Jonathan
26482f9ebd
reset head~2 and removed shebang from unattend.rb
2013-11-09 15:05:56 -05:00
Tod Beardsley
cc9ac7695d
Land #2592 , add getproxy
...
Needed for new functionality in #2612
2013-11-08 13:20:20 -06:00
Jonathan
575072585f
removed shebangs from files within rex
2013-11-07 18:51:59 -05:00
sinn3r
866f240337
A little update on documentation
2013-11-07 17:06:43 -06:00
sinn3r
32b12609bd
Forgot to pass optional headers
2013-11-07 16:50:58 -06:00
FireFart
bdd33d4daf
implement feedback from @jlee-r7
2013-11-07 23:07:58 +01:00
FireFart
aab4d4ae76
first commit for typo3
2013-11-07 22:38:27 +01:00
scriptjunkie
7615264b17
Merge branch 'lanattacks_fix' of git://github.com/OJ/metasploit-framework into OJ-lanattacks_fix
2013-11-07 10:35:00 -06:00
sinn3r
991240a87e
Support java version detection
2013-11-07 00:54:52 -06:00
sinn3r
3e1771aa77
Being able to pass binding when we need to
2013-11-07 00:12:29 -06:00
sinn3r
23996ec32c
Fix up some things
2013-11-06 22:47:02 -06:00
OJ
1dacf7e57e
Last lot of shebangs removed
2013-11-07 07:35:51 +10:00
OJ
6422e1d6e8
Remove shebang, code tidy, as per @jlee-r7's gripes
2013-11-07 07:32:04 +10:00
sinn3r
c338f7a8c0
Change how requirements are defined, rspec, etc
2013-11-06 14:01:29 -06:00
sinn3r
c92116060e
Forgot to rm this line
2013-11-06 01:53:46 -06:00
sinn3r
f2e4d5507c
More rspec
2013-11-06 01:45:40 -06:00
sinn3r
636adc81de
Add rop_junk and rop_nop
2013-11-06 01:04:33 -06:00
sinn3r
65c96a1f45
Allow the module to be target specific
2013-11-06 00:57:53 -06:00
sinn3r
63d3c7e8bb
Put proxy headers in a constant
2013-11-05 16:33:36 -06:00
sinn3r
73701462ed
Fix ActiveX. Use ERB for Javascript detection code.
2013-11-05 16:26:41 -06:00
OJ
7dcb071f11
Remote shebang and fix pxexeploit
2013-11-06 07:10:25 +10:00
James Lee
36f96d343e
Revert "Revert "Land #2505" to resolve new rspec fails"
...
This reverts commit e7d3206dc9
.
2013-11-05 13:45:00 -06:00
sinn3r
9c6b187cc6
stuff
2013-11-05 11:05:33 -06:00
sinn3r
0513dad789
-_-
2013-11-05 10:30:37 -06:00
sinn3r
9d1742ac47
Fix typos
2013-11-05 10:15:53 -06:00
sinn3r
8fb2b943be
Add ActiveX detection
2013-11-05 01:34:56 -06:00
sinn3r
5f2d8358c0
Be more browser specific with Javascript generation
2013-11-05 01:04:52 -06:00
sinn3r
844daf0e00
No regex for get_resource checking
2013-11-04 17:49:43 -06:00
sinn3r
054a525f35
Change profile data structure
2013-11-04 17:46:36 -06:00
sinn3r
ef57a38274
Move documentation about profile structure
2013-11-04 16:47:15 -06:00
OJ
d1e008387a
Stop auto preview, code clean
...
Removed the auto preview of captured images from the clipboard.
Removed parens from calls to print_line.
2013-11-05 07:15:31 +10:00
OJ
12810580d6
Remove arg for bind port/addr functions
...
Done to avoid masking of datastore instance variable.
2013-11-05 06:56:21 +10:00
OJ
f62247e731
Fix comments, indenting and pxexploit module
...
Updated the comments and indentation so they're not blatantly wrong.
Adjusted the pxexploit module so that it doesn't break any more as
a result of the refactoring.
2013-11-05 06:35:50 +10:00
sinn3r
9c8ecd2ede
Fix encoding order
2013-11-04 14:06:42 -06:00
sinn3r
d970925cbf
Fix encoding bug
2013-11-04 13:45:29 -06:00
sinn3r
ed572d95ee
Merge joev's PR for Rex::Exploitation::Js::Network
2013-11-04 12:58:08 -06:00
sinn3r
23e5a9f048
Force on_request_exploit override
2013-11-04 12:54:52 -06:00
sinn3r
e83f4e5120
Use a warning
2013-11-04 12:54:41 -06:00
sinn3r
25787fbaa7
Change has_proxy?
2013-11-04 12:52:15 -06:00
sinn3r
c6fb570480
Correct bad method naming
2013-11-04 12:35:04 -06:00
sinn3r
016e686bcf
super chomp
2013-11-04 12:28:22 -06:00
sinn3r
c3d9f4064c
They are symbols not strings
2013-11-04 12:10:39 -06:00
sinn3r
0337e6ff54
Do yard documentation
2013-11-04 12:09:59 -06:00
OJ
ff78082004
Refactor lanattacks ruby code, add command dispatcher
...
The lanattacks module didn't seem to have a command dispatcher, and
hence loading the module would always result in a failure. This
commit fixes this problem.
The commit contains a bit of a refactor of the lanattacks code to be
a little more modular. It also has a shiny new dispatcher which breaks
the DHCP and TFTP functionality up into separate areas.
2013-11-04 17:37:42 +10:00
joev
bccbed2757
Rename :use_xhr_shim to :inject_xhr_shim.
2013-11-02 16:52:04 -05:00
joev
90d8da6a21
Fix some bugs in my edits, add a spec.
