adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

12939 Commits

Author SHA1 Message Date
Metasploit a0ebf5ea2d Bump version of framework to 4.12.31 2016-10-06 11:23:08 -07:00
dmohanty-r7 55597d7370 Land #7394, Gemify rex/exploitation and associated data files into rex-exploitation 2016-10-05 10:55:21 -05:00
David Maloney 2be551cbd3 remove leftover cruft 
some files that got left behind in previous
gemifications that should have been removed
 2016-10-05 09:05:27 -05:00
David Maloney 52f6265d2e use the new rex-exploitation gem 
use the new rex-exploitation gem instead of the packaged in lbirary code
cleans up a huge ammount of space in framework

MS-1709
 2016-10-05 09:05:27 -05:00
William Vu a89607bbdb Prefer keyword argument 2016-10-04 23:14:14 -05:00
Brent Cook b7ea465855 refresh sysinfo when explicitly requested on a session 2016-10-04 22:06:06 -05:00
David Maloney af4f3e7a0d use templates from the gem for psh 
use the templates now contained within the magical
gem of rex-powershell

7309
MS-2106
 2016-10-04 14:14:25 -05:00
OJ a4efa77878 Support driver list, adjust capcom exploit 
This commit adds MSF-side support for listing currently loaded drivers
on the machine that Meterpreter is running on. It doesn't add a UI-level
command at this point, as I didn't see the need for it. It is, however,
possible to enumerate drivers on the target using the client API.

Also, the capcom exploit is updated so that it no longer checks for the
existence of the capcom.sys file in a fixed location on disk. Instead,
it enumerates the currently loaded drivers using the new driver listing
function, and if found it checks to make sure the MD5 of the target file
is the same as the one that is expected. The has is used instead of file
version information because the capcom driver doesn't have any version
information in it.
 2016-10-04 11:27:20 +10:00
OJ 3469104f7a Add localtime command support 2016-10-03 15:18:37 +10:00
William Vu 039357a714 Land #7387, checksum command for Meterpreter 2016-10-02 21:35:34 -05:00
Brent Cook 63d13f0f49 check if there is a stance set before checking the value 2016-10-02 19:48:49 -05:00
Spencer McIntyre 8e09b172f6 Add a meterpreter checksum command 2016-10-01 14:29:35 -04:00
Metasploit 73c11a63b4 Bump version of framework to 4.12.30 2016-09-30 10:03:42 -07:00
Tim e628fab86e Land #7378, run zipalign during apk injection process 2016-09-30 12:27:27 +08:00
Brent Cook 6241e48b34 Land #7350, add 'sess' command for direct session switching support 2016-09-29 23:18:53 -05:00
Brent Cook 49ed02a203 fix packet parsing when there is partial data 2016-09-29 17:21:59 -05:00
RageLtMan 4fdb54e6a1 Fixup transport to work with upstream 
Differences in transport configuration and the actual payload do
not allow a direct splice of the original files included.

Clean up the payload generator to work with upstream handler,
payload, and transport configuration implementation.

Initial testing shows inbound sessions are created and SSL cert
is now properly attaching to the handler.
 2016-09-29 17:21:59 -05:00
RageLtMan a7470991d9 Bring Python reverse_tcp_ssl payload upstream 
Adds TLS/SSL transport encryption for reverse tcp payloads in
python
 2016-09-29 17:21:59 -05:00
dana-at-cp b06a3d3c68 Refactor code that calls zipalign on injected APK 2016-09-29 07:49:50 -07:00
dana-at-cp e8d99fb3f5 Run zipalign as last step during APK injection process 
Running zipalign on an APK after signing and before distribution
is considered general best practice. Also, properly aligning an APK
makes it less likely to be flagged as suspicious by mobile security
solutions.

