Commit Graph

1070 Commits (1911d0cd1795ff500d61f918722f2863d0f8138c)

Author SHA1 Message Date
Brent Cook 8faae94338
Land #6592, make linux/x86/shell_reverse_tcp's shell path configurable and remove shell_reverse_tcp2 2016-03-06 15:33:53 -06:00
Brent Cook d355b0e8b7
update payload sizes 2016-03-02 13:55:32 -06:00
joev c8b28d90d1 Fix old comment. 2016-02-19 19:08:38 -06:00
joev b3e8cd4f51 Save some bytes on the padded string. 2016-02-18 20:36:52 -06:00
joev 2b784a48b9 Include cached size. 2016-02-18 20:29:42 -06:00
joev e67e477362 Make x86/shell_reverse_tcp's shell path configurable.
Also removes shell_reverse_tcp2 shell.
2016-02-18 20:24:35 -06:00
Brent Cook ff1cb4a2a4 update payload sizes 2016-02-10 22:44:17 -06:00
wchen-r7 a3cafc3bae Update PHP meterpreter size 2016-01-22 15:14:18 -06:00
Brent Cook 28cf943bcb Fix a couple of missing requires in payloads.
This pops up occasionally. This fixes a couple of anecdotal reports of missing
requires that cause the loader to fail, depending on the directory sort order.

It also fixes the problem as reported in #6460
2016-01-14 13:17:26 -06:00
Brent Cook 6eda702b25
Land #6292, add reverse_tcp command shell for Z/OS (MVS) 2015-12-23 14:11:37 -06:00
wchen-r7 14b1b3a1f0
Land #6299, Stageless HTTP(S) Python Meterpreter 2015-12-04 16:16:54 -06:00
wchen-r7 644c1347cd Update payload sizes 2015-12-04 16:14:37 -06:00
jvazquez-r7 bb3a3ae8eb
Land #6176, @ganzm's fix for 64 bits windows loadlibrary payload 2015-12-01 13:18:41 -06:00
Spencer McIntyre 3b3b569d8e Fix payload CacheSize for current pymet 2015-12-01 13:00:15 -05:00
jvazquez-r7 bfe81db9a5
Update cached size 2015-12-01 11:45:45 -06:00
jvazquez-r7 2348cb7374
Update loadlibrary for 64 bits 2015-12-01 11:41:37 -06:00
Spencer McIntyre fba9715a56 Add stageless python meterpreter http & https payloads 2015-11-28 17:41:55 -05:00
Bigendian Smalls d2bfc4d8e0
Added reverse shell payload for Mainframe
This is the first and probably most useful shellcode for mainframe
platform.  Standard reverse shell works just like any other platform
reverse shell.
2015-11-26 17:07:03 -06:00
Spencer McIntyre 1b495e73ac Further reduce python reverse_http duplicate code 2015-11-26 14:31:00 -05:00
Spencer McIntyre bd25ffa48c Consolidate py reverse http uri code into a mixin 2015-11-26 13:32:50 -05:00
Brent Cook a7a89adfac
Land #6264, meterpreter per-extension init string support, update payloads to 1.0.17
This brings in the following changes:
	Changes to support maven 3.3+
	Don't fall back to 0.0.0.0
	Remove all debug builds from the Windows projects
	Add show_mount, ps_list, and some core tweaks
	Refactor TLV layout, add more debug output, token stealing
	Add incognito binding, code tidies
	Update packaged libs
	Add transport list binding
	Add transport add command to python binding
	Update python core lib archive
	change source perms back to non-executable
	First pass of stageless initialisation script
	Finalise stageless initialisation scripts
	add BOOT_COMPLETED receiver that starts the Payload
	Improve the implementation of the getuid command
	Switch to Utils.runCommand per timwr's suggestion
	Updated init script method

