dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
12,463 Commits 10 Branches 885 Tags 1.3 GiB
Commit Graph

5017 Commits

Author SHA1 Message Date
Jon Hart 37d467ea79 Loot .netrc files, generic enum_user_directories 2012-01-29 14:03:57 -08:00
Carlos Perez 5acc0c62d2 Have the the load command also look at the ~/.msf4/plugins folder 2012-01-29 15:03:18 -04:00
sinn3r 41ca655d86 Merge pull request #135 from scriptjunkie/master 
Allow RPC clients to discover supported encoding formats.
 2012-01-28 18:43:05 -08:00
scriptjunkie 086b2e4bf7 Allow RPC clients to discover supported encoding formats. 2012-01-28 15:46:17 -05:00
HD Moore a2d20e25d3 Fix a regression in the workspace inclusion code (only affected 
non-DB-connected instances). Add a PCA UDP scanner
 2012-01-27 12:36:13 -06:00
sinn3r ac582cd0fc Change the error handling message for read_file_meterpreter(), because this one is easier to understand 2012-01-27 02:17:09 -06:00
sinn3r 3f4dbd9df6 Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework 2012-01-27 01:58:42 -06:00
Stephen Haywood efda420e5f Updates to enum_artifacts 2012-01-26 19:35:39 -05:00
Tod Beardsley 33c53b1f3f Updates vm checking 2012-01-26 13:02:39 -06:00
David Maloney 31f6c4dfff http_fingerprint now reports website isntead of just a service 
fixes #6277
 2012-01-26 11:05:06 -06:00
Maciej Kotowicz 87e7b10b2d `advance` linux x64 payloads 2012-01-26 01:09:35 +01:00
Maciej Kotowicz fe2caf2fe4 `advance` linux x64 payloads 2012-01-26 00:51:06 +01:00
Marcus J. Carey 9b320fa6f3 Update lib/msf/ui/banner.rb 2012-01-24 23:07:38 -06:00
Marcus J. Carey b135446cc6 Update lib/msf/ui/banner.rb 2012-01-24 23:06:24 -06:00
Marcus J. Carey 79ff641f4d adding new comic strip banner logo 2012-01-24 23:01:48 -06:00
Jon Hart 7ec5f98480 Adding jhart's natpimp libary and modules. 
Made some minor corrections -- dropped the #vim splats, switched to msf
constants for service open etc, namely.

[See #106]
 2012-01-24 10:32:30 -06:00
scriptjunkie ee2823d23b Compatibility - don't assign LongPtr to Long on x64 2012-01-23 22:17:28 -05:00
Tod Beardsley 26836cab47 Adds a default context for the TFTP Client lib. 
For use with nonstandard routing.
 2012-01-23 16:00:54 -06:00
Tod Beardsley 31dea3844e Reintroduces chao-mu's OptRegexp 
Revert "Revert "Merge pull request #101 from chao-mu/master""

[See #101]

This reverts commit c5ce575543.
 2012-01-23 14:21:19 -06:00
scriptjunkie c5590a6c40 Add x64 support to VBA in-mem shellcode execution. 2012-01-23 12:43:47 -05:00
scriptjunkie c6f66f6bb4 Add in-memory shellcode execution via VBA macro. 
Keep old embedded exe method as 'vba-exe'.
 2012-01-22 07:23:21 -05:00
scriptjunkie 9d7591467f Fix "failed to generate" error when passing a preferred encoder to "payload.generate" method using RPC from, for example, the GUI on Windows. 
framework.encoders[reqs['Encoder']] returns nil when, for example, reqs['Encoder'] is in UTF-8 encoding and the corresponding key of the framework.encoders hash in US-ASCII encoding.
 2012-01-20 21:06:53 -06:00
sinn3r 955b02e227 Allow 'port' option in module searching (idea originally from Brandon Perry's blog) 2012-01-18 11:19:37 -06:00
Tod Beardsley c5ce575543 Revert "Merge pull request #101 from chao-mu/master" 
Reverting the OptRegexp commit from chao-mu. Before committing to
master, this option type needs to be tested on the various mainstream
UI's (Metasploit Pro, msfgui, and Armitage) to see if they behave
as reasonably as msfconsole. Each UI tends to handle option setting,
passing, and display in their own special way.

This should make it back in by Wednesday, assuming all goes well.

[See #101]

This reverts commit 84db5a21fc, reversing
changes made to 24aaf85a1b.
 2012-01-17 15:33:47 -06:00
Tod Beardsley cfca791480 Version info toggle for git vs svn checkouts 
Version numbers are kind of meaningless in git development branches, but
are reportedly useful for SVN checkouts.

