91ffeaa354
Clean up debugging, move options to one place and delete superflous file
...
change the uuid handing to prevent changes to it when it gets put in payloads
2019-07-18 15:44:20 -05:00
c0033987b0
Bump version of framework to 5.0.38
2019-07-18 10:04:30 -07:00
2ebc2c10aa
Maybe include the super pingback type in the payloads?
2019-07-17 14:13:42 -05:00
f2ed823516
First stab at filtering payloads that require cleanup
2019-07-17 13:23:20 -05:00
fd628583fe
crack module peer review
2019-07-15 19:57:39 -04:00
77c0dacba2
Restore unknown_command passthrough to the shell
...
This continues to prefer system over popen, but it restores the original
behavior of shelling out, allowing the use of shell metacharacters, etc.
2019-07-12 13:39:37 -05:00
a586fda620
Land #12031 , Msf::Exploit::Remote::Tcp#shutdown
2019-07-12 12:26:25 -05:00
a280d00612
Follow acammack's guidance for excluding filedropped exploits
...
usage of pingback payloads
2019-07-11 17:13:31 -05:00
60ffc3a954
Land #12085 , Fix is_payload_compatible? for nil payloads
2019-07-11 14:30:47 -05:00
502a26bcbd
Fix is_payload_compatible? for nil payloads
2019-07-11 14:00:24 -05:00
e6766c23a5
Bump version of framework to 5.0.37
2019-07-11 10:04:09 -07:00
18b8974761
Land #11969 , deprecate db_rebuild_cache command
2019-07-11 11:02:17 -05:00
b419ab018c
Gracefully handle passthrough commands
...
The `system` method handles input and output as appropriate, allowing
programs that need user input to execute properly without racing
msfconsole over STDIN
2019-07-10 17:40:49 -05:00
9274b1d259
Land #12024 , add gatherproof to ssh_login modules
2019-07-09 20:35:49 -04:00
b7df6c1272
juniper cisco local config eaters
2019-07-07 21:49:48 -04:00
c1c600cbe8
Bump version of framework to 5.0.36
2019-07-04 10:10:16 -07:00
4e11dcfee1
Fix import issue caused by missing wspace key
...
Modify import module to follow pattern used in other Msf::DBManager
import modules. Test module updated for method name changes.
2019-07-01 15:58:36 -04:00
82b583b2b5
Use symbolic args
2019-06-30 12:31:29 +10:00
b71fe69c16
Add shutdown method to Exploit::Remote::Tcp
2019-06-29 16:42:08 +00:00
45734408a6
remove reload_search since refresh_cache_from_module_files seems to not work as expected at runtime
2019-06-29 03:51:56 -05:00
a186396836
unlink the user store if it exists
2019-06-29 03:45:53 -05:00
4756a17dfa
remove update of the base module store
2019-06-29 03:37:54 -05:00
42c0a3b96a
deprecate the db_rebuild_cache command, add reload_search
...
For a while, Metasploit has not used the old database-backed module cache in favor of the lightweight JSON data store. This also means that the db_rebuild_cache command has been broken.
While the base module cache usually stays up to date, if you delete a module as a developer, there's currently no great way to make the search function forget about that module unless you rebuild the cache manually (a procedure mostly documented inside of an automated build job).
This moves the logic from that build job into the a new reload_search command, and deprecates the old one.
2019-06-29 03:36:39 -05:00
03d1c87eb6
Land #11976 , use special-case path for shell command with Android meterpreter
2019-06-29 03:23:27 -05:00
06f6b0294c
Land #12023 , repeat search by default
2019-06-29 03:16:03 -05:00
6ebe192674
check core.private before accessing jtr_format
2019-06-28 14:17:52 -05:00
b8165e825d
Make help syntax consistent
2019-06-28 14:01:28 -05:00
b39ed5eb02
Add period
2019-06-28 13:59:52 -05:00
3f187d4f0a
Update help
2019-06-28 13:58:14 -05:00
3c09aa47d7
Once more, with feeling
2019-06-28 13:54:14 -05:00
fd7f6b2d59
Refactor match/search_params placement
2019-06-28 13:44:24 -05:00
353428d10c
Prefer cached results when given no arguments
2019-06-28 13:24:40 -05:00
dd3db07b17
Correctly fixed json_to_mdm_object (thanks @mkienow-r7 for the catch)!
2019-06-28 12:53:04 -05:00
0a00f3851a
Land #12007 , true 0s timeout in send_request_*
2019-06-28 12:32:32 -05:00
4bf5e6c53f
Land #12014 , nil bug fix for HttpServer#get_uri
2019-06-28 12:32:19 -05:00
45c8c04834
Updated json_to_mdm_object() calls, removing third parameter
2019-06-28 10:18:00 -05:00
744a1dca75
Add the ability to display previous search results
2019-06-27 21:27:20 -05:00
0a10d41250
Add skip_gather_proof to LoginScanner::SSH
2019-06-27 21:00:29 -05:00
8d63d2bbf7
pingback: Removing seemingly unnecessary 'generate_raw' method
2019-06-27 16:02:00 -05:00
fcd77b1314
Bump version of framework to 5.0.35
2019-06-27 11:41:42 -07:00
58e36b6e51
Bump version of framework to 5.0.34
2019-06-27 10:04:44 -07:00
ac835e139e
Pingback: Addressed some comments and suggestions
2019-06-26 16:55:45 -05:00
9fe138e3dc
Remove misleading comment from dcerpc_getarch
...
I transferred my implementation. I don't understand this comment.
2019-06-26 02:40:16 -05:00
01b308fe7c
Fix get_resource nil bug in HttpServer#get_uri
2019-06-25 23:10:50 -05:00
d00d5fbff9
Address review comments by Hirura
...
@hirura noticed two bugs: a typo, and a mistake creating an empty
RequestHandler object since the underlying library already does
this when it does not have a RequestHandler assigned for the
request type.
Fix typo for #1
Remove the RequestHandler assignments in #2 and related opt merge.
Testing:
None yet
2019-06-25 18:27:57 -04:00
29d9f3ea28
Bump version of framework to 5.0.33
2019-06-25 13:08:28 -07:00
07cb5c5e10
Bump version of framework to 5.0.32
2019-06-25 12:57:14 -07:00
77395749da
s/infinite/indefinite/
2019-06-25 01:00:08 -05:00
b49fa29a7f
Allow true zero-second timeout in send_request_*
...
Also fixes a bogus response when timeout is nil.
2019-06-24 12:07:24 -05:00
d1eaac9932
Implement native reverse SSH via openssh binary
...
Implement a reverse SSH shell using nothing but the on-target SSH
client and a fifo in the same manner as used by netcat payloads.
This is not forensically sound as the fifo will be caught by HIDS,
filesystem snapshots, and other defensive measures. However, it
does provide a way out from almost any modern POSIX system as they
nearly all have an SSH client in one form or another.
Convert existing Ruby reverse SSH payloads to use dynamic cached
payload sizing.
2019-06-23 05:48:50 -04:00
bwatters-r7