Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge branch 'upstream/master' into stop_abusing_expand_path
Conflicts:
	lib/msf/core/post/windows/shadowcopy.rb
	modules/exploits/windows/local/bypassuac.rb
	modules/post/windows/gather/wmic_command.rb
	modules/post/windows/manage/persistence.rb
  • Loading branch information
OJ committed Mar 11, 2014
2 parents 1cb671b + 7da54eb commit 3ea3968
Show file tree
Hide file tree
Showing 813 changed files with 38,825 additions and 13,193 deletions.
8 changes: 6 additions & 2 deletions .travis.yml
@@ -1,11 +1,15 @@
language: ruby
env: MSF_SPOTCHECK_RECENT=1
before_install:
- rake --version
- sudo apt-get update -qq
- sudo apt-get install -qq libpcap-dev
before_script:
- ./tools/msftidy.rb
- cp config/database.yml.travis config/database.yml
- rake db:create
- rake db:migrate
- bundle exec rake --version
- bundle exec rake db:create
- bundle exec rake db:migrate

rvm:
#- '1.8.7'
Expand Down
108 changes: 66 additions & 42 deletions CONTRIBUTING.md
@@ -1,44 +1,68 @@
# Contributing to Metasploit

## Reporting Bugs

If you would like to report a bug, please take a look at [our Redmine
issue
tracker](https://dev.metasploit.com/redmine/projects/framework/issues?query_id=420)
-- your bug may already have been reported there! Simply [searching](https://dev.metasploit.com/redmine/projects/framework/search) for some appropriate keywords may save everyone a lot of hassle.

If your bug is new and you'd like to report it you will need to
[register
first](https://dev.metasploit.com/redmine/account/register). Don't
worry, it's easy and fun and takes about 30 seconds.

When you file a bug report, please include your **steps to reproduce**,
full copy-pastes of Ruby stack traces, and any relevant details about
your environment. Without repro steps, your bug will likely be closed.
With repro steps, your bugs will likely be fixed.

## Contributing Metasploit Modules

If you have an exploit that you'd like to contribute to the Metasploit
Framework, please familiarize yourself with the
**[HACKING](https://github.com/rapid7/metasploit-framework/blob/master/HACKING)**
document in the
Metasploit-Framework repository. There are many mysteries revealed in
HACKING concerning code style and content.

[Pull requests](https://github.com/rapid7/metasploit-framework/pulls)
should corellate with modules at a 1:1 ratio
-- there is rarely a good reason to have two, three, or ten modules on
one pull request, as this dramatically increases the review time
required to land (commit) any of those modules.

Pull requests tend to be very collaborative for Metasploit -- do not be
surprised if your pull request to rapid7/metasploit-framework triggers a
pull request back to your own fork. In this way, we can isolate working
changes before landing your PR to the Metasploit master branch.

To save yourself the embarrassment of committing common errors, you will
want to symlink the `msftidy.rb` utility to your pre-commit hooks by
running `ln -s ../../tools/dev/pre-commit-hook.rb .git/hooks/pre-commit`
from the top-level directory of your metasploit-framework clone. This
will prevent you from committing modules that raise WARNINGS or ERRORS.
Thanks for your interest in making Metasploit -- and therefore, the
world -- a better place! What you see here in CONTRIBUTING.md is a
bullet-point list of the do's and don'ts of how to make sure *your*
valuable contributions actually make it into Metasploit's master branch.

If you care not to follow these rules, your contribution **will** be
closed (*Road House* style). Sorry!

Incidentally, this is a **short** list. The
[wiki](https://github.com/rapid7/metasploit-framework/wiki) is much more
exhaustive and reveals many mysteries. If you read nothing else, take a
look at the standard [development environment setup
guide](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment)
and Metasploit's [Common Coding Mistakes](https://github.com/rapid7/metasploit-framework/wiki/Common-Metasploit-Module-Coding-Mistakes).

## Code Contributions

* **Do** stick to the [Ruby style guide](https://github.com/bbatsov/ruby-style-guide).
* **Do** follow the [50/72 rule](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) for Git commit messages.
* **Do** create a [topic branch](http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches) to work on instead of working directly on `master`.

