Leon Jacobs
c58e9acadd
Fix variable typos in rfrecv related methods.
2017-03-22 15:44:22 +02:00
darkbushido
60bc279eb3
removing extra whitespace
2017-03-21 10:40:59 -05:00
darkbushido
1221a20d0d
reversing the logic to check for .blank?
2017-03-21 10:35:19 -05:00
darkbushido
7ff7c707c9
setting host_name to address if host_name is blank.
2017-03-21 10:26:57 -05:00
Pearce Barry
f397624a69
Land #7935 , HWBridge RF transceiver extension
2017-03-21 06:12:32 -05:00
Brent Cook
aa5e9cd702
Land #8058 , Allow the http_payload stager to sleep before retry
2017-03-21 00:07:10 -05:00
Pearce Barry
c4279a837a
Minor formatting/spelling/verbiage changes.
2017-03-20 17:37:12 -05:00
Craig Smith
2fde287424
Initial patch for rftransceiver (RfCat / YardstickOne)
2017-03-20 17:36:16 -05:00
Pearce Barry
2acd941b16
Merge branch 'master' into dtc_fix
2017-03-20 14:10:01 -05:00
Pearce Barry
06ebb22a8f
Land #8065 , Zigbee Hardware Bridge Extension
2017-03-20 10:44:15 -05:00
alpiste
f715fee10c
The option StagerRetryWait will be used by default with the value of 5 seconds
2017-03-17 20:28:14 -03:00
Brent Cook
ad2222152c
Merge remote-tracking branch 'upstream/master' into land-8056-outlook
2017-03-17 17:30:08 -05:00
Brent Cook
e1f33f1616
Merge remote-tracking branch 'upstream/master' into land-8038-
2017-03-16 22:03:48 -05:00
Pearce Barry
095a110e65
Code and doc tweaks (minor).
...
Only one behavior change in the scan loop of zstumbler.rb to, when doing a scan across all the channels, keep it from retrying channel 11 again one last time just before it exits.
2017-03-16 21:43:36 -05:00
William Vu
bad1fc9948
Land #8041 , loopback warning for LHOST
2017-03-16 13:30:12 -05:00
William Vu
af3cd18c9f
Fix #8041 so it works
2017-03-16 13:27:47 -05:00
bwatters-r7
ab75794cd4
Land #8071 , Add API to send an MMS message to mobile devices
2017-03-16 11:57:34 -05:00
Spencer McIntyre
03698ec214
Fix how the psh mixing issues meterpreter commands
2017-03-16 08:45:10 -04:00
Brent Cook
8995629037
Land #7061 , allow chaining the service stub with other encoders
2017-03-15 13:56:09 -05:00
wchen-r7
18cdb2f82f
Add a -l option to the load command to list plugins
...
This allows the load command in msfconsole to list all the
available plugins in Framework.
2017-03-14 14:15:52 -05:00
wchen-r7
bb4d6e17c8
Resolve #8026 , Add a plugin to notify new sessions via SMS
...
This plugin will notify you of a new session via SMS.
It also changes the SMS text format to MIME.
Resolve #8026
2017-03-13 16:13:59 -05:00
Noah Berman
ad929b6427
indentation fix part 2
2017-03-09 15:44:09 -07:00
Noah Berman
ef6831437a
indentation fix for clarity
2017-03-09 14:55:20 -07:00
Noah Berman
ccf345f696
move method to module level
2017-03-09 14:32:51 -07:00
William Vu
febe9625dd
Add rcheck/recheck to aux modules and exploits
2017-03-09 15:30:34 -06:00
Noah Berman
10018e2a32
spacing fix in reverse.rb
2017-03-09 12:48:36 -07:00
Noah Berman
40204703f0
remove unnecessary newline
2017-03-09 12:26:11 -07:00
Noah Berman
e7b47865be
ruby formatting fix
2017-03-09 12:23:02 -07:00
Noah Berman
274089a7f1
cleanup for lhost loopback warn
2017-03-09 11:33:27 -07:00
Noah Berman
7806173764
Merge branch 'master' of github.com:rapid7/metasploit-framework into lhost-setting-warning
2017-03-09 11:11:23 -07:00
Noah Berman
2f55b5e00e
reconfigure lhost warn for loopback address
2017-03-09 11:10:27 -07:00
William Vu
1a96fb03ae
Allow start_service to specify a resource
...
