252909a609
Land #2448 , @OJ's ReverseListenerBindPort :)
2013-12-17 11:24:09 -06:00
6ee1a9c6e1
Fix duplicate error
2013-12-17 00:11:37 +00:00
06b399ee30
Remove ERROR_
...
To access as Error::NO_ACCESS
2013-12-16 19:52:11 +00:00
08a44fdfb7
Filename match module
2013-12-16 19:48:17 +00:00
57f2027e51
Move to module
2013-12-16 19:45:52 +00:00
c9084bd2d5
Remove errant fullstops
2013-12-16 18:53:37 +00:00
75c87faaf8
Add Windows Error Codes to Windows Post Mixin
2013-12-16 18:50:18 +00:00
819ba30a33
msftidy
...
Conflicts:
lib/msf/core/post/windows/services.rb
2013-12-15 01:12:46 +00:00
a930056d7f
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
Conflicts:
lib/msf/core/post/windows/services.rb
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb
2013-12-15 01:12:45 +00:00
83e448f4ae
Restore vprint_error message
2013-12-12 09:06:29 -06:00
5c1ca97e21
Create a new process to host the final payload
2013-12-12 08:26:44 -06:00
ff9cb481fb
Land #2464 , fixes for llmnr_response and friends
...
Fixed conflict in lib/msf/core/exploit/http/server.rb.
2013-12-10 13:41:45 -06:00
f4636c46a6
Removing unused endjunk, sections_end, cert_entry
2013-12-07 20:55:51 -06:00
77e9996501
Mitigate metasm relocation error by disabling ASLR
...
Deal with import error by actually using the GetProcAddress code.
2013-12-07 20:54:13 -06:00
8d33138489
Support silent shellcode injection into DLLs
...
Only run code on DLL_PROCESS_ATTACH, preventing infinite loop otherwise:
Added code would create thread -> calls DLL entry point -> calling added code...
2013-12-07 19:44:17 -06:00
3aebe968bb
Land #2721 Reflective DLL Mixin
...
Adds support to load a dll and identify the ReflectiveLoader offset.
Adds support to inject dll into process and execute it.
Updates kitrap0d, ppr_flatten_rec, reflective_dll_inject modules and
payload modules to use above features.
2013-12-06 12:26:51 +00:00
155836ddf9
Adjusted style as per egypt's points
2013-12-06 10:08:38 +10:00
ccbf305de1
Remove exception stuff from the payloads
2013-12-06 09:26:46 +10:00
5a0a2217dc
Add exception if DLL isn't RDI enabled
2013-12-06 09:18:08 +10:00
2cb991cace
Shuffle RDI stuff into more appropriate structure
...
Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
2013-12-06 08:25:24 +10:00
fb84d7e7fe
Update to yardoc conventions
2013-12-06 07:54:25 +10:00
c7bb80c1d7
Add wvu as an author to author.rb
2013-12-05 00:33:07 -06:00
b936831125
Renamed the mixin module
2013-12-05 08:13:54 +10:00
7b24f815ee
Missed a single module in rename
2013-12-04 22:54:07 +10:00
7e8db8662e
Update name of the mixin
...
Changed `RdiMixin` to `ReflectiveDLLInjection`.
2013-12-04 22:18:29 +10:00
f79af4c30e
Add RDI mixin module
...
MSF was starting to see more modules using RDI to load binaries into
remote processes, so it made sense to create a mixin which contained
the functionality that was being used in various locations.
This commit contains the new mixin, and adjustments to all the existing
exploits and modules which use RDI.
2013-12-04 16:09:41 +10:00
4d3d02ae01
Land #2667 - Add num and dword output format
2013-12-02 13:52:17 -06:00
474a03475f
sorted out the sorts without .sort
2013-12-02 11:57:52 +01:00
8254c0bae2
this site is down
2013-12-01 14:26:03 +08:00
77b036ce5d
Land #2703 , uninit const fix for MSSQL_SQLI
2013-11-27 13:50:48 -06:00
a5aca618e2
fix fail_with usage on Exploit::Remote::MSSQL_SQLI
2013-11-27 11:33:19 -06:00
a32c9e5efc
Fix fail_with on Exploit::Remote::HttpClient
2013-11-27 11:19:46 -06:00
5d10b44430
Add support for Silverlight
...
Add support for Silverlight exploitation. [SeeRM #8705 ]
2013-11-26 14:47:27 -06:00
b015dd4f1c
Land #2532 Enum LSA Secrets
...
With refactoring of common methods from smart_hashdump, hashdump,
cachedump to Windows::Post::Privs
2013-11-24 18:09:33 +00:00
8e23119e17
Land #2678 , DB_ALL_CREDS should default to false
2013-11-22 23:42:00 -06:00
8fc0a8199e
DB_ALL_CREDS should be disabled by default
...
[SeeRM #8699 ]
2013-11-22 22:16:40 -06:00
66edfe968d
Sorting output
2013-11-21 00:57:08 +01:00
e88da09894
Land #2660 , DLL/service creation for x64
2013-11-20 17:25:16 -06:00
0ea0dc168c
set _comment method to js for num and dword
2013-11-20 23:10:55 +01:00
742c52711a
added 2 new output types for msfencode: num and dword
2013-11-20 22:36:17 +01:00
135dad1f4e
Fix dll/service creation
2013-11-20 20:10:47 +00:00
110e78a1ad
Land #2507 , @todb-r7's fix to allow DCERPC misin to use RPORT
2013-11-20 10:21:32 -06:00
7435d74c59
Land #2093 , @sempervictus MaxChar for Rex::Ui::Text::Table cols
2013-11-19 13:34:45 -06:00
ac1fb2d1da
Just use a straight RPORT, don't sneak 593.
...
Incidentally, the endmap scanner doesn't appear to work at all for
http-rpc-epmap, so no harm done anyway (tested against Windows 2008
server).
It looks like a bigger change than it realy is, thanks to the indentaton
changes by removing the itertor. Diff this without whitespace changes to
get a better idea of what's actually different.
2013-11-19 13:29:02 -06:00
34dccaaa1f
Clean use of -c on creds command
2013-11-19 13:26:14 -06:00
f690667294
Land #2617 , @FireFart's mixin and login bruteforcer for TYPO3
2013-11-18 13:37:16 -06:00
7dd70d4c19
Switch to vprint_debug some mixin messages
2013-11-18 13:33:45 -06:00
ae440130f5
Reduce code complexity easily
2013-11-18 13:25:50 -06:00
f61c1548ee
Use verbose by default on mixin error messages
2013-11-18 13:23:05 -06:00
eb8c3ba657
Switch to normal indentation
2013-11-18 13:20:49 -06:00
William Vu
Meatballs
jvazquez-r7
scriptjunkie
OJ
sinn3r
corelanc0d3r
yehualiu
Tod Beardsley
Tod Beardsley