Permalink
Browse files

Merge branch 'release/20111213184834' into stable

  • Loading branch information...
2 parents cf0cbff + 3a20d53 commit 5249e74ca789e602edc8900cd8e8dbadc640f43c Jenkins committed Dec 14, 2011
Showing with 4,178 additions and 315 deletions.
  1. +1 −0 README
  2. BIN data/armitage/armitage.jar
  3. +25 −0 data/armitage/whatsnew.txt
  4. BIN data/gui/msfgui.jar
  5. +9 −0 data/sql/migrate/20111210000000_add_scope_to_hosts.rb
  6. +3 −9 external/source/gui/msfguijava/src/msfgui/MsfTable.java
  7. +14 −47 external/source/gui/msfguijava/src/msfgui/OpenConnectionDialog.form
  8. +15 −45 external/source/gui/msfguijava/src/msfgui/OpenConnectionDialog.java
  9. +7 −8 external/source/gui/msfguijava/src/msfgui/PayloadPopup.form
  10. +3 −15 external/source/gui/msfguijava/src/msfgui/PayloadPopup.java
  11. +5 −14 external/source/gui/msfguijava/src/msfgui/RpcConnection.java
  12. +0 −1 external/source/gui/msfguijava/src/msfgui/XmlRpc.java
  13. +0 −2 external/source/gui/msfguijava/src/msfgui/resources/OpenConnectionDialog.properties
  14. +14 −0 lib/bit-struct.rb
  15. +187 −0 lib/bit-struct/README
  16. +574 −0 lib/bit-struct/bit-struct.rb
  17. +48 −0 lib/bit-struct/char-field.rb
  18. +300 −0 lib/bit-struct/fields.rb
  19. +61 −0 lib/bit-struct/float-field.rb
  20. +20 −0 lib/bit-struct/hex-octet-field.rb
  21. +76 −0 lib/bit-struct/nested-field.rb
  22. +45 −0 lib/bit-struct/octet-field.rb
  23. +15 −0 lib/bit-struct/pad-field.rb
  24. +258 −0 lib/bit-struct/signed-field.rb
  25. +44 −0 lib/bit-struct/text-field.rb
  26. +248 −0 lib/bit-struct/unsigned-field.rb
  27. +77 −0 lib/bit-struct/vector-field.rb
  28. +173 −0 lib/bit-struct/vector.rb
  29. +69 −0 lib/bit-struct/yaml.rb
  30. +3 −0 lib/msf/core/auxiliary/crawler.rb
  31. +13 −4 lib/msf/core/db.rb
  32. +10 −1 lib/msf/core/handler/reverse_http.rb
  33. +16 −4 lib/msf/core/handler/reverse_https.rb
  34. +33 −0 lib/msf/core/handler/reverse_ipv6_http.rb
  35. +33 −0 lib/msf/core/handler/reverse_ipv6_https.rb
  36. +5 −0 lib/msf/core/model/web_site.rb
  37. +3 −3 lib/msf/core/module_manager.rb
  38. +2 −3 lib/msf/core/option_container.rb
  39. +1 −1 lib/msf/core/post/osx/system.rb
  40. +4 −4 lib/msf/core/rpc/v10/service.rb
  41. +22 −20 lib/msf/ui/console/command_dispatcher/db.rb
  42. +12 −1 lib/rex/proto/http/client.rb
  43. +9 −13 lib/rex/socket.rb
  44. +59 −13 lib/rex/socket/comm/local.rb
  45. +44 −19 lib/rex/socket/range_walker.rb
  46. +1 −1 lib/rex/socket/udp.rb
  47. +1 −1 modules/auxiliary/admin/http/typo3_sa_2009_002.rb
  48. +500 −0 modules/auxiliary/fuzzers/dns/dns_fuzzer.rb
  49. +5 −5 modules/auxiliary/gather/shodan_search.rb
  50. +0 −4 modules/auxiliary/scanner/h323/h323_version.rb
  51. +1 −1 modules/auxiliary/scanner/http/crawler.rb
  52. +79 −0 modules/auxiliary/scanner/http/yaws_traversal.rb
  53. +35 −6 modules/auxiliary/scanner/tftp/ipswitch_whatsupgold_tftp.rb
  54. +10 −4 modules/auxiliary/server/capture/http.rb
  55. +2 −0 modules/auxiliary/server/pxexploit.rb
  56. +79 −0 modules/auxiliary/sqli/oracle/dbms_cdc_subscribe_activate_subscription.rb
  57. +99 −0 modules/exploits/multi/http/familycms_less_exec.rb
