github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-09-11 17:08:02 +02:00
Code Releases Activity

Resolve merge conflict with Gemfile

Browse Source
This commit is contained in:
wchen-r7 2016-03-24 18:13:31 -05:00
commit 57984706b8
3182 changed files with 5548 additions and 5372 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
.github/ISSUE_TEMPLATE.md vendored Normal file
View File

@ -0,0 +1,41 @@
## Steps to reproduce
How'd you do it?
1. ...
2. ...
This section should also tell us any relevant information about the
environment; for example, if an exploit that used to work is failing,
tell us the victim operating system and service versions.
## Expected behavior
What should happen?
## Current behavior
What happens instead?
You might also want to check the last ~1k lines of
`/opt/metasploit/apps/pro/engine/config/logs/framework.log` or
`~/.msf4/logs/framework.log` for relevant stack traces
## System stuff
### Metasploit version
Get this with the `version` command in msfconsole (or `git log -1 --pretty=oneline` for a source install).
### I installed Metasploit with:
- [ ] Kali package via apt
- [ ] Omnibus installer (nightly)
- [ ] Commercial/Community installer (from http://www.rapid7.com/products/metasploit/download.jsp)
- [ ] Source install (please specify ruby version)
### OS
What OS are you running Metasploit on?

14
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View File

@ -0,0 +1,14 @@
Tell us what this change does. If you're fixing a bug, please mention
the github issue number.
## Verification
List the steps needed to make sure this thing works
- [ ] Start `msfconsole`
- [ ] `use exploit/windows/smb/ms08_067_netapi`
- [ ] ...
- [ ] **Verify** the thing does what it should
- [ ] **Verify** the thing does not do what it should not

1
.mailmap
View File

@ -114,6 +114,7 @@ m-1-k-3 <m-1-k-3@github> Michael Messner <devnull@s3cur1ty.de>
Meatballs1 <Meatballs1@github> <eat_meatballs@hotmail.co.uk>
Meatballs1 <Meatballs1@github> <Meatballs1@users.noreply.github.com>
mubix <mubix@github> Rob Fuller <jd.mubix@gmail.com>
net-ninja <net-ninja@github.com> Steven Seeley <steventhomasseeley@gmail.com>
nevdull77 <nevdull77@github> Patrik Karlsson <patrik@cqure.net>
nmonkee <nmonkee@github> nmonkee <dave@northern-monkee.co.uk>
nullbind <nullbind@github> nullbind <scott.sutherland@nullbind.com>

24
.travis.yml
View File

@ -1,11 +1,22 @@
sudo: false
group: stable
bundler_args: --without coverage development pcap
cache: bundler
addons:
postgresql: '9.3'
apt:
packages:
- libpcap-dev
- graphviz
language: ruby
rvm:
- '2.1.8'
env:
- RAKE_TASKS="cucumber cucumber:boot" CREATE_BINSTUBS=true
- RAKE_TASKS=spec SPEC_OPTS="--tag content"
- RAKE_TASKS=spec SPEC_OPTS="--tag ~content"
language: ruby
matrix:
fast_finish: true
before_install:
@ -23,9 +34,6 @@ before_script:
script:
# fail build if db/schema.rb update is not committed
- git diff --exit-code db/schema.rb && bundle exec rake $RAKE_TASKS
sudo: false
rvm:
- '2.1.8'
notifications:
irc: "irc.freenode.org#msfnotify"
@ -37,10 +45,4 @@ git:
branches:
except:
- gh-pages
- metakitty
addons:
postgresql: '9.3'
apt:
packages:
- libpcap-dev
- metakitty

1
Gemfile
View File

@ -20,6 +20,7 @@ group :development do
gem 'pry'
# module documentation
gem 'octokit', '~> 4.0'
# rails-upgrade staging gems
end
group :development, :test do

34
Gemfile.lock
View File

@ -1,7 +1,7 @@
PATH
remote: .
specs:
metasploit-framework (4.11.13)
metasploit-framework (4.11.18)
actionpack (>= 4.0.9, < 4.1.0)
activerecord (>= 4.0.9, < 4.1.0)
activesupport (>= 4.0.9, < 4.1.0)
@ -10,11 +10,11 @@ PATH
jsobfu (~> 0.4.1)
json
metasm (~> 1.0.2)
metasploit-concern (= 1.0.0)
metasploit-credential (= 1.0.1)
metasploit-model (= 1.0.0)
metasploit-payloads (= 1.1.1)
metasploit_data_models (= 1.2.11)
metasploit-concern
metasploit-credential (= 1.1.0)
metasploit-model (= 1.1.0)
metasploit-payloads (= 1.1.3)
metasploit_data_models (= 1.3.0)
msgpack
network_interface (~> 0.0.1)
nokogiri
@ -65,7 +65,7 @@ GEM
childprocess (>= 0.3.6)
cucumber (>= 1.1.1)
rspec-expectations (>= 2.7.0)
bcrypt (3.1.10)
bcrypt (3.1.11)
builder (3.1.4)
capybara (2.4.4)
mime-types (>= 1.16)
@ -111,29 +111,29 @@ GEM
mail (2.6.3)
mime-types (>= 1.16, < 3)
metasm (1.0.2)
metasploit-concern (1.0.0)
metasploit-concern (1.1.0)
activerecord (>= 4.0.9, < 4.1.0)
activesupport (>= 4.0.9, < 4.1.0)
railties (>= 4.0.9, < 4.1.0)
metasploit-credential (1.0.1)
metasploit-concern (~> 1.0)
metasploit-model (~> 1.0)
metasploit_data_models (~> 1.0)
metasploit-credential (1.1.0)
metasploit-concern (~> 1.1)
metasploit-model (~> 1.1)
metasploit_data_models (~> 1.3)
pg
railties
rubyntlm
rubyzip (~> 1.1)
metasploit-model (1.0.0)
metasploit-model (1.1.0)
activemodel (>= 4.0.9, < 4.1.0)
activesupport (>= 4.0.9, < 4.1.0)
railties (>= 4.0.9, < 4.1.0)
metasploit-payloads (1.1.1)
metasploit_data_models (1.2.11)
metasploit-payloads (1.1.3)
metasploit_data_models (1.3.0)
activerecord (>= 4.0.9, < 4.1.0)
activesupport (>= 4.0.9, < 4.1.0)
arel-helpers
metasploit-concern (~> 1.0)
metasploit-model (~> 1.0)
metasploit-concern (~> 1.1)
metasploit-model (~> 1.1)
pg
postgres_ext
railties (>= 4.0.9, < 4.1.0)

3
config/cucumber.yml
View File

@ -6,5 +6,6 @@ ignored_tags = "--tags ~@boot --tags ~@targets"
%>
default: <%= std_opts %> <%= ignored_tags %> features
boot: <%= std_opts %> --tags @boot features
exploit: <%= std_opts %> --tags @targets features
wip: --tags @wip:3 --wip features
rerun: <%= rerun_opts %> --format rerun --out rerun.txt --strict --tags ~@wip
rerun: <%= rerun_opts %> --format rerun --out rerun.txt --strict --tags ~@wip

BIN
data/exploits/R7_2015_17/stream.raw Normal file
View File

Binary file not shown.

190
features/modules/exploit/smb/ms08_067_netapi.feature
View File

@ -1,181 +1,27 @@
@wip
@targets @db
Feature: MS08-067 netapi
Background:
Given a directory named "home"
And I cd to "home"
And a mocked home directory
Given I run `msfconsole` interactively
And I wait for stdout to contain "Free Metasploit Pro trial: http://r-7.co/trymsp"
Scenario: The MS08-067 Module should have the following options
When I type "use exploit/windows/smb/ms08_067_netapi"
And I type "show options"
And I type "exit"
Then the output should contain:
Scenario: The MS08-067 should get a session with bind_tcp
Given I ready the windows targets
Given a file named "ms08-067-bind.rc" with:
"""
Module options (exploit/windows/smb/ms08_067_netapi):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
Exploit target:
Id Name
-- ----
0 Automatic Targeting
<ruby>
hosts = YAML.load File.open Rails.root.join('features', 'support', 'targets.yml')
self.run_single('use exploit/windows/smb/ms08_067_netapi')
self.run_single('set payload windows/meterpreter/bind_tcp')
hosts.each do |host|
self.run_single("set RHOST #{host['ipAddress']}")
self.run_single('run -j')
sleep 1
end
self.run_single('sessions -K')
</ruby>
"""
Scenario: The MS08-067 Module should have the following advanced options
When I type "use exploit/windows/smb/ms08_067_netapi"
And I type "show advanced"
And I type "exit"
Then the output should contain:
"""
Module advanced options:
Name : CHOST
Current Setting:
Description : The local client address
Name : CPORT
Current Setting:
Description : The local client port
Name : ConnectTimeout
Current Setting: 10
Description : Maximum number of seconds to establish a TCP connection
Name : ContextInformationFile
Current Setting:
Description : The information file that contains context information
Name : DCERPC::ReadTimeout
Current Setting: 10
Description : The number of seconds to wait for DCERPC responses
Name : DisablePayloadHandler
Current Setting: false
Description : Disable the handler code for the selected payload
Name : EnableContextEncoding
Current Setting: false
Description : Use transient context when encoding payloads
Name : NTLM::SendLM
Current Setting: true
Description : Always send the LANMAN response (except when NTLMv2_session is
specified)
Name : NTLM::SendNTLM
Current Setting: true
Description : Activate the 'Negotiate NTLM key' flag, indicating the use of
NTLM responses
Name : NTLM::SendSPN
Current Setting: true
Description : Send an avp of type SPN in the ntlmv2 client Blob, this allow
authentification on windows Seven/2008r2 when SPN is required
Name : NTLM::UseLMKey
Current Setting: false
Description : Activate the 'Negotiate Lan Manager Key' flag, using the LM key
when the LM response is sent
Name : NTLM::UseNTLM2_session
Current Setting: true
Description : Activate the 'Negotiate NTLM2 key' flag, forcing the use of a
NTLMv2_session
Name : NTLM::UseNTLMv2
Current Setting: true
Description : Use NTLMv2 instead of NTLM2_session when 'Negotiate NTLM2' key
is true
Name : Proxies
Current Setting:
Description : A proxy chain of format type:host:port[,type:host:port][...]
Name : SMB::ChunkSize
Current Setting: 500
Description : The chunk size for SMB segments, bigger values will increase
speed but break NT 4.0 and SMB signing
Name : SMB::Native_LM
Current Setting: Windows 2000 5.0
Description : The Native LM to send during authentication
Name : SMB::Native_OS
Current Setting: Windows 2000 2195
Description : The Native OS to send during authentication
Name : SMB::VerifySignature
Current Setting: false
Description : Enforces client-side verification of server response signatures
Name : SMBDirect
Current Setting: true
Description : The target port is a raw SMB service (not NetBIOS)
Name : SMBDomain
Current Setting: .
Description : The Windows domain to use for authentication
Name : SMBName
Current Setting: *SMBSERVER
Description : The NetBIOS hostname (required for port 139 connections)
Name : SMBPass
Current Setting:
Description : The password for the specified username
Name : SMBUser
Current Setting:
Description : The username to authenticate as
Name : SSL
Current Setting: false
Description : Negotiate SSL for outgoing connections
Name : SSLCipher
Current Setting:
Description : String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH"
Name : SSLVerifyMode
Current Setting: PEER
Description : SSL verification method (Accepted: CLIENT_ONCE,
FAIL_IF_NO_PEER_CERT, NONE, PEER)
Name : SSLVersion
Current Setting: SSL3
Description : Specify the version of SSL that should be used (Accepted: SSL2,
SSL3, TLS1)
Name : VERBOSE
Current Setting: false
Description : Enable detailed status messages
Name : WORKSPACE
Current Setting:
Description : Specify the workspace for this module
Name : WfsDelay
Current Setting: 0
Description : Additional delay when waiting for a session
"""
@targets
Scenario: Show RHOST/etc variable expansion from a config file
When I type "use exploit/windows/smb/ms08_067_netapi"
When RHOST is WINDOWS
And I type "set PAYLOAD windows/meterpreter/bind_tcp"
And I type "show options"
And I type "run"
And I type "exit"
And I type "exit"
Then the output should match /spider-wxp/
When I run `msfconsole --environment test -q -r ms08-067-bind.rc -x exit`
Then the 'Mdm::Host' table contains the expected targets

