1644a1e20b
Change how we populate workgroup/domain data
2016-10-19 17:24:26 -05:00
95294b00d1
Whitespace
2016-10-19 17:13:07 -05:00
078496437f
Make sure that the ntlm blob data is pasrsed into UTF-8
2016-10-19 17:11:04 -05:00
f18cbd655e
delay fingerprinting of host
...
MS-2073
* imports are slow mainly caused by fingerprinting after every service creation
* now only fingerprints after all the services are created for imports
2016-10-18 17:42:48 -05:00
43fd0a8813
Land #7436 , Put Rex-exploitation Gem Back
2016-10-18 16:03:54 -05:00
786600bd09
Remove the unused binary_suffix var
2016-10-18 16:15:00 +10:00
67d07a715c
add android_hide_app_icon
2016-10-17 19:02:48 +08:00
6fb418d4d2
Land #7447 , unify Android meterpreter method names, add missing stageless class
2016-10-17 04:48:43 -05:00
ebf52759cc
Land #7449 , unsuitable language fix
2016-10-16 03:23:05 -05:00
2ae62cfce1
Fix typo: Use a better adjective
2016-10-16 18:01:42 +10:00
d7ac8eba45
Create new signing certificate with dname value copied from original certificate.
2016-10-15 14:05:53 -07:00
5fad8d8efa
prefix android commands with android_
2016-10-15 23:57:20 +08:00
74340e9eb7
Bump version of framework to 4.12.35
2016-10-14 15:13:45 -07:00
5736b2c821
add missing require
2016-10-14 12:15:45 -05:00
b3666ff7ab
Bump version of framework to 4.12.34
2016-10-14 10:04:05 -07:00
5ab3401f98
Land #7430 , Refactor Android payload configuration into a byte array, add evasions
2016-10-14 10:01:23 -05:00
4c248ebe9e
Merge branch 'master' into land-7430-
2016-10-14 09:48:33 -05:00
a2fe934c15
Land #7435 , NTLM Util change to support Unicode hostnames
2016-10-14 09:46:10 -05:00
70011922a3
Remove binary suffixes for payloads that don't exist
2016-10-14 14:08:13 +10:00
022830634b
Rejig platform to use windows instead of win32/win64
2016-10-14 10:10:04 +10:00
7894d5b2c1
Revert "Revert "use the new rex-exploitation gem""
...
This reverts commit f3166070ba
2016-10-11 17:40:43 -05:00
2493ff1886
Revert "Revert "remove leftover cruft""
...
This reverts commit 74e0256448
2016-10-11 17:40:18 -05:00
13de5f9b1e
fix missing require in rex
...
this missing required caused an unitialized
constant in browser_autopwn2 because it required
the js utils bit directly without requiring rex-exploitation
2016-10-11 17:36:55 -05:00
fe36801918
Changed to convert hostnames and domains to UTF-8 rather than ANSI
...
after pulling them from the NTLM blob
2016-10-11 15:51:50 -05:00
e5ac3eda61
Land #7362 , Fix apk injection script to include android payload service and broadcast receivers
2016-10-11 07:54:10 -05:00
3d9cb7375c
store Android payload information in byte array
2016-10-11 14:41:32 +08:00
0d5a23b865
Merge branch 'master' into land-7423-localtime
2016-10-10 23:54:38 -05:00
699a8e91d2
Rework XOR code to make more sense
2016-10-10 13:38:08 +10:00
e139a1ee8f
Land #7383 : Rebase/Fix + SSL stager support for python
2016-10-10 13:06:09 +10:00
adb6f31e36
Bump version of framework to 4.12.33
2016-10-08 20:57:08 -07:00
74e0256448
Revert "remove leftover cruft"
...
This reverts commit 2be551cbd3
2016-10-08 21:55:22 -05:00
f3166070ba
Revert "use the new rex-exploitation gem"
...
