infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
40,383 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

12499 Commits (e9ce622db7c043de02d209cafcff5dca557d1f29)

Author SHA1 Message Date
Javier Godinez 0eaeeb4aa7 Adds a generic AWS client module 2016-11-22 14:54:18 -08:00
Pearce Barry 3640e87a37
Land #7599, Don't complain when Proxies is an empty string 2016-11-22 10:14:40 -06:00
James Lee b45a36180e
Don't complain when Proxies is an empty string 2016-11-22 09:29:04 -06:00
Dylan Davis 991409fdd6 Make truthiness checks consistent 2016-11-21 19:37:48 -07:00
Dylan Davis 72609b3112 Don't use ANSI terminal sequences on Windows 2016-11-21 19:25:24 -07:00
Brent Cook 6d85330dad
Land #7594, check if opts['var_get'] exists before using it 2016-11-21 18:06:32 -06:00
Jin Qian cdc82891d8 Fix the issue 7593 where I get a stacktrace when running module auxiliary/scanner/http/blind_sql_query 
Add a guard against the case when opts['vars_get'] is nil
 2016-11-21 17:39:09 -06:00
wchen-r7 b2cc8e2b95 Fix #7569, Fix warbird check for missing text section 
Fix #7569
 2016-11-21 14:57:01 -06:00
Brent Cook 16b5f40dae Revert "Rework XOR code to make more sense" 
This reverts commit 699a8e91d2.
 2016-11-20 19:09:45 -06:00
Brent Cook f313389be4 Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch 2016-11-20 19:08:56 -06:00
Metasploit 643a5511cf
Bump version of framework to 4.13.1 2016-11-18 10:01:48 -08:00
h00die cd01b07682
Land #7565 
Lands print_bad and vprint_bad from todb-r7
 2016-11-18 13:29:39 -05:00
David Maloney 202009b50b
Land #7570, async print fix 
Land's jennamagius' fix for async console printing
outoupt from jobs no longers screws the console prompt
up. w00t!
 2016-11-18 11:25:18 -06:00
Tim 66ba2b077b
Land #7567, fix apk injection when template has no permissions 2016-11-17 11:42:54 +00:00
Dylan Davis 739c9c1315 Ensure cursor is positioned appropriately if it is not at the end of a line when async prints arrive 2016-11-16 21:07:50 -07:00
Dylan Davis 491a3a3162 Prevent the input prompt from being mangled by asynchronous prints. 2016-11-16 20:43:07 -07:00
Metasploit 383314530a
Bump version of framework to 4.13.0 2016-11-16 07:48:26 -08:00
Brian Yip 927e195e28 Generate payload apk from permissionless apk 2016-11-16 00:48:10 -04:00
Tod Beardsley 1deacad2be
Add a print_bad alias for print_error 
Came up on Twitter, where Justin may have been trolling a little:

https://twitter.com/jstnkndy/status/798671298302017536

We have a `print_good` method, but not a `print_bad`, which seems a
little weird for Ruby -- opposite methods should be intuitive as Justin
is implying.

Anyway, I went with alias_method, thanks to the compelling argument at

https://github.com/bbatsov/ruby-style-guide#alias-method

...since Metasploit is all about the singleton, and didn't want to risk
some unexpected scoping thing.

Also dang, we define the `print_` methods like fifty billion times!
Really should fix that some day.
 2016-11-15 19:20:42 -06:00
Brendan 7e4645afb3
Land #7527, Add LURI support to the reverse_http/s stagers 2016-11-15 16:31:20 -06:00
Brent Cook 5490fda0ae Merge remote-tracking branch 'upstream/master' into land-7261 2016-11-14 16:49:28 -06:00
Brent Cook 98a54cd458 Merge branch 'upstream-master' into land-7456-android-hide-app 2016-11-14 02:43:04 -06:00
David Maloney fbcc4baf58
Land #7553, apk inject cert fix 
Lands dana-at-cp's fix for the certtool localization
issues for the APK injection routine.