2013-11-02 16:46:33 -05:00
joev
c7c1fcfa98
Pull shared XHR shim out, add option to static Js module method.
...
* Moves shim to data/js/network/xhr_shim.js
* Add some yardoc comments
2013-11-02 14:52:50 -05:00
OJ
d658fa46b4
Updated help, removed binaries
2013-11-02 23:10:16 +10:00
OJ
67fbeacbf0
Add support for optional image downloading
...
Without -d, `CF_DIB` types will just show image dimensions. Running
with -d will result in the image being looted.
2013-11-02 23:07:13 +10:00
sinn3r
abc06aa8aa
Use mutex
2013-11-01 11:35:23 -05:00
sinn3r
5fb261a974
Change var name
2013-10-31 23:48:41 -05:00
sinn3r
d54c8a359b
Fix bug in proxy detection
2013-10-31 23:42:43 -05:00
sinn3r
7a33c48a0f
No double slash
2013-10-31 23:17:38 -05:00
sinn3r
5851d502b5
Rename some stuff
2013-10-31 23:12:20 -05:00
sinn3r
21891a8337
Make sure the browser can't retry by going to the first URL
2013-10-31 23:08:17 -05:00
sinn3r
94d62613ab
Pretty much done with these, remove these comments.
2013-10-31 19:04:11 -05:00
sinn3r
828ef9c64c
Adds target-specific payload generator
2013-10-31 18:54:01 -05:00
sinn3r
8a0ebcbac7
Adds method get_module_resource
2013-10-31 14:34:38 -05:00
sinn3r
10fd892827
Fix a "undefined method to_sym" bug
...
If something is undetectable, the value may be empty, which triggers
a undefined method error because the regex always assumes there is
something. So instead of +, we use *.
2013-10-31 14:06:05 -05:00
sinn3r
6e7e5a0ff9
Put postInfo() in the js directory
2013-10-31 13:55:22 -05:00
sinn3r
00efad5c5d
Initial commit for BrowserExploitServer mixin
2013-10-31 13:17:06 -05:00
William Vu
f5d1d8eace
chmod -x .rb files without #! in modules and lib
...
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
William Vu
3e1ae4c9b3
Land #2504 , @todb-r7's edit command for msfconsole
2013-10-30 15:38:07 -05:00
Tod Beardsley
900ccc7ec9
VISUAL is okay. Also doesn't need to be a path.
...
I don't believe this opens an untoward attack vector -- if your attacker
can run Metasploit locally, you have much bigger problems.
2013-10-30 15:34:23 -05:00
OJ
2fbac9b129
Add `getproxy` command
...
This command pulls out system proxy details on windows machines.
2013-10-30 18:40:51 +10:00
jvazquez-r7
26af6452da
Land #2588 , @wvu-r7's permissions change for cmdstager_printf.rb
2013-10-29 08:07:19 -05:00
OJ
1f6c320bb3
Tidy up of extapi code, new bins
...
* Rename methods to remove redundancy.
* Update bins to freshly compiled version.
* Use the Rex Table functionality instead of custom look.
* Use the `usage` feature of the Arguments class for help.
2013-10-29 21:22:05 +10:00
OJ
606411de81
Fix mimikatz error when password is nil
...
In some cases the password value that comes out of mimikatz results
is `nil`, instead of an empty string. This fixes this so that if
the string is `nil` is falls back to an empty string, resulting in
the call to `gsub` working instead of failing.
2013-10-29 15:13:32 +10:00
William Vu
333a0d5820
chmod -x cmdstager_printf.rb
2013-10-28 18:47:14 -05:00
Tod Beardsley
4bf041ec46
Use Rails, not Ruby, time formats.
...
Since MSF now equires ActiveSupport, may as well reference it correctly.
2013-10-25 11:52:54 -05:00
Tod Beardsley
b781e58a67
Unformat the prompt and promptchar
2013-10-25 11:40:28 -05:00
jvazquez-r7
0084f32ca2
Print default values when unset options
2013-10-25 11:21:42 -05:00
Meatballs
e18dd3ec0b
Use base64 to reduce size
2013-10-25 01:19:43 +01:00
ethicalhack3r
6f605fb009
Typo
2013-10-24 16:33:26 +02:00
Tod Beardsley
b5f26455a3
Land #2545 , javascript library overhaul
2013-10-23 16:12:49 -05:00
sinn3r
caf41f34bf
Land #2562 - Fix RM 8510 (FileDropper)
2013-10-22 21:45:33 -05:00
sinn3r
acc73dd545
Land #2282 - BypassUAC now checks if the process is LowIntegrityLevel
2013-10-22 17:16:26 -05:00
jvazquez-r7
7d1dc3746f
Use the @schierlm's command
2013-10-22 16:19:49 -05:00
sinn3r
ee95ca5e2b
Land #2158 - Fix NoMethodError undefined method `split' for nil:NilClass
2013-10-22 16:01:27 -05:00
Tod Beardsley
dc0d9ae21d
Land #2560 , ZDI references
...
[FixRM #8513 ]
2013-10-22 15:58:21 -05:00
sinn3r
e1c4aef805
Land #1789 - Windows SSO Post Module
2013-10-22 15:48:15 -05:00
Meatballs
8611a2a24c
Merge remote-tracking branch 'upstream/master' into low_integ_bypassuac
2013-10-22 21:42:36 +01:00
sinn3r
ba1edc6fa8
Land #2402 - Windows Management Instrumentation Local -> Peers
2013-10-22 15:39:32 -05:00
jvazquez-r7
4ad9bc5efe
Try to [FixRM #8510 ]
2013-10-22 08:42:14 -05:00
sinn3r
afcce8a511
Merge osdetect and addonsdetect
2013-10-22 01:11:11 -05:00
sinn3r
19615ac4b7
Apparently I missed a lot of stuff
2013-10-21 21:02:01 -05:00
sinn3r
fcba529ea5
Update coding format
2013-10-21 20:54:25 -05:00
sinn3r
99d5da1f03
We can simplify this
2013-10-21 20:22:45 -05:00
sinn3r
ea56c4914c
Need this file
2013-10-21 20:17:38 -05:00
sinn3r
9a3e719233
Rework the naming style
2013-10-21 20:16:37 -05:00
William Vu
9258d79978
Add ZDI references to reference.rb
2013-10-21 15:13:46 -05:00
sinn3r
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
Tod Beardsley
e7d3206dc9
Revert "Land #2505" to resolve new rspec fails
...
