ad929b6427
indentation fix part 2
2017-03-09 15:44:09 -07:00
ef6831437a
indentation fix for clarity
2017-03-09 14:55:20 -07:00
ccf345f696
move method to module level
2017-03-09 14:32:51 -07:00
febe9625dd
Add rcheck/recheck to aux modules and exploits
2017-03-09 15:30:34 -06:00
10018e2a32
spacing fix in reverse.rb
2017-03-09 12:48:36 -07:00
40204703f0
remove unnecessary newline
2017-03-09 12:26:11 -07:00
e7b47865be
ruby formatting fix
2017-03-09 12:23:02 -07:00
274089a7f1
cleanup for lhost loopback warn
2017-03-09 11:33:27 -07:00
7806173764
Merge branch 'master' of github.com:rapid7/metasploit-framework into lhost-setting-warning
2017-03-09 11:11:23 -07:00
2f55b5e00e
reconfigure lhost warn for loopback address
2017-03-09 11:10:27 -07:00
1a96fb03ae
Allow start_service to specify a resource
...
This overrides URIPATH and random_uri if opts['Path'] is specified.
2017-03-09 02:33:02 -06:00
1a0b342e68
Add srvport to HttpServer
...
This allows URIPORT to override SRVPORT.
2017-03-09 02:24:22 -06:00
702d1c2b7e
Fix bug for subject
2017-03-08 11:43:36 -06:00
ed22902fd4
Support the subject field
2017-03-08 11:40:08 -06:00
f60dae0917
Lots of syntax fixups from rubocop
2017-03-08 09:21:33 -08:00
95683715e0
land #8069 , a warning when setting rhost in rhosts modules
2017-03-07 18:42:38 -05:00
036a443a41
Add Google Fi gateway
2017-03-07 17:02:32 -06:00
dc36bc4a0d
Add rspec
2017-03-07 16:49:42 -06:00
dc13b84189
Bring mms branch up to date w/ master
2017-03-07 16:13:39 -06:00
7e19486a97
Merge branch 'wchen-r7-sms' into upstream-master
...
Merged #8047
2017-03-07 15:56:00 -06:00
1aec2203e5
Warn when setting RHOST option for module which expects RHOSTS
2017-03-07 21:02:30 +00:00
d32f08f969
Add doc and fix mms message class
2017-03-07 14:40:37 -06:00
fae05f2e98
And API to send an MMS message to mobile devices
...
This API allows you to send a malicious attachment to mobile
devices.
2017-03-07 12:34:45 -06:00
27c2795632
Issue #7188 resolved along with checking for all loopback addresses.
2017-03-08 00:02:50 +05:30
db581a040a
Bump version of framework to 4.14.2
2017-03-07 07:01:57 -08:00
4e9b8946d8
Fixed some small msftidy issues
2017-03-06 22:47:37 -08:00
97ad8be7ff
Added some Zigbee Documentation
2017-03-06 22:42:15 -08:00
60cd04bc7b
Added module for zstumbler
2017-03-06 16:10:14 -08:00
a466dc44c6
Do exception handling for sms client
2017-03-06 10:54:08 -06:00
09442f226a
Functionality was added to allow the payload to wait before trying to reconnect.
...
Also the code was modified to allow the payload to infinite retry if 0 is set.
2017-03-04 18:12:09 -03:00
4d44911d5c
Do doc for google fi
2017-03-03 11:38:47 -06:00
d9b21b16a9
Support Google Project Fi gateway
2017-03-03 11:36:13 -06:00
2edb116855
Send texts individually
...
If we pass all the phone numbers at once in one email, it becomes
a group chat, and that allows the recipients to see each other's
number, which isn't the intended behavior.
2017-03-03 11:12:59 -06:00
c61f8ded78
Comment out Sprint
...
It looks like the Sprint gateways won't accept our email for
some reason, so we can't use it.
2017-03-03 11:09:04 -06:00
6ad8afb8b3
Add API to send a text message (SMS) to mobile devices
2017-03-02 16:47:55 -06:00
23474dfc70
change print_error to print_warning
2017-03-02 09:46:03 -07:00
79c01a9577
Fix ancient copypasta of Aux to Post
...