This overrides URIPATH and random_uri if opts['Path'] is specified.
2017-03-09 02:33:02 -06:00
William Vu
1a0b342e68
Add srvport to HttpServer
...
This allows URIPORT to override SRVPORT.
2017-03-09 02:24:22 -06:00
wchen-r7
ed22902fd4
Support the subject field
2017-03-08 11:40:08 -06:00
Craig Smith
f60dae0917
Lots of syntax fixups from rubocop
2017-03-08 09:21:33 -08:00
h00die
95683715e0
land #8069 , a warning when setting rhost in rhosts modules
2017-03-07 18:42:38 -05:00
wchen-r7
dc13b84189
Bring mms branch up to date w/ master
2017-03-07 16:13:39 -06:00
Jin Qian
7e19486a97
Merge branch 'wchen-r7-sms' into upstream-master
...
Merged #8047
2017-03-07 15:56:00 -06:00
Brendan Coles
1aec2203e5
Warn when setting RHOST option for module which expects RHOSTS
2017-03-07 21:02:30 +00:00
wchen-r7
fae05f2e98
And API to send an MMS message to mobile devices
...
This API allows you to send a malicious attachment to mobile
devices.
2017-03-07 12:34:45 -06:00
=
27c2795632
Issue #7188 resolved along with checking for all loopback addresses.
2017-03-08 00:02:50 +05:30
Craig Smith
4e9b8946d8
Fixed some small msftidy issues
2017-03-06 22:47:37 -08:00
Craig Smith
97ad8be7ff
Added some Zigbee Documentation
2017-03-06 22:42:15 -08:00
Craig Smith
60cd04bc7b
Added module for zstumbler
2017-03-06 16:10:14 -08:00
alpiste
09442f226a
Functionality was added to allow the payload to wait before trying to reconnect.
...
Also the code was modified to allow the payload to infinite retry if 0 is set.
2017-03-04 18:12:09 -03:00
wchen-r7
6ad8afb8b3
Add API to send a text message (SMS) to mobile devices
2017-03-02 16:47:55 -06:00
Noah Berman
23474dfc70
change print_error to print_warning
2017-03-02 09:46:03 -07:00
William Vu
79c01a9577
Fix ancient copypasta of Aux to Post
...
Specifically a crash in the run command's help.
2017-03-02 01:24:27 -06:00
Noah Berman
f91328b122
modify warning wording
2017-03-01 15:00:15 -07:00
Noah Berman
d9f5b75dc5
warn when lhost set to 127.0.0.1
2017-03-01 14:53:49 -07:00
Tim
601131f236
hook Application class if found
2017-03-01 19:22:42 +08:00
Tim
ee8b70e0df
fix permission shuffling
2017-03-01 14:38:47 +08:00
Tim
063d999a64
randomize the payload, service and broadcast receiver names
2017-03-01 14:20:31 +08:00
Tim
b273517f9a
always set first byte to 1 on stageless configs
2017-03-01 12:46:00 +08:00
Tim
c8816cacb0
Remove stageless classname from staged payloads, fixes #8034
2017-03-01 12:27:12 +08:00
Brent Cook
31568320f9
Merge branch 'upstream-master' into land-8021-
2017-02-28 03:02:03 -06:00
Brent Cook
bbf271f6b0
Land #7981 , allow handler launched by the handler command to persist
...
Merge remote-tracking branch 'upstream/pr/7981' into upstream-master
2017-02-28 02:38:42 -06:00
Craig Smith
dcb42a3e69
Initial zigbee support using killerbee. Core session setup portion
2017-02-27 17:29:54 -08:00
Spencer McIntyre
3b2e5e0785
Add a new core_native_arch method for meterpreter
2017-02-26 14:22:24 -05:00
wchen-r7
f27ef55391
Land #7992 , Improve Signature Evasions for browser exploits
2017-02-23 16:32:49 -06:00
Jeff Tang
e3f613ecc6
Bypass: Metasploit OS detection
...
