Commit Graph

22193 Commits (03d552c087cdb0b9bda8b9febaaa9812ab837316)

Author SHA1 Message Date
Meatballs 3aebe968bb
Land #2721 Reflective DLL Mixin
Adds support to load a dll and identify the ReflectiveLoader offset.
Adds support to inject dll into process and execute it.

Updates kitrap0d, ppr_flatten_rec, reflective_dll_inject modules and
payload modules to use above features.
2013-12-06 12:26:51 +00:00
sinn3r d0adc193b3
Land #2729 - Allow manual self-destruct via "kill -s" 2013-12-06 01:29:48 -06:00
sinn3r 89ef1d4720 Fix a typo in mswin_tiff_overflow 2013-12-06 00:44:12 -06:00
OJ e90b7641ca Allow self-destruct via "kill -s"
HTTP(s) payloads don't exit cleanly at the moment. This is an issue that's
being addressed through other work. However, there's a need to be able to
terminate the current HTTP(s) session forcably.

This commit add a -s option to kill, which (when specified) will kill
the current session.
2013-12-06 14:56:19 +10:00
OJ bea0f8c18e Change client to session in tests 2013-12-06 13:43:47 +10:00
OJ 4ca48308c1 Fix downloading of files 2013-12-06 13:40:20 +10:00
DoI 3d327363af uptime_file_upload code tidy-ups 2013-12-06 13:45:22 +13:00
OJ 155836ddf9 Adjusted style as per egypt's points 2013-12-06 10:08:38 +10:00
sinn3r c07686988c random uri 2013-12-05 18:07:24 -06:00
OJ 73d3ea699f Remove the last redundant error check 2013-12-06 09:32:21 +10:00
OJ ccbf305de1 Remove exception stuff from the payloads 2013-12-06 09:26:46 +10:00
jvazquez-r7 e4c6413643
Land #2718, @wchen-r7's deletion of @peer on HttpClient modules 2013-12-05 17:25:59 -06:00
OJ 5a0a2217dc Add exception if DLL isn't RDI enabled 2013-12-06 09:18:08 +10:00
jvazquez-r7 f2f8c08c8e Use blank? method 2013-12-05 16:36:44 -06:00
OJ 2cb991cace Shuffle RDI stuff into more appropriate structure
Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
2013-12-06 08:25:24 +10:00
jvazquez-r7 a380d9b4f2 Add aux module for CVE-2013-3522 2013-12-05 15:58:05 -06:00
OJ fb84d7e7fe Update to yardoc conventions 2013-12-06 07:54:25 +10:00
William Vu 79e23a1e13
Land #2675, @JonValt's forensics/browser_history
Great job!
2013-12-05 09:35:53 -06:00
Joshua Harper PI GCFE GCFA GSEC cd5172384f Rename gather_browser_history.rb to browser_history.rb 2013-12-05 08:43:19 -06:00
Joshua Harper 3957bbc710 capitalization ("skype")
(https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r8120307)