### Pull Requests

* **Do** specify a descriptive title to make searching for your pull request easier.
* **Do** include [console output](https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks), especially for witnessable effects in `msfconsole`.
* **Do** list [verification steps](https://help.github.com/articles/writing-on-github#task-lists) so your code is testable.
* **Don't** leave your pull request description blank.
* **Don't** abandon your pull request. Being responsive helps us land your code faster.

Pull requests [#2940](https://github.com/rapid7/metasploit-framework/pull/2940) and [#3043](https://github.com/rapid7/metasploit-framework/pull/3043) are a couple good examples to follow.

#### New Modules

* **Do** run `tools/msftidy.rb` against your module and fix any errors or warnings that come up. Even better would be to set up `msftidy.rb` as a [pre-commit hook](https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb).
* **Do** use the [API](https://dev.metasploit.com/documents/api/). Wheel improvements are welcome; wheel reinventions, not so much.
* **Don't** include more than one module per pull request.

#### Library Code

* **Do** write [RSpec](http://rspec.info/) tests - even the smallest change in library land can thoroughly screw things up.
* **Do** follow [Better Specs](http://betterspecs.org/) - it's like the style guide for specs.
* **Do** write [YARD](http://yardoc.org/) documentation - this makes it easier for people to use your code.

#### Bug Fixes

* **Do** include reproduction steps in the form of verification steps.
* **Do** include a link to the corresponding [Redmine](https://dev.metasploit.com/redmine/projects/framework) issue in the format of `SeeRM #1234` in your commit description.

## Bug Reports

* **Do** report vulnerabilities in Rapid7 software to security@rapid7.com.
* **Do** create a Redmine account and report your bug there.
* **Do** write a detailed description of your bug and use a descriptive title.
* **Do** include reproduction steps, stack traces, and anything else that might help us verify and fix your bug.
* **Don't** file duplicate reports - search for your bug before filing a new report.
* **Don't** report a bug on GitHub. Use [Redmine](https://dev.metasploit.com/redmine/projects/framework) instead.

Redmine issues [#8762](https://dev.metasploit.com/redmine/issues/8762) and [#8764](https://dev.metasploit.com/redmine/issues/8764) are a couple good examples to follow.

If you need some more guidance, talk to the main body of open
source contributors over on the [Freenode IRC channel](http://webchat.freenode.net/?channels=%23metasploit&uio=d4)
or e-mail us at [metasploit-hackers](https://lists.sourceforge.net/lists/listinfo/metasploit-hackers)
mailing list.

Also, **thank you** for taking the few moments to read this far! You're
already way ahead of the curve, so keep it up!
150 changes: 21 additions & 129 deletions HACKING
@@ -1,146 +1,38 @@
# $Id$
HACKING
=======

This file contains some brief instructions on contributing to the
Metasploit Framework.
(Last updated: 2014-03-04)

Code Style
==========
This document almost entirely deprecated by:

In order to maintain consistency and readability, we ask that you
adhere to the following style guidelines:
CONTRIBUTING.md

- Standard Ruby two-space soft tabs, not hard tabs.
- Try to keep your lines under 100 columns (assuming two-space tabs)
- do; end instead of {} for a block
- Always use str[0,1] instead of str[0]
(This avoids a known ruby 1.8/1.9 incompatibility.)
- Method names should always be lower_case and words separated by "_"
- Variable names should be lower case with words separated by "_"
- Don't depend on any external gems or libraries without talking to
todb to resolve packaging and licensing issues
in the same directory as this file, and to a lesser extent:

You can use the the "./tools/msftidy.rb" script to do some rudimentary
checking for various violations.


Code No-Nos
===========

1. Don't print to standard output. Doing so means that users of
interfaces other than msfconsole, such as msfrpc and msfgui, won't see
your output. You can use print_line to accomplish the same thing as
puts.

2. Don't read from standard input, doing so will make your code
lock up the entire module when called from other interfaces. If you
need user input, you can either register an option or expose an
interactive session type specific for the type of exploit.