More on zipalign from Google:

https://developer.android.com/studio/command-line/zipalign.html
 2016-09-28 20:05:17 -07:00
Jeffrey Martin 1689f10890 Land #7292, add android stageless meterpreter_reverse_tcp 2016-09-28 16:05:22 -05:00
Brent Cook ea625d4ea3 Enhance #7360, more stance fixes 2016-09-28 13:49:29 -05:00
Brent Cook 5a611b0ec4 use the correct scope for the Stance names 2016-09-28 13:48:28 -05:00
Tim b4a1adaf0f refactor into android.rb 2016-09-28 18:23:34 +08:00
Tim dc43f59dcf dalvik -> android 2016-09-28 14:50:52 +08:00
HD Moore 8bef4e4ec6 Land #7360, restore passive?/aggressive? behavior 
This PR restores the mod.aggressive? and mod.passive? methods to the
implementation prior to 0f7e3e9.
 2016-09-26 15:05:41 -05:00
Metasploit 5ea1e7b379 Bump version of framework to 4.12.29 2016-09-26 12:06:21 -07:00
Tim a39c4965e4 fix apk injection script to include payload service and receivers 2016-09-26 19:50:10 +08:00
Brent Cook 006c749e6a directly check to match the former definition of aggressive? 2016-09-25 23:57:13 -04:00
Brent Cook 743bea912a fix exploit Passive / Aggressive overrides to do the right thing 2016-09-25 19:57:41 -04:00
Pearce Barry 00258a4d31 Land #7351, restore NTLM constant class shortcuts 2016-09-25 12:09:38 -05:00
dmohanty-r7 00c02bb132 Land #7349, Add initialization of RHOST value prior to calling child check() 2016-09-23 12:28:08 -05:00
Metasploit 3ddf80dd7a Bump version of framework to 4.12.28 2016-09-23 10:02:37 -07:00
Tim c13ab28a5b remove debug statement 2016-09-22 16:27:11 +01:00
Tim acb3e66064 fix comments 2016-09-22 16:26:26 +01:00
Tim 32c2311b86 android meterpreter_reverse_tcp 2016-09-22 16:26:26 +01:00
Brent Cook 2ec87d1f67 check if constant aliases are already set before setting 
(I'm presuming that was what removing was intended to help with)
 2016-09-22 07:12:42 -05:00
Brent Cook 4acb29a129 restore NTLM constant class shortcuts 2016-09-22 07:01:38 -05:00
OJ af4b1cf48f Add the sess command to MSF and Meterp shells 
This new command is a simpler shortcut that allows for moving around sessions much faster from within the console.

* From inside MSF, `sess <id>` is shorthand for `sessions -i <id>`
* From inside Meterp, `sess <id>` is shorthand for `background; sessions -i <id>`

In the latter case, if the session being switched to is the same id, then no swiching happens.
 2016-09-22 16:09:59 +10:00
Brent Cook 52d0840a79 Land #7276, fix clipboard tlv usage 2016-09-22 00:47:18 -05:00
Brent Cook b4b709d921 Land #7342, remove OSVDB links and references from library code - leave in modules 2016-09-22 00:45:05 -05:00
Brent Cook 88cef32ea4 Land #7339, SSH module fixes from net:ssh updates 2016-09-22 00:27:32 -05:00
William Vu fda5faf4ed Land #7346, route command fixes 
Also adds session -1 support.
 2016-09-21 15:44:24 -05:00
Spencer McIntyre a3e3bbf2b0 Remove unnecessary reference to idx 2016-09-21 12:42:25 -04:00
Spencer McIntyre 08836a317d Fix "route add" error and support using session -1 2016-09-21 12:02:30 -04:00
Spencer McIntyre 0671e854a9 Default the route command to printing the table 2016-09-21 10:36:59 -04:00
Brendan b0bb5b5806 Added initialization of RHOST value prior to calling child check() functions 2016-09-20 18:18:52 -05:00
“Brian 4ff8235304 Remove semicolon 2016-09-20 17:57:48 -05:00
“Brian 8871673ada Merge branch 'master' of github.com:rapid7/metasploit-framework 2016-09-20 17:48:06 -05:00
“Brian 53170cca01 msfconsole command 
resolves #7330

Warns the user if they try to run msfconsole in msfconsole and does not let them do it
 2016-09-20 17:46:25 -05:00