10
features/step_definitions/targets.rb
View File

@ -1,10 +0,0 @@
When /^targets are loaded$/ do
config_file = File.expand_path('features/support/targets.yml')
fail "Target config file #{config_file} does not exist" unless File.exists?(config_file)
@target_config = YAML.load_file(config_file)
end
When /^(RHOSTS?) (?:are|is) (\S+)$/ do |type, target_type|
fail "No target type #{target_type}" unless @target_config.key?(target_type)
step "I type \"set #{type} #{@target_config[target_type]}\""
end

5
features/support/hooks.rb
View File

@ -26,4 +26,9 @@ unless Bundler.settings.without.include?(:coverage)
# set environment variable so child processes will merge their coverage data with parent process's coverage data.
set_env('RUBYOPT', "#{ENV['RUBYOPT']} -r#{simplecov_setup_pathname}")
end
Before('@db') do |scenario|
dbconfig = YAML::load(File.open(Metasploit::Framework::Database.configurations_pathname))
ActiveRecord::Base.establish_connection(dbconfig["test"])
end
end

9
features/support/targets.yml.example
View File

@ -1,2 +1,7 @@
WINDOWS: spider-wxp.vuln.lax.rapid7.com
LINUX: spider-ubuntu.vuln.lax.rapid7.com
windows:
-
hostname: wxpsp0
ip: 127.0.0.100
-
hostname: wxpsp2
ip: 127.0.0.101

2
lib/metasploit/framework/common_engine.rb
View File

@ -36,7 +36,7 @@ module Metasploit::Framework::CommonEngine
config.paths.add 'data/meterpreter', glob: '**/ext_*'
config.paths.add 'modules'
config.active_support.deprecation = :notify
config.active_support.deprecation = :stderr
#
# `initializer`s

2
lib/metasploit/framework/version.rb
View File

@ -30,7 +30,7 @@ module Metasploit
end
end
VERSION = "4.11.13"
VERSION = "4.11.18"
MAJOR, MINOR, PATCH = VERSION.split('.').map { |x| x.to_i }
PRERELEASE = 'dev'
HASH = get_hash

2
lib/msf/base/sessions/command_shell.rb
View File

@ -216,7 +216,7 @@ class CommandShell
end
end
if (datastore['InitialAutoRunScript'] && datastore['InitialAutoRunScript'].empty? == false)
if datastore['InitialAutoRunScript'] && !datastore['InitialAutoRunScript'].empty?
args = Shellwords.shellwords( datastore['InitialAutoRunScript'] )
print_status("Session ID #{sid} (#{tunnel_to_s}) processing InitialAutoRunScript '#{datastore['InitialAutoRunScript']}'")
execute_script(args.shift, *args)

8
lib/msf/base/sessions/meterpreter_options.rb
View File

@ -37,13 +37,13 @@ module MeterpreterOptions
framework.sessions.schedule Proc.new {
# Configure unicode encoding before loading stdapi
session.encode_unicode = ( datastore['EnableUnicodeEncoding'] ? true : false )
session.encode_unicode = datastore['EnableUnicodeEncoding']
session.init_ui(self.user_input, self.user_output)
valid = true
if datastore['AutoVerifySession'] == true
if datastore['AutoVerifySession']
if not session.is_valid_session?(datastore['AutoVerifySessionTimeout'].to_i)
print_error("Meterpreter session #{session.sid} is not valid and will be closed")
valid = false
@ -52,7 +52,7 @@ module MeterpreterOptions
if valid
if datastore['AutoLoadStdapi'] == true
if datastore['AutoLoadStdapi']
session.load_stdapi
@ -72,7 +72,7 @@ module MeterpreterOptions
end
[ 'InitialAutoRunScript', 'AutoRunScript' ].each do |key|
if (datastore[key].empty? == false)
if !datastore[key].empty?
args = Shellwords.shellwords( datastore[key] )
print_status("Session ID #{session.sid} (#{session.tunnel_to_s}) processing #{key} '#{datastore[key]}'")
session.execute_script(args.shift, *args)

2
lib/msf/base/sessions/vncinject_options.rb
View File

@ -84,7 +84,7 @@ module VncInjectOptions
print_status("Local TCP relay started.")
# If the AUTOVNC flag is set, launch VNC viewer.
if (datastore['AUTOVNC'] == true)
if datastore['AUTOVNC']
if (session.autovnc(datastore['ViewOnly']))
print_status("Launched vncviewer.")
else

2
lib/msf/base/simple/framework/module_paths.rb
View File

@ -21,7 +21,7 @@ module Msf
allowed_module_paths << Msf::Config.user_module_directory
end
Rails.application.railties.engines.each do |engine|
::Rails::Engine.subclasses.map(&:instance).each do |engine|
extract_engine_module_paths(engine).each do |path|
allowed_module_paths << path
end

2
lib/msf/core/auxiliary/crawler.rb
View File

@ -44,7 +44,7 @@ module Auxiliary::HttpCrawler
OptString.new('BasicAuthPass', [false, 'The HTTP password to specify for basic authentication']),
OptString.new('HTTPAdditionalHeaders', [false, "A list of additional headers to send (separated by \\x01)"]),
OptString.new('HTTPCookie', [false, "A HTTP cookie header to send with each request"]),
OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'Auto', ['Auto', 'SSL2', 'SSL23', 'SSL3', 'TLS1']]),
Opt::SSLVersion
], self.class
)

28
lib/msf/core/data_store.rb
View File

@ -13,6 +13,7 @@ class DataStore < Hash
# Initializes the data store's internal state.
#
def initialize()
@options = Hash.new
@imported = Hash.new
@imported_by = Hash.new
end
@ -26,6 +27,14 @@ class DataStore < Hash
@imported[k] = false
@imported_by[k] = nil
opt = @options[k]
unless opt.nil?
unless opt.valid?(v)
raise OptionValidateError.new(["Value '#{v}' is not valid for option '#{k}'#{['', ', try harder'].sample}"])
end
v = opt.normalize(v)
end
super(k,v)
end
@ -65,17 +74,11 @@ class DataStore < Hash
# all of the supplied options
#
def import_options(options, imported_by = nil, overwrite = false)
options.each_option { |name, opt|
# If there's already a value defined for this option, then skip it
# and don't import it.
next if self.has_key?(name) and overwrite == false
# If the option has a default value, import it, but only if the
# datastore doesn't already have a value set for it.
if ((opt.default != nil) and (overwrite or self[name] == nil))
import_option(name, opt.default.to_s, true, imported_by)
options.each_option do |name, opt|
if self[name].nil? || overwrite
import_option(name, opt.default, true, imported_by, opt)
end
}
end
end
#
@ -124,13 +127,14 @@ class DataStore < Hash
#
def import_options_from_hash(option_hash, imported = true, imported_by = nil)
option_hash.each_pair { |key, val|
import_option(key, val.to_s, imported, imported_by)
import_option(key, val, imported, imported_by)
}
end
def import_option(key, val, imported=true, imported_by=nil)
def import_option(key, val, imported=true, imported_by=nil, option=nil)
self.store(key, val)
@options[key] = option
@imported[key] = imported
@imported_by[key] = imported_by
end

10
lib/msf/core/db_manager.rb
View File

@ -163,14 +163,4 @@ class Msf::DBManager
true
end
# Mainly, it's Ruby 1.9.1 that cause a lot of problems now, along with Ruby 1.8.6.
# Ruby 1.8.7 actually seems okay, but why tempt fate? Let's say 1.9.3 and beyond.
def warn_about_rubies
if ::RUBY_VERSION =~ /^1\.9\.[012]($|[^\d])/
$stderr.puts "**************************************************************************************"
$stderr.puts "Metasploit requires at least Ruby 1.9.3. For an easy upgrade path, see https://rvm.io/"
$stderr.puts "**************************************************************************************"
end
end
end

2
lib/msf/core/db_manager/migration.rb
View File

@ -10,7 +10,7 @@ module Msf::DBManager::Migration
"the .bundle/config manually and then `bundle install`"
end
Rails.application.railties.engines.each do |engine|
::Rails::Engine.subclasses.map(&:instance).each.each do |engine|
migrations_paths = engine.paths['db/migrate'].existent_directories
migrations_paths.each do |migrations_path|

