See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.
This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
Brings in neinwechter's BAP fixes. Seems to not only be a more sane
strategy, but in practice, ends up with tons more shells for at least
MSIE which is what most people are using it for anyway.
[Closes#1612]
commit 6a3ad1d887
Author: James Lee <egypt@metasploit.com>
Date: Wed May 9 16:22:49 2012 -0600
Add register_command calls for md5 and sha1
commit dbd52c5a1e
Author: James Lee <egypt@metasploit.com>
Date: Wed May 9 16:22:09 2012 -0600
Read the file instead of downloading it
commit 55b84ad8e2
Author: James Lee <egypt@metasploit.com>
Date: Wed May 9 15:27:11 2012 -0600
Re-compile linux meterp to support the loadlib api
commit d112e84e49
Author: James Lee <egypt@metasploit.com>
Date: Wed May 9 14:50:25 2012 -0600
Re-compile java meterp to support the loadlib api
commit c137187b34
Author: James Lee <egypt@metasploit.com>
Date: Wed May 9 14:44:10 2012 -0600
Don't try to get interfaces if this session doesn't implement it
commit 88bba1e6c3
Author: James Lee <egypt@metasploit.com>
Date: Wed May 9 14:38:17 2012 -0600
Remove debugging load
commit 02954cbf93
Merge: d9ef25688b35a3
Author: James Lee <egypt@metasploit.com>
Date: Wed May 9 12:06:53 2012 -0600
Merge branch 'rapid7' into feature/4905
Conflicts:
data/meterpreter/ext_server_stdapi.php
modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb
commit d9ef2569b8
Author: James Lee <egypt@metasploit.com>
Date: Wed May 2 18:06:06 2012 -0600
PHP doesn't support rev2self
commit bf13ea0ff2
Author: James Lee <egypt@metasploit.com>
Date: Tue May 1 18:21:59 2012 -0600
Add php support for returning new extension commands
commit 7e35f2d671
Author: James Lee <egypt@metasploit.com>
Date: Tue May 1 16:03:26 2012 -0600
Reset CVE-2012-0507 back to master
Purges commits unrelated to this branch.
commit 86a77b3cd0
Author: James Lee <egypt@metasploit.com>
Date: Tue May 1 15:59:35 2012 -0600
Revert "Make building the jar for cve-2012-0507 a bit easier"
This reverts commit 27ef76522a.
Conflicts:
external/source/exploits/CVE-2012-0507/Makefile
external/source/exploits/CVE-2012-0507/src/msf/x/PayloadX.java
commit 8c259fb779
Merge: fe2c2731c03c2b
Author: James Lee <egypt@metasploit.com>
Date: Tue May 1 15:35:44 2012 -0600
Merge branch 'rapid7' into feature/4905
Conflicts:
data/meterpreter/ext_server_stdapi.jar
data/meterpreter/meterpreter.jar
external/source/meterpreter/java/src/meterpreter/com/metasploit/meterpreter/Meterpreter.java
modules/auxiliary/server/browser_autopwn.rb
commit fe2c273a6d
Merge: 8caff474e955e5
Author: James Lee <egypt@metasploit.com>
Date: Fri Apr 6 10:19:53 2012 -0600
Merge branch 'rapid7' into feature/4905
commit 8caff47d97
Author: James Lee <egypt@metasploit.com>
Date: Thu Apr 5 17:51:18 2012 -0600
Fix requires to find the test library
commit 51c33574ce
Author: James Lee <egypt@metasploit.com>
Date: Thu Apr 5 17:48:35 2012 -0600
Fix a load order problem with solaris post mods
commit 81b658362e
Merge: adad2cf6ef4257
Author: James Lee <egypt@metasploit.com>
Date: Thu Apr 5 15:43:19 2012 -0600
Merge branch 'master' into feature/4905
commit 6ef4257947
Merge: 70ab8c05852455
Author: James Lee <egypt@metasploit.com>
Date: Thu Apr 5 15:16:56 2012 -0600
Merge branch 'rapid7'
Conflicts:
lib/rex/exploitation/javascriptosdetect.rb
commit adad2cf04c
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 20:20:21 2012 -0600
Deal with null data/jar
Not sure why "" turns into null sometimes, but it was breaking shells;
this fixes it.