Specifically a crash in the run command's help.
2017-03-02 01:24:27 -06:00
f91328b122
modify warning wording
2017-03-01 15:00:15 -07:00
d9f5b75dc5
warn when lhost set to 127.0.0.1
2017-03-01 14:53:49 -07:00
2d51801b01
Use native_arch for railfun multi and test it
2017-03-01 13:07:04 -05:00
601131f236
hook Application class if found
2017-03-01 19:22:42 +08:00
ee8b70e0df
fix permission shuffling
2017-03-01 14:38:47 +08:00
063d999a64
randomize the payload, service and broadcast receiver names
2017-03-01 14:20:31 +08:00
b273517f9a
always set first byte to 1 on stageless configs
2017-03-01 12:46:00 +08:00
c8816cacb0
Remove stageless classname from staged payloads, fixes #8034
2017-03-01 12:27:12 +08:00
31568320f9
Merge branch 'upstream-master' into land-8021-
2017-02-28 03:02:03 -06:00
bbf271f6b0
Land #7981 , allow handler launched by the handler command to persist
...
Merge remote-tracking branch 'upstream/pr/7981' into upstream-master
2017-02-28 02:38:42 -06:00
d4e5cb7993
Fixes #8022
...
Adds detection for ELM327 chips reporting CAN ERROR when vehicle is off.
Addes some enhanced UDS Error codes.
Cleaned up reporting from getvinfo if the vehicle is off or not connected.
2017-02-27 21:09:57 -08:00
dcb42a3e69
Initial zigbee support using killerbee. Core session setup portion
2017-02-27 17:29:54 -08:00
0ebd51d224
Use native_arch for railgun sizes
2017-02-26 14:42:55 -05:00
3b2e5e0785
Add a new core_native_arch method for meterpreter
2017-02-26 14:22:24 -05:00
076848e904
Land #7993 , Keep sessions in progress alive
2017-02-24 16:57:47 -06:00
f9e4fd54fe
Bump version of framework to 4.14.1
2017-02-24 13:31:17 -08:00
a954521d75
bump minor version
2017-02-24 15:07:07 -06:00
2631259919
Land #7973 , Enable cert validation for Nexpose
...
This PR enables connection to a Nexpose console using the
nexpose client gem.
It also allows you to connect using a trusted certificate
instead of simply overriding the SSL validation.
2017-02-24 14:27:24 -06:00
e5d0370a94
Fixes MS-1716, keep sessions in progress alive.
2017-02-24 12:56:05 -06:00
0f4e03be7b
Bump version of framework to 4.13.27
2017-02-24 10:03:33 -08:00
f27ef55391
Land #7992 , Improve Signature Evasions for browser exploits
2017-02-23 16:32:49 -06:00
e3f613ecc6
Bypass: Metasploit OS detection
...
SEP is triggering on HTTP POSTs which start with `os_name`
2017-02-23 15:42:04 -05:00
84ab3c66cc
Use obfuscated JS in BES
2017-02-22 12:47:36 -05:00
4f839299f1
Land #7978 , Add a test module for railgun API calls
2017-02-21 17:15:49 -06:00
01558d3d51
Bump version of framework to 4.13.26
2017-02-21 14:01:15 -08:00
d738b63fa6
Land #7985 , Fix bug in check_setup for bavision
...
@wchen-r7 fix uncovered another bug in the logic for the
check_setup return. This switches the return to the expected
values.
Fixes #7984
2017-02-21 14:29:21 -06:00
93f75746c4
Fix logic error in #7985
...
The check_setup method expects an error message if the
web server is not compatible with the module, and false otherwise.
We were previously returning the opposite of the expected behavior.
2017-02-21 13:49:59 -06:00
2a20d24c29
Land #7966 , Fix 'rm' to handle multiple files
2017-02-21 13:32:19 -06:00
adf1385427
Fix #7984 , Fix NoMethodError `match' for bavision_cameras.rb
...
