to WPVDB 2014-10-03 17:13:18 +02:00
sinn3r 6d7870a4ac
Land #3934 - New :vuln_test option to BES 2014-10-02 16:31:50 -05:00
Christian Mehlmauer 33b37727c7 Added wpvulndb links 2014-10-02 23:03:31 +02:00
Joe Vennix 6571213f1c
Remove un-truthy doc string. 2014-10-01 23:41:02 -05:00
Joe Vennix 5a8eca8946
Adds a :vuln_test option to BES, just like in BAP.
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.

This commit also does some mild refactoring of un-
useful behavior in BES.
2014-10-01 23:34:31 -05:00
Joe Vennix b1b8cba4c5
Rescue an IOError on channel double-close.
This was causing output from python meterpreter
commands run on OSX to be discarded when the error
was raised, making cmd_exec not-so-useful.
2014-10-01 22:35:41 -05:00
James Lee 5cb016c1b1
Use Match constant in BES as well 2014-10-01 16:17:13 -05:00
James Lee a75d47aad9
Use yardoc for new methods
Also substitute '&&' for 'and', and fix some whitespace
2014-10-01 16:02:33 -05:00
sinn3r 1e2d860ae1 Fix #3914 - Inconsistent unicode names 2014-09-30 12:19:27 -05:00
sinn3r 9e5826c4eb
Land #3844 - Add the JSObfu mixin to Firefox exploits 2014-09-29 11:15:14 -05:00
HD Moore 8fa666b75d Verbose messages on why a connection is closed 2014-09-28 17:41:21 -07:00
Meatballs d5959d6bd6
Land #2585, Refactor Bypassuac with Runas Mixin 2014-09-28 09:24:22 +01:00
jvazquez-r7 a31b4ecad9
Merge branch 'review_3893' into test_land_3893 2014-09-26 08:41:43 -05:00
James Lee 86f85a356d
Add DHCP server module for CVE-2014-6271 2014-09-26 01:24:42 -05:00
Ramon de C Valle bdac82bc7c Fix lib/msf/core/exploit/dhcp.rb 2014-09-25 22:18:26 -03:00
Joe Vennix 2b02174999
Yank Android->jsobfu integration. Not really needed currently. 2014-09-25 16:00:37 -05:00
Joe Vennix b96a7ed1d0
Install a global object in firefox payloads, bump jsobfu. 2014-09-24 16:05:00 -05:00
Joe Vennix 5d234c0e01
Pass #send in this so jsobfu is not confused. 2014-09-24 15:07:14 -05:00
Jon Hart 650b65250f Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master 2014-09-22 11:51:10 -07:00
Jon Hart 4e9f1282de
Land #3834, @jabra-'s updates to UDPscanner to support spoofing 2014-09-22 11:49:53 -07:00
Jon Hart e86b18cdd4
Add sanity check for NUM_REQUESTS 2014-09-22 11:48:39 -07:00
Luke Imhoff f61afe2598
Merge branch 'master' into bug/MSP-11368/boot-profiling
MSP-11368
2014-09-22 10:00:07 -05:00
William Vu ebacb26e51
Land #3838, msfvenom badchar fix 2014-09-22 03:08:57 -05:00
Joe Vennix d9e6f2896f
Add the JSObfu mixin to a lot of places. 2014-09-21 23:45:59 -05:00
sinn3r e1cfc74c32 Move jsobfu to a mixin 2014-09-21 00:39:04 -05:00
sinn3r cd037466a6 upate doc 2014-09-20 23:40:47 -05:00
sinn3r 9191af6241 Update js_obfuscate 2014-09-20 23:38:35 -05:00
sinn3r a9420befa4 Default to 0 2014-09-20 21:39:20 -05:00
sinn3r 046045c608 Chagne option description 2014-09-20 21:38:57 -05:00
sinn3r fd5aee02d7 Update js_obfuscate 2014-09-20 21:36:17 -05:00
sinn3r 7bab825224 Last changes 2014-09-20 18:39:09 -05:00
sinn3r 135bed254d Update BrowserExploitServer for JSObfu 2014-09-20 17:59:36 -05:00
Joe Vennix d9a713b415
Decode the badchars string correctly. 2014-09-20 17:48:03 -05:00
Josh Abraham cd8b1318e0 send data based on input not @probe 2014-09-20 15:18:58 -04:00
Josh Abraham 3fb00ece9e refactored the code based on PR feedback 2014-09-20 14:10:00 -04:00
Luke Imhoff 5884cbc196
Optimize skip logic in #update_all_module_details
MSP-11368

Use `Hash<String, Set<String>>` instead of `Array<(String, String)>` so
that `include?` call is faster because (1) it's only search through
reference names of the same module_type and (2) `Set#include?` is faster
than `Array#include?`.  This change is a 8.20% average reduction in boot
time compare to b863978028, for a overall
reduction of 40.95% over b5c3c87790.
See statistics at
https://docs.google.com/spreadsheets/d/1TnZIUFIR1S5nCnkeM-7XR3AVSbyCl39x2mItJKJCOqg/edit?usp=sharing
and data at
https://drive.google.com/folderview?id=0Bx1hRHfpRW92VEFvQ2FaN3RoWWs&usp=drive_web
2014-09-19 15:34:10 -05:00
Luke Imhoff 8b5a146067
Wrap Array#include? usage
MSP-11368

Wrap skipped.include? call to confirm it is the culprit for
Array#include? inside of with_connection in profile.
2014-09-19 14:38:12 -05:00
Josh Abraham c216cf8c53 added spoofing capabilities to udp_scanner 2014-09-19 10:29:05 -04:00
Luke Imhoff b863978028
Remove fastlib
MSP-11368
MSP-11143