[See #6254]
 2012-01-17 14:35:33 -06:00
Brandon Perry d34a9f38a5 Adding bperry's various and sundry regex fixes 
[Closes #109]

Squashed commit of the following:

commit 692568d02f
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Mon Jan 16 12:34:35 2012 -0600

    small get_everything fix

commit 5b29a31060
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Mon Jan 16 12:31:31 2012 -0600

    regex fixes

commit a565ade7f4
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Sun Jan 15 16:39:29 2012 -0600

    registry.rb in lib/rex

commit 3609313ea3
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Sun Jan 15 16:32:06 2012 -0600

    boot key fixed

commit e591ed1815
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Sun Jan 15 15:53:21 2012 -0600

    fixes

commit 3598f3482e
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Sat Jan 14 13:47:29 2012 -0600

    stuff

commit 8a8d0dfda6
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Fri Jan 13 22:57:30 2012 -0600

    reg fixes

commit fcfb51bb64
Merge: 2c7cfde 24aaf85
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Fri Jan 13 21:54:45 2012 -0600

    Merge remote-tracking branch 'upstream/master'

commit 2c7cfdef41
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Tue Jan 10 19:16:37 2012 -0600

    typo
 2012-01-16 17:54:33 -06:00
Tod Beardsley 84db5a21fc Merge pull request #101 from chao-mu/master 
Created Regexp option type
 2012-01-14 07:25:50 -08:00
Tod Beardsley 24aaf85a1b Merge pull request #98 from brandonprry/master 
Offline registry reading library for rex (Rex::Registry)
 2012-01-13 16:54:43 -08:00
Tod Beardsley 4ac6c0c3ee A great big pile of fixes to the ssh scanners 
Not sure how this managed to fall out of master -- some of these fixes
are five days old, and should certianly have been merged in prior to
just now.
 2012-01-13 13:49:21 -06:00
chao-mu b6b49ad672 Merge remote branch 'upstream/master' 2012-01-12 19:40:24 -05:00
chao-mu a8a3d4d2c7 Updatted railgun_reverse_lookups test module to use the new regex options. Corrected spelling mistake in a variable name (my editor ate a p) 2012-01-12 19:39:05 -05:00
sinn3r 02bd1f3407 Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework 2012-01-12 17:06:14 -06:00
Stephen Haywood 8d19bca2a9 Added remote digest methods 2012-01-12 12:47:29 -05:00
Tod Beardsley 5f121fe181 Workaround postgresql.fingerprint dlog message 
Came up as a concern, this special-cases notes of
"postgresql.fingerprint". Not thrilled with this fix, though.
 2012-01-11 13:17:21 -06:00
Brandon Perry 0236a6994f registry stuff 2012-01-10 18:45:24 -06:00
David Maloney ed0dbad243 Fix to MSSQL Ping that returns ALL known isntances onstead of jsut the first one. 
Fixes #6066
 2012-01-10 12:32:47 -08:00
chao-mu b23b7b8a88 Adds support for a regular expression based Option (RegexpOpt). Also introduced a method to OptBase called display_value which returns the value to be displayed to the user. 2012-01-10 09:22:14 -05:00
James Lee 753ddb27c5 Make all the EXE options OptPath 2012-01-10 03:36:47 -07:00
James Lee 1eb4900102 Make EXE::Custom an OptPath so it can be tab'd 2012-01-10 03:25:13 -07:00
Tod Beardsley 9e78eff968 Merge pull request #96 from chao-mu/master 
Updates to Railgun

[Fixes #6128] among other things.
 2012-01-09 06:43:02 -08:00
Tod Beardsley badf62d8e0 Add back in ssh_key_matches?() 2012-01-08 22:45:00 -06:00
Tod Beardsley a1668f2b23 Adds SSHKey gem and some other ssh goodies 
Pubkeys are now stored as loot, and the Cred model has new and exciting
ways to discover which pubkeys match which privkeys.

Squashed commit of the following:

commit 036d2eb61500da7e161f50d348a44fbf615f6e17
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 22:23:32 2012 -0600

    Updates ssh credentials to easily find common keys

    Instead of making the modules do all the work of cross-checking keys,
    this introduces a few new methods to the Cred model to make this more
    universal.

    Also includes the long-overdue workspace() method for credentials.

    So far, nothing actually implements it, but it's nice that it's there
    now.

commit c28430a721fc6272e48329bed902dd5853b4a75a
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 20:10:40 2012 -0600

    Adding back cross-checking for privkeys.

    Needs to test to see if anything depends on order, but should
    be okay to mark up the privkey proof with this as well.

commit dd3563995d4d3c015173e730eebacf471c671b4f
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 16:49:56 2012 -0600

    Add SSHKey gem, convert PEM pubkeys to SSH pubkeys

commit 11fc363ebda7bda2c3ad6d940299bf4cbafac6fd
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 13:51:55 2012 -0600

    Store pubkeys as loot for reuse.

