Merge branch 'upstream-master' into WinRM_piecemeal

Conflicts:
	lib/msf/core/exploit/winrm.rb

Author: David Maloney

lib/msf/core/exploit/winrm.rb

@@ -5,6 +5,7 @@
 require 'rex/proto/ntlm/constants'
 require 'rex/proto/ntlm/utils'
 require 'rex/proto/ntlm/exceptions'
+
 module Msf
 module Exploit::Remote::WinRM
 	include Exploit::Remote::NTLM::Client

lib/msf/core/module/author.rb

@@ -12,38 +12,39 @@ class Msf::Module::Author
 	# A hash of known author names
 	Known =
 		{
-			'hdm' 		=> 'hdm' + 0x40.chr + 'metasploit.com',
-			'spoonm' 	=> 'spoonm' + 0x40.chr + 'no$email.com',
-			'skape' 	=> 'mmiller' + 0x40.chr + 'hick.org',
-			'vlad902' 	=> 'vlad902' + 0x40.chr + 'gmail.com',
-			'optyx' 	=> 'optyx' + 0x40.chr + 'no$email.com',
-			'anonymous'	=> 'anonymous-contributor' + 0x40.chr + 'metasploit.com',
-			'stinko' 	=> 'vinnie' + 0x40.chr + 'metasploit.com',
-			'MC' 		=> 'mc' + 0x40.chr + 'metasploit.com',
-			'cazz' 		=> 'bmc' + 0x40.chr + 'shmoo.com',
-			'pusscat' 	=> 'pusscat' + 0x40.chr + 'metasploit.com',
-			'skylined' 	=> 'skylined' + 0x40.chr + 'edup.tudelft.nl',
-			'patrick' 	=> 'patrick' + 0x40.chr + 'osisecurity.com.au',
-			'Ramon de C Valle'=> 'rcvalle' + 0x40.chr + 'metasploit.com',
-			'I)ruid' 	=> 'druid' +  0x40.chr + 'caughq.org',
-			'egypt' 	=> 'egypt' + 0x40.chr + 'metasploit.com',
-			'kris katterjohn' => 'katterjohn' + 0x40.chr + 'gmail.com',
-			'CG' 		=> 'cg' + 0x40.chr + 'carnal0wnage.com',
-			'et' 		=> 'et' + 0x40.chr + 'metasploit.com',
-			'sf' 		=> 'stephen_fewer' + 0x40.chr + 'harmonysecurity.com',
-			'kf' 		=> 'kf_list' + 0x40.chr + 'digitalmunition.com',
-			'ddz' 		=> 'ddz' + 0x40.chr + 'theta44.org',
-			'jduck' 	=> 'jduck' + 0x40.chr + 'metasploit.com',
-			'natron'	=> 'natron' + 0x40.chr + 'metasploit.com',
-			'todb'		=> 'todb' + 0x40.chr + 'metasploit.com',
-			'msmith'	=> 'msmith' + 0x40.chr + 'metasploit.com',
-			'jcran'		=> 'jcran' + 0x40.chr + 'metasploit.com',
-			'sinn3r'	=> 'sinn3r' + 0x40.chr + 'metasploit.com',
-			'bannedit'	=> 'bannedit' + 0x40.chr + 'metasploit.com',
-			'amaloteaux'	=> 'alex_maloteaux' + 0x40.chr + 'metasploit.com',
-			'Carlos Perez'  => 'carlos_perez' + 0x40.chr + 'darkoperator.com',
-			'juan vazquez' =>  'juan.vazquez' + 0x40.chr + 'metasploit.com',
-			'theLightCosine' => 'theLightCosine' + 0x40.chr + 'metasploit.com'
+			'hdm'              => 'hdm' + 0x40.chr + 'metasploit.com',
+			'spoonm'           => 'spoonm' + 0x40.chr + 'no$email.com',
+			'skape'            => 'mmiller' + 0x40.chr + 'hick.org',
+			'vlad902'          => 'vlad902' + 0x40.chr + 'gmail.com',
+			'optyx'            => 'optyx' + 0x40.chr + 'no$email.com',
+			'anonymous'        => 'anonymous-contributor' + 0x40.chr + 'metasploit.com',
+			'stinko'           => 'vinnie' + 0x40.chr + 'metasploit.com',
+			'MC'               => 'mc' + 0x40.chr + 'metasploit.com',
+			'cazz'             => 'bmc' + 0x40.chr + 'shmoo.com',
+			'pusscat'          => 'pusscat' + 0x40.chr + 'metasploit.com',
+			'skylined'         => 'skylined' + 0x40.chr + 'edup.tudelft.nl',
+			'patrick'          => 'patrick' + 0x40.chr + 'osisecurity.com.au',
+			'Ramon de C Valle' => 'rcvalle' + 0x40.chr + 'metasploit.com',
+			'I)ruid'           => 'druid' +  0x40.chr + 'caughq.org',
+			'egypt'            => 'egypt' + 0x40.chr + 'metasploit.com',
+			'kris katterjohn'  => 'katterjohn' + 0x40.chr + 'gmail.com',
+			'CG'               => 'cg' + 0x40.chr + 'carnal0wnage.com',
+			'et'               => 'et' + 0x40.chr + 'metasploit.com',
+			'sf'               => 'stephen_fewer' + 0x40.chr + 'harmonysecurity.com',
+			'kf'               => 'kf_list' + 0x40.chr + 'digitalmunition.com',
+			'ddz'              => 'ddz' + 0x40.chr + 'theta44.org',
+			'jduck'            => 'jduck' + 0x40.chr + 'metasploit.com',
+			'natron'           => 'natron' + 0x40.chr + 'metasploit.com',
+			'todb'             => 'todb' + 0x40.chr + 'metasploit.com',
+			'msmith'           => 'msmith' + 0x40.chr + 'metasploit.com',
+			'jcran'            => 'jcran' + 0x40.chr + 'metasploit.com',
+			'sinn3r'           => 'sinn3r' + 0x40.chr + 'metasploit.com',
+			'bannedit'         => 'bannedit' + 0x40.chr + 'metasploit.com',
+			'amaloteaux'       => 'alex_maloteaux' + 0x40.chr + 'metasploit.com',
+			'Carlos Perez'     => 'carlos_perez' + 0x40.chr + 'darkoperator.com',
+			'juan vazquez'     => 'juan.vazquez' + 0x40.chr + 'metasploit.com',
+			'theLightCosine'   => 'theLightCosine' + 0x40.chr + 'metasploit.com',
+			'mubix'            => 'mubix' + 0x40.chr + 'hak5.org'
 		}
 
