Permalink
Browse files

Merge branch 'rapid7' into feature/4905

Conflicts:
	data/meterpreter/ext_server_stdapi.php
	modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb
  • Loading branch information...
2 parents d9ef256 + 88b35a3 commit 02954cbf93e2a13da967780cb703103b3f83ecf4 @egypt egypt committed May 9, 2012
Showing with 16,672 additions and 291 deletions.
  1. BIN data/armitage/armitage.jar
  2. +53 −0 data/armitage/teamserver
  3. +28 −0 data/armitage/whatsnew.txt
  4. +144 −135 data/exploits/psnuffle/smb.rb
  5. BIN data/meterpreter/ext_server_stdapi.jar
  6. +37 −0 data/meterpreter/ext_server_stdapi.php
  7. BIN data/meterpreter/meterpreter.jar
  8. +42 −0 external/source/armitage/build.xml
  9. BIN external/source/armitage/lib/jgraphx.jar
  10. BIN external/source/armitage/lib/msgpack-0.5.1-devel.jar
  11. BIN external/source/armitage/lib/postgresql-9.1-901.jdbc4.jar
  12. BIN external/source/armitage/lib/sleep.jar
  13. +90 −0 external/source/armitage/readme.txt
  14. +23 −0 external/source/armitage/resources/about.html
  15. BIN external/source/armitage/resources/armitage-icon.gif
  16. BIN external/source/armitage/resources/armitage-logo.gif
  17. +41 −0 external/source/armitage/resources/armitage.prop
  18. BIN external/source/armitage/resources/bsd.png
  19. BIN external/source/armitage/resources/cisco.png
  20. BIN external/source/armitage/resources/computer.png
  21. +12 −0 external/source/armitage/resources/error.txt
  22. BIN external/source/armitage/resources/firewall.png
  23. BIN external/source/armitage/resources/hacked.png
  24. BIN external/source/armitage/resources/linux.png
  25. BIN external/source/armitage/resources/macosx.png
  26. +10 −0 external/source/armitage/resources/msfrpcd.bat
  27. BIN external/source/armitage/resources/printer.png
  28. BIN external/source/armitage/resources/solaris.png
  29. BIN external/source/armitage/resources/unknown.png
  30. BIN external/source/armitage/resources/vmware.png
  31. BIN external/source/armitage/resources/windows2000.png
  32. BIN external/source/armitage/resources/windows7.png
  33. BIN external/source/armitage/resources/windowsxp.png
  34. +1 −0 external/source/armitage/run.sh
  35. +312 −0 external/source/armitage/scripts/armitage.sl
  36. +652 −0 external/source/armitage/scripts/attacks.sl
  37. +423 −0 external/source/armitage/scripts/browser.sl
  38. +140 −0 external/source/armitage/scripts/collaborate.sl
  39. +78 −0 external/source/armitage/scripts/downloads.sl
  40. +518 −0 external/source/armitage/scripts/gui.sl
  41. +104 −0 external/source/armitage/scripts/hosts.sl
  42. +649 −0 external/source/armitage/scripts/jobs.sl
  43. +76 −0 external/source/armitage/scripts/log.sl
  44. +123 −0 external/source/armitage/scripts/loot.sl
  45. +264 −0 external/source/armitage/scripts/menus.sl
  46. +360 −0 external/source/armitage/scripts/meterpreter.sl
  47. +271 −0 external/source/armitage/scripts/modules.sl
  48. +332 −0 external/source/armitage/scripts/passhash.sl
  49. +178 −0 external/source/armitage/scripts/pivots.sl
  50. +374 −0 external/source/armitage/scripts/preferences.sl
  51. +109 −0 external/source/armitage/scripts/process.sl
  52. +361 −0 external/source/armitage/scripts/reporting.sl
  53. +100 −0 external/source/armitage/scripts/screenshot.sl
  54. +522 −0 external/source/armitage/scripts/server.sl
  55. +93 −0 external/source/armitage/scripts/services.sl
  56. +355 −0 external/source/armitage/scripts/shell.sl
  57. +445 −0 external/source/armitage/scripts/targets.sl
  58. +79 −0 external/source/armitage/scripts/tokens.sl
  59. +587 −0 external/source/armitage/scripts/util.sl
  60. +223 −0 external/source/armitage/scripts/workspaces.sl
  61. +8 −0 external/source/armitage/src/armitage/Activity.java
  62. +41 −0 external/source/armitage/src/armitage/ActivityConsole.java
  63. +319 −0 external/source/armitage/src/armitage/ArmitageApplication.java
  64. +123 −0 external/source/armitage/src/armitage/ArmitageMain.java