Remove fastlib as it slows down the code loading process.  From the
previous commit, the mean loading for
`METASPLOIT_FRAMEWORK_PROFILE=true msfconsole -q -x exit` was
27.9530±0.3485 seconds (N=10).  The mean after removal of fastlib
was 17.9820±0.6497 seconds (N=10).  This means an average 35.67%
reduction in boot time.
2014-09-18 15:24:21 -05:00
HD Moore 29eb3ebf86 Fix up the StageEncodingFallback logic and error handling 2014-09-15 21:56:35 -05:00
agix 9cbc7e46a3 Fix suggested stuff
https://github.com/hmoore-r7/metasploit-framework/pull/2
2014-09-15 09:47:06 +02:00
agix c71428be50 Choose fallback if stage encoding fail 2014-09-13 13:56:54 +02:00
agix 7485d9172a Rescue only NoEncodersSucceededError to pass the tests 2014-09-12 13:30:03 +02:00
agix 28e61edef4 Unblock when invalid encoder is selected and allow multiple encoder 2014-09-12 12:48:09 +02:00
Joe Vennix 37e6173d1f
Make Metasploit::Concern a first-class dep.
Also adds a Concern hook to HttpServer, so Pro can more
easily change its behavior.
2014-09-11 13:28:45 -05:00
HD Moore 71228b48a0 Update 3 more encoders to be StageEncoder compatible
This could probably use some DRY love via a mixin
2014-09-10 20:21:35 -05:00
sinn3r 65287e41cd
Land #3773 - Fix windows cmd redirection in firefox payloads 2014-09-10 13:25:42 -05:00
Joe Vennix 1bb6573570
Fix windows cmd redirection in ff payloads. 2014-09-10 00:47:05 -05:00
sinn3r 0a6ce1f305
Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP 2014-09-09 17:21:03 -05:00
HD Moore 6c0dae953d Stage encoding is now SaveRegister aware 2014-09-09 14:21:51 -05:00
David Maloney ef748fdef7
check if database is connected first
wooops
2014-09-08 12:54:19 -05:00
David Maloney 09e6c2f51f
Merge branch 'master' into feature/MSP-11162/db-all-creds 2014-09-08 12:52:25 -05:00
William Vu ae5a8f449c
Land #3691, gdbserver hax 2014-09-08 11:48:39 -05:00
William Vu 5c1d95812c
Add verify_checksum and use it
Also fixed a YARD typo.
2014-09-08 02:19:21 -05:00
sinn3r ce0e7b59f5 Remove WVE and BPS reference identifiers
Reasons why they should be gone:

WVE:
* wirelessve.org is down.
* Not a single module uses WVE as a reference

BPS:
* "BreakingPoint" no longer exists
* The URL takes you to a login page to ixia. And there is no point
  of referencing something people can't see.
* Not a single module uses BPS as a reference.
2014-09-05 13:28:10 -05:00
William Vu b6e04599a7
Fix read_ack to read only the ACK
It was reading the response, too. Also removed an extraneous send_ack.
2014-09-05 12:30:59 -05:00
David Maloney 093f488360
add db_all_cred methods to authbrute
adds 3 methods to add db_all_creds functionality back to
the loginscanners
2014-09-04 12:20:42 -05:00
HD Moore 4966082de5 Replace 'rescue nil' with DRY-violating versions :( 2014-09-03 23:06:11 -05:00
Joe Vennix 0e18d69aab
Add extended mode to prevent service from dying. 2014-09-03 16:07:27 -05:00
Joe Vennix 4293500a5e
Implement running exe in multi. 2014-09-03 15:56:21 -05:00
Joe Vennix 268d42cf07
Add PrependFork to payload options. 2014-09-03 14:56:22 -05:00
HD Moore 85c5de07ec Fix use of datastore['SMBServerIdleTimeout'] 2014-09-02 13:47:01 -05:00
HD Moore 6fcc864942 Reduce the chance of file descriptor leaks in SMBServer
This patch addresses three observed error conditions in long-running SMB services.

1. A call to get_once() in on_client_data could raise a Timeout exception and bubble all the way up to the dispatcher. This should technically never happen, but gets triggered for zero-byte writes and clients closing their connections. The fix was to handle the exception and lower the timeout. The change was tested with a number of SMB clients to make sure this didn't introduce any regressions.

2. A client could indefinitely keep a connection to the SMB server. The SMB server now disconnects idle clients after 120 seconds of inactivity (configurable).