 	#

lib/msf/core/modules/loader/base.rb

@@ -541,7 +541,9 @@ def restore_namespace_module(parent_module, relative_name, namespace_module)
       # the const may have been redefined by {#create_namespace_module}, in which case that new namespace_module needs
       # to be removed so the original can replace it.
       if parent_module.const_defined? relative_name
-        remove_const relative_name
+        parent_module.instance_eval do
+          remove_const relative_name
+        end
       end
 
       parent_module.const_set(relative_name, namespace_module)

lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb

@@ -43,7 +43,14 @@ class Console::CommandDispatcher::Stdapi::Sys
 		"-t" => [ true,  "The registry value type (E.g. REG_SZ)."                  ],
 		"-v" => [ true,  "The registry value name (E.g. Stuff)."                   ],
 		"-r" => [ true,  "The remote machine name to connect to (with current process credentials" ],
-		"-w" => [ false,  "Set KEY_WOW64 flag, valid values [32|64]."               ])
+		"-w" => [ false, "Set KEY_WOW64 flag, valid values [32|64]."               ])
+
+	@@ps_opts = Rex::Parser::Arguments.new(
+		"-h" => [ false, "Help menu."                                              ],
+		"-S" => [ true,  "Filters processes on the process name using the supplied RegEx"],
+		"-A" => [ true,  "Filters processes on architecture (x86 or x86_64)"       ],
+		"-s" => [ false, "Show only SYSTEM processes"                              ],
+		"-U" => [ true,  "Filters processes on the user using the supplied RegEx"  ])
 