  58. +2 −2 modules/exploits/multi/http/phpscheduleit_start_date.rb
  59. +105 −0 modules/exploits/multi/http/pmwiki_pagelist.rb
  60. +3 −0 modules/exploits/multi/http/tomcat_mgr_deploy.rb
  61. +108 −0 modules/exploits/multi/http/traq_plugin_exec.rb
  62. +1 −1 modules/exploits/unix/webapp/awstats_migrate_exec.rb
  63. +1 −1 modules/exploits/unix/webapp/joomla_tinybrowser.rb
  64. +1 −1 modules/exploits/unix/webapp/sphpblog_file_upload.rb
  65. +1 −1 modules/exploits/windows/browser/greendam_url.rb
  66. +112 −0 modules/exploits/windows/ftp/ability_server_stor.rb
  67. +1 −1 modules/exploits/windows/ftp/ms09_053_ftpd_nlst.rb
  68. +1 −1 modules/exploits/windows/misc/avidphoneticindexer.rb
  69. +107 −0 modules/exploits/windows/scada/codesys_web_server.rb
  70. +1 −1 modules/exploits/windows/tftp/attftp_long_filename.rb
  71. +1 −1 modules/payloads/stagers/linux/x86/reverse_ipv6_tcp.rb
  72. +98 −0 modules/payloads/stagers/windows/reverse_ipv6_http.rb
  73. +100 −0 modules/payloads/stagers/windows/reverse_ipv6_https.rb
  74. +4 −9 modules/post/windows/escalate/service_permissions.rb
  75. +5 −4 modules/post/windows/gather/win_privs.rb
  76. +5 −2 modules/post/windows/manage/enable_rdp.rb
  77. +96 −41 modules/post/windows/manage/persistence.rb
  78. +31 −0 scripts/resource/run_all_post.rc
  79. +22 −0 tools/msftidy.rb
View
1 README
@@ -34,6 +34,7 @@ The copyright on this package is held by Rapid7 LLC.
This license does not apply to the following components:
+ - The Bit-Struct library located under lib/bit-struct
- The OpenSSL library embedded into the Meterpreter payload binaries and the
corresponding header files in the source tree
- The Packet Sniffer SDK (MicroOLAP) library embedded into the Meterpreter
View
Binary file not shown.
View
@@ -1,6 +1,31 @@
Armitage Changelog
==================
+12 Dec 11
+---------
+- Armitage teaming mode now downloads the resulting file for any fileformat
+ exploit.
+- Armitage -> Set Exploit Rank and Set Target View now show a * next to an
+ item to indicate the current setting.
+- Shift+click on Launch in a module launch dialog will not close the module
+ launch dialog. One use case for this: set up a payload multi/handler,
+ shift+click Launch to do it, then change output type to exe, click Launch
+ and you're all set.
+- Dynamic Workspace editor now trims whitespace from your entries. Errant
+ whitespace causes Armitage to reject the entry and your workspace never
+ acivates.
+- Updated the "msfrpcd died" troubleshooting dialog. The new one takes folks
+ to a website with detailed information.
+- Armitage now uses "load" to load a meterpreter module instead of "use"
+- Key logger event log announcement now notes the session ID. This is so
+ your teammates will know not to migrate that session since it's recording
+ key strokes.
+- Right-click X in tab -> Save Screenshot now displays filename without the
+ path.
+- Deconfliction server now detects when database is not available and offers
+ troubleshooting steps.
+- Loot/Downloads viewer now has a right-click menu to Copy selected text.
+
22 Nov 11 - A big improvement...
---------
- Services refresh is now set to 30s (vs. 60s before)
View
Binary file not shown.
