73701462ed
Fix ActiveX. Use ERB for Javascript detection code.
2013-11-05 16:26:41 -06:00
7dcb071f11
Remote shebang and fix pxexeploit
2013-11-06 07:10:25 +10:00
36f96d343e
Revert "Revert "Land #2505" to resolve new rspec fails"
...
This reverts commit e7d3206dc9
2013-11-05 13:45:00 -06:00
9c6b187cc6
stuff
2013-11-05 11:05:33 -06:00
0513dad789
-_-
2013-11-05 10:30:37 -06:00
9d1742ac47
Fix typos
2013-11-05 10:15:53 -06:00
8fb2b943be
Add ActiveX detection
2013-11-05 01:34:56 -06:00
5f2d8358c0
Be more browser specific with Javascript generation
2013-11-05 01:04:52 -06:00
844daf0e00
No regex for get_resource checking
2013-11-04 17:49:43 -06:00
054a525f35
Change profile data structure
2013-11-04 17:46:36 -06:00
ef57a38274
Move documentation about profile structure
2013-11-04 16:47:15 -06:00
d1e008387a
Stop auto preview, code clean
...
Removed the auto preview of captured images from the clipboard.
Removed parens from calls to print_line.
2013-11-05 07:15:31 +10:00
f62247e731
Fix comments, indenting and pxexploit module
...
Updated the comments and indentation so they're not blatantly wrong.
Adjusted the pxexploit module so that it doesn't break any more as
a result of the refactoring.
2013-11-05 06:35:50 +10:00
9c8ecd2ede
Fix encoding order
2013-11-04 14:06:42 -06:00
d970925cbf
Fix encoding bug
2013-11-04 13:45:29 -06:00
ed572d95ee
Merge joev's PR for Rex::Exploitation::Js::Network
2013-11-04 12:58:08 -06:00
23e5a9f048
Force on_request_exploit override
2013-11-04 12:54:52 -06:00
e83f4e5120
Use a warning
2013-11-04 12:54:41 -06:00
25787fbaa7
Change has_proxy?
2013-11-04 12:52:15 -06:00
c6fb570480
Correct bad method naming
2013-11-04 12:35:04 -06:00
016e686bcf
super chomp
2013-11-04 12:28:22 -06:00
c3d9f4064c
They are symbols not strings
2013-11-04 12:10:39 -06:00
0337e6ff54
Do yard documentation
2013-11-04 12:09:59 -06:00
ff78082004
Refactor lanattacks ruby code, add command dispatcher
...
The lanattacks module didn't seem to have a command dispatcher, and
hence loading the module would always result in a failure. This
commit fixes this problem.
The commit contains a bit of a refactor of the lanattacks code to be
a little more modular. It also has a shiny new dispatcher which breaks
the DHCP and TFTP functionality up into separate areas.
2013-11-04 17:37:42 +10:00
bccbed2757
Rename :use_xhr_shim to :inject_xhr_shim.
2013-11-02 16:52:04 -05:00
90d8da6a21
Fix some bugs in my edits, add a spec.
2013-11-02 16:46:33 -05:00
c7c1fcfa98
Pull shared XHR shim out, add option to static Js module method.
...
* Moves shim to data/js/network/xhr_shim.js
* Add some yardoc comments
2013-11-02 14:52:50 -05:00
d658fa46b4
Updated help, removed binaries
2013-11-02 23:10:16 +10:00
67fbeacbf0
Add support for optional image downloading
...
Without -d, `CF_DIB` types will just show image dimensions. Running
with -d will result in the image being looted.
2013-11-02 23:07:13 +10:00
abc06aa8aa
Use mutex
2013-11-01 11:35:23 -05:00
5fb261a974
Change var name
2013-10-31 23:48:41 -05:00
d54c8a359b
Fix bug in proxy detection
2013-10-31 23:42:43 -05:00
7a33c48a0f
No double slash
2013-10-31 23:17:38 -05:00
5851d502b5
Rename some stuff
2013-10-31 23:12:20 -05:00
21891a8337
Make sure the browser can't retry by going to the first URL
2013-10-31 23:08:17 -05:00
94d62613ab
Pretty much done with these, remove these comments.
