Merge branch 'upstream/master' into dynamic-transport

Author: OJ

CONTRIBUTING.md

@@ -4,8 +4,8 @@ Thanks for your interest in making Metasploit -- and therefore, the
 world -- a better place!
 
 Are you about to report a bug? Sorry to hear it. Here's our [Issue tracker].
-Please try to be as specific as you can about your problem, include steps
-to reproduce (cut and paste from your console output if it's helpful), and
+Please try to be as specific as you can about your problem; include steps
+to reproduce (cut and paste from your console output if it's helpful) and
 what you were expecting to happen.
 
 Are you about to report a security vulnerability in Metasploit itself?
@@ -18,7 +18,7 @@ Metasploit module? If so, read on...
 
 # Contributing to Metasploit
 
-What you see here in CONTRIBUTING.md is a bullet-point list of the do's
+What you see here in CONTRIBUTING.md is a bullet point list of the do's
 and don'ts of how to make sure *your* valuable contributions actually
 make it into Metasploit's master branch.
 
@@ -27,7 +27,7 @@ closed. Sorry!
 
 This is intended to be a **short** list. The [wiki] is much more
 exhaustive and reveals many mysteries. If you read nothing else, take a
-look at the standard [development environment setup] guide,
+look at the standard [development environment setup] guide
 and Metasploit's [Common Coding Mistakes].
 
 ## Code Contributions
@@ -52,7 +52,7 @@ Pull requests [PR#2940] and [PR#3043] are a couple good examples to follow.
 #### New Modules
 
 * **Do** run `tools/msftidy.rb` against your module and fix any errors or warnings that come up.
-  - Even better would be to set up `msftidy.rb` as a [pre-commit hook].
+  - It would be even better to set up `msftidy.rb` as a [pre-commit hook].
 * **Do** use the many module mixin [API]s. Wheel improvements are welcome; wheel reinventions, not so much.
 * **Don't** include more than one module per pull request.
 
@@ -80,19 +80,19 @@ Pull requests [PR#2940] and [PR#3043] are a couple good examples to follow.
 * **Do** report vulnerabilities in Rapid7 software directly to [email protected].
 * **Do** write a detailed description of your bug and use a descriptive title.
 * **Do** include reproduction steps, stack traces, and anything else that might help us verify and fix your bug.
-* **Don't** file duplicate reports - search for your bug before filing a new report.
+* **Don't** file duplicate reports; search for your bug before filing a new report.
 
 If you need some more guidance, talk to the main body of open
-source contributors over on the [Freenode IRC channel]
-or e-mail us at [metasploit-hackers] mailing list.
+source contributors over on the [Freenode IRC channel],
+or e-mail us at the [metasploit-hackers] mailing list.
 
 Also, **thank you** for taking the few moments to read this far! You're
 already way ahead of the curve, so keep it up!
 
 [Issue Tracker]:http://r-7.co/MSF-BUGv1
 [PGP key]:http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x2380F85B8AD4DB8D
 [wiki]:https://github.com/rapid7/metasploit-framework/wiki
-[scripts]: https://github.com/rapid7/metasploit-framework/tree/master/scripts
+[scripts]:https://github.com/rapid7/metasploit-framework/tree/master/scripts
 [development environment setup]:http://r-7.co/MSF-DEV
 [Common Coding Mistakes]:https://github.com/rapid7/metasploit-framework/wiki/Common-Metasploit-Module-Coding-Mistakes
 [Ruby style guide]:https://github.com/bbatsov/ruby-style-guide
@@ -104,10 +104,10 @@ already way ahead of the curve, so keep it up!
 [PR#2940]:https://github.com/rapid7/metasploit-framework/pull/2940
 [PR#3043]:https://github.com/rapid7/metasploit-framework/pull/3043
 [pre-commit hook]:https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb
-[API]:https://rapid7.github.io/metasploit-framework/api/
-[RSpec]:http://rspec.info/
-[Better Specs]:http://betterspecs.org/
-[YARD]:http://yardoc.org/
+[API]:https://rapid7.github.io/metasploit-framework/api
+[RSpec]:http://rspec.info
+[Better Specs]:http://betterspecs.org
+[YARD]:http://yardoc.org
 [Issues]:https://github.com/rapid7/metasploit-framework/issues
 [Freenode IRC channel]:http://webchat.freenode.net/?channels=%23metasploit&uio=d4
 [metasploit-hackers]:https://lists.sourceforge.net/lists/listinfo/metasploit-hackers

