9f1403a63e
Add initial specs for Msf::Kerberos::Client::TgsResponse
2014-12-20 20:29:00 -06:00
5f0c3ebb2b
Add documentation for Msf::Kerberos::Client::TgsResponse and TgsRequest
2014-12-20 19:32:38 -06:00
e35218b6f1
Add documentation for Msf::Kerberos::Client::CacheCredential
2014-12-20 18:28:36 -06:00
fad08d7fca
Add specs for Rex Kerberos client
2014-12-19 12:14:33 -06:00
f4037b1003
Clean Kerberos Rex client code
2014-12-19 11:08:48 -06:00
dfa92da287
Add TODO
2014-12-19 01:13:56 -06:00
77e2d4d90d
Add documentation for the Kerberos PAC support classes
2014-12-19 01:12:14 -06:00
fda4cd3440
Fix some Rex Kerberos model documentation
2014-12-18 19:30:12 -06:00
c426cf32d0
Add specs for Rex::Proto::Kerberos::CredentialCache::Principal
2014-12-18 17:40:06 -06:00
16d5ee1aae
Add documentation for the rex credential cache support
2014-12-18 17:12:58 -06:00
7275f5a5f2
Allow Rex to load credential_cache
2014-12-18 16:32:21 -06:00
f325d2f60e
Add support for cache credentials in the mixin
2014-12-18 16:31:46 -06:00
0a61e108ea
Add code skeleton for credential_cache
2014-12-18 00:30:47 -06:00
0f19f3cf2e
Add classes templates
2014-12-17 23:16:58 -06:00
f3f6a64f02
Add some AS response methods to a mixin
2014-12-17 19:50:42 -06:00
8e570cc19b
Initial support to send TGS-REQ
2014-12-17 18:55:30 -06:00
594b9bcfc2
Add support for AuthorizationData
2014-12-16 23:21:13 -06:00
2649d482fe
Add support for KRB_AP_REQ
2014-12-16 18:39:42 -06:00
0f55a98450
Add support for Authenticator encoding
2014-12-16 17:45:54 -06:00
dde45a7f53
Add support for Checksum encoding
2014-12-16 17:05:35 -06:00
a93cbac7bf
Support ticket encoding
2014-12-16 16:04:13 -06:00
ce6b53b44c
Fix attribute description
2014-12-16 11:39:04 -06:00
a5f8b4319f
Add support to encode PAC-TYPE
2014-12-16 11:31:27 -06:00
1721641138
Add support for PAC-LOGON-INFO
2014-12-16 09:32:47 -06:00
c1114c180a
Add support for PAC-CLIENT-INFO
2014-12-15 17:32:51 -06:00
64a0162e3f
Add support for PAC-SERVER-CHECKSUM
2014-12-15 17:16:43 -06:00
482c883d36
Add the parent class for pac elements
2014-12-15 17:13:52 -06:00
2c7139b936
Add support for PAC-PRIVSRV-CHECKSUM
2014-12-15 17:13:22 -06:00
147ff13080
Add support to decode the encryption part of as responses
2014-12-15 11:47:08 -06:00
643279b54b
Add support to decode the encryption part of as responses
2014-12-15 11:46:11 -06:00
d81cdd6cbb
Add KdcResponse spec first draft
2014-12-14 21:20:54 -06:00
c3a2bcf956
Make KdcResponse decoding better
2014-12-14 21:01:09 -06:00
442adb080f
Add first support to decode tickets
2014-12-14 20:51:26 -06:00
35742873c7
Delete references to deleted namespaces
2014-12-14 19:23:21 -06:00
78c76092dd
Delete namespaces from model classes
2014-12-14 19:18:30 -06:00
13ae624738
Delete namespaces
2014-12-14 19:15:57 -06:00
2d0cb5acd8
Move elements to model dir
2014-12-14 19:11:21 -06:00
328e9f62e8
Add first draft for Kerberos responses
2014-12-14 19:09:41 -06:00
483c273e17
Add support to decode responses on the Rex client
