Joe Vennix
b96a7ed1d0
Install a global object in firefox payloads, bump jsobfu.
2014-09-24 16:05:00 -05:00
Joe Vennix
5d234c0e01
Pass #send in this so jsobfu is not confused.
2014-09-24 15:07:14 -05:00
sinn3r
65287e41cd
Land #3773 - Fix windows cmd redirection in firefox payloads
2014-09-10 13:25:42 -05:00
Joe Vennix
1bb6573570
Fix windows cmd redirection in ff payloads.
2014-09-10 00:47:05 -05:00
jvazquez-r7
559ec4adfe
Add module for ZDI-14-299
2014-08-31 01:11:46 -05:00
jvazquez-r7
e1b6ee283f
Allow Msf::Payload::JSP to guess system shell path if it isnt provided
2014-08-30 16:27:02 -05:00
HD Moore
5e123e024d
Add 'coding: binary' to all msf/rex library files
...
This fixes a huge number of hard-to-detect runtime bugs
that occur when a default utf-8 string from one of these
libraries is passed into a method expecting ascii-8bit
2014-08-17 17:31:53 -05:00
sinn3r
2a7227f443
Land #3427 - Adds webcam module for firefox privileged sessions on OSX
2014-06-11 22:27:25 -05:00
joev
d990fb4999
Remove a number of stray edits and bs.
2014-06-06 16:24:45 -05:00
Tod Beardsley
d0d389598a
Land #3086 , Android Java Meterpreter updates
...
w00t.
2014-06-02 17:28:38 -05:00
joev
14b796acbf
First stab at refactoring webrtc mixin.
2014-05-21 15:32:29 -05:00
Brendan Coles
cc8ab9bcba
Support one line js payload
...
Add missing ';' in `run_cmd_source`
2014-05-05 18:57:15 +10:00
sinn3r
6e37493471
Land #3091 - native shellcode payloads from a FF privileged js shell
2014-03-13 13:36:37 -05:00
AnwarMohamed
b45524ecdd
generate cert @ payload/dalvik.rb
2014-03-10 21:50:00 -05:00
AnwarMohamed
99cc94e6fc
moving string_sub() to payload/dalvik.rb
2014-03-10 21:49:59 -05:00
jvazquez-r7
6c490af75e
Add randomization to Rex::Zip::Jar and java_signed_applet
2014-02-27 12:38:52 -06:00
sinn3r
d0780cd1a2
Land #3010 - EXITFUNC as OptEnum
2014-02-24 11:07:10 -06:00
Joe Vennix
212ebb568c
EXITFUNC option should be an OptEnum.
2014-02-19 03:06:15 -06:00
Joe Vennix
50fb9b247e
Restructure some of the exploit methods.
2014-02-19 02:31:22 -06:00
Joe Vennix
318ebdb4c8
Clean up // comments.
2014-02-17 15:34:42 -06:00
Joe Vennix
57449ac719
Adds working shellcode exec local exploit.
2014-02-17 15:31:45 -06:00
jvazquez-r7
1f0020a61c
Land #2946 , @jlee-r7's optimization of the x86 block_api code
2014-02-11 15:00:00 -06:00
James Lee
b226ecf591
Add block_api changes to prepend_migrate
2014-02-05 15:32:59 -06:00
sinn3r
bda93c2bbc
Land #2811 - Add generate_war to jsp_shell payloads
2014-02-04 15:06:45 -06:00
Joe Vennix
7af8fe9cd1
Catch exceptions in an XSS script and return the error.
2014-01-07 16:23:24 -06:00
Joe Vennix
fb1a038024
Update async API to actually be async in all cases.
...
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
2014-01-07 16:17:34 -06:00
Joe Vennix
9d3b86ecf4
Add explicit require for JSON, so msfpayload runs.
2014-01-05 14:58:18 -06:00
Joe Vennix
f2f68a61aa
Use shell primitives instead of resorting to
...
echo hacks.