This reverts commit 52f6265d2e
2016-10-08 21:55:16 -05:00
63bf93be1b
code and style cleanups
2016-10-08 21:04:15 -05:00
7c1fa3eb51
fix 'info -d module', it assumed active module only
2016-10-08 19:31:00 -05:00
44c5fc3250
Sync build_net_code post module upstream
...
Fix merge conflicts and add missing lines to framework version of
the DotNet compiler example module.
Test output to come in PR #5393
2016-10-08 14:06:35 -05:00
47b1320d08
Add options to cmd_psh_payload
...
Fill in validated datastore options for generating custom PSH
payloads
2016-10-08 14:06:35 -05:00
fb8e025aa5
Force datastore validation by option set
...
cmd_psh_payload relies on datastore options to have a proper
data type down the call chain. When modules are created with string
values for all data store options, a conditional naively checking
what should be a boolean value for false/nil? would return true
for a string representation of "false."
Ensure that datastore options are validated prior to using them
to set variables passed into Rex methods.
2016-10-08 14:06:35 -05:00
f24bfe7d4e
Import Powershell::exec_in_place
...
Allow passing exec_in_place parameter to cmd_psh_payload in order
to execute raw powershell without the commandline wrappers of
comspec or calling the powershell binary itself.
This is useful in contexts such as the web delivery mechanism or
recent powershell sessions as it does not require the creation of
a new PSH instance.
2016-10-08 14:06:35 -05:00
36b989e6d7
Initial import of .NET compiler and persistence
...
Add Exploit::Powershell::DotNet namespace with compiler and
runtime elevator.
Add compiler modules for payloads and custom .NET code/blocks.
==============
Powershell-based persistence module to compile .NET templates
with MSF payloads into binaries which persist on host.
Templates by @hostess (way back in 2012).
C# templates for simple binaries and a service executable with
its own install wrapper.
==============
Generic .NET compiler post module
Compiles .NET source code to binary on compromised hosts.
Useful for home-grown APT deployment, decoy creation, and other
misdirection or collection activities.
Using mimikatz (kiwi), one can also extract host-resident certs
and use them to sign the generated binary, thus creating a
locally trusted exe which helps with certain defensive measures.
==============
Concept:
Microsoft has graciously included a compiler in every modern
version of Windows. Although executables which can be easily
invoked by the user may not be present on all hosts, the
shared runtime of .NET and Powershell exposes this functionality
to all users with access to Powershell.
This commit provides a way to execute the compiler entirely in
memory, seeking to avoid disk access and the associated forensic
and defensive measures. Resulting .NET assemblies can be run
from memory, or written to disk (with the option of signing
them using a pfx cert on the host). Two basic modules are
provided to showcase the functionality and execution pipeline.
Usage notes:
Binaries generated this way are dynamic by nature and avoid sig
based detection. Heuristics, sandboxing, and other isolation
mechanisms must be defeated by the user for now. Play with
compiler options, included libraries, and runtime environments
for maximum entropy before you hit the temmplates.
Defenders should watch for:
Using this in conjunction with WMI/PS remoting or other MSFT
native distributed execution mechanism can bring malware labs
to their knees with properly crafted templates.
The powershell code to generate the binaries also provides a
convenient method to leave behind complex trojans which are not
yet in binary form, nor will they be until execution (which can
occur strictly in memory avoiding disk access for the final
product).
==============
On responsible disclosure: I've received some heat over the years
for prior work in this arena. Everything here is already public,
and has been in closed PRs in the R7 repo for years. The bad guys
have had this for a while (they do their homework religiously),
defenders need to be made aware of this approach and prepare
themselves to deal with it.