2014-12-14 17:54:17 -06:00
883bfd1f46
Add support to retrieve e-data
2014-12-14 17:23:37 -06:00
7067f2ea83
Modify Rex::Proto::Kerberos::Client to read responses
2014-12-14 16:32:25 -06:00
c5dc065fde
Add support for decoding KrbError
2014-12-14 16:26:18 -06:00
704781d0ce
Modify exception message
2014-12-14 12:11:09 -06:00
8435328af7
Fix create_tcp_connection
2014-12-14 00:54:26 -06:00
0abf5d147e
Add some documentation
2014-12-14 00:51:44 -06:00
bde8c380c2
Make mixin run
2014-12-13 02:46:00 -06:00
f676b72767
Add Kademlia scanner, lands #4210
2014-12-12 16:40:58 -06:00
78eb3325bc
Add initial Rex Client and mixin
2014-12-12 01:20:14 -06:00
20836c1789
Refactor crypto usage
2014-12-11 18:18:37 -06:00
0b2fd7ffec
Update PreAuthEncTimeStamp#encrypt documentation
2014-12-11 17:08:04 -06:00
424ce6ad53
Add constant with CRYPTO_MSG_TYPE
2014-12-11 17:03:46 -06:00
38a0506f2d
Refactor Crypto
2014-12-11 17:00:46 -06:00
35f02e6796
Add support to encode KdcRequest
2014-12-11 15:51:54 -06:00
d96206b813
Support KdcRequest#encode
2014-12-11 12:44:17 -06:00
3f12c5c9c5
Redo decode_asn1
2014-12-11 12:34:47 -06:00
8d6e41fae3
Add documentation for KdcRequest
2014-12-11 12:27:26 -06:00
162d2d39b5
Add support for KdcRequestBody decoding
2014-12-11 12:19:26 -06:00
39ffc0c58a
Add support for PreAuthData#encode
2014-12-10 19:48:44 -06:00
b89dee03c6
Add PreAuthEncTimeStamp#encode support
2014-12-10 19:30:21 -06:00
3accdb705b
Add support for PreAuthPacRequest#encode
2014-12-10 19:18:19 -06:00
96c1370334
Add EncryptedData#encode support
2014-12-10 19:12:24 -06:00
543ec35a01
Refactor PrincipalName#encode
2014-12-10 18:57:23 -06:00
5d2ff5982e
Add support for PreAuthEncTimeStamp decoding/decrypting
2014-12-10 18:33:46 -06:00
0eea9a02a1
Land #3144 , psexec refactoring
2014-12-10 17:30:39 -06:00
785ff60d8e
Add inital support for PreAuthEncTimeStamp
2014-12-10 11:25:48 -06:00
8ec403af89
Add support for PA-PAC-REQUEST
2014-12-10 10:51:37 -06:00
6ebfbe7271
Prefix coding
2014-12-10 09:54:57 -06:00
6653502e68
Support pa_data parsing on kdc_request
2014-12-10 09:47:31 -06:00
cc909ba402
Add documentation for PreAuthData
2014-12-09 19:57:16 -06:00
0a6e42968b
Add inital support for padata
2014-12-09 19:28:40 -06:00
e62628f1cc
Make specs pass
2014-12-09 18:52:42 -06:00
2557780e7c
Add initial support to decode kdc requests
2014-12-09 18:48:08 -06:00
bed1e06d13
Mark EncryptedData encode as unsupported atm
2014-12-09 17:06:51 -06:00
82549315ff
Mark KdcRequestBody encode as unsupported atm
2014-12-09 17:05:20 -06:00
b84840a596
Add support to decode TGS_REQ body
2014-12-09 16:51:34 -06:00
f236438290
Add initial support for EncryptedData
2014-12-09 16:40:44 -06:00
2725235bc1
Add require for EncryptedData
2014-12-09 16:28:37 -06:00
c5865c6fec
Add initial design draft
2014-12-09 15:53:29 -06:00
c0dab54925
Add minor missing doc
2014-11-25 07:37:49 -08:00
bedf7ed44b
Doc cleanup
2014-11-24 14:34:20 -08:00
0ed356f71c
Move Kademlia stuff to a more OO model, etc, per reviews
...
