infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
33,862 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

6930 Commits (faa7ed2b68969f2e2741b3159c90c06d4c8633d9)

Author SHA1 Message Date
HD Moore 5f3947312d
Lands #5327, SSL support + refactor for PowerShell 2015-05-13 23:25:15 -05:00
wchen-r7 2e61973411 Resolve #5343, Print payload size 
Resolve #5343. Prints payload size
 2015-05-13 16:33:22 -05:00
benpturner 1f294eac0b Updated to remove dup code 2015-05-13 17:26:21 +01:00
Brent Cook 9549d572cc
Land #5280, update to Ruby on Rails 4.0 
This upgrades a number of other gems as a side-effect.
 2015-05-12 16:48:49 -05:00
HD Moore b1b8f86aae
Lands #5270, improvements to Msf::ModuleSet 2015-05-12 11:01:23 -05:00
OJ 06dfdbcc2c Merge updated transport changes 
Discard changes that were made for reverse_https transport in x64 as
they no longer apply here.
 2015-05-12 10:26:39 +10:00
OJ 836feaa2d8 Fix uuid setting, fix reverse_https x64 payload 
The payload changes in this PR will be fixed up/removed in the
update-x64-stagers PR.
 2015-05-12 10:24:11 +10:00
OJ 5f735c917c Add condition before overwriting payload_uuid 2015-05-12 09:56:55 +10:00
OJ 51e6c13bc4 Adjust transport configuration include for x64/reverse_http 
Not sure how I missed this, but I did!
 2015-05-12 09:54:08 +10:00
OJ 849f904711 Finalise style changes as per suggestions in PR 2015-05-12 09:48:50 +10:00
OJ 474461d2a4 Merge format and structure changes from multi transport 2015-05-12 09:46:02 +10:00
OJ 69d2b8ffb1 Various code format, style changes, file moves 
As per Egypt's suggestions.
 2015-05-12 09:43:41 +10:00
OJ 42f94e70c7 Add `nil` default to exit_types, transport param order swap 
This allows for checking against exit types to be super easy instead of
having to have extra checks in place. Also changed the order of scope_id
and uri in the transport URI generation. The net effect of this is NOP
because these things only appear separately.
 2015-05-12 09:05:58 +10:00
OJ 5dfab1f426 Fix exitfunk module for x64 
The exitfunk module was using asm keywords that are considered invalid
by metasm. This commit removes these keywords and also adjusts one of
the label names to reduce the chance of a collision with other files.
 2015-05-12 08:44:03 +10:00
wchen-r7 12038ed3e1 Fix #5244, Remove unnecessary check for mysql_drop_and_create_sys_exec 
Fix #5244, MySQL is always return OK so it doesn't seem to be so
important to check res for DROP FUNCTION IF EXISTS sys_exe
 2015-05-11 14:17:51 -05:00
wchen-r7 730135705d Resolve #5330, change print_error to print_warning for report_auth_info 
Resolve #5330 for more consistent deprecation style.
 2015-05-11 11:01:45 -05:00
OJ e99d885b6b Final work on reverse_winhttps 2015-05-11 22:21:22 +10:00
OJ 68eadd9f51 More work on reverse_winhttps 2015-05-11 21:38:26 +10:00
OJ e69e6c4a73 Implement winhttp for x64 
Still has some quirks to fix up, but we're getting there. Everything
seems to work except for reverse_winhttps. I can't see why at this
point.
 2015-05-11 17:27:47 +10:00
OJ 800ab11abd Payload size adjustment, typo fix 
Woot, this somehow reduces the payload sizes by 2 bytes... woot.. or
something.
 2015-05-11 17:24:32 +10:00
OJ cbf06fcb02 Tweak reverse_winhttp to fix small issues 
Now working fine with proxy settings.
 2015-05-11 17:24:32 +10:00
OJ 679bb46f86 Refactoring, exitfunk fix, block_api_hash func 2015-05-11 17:24:32 +10:00
OJ 99fdfe31f1 More tidying/refactoring of the stagers 2015-05-11 17:24:31 +10:00
OJ 4686691753 Interim commit while juggling some other code 2015-05-11 17:24:31 +10:00
OJ 0820bc5dd5 Small bits of tidying up for reverse_winhttp/s 
Refactoring, ready to get the proxy stuff going.
