Commit bf8ef2b3 authored by Lorenzo Faletra's avatar Lorenzo Faletra

Import Debian changes 5.0.18-1parrot1

metasploit-framework (5.0.18-1parrot1) testing; urgency=medium

  * Import new Upstream release.
Signed-off-by: Lorenzo Faletra's avatarLorenzo Palinuro Faletra <palinuro@parrotsec.org>
parent 4e33bd14
# coding: utf-8
# During build, the Gemfile is temporarily moved and
# we must manually define the project root
if ENV['MSF_ROOT']
lib = File.realpath(File.expand_path('lib', ENV['MSF_ROOT']))
else
# have to use realpath as metasploit-framework is often loaded through a symlink and tools like Coverage and debuggers
# require realpaths.
lib = File.realpath(File.expand_path('../lib', __FILE__))
end
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
require 'metasploit/framework/version'
require 'metasploit/framework/rails_version_constraint'
require 'msf/util/helper'
Gem::Specification.new do |spec|
spec.name = 'metasploit-framework'
spec.version = Metasploit::Framework::GEM_VERSION
spec.authors = ['Metasploit Hackers']
spec.email = ['msfdev@metasploit.com']
spec.summary = 'metasploit-framework'
spec.description = 'metasploit-framework'
spec.homepage = 'https://www.metasploit.com'
spec.license = 'BSD-3-clause'
# only do a git ls-files if the .git folder exists and we have a git binary in PATH
if File.directory?(File.join(File.dirname(__FILE__), ".git")) && Msf::Util::Helper.which("git")
spec.files = `git ls-files`.split($/).reject { |file|
file =~ /^documentation|^external/
}
end
spec.bindir = '.'
if ENV['CREATE_BINSTUBS']
spec.executables = [
'msfconsole',
'msfd',
'msfrpc',
'msfrpcd',
'msfvenom'
]
end
spec.test_files = spec.files.grep(%r{^spec/})
spec.require_paths = ["lib"]
# Database support
spec.add_runtime_dependency 'activerecord', *Metasploit::Framework::RailsVersionConstraint::RAILS_VERSION
# Need 3+ for ActiveSupport::Concern
spec.add_runtime_dependency 'activesupport', *Metasploit::Framework::RailsVersionConstraint::RAILS_VERSION
# Needed for config.action_view for view plugin compatibility for Pro
spec.add_runtime_dependency 'actionpack', *Metasploit::Framework::RailsVersionConstraint::RAILS_VERSION
# Backports Ruby features across language versions
spec.add_runtime_dependency 'backports'
# Needed for some admin modules (cfme_manageiq_evm_pass_reset.rb)
spec.add_runtime_dependency 'bcrypt'
# Needed for Javascript obfuscation
spec.add_runtime_dependency 'jsobfu'
# Needed for some admin modules (scrutinizer_add_user.rb)
spec.add_runtime_dependency 'json'
# Metasm compiler/decompiler/assembler
spec.add_runtime_dependency 'metasm'
# Metasploit::Concern hooks
spec.add_runtime_dependency 'metasploit-concern'
# Metasploit::Credential database models
spec.add_runtime_dependency 'metasploit-credential'
# Database models shared between framework and Pro.
spec.add_runtime_dependency 'metasploit_data_models'
# Things that would normally be part of the database model, but which
# are needed when there's no database
spec.add_runtime_dependency 'metasploit-model'
# Needed for Meterpreter
spec.add_runtime_dependency 'metasploit-payloads', '1.3.66'
# Needed for the next-generation POSIX Meterpreter
spec.add_runtime_dependency 'metasploit_payloads-mettle', '0.5.12'
# Needed by msfgui and other rpc components
spec.add_runtime_dependency 'msgpack'
# get list of network interfaces, like eth* from OS.
spec.add_runtime_dependency 'network_interface'
# NTLM authentication
spec.add_runtime_dependency 'rubyntlm'
# Needed by anemone crawler
spec.add_runtime_dependency 'nokogiri'
# Needed by db.rb and Msf::Exploit::Capture
spec.add_runtime_dependency 'packetfu'
# For sniffer and raw socket modules
spec.add_runtime_dependency 'pcaprub'