3. A client could send a large amount of data that was invalid SMB traffic, using up memory as a potential DoS.

Caveats: The idle client sweep occurs every 100 requests or at an interval equal to the idle timeout. A client could fill up the entire connection table on its own, preventing the sweep from occurring by preventing new connections. Fixing this would require a dedicated thread to sweep for idle connections and is a more aggressive attack than this patch is designed to defend against (accidental connection flooding, basically).
2014-09-02 13:29:37 -05:00
jvazquez-r7 559ec4adfe Add module for ZDI-14-299 2014-08-31 01:11:46 -05:00
jvazquez-r7 e1b6ee283f Allow Msf::Payload::JSP to guess system shell path if it isnt provided 2014-08-30 16:27:02 -05:00
Jon Hart 316a952e9c
Make SIP note, service and print output more similar 2014-08-26 17:47:31 -07:00
HD Moore 2d2606aeaf Update sip note format, small tweaks to output, service.info 2014-08-26 16:42:00 -05:00
HD Moore ba1f7c3bf6 Land #3687, reworks the nat-pmp portscanner 2014-08-26 14:34:46 -05:00
HD Moore 4e19d9ade1 Land #3545, fix up sip scanners, msftidy, db services cmd 2014-08-26 14:07:21 -05:00
Jon Hart e75e213b52
Clarify SIP mixin method name, store header values as string, etc 2014-08-26 11:40:49 -07:00
Jon Hart 677d7804ae Fix bad merge 2014-08-26 10:49:54 -07:00
Jon Hart 162508f532 Update NAT-PMP modules to use new/updated mixins 2014-08-26 10:49:53 -07:00
Jon Hart 816404bb88 Move common NAT-PMP functionality into a central place 2014-08-26 10:49:53 -07:00
Jon Hart 337cd02dd7
Change Auxiliary::DRDoS' prove_drdos to prove_amplification 2014-08-26 07:48:44 -07:00
Jon Hart 9749c78632
Add amplification multiplier for vulnerable proofs 2014-08-26 07:36:38 -07:00
Jon Hart a41748e77e Correct SIP header note storage to align with Recog 2014-08-25 13:12:30 -07:00
Jon Hart 6185721a61 Address @hmoore-r7's feedback regarding binary encoding 2014-08-25 13:11:22 -07:00
Jon Hart 9955cb5b27 Enforce proper protocol case where necessary 2014-08-25 13:11:22 -07:00
Jon Hart b760815c86 Also pull the Allow headers (previous behavior) 2014-08-25 13:11:21 -07:00
Jon Hart 637f86f37d Gut SIP UDP stuff, use Msf::Auxiliary::UDPScanner 2014-08-25 13:11:21 -07:00
Jon Hart 50d90defbc Use a correct default Accept header -- responses++ 2014-08-25 13:11:21 -07:00
Jon Hart c2e70446ed Move SIP module stuff to Msf::Exploit::Remote::SIP 2014-08-25 13:11:21 -07:00
Joe Vennix c4a173e943
Remove automatic target, couldn't figure out generic payloads. 2014-08-25 14:14:47 -05:00
William Vu 1ee83ff57e
Land #3696, pile of NTP DRDoS 0days
Dr. DoS in da house?
2014-08-25 11:47:28 -05:00
HD Moore 92ff0974b7 Add YARD option formatting 2014-08-25 01:45:59 -05:00
Joe Vennix 6313b29b7a
Add #arch method to Msf::EncodedPayload.
This allows exploits with few one automatic target to support many
different architectures.
2014-08-24 02:22:15 -05:00
Joe Vennix 1d3531d09d
Put include above constant defs. 2014-08-24 01:17:32 -05:00
Joe Vennix 4e63faea08
Get a shell from a loose gdbserver session. 2014-08-24 01:10:30 -05:00
Brandon Turner 05f0d09828
Merge branch staging/electro-release into master
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master.  Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63 and
82760bf5b3).

We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3).

This merge commit merges the staging/electro-release branch
(62b81d6814) into master
(48f0743d1b).  It ensures that any changes
committed to master since the original squashed merge are retained.

As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
Brandon Turner 19ba7772f3
Revert "Various merge resolutions from master <- staging"
This reverts commit 149c3ecc63.

Conflicts:
	lib/metasploit/framework/command/base.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/require.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/smb/smb_login.rb
	msfconsole
2014-08-22 10:17:44 -05:00
Jon Hart 8fd4ee87ab
Allow singular NTP version and mode 7 implementation testing 2014-08-20 12:21:39 -07:00
OJ e0df664656
Land #3653 : NETAPI x64 fixes 2014-08-19 11:40:43 +10:00
HD Moore 5e123e024d Add 'coding: binary' to all msf/rex library files
This fixes a huge number of hard-to-detect runtime bugs
that occur when a default utf-8 string from one of these
libraries is passed into a method expecting ascii-8bit
2014-08-17 17:31:53 -05:00
HD Moore 6d92d701d7 Merge feature/recog into post-electro master for this PR 2014-08-16 01:19:08 -05:00
Samuel Huckins 149c3ecc63
Various merge resolutions from master <- staging
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
Meatballs 8302e82ca1
Use x64 ptr sizes 2014-08-14 23:32:04 +01:00
Meatballs 256204f2af
Use correct pack/unpack specifier 2014-08-13 11:36:16 +01:00
Meatballs 351b687759
Land #3612, Windows Local Kernel exploits refactor 2014-08-10 22:05:06 +01:00
Meatballs b277f588fb
Use railgun helper functions 2014-08-10 21:52:12 +01:00
Jon Hart d6198c786d
Move rdoc for Msf::Auxiliary::DRDoS 2014-08-08 23:23:48 -07:00
Jon Hart ddcaa11216
Add new mixin for helping to detect DRDoS vulns 2014-08-08 23:15:09 -07:00
Jon Hart ed3ccdc9e0
Initial commit of modules for NTP vulns described in R7-2014-12
Not entirely functional or polished, but mostly working
2014-08-08 21:00:43 -07:00
sinn3r e432f3f442 Support all text-based ctypes 2014-08-07 11:10:32 -05:00
Luke Imhoff 1d430dbb45
Run migrations when connection already established in console
MSP-10955

`Msf::Ui::Console::Driver#initialize` doesn't call
`framework.db.connect` if it can't find the the `database.yml`, but when
using `msfpro`, the connection is already established, so the console
doesn't need to know where the database file is and should just run the
migrations so that `framework.db.migrate` can be set and
`framework.db.active` will return `true`.
2014-08-06 19:55:51 -05:00
Brandon Turner 91bb0b6e10 Metasploit Framework 4.9.3-2014072301
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
 iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
 mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
 6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
 gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
 783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
 /lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
 BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
 zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
 yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
 W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
 aJ0QgKJz8thZgafZc89I
 =e1z9
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
 gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
 qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
 ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
 CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
 olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
 pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
 F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
 tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
 z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
 8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
 AjGcfOzhhcsY+WAQ7OG+
 =Pjob
 -----END PGP SIGNATURE-----

Merge tag '2014072301' into staging/electro-release

Conflicts:
	Gemfile.lock
	modules/post/windows/gather/credentials/gpp.rb

This removes the active flag in the gpp.rb module.  According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
Spencer McIntyre 2ed02c30a8 Use better variable names instad of an array 2014-08-05 21:34:36 -07:00
Spencer McIntyre b602e47454 Implement improvements based on feedback 2014-08-05 21:24:37 -07:00
Samuel Huckins 8fe9ec098e
Date attrs set after creation in report import
MSP-11021