All of the work is done in rex. The msf mixin just prevents the
desire to call rex directly from the module
2014-11-24 14:03:43 -08:00
90ae9a3ff8
Land #4173 , @wchen-r7's fix for SMB find_first
...
* Fixes #4119 , SMB find_first("\\*") does not return accurate results
* It missed initialization of sid
2014-11-21 09:51:57 -06:00
e255db9429
Partial commit
2014-11-20 13:49:36 -08:00
5d2c02f402
Initial commit of more OO version of Rex/Aux Kademlia support
2014-11-20 13:28:01 -08:00
94e5ba13a4
YARD and spec cleanup
2014-11-20 13:28:01 -08:00
df36ac910d
Mostly complete Kademlia PING / BOOTSTRAP scanner
2014-11-20 13:28:01 -08:00
f5aa3ecb57
Add proper peer decoding
2014-11-20 13:28:01 -08:00
ab49d01a1b
Add beginnings of Kademlia gather module and protocol support
2014-11-20 13:28:00 -08:00
7004c501f8
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2
...
Conflicts:
modules/exploits/windows/smb/psexec.rb
2014-11-19 14:40:50 +00:00
d94ca2b89a
Add doc for Rex::Proto::Steam
2014-11-18 11:46:28 -08:00
7098d89058
Introduce new ::Rex::Proto::SunRPC::RPCError, making run_host cleaner
2014-11-17 10:41:17 -08:00
ebf6fe4e56
Minor style cleanup
2014-11-12 16:44:43 -08:00
07a1653e57
Add gather module for Quake servers
2014-11-12 13:32:56 -08:00
719db5d2b1
Fix #4119 - SMB lost search ID (sid) in find_first method
...
This will fix issue #4119 . A bug in the find_first method in rex
SMB.
When the SMB client requests a TRANS2_FIND_FIRST2 for retriving
information about what items a directory has, the server returns
a response that contains an SID - a search identifier for the
transaction. If the SMB client wants more data, it must send a
TRANS2_FIND_NEXT2 request with the same SID. And then the server
will continue sending more until it runs out.
The root cause of this bug is that after the TRANS2_FIND_FIRST2
request is sent, our SMB's find_first method forgets the SID at
the end of the loop (out of scope).
2014-11-11 12:35:07 -06:00
5b1b7c22bb
Minor test/style cleanup
2014-11-11 10:18:56 -08:00
51e84ce548
Add unit tests, complete extraction/cleanup
2014-11-11 10:18:49 -08:00
e54442af36
Fix #4089 - undefined method `downcase' for nil:NilClass
2014-11-07 02:45:22 -06:00
4f61710c9a
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2
2014-10-28 20:26:44 +00:00
ea6824c46f
WIP of NAT-PMP rework
2014-10-14 14:20:24 -07:00
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
e1f00a83bc
Fix Rex because domainname and domain_name were duplicated
2014-09-26 13:40:52 -05:00
a31b4ecad9
Merge branch 'review_3893' into test_land_3893
2014-09-26 08:41:43 -05:00
86f85a356d
Add DHCP server module for CVE-2014-6271
2014-09-26 01:24:42 -05:00
5dde73bb51
Add domain name and url options to DHCP server
2014-09-25 19:58:42 -03:00
f68628c487
Add minimal specs for rex/proto/http/packet/header
2014-09-12 14:30:27 -05:00
af24e30ae9
Return instead of crashing if no challenge is received
2014-09-06 15:51:50 -05:00
ba1f7c3bf6
Land #3687 , reworks the nat-pmp portscanner
2014-08-26 14:34:46 -05:00
5ad090e833
Add unit test for and correct parsing of NAT-PMP port map responses
2014-08-26 10:49:53 -07:00
32a14cfc43
Missed the file...
2014-08-26 10:49:53 -07:00
bfa89bb3a5
Enforce binary encoding on non-modules, no encoding on modules
2014-08-25 13:12:29 -07:00
6185721a61
Address @hmoore-r7's feedback regarding binary encoding
2014-08-25 13:11:22 -07:00
637f86f37d
Gut SIP UDP stuff, use Msf::Auxiliary::UDPScanner
2014-08-25 13:11:21 -07:00
c2e70446ed
Move SIP module stuff to Msf::Exploit::Remote::SIP
2014-08-25 13:11:21 -07:00
fc67aed174
Correct style and doc issues, tidy failure message when not SIP
2014-08-25 13:11:21 -07:00
e3753e3649
Refactor SIP response parsing for future improvements
2014-08-25 13:11:21 -07:00
02e41c27e7
Split SIP response parsing out on its own, add unit tests.
