1ada4831e0
Land #3293 , module deprecation constants
2014-05-14 01:37:29 -05:00
ae0691c586
make string replacement more robust
2014-05-10 17:00:25 +01:00
111160147f
MIPS exec payload fixes for encoder
2014-04-30 20:37:54 +02:00
ec1f7d644c
Support deprecation information from constants
2014-04-23 23:03:02 -04:00
af899254a3
Missed file
2014-04-16 19:14:17 -05:00
549e306572
Remove superfluous v6 http{,s} payload and handler
2014-04-16 18:32:35 -05:00
b4f5784ba2
Land #3147 , @m-1-k-3's mipsbe exec payload.
2014-04-08 22:32:21 -05:00
ffdca3bf42
Fixup on some modules for release
...
There may be more coming, but if not, this should cover
this week's minor style changes.
2014-03-31 12:42:19 -05:00
657b096be3
make msftidy happy
2014-03-27 19:24:25 +01:00
ad94653fc0
feedback included
2014-03-27 16:12:34 +01:00
3fc114e265
exec payload - new try
2014-03-26 19:48:14 +01:00
33651d0753
Fix formatting of hash options.
2014-03-25 14:43:53 -05:00
c8784168d5
Fix references and whitespace in mips payloads.
2014-03-25 14:39:27 -05:00
1ac3944627
Merge branch 'landing-pr-3095' into upstream-master
2014-03-25 10:56:42 -05:00
1680f9cc5d
Land PR #3127 , @m-1-k-3's mipsbe reboot payload, into master
2014-03-25 10:44:37 -05:00
50efd0b5d0
change name and filename and file included
2014-03-25 09:13:04 +01:00
a9952fa294
change name and filename
2014-03-25 09:11:16 +01:00
fca4425f95
feedback
2014-03-25 09:09:13 +01:00
4f1404eecc
reboot payload for mipsbe
2014-03-20 12:37:58 +01:00
0b6a890137
Fix missing require in reverse_powershell
...
When initializing the db:
/opt/metasploit-framework/modules/payloads/singles/cmd/windows/reverse_powershell.rb:34:in `initialize': uninitialized constant Msf::Handler::ReverseTcp (NameError)
from /opt/metasploit-framework/lib/msf/core/payload_set.rb:198:in `new'
from /opt/metasploit-framework/lib/msf/core/payload_set.rb:198:in `add_module'
from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:72:in `on_module_load'
from /opt/metasploit-framework/lib/msf/core/modules/loader/base.rb:207:in `load_module'
from /opt/metasploit-framework/lib/msf/core/modules/loader/base.rb:271:in `block in load_modules'
from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:58:in `block (2 levels) in each_module_reference_name'
from /opt/metasploit-framework/lib/rex/file.rb:127:in `block in find'
from /opt/metasploit-framework/lib/rex/file.rb:126:in `catch'
from /opt/metasploit-framework/lib/rex/file.rb:126:in `find'
from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:45:in `block in each_module_reference_name'
from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:29:in `foreach'
from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:29:in `each_module_reference_name'
from /opt/metasploit-framework/lib/msf/core/modules/loader/base.rb:264:in `load_modules'
from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:118:in `block in load_modules'
from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:116:in `each'
from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:116:in `load_modules'
from /opt/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:56:in `block in add_module_path'
from /opt/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:55:in `each'
from /opt/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:55:in `add_module_path'
from /opt/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:14:in `init_module_paths'
from /opt/metasploit-framework/lib/msf/ui/console/driver.rb:228:in `initialize'
from /opt/metasploit-framework/msfconsole:148:in `new'
from /opt/metasploit-framework/msfconsole:148:in `<main>'
2014-03-14 19:28:00 +00:00
8db5d854c2
typo, null terminator
2014-03-13 18:38:27 +01:00
f39e784d19
mipsle execve payload
2014-03-12 21:08:40 +01:00
15b1a5931c
Remove extra resources from android reverse_http(s).
2014-03-11 11:56:05 -05:00
4f31eba7f4
android payload golf
2014-03-10 21:50:00 -05:00
ad8b0ef3d1
using http(s)://LHOST:LPORT
2014-03-10 21:50:00 -05:00
b45524ecdd
generate cert @ payload/dalvik.rb
2014-03-10 21:50:00 -05:00
99cc94e6fc
moving string_sub() to payload/dalvik.rb
2014-03-10 21:49:59 -05:00
dc8992924f
android reverse_http/s
2014-03-10 21:49:59 -05:00
46c11ea2eb
Small fixes to m-1-k-3's mipsle reboot shellcode.
