5cba9b0034
Land #7747 , Add LoginScanner module for BAVision IP cameras
2017-01-06 16:25:44 -06:00
b074042b99
Bump version of framework to 4.13.13
2017-01-06 12:00:26 -08:00
171f3b3e7d
Land #7791 , Fix target_host name collision
2017-01-06 13:50:52 -06:00
2108913e77
target_host method had a name collision
...
this method appears to have been accidentaly overriding another
method causing sessions to never finish being established
2017-01-06 12:44:37 -06:00
1ef2e54539
Bump version of framework to 4.13.12
2017-01-06 10:03:13 -08:00
969df408c7
Land #7786 , Microsoft Edge constant for HttpClient
2017-01-05 21:07:57 -06:00
10cfadaf98
add optional output to merterp run_cmd
...
the run_cmd method on meterpreter sessions can now
take an optiona output IO to redirect output. This allows
backgrounded sessions to also run commands and still output
to the console
2017-01-05 12:12:20 -06:00
a5665d53f2
Land #7766 , Add Automatic Targeting to all Exploits
2017-01-05 11:05:53 -06:00
eec5e88e1c
android_wakelock
2017-01-05 19:17:28 +07:00
e85721113a
Add Edge to constants
2017-01-04 22:20:42 -05:00
7ef4db1465
Bump version of framework to 4.13.11
2017-01-04 14:53:33 -08:00
180795f209
Fix #7743 , nil @cnonce in rex/proto/http/client.rb
...
Fix #7743
2017-01-04 11:50:31 -06:00
31d36d9112
if autotargeting fails fall back
...
fallback to the original first target if auto-targeting fails
2017-01-03 14:38:52 -06:00
5fd531028c
ome minor guards and spec fixes
...
some minor conditional guards and spec fixes
2017-01-03 14:38:51 -06:00
2d5158403b
add YARD docs to auto target methods
...
added YARD docs
MS-2325
2017-01-03 14:38:51 -06:00
a61b92aa3e
tweak target selection
...
the target selection actually adjust the datastore
as if a user selected the target, this prevents
a mismatch between the target and the target index
MS-2325
2017-01-03 14:38:51 -06:00
3d2957dff1
tying it all together
...
insert our autotarget routine into
the main target selection process
MS-2325
2017-01-03 14:38:50 -06:00
44830dfc54
prefer authour's target over ours
...
if the module authour added an automatic target
we skip our routine, to let the module's own automatic targeting
take over as it likely be better
MS-2325
2017-01-03 14:38:50 -06:00
1afc57da40
determine most precise filter
...
drop back to our most precise level of filtering
MS-2325
2017-01-03 14:38:50 -06:00
201b65e43d
remaining os filtering
...
now can filter by os name and service pack
need to do final logic to turn that into an actual
target selection
MS-2325
2017-01-03 14:38:50 -06:00
05ac2ee6ed
convert first stage to os_family
...
added the new os-family column to Host
so now we use that as our first stage filter
for targets
MS-2325
2017-01-03 14:38:49 -06:00
95d5c7a778
filtering by os_name
...
targets now filtered by OS name, but a little
more processing may be needed on this part because
it looks like what you'd expect in os_flavor gets jammed
into name instead
MS-2325
2017-01-03 14:38:49 -06:00
4060e63b89
add tests for auto target addition
...
tests to make sure we add auto targets only
in the appropriate conditions
MS-2325
2017-01-03 14:38:49 -06:00
84d5e42e4f
start gearing up for testing
...
start getting auto-targeting test framework in place
so we can have unit tests for this behaviour
MS-2325
2017-01-03 14:38:45 -06:00
769d477e97
if no automatic target defined, add one
...
if an exploit does not have a defined automatic target
then we add one in for our fallback auto-targeting
MS-2325
2017-01-03 13:54:34 -06:00
3808eebad8
Land #7704 , Update jobs output to show TCP listener information
2017-01-02 15:44:49 -06:00
d9be9f3b2e
Land #7764 , add to_handler command to launch a handler from the payload module
2017-01-02 15:40:38 -06:00
35bb725f19
rubocop fixes for payload dispatcher
2017-01-02 15:39:48 -06:00
5a4abeb110
make Rex UDPSocket.send work just like the real thing
2017-01-02 09:38:26 -06:00
4f0569c6ce
support pivoting with UDP port scanners
...
Use bound UDP sockets for each UDP service/ip that we wish to scan,
managing and closing them locally as they expire, rather than an unbound
socket.
2017-01-02 08:55:27 -06:00
d5bc6a089f
recvfrom_nonblock need flag = 0, not nil
2017-01-02 08:55:12 -06:00
225aaac8fd
remove logging of expected exceptions in connection_established? method
2017-01-02 08:31:05 -06:00
4264521354
Fix broken CVE reference and update links
...
Prefer HTTPS over HTTP, too.
2017-01-01 21:33:59 -06:00
956602cbfe
add final wnr2000 sploits
2016-12-31 16:49:05 +00:00
fdfa8b8fdb
Remove erroneous newline
2016-12-30 19:09:37 -06:00
db90d541fb
Add history deduplication and clearing
2016-12-30 19:02:47 -06:00
73d454387c
Fix #7765 , additional fixes for history command
...
1. Really fix crash by restoring default behavior
2. Add whitespace padding to command number
3. Refactor logic a bit for clarity
2016-12-30 18:21:24 -06:00
3ff74f019d
Fix #7765 , history command fixes and improvements
...
1. Fix crash when no arguments are specified
2. Print history index starting at 1 like every shell
3. Fixed wording/phrasing
4. Fixed formatting/whitespace
2016-12-30 17:35:18 -06:00
bb684bb3b1
tcp channel fixes
2016-12-30 14:59:10 -06:00
2856facdf0
Land #7765 , adds the history command to msfconsole
2016-12-30 14:54:32 -05:00
e729254b4f
minor tweaks
...
added dots to the end of lines,
checked val for nil before runing match
2016-12-30 19:30:01 +00:00
f073e78838
replaced hardcoded value variable
2016-12-30 08:49:13 +00:00
0321000ea7
Update Http mixin for opts[:ssl]
...
1. Add opts[:ssl]
2. Remove opts[:busybox]
3. Refactor logic
4. Remove resource_uri
2016-12-30 00:56:02 -06:00
34d358b8d7
Update CmdStager with new toys
2016-12-30 00:56:02 -06:00
58dd59fad5
Add Http mixin for CmdStager
2016-12-30 00:56:02 -06:00
fae4751771
Land #7744 , update kiwi extension to Mimikatz 2.1
2016-12-29 16:22:45 -06:00
e7249742b3
Added the history command
...
Added the "history" command to see a list of commands used before.
```
msf exploit(handler) > history -n 4
2344 set PAYLOAD windows/meterpreter/reverse_tcp
2345 set LHOST 10.0.1.109
2346 exploit
2347 history -n 4
msf exploit(handler) > history -h
Usage: history [options]
Show the command history
OPTIONS:
-a Show length commands in history
-h Help banner.
-n <opt> Show the last n commands
msf exploit(handler) >
```
2016-12-29 17:03:54 +00:00
cb0a7986bf
Added to_handler command
...
This commit adds a "to_handler" command to msfconsole when "using" a payload.
