github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-10-29 18:07:27 +01:00
Code Releases Activity
28,313 Commits 17 Branches 918 Tags 1.2 GiB
062eff8ede
Commit Graph

8763 Commits

Author SHA1 Message Date
Samuel Huckins
0dfd8e25b8
Land #3846, Rex::ImageSource specs 2014-10-02 12:33:56 -05:00
Joe Vennix
7861b17e16
Use write() to fix SNMP on osx/freebsd. 2014-10-02 09:15:43 -05:00
Joe Vennix
6571213f1c
Remove un-truthy doc string. 2014-10-01 23:41:02 -05:00
Joe Vennix
5a8eca8946
Adds a :vuln_test option to BES, just like in BAP. 
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.

This commit also does some mild refactoring of un-
useful behavior in BES.
 2014-10-01 23:34:31 -05:00
Joe Vennix
b1b8cba4c5
Rescue an IOError on channel double-close. 
This was causing output from python meterpreter
commands run on OSX to be discarded when the error
was raised, making cmd_exec not-so-useful.
 2014-10-01 22:35:41 -05:00
James Lee
5cb016c1b1
Use Match constant in BES as well 2014-10-01 16:17:13 -05:00
James Lee
a75d47aad9
Use yardoc for new methods 
Also substitute '&&' for 'and', and fix some whitespace
 2014-10-01 16:02:33 -05:00
William Vu
909ac522d1
Add metasploit-park.txt banner to msfconsole 
Obviously a homage to Jurassic Park. :)
 2014-09-30 16:28:23 -05:00
sinn3r
1e2d860ae1 Fix #3914 - Inconsistent unicode names 2014-09-30 12:19:27 -05:00
sinn3r
7163b8c55a Fixes #3915 - NoMethodError private method `rhost' 
There's no self.rhost, but rhost is defined
 2014-09-30 11:34:16 -05:00
sinn3r
9e5826c4eb
Land #3844 - Add the JSObfu mixin to Firefox exploits 2014-09-29 11:15:14 -05:00
HD Moore
8fa666b75d Verbose messages on why a connection is closed 2014-09-28 17:41:21 -07:00
Meatballs
d5959d6bd6
Land #2585, Refactor Bypassuac with Runas Mixin 2014-09-28 09:24:22 +01:00
Meatballs
e14dd9900b
Land #3896, Change Max LOGLEVEL to 3 2014-09-28 09:18:29 +01:00
Meatballs
67c25c20ca
Land #3357, Run Local Exploits in AutoRunScript 2014-09-28 09:12:26 +01:00
Meatballs
3fc57109e6 Dont rescue Exception 2014-09-28 09:12:03 +01:00
sinn3r
ae82ebc734 Change max LogLevel to 3 
There is no such thing as a LogLevel 5.
 2014-09-26 14:20:47 -05:00
jvazquez-r7
e1f00a83bc Fix Rex because domainname and domain_name were duplicated 2014-09-26 13:40:52 -05:00
jvazquez-r7
a31b4ecad9
Merge branch 'review_3893' into test_land_3893 2014-09-26 08:41:43 -05:00
James Lee
86f85a356d
Add DHCP server module for CVE-2014-6271 2014-09-26 01:24:42 -05:00
HD Moore
52ffddd639 Adds domain and url options to DHCP/PXE server, lands #3889 
There are serious style and code quality issues with this class and normally I would push for a full refactor, but given the urgency of delivering DHCP functionality to support the bash issues, we will have to refactor the DHCP Server code another day.
 2014-09-25 22:43:51 -05:00
Ramon de C Valle
bdac82bc7c Fix lib/msf/core/exploit/dhcp.rb 2014-09-25 22:18:26 -03:00
Ramon de C Valle
5dde73bb51 Add domain name and url options to DHCP server 2014-09-25 19:58:42 -03:00
Joe Vennix
2b02174999
Yank Android->jsobfu integration. Not really needed currently. 2014-09-25 16:00:37 -05:00
Joe Vennix
b96a7ed1d0
Install a global object in firefox payloads, bump jsobfu. 2014-09-24 16:05:00 -05:00
Joe Vennix
5d234c0e01
Pass #send in this so jsobfu is not confused. 2014-09-24 15:07:14 -05:00
Jon Hart
650b65250f Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master 2014-09-22 11:51:10 -07:00
Jon Hart
4e9f1282de
Land #3834, @jabra-'s updates to UDPscanner to support spoofing 2014-09-22 11:49:53 -07:00
Jon Hart
e86b18cdd4
Add sanity check for NUM_REQUESTS 2014-09-22 11:48:39 -07:00
jvazquez-r7
a677749f5b Add specs for #read_asciiz and fix bugs there 2014-09-22 12:14:21 -05:00
Luke Imhoff
f61afe2598
Merge branch 'master' into bug/MSP-11368/boot-profiling 
MSP-11368
 2014-09-22 10:00:07 -05:00
William Vu
ebacb26e51
Land #3838, msfvenom badchar fix 2014-09-22 03:08:57 -05:00
Joe Vennix
d9e6f2896f
Add the JSObfu mixin to a lot of places. 2014-09-21 23:45:59 -05:00
sinn3r
e1cfc74c32 Move jsobfu to a mixin 2014-09-21 00:39:04 -05:00
sinn3r
cd037466a6 upate doc 2014-09-20 23:40:47 -05:00
sinn3r
9191af6241 Update js_obfuscate 2014-09-20 23:38:35 -05:00
sinn3r
a9420befa4 Default to 0 2014-09-20 21:39:20 -05:00
sinn3r
046045c608 Chagne option description 2014-09-20 21:38:57 -05:00
sinn3r
fd5aee02d7 Update js_obfuscate 2014-09-20 21:36:17 -05:00
sinn3r
7bab825224 Last changes 2014-09-20 18:39:09 -05:00
sinn3r
135bed254d Update BrowserExploitServer for JSObfu 2014-09-20 17:59:36 -05:00
Joe Vennix
d9a713b415
Decode the badchars string correctly. 2014-09-20 17:48:03 -05:00
Josh Abraham
cd8b1318e0 send data based on input not @probe 2014-09-20 15:18:58 -04:00
Josh Abraham
3fb00ece9e refactored the code based on PR feedback 2014-09-20 14:10:00 -04:00
sinn3r
d52236fe05
Land #3835 - JSObfu to a gem 2014-09-20 01:38:45 -05:00
Joe Vennix
8e1b00ce95
Adds JSObfu.disabled for spec stubbing, fixes BES specs. 2014-09-19 20:42:05 -05:00
Joe Vennix
0f4be63903
Move JSObfu a gem then pull it into the Rex namespace. 2014-09-19 19:10:39 -05:00
Luke Imhoff
5884cbc196
Optimize skip logic in #update_all_module_details 
MSP-11368