@@ -0,0 +1,9 @@
+class AddScopeToHosts < ActiveRecord::Migration
+ def self.up
+ add_column :hosts, :scope, :text
+ end
+
+ def self.down
+ remove_column :hosts, :scope
+ end
+end
@@ -97,15 +97,9 @@ public void reAddQuery(boolean force, int offset) {
if(!force && !DraggableTabbedPane.isVisible(this))
return; //Don't re-add if not visible
try {
- Object arg;
- if(rpcConn.type.equals("XML") && (dbTable.equals("events") || dbTable.equals("loots"))){
- arg = MsfguiApp.workspace;
- } else {
- HashMap argM = new HashMap(10);
- argM.put("workspace", MsfguiApp.workspace);
- argM.put("offset", offset);
- arg = argM;
- }
+ HashMap arg = new HashMap(10);
+ arg.put("workspace", MsfguiApp.workspace);
+ arg.put("offset", offset);
List data = (List) ((Map)rpcConn.execute("db."+dbTable, arg)).get(dbTable);
if(data == null)
return;
@@ -44,24 +44,18 @@
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Component id="disableDbButton" min="-2" max="-2" attributes="0"/>
- <Component id="usernameField" alignment="0" pref="427" max="32767" attributes="0"/>
- <Component id="hostField" alignment="0" pref="427" max="32767" attributes="0"/>
- <Component id="passwordField" alignment="0" pref="427" max="32767" attributes="0"/>
- <Component id="portField" alignment="0" pref="427" max="32767" attributes="0"/>
- <Group type="102" alignment="0" attributes="0">
- <Component id="sslBox" min="-2" max="-2" attributes="0"/>
- <EmptySpace pref="250" max="32767" attributes="0"/>
- <Component id="xmlButton" min="-2" max="-2" attributes="0"/>
- <EmptySpace type="separate" max="-2" attributes="0"/>
- <Component id="msgpackButton" min="-2" max="-2" attributes="0"/>
- </Group>
+ <Component id="usernameField" alignment="0" pref="433" max="32767" attributes="0"/>
+ <Component id="hostField" alignment="0" pref="433" max="32767" attributes="0"/>
+ <Component id="passwordField" alignment="0" pref="433" max="32767" attributes="0"/>
+ <Component id="portField" alignment="0" pref="433" max="32767" attributes="0"/>
+ <Component id="sslBox" alignment="0" min="-2" max="-2" attributes="0"/>
</Group>
</Group>
<Group type="102" alignment="0" attributes="0">
<Component id="startNewButton" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="pathButton" min="-2" max="-2" attributes="0"/>
- <EmptySpace pref="126" max="32767" attributes="0"/>
+ <EmptySpace pref="132" max="32767" attributes="0"/>
<Component id="cancelButton" min="-2" max="-2" attributes="0"/>
<EmptySpace type="unrelated" max="-2" attributes="0"/>
<Component id="connectButton" min="-2" max="-2" attributes="0"/>
@@ -97,22 +91,14 @@
<Component id="portLabel" alignment="3" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace max="-2" attributes="0"/>
- <Group type="103" groupAlignment="0" attributes="0">
- <Group type="102" attributes="0">
- <Group type="103" groupAlignment="1" max="-2" attributes="0">
- <Component id="sslBox" alignment="0" min="0" pref="0" max="32767" attributes="1"/>
- <Component id="sslLabel" alignment="0" max="32767" attributes="1"/>
- </Group>
- <EmptySpace max="-2" attributes="0"/>
- <Group type="103" groupAlignment="3" attributes="0">
- <Component id="disableDbLabel" alignment="3" min="-2" max="-2" attributes="0"/>
- <Component id="disableDbButton" alignment="3" min="-2" pref="18" max="-2" attributes="0"/>
- </Group>
- </Group>
- <Group type="103" alignment="0" groupAlignment="3" attributes="0">
- <Component id="msgpackButton" alignment="3" min="-2" max="-2" attributes="0"/>
- <Component id="xmlButton" alignment="3" min="-2" max="-2" attributes="0"/>
- </Group>
+ <Group type="103" groupAlignment="1" max="-2" attributes="0">
+ <Component id="sslBox" alignment="0" min="0" pref="0" max="32767" attributes="1"/>
+ <Component id="sslLabel" alignment="0" max="32767" attributes="1"/>
+ </Group>
+ <EmptySpace max="-2" attributes="0"/>
+ <Group type="103" groupAlignment="3" attributes="0">
+ <Component id="disableDbLabel" alignment="3" min="-2" max="-2" attributes="0"/>