This reverts commit 717dfefead
, reversing
changes made to 6430fa3354
.
2013-10-21 12:47:57 -05:00
sinn3r
c929fbd7f4
Land #2555 - Retry shell without thread impersonation
2013-10-21 12:25:15 -05:00
William Vu
717dfefead
Land #2505 , missing source fix for sock_sendpage
2013-10-21 11:47:55 -05:00
Meatballs1
58a82f0518
Update exe.rb
...
Rename values
2013-10-21 13:50:07 +01:00
OJ
cf65f59a28
Retry shell without thread impersonation
...
In certain scenarios on Windows XP there are times when creating a
shell fails with the error `ERROR_PRIVILEGE_NOT_HELD`. When this
happens the user will usuall fallback to a non-impersonated shell
via the command: `execute -f cmd.exe -H -i -c`
This patch catches the error, warns the use of the failure and then retries
to create the interactive shell without the `-t` flag.
2013-10-21 15:29:19 +10:00
OJ
4e90394c7f
Add support for CF_DIB clipboard formats
...
Image data copied to the clipboard, such as a screenshot, is converted to a JPEG using GDI+, and downloaded to the local loot folder.
This feature doesn't work with W2K as a result, but that doesn't really bother me. The code is simpler and much smaller as a result and doesn't require the inclusion of the jpeg library code.
2013-10-21 00:05:42 +10:00
sinn3r
2d24824e78
Use data_directory instead of install_root
2013-10-19 17:55:03 -05:00
sinn3r
8a94df7dcd
Change category name for base64
2013-10-18 21:20:16 -05:00
sinn3r
62dadc80d3
Make sure the data type for the return value is a string
2013-10-18 21:08:46 -05:00
sinn3r
298f23c91c
Fix extra slashes that cause browser autopwn to fail.
2013-10-18 20:43:39 -05:00
Tod Beardsley
ffcb86eba2
Land #2541 , Outpost24 importer
...
Sample data is currently secret. If we get a hold of non-secret sample
data, it'll be tacked on to the Redmine bug referenced below.
[FixRM #8384 ]
2013-10-18 13:21:58 -05:00
Tod Beardsley
f6675f3120
Reordered case statements
2013-10-18 13:21:28 -05:00
sinn3r
8579cb8322
Use obfuscation
2013-10-18 13:06:19 -05:00
Meatballs
2ef89eaf35
Randomize exe name
2013-10-18 19:01:28 +01:00
Meatballs
56aa9ab01c
Reduce size
2013-10-18 18:59:30 +01:00
Meatballs
4e4d0488ae
Rubyfy constants in privs lib
2013-10-18 18:26:07 +01:00
sinn3r
6f04a5d4d7
Cache Javascript
2013-10-18 12:23:58 -05:00
William Vu
93ff9ec501
Create methods for start_element for readability
2013-10-18 12:20:43 -05:00
William Vu
ff69e9fd05
Move product info code to a better location
2013-10-18 12:07:34 -05:00
sinn3r
3af38b9602
I bet "../" will drive people crazy, avoid that.
2013-10-18 11:56:03 -05:00
William Vu
e6cccedad0
Append vuln info to vuln description
2013-10-18 11:31:54 -05:00
sinn3r
b0d614bc6a
Cleaning up requires
2013-10-18 01:47:27 -05:00
Meatballs
e450e34c7e
Merge branch 'master' of github.com:rapid7/metasploit-framework into low_integ_bypassuac
...
Conflicts:
modules/exploits/windows/local/bypassuac.rb
2013-10-17 23:35:36 +01:00
Meatballs
5a662defac
Post::Privs uses Post::Registry methods
2013-10-17 23:28:07 +01:00
sinn3r
c926fa710b
Move all exploitation-related JavaScript to their new home
2013-10-17 16:43:29 -05:00
William Vu
12151650e4
Add product info to hosts and services :)
2013-10-17 16:18:27 -05:00
William Vu
06c7943f54
Import hostnames without breaking everything
2013-10-17 15:31:48 -05:00
William Vu
920e406526
Import CVE refs and db.emit all the things
2013-10-17 14:29:54 -05:00
Tod Beardsley
72a052942f
Methodize the editor variable as local_editor
2013-10-17 14:11:20 -05:00
Rob Fuller
8f2ba68934
move decrypt_lsa and decrypt_secret to priv too
2013-10-17 00:04:21 -04:00
Rob Fuller
541d932d77
move decrypt_lsa to priv as well
2013-10-16 23:53:33 -04:00
Rob Fuller
60d8ee1434
move capture_lsa_key to priv
2013-10-16 23:45:28 -04:00
Rob Fuller
1a9fcf2cbb
move convert_des_56_to_64 to priv
2013-10-16 23:39:07 -04:00
Rob Fuller
1a85bd22a8
move capture_boot_key to post win priv
2013-10-16 22:46:15 -04:00
OJ
d4d4839dc2
Add size (bytes) of the files on the clipboard
...
Output of the `clipboard_get_data` call now includes the size
of each file in bytes.