2014-01-04 19:00:36 -06:00
Joe Vennix
b9c46cde47
Refactor runCmd, allow js exec.
...
* Updates exec payload to not touch disk
* Adds XSS module that uses hiddenWindow (to avoid X-Frame-Options)
2014-01-04 08:46:57 -06:00
Joe Vennix
a5ebdce262
Add exec payload. Cleans up a lot of code.
...
Adds some yardocs and whatnot.
2014-01-03 18:23:48 -06:00
Joe Vennix
8fd517f9ef
Fixes shell escaping errors with nested quotes in windows.
2014-01-03 16:14:28 -06:00
Joe Vennix
13464d0aae
Minor cleanup of firefox.rb.
2014-01-03 01:34:57 -06:00
Joe Vennix
7961b3eecd
Rework windows shell to use wscript.
2014-01-03 01:29:34 -06:00
jvazquez-r7
764d0822f6
Use the current msf's naming convention
2014-01-02 15:57:09 -06:00
Joe Vennix
06fb2139b0
Digging around to get shell_command_token to work.
2014-01-02 14:05:06 -06:00
Joe Vennix
1f9ac12dda
DRYs up firefox payloads.
2014-01-02 10:48:28 -06:00
OJ
ccbf305de1
Remove exception stuff from the payloads
2013-12-06 09:26:46 +10:00
OJ
2cb991cace
Shuffle RDI stuff into more appropriate structure
...
Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
2013-12-06 08:25:24 +10:00
OJ
b936831125
Renamed the mixin module
2013-12-05 08:13:54 +10:00
OJ
7b24f815ee
Missed a single module in rename
2013-12-04 22:54:07 +10:00
OJ
7e8db8662e
Update name of the mixin
...
Changed `RdiMixin` to `ReflectiveDLLInjection`.
2013-12-04 22:18:29 +10:00
OJ
f79af4c30e
Add RDI mixin module
...
MSF was starting to see more modules using RDI to load binaries into
remote processes, so it made sense to create a mixin which contained
the functionality that was being used in various locations.
This commit contains the new mixin, and adjustments to all the existing
exploits and modules which use RDI.
2013-12-04 16:09:41 +10:00
joev
c7bcc97dff
Add SSL support to #nodejs_reverse_tcp.
2013-10-12 03:32:52 -05:00
joev
6440a26f04
Move shared Node.js payload logic to mixin.
...
- this fixes the recursive loading issue when creating a payload
inside the cmd payload
- also dries up some of the node cmd invocation logic.
2013-10-12 03:19:06 -05:00
Tod Beardsley
dae8847c4d
Land #2374 , more complete 32/64 migrate fix
...
[FixRM #8395 ]
2013-09-17 14:52:04 -05:00
James Lee
c77d49a640
Merge branch 'rapid7' into cleanup/remove-id-tags
...
Conflicts:
lib/msf/core/payload/osx/bundleinject.rb
lib/msf/core/payload/windows/dllinject.rb
lib/msf/core/payload/windows/exec.rb
lib/msf/core/payload/windows/loadlibrary.rb
lib/msf/core/payload/windows/reflectivedllinject.rb
lib/msf/core/payload/windows/x64/reflectivedllinject.rb
scripts/meterpreter/netenum.rb
2013-09-17 10:55:02 -05:00
James Lee
97d3a20f82
Remove more $Revision tags
2013-09-17 10:46:37 -05:00
James Lee
d6954e9ce7
Fix migrate from 32- to 64-bit processes
...
In some cases, it was possible to end up in a situation where the x64
reflective library hadn't been loaded by the time a user typed migrate.
If the target process was 64-bit, msfconsole would error out with a
NoMethodError and much sadness would ensue.
[See #2356 ]
2013-09-16 16:04:50 -05:00
Tab Assassin
896bb129cd
Retab changes for PR #2325
2013-09-05 13:24:09 -05:00
Tab Assassin
5ff25d8b96
Merge for retab
2013-09-05 13:23:25 -05:00