24
lib/msf/core/db_manager/module_cache.rb
View File

@ -201,7 +201,7 @@ module Msf::DBManager::ModuleCache
end
end
query = Mdm::Module::Detail.scoped
query = Mdm::Module::Detail.all
ActiveRecord::Base.connection_pool.with_connection do
# Although AREL supports taking the union or two queries, the ActiveRecord where syntax only supports
@ -214,7 +214,7 @@ module Msf::DBManager::ModuleCache
when 'author'
formatted_values = match_values(value_set)
query = query.includes(:authors)
query = query.includes(:authors).references(:authors)
module_authors = Mdm::Module::Author.arel_table
union_conditions << module_authors[:email].matches_any(formatted_values)
union_conditions << module_authors[:name].matches_any(formatted_values)
@ -227,10 +227,10 @@ module Msf::DBManager::ModuleCache
when 'os', 'platform'
formatted_values = match_values(value_set)
query = query.includes(:platforms)
query = query.includes(:platforms).references(:platforms)
union_conditions << Mdm::Module::Platform.arel_table[:name].matches_any(formatted_values)
query = query.includes(:targets)
query = query.includes(:targets).references(:targets)
union_conditions << Mdm::Module::Target.arel_table[:name].matches_any(formatted_values)
when 'text'
formatted_values = match_values(value_set)
@ -240,22 +240,22 @@ module Msf::DBManager::ModuleCache
union_conditions << module_details[:fullname].matches_any(formatted_values)
union_conditions << module_details[:name].matches_any(formatted_values)
query = query.includes(:actions)
query = query.includes(:actions).references(:actions)
union_conditions << Mdm::Module::Action.arel_table[:name].matches_any(formatted_values)
query = query.includes(:archs)
query = query.includes(:archs).references(:archs)
union_conditions << Mdm::Module::Arch.arel_table[:name].matches_any(formatted_values)
query = query.includes(:authors)
query = query.includes(:authors).references(:authors)
union_conditions << Mdm::Module::Author.arel_table[:name].matches_any(formatted_values)
query = query.includes(:platforms)
query = query.includes(:platforms).references(:platforms)
union_conditions << Mdm::Module::Platform.arel_table[:name].matches_any(formatted_values)
query = query.includes(:refs)
query = query.includes(:refs).references(:refs)
union_conditions << Mdm::Module::Ref.arel_table[:name].matches_any(formatted_values)
query = query.includes(:targets)
query = query.includes(:targets).references(:targets)
union_conditions << Mdm::Module::Target.arel_table[:name].matches_any(formatted_values)
when 'type'
formatted_values = match_values(value_set)
@ -275,7 +275,7 @@ module Msf::DBManager::ModuleCache
when 'ref'
formatted_values = match_values(value_set)
query = query.includes(:refs)
query = query.includes(:refs).references(:refs)
union_conditions << Mdm::Module::Ref.arel_table[:name].matches_any(formatted_values)
when 'cve', 'bid', 'osvdb', 'edb'
formatted_values = value_set.collect { |value|
@ -284,7 +284,7 @@ module Msf::DBManager::ModuleCache
"#{prefix}-%#{value}%"
}
query = query.includes(:refs)
query = query.includes(:refs).references(:refs)
union_conditions << Mdm::Module::Ref.arel_table[:name].matches_any(formatted_values)
end
end

2
lib/msf/core/db_manager/workspace.rb
View File

@ -30,7 +30,7 @@ module Msf::DBManager::Workspace
def workspaces
::ActiveRecord::Base.connection_pool.with_connection {
::Mdm::Workspace.order('updated_at asc').all
::Mdm::Workspace.order('updated_at asc').load
}
end
end

2
lib/msf/core/encoder.rb
View File

@ -537,7 +537,7 @@ protected
#
def find_context_key(buf, badchars, state)
# Make sure our context information file is sane
if File.exists?(datastore['ContextInformationFile']) == false
if !File.exists?(datastore['ContextInformationFile'])
raise NoKeyError, "A context information file must specified when using context encoding", caller
end

2
lib/msf/core/exploit.rb
View File

@ -1506,7 +1506,7 @@ protected
# required when wanting to support context keyed encoding
#
def define_context_encoding_reqs(reqs)
return if datastore['EnableContextEncoding'] != true
return unless datastore['EnableContextEncoding']
# At present, we don't support any automatic methods of obtaining
# context information. In the future, we might support obtaining

3
lib/msf/core/exploit/ftpserver.rb
View File

@ -56,7 +56,7 @@ module Exploit::Remote::FtpServer
# exists for the given command, returns a generic default response.
#
# @example Handle SYST requests
# class Metasploit4 < Msf::Exploit
# class MetasploitModule < Msf::Exploit
# include Msf::Exploit::Remote::FtpServer
# ...
# def on_client_command_syst(cmd_conn, arg)
@ -237,4 +237,3 @@ module Exploit::Remote::FtpServer
end
end

4
lib/msf/core/exploit/http/client.rb
View File

@ -50,7 +50,7 @@ module Exploit::Remote::HttpClient
OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication', '']),
OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', '']),
OptBool.new('DigestAuthIIS', [false, 'Conform to IIS, should work for most servers. Only set to false for non-IIS servers', true]),
OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'Auto', ['Auto', 'SSL2', 'SSL3', 'TLS1']]),
Opt::SSLVersion,
OptBool.new('FingerprintCheck', [ false, 'Conduct a pre-exploit fingerprint verification', true]),
OptString.new('DOMAIN', [ true, 'The domain to use for windows authentification', 'WORKSTATION']),
OptInt.new('HttpClientTimeout', [false, 'HTTP connection and receive timeout'])
@ -85,7 +85,7 @@ module Exploit::Remote::HttpClient
#
# Remaining evasions to implement
#
# OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP request via "Transfer-Encoding: chunked"', 'false']),
# OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP request via "Transfer-Encoding: chunked"', false]),
# OptInt.new('HTTP::junk_pipeline', [true, 'Insert the specified number of junk pipeline requests', 0]),
], self.class
)

14
lib/msf/core/exploit/http/server.rb
View File

@ -32,9 +32,9 @@ module Exploit::Remote::HttpServer
register_evasion_options(
[
OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP responses via "Transfer-Encoding: chunked"', 'false']),
OptBool.new('HTTP::header_folding', [false, 'Enable folding of HTTP headers', 'false']),
OptBool.new('HTTP::junk_headers', [false, 'Enable insertion of random junk HTTP headers', 'false']),
OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP responses via "Transfer-Encoding: chunked"', false]),
OptBool.new('HTTP::header_folding', [false, 'Enable folding of HTTP headers', false]),
OptBool.new('HTTP::junk_headers', [false, 'Enable insertion of random junk HTTP headers', false]),
OptEnum.new('HTTP::compression', [false, 'Enable compression of HTTP responses via content encoding', 'none', ['none','gzip','deflate']]),
OptString.new('HTTP::server_name', [true, 'Configures the Server header of all outgoing replies', 'Apache'])
], Exploit::Remote::HttpServer
@ -86,7 +86,7 @@ module Exploit::Remote::HttpServer
# set.
#
def use_zlib
if (!Rex::Text.zlib_present? and datastore['HTTP::compression'] == true)
if !Rex::Text.zlib_present? && datastore['HTTP::compression']
raise RuntimeError, "zlib support was not detected, yet the HTTP::compression option was set. Don't do that!"
end
end
@ -530,16 +530,16 @@ module Exploit::Remote::HttpServer
response.compress = datastore['HTTP::compression']
end
if (datastore['HTTP::chunked'] == true)
if datastore['HTTP::chunked']
response.auto_cl = false
response.transfer_chunked = true
end
if (datastore['HTTP::header_folding'] == true)
if datastore['HTTP::header_folding']
response.headers.fold = 1
end
if (datastore['HTTP::junk_headers'] == true)
if datastore['HTTP::junk_headers']
response.headers.junk_headers = 1
end

2
lib/msf/core/exploit/postgres.rb
View File

@ -292,6 +292,8 @@ module Exploit::Remote::Postgres
when "Fauth.c:L302:Rauth_failed" ; return {:preauth => "9.1.6"} # Bad password, good database
when "Fpostinit.c:L718:RInitPostgres" ; return {:preauth => "9.1.6"} # Good creds, non-existent but allowed database
when "Fauth.c:L483:RClientAuthentication" ; return {:preauth => "9.1.6"} # Bad user
when "Fauth.c:L285:Rauth_failed" ; return {:preauth => "9.4.1-5"} # Bad creds, good database
when "Fauth.c:L481:RClientAuthentication" ; return {:preauth => "9.4.1-5"} # bad user or host
# Windows

2
lib/msf/core/exploit/remote/browser_exploit_server.rb
View File

@ -588,7 +588,7 @@ module Msf
if profile.nil?
print_status("Browsing directly to the exploit URL is forbidden.")
send_not_found(cli)
elsif profile[:tried] and datastore['Retries'] == false
elsif profile[:tried] && !datastore['Retries']
print_status("Target with tag \"#{tag}\" wants to retry the module, not allowed.")
send_not_found(cli)
else

2
lib/msf/core/exploit/smb/client.rb
View File

@ -64,7 +64,7 @@ module Msf
register_options(
[
Opt::RHOST,
OptInt.new('RPORT', [ true, 'Set the SMB service port', 445])
OptPort.new('RPORT', [ true, 'The SMB service port', 445])
], Msf::Exploit::Remote::SMB::Client)
register_autofilter_ports([ 139, 445])

4
lib/msf/core/exploit/smb/server/share.rb
View File

@ -17,7 +17,7 @@ module Msf
# @example Use it from an Auxiliary module
# require 'msf/core'
#
# class Metasploit3 < Msf::Auxiliary
# class MetasploitModule < Msf::Auxiliary
#
# include Msf::Exploit::Remote::SMB::Server::Share
#
@ -59,7 +59,7 @@ module Msf
# @example Use it from an Exploit module
# require 'msf/core'
#
# class Metasploit3 < Msf::Exploit::Remote
# class MetasploitModule < Msf::Exploit::Remote
# Rank = ExcellentRanking
#
# include Msf::Exploit::EXE

4
lib/msf/core/exploit/sunrpc.rb
View File

@ -31,7 +31,7 @@ module Exploit::Remote::SunRPC
register_evasion_options(
[
OptBool.new('ONCRPC::tcp_request_fragmentation', [false, 'Enable fragmentation of TCP ONC/RPC requests', 'false']),
OptBool.new('ONCRPC::tcp_request_fragmentation', [false, 'Enable fragmentation of TCP ONC/RPC requests', false]),
], Msf::Exploit::Remote::SunRPC
)
@ -65,7 +65,7 @@ module Exploit::Remote::SunRPC
}
)
if datastore['ONCRPC::tcp_request_fragmentation'] == true
if datastore['ONCRPC::tcp_request_fragmentation']
self.rpcobj.should_fragment = 1
end

2
lib/msf/core/exploit/tcp.rb
View File

@ -64,7 +64,7 @@ module Exploit::Remote::Tcp
register_advanced_options(
[
OptBool.new('SSL', [ false, 'Negotiate SSL/TLS for outgoing connections', false]),
OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL/TLS to be used (TLS and SSL23 are auto-negotiate)', 'TLS1', ['SSL2', 'SSL3', 'SSL23', 'TLS', 'TLS1', 'TLS1.1', 'TLS1.2']]),
Opt::SSLVersion,
OptEnum.new('SSLVerifyMode', [ false, 'SSL verification method', 'PEER', %W{CLIENT_ONCE FAIL_IF_NO_PEER_CERT NONE PEER}]),
OptString.new('SSLCipher', [ false, 'String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH"']),
Opt::Proxies,

1
lib/msf/core/exploit/tcp_server.rb
View File

@ -19,7 +19,6 @@ module Exploit::Remote::TcpServer
[
OptBool.new('SSL', [ false, 'Negotiate SSL for incoming connections', false]),
# SSLVersion is currently unsupported for TCP servers (only supported by clients at the moment)
# OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'TLS1', ['SSL2', 'SSL3', 'TLS1']]),
OptPath.new('SSLCert', [ false, 'Path to a custom SSL certificate (default is randomly generated)']),
OptAddress.new('SRVHOST', [ true, "The local host to listen on. This must be an address on the local machine or 0.0.0.0", '0.0.0.0' ]),
OptPort.new('SRVPORT', [ true, "The local port to listen on.", 8080 ]),

8
lib/msf/core/framework.rb
View File

@ -38,14 +38,6 @@ class Framework
Revision = "$Revision$"
# Repository information
RepoRevision = ::Msf::Util::SVN.revision
RepoUpdated = ::Msf::Util::SVN.updated
RepoUpdatedDays = ::Msf::Util::SVN.days_since_update
RepoUpdatedDaysNote = ::Msf::Util::SVN.last_updated_friendly
RepoUpdatedDate = ::Msf::Util::SVN.last_updated_date
RepoRoot = ::Msf::Util::SVN.root
# EICAR canary
EICARCorrupted = ::Msf::Util::EXE.is_eicar_corrupted?

