Commit Graph

13004 Commits (f39e3784965e33a3273139ee6f26e8f349f63c9c)

Author SHA1 Message Date
David Maloney 418e371e35
add SMB2 login scanner and module
add smb2_login module backed by an smb2
LoginScanner class. This is a temporary alternative
to smb_login until ruby_smb catches up more on feature parity

MS-2557
2017-03-29 11:36:33 -05:00
Adam Cammack bf9b0130d9
Clean up odd code 2017-03-28 11:19:30 -05:00
Adam Cammack 71df231918
Add new loader for arbitrary executables
Still some kluges left in the shim and we have to hit the disk when
constructing the module path
2017-03-28 10:27:12 -05:00
William Vu d47e59b04e Fix missing dll_data var in parse_pe
Also clean up YARD.
2017-03-27 01:17:23 -05:00
Pearce Barry 31c03840bb
Style fixes for HWBridge RF and a couple small bug fixes
I should have tweaked these earlier, my bad.
2017-03-26 13:45:19 -05:00
Pearce Barry 29b30217d2
Land #8149, Add -h for the check command 2017-03-24 15:47:59 -05:00
Pearce Barry 4e6cf58b22
Land #8143, Fix variable typos in rfrecv related methods. 2017-03-24 15:38:52 -05:00
Metasploit 51646e44a1
Bump version of framework to 4.14.6 2017-03-24 10:02:24 -07:00
wchen-r7 1c3c2ecdc6 Add -h for the check command
Because even I don't remember what it can do anymore.
2017-03-24 11:47:36 -05:00
dmohanty-r7 92c0748447
Land #8102, Add a plugin to notify new sessions via SMS 2017-03-24 11:17:59 -05:00
William Webb e04f01ed6b
Land #7778, RCE on Netgear WNR2000v5 2017-03-23 15:34:16 -05:00
Metasploit 8976faa3d1
Bump version of framework to 4.14.5 2017-03-23 08:41:49 -07:00
darkbushido 271fd589f2 Revert "Land #8135, Report hosts always add ip to hostname if hostname is blank"
This reverts commit 5a1c7ca8af, reversing
changes made to d10b3da6ec.
2017-03-23 10:05:58 -05:00
Leon Jacobs c58e9acadd
Fix variable typos in rfrecv related methods. 2017-03-22 15:44:22 +02:00
Tim ef53e6a593 fix execute and kill cmd usage/help 2017-03-22 16:29:47 +08:00
Metasploit df181c1792
Bump version of framework to 4.14.4 2017-03-21 14:58:37 -07:00
William Vu 686f30e118
Land #8117, p{grep,kill} for Meterpreter <3 2017-03-21 16:37:34 -05:00
darkbushido 60bc279eb3
removing extra whitespace 2017-03-21 10:40:59 -05:00
darkbushido 1221a20d0d
reversing the logic to check for .blank? 2017-03-21 10:35:19 -05:00
darkbushido 7ff7c707c9
setting host_name to address if host_name is blank. 2017-03-21 10:26:57 -05:00
Pearce Barry f397624a69
Land #7935, HWBridge RF transceiver extension 2017-03-21 06:12:32 -05:00
Brent Cook aa5e9cd702
Land #8058, Allow the http_payload stager to sleep before retry 2017-03-21 00:07:10 -05:00
Pearce Barry 7477e44d30 Use urlsafe Base64 en/decode calls. 2017-03-20 17:37:16 -05:00
Pearce Barry c4279a837a Minor formatting/spelling/verbiage changes. 2017-03-20 17:37:12 -05:00
Craig Smith 2fde287424 Initial patch for rftransceiver (RfCat / YardstickOne) 2017-03-20 17:36:16 -05:00
Pearce Barry 321988c282 Replace errant '.' with ',' 2017-03-20 16:36:13 -05:00
Pearce Barry 2acd941b16 Merge branch 'master' into dtc_fix 2017-03-20 14:10:01 -05:00
Craig Smith 0be6b8c905 Fixes #8022
Adds detection for ELM327 chips reporting CAN ERROR when vehicle is off.
Addes some enhanced UDS Error codes.
Cleaned up reporting from getvinfo if the vehicle is off or not connected.