    Yanked cross checking for now, will drop back in before pushing.

commit aad12b31a897db2952999f7be0161df1f59b6000
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 02:10:12 2012 -0600

    Fixes up a couple typos in ssh_identify_pubkeys

commit 48937728a92b9ae52d0b93cdcd20bb83f15f8803
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sat Jan 7 17:18:33 2012 -0600

    Updates to ssh_identify_pubkeys and friends

    Switches reporting to cred-based rather than note-based, accurately deal
    with DSA keys, adds disable_agent option to other ssh modules, and
    reports successful ssh_login attempts pubkey fingerprints as well.

    This last thing Leads to some double accounting of creds, so I'm not
    super-thrilled, but it sure makes searching for ssh_pubkey types a lot
    easier.... maybe a better solution is to just have a special method for
    the cred model, though.
 2012-01-08 22:28:37 -06:00
chao-mu f7a9518944 In railgun mixin, "error_lookup" has been renamed "lookup_error" and now accepts a filtering regular expression. ::BUILTIN_DLLS instead of .builtin_dlls 2012-01-08 17:18:34 -05:00
chao-mu d0fb9424b2 Updated to use "reject!" instead of "select!" so older versions of ruby are happy 2012-01-08 11:16:17 -05:00
chao-mu 6591bd3a45 Completed test coverage for pointer_util.rb and fixed the bugs I found 2012-01-08 11:05:24 -05:00
chao-mu f9d123a8c8 Merge remote branch 'upstream/master' 2012-01-07 19:06:51 -05:00
James Lee c2406e0e65 Fix whitespace at EOL 2012-01-06 21:13:17 -07:00
James Lee c35c7f5fab Add tab completion for pushm 
[See #6165]
 2012-01-06 21:10:59 -07:00
James Lee 7ea5f87960 Allow proper ruby types for evasion configuration 
At some point in the distant past, the datastore was all strings and the
various option types got parsed out in the appropriate places. Then, in
the somewhat more recent past, the options started getting converted to
regular ruby types (such as TrueClass for a BOOL options, etc) earlier
in their life.  Apparently, that change broke boolean http evasions.
This commit fixes them by ensuring that +true+ is just as acceptable as
"true".

Fixes #6198, thanks Ashish for the report
 2012-01-06 20:05:29 -07:00
chao-mu c59e08ce7d Moved utility codde and expanded railgun test suite runner 2012-01-06 21:07:16 -05:00
chao-mu f41fc7a0ac Moved platform_util.rb and added the tests for the new utilities to railgun.rb.ts.rb 2012-01-06 20:56:41 -05:00
chao-mu bd52f228a0 Merge remote branch 'upstream/master' 2012-01-06 20:27:53 -05:00
HD Moore c2a71d63b4 Tweak the logic here 2012-01-06 00:53:50 -06:00
HD Moore 9c827abcb7 net-ssh hackery to disable agent support, disable private key support, 
and add a callback
 2012-01-05 14:10:31 -06:00
Jonathan Cran eec70706d0 make the esx driver dependent on meterpreter 2012-01-05 20:42:58 -06:00
Jonathan Cran bedc34ad44 Merge branch 'master' of r7.github.com:rapid7/metasploit-framework 2012-01-05 18:26:26 -06:00
Jonathan Cran c522514030 update the meterpreter modifier to reflect the new copy_ api 2012-01-05 18:26:05 -06:00
David Maloney 54bca49ef9 Slightly better fix to the digest request header issue 2012-01-05 12:25:32 -08:00
David Maloney e61b4ed65c Fixed issue with send_digest_request_cgi not keeping user supplied headers. 2012-01-05 12:02:21 -08:00
chao-mu 3772f56260 Am making use of platform_util.rb's platform symbols for standardization across railgun. Ideally only platform_util.rb will need to know what platform strings look like and how they are represented in the railgun world. Corrected railgun.rb mixin's pointer_size function. 2012-01-04 22:28:20 -05:00
chao-mu 6db2da1f76 module Rex 
module Post
module Meterpreter
module Extensions
module Stdapi
module Railgun
module Type
module PlatformUtil