Gemfile.lock

@@ -24,7 +24,7 @@ PATH
       activerecord (>= 3.2.21, < 4.0.0)
       metasploit-credential (~> 0.14.3)
       metasploit-framework (= 4.11.0.pre.dev)
-      metasploit_data_models (~> 0.23.0)
+      metasploit_data_models (~> 0.23.2)
       pg (>= 0.11)
     metasploit-framework-pcap (4.11.0.pre.dev)
       metasploit-framework (= 4.11.0.pre.dev)
@@ -101,11 +101,11 @@ GEM
     gherkin (2.11.6)
       json (>= 1.7.6)
     hike (1.2.3)
-    i18n (0.6.11)
+    i18n (0.7.0)
     journey (1.0.4)
     jsobfu (0.2.1)
       rkelly-remix (= 0.0.6)
-    json (1.8.1)
+    json (1.8.2)
     mail (2.5.4)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
@@ -123,7 +123,7 @@ GEM
     metasploit-model (0.29.0)
       activesupport
       railties (< 4.0.0)
-    metasploit_data_models (0.23.1)
+    metasploit_data_models (0.23.2)
       activerecord (>= 3.2.13, < 4.0.0)
       activesupport
       arel-helpers
@@ -135,11 +135,11 @@ GEM
     meterpreter_bins (0.0.17)
     method_source (0.8.2)
     mime-types (1.25.1)
-    mini_portile (0.6.1)
+    mini_portile (0.6.2)
     msgpack (0.5.11)
     multi_json (1.0.4)
     network_interface (0.0.1)
-    nokogiri (1.6.5)
+    nokogiri (1.6.6.2)
       mini_portile (~> 0.6.0)
     packetfu (1.1.9)
     pcaprub (0.11.3)
@@ -154,7 +154,7 @@ GEM
       rack (>= 0.4)
     rack-ssl (1.3.4)
       rack
-    rack-test (0.6.2)
+    rack-test (0.6.3)
       rack (>= 1.0)
     rails (3.2.21)
       actionmailer (= 3.2.21)
@@ -175,7 +175,7 @@ GEM
     rb-readline-r7 (0.5.2.0)
     rdoc (3.12.2)
       json (~> 1.4)
-    recog (1.0.16)
+    recog (1.0.24)
       nokogiri
     redcarpet (3.1.2)
     rkelly-remix (0.0.6)
@@ -219,7 +219,7 @@ GEM
     treetop (1.4.15)
       polyglot
       polyglot (>= 0.3.1)
-    tzinfo (0.3.42)
+    tzinfo (0.3.43)
     xpath (2.0.0)
       nokogiri (~> 1.3)
     yard (0.8.7.4)

README.md

@@ -3,7 +3,7 @@ Metasploit [![Build Status](https://travis-ci.org/rapid7/metasploit-framework.pn
 The Metasploit Framework is released under a BSD-style license. See
 COPYING for more details.
 
-The latest version of this software is available from https://metasploit.com/
+The latest version of this software is available from: https://metasploit.com
 
 Bug tracking and development information can be found at:
  https://github.com/rapid7/metasploit-framework
@@ -20,8 +20,8 @@ Questions and suggestions can be sent to:
 Installing
 --
 
-Generally, you should use [the free installer](https://www.metasploit.com/download)
-which contains all dependencies and will get you up and running with a
+Generally, you should use [the free installer](https://www.metasploit.com/download),
+which contains all of the dependencies and will get you up and running with a
 few clicks. See the [Dev Environment Setup](http://r-7.co/MSF-DEV) if
 you'd like to deal with dependencies on your own.
 
@@ -34,10 +34,10 @@ resources](https://metasploit.github.io), or the [wiki].
 
