infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
33,862 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

6930 Commits (faa7ed2b68969f2e2741b3159c90c06d4c8633d9)

Author SHA1 Message Date
wchen-r7 bdf30dd383
Land #5374, --smallest option in msfvenom 2015-05-20 21:06:10 -05:00
HD Moore a8d111ce89 Merge branch 'master' into feature/uuid-registration 2015-05-20 19:48:39 -05:00
HD Moore ac0004ea0a Implement IgnoreUnknownPayloads 2015-05-20 19:47:17 -05:00
wchen-r7 93900087c7 Resolve #5219, user-configurable HTTP timeout 
Resolve #5219
 2015-05-20 13:30:45 -05:00
OJ 44f8cf4124 Add more size to stagers, adjust psexec payloads 
This psexec payload size should be evaluated to make sure I'm not doing
anything stupid. i can't see a reason why increasing these sizes would
be bad. They seem to work fine.
 2015-05-20 17:07:56 +10:00
OJ 5963a5833a Fix up php stageless payload includes 2015-05-20 16:50:00 +10:00
OJ d0a5b803e8 Use generate_payload_uuid instead of manual obj creation 2015-05-20 16:25:52 +10:00
HD Moore 818d8b186c Implement tracking 2015-05-20 01:10:19 -05:00
OJ 289873c25f
Merge all the stager changes 2015-05-20 16:02:37 +10:00
OJ 6859b24c1c Fix missing label, update payload sizes 2015-05-20 15:42:31 +10:00
OJ d43e11f5af WinHTTP rework with proxy support, and SSL verification 
This commit fixes up the winhttps stuff properly too. PHEW!
 2015-05-20 15:32:34 +10:00
HD Moore 513a81e340 Add framework.uuid_db as a JSONHashFile 2015-05-20 00:28:32 -05:00
OJ fd2534914d Small tweaks to reverse_http 2015-05-20 12:15:38 +10:00
David Maloney 48c50a897c
add rpc call to change meterp transport 
this rpc method allows the user to change transport
on an existing meterp session. if it's successful
it will close the old 'session' tied to the rpevious transport

MSP-12722
 2015-05-19 14:43:25 -05:00
Christian Catalan 046003acb4
Increase REXML expansion text limit 
MSP-9532

* Increase to reasonable size to handle larger xml file expansion on import
* Prevents the 'RuntimeError entity expansion has grown too large' error that prevents import
 2015-05-19 12:47:19 -05:00
Tim 3b8effc589
fix ext_server_android.jar error 2015-05-19 17:26:50 +01:00
William Vu c1b8cee315
Land #5369, @dmaloney-r7's snmp_login fixes 2015-05-19 10:39:03 -05:00
Tim e7c8a3b56c add support for SessionRetryTotal and SessionRetryWait on Android 2015-05-19 16:16:04 +01:00
OJ 9fddc21cf3 Shaved another sneaky byte off the payload 2015-05-19 21:21:07 +10:00
OJ 6e96e6d118 Shellcode golf to make the payload smaller 
Tried to implement some more of the stuff that egypt suggested, managed
to get some in, but not others. Ultimately, its smaller than it was, and
I'm sure there are ways to make it better as well.
 2015-05-19 21:17:42 +10:00
OJ 62720ab357 Fix the wininet stager for http/s 
For some reason this was only working on Windows7/2008, yet when tired
on Windows 2012 it was resulting in crashes. It was also stopping
working in exploits such as psexec_psh.

Went back to the beginning and started again. With this in place, we can
now do a bit of shellcode golf to make it a bit smaller.