# Used by the Metasploit data model, etc.
# bound to 0.2x for Activerecord 4.2.8 deprecation warnings:
# https://github.com/ged/ruby-pg/commit/c90ac644e861857ae75638eb6954b1cb49617090
spec.add_runtime_dependency 'pg', '~> 0.20'
# Run initializers for metasploit-concern, metasploit-credential, metasploit_data_models Rails::Engines
spec.add_runtime_dependency 'railties'
# required for OS fingerprinting
spec.add_runtime_dependency 'recog'
# required for bitlocker fvek extraction
spec.add_runtime_dependency 'openssl-ccm'
# Needed for documentation generation
spec.add_runtime_dependency 'octokit'
spec.add_runtime_dependency 'redcarpet'
# Needed for Microsoft patch finding tool (msu_finder)
spec.add_runtime_dependency 'patch_finder'
# Required for Metasploit Web Services
spec.add_runtime_dependency 'thin'
spec.add_runtime_dependency 'sinatra'
spec.add_runtime_dependency 'warden'
# Required for JSON-RPC client
spec.add_runtime_dependency 'em-http-request'
# TimeZone info
spec.add_runtime_dependency 'tzinfo-data'
# Gem for dealing with SSHKeys
spec.add_runtime_dependency 'sshkey'
# BitStruct Library used for handling certain Protocol Header/Packet construction
spec.add_runtime_dependency 'bit-struct'
# Library for interpreting Windows error codes and strings
spec.add_runtime_dependency 'windows_error'
# This used to be depended on by nokogiri, depended on by wmap
if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.3.0')
spec.add_runtime_dependency 'xmlrpc'
end
#
# File Parsing Libraries
#
# Needed by auxiliary/gather/http_pdf_authors module
spec.add_runtime_dependency 'pdf-reader'
spec.add_runtime_dependency 'ruby-macho'
#
# Protocol Libraries
#
spec.add_runtime_dependency 'dnsruby'
spec.add_runtime_dependency 'mqtt'
spec.add_runtime_dependency 'net-ssh'
spec.add_runtime_dependency 'ed25519' # Adds ed25519 keys for net-ssh
spec.add_runtime_dependency 'bcrypt_pbkdf'
spec.add_runtime_dependency 'ruby_smb'
#
# REX Libraries
#
# Core of the Ruby Exploitation Library
spec.add_runtime_dependency 'rex-core'
# Text manipulation library for things like generating random string
spec.add_runtime_dependency 'rex-text'
# Library for Generating Randomized strings valid as Identifiers such as variable names
spec.add_runtime_dependency 'rex-random_identifier'
# library for creating Powershell scripts for exploitation purposes
spec.add_runtime_dependency 'rex-powershell'
# Library for processing and creating Zip compatbile archives
spec.add_runtime_dependency 'rex-zip'
# Library for parsing offline Windows Registry files
spec.add_runtime_dependency 'rex-registry'
# Library for parsing Java serialized streams
spec.add_runtime_dependency 'rex-java'
# Library for C-style structs
spec.add_runtime_dependency 'rex-struct2'
# Library which contains architecture specific information such as registers, opcodes,
# and stack manipulation routines.
spec.add_runtime_dependency 'rex-arch'
# Library for working with OLE.
spec.add_runtime_dependency 'rex-ole'