Fixes #7524
 2016-11-11 12:54:41 -06:00
Metasploit f116ad2c59
Bump version of framework to 4.12.42 2016-11-11 10:02:14 -08:00
dana-at-cp c0e839dfd9
Fixes keytool bug in APK inject code 2016-11-11 06:12:47 -08:00
Metasploit 2c39a14ada
Bump version of framework to 4.12.41 2016-11-04 10:02:13 -07:00
OJ 50c2ed8509
Fix post mixin platform/session check 2016-11-05 02:41:52 +10:00
Brendan dae1f26313
Land #7521, Modernize TLS protocol configuration for SMTP / SQL Server 2016-11-03 12:56:50 -05:00
OJ 47ac122c15
Add LURI support to the reverse_http/s stagers 2016-11-03 14:51:07 +10:00
Brendan a7c8060af5
Land #7523, Fix template location for psh payload creation 2016-11-02 12:09:20 -05:00
David Maloney 451686309b
fixes #7519 psh payload generation 
a few files references to the templates for pwoershell were
missed when transfering the templates over to the rex-powershell gem
 2016-11-01 14:32:40 -05:00
Brian Patterson 51ad285521
Landing #7517 Nexpose API error fix 2016-11-01 12:02:35 -05:00
OJ 0fca4483c0
Correctly call generate_stage on native init 2016-11-02 00:52:25 +10:00
OJ 6ec76611c3
Fix arch typo in meterpreter_options for x64 2016-11-02 00:38:34 +10:00
Brent Cook 6577728fa9 enable auto-negotiation for TLS version with SQL Server 2016-11-01 05:45:27 -05:00
Brent Cook f08a7ac10b modernize default smtp_deliver TLS options 2016-11-01 05:42:05 -05:00
David Maloney ac0984e8dd
this fixes an issue with nexposeapi errors 
on newer versions of the nexpose api the error
XML schema has been changed, this prevents the
exception from being generated correctly

MS-289
 2016-10-31 13:42:15 -05:00
OJ 294b1e5ed7
Move session_type to base, and map shell arch to string 2016-11-01 03:02:23 +10:00
OJ 44ac3f8781
Use ARCH constant in mainframe_shell 2016-11-01 02:24:44 +10:00
OJ ddd2d5e43f
Remove junk spaces from EXE exploit module 2016-11-01 01:28:21 +10:00
OJ eeff24d2ef
Change BSD regex as per Brent's suggestion 2016-11-01 01:26:45 +10:00
OJ 0730613c67
Add comment to hilight need to support ARCH_CMD in sess check 2016-10-29 14:29:05 +10:00
OJ 7773d90da4
Update railgun to use arch to check for 64 bit 2016-10-29 14:26:06 +10:00
OJ 8605992cdf
Remove superfluous session check in the post mixin 2016-10-29 14:19:27 +10:00
OJ e5d3feebea
Final regex fix for jobs arch check 2016-10-29 14:10:01 +10:00
OJ 57eabda5dc
Merge upstream/master 2016-10-29 13:54:31 +10:00
OJ 8b97183924
Update UUID to match detected platform, fail exploit on invalid session 2016-10-29 13:45:28 +10:00
OJ 0737d7ca12
Tidy code, remove regex and use comparison for platform checks 2016-10-29 13:41:20 +10:00
OJ 9e3960f334
Update session listing to show type or platform 2016-10-29 12:46:11 +10:00
OJ 6364e93ece
Update session types to have base_platform and base_arch 2016-10-29 12:45:37 +10:00
OJ bf7e7ae4be
Fix silly mistake with resetting arch in sysinfo 2016-10-29 08:32:32 +10:00
OJ a7485c4bba
Use constants for base_arch 2016-10-29 08:10:44 +10:00
OJ d201c5bccc
Force x86_64 to change over to x64 in sysinfo, tidy arch checks 2016-10-29 06:49:35 +10:00
Metasploit ffc62964d6
Bump version of framework to 4.12.40 2016-10-28 10:02:36 -07:00
OJ 1d617ae389
Implement first pass of architecture/platform refactor 2016-10-28 07:16:05 +10:00
William Webb 9672759be8
Land #7462, Add support for Unicode domains 2016-10-26 16:47:09 -05:00
OJ ca377cadd7
Move the binary suffix stuff to a better location 2016-10-27 07:43:27 +10:00
Metasploit 6a23168800
Bump version of framework to 4.12.39 2016-10-25 12:22:52 -07:00
Sonny Gonzalez 5ce886cf5c
Land #7490, xml importer fingerprinting fixed 2016-10-25 14:13:15 -05:00
Brian Patterson c83474ea5c
Land #7488 Allows DRDoS mixin to handle empty responses 2016-10-25 13:53:39 -05:00
Louis Sato 56d5c49d4d
host was no associated with the workspace 
* searching mdm host by wspace id instead
 2016-10-25 12:05:06 -05:00
Louis Sato 1378e2e61a
preserve hosts should still fingerprint new hosts 2016-10-25 09:58:30 -05:00
Louis Sato 744724c083
conditionalize fingerprinting 
* fix bug where host not preserved
 2016-10-24 18:45:48 -05:00
Metasploit e29567f390
Bump version of framework to 4.12.38 2016-10-24 14:25:47 -07:00
Jon Hart 12508f7140
Fix DRDoS mixin to handle empty responses 2016-10-24 14:21:28 -07:00
Adam Cammack 39b889ea29
Land #7459, Delay fingerprinting during import 2016-10-24 10:47:25 -05:00
William Vu ba3830c100
Land #7485, lib/rex/post/gen.pl removal 2016-10-24 09:56:41 -05:00
Metasploit bf59ba526a
Bump version of framework to 4.12.37 2016-10-24 07:35:41 -07:00
nixawk 66a1b57c17 delete lib/rex/post/gen.pl 2016-10-24 08:53:45 -05:00
Tim ce1f3e6b9e
Land #7451, copy original signing certificate when backdooring APK 2016-10-22 18:04:22 +08:00
David Maloney 6b77f509ba
fixes bad file refs for cmdstagers 
when moving to the rex-exploitation gem some of the
file references were missed, partially due to silly differences
between how each file was referenced