+ <Component id="disableDbButton" alignment="3" min="-2" pref="18" max="-2" attributes="0"/>
</Group>
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0">
@@ -268,24 +254,5 @@
<Property name="name" type="java.lang.String" value="disableDbButton" noResource="true"/>
</Properties>
</Component>
- <Component class="javax.swing.JRadioButton" name="xmlButton">
- <Properties>
- <Property name="buttonGroup" type="javax.swing.ButtonGroup" editor="org.netbeans.modules.form.RADComponent$ButtonGroupPropertyEditor">
- <ComponentRef name="buttonGroup1"/>
- </Property>
- <Property name="selected" type="boolean" value="true"/>
- <Property name="text" type="java.lang.String" resourceKey="xmlButton.text"/>
- <Property name="name" type="java.lang.String" value="xmlButton" noResource="true"/>
- </Properties>
- </Component>
- <Component class="javax.swing.JRadioButton" name="msgpackButton">
- <Properties>
- <Property name="buttonGroup" type="javax.swing.ButtonGroup" editor="org.netbeans.modules.form.RADComponent$ButtonGroupPropertyEditor">
- <ComponentRef name="buttonGroup1"/>
- </Property>
- <Property name="text" type="java.lang.String" resourceKey="msgpackButton.text"/>
- <Property name="name" type="java.lang.String" value="msgpackButton" noResource="true"/>
- </Properties>
- </Component>
</SubComponents>
</Form>
@@ -104,7 +104,7 @@ public static RpcConnection getConnection(MainFrame mainframe) {
int port = Integer.parseInt(info.get("port").toString());
boolean ssl = Boolean.parseBoolean(info.get("ssl").toString());
String type = info.get("type").toString();
- RpcConnection rpc = RpcConnection.getConn(type, username, password.toCharArray(), host, port, ssl);
+ RpcConnection rpc = RpcConnection.getConn(username, password.toCharArray(), host, port, ssl);
if(javax.swing.JOptionPane.showConfirmDialog(null, "Connect to last remembered rpcd?") == javax.swing.JOptionPane.YES_OPTION)
return rpc;
rpc.execute("auth.logout");
@@ -154,8 +154,6 @@ private void initComponents() {
sslLabel = new javax.swing.JLabel();
disableDbLabel = new javax.swing.JLabel();
disableDbButton = new javax.swing.JCheckBox();
- xmlButton = new javax.swing.JRadioButton();
- msgpackButton = new javax.swing.JRadioButton();
setDefaultCloseOperation(javax.swing.WindowConstants.DISPOSE_ON_CLOSE);
org.jdesktop.application.ResourceMap resourceMap = org.jdesktop.application.Application.getInstance(msfgui.MsfguiApp.class).getContext().getResourceMap(OpenConnectionDialog.class);
@@ -255,15 +253,6 @@ public void actionPerformed(java.awt.event.ActionEvent evt) {
disableDbButton.setText(resourceMap.getString("disableDbButton.text")); // NOI18N
disableDbButton.setName("disableDbButton"); // NOI18N
- buttonGroup1.add(xmlButton);
- xmlButton.setSelected(true);
- xmlButton.setText(resourceMap.getString("xmlButton.text")); // NOI18N
- xmlButton.setName("xmlButton"); // NOI18N
-
- buttonGroup1.add(msgpackButton);
- msgpackButton.setText(resourceMap.getString("msgpackButton.text")); // NOI18N
- msgpackButton.setName("msgpackButton"); // NOI18N
-
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(getContentPane());
getContentPane().setLayout(layout);
layout.setHorizontalGroup(
@@ -284,21 +273,16 @@ public void actionPerformed(java.awt.event.ActionEvent evt) {
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(disableDbButton)
- .addComponent(usernameField, javax.swing.GroupLayout.DEFAULT_SIZE, 427, Short.MAX_VALUE)
- .addComponent(hostField, javax.swing.GroupLayout.DEFAULT_SIZE, 427, Short.MAX_VALUE)
- .addComponent(passwordField, javax.swing.GroupLayout.DEFAULT_SIZE, 427, Short.MAX_VALUE)
- .addComponent(portField, javax.swing.GroupLayout.DEFAULT_SIZE, 427, Short.MAX_VALUE)
- .addGroup(layout.createSequentialGroup()
- .addComponent(sslBox)
- .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 250, Short.MAX_VALUE)
- .addComponent(xmlButton)
- .addGap(18, 18, 18)
- .addComponent(msgpackButton))))
+ .addComponent(usernameField, javax.swing.GroupLayout.DEFAULT_SIZE, 433, Short.MAX_VALUE)