  65. +36 −0 external/source/armitage/src/armitage/ArmitageThread.java
  66. +8 −0 external/source/armitage/src/armitage/ArmitageThreadClient.java
  67. +111 −0 external/source/armitage/src/armitage/ArmitageTimer.java
  68. +10 −0 external/source/armitage/src/armitage/ArmitageTimerClient.java
  69. +6 −0 external/source/armitage/src/armitage/ConsoleCallback.java
  70. +258 −0 external/source/armitage/src/armitage/ConsoleClient.java
  71. +252 −0 external/source/armitage/src/armitage/ConsoleQueue.java
  72. +91 −0 external/source/armitage/src/armitage/GenericTabCompletion.java
  73. +94 −0 external/source/armitage/src/armitage/MeterpreterClient.java
  74. +18 −0 external/source/armitage/src/armitage/QueueTabCompletion.java
  75. +40 −0 external/source/armitage/src/armitage/SimpleTimer.java
  76. +41 −0 external/source/armitage/src/armitage/TabCompletion.java
  77. +581 −0 external/source/armitage/src/console/Console.java
  78. +9 −0 external/source/armitage/src/console/ConsolePopup.java
  79. +220 −0 external/source/armitage/src/console/Display.java
  80. +155 −0 external/source/armitage/src/console/SearchPanel.java
  81. +90 −0 external/source/armitage/src/graph/CircleLayout.java
  82. +9 −0 external/source/armitage/src/graph/GraphPopup.java
  83. +495 −0 external/source/armitage/src/graph/NetworkGraph.java
  84. +112 −0 external/source/armitage/src/graph/Route.java
  85. +31 −0 external/source/armitage/src/graph/TouchList.java
  86. +31 −0 external/source/armitage/src/graph/TouchMap.java
  87. +8 −0 external/source/armitage/src/msf/Async.java
  88. +133 −0 external/source/armitage/src/msf/Base64.java
  89. +100 −0 external/source/armitage/src/msf/ConsolePool.java
  90. +417 −0 external/source/armitage/src/msf/DatabaseImpl.java
  91. +238 −0 external/source/armitage/src/msf/MeterpreterSession.java
  92. +139 −0 external/source/armitage/src/msf/MsgRpcImpl.java
  93. +31 −0 external/source/armitage/src/msf/RpcAsync.java
  94. +171 −0 external/source/armitage/src/msf/RpcCacheImpl.java
  95. +21 −0 external/source/armitage/src/msf/RpcConnection.java
  96. +145 −0 external/source/armitage/src/msf/RpcConnectionImpl.java
  97. +78 −0 external/source/armitage/src/msf/RpcQueue.java
  98. +119 −0 external/source/armitage/src/msf/SecureSocket.java
  99. +253 −0 external/source/armitage/src/table/GenericTableModel.java
  100. +273 −0 external/source/armitage/src/table/NetworkTable.java
  101. +153 −0 external/source/armitage/src/tree/SimpleTreeNode.java
  102. +191 −0 external/source/armitage/src/ui/ATable.java
  103. +94 −0 external/source/armitage/src/ui/ATextField.java
  104. +16 −0 external/source/armitage/src/ui/ATree.java
  105. +56 −0 external/source/armitage/src/ui/CopyPopup.java
  106. +83 −0 external/source/armitage/src/ui/CutCopyPastePopup.java
  107. +113 −0 external/source/armitage/src/ui/DraggableTabbedPane.java
  108. +39 −0 external/source/armitage/src/ui/DynamicMenu.java
  109. +168 −0 external/source/armitage/src/ui/KeyBindings.java
  110. +5 −0 external/source/armitage/src/ui/KeyHandler.java
  111. +68 −0 external/source/armitage/src/ui/ModuleTransferHandler.java
  112. +24 −0 external/source/armitage/src/ui/SafeMouseListener.java
  113. +7 −0 external/source/armitage/src/ui/ScreenshotManager.java
  114. +82 −0 external/source/armitage/src/ui/ZoomableImage.java
  115. +1,115 −0 external/source/armitage/whatsnew.txt
  116. +27 −1 external/source/meterpreter/java/build.xml
  117. +1 −1 lib/msf/core/exploit/vim_soap.rb
  118. +1 −1 modules/auxiliary/admin/scada/modicon_command.rb
  119. +5 −4 modules/auxiliary/gather/enum_dns.rb
  120. +4 −4 modules/auxiliary/scanner/http/blind_sql_query.rb
  121. +3 −6 modules/auxiliary/scanner/http/error_sql_injection.rb
  122. +1 −1 modules/auxiliary/scanner/http/owa_login.rb
  123. +3 −3 modules/auxiliary/scanner/http/vmware_server_dir_trav.rb
  124. +13 −14 modules/auxiliary/scanner/misc/java_rmi_server.rb
  125. +40 −37 modules/auxiliary/scanner/snmp/snmp_enum.rb