commit 4f8a437b49
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 18:10:59 2012 -0600
Prev commit moved these to src/a
commit 27ef76522a
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 18:08:32 2012 -0600
Make building the jar for cve-2012-0507 a bit easier
Mostly stolen from cve-2008-5353
commit db3dbad0a5
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 14:52:23 2012 -0600
Fix incorrect option name
commit 776976af31
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 28 15:36:20 2012 -0600
Add bap support to java_rhino
commit a611ab16e0
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 28 15:35:16 2012 -0600
Put next_exploit on the window object so it's always in scope
Solves some issues with Chrome not running more than one exploit
commit 5114d35de7
Author: James Lee <egypt@metasploit.com>
Date: Tue Mar 27 14:31:53 2012 -0600
Pull common stuff up out of the body
commit 748309465a
Author: James Lee <egypt@metasploit.com>
Date: Tue Mar 27 11:04:03 2012 -0600
Fix indentation level
commit 954d485e3b
Author: James Lee <egypt@metasploit.com>
Date: Tue Mar 27 11:02:42 2012 -0600
Abstract out copy-pasted methods
Need to do the same thing for OSX, but it's a different implementation.
commit cba8d7c911
Author: James Lee <egypt@metasploit.com>
Date: Fri Mar 23 18:04:50 2012 -0600
Linux doesn't implement (drop|steal)_token
commit 1cfda3a7b0
Author: James Lee <egypt@metasploit.com>
Date: Fri Mar 23 17:57:37 2012 -0600
Add availability checks for net, sys, ui, and webcam
commit 4bdf39a8bf
Author: James Lee <egypt@metasploit.com>
Date: Fri Mar 23 16:45:59 2012 -0600
add requirement checking for fs and core commands
commit 42e35971c9
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 21 17:20:59 2012 -0600
Add a to_octal method that converts e.g. "A" to \0101
commit c3b9415a0a
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 21 17:20:07 2012 -0600
Don't use "echo -n"
It's not portable
commit b0f3ceccfa
Author: James Lee <egypt@metasploit.com>
Date: Tue Mar 20 17:01:10 2012 -0600
Return a list of new commands after core_loadlib, java version
Thanks mihi for the patch and the awesome responsiveness!
commit d65303e1b6
Author: James Lee <egypt@metasploit.com>
Date: Tue Mar 20 13:21:06 2012 -0600
Make sure we have a response before doing stuff with it
commit 721001ead4
Author: James Lee <egypt@metasploit.com>
Date: Mon Mar 19 21:25:31 2012 -0600
Add missing rmdir and mkdir protocol commands to PHP
Now passes all the stdapi tests that it can
[*] Session type is meterpreter and platform is php/php
[+] should return a user id
[+] should return a sysinfo Hash
[-] FAILED: should return network interfaces
[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_interfaces: Operation failed: 1
[-] FAILED: should have an interface that matches session_host
[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_interfaces: Operation failed: 1
[-] FAILED: should return network routes
[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_routes: Operation failed: 1
[+] should return the proper directory separator
[+] should return the current working directory
[+] should list files in the current directory
[+] should stat a directory
[+] should create and remove a dir
[+] should change directories
[+] should create and remove files
[+] should upload a file
[-] Passed: 10; Failed: 3
commit 024e99167a
Author: James Lee <egypt@metasploit.com>
Date: Mon Mar 19 15:26:00 2012 -0600
Use a proper TLV type instead of a generic one
commit 1836d915cb
Author: James Lee <egypt@metasploit.com>
Date: Mon Mar 19 15:24:25 2012 -0600
Fix a counting error that caused segfaults (Linux)
commit 1e419d3fc3
Author: James Lee <egypt@metasploit.com>
Date: Mon Mar 19 15:06:02 2012 -0600
Return a list of new commands after core_loadlib
Gets Windows back in sync with Linux
commit 3d3959f720
Author: James Lee <egypt@metasploit.com>
Date: Mon Mar 19 14:50:55 2012 -0600
Refactor extensionList -> extension_commands
It's not the same as extension_list.