# Library for creating and/or parsing MIME messages.
spec.add_runtime_dependency 'rex-mime'
# Library for Dynamic Multi-byte x86 NOP generation
spec.add_runtime_dependency 'rex-nop'
# Library for parsing and manipulating executable binaries
spec.add_runtime_dependency 'rex-bin_tools'
# Rex Socket Abstraction Layer
spec.add_runtime_dependency 'rex-socket'
# Library for scanning a server's SSL/TLS capabilities
spec.add_runtime_dependency 'rex-sslscan'
# Library and tool for finding ROP gadgets in a supplied binary
spec.add_runtime_dependency 'rex-rop_builder'
# Library for polymorphic encoders; used for payload encoding
spec.add_runtime_dependency 'rex-encoder'
# Library for exploit development helpers
spec.add_runtime_dependency 'rex-exploitation'
# Command line editing, history, and tab completion in msfconsole
spec.add_runtime_dependency 'rb-readline'
# Needed by some modules
spec.add_runtime_dependency 'rubyzip'
# Needed for some post modules
spec.add_runtime_dependency 'sqlite3'
# required for Time::TZInfo in ActiveSupport
spec.add_runtime_dependency 'tzinfo'
# Needed so that disk size output isn't horrible
spec.add_runtime_dependency 'filesize'
# Needed for openvas plugin
spec.add_runtime_dependency 'openvas-omp'
# Needed by metasploit nessus bridge
spec.add_runtime_dependency 'nessus_rest'
# Nexpose Gem
spec.add_runtime_dependency 'nexpose'
# Needed for NDMP sockets
spec.add_runtime_dependency 'xdr'
# Needed for ::Msf...CertProvider
spec.add_runtime_dependency 'faker'
# Pinned as a dependency of i18n to the last working version
spec.add_runtime_dependency 'concurrent-ruby','1.0.5'
end
drop-installation-msfupdate.patch
fix-usage-example.patch
add-missing-dependencies.patch
#!/usr/bin/env ruby
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
msfbase = __FILE__
while File.symlink?(msfbase)
msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
end
$:.unshift(File.expand_path(File.join(File.dirname(msfbase), '..', '..', 'lib')))
require 'msfenv'
require 'msf/core'
require 'msf/base'
require 'rex'
require 'optparse'
module Egghunter
class OptsConsole
def self.parse(args)
options = {}
parser = OptionParser.new do |opt|
opt.banner = "Usage: #{__FILE__} [options]\nExample: #{__FILE__} -f python -e W00T"
opt.separator ''
opt.separator 'Specific options:'
opt.on('-f', '--format <String>', "See --list-formats for a list of supported output formats") do |v|
options[:format] = v
end
opt.on('-b', '--badchars <String>', "(Optional) Bad characters to avoid for the egg") do |v|
options[:badchars] = v
end
opt.on('-e', '--egg <String>', "The egg (Please give 4 bytes)") do |v|
options[:eggtag] = v
end
opt.on('-p', '--platform <String>', "(Optional) Platform") do |v|
options[:platform] = v
end
opt.on('--startreg <String>', "(Optional) The starting register") do |v|
# Do not change this key. This should matching the one in Rex::Exploitation::Egghunter
options[:startreg] = v
end
opt.on('--forward', "(Optional) To search forward") do |v|
# Do not change this key. This should matching the one in Rex::Exploitation::Egghunter
options[:searchforward] = true
end
opt.on('--depreg <String>', "(Optional) The DEP register") do |v|
# Do not change this key. This should matching the one in Rex::Exploitation::Egghunter
options[:depreg] = v
end
opt.on('--depdest <String>', "(Optional) The DEP destination") do |v|
# Do not change this key. This should matching the one in Rex::Exploitation::Egghunter
options[:depdest] = v
end
opt.on('--depsize <Integer>', "(Optional) The DEP size") do |v|
# Do not change this key. This should matching the one in Rex::Exploitation::Egghunter
options[:depsize] = v
end
opt.on('--depmethod <String>', "(Optional) The DEP method to use (virtualprotect/virtualalloc/copy/copy_size)") do |v|
# Do not change this key. This should matching the one in Rex::Exploitation::Egghunter
options[:depmethod] = v
end
opt.on('-a', '--arch <String>', "(Optional) Architecture") do |v|
# Although this is an option, this is currently useless because we don't have x64 egghunters
options[:arch] = v
end
opt.on('--list-formats', "List all supported output formats") do
options[:list_formats] = true
end
opt.on('-v', '--var-name <name>', String, '(Optional) Specify a custom variable name to use for certain output formats') do |v|
options[:var_name] = v
end
opt.on_tail('-h', '--help', 'Show this message') do
$stdout.puts opt
exit
end
end
parser.parse!(args)
if options.empty?