2013-10-31 19:04:11 -05:00
828ef9c64c
Adds target-specific payload generator
2013-10-31 18:54:01 -05:00
8a0ebcbac7
Adds method get_module_resource
2013-10-31 14:34:38 -05:00
10fd892827
Fix a "undefined method to_sym" bug
...
If something is undetectable, the value may be empty, which triggers
a undefined method error because the regex always assumes there is
something. So instead of +, we use *.
2013-10-31 14:06:05 -05:00
6e7e5a0ff9
Put postInfo() in the js directory
2013-10-31 13:55:22 -05:00
00efad5c5d
Initial commit for BrowserExploitServer mixin
2013-10-31 13:17:06 -05:00
f5d1d8eace
chmod -x .rb files without #! in modules and lib
...
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
3e1ae4c9b3
Land #2504 , @todb-r7's edit command for msfconsole
2013-10-30 15:38:07 -05:00
900ccc7ec9
VISUAL is okay. Also doesn't need to be a path.
...
I don't believe this opens an untoward attack vector -- if your attacker
can run Metasploit locally, you have much bigger problems.
2013-10-30 15:34:23 -05:00
2fbac9b129
Add `getproxy` command
...
This command pulls out system proxy details on windows machines.
2013-10-30 18:40:51 +10:00
26af6452da
Land #2588 , @wvu-r7's permissions change for cmdstager_printf.rb
2013-10-29 08:07:19 -05:00
1f6c320bb3
Tidy up of extapi code, new bins
...
* Rename methods to remove redundancy.
* Update bins to freshly compiled version.
* Use the Rex Table functionality instead of custom look.
* Use the `usage` feature of the Arguments class for help.
2013-10-29 21:22:05 +10:00
606411de81
Fix mimikatz error when password is nil
...
In some cases the password value that comes out of mimikatz results
is `nil`, instead of an empty string. This fixes this so that if
the string is `nil` is falls back to an empty string, resulting in
the call to `gsub` working instead of failing.
2013-10-29 15:13:32 +10:00
333a0d5820
chmod -x cmdstager_printf.rb
2013-10-28 18:47:14 -05:00
4bf041ec46
Use Rails, not Ruby, time formats.
...
Since MSF now equires ActiveSupport, may as well reference it correctly.
2013-10-25 11:52:54 -05:00
b781e58a67
Unformat the prompt and promptchar
2013-10-25 11:40:28 -05:00
0084f32ca2
Print default values when unset options
2013-10-25 11:21:42 -05:00
e18dd3ec0b
Use base64 to reduce size
2013-10-25 01:19:43 +01:00
6f605fb009
Typo
2013-10-24 16:33:26 +02:00
b5f26455a3
Land #2545 , javascript library overhaul
2013-10-23 16:12:49 -05:00
caf41f34bf
Land #2562 - Fix RM 8510 (FileDropper)
2013-10-22 21:45:33 -05:00
acc73dd545
Land #2282 - BypassUAC now checks if the process is LowIntegrityLevel
2013-10-22 17:16:26 -05:00
7d1dc3746f
Use the @schierlm's command
2013-10-22 16:19:49 -05:00
ee95ca5e2b
Land #2158 - Fix NoMethodError undefined method `split' for nil:NilClass
2013-10-22 16:01:27 -05:00
dc0d9ae21d
Land #2560 , ZDI references
...
[FixRM #8513 ]
2013-10-22 15:58:21 -05:00
e1c4aef805
Land #1789 - Windows SSO Post Module
2013-10-22 15:48:15 -05:00
8611a2a24c
Merge remote-tracking branch 'upstream/master' into low_integ_bypassuac
2013-10-22 21:42:36 +01:00
ba1edc6fa8
Land #2402 - Windows Management Instrumentation Local -> Peers
2013-10-22 15:39:32 -05:00
4ad9bc5efe
Try to [FixRM #8510 ]
2013-10-22 08:42:14 -05:00
afcce8a511
Merge osdetect and addonsdetect
2013-10-22 01:11:11 -05:00
19615ac4b7
Apparently I missed a lot of stuff
2013-10-21 21:02:01 -05:00
fcba529ea5
Update coding format
2013-10-21 20:54:25 -05:00
99d5da1f03
We can simplify this
2013-10-21 20:22:45 -05:00
ea56c4914c
Need this file
2013-10-21 20:17:38 -05:00
9a3e719233
Rework the naming style
2013-10-21 20:16:37 -05:00
9258d79978
Add ZDI references to reference.rb
2013-10-21 15:13:46 -05:00
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
e7d3206dc9
Revert "Land #2505" to resolve new rspec fails
...