commit a7acb638af
Author: sinn3r <msfsinn3r@gmail.com>
Date: Sun Mar 18 00:07:27 2012 -0500
Massive whitespace cleanup
commit ef8b9fd5ce
Author: sinn3r <msfsinn3r@gmail.com>
Date: Sat Mar 17 16:00:20 2012 -0500
Add back enum_protections with some new changes
commit d778eec369
Author: ohdae <bindshell@live.com>
Date: Sat Mar 17 13:28:31 2012 -0400
Added fix for enum_protections
commit 64611819d4
Author: sinn3r <msfsinn3r@gmail.com>
Date: Sat Mar 17 03:14:26 2012 -0500
A bunch of fixes
commit bb1a0205d7
Author: sinn3r <msfsinn3r@gmail.com>
Date: Sat Mar 17 00:28:05 2012 -0500
The comments in get_chatlogs need an update
commit 666477e42a
Author: sinn3r <msfsinn3r@gmail.com>
Date: Sat Mar 17 00:25:41 2012 -0500
Correct license format
commit 3c8eecbcd7
Author: sinn3r <msfsinn3r@gmail.com>
Date: Sat Mar 17 00:22:03 2012 -0500
Add enum_adium.rb post module
commit d290cf4fef
Author: ohdae <bindshell@live.com>
Date: Fri Mar 16 16:54:36 2012 -0300
Changed store_note to store_loot. Fixed local/remote file retrieval
commit ccb830b594
Author: James Lee <egypt@metasploit.com>
Date: Fri Mar 16 11:29:07 2012 -0600
Fall back to MIB method if we can't get netmasks
Misses IPv6 addresses, but at least doesn't break everything.
[Fixes#6525]
commit a9a30232dd
Author: sinn3r <msfsinn3r@gmail.com>
Date: Fri Mar 16 11:49:31 2012 -0500
This module is not ready, yanked.
commit 6bb34f7fd0
Author: Gregory Man <man.gregory@gmail.com>
Date: Fri Mar 16 18:09:08 2012 +0200
sockso_traversal 1.8 compatibility fix
commit e76965ce56
Author: ohdae <bindshell@live.com>
Date: Fri Mar 16 09:17:35 2012 -0400
fix
commit 61ce7b587d
Author: ohdae <bindshell@live.com>
Date: Fri Mar 16 09:14:48 2012 -0400
saves each config to loot instead of notes
commit f4713974fa
Author: James Lee <egypt@metasploit.com>
Date: Fri Mar 16 03:46:10 2012 -0600
Check for a 0 prefix length
If the OnLinkPrefixLength is 0, something is wrong, try the value in the
prefix linked list. Appears to fix v4 addresses on XP but not 2k3.
[See #6525]
commit cde7fcc012
Author: James Lee <egypt@metasploit.com>
Date: Fri Mar 16 01:46:41 2012 -0600
Return network prefixes when available
Solves #6525 on Vista+. Win2k still works using the old MIB method
(which doesn't support ipv6). Win2k3 and XP are still busted for
unknown reasons.
commit 98bd9a7bd0
Author: ohdae <bindshell@live.com>
Date: Thu Mar 15 22:59:42 2012 -0400
Enumerate important and interesting configuration files
commit 9336df2ac2
Author: David Maloney <David_Maloney@rapid7.com>
Date: Thu Mar 15 19:06:48 2012 -0500
More Virtualisation SSL fixes
commit f24c378281
Author: David Maloney <David_Maloney@rapid7.com>
Date: Thu Mar 15 18:15:29 2012 -0500
Default SSL to true for esx_fingerprint module
commit d6e14c4212
Author: sinn3r <msfsinn3r@gmail.com>
Date: Thu Mar 15 15:56:24 2012 -0500
Fix typo
commit b24dcfe43e
Author: sinn3r <msfsinn3r@gmail.com>
Date: Thu Mar 15 15:55:54 2012 -0500
Add sockso dir traversal
commit 033052c1e0
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 15 14:31:25 2012 -0600
Fix syntax error in 1.8, thanks Jun Koi for the patch
commit 4529efaeaa
Author: sinn3r <msfsinn3r@gmail.com>
Date: Thu Mar 15 14:27:40 2012 -0500
enum_protections is now find_apps
commit 49e823802b
Author: sinn3r <msfsinn3r@gmail.com>
Date: Thu Mar 15 14:22:23 2012 -0500
File rename, as well as design and cosmetic changes
commit ccf6b01114
Author: ohdae <bindshell@live.com>
Date: Thu Mar 15 15:29:52 2012 -0300
added report_note, removed store_loot function, cleaned up info/author
commit 27d571932e
Author: ohdae <bindshell@live.com>
Date: Thu Mar 15 12:18:29 2012 -0300
fixed output newline issue
commit 5a828e35d1
Author: ohdae <bindshell@live.com>
Date: Thu Mar 15 01:05:35 2012 -0300
fixed save line
commit 805c2ee987
Author: ohdae <bindshell@live.com>
Date: Thu Mar 15 01:02:07 2012 -0300
removed unneeded comments
commit 5861e1512f
Author: ohdae <bindshell@live.com>
Date: Thu Mar 15 01:00:55 2012 -0300
fixed output issue
commit 593a364811
Author: ohdae <bindshell@live.com>
Date: Wed Mar 14 18:26:53 2012 -0300
removed unneeded dependency
commit 05053e6e74
Author: ohdae <bindshell@live.com>
Date: Wed Mar 14 13:30:16 2012 -0400
locates installed 3rd part av, fws, etc
commit 5bf512d0e9
Author: sinn3r <msfsinn3r@gmail.com>
