Commit Graph

196 Commits (33b37727c76728593bb145d2eba9abe1b1c1ab7a)

Author SHA1 Message Date
Joe Vennix b96a7ed1d0
Install a global object in firefox payloads, bump jsobfu. 2014-09-24 16:05:00 -05:00
Joe Vennix 5d234c0e01
Pass #send in this so jsobfu is not confused. 2014-09-24 15:07:14 -05:00
sinn3r 65287e41cd
Land #3773 - Fix windows cmd redirection in firefox payloads 2014-09-10 13:25:42 -05:00
Joe Vennix 1bb6573570
Fix windows cmd redirection in ff payloads. 2014-09-10 00:47:05 -05:00
jvazquez-r7 559ec4adfe Add module for ZDI-14-299 2014-08-31 01:11:46 -05:00
jvazquez-r7 e1b6ee283f Allow Msf::Payload::JSP to guess system shell path if it isnt provided 2014-08-30 16:27:02 -05:00
HD Moore 5e123e024d Add 'coding: binary' to all msf/rex library files
This fixes a huge number of hard-to-detect runtime bugs
that occur when a default utf-8 string from one of these
libraries is passed into a method expecting ascii-8bit
2014-08-17 17:31:53 -05:00
sinn3r 2a7227f443
Land #3427 - Adds webcam module for firefox privileged sessions on OSX 2014-06-11 22:27:25 -05:00
joev d990fb4999
Remove a number of stray edits and bs. 2014-06-06 16:24:45 -05:00
Tod Beardsley d0d389598a
Land #3086, Android Java Meterpreter updates
w00t.
2014-06-02 17:28:38 -05:00
joev 14b796acbf First stab at refactoring webrtc mixin. 2014-05-21 15:32:29 -05:00
Brendan Coles cc8ab9bcba Support one line js payload
Add missing ';' in `run_cmd_source`
2014-05-05 18:57:15 +10:00
sinn3r 6e37493471
Land #3091 - native shellcode payloads from a FF privileged js shell 2014-03-13 13:36:37 -05:00
AnwarMohamed b45524ecdd generate cert @ payload/dalvik.rb 2014-03-10 21:50:00 -05:00
AnwarMohamed 99cc94e6fc moving string_sub() to payload/dalvik.rb 2014-03-10 21:49:59 -05:00
jvazquez-r7 6c490af75e Add randomization to Rex::Zip::Jar and java_signed_applet 2014-02-27 12:38:52 -06:00
sinn3r d0780cd1a2
Land #3010 - EXITFUNC as OptEnum 2014-02-24 11:07:10 -06:00
Joe Vennix 212ebb568c EXITFUNC option should be an OptEnum. 2014-02-19 03:06:15 -06:00
Joe Vennix 50fb9b247e Restructure some of the exploit methods. 2014-02-19 02:31:22 -06:00
Joe Vennix 318ebdb4c8 Clean up // comments. 2014-02-17 15:34:42 -06:00
Joe Vennix 57449ac719 Adds working shellcode exec local exploit. 2014-02-17 15:31:45 -06:00
jvazquez-r7 1f0020a61c
Land #2946, @jlee-r7's optimization of the x86 block_api code 2014-02-11 15:00:00 -06:00
James Lee b226ecf591
Add block_api changes to prepend_migrate 2014-02-05 15:32:59 -06:00
sinn3r bda93c2bbc
Land #2811 - Add generate_war to jsp_shell payloads 2014-02-04 15:06:45 -06:00
Joe Vennix 7af8fe9cd1 Catch exceptions in an XSS script and return the error. 2014-01-07 16:23:24 -06:00
Joe Vennix fb1a038024 Update async API to actually be async in all cases.
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
2014-01-07 16:17:34 -06:00
Joe Vennix 9d3b86ecf4 Add explicit require for JSON, so msfpayload runs. 2014-01-05 14:58:18 -06:00
Joe Vennix f2f68a61aa Use shell primitives instead of resorting to
echo hacks.
2014-01-04 19:00:36 -06:00
Joe Vennix b9c46cde47 Refactor runCmd, allow js exec.
* Updates exec payload to not touch disk
* Adds XSS module that uses hiddenWindow (to avoid X-Frame-Options)
2014-01-04 08:46:57 -06:00
Joe Vennix a5ebdce262 Add exec payload. Cleans up a lot of code.
Adds some yardocs and whatnot.
2014-01-03 18:23:48 -06:00
Joe Vennix 8fd517f9ef Fixes shell escaping errors with nested quotes in windows. 2014-01-03 16:14:28 -06:00
Joe Vennix 13464d0aae Minor cleanup of firefox.rb. 2014-01-03 01:34:57 -06:00
Joe Vennix 7961b3eecd Rework windows shell to use wscript. 2014-01-03 01:29:34 -06:00
jvazquez-r7 764d0822f6 Use the current msf's naming convention 2014-01-02 15:57:09 -06:00
Joe Vennix 06fb2139b0 Digging around to get shell_command_token to work. 2014-01-02 14:05:06 -06:00
Joe Vennix 1f9ac12dda DRYs up firefox payloads. 2014-01-02 10:48:28 -06:00
OJ ccbf305de1 Remove exception stuff from the payloads 2013-12-06 09:26:46 +10:00
OJ 2cb991cace Shuffle RDI stuff into more appropriate structure
Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
2013-12-06 08:25:24 +10:00
OJ b936831125 Renamed the mixin module 2013-12-05 08:13:54 +10:00
OJ 7b24f815ee Missed a single module in rename 2013-12-04 22:54:07 +10:00
OJ 7e8db8662e Update name of the mixin
Changed `RdiMixin` to `ReflectiveDLLInjection`.
2013-12-04 22:18:29 +10:00
OJ f79af4c30e Add RDI mixin module
MSF was starting to see more modules using RDI to load binaries into
remote processes, so it made sense to create a mixin which contained
the functionality that was being used in various locations.