Fixes #7466
 2016-10-21 12:31:18 -05:00
David Maloney de87fccf85
Land #7469, OJ's php preamble fix 
this is OJ's fix for the bind_php payload
preamble that causes it to be missing the php
tags
 2016-10-21 12:05:39 -05:00
Metasploit 8e0d866976
Bump version of framework to 4.12.36 2016-10-21 10:02:09 -07:00
dana-at-cp b8e30a241e
Copy original cert data into new signing cert created for APK injection 2016-10-20 08:43:45 -07:00
Brendan 1644a1e20b Change how we populate workgroup/domain data 2016-10-19 17:24:26 -05:00
Brendan 95294b00d1 Whitespace 2016-10-19 17:13:07 -05:00
Brendan 078496437f Make sure that the ntlm blob data is pasrsed into UTF-8 2016-10-19 17:11:04 -05:00
Louis Sato f18cbd655e
delay fingerprinting of host 
MS-2073

 * imports are slow mainly caused by fingerprinting after every service creation
 * now only fingerprints after all the services are created for imports
 2016-10-18 17:42:48 -05:00
Pearce Barry 43fd0a8813
Land #7436, Put Rex-exploitation Gem Back 2016-10-18 16:03:54 -05:00
OJ 786600bd09
Remove the unused binary_suffix var 2016-10-18 16:15:00 +10:00
Tim 67d07a715c
add android_hide_app_icon 2016-10-17 19:02:48 +08:00
Brent Cook 6fb418d4d2
Land #7447, unify Android meterpreter method names, add missing stageless class 2016-10-17 04:48:43 -05:00
William Vu ebf52759cc
Land #7449, unsuitable language fix 2016-10-16 03:23:05 -05:00
Justin Steven 2ae62cfce1
Fix typo: Use a better adjective 2016-10-16 18:01:42 +10:00
dana-at-cp d7ac8eba45
Create new signing certificate with dname value copied from original certificate. 2016-10-15 14:05:53 -07:00
Tim 5fad8d8efa
prefix android commands with android_ 2016-10-15 23:57:20 +08:00
Metasploit 74340e9eb7
Bump version of framework to 4.12.35 2016-10-14 15:13:45 -07:00
Brent Cook 5736b2c821
add missing require 2016-10-14 12:15:45 -05:00
Metasploit b3666ff7ab
Bump version of framework to 4.12.34 2016-10-14 10:04:05 -07:00
Brent Cook 5ab3401f98
Land #7430, Refactor Android payload configuration into a byte array, add evasions 2016-10-14 10:01:23 -05:00
Brent Cook 4c248ebe9e Merge branch 'master' into land-7430- 2016-10-14 09:48:33 -05:00
Brent Cook a2fe934c15
Land #7435, NTLM Util change to support Unicode hostnames 2016-10-14 09:46:10 -05:00
OJ 70011922a3
Remove binary suffixes for payloads that don't exist 2016-10-14 14:08:13 +10:00
OJ 022830634b
Rejig platform to use windows instead of win32/win64 2016-10-14 10:10:04 +10:00
David Maloney 7894d5b2c1 Revert "Revert "use the new rex-exploitation gem"" 
This reverts commit f3166070ba.
 2016-10-11 17:40:43 -05:00
David Maloney 2493ff1886 Revert "Revert "remove leftover cruft"" 
This reverts commit 74e0256448.
 2016-10-11 17:40:18 -05:00
David Maloney 13de5f9b1e fix missing require in rex 
this missing required caused an unitialized
constant in browser_autopwn2 because it required
the js utils bit directly without requiring rex-exploitation
 2016-10-11 17:36:55 -05:00
Brendan fe36801918 Changed to convert hostnames and domains to UTF-8 rather than ANSI 
after pulling them from the NTLM blob
 2016-10-11 15:51:50 -05:00
Brent Cook e5ac3eda61
Land #7362, Fix apk injection script to include android payload service and broadcast receivers 2016-10-11 07:54:10 -05:00
Tim 3d9cb7375c
store Android payload information in byte array 2016-10-11 14:41:32 +08:00