2014-03-10 17:17:23 -05:00
7da54eb9cf
Merge branch 'landing-3041' into upstream-master
...
Lands PR #3041 , @m-1-k-3's reboot shellcode.
2014-03-10 17:11:06 -05:00
3c95c021d0
Reference added
2014-03-10 12:17:20 +01:00
1fda6b86a1
Changed cmp eax by inc eax. Saved one byte
2014-03-10 12:13:10 +01:00
689523a26f
Clean Code based on jlee-r7's comments
...
- Put allocations in loop
- Decomment exitfunc
- Aligned comments
- Some more code cleaning
2014-03-06 02:44:24 +01:00
83929facc4
Fix bug on Windows XP
...
Correct the addresses of functions in pstorec.dll.
Successfully tested on Server 2003 and XP.
2014-03-06 02:35:44 +01:00
b6b46abe9f
Add new stager stager_reverse_http_proxy_pstore
...
This stager looks for proxy credentials in windows protected storage. If it finds proxy credentials, it will use them to connect back. If it does not find credentials, it will do the same as stager_reverse_http.
Works on:
- Windows Server 2003
- Windows XP
- Internet Explorer versions 4 to 6
2014-03-06 02:35:12 +01:00
caaa419ef8
Land #3054 - Fix crash in osx/x64/exec on 10.9 Mavericks
2014-03-04 15:24:02 -06:00
f0868c35bf
Land #3050 - Fix tained perl payloads
2014-03-04 10:05:47 +10:00
6a02a2e3b3
NULL out envp pointer before execve call.
...
This was causing a crash on 10.9.
2014-03-03 08:56:52 -06:00
8c4b663643
Fix payloads to bypass Perl's Taint mode.
2014-03-02 18:39:05 +02:00
6c490af75e
Add randomization to Rex::Zip::Jar and java_signed_applet
2014-02-27 12:38:52 -06:00
d6b28e3b74
mipsel reboot payload
2014-02-26 20:34:35 +01:00
b4a22aa25d
hidden bind shell payload
2014-02-20 16:19:40 +01:00
e75a0ea948
Fix typo
2014-02-19 15:21:02 -06:00
aa07065f67
Land #2959 , reverse powershell payload by @Meatballs1
2014-02-19 15:14:54 -06:00
9fad43da08
Add license information
2014-02-19 15:11:12 -06:00
c0983138a0
Fix wrapping errors on long domains.
2014-02-15 15:21:16 -06:00
b0d2949f9a
Ensure no race conditions on handlers
...
Configurable WfsDelay
2014-02-15 15:21:16 -06:00
62f42c57a9
Add instructions for uploading hop.php
2014-02-15 15:21:16 -06:00
5f7a0e162c
Add reverse_hop_http stager and handler
2014-02-15 15:21:16 -06:00
1f0020a61c
Land #2946 , @jlee-r7's optimization of the x86 block_api code
2014-02-11 15:00:00 -06:00
9f04e0081d
Stick with command let encoder handle encoding
2014-02-08 19:28:03 +00:00
93b07b0e48
Add missing RequiredCmds
2014-02-08 12:24:49 +00:00
80814adaf9
Credit where credits due
2014-02-08 01:42:45 +00:00
efe4d6b41a
Tidyup
2014-02-08 01:03:02 +00:00
2d1a0c3a01
Windows CMD love too
2014-02-08 01:00:31 +00:00
14aa8ffd5c
Apply blockapi changes to bind_tcp and bind_tcp_rc4
2014-02-04 17:45:18 -06:00
bda93c2bbc
Land #2811 - Add generate_war to jsp_shell payloads
2014-02-04 15:06:45 -06:00
20b8062220
Apply blockapi changes to reverse_tcp_rc4
2014-02-04 12:30:56 -06:00
c70680cf1c
Fix infinite-retry bug
...
Derp, block_api clobbers ecx
2014-02-04 11:59:16 -06:00
9c3664bd45
Unify reverse_http and reverse_https
...