...
Passes rspec but fails in framework. WIP.
2014-08-25 13:11:20 -07:00
d4ea3e9f29
Pass protocol down to parse_reply for report_* purposes
2014-08-25 13:09:39 -07:00
a2e2e37a69
Fix SIP options scanning
2014-08-25 13:09:39 -07:00
1ee83ff57e
Land #3696 , pile of NTP DRDoS 0days
...
Dr. DoS in da house?
2014-08-25 11:47:28 -05:00
05f0d09828
Merge branch staging/electro-release into master
...
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master. Rather than merging with
history, he squashed all history into two commits (see
149c3ecc6382760bf5b319ba7772f362b81d681448f0743d1b
2014-08-22 10:50:38 -05:00
19ba7772f3
Revert "Various merge resolutions from master <- staging"
...
This reverts commit 149c3ecc63
2014-08-22 10:17:44 -05:00
5e123e024d
Add 'coding: binary' to all msf/rex library files
...
This fixes a huge number of hard-to-detect runtime bugs
that occur when a default utf-8 string from one of these
libraries is passed into a method expecting ascii-8bit
2014-08-17 17:31:53 -05:00
6d92d701d7
Merge feature/recog into post-electro master for this PR
2014-08-16 01:19:08 -05:00
149c3ecc63
Various merge resolutions from master <- staging
...
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
c48cf48d85
Return the NTP message, not the string
2014-08-08 21:39:48 -07:00
91bb0b6e10
Metasploit Framework 4.9.3-2014072301
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
/lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
aJ0QgKJz8thZgafZc89I
=e1z9
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
AjGcfOzhhcsY+WAQ7OG+
=Pjob
-----END PGP SIGNATURE-----
Merge tag '2014072301' into staging/electro-release
Conflicts:
Gemfile.lock
modules/post/windows/gather/credentials/gpp.rb
This removes the active flag in the gpp.rb module. According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
ffafd4c01f
Add NTP fuzzer from @jhart-r7
...
Looks good to me!
2014-07-21 12:38:12 -05:00
17b0560dff
Add rubygems check to msftidy. remove rubygems.
2014-07-17 09:29:13 -07:00
25f74b79b8
Land #3484 , bad pack/unpack specifier fix
2014-07-16 14:52:23 -05:00
51a9a763c0
Move error_name to InvalidPacket and check for nil
...
MSP-10713
2014-07-15 15:02:53 -05:00
cc93dbbe29
Merge pull request #102 from rapid7/feature/MSP-9707/smb-bruteforce-refactor
...
Feature/msp 9707/smb bruteforce refactor
MSP-9707 #land
2014-07-11 11:33:12 -05:00
7d9c0da691
Record correct creds with non-success status
2014-07-09 13:26:49 -05:00
f51feb7f52
Modify get_cookies regular expression
2014-07-06 13:22:31 -05:00
43d65cc93a
Merge branch 'master' into feature/recog
...
Resolves conflicts:
Gemfile
data/js/detect/os.js
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
bc3ac1ee36
Correct private message format, update tests
2014-07-03 08:27:27 -07:00
1830bdc7a5
Add rspec coverage for Rex::Proto::NTP
2014-07-01 12:29:47 -07:00
bc274b358f
Move NTP message code to Rex::Proto::NTP, simplify option handling
2014-06-30 23:57:47 -07:00
c9b6c05eab
Fix improper use of host-endian or signed pack/unpack
...
Note that there are some cases of host-endian left, these
are intentional because they operate on host-local memory
or services.
