adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
45,072 Commits 27 Branches 1,043 Tags
87b50e57cc91d3b433b8c4e2e48a2de4a581b2eb
Commit Graph

1969 Commits

Author SHA1 Message Date
Brendan Coles b4e305862a Land #10099, fix nil error in HttpTrace when HTTP response is nil 
Fix #10098
 2018-06-01 07:03:21 -07:00
Brent Cook 78c07b86c4 Land #9962, tab-complete target options 2018-05-17 08:16:31 -07:00
Brent Cook 76a47b81bc Land #9994, restore some SMB mixin aliases, add local definition 2018-05-09 17:48:53 -07:00
Brent Cook 78f546ce81 Land #9986, initial ruby_smb simple client integration 2018-05-09 17:48:52 -07:00
William Vu a74b2b5716 Land #9970, final update to Drupalgeddon 2 2018-05-04 09:40:31 -05:00
William Vu 935fa6414e Land #9968, second round of Drupalgeddon 2 updates 2018-05-04 09:38:34 -05:00
Jeffrey Martin 635f483b42 Land #9881, cleanup psexec code 2018-05-01 14:51:20 -07:00
William Vu 4e34413026 Land #9864, command stager debugging fix 2018-04-12 09:27:21 -07:00
William Vu c7d5d1f489 Land #9783, ARM WinRT support for ms17_010_psexec 2018-03-30 08:34:52 -07:00
William Vu c31a8ab687 Land #9618, pipe auditing improvements 2018-03-27 14:21:47 -05:00
William Vu fac7f3d5be Fix #9602, a little defensive programming 
Check for a nil message and unnecessary auth failures while looping.
 2018-02-26 18:08:37 -06:00
Brent Cook 826b986018 Land #9602, Create sessions with the Fortinet SSH backdoor scanner 2018-02-22 08:27:36 -08:00
Brent Cook a27b2bff3c Land #9443, Add warning to FileDropper for deleting CWD 2018-02-20 09:24:11 -06:00
William Vu 6c350be24e Land #9473, new MS17-010 aux and exploit modules 2018-02-02 11:32:40 -06:00
Brent Cook d6beb94c59 Land #6611, add native DNS to Rex, MSF mixin, sample modules 2018-01-24 17:12:52 -06:00
William Vu 4b225c30fd Land #9368, ye olde NIS ypserv map dumper 2018-01-10 22:02:36 -06:00
William Vu b1cecd4193 Bump TIMEOUT in Msf::Exploit::Remote::SunRPC 2018-01-10 20:36:35 -06:00
William Vu 1c1f3b161e Rescue XDR errors in Msf::Exploit::Remote::SunRPC 2018-01-10 20:11:30 -06:00
William Vu 461f1c12e6 Fix nil bug(s) by moving arrays to initialize 2018-01-06 02:31:16 -06:00
William Vu 14143c2b90 Fix missed file_dropper_win_path 2018-01-06 01:44:25 -06:00
William Vu 50f4ebb3b2 Add register_dirs_for_cleanup to FileDropper 2018-01-04 11:06:32 -06:00
William Vu caae33b417 Land #9170, Linux UDF for mysql_udf_payload 2017-12-21 20:48:24 -06:00
William Vu 8e4b007edc Move verify_arch to dcerpc_getarch 
We can use this code elsewhere, such as the MS17-010 scanner.
 2017-12-14 02:08:25 -06:00
William Vu 2565ad6a27 Handle IPv6 addresses in full_uri (add brackets) 2017-12-07 12:56:55 -06:00
William Vu 7b3bf85d03 Print the generated command stager for debugging 2017-11-28 16:00:28 -06:00
h00die 697031eb36 mysql UDF now multi 2017-11-03 05:26:05 -04:00
Brent Cook 90766ceceb remove more unusual raise RuntimeError patterns 2017-11-01 05:59:12 -05:00
Jeffrey Martin 386e14828a Land #8728, Psexec via PSH related fixes 2017-10-24 15:55:18 -05:00
Brent Cook 402e926151 Land #9081, Fix ftp.rb to get files larger than 16384 2017-10-23 22:11:36 -05:00
Brent Cook c6bc55a175 Land #9082, Fix ftp.rb so it closes all data sockets 2017-10-23 22:10:38 -05:00
RageLtMan a3912e4913 Provide disconnect option to send_request_cgi 
The HTTP client mixin provides a #send_request_cgi method which
forcibly disconnects the client after receiving a response. This
terminates certain types of resulting sessions which depend on the
connection from the client to maintain a subprocess housing the
shell invocation.