This will make copy-pasta less painful in the future. There's still the
problem of reverse_https_proxy being very similar, but the logic in how
it gets generated in the module is more than i want to tackle right now
2014-02-04 09:09:12 -06:00
f163bc7f7a
Unbreak reverse_https_proxy
...
Broken by #2448 , 063da8a22e
2014-02-03 15:07:59 -06:00
be0b9fc2f8
Use the new block_api in windows/reverse_tcp
2014-02-03 11:34:52 -06:00
bfc0ac4dd4
Golf a few bytes off of reverse_http(s)
2014-02-03 11:33:55 -06:00
1197426b40
Land PR #2881 , @jvazquez-r7's mips stagers.
2014-01-15 12:46:41 -06:00
0833da465a
Lands #2832 , @jvazquez-r7's fixes to mipsel shellcode.
2014-01-15 12:03:17 -06:00
a056d937e7
Fluch data cache and improve documentation
2014-01-14 14:06:01 -06:00
a8806887e9
Add support for MIPS reverse shell staged payloads
2014-01-14 12:25:11 -06:00
ad832adfc1
Land #2846 - Update mipsle shell_bind_tcp shellcode
2014-01-13 17:37:08 -06:00
61b30e8b60
Land #2869 , pre-release title/desc fixes
2014-01-13 14:29:27 -06:00
e6e6d7aae4
Land #2868 , fix Firefox mixin requires
2014-01-13 14:23:51 -06:00
671027a126
Pre-release title/desc fixes
2014-01-13 13:57:34 -06:00
3db143c452
Remove explicit requires for FF payload.
...
Adds ff payload require to msf/core/payload.rb
2014-01-13 13:07:55 -06:00
95a5d12345
Merge #2835 , #2836 , #2837 , #2838 , #2839 , #2840 , #2841 , #2842 into one branch
2014-01-13 10:57:09 -06:00
140d1fbf90
Land #2847 - Add MIPS big endian single shell_bind_tcp payload
2014-01-10 15:06:35 -06:00
202e19674c
Land #2856 - Fix ARMLE stagers
2014-01-10 15:05:03 -06:00
96ba41a4b0
Land #2844 - Fix the mipsbe shell_reverse_tcp payload
2014-01-10 15:00:39 -06:00
4e8092aceb
Fix armle stagers
2014-01-09 17:34:59 -06:00
a0879b39e0
Add mips be shell_bind_tcp payload
2014-01-08 14:48:54 -06:00
1727b7fb37
Allow the Msf::Payload::Linux's generate to make its work
2014-01-08 12:41:10 -06:00
83e5169734
Don't use temporal register between syscals and save some bytes on the execve
2014-01-08 11:45:27 -06:00
5f7582b72d
Don't use a temporary registerfor the dup2 loop counter
2014-01-07 18:02:55 -06:00
c2dce19768
Don't use a temporary registerfor the dup2 loop counter
2014-01-07 17:39:27 -06:00
a85492a2d7
Fix my own busted dup2 sequence
2014-01-07 16:27:01 -06:00
fb1a038024
Update async API to actually be async in all cases.
...
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
2014-01-07 16:17:34 -06:00
3230b193e1
Make better comment
2014-01-07 15:32:46 -06:00
80dcda6f76
Fix bind call
2014-01-07 15:31:42 -06:00
d567737657
Update reverse_tcp_rc4_dns.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:12:38 +01:00
385ae7ec38
Update reverse_tcp_rc4.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:11:16 +01:00
693d95526b
Update bind_tcp_rc4.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:09:53 +01:00
b5524654d5
Delete comment
2014-01-07 14:50:26 -06:00
45c86d149f
Modify authors field
2014-01-07 14:50:12 -06:00
d6639294aa
Save some instructions with dup2
2014-01-07 14:41:33 -06:00
9cf221cdd6
Delete delay slots after syscall
2014-01-07 13:18:20 -06:00
70d4082c0c
Add formatting blank lines and delete comment
2014-01-07 09:55:36 -06:00
3edd2a50e2
Shorter mipsle shell_reverse_tcp
2014-01-07 09:45:28 -06:00
3b29c370bd
Fix bug in the firefox/exec payload.
2014-01-05 11:24:41 -06:00
4329e5a21e
Update firefox payloads to use async runCmd.
2014-01-04 08:49:43 -06:00
fdca396bc8
Update exec to be diskless.
2014-01-04 08:48:58 -06:00
a5ebdce262
Add exec payload. Cleans up a lot of code.