	X86_64 = :x86_64
	X86_32 = :x86_32

	def self.parse_client_platform(meterp_client_platform)
		meterp_client_platform =~ /win64/ ? X86_64 : X86_32
	end

end # PlatformUtil
end # Type
end # Railgun
end # Stdapi
end # Extensions
end # Meterpreter
end # Post
end # Rex
 2012-01-04 22:11:09 -05:00
chao-mu d995c3893b Platform handling utilities. I want to protect railgun against changes to client.platform's general form 2012-01-04 21:56:34 -05:00
chao-mu d46379dda2 Merge remote branch 'upstream/master' 2012-01-04 19:32:06 -05:00
chao-mu 3d7d5d5f3d Utility for working with pointers. Test coverage is incomplete 2012-01-04 19:30:30 -05:00
Tod Beardsley 164c80d496 Adding a comment doc to the shadowcopy lib. 
Citing Tim Tomes and Mark Baggett
 2012-01-04 12:03:13 -06:00
chao-mu b9b5b1e66f Merge remote branch 'upstream/master' 2012-01-02 20:07:50 -05:00
David Maloney dd0b07b2cc Adds mixin and post modules to manipulate Volume shadowcopy Service(VSS) 2011-12-30 15:03:04 -08:00
Joshua Smith 29b6d0d1e3 Adds previous, pushm, popm to msfconsole 
Adds the ability to set and use a stack of modules, and to easily switch
between the last two modules used.

[Fixes #6165][Closes #84]
Squashed commit of the following:

commit e41e7f704888b1ce5ad5f23caeee1de13052e3d5
Author: Joshua Smith <kernelsmith@kernelsmith.com>
Date:   Mon Dec 26 15:52:08 2011 -0500

    pushm/popm working great, let me know if you find bugs

commit 23da8d56ea08ca196e649431e8188b4f29ba97b9
Author: Joshua Smith <kernelsmith@kernelsmith.com>
Date:   Mon Dec 26 14:37:18 2011 -0500

    Adds the 'previous' command to msfconsole which will load the previously active module as the currently active module, adds @previous_module as a class variable
 2011-12-30 15:30:55 -06:00
James Lee 0fa0ceccb5 Merge branch 'master' of github-r7:rapid7/metasploit-framework 2011-12-30 10:55:48 -07:00
James Lee ba017773b2 Cleanup whitespace at EOL 2011-12-30 10:55:01 -07:00
andurin 898df592be Fix2 rpc exception handling 
HD suggested a small tweak to use error_code OR res.code for the raise
 2011-12-30 07:05:26 +01:00
andurin 7b4de2380f Small fix: RPC client exception handling 
IMHO rpc client should transform the error code from Msf::RPC::Exception
into it's own Msf::RPC::ServerException and should not take the msgpack
response code.

In deep:
I ran into a '401 invalid auth token' after a token timeout (300s).
RPC Daemon raised a 401 - invalid auth token as expected but rpc client
transformed it to a '200 - invalid auth token' using the successful http
transaction to transport the exception.
 2011-12-30 05:44:26 +01:00
Tod Beardsley bc22b7de99 MSFConsole should display hostless loot, also typo fix. 
Fixes the console to display loot not associated with a host, as when
the CorpWatch modules save loot. Also fixes a typo on
corpwatch_lookup_id.rb

Fixes #6177
 2011-12-29 15:11:15 -06:00
Tod Beardsley 78da15ed15 Always check for the current workspace when calling Report#myworkspace(). 
Fixes #6175
 2011-12-29 13:48:05 -06:00
Tod Beardsley 4d8aea4ef8 Missed a session.options. 2011-12-29 08:59:16 -06:00
chao-mu ebe461cce7 Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2011-12-28 20:14:01 -05:00
chao-mu 0054fb5167 using select! instead of delete_if to avoid double negatives... 2011-12-28 20:05:54 -05:00
Tod Beardsley 84dfd46006 Merge pull request #83 from dirtyfilthy/rename_ssh_forward_options_var 
rename non existent local variable 'options' to correct session.options
 2011-12-28 13:52:28 -08:00
David Maloney 3bb2b5b7fd Fixed typo in validation routine 2011-12-28 09:40:36 -08:00
David Maloney 9e1e87508f Fix to boundary validation for when no db is present 
Fixes #6171
 2011-12-28 08:47:22 -08:00
chao-mu 5560c6b17e Moved and adapted code relating to looking up constant names by constant value 2011-12-28 00:40:08 -05:00
chao-mu ffcf5af9b0 Merge remote branch 'upstream/master' 2011-12-27 22:06:51 -05:00
David Maloney a2760b219d Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-27 11:34:36 -08:00
David Maloney 9b995bc0a5 Adds boundary validation to the framework 
enforces boudnary checking on netbios probes
 2011-12-27 11:33:52 -08:00
James Lee 80603e03cb grab the appropriate shell from mult-platform meterpreters and use /bin/sh instead of /bin/bash for linux to improve compatibility, fixes #5996 2011-12-26 14:41:24 -07:00
alhazred 39b365702f rename non existent local variable 'options' to correct session.options 2011-12-26 21:40:46 +13:00
chao-mu 1604162ba3 A place to add railgun convenience code for use in modules 2011-12-24 15:59:46 -05:00
Tod Beardsley 35e868f705 Merge pull request #67 from kernelsmith/railgun-add_const_reverse_lookup 
Add const_reverse_lookup and error_lookup to railgun (redmine 6128)
 2011-12-22 14:43:24 -08:00
Jonathan Cran e48031cf22 squashed lab upload commit 2011-12-22 14:56:45 -06:00
Tod Beardsley b6d56e8410 Fixes VBS executable creator util 
Fixes #6152, using booleans instead of ints.