  126. +6 −4 modules/auxiliary/scanner/snmp/snmp_set.rb
  127. +6 −12 modules/auxiliary/sniffer/psnuffle.rb
  128. +1 −1 modules/encoders/x86/alpha_mixed.rb
  129. +1 −1 modules/exploits/linux/http/vcms_upload.rb
  130. +3 −2 modules/exploits/linux/http/webcalendar_settings_exec.rb
  131. +1 −1 modules/exploits/multi/browser/opera_configoverwrite.rb
  132. +1 −1 modules/exploits/multi/browser/opera_historysearch.rb
  133. +128 −0 modules/exploits/multi/http/php_cgi_arg_injection.rb
  134. +1 −1 modules/exploits/osx/browser/safari_file_policy.rb
  135. +1 −1 modules/exploits/windows/browser/adobe_flash_sps.rb
  136. +1 −1 modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb
  137. +1 −1 modules/exploits/windows/browser/asus_net4switch_ipswcom.rb
  138. +1 −1 modules/exploits/windows/browser/c6_messenger_downloaderactivex.rb
  139. +1 −1 modules/exploits/windows/browser/dell_webcam_crazytalk.rb
  140. +1 −1 modules/exploits/windows/browser/mcafee_mvt_exec.rb
  141. +346 −0 modules/exploits/windows/browser/mozilla_nssvgvalue.rb
  142. +1 −1 modules/exploits/windows/browser/mozilla_reduceright.rb
  143. +1 −1 modules/exploits/windows/browser/realplayer_qcp.rb
  144. +1 −1 modules/exploits/windows/browser/ultramjcam_openfiledig_bof.rb
  145. +1 −1 modules/exploits/windows/browser/vlc_amv.rb
  146. +1 −1 modules/exploits/windows/browser/vlc_mms_bof.rb
  147. +1 −1 modules/exploits/windows/fileformat/aol_desktop_linktag.rb
  148. +1 −1 modules/exploits/windows/fileformat/aviosoft_plf_buf.rb
  149. +1 −1 modules/exploits/windows/fileformat/bsplayer_m3u.rb
  150. +1 −1 modules/exploits/windows/fileformat/dvdx_plf_bof.rb
  151. +1 −1 modules/exploits/windows/fileformat/gsm_sim.rb
  152. +1 −1 modules/exploits/windows/fileformat/mcafee_showreport_exec.rb
  153. +1 −1 modules/exploits/windows/fileformat/ms10_038_excel_obj_bof.rb
  154. +1 −1 modules/exploits/windows/fileformat/ms11_021_xlb_bof.rb
  155. +1 −1 modules/exploits/windows/fileformat/netop.rb
  156. +1 −1 modules/exploits/windows/fileformat/subtitle_processor_m3u_bof.rb
  157. +1 −1 modules/exploits/windows/ftp/ricoh_dl_bof.rb
  158. +1 −1 modules/exploits/windows/http/hp_nnm_nnmrptconfig_nameparams.rb
  159. +1 −1 modules/exploits/windows/http/hp_nnm_nnmrptconfig_schdparams.rb
  160. +1 −1 modules/exploits/windows/http/hp_nnm_webappmon_execvp.rb
  161. +1 −1 modules/exploits/windows/http/hp_nnm_webappmon_ovjavalocale.rb
  162. +1 −1 modules/exploits/windows/http/hp_power_manager_filename.rb
  163. +1 −1 modules/exploits/windows/http/netdecision_http_bof.rb
  164. +246 −0 modules/exploits/windows/http/solarwinds_storage_manager_sql.rb
  165. +1 −1 modules/exploits/windows/lotus/domino_icalendar_organizer.rb
  166. +1 −1 modules/exploits/windows/misc/hp_omniinet_4.rb
  167. +1 −1 modules/exploits/windows/misc/splayer_content_type.rb
  168. +1 −1 modules/exploits/windows/misc/trendmicro_cmdprocessor_addtask.rb
  169. +1 −1 modules/exploits/windows/misc/wireshark_lua.rb
  170. +1 −1 modules/exploits/windows/scada/factorylink_csservice.rb
  171. +1 −1 modules/exploits/windows/scada/iconics_genbroker.rb
  172. +1 −1 modules/exploits/windows/scada/iconics_webhmi_setactivexguid.rb
  173. +1 −1 modules/exploits/windows/scada/igss9_igssdataserver_listall.rb
  174. +1 −1 modules/exploits/windows/scada/igss9_igssdataserver_rename.rb
  175. +1 −1 modules/exploits/windows/scada/igss9_misc.rb
  176. +1 −1 modules/exploits/windows/scada/procyon_core_server.rb
  177. +1 −1 modules/exploits/windows/ssh/sysax_ssh_username.rb
  178. +1 −1 modules/payloads/singles/bsd/x86/exec.rb
  179. +5 −5 modules/payloads/singles/windows/download_exec_https.rb
  180. +1 −1 modules/payloads/singles/windows/messagebox.rb
  181. +3 −3 modules/post/multi/general/execute.rb
  182. +8 −8 modules/post/osx/gather/enum_osx.rb
  183. +8 −1 modules/post/windows/gather/enum_dirperms.rb
  184. +29 −1 test/modules/post/test/meterpreter.rb
View
Binary file not shown.