...
Adds some yardocs and whatnot.
2014-01-03 18:23:48 -06:00
f5f18965b9
Move the require to the payloads as ruby and nodejs payloads do
2014-01-02 16:05:03 -06:00
06fb2139b0
Digging around to get shell_command_token to work.
2014-01-02 14:05:06 -06:00
12fece3aa6
Kill unnecessary comment.
2014-01-02 10:48:28 -06:00
1f9ac12dda
DRYs up firefox payloads.
2014-01-02 10:48:28 -06:00
821aa47d7e
Add firefox paylods.
...
* Adds support for windows or posix shell escaping.
2014-01-02 10:48:28 -06:00
0725b9c69c
Refactor JSP payloads
2013-12-31 08:27:37 -06:00
aa38a23921
Add generate_war to jsp_shell payloads
2013-12-30 13:53:58 -06:00
0db062a1ce
Merge branch 'meatballs-vncdll-submodule'
2013-12-20 18:29:27 +10:00
34cdec5155
Update project VS 2013, clean CLI build
...
* Project system updated to VS 2013.
* Clean builds, had to remove a bunch of warnings.
* `make.bat` for building from the command line.
* Removed RDI stuff that shouldn't be there any more.
* Renamed the x86 DLL to include the platform name.
2013-12-20 09:49:15 +10:00
252909a609
Land #2448 , @OJ's ReverseListenerBindPort :)
2013-12-17 11:24:09 -06:00
f1c5ab95bf
Land #2690 - typo
2013-11-25 23:53:34 -06:00
70139d05ea
Fix missed title
2013-11-25 22:46:35 -06:00
e8eb983ae1
Resplat shell_bind_tcp_random_port
2013-11-20 14:48:53 -06:00
2c485c509e
Fix caps on module titles (first pass)
2013-11-15 00:03:42 -06:00
28c5dd63fd
references fix
2013-11-11 17:14:50 -03:00
8f6917a117
references fix
2013-11-11 17:12:45 -03:00
e3641158d9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-11-11 14:29:19 -03:00
030fbba539
Merge branch 'master' of https://github.com/geyslan/metasploit-framework
2013-11-11 14:22:00 -03:00
81a7b1a9bf
Fixes for #2350 , random bind shellcode
...
* Moved shortlink to a reference.
* Reformat e-mail address.
* Fixed whitespace
* Use multiline quote per most other module descriptions
Still need to resplat the modules, but it's no big thang to do that
after landing. Also, References do not seem to appear for post modules
in the normal msfconsole. This is a bug in the UI, not for these modules
-- many payloads would benefit from being explicit on their references,
so may as well start with these.
2013-11-11 10:33:15 -06:00
063da8a22e
Update reverse_https_proxy stager/handler
...
This change updates the proxy handler code, which for some reason was
ommitted in the orginal commits. This now uses the same mechanism as
the new code. It removes `HIDDENHOST` and `HIDDENPORT`, and instead
uses `ReverseListenerBindHost` and `ReverseListenerBindAddress`.
2013-11-11 22:21:05 +10:00
f5d1d8eace
chmod -x .rb files without #! in modules and lib
...
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
1599d1171d
Land #2558 - Release fixes
2013-10-21 13:48:11 -05:00
bce8d9a90f
Update license comments with resplat.
2013-10-21 13:36:15 -05:00
c070108da6
Release-related updates
...
* Lua is not an acronym
* Adds an OSVDB ref
* credit @jvazquez-r7, not HD, for the Windows CMD thing
2013-10-21 13:33:00 -05:00
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
cacaf40276
Land #2542 - D-Link DIR-605L Captcha Handling Buffer Overflow
2013-10-21 12:03:07 -05:00
6430fa3354
Land #2539 - Support Windows CMD generic payload
...
This also upgrades auxiliary/admin/scada/igss_exec_17 to an exploit
2013-10-21 11:26:13 -05:00
5a0b8095c0
Land #2382 , Lua bind and reverse shells
2013-10-18 17:11:37 -05:00
be1d6ee0d3
Support Windows CMD generic payload
2013-10-17 14:07:27 -05:00
3d3a7b3818
Add support for OSVDB 86824
2013-10-17 01:08:01 -05:00
f0aedd932d
More stragglers
2013-10-16 16:29:55 -05:00
ba2c52c5de
Fixed up some more weird splat formatting.