After generating a payload from msfconsole, we needed to set multi/handler and the payload with the same param as we used to generate it. That was really boring...
The to_handler command creates the handler and sets the payload and the options set for it.
### Example Output:
```
msf > use payload/windows/meterpreter_reverse_tcp
msf payload(meterpreter_reverse_tcp) > set LHOST 10.0.1.109
LHOST => 10.0.1.109
msf payload(meterpreter_reverse_tcp) > set LPORT 3377
LPORT => 3377
msf payload(meterpreter_reverse_tcp) > show options
Module options (payload/windows/meterpreter_reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
EXTENSIONS no Comma-separate list of extensions to load
EXTINIT no Initialization strings for extensions
LHOST 10.0.1.109 yes The listen address
LPORT 3377 yes The listen port
msf payload(meterpreter_reverse_tcp) > to_handler
[*] Payload Handler Started as Job 0
[*] Started reverse TCP handler on 10.0.1.109:3377
[*] Starting the payload handler...
msf payload(meterpreter_reverse_tcp) >
```
2016-12-28 20:03:40 +00:00
4906b8a85a
LAND #7760 , prevent duplicate UUIDs when generating Android HTTP/S payloads
2016-12-28 10:48:36 -06:00
a4950a1598
add auto-complete info for 'show info'
...
msf > use auxiliary/admin/http/nuuo_nvrmini_reset
msf auxiliary(nuuo_nvrmini_reset) > show
show actions show all show encoders show exploits show missing show options show plugins show targets
show advanced show auxiliary show evasion show info show nops show payloads show post
2016-12-27 15:48:41 -06:00
e74239b30f
allow reusing the already-generated payload uuid in generate_uri_uuid_mode
2016-12-27 15:37:39 -06:00
81b310f928
Up to date
2016-12-23 17:24:01 -06:00
5e5aa8cd03
Fix a typo
2016-12-23 16:23:24 -06:00
144f886e8b
Add LoginScanner module for BAVision IP cameras
2016-12-23 16:22:17 -06:00
f50fa516f4
Bump version of framework to 4.13.10
2016-12-23 10:01:58 -08:00
99da91e278
Adjust golden ticket creation to force params when SYSTEM
2016-12-23 20:29:00 +10:00
894ed4957f
Add help where appropriate
2016-12-23 10:51:33 +10:00
93a280dfc1
Merge upstream/master ready for PR
2016-12-23 10:20:53 +10:00
34e3a17fda
Remove unused Kiwi TLVs
2016-12-23 09:57:57 +10:00
5702bd6745
Land #7674 , Move migration stub generation code into msf
2016-12-22 17:53:00 -06:00
4c150a10c2
Update to use new base64 flags for kiwi
2016-12-23 09:40:11 +10:00
c97e6ae1e8
Handle stupid merge from OJ's upstream
2016-12-23 09:00:27 +10:00
e6e2388256
SSP creds and golden tickets
2016-12-23 08:34:16 +10:00
50db1e295f
Land #7718 , Fix undef method read_timeout in smb object
2016-12-22 15:12:51 -06:00
eeb1bdcff5
Land #7731 , fix risk score and risk factor imports via nexpose plugin
...
Merge remote-tracking branch 'upstream/pr/7731' into upstream-master
2016-12-22 01:15:01 -06:00
9e75866188
Land #7738 , Add sort by column to services and hosts commands
2016-12-22 01:10:45 -06:00
445af29d07
Land #7739 , async output revert until fixed
2016-12-21 00:40:54 -06:00
4098c66efb
Restore MinGW code and use =begin/=end for indent
2016-12-21 00:38:08 -06:00
0221d2d904
Land #7735 , make assigning payloads fast again!
2016-12-21 00:16:52 -06:00
f95136ce67
Prefer && over and
2016-12-21 00:16:33 -06:00
d0d84b418b
disable async output until we have a better handle on new quirks
2016-12-20 23:50:43 -06:00
574ebd07d7
Update cmd_hosts
2016-12-20 23:32:10 -06:00
cc293f06fe
Adds some fail safes to cmd_use
2016-12-20 22:08:41 -05:00
60d5cefd68
Land #7727 , nuke sess from orbit
...
Replace with consolidated sessions command.
2016-12-20 20:35:20 -06:00
6e830a886e
Land #7737 , print_warning on session_compatible?
2016-12-20 20:11:11 -06:00
1098bc6d90
Warn user when session not compat instead of failing
...
This commit changes the post mixin so that the session compat check only
shows a warning rather than throwing an exception and stopping the
module from working completely.
This is off the back of the discussion involved with #7736
2016-12-21 11:14:52 +10:00
11e3e1f3dd
Handle a couple more edge cases
...
I don't want to go any further down the rabbit hole.
2016-12-20 18:36:22 -06:00
41605c533c
Add reference name enforcement to cmd_use
2016-12-20 18:21:24 -06:00
efb015facc
make assigning payload fast again
...
This streamlines the check for whether the currently-selected payload is
compatible on assignment. Rather than building the entire list of
compatible payloads, and seeing if what the user typed is in it (and
making multiple giant lists on the way), we simply check the module the
user typed directly.
2016-12-20 17:39:09 -06:00
02cbbfd3f2
fixes #7707 : risk_factor and risk_score in the nexpose plugin
2016-12-20 18:31:32 +00:00
0bca485858
Continue work on enabling kiwi functionality
2016-12-20 18:25:48 +10:00
ee4caba646
Remove `terminal` and tweak `sessions`
...
Hopefully everyone is now happy!
2016-12-20 07:50:07 +10:00
74040c4ee6
Rename the `sess` command to `terminal`
...
Lots of people have been frustrated by the `sess` command as it mucks
with the autocomplete for `sessions`. This is a fair concern, especially
given that `sess` was intended to be a non-annoying shortcut.
This commit changes the `sess` command so that it is instead called
`terminal`. I couldn't think of a better option that didn't already
clash with another name or meaning. At least `terminal` is something
that doesn't clash, doesn't muck with any existin autocomplete rules,
and is in some way another name for the existing sessions.
Feedback appreciated!
2016-12-19 17:05:04 +10:00
3a998fada2
Bump version of framework to 4.13.9
2016-12-18 13:22:52 -08:00
2e198ae2a8
Land #7721 , better smtp connection error messages
2016-12-18 14:38:13 -06:00
62d8cc7b21
Handle some error conditions with SMTP delivery
2016-12-16 16:06:02 -06:00
f74fd9e5dd
Land #7672 , support LOCKED_OUT and DISABLED login status
2016-12-16 15:11:05 -06:00
318c0eda81
Update to line 126
...
Line originally references the read_timeout instance variable associated with the smb variable (line 118 || 120), which is an object of the simpleclient class that doesn't have a read_timeout instance variable. Updated the line to reference the client instance variable of smb, which does have a read_timeout variable. Testing this change appears to result in expected behavior.
2016-12-16 14:24:02 -05:00
c5c710f837
Bump version of framework to 4.13.8
2016-12-16 10:02:02 -08:00
f29c9a7c45
Merge pull request #7716 from acammack-r7/smtp-deliver-ssl
...