When in doubt, please use:
```
ri pack
```
2014-06-30 02:50:10 -05:00
002234993f
SMB lib fixes, unattend.xml cred gathering
2014-06-23 20:08:42 -05:00
b872fa0f0d
Handle smb_recv corner case with a cache, clean up find_*, cosmetic
2014-06-23 16:14:18 -05:00
94388e3931
Fix typo in the constant name
2014-06-23 12:51:26 -05:00
936c7088ad
Merge branch 'master' into psexec_refactor_round2
...
Conflicts:
lib/msf/core/exploit/smb/psexec.rb
modules/exploits/windows/smb/psexec.rb
2014-06-07 13:38:30 +01:00
0133e861f8
Fix typo
2014-05-26 23:55:20 -05:00
da0a9f66ea
Resolved all msftidy vars_get warnings
2014-05-25 19:29:39 +02:00
d77cb179a8
Fix return yarddoc
2014-05-23 21:16:11 +01:00
8aa2df1924
Fixup yarddoc
2014-05-23 20:47:52 +01:00
778138b0dc
Refactors
...
Add a Rex::Constants::Windows module to hold windows constants
Convert DCERPC_SERVICES to a class and move to Rex
2014-05-21 20:15:32 +01:00
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
472f029576
Fix random bug when workstation_name is < 6 chars
...
When the local workstation name is less than 6 characters, remote
authentication against a Windows 2008r2 WinRM service always fails. This
doesn't seem to affect authentication against IIS's negotiate
implementation.
2014-05-15 13:27:37 -05:00
2849a1bc0c
Update comment again
2014-05-12 13:10:20 -05:00
a3cc499a17
Update comment w/ all modes
2014-05-12 13:02:54 -05:00
5f523e8a04
Rex::Text::uri_encode - make 'hex-all' really mean all.
...
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes' It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
e8f46f97e1
Remove bin_to_hex function and replace with Rex::Text.to_hex
2014-05-01 15:42:04 +01:00
ff14cf9bfb
Implement QUERY_FILE_INFO_NETWORK SMB command
...
This commit adds support for the TRANS2 request 'query file info
network' (smb_cmd_trans_query_file_info_network) used in some SMB client
requests. This adds specific support for functions used by Apache Tomcat
in the Struts2 JSP injection exploit (CVE-2014-0094).
2014-05-01 12:23:31 +01:00
b899504580
Bugfixes and additional protocol support for extra FIND_FIRST2 functions
...
These additions queue up support for the SMB functions used by the
ms13_071_theme expoit developed by Juan Vazquez, including support for
the FIND_FIRST2 functions:
* Find File Both Directory Info
* Find File Names Info
Additionally this commit fixes a few bugs in how the client SMB payload
is handled to determine whether a file, directory or "not found"
response needs to be returned and allows metasploit to serve arbitrary
files directly over SMB in addition to files being loaded in runtime
processes calling "LoadLibrary".
2014-04-30 11:58:34 +01:00
42d59d269e
Check #closed? instead of rescuing.
2014-04-03 14:20:48 -05:00
98628b814e
Prevent Rex::Proto::Http::Client from raising on close.
2014-04-03 11:36:18 -05:00
7e227581a7
Rework OS fingerprinting to match Recog changes
...
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.
This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
c1db8e260f
Add yardoc documentation for the SMBFileServer Class
2014-03-12 17:28:18 +00:00
0f259d3032
Tidy lib/rex/proto/smb/server.rb following feedback from jlee-r7
...
* Remove redundant ServerClient class
* Use dlog/elog/ilog instead of printing to $stdout
2014-03-12 15:41:21 +00:00
c6d92796e6
Clean with msftidy.rb
2014-03-12 10:06:02 +00:00
d380435113
This commit adds support for implementing the SMBFileServer Module
...
within Rex, allowing exploit modules to create a payload to be sent
to an SMBFileServer instance. This can be useful in cases where
you would find DLL injection in an system which will read files
over a UNC share, or other instances where a payload can be delivered
over SMB.
This code borrows heavily from the ms13_071_theme module written
by Juan Vazquez, however I have performed a fair amount of protocol
analysis and debugging to provide support for delivering an arbitrary
MSF payload over UNC.