Tip o' the hat to cloder for the MSDN ref:
http://msdn.microsoft.com/en-us/library/aa265018%28v=vs.60%29.aspx

Tested works on winxp and win7 targets via the persistence meterpreter
script.
 2011-12-22 13:13:34 -06:00
Tod Beardsley 743a0546f1 Don't blow up if the user doesn't set a filename 
Can't actually require FILENAME or REMOTE_FILENAME because I don't know
if you're going to upload or download. However, there shouldn't be a
stacktrace when you just try to go with neither.
 2011-12-21 16:26:29 -06:00
Tod Beardsley 1a396ba955 Merge pull request #70 from rapid7/tftp_client 
Tftp client
 2011-12-20 08:42:42 -08:00
Tod Beardsley 24d53efa7c Final touches on TFTP client 
See #5291. Adds an option to mess with the block size in case someone
wants to write a fuzzer or exploit that leverages that. Adds a cleanup
method to the module (pretty much required, it turns out). Looking
nearly final, just need to rename the module and I think we're good to
push to master.
 2011-12-20 10:03:04 -06:00
alhazred 3b44aa9e39 fix for ssh forwarding not handling the eof packet type 2011-12-20 19:42:54 +13:00
Tod Beardsley 677cb4b152 Handle empty data sends sanely for TFTP. 
Don't just hang forever -- let the user know they just send empty data.
TFTP servers don't like this of course.
 2011-12-19 21:56:03 -06:00
Tod Beardsley 2b3e3725ac TFTP adding comment docs, ability to send w/out a file. 
Commenting the tricksy parts a little better for general usage.

Adding the ability to set FILEDATA instead of FILENAME, in case
only short bits of data are desired and the user doesn't want
to go to the trouble of creating a source file to upload.
 2011-12-19 18:15:19 -06:00
Tod Beardsley 431ef826c9 TFTP client now uses constants, preserves trailing spaces/nulls in data 
See #5291, just rediscovered the bug on this.
 2011-12-19 16:33:25 -06:00
Tod Beardsley 5eaf2e7535 Adding download and loot functionality. 
Still need to deal with the use case of not passing a block; blocks
should not be required, it should be okay to invoke and just wait for
the complete attribute to be true. You'll miss out on error messages but
eh, maybe those should be return values.
 2011-12-19 15:50:50 -06:00
Tod Beardsley aecde6fea4 Updating TFTP client. Now with grown-up thread handling. 
No longer blocks on successful connections.
 2011-12-19 12:14:40 -06:00
Tod Beardsley 902d7f5ea7 Adding more to TFTP. Still need a read tho 
Adds error checking and some helpful messaging in the event of an error.
In the event of a failed transfer the module exits immediately, but in
success, I'm still hanging around for several seconds after. Not a deal
breaker but can be annoying.

