Armitage Updates and Bug Fixes

This is Armitage release 01.04.13. This update fixes several bugs
and improves the user experience launching *_login modules from
Armitage. This update adds a Windows 8 icon and includes a fix to
better work with the Metasploit 1.45 installer's environment.

Author: rsmudge

data/armitage/armitage.jar

@@ -60,7 +60,7 @@ sure you peruse the FAQ and Manual first.
 7. License
    -------
 
-(c) 2010-2012 Raphael Mudge. This project is licensed under the BSD license. 
+(c) 2010-2013 Raphael Mudge. This project is licensed under the BSD license. 
 See section 8 for more information.
 
 lib/jgraphx.jar is used here within the terms of the BSD license offered by

data/armitage/cortana.jar

@@ -1,6 +1,24 @@
 Armitage Changelog
 ==================
 
+4 Jan 13 (tested against msf 16252)
+--------
+- Added a helper to set REXE option
+- Added an icon to represent Windows 8
+- [host] -> Login menu is now built using open services for all 
+  highlighted hosts, not just the first one.
+- [host] -> Login items now escape punctuation characters in passwords
+  before passing them to a framework module.
+- Added the windows and linux postgres_payload exploits to the use a
+  reverse payload by default list.
+- Small tweak to allow Armitage to work with Metasploit 4.5 installed
+  environment on Windows.
+
+Cortana Updates (for scripters)
+--------
+- &credential_add and &credential_delete no longer break when a 
+  password has creative punctuation in it.
+
 26 Nov 12 (tested against msf 16114)
 ---------
 - Windows command shell tab is now friendlier to commands that prompt

data/armitage/readme.txt

@@ -60,7 +60,7 @@ sure you peruse the FAQ and Manual first.
 7. License
    -------
 
-(c) 2010-2012 Raphael Mudge. This project is licensed under the BSD license. 
+(c) 2010-2013 Raphael Mudge. This project is licensed under the BSD license. 
 See section 8 for more information.
 
 lib/jgraphx.jar is used here within the terms of the BSD license offered by

data/armitage/whatsnew.txt

@@ -1,9 +1,9 @@
 <html>
 	<body>	
-		<center><h1>Armitage 1.44</h1></center>
+		<center><h1>Armitage 1.45</h1></center>
 
 		<p>An attack management tool for Metasploit&reg;
-		<br />Release: 26 Nov 12</p>
+		<br />Release: 4 Jan 13</p>
 		<br />
 		<p>Developed by:</p>
 

external/source/armitage/readme.txt

@@ -243,14 +243,18 @@ sub session_exploit {
 # credentials API
 #
 
+sub _fix_pass {
+	return replace(strrep($1, '\\', '\\\\'), '(\p{Punct})', '\\\\$1');
+}
+
 # credential_add("host", "port", "user, "pass", "type")
 sub credential_add {
-	cmd_safe("creds -a $1 -p $2 -t $5 -u $3 -P $4");
+	cmd_safe("creds -a $1 -p $2 -t $5 -u $3 -P " . _fix_pass($4));
 }
 
 # credential_delete("host", port, "user", "pass");
 sub credential_delete {
-	cmd_safe("creds -a $1 -p $2 -u $3 -P $4 -d");
+	cmd_safe("creds -a $1 -p $2 -u $3 -P " . _fix_pass($4) . " -d");
 }
 
 sub credential_list {

external/source/armitage/resources/about.html

@@ -59,6 +59,9 @@ sub showHost {
 		else if ("*XP*" iswm $match || "*2003*" iswm $match || "*.NET*" iswm $match) {
 			push(@overlay, 'resources/windowsxp.png');
 		}
+		else if ("*8*" iswm $match) {
+			push(@overlay, 'resources/windows8.png');
+		}
 		else {
 			push(@overlay, 'resources/windows7.png');
 		}

external/source/armitage/resources/windows8.png

@@ -22,7 +22,7 @@ setMissPolicy(%results2, { return @(); });
 # %exploits is populated in menus.sl when the client-side attacks menu is constructed
 
 # a list of exploits that should always use a reverse shell... this list needs to grow.
-@always_reverse = @("multi/samba/usermap_script", "unix/misc/distcc_exec", "windows/http/xampp_webdav_upload_php");
+@always_reverse = @("multi/samba/usermap_script", "unix/misc/distcc_exec", "windows/http/xampp_webdav_upload_php", "windows/postgres/postgres_payload", "linux/postgres/postgres_payload");
 
 #
 # generate menus for a given OS
@@ -599,26 +599,28 @@ sub host_attack_items {
 		}
 	}
 
-	local('$service $name @options $a $port $foo');
+	local('$name %options $a $port $host $service');
+	%options = ohash();
 
-	foreach $port => $service (%hosts[$2[0]]['services']) {
-		$name = $service['name'];
-		if ($port == 445 && "*Windows*" iswm getHostOS($2[0])) {
-			push(@options, @("psexec", lambda(&pass_the_hash, $hosts => $2)));
-		}
-		else if ("scanner/ $+ $name $+ / $+ $name $+ _login" in @auxiliary) {
-			push(@options, @($name, lambda(&show_login_dialog, \$service, $hosts => $2)));
-		}
-		else if ($name eq "microsoft-ds") {
-			push(@options, @("psexec", lambda(&pass_the_hash, $hosts => $2)));
+	foreach $host ($2) {
+		foreach $port => $service (%hosts[$host]['services']) {
+			$name = $service['name'];
+			if ($port == 445 && "*Windows*" iswm getHostOS($host)) {
+				%options["psexec"] = lambda(&pass_the_hash, $hosts => $2);
+			}
+			else if ("scanner/ $+ $name $+ / $+ $name $+ _login" in @auxiliary) {
+				%options[$name] = lambda(&show_login_dialog, \$service, $hosts => $2);
+			}
+			else if ($name eq "microsoft-ds") {
+				%options["psexec"] = lambda(&pass_the_hash, $hosts => $2);
+			}
 		}
 	}
 
-	if (size(@options) > 0) {
+	if (size(%options) > 0) {
 		$a = menu($1, 'Login', 'L');
-		foreach $service (@options) {
-			($name, $foo) = $service;
-			item($a, $name, $null, $foo);
+		foreach $name (sorta(keys(%options))) {
+			item($a, $name, $null, %options[$name]);
 		}
 	}
 }
@@ -678,6 +680,7 @@ sub addFileListener {
 	$actions["SigningKey"] = $actions["*FILE*"];
 	$actions["Wordlist"]   = $actions["*FILE*"];
 	$actions["WORDLIST"]   = $actions["*FILE*"];
+	$actions["REXE"]   = $actions["*FILE*"];
 
 	# set up an action to choose a session
 	$actions["SESSION"] = lambda(&chooseSession);