New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Armitage 08.02.12 - adds Cortana scripting technology. #662

Merged
merged 1 commit into from Aug 2, 2012
Jump to file or symbol
Failed to load files and symbols.
+6,764 −148
Diff settings

Always

Just for now

Copy path View file
BIN +116 KB (100%) data/armitage/armitage.jar
Binary file not shown.
Copy path View file
Binary file not shown.
Copy path View file
@@ -1,6 +1,26 @@
Armitage Changelog
==================
2 Aug 12 (tested again msf r15698)
--------
- Armitage now reports vulnerability module and descriptions
properly (again) when exporting data. Had to update to match a
change to the db schema.
- Pass-the-Hash and Login dialogs now stay open if you press
shift while clicking Launch. This convention is pretty universal
to Armitage.
- Team server now buffers all of its outgoing data. I've also
disabled SO_NODELAY. This will greatly improve team server latency
on congested networks without impacting responsiveness otherwise.
- Added Cortana, a DARPA funded scripting technology, into Armitage.
There's a lot of fun to be had here.
- Armitage now queues messages to destroy a console rather than
spinning up a new thread for each closed console.
- Rendering of icons for hosts now happens outside of UI thread.
- Increased timeout for meterpreter read command
- Armitage now detects a corrupt module cache and attempts to clear
it so it can be rebuilt.
5 Jul 12
--------
- Login -> psexec now sets a different LPORT for each host it's
@@ -27,12 +27,28 @@
<unzip src="lib/jgraphx.jar" dest="bin" />
<unzip src="lib/msgpack-0.5.1-devel.jar" dest="bin" />
<unzip src="lib/postgresql-9.1-901.jdbc4.jar" dest="bin" />
<copy todir="bin/scripts">
<fileset dir="scripts" />
</copy>
<copy todir="bin/scripts-cortana">
<fileset dir="scripts-cortana" />
</copy>
<copy todir="bin/resources">
<fileset dir="resources" />
</copy>
<jar destfile="armitage.jar" basedir="bin" includes="**/*">
<manifest>
<attribute name="Main-Class" value="armitage.ArmitageMain" />
</manifest>
</jar>
<jar destfile="cortana.jar" basedir="bin" includes="**/*">
<manifest>
<attribute name="Main-Class" value="cortana.Main" />
</manifest>
</jar>
</target>
<target name="clean" description="clean up" >
@@ -1,9 +1,9 @@
<html>
<body>
<center><h1>Armitage 1.44-dev</h1></center>
<center><h1>Armitage 1.44</h1></center>
<p>An attack management tool for Metasploit&reg;
<br />Release: 5 Jul 12</p>
<br />Release: 2 Aug 12</p>
<br />
<p>Developed by:</p>
@@ -0,0 +1,95 @@
# This file is part of a stand-alone script environment that connects Cortana to
# Metasploit, Armitage, and a postgresql database. It's a little complicated and
# twisty turny in here. Here are the rough steps:
#
# 1. Connect to the database (&main)
# 2. setup the default reverse handler (&setupHandlers)
# 3. check for the collaboration server (&checkForCollaborationServer)
# 4. setup collaboration (&setup_collaboration)
# 5. call armitage.skip to push the event log pointer to the very end.
# 6. send a flag back to the Cortana load that we're ready ([$loader passObject: ...])
#
# If any of these steps fails, Cortana will exit with a hopefully helpful error
# message.
debug(7 | 34);
import msf.*;
import armitage.*;
import console.*;
import ssl.*;
# create an RPC client for talking to the deconfliction server.
sub c_client {
# run this thing in its own thread to avoid really stupid deadlock situations
local('$handle');
$handle = [[new SecureSocket: $1, int($2), $null] client];
return wait(fork({
local('$client');
$client = newInstance(^RpcConnection, lambda({
writeObject($handle, @_);
[[$handle getOutputStream] flush];
return readObject($handle);
}, \$handle));
return [new RpcAsync: $client];
}, \$handle));
}
# this function sets up a default meterpreter reverse handler on a random port. Better tha
# requiring the user to connect a client to make this happen. This function also fires the
# loader ready function which tells the script loader that this script is done processing
# and this Cortana container may continue loading and executing other scripts.
sub setupHandlers {
find_job("Exploit: multi/handler", {
if ($1 == -1) {
# setup a handler for meterpreter
call($client, "core.setg", "LPORT", randomPort());
call($client, "module.execute", "exploit", "multi/handler", %(
PAYLOAD => "windows/meterpreter/reverse_tcp",
LHOST => "0.0.0.0",
ExitOnSession => "false"
));
}
});
}
sub main {
global('$client $mclient');
local('%r $exception');
setField(^msf.MeterpreterSession, DEFAULT_WAIT => 20000L);
try {
# connect our first thread...
$mclient = c_client($host, $port);
# connect our second thread with an empty nickname
$client = c_client($host, $port);
}
catch $exception {
println("Could not connect to $host $+ : $+ $port ( $+ $exception $+ )");
[System exit: 0];
}
# setup first thread...
%r = call($mclient, "armitage.validate", $user, $pass, $nick, "armitage", 120326);
if (%r["error"] eq "1") {
println(%r['message']);
[System exit: 0];
}
# setup second thread.
%r = call($client, "armitage.validate", $user, $pass, $null, "armitage", 120326);
# pass some objects back yo.
[$loader passObjects: $client, $mclient];
# don't make previous messages available...
call($mclient, "armitage.skip");
# do some other setup stuff...
setupBaseDirectory();
setupHandlers();
}
invoke(&main);
Oops, something went wrong.
ProTip! Use n and p to navigate between commits in a pull request.