Adjusted payload sizes as well.
 2015-05-19 20:03:22 +10:00
HD Moore 9d7e54f360 Add the UUID subdirectory, including initial DB class 2015-05-18 23:41:22 -05:00
HD Moore c7932855f2 Move UUIDOptions to UUID::Options 2015-05-18 23:35:18 -05:00
HD Moore 9dd82d94ae Exclude Manual ranked encoders from automatic selection, these can still be specified with -e 2015-05-18 15:47:15 -05:00
HD Moore 71eab7a236 Implements msfvenom --smallest, still some blockers 2015-05-18 15:24:59 -05:00
HD Moore a82168d7bb Fixes #5361 by adding --encoder-space to msfvenom 2015-05-18 14:27:52 -05:00
David Maloney 7376d4d94e
account for public only credentials in #to_s 
SNMP in particular will only have a public, so we need
to account for this so we don't output poorly formed text
with a trailing ':' char

5266
 2015-05-18 13:42:15 -05:00
David Maloney c69b6b2b8b
only issue db warning once 
cache the fact that we have issued the db warning
so we do not issue it for every credential attempt
on the module run.

5266
 2015-05-18 13:41:18 -05:00
OJ e7f80042d4 Finalise work on the bind_ipv6_tcp stager for UUID support 2015-05-18 21:19:04 +10:00
OJ 593f6e5fc4 Fix issue with bind UUID 2015-05-18 20:25:15 +10:00
OJ 9296a024e2 PHP meterpreter refactoring in prep for uuid work 2015-05-18 17:40:48 +10:00
OJ 27cdc588c8
Merge module include fix from stager update 2015-05-18 15:00:05 +10:00
OJ 677acb22a4 Fix up module include in x64 winhttp 2015-05-18 14:59:49 +10:00
OJ 4488a5e634 Add uuid support to python, and rework stages/stagers 2015-05-18 14:33:35 +10:00
OJ 0d56b3ee66 Stage UUIDs, generation options, php and python meterp uuid 2015-05-18 13:29:46 +10:00
OJ bf2b113abb
Merge branch 'upstream/master' into update-x64-stagers 2015-05-18 13:28:36 +10:00
OJ 8bd41a3834
Land #5354 - transport config fallback in stager 2015-05-18 10:16:44 +10:00
OJ 8b2e5c88d9 Adjust transport config fallback to include https 2015-05-18 10:16:09 +10:00
OJ 178ba50b98
Merge branch 'upstream/master' into rage-stager-transport 2015-05-17 20:09:50 +10:00
OJ d725554a87 Fix UUID code so that it always deals with 16 bytes 
Also re-add the payload ID to session validation now that the UUID stuff
is reliable.
 2015-05-17 17:49:21 +10:00
OJ 37e4d71a6a Remove check for UUID in the valid session check 
This is causing sessions to fail because meterpreter isn't doing the
right thing. I have another fix in the works which will properly solve
this, but in the short term the best way of solving the problem is to
remove this line.
 2015-05-17 17:13:54 +10:00
RageLtMan 11e715ae46 Configure transport from stager mixin 
Transport configuration for basic session types can be performed
by the stager mixin.

Add a default transport_config method to Msf::Payload::Stager by
mixing in Msf::Payload::TransportConfig and attempting to guess
the default tranport and direction types from the currently loaded
module's (MSF module) refname.

Users with custom payloads will no longer need to update them with
transport_config methods unless they use a non standard transport,
direction, or other innovation which affects the default approach.