View
@@ -0,0 +1,53 @@
+#!/bin/bash
+# start msfrpcd and the deconfliction server. Check for common mistakes
+# to save some time and head scratching...
+
+# check the arguments
+EXPECTED=2
+if [ $# -ne $EXPECTED ]; then
+ echo "[-] You must provide: <external IP address> <team password>"
+ echo " <external IP address> must be reachable by Armitage"
+ echo " clients on port 55553"
+ echo " <team password> is a shared password your team uses to"
+ echo " authenticate to the Armitage team server"
+ exit
+fi
+
+# check that we're r00t
+if [ $UID -ne 0 ]; then
+ echo "[-] Superuser privileges are required to run the team server"
+ exit
+fi
+
+# check if java is available...
+if [ $(command -v java) ]; then
+ true
+else
+ echo "[-] java is not in \$PATH"
+ echo " is Java installed?"
+ exit
+fi
+
+# check if msfrpcd is available
+if [ $(command -v msfrpcd) ]; then
+ true
+else
+ echo "[-] msfrpcd is not in \$PATH"
+ echo " is Metasploit installed?"
+ exit
+fi
+
+# check if msfrpcd is running or not
+if [ "$(pidof msfrpcd)" ]; then
+ echo "[-] msfrpcd is already running. Kill it before running this script"
+ echo " try: killall -9 msfrpcd"
+ exit
+fi
+
+# start everything up
+echo "[+] Starting RPC daemon"
+msfrpcd -U msf -P $2 -a 127.0.0.1 -p 55554 -S
+echo "[+] sleeping for 20s (to let msfrpcd initialize)"
+sleep 20
+echo "[+] Starting Armitage team server"
+java -server -XX:+UseParallelGC -jar armitage.jar --server $1 55554 msf $2 55553
View
@@ -1,6 +1,34 @@
Armitage Changelog
==================
+7 May 12
+--------
+Note: Armitage team server setup has changed. Refer to the manual for
+the latest information: http://www.fastandeasyhacking.com/manual#7
+
+- Armitage team mode now routes all Metasploit-bound calls through the
+ deconfliction server. Armitage also pools "temporary" Metasploit
+ consoles. It's too bad this is logged as one change, because it's
+ more like twenty. These changes were motivated by a desire to avoid
+ triggering a race condition that was introduced w/ Metasploit 4.3.0.
+ http://dev.metasploit.com/redmine/issues/6829
+
+ On the bright side these changes will allow a lot more flexibility
+ to optimize how Armitage interacts with msfrpcd and to do some neat
+ things (like logging) in a centralized way.
+- Module description (in module launch dialog) is now resizable.
+- Added Ctrl+D keyboard shortcut to close active tab.
+- Armitage now uses (more robust) console queue for launching post
+ modules, handlers, brute force attacks, and other things.
+- Fixed a race condition in the Jobs tab refresh after killing a job
+- Armitage now filters smb hashes from non-psexec/smb login dialogs.
+- Added armitage.log_data_here.folder setting. This setting lets you
+ specify where Armitage will save its logs, downloaded files, and
+ screenshots. *cough* Some penetration testers like to dump everything
+ to an encrypted volume. *cough*. I apologize it took this long to
+ get this feature in place.
+- Improved perceived responsiveness of a console interaction
+
17 Apr 12
---------
- Modified how Armitage determines a console command is complete to stay
Oops, something went wrong.

0 comments on commit 02954cb

Please sign in to comment.