2013-10-16 22:54:55 +10:00
OJ
afc5e282a9
Add CF_HDROP file support to the clipboard
...
`clipboard_get_data` has been changed so that raw text is supported and file listings are supported.
If files are on the clipboard, those files and folders are listed when this command is run. To download the files, pass in the `-d` option.
2013-10-16 17:46:22 +10:00
sinn3r
0081e186f7
Make sure i var is local
2013-10-15 23:59:23 -05:00
William Vu
ad8af02021
Add my wonderfully simplistic Outpost24 parser
2013-10-15 16:34:46 -05:00
sinn3r
4c91f2e0f5
Add detection code MS Office
...
Add detection code for MS Office XP, 2003, 2007, 2010, and 2012.
[SeeRM #8413 ]
2013-10-15 16:27:23 -05:00
William Vu
38965f91ee
Add Outpost24 importer code to core/db.rb
2013-10-15 15:32:28 -05:00
sinn3r
41ab4739e3
Land #2520 - Add detection for FF 22 - 24
2013-10-15 15:17:43 -05:00
OJ
414a814d5d
Add the start of clipboard support
...
This commit adds support for getting text-based information from the
victim's clipboard and for setting text-based data to the victim's
clipboard. Early days, with much wiggle room left for extra fun
functionality.
2013-10-15 23:57:33 +10:00
OJ
ea89b5e880
Add support for child window enumeration
...
Children of windows can now be enumerated via the -p parameter, which
specifies the handle of the parent window to enumerate.
There is also a -u parameter which includes unknown/untitled windows
in the result set.
2013-10-15 18:02:27 +10:00
Tod Beardsley
14be85ea5d
Land #2511 , fix up NoMethodError and hanging connx
2013-10-14 16:30:19 -05:00
joev
711fac08b7
Don't throw exception if createElement is missing.
2013-10-14 14:15:13 -05:00
joev
183940308b
Add another nil check, just to be safe.
2013-10-14 13:55:54 -05:00
joev
20a145f1e7
Check for prop in prototype, not constructor.
2013-10-14 13:51:45 -05:00
joev
488ed5bd4a
Add new feature detection logic for FF 23 and 24.
2013-10-14 13:41:26 -05:00
William Vu
35dd94f0ac
Land #2518 , uninitialized JavascriptOSDetect fix
2013-10-14 13:32:04 -05:00
sinn3r
e10dbf8a5d
Land #2508 - Add nodejs payloads
2013-10-14 12:23:31 -05:00
sinn3r
da3081e1c8
[FixRM 8482] Fix uninit constant Rex::Exploitation::JavascriptOSDetect
...
This fixes an uninit constant Rex::Exploitation::JavascriptOSDetect
while using a module with js_os_detect. It was originally reported
by Metasploit user @viniciuskmax
[FixRM 8482]
2013-10-14 11:40:46 -05:00
Meatballs
cad717a186
Use NDR 32bit syntax.
...
Compatible with both x86 and x64 systems.
Tidy up the module...
2013-10-12 18:52:45 +01:00
joev
c7bcc97dff
Add SSL support to #nodejs_reverse_tcp.
2013-10-12 03:32:52 -05:00
joev
6440a26f04
Move shared Node.js payload logic to mixin.
...
- this fixes the recursive loading issue when creating a payload
inside the cmd payload
- also dries up some of the node cmd invocation logic.
2013-10-12 03:19:06 -05:00
Tod Beardsley
876d4e0aa8
Land #1420 , WDS scanner
2013-10-11 16:53:25 -05:00
Tod Beardsley
4d76e8e9ac
Add RPORT to the list of DCERPC ports to check
...
[FixRM #8479 ]
2013-10-11 16:23:38 -05:00
Tod Beardsley
423b490168
Use Rex::Compat.getenv instead
...
Also, this would deprecate out the editor plugin.
2013-10-11 10:42:13 -05:00
Tod Beardsley
a7025fca3d
msfconsole 'edit' command
...
Useful for quick editing a module during development / bug fixing. I
don't really see a security issue with running a command defined in the
user's VISUAL or EDITOR environment variables; if the user can run
msfconsole to begin with, there are better ways to get into trouble.
2013-10-10 23:00:25 -05:00
OJ
b99af52279
Improve extapi ruby structure, add bins
...
The extapi project will get bigger over time so this change allows for the code to get
bigger without becoming a headache before it starts.
Added binaries to this commit as well.
2013-10-11 09:52:23 +10:00
Tod Beardsley
85112e8704
Land #2413 , axe callcc
...
This is the only time callcc is used in the entire codebase, too, so
this apparently removes a roadblack to non-MRI Rubies, so that's nice.
2013-10-10 14:55:55 -05:00
Meatballs
378f403fab
Land #2453 , Add stdapi_net_resolve_host(s) to Python Meterpreter.
...
Moves resolve_host post module to multi and depreciates Windows module.
Resolve will now return nil for failed lookups instead of an empty
string.
2013-10-10 20:13:06 +01:00
Meatballs
9ca9b4ab29
Merge branch 'master' into data_dir
...
Conflicts:
lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
William Vu
de57cbc67d
Land #2497 , @todb-r7's author alphabetization
2013-10-10 13:00:50 -05:00
OJ
cbaeebeff7
Add service_query to ext_server_extapi
...
Once the user has queried the list of services they can now use the
`service_query` function to get more detail about a specific service.
2013-10-11 01:02:51 +10:00
OJ
23340e9df0
Add service_enum to the ext_server_extapi extension
...
This commit adds the ability to enumerate services on the target machine,
showing the PID, the service name, the display name and an indication of
the service's ability to interact with the desktop.
Some other small code tidies were done too.