Make SMTP delivery work with a range of server SSL
2016-12-16 08:58:55 -06:00
8b02f422f7
add meterpreter cmd interaction to console
...
add the -C flag to the sessions command to trigger
meterpreter commands on sessions without going
full interactive
2016-12-15 23:17:06 -06:00
47df88a5cc
Make SMTP delivery work with a range of server SSL
2016-12-15 16:57:08 -06:00
ca1cc11d9f
Land #7713 , scriptkittie fix for SessionLogging
...
lands a fix for loggers not handling a nil message
Fix for #7687
2016-12-15 14:42:40 -06:00
e7eece60d8
add a nil catch to timestamp file sink
...
an additional nil guard is needed here just to be sure
2016-12-15 14:41:49 -06:00
27ba8f00df
check for nil msg in print_error
2016-12-14 21:10:10 -08:00
fa016de78a
Land #7634 , Implement universal HTTP/S handlers for Meterpreter payloads
2016-12-13 18:13:22 -06:00
ad7b3dac2d
Account for negative indices
2016-12-12 14:24:24 -06:00
b9e9d97479
Add -O (order_by) to services (cmd_services)
2016-12-12 14:24:24 -06:00
082a8949e4
Land #7694 , Initial stageless mettle payloads
2016-12-12 13:01:31 -06:00
505cc19662
Update reverse_tcp to show TCP listener information
...
Also update the readable text to only output the listener information if
it differs from the payload information.
2016-12-12 15:56:26 +10:00
609c8da772
Re-add wifi support, start work on kerberos stuff
2016-12-10 11:20:16 +10:00
ccba73b324
Add stageless mettle for Linux/zarch
2016-12-09 18:30:52 -06:00
7d36d41b20
Add stageless mettle for Linux/ppc64le
2016-12-09 18:27:22 -06:00
ee7d5fc0c9
Add stageless mettle for Linux/ppc
2016-12-09 18:25:57 -06:00
7aec68c1fe
Add stageless mettle for Linux/mips64
2016-12-09 18:21:52 -06:00
b74482aa6e
Add stageless mettle for Linux/armbe
2016-12-09 18:18:22 -06:00
12b296ab1a
Add stageless mettle for Linux/aarch64
2016-12-09 18:05:34 -06:00
12af07d8cb
Bump version of framework to 4.13.7
2016-12-09 10:03:22 -08:00
a267101413
Land #7670 , bwatter's fix for prompt newline
...
land's brendan's fix for console output getting truncated
2016-12-09 10:44:46 -06:00
50f95f9940
Land #7681 , Get ready for stageless mettle
2016-12-09 09:31:47 -06:00
b9a7ed915a
Land #7677 , make sure the source file gets closed
...
... when downloading a file.
2016-12-08 16:50:23 -06:00
eeef8fa6ad
Add new arches to UUIDs
2016-12-08 16:29:43 -06:00
4614b7023d
Land #7604 , @godinezj's post module for creating AWS IAM accounts
2016-12-08 14:26:22 -08:00
ce5c1f07c3
Fix rspecs
2016-12-08 16:11:06 -06:00
b537146393
Fix #7679 , LoginScanner should abort if there is no creds to try
...
Fix #7679
2016-12-08 15:01:30 -06:00
aaa49550a7
Move call_api printing to verbose
2016-12-08 11:20:53 -08:00
9a7c0eb7b6
Fix cloe file
2016-12-08 21:28:39 +03:00
d0696a09ad
Move migration stub generation into MSF
...
This code adds support for transport-specific migration stubs to be
generated in MSF rather than having them hard-coded in Meterpreter.
2016-12-08 16:01:13 +10:00
0110b97fa2
Fix #7671 , support LOCKED_OUT and DISABLED login status
...
This allows login scanner modules to skip a user if it is
locked out, or disabled.
Fix #7671
2016-12-07 16:49:16 -06:00
ba9ce3fcfb
Land #7665 , Add ABORT_ON_LOCKOUT option for smb_login
2016-12-07 15:52:50 -06:00
657fadbe01
Land #7662 , Payload Handler Console Command
2016-12-07 14:48:44 -06:00
7dd2d3e226
Fix the prompt again
2016-12-07 14:32:54 -06:00
74b3a00035
fix payload datastore merge
...
fix the way we merge the payload datastore in so
the options actually take
2016-12-07 14:04:42 -06:00
99ba1e45ff
Removed unused params
2016-12-07 10:10:09 -08:00
a54c0c4e1f
Bump version of framework to 4.13.6
2016-12-07 09:00:16 -08:00
50b0c9ef5e
Add tspkg support and fix parsing a little
2016-12-07 15:06:08 +10:00
7d316cb3e6
Begin work on parsing mimikatz output and handling more cmds
2016-12-07 15:06:08 +10:00
8f4621f424
Initial work to support the new kiwi extension
2016-12-07 15:05:02 +10:00
d3a8409a49
prevent further lockouts in smb_login
2016-12-06 21:53:08 -05:00
0b46e90bbb
Only print out AWS API responses when in verbose mode
2016-12-06 17:32:48 -08:00
a13382c80b
Address most of rubocop's nits
2016-12-06 17:10:34 -08:00
c5641c9681
Factor out mettle configuration
...
Also cleans up some stuff: s/url/uri/ and base-64 encodes UUIDs
2016-12-06 18:28:48 -06:00
606232828f
freeze punk, it's rubocop!
...
rubocop autocrrecting a bunch of stuff *fingers crossed*
2016-12-06 17:17:56 -06:00
dc53057639
more bcook fixes
...
the rebase lost some of these
2016-12-06 17:14:22 -06:00
c8f6ac99a1
reapply bcook's indentation fixes
2016-12-06 16:52:46 -06:00
d3225ce2fb
Merge branch 'master' into feature/handler-command
2016-12-06 16:51:57 -06:00
f734031804
Land #7655 , Refactor/cleanup core command dispatcher
2016-12-06 16:38:42 -06:00
d091a32be8
whitespace/indentation
2016-12-06 16:37:22 -06:00
1ec7474067
Don't embed ELFs in ELF templates
2016-12-06 14:14:40 -06:00
62f0e7b20a
add the handler console command
...
sometimes, as a user, you need to start a handler
but don't want to exit your current console context.
The new handler command allows a user to spin up a handler
in background job without switching contexts
2016-12-06 14:04:39 -06:00
b4a2a6ed60
Merge remote-tracking branch 'upstream/master' into land-7625-
2016-12-06 06:23:32 -06:00
ffee0ff1b6
Fix payload cache size issue, fix shell/bind payloads
2016-12-06 11:12:02 +10:00
7edb5e19e2
Bump version of framework to 4.13.5
2016-12-05 15:09:06 -08:00
9ba6797d19
use arch for session_compatible? to support shell sessions
2016-12-05 15:56:28 -06:00
483228c4ea
use platform for session_compatible? to support shell sessions
2016-12-05 14:14:37 -06:00
f56c7f9a8e
cosmetic touchups
2016-12-05 11:25:56 -06:00
d85f9880ff
fix command dispatcher specs
2016-12-05 11:16:15 -06:00
ab2e88a49e
created modules command dispatcher
...
moved all commands related to navigating around
modules, editing them, and viewing their info into
a new command dispatcher
2016-12-05 10:30:18 -06:00
6557a84784
add resource command dispatcher
...
move resource script related commands into
their own command dispatcher
2016-12-05 09:20:07 -06:00
2008dcb946
create jobs command dispatcher
...
split the jobs related commands into their own
command dispatcher to start cleaning up the 'core'
dispatcher
2016-12-05 09:12:52 -06:00
3d09e283cf
module ready
2016-12-02 22:03:23 -05:00
86ec5861f9
Land #7649 , update session_compatible? for changes from PR#7507
...