This reverts commit 717dfefead6430fa3354
2013-10-21 12:47:57 -05:00
c929fbd7f4
Land #2555 - Retry shell without thread impersonation
2013-10-21 12:25:15 -05:00
717dfefead
Land #2505 , missing source fix for sock_sendpage
2013-10-21 11:47:55 -05:00
58a82f0518
Update exe.rb
...
Rename values
2013-10-21 13:50:07 +01:00
cf65f59a28
Retry shell without thread impersonation
...
In certain scenarios on Windows XP there are times when creating a
shell fails with the error `ERROR_PRIVILEGE_NOT_HELD`. When this
happens the user will usuall fallback to a non-impersonated shell
via the command: `execute -f cmd.exe -H -i -c`
This patch catches the error, warns the use of the failure and then retries
to create the interactive shell without the `-t` flag.
2013-10-21 15:29:19 +10:00
4e90394c7f
Add support for CF_DIB clipboard formats
...
Image data copied to the clipboard, such as a screenshot, is converted to a JPEG using GDI+, and downloaded to the local loot folder.
This feature doesn't work with W2K as a result, but that doesn't really bother me. The code is simpler and much smaller as a result and doesn't require the inclusion of the jpeg library code.
2013-10-21 00:05:42 +10:00
2d24824e78
Use data_directory instead of install_root
2013-10-19 17:55:03 -05:00
8a94df7dcd
Change category name for base64
2013-10-18 21:20:16 -05:00
62dadc80d3
Make sure the data type for the return value is a string
2013-10-18 21:08:46 -05:00
298f23c91c
Fix extra slashes that cause browser autopwn to fail.
2013-10-18 20:43:39 -05:00
ffcb86eba2
Land #2541 , Outpost24 importer
...
Sample data is currently secret. If we get a hold of non-secret sample
data, it'll be tacked on to the Redmine bug referenced below.
[FixRM #8384 ]
2013-10-18 13:21:58 -05:00
f6675f3120
Reordered case statements
2013-10-18 13:21:28 -05:00
8579cb8322
Use obfuscation
2013-10-18 13:06:19 -05:00
2ef89eaf35
Randomize exe name
2013-10-18 19:01:28 +01:00
56aa9ab01c
Reduce size
2013-10-18 18:59:30 +01:00
4e4d0488ae
Rubyfy constants in privs lib
2013-10-18 18:26:07 +01:00
6f04a5d4d7
Cache Javascript
2013-10-18 12:23:58 -05:00
93ff9ec501
Create methods for start_element for readability
2013-10-18 12:20:43 -05:00
ff69e9fd05
Move product info code to a better location
2013-10-18 12:07:34 -05:00
3af38b9602
I bet "../" will drive people crazy, avoid that.
2013-10-18 11:56:03 -05:00
e6cccedad0
Append vuln info to vuln description
2013-10-18 11:31:54 -05:00
b0d614bc6a
Cleaning up requires
2013-10-18 01:47:27 -05:00
e450e34c7e
Merge branch 'master' of github.com:rapid7/metasploit-framework into low_integ_bypassuac
...
Conflicts:
modules/exploits/windows/local/bypassuac.rb
2013-10-17 23:35:36 +01:00
5a662defac
Post::Privs uses Post::Registry methods
2013-10-17 23:28:07 +01:00
c926fa710b
Move all exploitation-related JavaScript to their new home
2013-10-17 16:43:29 -05:00
12151650e4
Add product info to hosts and services :)
2013-10-17 16:18:27 -05:00
06c7943f54
Import hostnames without breaking everything
2013-10-17 15:31:48 -05:00
920e406526
Import CVE refs and db.emit all the things
2013-10-17 14:29:54 -05:00
72a052942f
Methodize the editor variable as local_editor
2013-10-17 14:11:20 -05:00
8f2ba68934
move decrypt_lsa and decrypt_secret to priv too
2013-10-17 00:04:21 -04:00
541d932d77
move decrypt_lsa to priv as well
2013-10-16 23:53:33 -04:00
60d8ee1434
move capture_lsa_key to priv
2013-10-16 23:45:28 -04:00
1a9fcf2cbb
move convert_des_56_to_64 to priv
2013-10-16 23:39:07 -04:00
1a85bd22a8
move capture_boot_key to post win priv
2013-10-16 22:46:15 -04:00
d4d4839dc2
Add size (bytes) of the files on the clipboard
...