 2015-05-11 17:24:31 +10:00
OJ 21397b46aa Add proxy user/pass to x64 reverse_http/s 2015-05-11 17:24:31 +10:00
OJ 9312c0ea46 Add proxy host support to x64 reverse_http/s 
Proxy user/pass coming shortly.
 2015-05-11 17:24:31 +10:00
OJ b922da8f80 Add support for x64 reverse_http 
Still need to bake in support for proxies in the stagers, but wer'e
getting there.
 2015-05-11 17:24:31 +10:00
OJ 15e9fb7e40 Port reverse_https (wininet) x64 to metasm 
This laid the groundwork for implementation of reverse_http as well.
 2015-05-11 17:24:31 +10:00
OJ 29649ff881 Fix proxy config not making it through 2015-05-11 17:24:02 +10:00
Meatballs 706e304849
Land 5299, implement shell_command for PS sessions 2015-05-09 11:23:43 +01:00
Meatballs 98d531e053
Check if session responds to response_timeout 2015-05-09 11:21:45 +01:00
OJ 79753f719f Slight fix to the transport config 2015-05-08 18:36:30 +10:00
OJ ba3266803a Add transport configuration to reverse_http/s 2015-05-08 18:32:48 +10:00
OJ 5111abdd09 Add transport config entry to reverse_winhttp 2015-05-08 18:15:24 +10:00
William Vu 508574970c
Land #5307, Brocade login scanner resurrection 2015-05-07 22:43:39 -05:00
William Vu 71518ef613
Land #5303, metasploit-payloads Java binaries 2015-05-07 22:39:54 -05:00
William Vu 2f2169af90 Use single quotes consistently 2015-05-07 22:39:36 -05:00
benpturner ef59d1f7c4 Markers 2015-05-07 22:50:09 +01:00
benpturner 24abe597e4 numeric 2015-05-07 19:23:25 +01:00
benpturner 01c2bc0287 Buff 2015-05-07 19:10:33 +01:00
benpturner c234714013 Start and End Markers 2015-05-07 19:06:36 +01:00
OJ fd827db6dd Fix up bind stager payload sizes 2015-05-07 10:13:27 +10:00
OJ 9d7a7cb68d Merge branch 'upstream/master' into multi-transport-support 
Conflicts:
	lib/msf/core/payload/linux/bind_tcp.rb
 2015-05-07 07:24:22 +10:00
OJ 60e25170fa
Land #5313 : fixup bind_tcp stager 2015-05-07 07:09:19 +10:00
Brent Cook 5a8b6e90f2 restore ecx after setting the socket options, set default size 2015-05-06 11:56:07 -05:00
wchen-r7 97807e09ca
Lad #5125, Group Policy startup exploit 2015-05-06 11:17:01 -05:00
root 6b5aaa5479 brocade enable command bruteforcer 2015-05-05 21:16:23 -05:00
OJ 95e9057854 Remove typo'd stuff that shouldn't have made it past merge 2015-05-06 08:07:07 +10:00
Brent Cook a0c806c213 Update java meterpreter and payload references to use metasploit-payloads 2015-05-05 15:01:00 -05:00
benpturner 982b2381ed New shell_command markers 2015-05-05 19:20:03 +01:00
William Vu 013781fb9c
Land #5292, WordPress custom file version check 2015-05-05 11:21:18 -05:00
William Vu 18791ce933 Clean up code 2015-05-05 11:19:40 -05:00
darkbushido 26e7fe15f9
Merge branch 'upstream' into staging/rails-4.0 
Conflicts:
	Gemfile.lock
 2015-05-05 11:00:38 -05:00
benpturner 22d2275ecb || session.type == 'powershell' 2015-05-05 09:31:43 +01:00
OJ 62fa14326d Merge branch 'upstream/master' into multi-transport-support 
Merged with HD's stuff as he fixed up a few things that I had done too.