2013-10-10 21:23:23 +10:00
kernelsmith
adbcace9dd
Land #2458 , OJ's Meterpreter railgun multi call fix
...
also [FixRM #8269 ]
2013-10-10 00:38:44 -05:00
Tod Beardsley
4f1e71e222
Also this isn't Lua. Deal with commas.
2013-10-09 17:30:57 -05:00
Tod Beardsley
c8dc251042
Alphabetize authors
...
Because alphabetizing is cool and makes it easy for humans to find
things in long array lists quickly.
Also, I need to keep my lines changed count up.
2013-10-09 17:29:17 -05:00
James Lee
947925e3a3
Use a proper main signature with arguments
...
Allows us to `unlink(argv[0])`
2013-10-09 17:22:01 -05:00
Spencer McIntyre
6c382c8eb7
Return nil on error, and move the module to post/multi.
2013-10-09 16:52:53 -04:00
Tod Beardsley
9d34a8c894
Land #2465 , deal with missing cpuinfo bins
...
[FixRM #8456 ]
Thanks @ZeroChaos!
2013-10-09 13:03:48 -05:00
Tod Beardsley
356263df56
Litter some more rescue nil's in there
...
I hate them but they were there when I got there.
A more sane way to deal with this should happen someday.
2013-10-09 12:17:13 -05:00
Tod Beardsley
f95da649f8
Deal with missing bins, too.
...
This could be way more DRY. At least there's a YARD-ish comment.
This fixes up https://github.com/rapid7/metasploit-framework/pull/2465
to be a more complete solution.
[SeeRM #8465 ]
2013-10-09 12:13:44 -05:00
OJ
47801c17b3
MSF started to the extended API with window enum
...
Decided to kick off a new extended API extension with mubix and
kernelsmith to include some more advanced enumeration stuff. The goal of
this extension is to take stuff that wouldn't be part of the std api but
is rather useful for enumeration of a target once meterpreter has been
established.
This commit kicks things off with enumeration of top level windows on the
current desktop.
2013-10-09 22:25:43 +10:00
Markus Wulftange
e895a17722
Add 'no quotes' option for CmdStagerPrintf
...
Exploit developers can use the ':noquotes => true' option to avoid
single quotes surrounding the octal escapes argument.
2013-10-08 21:04:28 +02:00
jvazquez-r7
2593c06e7c
Land #2412 , @mwulftange's printf cmd stager
2013-10-08 09:08:29 -05:00
Markus Wulftange
6f7d513f6e
Another clean up and simplification of CmdStagerPrintf
2013-10-08 07:22:09 +02:00
Tod Beardsley
ff6dec5eee
Promote joev to a first class citizen
...
[See #2476 ]
2013-10-07 12:40:43 -05:00
Markus Wulftange
836ff24998
Clean and fix CmdStagerPrintf
...
Clean up of the CmdStagerPrintf as discussed in mwulftange#1
2013-10-05 10:39:55 +02:00
sinn3r
77cbb7cd19
Update function documentation
2013-10-04 15:18:27 -05:00
ZeroChaos
5f4e4de267
fix for bug 8456
...
On systems without bundled johntheripper (either by removing the bundled version or by no compatible version shipped) the system john is used. In this case, all of the checking for compatible bundled jtr makes no sense and as such we can shortcut out of this to not only reduce the size of msf (for embedded) but also to speed execution (saving multiple calls to some random bundled binary cpuinfo*.bin).
This patch makes it very easy to simply remove cpuinfo and msf will not try to run it when missing and default to running john from the path.
2013-10-04 15:58:47 -04:00
James Lee
541833e2cc
Convert llmnr_response to use Net::DNS
...
* Allows responding to AAAA requests in addition to the existing A
support
* Prevents problems when recvfrom returns a mapped address like
"::ffff:192.0.2.1"
Also:
* Fix a few typos
* capture: Don't shadow a method name (arp) with a local variable
* capture: Handle the case where our UDP send hits an ENETUNREACH
2013-10-04 12:35:30 -05:00
sinn3r
29d1c75d1c
Update RopDb mixin to allow dynamic payload size for neg
...
This adds a new key to allow a "safe" integer value to NEG. "Safe"
means the value does not have any null bytes after the NEG instruction,
which is typically used to calculate the payload size.
2013-10-03 23:09:23 -05:00
OJ
21afa9defe
Meterpreter railgun multi call fix
...
Modifications accommodate changes in the multi-call railgun code that
were made to Meterpreter.
This also includes a fix for Redmine 8269, so the Windows constants
now work correctly with the multi-calls.
2013-10-04 12:04:18 +10:00
Meatballs
c460f943f7
Merge branch 'master' into data_dir
...
Conflicts:
modules/exploits/windows/local/always_install_elevated.rb
plugins/sounds.rb
scripts/meterpreter/powerdump.rb
scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
James Lee
b822a41004
Axe errant tabs and unused vars
2013-10-02 13:47:39 -05:00
jvazquez-r7
758fd02619
Windows 7 SP1 and newer fail when forcing IPv6 sockets
2013-10-02 09:45:51 -05:00
OJ
82162ef486
Add error message support to railgun
...
This code was lost in the transition when the meterpreter source was
removed from the metasploit-framework source. I'm pulling this in by
request of @dmaloney-r7 who originally requested this code be inculded
as part of https://github.com/rapid7/metasploit-framework/pull/740
I added an extra bit of code to free up memory that is allocated by the
call to FormatMessage and forced the ASCII-version (FormatMessageA) of
the call.
This PR is the MSF side of https://github.com/rapid7/meterpreter/pull/26
2013-10-01 17:23:08 +10:00
Meatballs
29a7059eb4
Update AlwaysInstallElevated to use a generated MSI file
...
Fixes bugs with MSI::UAC option, invalid logic and typo...
2013-09-29 17:09:03 +01:00
Tod Beardsley
2fb770f73e
Land #1569 , MSI payloads
...