Output of the `clipboard_get_data` call now includes the size
of each file in bytes.
2013-10-16 22:54:55 +10:00
afc5e282a9
Add CF_HDROP file support to the clipboard
...
`clipboard_get_data` has been changed so that raw text is supported and file listings are supported.
If files are on the clipboard, those files and folders are listed when this command is run. To download the files, pass in the `-d` option.
2013-10-16 17:46:22 +10:00
0081e186f7
Make sure i var is local
2013-10-15 23:59:23 -05:00
ad8af02021
Add my wonderfully simplistic Outpost24 parser
2013-10-15 16:34:46 -05:00
4c91f2e0f5
Add detection code MS Office
...
Add detection code for MS Office XP, 2003, 2007, 2010, and 2012.
[SeeRM #8413 ]
2013-10-15 16:27:23 -05:00
38965f91ee
Add Outpost24 importer code to core/db.rb
2013-10-15 15:32:28 -05:00
41ab4739e3
Land #2520 - Add detection for FF 22 - 24
2013-10-15 15:17:43 -05:00
414a814d5d
Add the start of clipboard support
...
This commit adds support for getting text-based information from the
victim's clipboard and for setting text-based data to the victim's
clipboard. Early days, with much wiggle room left for extra fun
functionality.
2013-10-15 23:57:33 +10:00
ea89b5e880
Add support for child window enumeration
...
Children of windows can now be enumerated via the -p parameter, which
specifies the handle of the parent window to enumerate.
There is also a -u parameter which includes unknown/untitled windows
in the result set.
2013-10-15 18:02:27 +10:00
14be85ea5d
Land #2511 , fix up NoMethodError and hanging connx
2013-10-14 16:30:19 -05:00
711fac08b7
Don't throw exception if createElement is missing.
2013-10-14 14:15:13 -05:00
183940308b
Add another nil check, just to be safe.
2013-10-14 13:55:54 -05:00
20a145f1e7
Check for prop in prototype, not constructor.
2013-10-14 13:51:45 -05:00
488ed5bd4a
Add new feature detection logic for FF 23 and 24.
2013-10-14 13:41:26 -05:00
35dd94f0ac
Land #2518 , uninitialized JavascriptOSDetect fix
2013-10-14 13:32:04 -05:00
e10dbf8a5d
Land #2508 - Add nodejs payloads
2013-10-14 12:23:31 -05:00
da3081e1c8
[FixRM 8482] Fix uninit constant Rex::Exploitation::JavascriptOSDetect
...
This fixes an uninit constant Rex::Exploitation::JavascriptOSDetect
while using a module with js_os_detect. It was originally reported
by Metasploit user @viniciuskmax
[FixRM 8482]
2013-10-14 11:40:46 -05:00
cad717a186
Use NDR 32bit syntax.
...
Compatible with both x86 and x64 systems.
Tidy up the module...
2013-10-12 18:52:45 +01:00
c7bcc97dff
Add SSL support to #nodejs_reverse_tcp.
2013-10-12 03:32:52 -05:00
6440a26f04
Move shared Node.js payload logic to mixin.
...
- this fixes the recursive loading issue when creating a payload
inside the cmd payload
- also dries up some of the node cmd invocation logic.
2013-10-12 03:19:06 -05:00
876d4e0aa8
Land #1420 , WDS scanner
2013-10-11 16:53:25 -05:00
4d76e8e9ac
Add RPORT to the list of DCERPC ports to check
...
[FixRM #8479 ]
2013-10-11 16:23:38 -05:00
423b490168
Use Rex::Compat.getenv instead
...
Also, this would deprecate out the editor plugin.
2013-10-11 10:42:13 -05:00
a7025fca3d
msfconsole 'edit' command
...