2016-10-08 14:05:53 -05:00
1f36583db2
Add zeroSteiner to author.rb
2016-10-07 12:51:22 -05:00
8a6426df48
Bump version of framework to 4.12.32
2016-10-07 10:04:32 -07:00
a0ebf5ea2d
Bump version of framework to 4.12.31
2016-10-06 11:23:08 -07:00
55597d7370
Land #7394 , Gemify rex/exploitation and associated data files into rex-exploitation
2016-10-05 10:55:21 -05:00
2be551cbd3
remove leftover cruft
...
some files that got left behind in previous
gemifications that should have been removed
2016-10-05 09:05:27 -05:00
52f6265d2e
use the new rex-exploitation gem
...
use the new rex-exploitation gem instead of the packaged in lbirary code
cleans up a huge ammount of space in framework
MS-1709
2016-10-05 09:05:27 -05:00
a89607bbdb
Prefer keyword argument
2016-10-04 23:14:14 -05:00
b7ea465855
refresh sysinfo when explicitly requested on a session
2016-10-04 22:06:06 -05:00
af4f3e7a0d
use templates from the gem for psh
...
use the templates now contained within the magical
gem of rex-powershell
7309
MS-2106
2016-10-04 14:14:25 -05:00
a4efa77878
Support driver list, adjust capcom exploit
...
This commit adds MSF-side support for listing currently loaded drivers
on the machine that Meterpreter is running on. It doesn't add a UI-level
command at this point, as I didn't see the need for it. It is, however,
possible to enumerate drivers on the target using the client API.
Also, the capcom exploit is updated so that it no longer checks for the
existence of the capcom.sys file in a fixed location on disk. Instead,
it enumerates the currently loaded drivers using the new driver listing
function, and if found it checks to make sure the MD5 of the target file
is the same as the one that is expected. The has is used instead of file
version information because the capcom driver doesn't have any version
information in it.
2016-10-04 11:27:20 +10:00
3469104f7a
Add localtime command support
2016-10-03 15:18:37 +10:00
039357a714
Land #7387 , checksum command for Meterpreter
2016-10-02 21:35:34 -05:00
63d13f0f49
check if there is a stance set before checking the value
2016-10-02 19:48:49 -05:00
8e09b172f6
Add a meterpreter checksum command
2016-10-01 14:29:35 -04:00
73c11a63b4
Bump version of framework to 4.12.30
2016-09-30 10:03:42 -07:00
e628fab86e
Land #7378 , run zipalign during apk injection process
2016-09-30 12:27:27 +08:00
6241e48b34
Land #7350 , add 'sess' command for direct session switching support
2016-09-29 23:18:53 -05:00
49ed02a203
fix packet parsing when there is partial data
2016-09-29 17:21:59 -05:00
4fdb54e6a1
Fixup transport to work with upstream
...
Differences in transport configuration and the actual payload do
not allow a direct splice of the original files included.
Clean up the payload generator to work with upstream handler,
payload, and transport configuration implementation.
Initial testing shows inbound sessions are created and SSL cert
is now properly attaching to the handler.
2016-09-29 17:21:59 -05:00
a7470991d9
Bring Python reverse_tcp_ssl payload upstream
...
Adds TLS/SSL transport encryption for reverse tcp payloads in
python
2016-09-29 17:21:59 -05:00
b06a3d3c68
Refactor code that calls zipalign on injected APK
2016-09-29 07:49:50 -07:00
e8d99fb3f5
Run zipalign as last step during APK injection process
...
Running zipalign on an APK after signing and before distribution
is considered general best practice. Also, properly aligning an APK
makes it less likely to be flagged as suspicious by mobile security
solutions.
More on zipalign from Google:
https://developer.android.com/studio/command-line/zipalign.html
2016-09-28 20:05:17 -07:00
1689f10890
Land #7292 , add android stageless meterpreter_reverse_tcp
2016-09-28 16:05:22 -05:00
ea625d4ea3
Enhance #7360 , more stance fixes
2016-09-28 13:49:29 -05:00
5a611b0ec4
use the correct scope for the Stance names
2016-09-28 13:48:28 -05:00
b4a1adaf0f
refactor into android.rb
2016-09-28 18:23:34 +08:00
dc43f59dcf
dalvik -> android
2016-09-28 14:50:52 +08:00
8bef4e4ec6
Land #7360 , restore passive?/aggressive? behavior
...