Also, need to implement a read as well as a write and store it as loot,
to be actually useful for most TFTP checking.
 2011-12-18 21:05:27 -06:00
Joshua Smith 8bdf76a87b Adds const_reverse_lookup and error_lookup methods to the railgun instance, also adds test/modules/post/test/railgun_reverse_lookups.rb, tested, working great 2011-12-17 16:19:32 -05:00
chao-mu df0abd0273 Merge remote branch 'upstream/master' 2011-12-16 19:44:13 -05:00
Tod Beardsley 50fa10679b First draft of a TFTP client. 
Could use some actual error checking and also needs to expose
more options.
 2011-12-16 18:41:55 -06:00
chao ec1dd8154e When duplicating a DLL, duplicate everything underneath it to remain threadsafe. I wrote this patch months and months ago. The way I am deep copying produced much groaning in #metasploit when I put it in for code review. It was ultimately declared the lesser of two evils. If you have chat logs from months ago you may be able to find the discussion 2011-12-15 22:05:02 -05:00
Joshua Smith 5166bdcb01 initial, working resource file tab completion, completes from <install_dir>/scripts/resource, see redmine no. 4611 2011-12-15 17:27:52 -05:00
Jenkins f6ef4ce2d1 add submodule 2011-12-13 21:45:18 -06:00
Jonathan Cran 6165b7a1eb This commit adds a junit_success method, which can be called to 
generate a test case success xml. This is necessary for the parser to
recognize that tests were indeed run.
 2011-12-13 21:13:31 -06:00
HD Moore cb94b92e9c What in nine hells was this. 2011-12-13 16:04:25 -06:00
HD Moore f38a794b1c Convert ` to ' 2011-12-13 16:02:23 -06:00
HD Moore cfa128a2c8 Show the actual module name in the stack trace (instead of eval) 2011-12-13 09:47:37 -06:00
HD Moore 1d244c4b27 Return the URL in the correct format from the model 2011-12-11 13:50:21 -06:00
HD Moore 17cc89ebad Add IPv6 specific HTTP(S) handlers and payloads (simplifies 
options/usage)
 2011-12-11 13:26:48 -06:00
HD Moore 2c538fe9c0 Rework RangeWalker and some of the socket API to fix bugs and generally 
handle ranges the right way
 2011-12-10 20:10:10 -06:00
HD Moore dee053cd71 Try multiple scopes for link-local addresses, if necessary. Fix a small 
typo
 2011-12-10 15:24:10 -06:00
HD Moore 8e01312d0f Formatting 2011-12-10 13:27:47 -06:00
HD Moore e33ca5a7ba Small typo fix 2011-12-10 13:26:47 -06:00
HD Moore e46745b761 Add support for link-local scopes 2011-12-10 13:24:58 -06:00
HD Moore 9c887eb457 Fix displayed host name for IPv6 targets 2011-12-10 13:24:58 -06:00
HD Moore e3f121929c Accept IPv6 addresses in the return if getaddress 2011-12-10 13:24:58 -06:00
HD Moore 1cc68d1ed5 Accept IPv6 addresses in getaddress() responses 2011-12-10 13:24:58 -06:00
HD Moore 49ff9f594a Properly enclose IPv6 addresses with brackets inside of the Host header 2011-12-10 13:24:58 -06:00
Tod Beardsley f1950c2fe1 Adding back bitstruct (current upstream) and dns_fuzzer module 
Fixes #3289.

This commit adds back the bit-struct library because in the end,
it is useful for some modules, especially pello's. It's small
and it has a nice license, so why not. After all, it /is/
useful for quicky application headers. Eventually, should
be replaced by StructFu, but that requires some doc work
on my part to get that transition in place.

This also adds pello's DNS fuzzer module which makes use of
BitStruct to create sometimes malformed-on-purpose DNS headers.