The bins are signed by Meatballs, everything looks good here, so
landing. Thanks for your patience on these!
2013-09-27 16:29:27 -05:00
Tod Beardsley
7cc2ad55a6
Land #1770 , unattend.xml snarfing modules
2013-09-27 16:04:38 -05:00
Tod Beardsley
63d638888d
Get rid of interior tabs
2013-09-27 16:04:03 -05:00
Tod Beardsley
d869b1bb70
Unless, unless everywhere.
2013-09-27 15:55:57 -05:00
Meatballs
8aeb134581
Retab...
2013-09-27 20:40:16 +01:00
OJ
58cd2c796e
Add a bind port setting to reverse listeners
...
This adds a `ReverseListenerBindPort` advanced setting to the reverse listeners whic
allows for the local bind port to be separated from the `LHOST` setting used in the
payload. This means that listeners can bind to different ports in cases where the
attacker isn't able to listen on the same port that the victim can call out on, but
there are NATs/portforwards/whatever in place that allow the connection to happen.
2013-09-28 05:38:39 +10:00
Meatballs
6ca01adf1d
Merge branch 'master' into msi_payload
...
Conflicts:
lib/msf/util/exe.rb
2013-09-27 20:37:40 +01:00
Meatballs
34c443f346
Forgot msi-nouac
2013-09-27 20:36:00 +01:00
Meatballs
8a9843cca6
Merge upstream/master
2013-09-27 20:02:23 +01:00
Tab Assassin
c94e8a616f
Retabbed to catch new bad tabs
2013-09-27 13:34:13 -05:00
Meatballs
8b800cf5de
Merge and resolve conflicts
2013-09-27 18:19:23 +01:00
Tod Beardsley
869c10af04
Land #2396 , aspx-exe shellcode generator
...
Looks good to me, specs are all happy (also added a #to_h spec)
2013-09-27 11:42:16 -05:00
Joshua J. Drake
d04c47d2b7
Remove comment since it was addressed in 4500d09c2f
2013-09-26 19:47:54 -05:00
Meatballs
3d812742f1
Merge upstream master
2013-09-26 21:27:44 +01:00
Meatballs
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
Meatballs
a25833e4d7
Fix %TEMP% path
2013-09-26 19:22:36 +01:00
Tod Beardsley
8696b5d2dc
Fix bug on missing hosts for SunRPC Portmap
...
Also cleans up and normalizes the print messages to follow the
conventions of "host:port - proto - message"
[FixRM #8409 ], reported by Chris F.
2013-09-26 09:42:38 -05:00
Tod Beardsley
701410f608
Land #2414 , portfwd teardown and recreate
...
[FixRM #8240 ]
2013-09-25 17:40:47 -05:00
Tod Beardsley
1a515093cb
Idiomatic Ruby
...
Assuming this gets accepted, this should [FixRM #8240 ]. Take a look, and
if you're good with it, I'll land on master. Everything seems to work
out on this end.
2013-09-25 17:26:00 -05:00
jvazquez-r7
9cc446ae2a
Get cookies with empty values
2013-09-25 14:31:34 -05:00
jvazquez-r7
58d4096e0f
Resolv conflicts on #2267
2013-09-25 13:06:14 -05:00
joev
99e46d2cdb
Merge branch 'master' into cve-2013-4660_js_yaml_code_exec
...
Conflicts:
modules/exploits/multi/handler.rb
2013-09-25 00:32:56 -05:00
FireFart
617f6d53fe
user_id starts at 1
2013-09-24 23:41:02 +02:00
FireFart
7a2762f4a7
more regexes
2013-09-24 20:20:06 +02:00
Meatballs
f1e563d375
Merge branch 'master' of github.com:rapid7/metasploit-framework into enum_ad_perf
2013-09-24 19:08:52 +01:00
FireFart
dc8f94bac1
Added wordpress version detection
2013-09-24 08:59:56 +02:00
OJ
0038bb90b1
Remove unncessary counter var
2013-09-24 13:35:29 +10:00
OJ
b91e344815
Add code to recreate the forwards after migration
...
* Feels like a bit of a hack job, but it works.
2013-09-24 13:27:58 +10:00
James Lee
487f68f4d2
Get rid of callcc
...
[SeeRM 8407]
2013-09-23 19:36:26 -05:00
FireFart
e1aefe07e1
clarify documentation
2013-09-24 00:08:33 +02:00
FireFart
7c4708b1df
-) Fix get_cookies to return multiple cookies. Before it only returned the first cookie
...
-) Bugfix
2013-09-23 23:59:45 +02:00
Tod Beardsley
8db1a389eb
Land #2304 fix post module require order
...
Incidentally resolve conflict on current_user_psexec to account for the
new powershell require.
2013-09-23 16:52:23 -05:00
FireFart
bfe88fa089
added wordpress login checks for 2.0 and 2.5
2013-09-23 23:32:31 +02:00
Tod Beardsley
e885ab45b6
Land #1734 Metasploit side for ip resolv
2013-09-23 16:18:40 -05:00
Markus Wulftange
10252ca6f4
Just Rex::Text.to_octal is probably better
2013-09-23 23:03:38 +02:00
Markus Wulftange
9353929945
Add CmdStagerPrintf
2013-09-23 22:02:29 +02:00
Meatballs
695fdf836c
Generate NonUAC MSIs
2013-09-21 13:13:18 +01:00
Meatballs
85ea9ca05a
Merge branch 'master' of github.com:rapid7/metasploit-framework into msi_payload
2013-09-21 12:49:38 +01:00
Joe Vennix
a08d195308
Add Node.js as a platform.
...