Fixing the ability to find compatible post scripts for sessions
2016-12-02 16:29:08 -06:00
b218c7690a
cleanup stray comment
2016-12-02 15:25:58 -06:00
0be166e719
update session_compatible? for changes from PR#7507
2016-12-02 14:55:38 -06:00
7ee9408da3
Land #7647 , Search with an intersect instead of a union
2016-12-02 13:55:50 -06:00
889de05af4
removing some commented code
2016-12-02 13:06:22 -06:00
486f8cd2a3
adding arch to search
2016-12-02 13:05:23 -06:00
f6694992ce
changing module search to use the new scopes
2016-12-02 13:05:23 -06:00
f45b0e3c88
Land #7643 , only use ANSI ctrl chars in stdio output
2016-12-02 12:54:46 -06:00
76db530a86
Bump version of framework to 4.13.4
2016-12-02 10:02:53 -08:00
374763e991
Land #7636 , support sleep command for android meterpreter
2016-12-02 11:48:26 -06:00
c9b5e43201
only use ANSI ctrl chars in stdio output
...
the async output fix was put in the parent UI IO
class when it only really makes sense in stdio.
Those ctrl sequences will noly be understood if output to a
terminal.
MS-2298
2016-12-01 11:06:17 -06:00
5a2eb29a1b
remove unused generate_small_uri
2016-12-01 18:33:36 +08:00
4da614532b
fix luri
2016-12-01 18:22:13 +08:00
260f793f2c
y no update challenge
2016-11-30 22:57:12 -05:00
8369855e4f
pushing for help
2016-11-30 20:47:47 -05:00
c190cc775e
pushing for help
2016-11-30 19:45:24 -05:00
72a20ce464
Merge timwr's changes that fix android/reverse_http
2016-12-01 09:59:41 +10:00
2a065cd220
Land #7591 , sinn3r's warbird check fix
...
Lands sinn3r's fix to the warbird license verification
check in the payload segment injector
2016-11-30 15:45:04 -06:00
8f3fab4b1b
fix sleep and transport on android
2016-11-30 21:59:01 +08:00
78480e31e7
remove AutoLoadAndroid
2016-11-30 21:23:14 +08:00
b494d069f7
fix android/meterpreter/reverse_https
2016-11-30 20:53:09 +08:00
92751714c1
fix android/meterpreter/reverse_http
2016-11-30 20:12:00 +08:00
e5db0f4610
Fix unpack causing puid breakage in some cases
2016-11-30 15:51:17 +10:00
3fad75641d
Final touches to make MSF happy with all refactorings
2016-11-30 11:30:59 +10:00
834756c337
Rework android structure to function with the multi arch payload
2016-11-29 17:55:31 +10:00
468bf4696f
stdapi_fs_file_copy
2016-11-29 13:56:27 +08:00
bdfaaf01b2
Make multi work with https
2016-11-29 15:51:38 +10:00
bd8f8fd6cb
More rework of payload structure to handle multi arch handlers
2016-11-29 15:21:13 +10:00
beca63645e
Revamp of java payload structure
2016-11-29 11:54:30 +10:00
e8d7a074fa
Tweak to stageless handling for python payloads
2016-11-29 07:54:51 +10:00
f46ca66858
Bump version of framework to 4.13.3
2016-11-28 06:35:44 -08:00
5e8a47ac00
Merge upstream/master into universal handler work
2016-11-28 15:26:43 +10:00
496836fc06
Remove debug junk, rejig order of ops in initializer
2016-11-28 15:25:07 +10:00
d76c3033a7
Land #7596 , fixes for console corruption on Linux and Windows
2016-11-27 22:13:12 -06:00
34aa79ca27
remove captured delimiter characters from output
2016-11-27 20:14:16 -06:00
e8158bd200
Add multi platform type, wire into the multi stage
2016-11-28 09:34:09 +10:00
79e8ffd983
Bump version of framework to 4.13.2
2016-11-25 10:03:24 -08:00
0700b17f7e
Added sanity checks
2016-11-24 21:04:10 -08:00
b4add59a3d
Moved metadata_creds() so Client can be included in Aux/Post modules
2016-11-24 21:03:38 -08:00
5fdd5a7326
More progress on http universal staged handler
2016-11-25 13:00:35 +10:00
9f4784354a
Disconnect after making the HTTP transaction in send_request_cgi
...
Add a disconnect call after cgi is done.
2016-11-23 11:20:10 -06:00
0eaeeb4aa7
Adds a generic AWS client module
2016-11-22 14:54:18 -08:00
3640e87a37
Land #7599 , Don't complain when Proxies is an empty string
2016-11-22 10:14:40 -06:00
b45a36180e
Don't complain when Proxies is an empty string
2016-11-22 09:29:04 -06:00
c606eabbb9
Merge 'upstream/master' into universal-handlers
2016-11-22 14:06:46 +10:00
372cf740da
saving before changing branches
2016-11-21 22:06:20 -05:00
991409fdd6
Make truthiness checks consistent
2016-11-21 19:37:48 -07:00
72609b3112
Don't use ANSI terminal sequences on Windows
2016-11-21 19:25:24 -07:00
6d85330dad
Land #7594 , check if opts['var_get'] exists before using it
2016-11-21 18:06:32 -06:00
cdc82891d8
Fix the issue 7593 where I get a stacktrace when running module auxiliary/scanner/http/blind_sql_query
...
Add a guard against the case when opts['vars_get'] is nil
2016-11-21 17:39:09 -06:00
b2cc8e2b95
Fix #7569 , Fix warbird check for missing text section
...
Fix #7569
2016-11-21 14:57:01 -06:00
daae46d37b
Fixes #7552 , fix apk injection into proguarded apks
2016-11-21 15:05:59 +08:00
16b5f40dae
Revert "Rework XOR code to make more sense"
...
This reverts commit 699a8e91d2
2016-11-20 19:09:45 -06:00
f313389be4
Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch
2016-11-20 19:08:56 -06:00
05e59bbe19
non-working copy of varnish
2016-11-19 22:09:19 -05:00
643a5511cf
Bump version of framework to 4.13.1
2016-11-18 10:01:48 -08:00
cd01b07682
Land #7565
...
Lands print_bad and vprint_bad from todb-r7
2016-11-18 13:29:39 -05:00
202009b50b
Land #7570 , async print fix
...
Land's jennamagius' fix for async console printing
outoupt from jobs no longers screws the console prompt
up. w00t!
2016-11-18 11:25:18 -06:00
66ba2b077b
Land #7567 , fix apk injection when template has no permissions
2016-11-17 11:42:54 +00:00
739c9c1315
Ensure cursor is positioned appropriately if it is not at the end of a line when async prints arrive
2016-11-16 21:07:50 -07:00
491a3a3162
Prevent the input prompt from being mangled by asynchronous prints.