Tested against 3 different DNS servers, caused one to reboot,
so I'd say it works.
 2011-12-06 17:03:36 -06:00
HD Moore 72f64583e2 Add IPv6 range support, permission tweak 2011-12-06 00:43:11 -06:00
David Maloney d939e33f1e Allows for Loot and Tasks to be imported from an MSF ZIP. 
This should bring any loots and tasks along with
everything else when doing an improt from an MSF ZIP file.
 2011-12-05 22:30:34 -05:00
HD Moore 18e9b99e72 Fix permission (octal not decimal) 2011-12-05 16:49:16 -06:00
HD Moore 4344a5f92a Fix up IPv6 resolution in DNS replies 2011-12-05 13:07:37 -06:00
HD Moore bcebdb1893 Improve IPv6 handling 2011-12-05 13:07:37 -06:00
HD Moore 4748bf70cd Use octal mode, duh 2011-12-05 13:07:36 -06:00
HD Moore 89caed444b Add a helper method for modules to indicate IPv6 compatibility 2011-12-05 13:07:36 -06:00
HD Moore 5362e0cd24 Accept IPv6 addresses into the database routines, start flushing out 
incompatibilities.
 2011-12-05 13:07:36 -06:00
HD Moore 4829968107 Purge the old RPC API 2011-12-05 13:07:25 -06:00
HD Moore f673b02308 Remove references to address6 2011-12-05 13:07:25 -06:00
HD Moore 27974c4c27 Merge branch 'master' of github.com:rapid7/metasploit-framework into fastlib 
Conflicts:
	modules/auxiliary/scanner/http/axis_login.rb
	modules/exploits/multi/http/axis2_deployer.rb
	modules/post/multi/gather/thunderbird_creds.rb
	modules/post/windows/gather/credentials/imvu.rb
	msfopcode
 2011-12-03 14:07:09 -06:00
Tod Beardsley 6b06df0d7d Merge pull request #38 from XeroHawk/alpha2_fix 
Ported over the Issue 3190 SVN changes for unicode_mixed, an old bug that was hiding out in Redmine.
 2011-12-02 12:51:47 -08:00
David Maloney 1db9177583 Revert "Merge pull request #22 from scriptjunkie/multithread" 
This reverts commit 4f76f3bbb8, reversing
changes made to e72dad4e81.
 2011-12-02 13:35:43 -05:00
HD Moore 424901b4b6 Change the encapsulation method to allow multiple methods without 
conflict
 2011-12-02 02:02:55 -06:00
HD Moore 4f76f3bbb8 Merge pull request #22 from scriptjunkie/multithread 
RPC multithreading
 2011-12-01 23:43:32 -08:00
HD Moore e72dad4e81 Rescue the load error so rex will work outside of Metasploit. Fixes 2011-12-02 00:28:31 -06:00
Xero Hawk 2ac8cbaf66 Ported over the Issue 3190 SVN changes 2011-11-30 14:37:10 -05:00
HD Moore 626389f5ba No longer track module archive paths, since the manager will load them from the main dir 2011-11-28 22:27:21 -06:00
HD Moore 591ef73f7d Merge in updated module_manager that loads all .fastlibs 2011-11-28 22:24:27 -06:00
Tod Beardsley ac33e55df5 Allow hyphens for fnames and ltypes for fileformat exploits 2011-11-28 19:16:30 -06:00
Tod Beardsley 7287295c2b Merge pull request #33 from jduck/master 
Rex::Proto::SMB structure definition was incorrect for SMB_COM_NT_TRANSACT
 2011-11-28 11:59:08 -08:00
Tod Beardsley 44a47f9913 Fixing up OWA bruteforce module to conform with the usual print_status 
messages.
 2011-11-28 13:31:54 -06:00
Joshua J. Drake e9c3e8ee50 Fix SMB_COM_NT_TRANSACT structure definition per specification. For more information see http://j.mp/t5zzku 2011-11-27 19:27:01 -06:00
David Maloney d8cd16eb65 Typo in report_auth_info 
that caused snmp creds to fail reporting.
fixes #6015
 2011-11-26 17:57:46 -08:00
HD Moore f714591b92 Purge the new version code, it triggers a stack and is a massive performance hit 2011-11-23 23:05:51 -06:00
Tod Beardsley 8ab41013d1 Updating the version information to check the SVN metadata first. 2011-11-23 23:05:51 -06:00
HD Moore 25c10d2e65 Bump fastlib to 0.0.6, no longer need to push metasploit.fastlib into the include path 2011-11-23 23:02:43 -06:00
HD Moore 2ddef115cb Bump to 0.0.6 2011-11-23 22:33:32 -06:00
HD Moore 61aa46dfda Bump fastlib to 0.0.5 2011-11-23 22:05:25 -06:00
HD Moore 4285651455 Purge the new version code, it triggers a stack and is a massive performance hit 2011-11-23 14:32:38 -06:00
Tod Beardsley 94edf3a8ec Updating the version information to check the SVN metadata first. 2011-11-22 18:33:44 -06:00
David Maloney c4db49cccc Fixes issues with telnet bruteforcing where prompts were not 
being recognized properly.
 2011-11-22 00:06:58 -06:00
David Maloney 7d626e3ad1 Fixes issues with telnet bruteforcing where prompts were not 
being recognized properly.
 2011-11-21 14:07:30 -08:00
HD Moore 7059e20315 Add support for .fastlib module archives to the module manager 2011-11-21 15:58:19 -06:00
HD Moore f82c7e9bb4 Fixup requires to use sane paths 2011-11-21 14:37:26 -06:00
HD Moore a6205b1951 Update fastlib to include the file existence check 2011-11-21 14:21:27 -06:00
HD Moore 8a4ee906c6 Add fastlib-0.0.3 to the metasploit tree 2011-11-21 14:12:01 -06:00
James Lee bf105f48cb massive removal of spaces at EOL and some bad tabs 2011-11-20 12:32:06 +11:00
James Lee 9261d8ec25 spaces at EOL in base 2011-11-20 12:11:40 +11:00
James Lee e7a545c483 spaces at EOL in core stuff 2011-11-20 12:10:08 +11:00