2017-03-20 13:49:39 -05:00
Pearce Barry 06ebb22a8f
Land #8065, Zigbee Hardware Bridge Extension 2017-03-20 10:44:15 -05:00
William Vu f9ecefe465
Land #8031, nil fixes for HWBridge 2017-03-19 22:37:28 -05:00
alpiste f715fee10c The option StagerRetryWait will be used by default with the value of 5 seconds 2017-03-17 20:28:14 -03:00
Brent Cook ad2222152c Merge remote-tracking branch 'upstream/master' into land-8056-outlook 2017-03-17 17:30:08 -05:00
Metasploit 6200a3abb8
Bump version of framework to 4.14.3 2017-03-17 10:02:41 -07:00
Brent Cook dd6e75986d add -l and -f flag simulation for pgrep, XXX rex handles flag opts poorly 2017-03-16 23:48:39 -05:00
Brent Cook 70bbacf7ed kill processes in reverse, allow children before parents more likely 2017-03-16 23:48:04 -05:00
Brent Cook e1f33f1616 Merge remote-tracking branch 'upstream/master' into land-8038- 2017-03-16 22:03:48 -05:00
Pearce Barry 095a110e65
Code and doc tweaks (minor).
Only one behavior change in the scan loop of zstumbler.rb to, when doing a scan across all the channels, keep it from retrying channel 11 again one last time just before it exits.
2017-03-16 21:43:36 -05:00
William Vu bad1fc9948
Land #8041, loopback warning for LHOST 2017-03-16 13:30:12 -05:00
William Vu af3cd18c9f Fix #8041 so it works 2017-03-16 13:27:47 -05:00
bwatters-r7 ab75794cd4
Land #8071, Add API to send an MMS message to mobile devices 2017-03-16 11:57:34 -05:00
Spencer McIntyre 03698ec214 Fix how the psh mixing issues meterpreter commands 2017-03-16 08:45:10 -04:00
Brent Cook 85f7d73d4d add pgrep as well 2017-03-16 04:14:45 -05:00
Brent Cook c9a85f58c0 add pkill command, rework to share filtering logic with ps 2017-03-16 03:57:49 -05:00
Brent Cook a1be63e449 fix warnings in rex argument parser 2017-03-16 03:57:49 -05:00
bwatters-r7 91a4657c36 Bumped the metasploit-payloads version and cache sizes with PR#8043 2017-03-15 19:02:21 -05:00
Brent Cook 8995629037
Land #7061, allow chaining the service stub with other encoders 2017-03-15 13:56:09 -05:00
Spencer McIntyre befc5e05e5 Fix more kernel32 railgun definitions using DWORD 2017-03-14 18:42:52 -04:00
Spencer McIntyre d759c603b2 Fix more kernel32 railgun definitions using DWORD
Some railgun definitions for the kernel32 module define DWORD for the
functions return type when it should be HANDLE. This causes errors on
64-bit systems when the return value is truncated.
2017-03-14 16:58:22 -04:00
wchen-r7 18cdb2f82f Add a -l option to the load command to list plugins
This allows the load command in msfconsole to list all the
available plugins in Framework.
2017-03-14 14:15:52 -05:00
wchen-r7 bb4d6e17c8 Resolve #8026, Add a plugin to notify new sessions via SMS
This plugin will notify you of a new session via SMS.

It also changes the SMS text format to MIME.

Resolve #8026
2017-03-13 16:13:59 -05:00
Noah Berman ad929b6427
indentation fix part 2 2017-03-09 15:44:09 -07:00
Noah Berman ef6831437a
indentation fix for clarity 2017-03-09 14:55:20 -07:00
Noah Berman ccf345f696
move method to module level 2017-03-09 14:32:51 -07:00
William Vu febe9625dd Add rcheck/recheck to aux modules and exploits 2017-03-09 15:30:34 -06:00
Noah Berman 10018e2a32
spacing fix in reverse.rb 2017-03-09 12:48:36 -07:00
Noah Berman 40204703f0
remove unnecessary newline 2017-03-09 12:26:11 -07:00
Noah Berman e7b47865be
ruby formatting fix 2017-03-09 12:23:02 -07:00
Noah Berman 274089a7f1
cleanup for lhost loopback warn 2017-03-09 11:33:27 -07:00
Noah Berman 7806173764 Merge branch 'master' of github.com:rapid7/metasploit-framework into lhost-setting-warning 2017-03-09 11:11:23 -07:00
Noah Berman 2f55b5e00e
reconfigure lhost warn for loopback address 2017-03-09 11:10:27 -07:00
William Vu 1a96fb03ae Allow start_service to specify a resource
This overrides URIPATH and random_uri if opts['Path'] is specified.