Use `Hash<String, Set<String>>` instead of `Array<(String, String)>` so
that `include?` call is faster because (1) it's only search through
reference names of the same module_type and (2) `Set#include?` is faster
than `Array#include?`.  This change is a 8.20% average reduction in boot
time compare to b863978028, for a overall
reduction of 40.95% over b5c3c87790.
See statistics at
https://docs.google.com/spreadsheets/d/1TnZIUFIR1S5nCnkeM-7XR3AVSbyCl39x2mItJKJCOqg/edit?usp=sharing
and data at
https://drive.google.com/folderview?id=0Bx1hRHfpRW92VEFvQ2FaN3RoWWs&usp=drive_web
 2014-09-19 15:34:10 -05:00
jvazquez-r7
b16085baa6
Land #3244, @dmaloney-r7's fix for integer comparisions on metasm 2014-09-19 15:31:37 -05:00
Luke Imhoff
8b5a146067
Wrap Array#include? usage 
MSP-11368

Wrap skipped.include? call to confirm it is the culprit for
Array#include? inside of with_connection in profile.
 2014-09-19 14:38:12 -05:00
Josh Abraham
c216cf8c53 added spoofing capabilities to udp_scanner 2014-09-19 10:29:05 -04:00
Luke Imhoff
b863978028
Remove fastlib 
MSP-11368
MSP-11143

Remove fastlib as it slows down the code loading process.  From the
previous commit, the mean loading for
`METASPLOIT_FRAMEWORK_PROFILE=true msfconsole -q -x exit` was
27.9530±0.3485 seconds (N=10).  The mean after removal of fastlib
was 17.9820±0.6497 seconds (N=10).  This means an average 35.67%
reduction in boot time.
 2014-09-18 15:24:21 -05:00
David Maloney
5ff4a55cd2
smb connection error not setting result properly 
if the initial connection from the SMB LoginScanner fails
it wouldn't set the target information on the result. this could cause
smb_login to throw a stack trace when it calls invalidate_login
 2014-09-16 15:24:14 -05:00
David Maloney
e5aa5c4014
missing postgres rescues 2014-09-16 15:04:07 -05:00
sinn3r
169d04020d
Land #3571 - Add Wordpress XML-RPC Login Scanner (with LoginScanner) 2014-09-16 14:51:24 -05:00
Samuel Huckins
4c3c8e5337
Land #3795, various LoginScanners shored up 2014-09-16 13:55:26 -05:00
sinn3r
b028424152
Land #3752 - add "show missing" 2014-09-16 13:45:13 -05:00
David Maloney
aeed66b694
missing mysql rescue 2014-09-16 13:41:03 -05:00
David Maloney
d708de07a3
return the lgoinscanner class name in an invalid exception 
when a loginScanner throws an Invalid exception , the message
will now include the classname of the Scanner that threw it.
 2014-09-16 13:24:08 -05:00
David Maloney
6decd3cbd2
fix exceptions thrown in telnet loginscanner too 2014-09-16 10:09:59 -05:00
David Maloney
bf8f7221c7
rescue exceptions in check_setup 2014-09-15 13:52:17 -05:00
jvazquez-r7
7d4c4c3658
Land #3699, @dmaloney-r7's ipboard login refactor 2014-09-15 08:29:42 -05:00
HD Moore
6bd3675f03 Land #3680, add specs for Rex::MIME 2014-09-13 00:34:39 -05:00
HD Moore
6a2a85d2c4 Land #3789, adds specs for Rex::Proto::Http::Packet::Header 
orts
 2014-09-13 00:21:43 -05:00
jvazquez-r7
917a7ffa1e Add specs for valid IPBoard application 2014-09-12 16:08:03 -05:00
Cucumber
b80519dc16
Lands #3779, specs 
MSP-11343