* created_at and updated_at are protected against mass-assignment, so
these need to be set after for reports and report artifacts
2014-08-04 14:02:59 -05:00
Spencer McIntyre 6543b08eb4 Support writing a copy of the original token 2014-08-04 11:49:00 -07:00
Spencer McIntyre 4b73ad6f40 Fix guessing the arch with modules specifying an array 2014-08-04 11:49:00 -07:00
Spencer McIntyre 893b9a6e99 Add an open_device function for wrapping CreateFileA 2014-08-04 11:49:00 -07:00
Spencer McIntyre 43a5120696 Cleanup the WindowsKernel mixin 2014-08-04 11:49:00 -07:00
Spencer McIntyre 49837a3ba6 Create a basic WindowsKernel exploit mixin 2014-08-04 11:49:00 -07:00
b00stfr3ak 88f23832e6 Added Time out
For some reason the handler was closing before the command could
complete.  Added the time out from bypassuac and now both psh and exe
work perfectly.
2014-08-02 14:29:42 -07:00
Tom Sellers 693e744da4 Hide icon flash on taskbar during cmd_psh_payload
When 'cmd_psh_payload' is run via 'cmd_exec' on a windows shell that is running in the context of an interactive user an icon will flash very quickly on the user's task bar.  This can be avoided (verified) by adding the /b switch to the start section of the command launcher text.  I have verified that this switch exists from Windows 2000 through Windows 2012 R2.
2014-08-02 15:52:52 -05:00
Luke Imhoff 6603443df4
Add missing require
MSP-10998
2014-08-01 21:54:41 -05:00
Luke Imhoff 9096a8a1f5
Remove Msf::Framework::VersionAPI
MSP-10998

It's compacting of the version parts into a single float doesn't work
with APIMinor over 10, so replace with Gem::Version, which compares
parts correctly.
2014-08-01 21:43:14 -05:00
Luke Imhoff 22db5aad8a
Remove Msf::Framework::VersionCore
MSP-10998

It can't handle 4.10.0 because it tries to compact the multiple part
version into one float using (1 / 10.0).
2014-08-01 21:31:48 -05:00
b00stfr3ak 5aa347ef65 Changed Method Names
Changed names to look like shell_execute_(option), to make it more
defined on what it does.
2014-08-01 17:10:32 -07:00
b00stfr3ak def652a50e Merge https://github.com/rapid7/metasploit-framework into bypassuac/psh_option 2014-08-01 14:32:55 -07:00
Tod Beardsley c31fc61617
Land #3270, @jlee-r7 deprecation ipv6 payloads
These are not needed, since you can just config the regular handler now
and pick either.

This resolves the conflict (rm'ed the old modules)

Conflicts:
	modules/payloads/stagers/windows/reverse_ipv6_http.rb
	modules/payloads/stagers/windows/reverse_ipv6_https.rb
2014-08-01 16:27:59 -05:00
Meatballs 902cf4bc1e
Fix var name 2014-07-31 23:16:53 +01:00
Meatballs 90c0f587bf
Fix for newer powershell 2014-07-31 23:11:51 +01:00
Meatballs 15c1ab64cd Quick rubocop 2014-07-31 23:11:00 +01:00
Meatballs d336c56b99
Merge remote-tracking branch 'upstream/master' into land_2551 2014-07-31 23:06:37 +01:00
William Vu 0546282441
Land #3590, #3574 reversion 2014-07-31 09:59:04 -05:00
b00stfr3ak 391e2bb99b Fixed some style changes
Removed upload var, it really served no purpose.
2014-07-30 22:42:07 -07:00
Meatballs 53b66f3b4a Land #2075, Powershell Improvements 2014-07-31 00:49:39 +01:00
James Lee 77d99b7374
Land #3586, fix msfconsole when running without db
Conflicts:
	Gemfile.lock
	metasploit-framework.gemspec
2014-07-30 17:24:21 -05:00
Tod Beardsley 3320a1ef77 Revert PR #3574
This reverts commit 96945442ff.

With this PR, the following now appears in framework.log:

````
[07/30/2014 14:01:37] [e(0)] core: Error updating module details for
auxiliary/fuzzers/http/http_form_field: NoMethodError undefined method
`name' for []:Array
````
2014-07-30 14:06:46 -05:00
Trevor Rosen 3e915e5059
Merge branch 'staging/electro-release' into bug/MSP-10715/import-security-issues
Update deps

Conflicts:
	Gemfile
	Gemfile.lock
2014-07-30 12:49:15 -05:00
Luke Imhoff ceb8a0f5c2
Extract option require pattern to helper Module
MSP-10905

`Metasplot::Framework::Require.optionally` can be used to optionally
require a library and then issue a warning if the require fails or run a
block when it succeeds.
2014-07-30 10:07:53 -05:00
Trevor Rosen 8fda4ee239
Fix fd leak and blind IO#gets in pwdump import
MSP-10715
2014-07-29 15:15:47 -05:00
Luke Imhoff f5ff22eba4
msfconsole with bundle install --without db
MSP-10905
2014-07-29 14:46:44 -05:00
Luke Imhoff 8e7dd1b658
Add missing require
MSP-10905
2014-07-29 14:06:27 -05:00
David Maloney 3870b59873
remove rpg_get_auth_info
this is an rpc call that calls a method that
does not even exist...
WAT?!
2014-07-28 15:13:03 -05:00
David Maloney c9d231b48b
remove old rpc methods
added rpc methods to create new creds
removing the old methods for
the obsolete cred models
2014-07-28 14:52:53 -05:00
David Maloney e29b2aed9b
add credential rpc calls 2014-07-28 14:49:35 -05:00
David Maloney 1e32574768
Merge branch 'staging/electro-release' into feature/MSP-9641/cred-rpc-calls 2014-07-28 11:10:59 -05:00
Joshua Smith 96945442ff removes unnec. retruns & uses of 'not' - has_actions.rb 2014-07-27 18:20:12 -05:00
James Lee a0a2fddee8
Land #3562, yardoc cleanup 2014-07-24 17:25:12 -05:00
James Lee eee72a86ba
Fix the case when john cracks only half of LM 2014-07-23 15:25:32 -05:00
Christian Mehlmauer 57839e0f4b
Fix some yardoc issues 2014-07-22 23:26:50 +02:00
David Maloney 1f007bf3c9 start adding new rpc calls
Signed-off-by: David Maloney <DMaloney@rapid7.com>
2014-07-22 15:46:27 -05:00
jvazquez-r7 f546eae464 Modify encoders to allow back compatibility 2014-07-22 13:27:12 -05:00
jvazquez-r7 a642ce5e1c Delete not necessary end keywords 2014-07-22 11:35:04 -05:00
jvazquez-r7 b770745e9d Split generic_sh in echo, perl and ifs encoders 2014-07-22 10:27:45 -05:00
Tod Beardsley a62ee99d1d
Actually require NetAPI 2014-07-21 12:48:34 -05:00
Meatballs 5f0533677e
Cheat/Rubycop all the things 2014-07-20 21:07:59 +01:00
Meatballs 474ee81807
Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-20 21:01:54 +01:00
scriptjunkie 8fe508207c Merge Meatballs' gpp_again pull into new branch 2014-07-19 11:10:14 -05:00
Samuel Huckins ed1ed5d5a4 Merge pull request #117 from rapid7/feature/MSP-9943/db-import-creds
Deprecation warning exorcised, specs passing, export/import accuracy confirmed.