Conflicts:
	lib/msf/base/sessions/meterpreter_options.rb
	lib/rex/post/meterpreter/client_core.rb
	lib/rex/post/meterpreter/packet_dispatcher.rb
 2015-05-05 17:18:01 +10:00
OJ c540ba4b98
Land #5297 : Track machine_id and dead sessions 2015-05-05 17:08:39 +10:00
OJ 2949bf053a Remove old comment from ASM 2015-05-05 13:09:13 +10:00
OJ 852961f059 Tweaking of transport behaviour, removal of patch 2015-05-05 11:45:22 +10:00
OJ cf62d1fd7c Remove patch and old stageless stuff 2015-05-05 09:27:01 +10:00
OJ b42f4f5cd2 Merge branch 'upstream/master' into multi-transport-support 
Conflicts:
	lib/msf/core/payload/windows/stageless_meterpreter.rb
	lib/msf/core/payload/windows/x64/stageless_meterpreter.rb
	lib/rex/post/meterpreter/client_core.rb
	modules/payloads/stages/linux/x86/meterpreter.rb
	modules/payloads/stages/windows/meterpreter.rb
	modules/payloads/stages/windows/x64/meterpreter.rb
 2015-05-05 07:53:54 +10:00
OJ e45bf5cf51 Remove the URI patcher now that it's not used at all 2015-05-05 07:35:49 +10:00
Brent Cook 05e4af8162
Land #5214, initial meterpreter session recovery support 2015-05-04 16:25:27 -05:00
benpturner 453b1fce50 Spaces 2015-05-04 22:17:08 +01:00
benpturner 658958d8e7 Allow sessions -c command on powershell 2015-05-04 22:07:22 +01:00
Brent Cook d90c25ecea
Land #5287, RPC API fixes 2015-05-04 15:44:15 -05:00
jvazquez-r7 0ca0d3d045
Improve nt_create_andx path parsing 2015-05-04 15:20:51 -05:00
Brent Cook e6ea5511ca update linux and windows meterpreters to use metasploit-payloads 2015-05-04 09:44:36 -05:00
OJ c2dc4677fb Prevent stagless from overwriting socket 
Stageless payloads need to have the socket FD left along (ie. 0)
otherwise each of them will think that the socket is already open.
Instead we need to make sure it's left as 0 as per the configuration and
from there the stageless code will fire up a new socket based on the
transport in question.
 2015-05-04 22:36:59 +10:00
OJ e835f2b99c Rejig transport config into module 
Adjust a few other things along the way, including tidying of code,
removing of dead stuff.
 2015-05-04 22:04:34 +10:00
OJ 93bf995b32 Reverse tcp support for POSIX 
Ported the stager and wired in the new work to make the configuration
function.
 2015-05-04 20:11:26 +10:00
OJ 9300158c9a Initial rework of POSIX stuff to handle new configuration 2015-05-04 18:58:55 +10:00
HD Moore a577bef9c3 Rework dirty cleanup to use skip_cleanup instead 2015-05-04 03:52:55 -05:00
HD Moore e7ba6e8a9a Speed up dead session cleanup by skipping shutdown/cleanup 2015-05-04 03:40:48 -05:00
HD Moore 3080feb188 Track the machine_id and drop non-responsive sessions automatically 2015-05-04 03:22:29 -05:00
HD Moore d00f6a8fdf Rework verbose sessions listing to work around table limits 2015-05-04 02:55:31 -05:00
William Vu c0adf7f113
Land #5291, HTTPS reference links 2015-05-03 14:33:20 -05:00
HD Moore 8ca66e03aa Track and display the last checkin time for Meterpreter sessions 2015-05-03 10:52:54 -05:00
Christian Mehlmauer 55967172be
allow custom regex 2015-05-02 21:06:15 +02:00
Christian Mehlmauer 9678479abb
check version from custom file 2015-05-02 18:34:10 +02:00
Tom Sellers 480a176415 Initial commit 2015-05-02 10:11:17 -05:00
OJ 2189c6d868 Pass timeouts to clients and correctly patch timeouts 
Timeouts are correctly passed through to the client instances from the
handlers. The cilent also passes those values through to the RDI code so
that the binaries are correctly patched.
 2015-05-02 10:01:32 +10:00
Tom Sellers c441ff81a1 Update comment in wordpress/version.rb 
The comment 'All versions are vulnerable' makes sense on line 163 where there is no introduced or fixed version.  On line 175 though there is a fixed version, just no introduced version.  Adjusting comment text.
