Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging

Author: tasos-r7

data/armitage/armitage.jar

@@ -1,6 +1,35 @@
 Armitage Changelog
 ==================
 
+6 Mar 13 (tested against msf ca43900a7)
+--------
+- Active console now gets higher priority when polling msf for output
+- Improved team server responsiveness in high latency situations by 
+  creating additional connections to server to balance messages over
+- Preferences are now shared among each Armitage connection.
+
+6 Mar 13 (2000h)
+--------
+- Fixed issue with additional team server connections reporting wrong
+  application and receiving a summary rejection by the team server.
+
+Cortana Updates (for scripters)
+--------
+- Added a &publish, &query, &subscribe API to allow inter-script 
+  communication across the team server.
+- Added &table_update to set the contents of a table tab without 
+  disturbing the highlighted rows.
+- Added an exec_error event. Fired when &m_exec or &m_exec_local fail
+  due to an error reported by meterpreter.
+- Fixed a bug that sometimes caused session_sync to fire twice (boo!)
+- Added a 60s timeout to &s_cmd commands. Cortana will give a shell
+  command 60s to execute. If it doesn't finish in that time, Cortana
+  will release the lock on the shell so the user can control it.
+  (ideally, this shouldn't happen... this is a safety mechanism)
+- Changed Meterpreter command timeout to 2m from 12s. This is because
+  https meterpreter might not checkin for up to 60s, if it's been
+  idle for a long time. This will make &m_cmd less likely to timeout
+
 12 Feb 13 (tested against msf 16438)
 ---------
 - Fixed a corner case preventing the display of removed host labels 

data/armitage/cortana.jar

@@ -3,7 +3,7 @@
 		<center><h1>Armitage 1.45</h1></center>
 
 		<p>An attack management tool for Metasploit&reg;
-		<br />Release: 12 Feb 13</p>
+		<br />Release: 6 Mar 13</p>
 		<br />
 		<p>Developed by:</p>
 

data/armitage/whatsnew.txt

@@ -188,13 +188,24 @@ sub table_selected_single {
 
 # table_set($table, @rows)
 sub table_set {
-	local('$model $row');
-	$model = [$1 getModel];
-	[$model clear: size($2) * 2];
-	foreach $row ($2) {
-		[$model addEntry: $row];
-	}
-	[$model fireListeners];
+	later(lambda({
+		local('$model $row');
+		$model = [$a getModel];
+		[$model clear: size($b) * 2];
+		foreach $row ($b) {
+			[$model addEntry: $row];
+		}
+		[$model fireListeners];
+	}, $a => $1, $b => $2));
+}
+
+# table_set($table, @rows)
+sub table_update {
+	later(lambda({
+		[$a markSelections];
+		table_set($a, $b);
+		[$a restoreSelections];
+	}, $a => $1, $b => $2));
 }
 
 # table_sorter($table, index, &function);

external/source/armitage/resources/about.html

@@ -583,6 +583,39 @@ sub data_add {
 	call("db.key_add", $1, $data);
 }
 
+#
+# a publish/query/subscribe API
+#
+
+# publish("key", $object)
+sub publish {
+	local('$data');
+	$data = [msf.Base64 encode: cast(pack("o", $2, 1), 'b')];
+	call_async("armitage.publish", $1, "$data $+ \n");
+}
+
+# query("key", "index")
+sub query {
+	local('$r @r $result');
+	$r = call("armitage.query", $1, $2)['data'];
+	if ($r ne "") {
+		foreach $result (split("\n", $r)) {
+			push(@r, unpack("o", [msf.Base64 decode: $result])[0]);
+		}
+	}
+	return @r;
+}
+
+# subscribe("key", "index", "1s/5s/10s/15s/30s/1m/5m/10m/15m/20m/30m/60m")
+sub subscribe {
+	on("heartbeat_ $+ $3", lambda({
+		local('$result');
+		foreach $result (query($key, $index)) {
+			fire_event_local($key, $result, $index);
+		}
+	}, $key => $1, $index => $2));
+}
+
 #
 # Shell shock?
 #
@@ -834,7 +867,7 @@ sub m_exec {
 			}, \$command, \$channel, \$buffer));
 		}
 		else {
-			# this is probably ok...
+			fire_event_local("exec_error", $1, $command, ["$3" trim]);
 		}
 	}, \$command));
 }

external/source/armitage/scripts-cortana/internal-ui.sl

@@ -15,7 +15,7 @@ import graph.*;
 
 import java.awt.image.*;
 
