Permalink
Browse files

Merge branch 'master' into feature/railgun/error_msg

Conflicts:
	data/meterpreter/ext_server_stdapi.dll
  • Loading branch information...
2 parents ad82ecd + cc81024 commit cbc9179b4c52365f5ebd9c0a126330a9047af997 @dmaloney-r7 dmaloney-r7 committed Sep 19, 2012
Showing 1,736 changed files with 94,380 additions and 142,063 deletions.
View
Binary file not shown.
View
Binary file not shown.
View
@@ -1,6 +1,28 @@
Armitage Changelog
==================
+5 Sept 12 (tested against msf r15804)
+---------
+- Setup dialog now trims host, port, user, and pass fields.
+- Armitage now complains when it can't write to your preferences
+ file (versus just hanging without a real error message)
+- View -> Jobs now queries jobs in a thread outside of UI thread
+- Tab completion now uses a separate thread to call into the RPC
+ server. This prevents a deadlock if server is not responding.
+- Login -> psexec now shows when 445 is open on a Windows machine.
+ The old criteria was too restrictive.
+- Added a helper to set Wordlist option
+- Armitage now sets a random LPORT for non-exploit modules with an
+ LPORT option (e.g., post modules that do priv escalation)
+- Armitage now shows an error if it can't open a Win command shell
+- Steal Token dialog now uses incognito module to get token data
+ instead of the MSF post module. This is more reliable.
+- You may now setup the reverse payload for current_user_psexec
+
+Cortana Updates (for scripters)
+--------
+- added an eventlog popup hook
+
16 Aug 12 (tested against msf r15753)
----------
- Dynamic workspaces now removes closed services from its set of
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
View
Binary file not shown.
Binary file not shown.
@@ -3,7 +3,7 @@
<center><h1>Armitage 1.44</h1></center>
<p>An attack management tool for Metasploit&reg;
- <br />Release: 16 Aug 12</p>
+ <br />Release: 5 Sept 12</p>
<br />
<p>Developed by:</p>
@@ -600,7 +600,7 @@ sub host_attack_items {
foreach $port => $service (%hosts[$2[0]]['services']) {
$name = $service['name'];
- if ($name eq "smb" && "*Windows*" iswm getHostOS($2[0])) {
+ if ($port == 445 && "*Windows*" iswm getHostOS($2[0])) {
push(@options, @("psexec", lambda(&pass_the_hash, $hosts => $2)));
}
else if ("scanner/ $+ $name $+ / $+ $name $+ _login" in @auxiliary) {
@@ -645,6 +645,7 @@ sub addFileListener {
$actions["Template"] = $actions["*FILE*"];
$actions["SigningCert"] = $actions["*FILE*"];
$actions["SigningKey"] = $actions["*FILE*"];
+ $actions["Wordlist"] = $actions["*FILE*"];
$actions["WORDLIST"] = $actions["*FILE*"];
# set up an action to choose a session
@@ -15,6 +15,11 @@ sub createEventLogTab {
setupEventStyle($console);
logCheck($console, "all", "events");
+ # define a menu for the eventlog
+ [$console setPopupMenu: {
+ installMenu($2, "eventlog", @());
+ }];
+
$client = [$cortana getEventLog: $console];
[$client setEcho: $null];
[$console updatePrompt: "> "];
@@ -23,7 +28,7 @@ sub createEventLogTab {
[$console updateProperties: $preferences];
}
- [$frame addTab: "Event Log", $console, $null];
+ [$frame addTab: "Event Log", $console, $null];
}
sub verify_server {
@@ -250,6 +250,9 @@ sub _launch_dialog {
else if ($key eq "LHOST") {
$default = $MY_ADDRESS;
}
+ else if ($key eq "LPORT" && $value['default'] eq '4444') {
+ $default = randomPort();
+ }
else if ($key eq "RHOSTS" && size($5) > 0) {
$default = join(", ", $5);
}
@@ -533,7 +536,7 @@ sub createJobsTab {
[$sorter setComparator: 3, { return $1 <=> $2; }];
$jobsf = lambda(&updateJobsTable, \$model);
- [$jobsf];
+ thread($jobsf);
[$panel add: [new JScrollPane: $table], [BorderLayout CENTER]];
@@ -30,6 +30,15 @@ sub oneTimeShow {
}, $command => $1);
}
+sub m_cmd_callback {
+ if ($mclient is $null) {
+ warn("Dropping: " . @_ . " - collab check not complete!");