MSP-9943 #land
2014-07-18 11:56:59 -05:00
James Lee 175d857611
Fix empty message and don't lie in yardoc 2014-07-18 11:36:31 -05:00
James Lee 2dab69d67c
Use constant instead of hardcoded filename 2014-07-17 16:04:25 -05:00
James Lee 7d1cd22aca
Quick and dirty import of cred zip 2014-07-17 15:59:16 -05:00
Kyle Gray 08cd2690f9
Merge branch 'bug/MSP-10724/fix-import-failure' into staging/electro-release MSP-10724 #land 2014-07-17 13:37:13 -05:00
Trevor Rosen e789d5350b
No idea why this didn't fail before
MSP-10724
2014-07-17 10:15:22 -05:00
Trevor Rosen bebf11c969
Resolves some Login::Status migration issues
MSP-10730
2014-07-16 21:52:08 -05:00
William Vu 25f74b79b8
Land #3484, bad pack/unpack specifier fix 2014-07-16 14:52:23 -05:00
Meatballs 7583ed4950
Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-16 20:34:34 +01:00
David Maloney 52a29856b3
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-16 09:38:44 -05:00
Trevor Rosen 6a1149c1ed
Add missing origin
MSP-9948
2014-07-15 13:27:08 -05:00
Trevor Rosen 0966949203
Merge branch 'staging/electro-release' into feature/MSP-9948/update-db-import
Upstream merge

Conflicts:
	Gemfile
	Gemfile.lock
2014-07-14 17:59:54 -05:00
Trevor Rosen aca627489e
Pass workspace down in import of creds dump
MSP-9948
2014-07-14 16:40:41 -05:00
Trevor Rosen b05b2657bc
Now importing creds dumps inside msf zips
MSP-9948
2014-07-13 11:07:01 -05:00
William Vu 79603c9a73
Land #3505, a bunch o' Linux post module fixes 2014-07-11 12:39:31 -05:00
Joshua Smith dbe9b47937
lands 3469, fixes handler deadlock in corner cases
May affect the following RM issues which need to be retested:
  https://dev.metasploit.com/redmine/issues/8407
  https://dev.metasploit.com/redmine/issues/4314
  https://dev.metasploit.com/redmine/issues/6829
2014-07-10 16:20:33 -05:00
Tod Beardsley 688c31cc44
Switch to a space. It gets eaten anyway. 2014-07-10 13:59:30 -05:00
Tod Beardsley 5bb3c8a581
Make merged module descriptions more grammar. 2014-07-10 13:31:57 -05:00
Samuel Huckins 5b1dc39caf
Filler task dropped, login results in task assoc
MSP-10683

* Task constraint now optional, so no need for filler
* Task ID now in service_data so it's passed to the core and the login
creation methods
2014-07-10 12:32:40 -05:00
Trevor Rosen a27c1d7dcc
Importing old export, making new models
MSP-9948
2014-07-08 19:14:26 -05:00
jvazquez-r7 c19deddfb1 Delete debug messages 2014-07-08 16:24:45 -05:00
jvazquez-r7 c25c5f6806 Make linux gather post modules compatible with meterpreter 2014-07-08 16:23:57 -05:00
Trevor Rosen 79054fae20
Remove credentials exportation from XML
MSP-9948
2014-07-08 12:03:32 -05:00
Trevor Rosen 8436adb5f8
Make XML export work with new backend
MSP-9948

* XML data looks ok in spot check
2014-07-08 09:40:15 -05:00
David Maloney aeda74f394
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-07 16:41:23 -05:00
Trevor Rosen 1d7de8fef9
Mid-work commit
MSP-9848
2014-07-07 15:44:29 -05:00
HD Moore ab7848a895
Merge master for testing of #2809 2014-07-06 22:27:58 -05:00
HD Moore 43d65cc93a Merge branch 'master' into feature/recog
Resolves conflicts:
	Gemfile
	data/js/detect/os.js
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
Trevor Rosen c1fc68e1b1
Replace to_pwdump internals
MSP-9948
2014-07-03 15:41:26 -05:00
jvazquez-r7 405de05e4b Add specs for module_flavors 2014-07-03 10:31:39 -05:00
Spencer McIntyre d93bf55435 Add a module_flavors method for all available flavors 2014-07-03 11:01:21 -04:00
Trevor Rosen 2da890810a
Make db_import use Metasploit Credential
MSP-9948

* Special-case the pwdump file to be IO
* Had to use lotsa shims
2014-06-30 13:32:59 -05:00
Trevor Rosen cf9c3caea3 Get the latest
Merge branch 'staging/electro-release' into feature/MSP-9848/db-export-refactor
2014-06-30 11:14:11 -05:00
HD Moore c9b6c05eab Fix improper use of host-endian or signed pack/unpack
Note that there are some cases of host-endian left, these
are intentional because they operate on host-local memory
or services.