Date: Wed Mar 14 16:50:54 2012 -0500
Add OSVDB-79863 NetDecision Directory Traversal
commit 18715d0367
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 14 23:03:01 2012 -0600
Store the retrieved commands on the session
commit b752cb8b31
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 14 22:45:16 2012 -0600
Retrieve the list of new commands
The client side doesn't do anything with them yet
commit 69ce8ef42d
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 14 22:41:16 2012 -0600
Return a list of the new commands in response to core_loadlib
Linux
commit 354c754aa4
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 14 15:13:45 2012 -0600
Whitespace at EOL
commit 4afcb4cb9d
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 14 14:30:09 2012 -0600
Create instance methods that return extensions
Before this change, meterpreter sessions would not #respond_to? their
extensions despite having a pseudo-accessor for them:
```
>> client.respond_to? :sys
=> false
>> client.sys
=> #<Rex::Post::Meterpreter::ObjectAliases:0x0000000e263488 @aliases={"config"=>#<Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Config:0x0000000e268dc8 @client=#<Session:meterpreter 192.168.99.1:55882 (192.168.99.1) "uid=1000, gid=1000, euid=1000, egid=1000, suid=1000, sgid=1000 @ wpad">>, "process"=>#<Class:0x0000000e268d20>, "registry"=>#<Class:0x0000000e266da0>, "eventlog"=>#<Class:0x0000000e2654e8>, "power"=>#<Class:0x0000000e263c30>}>
```
After:
```
>> client.respond_to? :sys
=> true
```
commit 70ab8c018f
Merge: a8a39385f2bace
Author: James Lee <egypt@metasploit.com>
Date: Tue Apr 3 11:46:25 2012 -0600
Merge branch 'master' into bap-refactor
Conflicts:
external/source/exploits/CVE-2012-0507/Help.java
external/source/exploits/CVE-2012-0507/Makefile
external/source/exploits/CVE-2012-0507/msf/x/Help.java
external/source/exploits/CVE-2012-0507/src/a/Exploit.java
external/source/exploits/CVE-2012-0507/src/a/Help.java
commit a8a3938915
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 20:20:21 2012 -0600
Deal with null data/jar
Not sure why "" turns into null sometimes, but it was breaking shells;
this fixes it.
commit 5e5eb39d3c
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 18:10:59 2012 -0600
Prev commit moved these to src/a
commit 5074eadbea
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 18:08:32 2012 -0600
Make building the jar for cve-2012-0507 a bit easier
Mostly stolen from cve-2008-5353
commit bdb3fbe7fd
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 14:52:23 2012 -0600
Fix incorrect option name
commit 78824ef600
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 13:24:33 2012 -0600
Add the detected browser version to the DOM
Doing it this way lets modules grab the info a bit more easily.
commit 9813ccb8d6
Merge: 0faa3f6b5fc8e4
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 13:19:05 2012 -0600
Merge branch 'master' into bap-refactor
commit 0faa3f6524
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 28 15:36:20 2012 -0600
Add bap support to java_rhino
commit 66ca27f994
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 28 15:35:16 2012 -0600
Put next_exploit on the window object so it's always in scope
Solves some issues with Chrome not running more than one exploit
commit 7fc2ca1a06
Merge: 325d306e48c47e
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 28 15:10:54 2012 -0600
Merge branch 'master' into bap-refactor
commit 325d306059
Author: James Lee <egypt@metasploit.com>
Date: Tue Mar 27 14:31:53 2012 -0600
Pull common stuff up out of the body
commit 4f2b3260bf
Author: James Lee <egypt@metasploit.com>
Date: Tue Mar 27 11:04:03 2012 -0600
Fix indentation level
commit 9b905c53b4
Author: James Lee <egypt@metasploit.com>
Date: Tue Mar 27 11:02:42 2012 -0600
Abstract out copy-pasted methods
Need to do the same thing for OSX, but it's a different implementation.
This allows us to maintain a connection between the client and the
operating system/host where it's running.
Also fixes a counting problem for modules actually started.
Allows editors to easily highlight correctly which makes editing a
little nicer. Also makes it easier to debug because line numbers are
only off by the length of the custom_js argument.
Brent Cook