Merge specs that I missed during last merge.
 2014-09-12 14:49:26 -05:00
James Lee
f68628c487 Add minimal specs for rex/proto/http/packet/header 2014-09-12 14:30:27 -05:00
sinn3r
12e3cb3c6a
Land #3764 - Add specs for Rex::Encoder::NonAlpha 2014-09-12 12:09:55 -05:00
William Vu
2977e8e102
Add msfcli (M)issing 2014-09-12 10:25:13 -05:00
William Vu
425874315c
Add show missing 2014-09-12 10:23:12 -05:00
jvazquez-r7
0d054d8354 Update with master changes 2014-09-12 09:52:32 -05:00
jvazquez-r7
b8d31891f8 Clean YARD documentation 2014-09-12 09:32:32 -05:00
Brandon Turner
ba848c963a
Fix rake when cucumber gem is not present 2014-09-11 22:31:57 -05:00
Joe Vennix
55519d8867
Land #3781, my addition of Metasploit::Concern to msf. 2014-09-11 16:57:24 -05:00
Luke Imhoff
706655f755
Land #3779, Glassfish LoginScanner exception 
MSP-11343
 2014-09-11 15:57:47 -05:00
Tod Beardsley
0ed7f19eb2
Land #3780, msfelfscan use correct offsets 2014-09-11 15:28:18 -05:00
Joe Vennix
8654b63c58
Make sure Metasploit::Concern is accessible everywhere. 2014-09-11 14:46:35 -05:00
David Maloney
0663355237
catch connectionreset in ftp login scanner 
add exception rescue for Errno::ECONNRESET
 2014-09-11 14:39:36 -05:00
Joe Vennix
37e6173d1f
Make Metasploit::Concern a first-class dep. 
Also adds a Concern hook to HttpServer, so Pro can more
easily change its behavior.
 2014-09-11 13:28:45 -05:00
James Lee
a8e3ff0c0f
Add specs to verify server header matching 2014-09-11 11:42:38 -05:00
James Lee
9151c2c79d
Add docstrings and avoid multiple returns 2014-09-11 10:50:42 -05:00
James Lee
20e48a233a
Explicitly set @version to nil if we can't detect 2014-09-11 10:30:52 -05:00
Cenk Kalpakoğlu
11004ab7c6 typo fix 2014-09-11 16:27:35 +03:00
Sascha Schirra
be0c68d8bb BUGFIX: wrong imagebase used 2014-09-11 12:33:09 +02:00
Sascha Schirra
88cacd000e flags for phdr.p_flags added 2014-09-11 12:31:44 +02:00
James Lee
8aa06b8605
Better api for check_setup 2014-09-10 23:43:54 -05:00
James Lee
c1658e5d51 Add a check_setup method 2014-09-10 20:09:46 -05:00
James Lee
84e4db9035 Don't raise in the middle 
MSP-11343

This means we don't bomb out with an unhandled exception, instead
continuing attempting logins against the host even though it will never
succeed. Next up: verify state before running scan!()
 2014-09-10 20:09:33 -05:00
sinn3r
65287e41cd
Land #3773 - Fix windows cmd redirection in firefox payloads 2014-09-10 13:25:42 -05:00
Joe Vennix
1bb6573570
Fix windows cmd redirection in ff payloads. 2014-09-10 00:47:05 -05:00
James Lee
99c9d5a578
Land #3683, cucumber tests for msfconsole 2014-09-09 21:28:45 -05:00
sinn3r
1b4ceec4f9
Land #3743 - Add specs for Rex::Arch::X86 2014-09-09 17:24:08 -05:00
sinn3r
0a6ce1f305
Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP 2014-09-09 17:21:03 -05:00
James Lee
b8000517cf
Land #3746, reinstate DB_ALL_CREDS 2014-09-08 17:24:12 -05:00
Tod Beardsley
b9c8eb70c4
Land #3675, update copyright on Rex 2014-09-08 16:05:41 -05:00
HD Moore
250b3d227c Fix the rex.rb header and copyright date 2014-09-08 15:32:13 -05:00
David Maloney
2ac15f2088
some fixes based on Christruncer's feedback 
fixed some stuff i borked, back to you chris
 2014-09-08 15:27:01 -05:00
David Maloney
cd3cdc5384
Merge branch 'master' into feature/ipboard-login-refactor 2014-09-08 14:48:37 -05:00
jvazquez-r7
11ca383d4f Add specs for .encode_byte 2014-09-08 14:24:03 -05:00
David Maloney
ef748fdef7
check if database is connected first 
wooops
 2014-09-08 12:54:19 -05:00
David Maloney
09e6c2f51f
Merge branch 'master' into feature/MSP-11162/db-all-creds 2014-09-08 12:52:25 -05:00
David Maloney
16502b831f Merge branch 'master' of github.com:rapid7/metasploit-framework 2014-09-08 12:45:52 -05:00
David Maloney
b84142715f
rescue mysql host blocked 
rbmysql can throw an exception if the
server blocked this host due to too many connection errors
 2014-09-08 12:45:10 -05:00
William Vu
ae5a8f449c
Land #3691, gdbserver hax 2014-09-08 11:48:39 -05:00
William Vu
5c1d95812c
Add verify_checksum and use it 
Also fixed a YARD typo.
 2014-09-08 02:19:21 -05:00
jvazquez-r7
10bb77af9f
Land #3716, @wchen-r7's Glassfish LoginScanner update 2014-09-07 21:54:34 -05:00
jvazquez-r7
768b50974f Redo try_glassfish_3 specs 2014-09-07 21:04:43 -05:00
jvazquez-r7
07238ef7b3 Redo try_glassfish_2 specs 2014-09-07 20:47:54 -05:00
HD Moore
af24e30ae9 Return instead of crashing if no challenge is received 2014-09-06 15:51:50 -05:00
sinn3r
6df7658267 Very small change to the doc 2014-09-06 01:54:52 -05:00
jvazquez-r7
78cf75c4d5 Clean YARD documentation 2014-09-06 00:24:39 -05:00
sinn3r
ce0e7b59f5 Remove WVE and BPS reference identifiers 
Reasons why they should be gone:

WVE:
* wirelessve.org is down.
* Not a single module uses WVE as a reference

BPS:
* "BreakingPoint" no longer exists
* The URL takes you to a login page to ixia. And there is no point
  of referencing something people can't see.
* Not a single module uses BPS as a reference.
 2014-09-05 13:28:10 -05:00
William Vu
b6e04599a7
Fix read_ack to read only the ACK 
It was reading the response, too. Also removed an extraneous send_ack.
 2014-09-05 12:30:59 -05:00
sinn3r
0dcf481d76 This one is good to go 2014-09-04 14:13:33 -05:00
David Maloney
093f488360
add db_all_cred methods to authbrute 
adds 3 methods to add db_all_creds functionality back to
the loginscanners
 2014-09-04 12:20:42 -05:00
David Maloney
28427ccee3
add VHOST and useragent support to loginscanner 2014-09-04 10:59:07 -05:00
HD Moore
4966082de5 Replace 'rescue nil' with DRY-violating versions :( 2014-09-03 23:06:11 -05:00
sinn3r
e1694ec3e5 LoginScanner update for hp_sys_mgmt_login 
Work in progress
 2014-09-03 16:23:57 -05:00
Joe Vennix
0e18d69aab
Add extended mode to prevent service from dying. 2014-09-03 16:07:27 -05:00
Joe Vennix
4293500a5e
Implement running exe in multi. 2014-09-03 15:56:21 -05:00
Joe Vennix
268d42cf07
Add PrependFork to payload options. 2014-09-03 14:56:22 -05:00
sinn3r
61e58dc6d3 Yard doc 2014-09-02 20:48:07 -05:00
sinn3r
954475c0bf Add rspec and update about secure admin 2014-09-02 20:35:25 -05:00
darkbushido
50e804d9cb
updating how we use cucumber to match lukes changes 2014-09-02 18:57:55 -05:00
jvazquez-r7
a1823b6c1e Add more specs for Rex::Arch::X86 2014-09-02 18:17:14 -05:00
HD Moore
85c5de07ec Fix use of datastore['SMBServerIdleTimeout'] 2014-09-02 13:47:01 -05:00
HD Moore
6fcc864942 Reduce the chance of file descriptor leaks in SMBServer 
This patch addresses three observed error conditions in long-running SMB services.

1. A call to get_once() in on_client_data could raise a Timeout exception and bubble all the way up to the dispatcher. This should technically never happen, but gets triggered for zero-byte writes and clients closing their connections. The fix was to handle the exception and lower the timeout. The change was tested with a number of SMB clients to make sure this didn't introduce any regressions.

2. A client could indefinitely keep a connection to the SMB server. The SMB server now disconnects idle clients after 120 seconds of inactivity (configurable).

3. A client could send a large amount of data that was invalid SMB traffic, using up memory as a potential DoS.

Caveats: The idle client sweep occurs every 100 requests or at an interval equal to the idle timeout. A client could fill up the entire connection table on its own, preventing the sweep from occurring by preventing new connections. Fixing this would require a dedicated thread to sweep for idle connections and is a more aggressive attack than this patch is designed to defend against (accidental connection flooding, basically).
 2014-09-02 13:29:37 -05:00
Kurt Grutzmacher
0ef71c70d3 s/services/creds 2014-08-31 09:54:49 -07:00
Kurt Grutzmacher
3bb370437c Returns csv output to creds command 
commit 82b2c1deae removed the -o option
from the creds command. This returns it to its former glory!
 2014-08-31 08:35:22 -07:00
jvazquez-r7
559ec4adfe Add module for ZDI-14-299 2014-08-31 01:11:46 -05:00
jvazquez-r7
e1b6ee283f Allow Msf::Payload::JSP to guess system shell path if it isnt provided 2014-08-30 16:27:02 -05:00
David Maloney
928aeffcba
add wordpress_rpc loginscanner and specs 2014-08-29 13:06:12 -05:00
Samuel Huckins
b4e3ce0fdc Merge branch 'master' of github.com:rapid7/metasploit-framework 2014-08-28 17:14:07 -05:00
Samuel Huckins
fa77caa819
Merge branch 'bug/MSP-11153/database-config-overrides' 
MSP-11153 #land
 2014-08-28 17:12:37 -05:00
James Lee
031445fee7
Check for nil resource files 
See #3719
 2014-08-28 16:27:33 -05:00
Luke Imhoff
20177c7c23
Restore backup database.yml when retesting after interrupt 
MSP-11153