2013-10-16 16:25:48 -05:00
5d86ab4ab8
Catch mis-formatted bracket comments.
2013-10-15 14:52:12 -05:00
ed0b84b7f7
Another round of re-splatting.
2013-10-15 14:14:15 -05:00
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
e10dbf8a5d
Land #2508 - Add nodejs payloads
2013-10-14 12:23:31 -05:00
c7bcc97dff
Add SSL support to #nodejs_reverse_tcp.
2013-10-12 03:32:52 -05:00
6440a26f04
Move shared Node.js payload logic to mixin.
...
- this fixes the recursive loading issue when creating a payload
inside the cmd payload
- also dries up some of the node cmd invocation logic.
2013-10-12 03:19:06 -05:00
9ca9b4ab29
Merge branch 'master' into data_dir
...
Conflicts:
lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
1e78c3ca1a
Add missing require to nodejs/bind payload.
2013-10-09 11:39:05 -05:00
4266b88a20
Move author name to just 'joev'
...
[See #2476 ]
2013-10-07 12:50:04 -05:00
da48565093
Add more payloads for nodejs.
...
* Adds a reverse and bind CMD payload
* Adds a bind payload (no bind_ssl for now).
2013-10-07 06:09:21 -05:00
6492bde1c7
New Payload
...
Merge remote-tracking branch 'origin'
2013-10-05 09:17:14 -03:00
31f265b411
New Shell Bind TCP Random Port Payload (x86_64)
2013-10-05 09:02:05 -03:00
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
99e46d2cdb
Merge branch 'master' into cve-2013-4660_js_yaml_code_exec
...
Conflicts:
modules/exploits/multi/handler.rb
2013-09-25 00:32:56 -05:00
cd98c4654d
Remove unecessary print from #generate in payloads.
2013-09-25 00:12:28 -05:00
c547e84fa7
Prefer Ruby style for single word collections
...
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.
This change converts all Payloads to this format if there is more than
one payload to choose from.
It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.
See:
https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
801dda2b09
Change PayloadType to NodeJS.
2013-09-23 11:31:45 -05:00
41e1a3d05b
removed shell prompt in lua bind/reverse shells
2013-09-22 14:53:59 +07:00
a08d195308
Add Node.js as a platform.
...
* Fix some whitespace issues in platform.rb
2013-09-20 18:14:01 -05:00
02044e8b5e
Land #2373 , Corrects x64 reverse_https alignment
...
It appears that testing of the original submit was performed
on VMWare which worked. On a non virtualized machine the
payload would crash.
[Closes #2373 ] [FixRm #8271 ]
2013-09-17 22:50:04 +01:00
6bf0d9b761
Cleanup
2013-09-17 21:46:38 +01:00
21055f6856
Add x86 to meterpreter's binary suffix
...
This makes x86 more consistent with x64.
Also replaces a bunch of instances of:
File.join(Msf::Config.install_root, 'data', ...)
with the simpler
File.join(Msf::Config.data_directory, ...)
[See rapid7/meterpreter#19 ]
2013-09-16 21:52:04 -05:00
a641bc41a8
Kill unnecessary comment.
2013-09-16 21:35:53 -05:00
f954e5299f
Now working on windows even.
2013-09-16 21:34:12 -05:00
fe86325fd4
Fixed memory alignment for x64 reverse_http stager
2013-09-16 16:43:20 -04:00
2d936fb67c
Bail from payload if require() is not available.
...
* TODO: test on windows
2013-09-16 14:05:26 -05:00
08f0abafd6
Add nodejs single payloads, thanks to RageLtMan.
2013-09-16 13:38:42 -05:00
79e08c1560
added LUA bind/reverse shells
2013-09-16 17:02:08 +07:00
b7dec23a1d
Update meterpreter.rb
...
Meterpreter Error: Uninitialized Constant Error Prevents a 32bit Meterpreter session from migrating to a 64bit process.