* Fix some whitespace issues in platform.rb
2013-09-20 18:14:01 -05:00
sinn3r
b6c7116890
Land #1778 - Mimikatz Fix for table.print and x86 warning
2013-09-20 16:13:53 -05:00
jvazquez-r7
87f75e1065
Complete CmdStagerEcho code doc
2013-09-20 13:24:53 -05:00
Meatballs
7d1c5c732a
Correct powershell
2013-09-20 18:36:24 +01:00
Meatballs
3dd75db584
Address feedback
2013-09-20 17:20:42 +01:00
Meatballs
a00f3d8b8e
initial
2013-09-20 13:40:28 +01:00
Tod Beardsley
e9e1b28ba8
Land #2371 , echo -e cmd stager
2013-09-19 14:47:39 -05:00
Meatballs
11bdf5d332
New pull
2013-09-19 19:57:38 +01:00
Meatballs
72155f8e9e
Comment update
2013-09-19 19:46:05 +01:00
OJ
598e85a8d9
Fix for dangling port forwards
...
Code tears down the port forwards prior to migrating so that we don't end up with dangling connections that don't work.
2013-09-19 19:27:54 +10:00
Tod Beardsley
f4e2e0ac11
Clear report_data on each host report
2013-09-18 17:11:22 -05:00
James Lee
8fe9132159
Land #2358 , deprecate funny names
2013-09-18 14:55:33 -05:00
James Lee
595820382e
Fix lying documentation
2013-09-17 20:58:29 -05:00
jvazquez-r7
dd7010d272
Fix @todb-r7 feedback
2013-09-17 20:54:19 -05:00
James Lee
a0d113d754
Fix a bug that deleted too many hosts
...
When running a command that takes host ranges as arguments (e.g.,
`hosts`, `services`), the arguments get parsed by
Rex::Socket::RangeWalker. If RangeWalker was unable to parse, it would
return nil, which in this context means "all hosts." If the user is
searching, they get all hosts instead of the ones they were interested
in -- this is annoying, but not too big a deal. Unfortunately, the same
logic applied when *deleting* hosts, with `hosts -d ...`, causing all
hosts to be deleted when giving it an invalid range.
2013-09-17 20:51:41 -05:00
James Lee
150f0f644e
Merge branch 'rapid7' into bug/osx-mods-load-order
...
Conflicts:
modules/post/windows/gather/enum_dirperms.rb
2013-09-17 18:21:13 -05:00
Tod Beardsley
dae8847c4d
Land #2374 , more complete 32/64 migrate fix
...
[FixRM #8395 ]
2013-09-17 14:52:04 -05:00
James Lee
c77d49a640
Merge branch 'rapid7' into cleanup/remove-id-tags
...
Conflicts:
lib/msf/core/payload/osx/bundleinject.rb
lib/msf/core/payload/windows/dllinject.rb
lib/msf/core/payload/windows/exec.rb
lib/msf/core/payload/windows/loadlibrary.rb
lib/msf/core/payload/windows/reflectivedllinject.rb
lib/msf/core/payload/windows/x64/reflectivedllinject.rb
scripts/meterpreter/netenum.rb
2013-09-17 10:55:02 -05:00
James Lee
97d3a20f82
Remove more $Revision tags
2013-09-17 10:46:37 -05:00
James Lee
21055f6856
Add x86 to meterpreter's binary suffix
...
This makes x86 more consistent with x64.
Also replaces a bunch of instances of:
File.join(Msf::Config.install_root, 'data', ...)
with the simpler
File.join(Msf::Config.data_directory, ...)
[See rapid7/meterpreter#19 ]
2013-09-16 21:52:04 -05:00
Joe Vennix
d954d64f69
Add NODEJS arch constants.
2013-09-16 21:33:44 -05:00
Joe Vennix
217449a836
Ensures termination of inner while loop and cleans up #map.
...
* Tested working against ubuntu target using the sshexec test script.
2013-09-16 20:42:20 -05:00
jvazquez-r7
edec022957
Use shellwords, as recommended by @jvennix-r7
2013-09-16 16:35:45 -05:00
James Lee
d6954e9ce7
Fix migrate from 32- to 64-bit processes
...
In some cases, it was possible to end up in a situation where the x64
reflective library hadn't been loaded by the time a user typed migrate.
If the target process was 64-bit, msfconsole would error out with a
NoMethodError and much sadness would ensue.
[See #2356 ]
2013-09-16 16:04:50 -05:00
jvazquez-r7
a8198bc948
Add documentatio to the mixin
2013-09-16 11:55:30 -05:00
jvazquez-r7
a5049df320
Add echo CmdStager
2013-09-16 11:35:05 -05:00
sinn3r
4be0601c73
Land #2352 - Expand path to database config
2013-09-16 01:51:51 -05:00
Tod Beardsley
53a7e74813
Land #2360
...
All the specs pass, and it's difficult to repo many of these cases to
see if bugs are actually here, but it's a good idea to enforce binary
regexs.
2013-09-13 14:43:53 -05:00
HD Moore
72dff03426
FixRM #8396 change all lib use of regex to 8-bit pattern
2013-09-12 16:58:49 -05:00
James Lee
6cc5965123
Land #2278 , exe injection refactor
2013-09-12 16:37:58 -05:00
Tod Beardsley
76f27ecde8
Require the deprecation mixin in all modules
...
Because rememberin to require it, and hoping against a race is not how we
roll any more.
2013-09-12 15:49:33 -05:00
David Maloney
34e5f69fbf
fix merge conflict
2013-09-12 13:56:08 -05:00
David Maloney
e80cda4ace
Merge branch 'master' into spike/exe_generation
2013-09-12 12:36:10 -05:00
James Lee
30c2efe3b2
Add require for eventlog
...
Even though nothing uses it except an old script
2013-09-11 16:21:10 -05:00
Till Maas
763b111c9b
cmd_db_connect: Expand path to database config
...
