github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-11-12 11:52:01 +01:00
Code Releases Activity
44,999 Commits 20 Branches 920 Tags 1.3 GiB
c642d420c2
Commit Graph

13768 Commits

Author SHA1 Message Date
Jeffrey Martin
66ca61f636
Merge released '4.x' 2017-12-28 17:15:29 -06:00
HD Moore
258ce2ceb2 Allow stub payloads to be autoselected when compatible 2017-12-28 16:19:22 -06:00
Brent Cook
c2bb144d0f
Land #9302, Implement ARD auth and add remote CVE-2017-13872 (iamroot) module 2017-12-28 14:11:26 -06:00
Metasploit
c681c7881d
Bump version of framework to 4.16.28 2017-12-28 10:03:39 -08:00
Brent Cook
6f1196d30c clarify what's happening when there is a connection failure 2017-12-27 22:32:08 -06:00
Jon Hart
bbed7db13c
Merge branch 'upstream-master' into feature/mqtt-login 2017-12-27 13:08:44 -08:00
Jeffrey Martin
8ea50572df
Land #9329, Add basic framework for interacting with MQTT 2017-12-27 14:59:34 -06:00
Tod Beardsley
e6de25d63b
Land #9316 Cambium modules and mixins, tx @juushya 
These cover several of the CVEs mentioned in