Useful for quick editing a module during development / bug fixing. I
don't really see a security issue with running a command defined in the
user's VISUAL or EDITOR environment variables; if the user can run
msfconsole to begin with, there are better ways to get into trouble.
2013-10-10 23:00:25 -05:00
b99af52279
Improve extapi ruby structure, add bins
...
The extapi project will get bigger over time so this change allows for the code to get
bigger without becoming a headache before it starts.
Added binaries to this commit as well.
2013-10-11 09:52:23 +10:00
85112e8704
Land #2413 , axe callcc
...
This is the only time callcc is used in the entire codebase, too, so
this apparently removes a roadblack to non-MRI Rubies, so that's nice.
2013-10-10 14:55:55 -05:00
378f403fab
Land #2453 , Add stdapi_net_resolve_host(s) to Python Meterpreter.
...
Moves resolve_host post module to multi and depreciates Windows module.
Resolve will now return nil for failed lookups instead of an empty
string.
2013-10-10 20:13:06 +01:00
9ca9b4ab29
Merge branch 'master' into data_dir
...
Conflicts:
lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
de57cbc67d
Land #2497 , @todb-r7's author alphabetization
2013-10-10 13:00:50 -05:00
cbaeebeff7
Add service_query to ext_server_extapi
...
Once the user has queried the list of services they can now use the
`service_query` function to get more detail about a specific service.
2013-10-11 01:02:51 +10:00
23340e9df0
Add service_enum to the ext_server_extapi extension
...
This commit adds the ability to enumerate services on the target machine,
showing the PID, the service name, the display name and an indication of
the service's ability to interact with the desktop.
Some other small code tidies were done too.
2013-10-10 21:23:23 +10:00
adbcace9dd
Land #2458 , OJ's Meterpreter railgun multi call fix
...
also [FixRM #8269 ]
2013-10-10 00:38:44 -05:00
4f1e71e222
Also this isn't Lua. Deal with commas.
2013-10-09 17:30:57 -05:00
c8dc251042
Alphabetize authors
...
Because alphabetizing is cool and makes it easy for humans to find
things in long array lists quickly.
Also, I need to keep my lines changed count up.
2013-10-09 17:29:17 -05:00
947925e3a3
Use a proper main signature with arguments
...
Allows us to `unlink(argv[0])`
2013-10-09 17:22:01 -05:00
6c382c8eb7
Return nil on error, and move the module to post/multi.
2013-10-09 16:52:53 -04:00
9d34a8c894
Land #2465 , deal with missing cpuinfo bins
...
[FixRM #8456 ]
Thanks @ZeroChaos!
2013-10-09 13:03:48 -05:00
356263df56
Litter some more rescue nil's in there
...
I hate them but they were there when I got there.
A more sane way to deal with this should happen someday.
2013-10-09 12:17:13 -05:00
f95da649f8
Deal with missing bins, too.
...
This could be way more DRY. At least there's a YARD-ish comment.
This fixes up https://github.com/rapid7/metasploit-framework/pull/2465
to be a more complete solution.
[SeeRM #8465 ]
2013-10-09 12:13:44 -05:00
47801c17b3
MSF started to the extended API with window enum
...
Decided to kick off a new extended API extension with mubix and
kernelsmith to include some more advanced enumeration stuff. The goal of
this extension is to take stuff that wouldn't be part of the std api but
is rather useful for enumeration of a target once meterpreter has been
established.
This commit kicks things off with enumeration of top level windows on the
current desktop.
2013-10-09 22:25:43 +10:00
e895a17722
Add 'no quotes' option for CmdStagerPrintf
...
Exploit developers can use the ':noquotes => true' option to avoid
single quotes surrounding the octal escapes argument.
2013-10-08 21:04:28 +02:00
2593c06e7c
Land #2412 , @mwulftange's printf cmd stager
2013-10-08 09:08:29 -05:00
6f7d513f6e
Another clean up and simplification of CmdStagerPrintf
2013-10-08 07:22:09 +02:00
ff6dec5eee
Promote joev to a first class citizen
...
[See #2476 ]
2013-10-07 12:40:43 -05:00
sinn3r
OJ
James Lee
joev
William Vu
Tod Beardsley
jvazquez-r7
Meatballs
ethicalhack3r
Meatballs1
Rob Fuller
kernelsmith
Spencer McIntyre
Markus Wulftange