5cdac38ac0
apache nifi h2 rce
2023-08-08 17:44:35 -04:00
765ff28ff9
Improve tab completion for set command.
...
Also minor improvement for tab completion with the `unset` command.
Fixes #18217 .
2023-08-06 18:32:27 -05:00
6dc7ba112e
Makes some adjustments to the favorites command
2023-08-04 15:33:35 +01:00
45c9ce86f4
Land #18231 , fix for issue #18219 , allow index selection for favorites
2023-08-04 15:08:37 +01:00
61a4974670
Update aws instance connect EC2_ID validation
2023-08-04 14:02:06 +01:00
6f7ebb3824
Land #18210 , Add Meterpreter sanity tests to CI
2023-08-04 13:24:39 +01:00
a543199ee3
Land #18220 , Add error handling when loading payloads
2023-08-04 12:07:39 +01:00
b1d6983fad
Land #18228 , Adds Rubocop rule to detect invalid pack/unpack directives
2023-08-04 11:20:18 +01:00
4ebf4fd52e
Bump version of framework to 6.3.29
2023-08-03 17:39:55 -05:00
61f70e09f6
detect invalid Pack/Unpack directives
2023-08-03 17:39:21 +01:00
d8dc189168
Add Meterpreter sanity tests to CI
2023-08-03 17:11:44 +01:00
39382c4652
Land #17600 , Add AWS Instance Connect Sessions
...
Implement AWS Instance Connect Sessions
2023-08-03 12:06:29 -04:00
5756241fb3
Land #18223 , Fix broken msfconsole histories when switching between shell sessions
2023-08-03 16:40:01 +01:00
034fcdde59
Drop the logic to filter repeated error messages
2023-08-03 10:51:58 -04:00
a643fa517a
Give better error messages when failing to load mettle extensions
2023-08-02 23:03:27 +01:00
9a40e2612b
Land #17129 , Add OSX Aarch64 Payload support
2023-08-02 18:37:56 +01:00
f0c853073e
Address most of @adfoster-r7's 202307 review
2023-08-01 15:04:58 -04:00
396029a58e
Fix connectivity issues
...
The connection needs to slowly send data to the remote end for
stability. Additionally, the `exit` command should be issued when
closing the connction so it is reset back to the logon prompt.
2023-08-01 15:04:32 -04:00
cd70044e36
Automatically login to the serial connection
2023-08-01 15:04:32 -04:00
1a3b579cd9
Cleanups and drop INSTANCE_PORT
2023-08-01 15:04:32 -04:00
2dd9524b2b
AWSSSM: hint at alternative command docs
2023-08-01 15:04:32 -04:00
f8c736589f
AWSIC: fix comm_string
2023-08-01 15:04:32 -04:00
dc1ca7aeff
Fix-up per @adfoster-r7
2023-08-01 15:04:32 -04:00
7290a61853
AWSIC: Address @adfoster-r7's comments
2023-08-01 15:04:32 -04:00
03f6bf1c84
AWSIC: Only try to get session once per handler
...
Import @smcintyre-r7's fix for multiple session attempts in SSM
2023-08-01 15:04:32 -04:00
69ae14ec62
AWSIC: payload uri cleanup
2023-08-01 15:04:32 -04:00
2352ce6740
Implement AWS Instance Connect Sessions
...
AWS EC2 Nitro instances (and possibly others) support serial proxy
over SSH using the Instance Connect API:
https://docs.amazonaws.cn/en_us/AWSEC2/latest/UserGuide/
connect-to-serial-console.html
This process consists of sending an SSH pubkey to the serial proxy
control plane, connecting to a well-known URL with the instance ID
and port number as username, and the SSH private key as credential.
The resulting session is a "fragile" SSH context which does not
tolerate Channel-closing, requiring some special handling in Msf to
safeguard the initial Net::SSH::CommandStream.
Implement a BindAwsInstanceConnect Handler which loads an SSH key
from the local FS or generates a new one on the fly, passes the
pubkey to the InstanceConnect API, and then establishes SSH comms
with the InstanceConnect SSH proxy.
Implement a AwsInstanceConnectBind to handle resulting connetions,
derived from SshCommandShellBind, with an updated #bootstrap which
avoids meddling with the fragile CommandStream/Channel.
Testing:
Got serial console to the ttyS0 login prompt of a Nitro EC2 VM.
Logged in using previously-known credentials.
Verified console operations.
Notes:
Handler keeps firing, same as the SSM session concern.
There is a limit to the number of sessions which an instance can
hold (possibly only one).
2023-08-01 15:04:03 -04:00
cd8cd0a52b
Land #18243 , Fix appscan import failure on empty proof
2023-08-01 15:10:06 +01:00
5f9d131cdd
Fix appscan import failure on empty proof
2023-08-01 14:31:48 +01:00
feb54c812c
Rather than use default options, deregister and reregister
2023-07-31 16:38:09 -05:00
6c367f39c8
Reset password list file descriptor for later use
2023-07-31 15:42:25 +01:00
9019b51eaa
Update AARCH64 Shellcode Generation
...
This updates the aarch64 payloads to include comments with the
corresponding instructions for each little-endian integer. It also fixes
the debug output for x64 payloads under rosetta.
2023-07-29 08:26:56 -07:00
ad1add1dc3
fix for issue #18219 , allow index selection for favorites
2023-07-28 16:13:51 +03:00
1390d50ca4
Bump version of framework to 6.3.28
2023-07-27 12:09:19 -05:00
449af8daa7
Fix broken msfconsole histories when switching between shell sessions
2023-07-27 16:12:57 +01:00
d9817e825e
Add error handling when loading payloads
2023-07-26 12:01:46 +01:00
39f24a305e
Change default command to certutil for Windows HTTP Fetch and default FETCH_SRVHOST to LHOST
2023-07-24 15:53:19 -05:00
49f2d1c3a9
Fix evasion windows syscall inject module crash
2023-07-24 16:15:51 +01:00
f287f50be7
Land #18187 , Fixes incorrect usage of pack/unpack directives
2023-07-21 11:40:02 +01:00
1af22cfd22
Land #18096 , Add initial proxies datastore support for kerberos workflows
2023-07-21 11:37:04 +01:00
08a2a293a9
Add proxies datastore support to kerberos
2023-07-21 11:19:50 +01:00
b4ec01de83
Bump version of framework to 6.3.27
2023-07-20 12:14:17 -05:00
8e0a909b18
Fixes incorrect usage of pack/unpack directives
2023-07-19 11:39:00 +01:00
7bebee0f42
Bump version of framework to 6.3.26
2023-07-13 12:13:12 -05:00
a0bdbce3c9
Bump version of framework to 6.3.25
2023-07-06 17:49:06 -05:00
bfcd5d0466
Add centralized Metasploit plugin documentation
2023-07-06 19:00:33 +01:00
2c2f855e20
working cookies for superset
2023-07-06 07:12:39 -04:00
00aa2e63a0
Land #18166 , Handle nil error when creating adapted payloads
2023-07-05 18:07:12 +01:00
d452f49f09
Handle nil error when creating adapted payloads
2023-07-05 17:28:05 +01:00
ae48236d07
Land #18122 , rocketmq version lib
2023-07-05 18:11:25 +02:00
h00die