When in doubt, please use:

```
ri pack
```
2014-06-30 02:50:10 -05:00
Spencer McIntyre ea077b2f12 Improve the guess_flavor logic to pull from module info 2014-06-27 08:34:57 -04:00
Spencer McIntyre 952c935730 Use a semi-intelligent OptEnum for CMDSTAGER::FLAVOR 2014-06-27 08:34:57 -04:00
Spencer McIntyre 219153c887 Raise NotImplementedError and let :flavor be guessed 2014-06-27 08:34:56 -04:00
jvazquez-r7 dcd0e77f9e Change #compatible? method name because it's used by Module 2014-06-27 08:34:56 -04:00
jvazquez-r7 31acc4a528 Fix #compatible? method 2014-06-27 08:34:56 -04:00
jvazquez-r7 ddd1dd5155 The check for required decoder hasn't a lot of sense 2014-06-27 08:34:56 -04:00
jvazquez-r7 9c6a521b94 Fix select_decoder 2014-06-27 08:34:56 -04:00
jvazquez-r7 dad2c75592 Initialize opts arguments 2014-06-27 08:34:56 -04:00
jvazquez-r7 381dea94d0 Fix typo 2014-06-27 08:34:56 -04:00
jvazquez-r7 cbc1bd9966 Redesign constants 2014-06-27 08:34:56 -04:00
jvazquez-r7 160147b370 Make some methods not dependant of the instance flavor 2014-06-27 08:34:56 -04:00
jvazquez-r7 45248dcdec Add YARD documentation for methods 2014-06-27 08:34:56 -04:00
jvazquez-r7 68938e3d7a Add select_cmdstager 2014-06-27 08:34:56 -04:00
jvazquez-r7 35d035fa4e Add YARD docu for execute_cmdstager 2014-06-27 08:34:56 -04:00
jvazquez-r7 e8f9dde50f Allow datastore options and opts to use strings instead of sym 2014-06-27 08:34:56 -04:00
jvazquez-r7 870fa96bd4 Allow quotes in CmdStagerFlavor metadata 2014-06-27 08:34:56 -04:00
jvazquez-r7 37d0dd59e8 Clean up a little CMDStager methods 2014-06-27 08:34:56 -04:00
jvazquez-r7 8db7ec683f Fix setup and teardown stager methods 2014-06-27 08:34:55 -04:00
jvazquez-r7 dd7b2fc541 Use constants 2014-06-27 08:34:55 -04:00
jvazquez-r7 778f34bab6 Allow targets and modules to define compatible stagers 2014-06-27 08:34:55 -04:00
jvazquez-r7 74a6de828a Cannot delete @cmd_list, is used at least by one module 2014-06-27 08:34:55 -04:00
jvazquez-r7 7ced5927d8 Use One CMDStagermixin 2014-06-27 08:34:55 -04:00
jvazquez-r7 0a99b549d6 Change filenames 2014-06-27 08:34:55 -04:00
jvazquez-r7 cff580162b Move stagers 2014-06-27 08:34:55 -04:00
Spencer McIntyre 9991316ae6 Minor code cleanup and honor the datastore decoder. 2014-06-27 08:34:55 -04:00
Spencer McIntyre 80bdf750e9 Multi-fy the new printf stager and add to sshexec. 2014-06-27 08:34:55 -04:00
Spencer McIntyre ae25c300e5 Initial attempt to unify the command stagers. 2014-06-27 08:34:55 -04:00
Trevor Rosen a86610dad5
Gut and delegate import_msf_pwdump
MSP-9848
2014-06-26 16:47:42 -05:00
David Maloney 56b94fea4f
pcap import now creates creds
refactored cred creation to use Metasploit::Credential
for captured HTTP basic auth credentials gatehered on the wire
2014-06-26 15:34:40 -05:00
HD Moore d6a263d538 Identify the hung host in the thread info 2014-06-22 16:01:03 -05:00
HD Moore 538a520445 Remove redundant option (threads are always used in reverse_tcp_double) 2014-06-22 16:00:44 -05:00
HD Moore b3d83720ca Add ReverseListenerThreaded option to prevent deadlocks
JodaZ reported that the handle_connection() sock.put call can
result in the entire reverse_tcp stager hanging if the client
stops receiving or is on a very slow link. The solution emulates
what ReverseTcpDouble already does, which is stage each connection
in a new thread. However, given that a high number of threads
can be a problem on some operating systems (*ahem* win32) this
option is not enabled by default.

