adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

688 Commits

Author SHA1 Message Date
cgranleese-r7 d52220cccb Fixes the create session datastore option from appearing for payloads 2024-02-22 14:58:41 +00:00
Dean Welch 08872d0211 Add session type to info hash in the mixin 2024-02-14 15:37:11 +00:00
Dean Welch 0f319bdfb9 Extract SMB and PostgreSQL optional sessions into their own mixins 2024-02-14 15:37:11 +00:00
Dean Welch 1abaef4945 Move new session information alerts behind a feature flag 2024-01-30 16:38:00 +00:00
Dean Welch 9a2ec90c16 Add alert to show user the new session options available in Metasploit 6.4 2024-01-29 17:06:21 +00:00
Dean Welch cf24bca946 Add smb session support to smb_relay module 2023-12-12 11:59:07 +00:00
Dean Welch 152056b001 DRY up post mixin/optional session 2023-12-04 17:55:15 +00:00
Dean Welch cd8cc75cf3 Add smb session type 2023-12-04 17:55:11 +00:00
h00die cd183194fd fix related modules references 2023-09-15 16:40:22 -04:00
h00die 13e7f6cc27 fix related modules references 2023-09-15 16:35:55 -04:00
cgranleese-r7 8e0a909b18 Fixes incorrect usage of pack/unpack directives 2023-07-19 11:39:00 +01:00
Jeffrey Martin 3635ce9c03 update reference format for entry in rapid7.com 2023-07-10 16:54:42 -05:00
adfoster-r7 3a281234df Add feature flagged datastore rewrite, with support for option fallback lookups 2022-09-16 12:59:02 +01:00
adfoster-r7 3e66fc8f4e Fix crash in ms04-007-killbill 2022-07-10 00:07:26 +01:00
Spencer McIntyre 19a9ff1198 Update a couple of modules for the new SMB server 2022-05-16 14:39:45 -04:00
Spencer McIntyre b79b550d6c Centralize the log adapter 
This should eventually be updated to map the levels to the framework
logger and appropriate module-print_* function.
 2022-05-16 14:39:45 -04:00
Spencer McIntyre 475f6eee8c Capture hash when serving files over SMB 2022-05-16 14:39:44 -04:00
Spencer McIntyre dd5aee4956 Increase the size of psexec commands 2022-05-09 11:55:57 -04:00
Spencer McIntyre a4a9bc033a Fix building the SessionSetup request for MS17-010 
RubySMB commit 8035d9c2 broke the exploit's SessionSetup request.
 2022-04-12 10:45:17 -04:00
usiegl00 27c8210b27 Update smb_shadow module to fix rubocop errors 
Use msftidy to fix the rubocop errors.
 2022-04-06 07:12:46 +09:00
usiegl00 8495bff61c Merge master and update the smb_shadow module 
Add comments detailing the technique used to attack SMBv3. Remove some
comments that are no longer needed. Fix Gemfile.lock conflict.
 2022-04-06 07:06:45 +09:00
usiegl00 09ae52fecd Update smb_shadow and shadow_mitm_dispatcher 
Remove duplicated print_status messages. Use respond_to? instead of
methods.include?. Simplify payload generation. Fix naming for the rst
capture thread.
 2022-04-05 20:03:14 +09:00
usiegl00 7e010cbde2 Merge master and update smb_shadow + dispatcher 
The smb_shadow module can confirm the server smb version supported with
the ConfirmServerDialect option. The shadow_mitm_dispatcher closes each
stream before opening a new one to prevent leaking file descriptors.
 2022-04-02 10:39:02 +09:00
sjanusz bbf9e3163a Fix file reads on Windows for binary files 2022-03-21 12:47:39 +00:00
adfoster-r7 3b524360ed Explicitly specify server/client versions, fix logger crash, and specify jtr format 2022-03-09 01:37:22 +00:00
adfoster-r7 22f88f9ab7 Add docs 2022-03-08 23:52:24 +00:00
adfoster-r7 53772fa366 Gracefully handle relay host timeout, fix typos, and move SMBHashCapture location 2022-03-08 23:52:24 +00:00
adfoster-r7 bcb0850e07 Rename SMBHOST 2022-03-08 23:52:23 +00:00
adfoster-r7 144fc5eddf Add smarter targetlist support 2022-03-08 23:52:23 +00:00
adfoster-r7 25265c7a7b Linting 2022-03-08 23:52:23 +00:00
adfoster-r7 3e68e298a1 Add targets 2022-03-08 23:52:23 +00:00
adfoster-r7 e02021ee91 Fix database cred reporting and error handling 2022-03-08 23:52:23 +00:00
adfoster-r7 507b1dab2b Apply PR feedback 2022-03-08 23:52:22 +00:00
adfoster-r7 b4fe2502aa Update smb_relay to support smb 2 and smb3 2022-03-08 23:52:22 +00:00
usiegl00 6d94a316cf Add packet fragmentation to ShadowMitmDispatcher 
The ShadowMitmDispatcher now supports arbitrary size packets. The
ShadowMitmDispatcher now supports SMB3. The ShadowMitmDispatcher no
longer interferes with existing sessions.
 2022-02-18 17:05:37 +09:00
h00die d5ba1afbec fix URLs not resolving 
fix URLs not resolving