https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/
 2017-12-26 12:39:51 -06:00
juushya
8b0f2214b1 few more updates 2017-12-23 03:04:11 +05:30
juushya
038119d9df Use of get_cookies_parsed, changing dirs, marking deprecated in 2 mods, more 2017-12-23 00:14:27 +05:30
b0yd
0b6e41d65b Attempting to fix cached size errors. 2017-12-22 12:49:02 -05:00
b0yd
0f5ff6ead3 Added bytes to required size 2017-12-22 12:28:37 -05:00
b0yd
add26ca405 Cleaned up 2017-12-22 12:17:15 -05:00
Jon Hart
d4bc98c13f
Merge branch 'upstream-master' into feature/mqtt-login 2017-12-22 08:07:40 -08:00
William Vu
caae33b417
Land #9170, Linux UDF for mysql_udf_payload 2017-12-21 20:48:24 -06:00
Metasploit
909caa0425
Bump version of framework to 4.16.27 2017-12-21 13:27:52 -08:00
Brent Cook
9d8cb8a8d0 Merge branch '4.x' into upstream-master 2017-12-21 15:17:38 -06:00
b0yd
a7fbe71a93 Added socket bind port option for reverse tcp payload. 2017-12-21 14:10:41 -05:00
Metasploit
ee2f10efc5
Bump version of framework to 4.16.26 2017-12-21 10:04:38 -08:00
Jon Hart
becc05b4f1
Cleaner client_id handling 2017-12-21 06:57:33 -08:00
Jon Hart
157d973194
Merge branch 'feature/mqtt' into feature/mqtt-login 2017-12-20 19:13:34 -08:00
Jon Hart
82bdce683b
Remove to_s 2017-12-20 19:13:12 -08:00
Jon Hart
adca42f311
Merge branch 'feature/mqtt' into feature/mqtt-login 2017-12-20 19:11:52 -08:00
Jon Hart
b78f1105f7
Add missing port 2017-12-20 19:11:33 -08:00
Jon Hart
bedc276225
Merge branch 'feature/mqtt' into feature/mqtt-login 2017-12-20 19:09:51 -08:00
Jon Hart
ddb2566f3b
Remove duplicate options, set less suspicious client_id 2017-12-20 19:09:35 -08:00
Jon Hart
962bc71d10
Merge branch 'feature/mqtt' into feature/mqtt-login 2017-12-20 18:58:36 -08:00
Jon Hart
cf21d13b2e
Resolve conflict 2017-12-20 18:58:16 -08:00
William Vu
1975713a92
Land #9333, get_cookies_parsed using CGI::Cookie 2017-12-20 20:08:33 -06:00
Jon Hart
d0b3abc14b
Better handling of MQTT endpoints which don't require authentication 
Arguably this is working around LoginScanner's inability to provide
blank usernames AND passwords
 2017-12-20 18:02:52 -08:00
Jon Hart
2e62d77e36
Add new method for fetching parsed cookies from an HTTP response 
This fixed #9332.
 2017-12-20 16:19:44 -08:00
Brent Cook
3b78302868
Land #9327, restore transport enum used in TLVs 2017-12-20 16:11:04 -06:00
Brent Cook
5fe9dba4dd
Land #9296, add iOS meterpreter support 2017-12-20 16:09:41 -06:00
Jon Hart
7723933fa9
Merge branch 'feature/mqtt' into feature/mqtt-login 2017-12-20 13:42:16 -08:00
Jon Hart
741d08f604
Style cleanup 2017-12-20 13:33:47 -08:00
Jeffrey Martin
8cd7185a7f
Land #9313, Add DirectAdmin login_scanner module 2017-12-20 15:23:24 -06:00
Jeffrey Martin
7f8a5d3834
improved credential reporting 2017-12-20 15:09:11 -06:00
Jon Hart
ac1daaf10e
Fix rubocop warning 2017-12-20 12:41:44 -08:00
Jon Hart
b4262662dc
Add missing mqtt login helper 2017-12-20 12:33:49 -08:00
Jon Hart
f15309bc48
Add basic framework for interacting with MQTT 2017-12-20 12:28:02 -08:00
Jeffrey Martin
9719ede3f0
restore transport enum used in TLVs 2017-12-20 13:12:24 -06:00
Matthew Kienow
31042d4171
Land #9324, AutoRunScript with resource scripts 2017-12-20 13:52:53 -05:00
Brent Cook
210f137b7b Merge branch 'upstream-master' into land-9296- 2017-12-20 12:07:53 -06:00
Brent Cook
3339c3b74d remove magic, because it causes complications with complex RC scripts 2017-12-20 11:49:42 -06:00
Brent Cook
0c867d92fd fix incorrect regex 2017-12-20 11:46:14 -06:00
Brent Cook
32c486023c
Land #9308, Ensure tab completion in HWBridge sessions works 2017-12-20 11:29:11 -06:00
Brent Cook
64d346f2e8
Land #9326, fix clipboard typo 2017-12-20 11:17:32 -06:00
Puru
bfa0cad8a5
Fix clipboard typo 2017-12-20 20:49:36 +05:45
Brent Cook
2629ec6bdb infer whether the user supplied a Meterpreter or resource script 2017-12-20 06:43:20 -06:00
Brent Cook
5ecc45a0d1 nicely handle exceptions when processing scripts, tell the user about them 
Let's help the user by saying what's going on.
 2017-12-20 06:42:50 -06:00
Brent Cook
05c6079e0d remove unused 'active_resource' accessor 2017-12-20 06:15:09 -06:00
Tim
15da7c699d Fix #7779, fix multi/meterpreter/reverse_http with web_delivery 2017-12-20 16:32:07 +08:00
Brent Cook
6b216f2a20
Land #9290, Fix OverrideLHOST/LPORT with http/s Meterpreter payloads 2017-12-20 00:26:06 -06:00
Jeffrey Martin
fe4c701016 Merge released '4.x' 2017-12-19 14:14:22 -06:00
Metasploit
66b1a555a1
Bump version of framework to 4.16.25 2017-12-18 16:33:25 -08:00
Tod Beardsley
72d3592b9c
New requires for Cambium mixins 2017-12-18 16:38:18 -06:00
Tod Beardsley
27a324237b
Initial commit for Cambium issues from @juushya 
Note, these will trigger a bunch of WARNING msftidy messages for setting
cookies directly. This is on purpose.
 2017-12-18 16:32:55 -06:00
Nick Marcoccio
be2a3ca270 edited sid comment 2017-12-18 08:18:02 -05:00
Nick Marcoccio
f447fa1a12 Added DirectAdmin Login Utillity 2017-12-17 22:43:37 -05:00
Brent Cook
90b97d6581 Merge branch 'upstream-master' into land-9151- 2017-12-15 14:15:14 -06:00
Pearce Barry
084dc4470d
Ensure tab completion in HWBridge sessions works as expected. 2017-12-15 12:19:26 -06:00
William Vu
0a1eea9860 Allow local_editor in cmd_edit to take arguments 
Such as vim -i NONE. This may allow command injection via arguments.
However, you can already start an arbitrary program by setting
LocalEditor or escaping the editor.