Removed some Chrome artifacts and renamed one to reflect "Archived History."  
(https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r8120314)
((Will include other doxxes in another module.))
2013-12-05 08:33:47 -06:00
William Vu b85da1f8dc
Land #2727, @todb-r7's late-night name fixes 2013-12-05 02:31:16 -06:00
Tod Beardsley 93e5e8fd48
Derp'ed on corelanc0d3r's spelling 2013-12-05 02:24:24 -06:00
William Vu f1e15c726e
Land #2726, author.rb and .mailmap update for wvu 2013-12-05 01:46:01 -06:00
sinn3r 09e7b2149f Update William's e-mail in .mailmap 2013-12-05 00:45:15 -06:00
sinn3r c7bb80c1d7 Add wvu as an author to author.rb 2013-12-05 00:33:07 -06:00
DoI 07294106cb Removed redundant content-type parameter 2013-12-05 14:18:26 +13:00
sinn3r 8e9723788d Correct description 2013-12-04 17:25:58 -06:00
sinn3r fb2fcf429f This one actually works 2013-12-04 17:22:42 -06:00
DoI cfffd80d22 Added uptime_file_upload exploit module 2013-12-05 11:56:05 +13:00
OJ b936831125 Renamed the mixin module 2013-12-05 08:13:54 +10:00
sinn3r d0071d7baa Add CVE-2013-6414 Rails Action View DoS 2013-12-04 14:57:30 -06:00
Tod Beardsley f5a45bfe52
@twitternames not supported for author fields
It's kind of a dumb reason but there are metasploit metadata parsers out
there that barf all over @names. They assume user@email.address. Should
be fixed some day.
2013-12-04 13:31:22 -06:00
William Vu 61ae686aef
Land #2722, new set of meterp bins 2013-12-04 10:10:36 -06:00
bmerinofe 1833b6fd95 More changes. No admin privs check 2013-12-04 14:51:46 +01:00
OJ 7b24f815ee Missed a single module in rename 2013-12-04 22:54:07 +10:00
OJ 7e8db8662e Update name of the mixin
Changed `RdiMixin` to `ReflectiveDLLInjection`.
2013-12-04 22:18:29 +10:00
bmerinofe 05479b2a19 Added new options 2013-12-04 11:45:37 +01:00
OJ c8e2c8d085 Add binaries from Meterpreter 9e33acf3a283f1df62f264e557e1f6161d8c2999
This is a new set of binaries for Meterpreter as of commit hash
9e33acf3a283f1df62f264e557e1f6161d8c2999. We haven't yet finalised
the process we'll be using for releasing bins from Meterpreter to MSF
so this is hopefully the last time we will have to do it the old way.
2013-12-04 16:23:03 +10:00
OJ f79af4c30e Add RDI mixin module
MSF was starting to see more modules using RDI to load binaries into
remote processes, so it made sense to create a mixin which contained
the functionality that was being used in various locations.

This commit contains the new mixin, and adjustments to all the existing
exploits and modules which use RDI.
2013-12-04 16:09:41 +10:00
sinn3r a147102f54 Oops, I didn't even catch this 2013-12-03 16:55:44 -06:00
sinn3r 46e2a0ecd5 Add an example for PRs that don't have anything to prove functionality
Some module submissions don't have a pcap, screenshot/video or anything
to prove the module is actually functional or not, because often due to
the author not having the test box anymore, or unable to share info
because of their NDA. We nee a way to prove the module runs by basically
simulating the vulnerable environment live, and this is the answer to that.

This test module is specifically for the cisco_asa_asdm.rb, but future
PRs with the same scenario can also borrow the same idea.
2013-12-03 16:43:28 -06:00
OJ 8867b4402d
Merge branch 'meatballs/pr2602' into ext_server_extapi again! 2013-12-04 07:32:50 +10:00
bmerinofe 5c266adfd7 added ie_proxypac post meterpreter module 2013-12-03 22:23:09 +01:00
Meatballs 6ca35283d8
Parent Window - Program Manager instead of Start Menu 2013-12-03 21:20:31 +00:00
OJ 495f9e789b
Merge branch 'meatballs/pr2602' into ext_server_extapi 2013-12-04 07:13:20 +10:00
OJ 1d757c40db Remove empty parens 2013-12-04 07:10:23 +10:00
Meatballs 7a1e282aac
Parent window fix 2013-12-03 21:09:49 +00:00
OJ 58f156fba1
Merge remote-tracking branch 'meatballs/pr2602' into ext_server_extapi
Thanks Meatballs for the tests. Awesome.
2013-12-04 07:08:16 +10:00
OJ 8b77da4ef7 Fix non-rubyisms 2013-12-04 07:06:32 +10:00
OJ 18e1d9ce17 Revert "Start clipboard monitor functionality"
This reverts commit ecbdfd3502.

I don't know how this got in there, as it's in another branch waiting for more work.
My bad.
2013-12-04 07:03:12 +10:00