2017-03-09 02:33:02 -06:00
William Vu 1a0b342e68 Add srvport to HttpServer
This allows URIPORT to override SRVPORT.
2017-03-09 02:24:22 -06:00
wchen-r7 702d1c2b7e Fix bug for subject 2017-03-08 11:43:36 -06:00
wchen-r7 ed22902fd4 Support the subject field 2017-03-08 11:40:08 -06:00
Craig Smith f60dae0917 Lots of syntax fixups from rubocop 2017-03-08 09:21:33 -08:00
h00die 95683715e0
land #8069, a warning when setting rhost in rhosts modules 2017-03-07 18:42:38 -05:00
wchen-r7 036a443a41 Add Google Fi gateway 2017-03-07 17:02:32 -06:00
wchen-r7 dc36bc4a0d Add rspec 2017-03-07 16:49:42 -06:00
wchen-r7 dc13b84189 Bring mms branch up to date w/ master 2017-03-07 16:13:39 -06:00
Jin Qian 7e19486a97
Merge branch 'wchen-r7-sms' into upstream-master
Merged #8047
2017-03-07 15:56:00 -06:00
Brendan Coles 1aec2203e5 Warn when setting RHOST option for module which expects RHOSTS 2017-03-07 21:02:30 +00:00
wchen-r7 d32f08f969 Add doc and fix mms message class 2017-03-07 14:40:37 -06:00
wchen-r7 fae05f2e98 And API to send an MMS message to mobile devices
This API allows you to send a malicious attachment to mobile
devices.
2017-03-07 12:34:45 -06:00
= 27c2795632
Issue #7188 resolved along with checking for all loopback addresses. 2017-03-08 00:02:50 +05:30
Metasploit db581a040a
Bump version of framework to 4.14.2 2017-03-07 07:01:57 -08:00
Craig Smith 4e9b8946d8 Fixed some small msftidy issues 2017-03-06 22:47:37 -08:00
Craig Smith 97ad8be7ff Added some Zigbee Documentation 2017-03-06 22:42:15 -08:00
Craig Smith 60cd04bc7b Added module for zstumbler 2017-03-06 16:10:14 -08:00
wchen-r7 a466dc44c6 Do exception handling for sms client 2017-03-06 10:54:08 -06:00
alpiste 09442f226a Functionality was added to allow the payload to wait before trying to reconnect.
Also the code was modified to allow the payload to infinite retry if 0 is set.
2017-03-04 18:12:09 -03:00
wchen-r7 4d44911d5c Do doc for google fi 2017-03-03 11:38:47 -06:00
wchen-r7 d9b21b16a9 Support Google Project Fi gateway 2017-03-03 11:36:13 -06:00
wchen-r7 2edb116855 Send texts individually
If we pass all the phone numbers at once in one email, it becomes
a group chat, and that allows the recipients to see each other's
number, which isn't the intended behavior.
2017-03-03 11:12:59 -06:00
wchen-r7 c61f8ded78 Comment out Sprint
It looks like the Sprint gateways won't accept our email for
some reason, so we can't use it.
2017-03-03 11:09:04 -06:00
wchen-r7 6ad8afb8b3 Add API to send a text message (SMS) to mobile devices 2017-03-02 16:47:55 -06:00
Noah Berman 23474dfc70
change print_error to print_warning 2017-03-02 09:46:03 -07:00
William Vu 79c01a9577 Fix ancient copypasta of Aux to Post
Specifically a crash in the run command's help.