raise OptionParser::MissingArgument, 'No options set, try -h for usage'
elsif options[:format].blank? && !options[:list_formats]
raise OptionParser::MissingArgument, '-f is required'
elsif options[:eggtag].blank? && !options[:list_formats]
raise OptionParser::MissingArgument, '-e is required'
elsif options[:format] && !::Msf::Simple::Buffer.transform_formats.include?(options[:format])
raise OptionParser::InvalidOption, "#{options[:format]} is not a valid format"
elsif options[:depsize] && options[:depsize] !~ /^\d+$/
raise OptionParser::InvalidOption, "--depsize must be a Integer"
end
options[:badchars] = '' unless options[:badchars]
options[:platform] = 'windows' unless options[:platform]
options[:arch] = ARCH_X86 unless options[:arch]
options[:var_name] = 'buf' unless options[:var_name]
options
end
end
class Driver
def initialize
begin
@opts = OptsConsole.parse(ARGV)
rescue OptionParser::ParseError => e
$stderr.puts "[x] #{e.message}"
exit
end
end
def run
# list_formats should check first
if @opts[:list_formats]
list_formats
return
end
egghunter = Rex::Exploitation::Egghunter.new(@opts[:platform], @opts[:arch])
raw_code = egghunter.hunter_stub('', @opts[:badchars], @opts)
output_stream = $stdout
output_stream.binmode
output_stream.write ::Msf::Simple::Buffer.transform(raw_code, @opts[:format], @opts[:var_name])
$stderr.puts
end
private
def list_formats
$stderr.puts "[*] Supported output formats:"
$stderr.puts ::Msf::Simple::Buffer.transform_formats.join(", ")
end
end
end
if __FILE__ == $PROGRAM_NAME
driver = Egghunter::Driver.new
begin
driver.run
rescue ::Exception => e
elog("#{e.class}: #{e.message}\n#{e.backtrace * "\n"}")
$stderr.puts "[x] #{e.class}: #{e.message}"
$stderr.puts "[*] If necessary, please refer to framework.log for more details."
end
end
#!/usr/bin/env ruby
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
#
# This script converts an EXE to a VBA script for Word/Excel
# Credit to PriestMaster for the original C code
#
msfbase = __FILE__
while File.symlink?(msfbase)
msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
end
$:.unshift(File.expand_path(File.join(File.dirname(msfbase), '..', '..', 'lib')))
require 'msfenv'
$:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
require 'rex'
require 'msf/base'
def usage
$stderr.puts(" Usage: #{$0} [exe] [vba]\n")
exit
end
exe = ARGV.shift
vba = ARGV.shift
if (not (exe and vba))
usage
end
out = File.new(vba, "w")
inp = File.open(exe, "rb")
dat = ""
while(buf = inp.read(8192))
dat << buf
end
out.write(Msf::Util::EXE.to_exe_vba(dat))
out.close
inp.close
$stderr.puts "[*] Converted #{dat.length} bytes of EXE into a VBA script"
#!/usr/bin/env ruby
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
#
# This script converts an EXE to a vbs script
#
msfbase = __FILE__
while File.symlink?(msfbase)
msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
end
$:.unshift(File.expand_path(File.join(File.dirname(msfbase), '..', '..', 'lib')))
require 'msfenv'
$:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
require 'rex'
require 'msf/base'
def usage
$stderr.puts(" Usage: #{$0} [exe] [vbs]\n")
exit
end
exe = ARGV.shift
vbs = ARGV.shift
if (not (exe and vbs))
usage
end
out = File.new(vbs, "w")
inp = File.open(exe, "rb")
dat = ""
while(buf = inp.read(8192))
dat << buf
end
out.write(Msf::Util::EXE.to_exe_vbs(dat))
out.close
inp.close
$stderr.puts "[*] Converted #{dat.length} bytes of EXE into a vbs script"