James Lee 79c2264263 more spaces at EOL and bad tabs 2011-11-20 12:05:14 +11:00
James Lee aeeed02eee more spaces at EOL 2011-11-20 12:01:19 +11:00
James Lee 441c5a22ab more spaces at EOL 2011-11-20 12:00:07 +11:00
James Lee 4ac21afcbc more spaces at EOL 2011-11-20 11:59:28 +11:00
James Lee 8f56dc1504 get rid of a bunch more spaces at EOL 2011-11-20 11:46:35 +11:00
James Lee 70b463b257 msftidy run 2011-11-20 11:39:27 +11:00
James Lee 60c3c44800 remove spaces at EOL 2011-11-20 11:30:15 +11:00
Tod Beardsley 55367fad4f Merge pull request #25 from rapid7/post_module_sudo 
Post module sudo
 2011-11-18 06:30:40 -08:00
Tod Beardsley d8b77564ef Tidying up, fixing csh echo behavior 2011-11-17 16:29:02 -06:00
Tod Beardsley 9878517f80 Cleanup and light refactoring, deal with slowpoke linux telnet cmd_exec() 2011-11-17 13:19:13 -06:00
scriptjunkie c4eb32d2ff Add an optional multithreading to stream server, and enable multithreading (one thread per client) to the RPC server. 2011-11-17 08:07:34 -08:00
Tod Beardsley 6715248047 Minor comment fixes 
Removing patch comment
 2011-11-17 08:42:30 -06:00
Dillon 67c07165c6 Update lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb 2011-11-17 08:26:57 -06:00
Dillon 66621632f0 added linux shell functionality to meterpreter's shell command. 2011-11-17 08:26:57 -06:00
Tod Beardsley 93a133d5de Always try both export and setenv. Fixups to allow for correct reading from echoy nix shells. Fixes is_root? to not treat an empty string as 0 2011-11-16 16:48:19 -06:00
HD Moore 825c9f776c Fixes #5980 by correcting the address match for IPv6. Clean up regex mapping in general 2011-11-16 14:35:23 -06:00
Wesley Cate b923d952b3 module.execute() now returns a 'uuid' element which can be cross-referenced with the 'exploit_uuid' element returned in each entry in session.list. 
this was hdm's preferred solution.
 2011-11-15 18:36:45 -05:00
David Maloney 6306f8888a Fix to the username normalisation routine to deal with creds that 
have no username (i.e. VNC)
 2011-11-15 08:52:18 -08:00
David Maloney c8142043e9 Fixes to credential handling to downcase usernames whenever they are not case sensitive. 
Also report_auth_info now checks to see if a non-case sensitive version of the cred
may already exist.
 2011-11-14 22:50:52 -08:00
andurin 97f62d955f Fixed very small typo 2011-11-14 11:19:16 +01:00
James Lee 16f0d6cbee Fix a misplaced comma in a comment 2011-11-14 16:06:45 +11:00
James Lee 8ac4479b13 Use railgun for deleting services. 
The registry method will make Windows to delete it on reboot, but this
causes it to happen right away.
 2011-11-13 21:05:40 -07:00
James Lee 91e7e39fd9 Add definition for DeleteService 2011-11-13 21:04:35 -07:00
HD Moore 7757a2df63 Make sure we wait at least half a second for a 401 reply 2011-11-13 12:54:48 -06:00
HD Moore 69fb9aa5b1 Make brute forcing of the XMLRPC/MSGPACKRPC services less rewarding through random delays. 2011-11-13 12:45:48 -06:00
James Lee 69cd56ed42 Merge branch 'master' of github-r7:rapid7/metasploit-framework 2011-11-12 15:15:38 -07:00
James Lee f7ff350ebb doesn't work without backslashes 2011-11-12 15:15:09 -07:00
James Lee 07e170f4e4 Add a server argument to the service management methods. Allows 
creating/starting/stopping services on another machine using the current
session's token for authentication.
 2011-11-12 14:40:15 -07:00
HD Moore f4e42420ad Small change to abstract the actual source read 2011-11-12 14:48:11 -06:00
David Maloney 4eb80b5ee4 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-11 17:20:47 -08:00
David Maloney e3f6756e18 Quick fix to import to prevent services from being imported without a port. 2011-11-11 17:19:26 -08:00
James Lee 03f51793c2 Store john.pot in the user's config directory instead of in an 
arch-specific dir under data/
 2011-11-11 11:09:42 -07:00
Tod Beardsley 40614a3cf4 Merge branch 'iss5454' 2011-11-11 11:26:05 -06:00
Tom Samstag 7b7413d85e Bash format for msfencode/msfvenom 
This patch adds a Bash output format for msfencode and msfvenom. This is especially useful for local exploitation with shellcode in an environment variable.
Example output:

$ echo 'this is a test' | ./msfvenom -f bash
[-] Using X86 architecture and Windows platform for stdin payload to change use -a and --platform
export buf=\
$'\x74\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74'\
$'\x0a'

It adds unit tests for the new format and also fixes a unit test that was broken (assert_equal 'AAAAAAAAA', Rex::Text.pattern_create(9,['A'])) due to a bug in the shortcut in pattern_create.
 2011-11-11 00:13:17 -08:00
David Maloney a4d67f26c5 Merge branch 'iss5426' 2011-11-10 19:00:52 -08:00
David Maloney e82c3ad486 Fixes #5426 2011-11-10 18:59:30 -08:00
HD Moore c30f328560 Purge code deprecated in the 4.1.0 release 2011-11-10 20:16:14 -06:00
HD Moore 30a86c9378 Merge patch to fix #5271 2011-11-10 20:01:50 -06:00