-global('$frame $tabs $menubar $msfrpc_handle $REMOTE $cortana $MY_ADDRESS $DESCRIBE @CLOSEME');
+global('$frame $tabs $menubar $msfrpc_handle $REMOTE $cortana $MY_ADDRESS $DESCRIBE @CLOSEME @POOL');
 
 sub describeHost {
 	local('$desc');
@@ -164,20 +164,32 @@ sub _connectToMetasploit {
 				$client = [new MsgRpcImpl: $3, $4, $1, long($2), $null, $debug];
 				$aclient = [new RpcAsync: $client];
 				$mclient = $client;
+				push(@POOL, $aclient);
 				initConsolePool();
 				$DESCRIBE = "localhost";
 			}
 			# we have a team server... connect and authenticate to it.
 			else {
+				[$progress setNote: "Connected: logging in"];
 				$client = c_client($1, $2);
-				setField(^msf.MeterpreterSession, DEFAULT_WAIT => 20000L);
 				$mclient = setup_collaboration($3, $4, $1, $2);
 				$aclient = $mclient;
 
 				if ($mclient is $null) {
 					[$progress close];
 					return;
 				}
+				else {
+					[$progress setNote: "Connected: authenticated"];
+				}
+
+				# create six additional connections to team server... for balancing consoles.
+				local('$x $cc');
+				for ($x = 0; $x < 6; $x++) {
+					$cc = c_client($1, $2);
+					call($cc, "armitage.validate", $3, $4, $null, "armitage", 120326);
+					push(@POOL, $cc);
+				}
 			}
 			$flag = $null;
 		}

external/source/armitage/scripts-cortana/internal.sl

@@ -57,12 +57,21 @@ sub parseYaml {
 sub loadPreferences {
 	local('$file $prefs');
 	$file = getFileProper(systemProperties()["user.home"], ".armitage.prop");
-	$prefs = [new Properties];
-	if (-exists $file) {
-		[$prefs load: [new java.io.FileInputStream: $file]];
+	if ($__frame__ !is $null && [$__frame__ getPreferences] !is $null) {
+		$prefs = [$__frame__ getPreferences];
 	}
 	else {
-		[$prefs load: resource("resources/armitage.prop")];
+		$prefs = [new Properties];
+		if (-exists $file) {
+			[$prefs load: [new java.io.FileInputStream: $file]];
+		}
+		else {
+			[$prefs load: resource("resources/armitage.prop")];
+		}
+
+		if ($__frame__ !is $null) {
+			[$__frame__ setPreferences: $prefs];
+		}
 	}
 
 	# parse command line options here.

external/source/armitage/scripts/armitage.sl

@@ -290,7 +290,7 @@ sub createShellSessionTab {
 			return;
 		}
 
-		$thread = [new ConsoleClient: $console, $client, "session.shell_read", "session.shell_write", $null, $sid, 0];
+		$thread = [new ConsoleClient: $console, rand(@POOL), "session.shell_read", "session.shell_write", $null, $sid, 0];
 		[$frame addTab: "Shell $sid", $console, lambda({ 
 			call_async($mclient, "armitage.unlock", $sid);
 			[$thread kill];

external/source/armitage/scripts/preferences.sl

@@ -78,7 +78,7 @@ sub setupEventStyle {
 
 sub createDisplayTab {
 	local('$console $host $queue $file');
-	$queue = [new ConsoleQueue: $client];
+	$queue = [new ConsoleQueue: rand(@POOL)];
 	if ($1 eq "Log Keystrokes") {
 		$console = [new ActivityConsole: $preferences];
 	}
@@ -100,7 +100,7 @@ sub createConsolePanel {
 	setupConsoleStyle($console);
 
 	$result = call($client, "console.create");
-	$thread = [new ConsoleClient: $console, $aclient, "console.read", "console.write", "console.destroy", $result['id'], $1];
+	$thread = [new ConsoleClient: $console, rand(@POOL), "console.read", "console.write", "console.destroy", $result['id'], $1];
 	[$thread setMetasploitConsole];
 
 	[$thread setSessionListener: {