Merge branch 'master' into vagrant

Author: xlgmokha

.gitignore

@@ -68,6 +68,8 @@ external/source/exploits/**/Release
 # Avoid checking in Meterpreter binaries. These are supplied upstream by
 # the metasploit-payloads gem.
 data/meterpreter/*.dll
+data/meterpreter/*.php
+data/meterpreter/*.py
 data/meterpreter/*.bin
 data/meterpreter/*.jar
 data/meterpreter/*.lso

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    metasploit-framework (4.11.10)
+    metasploit-framework (4.11.12)
       actionpack (>= 4.0.9, < 4.1.0)
       activerecord (>= 4.0.9, < 4.1.0)
       activesupport (>= 4.0.9, < 4.1.0)
@@ -13,7 +13,7 @@ PATH
       metasploit-concern (= 1.0.0)
       metasploit-credential (= 1.0.1)
       metasploit-model (= 1.0.0)
-      metasploit-payloads (= 1.0.23)
+      metasploit-payloads (= 1.1.0)
       metasploit_data_models (= 1.2.10)
       msgpack
       network_interface (~> 0.0.1)
@@ -124,7 +124,7 @@ GEM
       activemodel (>= 4.0.9, < 4.1.0)
       activesupport (>= 4.0.9, < 4.1.0)
       railties (>= 4.0.9, < 4.1.0)
-    metasploit-payloads (1.0.23)
+    metasploit-payloads (1.1.0)
     metasploit_data_models (1.2.10)
       activerecord (>= 4.0.9, < 4.1.0)
       activesupport (>= 4.0.9, < 4.1.0)

config/database.yml.example

@@ -1,17 +1,17 @@
-# Please only use postgresql bound to a TCP port.
-# Only postgresql is supportable for metasploit-framework
-# these days. (No SQLite, no MySQL).
-#
 # To set up a metasploit database, follow the directions hosted at:
 # http://r-7.co/MSF-DEV#set-up-postgresql
+#
+# Kali Linux and the Omnibus installers both include an easy wrapper script for
+# managing your database, which may be more convenient than rolling your own.
+
 development: &pgsql
   adapter: postgresql
   database: metasploit_framework_development
   username: metasploit_framework_development
   password: __________________________________
   host: localhost
   port: 5432
-  pool: 5
+  pool: 200
   timeout: 5
 
 # You will often want to seperate your databases between dev

data/wordlists/adobe_top100_pass.txt

@@ -0,0 +1,100 @@
+123456
+123456789
+password
+adobe123
+12345678
+qwerty
+1234567
+111111
+photoshop
+123123
+1234567890
+000000
+abc123
+1234
+adobe1
+macromedia
+azerty
+iloveyou
+aaaaaa
+654321
+12345
+666666
+sunshine
+123321
+letmein
+monkey
+asdfgh
+password1
+shadow
+princess
+dragon
+adobeadobe
+daniel
+computer
+michael
+121212
+charlie
+master
+superman
+qwertyuiop
+112233
+asdfasdf
+jessica
+1q2w3e4r
+welcome
+1qaz2wsx
+987654321
+fdsa
+753951
+chocolate
+fuckyou
+soccer
+tigger
+asdasd
+thomas
+asdfghjkl
+internet
+michelle
+football
+123qwe
+zxcvbnm
+dreamweaver
+7777777
+maggie
+qazwsx
+baseball
+jennifer
+jordan
+abcd1234
+trustno1
+buster
+555555
+liverpool
+abc
+whatever
+11111111
+102030
+123123123
+andrea
+pepper
+nicole
+killer
+abcdef
+hannah
+test
+alexander
+andrew
+222222
+joshua
+freedom
+samsung
+asdfghj
+purple
+ginger
+123654
+matrix
+secret
+summer
+1q2w3e
+snoopy1

lib/metasploit/framework/version.rb

@@ -30,7 +30,7 @@ def self.get_hash
         end
       end
 
-      VERSION = "4.11.10"
+      VERSION = "4.11.12"
       MAJOR, MINOR, PATCH = VERSION.split('.').map { |x| x.to_i }
       PRERELEASE = 'dev'
       HASH = get_hash

lib/msf/base/serializer/readable_text.rb

@@ -524,18 +524,18 @@ def self.dump_datastore(name, ds, indent = DefaultIndent, col = DefaultColumnWra
   def self.dump_sessions(framework, opts={})
     ids = (opts[:session_ids] || framework.sessions.keys).sort
     verbose = opts[:verbose] || false
+    show_extended = opts[:show_extended] || false
     indent = opts[:indent] || DefaultIndent
     col = opts[:col] || DefaultColumnWrap
 
     return dump_sessions_verbose(framework, opts) if verbose
 
-    columns =
-      [
-        'Id',
-        'Type',
-        'Information',
-        'Connection'
-      ]
+    columns = []
+    columns << 'Id'
+    columns << 'Type'
+    columns << 'Checkin?' if show_extended
+    columns << 'Information'
+    columns << 'Connection'
 
     tbl = Rex::Ui::Text::Table.new(
       'Indent'  => indent,
@@ -551,11 +551,22 @@ def self.dump_sessions(framework, opts={})
         sinfo = sinfo[0,77] + "..."
       end
 