2016-11-16 20:43:07 -07:00
383314530a
Bump version of framework to 4.13.0
2016-11-16 07:48:26 -08:00
927e195e28
Generate payload apk from permissionless apk
2016-11-16 00:48:10 -04:00
1deacad2be
Add a print_bad alias for print_error
...
Came up on Twitter, where Justin may have been trolling a little:
https://twitter.com/jstnkndy/status/798671298302017536
We have a `print_good` method, but not a `print_bad`, which seems a
little weird for Ruby -- opposite methods should be intuitive as Justin
is implying.
Anyway, I went with alias_method, thanks to the compelling argument at
https://github.com/bbatsov/ruby-style-guide#alias-method
...since Metasploit is all about the singleton, and didn't want to risk
some unexpected scoping thing.
Also dang, we define the `print_` methods like fifty billion times!
Really should fix that some day.
2016-11-15 19:20:42 -06:00
7e4645afb3
Land #7527 , Add LURI support to the reverse_http/s stagers
2016-11-15 16:31:20 -06:00
5490fda0ae
Merge remote-tracking branch 'upstream/master' into land-7261
2016-11-14 16:49:28 -06:00
98a54cd458
Merge branch 'upstream-master' into land-7456-android-hide-app
2016-11-14 02:43:04 -06:00
fbcc4baf58
Land #7553 , apk inject cert fix
...
Lands dana-at-cp's fix for the certtool localization
issues for the APK injection routine.
Fixes #7524
2016-11-11 12:54:41 -06:00
f116ad2c59
Bump version of framework to 4.12.42
2016-11-11 10:02:14 -08:00
c0e839dfd9
Fixes keytool bug in APK inject code
2016-11-11 06:12:47 -08:00
2c39a14ada
Bump version of framework to 4.12.41
2016-11-04 10:02:13 -07:00
50c2ed8509
Fix post mixin platform/session check
2016-11-05 02:41:52 +10:00
b0970783ff
Another interim commit moving towards universal handlers
2016-11-04 13:25:02 +10:00
dae1f26313
Land #7521 , Modernize TLS protocol configuration for SMTP / SQL Server
2016-11-03 12:56:50 -05:00
47ac122c15
Add LURI support to the reverse_http/s stagers
2016-11-03 14:51:07 +10:00
09d9733a75
Interim commit while working on multi payloads
2016-11-03 06:44:39 +10:00
a7c8060af5
Land #7523 , Fix template location for psh payload creation
2016-11-02 12:09:20 -05:00
cc8c1adc00
Add first pass of multi x86 http/s payload (not working yet)
2016-11-03 02:44:53 +10:00
494b4e67bd
Refactor http/s handler & payloads
...
This commit moves much of the platform-specific logic from the
reverse_http handler down into the payloads. This makes the handler
a bit more agnostic of what the payload is (which is a good thing).
There is more to do here though, and things can be improved.
Handling of datastore settings has been changed to make room for the
ability to override the datastore completely when generating the
payloads. If a datastore is given via the `opts` then this is used
instead otherwise it falls back to the settings specified in the usual
datatstore location.
Down the track, we'll have a payload that supports multiple stages, and
the datastore will be generated on the fly, along with the stage itself.
Without this work, there's no other nice way of getting datastore
settings to be contained per-stager.
2016-11-02 11:33:59 +10:00
451686309b
fixes #7519 psh payload generation
...
a few files references to the templates for pwoershell were
missed when transfering the templates over to the rex-powershell gem
2016-11-01 14:32:40 -05:00
51ad285521
Landing #7517 Nexpose API error fix
2016-11-01 12:02:35 -05:00
0fca4483c0
Correctly call generate_stage on native init
2016-11-02 00:52:25 +10:00
6ec76611c3
Fix arch typo in meterpreter_options for x64
2016-11-02 00:38:34 +10:00
6577728fa9
enable auto-negotiation for TLS version with SQL Server
2016-11-01 05:45:27 -05:00
f08a7ac10b
modernize default smtp_deliver TLS options
2016-11-01 05:42:05 -05:00
ac0984e8dd
this fixes an issue with nexposeapi errors
...
on newer versions of the nexpose api the error
XML schema has been changed, this prevents the
exception from being generated correctly
MS-289
2016-10-31 13:42:15 -05:00
294b1e5ed7
Move session_type to base, and map shell arch to string
2016-11-01 03:02:23 +10:00
44ac3f8781
Use ARCH constant in mainframe_shell
2016-11-01 02:24:44 +10:00
ddd2d5e43f
Remove junk spaces from EXE exploit module
2016-11-01 01:28:21 +10:00
eeff24d2ef
Change BSD regex as per Brent's suggestion
2016-11-01 01:26:45 +10:00
0730613c67
Add comment to hilight need to support ARCH_CMD in sess check
2016-10-29 14:29:05 +10:00
7773d90da4
Update railgun to use arch to check for 64 bit
2016-10-29 14:26:06 +10:00
8605992cdf
Remove superfluous session check in the post mixin
2016-10-29 14:19:27 +10:00
e5d3feebea
Final regex fix for jobs arch check
2016-10-29 14:10:01 +10:00
57eabda5dc
Merge upstream/master
2016-10-29 13:54:31 +10:00
8b97183924
Update UUID to match detected platform, fail exploit on invalid session
2016-10-29 13:45:28 +10:00
0737d7ca12
Tidy code, remove regex and use comparison for platform checks
2016-10-29 13:41:20 +10:00
9e3960f334
Update session listing to show type or platform
2016-10-29 12:46:11 +10:00
6364e93ece
Update session types to have base_platform and base_arch
2016-10-29 12:45:37 +10:00
bf7e7ae4be
Fix silly mistake with resetting arch in sysinfo
2016-10-29 08:32:32 +10:00
a7485c4bba
Use constants for base_arch
2016-10-29 08:10:44 +10:00
d201c5bccc
Force x86_64 to change over to x64 in sysinfo, tidy arch checks
2016-10-29 06:49:35 +10:00
ffc62964d6
Bump version of framework to 4.12.40
2016-10-28 10:02:36 -07:00
1d617ae389
Implement first pass of architecture/platform refactor
2016-10-28 07:16:05 +10:00
9672759be8
Land #7462 , Add support for Unicode domains
2016-10-26 16:47:09 -05:00
ca377cadd7
Move the binary suffix stuff to a better location
2016-10-27 07:43:27 +10:00
6a23168800
Bump version of framework to 4.12.39
2016-10-25 12:22:52 -07:00
5ce886cf5c
Land #7490 , xml importer fingerprinting fixed
2016-10-25 14:13:15 -05:00
c83474ea5c
Land #7488 Allows DRDoS mixin to handle empty responses
2016-10-25 13:53:39 -05:00
56d5c49d4d
host was no associated with the workspace
...
* searching mdm host by wspace id instead
2016-10-25 12:05:06 -05:00
1378e2e61a
preserve hosts should still fingerprint new hosts
2016-10-25 09:58:30 -05:00
744724c083
conditionalize fingerprinting
...
