Merge branch 'upstream/master' into add-bypassuac-eventvwr

Author: OJ

.ruby-version

@@ -1 +1 @@
-2.3.2
+2.3.3

.travis.yml

@@ -10,7 +10,7 @@ addons:
       - graphviz
 language: ruby
 rvm:
-  - '2.3.2'
+  - '2.3.3'
 
 env:
   - RAKE_TASKS="cucumber cucumber:boot" CREATE_BINSTUBS=true

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    metasploit-framework (4.13.1)
+    metasploit-framework (4.13.3)
       actionpack (~> 4.2.6)
       activerecord (~> 4.2.6)
       activesupport (~> 4.2.6)
@@ -140,7 +140,7 @@ GEM
     factory_girl_rails (4.7.0)
       factory_girl (~> 4.7.0)
       railties (>= 3.0.0)
-    faraday (0.9.2)
+    faraday (0.10.0)
       multipart-post (>= 1.2, < 3)
     ffi (1.9.14)
     filesize (0.1.1)
@@ -153,24 +153,24 @@ GEM
     loofah (2.0.3)
       nokogiri (>= 1.5.9)
     metasm (1.0.2)
-    metasploit-concern (2.0.2)
+    metasploit-concern (2.0.3)
       activemodel (~> 4.2.6)
       activesupport (~> 4.2.6)
       railties (~> 4.2.6)
-    metasploit-credential (2.0.7)
+    metasploit-credential (2.0.8)
       metasploit-concern
       metasploit-model
       metasploit_data_models
       pg
       railties
       rubyntlm
       rubyzip
-    metasploit-model (2.0.2)
+    metasploit-model (2.0.3)
       activemodel (~> 4.2.6)
       activesupport (~> 4.2.6)
       railties (~> 4.2.6)
     metasploit-payloads (1.2.1)
-    metasploit_data_models (2.0.8)
+    metasploit_data_models (2.0.9)
       activerecord (~> 4.2.6)
       activesupport (~> 4.2.6)
       arel-helpers
@@ -196,7 +196,7 @@ GEM
     network_interface (0.0.1)
     nokogiri (1.6.8.1)
       mini_portile2 (~> 2.1.0)
-    octokit (4.6.1)
+    octokit (4.6.2)
       sawyer (~> 0.8.0, >= 0.5.3)
     openssl-ccm (1.2.1)
     openvas-omp (0.0.4)
@@ -234,7 +234,7 @@ GEM
       thor (>= 0.18.1, < 2.0)
     rake (11.3.0)
     rb-readline-r7 (0.5.2.0)
-    recog (2.0.24)
+    recog (2.1.0)
       nokogiri
     redcarpet (3.3.4)
     rex-arch (0.1.2)
@@ -245,42 +245,42 @@ GEM
       rex-core
       rex-struct2
       rex-text
-    rex-core (0.1.2)
-    rex-encoder (0.1.0)
+    rex-core (0.1.3)
+    rex-encoder (0.1.1)
       metasm
       rex-arch
       rex-text
-    rex-exploitation (0.1.2)
+    rex-exploitation (0.1.3)
       jsobfu
       metasm
       rex-arch
       rex-encoder
       rex-text
-    rex-java (0.1.2)
+    rex-java (0.1.3)
     rex-mime (0.1.1)
       rex-text
     rex-nop (0.1.0)
       rex-arch
-    rex-ole (0.1.2)
+    rex-ole (0.1.3)
       rex-text
-    rex-powershell (0.1.66)
+    rex-powershell (0.1.68)
       rex-random_identifier
       rex-text
-    rex-random_identifier (0.1.0)
+    rex-random_identifier (0.1.1)
       rex-text
-    rex-registry (0.1.0)
-    rex-rop_builder (0.1.0)
+    rex-registry (0.1.1)
+    rex-rop_builder (0.1.1)
       metasm
       rex-core
       rex-text
-    rex-socket (0.1.1)
+    rex-socket (0.1.2)
       rex-core
-    rex-sslscan (0.1.0)
+    rex-sslscan (0.1.1)
       rex-socket
       rex-text
     rex-struct2 (0.1.0)
-    rex-text (0.2.5)
-    rex-zip (0.1.0)
+    rex-text (0.2.9)
+    rex-zip (0.1.1)
       rex-text
     rkelly-remix (0.0.6)
     robots (0.10.1)
@@ -303,9 +303,9 @@ GEM
     rspec-support (3.5.0)
     rubyntlm (0.6.1)
     rubyzip (1.2.0)
-    sawyer (0.8.0)
+    sawyer (0.8.1)
       addressable (>= 2.3.5, < 2.6)
-      faraday (~> 0.8, < 0.10)
+      faraday (~> 0.8, < 1.0)
     shoulda-matchers (3.1.1)
       activesupport (>= 4.0.0)
     simplecov (0.12.0)
@@ -316,12 +316,12 @@ GEM
     slop (3.6.0)
     sqlite3 (1.3.12)
     sshkey (1.8.0)
-    thor (0.19.1)
+    thor (0.19.4)
     thread_safe (0.3.5)
     timecop (0.8.1)
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
-    tzinfo-data (1.2016.9)
+    tzinfo-data (1.2016.10)
       tzinfo (>= 1.0.0)
     windows_error (0.0.2)
     xpath (2.0.0)

documentation/modules/exploit/linux/local/netfilter_priv_esc.md renamed to documentation/modules/exploit/linux/local/netfilter_priv_esc_ipv4.md

@@ -27,7 +27,7 @@ This does not work against the following vulnerable systems.  Additional work ma
 
