3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
f703fa21d6
Revert "change Metasploit3 class names"
...
This reverts commit 666ae14259
2016-03-07 13:19:55 -06:00
44990e9721
Revert "change Metasploit4 class names"
...
This reverts commit 3da9535e22
2016-03-07 13:19:48 -06:00
0e46cc0259
Revert "change remaining class names"
...
This reverts commit 62217fff2b
2016-03-07 13:19:42 -06:00
62217fff2b
change remaining class names
2016-03-07 09:58:21 +01:00
3da9535e22
change Metasploit4 class names
2016-03-07 09:57:22 +01:00
666ae14259
change Metasploit3 class names
2016-03-07 09:56:58 +01:00
c7c0e12bb3
remove various module hacks for the datastore defaults not preserving types
2016-03-05 23:11:39 -06:00
24290dc169
Address x86/Bmp polyglot encoder feedback
2016-01-07 10:23:32 -05:00
cca0ba3efe
Add an x86/Bitmap polyglot encoder
2016-01-05 23:17:34 -05:00
55f6fe7037
Land #5510 , update x86/alpha* encoders to be SaveRegister aware
2015-10-01 15:07:10 -05:00
cea8605365
Fix #5596 by catching RuntimeError from Rex::Poly
2015-06-24 15:17:33 -05:00
f8623ebdda
Add support for stage encoding to alpha_upper
2015-06-08 14:35:48 -05:00
d56b3663fb
Have into account modified registers on geteip_fpu call from alpha_mixed
2015-06-08 12:00:52 -05:00
a77a4bd4c5
Account alpha_mixed modified registers
2015-06-08 11:16:24 -05:00
e72f705298
Add new code template
2015-06-08 09:46:04 -05:00
093ca31c7d
The InvalidPayloadSizeException wasn't actually defined anywhere
2015-05-18 15:36:15 -05:00
b0a8c77127
Switch RuntimeError -> EncodingError
2015-05-18 15:33:01 -05:00
7989a29203
Switch to the stock EncodingError exception
2015-05-18 15:27:31 -05:00
5c31586c68
Switch to the correct exception class
2015-05-18 15:25:26 -05:00
a543d957d4
Fix #4717 - Change AllowWin32SEH's default to false
...
This is patch to change AllowWin32SEH to false.
Root cause:
The truely intended behavior is that if the user doesn't set a
BufferRegister and the encoder is for Windows, the AllowWin32SEH
code should kick in.
The problem here is that msfencode and msfvenom handle the platform
information differently, so we get different results.
With msfencode, the platform information isn't passed when alpha_mixed
is used, so even if you're using the encoder for Win32, the encoder
doesn't actually know about this. But everything works out just fine
anyway because people don't actually rely on AllowWin32SEH.
With msfvenom, the platform information is passed, so the encoder
actually knows it's for Windows. The two conditions are met (regster
and platform), so AllowWin32SEH kicks in. However, the AllowWin32SEH
technique enforces the BufferRegister to ECX, and that there's no
GetPC, so by default this isn't going to work.
The solution:
We are actually better off with setting AllowWin32SEH to false, mainly
because the SEH technique is pretty much dead (congrats MSFT!). And we
want the GetPC routine by default.
If people want to use AllowWin32SEH routine, they can simply set
AllowWin32SEH to true to bring it right back. For example:
e = framework.encoders.create('x86/alpha_mixed')
e.datastore.import_options_from_hash({'AllowWin32SEH'=>true})
buf = e.encode("AAAA", nil, nil, ::Msf::Module::PlatformList.win32)
Or in msfvenom:
msfvenom -p windows/meterpreter/bind_tcp -e x86/alpha_mixed
AllowWin32SEH=true -f raw
Fix #4717
2015-02-06 12:38:04 -06:00
f67a32ef9c
Add missing commits from #3770 , lands #4393
2014-12-13 17:36:26 -06:00
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
0199e4d658
Land #3770 , resolve random stager bugs
2014-11-03 14:15:14 -06:00
7cb4320a76
Land #3561 - unix cmd generic_sh encoder
2014-10-23 15:48:00 -05:00
57fe829f96
Switch generic_sh's rank to ManualRanking
2014-10-20 09:34:19 -05:00
c991c5e377
Readd generic_sh encoder
2014-10-20 09:33:34 -05:00
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
341d8b01cc
Favor echo encoder for back compatibility
2014-10-07 10:24:32 -05:00
3628f73235
Fix ARCH_CMD perl encoding
2014-10-07 10:21:30 -05:00
e63b389713
Add @jlee-r7's changes to perl encoding
2014-10-07 00:16:16 -05:00
6f174a9996
Fix obvious introduced bug
2014-10-06 18:56:25 -05:00
6b52ce9101
Delete 'old' generic_sh unix cmd encoder, favor splitting
2014-10-06 18:45:10 -05:00
212762e1d6
Delete RequiredCmd for unix cmd encoders, favor EncoderType
2014-10-06 18:42:21 -05:00
e9f341fd6c
Rename to more intention-revealing name
2014-10-06 16:33:21 -05:00
b8a1010ba4
Switch to Array#union and rename preserved_registers
2014-09-13 22:48:14 -05:00
71228b48a0
Update 3 more encoders to be StageEncoder compatible
...