msf > setg LocalEditor /bin/sh
LocalEditor => /bin/sh
msf > edit -i
[*] Launching /bin/sh -i
$
 2017-12-14 19:51:57 -06:00
William Webb
234ef5627e
Land #9299, Add arch to MS17-010 detection 2017-12-14 12:20:56 -08:00
jgor
b99f044de5 Implement VNC security type 30 (Apple Remote Desktop) authentication 2017-12-14 13:57:38 -06:00
Metasploit
be4f9236f2
Bump version of framework to 4.16.24 2017-12-14 10:08:05 -08:00
bwatters-r7
9ea7747a5c
Land #9233, Fix #9232 corruption of non-latin characters in W methods 
Merge branch 'land-9233' into upstream-master
 2017-12-14 11:54:36 -06:00
William Vu
8e4b007edc Move verify_arch to dcerpc_getarch 
We can use this code elsewhere, such as the MS17-010 scanner.
 2017-12-14 02:08:25 -06:00
Tim
c4e20e01e3 iOS meterpreter 2017-12-12 23:23:21 +08:00
Brent Cook
f7dfba6bae deduplicate code from python meterpreter 2017-12-12 03:12:36 -06:00
Brent Cook
b7c231bb93 further normalize transport config 2017-12-12 03:12:36 -06:00
Brent Cook
bb5ea540ab fix a number of TODO's in the HTTP handler, remove duplication in handlers 2017-12-12 03:12:36 -06:00
Brent Cook
528a423fc0 fix python override scheme 2017-12-12 03:12:36 -06:00
Brent Cook
f49006222c remove unneeded uri 2017-12-12 03:12:36 -06:00
Brent Cook
8e76c4cb4f handle override at the meterpreter config layer 2017-12-12 03:12:36 -06:00
Brent Cook
636b93b026 minor simplification 2017-12-12 03:12:36 -06:00
Brent Cook
017374be71 pass lhost/lport back into generate_stage with reverse_http/s 2017-12-12 03:12:36 -06:00
Brent Cook
1653e31f71 Merge branch 'upstream-master' into land-9126- 2017-12-11 03:57:00 -06:00
Metasploit
348cbe54b6
Bump version of framework to 4.16.23 2017-12-08 10:01:55 -08:00
Pearce Barry
7aef0f249e
Per MS-2916, load Mettle extensions via new API. 2017-12-07 20:40:22 -06:00
William Vu
2565ad6a27 Handle IPv6 addresses in full_uri (add brackets) 2017-12-07 12:56:55 -06:00
Brent Cook
c15f379343 remove some unneeded backward-compat code 2017-12-04 22:27:21 -06:00
William Vu
19b37c7070
Land #9263, drb_remote_codeexec fixes 
See pull requests #7531 and #7749 for hysterical raisins.
 2017-12-04 18:45:03 -06:00
Metasploit
fd1681edd9
Bump version of framework to 4.16.22 2017-12-01 10:04:07 -08:00
Brent Cook
09dd5b8489 fix check command to not require an rport _method_ 2017-11-30 10:51:21 -06:00
Brent Cook
c848379ecb simply use refname in the prompt? 2017-11-29 20:52:14 -06:00
Brent Cook
e5a5d35ad8 add 'promptname' that expands the module path a bit more 
This allows the user to actually see the module context.
 2017-11-29 19:49:43 -06:00
Brent Cook
55f56a5350
Land #9110, added -C option to change default hosts columns 2017-11-29 17:48:44 -06:00
Brent Cook
0aeb245c9c
Land #9252, docker improvements 2017-11-29 17:15:47 -06:00
bwatters-r7
e8965767a0
Land 9207, Expose more uuid attributes 2017-11-29 16:25:05 -06:00
Metasploit
174d0d46de
Bump version of framework to 4.16.21 2017-11-29 10:45:55 -08:00
Brent Cook
70ec576d52 use correct session variable 2017-11-29 11:53:56 -06:00
Brent Cook
ec2b5d48a6 add missing payload uuid accessors 2017-11-29 11:49:41 -06:00
Brent Cook
446f3fa675 more conversions 2017-11-29 11:49:41 -06:00
Brent Cook
59446f3d96 change ui to use new settings 2017-11-29 11:49:41 -06:00
Brent Cook
8051f790d0 if there is info in the uuid_db, put it in payload_uuid automatically 2017-11-29 11:49:41 -06:00
Jeffrey Martin
e73ba0b3ca
Merge released '4.x' into master 2017-11-29 10:27:42 -06:00
Adam Cammack
3fff092042
Fix include scope in external module mixin 
The auxiliary report mixin overrides some of the methods in
Metasploit::Credential, which is fine in framework, but causes issues in