+ .addComponent(hostField, javax.swing.GroupLayout.DEFAULT_SIZE, 433, Short.MAX_VALUE)
+ .addComponent(passwordField, javax.swing.GroupLayout.DEFAULT_SIZE, 433, Short.MAX_VALUE)
+ .addComponent(portField, javax.swing.GroupLayout.DEFAULT_SIZE, 433, Short.MAX_VALUE)
+ .addComponent(sslBox)))
.addGroup(layout.createSequentialGroup()
.addComponent(startNewButton)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(pathButton)
- .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 126, Short.MAX_VALUE)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 132, Short.MAX_VALUE)
.addComponent(cancelButton)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(connectButton)))
@@ -326,18 +310,13 @@ public void actionPerformed(java.awt.event.ActionEvent evt) {
.addComponent(portField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
.addComponent(portLabel))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
- .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
- .addGroup(layout.createSequentialGroup()
- .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING, false)
- .addComponent(sslBox, javax.swing.GroupLayout.Alignment.LEADING, 0, 0, Short.MAX_VALUE)
- .addComponent(sslLabel, javax.swing.GroupLayout.Alignment.LEADING, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
- .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
- .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
- .addComponent(disableDbLabel)
- .addComponent(disableDbButton, javax.swing.GroupLayout.PREFERRED_SIZE, 18, javax.swing.GroupLayout.PREFERRED_SIZE)))
- .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
- .addComponent(msgpackButton)
- .addComponent(xmlButton)))
+ .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING, false)
+ .addComponent(sslBox, javax.swing.GroupLayout.Alignment.LEADING, 0, 0, Short.MAX_VALUE)
+ .addComponent(sslLabel, javax.swing.GroupLayout.Alignment.LEADING, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(disableDbLabel)
+ .addComponent(disableDbButton, javax.swing.GroupLayout.PREFERRED_SIZE, 18, javax.swing.GroupLayout.PREFERRED_SIZE))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(connectButton, javax.swing.GroupLayout.DEFAULT_SIZE, 37, Short.MAX_VALUE)
@@ -356,11 +335,8 @@ private void connectButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN
String host = hostField.getText();
int port = Integer.parseInt(portField.getText());
boolean ssl = checkCrypto(sslBox.isSelected());
- String type = "xml";
- if(msgpackButton.isSelected())
- type = "msg";
try {
- rpcConn = RpcConnection.getConn(type, username, password, host, port, ssl);
+ rpcConn = RpcConnection.getConn(username, password, host, port, ssl);
} catch (MsfException mex) {
rpcConn = null;
}
@@ -390,10 +366,6 @@ private void portFieldActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIR
private void startNewButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_startNewButtonActionPerformed
//Setup defaults
- if(msgpackButton.isSelected())
- RpcConnection.defaultType = "msg";
- else
- RpcConnection.defaultType = "xml";
RpcConnection.defaultUser = usernameField.getText();
if(passwordField.getPassword().length > 0)
RpcConnection.defaultPass = new String(passwordField.getPassword());
@@ -434,7 +406,6 @@ private void pathButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FI
private javax.swing.JLabel disableDbLabel;
private javax.swing.JTextField hostField;
private javax.swing.JLabel hostLabel;
- private javax.swing.JRadioButton msgpackButton;
private javax.swing.JPasswordField passwordField;
private javax.swing.JLabel passwordLabel;
private javax.swing.JButton pathButton;
@@ -446,6 +417,5 @@ private void pathButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FI
private javax.swing.JLabel titleLabel;
private javax.swing.JTextField usernameField;
private javax.swing.JLabel usernameLabel;
- private javax.swing.JRadioButton xmlButton;
// End of variables declaration//GEN-END:variables
}
Oops, something went wrong.

0 comments on commit 5249e74

Please sign in to comment.