This could probably use some DRY love via a mixin
2014-09-10 20:21:35 -05:00
815e007f48
Fix two cosmetic typos
2014-09-10 19:07:40 -05:00
6c0dae953d
Stage encoding is now SaveRegister aware
2014-09-09 14:21:51 -05:00
f546eae464
Modify encoders to allow back compatibility
2014-07-22 13:27:12 -05:00
b770745e9d
Split generic_sh in echo, perl and ifs encoders
2014-07-22 10:27:45 -05:00
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
7572d6612e
Spelling and grammar on new release modules
2014-04-07 12:18:13 -05:00
367652592c
Land #2964 - Powershell CMD Encoder
2014-04-01 10:26:38 -05:00
fb20759fc2
Comment doc speelling
2014-03-31 16:42:50 -05:00
196e07c5b1
Touch up the EICAR stuff
2014-03-28 11:45:28 -05:00
a50b4e88be
Fix msftidy warning: Suspect capitalization in module title: 'encoder'
2014-02-24 11:25:46 -06:00
b2d09ed0d1
Add the NULL byte to the list of valid chars
...
While rare, I guess it is a possibility that the NULL byte can be
used.
2014-02-17 16:40:56 +10:00
e134ec4691
Remove '*' from valid file system chars
2014-02-16 23:57:54 +10:00
a808053c37
Add first pass of optimised sub encoder
...
Full details of the encoder are in the detailed description in the
source itself. But this is effectively an "optimised" SUB encoder
which is similar to the add_sub encoder except it doesn't bother to
use the ADD instructions at all, and it doesn't zero out EAX for
each 4-byte block unless absolutely necessary. This results in
payloads being MUCH smaller (in some cases 30% or more is saved).
2014-02-16 20:12:14 +10:00
39be214413
Dont use quotes and start in a console
2014-02-10 23:15:59 +00:00
6234528c25
Keep it secret keep it safe
2014-02-08 19:29:01 +00:00
92f779ed1b
Cant handle space characters either
2014-02-08 19:16:42 +00:00
a42e97395b
Powershell cmd encoder
2014-02-08 19:09:57 +00:00
80e7ae144b
Use the platform when selecting the payload
2014-02-04 14:34:11 -06:00
4e581a35ac
Fix encoder architecture
2014-01-08 16:18:30 -06:00
c51e9036ae
Merge branch 'land_mipsbe_xor_encoder' into upstream-master
2013-12-07 17:28:57 -06:00
79e59b2066
Fix metasm data
2013-11-02 10:37:57 -05:00
b077b0accf
Add byte xori mipsle encoder
2013-11-02 10:22:41 -05:00
594ee42398
Add byte xori mipsbe encoder
2013-11-02 10:10:51 -05:00
f5d1d8eace
chmod -x .rb files without #! in modules and lib
...
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
d679946b7f
Landing #1713 - add_sub encoder for x86 payloads
2013-05-31 18:49:08 -05:00
2ac0d25413
Fixes e-mail format, also a whitespace
2013-05-31 18:47:46 -05:00
05916c079e
Inline unit tests are so last decade
...
Aside from codebase-wide changes, nearly all of these tests haven't been
touched since before 2010, and there is no effort to maintain this style
of testing. We've moved on to (correctly) seperating out our tests from
our codebase.
2013-05-23 12:41:14 -05:00
e48cea432c
added add_sub encoder for x86 payloads
2013-04-08 20:51:39 +03:00
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
4085fa73c5
Merge branch 'stephenfewer-master'
2013-02-27 11:13:10 -06:00
b3b68c1b90
Make stage encoding possible
...
* Fixes a bug in shikata where input greater than 0xffff length would
still use 16-bit counter
* Short circuits finding bad xor keys if there are no bad characters to
avoid
* Fixes huge performance issue with large inputs to xor-based encoders
due to the use of String#+ instead of String#<< in a loop. It now
takes ~3 seconds on modern hardware to encode a 750kB buffer with
shikata where it used to take more than 10 minutes. The decoding side
takes a similar amount of time and will increase the wait between
sending the second stage and opening a usable session by several
seconds.
I believe this addresses the intent of pull request 905
[See #905 ]
2013-01-13 21:07:39 -06:00
8e6e1bc164
open up the bloxor encoder.
2013-01-10 17:39:40 +00:00
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
93a69ea62e
Fix instances of invalid lower-case datastore use
2012-11-29 00:05:36 -06:00
e9f7873afc
Version cleanup
...