* fix bug where host not preserved
2016-10-24 18:45:48 -05:00
e29567f390
Bump version of framework to 4.12.38
2016-10-24 14:25:47 -07:00
12508f7140
Fix DRDoS mixin to handle empty responses
2016-10-24 14:21:28 -07:00
39b889ea29
Land #7459 , Delay fingerprinting during import
2016-10-24 10:47:25 -05:00
ba3830c100
Land #7485 , lib/rex/post/gen.pl removal
2016-10-24 09:56:41 -05:00
bf59ba526a
Bump version of framework to 4.12.37
2016-10-24 07:35:41 -07:00
66a1b57c17
delete lib/rex/post/gen.pl
2016-10-24 08:53:45 -05:00
ce1f3e6b9e
Land #7451 , copy original signing certificate when backdooring APK
2016-10-22 18:04:22 +08:00
6b77f509ba
fixes bad file refs for cmdstagers
...
when moving to the rex-exploitation gem some of the
file references were missed, partially due to silly differences
between how each file was referenced
Fixes #7466
2016-10-21 12:31:18 -05:00
de87fccf85
Land #7469 , OJ's php preamble fix
...
this is OJ's fix for the bind_php payload
preamble that causes it to be missing the php
tags
2016-10-21 12:05:39 -05:00
8e0d866976
Bump version of framework to 4.12.36
2016-10-21 10:02:09 -07:00
b8e30a241e
Copy original cert data into new signing cert created for APK injection
2016-10-20 08:43:45 -07:00
1644a1e20b
Change how we populate workgroup/domain data
2016-10-19 17:24:26 -05:00
95294b00d1
Whitespace
2016-10-19 17:13:07 -05:00
078496437f
Make sure that the ntlm blob data is pasrsed into UTF-8
2016-10-19 17:11:04 -05:00
f18cbd655e
delay fingerprinting of host
...
MS-2073
* imports are slow mainly caused by fingerprinting after every service creation
* now only fingerprints after all the services are created for imports
2016-10-18 17:42:48 -05:00
43fd0a8813
Land #7436 , Put Rex-exploitation Gem Back
2016-10-18 16:03:54 -05:00
786600bd09
Remove the unused binary_suffix var
2016-10-18 16:15:00 +10:00
67d07a715c
add android_hide_app_icon
2016-10-17 19:02:48 +08:00
6fb418d4d2
Land #7447 , unify Android meterpreter method names, add missing stageless class
2016-10-17 04:48:43 -05:00
ebf52759cc
Land #7449 , unsuitable language fix
2016-10-16 03:23:05 -05:00
2ae62cfce1
Fix typo: Use a better adjective
2016-10-16 18:01:42 +10:00
d7ac8eba45
Create new signing certificate with dname value copied from original certificate.
2016-10-15 14:05:53 -07:00
5fad8d8efa
prefix android commands with android_
2016-10-15 23:57:20 +08:00
74340e9eb7
Bump version of framework to 4.12.35
2016-10-14 15:13:45 -07:00
5736b2c821
add missing require
2016-10-14 12:15:45 -05:00
b3666ff7ab
Bump version of framework to 4.12.34
2016-10-14 10:04:05 -07:00
5ab3401f98
Land #7430 , Refactor Android payload configuration into a byte array, add evasions
2016-10-14 10:01:23 -05:00
4c248ebe9e
Merge branch 'master' into land-7430-
2016-10-14 09:48:33 -05:00
a2fe934c15
Land #7435 , NTLM Util change to support Unicode hostnames
2016-10-14 09:46:10 -05:00
70011922a3
Remove binary suffixes for payloads that don't exist
2016-10-14 14:08:13 +10:00
022830634b
Rejig platform to use windows instead of win32/win64
2016-10-14 10:10:04 +10:00
7894d5b2c1
Revert "Revert "use the new rex-exploitation gem""
...
This reverts commit f3166070ba
2016-10-11 17:40:43 -05:00
2493ff1886
Revert "Revert "remove leftover cruft""
...
This reverts commit 74e0256448
2016-10-11 17:40:18 -05:00
13de5f9b1e
fix missing require in rex
...
this missing required caused an unitialized
constant in browser_autopwn2 because it required
the js utils bit directly without requiring rex-exploitation
2016-10-11 17:36:55 -05:00
fe36801918
Changed to convert hostnames and domains to UTF-8 rather than ANSI
...
after pulling them from the NTLM blob
2016-10-11 15:51:50 -05:00
e5ac3eda61
Land #7362 , Fix apk injection script to include android payload service and broadcast receivers
2016-10-11 07:54:10 -05:00
3d9cb7375c
store Android payload information in byte array
2016-10-11 14:41:32 +08:00
0d5a23b865
Merge branch 'master' into land-7423-localtime
2016-10-10 23:54:38 -05:00
699a8e91d2
Rework XOR code to make more sense
2016-10-10 13:38:08 +10:00
e139a1ee8f
Land #7383 : Rebase/Fix + SSL stager support for python
2016-10-10 13:06:09 +10:00
adb6f31e36
Bump version of framework to 4.12.33
2016-10-08 20:57:08 -07:00
74e0256448
Revert "remove leftover cruft"
...
This reverts commit 2be551cbd3
2016-10-08 21:55:22 -05:00
f3166070ba
Revert "use the new rex-exploitation gem"
...
This reverts commit 52f6265d2e
2016-10-08 21:55:16 -05:00
63bf93be1b
code and style cleanups
2016-10-08 21:04:15 -05:00
7c1fa3eb51
fix 'info -d module', it assumed active module only
2016-10-08 19:31:00 -05:00
44c5fc3250
Sync build_net_code post module upstream
...
Fix merge conflicts and add missing lines to framework version of
the DotNet compiler example module.
Test output to come in PR #5393
2016-10-08 14:06:35 -05:00
47b1320d08
Add options to cmd_psh_payload
...
Fill in validated datastore options for generating custom PSH
payloads
2016-10-08 14:06:35 -05:00
fb8e025aa5
Force datastore validation by option set
...
cmd_psh_payload relies on datastore options to have a proper
data type down the call chain. When modules are created with string
values for all data store options, a conditional naively checking
what should be a boolean value for false/nil? would return true
for a string representation of "false."
Ensure that datastore options are validated prior to using them
to set variables passed into Rex methods.
2016-10-08 14:06:35 -05:00
f24bfe7d4e
Import Powershell::exec_in_place
...
Allow passing exec_in_place parameter to cmd_psh_payload in order
to execute raw powershell without the commandline wrappers of
comspec or calling the powershell binary itself.
This is useful in contexts such as the web delivery mechanism or
recent powershell sessions as it does not require the creation of
a new PSH instance.
2016-10-08 14:06:35 -05:00
36b989e6d7
Initial import of .NET compiler and persistence
...
Add Exploit::Powershell::DotNet namespace with compiler and
runtime elevator.
Add compiler modules for payloads and custom .NET code/blocks.
==============
Powershell-based persistence module to compile .NET templates
with MSF payloads into binaries which persist on host.
Templates by @hostess (way back in 2012).
C# templates for simple binaries and a service executable with
its own install wrapper.
==============
Generic .NET compiler post module
Compiles .NET source code to binary on compromised hosts.
Useful for home-grown APT deployment, decoy creation, and other
misdirection or collection activities.
Using mimikatz (kiwi), one can also extract host-resident certs
and use them to sign the generated binary, thus creating a
locally trusted exe which helps with certain defensive measures.