Fix #7984
2017-02-21 12:00:01 -06:00
f08478e02f
fix handler persistence
2017-02-20 13:51:07 -05:00
7d1fadb84f
Add a test module for railgun api calls
2017-02-18 17:37:49 -05:00
647020289f
Bump version of framework to 4.13.25
2017-02-17 17:03:42 -08:00
c4f1e0db1f
Land #7913 , Fix Console Route Print with ipv4 and ipv6
2017-02-17 17:42:57 -06:00
17b88da080
Land #7964 , fix running a scanner with USER_AS_PASS and USER_FILE
2017-02-17 17:16:49 -06:00
566bafe65d
Land #7962 , Uploading files without specifying the destination closes a Meterpreter session.
2017-02-17 17:04:22 -06:00
5207cb6c3a
Land #7914 , send the correct exception on channel open failure
2017-02-17 17:00:30 -06:00
807a27e73d
clarify error handling when a channel cannot be opened
2017-02-17 16:59:09 -06:00
0e3eba18b3
simplify guard logic
2017-02-17 16:00:15 -06:00
f4befda59b
inherit the options from the default target so we can autocomplete before the rhost resolution occurs
2017-02-17 15:50:45 -06:00
6e62899e1c
Bump version of framework to 4.13.24
2017-02-17 10:02:51 -08:00
da82f0891e
Land #7860 , Add OverrideScheme option to reverse_http/s handler
2017-02-17 11:12:49 -06:00
1214ef5b79
Replaced tabs with spaces and removed trailing spaces at EOL
2017-02-15 16:46:11 -08:00
8f1856c5d1
Fixed a bug with DTC decoding.
...
DTC Codes now print the English error messages next to their code with getvinfo
Frozen DTCs can also be fetched via get_frozen_dtcs()
2017-02-15 16:26:23 -08:00
5bd38af8d6
fix rm to handle multiple files
2017-02-15 19:22:39 -05:00
4e5dabf35f
fix cred_scanner's has_privates? method
2017-02-15 16:05:49 -05:00
24a4211bb9
fix upload when dest not specified
2017-02-14 22:08:49 -05:00
f600fa1caa
Be aware of logout
2017-02-14 17:03:57 -06:00
81abbfba46
Resolve #7959 , Automatically login to RPC service after expiration
...
When the RPC client token expires, it will automatically login
again, and renew the token during the next RPC request.
Resolves #7959
2017-02-14 16:41:08 -06:00
b741c8b2f7
fix typo in failure path, pointed out by rw-
2017-02-13 21:16:48 -06:00
184707c6fc
Bump version of framework to 4.13.23
2017-02-13 16:04:35 -08:00
c1d08b9574
rename udp_sock to udp_socket to avoid mixin collisions
2017-02-12 22:31:56 -06:00
44d229ad49
Bump version of framework to 4.13.22
2017-02-10 10:02:43 -08:00
4f13bde471
Override `empty?` for the weird ones
...
Fixes #7899
2017-02-09 14:57:20 -06:00
4b5bc84f5c
Land #7918 , Fix report_vuln for aux/scanner checks
2017-02-09 12:18:33 -06:00
8ade9b8aae
Land #7905 , WordPress content injection module
2017-02-09 15:49:50 +01:00
095831e029
fix silly typo
2017-02-08 23:41:15 +08:00
b06895b604
Hide RPORT more intelligently
2017-02-08 09:40:42 -06:00
870621d169
Add OverrideScheme option, fixes #7841
2017-02-08 23:30:29 +08:00
d81bdc1c02
Bump version of framework to 4.13.21
2017-02-07 17:27:47 -08:00
74e029f3b1
Land #7932 , Fix CVE-2017-5229
2017-02-07 19:22:36 -06:00
522c6dce8e
Land #7931 , Fix CVE-2017-5231 and respect user's dest
2017-02-07 19:22:17 -06:00
68a5d300fe
minor style issues
2017-02-07 18:35:35 -06:00
b370dd0654
Fix CVE-2017-5229 - extapi Clipboard.parse_dump() Directory Traversal
2017-02-07 18:24:06 -06:00
56cf6b129d
Fix CVE-2017-5228
2017-02-07 23:44:23 +10:00
cb74d3b05b
Fix CVE-2017-5231 and respect user's dest
2017-02-07 23:41:59 +10:00
31f93de150
Update HttpClient and WordPress mixins
2017-02-06 04:40:26 -06:00
ba80e1d9e5
Fix report_vuln for aux/scanner checks
...