The main differences being the presence of functions to support:
-SMB CMD Trans Query Path Info (Basic and Standard)
- SMB CMD Trans Query File Info (Standard and Internal)
This code can be considered "alpha", as I have only implemented support
for the SMB functions discovered during development of an exploit of an
arbitrary DLL injection into a server performing a "LoadLibraryA" call.*
However, this provides a basis upon which additional SMB functions can
be implemented to extend delivery of payloads over SMB.
A separate commit will expose the SMBFileServer Module within
./lib/msf/core/exploit/smb.rb
* This exploit will be committed separately once a fix has been confirmed
by the vendor.
2014-03-07 15:00:45 +00:00
57320a59f1
Do small clean up for mediawiki_thumb pr
2014-02-10 08:57:09 -06:00
90207628cc
Land #2666 , SSLCompression option
...
[SeeRM #823 ], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
dc4b4218b3
Make {COUNT,SIZE}_MAX more readable
...
Good suggestion, @jlee-r7.
2014-01-21 12:13:14 -06:00
6a16cf96ba
Fix bug in fsupload
...
Badchar analysis: file may contain form feeds.
2014-01-21 11:36:24 -06:00
9bf90b836b
Add environment variables support
2014-01-16 14:53:25 -06:00
0915212249
Fix socket timeout bug
2014-01-16 11:58:37 -06:00
311704fc0a
Perform final cleanup
2014-01-15 13:49:37 -06:00
27f079ad7c
Move {begin,end}_job from libs to modules
2014-01-09 01:03:01 -06:00
025fc79683
Refactor commands for modularity
2014-01-09 01:03:01 -06:00
3fca11e5ac
Replace magic numbers with constants
2014-01-09 01:03:01 -06:00
2f2823e323
Remove newline from end_job to conform to spec
2014-01-09 01:03:01 -06:00
d3bbe5b5d0
Add filesystem commands and new PoC modules
...
This commit also refactors some of the code.
2014-01-09 01:03:01 -06:00
af66310e3a
Address @jlee-r7's comments
2014-01-09 01:03:01 -06:00
bab32d15f3
Address @wchen-r7's comments
2014-01-09 01:03:00 -06:00
1c889beada
Add Rex::Proto::PJL and PoC modules
2014-01-09 01:03:00 -06:00
feaf6c23cf
Merge and Unconflict client.rb, new module splat
...
The only conflict was the regex option for no encoding, which was added
after @Meatballs1's original PR for rapid7/metasploit-framework#1421
Also fixes the module with the new license splat.
Conflicts:
lib/rex/proto/smb/client.rb
2013-12-30 16:53:13 -06:00
e10f9cc518
More whitespace fixes.
2013-11-20 15:07:51 -06:00
3ff9da5643
Remove compression options from client sockets.
...
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
2013-11-20 14:41:45 -06:00
b70b594a2a
Kill extraneous comma.
2013-11-20 13:47:47 -06:00
a7b01e3b72
Put initialize params back on one line, and move attr_accessors.
...
As per @hdm's feedback
2013-11-20 12:29:09 -06:00
9f103f8621
Whitespace tweak.
2013-11-20 01:15:15 -06:00
f8b57d45cd
Reenable the client SSLCompression advanced option.
...
Add spec for some of the additions to Rex::Proto::Http::Client
2013-11-20 01:03:13 -06:00
109fc5a834
Add SSLCompression datastore option.
...
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.
This also kills some ruby < 1.9.3 code.
2013-11-19 22:34:39 -06:00
8d4d7dae50
Restore comment header and remove carriage returns
2013-11-11 12:16:14 -06:00
36064ca886
remove EOL carriage return from socks4a.rb
2013-11-11 12:47:41 -05:00
575072585f
removed shebangs from files within rex
2013-11-07 18:51:59 -05:00
cad717a186
Use NDR 32bit syntax.
...
Compatible with both x86 and x64 systems.
Tidy up the module...
2013-10-12 18:52:45 +01:00
876d4e0aa8
Land #1420 , WDS scanner
2013-10-11 16:53:25 -05:00
d04c47d2b7
Remove comment since it was addressed in 4500d09c2f
2013-09-26 19:47:54 -05:00
9cc446ae2a
Get cookies with empty values
2013-09-25 14:31:34 -05:00
58d4096e0f
Resolv conflicts on #2267
2013-09-25 13:06:14 -05:00
7c4708b1df
-) Fix get_cookies to return multiple cookies. Before it only returned the first cookie
...