==============
Concept:
Microsoft has graciously included a compiler in every modern
version of Windows. Although executables which can be easily
invoked by the user may not be present on all hosts, the
shared runtime of .NET and Powershell exposes this functionality
to all users with access to Powershell.
This commit provides a way to execute the compiler entirely in
memory, seeking to avoid disk access and the associated forensic
and defensive measures. Resulting .NET assemblies can be run
from memory, or written to disk (with the option of signing
them using a pfx cert on the host). Two basic modules are
provided to showcase the functionality and execution pipeline.
Usage notes:
Binaries generated this way are dynamic by nature and avoid sig
based detection. Heuristics, sandboxing, and other isolation
mechanisms must be defeated by the user for now. Play with
compiler options, included libraries, and runtime environments
for maximum entropy before you hit the temmplates.
Defenders should watch for:
Using this in conjunction with WMI/PS remoting or other MSFT
native distributed execution mechanism can bring malware labs
to their knees with properly crafted templates.
The powershell code to generate the binaries also provides a
convenient method to leave behind complex trojans which are not
yet in binary form, nor will they be until execution (which can
occur strictly in memory avoiding disk access for the final
product).
==============
On responsible disclosure: I've received some heat over the years
for prior work in this arena. Everything here is already public,
and has been in closed PRs in the R7 repo for years. The bad guys
have had this for a while (they do their homework religiously),
defenders need to be made aware of this approach and prepare
themselves to deal with it.
2016-10-08 14:05:53 -05:00
1f36583db2
Add zeroSteiner to author.rb
2016-10-07 12:51:22 -05:00
8a6426df48
Bump version of framework to 4.12.32
2016-10-07 10:04:32 -07:00
a0ebf5ea2d
Bump version of framework to 4.12.31
2016-10-06 11:23:08 -07:00
55597d7370
Land #7394 , Gemify rex/exploitation and associated data files into rex-exploitation
2016-10-05 10:55:21 -05:00
2be551cbd3
remove leftover cruft
...
some files that got left behind in previous
gemifications that should have been removed
2016-10-05 09:05:27 -05:00
52f6265d2e
use the new rex-exploitation gem
...
use the new rex-exploitation gem instead of the packaged in lbirary code
cleans up a huge ammount of space in framework
MS-1709
2016-10-05 09:05:27 -05:00
a89607bbdb
Prefer keyword argument
2016-10-04 23:14:14 -05:00
b7ea465855
refresh sysinfo when explicitly requested on a session
2016-10-04 22:06:06 -05:00
af4f3e7a0d
use templates from the gem for psh
...
use the templates now contained within the magical
gem of rex-powershell
7309
MS-2106
2016-10-04 14:14:25 -05:00
a4efa77878
Support driver list, adjust capcom exploit
...
This commit adds MSF-side support for listing currently loaded drivers
on the machine that Meterpreter is running on. It doesn't add a UI-level
command at this point, as I didn't see the need for it. It is, however,
possible to enumerate drivers on the target using the client API.
Also, the capcom exploit is updated so that it no longer checks for the
existence of the capcom.sys file in a fixed location on disk. Instead,
it enumerates the currently loaded drivers using the new driver listing
function, and if found it checks to make sure the MD5 of the target file
is the same as the one that is expected. The has is used instead of file
version information because the capcom driver doesn't have any version
information in it.
2016-10-04 11:27:20 +10:00
3469104f7a
Add localtime command support
2016-10-03 15:18:37 +10:00
039357a714
Land #7387 , checksum command for Meterpreter
2016-10-02 21:35:34 -05:00
63d13f0f49
check if there is a stance set before checking the value
2016-10-02 19:48:49 -05:00
8e09b172f6
Add a meterpreter checksum command
2016-10-01 14:29:35 -04:00
73c11a63b4
Bump version of framework to 4.12.30
2016-09-30 10:03:42 -07:00
e628fab86e
Land #7378 , run zipalign during apk injection process
2016-09-30 12:27:27 +08:00
6241e48b34
Land #7350 , add 'sess' command for direct session switching support
2016-09-29 23:18:53 -05:00
49ed02a203
fix packet parsing when there is partial data
2016-09-29 17:21:59 -05:00
4fdb54e6a1
Fixup transport to work with upstream
...
Differences in transport configuration and the actual payload do
not allow a direct splice of the original files included.
Clean up the payload generator to work with upstream handler,
payload, and transport configuration implementation.
Initial testing shows inbound sessions are created and SSL cert
is now properly attaching to the handler.
2016-09-29 17:21:59 -05:00
a7470991d9
Bring Python reverse_tcp_ssl payload upstream
...
Adds TLS/SSL transport encryption for reverse tcp payloads in
python
2016-09-29 17:21:59 -05:00
b06a3d3c68
Refactor code that calls zipalign on injected APK
2016-09-29 07:49:50 -07:00
e8d99fb3f5
Run zipalign as last step during APK injection process
...
Running zipalign on an APK after signing and before distribution
is considered general best practice. Also, properly aligning an APK
makes it less likely to be flagged as suspicious by mobile security
solutions.
More on zipalign from Google:
https://developer.android.com/studio/command-line/zipalign.html
2016-09-28 20:05:17 -07:00
1689f10890
Land #7292 , add android stageless meterpreter_reverse_tcp
2016-09-28 16:05:22 -05:00
ea625d4ea3
Enhance #7360 , more stance fixes
2016-09-28 13:49:29 -05:00
5a611b0ec4
use the correct scope for the Stance names
2016-09-28 13:48:28 -05:00
b4a1adaf0f
refactor into android.rb
2016-09-28 18:23:34 +08:00
dc43f59dcf
dalvik -> android
2016-09-28 14:50:52 +08:00
8bef4e4ec6
Land #7360 , restore passive?/aggressive? behavior
...
This PR restores the mod.aggressive? and mod.passive? methods to the
implementation prior to 0f7e3e9
2016-09-26 15:05:41 -05:00
5ea1e7b379
Bump version of framework to 4.12.29
2016-09-26 12:06:21 -07:00
a39c4965e4
fix apk injection script to include payload service and receivers
2016-09-26 19:50:10 +08:00
006c749e6a
directly check to match the former definition of aggressive?
2016-09-25 23:57:13 -04:00
743bea912a
fix exploit Passive / Aggressive overrides to do the right thing
2016-09-25 19:57:41 -04:00
00258a4d31
Land #7351 , restore NTLM constant class shortcuts
2016-09-25 12:09:38 -05:00
00c02bb132
Land #7349 , Add initialization of RHOST value prior to calling child check()
2016-09-23 12:28:08 -05:00
3ddf80dd7a
Bump version of framework to 4.12.28
2016-09-23 10:02:37 -07:00
c13ab28a5b
remove debug statement
2016-09-22 16:27:11 +01:00
acb3e66064
fix comments
2016-09-22 16:26:26 +01:00
32c2311b86
android meterpreter_reverse_tcp
2016-09-22 16:26:26 +01:00
2ec87d1f67
check if constant aliases are already set before setting
...
(I'm presuming that was what removing was intended to help with)
2016-09-22 07:12:42 -05:00
4acb29a129
restore NTLM constant class shortcuts
2016-09-22 07:01:38 -05:00
af4b1cf48f
Add the `sess` command to MSF and Meterp shells
...