Do not only check whether the expanded path for the database config file
exists, but also use it.
2013-09-11 11:23:26 +02:00
Markus Wulftange
80243c6e4d
Disable default sorting on MSSQL results
...
When printing output using the `mssql_print_reply`, the output gets
sorted by default by the first column. This can distort the output,
especially when the row order is crucial like in case of executing
external commands with `mssql_xpcmdshell`.
This patch disables sorting by initializing Rex::Ui::Text::Table
with SortIndex = -1.
2013-09-09 20:14:48 +02:00
David Maloney
5773a009f5
Merge branch 'spike/exe_generation' of github.com:/dmaloney-r7/metasploit-framework into spike/exe_generation
2013-09-09 12:17:36 -05:00
David Maloney
d6e4e46d86
better validation of buffer register
2013-09-09 12:16:15 -05:00
jvazquez-r7
eb745af12f
Land #1054 , @Meatballs1 exploit for IPsec Keying and more
2013-09-05 16:53:20 -05:00
Tab Assassin
8bc83f4922
Retab changes for PR #1420
2013-09-05 16:21:26 -05:00
Tab Assassin
d6a7ce5328
Merge for retab
2013-09-05 16:21:13 -05:00
Tab Assassin
b3b8cee870
Retab changes for PR #1473
2013-09-05 16:19:05 -05:00
Tab Assassin
0ba4e1da65
Merge for retab
2013-09-05 16:18:56 -05:00
Tab Assassin
2bd1fb451b
Retab changes for PR #1569
2013-09-05 16:16:05 -05:00
Tab Assassin
48cf2af685
Merge for retab
2013-09-05 16:16:00 -05:00
Tab Assassin
3c1df47314
Retab changes for PR #1681
2013-09-05 16:10:40 -05:00
Tab Assassin
a231e85293
Merge for retab
2013-09-05 16:10:28 -05:00
James Lee
adfb31e30a
Land #2316 , don't modify datastore in authbrute
2013-09-05 16:04:15 -05:00
jvazquez-r7
368a78a963
Undo post setup change
2013-09-05 15:00:58 -05:00
Tab Assassin
2e9096d427
Retab changes for PR #1734
2013-09-05 14:59:41 -05:00
Tab Assassin
322ed35bb4
Merge for retab
2013-09-05 14:59:34 -05:00
Tab Assassin
2846a5d680
Retab changes for PR #1770
2013-09-05 14:57:40 -05:00
Tab Assassin
269c1a26cb
Merge for retab
2013-09-05 14:57:32 -05:00
Tab Assassin
701513a212
Retab changes for PR #1778
2013-09-05 14:56:35 -05:00
Tab Assassin
3788bab8e5
Merge for retab
2013-09-05 14:56:30 -05:00
Tab Assassin
26b8364dcb
Retab changes for PR #1789
2013-09-05 14:44:21 -05:00
Tab Assassin
789be1fe3e
Merge for retab
2013-09-05 14:44:14 -05:00
Meatballs
d4043a6646
Spaces and change to filedropper
2013-09-05 20:41:37 +01:00
Meatballs
c5daf939d1
Stabs tabassassin
2013-09-05 20:36:52 +01:00
Tab Assassin
81479a6ade
Retab changes for PR #2093
2013-09-05 14:31:10 -05:00
Tab Assassin
8a76b3390d
Merge for retab
2013-09-05 14:31:05 -05:00
Tab Assassin
daed98931e
Retab changes for PR #2158
2013-09-05 14:19:55 -05:00
Tab Assassin
27fd54092a
Merge for retab
2013-09-05 14:19:49 -05:00
James Lee
41f6ab3073
Land #2294 , fix post setup
...
Conflicts:
lib/msf/core/post.rb
2013-09-05 14:11:32 -05:00
Tab Assassin
f5a4c05dbc
Retab changes for PR #2267
2013-09-05 14:11:03 -05:00
Tab Assassin
4703a10b64
Merge for retab
2013-09-05 14:10:58 -05:00
Tab Assassin
0d884ebbab
Retab changes for PR #2278
2013-09-05 14:08:14 -05:00
Tab Assassin
63612a64e9
Merge for retab
2013-09-05 14:08:09 -05:00
Tab Assassin
d0360733d7
Retab changes for PR #2282
2013-09-05 14:05:34 -05:00
Tab Assassin
49dface180
Merge for retab
2013-09-05 14:05:28 -05:00
Tab Assassin
845bf7146b
Retab changes for PR #2304
2013-09-05 13:41:25 -05:00
Tab Assassin
adf9ff356c
Merge for retab
2013-09-05 13:41:23 -05:00
Tab Assassin
abb52a086c
Retab changes for PR #2316
2013-09-05 13:33:59 -05:00
Tab Assassin
8665de0261
Merge for retab
2013-09-05 13:33:49 -05:00
Tab Assassin
d0a3ea6156
Retab changes for PR #2320
2013-09-05 13:27:47 -05:00
Tab Assassin
bff7d0e6ae
Merge for retab
2013-09-05 13:27:09 -05:00
Tab Assassin
896bb129cd
Retab changes for PR #2325
2013-09-05 13:24:09 -05:00
Tab Assassin
5ff25d8b96
Merge for retab
2013-09-05 13:23:25 -05:00
James Lee
b913fcf1a7
Add a proper PrependFork for linux
...
Also fixes a typo bug for AppendExit
2013-09-04 00:15:07 -05:00
Meatballs
1471a4fcef
Fixes an error in file_dropper where @dropped_files is nil
...
causing an exception to be raised and on_new_session to fail.
I have moved super to the top of the chain so it always gets
called regardless.
2013-09-03 23:45:41 +01:00
Meatballs
c687f23b81
Better error handling
2013-09-03 22:57:27 +01:00