SEP is triggering on HTTP POSTs which start with `os_name`
2017-02-23 15:42:04 -05:00
Jeff Tang
84ab3c66cc
Use obfuscated JS in BES
2017-02-22 12:47:36 -05:00
Rich Whitcroft
f08478e02f
fix handler persistence
2017-02-20 13:51:07 -05:00
dmohanty-r7
c4f1e0db1f
Land #7913 , Fix Console Route Print with ipv4 and ipv6
2017-02-17 17:42:57 -06:00
Brent Cook
0e3eba18b3
simplify guard logic
2017-02-17 16:00:15 -06:00
Brent Cook
f4befda59b
inherit the options from the default target so we can autocomplete before the rhost resolution occurs
2017-02-17 15:50:45 -06:00
Brent Cook
da82f0891e
Land #7860 , Add OverrideScheme option to reverse_http/s handler
2017-02-17 11:12:49 -06:00
Craig Smith
1214ef5b79
Replaced tabs with spaces and removed trailing spaces at EOL
2017-02-15 16:46:11 -08:00
Craig Smith
8f1856c5d1
Fixed a bug with DTC decoding.
...
DTC Codes now print the English error messages next to their code with getvinfo
Frozen DTCs can also be fetched via get_frozen_dtcs()
2017-02-15 16:26:23 -08:00
wchen-r7
f600fa1caa
Be aware of logout
2017-02-14 17:03:57 -06:00
wchen-r7
81abbfba46
Resolve #7959 , Automatically login to RPC service after expiration
...
When the RPC client token expires, it will automatically login
again, and renew the token during the next RPC request.
Resolves #7959
2017-02-14 16:41:08 -06:00
Brent Cook
c1d08b9574
rename udp_sock to udp_socket to avoid mixin collisions
2017-02-12 22:31:56 -06:00
wchen-r7
4b5bc84f5c
Land #7918 , Fix report_vuln for aux/scanner checks
2017-02-09 12:18:33 -06:00
Tim
095831e029
fix silly typo
2017-02-08 23:41:15 +08:00
William Vu
b06895b604
Hide RPORT more intelligently
2017-02-08 09:40:42 -06:00
Tim
870621d169
Add OverrideScheme option, fixes #7841
2017-02-08 23:30:29 +08:00
William Vu
31f93de150
Update HttpClient and WordPress mixins
2017-02-06 04:40:26 -06:00
William Vu
ba80e1d9e5
Fix report_vuln for aux/scanner checks
...
Msf::Auxiliary::Scanner#setup sets it to nil in instance.check_simple.
2017-02-06 01:20:18 -06:00
Josh Hale
02afc3af96
Add lines for no IPv4/IPv6 routes
2017-02-05 17:38:30 -06:00
Pearce Barry
cab19dc63c
Land #7904 , Fix a bug where PHP tags were in the wrong place
2017-02-05 11:43:24 -06:00
Josh Hale
79b92ccdc7
Fix for Route Print IPv6 Error
2017-02-04 16:21:55 -06:00
Brent Cook
64e475a4ee
Land #7892 , Enhance the creds command to allow creating logins
2017-02-03 11:53:46 -06:00
James Lee
3c7f78167a
Push up the preamble and modernize style
2017-02-02 17:57:03 -06:00
James Lee
c9560b5aa8
Add error_reporting to preamble
2017-02-02 17:48:28 -06:00
Pearce Barry
23c2787d57
Land #7795 , Hardware Bridge API.
...
Initial bridge API that supports the HW rest protocol.
2017-02-02 08:47:59 -06:00
Pearce Barry
16de745437
Minor code cleanups/corrections.
2017-02-01 16:12:45 -06:00
OJ
72c641fcab
Land #7889 - use a better check for whether rhosts exists
2017-01-31 07:49:14 +10:00
darkbushido
e5d8a64770
adding the ability to create logins
2017-01-30 10:43:27 -06:00
Brent Cook
76529278b8
make sure we can actually invoke auto targeting before adding it
2017-01-30 05:24:57 -06:00
Brent Cook
7d32166c70
use a better check for whether rhosts exists
2017-01-29 19:18:23 -06:00
OJ
d8511d1ad5
Add exception when SESSION doesn't exist
2017-01-30 10:26:23 +10:00
William Vu
b44e7ff733
Fix argument passing for deprecated scripts
...
This allows the scripts to continue working while warning the user.
See also: c59b5eaa2f
.
2017-01-29 14:14:55 -06:00
darkbushido
39d702ebd9
changing the syntax to work with ruby 2.1
...