-      row = [ session.sid.to_s, session.type.to_s, sinfo, session.tunnel_to_s + " (#{session.session_host})" ]
-      if session.respond_to? :platform
-        row[1] << (" " + session.platform)
+      row = []
+      row << session.sid.to_s
+      row << session.type.to_s
+      row[-1] << (" " + session.platform) if session.respond_to?(:platform)
+
+      if show_extended
+        if session.respond_to?(:last_checkin) && session.last_checkin
+          row << "#{(Time.now.to_i - session.last_checkin.to_i)}s ago"
+        else
+          row << '?'
+        end
       end
 
+      row << sinfo
+      row << session.tunnel_to_s + " (#{session.session_host})"
+
       tbl << row
     }
 

lib/msf/core/auxiliary/redis.rb

@@ -48,29 +48,29 @@ def report_redis(version)
     def redis_command(*commands)
       command_string = printable_redis_response(commands.join(' '))
       unless (command_response = send_redis_command(*commands))
-        vprint_error("#{peer} -- no response to '#{command_string}'")
+        vprint_error("No response to '#{command_string}'")
         return
       end
       if /(?<auth_response>ERR operation not permitted|NOAUTH Authentication required)/i =~ command_response
         fail_with(::Msf::Module::Failure::BadConfig, "#{peer} requires authentication but Password unset") unless datastore['Password']
-        vprint_status("#{peer} -- requires authentication (#{printable_redis_response(auth_response, false)})")
+        vprint_status("Requires authentication (#{printable_redis_response(auth_response, false)})")
         if (auth_response = send_redis_command('AUTH', datastore['Password']))
           unless auth_response =~ /\+OK/
-            vprint_error("#{peer} -- authentication failure: #{printable_redis_response(auth_response)}")
+            vprint_error("Authentication failure: #{printable_redis_response(auth_response)}")
             return
           end
-          vprint_status("#{peer} -- authenticated")
+          vprint_status("Authenticated")
           unless (command_response = send_redis_command(*commands))
-            vprint_error("#{peer} -- no response to '#{command_string}'")
+            vprint_error("No response to '#{command_string}'")
             return
           end
         else
-          vprint_status("#{peer} -- authentication failed; no response")
+          vprint_status("Authentication failed; no response")
           return
         end
       end
 
-      vprint_status("#{peer} -- redis command '#{command_string}' got '#{printable_redis_response(command_response)}'")
+      vprint_status("Redis command '#{command_string}' got '#{printable_redis_response(command_response)}'")
       command_response
     end
 

lib/msf/core/auxiliary/scanner.rb

@@ -42,6 +42,11 @@ def check
 end
 
 
+def peer
+  # IPv4 addr can be 16 chars + 1 for : and + 5 for port
+  super.ljust(21)
+end
+
 #
 # The command handler when launched from the console
 #

lib/msf/core/db_manager/import.rb

@@ -16,7 +16,8 @@ module Msf::DBManager::Import
   autoload :Acunetix, 'msf/core/db_manager/import/acunetix'
   autoload :Amap, 'msf/core/db_manager/import/amap'
   autoload :Appscan, 'msf/core/db_manager/import/appscan'
-  autoload :Burp, 'msf/core/db_manager/import/burp'
+  autoload :BurpIssue, 'msf/core/db_manager/import/burp_issue'
+  autoload :BurpSession, 'msf/core/db_manager/import/burp_session'
   autoload :CI, 'msf/core/db_manager/import/ci'
   autoload :Foundstone, 'msf/core/db_manager/import/foundstone'
   autoload :FusionVM, 'msf/core/db_manager/import/fusion_vm'
@@ -41,7 +42,8 @@ module Msf::DBManager::Import
   include Msf::DBManager::Import::Acunetix
   include Msf::DBManager::Import::Amap
   include Msf::DBManager::Import::Appscan
-  include Msf::DBManager::Import::Burp
+  include Msf::DBManager::Import::BurpIssue
+  include Msf::DBManager::Import::BurpSession
   include Msf::DBManager::Import::CI
   include Msf::DBManager::Import::Foundstone
   include Msf::DBManager::Import::FusionVM
@@ -267,6 +269,9 @@ def import_filetype_detect(data)
     elsif (data[0,1024] =~ /<!ATTLIST\s+items\s+burpVersion/)
       @import_filedata[:type] = "Burp Session XML"
       return :burp_session_xml
+    elsif (data[0,1024] =~ /<!ATTLIST\s+issues\s+burpVersion/)
+      @import_filedata[:type] = "Burp Issue XML"
+      return :burp_issue_xml
     elsif (firstline.index("<?xml"))
       # it's xml, check for root tags we can handle
       line_count = 0

lib/msf/core/db_manager/import/burp_issue.rb

@@ -0,0 +1,20 @@
+require 'rex/parser/burp_issue_nokogiri'
+
+module Msf::DBManager::Import::BurpIssue
+  def import_burp_issue_xml(args={}, &block)
+    bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
+    wspace = args[:wspace] || workspace
+    parser = "Nokogiri v#{::Nokogiri::VERSION}"
+    noko_args = args.dup
+    noko_args[:blacklist] = bl
+    noko_args[:wspace] = wspace
+    if block
+      yield(:parser, parser)
+      doc = Rex::Parser::BurpIssueDocument.new(args,framework.db) {|type, data| yield type,data }
+    else
+      doc = Rex::Parser::BurpIssueDocument.new(args,self)
+    end
+    parser = ::Nokogiri::XML::SAX::Parser.new(doc)
+    parser.parse(args[:data])
+  end
+end