Restore the config/database.yml backed up to
config/database.yml.cucumber.bak in the db:config:restore task, which is
made a dependency of the environment rake task so that
config/database.yml is restored before Rails tries to use it in the
environment task.  This specifically, allows for rake cucumber to be
interrupted when the config/database.yml has been moved to
config/database.yml.cucumber.bak and a subsequence rake cucumber to
succeed and restore config/database.yml, but any task that depends on
environment will restore the config/database.yml.
 2014-08-28 15:20:53 -05:00
Luke Imhoff
7a8d7a38d1
Remove debugging 'puts' 
MSP-11153
 2014-08-28 13:48:46 -05:00
sinn3r
f097ef96e0 Use && 2014-08-28 12:13:03 -05:00
sinn3r
d0d9949d91 Do SSL options correctly 2014-08-28 12:04:14 -05:00
Luke Imhoff
275fa5cb50
Remove unnecessary return 
MSP-11153

Leftover from earlier design.
 2014-08-27 16:58:45 -05:00
Luke Imhoff
83b6f268b4
Remove unnecessary realpath 
MSP-11153

Causes errors on machines that don't have ~/.msf4 like travis-ci.
 2014-08-27 16:58:05 -05:00
sinn3r
df215a380d Do not send 2 content-length headers 2014-08-27 16:05:08 -05:00
sinn3r
a32ffc4c26 Add the final portion for Glassfish login module 2014-08-27 15:09:11 -05:00
Luke Imhoff
2f48f7c48c
rails generate cucumber:install 
MSP-11153

Add cucumber-rails for testing msfconsole's loading of database.yml from
different paths.
 2014-08-27 14:10:04 -05:00
Luke Imhoff
951ce15b44
Move database.yml selection to Metasploit::Framework::Database 
MSP-11153

Test the following paths in order and only return them if the path
exists:

1. MSF_DATABASE_CONFIG environment variable
2. ~/.msf4/database.yml
3. <project>/config/database.yml
 2014-08-27 12:01:43 -05:00
sinn3r
5d8cbe0544 Early version of Glassfish using LoginScanner 2014-08-27 01:23:02 -05:00
Jon Hart
1f35c0ff1c
Merge #3713, @hmoore-r7's SIP cleanup of my SIP cleanup 2014-08-26 17:52:35 -07:00
Jon Hart
316a952e9c
Make SIP note, service and print output more similar 2014-08-26 17:47:31 -07:00
Tom Sellers
4a1b037af0 Remaining files.. 2014-08-26 18:15:58 -05:00
HD Moore
2d2606aeaf Update sip note format, small tweaks to output, service.info 2014-08-26 16:42:00 -05:00
HD Moore
ba1f7c3bf6 Land #3687, reworks the nat-pmp portscanner 2014-08-26 14:34:46 -05:00
HD Moore
3b8bbdf10c Merge master back in before landing #3545 2014-08-26 14:07:58 -05:00
HD Moore
4e19d9ade1 Land #3545, fix up sip scanners, msftidy, db services cmd 2014-08-26 14:07:21 -05:00
David Maloney
c42517a14a
missing exception rescue 
needed to also rescue Errno::ETIMEDOUT
 2014-08-26 13:58:34 -05:00
Jon Hart
e75e213b52
Clarify SIP mixin method name, store header values as string, etc 2014-08-26 11:40:49 -07:00
Jon Hart
677d7804ae Fix bad merge 2014-08-26 10:49:54 -07:00
Jon Hart
5ad090e833 Add unit test for and correct parsing of NAT-PMP port map responses 2014-08-26 10:49:53 -07:00
Jon Hart
162508f532 Update NAT-PMP modules to use new/updated mixins 2014-08-26 10:49:53 -07:00
Jon Hart
816404bb88 Move common NAT-PMP functionality into a central place 2014-08-26 10:49:53 -07:00
Jon Hart
32a14cfc43 Missed the file... 2014-08-26 10:49:53 -07:00
Jon Hart
ff7e0f3c19
Land #3705, xistence's UPNP SSDP M-SEARCH amplification scanner 2014-08-26 08:30:43 -07:00
Jon Hart
337cd02dd7
Change Auxiliary::DRDoS' prove_drdos to prove_amplification 2014-08-26 07:48:44 -07:00
Jon Hart
9749c78632
Add amplification multiplier for vulnerable proofs 2014-08-26 07:36:38 -07:00
Joshua Smith
b3e898736f
Land 3694, msfconsole.rc wasn't loading, add yard 2014-08-26 01:12:33 -05:00
Jon Hart
a41748e77e Correct SIP header note storage to align with Recog 2014-08-25 13:12:30 -07:00
Jon Hart
bfa89bb3a5 Enforce binary encoding on non-modules, no encoding on modules 2014-08-25 13:12:29 -07:00
Jon Hart
6185721a61 Address @hmoore-r7's feedback regarding binary encoding 2014-08-25 13:11:22 -07:00
Jon Hart
a4f623a955 Show port and protocol when printing service notes, not just name 2014-08-25 13:11:22 -07:00
Jon Hart
9955cb5b27 Enforce proper protocol case where necessary 2014-08-25 13:11:22 -07:00
Jon Hart
b760815c86 Also pull the Allow headers (previous behavior) 2014-08-25 13:11:21 -07:00
Jon Hart
637f86f37d Gut SIP UDP stuff, use Msf::Auxiliary::UDPScanner 2014-08-25 13:11:21 -07:00
Jon Hart
50d90defbc Use a correct default Accept header -- responses++ 2014-08-25 13:11:21 -07:00
Jon Hart
c2e70446ed Move SIP module stuff to Msf::Exploit::Remote::SIP 2014-08-25 13:11:21 -07:00
Jon Hart
fc67aed174 Correct style and doc issues, tidy failure message when not SIP 2014-08-25 13:11:21 -07:00
Jon Hart
e3753e3649 Refactor SIP response parsing for future improvements 2014-08-25 13:11:21 -07:00
Jon Hart
02e41c27e7 Split SIP response parsing out on its own, add unit tests. 
Passes rspec but fails in framework. WIP.
 2014-08-25 13:11:20 -07:00
Jon Hart
d4ea3e9f29 Pass protocol down to parse_reply for report_* purposes 2014-08-25 13:09:39 -07:00
Jon Hart
a2e2e37a69 Fix SIP options scanning 2014-08-25 13:09:39 -07:00
Joe Vennix
c4a173e943
Remove automatic target, couldn't figure out generic payloads. 2014-08-25 14:14:47 -05:00
David Maloney
32b1a5ea23
add ipboard loginscanner 
add loginscanner class for IPBoard with specs
this should replicate the functionality originally written
by Chris Truncer, but move it into a testable, reusable class
 2014-08-25 13:58:30 -05:00
William Vu
1ee83ff57e
Land #3696, pile of NTP DRDoS 0days 
Dr. DoS in da house?
 2014-08-25 11:47:28 -05:00
HD Moore
92ff0974b7 Add YARD option formatting 2014-08-25 01:45:59 -05:00
James Lee
19d6feca62
Fix regression where msfconsole.rc wasn't loading 
Also add some slightly better docs for the Driver class
 2014-08-24 15:10:41 -05:00
Joe Vennix
6313b29b7a
Add #arch method to Msf::EncodedPayload. 
This allows exploits with few one automatic target to support many
different architectures.
 2014-08-24 02:22:15 -05:00
Joe Vennix
1d3531d09d
Put include above constant defs. 2014-08-24 01:17:32 -05:00
Joe Vennix
4e63faea08
Get a shell from a loose gdbserver session. 2014-08-24 01:10:30 -05:00
jvazquez-r7
7ee5423310 Add specs for Msf::HTTP::JBoss::Base 2014-08-22 15:11:27 -05:00
jvazquez-r7
4742dbad91 Fix YARD documentation 2014-08-22 14:18:13 -05:00
jvazquez-r7
38e6576990 Update 2014-08-22 13:22:57 -05:00
Joe Vennix
95fbb8f1b7
Land PR #3672, dmaloney-r7's login scanner credential rework. 2014-08-22 11:15:32 -05:00
Brandon Turner
05f0d09828
Merge branch staging/electro-release into master 
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master.  Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63 and
82760bf5b3).

