Adds a Reflective DLL submodule in external pointing at the Rapid7 fork
Updates kitrap0d to use above submodule
Adds a make.bat file to create kitrap0d
As mentioned here https://community.rapid7.com/thread/3788 the metsvc
script was still looking for the old file name for metsrv.dll, which
was causing the script to fail.
This commit fixes this issue. A hash is used to indicate local and remote
file names so that the remote can continue to use metsrv.dll, but it
is correctly located on disk locally.
This commit is the first in a series that will move all the exploits that use RDI
over to the R7 fork. The RDI source will be in a single known location and each
exploit will have to work from that location.
The kitrap0d exploit has been migrated over to use this submodule so that there's
one example of how it's done for future contributions to follow.
This change adds support for `getenv` to python meterpreter. Nothing too
complex going on here. I tidied up the definitions of the TLVs as well
so that they look nice.
This command will allow the attacker to grab environment variables from the
target, if they exist. Calling this function allows for one or more values
to be passed in, which should match the name of the variable required. If
the variable is found, it is returned. If it is not found, the variable
is not returned (ie. it's not present in the resulting hash).
Note 1: POSIX environment vars are case-senstive, whereas Windows is not.
Note 2: POSIX doesn't seem to cough up user environment vars, it only returns
system vars. I'm not sure why this is, but it could be because of the way
we do linking on POSIX.
jvazquez-r7
sinn3r
yehualiu
Karn Ganeshen
Meatballs
OJ
William Vu
James Lee
Tod Beardsley
Tab Assassin