projects relying on the base behavior of Metasploit::Credential. This
changes the include scope from global to just whatever includes the
external module mixin.
 2017-11-28 21:41:52 -06:00
William Vu
f132c1572f
Fix #9194, clarified error for reloading modules 2017-11-28 17:15:56 -06:00
William Vu
7b3bf85d03 Print the generated command stager for debugging 2017-11-28 16:00:28 -06:00
Christian Mehlmauer
50351320d7
more docker work 2017-11-28 21:35:20 +01:00
William Vu
65412cd2f1
Land #9201, enhanced tab completion 2017-11-27 11:37:04 -06:00
Brent Cook
2c6cfabbc3
Land #8948, allow configuring payload HTTP headers for domain fronting 2017-11-25 10:08:22 -06:00
Brent Cook
8645a518b3 add mettle support for custom headers 2017-11-24 20:27:34 -06:00
Metasploit
c9da8f7a18
Bump version of framework to 4.16.20 2017-11-24 10:01:50 -08:00
Tim W
ce9d2aff2b more osx hacks 2017-11-22 17:25:49 +08:00
Tim W
0f2bfb70c0 hacky fix for osx 2017-11-22 13:07:42 +08:00
scriptjunkie
9a81cc70dd Fix corruption of non-latin characters in W methods 2017-11-21 20:58:38 -06:00
Brent Cook
81c6823b72 handle interrupt and unknown exceptions properly with external modules 2017-11-21 17:50:53 -06:00
Adam Cammack
19844fb6ed
Land #9227, Add slowloris denial of service 2017-11-21 15:42:39 -06:00
Tim
92190403cc use full target_path 2017-11-22 05:42:01 +08:00
Matthew Kienow
b6c81e6da0
Reimplement slowloris as external module 2017-11-21 16:21:01 -05:00
OJ
fea28a89a5 Fix TLV defs for http headers 2017-11-21 13:47:19 -06:00
Brent Cook
ea37196614 use cooler names c/o @timwr, make options easier to grep 2017-11-21 13:47:19 -06:00
Brent Cook
85acbadf01 more DRYing 2017-11-21 13:47:19 -06:00
Brent Cook
37ab771ca9 uri is not always defined, fix python stager generation 2017-11-21 13:47:19 -06:00
Brent Cook
2076db2d61 DRY up common stager and payload http and retry options 2017-11-21 13:47:19 -06:00
Brent Cook
1fd7f7c8bc prefix MeterpreterUserAgent and PayloadProxy* with Http for consistency, 
this also adds aliases where needed
 2017-11-21 13:47:19 -06:00
Tim
a5af21fa1a add http headers to Android/Java 2017-11-21 13:47:19 -06:00
OJ
ac79cc9f78 Fix up header string generation in transports 2017-11-21 13:47:18 -06:00
OJ
f6e9b12b43 Make sure stageless is supported 2017-11-21 13:47:18 -06:00
OJ
656babe9f4 Custom host header support in python meterp 2017-11-21 13:47:18 -06:00
OJ
a78d8f83fc Add HTTP header support for Host/Cookie/Referer 
This is to start the support for things like domain fronting.
 2017-11-21 13:47:18 -06:00
Brent Cook
a4e199a6dd
Land #9000, enhance module option registration 2017-11-21 12:09:21 -06:00
Brent Cook
c5cc013819 auto-detect SSL supported options 2017-11-21 08:30:42 -06:00
Brent Cook
967b459ff1 restore default enum is first value behavior 2017-11-21 08:30:42 -06:00
Brent Cook
6615c6efc7 tighten up corner cases with option validation 2017-11-21 08:30:42 -06:00
Brent Cook
6da66e885a fix enum default logic for bools that default to false 2017-11-21 08:30:42 -06:00
Brent Cook
d811a2a8c1 set good defaults 2017-11-21 02:52:05 -06:00
Brent Cook
65c58c3d55 set a good default, remove unused methods, speed up checks 2017-11-21 02:52:05 -06:00
Brent Cook
ffa6d74a23 remove historical cruft 2017-11-21 02:52:05 -06:00
Brent Cook
d3ee86dc5c update to new format 2017-11-21 02:52:05 -06:00
Brent Cook
249c08f597 usability improvements ith how base options are registered 
This adds named parameters for all of the current array-index based
options. It also allows specifying the description as the 2nd parameter,
allowing the 'required' parameter to be implicitly false (the most
common value).