#!/usr/bin/env ruby
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
#
# This script is intended to assist an exploit developer in deducing what
# "bad characters" exist for a given input path to a program.
#
msfbase = __FILE__
while File.symlink?(msfbase)
msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
end
gem 'rex-text'
$:.unshift(File.expand_path(File.join(File.dirname(msfbase), '..', '..', 'lib')))
require 'msfenv'
$:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
require 'rex'
OutStatus = "[*] "
OutError = "[-] "
$args = Rex::Parser::Arguments.new(
"-b" => [ true, "The list of characters to avoid: '\\x00\\xff'" ],
"-h" => [ false, "Help banner" ],
"-i" => [ true, "Read memory contents from the supplied file path" ],
"-t" => [ true, "The format that the memory contents are in (empty to list)" ])
def usage
$stderr.puts("\n" + " Usage: #{File.basename($0)} <options>\n" + $args.usage)
exit
end
def show_format_list
$stderr.puts("Supported formats:\n")
$stderr.puts(" raw raw binary data\n")
$stderr.puts(" windbg output from windbg's \"db\" command\n")
$stderr.puts(" gdb output from gdb's \"x/bx\" command\n")
$stderr.puts(" hex hex bytes like \"\\xFF\\x41\" or \"eb fe\"\n")
end
def debug_buffer(name, buf)
str = "\n#{buf.length} bytes of "
str << name
str += ":" if buf.length > 0
str += "\n\n"
$stderr.puts str
if buf.length > 0
$stderr.puts Rex::Text.to_hex_dump(buf)
end
end
# Input defaults
badchars = ''
fmt = 'raw'
input = $stdin
# Output
new_badchars = ''
# Parse the argument and rock it
$args.parse(ARGV) { |opt, idx, val|
case opt
when "-i"
begin
input = File.new(val)
rescue
$stderr.puts(OutError + "Failed to open file #{val}: #{$!}")
exit
end
when "-b"
badchars = Rex::Text.hex_to_raw(val)
when "-t"
if (val =~ /^(raw|windbg|gdb|hex)$/)
fmt = val
else
if val.nil? or val.length < 1
show_format_list
else
$stderr.puts(OutError + "Invalid format: #{val}")
end
exit
end
when "-h"
usage
end
}
if input == $stdin
$stderr.puts(OutStatus + "Please paste the memory contents in \"" + fmt + "\" format below (end with EOF):\n")
end
# Working data set
from_msf = Rex::Text.charset_exclude(badchars)
from_dbg = ''
# Process the input
from_dbg = input.read
case fmt
when "raw"
# this should already be in the correct format :)
when "windbg"
translated = ''
from_dbg.each_line do |ln|
translated << ln.chomp[10,47].gsub!(/(-| )/, '')
end
from_dbg = Rex::Text.hex_to_raw(translated)
when "gdb"
translated = ''
from_dbg.each_line do |ln|
translated << ln.chomp.split(':')[1].gsub!(/0x/, '\x').gsub!(/ /, '')
end
from_dbg = Rex::Text.hex_to_raw(translated)
when "hex"
translated = ''
from_dbg.each_line do |ln|
translated << ln.chomp.gsub!(/ /,'')
end
from_dbg = Rex::Text.hex_to_raw(translated)
end
=begin
# Uncomment these to debug stuff ..
debug_buffer("BadChars", badchars)
debug_buffer("memory contents", from_dbg)
debug_buffer("Rex::Text.charset_exclude() output", from_msf)
=end
# Find differences between the two data sets
from_msf = from_msf.unpack('C*')
from_dbg = from_dbg.unpack('C*')
minlen = from_msf.length
minlen = from_dbg.length if from_dbg.length < minlen
(0..(minlen-1)).each do |idx|
ch1 = from_msf[idx]
ch2 = from_dbg[idx]
if ch1 != ch2
str = "Byte at index 0x%04x differs (0x%02x became 0x%02x)" % [idx, ch1, ch2]
$stderr.puts OutStatus + str
new_badchars << ch1
end
end
# show the results
if new_badchars.length < 1
$stderr.puts(OutStatus + "All characters matched, no new bad characters discovered.")
else
$stderr.puts(OutStatus + "Proposed BadChars: \"" + Rex::Text.to_hex(new_badchars) + "\"")
end
#!/usr/bin/env ruby
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
msf_base = __FILE__
while File.symlink?(msf_base)
msf_base = File.expand_path(File.readlink(msf_base), File.dirname(msf_base))
end
$:.unshift(File.expand_path(File.join(File.dirname(msf_base), '..', '..', 'lib')))
require 'rex/java/serialization'
require 'pp'
require 'optparse'
# This class allows to deserialize Java Streams from
# files
class JavaDeserializer
# @!attribute file
# @return [String] the file's path to deserialize
attr_accessor :file
# @param file [String] the file's path to deserialize
def initialize(file = nil)
self.file = file
end
# Deserializes a Java stream from a file and prints the result.
#
# @return [Rex::Java::Serialization::Model::Stream] if succeeds
# @return [nil] if error
def run(options = {})
if file.nil?
print_error("file path with serialized java stream required")
return
end
print_status("Deserializing...")