Provide a disconnect boolean option to #send_request_cgi which
is checked in the disconnect(c) call after receiving the response.

Testing:
  Locally tested on in-house exploit module written for disclosure
report.

TODO:
  Discuss possibility of implementing fully asynchronous methods
like #send_request_cgi_async which won't bother getting a response
for cases such as the module mentioned above which is a command
injection via unfiltered POST var.
 2017-10-19 21:22:31 -04:00
bigendiansmalls 1b306caf39 Fixed ftp.rb to get files larger than 16384 
Existing ftp.rb did get_once, which limits file
DL to 16384 (def_block_size). Change to get and
added one more timeout variable see:
http://www.rubydoc.info/gems/librex/Rex%2FIO%2FStream:def_block_size
and
http://www.rubydoc.info/gems/librex/Rex%2FIO%2FStream:get_once
and
http://www.rubydoc.info/gems/librex/Rex%2FIO%2FStream:get
 2017-10-13 12:41:11 -05:00
bigendiansmalls e5e9c7ccd6 Fixed ftp.rb so it closes all data sockets 
ftp.rb was doing a shutdown without a close on data
(not command) sockets.  This can cause CLOSE_WAIT
for extended periods in certain circumstances-ending
only when msf itself is closed.
 2017-10-13 10:09:43 -05:00
bwatters-r7 294230c455 Land #8509, add Winsxs bypass for UAC 2017-10-11 16:24:52 -05:00
William Vu 27876a91d3 Add prints and better checking to HTTP CmdStagers 
Admittedly, this code is more convoluted than it needs to be.
 2017-10-11 14:01:56 -05:00
bwatters-r7 7df18e378d Fix conflicts in PR 8509 by mergeing to master 2017-10-09 10:30:21 -05:00
james fde68acc0e Styling changes in wordpress helpers 
Changes based on rubocop output
 2017-09-02 22:26:04 -05:00
james fdf7149438 Add support for multi-site wp instances in wp_admin_shell_upload 
This change allows for redirects to be followed in wordpress_helper_get_plugin_upload_nonce
Redirect is from:
/wp-admin/plugin-install.php
to
/wp-admin/network/plugin-install.php
 2017-09-02 22:12:56 -05:00
Brent Cook 26193216d1 Land #8686, add 'download' and simplified URI request methods to http client mixin 
Updated PDF author metadata downloader to support the new methods.
 2017-08-14 01:40:17 -04:00
Brent Cook 5d05ca154a added http client 'download' method and updates to pdf author module from @bcoles 2017-08-14 01:08:53 -04:00
William Vu c9853a6bfe Land #8735, robots.txt for HttpServer 2017-07-24 18:26:41 -05:00
William Vu a950ecc345 Clean up style 2017-07-24 18:26:05 -05:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
Brent Cook 800cdcc866 Land #8737, better handle sudden disconnects with SMTP servers 2017-07-23 15:04:50 -07:00
Brent Cook df22e098ed Land #8695, Fix #8675, Add Cache-Control header, also meta tag for BAP2 2017-07-23 07:17:45 -07:00
RageLtMan e787d43344 Implement wrap_double_quotes in Msf PSH namespace 
This is the Msf side of Rex Powershell #7
 2017-07-22 02:40:15 -04:00
Jin Qian 0f31edfe39 Change tab into space to be standard compliant 
Thanks to Brent and Dave for pointing it out.
 2017-07-18 16:17:53 -05:00
Jin Qian 6385593148 Fix SE campaign exception. 
MS-2705, SE_campaign will crash when RCPT command got socket closure as a response. Thanks to Pearce for the triage.
 2017-07-18 14:30:44 -05:00
RageLtMan 33a06faadb Remove use_single_quotes option from Msf namespace 
Internally wrapped lines of powershell built by :cmd_psh_payload
in the Rex namespace require being able to place wrapping quotes
in different logical places for :generate_psh_command_line and
:run_hidden_psh methods. Using single quotes in the Arguments
parameter of the hidden PSH runner and double quotes after the
-Command flag maintains allows us to wrap the outer command in
double quotes, while properly ecaping and wrapping the arguments
parameter for PSH execution in single quotes.

This isn't ideal, in a perfect world we'd be escaping all nested
quotes and escape chars of any type valid for PSH. However, that
would require more manual testing than anyone has time for (now).
 2017-07-18 03:34:02 -04:00
Dave Farrow 378375c822 replaced devil tabs with spaces 2017-07-17 20:29:33 -07:00