Fixes #7881
2017-01-27 11:20:26 -06:00
William Vu
c59b5eaa2f
Fix #7823 , legacy_script_to_post_module fixes
2017-01-26 16:26:00 -06:00
Craig Smith
87701ff758
Added more error handling to bail out more gracefully when things go wrong. Could
...
be more common with bluetooth connections.
2017-01-25 18:23:57 -08:00
Craig Smith
2ff4e6f57e
Fixed defaults for elm327 realy.
...
Array2Hex in the automotive extension how supports passing an array or integers or string hexes
Added some extra error handling for UDS calls to non-supported pids
2017-01-25 11:30:29 -08:00
Pearce Barry
9b16cdf602
Land #7845 , Fix Msf::Exploit::EXE shellcode/template mismatch
2017-01-22 16:09:41 -06:00
Brent Cook
414977125f
Merge remote-tracking branch 'upstream/master' into land-7847-
2017-01-22 14:11:40 -06:00
Brent Cook
ac2ceca5e3
Land #7804 , Switch the creds command to use named options
2017-01-22 10:49:19 -06:00
Brent Cook
6a2d036ea8
depend on regular rb-readline, bugs fixed upstream
2017-01-22 10:20:05 -06:00
Brent Cook
99047fa8a1
be stricter in what we accept for payload uri
...
datastore needs to contain something to produce a valid URI
2017-01-22 10:20:04 -06:00
Brent Cook
836da6177f
Cipher::Cipher is deprecated
2017-01-22 10:20:03 -06:00
Brent Cook
f69b4a330e
handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations
2017-01-22 10:20:03 -06:00
William Vu
a7fac41172
Make shell_command_token time out again
2017-01-20 23:09:22 -06:00
William Vu
84513fd83c
Add exception for HttpClient
...
Since it uses Rex::Proto::Http, which then uses Rex::Socket::Tcp.
2017-01-20 20:00:27 -06:00
William Vu
89b2f087fc
Add TCP/UDP hint to RPORT
...
Caveat: works with mixins only (tenuously).
2017-01-20 19:50:40 -06:00
Tim
64e7f13067
improve error detection
2017-01-19 16:40:35 +07:00
Tim
c1e30b632b
fix #7725 , inject into the Activity constructor
2017-01-19 16:24:26 +07:00
Tim
f8f764aefc
fix #7617 , invalid register when hooking smali code
2017-01-19 14:52:30 +07:00
William Vu
d8da7c6d43
Fix Msf::Exploit::EXE shellcode/template mismatch
...
Initialize EXE options unless code is supplied with platform/arch.
2017-01-19 00:07:35 -06:00
Brent Cook
b94eefe724
Land #7771 , Add history deduplication
2017-01-18 21:06:42 -06:00
William Vu
ef487f6be5
Remove history clearing
2017-01-18 14:55:12 -06:00
David Maloney
d564f5d60a
don't add auto targets to things without rhost
...
Things like browser exploits don't have remote host options
which is what auto targeting relies on, so it does not make sense
to include the auto-targeting in these exploits
7837
2017-01-17 11:40:07 -06:00
William Vu
77c78fa5f4
Move Rex::Text::Table workspace output to -v
2017-01-15 23:15:14 -06:00
William Vu
38382bb61a
Convert workspace command to Rex::Text::Table
...
Still can't get over how it's called "loots." :D
2017-01-15 03:26:35 -06:00
William Vu
b86c1f0465
Land #7823 , legacy_script_to_post_module check
2017-01-13 17:37:41 -06:00
James Lee
3c0ce8eafb
Fix some rubocop complaints
2017-01-13 17:24:23 -06:00
William Vu
0800a4f816
Update RPC functionality
2017-01-12 19:35:42 -06:00
William Vu
601a88dad7
Update cmd_unload in CommandDispatcher
2017-01-12 19:29:28 -06:00
William Vu
2ad29a2351
Prefer find over each
...
Since we're modifying the load method directly, there should only ever
be one previously loaded instance. Suggestion by @egypt.