 Contributing
 --
-See the [Dev Environment Setup][wiki-devenv] guide on GitHub which will
-walk you through the whole process starting from installing all the
+See the [Dev Environment Setup][wiki-devenv] guide on GitHub, which will
+walk you through the whole process from installing all the
 dependencies, to cloning the repository, and finally to submitting a
-pull request. For slightly more info, see
+pull request. For slightly more information, see
 [Contributing](https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md).
 
 

data/exploits/CVE-2015-0313/msf.swf

@@ -267,7 +267,7 @@ def tlv_pack(*args):
 		data = struct.pack('>II', 9, tlv['type']) + bytes(chr(int(bool(tlv['value']))), 'UTF-8')
 	else:
 		value = tlv['value']
-		if sys.version_info[0] < 3 and isinstance(value, __builtins__['unicode']):
+		if sys.version_info[0] < 3 and value.__class__.__name__ == 'unicode':
 			value = value.encode('UTF-8')
 		elif not is_bytes(value):
 			value = bytes(value, 'UTF-8')
@@ -396,11 +396,17 @@ def debug_print(self, msg):
 			print(msg)
 
 	def driver_init_http(self):
+		opener_args = []
+		scheme = HTTP_CONNECTION_URL.split(':', 1)[0]
+		if scheme == 'https' and ((sys.version_info[0] == 2 and sys.version_info >= (2,7,9)) or sys.version_info >= (3,4,3)):
+			import ssl
+			ssl_ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+			ssl_ctx.check_hostname=False
+			ssl_ctx.verify_mode=ssl.CERT_NONE
+			opener_args.append(urllib.HTTPSHandler(0, ssl_ctx))
 		if HTTP_PROXY:
-			proxy_handler = urllib.ProxyHandler({'http': HTTP_PROXY})
-			opener = urllib.build_opener(proxy_handler)
-		else:
-			opener = urllib.build_opener()
+			opener_args.append(urllib.ProxyHandler({scheme: HTTP_PROXY}))
+		opener = urllib.build_opener(*opener_args)
 		if HTTP_USER_AGENT:
 			opener.addheaders = [('User-Agent', HTTP_USER_AGENT)]
 		urllib.install_opener(opener)

data/meterpreter/meterpreter.py

@@ -11,14 +11,62 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20150212214222) do
+ActiveRecord::Schema.define(:version => 20150326183742) do
 
   create_table "api_keys", :force => true do |t|
     t.text     "token"
     t.datetime "created_at", :null => false
     t.datetime "updated_at", :null => false
   end
 
+  create_table "automatic_exploitation_match_results", :force => true do |t|
+    t.integer  "match_id"
+    t.integer  "run_id"
+    t.string   "state",      :null => false
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+
+  add_index "automatic_exploitation_match_results", ["match_id"], :name => "index_automatic_exploitation_match_results_on_match_id"
+  add_index "automatic_exploitation_match_results", ["run_id"], :name => "index_automatic_exploitation_match_results_on_run_id"
+
+  create_table "automatic_exploitation_match_sets", :force => true do |t|
+    t.integer  "workspace_id"
+    t.integer  "user_id"
+    t.datetime "created_at",   :null => false
+    t.datetime "updated_at",   :null => false
+  end
+
+  add_index "automatic_exploitation_match_sets", ["user_id"], :name => "index_automatic_exploitation_match_sets_on_user_id"
+  add_index "automatic_exploitation_match_sets", ["workspace_id"], :name => "index_automatic_exploitation_match_sets_on_workspace_id"
+
+  create_table "automatic_exploitation_matches", :force => true do |t|
+    t.integer  "module_detail_id"
+    t.string   "state"
+    t.integer  "nexpose_data_vulnerability_definition_id"
+    t.datetime "created_at",                               :null => false
+    t.datetime "updated_at",                               :null => false
+    t.integer  "match_set_id"
+    t.string   "matchable_type"
+    t.integer  "matchable_id"
+    t.text     "module_fullname"
+  end
+
+  add_index "automatic_exploitation_matches", ["module_detail_id"], :name => "index_automatic_exploitation_matches_on_ref_id"
+  add_index "automatic_exploitation_matches", ["module_fullname"], :name => "index_automatic_exploitation_matches_on_module_fullname"
+
+  create_table "automatic_exploitation_runs", :force => true do |t|
+    t.integer  "workspace_id"
+    t.integer  "user_id"
+    t.integer  "match_set_id"
+    t.datetime "created_at",   :null => false
+    t.datetime "updated_at",   :null => false
+  end
+
+  add_index "automatic_exploitation_runs", ["match_set_id"], :name => "index_automatic_exploitation_runs_on_match_set_id"
+  add_index "automatic_exploitation_runs", ["user_id"], :name => "index_automatic_exploitation_runs_on_user_id"
+  add_index "automatic_exploitation_runs", ["workspace_id"], :name => "index_automatic_exploitation_runs_on_workspace_id"
+
   create_table "clients", :force => true do |t|
     t.integer  "host_id"
     t.datetime "created_at"
@@ -155,19 +203,22 @@
   end
 