We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3).

This merge commit merges the staging/electro-release branch
(62b81d6814) into master
(48f0743d1b).  It ensures that any changes
committed to master since the original squashed merge are retained.

As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
 2014-08-22 10:50:38 -05:00
Brandon Turner
19ba7772f3
Revert "Various merge resolutions from master <- staging" 
This reverts commit 149c3ecc63.

Conflicts:
	lib/metasploit/framework/command/base.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/require.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/smb/smb_login.rb
	msfconsole
 2014-08-22 10:17:44 -05:00
David Maloney
48f0743d1b
remove crappy basedir method 
this method is no lopnger needed
 2014-08-20 15:28:36 -05:00
David Maloney
6bc55bf8cc
change is_apt method 2014-08-20 15:27:11 -05:00
David Maloney
b547f7fc75
fix msfbasedir for go_pro 
go_pro uses the wrong base director y for starting
up metasploit pro when using the go_pro command
this caused errors
 2014-08-20 15:22:18 -05:00
Jon Hart
8fd4ee87ab
Allow singular NTP version and mode 7 implementation testing 2014-08-20 12:21:39 -07:00
jvazquez-r7
9d007a8c63 Add @jlee-r7's feedback 2014-08-20 12:04:33 -05:00
James Lee
c3e8bc8fa0
Fix a crash when we can't connect to PG, again 2014-08-20 11:02:46 -05:00
James Lee
fa27def41f Revert "Fix a crash when we can't connect to PG" 
This reverts commit b6deb6a342.
 2014-08-20 11:01:29 -05:00
jvazquez-r7
9dcc95fb04 Fix Rex::MIME::Message#initialize boundaries parsing 2014-08-20 10:22:38 -05:00
jvazquez-r7
e8a6307df1 Fix Rex::MIME::Header#parse 2014-08-20 09:42:44 -05:00
dmaloney-r7
0c9dafff54 Merge pull request #3673 from jlee-r7/bug/MSP-11061/crash-without-postgres 
Fix a crash when we can't connect to PG
 2014-08-19 16:16:30 -05:00
James Lee
b6deb6a342
Fix a crash when we can't connect to PG 
MSP-11061