+ return;
+ }
+
+ [session($1) addCommand: $3, "$2 $+ \n"];
+}
+
# m_cmd("session", "command here")
sub m_cmd {
if ($mclient is $null) {
@@ -98,7 +98,7 @@ sub moduleAction {
thread(lambda({
if ($path in @exploits || $path in @auxiliary || $path in @payloads || $path in @post) {
if ($type eq "exploit") {
- if (isClientside($path)) {
+ if (isClientside($path) || $path eq "windows/local/current_user_psexec") {
launch_dialog($path, $type, $path, 1, $hosts);
}
else {
@@ -130,10 +130,15 @@ sub loadDatabasePreferences {
}
sub savePreferences {
- local('$file');
- $file = getFileProper(systemProperties()["user.home"], ".armitage.prop");
- if (-exists getFileParent($file)) {
- [$preferences save: [new java.io.FileOutputStream: $file], "Armitage Configuration"];
+ try {
+ local('$file $exception');
+ $file = getFileProper(systemProperties()["user.home"], ".armitage.prop");
+ if (-exists getFileParent($file)) {
+ [$preferences save: [new java.io.FileOutputStream: $file], "Armitage Configuration"];
+ }
+ }
+ catch $exception {
+ showError("I could not save your preferences:\n $+ $exception");
}
}
@@ -86,6 +86,9 @@ global('%shells $ashell $achannel %maxq %wait');
m_cmd($sid, "read $channel");
}, \$command, \$channel, \$pid, $sid => $1));
}
+ else if ($0 eq "end") {
+ showError($2);
+ }
};
%handlers["write"] = {
@@ -8,41 +8,53 @@ import java.awt.event.*;
import javax.swing.*;
sub updateTokenList {
- local('$queue');
- $queue = [new armitage.ConsoleQueue: $client];
- [$queue addCommand: $null, "use post/windows/gather/enum_domain_tokens"];
- [$queue addCommand: $null, "set SESSION $1"];
- [$queue addCommand: "x", "run"];
-
+ # update the dialog to indicate that things are changing...
[$3 setEnabled: 0];
[$3 setText: "Grabbing tokens..."];
- [$queue addListener: lambda({
- local('@rows $row');
-
- @rows = parseTextTable($3, @("Token Type", "Account Type", "Name", "Domain Admin"));
- [$model clear: size(@rows)];
- foreach $row (@rows) {
- [$model addEntry: $row];
+ # setup incognito and list the tokens...
+ m_cmd_callback($1, "use incognito", {});
+ m_cmd_callback($1, "sysinfo", {});
+ m_cmd_callback($1, "sysinfo", {});
+ m_cmd_callback($1, "sysinfo", {});
+ m_cmd_callback($1, "list_tokens -u", lambda({
+ if ($0 eq "end") {
+ local('$entry $row $type');
+ [$model clear: 32];
+ foreach $entry (split("\n", $2)) {
+ $entry = ["$entry" trim];
+ if ($entry eq "Delegation Tokens Available") {
+ $type = "delegation";
+ }
+ else if ($entry eq "Impersonation Tokens Available") {
+ $type = "impersonation";
+ }
+ else if ($entry ismatch '=*' || $entry eq "No tokens available" || " " isin $entry) {
+ # do nothing...
+ }
+ else if ($entry ne "") {
+ $row = %();
+ $row['Token Type'] = $type;
+ $row['Name'] = $entry;
+ [$model addEntry: $row];
+ }
+ }
+ [$model fireListeners];
+
+ dispatchEvent(lambda({
+ [$refresh setEnabled: 1];
+ [$refresh setText: "Refresh"];
+ }, \$refresh));
}
- [$model fireListeners];
-
- dispatchEvent(lambda({
- [$refresh setEnabled: 1];
- [$refresh setText: "Refresh"];
- }, \$refresh));
-
- [$queue stop];
- }, $model => $2, $refresh => $3, \$queue)];
- [$queue start];
+ }, $model => $2, $refresh => $3));
}
sub stealToken {
local('$dialog $table $model $steal $revert $whoami $refresh');
$dialog = [new JPanel];
[$dialog setLayout: [new BorderLayout]];
- ($table, $model) = setupTable("Name", @("Token Type", "Account Type", "Name", "Domain Admin"), @());
+ ($table, $model) = setupTable("Name", @("Token Type", "Name"), @());
[$table setSelectionMode: [ListSelectionModel SINGLE_SELECTION]];
[$dialog add: [new JScrollPane: $table], [BorderLayout CENTER]];
@@ -398,16 +398,23 @@ sub connectDialog {
[$dialog add: center($button, $help), [BorderLayout SOUTH]];
[$button addActionListener: lambda({
+ local('$h $p $u $s @o');
+
+ # clean up the user options...