   1. Start msfconsole
   2. Exploit a box via whatever method
-  4. Do: `use exploit/linux/local/netfilter_priv_esc`
+  4. Do: `use exploit/linux/local/netfilter_priv_esc_ipv4`
   5. Do: `set session #`
   6. Do: `set verbose true`
   7. Do: `exploit`
@@ -115,7 +115,7 @@ This does not work against the following vulnerable systems.  Additional work ma
 
 #### Escalate w/ pre-compiled binaries
 
-    msf exploit(netfilter_priv_esc) > exploit
+    msf exploit(netfilter_priv_esc_ipv4) > exploit
 
     [*] Started reverse TCP handler on 192.168.2.117:4444 
     [*] Checking if 32bit C libraries, gcc-multilib, and gcc are installed
@@ -160,9 +160,9 @@ This does not work against the following vulnerable systems.  Additional work ma
 
 In this scenario, we already exploit the box, for whatever reason our shell died.  So now we want to re-exploit, but we dont need to run desc again.
 
-    msf exploit(netfilter_priv_esc) > set reexploit true
+    msf exploit(netfilter_priv_esc_ipv4) > set reexploit true
     reexploit => true
-    msf exploit(netfilter_priv_esc) > exploit
+    msf exploit(netfilter_priv_esc_ipv4) > exploit
 
     [*] Started reverse TCP handler on 192.168.2.117:4444 
     [*] Checking if 32bit C libraries, gcc-multilib, and gcc are installed
@@ -191,9 +191,9 @@ In this scenario, we already exploit the box, for whatever reason our shell died
 
 #### Re-exploit w/ pre-compiled binaries
 
-    msf exploit(netfilter_priv_esc) > set reexploit true
+    msf exploit(netfilter_priv_esc_ipv4) > set reexploit true
     reexploit => true
-    msf exploit(netfilter_priv_esc) > exploit
+    msf exploit(netfilter_priv_esc_ipv4) > exploit
 
     [*] Started reverse TCP handler on 192.168.2.117:4444 
     [*] Checking if 32bit C libraries, gcc-multilib, and gcc are installed

lib/metasploit/framework/version.rb

@@ -30,7 +30,7 @@ def self.get_hash
         end
       end
 
-      VERSION = "4.13.1"
+      VERSION = "4.13.3"
       MAJOR, MINOR, PATCH = VERSION.split('.').map { |x| x.to_i }
       PRERELEASE = 'dev'
       HASH = get_hash

lib/msf/core/exploit/http/client.rb

@@ -366,7 +366,7 @@ def send_request_cgi(opts={}, timeout = 20)
         print_line('#' * 20)
         print_line(res.to_s)
       end
-
+      disconnect(c)
       res
     rescue ::Errno::EPIPE, ::Timeout::Error => e
       print_line(e.message) if datastore['HttpTrace']

lib/msf/core/handler/reverse.rb

@@ -61,7 +61,7 @@ def bind_port
       # if it fails to start the listener.
       #
       def setup_handler
-        if datastore['Proxies'] and not datastore['ReverseAllowProxy']
+        if !datastore['Proxies'].blank? && !datastore['ReverseAllowProxy']
           raise RuntimeError, "TCP connect-back payloads cannot be used with Proxies. Use 'set ReverseAllowProxy true' to override this behaviour."
         end
 

lib/msf/core/handler/reverse_tcp_double_ssl.rb

@@ -63,7 +63,7 @@ def human_name
   # if it fails to start the listener.
   #
   def setup_handler
-    if datastore['Proxies'] and not datastore['ReverseAllowProxy']
+    if !datastore['Proxies'].blank? && !datastore['ReverseAllowProxy']
       raise RuntimeError, 'TCP connect-back payloads cannot be used with Proxies. Can be overriden by setting ReverseAllowProxy to true'
     end
 

lib/msf/core/handler/reverse_tcp_ssl.rb

@@ -43,7 +43,7 @@ def self.general_handler_type
   # if it fails to start the listener.
   #
   def setup_handler
-    if datastore['Proxies'] and not datastore['ReverseAllowProxy']
+    if !datastore['Proxies'].blank? && !datastore['ReverseAllowProxy']
       raise RuntimeError, "TCP connect-back payloads cannot be used with Proxies. Use 'set ReverseAllowProxy true' to override this behaviour."
     end
 

lib/rex/proto/http/client_request.rb

@@ -108,21 +108,21 @@ def to_s
           qstr << set_encode_uri(Rex::Text.rand_text_alphanumeric(rand(32)+1))
         end
       end
+      if opts.key?("vars_get") && opts['vars_get']
+        opts['vars_get'].each_pair do |var,val|
+          var = var.to_s
 
-      opts['vars_get'].each_pair do |var,val|
-        var = var.to_s
-
-        qstr << '&' if qstr.length > 0
-        qstr << (opts['encode_params'] ? set_encode_uri(var) : var)
-        # support get parameter without value
-        # Example: uri?parameter
-        if val
-          val = val.to_s
-          qstr << '='
-          qstr << (opts['encode_params'] ? set_encode_uri(val) : val)
+          qstr << '&' if qstr.length > 0
+          qstr << (opts['encode_params'] ? set_encode_uri(var) : var)
+          # support get parameter without value
+          # Example: uri?parameter
+          if val
+            val = val.to_s
+            qstr << '='
+            qstr << (opts['encode_params'] ? set_encode_uri(val) : val)
+          end
         end
       end
-
       if (opts['pad_post_params'])
         1.upto(opts['pad_post_params_count'].to_i) do |i|
           rand_var = Rex::Text.rand_text_alphanumeric(rand(32)+1)