This PR restores the mod.aggressive? and mod.passive? methods to the
implementation prior to 0f7e3e9
2016-09-26 15:05:41 -05:00
5ea1e7b379
Bump version of framework to 4.12.29
2016-09-26 12:06:21 -07:00
a39c4965e4
fix apk injection script to include payload service and receivers
2016-09-26 19:50:10 +08:00
006c749e6a
directly check to match the former definition of aggressive?
2016-09-25 23:57:13 -04:00
743bea912a
fix exploit Passive / Aggressive overrides to do the right thing
2016-09-25 19:57:41 -04:00
00258a4d31
Land #7351 , restore NTLM constant class shortcuts
2016-09-25 12:09:38 -05:00
00c02bb132
Land #7349 , Add initialization of RHOST value prior to calling child check()
2016-09-23 12:28:08 -05:00
3ddf80dd7a
Bump version of framework to 4.12.28
2016-09-23 10:02:37 -07:00
c13ab28a5b
remove debug statement
2016-09-22 16:27:11 +01:00
acb3e66064
fix comments
2016-09-22 16:26:26 +01:00
32c2311b86
android meterpreter_reverse_tcp
2016-09-22 16:26:26 +01:00
2ec87d1f67
check if constant aliases are already set before setting
...
(I'm presuming that was what removing was intended to help with)
2016-09-22 07:12:42 -05:00
4acb29a129
restore NTLM constant class shortcuts
2016-09-22 07:01:38 -05:00
af4b1cf48f
Add the `sess` command to MSF and Meterp shells
...
This new command is a simpler shortcut that allows for moving around sessions much faster from within the console.
* From inside MSF, `sess <id>` is shorthand for `sessions -i <id>`
* From inside Meterp, `sess <id>` is shorthand for `background; sessions -i <id>`
In the latter case, if the session being switched to is the same id, then no swiching happens.
2016-09-22 16:09:59 +10:00
52d0840a79
Land #7276 , fix clipboard tlv usage
2016-09-22 00:47:18 -05:00
b4b709d921
Land #7342 , remove OSVDB links and references from library code - leave in modules
2016-09-22 00:45:05 -05:00
88cef32ea4
Land #7339 , SSH module fixes from net:ssh updates
2016-09-22 00:27:32 -05:00
fda5faf4ed
Land #7346 , route command fixes
...
Also adds session -1 support.
2016-09-21 15:44:24 -05:00
a3e3bbf2b0
Remove unnecessary reference to idx
2016-09-21 12:42:25 -04:00
08836a317d
Fix "route add" error and support using session -1
2016-09-21 12:02:30 -04:00
0671e854a9
Default the route command to printing the table
2016-09-21 10:36:59 -04:00
b0bb5b5806
Added initialization of RHOST value prior to calling child check() functions
2016-09-20 18:18:52 -05:00
4ff8235304
Remove semicolon
2016-09-20 17:57:48 -05:00
8871673ada
Merge branch 'master' of github.com:rapid7/metasploit-framework
2016-09-20 17:48:06 -05:00
53170cca01
msfconsole command
...
resolves #7330
Warns the user if they try to run msfconsole in msfconsole and does not let them do it
2016-09-20 17:46:25 -05:00
1b31e0a63e
remove osvdb links
2016-09-20 14:27:59 -05:00
e315ec4e73
Merge branch 'master' into bug/7321/fix-ssh-modules
2016-09-19 15:27:37 -05:00
06ff7303a6
make pubkey verifier work with old module
...
make the new pubkey verifier class and
the old identify_pubkeys aux module work
together
7321
2016-09-19 15:20:35 -05:00
2f17ae0946
add pubkey_verifier class to framework
...