Msf::Auxiliary::Scanner#setup sets it to nil in instance.check_simple.
2017-02-06 01:20:18 -06:00
02afc3af96
Add lines for no IPv4/IPv6 routes
2017-02-05 17:38:30 -06:00
cab19dc63c
Land #7904 , Fix a bug where PHP tags were in the wrong place
2017-02-05 11:43:24 -06:00
9db2cdb33a
Fix close session
...
Fix close session if remote file is permission deined
2017-02-05 02:00:05 +03:00
79b92ccdc7
Fix for Route Print IPv6 Error
2017-02-04 16:21:55 -06:00
9a5d5eec2e
Bump version of framework to 4.13.20
2017-02-03 10:04:05 -08:00
64e475a4ee
Land #7892 , Enhance the creds command to allow creating logins
2017-02-03 11:53:46 -06:00
3c7f78167a
Push up the preamble and modernize style
2017-02-02 17:57:03 -06:00
c9560b5aa8
Add error_reporting to preamble
2017-02-02 17:48:28 -06:00
23c2787d57
Land #7795 , Hardware Bridge API.
...
Initial bridge API that supports the HW rest protocol.
2017-02-02 08:47:59 -06:00
16de745437
Minor code cleanups/corrections.
2017-02-01 16:12:45 -06:00
1bb8c9bd93
missed userpass_file on CredentialCollection.empty?
2017-02-01 15:42:21 -06:00
321fa91c75
Bump version of framework to 4.13.19
2017-02-01 11:28:53 -08:00
f925793d70
Land #7894 , refactor empty test on CredentialCollection
2017-02-01 11:57:31 -06:00
be170ab8b2
Bump version of framework to 4.13.18
2017-01-31 14:20:40 -08:00
0dcf0002ae
refactor empty test on CredentialCollection
2017-01-31 15:16:26 -06:00
72c641fcab
Land #7889 - use a better check for whether rhosts exists
2017-01-31 07:49:14 +10:00
e5d8a64770
adding the ability to create logins
2017-01-30 10:43:27 -06:00
76529278b8
make sure we can actually invoke auto targeting before adding it
2017-01-30 05:24:57 -06:00
7d32166c70
use a better check for whether rhosts exists
2017-01-29 19:18:23 -06:00
d8511d1ad5
Add exception when SESSION doesn't exist
2017-01-30 10:26:23 +10:00
b44e7ff733
Fix argument passing for deprecated scripts
...
This allows the scripts to continue working while warning the user.
See also: c59b5eaa2f
2017-01-29 14:14:55 -06:00
4480ea7877
Land #7827 , Cisco Firepower Management Console LoginScanner
2017-01-27 16:26:40 -06:00
39761a9d23
Land #7882 , allow Ruby 2.1 to continue working for now.
2017-01-27 12:19:14 -06:00
95449a846b
Bump version of framework to 4.13.17
2017-01-27 10:02:17 -08:00
39d702ebd9
changing the syntax to work with ruby 2.1
...
Fixes #7881
2017-01-27 11:20:26 -06:00
07694b98de
Land #7874 : A login scanner for Advantech WebAccess
2017-01-26 18:17:01 -05:00
c59b5eaa2f
Fix #7823 , legacy_script_to_post_module fixes
2017-01-26 16:26:00 -06:00
781bc8420a
Add Advantech WebAccess LoginScanner module
2017-01-26 13:54:50 -06:00
87701ff758
Added more error handling to bail out more gracefully when things go wrong. Could
...
be more common with bluetooth connections.
2017-01-25 18:23:57 -08:00
2ff4e6f57e
Fixed defaults for elm327 realy.
...