add csv export to references

fix URLs not resolving

pdf not pd

missed a url change

remove extra recirectedfrom fields

remove extra file

fix ovftool url accidental replacement
 2022-02-16 17:22:40 -06:00
usiegl00 72a0732009 Update ShadowMitmDispatcher to reduce ip lookups 
The ShadowMitmDispatcher must be initialized with an interface, mac, and
ip address as keyword arguments. This prevents dispatchers from
retrieving the same network configuration multiple times.
 2022-02-11 22:35:40 +09:00
usiegl00 8bf51dd1d8 Update smb_shadow and shadow_mitm_dispatcher 
The dispatcher no longer uses an override flag, Instead the smb_shadow
module explicitly sets the attributes.
 2022-01-31 14:49:18 +09:00
usiegl00 dbc8a70b7c Merge remote-tracking branch 'origin/master' into mitm_dispatcher 2022-01-28 10:24:50 +09:00
usiegl00 0259e586a9 Update smb_shadow module and rename MitmDispatcher 
The MitmDispatcher is now the ShadowMitmDispatcher to help prevent name
confusion. Updated the ShadowMitmDispatcher to use native rex lib calls
to decode binary fields.
 2022-01-28 08:39:07 +09:00
adfoster-r7 a17dfcc849 Rubocop smb relay module 2022-01-26 00:47:19 +00:00
usiegl00 5cc716fa0d Add MitmDispatcher to the smb_shadow module 
The MitmDispatcher reduces code repetition and enables the use of
standard RubySMB syntax. I have noticed increased power draw when using
the new dispatcher compared to the previous (less stateful) approach.
 2022-01-21 14:57:07 +09:00
Christophe De La Fuente a458961631 Move the cleanup instance variables to the begining of #exploit 2022-01-07 20:34:58 +01:00
Christophe De La Fuente 41ebb3aa29 Land #15903, SMB Shadow Module: Direct SMB Session Takeover 2022-01-07 16:57:17 +01:00
usiegl00 3051c5d9f5 Add mutex to cleanup in smb_shadow 
The mutex will prevent multiple calls to cleanup when the module is
stopped with Ctrl-C. Add a Notes section to the documentation which
describes arpspoof usage and such.
 2022-01-07 14:18:15 +09:00
usiegl00 cf6ab21467 Fix disabling of port 445 forwarding in smb_shadow 
Update the iptables invocation to use the FORWARD table, which filters
packets being routed through the device. Add check for STATUS_PENDING
response from the server while creating the service.
 2022-01-06 13:15:30 +09:00
usiegl00 204da6a0b4 Use packet filter anchor for pfctl in smb_shadow 
The packet filter anchor will prevent the flushing of previous packet
filter rules. Using an anchor also allows us to remove the rule, instead
of disabling the filter.
 2021-12-28 20:13:32 +09:00
usiegl00 609bf4be3c Update smb_shadow module to clean unnecessary code 
Remove the return statement after fail_with which will never be reached.
Add documentation for the module options. Reset the packet forwarding
settings during the module cleanup.
 2021-12-07 08:41:52 +09:00
usiegl00 260ea0725c Update smb_shadow module and docs for review 
Add mutex to module to prevent race condition. Add sleep to after arp
query to prevent arp cache restoration. Add DefangedMode to indicate
system network changes. Change module INTERFACE option to be explicit.
Remove unnecessary module payload parameters. Add module Notes.
 2021-12-03 14:33:40 +09:00
Brendan Coles a60c59c3af ms08_067_netapi: Add nine Windows 2003 SP2 targets for various locales 
* Windows 2003 SP2 Portuguese (NX)
* Windows 2003 SP2 Chinese - Simplified (NX)
* Windows 2003 SP2 Czech (NX)
* Windows 2003 SP2 Dutch (NX)
* Windows 2003 SP2 Hungarian (NX)
* Windows 2003 SP2 Italian (NX)
* Windows 2003 SP2 Russian (NX)
* Windows 2003 SP2 Swedish (NX)
* Windows 2003 SP2 Turkish (NX)
 2021-12-02 16:33:02 +00:00