We should look into thread pooling and handle_connection() timeouts
as well as event-based polling of multiple clients as alternatives,
but this option will improve the situation for our existing users.
2014-06-22 15:55:20 -05:00
HD Moore 6e5f528332 Prevent stager deadlock if inp/out detection hangs for some reason
Even though there are calls to has_read_data(), it doesn't prevent
the put() call from blocking in a dead client or slowaris-like
situation. By moving the inp/out detection into the thread, we
allow the main handler to keep processing connections even if
a single connection hangs.
2014-06-22 15:25:19 -05:00
David Maloney 53352924d2
Merge branch 'staging/electro-release' into feature/MSP-9716/mssql_crack
Conflicts:
	Gemfile
2014-06-19 12:45:53 -05:00
navs 28872c7ea2 added suport to generate_payload_dll for x64 arch, linux platform 2014-06-19 11:46:05 -05:00
James Lee b606448976
Merge branch 'feature/MSP-9689/jtr_cracker' into staging/electro-release 2014-06-19 10:14:57 -05:00
David Maloney 62f4054858
startring refactor on jtr_mssql
started work on the mssql hash cracker
fixed some minor bugs with the underlying mixin
crackers now runs. still have to have the cred objects created
2014-06-18 14:50:08 -05:00
David Maloney 2b0bb608b1
Merge branch 'master' into staging/electro-release 2014-06-18 10:49:58 -05:00
OJ 5879ca3340
Merge branch 'upstream/master' into meatballs x64_injection 2014-06-18 10:24:33 +10:00
David Maloney 34c0b00816
don't autload this mixin
causes laod order problems when we try to
autoload this mixin. We will just explicitly require
2014-06-17 16:10:09 -05:00
David Maloney 763f6f8d80
finish cleaning up jtr mixin
finish cleaning up the module mixin for jtr
2014-06-17 15:16:32 -05:00
David Maloney 432b88680b
start fixing jtr module mixin 2014-06-17 13:27:11 -05:00
scriptjunkie d38a95a352 Merge branch 'bugfixes/post-module-execution-causing-duplicate-search-results' of github.com:nstarke/metasploit-framework into nstarke-bugfixes/post-module-execution-causing-duplicate-search-results 2014-06-15 13:15:57 -05:00
Tim Wright 9b43749916
Land #3418 - android adobe reader addjisf pdf exploit
Merge branch 'landing-3418' into upstream-master
2014-06-14 11:25:29 +01:00
David Maloney 96e492f572
Merge branch 'master' into staging/electro-release 2014-06-12 14:02:27 -05:00
joev 289bae88de
Remove lie in comment. 2014-06-12 10:02:29 -05:00
sinn3r 2a7227f443
Land #3427 - Adds webcam module for firefox privileged sessions on OSX 2014-06-11 22:27:25 -05:00
Samuel Huckins 1903542683
Merge branch 'staging/electro-release' into bug/MSP-10004/rubyzip
Conflicts:
	Gemfile
	Gemfile.lock
2014-06-11 13:42:26 -05:00
David Maloney 9593422f9c
Merge branch 'master' into staging/electro-release 2014-06-11 10:23:56 -05:00
Tod Beardsley 4b8961a464
Land #3428, deprecation warns for payloads 2014-06-11 09:57:07 -05:00
Tod Beardsley b379dc014a
Avoid double-printing with setup and init_ui 2014-06-10 13:57:25 -05:00
Luke Imhoff 4d923a4809
Update to Rubyzip 1.X API
MSP-10004

`require 'zip'` instead of `'zip/zip'` and rename all classes to remove
redundant Zip prefix inside the Zip namespace.
2014-06-10 13:41:42 -05:00
jvennix-r7 92414d3688 Merge pull request #53 from rapid7/bug/MSP-9994/framework-db-driver
Set `framework.db.driver` when connection already established.
2014-06-10 10:49:00 -05:00
Luke Imhoff 2cbbaad6b4
Set drivers and driver when connection already established
MSP-9994

3 database commands in msfconsole check for framework.db.driver to be
set, so driver must be set when the connection is already established by
the Rails initialization.
2014-06-09 14:26:59 -05:00
Luke Imhoff 1ee35ec68a
Handle unconnected config in connection_established?
MSP-9994

Rescue `ActiveRecord::ConnectionNotEstablished` in
`Msf::DBManager#connection_established?` in addition to
`PG::ConnectionBad` to handle when the connection has been removed.
2014-06-09 14:26:45 -05:00
David Maloney 482aa2ea08
Merge branch 'master' into staging/electro-release 2014-06-09 10:27:22 -05:00
Meatballs bf1a665259
Land #2657, Dynamic generation of windows service executable functions
Allows a user to specify non service executables as EXE::Template as
long as the file has enough size to store the payload.
2014-06-07 13:28:20 +01:00
Meatballs 897ad6f963
Some service yarddoc 2014-06-07 13:27:32 +01:00
Meatballs 5218ca4d89
Give warning on module load 2014-06-06 23:04:40 +01:00
joev d990fb4999
Remove a number of stray edits and bs. 2014-06-06 16:24:45 -05:00
joev 4a9f50bb60 Clean up some dead code. 2014-06-06 16:20:40 -05:00
joev 7c762ad42c Fix some minor bugs in webrtc stuff, inline API code. 2014-06-06 16:18:39 -05:00
Brandon Turner bacf82acb1
Merge branch 'release' into 'master' 2014-06-06 09:59:00 -05:00
Brandon Turner 21be4f21a6
Bump version to 4.9.3 2014-06-06 09:52:01 -05:00
Luke Imhoff f2a56c041b
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
MSP-9653

Conflicts:
	Gemfile
	Gemfile.lock
2014-06-05 16:22:02 -05:00
David Maloney 28bf29980e
Merge branch 'master' into staging/electro-release 2014-06-04 10:21:08 -05:00
joev cf6b181959 Revert change to trailer(). Kill dead method.
* I verified that changes to PDF mixin do not affect any older modules that
generate PDF. I did this by (on each branch) running  in irb, then
running the module and diffing the pdf's generated by each branch. There were
no changes.
2014-06-02 22:26:14 -05:00
joev 9f5dfab9ea Add better interface for specifying custom #eol. 2014-06-02 22:26:11 -05:00
joev 09e965d54e Remove extraneous method from pdf.rb 2014-06-02 22:26:03 -05:00
joev feca6c4700 Add exploit for ajsif vuln in Adobe Reader.
* This refactors the logic of webview_addjavascriptinterface into a mixin (android.rb).
* Additionally, some behavior in pdf.rb had to be modified (in backwards-compatible ways).