 	#
 	# List of supported commands.
@@ -274,6 +281,54 @@ def cmd_kill(*args)
 	#
 	def cmd_ps(*args)
 		processes = client.sys.process.get_processes
+		@@ps_opts.parse(args) do |opt, idx, val|
+			case opt 
+			when "-h"
+				cmd_ps_help
+				return true
+			when "-S"
+				print_line "Filtering on process name..."
+				searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
+				processes.each do |proc| 
+					if val.nil? or val.empty?
+						print_line "You must supply a search term!"
+						return false
+					end
+					searched_procs << proc  if proc["name"].match(/#{val}/)
+				end
+				processes = searched_procs
+			when "-A"
+				print_line "Filtering on arch..."
+				searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
+				processes.each do |proc| 
+					next if proc['arch'].nil? or proc['arch'].empty?
+					if val.nil? or val.empty? or !(val == "x86" or val == "x86_64")
+						print_line "You must select either x86 or x86_64"
+						return false
+					end
+					searched_procs << proc  if proc["arch"] == val
+				end
+				processes = searched_procs
+			when "-s"
+				print_line "Filtering on SYSTEM processes..."
+				searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
+				processes.each do |proc| 
+					searched_procs << proc  if proc["user"] == "NT AUTHORITY\\SYSTEM"
+				end
+				processes = searched_procs
+			when "-U"
+				print_line "Filtering on user name..."
+				searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
+				processes.each do |proc| 
+					if val.nil? or val.empty?
+						print_line "You must supply a search term!"
+						return false
+					end
+					searched_procs << proc  if proc["user"].match(/#{val}/)
+				end
+				processes = searched_procs
+			end
+		end
 		if (processes.length == 0)
 			print_line("No running processes were found.")
 		else
@@ -284,6 +339,15 @@ def cmd_ps(*args)
 		return true
 	end
 
+	def cmd_ps_help
+		print_line "Use the command with no arguments to see all running processes."
+		print_line "The following options can be used to filter those results:"
+		
+		print_line @@ps_opts.usage
+	end
+
+
+
 	#
 	# Reboots the remote computer.
 	#
@@ -595,6 +659,7 @@ def cmd_shutdown(*args)
 		client.sys.power.shutdown
 	end
 
+
 end
 
 end

modules/auxiliary/admin/ftp/titanftp_xcrc_traversal.rb

@@ -35,13 +35,11 @@ def initialize
 			'Author'         => 'jduck',
 			'License'        => MSF_LICENSE,
 			'Version'        => '$Revision$',
-			'Platform'       => [ 'win' ],
 			'References'     =>
 				[
 					[ 'OSVDB', '65533'],
 					[ 'URL', 'http://seclists.org/bugtraq/2010/Jun/160' ]
 				],
-			'Privileged'     => true,
 			'DisclosureDate' => 'Jun 15 2010'
 		)
 

modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb

@@ -36,7 +36,7 @@ def initialize
 					[ 'OSVDB', '73447' ],
 					[ 'CVE', '2008-2938' ],
 					[ 'URL', 'http://www.securityfocus.com/archive/1/499926' ],
-					[ 'EDB', 17388 ],
+					[ 'EDB', '17388' ],
 					[ 'BID', '48225' ],
 				],
 			'Author'      => [ 'patrick' ],

modules/auxiliary/admin/http/typo3_sa_2009_002.rb

@@ -32,7 +32,7 @@ def initialize(info = {})
 					['OSVDB', '52048'],
 					['CVE', '2009-0815'],
 					['URL', 'http://secunia.com/advisories/33829/'],
-					['EDB', 8038],
+					['EDB', '8038'],
 					['URL', 'http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/'],
 				],
 			'DisclosureDate' => 'Feb 10 2009',

modules/auxiliary/admin/mssql/mssql_ntlm_stealer.rb

@@ -26,8 +26,7 @@ def initialize(info = {})
 			},
 			'Author'         => [ 'nullbind <scott.sutherland[at]netspi.com>' ],
 			'License'        => MSF_LICENSE,
-			'Platform'      => [ 'Windows' ],
-			'References'     => [[ 'URL', 'http://en.wikipedia.org/wiki/SMBRelay' ]],
+			'References'     => [[ 'URL', 'http://en.wikipedia.org/wiki/SMBRelay' ]]
 		))
 
 		register_options(

modules/auxiliary/admin/mssql/mssql_ntlm_stealer_sqli.rb

@@ -33,8 +33,7 @@ def initialize(info = {})
 					[ 'Automatic', { } ],
 				],
 			'DefaultTarget'  => 0,
-			'Platform'      => [ 'Windows' ],
-			'References'     => [[ 'URL', 'http://en.wikipedia.org/wiki/SMBRelay' ]],
+			'References'     => [[ 'URL', 'http://en.wikipedia.org/wiki/SMBRelay' ]]
 		))
 
 		register_options(

modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb

@@ -45,7 +45,6 @@ def initialize
 					['URL', 'http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000898.1-1']
 				],
 			# Tested OK against sol8.tor 20100624 -jjd
-			'Privileged'     => true,
 			'DisclosureDate' => 'Jan 22 2003')
 
 		register_options(