Testing:
  Tested with payloads lacking transport_config methods or access
to the TransportConfig module (Ruby) namespace. This also resolves
problems with the RC4 payloads in upstream as they can't currently
generate stagers for meterpreter.
 2015-05-17 03:03:17 -04:00
jvazquez-r7 3c92d5365e
Lnad #5334, @wchen-r7's deletes unnecessary check on mysql_drop_and_create_sys_exec 2015-05-15 11:51:21 -05:00
wchen-r7 25099dd877
Land #5212, HTA Powershell template 2015-05-15 11:49:07 -05:00
wchen-r7 3bc3614be6 Do a check for powershell.exe before running it. 2015-05-15 11:48:21 -05:00
jvazquez-r7 4c1558b398
Land #5331, @wchen-r7's fixes #5330 by using print_warning 2015-05-15 11:42:57 -05:00
jvazquez-r7 b7b00666fa
Use parenthesis 2015-05-15 11:41:14 -05:00
Brent Cook 1653acd527
Land #5344, print payload size from msfvenom 2015-05-15 09:49:05 -05:00
OJ 7b2aee2a60
Merge branch 'upstream/master' into update-x64-stagers 2015-05-15 12:27:40 +10:00
OJ 83fbd41970 Merge branch 'upstream/master' into multi-transport-support 
Conflicts:
	Gemfile.lock
	modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb
 2015-05-14 14:50:25 +10:00
HD Moore 5f3947312d
Lands #5327, SSL support + refactor for PowerShell 2015-05-13 23:25:15 -05:00
wchen-r7 2e61973411 Resolve #5343, Print payload size 
Resolve #5343. Prints payload size
 2015-05-13 16:33:22 -05:00
benpturner 1f294eac0b Updated to remove dup code 2015-05-13 17:26:21 +01:00
Brent Cook 9549d572cc
Land #5280, update to Ruby on Rails 4.0 
This upgrades a number of other gems as a side-effect.
 2015-05-12 16:48:49 -05:00
HD Moore b1b8f86aae
Lands #5270, improvements to Msf::ModuleSet 2015-05-12 11:01:23 -05:00
OJ 06dfdbcc2c Merge updated transport changes 
Discard changes that were made for reverse_https transport in x64 as
they no longer apply here.
 2015-05-12 10:26:39 +10:00
OJ 836feaa2d8 Fix uuid setting, fix reverse_https x64 payload 
The payload changes in this PR will be fixed up/removed in the
update-x64-stagers PR.
 2015-05-12 10:24:11 +10:00
OJ 5f735c917c Add condition before overwriting payload_uuid 2015-05-12 09:56:55 +10:00
OJ 51e6c13bc4 Adjust transport configuration include for x64/reverse_http 
Not sure how I missed this, but I did!
 2015-05-12 09:54:08 +10:00
OJ 849f904711 Finalise style changes as per suggestions in PR 2015-05-12 09:48:50 +10:00
OJ 474461d2a4 Merge format and structure changes from multi transport 2015-05-12 09:46:02 +10:00
OJ 69d2b8ffb1 Various code format, style changes, file moves 
As per Egypt's suggestions.
 2015-05-12 09:43:41 +10:00
OJ 42f94e70c7 Add `nil` default to exit_types, transport param order swap 
This allows for checking against exit types to be super easy instead of
having to have extra checks in place. Also changed the order of scope_id
and uri in the transport URI generation. The net effect of this is NOP
because these things only appear separately.
 2015-05-12 09:05:58 +10:00
OJ 5dfab1f426 Fix exitfunk module for x64 
The exitfunk module was using asm keywords that are considered invalid
by metasm. This commit removes these keywords and also adjusts one of
the label names to reduce the chance of a collision with other files.
 2015-05-12 08:44:03 +10:00
wchen-r7 12038ed3e1 Fix #5244, Remove unnecessary check for mysql_drop_and_create_sys_exec 
Fix #5244, MySQL is always return OK so it doesn't seem to be so
important to check res for DROP FUNCTION IF EXISTS sys_exe
 2015-05-11 14:17:51 -05:00
wchen-r7 730135705d Resolve #5330, change print_error to print_warning for report_auth_info 