also bumps msgpack 0.7.1, which fixes a failure packing messages > 256k
2015-11-25 22:27:27 -06:00
Brent Cook 78e306e281 s/Initialision/Initialization/ 2015-11-25 22:07:25 -06:00
Brent Cook d984e5c781 update payload sizes 2015-11-25 22:04:52 -06:00
scriptjunkie 8703987535 Add HTTPS and new transport support for hop 2015-11-11 21:25:23 -06:00
OJ 0afc5be3bc Finalise set up of stageless init 2015-11-10 20:01:23 +10:00
OJ a28ab216d3 Adding stageless init script support 2015-11-10 19:18:47 +10:00
Matthias Ganz 6458c591e4 Update loadlibrary.rb 2015-11-02 17:16:46 +01:00
Matthias Ganz a01d7c966a Bugfix loading address of library path into rcx
Changed the following instruction:
67 48 8D 8D 00 01 00 00 lea         rcx,[ebp+100h]

Into
90                                              nop
48 8D 8D 00 01 00 00 lea         rcx,[rbp+100h]

The old code breaks if the payload is executed from a memory area where the 4 most significant bytes are non-zero. 

The bugfix removes the Address-Size override prefix 0x67 of the lea instruction and replaces it with a nop 0x90 (to not mess up code alignment,relative addressing or jmps).
2015-11-02 12:54:44 +01:00
Brent Cook ec1682ebd9
update payload size cache 2015-10-30 17:35:05 -05:00
Spencer McIntyre b4a8f80493 Update the cached size for the current met file 2015-10-22 08:54:14 -04:00
Spencer McIntyre 23d9efb5a3 Add stageless Python Meterpreter for bind tcp 2015-10-21 18:37:37 -04:00
Spencer McIntyre 8bb694fa5c Add stageless Python Meterpreter for reverse tcp 2015-10-21 18:23:04 -04:00
jvazquez-r7 c35e99664e
Land #6003, @earthquake's x86-64 pushq signedness error fixed 2015-10-01 11:52:28 -05:00
jvazquez-r7 aa01383361
Fix comment 2015-10-01 11:51:45 -05:00
jvazquez-r7 195418b262
Update the sin_family on bind_tcp_small 2015-10-01 11:22:59 -05:00
jvazquez-r7 77ce7ef5f0
Save 3 more bytes on shell_bind_ipv6_tcp 2015-10-01 09:45:02 -05:00
jvazquez-r7 4efb3bf26c
Save 3 more bytes on shell_bind_tcp_small 2015-10-01 09:42:35 -05:00
jvazquez-r7 04879ed752
Save two bytes on shell_bind_ipv6_tcp 2015-10-01 09:33:22 -05:00
jvazquez-r7 88eecca4b1
Save two bytes on shell_bind_tcp_small 2015-10-01 09:29:39 -05:00
OJ b608abffbc Update payload cache sizes for x64 windows 2015-09-29 09:03:57 +10:00
Brent Cook 46ed129966 update to metasploit-payloads 1.0.14 2015-09-26 10:50:20 -04:00
Balazs Bucsay a863409734 x86-64 pushq signedness error fixed. Signed port numbers (2bytes) were not working properly. Fix means +6bytes in shellcode length 2015-09-24 13:07:02 +02:00
Brent Cook d2a17074b1
update payload sizes 2015-09-16 17:24:41 -05:00
Brent Cook 1440f31756
Land #5637, resiliency improvements to TCP stagers 2015-09-02 22:50:12 -05:00
OJ 3fd9e0311c Update payload sizes 2015-09-03 12:01:11 +10:00
Brent Cook 56a1cfd9c8 updated cached payload sizes 2015-09-01 18:02:16 -05:00
Brent Cook a8dd89cc0d update cached payload sizes 2015-08-27 11:43:38 -05:00
Brent Cook 593f501571 finish move of php / python meterpreters to metasploit-payloads 2015-08-27 11:34:22 -05:00
Brent Cook ca8353e1aa update to metasploit-payloads 1.0.9 2015-08-25 17:44:01 -05:00
Brent Cook 6b1e911041 Instantiate payload modules so parameter validation occurs
Calling .new on payload modules does not perform parameter validation, leading
to a number cached sizes based on invalid parameters. Most notably,
normalization does not occur either, which makes all OptBool params default to
true.
2015-08-14 11:35:39 -05:00