+ @o = @([$host getText], [$port getText], [$user getText], [$pass getText]);
+ @o = map({ return ["$1" trim]; }, @o);
+ ($h, $p, $u, $s) = @o;
+
[$dialog setVisible: 0];
- connectToMetasploit([$host getText], [$port getText], [$user getText], [$pass getText]);
+ connectToMetasploit($h, $p, $u, $s);
- if ([$host getText] eq "127.0.0.1") {
+ if ($h eq "127.0.0.1" || $h eq "localhost") {
try {
- closef(connect("127.0.0.1", [$port getText], 1000));
+ closef(connect("127.0.0.1", $p, 1000));
}
catch $ex {
if (!askYesNo("A Metasploit RPC server is not running or\nnot accepting connections yet. Would you\nlike me to start Metasploit's RPC server\nfor you?", "Start Metasploit?")) {
- startMetasploit([$user getText], [$pass getText], [$port getText]);
+ startMetasploit($u, $s, $p);
}
}
}
@@ -20,71 +20,88 @@ public Console getWindow() {
return window;
}
- public GenericTabCompletion(Console window) {
- this.window = window;
+ public GenericTabCompletion(Console windowz) {
+ this.window = windowz;
window.addActionForKey("pressed TAB", new AbstractAction() {
- public void actionPerformed(ActionEvent ev) {
+ public void actionPerformed(final ActionEvent ev) {
tabComplete(ev);
}
});
}
public abstract Collection getOptions(String text);
- public void tabComplete(ActionEvent ev) {
- String text = window.getInput().getText();
- if (text.length() == 0)
- return;
+ private void tabCompleteFirst(String text) {
+ try {
+ LinkedHashSet responses = new LinkedHashSet();
+ Collection options = getOptions(text);
- if (tabs != null && tabs.hasNext() && text.equals(last)) {
- last = (String)tabs.next();
- window.getInput().setText(last);
- }
- else {
- try {
- LinkedHashSet responses = new LinkedHashSet();
- Collection options = getOptions(text);
-
- if (options == null)
- return;
-
- /* cycle through all of our options, we want to split items up to the
- first slash. We also want them to be unique and ordered (hence the
- linked hash set */
- Iterator i = options.iterator();
- while (i.hasNext()) {
- String option = i.next() + "";
-
- String begin;
- String end;
-
- if (text.length() > option.length()) {
- begin = option;
- end = "";
- }
- else {
- begin = option.substring(0, text.length());
- end = option.substring(text.length());
- }
+ if (options == null)
+ return;
- int nextSlash;
- if ((nextSlash = end.indexOf('/')) > -1 && (nextSlash + 1) < end.length()) {
- end = end.substring(0, nextSlash);
- }
+ /* cycle through all of our options, we want to split items up to the
+ first slash. We also want them to be unique and ordered (hence the
+ linked hash set */
+ Iterator i = options.iterator();
+ while (i.hasNext()) {
+ String option = i.next() + "";
- responses.add(begin + end);
+ String begin;
+ String end;
+
+ if (text.length() > option.length()) {
+ begin = option;
+ end = "";
+ }
+ else {
+ begin = option.substring(0, text.length());
+ end = option.substring(text.length());
+ }
+
+ int nextSlash;
+ if ((nextSlash = end.indexOf('/')) > -1 && (nextSlash + 1) < end.length()) {
+ end = end.substring(0, nextSlash);
}
- responses.add(text);
+ responses.add(begin + end);
+ }
+
+ responses.add(text);
+ synchronized (window) {
tabs = responses.iterator();
last = (String)tabs.next();
+ }
+
+ SwingUtilities.invokeLater(new Runnable() {
+ public void run() {
+ window.getInput().setText(last);
+ }
+ });
+ }
+ catch (Exception ex) {
+ ex.printStackTrace();
+ }
+ }
+ public void tabComplete(ActionEvent ev) {
+ final String text = window.getInput().getText();
+ if (text.length() == 0)
+ return;
+
+ synchronized (window) {
+ if (tabs != null && tabs.hasNext() && text.equals(last)) {
+ last = (String)tabs.next();
window.getInput().setText(last);
+ return;
}
- catch (Exception ex) {
- ex.printStackTrace();
+ else {
+ new Thread(new Runnable() {
+ public void run() {
+ tabCompleteFirst(text);
+ }
+ }).start();
}
}
}
Oops, something went wrong.

0 comments on commit cbc9179

Please sign in to comment.