   create_table "loots", :force => true do |t|
-    t.integer  "workspace_id",                 :default => 1, :null => false
+    t.integer  "workspace_id",                  :default => 1, :null => false
     t.integer  "host_id"
     t.integer  "service_id"
-    t.string   "ltype",        :limit => 512
-    t.string   "path",         :limit => 1024
+    t.string   "ltype",         :limit => 512
+    t.string   "path",          :limit => 1024
     t.text     "data"
-    t.datetime "created_at",                                  :null => false
-    t.datetime "updated_at",                                  :null => false
+    t.datetime "created_at",                                   :null => false
+    t.datetime "updated_at",                                   :null => false
     t.string   "content_type"
     t.text     "name"
     t.text     "info"
+    t.integer  "module_run_id"
   end
 
+  add_index "loots", ["module_run_id"], :name => "index_loots_on_module_run_id"
+
   create_table "macros", :force => true do |t|
     t.datetime "created_at",  :null => false
     t.datetime "updated_at",  :null => false
@@ -359,6 +410,26 @@
   add_index "module_refs", ["detail_id"], :name => "index_module_refs_on_module_detail_id"
   add_index "module_refs", ["name"], :name => "index_module_refs_on_name"
 
+  create_table "module_runs", :force => true do |t|
+    t.datetime "attempted_at"
+    t.text     "fail_detail"
+    t.string   "fail_reason"
+    t.text     "module_fullname"
+    t.integer  "port"
+    t.string   "proto"
+    t.integer  "session_id"
+    t.string   "status"
+    t.integer  "trackable_id"
+    t.string   "trackable_type"
+    t.integer  "user_id"
+    t.string   "username"
+    t.datetime "created_at",      :null => false
+    t.datetime "updated_at",      :null => false
+  end
+
+  add_index "module_runs", ["session_id"], :name => "index_module_runs_on_session_id"
+  add_index "module_runs", ["user_id"], :name => "index_module_runs_on_user_id"
+
   create_table "module_targets", :force => true do |t|
     t.integer "detail_id"
     t.integer "index"
@@ -481,13 +552,16 @@
     t.integer  "port"
     t.string   "platform"
     t.text     "datastore"
-    t.datetime "opened_at",    :null => false
+    t.datetime "opened_at",     :null => false
     t.datetime "closed_at"
     t.string   "close_reason"
     t.integer  "local_id"
     t.datetime "last_seen"
+    t.integer  "module_run_id"
   end
 
+  add_index "sessions", ["module_run_id"], :name => "index_sessions_on_module_run_id"
+
   create_table "tags", :force => true do |t|
     t.integer  "user_id"
     t.string   "name",           :limit => 1024

db/schema.rb

@@ -3,6 +3,7 @@
 // 2. Be support to support 16.0 as target-player (flex-config.xml).
 // 3. Download the Flex SDK (4.6)
 // 4. Copy the Flex SDK libs (<FLEX_SDK>/framework/libs) to the AIRSDK folder (<AIR_SDK>/framework/libs)
+//      (all of them, also, subfolders, specially mx, necessary for the Base64Decoder)
 // 5. Build with: mxmlc -o msf.swf Main.as
 
 // Original code by @hdarwin89 // http://blog.hacklab.kr/flash-cve-2015-0311-%EB%B6%84%EC%84%9D/