No Postgres, no cry
 2014-08-19 15:30:24 -05:00
sinn3r
311cc5befb
Land #3668 - Add specs for Rex::Exploitation::HeapLib 2014-08-19 13:14:24 -05:00
David Maloney
473b92a060
Merge branch 'master' into feature/MSP-10992/scanner-dry 
Conflicts:
	Gemfile.lock
	lib/metasploit/framework/command/console.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/credential.rb
	lib/metasploit/framework/credential_collection.rb
	lib/metasploit/framework/login_scanner/afp.rb
	lib/metasploit/framework/login_scanner/axis2.rb
	lib/metasploit/framework/login_scanner/db2.rb
	lib/metasploit/framework/login_scanner/ftp.rb
	lib/metasploit/framework/login_scanner/http.rb
	lib/metasploit/framework/login_scanner/mssql.rb
	lib/metasploit/framework/login_scanner/mysql.rb
	lib/metasploit/framework/login_scanner/pop3.rb
	lib/metasploit/framework/login_scanner/postgres.rb
	lib/metasploit/framework/login_scanner/result.rb
	lib/metasploit/framework/login_scanner/smb.rb
	lib/metasploit/framework/login_scanner/snmp.rb
	lib/metasploit/framework/login_scanner/ssh.rb
	lib/metasploit/framework/login_scanner/telnet.rb
	lib/metasploit/framework/login_scanner/vnc.rb
	lib/metasploit/framework/parsed_options/console.rb
	lib/metasploit/framework/require.rb
	lib/metasploit/framework/version.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/afp/afp_login.rb
	modules/auxiliary/scanner/db2/db2_auth.rb
	modules/auxiliary/scanner/ftp/ftp_login.rb
	modules/auxiliary/scanner/http/axis_login.rb
	modules/auxiliary/scanner/http/http_login.rb
	modules/auxiliary/scanner/http/tomcat_mgr_login.rb
	modules/auxiliary/scanner/mssql/mssql_login.rb
	modules/auxiliary/scanner/mysql/mysql_login.rb
	modules/auxiliary/scanner/pop3/pop3_login.rb
	modules/auxiliary/scanner/postgres/postgres_login.rb
	modules/auxiliary/scanner/snmp/snmp_login.rb
	modules/auxiliary/scanner/ssh/ssh_login.rb
	modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb
	modules/auxiliary/scanner/telnet/telnet_login.rb
	modules/auxiliary/scanner/vnc/vnc_login.rb
	modules/auxiliary/scanner/winrm/winrm_login.rb
	spec/lib/metasploit/framework/credential_spec.rb
	spec/lib/msf/core/framework_spec.rb
 2014-08-19 10:30:16 -05:00
OJ
e0df664656
Land #3653 : NETAPI x64 fixes 2014-08-19 11:40:43 +10:00
jvazquez-r7
f812d2619c Fix load_js when opts[:newobfu] and add specs 2014-08-18 13:50:19 -05:00
James Lee
b9e449f5e2
Fix crash when database.yml doesn't exist 2014-08-18 12:40:57 -05:00
Vincent Herbulot
fd40a68525 Added YARD documentation to lib/msf/http/jboss 2014-08-18 18:19:37 +02:00
HD Moore
5e123e024d Add 'coding: binary' to all msf/rex library files 
This fixes a huge number of hard-to-detect runtime bugs
that occur when a default utf-8 string from one of these
libraries is passed into a method expecting ascii-8bit
 2014-08-17 17:31:53 -05:00
HD Moore
6d92d701d7 Merge feature/recog into post-electro master for this PR 2014-08-16 01:19:08 -05:00
Samuel Huckins
82760bf5b3
Deprecation warnings hidden for non-listeners 2014-08-15 12:33:44 -05:00
Samuel Huckins
149c3ecc63
Various merge resolutions from master <- staging 
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
 2014-08-15 11:33:31 -05:00
Meatballs
8302e82ca1
Use x64 ptr sizes 2014-08-14 23:32:04 +01:00
Meatballs
256204f2af
Use correct pack/unpack specifier 2014-08-13 11:36:16 +01:00
David Maloney
84374fe92c
Merge branch 'staging/electro-release' into bug/MSP-11050/rails_root 2014-08-12 13:54:38 -05:00
David Maloney
12f1234296 always set our rails root to our root 
this works fine when calling any framework binaries
from their path as CWD. if you call tehm from another path
you will get an incorrect root which can cause certain things to load
incorrectly

Signed-off-by: David Maloney <DMaloney@rapid7.com>
 2014-08-12 13:53:28 -05:00
David Maloney
fcfce9efec
Merge branch 'staging/electro-release' into feature/MSP-10992/scanner-dry 2014-08-12 11:22:51 -05:00
Luke Imhoff
e051272a20
Fix typo 
MSP-11046