5
lib/msf/core/module.rb
View File

@ -266,11 +266,10 @@ class Module
end
#
# Returns true if this module is being debugged. The debug flag is set
# by setting datastore['DEBUG'] to 1|true|yes
# Returns true if this module is being debugged.
#
def debugging?
(datastore['DEBUG'] || '') =~ /^(1|t|y)/i
datastore['DEBUG']
end
#

10
lib/msf/core/module/deprecated.rb
View File

@ -60,15 +60,15 @@ module Msf::Module::Deprecated
#
# @return [void]
def print_deprecation_warning
print_warning("*"*72)
print_warning("*%red"+"The module #{refname} is deprecated!".center(70)+"%clr*")
print_warning("*"*90)
print_warning("*%red"+"The module #{refname} is deprecated!".center(88)+"%clr*")
if deprecation_date
print_warning("*"+"It will be removed on or about #{deprecation_date}".center(70)+"*")
print_warning("*"+"It will be removed on or about #{deprecation_date}".center(88)+"*")
end
if replacement_module
print_warning("*"+"Use #{replacement_module} instead".center(70)+"*")
print_warning("*"+"Use #{replacement_module} instead".center(88)+"*")
end
print_warning("*"*72)
print_warning("*"*90)
end
def init_ui(input = nil, output = nil)

5
lib/msf/core/module/ui/message.rb
View File

@ -14,9 +14,8 @@ module Msf::Module::UI::Message
def print_prefix
prefix = ''
if (datastore['TimestampOutput'] =~ /^(t|y|1)/i) || (
framework && framework.datastore['TimestampOutput'] =~ /^(t|y|1)/i
)
if datastore['TimestampOutput'] ||
(framework && framework.datastore['TimestampOutput'])
prefix << "[#{Time.now.strftime("%Y.%m.%d-%H:%M:%S")}] "
xn ||= datastore['ExploitNumber']

8
lib/msf/core/module/ui/message/verbose.rb
View File

@ -1,21 +1,21 @@
module Msf::Module::UI::Message::Verbose
# Verbose version of #print_error
def vprint_error(msg='')
print_error(msg) if datastore['VERBOSE'] || framework.datastore['VERBOSE']
print_error(msg) if datastore['VERBOSE'] || (!framework.nil? && framework.datastore['VERBOSE'])
end
# Verbose version of #print_good
def vprint_good(msg='')
print_good(msg) if datastore['VERBOSE'] || framework.datastore['VERBOSE']
print_good(msg) if datastore['VERBOSE'] || (!framework.nil? && framework.datastore['VERBOSE'])
end
# Verbose version of #print_status
def vprint_status(msg='')
print_status(msg) if datastore['VERBOSE'] || framework.datastore['VERBOSE']
print_status(msg) if datastore['VERBOSE'] || (!framework.nil? && framework.datastore['VERBOSE'])
end
# Verbose version of #print_warning
def vprint_warning(msg='')
print_warning(msg) if datastore['VERBOSE'] || framework.datastore['VERBOSE']
print_warning(msg) if datastore['VERBOSE'] || (!framework.nil? && framework.datastore['VERBOSE'])
end
end

6
lib/msf/core/module_manager.rb
View File

@ -120,6 +120,7 @@ module Msf
self.module_info_by_path = {}
self.enablement_by_type = {}
self.module_load_error_by_path = {}
self.module_load_warnings = {}
self.module_paths = []
self.module_set_by_type = {}
@ -146,11 +147,6 @@ module Msf
# @param klass [Class<Msf::Module>] The module class
# @return [void]
def auto_subscribe_module(klass)
# If auto-subscribe has been disabled
if (framework.datastore['DisableAutoSubscribe'] and
framework.datastore['DisableAutoSubscribe'] =~ /^(y|1|t)/)
return
end
# If auto-subscription is enabled (which it is by default), figure out
# if it subscribes to any particular interfaces.

4
lib/msf/core/module_manager/loading.rb
View File

@ -50,7 +50,7 @@ module Msf::ModuleManager::Loading
changed
end
attr_accessor :module_load_error_by_path
attr_accessor :module_load_error_by_path, :module_load_warnings
# Called when a module is initially loaded such that it can be categorized
# accordingly.
@ -122,4 +122,4 @@ module Msf::ModuleManager::Loading
count_by_type
end
end
end

127
lib/msf/core/modules/loader/base.rb
View File

@ -3,9 +3,7 @@
# Project
#
require 'msf/core/modules/loader'
require 'msf/core/modules/namespace'
require 'msf/core/modules/metasploit_class_compatibility_error'
require 'msf/core/modules/version_compatibility_error'
require 'msf/core/modules/error'
# Responsible for loading modules for {Msf::ModuleManager}.
#
@ -30,9 +28,6 @@ class Msf::Modules::Loader::Base
# By calling module_eval from inside the module definition, the lexical scope is captured and available to the code in
# module_content.
NAMESPACE_MODULE_CONTENT = <<-EOS
# ensure the namespace module can respond to checks during loading
extend Msf::Modules::Namespace
class << self
# The loader that originally loaded this module
#
@ -103,12 +98,9 @@ class Msf::Modules::Loader::Base
# @option options [Boolean] :reload (false) whether this is a reload.
#
# @return [false] if :force is false and parent_path has not changed.
# @return [false] if exception encountered while parsing module
# content
# @return [false] if the module is incompatible with the Core or API
# version.
# @return [false] if the module does not implement a Metasploit(\d+)
# class.
# @return [false] if exception encountered while parsing module content
# @return [false] if the module is incompatible with the Core or API version.
# @return [false] if the module does not implement a Metasploit class.
# @return [false] if the module's is_usable method returns false.
# @return [true] if all those condition pass and the module is
# successfully loaded.
@ -131,8 +123,6 @@ class Msf::Modules::Loader::Base
reload ||= force || file_changed
metasploit_class = nil
module_content = read_module_content(parent_path, type, module_reference_name)
if module_content.empty?
@ -140,6 +130,7 @@ class Msf::Modules::Loader::Base
return false
end
klass = nil
try_eval_module = lambda { |namespace_module|
# set the parent_path so that the module can be reloaded with #load_module
namespace_module.parent_path = parent_path
@ -150,41 +141,24 @@ class Msf::Modules::Loader::Base
rescue ::Interrupt
raise
rescue ::Exception => error
# Hide eval errors when the module version is not compatible
begin
namespace_module.version_compatible!(module_path, module_reference_name)
rescue Msf::Modules::VersionCompatibilityError => version_compatibility_error
load_error(module_path, version_compatibility_error)
else
load_error(module_path, error)
end
return false
end
begin
namespace_module.version_compatible!(module_path, module_reference_name)
rescue Msf::Modules::VersionCompatibilityError => version_compatibility_error
load_error(module_path, version_compatibility_error)
return false
end
begin
metasploit_class = namespace_module.metasploit_class!(module_path, module_reference_name)
rescue Msf::Modules::MetasploitClassCompatibilityError => error
load_error(module_path, error)
return false
end
unless usable?(metasploit_class)
ilog(
"Skipping module (#{module_reference_name} from #{module_path}) because is_usable returned false.",
'core',
LEV_1
)
if namespace_module.const_defined?('Metasploit3', false)
klass = namespace_module.const_get('Metasploit3', false)
load_warning(module_path, 'Please change the modules class name from Metasploit3 to MetasploitModule')
elsif namespace_module.const_defined?('Metasploit4', false)
klass = namespace_module.const_get('Metasploit4', false)
load_warning(module_path, 'Please change the modules class name from Metasploit4 to MetasploitModule')
elsif namespace_module.const_defined?('MetasploitModule', false)
klass = namespace_module.const_get('MetasploitModule', false)
else
load_error(module_path, Msf::Modules::Error.new({
:module_path => module_path,
:module_reference_name => module_reference_name,
:causal_message => 'Invalid module (no MetasploitModule class or module name)'
}))
return false
end
@ -206,7 +180,7 @@ class Msf::Modules::Loader::Base
# Do some processing on the loaded module to get it into the right associations
module_manager.on_module_load(
metasploit_class,
klass,
type,
module_reference_name,
{
@ -339,9 +313,9 @@ class Msf::Modules::Loader::Base
protected
# Returns a nested module to wrap the Metasploit(1|2|3) class so that it doesn't overwrite other (metasploit)
# module's classes. The wrapper module must be named so that active_support's autoloading code doesn't break when
# searching constants from inside the Metasploit(1|2|3) class.
# Returns a nested module to wrap the MetasploitModule class so that it doesn't overwrite other (metasploit)
# module's classes. The wrapper module must be named so that active_support's autoloading code doesn't break when
# searching constants from inside the Metasploit class.
#
# @param namespace_module_names [Array<String>]
# {NAMESPACE_MODULE_NAMES} + <derived-constant-safe names>
@ -351,7 +325,7 @@ class Msf::Modules::Loader::Base
# @see NAMESPACE_MODULE_CONTENT
def create_namespace_module(namespace_module_names)
# In order to have constants defined in Msf resolve without the Msf qualifier in the module_content, the
# Module.nesting must resolve for the entire nesting. Module.nesting is strictly lexical, and can't be faked with
# Module.nesting must resolve for the entire nesting. Module.nesting is strictly lexical, and can't be faked with
# module_eval(&block). (There's actually code in ruby's implementation to stop module_eval from being added to
# Module.nesting when using the block syntax.) All this means is the modules have to be declared as a string that
# gets module_eval'd.
@ -432,13 +406,32 @@ class Msf::Modules::Loader::Base
log_lines << "#{module_path} failed to load due to the following error:"
log_lines << error.class.to_s
log_lines << error.to_s
log_lines << "Call stack:"
log_lines += error.backtrace
if error.backtrace
log_lines << "Call stack:"
log_lines += error.backtrace
end
log_message = log_lines.join("\n")
elog(log_message)
end
# Records the load warning to {Msf::ModuleManager::Loading#module_load_warnings} and the log.
#
# @param [String] module_path Path to the module as returned by {#module_path}.
# @param [String] Error message that caused the warning.
# @return [void]
#
# @see #module_path
def load_warning(module_path, error)
module_manager.module_load_warnings[module_path] = error.to_s
log_lines = []
log_lines << "#{module_path} generated a warning during load:"
log_lines << error.to_s
log_message = log_lines.join("\n")
wlog(log_message)
end
# @return [Msf::ModuleManager] The module manager for which this loader is loading modules.
attr_reader :module_manager
@ -455,7 +448,7 @@ class Msf::Modules::Loader::Base
raise ::NotImplementedError
end
# Returns whether the path could refer to a module. The path would still need to be loaded in order to check if it
# Returns whether the path could refer to a module. The path would still need to be loaded in order to check if it
# actually is a valid module.
#
# @param [String] path to module without the type directory.
@ -502,8 +495,8 @@ class Msf::Modules::Loader::Base
end
# Returns an Array of names to make a fully qualified module name to
# wrap the Metasploit(1|2|3) class so that it doesn't overwrite other
# (metasploit) module's classes. Invalid module name characters are
# wrap the MetasploitModule class so that it doesn't overwrite other
# (metasploit) module's classes. Invalid module name characters are
# escaped by using 'H*' unpacking and prefixing each code with X so
# the code remains a valid module name when it starts with a digit.
#
@ -626,28 +619,4 @@ class Msf::Modules::Loader::Base
self.class.typed_path(type, module_reference_name)
end
# Returns whether the metasploit_class is usable on the current system. Defer's to metasploit_class's #is_usable if
# it is defined.
#
# @param [Msf::Module] metasploit_class As returned by {Msf::Modules::Namespace#metasploit_class}
# @return [false] if metasploit_class.is_usable returns false.
# @return [true] if metasploit_class does not respond to is_usable.
# @return [true] if metasploit_class.is_usable returns true.
def usable?(metasploit_class)
# If the module indicates that it is not usable on this system, then we
# will not try to use it.
usable = false
if metasploit_class.respond_to? :is_usable
begin
usable = metasploit_class.is_usable
rescue => error
elog("Exception caught during is_usable check: #{error}")
end
else
usable = true
end
usable
end
end