This new command is a simpler shortcut that allows for moving around sessions much faster from within the console.
* From inside MSF, `sess <id>` is shorthand for `sessions -i <id>`
* From inside Meterp, `sess <id>` is shorthand for `background; sessions -i <id>`
In the latter case, if the session being switched to is the same id, then no swiching happens.
2016-09-22 16:09:59 +10:00
52d0840a79
Land #7276 , fix clipboard tlv usage
2016-09-22 00:47:18 -05:00
b4b709d921
Land #7342 , remove OSVDB links and references from library code - leave in modules
2016-09-22 00:45:05 -05:00
88cef32ea4
Land #7339 , SSH module fixes from net:ssh updates
2016-09-22 00:27:32 -05:00
fda5faf4ed
Land #7346 , route command fixes
...
Also adds session -1 support.
2016-09-21 15:44:24 -05:00
a3e3bbf2b0
Remove unnecessary reference to idx
2016-09-21 12:42:25 -04:00
08836a317d
Fix "route add" error and support using session -1
2016-09-21 12:02:30 -04:00
0671e854a9
Default the route command to printing the table
2016-09-21 10:36:59 -04:00
b0bb5b5806
Added initialization of RHOST value prior to calling child check() functions
2016-09-20 18:18:52 -05:00
4ff8235304
Remove semicolon
2016-09-20 17:57:48 -05:00
8871673ada
Merge branch 'master' of github.com:rapid7/metasploit-framework
2016-09-20 17:48:06 -05:00
53170cca01
msfconsole command
...
resolves #7330
Warns the user if they try to run msfconsole in msfconsole and does not let them do it
2016-09-20 17:46:25 -05:00
1b31e0a63e
remove osvdb links
2016-09-20 14:27:59 -05:00
e315ec4e73
Merge branch 'master' into bug/7321/fix-ssh-modules
2016-09-19 15:27:37 -05:00
06ff7303a6
make pubkey verifier work with old module
...
make the new pubkey verifier class and
the old identify_pubkeys aux module work
together
7321
2016-09-19 15:20:35 -05:00
2f17ae0946
add pubkey_verifier class to framework
...
this class provides a new way to do
public key only verification tests
for SSH
7321
2016-09-19 14:35:59 -05:00
3f5ed75198
Relocate Rex::Platform:Windows content (fixes MS-1714)
2016-09-19 14:34:44 -05:00
27018b421c
Land #7316 , use new rex-encoder gem
2016-09-19 11:59:21 -05:00
4c4f2e45d6
Land #7283 , add jsp payload generator
2016-09-16 14:37:59 -05:00
5acc17a800
Bump version of framework to 4.12.27
2016-09-16 10:02:52 -07:00
332ba47356
refactored blob parsing to get unicode, but break everything else
2016-09-16 11:22:53 -05:00
b21daa7019
Land #7263 , Automatically generate keystore for android apk signing
2016-09-15 22:09:15 -05:00
022ab74f30
See #7089 , add some stray fixups
2016-09-15 18:50:00 -05:00
6686e91ffe
fixup some leftover debug and whitespace issues
2016-09-15 18:39:08 -05:00
50fc3b10f8
Land #7086 , Add 'continue' and 'tries' wget-like options to meterpreter 'download'
2016-09-15 17:48:21 -05:00
7e10b5c482
use new rex-encoder gem
...
remove all the encoidng lbiraries and use the new gem
rex-encoder that contains them now.
MS-1708
2016-09-14 12:07:26 -05:00
e005a3f49b
Land #7300 replace msfrop with the rex-rop_builder gem
...
MS-1722
2016-09-14 11:21:54 -05:00
32998d938f
Bump version of framework to 4.12.26
2016-09-13 16:59:37 -07:00
b5ae287235
ensure that default_name, dns_host_name, and dns_domain_name are set
2016-09-13 18:32:59 -05:00
245237d650
Land #7288 , Add LoginScannerfor Octopus Deploy server
2016-09-13 17:26:56 -05:00
8eb2c926f3
Bump version of framework to 4.12.25
2016-09-13 13:37:08 -07:00
fd3b885d83
replace msfrop with the rex-rop_builder gem
...
moved all of this code into the new gem
MS-1722
2016-09-12 16:06:53 -05:00
8cf62dc4ed
Land #7299 , Set defaults in WordpressMulticall login scanner
2016-09-12 12:26:08 -05:00
aa193bf372
Set defaults in WordpressMulticall login scanner
...
This login scanner would crash it was used like a normal login scanner.
MS-2007
2016-09-12 11:22:15 -05:00
e09fe08983
Land #7278 , fix FTP path traversal scanners
2016-09-12 10:47:36 -05:00
1d4b0de560
Land #6616 , Added an Outlook EWS NTLM login module.
2016-09-09 11:43:52 -05:00
4495b27e67
Land #7254 , Rex::SSLScan Gemification
2016-09-08 13:20:56 -05:00
1b9c37ff78
Merge branch 'master' into feature/MS-1711/rex-nop
2016-09-08 10:48:07 -05:00
a30711ddcd
Land #7279 , Use the rubyntlm gem (again)
2016-09-07 16:33:35 -05:00
17ab04829c
missed the lib/rex/socket.rb file
...
failed to delete this rather important bigt
2016-09-07 11:38:28 -05:00
7857c58655
remove all the left voer cruft
...
remove all the files that got xfered out to the gems
MS-1715
2016-09-07 11:38:28 -05:00
43942e6029
refactor pem parser to use the rex-socket gem version
...
use rex-socket's pem aprser instead of the old one we used
to have in rex::parser
MS-1715
2016-09-07 11:38:27 -05:00
405c59b8b8
move bidirectional pipe into rex/ui/text
...
this didn't really fit with the rest of rex::io and it inherits
from inside rex/ui/text so just put it there
MS-1715
2016-09-07 11:34:04 -05:00
dcf0d74428
Adding module to scan for Octopus Deploy server
...
This module tries to log into one or more Octopus Deploy servers.
More information about Octopus Deploy:
https://octopus.com
2016-09-06 20:52:49 -05:00
c6012e7947
add jsp payload generator
2016-09-06 22:17:21 +02:00
0f30d3a720
Land #7208 , use new rex-bin_tools gem
2016-09-06 13:19:35 -05:00
9d5a276e91
Fix recent metasploit-framework.gemspec conflict.
2016-09-06 13:10:28 -05:00
dmohanty-r7
Metasploit
David Maloney
William Vu
Tim
Carter
wchen-r7
Brent Cook
Brent Cook
Pedro Ribeiro
h00die
Luis Fontes
bwatters_r7
OJ
William Webb
PartyImp
Sonny Gonzalez
Adam Cammack
Justin Angel
jinq102030
cypher
James Lee
Jon Hart
Artem
Pearce Barry
Javier Godinez
Rich Whitcroft
Jeffrey Martin
darkbushido
Jin Qian
Dylan Davis
Brian Yip
Tod Beardsley
dana-at-cp
Brian Patterson
Louis Sato
nixawk
Justin Steven
RageLtMan
Spencer McIntyre
HD Moore
james-otten
Christian Mehlmauer