-) Bugfix
2013-09-23 23:59:45 +02:00
72dff03426
FixRM #8396 change all lib use of regex to 8-bit pattern
2013-09-12 16:58:49 -05:00
8bc83f4922
Retab changes for PR #1420
2013-09-05 16:21:26 -05:00
d6a7ce5328
Merge for retab
2013-09-05 16:21:13 -05:00
785c2eeb95
Retab changes for PR #1421
2013-09-05 16:20:04 -05:00
a5cf67a9af
Merge for retab
2013-09-05 16:19:51 -05:00
7e5e0f7fc8
Retab lib
2013-08-30 16:28:33 -05:00
add294d999
Fix potential nil in last_filename
...
Replacing #2060 . It is possible to get a nil in last_filename if
the sub! function doesn't find any 0x00s to replace, so instead
it's best to use sub(), which should at least return the original
filename. To make sure we don't hit any other unknown conditions
that may result in nil last_filename, it's also convert with to_s
to make sure it's always a string.
2013-07-09 12:50:19 -05:00
8e4dd29a4c
Add cipher zero scanner
2013-06-30 02:35:37 -05:00
4fb6fa67f2
Fix require for constants, trim useless fields from banner
2013-06-26 09:59:40 -05:00
84117e28a8
Remove stale constants.rb require
2013-06-26 09:52:15 -05:00
b3b94c7a73
Break packet classes into their own files
...
This makes the file structure match the class structure and makes the
source tree easier to grok.
2013-06-24 19:24:09 -05:00
1801a5a270
Better HP iLO compatibility (retry on session ID error)
2013-06-24 14:23:53 -05:00
c869112407
Cleanup, reporting, and automatic cracking
2013-06-23 01:35:31 -05:00
5656e0cb7a
Initial commit of IPMI library, scanner, & cracker
2013-06-22 23:38:28 -05:00
3f665ba5a0
Skip also max-age from cookies
2013-06-17 14:04:08 -05:00
af613ee254
Add a more readable #inspect
2013-06-11 15:22:49 -05:00
14c4dbcf8c
Also remove *.ts.rb files
...
On the heels of #1862 , this gets rid of the "test suites" that bound
together all the old unit tests.
2013-05-28 17:05:44 -05:00
05916c079e
Inline unit tests are so last decade
...
Aside from codebase-wide changes, nearly all of these tests haven't been
touched since before 2010, and there is no effort to maintain this style
of testing. We've moved on to (correctly) seperating out our tests from
our codebase.
2013-05-23 12:41:14 -05:00
f4498c3916
Remove $Id tags
...
Also adds binary coding magic comment to a few files
2013-05-20 16:21:03 -05:00
6bf19c6fb8
HTTP::ClientRequest: Should handle nils in params
...
When hashes for params contain nils, they should be converted to empty
strings instead of crashing.
* #to_s: Calls #to_s on vars_get and vars_post data
* #set_encode_uri: Calls #to_s on its arg
2013-04-30 22:01:00 +03:00
bbd53a2dbd
Add domain to get_cookies
2013-04-26 20:34:21 +01:00
b25b9e769c
Msftidy
2013-04-26 20:30:04 +01:00
1f2cab7aef
Tidyup and getcookies
2013-04-26 20:26:04 +01:00
9ad19ed2bf
Final tidyup
2013-04-26 15:41:28 +01:00
c7ac647e4e
Initial attempt lfi
2013-04-26 14:32:18 +01:00
e4ff7a2f2c
Address egypt's feedback
2013-04-09 21:15:04 +01:00
bc4b87ebd9
Fix Undocumentable method defined on object instance YARD warnings
...
[#46491831 ]
Change code to use format that YARD can document without changing
semantics.
2013-03-30 16:05:12 -05:00
c210260845
Fix Undocumentable method, missing name YARD warning
...
[#46491831 ]
Comments at the start of the file with ## caused YARD to think the
comment was documenting the require call. By removing the ##, the
warning disappeared. I did not determine what is special about ## in
file comments.