4
lib/msf/core/modules/loader/directory.rb
View File

@ -32,10 +32,6 @@ class Msf::Modules::Loader::Directory < Msf::Modules::Loader::Base
def each_module_reference_name(path, opts={})
whitelist = opts[:whitelist] || []
::Dir.foreach(path) do |entry|
if entry.downcase == '.svn'
next
end
full_entry_path = ::File.join(path, entry)
type = entry.singularize

14
lib/msf/core/modules/metasploit_class_compatibility_error.rb
View File

@ -1,14 +0,0 @@
# -*- coding: binary -*-
require 'msf/core/modules/error'
# Error raised by {Msf::Modules::Namespace#metasploit_class!} if it cannot the namespace_module does not have a constant
# with {Msf::Framework::Major} or lower as a number after 'Metasploit', which indicates a compatible Msf::Module.
class Msf::Modules::MetasploitClassCompatibilityError < Msf::Modules::Error
def initialize(attributes={})
super_attributes = {
:causal_message => 'Missing compatible Metasploit<major_version> class constant',
}.merge(attributes)
super(super_attributes)
end
end

76
lib/msf/core/modules/namespace.rb
View File

@ -1,76 +0,0 @@
# -*- coding: binary -*-
require 'metasploit/framework/api/version'
require 'metasploit/framework/core/version'
# Concern for behavior that all namespace modules that wrap Msf::Modules must support like version checking and
# grabbing the version specific-Metasploit* class.
module Msf::Modules::Namespace
# Returns the Metasploit(3|2|1) class from the module_evalled content.
#
# @note The module content must be module_evalled into this namespace module before the return of
# {#metasploit_class} is valid.
#
# @return [Msf::Module] if a Metasploit(3|2|1) class exists in this module
# @return [nil] if such as class is not defined.
def metasploit_class
metasploit_class = nil
::Msf::Framework::Major.downto(1) do |major|
# Since we really only care about the deepest namespace, we don't
# need to look for parents' constants. However, the "inherit"
# parameter for const_defined? only exists after 1.9. If we ever
# drop 1.8 support, we can save a few cycles here by passing false
# here.
if const_defined?("Metasploit#{major}")
metasploit_class = const_get("Metasploit#{major}")
break
end
end
metasploit_class
end
def metasploit_class!(module_path, module_reference_name)
metasploit_class = self.metasploit_class
unless metasploit_class
raise Msf::Modules::MetasploitClassCompatibilityError.new(
:module_path => module_path,
:module_reference_name => module_reference_name
)
end
metasploit_class
end
# Raises an error unless {Msf::Framework::VersionCore} and {Msf::Framework::VersionAPI} meet the minimum required
# versions defined in RequiredVersions in the module content.
#
# @note The module content must be module_evalled into this namespace module using module_eval_with_lexical_scope
# before calling {#version_compatible!} is valid.
#
# @param [String] module_path Path from where the module was read.
# @param [String] module_reference_name The canonical name for the module.
# @raise [Msf::Modules::VersionCompatibilityError] if RequiredVersion[0] > Msf::Framework::VersionCore or
# RequiredVersion[1] > Msf::Framework::VersionApi
# @return [void]
def version_compatible!(module_path, module_reference_name)
if const_defined?(:RequiredVersions)
required_versions = const_get(:RequiredVersions)
minimum_core_version = Gem::Version.new(required_versions[0].to_s)
minimum_api_version = Gem::Version.new(required_versions[1].to_s)
if (minimum_core_version > Metasploit::Framework::Core::GEM_VERSION ||
minimum_api_version > Metasploit::Framework::API::GEM_VERSION)
raise Msf::Modules::VersionCompatibilityError.new(
:module_path => module_path,
:module_reference_name => module_reference_name,
:minimum_api_version => minimum_api_version,
:minimum_core_version => minimum_core_version
)
end
end
end
end

52
lib/msf/core/modules/version_compatibility_error.rb
View File

@ -1,52 +0,0 @@
# -*- coding: binary -*-
require 'msf/core/modules/error'
# Error raised by {Msf::Modules::Namespace#version_compatible!} on {Msf::Modules::Loader::Base#create_namespace_module}
# if the API or Core version does not meet the minimum requirements defined in the RequiredVersions constant in the
# {Msf::Modules::Loader::Base#read_module_content module content}.
class Msf::Modules::VersionCompatibilityError < Msf::Modules::Error
# @param [Hash{Symbol => Float}] attributes
# @option attributes [Float] :minimum_api_version The minimum {Msf::Framework::VersionAPI} as defined in
# RequiredVersions.
# @option attributes [Float] :minimum_core_version The minimum {Msf::Framework::VersionCore} as defined in
# RequiredVersions.
def initialize(attributes={})
@minimum_api_version = attributes[:minimum_api_version]
@minimum_core_version = attributes[:minimum_core_version]
message_parts = []
message_parts << 'version check'
if minimum_api_version or minimum_core_version
clause_parts = []
if minimum_api_version
clause_parts << "API >= #{minimum_api_version}"
end
if minimum_core_version
clause_parts << "Core >= #{minimum_core_version}"
end
clause = clause_parts.join(' and ')
message_parts << "(requires #{clause})"
end
causal_message = message_parts.join(' ')
super_attributes = {
:causal_message => causal_message
}.merge(attributes)
super(super_attributes)
end
# @return [Float] The minimum value of {Msf::Framework::VersionAPI} for the module to be compatible.
attr_reader :minimum_api_version
# @return [Float] The minimum value of {Msf::Framework::VersionCore} for the module to be compatible.
attr_reader :minimum_core_version
# @return [String] the path to the module that declared the RequiredVersions
attr_reader :module_path
# @return [String] the module reference name that declared the RequiredVersions
attr_reader :module_reference_name
end

8
lib/msf/core/opt.rb
View File

@ -51,6 +51,13 @@ module Msf
Msf::OptPort.new(__method__.to_s, [ required, desc, default ])
end
# @return [OptEnum]
def self.SSLVersion
Msf::OptEnum.new('SSLVersion', [ false,
'Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate)', 'Auto',
['Auto', 'SSL2', 'SSL3', 'SSL23', 'TLS', 'TLS1', 'TLS1.1', 'TLS1.2']])
end
# These are unused but remain for historical reasons
class << self
alias builtin_chost CHOST
@ -69,6 +76,7 @@ module Msf
Proxies = Proxies()
RHOST = RHOST()
RPORT = RPORT()
SSLVersion = SSLVersion()
end
end

17
lib/msf/core/opt_port.rb
View File

@ -7,24 +7,17 @@ module Msf
# Network port option.
#
###
class OptPort < OptBase
class OptPort < OptInt
def type
return 'port'
end
def normalize(value)
value.to_i
end
def valid?(value)
return false if empty_required_value?(value)
if ((value != nil and value.to_s.empty? == false) and
((value.to_s.match(/^\d+$/) == nil or value.to_i < 0 or value.to_i > 65535)))
return false
if !required? and value.to_s.empty?
super
else
super && normalize(value) <= 65535 && normalize(value) >= 0
end
return super
end
end

2
lib/msf/core/opt_raw.rb
View File

@ -13,7 +13,7 @@ class OptRaw < OptBase
end
def normalize(value)
if (value =~ /^file:(.*)/)
if (value.to_s =~ /^file:(.*)/)
path = $1
begin
value = File.read(path)

2
lib/msf/core/opt_regexp.rb
View File

@ -29,7 +29,7 @@ class OptRegexp < OptBase
def normalize(value)
return nil if value.nil?
return Regexp.compile(value)
return Regexp.compile(value.to_s)
end
def display_value(value)

2
lib/msf/core/opt_string.rb
View File

@ -13,7 +13,7 @@ class OptString < OptBase
end
def normalize(value)
if (value =~ /^file:(.*)/)
if (value.to_s =~ /^file:(.*)/)
path = $1
begin
value = File.read(path)

2
lib/msf/core/payload/ruby.rb
View File

@ -10,7 +10,7 @@ module Msf::Payload::Ruby
[
# Since space restrictions aren't really a problem, default this to
# true.
Msf::OptBool.new('PrependFork', [ false, "Start the payload in its own process via fork or popen", "true" ])
Msf::OptBool.new('PrependFork', [ false, "Start the payload in its own process via fork or popen", true ])
]
)
end

2
lib/msf/core/payload/windows/prepend_migrate.rb
View File

@ -28,7 +28,7 @@ module Msf::Payload::Windows::PrependMigrate
# for discussion.
#
def prepend_migrate?
!!(datastore['PrependMigrate'] && datastore['PrependMigrate'].to_s.downcase == 'true')
datastore['PrependMigrate']
end
#