this class provides a new way to do
public key only verification tests
for SSH
7321
2016-09-19 14:35:59 -05:00
3f5ed75198
Relocate Rex::Platform:Windows content (fixes MS-1714)
2016-09-19 14:34:44 -05:00
27018b421c
Land #7316 , use new rex-encoder gem
2016-09-19 11:59:21 -05:00
4c4f2e45d6
Land #7283 , add jsp payload generator
2016-09-16 14:37:59 -05:00
5acc17a800
Bump version of framework to 4.12.27
2016-09-16 10:02:52 -07:00
332ba47356
refactored blob parsing to get unicode, but break everything else
2016-09-16 11:22:53 -05:00
b21daa7019
Land #7263 , Automatically generate keystore for android apk signing
2016-09-15 22:09:15 -05:00
022ab74f30
See #7089 , add some stray fixups
2016-09-15 18:50:00 -05:00
6686e91ffe
fixup some leftover debug and whitespace issues
2016-09-15 18:39:08 -05:00
50fc3b10f8
Land #7086 , Add 'continue' and 'tries' wget-like options to meterpreter 'download'
2016-09-15 17:48:21 -05:00
7e10b5c482
use new rex-encoder gem
...
remove all the encoidng lbiraries and use the new gem
rex-encoder that contains them now.
MS-1708
2016-09-14 12:07:26 -05:00
e005a3f49b
Land #7300 replace msfrop with the rex-rop_builder gem
...
MS-1722
2016-09-14 11:21:54 -05:00
32998d938f
Bump version of framework to 4.12.26
2016-09-13 16:59:37 -07:00
b5ae287235
ensure that default_name, dns_host_name, and dns_domain_name are set
2016-09-13 18:32:59 -05:00
245237d650
Land #7288 , Add LoginScannerfor Octopus Deploy server
2016-09-13 17:26:56 -05:00
8eb2c926f3
Bump version of framework to 4.12.25
2016-09-13 13:37:08 -07:00
fd3b885d83
replace msfrop with the rex-rop_builder gem
...
moved all of this code into the new gem
MS-1722
2016-09-12 16:06:53 -05:00
8cf62dc4ed
Land #7299 , Set defaults in WordpressMulticall login scanner
2016-09-12 12:26:08 -05:00
aa193bf372
Set defaults in WordpressMulticall login scanner
...
This login scanner would crash it was used like a normal login scanner.
MS-2007
2016-09-12 11:22:15 -05:00
e09fe08983
Land #7278 , fix FTP path traversal scanners
2016-09-12 10:47:36 -05:00
1d4b0de560
Land #6616 , Added an Outlook EWS NTLM login module.
2016-09-09 11:43:52 -05:00
4495b27e67
Land #7254 , Rex::SSLScan Gemification
2016-09-08 13:20:56 -05:00
1b9c37ff78
Merge branch 'master' into feature/MS-1711/rex-nop
2016-09-08 10:48:07 -05:00
a30711ddcd
Land #7279 , Use the rubyntlm gem (again)
2016-09-07 16:33:35 -05:00
17ab04829c
missed the lib/rex/socket.rb file
...
failed to delete this rather important bigt
2016-09-07 11:38:28 -05:00
7857c58655
remove all the left voer cruft
...
remove all the files that got xfered out to the gems
MS-1715
2016-09-07 11:38:28 -05:00
43942e6029
refactor pem parser to use the rex-socket gem version
...
use rex-socket's pem aprser instead of the old one we used
to have in rex::parser
MS-1715
2016-09-07 11:38:27 -05:00
405c59b8b8
move bidirectional pipe into rex/ui/text
...
this didn't really fit with the rest of rex::io and it inherits
from inside rex/ui/text so just put it there
MS-1715
2016-09-07 11:34:04 -05:00
dcf0d74428
Adding module to scan for Octopus Deploy server
...
This module tries to log into one or more Octopus Deploy servers.
More information about Octopus Deploy:
https://octopus.com
2016-09-06 20:52:49 -05:00
c6012e7947
add jsp payload generator
2016-09-06 22:17:21 +02:00
0f30d3a720
Land #7208 , use new rex-bin_tools gem
2016-09-06 13:19:35 -05:00
9d5a276e91
Fix recent metasploit-framework.gemspec conflict.