Array2Hex in the automotive extension how supports passing an array or integers or string hexes
Added some extra error handling for UDS calls to non-supported pids
2017-01-25 11:30:29 -08:00
eeba1e0bb2
first pass of upgrading nexpose gem to latest
2017-01-25 10:16:48 -06:00
a3cf400566
Re-set the TLV names for migration stuff
2017-01-24 07:36:56 +10:00
253e39e18c
Land #7680 , Fix #7679 , LoginScanner should abort if there is no creds to try
2017-01-23 14:08:32 -06:00
5de09d3455
Check username & password options
2017-01-23 11:42:04 -06:00
2c8cd80a2b
revert change to TLV_TYPE_MIGRATE_LEN in #7856
2017-01-23 09:23:32 -06:00
677d070179
make tlv enum of migrate length consistent
2017-01-23 09:19:53 -06:00
198d6e00ff
Fixed bug in array2hex that did not convert hex values to integers before formatting
2017-01-22 17:50:33 -08:00
9b16cdf602
Land #7845 , Fix Msf::Exploit::EXE shellcode/template mismatch
2017-01-22 16:09:41 -06:00
414977125f
Merge remote-tracking branch 'upstream/master' into land-7847-
2017-01-22 14:11:40 -06:00
f61314d2d6
Land #7856 , Fix incorrect translations in TLV inspection code
2017-01-22 11:08:05 -06:00
ac2ceca5e3
Land #7804 , Switch the creds command to use named options
2017-01-22 10:49:19 -06:00
6a2d036ea8
depend on regular rb-readline, bugs fixed upstream
2017-01-22 10:20:05 -06:00
99047fa8a1
be stricter in what we accept for payload uri
...
datastore needs to contain something to produce a valid URI
2017-01-22 10:20:04 -06:00
9581f18392
handle nil pathname
2017-01-22 10:20:04 -06:00
dc506c1dd6
present? is not a method of Pathname
2017-01-22 10:20:04 -06:00
836da6177f
Cipher::Cipher is deprecated
2017-01-22 10:20:03 -06:00
f69b4a330e
handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations
2017-01-22 10:20:03 -06:00
441222c2b5
Merge remote-tracking branch 'upstream/master' into land-7787-
2017-01-22 09:44:11 -06:00
5d08e0b24e
Land #7858 , Make shell_command_token time out again
2017-01-21 13:18:37 -06:00
67ec66cc83
Land #7846 , add CSV and vCard support to dump_contacts
2017-01-21 16:46:14 +08:00
a7fac41172
Make shell_command_token time out again
2017-01-20 23:09:22 -06:00
84513fd83c
Add exception for HttpClient
...
Since it uses Rex::Proto::Http, which then uses Rex::Socket::Tcp.
2017-01-20 20:00:27 -06:00
89b2f087fc
Add TCP/UDP hint to RPORT
...
Caveat: works with mixins only (tenuously).
2017-01-20 19:50:40 -06:00
e0094897a1
Add CSV and vCard support to dump_contacts
2017-01-20 19:18:50 -06:00
7e50ce09c0
Fix TLV inspect issue
2017-01-21 09:17:20 +10:00
c2e4a50924
Bump version of framework to 4.13.16
2017-01-20 10:02:29 -08:00
64e7f13067
improve error detection
2017-01-19 16:40:35 +07:00
c1e30b632b
fix #7725 , inject into the Activity constructor
2017-01-19 16:24:26 +07:00
f8f764aefc
fix #7617 , invalid register when hooking smali code
2017-01-19 14:52:30 +07:00
d8da7c6d43
Fix Msf::Exploit::EXE shellcode/template mismatch
...
Initialize EXE options unless code is supplied with platform/arch.
2017-01-19 00:07:35 -06:00
b94eefe724
Land #7771 , Add history deduplication
2017-01-18 21:06:42 -06:00
ef487f6be5
Remove history clearing
2017-01-18 14:55:12 -06:00
d564f5d60a
don't add auto targets to things without rhost
...
Things like browser exploits don't have remote host options
which is what auto targeting relies on, so it does not make sense
to include the auto-targeting in these exploits
7837
2017-01-17 11:40:07 -06:00
77c78fa5f4
Move Rex::Text::Table workspace output to -v
2017-01-15 23:15:14 -06:00
38382bb61a
Convert workspace command to Rex::Text::Table
...