83
lib/msf/sanity.rb
View File

@ -3,36 +3,6 @@
# Provides some sanity checks against the ruby build and version
#
# Check for the broken pack/unpack in OS X 10.4.x
if ([1].pack('n') == "\x01\x00")
$stderr.puts "*** This ruby build has a broken pack/unpack implementation! "
if (RUBY_PLATFORM =~ /darwin/)
$stderr.puts " Apple shipped a broken version of ruby with the 10.4.x "
$stderr.puts " release. Please install ruby from source, or use one of "
$stderr.puts " the free package managers to obtain a working ruby build."
end
exit(0)
end
# Check for ruby 1.8.2 as the minimal supported version
if (RUBY_VERSION =~ /^1\.[0-7]\./ or RUBY_VERSION =~ /^1\.8\.[0-1]$/)
$stderr.puts "*** This version of ruby is not supported, please upgrade to 1.8.7+"
exit(0)
end
# Check for ruby 1.9.0 and throw a big nasty warning
if (RUBY_VERSION =~ /^1\.9\.0/)
$stderr.puts "*** Ruby 1.9.0 is not supported, please upgrade to Ruby 1.9.3 or newer."
exit(0)
end
# Check for ruby 1.9.1 and throw a warning
if (RUBY_VERSION =~ /^1\.9\.1/)
$stderr.puts "*** Ruby 1.9.1 is not supported, please upgrade to Ruby 1.9.3 or newer."
end
if(RUBY_PLATFORM == 'java')
require 'socket'
s = Socket.new(::Socket::AF_INET, ::Socket::SOCK_STREAM, ::Socket::IPPROTO_TCP)
@ -56,56 +26,3 @@ rescue ::LoadError
$stderr.puts "*** The ruby-openssl library is not installed, many features will be disabled!"
$stderr.puts "*** Examples: Meterpreter, SSL Sockets, SMB/NTLM Authentication, and more"
end
#
# Check for the ugly 1.8.7 short-named constants bug
#
class ConstBugTestA
Const = 'A'
def test
Const == 'A'
end
end
ConstBugTestC = ConstBugTestA.dup
class ConstBugTestB < ConstBugTestC
Const = 'B'
end
def ruby_187_const_bug
bugged = false
begin
ConstBugTestA.new.test()
ConstBugTestB.new.test()
rescue ::NameError
bugged = true
end
bugged
end
if(ruby_187_const_bug())
$stderr.puts ""
$stderr.puts "***********************************************************************"
$stderr.puts "*** *"
$stderr.puts "*** This version of the Ruby interpreter contains a serious bug *"
$stderr.puts "*** related to short-named constants, we strongly recommend that you *"
$stderr.puts "*** switch to a fixed version. Unfortunately, some Linux distros have *"
$stderr.puts "*** backported the buggy patch into 1.8.6, so you may need to contact *"
$stderr.puts "*** your vendor and ask them to review the URL below. *"
$stderr.puts "*** *"
$stderr.puts "*** Alternatively, you can download, build, and install the latest *"
$stderr.puts "*** stable snapshot of Ruby from the following URL: *"
$stderr.puts "*** - http://www.ruby-lang.org/ *"
$stderr.puts "*** *"
$stderr.puts "*** For more information, please see the following URL: *"
$stderr.puts "*** - https://bugs.launchpad.net/bugs/282302 *"
$stderr.puts "*** *"
$stderr.puts "***********************************************************************"
$stderr.puts ""
end

37
lib/msf/ui/console/command_dispatcher/core.rb
View File

@ -225,6 +225,13 @@ class Core
end
end
if framework.modules.module_load_warnings.length > 0
print_warning("The following modules were loaded with warnings:")
framework.modules.module_load_warnings.each do |path, error|
print_warning("\t#{path}: #{error}")
end
end
cmd_banner()
end
@ -2187,10 +2194,15 @@ class Core
return true
end
if append
datastore[name] = datastore[name] + value
else
datastore[name] = value
begin
if append
datastore[name] = datastore[name] + value
else
datastore[name] = value
end
rescue OptionValidateError => e
print_error(e.message)
elog(e.message)
end
print_line("#{name} => #{datastore[name]}")
@ -2202,7 +2214,6 @@ class Core
# @param str [String] the string currently being typed before tab was hit
# @param words [Array<String>] the previously completed words on the command line. words is always
# at least 1 when tab completion has reached this stage since the command itself has been completed
def cmd_set_tabs(str, words)
# A value has already been specified
@ -2846,16 +2857,8 @@ class Core
# Returns the revision of the framework and console library
#
def cmd_version(*args)
svn_console_version = "$Revision: 15168 $"
svn_metasploit_version = Msf::Framework::Revision.match(/ (.+?) \$/)[1] rescue nil
if svn_metasploit_version
print_line("Framework: #{Msf::Framework::Version}.#{svn_metasploit_version}")
else
print_line("Framework: #{Msf::Framework::Version}")
end
print_line("Console : #{Msf::Framework::Version}.#{svn_console_version.match(/ (.+?) \$/)[1]}")
return true
print_line("Framework: #{Msf::Framework::Version}")
print_line("Console : #{Msf::Framework::Version}")
end
def cmd_grep_help
@ -3532,7 +3535,7 @@ class Core
next if not o
# handle a search string, search deep
if(
if (
not regex or
o.name.match(regex) or
o.description.match(regex) or
@ -3546,7 +3549,7 @@ class Core
mod_opt_keys = o.options.keys.map { |x| x.downcase }
opts.each do |opt,val|
if mod_opt_keys.include?(opt.downcase) == false or (val != nil and o.datastore[opt] != val)
if !mod_opt_keys.include?(opt.downcase) || (val != nil && o.datastore[opt] != val)
show = false
end
end

2
lib/msf/ui/console/command_dispatcher/db.rb
View File

@ -1033,7 +1033,7 @@ class Db
::ActiveRecord::Base.connection_pool.with_connection {
query = Metasploit::Credential::Core.where( workspace_id: framework.db.workspace )
query = query.includes(:private, :public, :logins)
query = query.includes(:private, :public, :logins).references(:private, :public, :logins)
query = query.includes(logins: [ :service, { service: :host } ])
if type.present?

3
lib/msf/ui/console/command_dispatcher/exploit.rb
View File

@ -154,8 +154,7 @@ class Exploit
else
# If we didn't run a payload handler for this exploit it doesn't
# make sense to complain to the user that we didn't get a session
disable_handler = /^true$/i === mod.datastore["DisablePayloadHandler"] ? true : false
unless disable_handler
unless mod.datastore["DisablePayloadHandler"]
fail_msg = 'Exploit completed, but no session was created.'
print_status(fail_msg)
begin

17
lib/msf/ui/console/driver.rb
View File

@ -139,13 +139,13 @@ class Driver < Msf::Ui::Driver
self.disable_output = false
# Whether or not command passthru should be allowed
self.command_passthru = (opts['AllowCommandPassthru'] == false) ? false : true
self.command_passthru = opts.fetch('AllowCommandPassthru', true)
# Whether or not to confirm before exiting
self.confirm_exit = (opts['ConfirmExit'] == true) ? true : false
self.confirm_exit = opts['ConfirmExit']
# Disables "dangerous" functionality of the console
@defanged = opts['Defanged'] == true
@defanged = opts['Defanged']
# If we're defanged, then command passthru should be disabled
if @defanged
@ -535,6 +535,13 @@ class Driver < Msf::Ui::Driver
end
end
if framework.modules.module_load_warnings.length > 0
print_warning("The following modules were loaded with warnings:")
framework.modules.module_load_warnings.each do |path, error|
print_warning("\t#{path}: #{error}")
end
end
framework.events.on_ui_start(Msf::Framework::Revision)
if $msf_spinner_thread
@ -563,7 +570,7 @@ class Driver < Msf::Ui::Driver
if (framework and framework.payloads.valid?(val) == false)
return false
elsif active_module.type == 'exploit' && !active_module.is_payload_compatible?(val)
elsif active_module && active_module.type == 'exploit' && !active_module.is_payload_compatible?(val)
return false
elsif (active_module)
active_module.datastore.clear_non_user_defined
@ -652,7 +659,7 @@ protected
def unknown_command(method, line)
[method, method+".exe"].each do |cmd|
if (command_passthru == true and Rex::FileUtils.find_full_path(cmd))
if command_passthru && Rex::FileUtils.find_full_path(cmd)
print_status("exec: #{line}")
print_line('')

4
lib/msf/util.rb
View File

@ -21,7 +21,3 @@ end
# Executable generation and encoding
require 'msf/util/exe'
# Parse SVN entries
require 'msf/util/svn'

120
lib/msf/util/svn.rb
View File

@ -1,120 +0,0 @@
# -*- coding: binary -*-
###
#
# framework-util-svn
# --------------
#
# The class provides methods for parsing the SVN information in the framework directory
#
###
require 'date'
module Msf
module Util
class SVN
def self.load_root
info = {}
path = ::File.join(::File.dirname(__FILE__), "..", "..", "..", ".svn", "entries")
if !::File.exists?(path)
return info
end
contents = ''
File.open(path, "rb") do |fd|
contents = fd.read(::File.size(path))
end
if contents.include? "<?xml"
require 'rexml/document'
rd = REXML::Document.new(contents).root
rd.elements.each { |e|
if e.attributes['name'] == ""
info[:root] = e.attributes['url']
info[:revision] = e.attributes['revision']
info[:updated] = e.attributes['committed-date']
break
end
}
else
ents = contents.split("\x0c")
ents[0].split("\n").each do |line|
line.strip!
next if line.empty?
case line
when /framework3/
info[:root] = line
when /^\d+$/
info[:revision] = line.to_i
when /^\d{4}-\d.*T/
info[:updated] = line
end
break if (info[:root] and info[:revision] and info[:updated])
end
end
info
end
def self.revision
@@info ||= load_root
@@info[:revision]
end
def self.updated
@@info ||= load_root
@@info[:updated]
end
def self.root
@@info ||= load_root
@@info[:root]
end
def self.days_since_update
@@info ||= load_root
svnt = @@info[:updated]
if(not svnt)
return
end
# Date.parse and Date.strptime are both broken beyond repair in
# ruby 1.8.6 and older. Just bail if the parsing doesn't work.
begin
diff = (Date.parse(Time.now.to_s) - Date.parse(svnt)).to_f
rescue ArgumentError
end
end
def self.last_updated_friendly
diff = self.days_since_update
case diff
when nil
"at an unknown date"
when -2.0 .. 1.0
"today"
when 1.0 .. 2.0
"yesterday"
else
if (diff.to_i > 7)
"%red#{diff.to_i} days ago%clr"
else
"#{diff.to_i} days ago"
end
end
end
def self.last_updated_date
@@info ||= load_root
svnt = @@info[:updated]
if(not svnt)
return
end
begin
Date.parse(@@info[:updated])
rescue ArgumentError
end
end
end
end
end