Resolve #5330 for more consistent deprecation style.
 2015-05-11 11:01:45 -05:00
OJ e99d885b6b Final work on reverse_winhttps 2015-05-11 22:21:22 +10:00
OJ 68eadd9f51 More work on reverse_winhttps 2015-05-11 21:38:26 +10:00
OJ e69e6c4a73 Implement winhttp for x64 
Still has some quirks to fix up, but we're getting there. Everything
seems to work except for reverse_winhttps. I can't see why at this
point.
 2015-05-11 17:27:47 +10:00
OJ 800ab11abd Payload size adjustment, typo fix 
Woot, this somehow reduces the payload sizes by 2 bytes... woot.. or
something.
 2015-05-11 17:24:32 +10:00
OJ cbf06fcb02 Tweak reverse_winhttp to fix small issues 
Now working fine with proxy settings.
 2015-05-11 17:24:32 +10:00
OJ 679bb46f86 Refactoring, exitfunk fix, block_api_hash func 2015-05-11 17:24:32 +10:00
OJ 99fdfe31f1 More tidying/refactoring of the stagers 2015-05-11 17:24:31 +10:00
OJ 4686691753 Interim commit while juggling some other code 2015-05-11 17:24:31 +10:00
OJ 0820bc5dd5 Small bits of tidying up for reverse_winhttp/s 
Refactoring, ready to get the proxy stuff going.
 2015-05-11 17:24:31 +10:00
OJ 21397b46aa Add proxy user/pass to x64 reverse_http/s 2015-05-11 17:24:31 +10:00
OJ 9312c0ea46 Add proxy host support to x64 reverse_http/s 
Proxy user/pass coming shortly.
 2015-05-11 17:24:31 +10:00
OJ b922da8f80 Add support for x64 reverse_http 
Still need to bake in support for proxies in the stagers, but wer'e
getting there.
 2015-05-11 17:24:31 +10:00
OJ 15e9fb7e40 Port reverse_https (wininet) x64 to metasm 
This laid the groundwork for implementation of reverse_http as well.
 2015-05-11 17:24:31 +10:00
OJ 29649ff881 Fix proxy config not making it through 2015-05-11 17:24:02 +10:00
Meatballs 706e304849
Land 5299, implement shell_command for PS sessions 2015-05-09 11:23:43 +01:00
Meatballs 98d531e053
Check if session responds to response_timeout 2015-05-09 11:21:45 +01:00
OJ 79753f719f Slight fix to the transport config 2015-05-08 18:36:30 +10:00
OJ ba3266803a Add transport configuration to reverse_http/s 2015-05-08 18:32:48 +10:00
OJ 5111abdd09 Add transport config entry to reverse_winhttp 2015-05-08 18:15:24 +10:00
William Vu 508574970c
Land #5307, Brocade login scanner resurrection 2015-05-07 22:43:39 -05:00
William Vu 71518ef613
Land #5303, metasploit-payloads Java binaries 2015-05-07 22:39:54 -05:00
William Vu 2f2169af90 Use single quotes consistently 2015-05-07 22:39:36 -05:00
benpturner ef59d1f7c4 Markers 2015-05-07 22:50:09 +01:00
benpturner 24abe597e4 numeric 2015-05-07 19:23:25 +01:00
benpturner 01c2bc0287 Buff 2015-05-07 19:10:33 +01:00
benpturner c234714013 Start and End Markers 2015-05-07 19:06:36 +01:00
OJ fd827db6dd Fix up bind stager payload sizes 2015-05-07 10:13:27 +10:00
OJ 9d7a7cb68d Merge branch 'upstream/master' into multi-transport-support 
Conflicts:
	lib/msf/core/payload/linux/bind_tcp.rb
 2015-05-07 07:24:22 +10:00
OJ 60e25170fa
Land #5313 : fixup bind_tcp stager 2015-05-07 07:09:19 +10:00
Brent Cook 5a8b6e90f2 restore ecx after setting the socket options, set default size 2015-05-06 11:56:07 -05:00
wchen-r7 97807e09ca
Lad #5125, Group Policy startup exploit 2015-05-06 11:17:01 -05:00
root 6b5aaa5479 brocade enable command bruteforcer 2015-05-05 21:16:23 -05:00
OJ 95e9057854 Remove typo'd stuff that shouldn't have made it past merge 2015-05-06 08:07:07 +10:00
Brent Cook a0c806c213 Update java meterpreter and payload references to use metasploit-payloads 2015-05-05 15:01:00 -05:00