2017-01-12 19:28:06 -06:00
Brent Cook
8f6fe87400
fix assignment
2017-01-12 17:16:19 -06:00
William Vu
d58db72cd0
Force unloading of already loaded plugins
2017-01-12 14:18:52 -06:00
Brent Cook
c080d78922
intercept legacy meterpreter script runs and substitute post modules
2017-01-12 14:08:43 -06:00
Brent Cook
b28f600aea
Land #7584 , fix apk injection into proguarded apks
2017-01-11 12:45:23 -06:00
David Maloney
38a4c2aa97
fix autotargeting failure
...
the fallback to the original default was failing because
it was assuming rhost was already set, so it would always
go back to the first default target. now the auto_target? method
only returns true if can pull an auto_target_host
2017-01-10 14:12:28 -06:00
wchen-r7
18347a8de7
Land #7774 , Fix pivoting of UDP sockets in scanners
2017-01-10 13:57:28 -06:00
bwatters_r7
b3e8c3376d
Land #7788 , Add ability to interact with a manually backgrouned session
2017-01-10 08:55:00 -06:00
darkbushido
3e1cd0c789
adding a check to make sure you only give a signle private type
2017-01-09 15:13:36 -06:00
David Maloney
8c395338af
Land #7743 , wchen's digest auth nonce fix
...
land sinn3r's pr for fixing the Digest Auth nonce
2017-01-09 14:16:09 -06:00
darkbushido
6bd2e03f37
dding realm tests showed a bug. its now squashed.
2017-01-09 13:04:34 -06:00
darkbushido
3674b25885
fixing the tests, more need to be added
2017-01-09 13:04:34 -06:00
darkbushido
a3b1f7e360
the commands now work, onto tests
2017-01-09 13:04:34 -06:00
darkbushido
23cbc99341
changing the creds add command to use named params
2017-01-09 13:04:34 -06:00
darkbushido
c179e0358f
origin_type manual requires a user...
2017-01-09 13:04:34 -06:00
darkbushido
ed3b34179b
moving creds to its own dispatcher
2017-01-09 13:04:34 -06:00
William Vu
1a04691201
Fix #2504 , edit command fixes I missed 3y ago
...
local_editor was never nil, so there was some dead code.
2017-01-08 03:02:19 -06:00
Craig Smith
5f07bca775
Hardware Bridge API. Initial bridge API that supports the HW rest protocol specified here:
...
http://opengarages.org/hwbridge Supports an automotive extension with UDS calls for mdoule
development.
2017-01-06 19:51:41 -08:00
Adam Cammack
dbdc558f0b
Land #7776 , don't log on harmless DB errors
2017-01-06 18:25:13 -06:00
David Maloney
2108913e77
target_host method had a name collision
...
this method appears to have been accidentaly overriding another
method causing sessions to never finish being established
2017-01-06 12:44:37 -06:00
William Vu
969df408c7
Land #7786 , Microsoft Edge constant for HttpClient
2017-01-05 21:07:57 -06:00
David Maloney
10cfadaf98
add optional output to merterp run_cmd
...
the run_cmd method on meterpreter sessions can now
take an optiona output IO to redirect output. This allows
backgrounded sessions to also run commands and still output
to the console
2017-01-05 12:12:20 -06:00
Carter
e85721113a
Add Edge to constants
2017-01-04 22:20:42 -05:00
wchen-r7
180795f209
Fix #7743 , nil @cnonce in rex/proto/http/client.rb
...
Fix #7743
2017-01-04 11:50:31 -06:00
David Maloney
31d36d9112
if autotargeting fails fall back
...
fallback to the original first target if auto-targeting fails
2017-01-03 14:38:52 -06:00
David Maloney
5fd531028c
ome minor guards and spec fixes
...
some minor conditional guards and spec fixes
2017-01-03 14:38:51 -06:00
David Maloney
2d5158403b
add YARD docs to auto target methods
...
added YARD docs
MS-2325
2017-01-03 14:38:51 -06:00
David Maloney
a61b92aa3e
tweak target selection
...
the target selection actually adjust the datastore
as if a user selected the target, this prevents
a mismatch between the target and the target index
MS-2325
2017-01-03 14:38:51 -06:00
David Maloney
3d2957dff1
tying it all together
...
insert our autotarget routine into
the main target selection process
MS-2325
2017-01-03 14:38:50 -06:00
David Maloney
44830dfc54
prefer authour's target over ours
...
if the module authour added an automatic target
we skip our routine, to let the module's own automatic targeting
take over as it likely be better
MS-2325
2017-01-03 14:38:50 -06:00
David Maloney
1afc57da40
determine most precise filter
...
drop back to our most precise level of filtering
MS-2325
2017-01-03 14:38:50 -06:00