2
lib/rex/exploitation/js/memory.rb
View File

@ -27,7 +27,7 @@ class Memory
def self.heaplib2(custom_js='', opts={})
js = ::File.read(::File.join(Msf::Config.data_directory, "js", "memory", "heaplib2.js"))
unless custom_js.blank?
unless custom_js.to_s.strip.empty?
js << custom_js
end

2
lib/rex/mime/message.rb
View File

@ -126,7 +126,7 @@ class Message
header_string = self.header.to_s
msg = header_string.empty? ? '' : force_crlf(self.header.to_s + "\r\n")
msg << force_crlf(self.content + "\r\n") unless self.content.blank?
msg << force_crlf(self.content + "\r\n") unless self.content.to_s.strip.empty?
self.parts.each do |part|
msg << force_crlf("--" + self.bound + "\r\n")

2
lib/rex/parser/appscan_nokogiri.rb
View File

@ -195,7 +195,7 @@ module Rex
res_header = Rex::Proto::Http::Packet::Header.new
req_header.from_s request_headers.lstrip
res_header.from_s response_headers.lstrip
if response_body.blank?
if response_body.to_s.empty?
response_body = ''
end
@state[:request_headers] = req_header

4
lib/rex/parser/fusionvm_nokogiri.rb
View File

@ -59,7 +59,7 @@ module Parser
unless in_tag("JobOrder")
case name
when "OS"
unless @host.nil? or @text.blank?
unless @host.nil? or @text.to_s.strip.empty?
tnote = {
:type => "host.os.fusionvm_fingerprint",
:data => { :os => @text.strip },
@ -86,7 +86,7 @@ module Parser
when "CVE"
@vuln[:refs] << "CVE-#{@text.strip}"
when "References"
unless @text.blank?
unless @text.to_s.strip.empty?
@text.split(' ').each do |ref|
next unless ref.start_with? "http"
if ref =~ /MS\d{2}-\d{3}/

7
lib/rex/parser/nexpose_raw_nokogiri.rb
View File

@ -193,6 +193,13 @@ module Rex
vuln_instances = @report_data[:vuln][:matches].size
db.emit(:vuln, [refs.last,vuln_instances], &block) if block
# TODO: potential remove the size limit on this field, might require
# some additional UX
if @report_data[:vuln]['title'].length > 255
db.emit :warning, 'Vulnerability name longer than 255 characters, truncating.', &block if block
@report_data[:vuln]['title'] = @report_data[:vuln]['title'][0..254]
end
vuln_ids = @report_data[:vuln][:matches].map{ |v| v[0] }
vdet_ids = @report_data[:vuln][:matches].map{ |v| v[1] }

11
lib/rex/post/meterpreter/channel.rb
View File

@ -141,7 +141,9 @@ class Channel
if (cid and client)
client.add_channel(self)
end
ObjectSpace.define_finalizer( self, self.class.finalize(self.client, self.cid) )
# Ensure the remote object is closed when all references are removed
ObjectSpace.define_finalizer(self, self.class.finalize(client, cid))
end
def self.finalize(client,cid)
@ -288,8 +290,11 @@ class Channel
end
def _close(addends = nil)
self.class._close(self.client, self.cid, addends)
self.cid = nil
unless self.cid.nil?
ObjectSpace.undefine_finalizer(self)
self.class._close(self.client, self.cid, addends)
self.cid = nil
end
end
#
# Enables or disables interactive mode.

4
lib/rex/post/meterpreter/client_core.rb
View File

@ -469,7 +469,7 @@ class ClientCore < Extension
end
if client.platform =~ /linux/
if writable_dir.blank?
if writable_dir.to_s.strip.empty?
writable_dir = tmp_folder
end
@ -752,7 +752,7 @@ class ClientCore < Extension
def tmp_folder
tmp = client.sys.config.getenv('TMPDIR')
if tmp.blank?
if tmp.to_s.strip.empty?
tmp = '/tmp'
end

35
lib/rex/post/meterpreter/extensions/android/android.rb
View File

@ -71,7 +71,7 @@ class Android < Extension
response = client.send_request(request)
response.get_tlv(TLV_TYPE_SHUTDOWN_OK).value
end
def set_audio_mode(n)
request = Packet.create_request('set_audio_mode')
request.add_tlv(TLV_TYPE_AUDIO_MODE, n)
@ -259,6 +259,12 @@ class Android < Extension
end
end
def set_wallpaper(data)
request = Packet.create_request('set_wallpaper')
request.add_tlv(TLV_TYPE_WALLPAPER_DATA, data)
response = client.send_request(request)
end
def send_sms(dest, body, dr)
request = Packet.create_request('send_sms')
request.add_tlv(TLV_TYPE_SMS_ADDRESS, dest)
@ -289,6 +295,33 @@ class Android < Extension
end
networks
end
def sqlite_query(dbname, query, writeable)
request = Packet.create_request('sqlite_query')
request.add_tlv(TLV_TYPE_SQLITE_NAME, dbname)
request.add_tlv(TLV_TYPE_SQLITE_QUERY, query)
request.add_tlv(TLV_TYPE_SQLITE_WRITE, writeable)
response = client.send_request(request, 30)
error_msg = response.get_tlv(TLV_TYPE_SQLITE_ERROR)
raise "SQLiteException: #{error_msg.value}" if error_msg
unless writeable
result = {
columns: [],
rows: []
}
data = response.get_tlv(TLV_TYPE_SQLITE_RESULT_GROUP)
unless data.nil?
columns = data.get_tlv(TLV_TYPE_SQLITE_RESULT_COLS)
result[:columns] = columns.get_tlv_values(TLV_TYPE_SQLITE_VALUE)
data.each(TLV_TYPE_SQLITE_RESULT_ROW) do |row|
result[:rows] << row.get_tlv_values(TLV_TYPE_SQLITE_VALUE)
end
end
result
end
end
end
end
end

11
lib/rex/post/meterpreter/extensions/android/tlv.rb
View File

@ -81,6 +81,17 @@ TLV_TYPE_URI_STRING = TLV_META_TYPE_STRING | (TLV_EXTENSIONS
TLV_TYPE_ACTIVITY_START_RESULT = TLV_META_TYPE_BOOL | (TLV_EXTENSIONS + 9102)
TLV_TYPE_ACTIVITY_START_ERROR = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9103)
TLV_TYPE_SQLITE_RESULT_GROUP = TLV_META_TYPE_GROUP | (TLV_EXTENSIONS + 9080)
TLV_TYPE_SQLITE_NAME = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9081)
TLV_TYPE_SQLITE_QUERY = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9082)
TLV_TYPE_SQLITE_RESULT_COLS = TLV_META_TYPE_GROUP | (TLV_EXTENSIONS + 9083)
TLV_TYPE_SQLITE_RESULT_ROW = TLV_META_TYPE_GROUP | (TLV_EXTENSIONS + 9084)
TLV_TYPE_SQLITE_VALUE = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9085)
TLV_TYPE_SQLITE_ERROR = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9086)
TLV_TYPE_SQLITE_WRITE = TLV_META_TYPE_BOOL | (TLV_EXTENSIONS + 9087)
TLV_TYPE_WALLPAPER_DATA = TLV_META_TYPE_RAW | (TLV_EXTENSIONS + 9201)
end
end
end

2
lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb
View File

@ -31,7 +31,7 @@ class Wmi
def query(query, root = nil)
request = Packet.create_request('extapi_wmi_query')
request.add_tlv(TLV_TYPE_EXT_WMI_DOMAIN, root) unless root.blank?
request.add_tlv(TLV_TYPE_EXT_WMI_DOMAIN, root) unless root.to_s.strip.empty?
request.add_tlv(TLV_TYPE_EXT_WMI_QUERY, query)
response = client.send_request(request)

10
lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb
View File

@ -60,7 +60,9 @@ class EventLog
def initialize(hand)
self.client = self.class.client
self.handle = hand
ObjectSpace.define_finalizer( self, self.class.finalize(self.client, self.handle) )
# Ensure the remote object is closed when all references are removed
ObjectSpace.define_finalizer(self, self.class.finalize(client, hand))
end
def self.finalize(client,handle)
@ -185,7 +187,11 @@ class EventLog
# Instance method
def close
self.class.close(self.client, self.handle)
unless self.handle.nil?
ObjectSpace.undefine_finalizer(self)
self.class.close(self.client, self.handle)
self.handle = nil
end
end
end

15
lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb
View File

@ -285,11 +285,12 @@ class Process < Rex::Post::Process
'thread' => Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessSubsystem::Thread.new(self),
})
ObjectSpace.define_finalizer( self, self.class.finalize(self.client, self.handle) )
# Ensure the remote object is closed when all references are removed
ObjectSpace.define_finalizer(self, self.class.finalize(client, handle))
end
def self.finalize(client,handle)
proc { self.close(client,handle) }
def self.finalize(client, handle)
proc { self.close(client, handle) }
end
#
@ -320,8 +321,12 @@ class Process < Rex::Post::Process
#
# Instance method
#
def close(handle=self.handle)
self.class.close(self.client, handle)
def close(handle = self.handle)
unless self.pid.nil?
ObjectSpace.undefine_finalizer(self)
self.class.close(self.client, handle)
self.pid = nil
end
end
#

9
lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb
View File

@ -30,7 +30,8 @@ class RegistryKey
self.perm = perm
self.hkey = hkey
ObjectSpace.define_finalizer( self, self.class.finalize(self.client, self.hkey) )
# Ensure the remote object is closed when all references are removed
ObjectSpace.define_finalizer(self, self.class.finalize(client, hkey))
end
def self.finalize(client,hkey)
@ -115,7 +116,11 @@ class RegistryKey
# Instance method for the same
def close()
self.class.close(self.client, self.hkey)
unless self.hkey.nil?
ObjectSpace.undefine_finalizer(self)
self.class.close(self.client, self.hkey)
self.hkey = nil
end
end
##

15
lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb
View File

@ -29,11 +29,12 @@ class RemoteRegistryKey
self.target_host = target_host
self.hkey = hkey
ObjectSpace.define_finalizer( self, self.class.finalize(self.client, self.hkey) )
# Ensure the remote object is closed when all references are removed
ObjectSpace.define_finalizer(self, self.class.finalize(client, hkey))
end
def self.finalize(client,hkey)
proc { self.close(client,hkey) }
def self.finalize(client, hkey)
proc { self.close(client, hkey) }
end
##
@ -113,8 +114,12 @@ class RemoteRegistryKey
end
# Instance method for the same
def close()
self.class.close(self.client, self.hkey)
def close
unless self.hkey.nil?
ObjectSpace.undefine_finalizer(self)
self.class.close(self.client, self.hkey)
self.hkey = nil
end
end
##