 2015-05-01 17:05:31 -05:00
Brent Cook 8bd2a69112 simplify and fix rpc_get_note 2015-05-01 16:01:07 -05:00
Brent Cook 52b9fc8fca handle unknown host when generating a new note 2015-05-01 15:47:05 -05:00
Brent Cook 8d78135321 pass down the workspace for the other opt_to_* methods 2015-05-01 15:42:04 -05:00
Brent Cook f2504b84be use the same logic with 'get_note' and 'del_note' for selecting notes 
factor out the selector from 'get_note' and use it in both places
 2015-05-01 15:41:25 -05:00
Brent Cook 29b97f4695 remove superfluous parens on ifs 2015-05-01 15:40:45 -05:00
darkbushido 0b608e139a
Merge branch 'upstream' into staging/rails-4.0 2015-05-01 11:26:24 -05:00
wchen-r7 81744384c2 Actually fix del_note 2015-04-30 17:02:06 -05:00
wchen-r7 11f9c010ce Change documentation 2015-04-30 16:46:01 -05:00
David Maloney 18874fe384
fixes Issue #5272 on report_vuln 
use includes instead of joins so that refs on
the vuln are not marked as readonly
 2015-04-30 15:21:56 -05:00
wchen-r7 e79780d885 Fix #5240 2015-04-30 15:20:29 -05:00
wchen-r7 3b42265c98 Fix #5239 2015-04-30 15:20:04 -05:00
wchen-r7 440005d302 Fix #5237 2015-04-30 15:10:13 -05:00
wchen-r7 f315eb4afd Fix #5236 2015-04-30 15:07:11 -05:00
wchen-r7 70ab938951 Fix #5229 2015-04-30 14:56:30 -05:00
wchen-r7 f43e4f9447 Fix #5238 2015-04-30 13:49:13 -05:00
Matt Buck 912f41292a
Drop some unused code 2015-04-30 11:25:57 -05:00
Matt Buck 3f797e4393 Reinstate some to_s coercions that were mistakenly dropped 2015-04-30 11:13:48 -05:00
Brent Cook 4c9f44b00c
Revert "Land #4888, @h00die's brocade credential bruteforcer" 
There were some issues with this module that caused backtraces when run outside
of msfconsole. Reverting it for now so we can add some specs and ensure that it
works like the other login scanners.
 2015-04-29 15:36:03 -05:00
William Vu b41aa0e617 Fix NoMethodError for rhost 
Can't rely on it to be defined (kinda like peer).
 2015-04-29 15:14:41 -05:00
Brent Cook 9386d1ca6d remove unused mod_ranked attribute 2015-04-28 22:27:09 -05:00
Brent Cook 7b7f40baa4 remove modules that cannot be instantiated 2015-04-28 22:21:31 -05:00
Brent Cook 0caeee32fe replace sort with sort_by 2015-04-28 21:39:37 -05:00
Matt Buck 8163c3cdda Merge branch 'master' into staging/rails-4.0 
Conflicts:
	Gemfile.lock
	plugins/nessus.rb
 2015-04-28 15:33:46 -05:00
OJ 4f9c8d04a2 Add support for moving transports and uuid fetching 
The 'next' and 'prev' commands were added so that the session can jump
transports without having to add new ones at the same time.

There's also a command which gives the UUID now so that this can be
reused across sessions.
 2015-04-28 20:24:44 +10:00
OJ f711e5dee7 Update migration support 
Migration now uses the new meterpreter loader. Migration configuration
is loaded and created by meterpreter on the fly, and supports the
multiple transport stuff that's just been wired in.
 2015-04-28 17:41:43 +10:00
OJ fca4d852a1 Remove the passing on off listen socket values 2015-04-28 13:51:48 +10:00
OJ c41f4bd59f Fix up http/s a little 
Correctly check the URL against the non-widechar version. Get the SSL
verification stuff working again.