Discovered: September 9th 2013
Fixed: September 11th 2013 By MosDefAssassin
Contact:ara1212@gmail.com
Tested on Windows 2008 R2 SP1 Running as a Domain Controller
Issue:
An issue has been discovered when you have created a simple 32bit windows/meterpreter/reverse_tcp payload and have launched the payload on the victim to obtain a remote meterpreter session. While in this session you attempt to migrate your 32bit process over to a 64bit process in order to take advantage of tools like hashdump or mimikatz or obtain system level access under a 64bit process that runs as system such as dns.exe. However when you attempt to migrate to a 64bit process you receive the following error:
Error running command migrate: NameError uninitialized constant Msf::Payload::Windows::ReflectiveDllInject_x64
Cause and Resolution:
This issue occurs because the meterpreter.rb file that is being called from within
“/opt/metasploit/apps/pro/msf3/modules/payloads/stages/windows/” folder
does not contain the following classes:
require 'msf/core/payload/windows/x64/reflectivedllinject'
require 'msf/base/sessions/meterpreter_x64_win'
Once you add these two classes to the meterpreter.rb file, you will be able to migrate to 64bit processes from a basic msfpayload generated 32bit meterpreter payload.
2013-09-12 14:32:13 -05:00
118cc900a7
new payload
2013-09-10 19:20:48 -03:00
06f7abc552
Helps to put the rand() wrapper in
2013-09-09 20:26:11 -05:00
baff3577e5
FixRM #8034 Pick a valid certificate expiration
2013-09-09 20:24:52 -05:00
896bb129cd
Retab changes for PR #2325
2013-09-05 13:24:09 -05:00
5ff25d8b96
Merge for retab
2013-09-05 13:23:25 -05:00
b913fcf1a7
Add a proper PrependFork for linux
...
Also fixes a typo bug for AppendExit
2013-09-04 00:15:07 -05:00
cbb9984358
Merge branch 'master' into retab/rumpus
2013-09-03 14:11:16 -05:00
ff6ee5b145
Fix require
2013-09-03 10:52:52 -05:00
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
ffac6478cc
Un typo a client and server socket mixup.
2013-08-21 14:59:30 -04:00
e276b57ee7
Merge remote-tracking branch 'upstream/master' into python-meterpreter-dev
2013-08-19 08:37:12 -04:00
2d69174c5b
Initial commit of the python meterpreter.
2013-08-05 23:38:49 -04:00
bddcb33507
Update description for reverse_https_proxy
2013-08-05 09:35:14 -05:00
10e9b97a88
Land #2180 - Accepting args for x64 osx exec payload
2013-08-02 00:45:09 -05:00
592176137a
Rewrite osx x64 cmd payload to accept args.
...
[SeeRM #8260 ]
2013-07-31 08:50:28 -05:00
7e539332db
Reverting disaster merge to 593363c5f with diff
...
There was a disaster of a merge at 6f37cf22eb593363c5f9
2013-07-29 21:47:52 -05:00
4a0b33241f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 18:41:50 -05:00
7b7603a5e7
Land #2104 - reverse_https_proxy
2013-07-25 17:26:56 -05:00
8dae114c7c
msftidy happiness
2013-07-25 17:25:36 -05:00
1a5e0e10a5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 13:53:57 -05:00
b64d0429ac
Format fix
...
Just to make this more pleasing to the eyes
2013-07-18 13:36:31 -05:00
cd2e352971
Kill extra whitespace.
2013-07-18 11:30:54 -05:00
766a8d5817
Shellwords! Now you can use exec to get you a perl shell
2013-07-17 21:16:04 -05:00
9c1228067c
Change to += syntax.
2013-07-17 21:11:24 -05:00
ab088712ba
Removes unnecessary copy-to-stack. Fixes arg-order issue.
...
* Now I simply point to the string in instruction-memory, which saves a few bytes.
2013-07-17 20:27:20 -05:00
5ab81e7e37
Convert to readable asm. Adds support for arguments.
...
* shellcode appears to do an unnecessary copy-to-stack, so will look into
improving that.
2013-07-17 19:20:47 -05:00
e28dd42992
add http authentification and socks
2013-07-15 15:36:58 +01:00
f48c70d468
enable tor and small fix
2013-07-13 17:59:49 +01:00
e8983a21c5
New meterpreter payload reverse_https_proxy
2013-07-12 16:45:16 -04:00
785639148c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-20 17:18:42 -05:00
589b4be384
Land #1999 , zsh bind shell
2013-06-20 13:51:48 -05:00
86fc101c1f
Add payload module bind zsh
...
For #1984
2013-06-20 13:45:02 -05:00
660c97f512
Add module for reverse zsh payload
...