10
lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb
View File

@ -34,7 +34,9 @@ class Thread < Rex::Post::Thread
self.process = process
self.handle = handle
self.tid = tid
ObjectSpace.define_finalizer( self, self.class.finalize(self.process.client, self.handle) )
# Ensure the remote object is closed when all references are removed
ObjectSpace.define_finalizer(self, self.class.finalize(process.client, handle))
end
def self.finalize(client,handle)
@ -168,7 +170,11 @@ class Thread < Rex::Post::Thread
# Instance method
def close
self.class.close(self.process.client, self.handle)
unless self.handle.nil?
ObjectSpace.undefine_finalizer(self)
self.class.close(self.process.client, self.handle)
self.handle = nil
end
end
attr_reader :process, :handle, :tid # :nodoc:

2
lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb
View File

@ -66,7 +66,7 @@ class Webcam
remote_browser_path = webrtc_browser_path
if remote_browser_path.blank?
if remote_browser_path.to_s.strip.empty?
fail "Unable to find a suitable browser on the target machine"
end

61
lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb
View File

@ -31,6 +31,7 @@ class Console::CommandDispatcher::Android
'wlan_geolocate' => 'Get current lat-long using WLAN information',
'interval_collect' => 'Manage interval collection capabilities',
'activity_start' => 'Start an Android activity from a Uri string',
'sqlite_query' => 'Query a SQLite database from storage',
'set_audio_mode' => 'Set Ringer Mode'
}
@ -45,6 +46,7 @@ class Console::CommandDispatcher::Android
'wlan_geolocate' => ['wlan_geolocate'],
'interval_collect' => ['interval_collect'],
'activity_start' => ['activity_start'],
'sqlite_query' => ['sqlite_query'],
'set_audio_mode' => ['set_audio_mode']
}
@ -189,7 +191,7 @@ class Console::CommandDispatcher::Android
path = "sms_dump_#{Time.new.strftime('%Y%m%d%H%M%S')}.txt"
dump_sms_opts = Rex::Parser::Arguments.new(
'-h' => [ false, 'Help Banner' ],
'-o' => [ false, 'Output path for sms list']
'-o' => [ true, 'Output path for sms list']
)
dump_sms_opts.parse(args) do |opt, _idx, val|
@ -277,7 +279,7 @@ class Console::CommandDispatcher::Android
dump_contacts_opts = Rex::Parser::Arguments.new(
'-h' => [ false, 'Help Banner' ],
'-o' => [ false, 'Output path for contacts list']
'-o' => [ true, 'Output path for contacts list']
)
dump_contacts_opts.parse(args) do |opt, _idx, val|
@ -381,7 +383,7 @@ class Console::CommandDispatcher::Android
dump_calllog_opts = Rex::Parser::Arguments.new(
'-h' => [ false, 'Help Banner' ],
'-o' => [ false, 'Output path for call log']
'-o' => [ true, 'Output path for call log']
)
@ -491,7 +493,7 @@ class Console::CommandDispatcher::Android
end
end
if dest.blank? || body.blank?
if dest.to_s.empty? || body.to_s.empty?
print_error("You must enter both a destination address -d and the SMS text body -t")
print_error('e.g. send_sms -d +351961234567 -t "GREETINGS PROFESSOR FALKEN."')
print_line(send_sms_opts.usage)
@ -543,7 +545,7 @@ class Console::CommandDispatcher::Android
wlan_list << [mac, ssid, ss.to_s]
end
if wlan_list.blank?
if wlan_list.to_s.empty?
print_error("Unable to enumerate wireless networks from the target. Wireless may not be present or enabled.")
return
end
@ -578,6 +580,55 @@ class Console::CommandDispatcher::Android
end
end
def cmd_sqlite_query(*args)
sqlite_query_opts = Rex::Parser::Arguments.new(
'-h' => [ false, 'Help Banner' ],
'-d' => [ true, 'The sqlite database file'],
'-q' => [ true, 'The sqlite statement to execute'],
'-w' => [ false, 'Open the database in writable mode (for INSERT/UPDATE statements)']
)
writeable = false
database = ''
query = ''
sqlite_query_opts.parse(args) do |opt, _idx, val|
case opt
when '-h'
print_line("Usage: sqlite_query -d <database_file> -q <statement>\n")
print_line(sqlite_query_opts.usage)
return
when '-d'
database = val
when '-q'
query = val
when '-w'
writeable = true
end
end
if database.blank? || query.blank?
print_error("You must enter both a database files and a query")
print_error("e.g. sqlite_query -d /data/data/com.android.browser/databases/webviewCookiesChromium.db -q 'SELECT * from cookies'")
print_line(sqlite_query_opts.usage)
return
end
result = client.android.sqlite_query(database, query, writeable)
unless writeable
header = "#{query} on database file #{database}"
table = Rex::Ui::Text::Table.new(
'Header' => header,
'Columns' => result[:columns],
'Indent' => 0
)
result[:rows].each do |e|
table << e
end
print_line
print_line(table.to_s)
end
end
#
# Name for this dispatcher
#

2
lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb
View File

@ -866,7 +866,7 @@ class Console::CommandDispatcher::Core
end
pid = val.to_i
when '-N'
if val.blank?
if val.to_s.empty?
print_error("No process name provided")
return
end

3
lib/rex/proto/http/client_request.rb
View File

@ -391,8 +391,9 @@ class ClientRequest
#
# Return the content length header
#
def set_content_len_header(clen)
return "" if opts['chunked_size'] > 0
return "" if clen == 0 || opts['chunked_size'] > 0 || (opts['headers'] && opts['headers']['Content-Length'])
set_formatted_header("Content-Length", clen)
end

4
lib/rex/proto/kademlia/bootstrap_response.rb
View File

@ -51,14 +51,14 @@ module Kademlia
bootstrap_peer_id = Rex::Proto::Kademlia.decode_peer_id(message.body.slice!(0, 16))
bootstrap_tcp_port, bootstrap_version, num_peers = message.body.slice!(0, 5).unpack('vCv')
# protocol says there are no peers and the body confirms this, so just return with no peers
if num_peers == 0 && message.body.blank?
if num_peers == 0 && message.body.to_s.strip.empty?
peers = []
else
peers_data = message.body
# peers data is too long/short, abort
return if peers_data.size % BOOTSTRAP_PEER_SIZE != 0
peers = []
until peers_data.blank?
until peers_data.to_s.strip.empty?
peer_data = peers_data.slice!(0, BOOTSTRAP_PEER_SIZE)
peer_id = Rex::Proto::Kademlia.decode_peer_id(peer_data.slice!(0, 16))
ip, udp_port, tcp_port, version = peer_data.unpack('VvvC')

7
lib/rex/socket/ssl_tcp.rb
View File

@ -65,7 +65,7 @@ begin
when 'SSL2', :SSLv2
version = :SSLv2
# 'TLS' will be the new name for autonegotation with newer versions of OpenSSL
when 'SSL23', :SSLv23, 'TLS'
when 'SSL23', :SSLv23, 'TLS', 'Auto'
version = :SSLv23
when 'SSL3', :SSLv3
version = :SSLv3
@ -124,6 +124,11 @@ begin
# Tie the context to a socket
self.sslsock = OpenSSL::SSL::SSLSocket.new(self, self.sslctx)
# If peerhost looks like a hostname, set the undocumented 'hostname'
# attribute on sslsock, which enables the Server Name Indication (SNI)
# extension
self.sslsock.hostname = self.peerhost if !Rex::Socket.dotted_ip?(self.peerhost)
# Force a negotiation timeout
begin
Timeout.timeout(params.timeout) do

2
lib/rex/zip/blocks.rb
View File

@ -116,7 +116,7 @@ class CentralDir
end
def pack
if @entry.central_dir_name.blank?
if @entry.central_dir_name.to_s.strip.empty?
path = @entry.relative_path
else
path = @entry.central_dir_path

2
lib/rex/zip/entry.rb
View File

@ -76,7 +76,7 @@ class Entry
end
def central_dir_path
return nil if @central_dir_name.blank?
return nil if @central_dir_name.to_s.strip.empty?
get_relative_path(@central_dir_name)
end

6
lib/tasks/custom_cucumber.rake
View File

@ -12,6 +12,12 @@ begin
t.fork = true # You may get faster startup if you set this to false
t.profile = 'boot'
end
Cucumber::Rake::Task.new({:exploit => 'db:test:prepare'}, 'Run features that should pass') do |t|
t.binary = vendored_cucumber_bin # If nil, the gem's binary is used.
t.fork = true # You may get faster startup if you set this to false
t.profile = 'exploit'
end
end
rescue LoadError

10
metasploit-framework.gemspec
View File

@ -61,16 +61,16 @@ Gem::Specification.new do |spec|
# Metasm compiler/decompiler/assembler
spec.add_runtime_dependency 'metasm', '~> 1.0.2'
# Metasploit::Concern hooks
spec.add_runtime_dependency 'metasploit-concern', '1.0.0'
spec.add_runtime_dependency 'metasploit-concern'
# Metasploit::Credential database models
spec.add_runtime_dependency 'metasploit-credential', '1.0.1'
spec.add_runtime_dependency 'metasploit-credential', '1.1.0'
# Database models shared between framework and Pro.
spec.add_runtime_dependency 'metasploit_data_models', '1.2.11'
spec.add_runtime_dependency 'metasploit_data_models', '1.3.0'
# Things that would normally be part of the database model, but which
# are needed when there's no database
spec.add_runtime_dependency 'metasploit-model', '1.0.0'
spec.add_runtime_dependency 'metasploit-model', '1.1.0'
# Needed for Meterpreter
spec.add_runtime_dependency 'metasploit-payloads', '1.1.1'
spec.add_runtime_dependency 'metasploit-payloads', '1.1.3'
# Needed by msfgui and other rpc components
spec.add_runtime_dependency 'msgpack'
# get list of network interfaces, like eth* from OS.

2
modules/auxiliary/admin/2wire/xslt_password_reset.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/android/google_play_store_uxss_xframe_rce.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpServer::HTML
include Msf::Auxiliary::Report

2
modules/auxiliary/admin/appletv/appletv_display_image.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit4 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/appletv/appletv_display_video.rb
View File

@ -6,7 +6,7 @@
require 'msf/core'
require 'uri'
class Metasploit4 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/atg/atg_client.rb
View File

@ -6,7 +6,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::Tcp
include Msf::Auxiliary::Scanner

2
modules/auxiliary/admin/backupexec/dump.rb
View File

@ -7,7 +7,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::NDMP

2
modules/auxiliary/admin/backupexec/registry.rb
View File

@ -7,7 +7,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::DCERPC
include ::Rex::Platforms::Windows

2
modules/auxiliary/admin/chromecast/chromecast_reset.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit4 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/chromecast/chromecast_youtube.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit4 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/cisco/cisco_secure_acs_bypass.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit4 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report

2
modules/auxiliary/admin/cisco/vpn_3000_ftp_bypass.rb
View File

@ -7,7 +7,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp

2
modules/auxiliary/admin/db2/db2rcmd.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::SMB::Client

2
modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb
View File

@ -7,7 +7,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp

Some files were not shown because too many files have changed in this diff Show More