`ActiveSupport::OrderedOptions` automatically create an attribute for
any missing keys, so when `options.console.resource` was used it would
return `nil` instead of the erroring.  The correct option name was
`options.console.resources` (note the pluralization).
 2014-08-12 10:49:35 -05:00
Meatballs
351b687759
Land #3612, Windows Local Kernel exploits refactor 2014-08-10 22:05:06 +01:00
Meatballs
b277f588fb
Use railgun helper functions 2014-08-10 21:52:12 +01:00
joev
af3ca19ab2
Land #3501, @AnwarMohamed's android meterpreter commands. 2014-08-09 16:29:59 -05:00
joev
dbaa377aa1 Final-round of code tweaks. All commands working well. 2014-08-09 13:04:52 -05:00
Jon Hart
d6198c786d
Move rdoc for Msf::Auxiliary::DRDoS 2014-08-08 23:23:48 -07:00
Jon Hart
ddcaa11216
Add new mixin for helping to detect DRDoS vulns 2014-08-08 23:15:09 -07:00
Jon Hart
c48cf48d85
Return the NTP message, not the string 2014-08-08 21:39:48 -07:00
Jon Hart
ed3ccdc9e0
Initial commit of modules for NTP vulns described in R7-2014-12 
Not entirely functional or polished, but mostly working
 2014-08-08 21:00:43 -07:00
Jon Hart
73253b575a
Land #3626, @wchen-r7's storing of text loot as txt 2014-08-08 18:57:38 -07:00
sinn3r
93174a818b
Land #3628 - Add --ask option in msfconsole 2014-08-08 11:03:15 -05:00
Iquaba
b33d2b8583 Adds a newline for readability 2014-08-07 13:49:13 -05:00
Iquaba
6cea921478 Adds --ask option to prompt before exiting msfconsole 2014-08-07 13:44:46 -05:00
sinn3r
e432f3f442 Support all text-based ctypes 2014-08-07 11:10:32 -05:00
Christian Mehlmauer
d6e60453d6
Added Wordpress XMLRPC DoS 2014-08-07 11:38:44 +02:00
Luke Imhoff
1d430dbb45
Run migrations when connection already established in console 
MSP-10955

`Msf::Ui::Console::Driver#initialize` doesn't call
`framework.db.connect` if it can't find the the `database.yml`, but when
using `msfpro`, the connection is already established, so the console
doesn't need to know where the database file is and should just run the
migrations so that `framework.db.migrate` can be set and
`framework.db.active` will return `true`.
 2014-08-06 19:55:51 -05:00
Brandon Turner
91bb0b6e10 Metasploit Framework 4.9.3-2014072301 
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
 iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
 mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
 6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
 gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
 783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
 /lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
 BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
 zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
 yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
 W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
 aJ0QgKJz8thZgafZc89I
 =e1z9
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
 gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
 qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
 ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
 CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
 olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
 pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
 F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
 tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
 z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
 8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
 AjGcfOzhhcsY+WAQ7OG+
 =Pjob
 -----END PGP SIGNATURE-----

Merge tag '2014072301' into staging/electro-release

Conflicts:
	Gemfile.lock
	modules/post/windows/gather/credentials/gpp.rb

This removes the active flag in the gpp.rb module.  According to Lance,
the active flag is no longer used.
 2014-08-06 15:58:12 -05:00
Spencer McIntyre
2ed02c30a8 Use better variable names instad of an array 2014-08-05 21:34:36 -07:00
Spencer McIntyre
b602e47454 Implement improvements based on feedback 2014-08-05 21:24:37 -07:00
byt3bl33d3r
77bba6e4ee fixed msfcli with missing require 2014-08-05 09:38:33 +02:00
Luke Imhoff
9c29b78b9a
Add missing require 
MSP-10848

Not triggered on OSX development machines, only on Linux.
 2014-08-04 18:23:25 -05:00
sinn3r
7044dabea1
Land #3600 - GPP Junk Padding Fix 2014-08-04 16:21:57 -05:00
Samuel Huckins
8fe9ec098e
Date attrs set after creation in report import 
MSP-11021

* created_at and updated_at are protected against mass-assignment, so
these need to be set after for reports and report artifacts
 2014-08-04 14:02:59 -05:00
Spencer McIntyre
6543b08eb4 Support writing a copy of the original token 2014-08-04 11:49:00 -07:00
Spencer McIntyre
4b73ad6f40 Fix guessing the arch with modules specifying an array 2014-08-04 11:49:00 -07:00
Spencer McIntyre
893b9a6e99 Add an open_device function for wrapping CreateFileA 2014-08-04 11:49:00 -07:00
Spencer McIntyre
43a5120696 Cleanup the WindowsKernel mixin 2014-08-04 11:49:00 -07:00
Spencer McIntyre
49837a3ba6 Create a basic WindowsKernel exploit mixin 2014-08-04 11:49:00 -07:00
b00stfr3ak
88f23832e6 Added Time out 
For some reason the handler was closing before the command could
complete.  Added the time out from bypassuac and now both psh and exe
work perfectly.
 2014-08-02 14:29:42 -07:00
Tom Sellers
693e744da4 Hide icon flash on taskbar during cmd_psh_payload 
When 'cmd_psh_payload' is run via 'cmd_exec' on a windows shell that is running in the context of an interactive user an icon will flash very quickly on the user's task bar.  This can be avoided (verified) by adding the /b switch to the start section of the command launcher text.  I have verified that this switch exists from Windows 2000 through Windows 2012 R2.
 2014-08-02 15:52:52 -05:00
Tom Sellers
11515fc75c Update core.rb 2014-08-02 15:27:10 -05:00
Luke Imhoff
6603443df4
Add missing require 
MSP-10998
 2014-08-01 21:54:41 -05:00