 2015-04-28 09:44:48 +10:00
OJ f3e547ca92 Remvoe the exitfunk from the loader 
Meterpreter handles the exitfunk internally as part of the config now
 2015-04-28 07:43:26 +10:00
HD Moore c3f18aa899 Complete the #4989 revert 2015-04-27 16:26:34 -05:00
HD Moore 36daee08c9 Reverts #4989, support for file: is handled in the options again 2015-04-27 16:07:43 -05:00
Brent Cook 7443af64a6
Land #5247, add RPC API call documentation 2015-04-27 11:13:02 -05:00
Brent Cook a0eb7d0ad3 minor RPC documentation tweaks 2015-04-27 11:11:08 -05:00
Matt Buck 6a4d63ca4f Drop explicit IPAddr to String coercion 
MSP-12611
 2015-04-27 10:48:13 -05:00
HD Moore 1fd601510c
Lands #5194, merges in PowerShell session support & initial payloads 2015-04-26 16:01:51 -05:00
HD Moore 1cebc9f3cb Fallback if the regex fails for some reason 2015-04-26 15:59:36 -05:00
Ben Turner 82fe480c2e Update session to display username and hostname 2015-04-26 21:47:49 +01:00
Ben Turner ea0204b7e5 updates to remove powershell from core 2015-04-26 21:25:30 +01:00
benpturner 76e68fcf4c session info 2015-04-26 20:13:18 +01:00
benpturner 1cc167a7fb Inserted ARCH_X86 payloads, removed interactive_powershell and updated base powershell session 2015-04-26 18:50:42 +01:00
OJ 0d2f97ed2d Add support for config in the x64 bind stager 2015-04-26 14:19:36 +10:00
OJ 6da8a14f62 Initial work on x64 payloads for new config 2015-04-26 13:41:31 +10:00
OJ 6ac3ecfa7c Refactor, add reverse_winhttps support 
Getting closer to a normalised view of what this stuff will look like.
There URL patching is slowly being removed. Reverse HTTPS works fine,
and by default HTTP should too.

Next up, x64 for the same main ones.
 2015-04-26 12:11:14 +10:00
HD Moore d1a836e39c Fix logins where SYSTEM doesnt have SYSDBA privileges 2015-04-25 19:05:11 -05:00
OJ 2455163d24 Refactor configuration for meterpreter payloads (x86) 
RDI is now back to what it was before, as this leaves all the other RDI
style payloads alone. Instead we have a new Meterpreter loader which
does the stuff that is required to make meterpreter work well with the
new configuration options.

This is just the case for reverse_tcp and bind_tcp so far, need to do
the other payloads too, along with all the x64 versions.
 2015-04-26 09:57:30 +10:00
OJ 3a24923361 Force bind to hand over the listen socket 2015-04-25 22:04:58 +10:00
OJ 4ec4868bcf Make bind hand over the listen socket as well 2015-04-25 21:37:32 +10:00
OJ bb77a3a0e6 First pass of refactoring to support new config block 
This is pretty basic stuff, but at least it's reusable.
 2015-04-25 21:36:28 +10:00
OJ 9f1e035c53 Changed required_space check in bind payloads 2015-04-25 21:30:54 +10:00
Brent Cook ff96101dba
Land #5218, fix #3816, remove print_debug / DEBUG 2015-04-24 13:41:07 -05:00
wchen-r7 46361c1a19 Final round of documentation 2015-04-24 11:58:12 -05:00
wchen-r7 6ccc4af4d8 Round 9 of documentation 2015-04-24 01:08:33 -05:00
benpturner 3665c84cab accomodate session type 2015-04-23 23:12:19 +01:00
benpturner 57914b6924 new session type 2015-04-23 23:12:02 +01:00
wchen-r7 d292cc999a Round 8 of documentation 2015-04-23 16:15:11 -05:00
wchen-r7 86a7e36a06 Round 7 of documentation 2015-04-23 15:37:56 -05:00
wchen-r7 3c50feb3d6 Round 6 of documentation 2015-04-23 12:34:39 -05:00
wchen-r7 cbac6d1a0b Round 5 of documentation 2015-04-23 11:54:58 -05:00
OJ 1b11322618 Remove STDERR debug statement 2015-04-23 19:36:17 +10:00
wchen-r7 f6bd747f57 Round 4 of documentation 2015-04-22 22:15:30 -05:00
wchen-r7 6bac759a18 Round 3 of documentation 2015-04-22 17:01:31 -05:00
wchen-r7 39f206b31a Round 2 of documentation 2015-04-22 12:10:28 -05:00
root 40107577a0 Case insensitive plugin unload 2015-04-22 11:04:46 +05:00
wchen-r7 4add4074e1 First round of RPC API documentation 
Resolve #5209
 2015-04-22 01:02:05 -05:00
jvazquez-r7 b6df023c99
Land #4989, @hmoore-r7's change to file: handling 
Datastore options with file: are handled at set time
 2015-04-21 23:21:22 -05:00
Brent Cook 3963289519
Land #4888, @h00die's brocade credential bruteforcer 2015-04-21 18:27:03 -05:00
Trevor Rosen 8f5d222e53
Land #5156 - module ranking properly handles nil 2015-04-21 14:40:01 -05:00
jvazquez-r7 4224008709
Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00