3. Always use Rex sockets, not ruby sockets. This includes
third-party libraries such as Net::Http. There are several very good
reasons for this rule. First, the framework doesn't get notified on
the creation of ruby sockets and won't know how to clean them up in
case your module raises an exception without cleaning up after itself.
Secondly, non-Rex sockets do not know about routes and therefore can't
be used through a meterpreter tunnel. Lastly, regular sockets miss
out on msf's proxy and SSL features. Msf includes many protocols
already implemented with Rex and if the protocol you need is missing,
porting another library to use them is straight-forward. See our
Net::SSH modifications in lib/net/ssh/ for an example.

4. When opening an IO stream, always force binary with "b" mode (or
using IO#binmode). This not only helps keep Windows and non-Windows
runtime environments consistent with each other, but also guarantees
that files will be treated as ASCII-8BIT instead of UTF-8.

5. Don't use String#[] for a single character. This returns a Fixnum in
ruby 1.8 and a String in 1.9, so it's safer to use the following idiom:
str[idx,1]
which always returns a String. If you need the ASCII byte, unpack it like
so:
tr[idx,1].unpack("C")[0]

6. Whenever possible, avoid using '+' or '+=' to concatenate strings.
The '<<' operator is significantly faster. The difference will become
even more apparent when doing string manipulation in a loop. The
following table approximates the underlying implementation:

Ruby Pseudo-C
----------- ----------------
a = b + c a = malloc(b.len+c.len+1);
strcpy(a, b);
memcpy(a+b.len, c, c.len);
a[b.len + c.len] = '\0';
a = b a = b;
a << c a = realloc(a, a.len+c.len+1);
memcpy(a+a.len, c, c.len);
a[a.len + c.len] = '\0';

Note that the original value of 'b' is lost in the second case. Care
must be taken to duplicate strings that you do not want to modify.

7. For other Ruby 1.8.x/1.9.x compat issues, please see Sam Ruby's
excellent slide show at <http://slideshow.rubyforge.org/ruby19.html>
for an overview of common and not-so-common Ruby version related gotchas.

8. Never, ever use $global variables. This applies to modules, mixins,
and libraries. If you need a "global" within a specific class, you can
use @@class_variables, but most modules should use @instance variables
to store information between methods.

9. Don't craft your XML document raw or by using Nokogiri, the current
preferred way is REXML.

Creating New Modules
====================

When creating a new module, the simplest way to start is to copy
another module that uses the same protocol and modify it to your
needs. If you're creating an exploit module, generally you'll want
to edit the exploit() method. Auxiliary Scanner modules use one of
run_host(), run_range(), or run_batch() instead of exploit().
Non-scanner aux modules use run().


Submitting Your Code
====================

To get started with a Metasploit Framework source clone, simply:

- Fork rapid7/metasploit-framework to your GitHub account
- git clone git://github.com/YourName/metasploit-framework.git
- gem install bundler
- bundle install
The Metasploit Development Environment
https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Development-Environment

More detailed documentation regarding the process for submitting new
modules via GitHub is documented here:
Common Coding Mistakes
https://github.com/rapid7/metasploit-framework/wiki/Common-Metasploit-Module-Coding-Mistakes

https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Development-Environment
The Ruby Style Guide
https://github.com/bbatsov/ruby-style-guide

This describes the process of forking, editing, and generating a
pull request, and is the preferred method for bringing new modules
and framework enhancements to the attention of the core Metasploit
development team. Note that this process requires a GitHub account.
Ruby 1.9: What to Expect
http://slideshow.rubyforge.org/ruby19.html

For Git commits, please adhere to 50/72 formatting: your commits should
start with a line 50 characters or less, followed by a blank line,
followed by one or more lines of explanatory text wrapped at at 72
characters Pull requests with commits not formatted this way will
be rejected without review.
You can use the the "./tools/msftidy.rb" script against your new and
changed modules to do some rudimentary checking for various style and
syntax violations.