Remove all values that are neither 0 nor $Revision$.
2012-10-22 20:57:02 +02:00
b46fb260a6
Comply with msftidy
...
*Knock, knock!* Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
cc90a60a1b
Correct the use of the platform argument
...
The platform argument is meant to be a PlatformList object, not as an array:
http://dev.metasploit.com/redmine/issues/6826
This commit undoes the last change to init_platform() in alpha_mixed and modifies msfvenom to use it as intended.
2012-06-26 17:32:55 +02:00
1d121071f3
Prepend nops to raw payload in encoder if needed
2012-06-15 09:59:10 +02:00
091b3bbbd9
Added module plus encoder for CVE-2012-2329
2012-06-15 00:29:52 +02:00
605e1929e4
Fixed msfvenom NoMethodError with alpha_mixed encoder.
...
The issue was reported on Github[1] and Redmine[2].
The error consisted of trying to use the supports?() method
on an Array instead of a PlatformList.
[1] https://github.com/rapid7/metasploit-framework/issues/357
[2] http://dev.metasploit.com/redmine/issues/6826
Reported by: Brandon Perry
Signed off by: Silviu Popescu <silviupopescu1990@gmail.com>
2012-05-03 17:47:25 +03:00
aeb691bbee
Massive whitespace cleanup
2012-03-18 00:07:27 -05:00
3a33434867
Fix a couple of typos that throw off module authors
2012-03-05 13:28:46 -07:00
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
6f5961db52
don't dump a stack trace when it's a normal encoding failure.
...
git-svn-id: file:///home/svn/framework3/trunk@13532 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 21:29:53 +00:00
a9d429d09a
make printf_php_mq ManualRanking to avoid using it in situations where it will definitely fail. fixes opera_historysearch
...
git-svn-id: file:///home/svn/framework3/trunk@12671 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-20 09:59:01 +00:00
4b4ed6edbe
un-truncate a comment and make sure we didn't append a . to the buffer
...
git-svn-id: file:///home/svn/framework3/trunk@11788 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-22 01:59:17 +00:00
d2670d52ec
add BufferRegister and BufferOffset support for shikata_ga_nai. see #3563 . tested this pretty extensively. /me crosses fingers
...
git-svn-id: file:///home/svn/framework3/trunk@11646 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-26 04:24:41 +00:00
bd7f6eec10
Typo.
...
git-svn-id: file:///home/svn/framework3/trunk@11045 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-14 23:39:29 +00:00
2d6b995623
rename/clarify PrintfUtil encoder, fixes #2308
...
git-svn-id: file:///home/svn/framework3/trunk@10729 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-18 15:41:13 +00:00
4590844871
tons of indentation fixes, some other style tweaks
...
git-svn-id: file:///home/svn/framework3/trunk@10394 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 08:06:27 +00:00
d4e5f17d62
reduce the rank of the php encoder so it is no longer the default for msfencode. kind of a hacky solution, should probably default the arch to x86 directly, but i'm afraid of breaking something in msfencode
...
git-svn-id: file:///home/svn/framework3/trunk@9884 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 06:27:14 +00:00
8ba9d6254a
prioritize the base64 encoder over chr()
...
git-svn-id: file:///home/svn/framework3/trunk@9661 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-02 01:53:35 +00:00
0882838491
ensure binary mode when opening files, whitespace fixes
...
git-svn-id: file:///home/svn/framework3/trunk@9653 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 23:33:07 +00:00
f0a4812644
add special encoder for piranha_passwd_exec vuln (rh62)
...
git-svn-id: file:///home/svn/framework3/trunk@9613 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-24 22:36:51 +00:00
dcc52ff3f0
add a last-ditch effort in case alphanums are badchars
...
git-svn-id: file:///home/svn/framework3/trunk@9592 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-23 08:23:00 +00:00
d8609b85e3
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@9460 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-09 18:41:58 +00:00
74a68138fc
Add new context-keyed encoders from Dimitris Glynos ( http://census-labs.com/news/2010/06/04/athcon-2010-update/ )
...
git-svn-id: file:///home/svn/framework3/trunk@9457 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-09 16:43:46 +00:00
0e72894e58
more cleanups
...
git-svn-id: file:///home/svn/framework3/trunk@9212 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-03 17:13:09 +00:00
0ea6eca4bc
big module whitespace/formatting cleanup pass
...
git-svn-id: file:///home/svn/framework3/trunk@9179 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-30 08:40:19 +00:00
Christian Mehlmauer
Brent Cook
Spencer McIntyre
HD Moore
jvazquez-r7
sinn3r
Tod Beardsley
URI Assassin
James Lee
OJ
Meatballs
joev
jvazquez-r7
William Vu
Melih SARICA
sinn3r
Stephen Fewer
Michael Schierl
Silviu-Mihai Popescu
James Lee
Mario Ceballos
Joshua Drake