A simple parameter like:

 OptAddress.new('ReverseListenerBindAddress',
   [false, 'The specific IP address to bind to on the local system']),

Can now be rewritten as:

 OptAddress.new('ReverseListenerBindAddress',
   'The specific IP address to bind to on the local system'),

More complex options are also now easier to read:

 OptString.new(
   'HttpUserAgent',
   'The user-agent that the payload should use',
   default: Rex::UserAgent.shortest,
   aliases: ['MeterpreterUserAgent']
 ),

This also makes dealing with enums easier because default is implicit
unless specified. This:

  OptEnum.new('PayloadProxyType',
    [true, 'The proxy type, HTTP or SOCKS', 'HTTP', ['HTTP', 'SOCKS']]),

Becomes:

  OptEnum.new('HttpProxyType',
    'The proxy type, HTTP or SOCKS', required: true, enums: ['HTTP', 'SOCKS'])

This maintains full backward compatibility with existing code as well.
 2017-11-21 02:52:05 -06:00
Adam Cammack
40a71af7ed
Add missing end 2017-11-20 17:50:59 -06:00
Adam Cammack
2fdc34c8fd
Add new template for DoS modules 2017-11-20 17:19:14 -06:00
Adam Cammack
dd57138423
Make external module read loop more robust 
Changes from a "hope we get at most one message at a time" model to
something beginning to resemble a state machine. Also logs error output
and fails the MSF module when the external module fails.
 2017-11-20 16:52:05 -06:00
Matthew Kienow
39f06a3995
Land #8807, template for external module servers 2017-11-20 17:34:37 -05:00
christopher lee
238aecf81c Integrated first round of feedback 2017-11-20 10:45:39 -06:00
christopher lee
621130d74b Added missing requires 2017-11-17 13:06:05 -06:00
christopher lee
a16cd5aade Clean up metadata store logic 2017-11-17 12:42:19 -06:00
Metasploit
602406a423
Bump version of framework to 4.16.19 2017-11-17 10:02:22 -08:00
christopher lee
0e642bd9cd Remove puts and fix bug 2017-11-16 12:59:14 -06:00
christopher lee
e89eb6e8b6 Fix first time startup timing bug 2017-11-16 12:50:31 -06:00
Metasploit
5cdd364590
Bump version of framework to 4.16.18 2017-11-15 19:46:12 -08:00
christopher lee
fe1af35107 First pass at changes needed for module metadata caching 2017-11-15 16:38:01 -06:00
Adam Cammack
f357efd97c
Land #9208, add AArch64 ELF to Msf::Util::Exe 2017-11-15 14:22:27 -06:00
Tim
4ec0faf35d fix aarch64 cmdstager 2017-11-15 16:47:17 +08:00
Jeffrey Martin
80b381cde9
Merge released '4.x' into master 2017-11-13 14:11:23 -06:00
Spencer McIntyre
bc691cbd00 Document the new tab completion functions 2017-11-11 17:17:48 -05:00
Spencer McIntyre
fb7635502d Tab completion for exploit and handler commands 2017-11-11 17:11:54 -05:00
Spencer McIntyre
68a43fef36 Add the new generic tab completion functoin 2017-11-11 16:47:11 -05:00