adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
53,238 Commits 27 Branches 1,043 Tags
4125224af872292b50f6c94de6469b91bc6c6a9f
Commit Graph

225 Commits

Author SHA1 Message Date
Adam Cammack 969ad7aa8a Add Msf::Module::Alert for alerting users 2019-08-22 17:58:20 -05:00
Jeffrey Martin 2e06b4e93f Land #12126, Implement "set PAYLOAD" by index 2019-07-31 14:50:20 -05:00
bwatters-r7 05ffa6e4a0 More updates, optimizations, and style fixes 2019-07-29 16:29:32 -05:00
Brent Cook 463c147977 fix method check in metadata updates 2019-07-25 23:23:20 -05:00
bwatters-r7 7c2d214af2 Clean up debugging, move options to one place and delete superflous file 
change the uuid handing to prevent changes to it when it gets put in payloads
 2019-07-25 19:45:05 -05:00
bwatters-r7 310533f96c First stab at filtering payloads that require cleanup 2019-07-25 19:44:09 -05:00
bwatters-r7 80dbef20f2 Follow acammack's guidance for excluding filedropped exploits 
usage of pingback payloads
 2019-07-25 19:43:14 -05:00
asoto-r7 a12f9a5e4c Revert f162822 2019-07-25 19:43:14 -05:00
asoto-r7 53447462bd Remove a left-over 'pry' debugger invocation 2019-07-25 19:43:14 -05:00
asoto-r7 cb270cd57a WIP: Adding default pingback payload to parent check method 2019-07-25 19:42:50 -05:00
William Vu 40b040b3e6 Cache "show payloads" and set PAYLOAD by index 2019-07-24 20:15:12 -05:00
William Vu 29d6c270d4 Fix setting PAYLOAD clearing target DefaultOptions 2019-07-24 17:38:14 -05:00
William Vu 502a26bcbd Fix is_payload_compatible? for nil payloads 2019-07-11 14:00:24 -05:00
William Vu 6ea1e7aed2 Handle TypeError in case of nil 2019-05-13 17:32:54 -05:00
William Vu 249d3551ae Be good in other places 2019-05-13 17:15:31 -05:00
William Vu 9420b04dd9 Support generic payloads 2019-04-23 15:14:14 -05:00
William Vu e12b19a507 Enhance compatible_payloads to use module cache 2019-04-23 13:57:39 -05:00
Wei Chen c7efd57144 Sync up with master 2018-10-06 08:27:01 -05:00
Green-m 90b98a193c Refactor the rhosts for exploit modules. 2018-09-30 16:08:49 +08:00
Wei Chen 02ef565730 Update evasion_module_type branch 2018-09-24 08:20:32 -05:00
William Vu b3e9856851 Revert doc changes to exploit.rb autofilter 
I think the changes might have been accidental.

3cf4329335
 2018-09-13 13:27:52 -05:00
William Vu e2428b5c20 Fix target DisableNops not being passed to payload 2018-09-05 18:07:54 -05:00
Wei Chen 5c6b33bcf4 Add support for evasion targets, also module doc 2018-08-31 11:45:29 -05:00
William Vu 7e496ae067 Import target DefaultOptions into the datastore 2018-08-16 12:18:02 -05:00
William Vu e72b873f56 Fire off bind handlers when session_created? runs 
Also refactor because bind handlers don't use setup_handler.
 2018-07-12 10:45:59 -05:00
William Vu 8d135aec39 Implement first pass at deferred payload handling 
This is most useful for bind payloads, and I initially did just that,
but I've migrated the code to be more generic.
 2018-07-06 14:26:31 -05:00
Brent Cook 37f1e44a12 Land #10009, Add initial check support to external modules 2018-05-18 09:31:31 -05:00
Adam Cammack 147471fb79 Add constant for reverse check code lookup 2018-05-10 18:24:57 -05:00
William Vu 8881d32a45 Add target selection and tab completion by name 2018-05-03 21:03:05 -05:00
William Vu 1f5ece9c46 Fix target NOP generator not passed to payload 2018-04-20 17:12:55 -05:00
William Vu 33bde31eec Fix target encoder not being passed to payload 
Datastore functionality has been preserved as an override.
 2018-04-19 02:25:18 -05:00
Adam Cammack f1d426d257 Land #9833, Remove broken feature detection 2018-04-11 15:02:53 -05:00
Brent Cook 6fb6570f99 delete old feature detection code from exploit base 
This deletes some old code that apparently has been broken and somewhat unused for many years.

The 'derived_implementor?' method for modules relies on the debug output from Ruby in order to tell of a class implements a method, but the regex it used didn't work properly with any modern Ruby version until 2.5.x. This caused a random sleep to get inserted into certain payload staging operations, which actively breaks staging in certain scenarios (I'm not trying to address that here).

This also removes some ancient module feature detection code, which also is entirely unused today.
 2018-04-07 12:47:42 -05:00
William Vu 17ed88b766 Fix backgrounded aggressive exploits 
Any exploit that includes an aggressive stance is aggressive, regardless
of whether or not it has passive components.

This fix should prevent known-aggressive exploits from backgrounding.
 2018-04-05 18:34:36 -05:00
William Vu 333d57461a Check exploit stance for array as well as string 
An exploit can be both aggressive and passive.
 2018-01-08 13:52:04 -06:00
Brent Cook e414bdb876 don't try to guess intent for specified default targets, leave auto-auto targeting to unspecified modules 2017-05-11 15:19:11 -05:00
Brent Cook 0e3eba18b3 simplify guard logic 2017-02-17 16:00:15 -06:00
Brent Cook f4befda59b inherit the options from the default target so we can autocomplete before the rhost resolution occurs 2017-02-17 15:50:45 -06:00
Brent Cook 76529278b8 make sure we can actually invoke auto targeting before adding it 2017-01-30 05:24:57 -06:00
Brent Cook 7d32166c70 use a better check for whether rhosts exists 2017-01-29 19:18:23 -06:00
David Maloney d564f5d60a don't add auto targets to things without rhost 
Things like browser exploits don't have remote host options
which is what auto targeting relies on, so it does not make sense
to include the auto-targeting in these exploits

7837
 2017-01-17 11:40:07 -06:00
David Maloney 31d36d9112 if autotargeting fails fall back 
fallback to the original first target if auto-targeting fails
 2017-01-03 14:38:52 -06:00
David Maloney 5fd531028c ome minor guards and spec fixes 
some minor conditional guards and spec fixes
 2017-01-03 14:38:51 -06:00
David Maloney a61b92aa3e tweak target selection 
the target selection actually adjust the datastore
as if a user selected the target, this prevents
a mismatch between the target and the target index

MS-2325
 2017-01-03 14:38:51 -06:00
David Maloney 3d2957dff1 tying it all together 
insert our autotarget routine into
the main target selection process

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 44830dfc54 prefer authour's target over ours 
if the module authour added an automatic target
we skip our routine, to let the module's own automatic targeting
take over as it likely be better

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 4060e63b89 add tests for auto target addition 
tests to make sure we add auto targets only
in the appropriate conditions

MS-2325
 2017-01-03 14:38:49 -06:00
David Maloney 84d5e42e4f start gearing up for testing 
start getting auto-targeting test framework in place
so we can have unit tests for this behaviour

MS-2325
 2017-01-03 14:38:45 -06:00
David Maloney 769d477e97 if no automatic target defined, add one 
if an exploit does not have a defined automatic target
then we add one in for our fallback auto-targeting

MS-2325
 2017-01-03 13:54:34 -06:00
William Vu f95136ce67 Prefer && over and 2016-12-21 00:16:33 -06:00