This commit contains the new mixin, and adjustments to all the existing
exploits and modules which use RDI.
2013-12-04 16:09:41 +10:00
joev c7bcc97dff Add SSL support to #nodejs_reverse_tcp. 2013-10-12 03:32:52 -05:00
joev 6440a26f04 Move shared Node.js payload logic to mixin.
- this fixes the recursive loading issue when creating a payload
  inside the cmd payload
- also dries up some of the node cmd invocation logic.
2013-10-12 03:19:06 -05:00
Tod Beardsley dae8847c4d
Land #2374, more complete 32/64 migrate fix
[FixRM #8395]
2013-09-17 14:52:04 -05:00
James Lee c77d49a640 Merge branch 'rapid7' into cleanup/remove-id-tags
Conflicts:
	lib/msf/core/payload/osx/bundleinject.rb
	lib/msf/core/payload/windows/dllinject.rb
	lib/msf/core/payload/windows/exec.rb
	lib/msf/core/payload/windows/loadlibrary.rb
	lib/msf/core/payload/windows/reflectivedllinject.rb
	lib/msf/core/payload/windows/x64/reflectivedllinject.rb
	scripts/meterpreter/netenum.rb
2013-09-17 10:55:02 -05:00
James Lee 97d3a20f82 Remove more $Revision tags 2013-09-17 10:46:37 -05:00
James Lee d6954e9ce7 Fix migrate from 32- to 64-bit processes
In some cases, it was possible to end up in a situation where the x64
reflective library hadn't been loaded by the time a user typed migrate.
If the target process was 64-bit, msfconsole would error out with a
NoMethodError and much sadness would ensue.

[See #2356]
2013-09-16 16:04:50 -05:00
Tab Assassin 896bb129cd Retab changes for PR #2325 2013-09-05 13:24:09 -05:00
Tab Assassin 5ff25d8b96 Merge for retab 2013-09-05 13:23:25 -05:00