2017-03-02 01:24:27 -06:00
Noah Berman f91328b122
modify warning wording 2017-03-01 15:00:15 -07:00
Noah Berman d9f5b75dc5
warn when lhost set to 127.0.0.1 2017-03-01 14:53:49 -07:00
Spencer McIntyre 2d51801b01 Use native_arch for railfun multi and test it 2017-03-01 13:07:04 -05:00
Tim 601131f236 hook Application class if found 2017-03-01 19:22:42 +08:00
Tim ee8b70e0df fix permission shuffling 2017-03-01 14:38:47 +08:00
Tim 063d999a64 randomize the payload, service and broadcast receiver names 2017-03-01 14:20:31 +08:00
Tim b273517f9a always set first byte to 1 on stageless configs 2017-03-01 12:46:00 +08:00
Tim c8816cacb0 Remove stageless classname from staged payloads, fixes #8034 2017-03-01 12:27:12 +08:00
Brent Cook 31568320f9 Merge branch 'upstream-master' into land-8021- 2017-02-28 03:02:03 -06:00
Brent Cook bbf271f6b0
Land #7981, allow handler launched by the handler command to persist
Merge remote-tracking branch 'upstream/pr/7981' into upstream-master
2017-02-28 02:38:42 -06:00
Craig Smith d4e5cb7993 Fixes #8022
Adds detection for ELM327 chips reporting CAN ERROR when vehicle is off.
Addes some enhanced UDS Error codes.
Cleaned up reporting from getvinfo if the vehicle is off or not connected.
2017-02-27 21:09:57 -08:00
Craig Smith dcb42a3e69 Initial zigbee support using killerbee. Core session setup portion 2017-02-27 17:29:54 -08:00
Spencer McIntyre 0ebd51d224 Use native_arch for railgun sizes 2017-02-26 14:42:55 -05:00
Spencer McIntyre 3b2e5e0785 Add a new core_native_arch method for meterpreter 2017-02-26 14:22:24 -05:00
William Webb 076848e904
Land #7993, Keep sessions in progress alive 2017-02-24 16:57:47 -06:00
Metasploit f9e4fd54fe
Bump version of framework to 4.14.1 2017-02-24 13:31:17 -08:00
Jeffrey Martin a954521d75
bump minor version 2017-02-24 15:07:07 -06:00
James Barnett 2631259919 Land #7973, Enable cert validation for Nexpose
This PR enables connection to a Nexpose console using the
nexpose client gem.

It also allows you to connect using a trusted certificate
instead of simply overriding the SSL validation.
2017-02-24 14:27:24 -06:00
Pearce Barry e5d0370a94
Fixes MS-1716, keep sessions in progress alive. 2017-02-24 12:56:05 -06:00
Metasploit 0f4e03be7b
Bump version of framework to 4.13.27 2017-02-24 10:03:33 -08:00
wchen-r7 f27ef55391
Land #7992, Improve Signature Evasions for browser exploits 2017-02-23 16:32:49 -06:00
Jeff Tang e3f613ecc6 Bypass: Metasploit OS detection
SEP is triggering on HTTP POSTs which start with `os_name`
2017-02-23 15:42:04 -05:00
Jeff Tang 84ab3c66cc Use obfuscated JS in BES 2017-02-22 12:47:36 -05:00
bwatters-r7 4f839299f1
Land #7978, Add a test module for railgun API calls 2017-02-21 17:15:49 -06:00
Metasploit 01558d3d51
Bump version of framework to 4.13.26 2017-02-21 14:01:15 -08:00
James Barnett d738b63fa6 Land #7985, Fix bug in check_setup for bavision
@wchen-r7 fix uncovered another bug in the logic for the
check_setup return. This switches the return to the expected
values.

Fixes #7984
2017-02-21 14:29:21 -06:00
James Barnett 93f75746c4
Fix logic error in #7985
The check_setup method expects an error message if the
web server is not compatible with the module, and false otherwise.
We were previously returning the opposite of the expected behavior.