Conflicts:
	lib/msf/core/exploit/mixins.rb
2014-06-02 22:25:55 -05:00
Tod Beardsley d0d389598a
Land #3086, Android Java Meterpreter updates
w00t.
2014-06-02 17:28:38 -05:00
Luke Imhoff 9e78509aac
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
MSP-9653

Conflicts:
	Gemfile
	Gemfile.lock
2014-06-02 13:40:11 -05:00
Luke Imhoff 3ebe7dfbc8
Gem version
MSP-9653

Move version information to standard location for gems.
2014-06-02 12:54:46 -05:00
Luke Imhoff 21fad7163d
Msf::DBManager#connection_established?
MSP-9653

Calling `ActiveRecord::Base.establish_connection`, followed by
`ActiveRecord::Base.connected?` returns false unless some other code
requires a connection to be checked out first.  The correct way to check
if the spec passed to `ActiveRecord::Base.establish_connection` is to
checkout a connection and then ask if it is active.
`Msf::DBManager#connection_established?` does the checkout, active check
and checkin, and should be used in place of
`ActiveRecord::Base.connected?` and
`ActiveRecord::Base.connection_pool.connected?`.
`Msf::DBManager#active` should still be used as it also checks for
adapter/driver usability and that migrations have run.
2014-06-02 12:49:09 -05:00
David Maloney 34004908bb
Merge branch 'master' into staging/electro-release
Conflicts:
	.ruby-version
2014-06-02 11:10:33 -05:00
William Vu bba741897e
Land #3413, improved FileDropper cleanup message 2014-06-02 11:05:48 -05:00
Christian Mehlmauer 428df19739
Changed message 2014-06-02 17:28:09 +02:00
Meatballs f0e9a9010e
Return nil if fail 2014-06-01 11:55:40 +01:00
Meatballs a4ecd8e02d
Should return the thread object 2014-06-01 11:49:56 +01:00
Meatballs 58ee2ccd6e
Land #3390, Fix have_powershell 2014-06-01 10:43:35 +01:00
Christian Mehlmauer 03b4a29662
Clarify filedropper error message 2014-05-31 22:17:32 +02:00
Trevor Rosen dee4acdb2a Merge pull request #27 from rapid7/feature/MSP-9725/windows_hashdump
Windows Hashdump post module refactor

MSP-9725 #land
2014-05-30 14:04:31 -05:00
Trevor Rosen 8bcd763039 Merge pull request #26 from rapid7/feature/MSP-9685/telnet_login_scanner
Feature/msp 9685/telnet login scanner

MSP-9685 #land
2014-05-30 13:40:18 -05:00
David Maloney 782c8bd172
Merge branch 'staging/electro-release' into feature/MSP-9725/windows_hashdump 2014-05-30 13:28:35 -05:00
David Maloney ba525c7b78
use metasploit-credential creation methods 2014-05-30 13:07:11 -05:00
David Maloney 98a23881ee
remove cred creation methods
removed cred creation methods from framework
and include them from the metasploit-credential gem instead
2014-05-30 11:28:53 -05:00
David Maloney e3c4745879
Windows Hashdump post module refactor
refactor the Hashdump post module for window
to use the new cred creation methods.
Also some extra methods to do db safe checks
for record ids that we need
2014-05-29 13:20:32 -05:00
David Maloney eb04a3774a
fixes for telnet wierdness
had to work around the way the old
Auxiliary::Login mixin worked. Scanner
now works properly
2014-05-29 10:43:00 -05:00
Tom Sellers aa85cb8195 Update powershell.rb 2014-05-29 05:46:32 -05:00
HD Moore c7366b4361 Fix a small typo in the regex 2014-05-28 14:40:09 -05:00
HD Moore 583dab62b2 Introduce and use OS matching constants 2014-05-28 14:35:22 -05:00
Luke Imhoff 0e60f08e51
Don't re-establish connection
MSP-9653

If ActiveRecord::Base is already connected, then don't attempt to create
the database (as it involves establishing a new connection) or
establishing a new connection after the creation.  Still run the
migrations as the normal Rails::Application.initialize! will result in
ActiveRecord::Base.connected? being true even if migrations are missing.
2014-05-28 14:34:36 -05:00
David Maloney ca4c942ceb Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation 2014-05-28 09:40:44 -05:00
David Maloney 967b0d49b1
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-05-28 09:39:56 -05:00
David Maloney deabd1c3b0
tidy the YARD
some more cleanup, in the YARD
docs this time.
2014-05-28 09:30:45 -05:00
Tom Sellers ae1b7e564b Update powershell.rb 2014-05-27 05:18:00 -05:00
Tom Sellers 42a17cc085 Update powershell.rb
To be clear, the shell that was tested with was 'windows/shell_reverse_tcp' delivered via 'exploit/windows/smb/psexec'

Additional changes required to fix regex to support the multiline output.  Also, InstanceId uses a lower case 'D' on the platforms I tested - PowerShell 2.0 on Windows 2003, Windows 7, Windows 2008 R2 as well as PowerShell 4.0 on Windows 2012 R2.

This method doesn't appear to be used anywhere in the Metasploit codebase currently.
2014-05-25 08:59:42 -05:00
Tom Sellers 76b9273f10 Improve reliability of have_powershell
I have a case where on a Windows 2008 R2 host with PowerShell 2.0 the 'have_powershell' method times out.  When I interactively run the command I find that the output stops after the PowerShell command and the token from 'cmd_exec' is NOT displayed.  When I hit return the shell then processes the '&echo <randomstring>' and generates the token that 'cmd_exec' was looking for.  I tried various versions of the PowerShell command string such as 'Get-Host;Exit(0)', '$PSVErsionTable.PSVersion', and '-Command Get-Host' but was unable to change the behavior.  I found that adding 'echo. | ' simulated pressing enter and did not disrupt the results on this host or on another host where the 'have_powershell' method functioned as expected.

There may be a better solution, but this was the only one that I could find.
2014-05-25 08:07:38 -05:00
David Maloney 32b88c2db6
final fixes to login creation 2014-05-23 10:58:21 -05:00
joev ae3c334232 Getting closer. Still something f'd with local answerer.html. 2014-05-22 17:14:35 -05:00
David Maloney ac9af000af
full cred creation rotuine done
creating Logins as a seperate method, both
methods are done and fully documented.
2014-05-22 13:53:26 -05:00
sinn3r 1dbe972377 Fix URIPATH / for BrowserExploitServer
[SeeRM #8804] Fix URIPATH / for BrowserExploitServer
2014-05-22 12:18:49 -05:00