2016-09-06 13:10:28 -05:00
881effbae9
use the new rex-nop gem
...
transfer the opty2 library to rex-nop
MS-1711
2016-09-06 11:27:06 -05:00
b701048ce2
Fix data_disconnect to shutdown only if datasocket
...
Seeing people use this with ensure when their data channel was never set
up. This breaks things. :)
2016-09-05 15:54:26 -05:00
f75b5569e5
fix android clipboard tlv usage
2016-09-05 17:24:32 +01:00
58112d7b4d
Bump version of framework to 4.12.24
2016-09-02 10:02:44 -07:00
e36cfa54b1
Use rex-mime gem
...
MS-1710
2016-09-01 11:38:07 -05:00
9ebe18d096
automatically generate keystore for apk signing
2016-09-01 10:19:58 +01:00
bfabb3877c
@void-in suggestions styles
2016-08-31 14:00:35 +02:00
39407dda95
Winpmem meterpreter extension
2016-08-31 11:46:15 +02:00
bd71df55c3
Merge branch 'nessus-bridge-gem' of git://github.com/kost/metasploit-framework into kost-nessus-bridge-gem
...
Also fix minor merge conflict.
2016-08-30 17:25:46 -05:00
029a28c95b
use the new rex-sslscan gem
...
remove old integerated code and replace it
with the gem. done.
MS-1693
2016-08-30 10:43:47 -05:00
fa6d1965fc
missed the lib/rex/socket.rb file
...
failed to delete this rather important bigt
2016-08-30 09:31:52 -05:00
efdf7c4c00
Clipboard now sets 'recursive' download option in new way. Improved download_file compatibility
2016-08-27 01:44:04 +00:00
3545c5f8db
Rebase after #7125 . Changed tries to -l. Added 'opts' for all download options
2016-08-27 00:55:16 +00:00
b1009ab8dc
remove all the left voer cruft
...
remove all the files that got xfered out to the gems
MS-1715
2016-08-26 14:31:27 -05:00
91fe78e9cb
refactor pem parser to use the rex-socket gem version
...
use rex-socket's pem aprser instead of the old one we used
to have in rex::parser
MS-1715
2016-08-26 14:13:38 -05:00
c6b0c0b598
move bidirectional pipe into rex/ui/text
...
this didn't really fit with the rest of rex::io and it inherits
from inside rex/ui/text so just put it there
MS-1715
2016-08-26 13:51:26 -05:00
ea32c313d3
Bump version of framework to 4.12.23
2016-08-26 10:06:44 -07:00
226ded8d7e
Land #6921 , Support basic and form auth at the same time
2016-08-25 16:31:26 -05:00
954dee752b
Sort msfvenom --help-platforms
...
Also sort --help-formats.
2016-08-25 14:02:58 -05:00
250e6676ca
Update crawler with new auth key values.
2016-08-24 16:01:46 -05:00
61f1e7e9c2
Add server_port to HTTP fingerprint
...
MS-1982
2016-08-24 13:24:24 -05:00
03e14ec86f
Land #7232 , Net::SSH Regression Fixes
...
Fixes #7160
Fixes #7175
Fixes #7229
2016-08-23 14:53:42 -05:00
95b82219a3
Land #7233 , ssh over L# pivot
...
this lands egypt's fix for using Net::SSH over L# pivots
2016-08-23 14:12:54 -05:00
222c85c343
Land #7223 , Unvendor openvas-omp gem
2016-08-23 13:40:39 -05:00
Brendan
Louis Sato
Pearce Barry
OJ
Tim
Brent Cook
William Vu
Justin Steven
dana-at-cp
Metasploit
David Maloney
Brent Cook
RageLtMan
dmohanty-r7
Spencer McIntyre
Jeffrey Martin
HD Moore
“Brian
wchen-r7
Adam Cammack
james-otten
Christian Mehlmauer
Danil Bazin
caye