2017-02-21 13:49:59 -06:00
William Webb 2a20d24c29
Land #7966, Fix 'rm' to handle multiple files 2017-02-21 13:32:19 -06:00
wchen-r7 adf1385427 Fix #7984, Fix NoMethodError `match' for bavision_cameras.rb
Fix #7984
2017-02-21 12:00:01 -06:00
Rich Whitcroft f08478e02f fix handler persistence 2017-02-20 13:51:07 -05:00
Spencer McIntyre 7d1fadb84f Add a test module for railgun api calls 2017-02-18 17:37:49 -05:00
Metasploit 647020289f
Bump version of framework to 4.13.25 2017-02-17 17:03:42 -08:00
dmohanty-r7 c4f1e0db1f
Land #7913, Fix Console Route Print with ipv4 and ipv6 2017-02-17 17:42:57 -06:00
Brent Cook 17b88da080
Land #7964, fix running a scanner with USER_AS_PASS and USER_FILE 2017-02-17 17:16:49 -06:00
Brent Cook 566bafe65d
Land #7962, Uploading files without specifying the destination closes a Meterpreter session. 2017-02-17 17:04:22 -06:00
Brent Cook 5207cb6c3a
Land #7914, send the correct exception on channel open failure 2017-02-17 17:00:30 -06:00
Brent Cook 807a27e73d clarify error handling when a channel cannot be opened 2017-02-17 16:59:09 -06:00
Brent Cook 0e3eba18b3 simplify guard logic 2017-02-17 16:00:15 -06:00
Brent Cook f4befda59b inherit the options from the default target so we can autocomplete before the rhost resolution occurs 2017-02-17 15:50:45 -06:00
Metasploit 6e62899e1c
Bump version of framework to 4.13.24 2017-02-17 10:02:51 -08:00
Brent Cook da82f0891e
Land #7860, Add OverrideScheme option to reverse_http/s handler 2017-02-17 11:12:49 -06:00
Craig Smith 1214ef5b79 Replaced tabs with spaces and removed trailing spaces at EOL 2017-02-15 16:46:11 -08:00
Craig Smith 8f1856c5d1 Fixed a bug with DTC decoding.
DTC Codes now print the English error messages next to their code with getvinfo
Frozen DTCs can also be fetched via get_frozen_dtcs()
2017-02-15 16:26:23 -08:00
Rich Whitcroft 5bd38af8d6 fix rm to handle multiple files 2017-02-15 19:22:39 -05:00
Rich Whitcroft 4e5dabf35f fix cred_scanner's has_privates? method 2017-02-15 16:05:49 -05:00
Rich Whitcroft 24a4211bb9 fix upload when dest not specified 2017-02-14 22:08:49 -05:00
wchen-r7 f600fa1caa Be aware of logout 2017-02-14 17:03:57 -06:00
wchen-r7 81abbfba46 Resolve #7959, Automatically login to RPC service after expiration
When the RPC client token expires, it will automatically login
again, and renew the token during the next RPC request.

Resolves #7959
2017-02-14 16:41:08 -06:00
Brent Cook b741c8b2f7 fix typo in failure path, pointed out by rw- 2017-02-13 21:16:48 -06:00
Metasploit 184707c6fc
Bump version of framework to 4.13.23 2017-02-13 16:04:35 -08:00
Brent Cook c1d08b9574 rename udp_sock to udp_socket to avoid mixin collisions 2017-02-12 22:31:56 -06:00
Metasploit 44d229ad49
Bump version of framework to 4.13.22 2017-02-10 10:02:43 -08:00
James Lee 4f13bde471
Override `empty?` for the weird ones
Fixes #7899
2017-02-09 14:57:20 -06:00
wchen-r7 4b5bc84f5c
Land #7918, Fix report_vuln for aux/scanner checks 2017-02-09 12:18:33 -06:00
Christian Mehlmauer 8ade9b8aae
Land #7905, WordPress content injection module 2017-02-09 15:49:50 +01:00
Tim 095831e029
fix silly typo 2017-02-08 23:41:15 +08:00
William Vu b06895b604 Hide RPORT more intelligently 2017-02-08 09:40:42 -06:00
Tim 870621d169
Add OverrideScheme option, fixes #7841 2017-02-08 23:30:29 +08:00
Metasploit d81bdc1c02
Bump version of framework to 4.13.21 2017-02-07 17:27:47 -08:00
Brent Cook 74e029f3b1
Land #7932, Fix CVE-2017-5229 2017-02-07 19:22:36 -06:00
Brent Cook 522c6dce8e
Land #7931, Fix CVE-2017-5231 and respect user's dest 2017-02-07 19:22:17 -06:00
Brent Cook 68a5d300fe minor style issues 2017-02-07 18:35:35 -06:00
Brent Cook b370dd0654 Fix CVE-2017-5229 - extapi Clipboard.parse_dump() Directory Traversal 2017-02-07 18:24:06 -06:00