For modules, note that Author field is not automatic, and should be
filled in in the format of 'Your Name <user[at]domain.tld>' so future
developers can contact you with any questions.
Licensing for Your New Content
==============================

Licensing
=========
By submitting code contributions to the Metasploit Project it is
assumed that you are offering your code under the Metasploit License
or similar 3-clause BSD-compatible license. MIT and Ruby Licenses
or similar 3-clause BSD-compatible license. MIT and Ruby Licenses
are also fine. We specifically cannot include GPL code. LGPL code
is accepted on a case by case basis for libraries only and is never
is accepted on a case by case basis for libraries only and is never
accepted for modules.

When possible, such as aux and exploit modules, be sure to include
your license designation in the file in the appropriate place.

9 changes: 9 additions & 0 deletions LICENSE
Expand Up @@ -15,6 +15,10 @@ License: BSD-3-clause
# Last updated: 2013-Nov-04
#

Files: data/templates/to_mem_pshreflection.ps1.template
Copyright: 2012, Matthew Graeber
License: BSD-3-clause

Files: data/john/*
Copyright: 1996-2011 Solar Designer.
License: GPL-2
Expand Down Expand Up @@ -147,6 +151,11 @@ Files: modules/payloads/singles/windows/speak_pwned.rb
Copyright: 2009-2010 Berend-Jan "SkyLined" Wever <berendjanwever@gmail.com>
License: BSD-3-clause

Files: data/webcam/api.js
Copyright: Copyright 2013 Muaz Khan<@muazkh>.
License: MIT


#
# Gems
#
Expand Down
Binary file not shown.
Binary file added data/exploits/cve-2014-1610/metasploit.djvu
Binary file not shown.
1 change: 1 addition & 0 deletions data/exploits/cve-2014-1610/readme.md
@@ -0,0 +1 @@
Any DjVu file can be used this is just a snazzy Metasploit one
22 changes: 19 additions & 3 deletions data/js/detect/os.js
Expand Up @@ -184,6 +184,9 @@ window.os_detect.getVersion = function(){
} else if (platform.match(/arm/)) {
// Android and maemo
arch = arch_armle;
if (navigator.userAgent.match(/android/i)) {
os_flavor = 'Android';
}
}
} else if (platform.match(/windows/)) {
os_name = oses_windows;
Expand All @@ -193,8 +196,7 @@ window.os_detect.getVersion = function(){
if (!ua_version || 0 == ua_version.length) {
ua_is_lying = true;
}
} else if (!document.all && navigator.taintEnabled ||
'MozBlobBuilder' in window) {
} else if (navigator.oscpu && !document.all && navigator.taintEnabled || 'MozBlobBuilder' in window) {
// Use taintEnabled to identify FF since other recent browsers
// implement window.getComputedStyle now. For some reason, checking for
// taintEnabled seems to cause IE 6 to stop parsing, so make sure this
Expand All @@ -210,7 +212,9 @@ window.os_detect.getVersion = function(){
// Thanks to developer.mozilla.org "Firefox for developers" series for most
// of these.
// Release changelogs: http://www.mozilla.org/en-US/firefox/releases/
if (css_is_valid('image-orientation',
if (css_is_valid('cursor', 'cursor', 'grab')) {
ua_version = '27.0';
} else if (css_is_valid('image-orientation',
'imageOrientation',
'0deg')) {
ua_version = '26.0';
Expand Down Expand Up @@ -877,6 +881,18 @@ window.os_detect.getVersion = function(){
os_flavor = "7";
os_sp = "SP1";
break;
case "11016428":
// IE 11.0.9600.16428 / Windows 7 SP1
ua_version = "11.0";
os_flavor = "7";
os_sp = "SP1";
break;
case "10016384":
// IE 10.0.9200.16384 / Windows 8 x86
ua_version = "10.0";
os_flavor = "8";
os_sp = "SP0";
break;
case "1000":
// IE 10.0.8400.0 (Pre-release + KB2702844), Windows 8 x86 English Pre-release
ua_version = "10.0";
Expand Down

0 comments on commit 3ea3968

Please sign in to comment.