Still can't get over how it's called "loots." :D
2017-01-15 03:26:35 -06:00
b86c1f0465
Land #7823 , legacy_script_to_post_module check
2017-01-13 17:37:41 -06:00
3c0ce8eafb
Fix some rubocop complaints
2017-01-13 17:24:23 -06:00
a687073416
Add Cisco Firepower Management Console LoginScanner
2017-01-13 16:59:20 -06:00
7f839a04f3
Land #7825 , don't double-load plugins
2017-01-13 14:07:32 -06:00
56ed8bc021
Bump version of framework to 4.13.15
2017-01-13 10:05:02 -08:00
0800a4f816
Update RPC functionality
2017-01-12 19:35:42 -06:00
601a88dad7
Update cmd_unload in CommandDispatcher
2017-01-12 19:29:28 -06:00
2ad29a2351
Prefer find over each
...
Since we're modifying the load method directly, there should only ever
be one previously loaded instance. Suggestion by @egypt.
2017-01-12 19:28:06 -06:00
8f6fe87400
fix assignment
2017-01-12 17:16:19 -06:00
d58db72cd0
Force unloading of already loaded plugins
2017-01-12 14:18:52 -06:00
c080d78922
intercept legacy meterpreter script runs and substitute post modules
2017-01-12 14:08:43 -06:00
b28f600aea
Land #7584 , fix apk injection into proguarded apks
2017-01-11 12:45:23 -06:00
5b2e76b981
Land #7794 , Fix #7793 , incorrect command name in android meterpreter extension
2017-01-11 12:38:36 -06:00
f311511e6d
Bump version of framework to 4.13.14
2017-01-10 14:03:16 -08:00
38a4c2aa97
fix autotargeting failure
...
the fallback to the original default was failing because
it was assuming rhost was already set, so it would always
go back to the first default target. now the auto_target? method
only returns true if can pull an auto_target_host
2017-01-10 14:12:28 -06:00
18347a8de7
Land #7774 , Fix pivoting of UDP sockets in scanners
2017-01-10 13:57:28 -06:00
b3e8c3376d
Land #7788 , Add ability to interact with a manually backgrouned session
2017-01-10 08:55:00 -06:00
99f47158b3
Update base.rb for checking empty creds
2017-01-09 17:23:11 -06:00
bdb99bbcf2
Check cred_details for empty creds
2017-01-09 17:16:09 -06:00
3e1cd0c789
adding a check to make sure you only give a signle private type
2017-01-09 15:13:36 -06:00
8c395338af
Land #7743 , wchen's digest auth nonce fix
...
land sinn3r's pr for fixing the Digest Auth nonce
2017-01-09 14:16:09 -06:00
6bd2e03f37
dding realm tests showed a bug. its now squashed.
2017-01-09 13:04:34 -06:00
3674b25885
fixing the tests, more need to be added
2017-01-09 13:04:34 -06:00
a3b1f7e360
the commands now work, onto tests
2017-01-09 13:04:34 -06:00
23cbc99341
changing the creds add command to use named params
2017-01-09 13:04:34 -06:00
c179e0358f
origin_type manual requires a user...
2017-01-09 13:04:34 -06:00
ed3b34179b
moving creds to its own dispatcher
2017-01-09 13:04:34 -06:00
1a04691201
Fix #2504 , edit command fixes I missed 3y ago
...
local_editor was never nil, so there was some dead code.
2017-01-08 03:02:19 -06:00
5f07bca775
Hardware Bridge API. Initial bridge API that supports the HW rest protocol specified here:
...
http://opengarages.org/hwbridge Supports an automotive extension with UDS calls for mdoule
development.
2017-01-06 19:51:41 -08:00
dbdc558f0b
Land #7776 , don't log on harmless DB errors
2017-01-06 18:25:13 -06:00
6dee63d727
Incorrect command name
2017-01-06 23:58:18 +00:00
Noah Berman
William Vu
wchen-r7
Craig Smith
h00die
Jin Qian
Brendan Coles
=
Metasploit
alpiste
Spencer McIntyre
Tim
Brent Cook
William Webb
Jeffrey Martin
James Barnett
Pearce Barry
Jeff Tang
bwatters-r7
Rich Whitcroft
dmohanty-r7
James Lee
Christian Mehlmauer
Justin Steven
Josh Hale
Artem
OJ
darkbushido
Brent Cook
David Maloney
Adam Cammack
Ubuntu