2013-03-30 15:32:38 -05:00
0a9b00e24c
Apparently missed part of mubix's original changes
...
Used by auxiliary/admin/smb/list_directory
2013-03-07 21:20:46 -06:00
c3fa62cd59
Whitespace at EOL
2013-03-07 18:16:57 -06:00
df3361df50
Merge branch 'master' into wds_scanner_repull
2013-03-07 20:09:44 +00:00
27727df415
Merge branch 'R3dy-psexec-mixin2' into rapid7
2013-03-05 14:36:55 -06:00
6dcca7df78
Remove duplicated header issues
...
Headers were getting duped back into client config, causing invalid
requests to be sent out
2013-03-04 11:24:26 -06:00
6d811ce4b9
empty passwords should be allowed
2013-03-04 09:09:11 -06:00
4212c36566
Fix up basic auth madness
2013-03-01 11:59:02 -06:00
902948e5d3
cleanup options
2013-03-01 11:01:00 -06:00
5a79fcd11e
Ensure we build only one Authorization header
...
Also fixes an issue where Host headers were generated with nil by
preferring the vhost from Client instead of the default nil from
ClientRequest.
2013-02-28 13:47:30 -06:00
425c245771
Axe set_cgi in favor of set_uri
...
They were identical except for a couple of extra bugs in set_cgi.
Also changes ```split("/")``` to ```split("/", -1)```, which behaves
correctly when the input has a seperator at the beginning or end.
2013-02-27 19:13:05 -06:00
b0745b090a
Msf HTTP uses this directly, can't axe it
2013-02-27 17:54:31 -06:00
4edd46216f
Refactor config -> opts
...
Puts all the evasion stuff in the same place as regular HTTP options to
make it easier to deal with.
2013-02-27 17:29:26 -06:00
d5ae54cbb6
More accurate docs
2013-02-27 16:27:37 -06:00
7a7dd8975f
Hmm, turns out something actually used that
...
Despite comments to the contrary
2013-02-26 18:16:54 -06:00
29df20996e
Move most of the configuration into ClientRequest
...
Also fixes in-place modification of the query string which resulted in
duplication of the GET parameters when calling #to_s more than once.
2013-02-26 17:38:09 -06:00
579c11bc69
Set reasonable defaults for more things
...
All current tests are passing now
2013-02-26 14:25:46 -06:00
d7de3b75a4
Format Authorization header like others
...
Also sorts the set_*_header methods
2013-02-26 14:18:20 -06:00
c206ac4998
Set some reasonable defaults
...
Fixes a number of nil deref issues
2013-02-26 14:15:51 -06:00
d463460da7
Default cgi to true when not given
2013-02-26 13:33:54 -06:00
764bbbb8e5
Whitespace
2013-02-26 13:33:19 -06:00
5e0161d3f7
Reflect new ClientRequst in docs
2013-02-26 13:31:24 -06:00
5ac20e1b02
Merge branch 'feature/http/authv2' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/http/authv2
...
Conflicts:
lib/rex/proto/http/client.rb
2013-02-26 12:08:00 -06:00
c104fa6d97
Add spec and a few fixes for set_uri
2013-02-26 11:01:16 -06:00
1ce86b7adb
Whitespace
2013-02-25 14:29:10 -06:00
accd620843
Clean up pry
2013-02-19 23:50:30 -06:00
b2563dd6c2
trying to clean up the mess from the revert
2013-02-19 21:25:37 -06:00
dac1147473
merge client config into opts
2013-02-19 19:41:42 -06:00
de4234f0ad
Some more YARD docs
2013-02-19 18:48:03 -06:00
jvazquez-r7
HD Moore
Tod Beardsley
Jon Hart
Meatballs
sinn3r
James Lee
Ramon de C Valle
William Vu
Brandon Turner
Samuel Huckins
Trevor Rosen
Christian Mehlmauer
Jeff Jarmoc
Matthew Hall
joev
Jonathan
Joshua J. Drake
jvazquez-r7
Tab Assassin
Tasos Laskos
Luke Imhoff
David Maloney