For #1985
2013-06-20 13:40:17 -05:00
b20a38add4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-10 12:22:52 -05:00
f58e279066
Cleanup on module names, descriptions.
2013-06-10 10:52:22 -05:00
e5a17ba227
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-05 09:41:23 -05:00
1596fb478a
Land #1886 , awk bind shell
2013-06-05 09:05:37 -05:00
8ffa4ac9ac
Land #1885 , awk reverse shell
2013-06-05 09:04:49 -05:00
f6977c41c3
Modifications done in each PR.
2013-06-05 07:55:05 -03:00
b20401ca8c
Modifications done in each PR.
2013-06-05 07:51:10 -03:00
34243165c5
Some changes with improvements.
2013-06-04 21:22:10 -03:00
e2988727fb
Some changes with improvements.
2013-06-04 21:10:51 -03:00
d9609fb03e
Was breaking with repeated commands
2013-05-31 18:44:48 -03:00
48b14c09e3
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-31 01:12:46 -05:00
9c771435f2
Touchup on author credit
2013-05-30 16:13:40 -05:00
67128a3841
Land #1821 , x64_reverse_https stagers
2013-05-30 13:55:13 -05:00
3361a660ba
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-29 22:01:36 -05:00
00debd01c6
Listen for a connection and spawn a command shell via AWK
2013-05-29 21:22:49 -03:00
d4a864c29f
Creates an interactive shell via AWK (reverse)
2013-05-29 21:19:08 -03:00
07c99f821e
Land #1879 , @dcbz ARM stagers
2013-05-29 17:43:37 -05:00
7c41e239b4
Fix author name
2013-05-29 14:19:10 -05:00
52aae8e04c
Add small fixes for stagers
2013-05-29 14:01:59 -05:00
2c0f0f5f04
Changed reverse payload as suggested.
2013-05-28 21:52:16 -05:00
07c3565e3c
Made changes as suggested, forgot to remove exit() after testing was complete.
2013-05-28 21:31:36 -05:00
66ea59b03f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-28 15:22:46 -05:00
9843dc4cb4
Land #1708 , android meterpreter
...
Conflicts:
data/meterpreter/ext_server_stdapi.jar
2013-05-28 12:19:45 -05:00
a53ab4cff9
Moved dupandexecve.rb to shell.rb due to pull request coments.
2013-05-20 17:05:57 -05:00
9c0814505a
Added reverse stager.
2013-05-17 21:52:10 -05:00
14d5111b37
Added a sample stage + updated bind stager.
2013-05-17 21:03:03 -05:00
ad95eff9d4
added bind_tcp.rb
2013-05-17 12:09:45 -05:00
6db1fea6b9
create x64_reverse_https stagers
2013-05-13 01:41:56 +02:00
a13cf53b9f
Android Meterpreter bugfixes
...
- classes.dex gets mangled on windows; use binary mode when reading it
- UnknownHostExceptions on API Level 3 emulator because of trailing
whitespace after the hostname/IP
- Work around integer overflow at year 2038 when signing the payload
2013-05-01 18:01:37 +02:00
a4632b773a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-28 12:59:16 -05:00
1d9a695d2b
Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238)
...
[Closes #1772 ]
2013-04-28 12:17:16 -05:00
9c8b93f1b7
Make sure LPORT is a string when subbing
...
* Gets rid of conversion errors like this:
[-] Exploit failed: can't convert Fixnum into String
* also removes comments from php meterp. Works for me with the
phpmyadmin_preg_replace bug, so seems legit.
2013-04-26 15:26:31 -05:00
6767eee08a
Add in-line signing
...
Signing the generated APK in the module means users don't have to have
keytool or jarsigner to create a working package.
Example usage:
./msfvenom -p android/meterpreter/reverse_tcp \
LHOST=192.168.99.1 LPORT=2222 -f raw > meterp.apk
adb install ./meterp.apk
2013-04-25 13:57:54 -05:00
cc35591723
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-15 17:43:15 -05:00
be39079830
Trailing whitespace fix
...
Note that this commit needed a --no-verify because of the erroneous
check in msftidy for writing to stdout. The particular syntax of this
payload makes it look like we're doing that when we're really not.
So don't sweat it.
2013-04-15 13:58:06 -05:00
efdf4e3983
Lands #1485 , fixes for Windows-based Ruby targets
2013-04-15 13:56:41 -05:00
df9c5f4a80
remove unused resources and fix whitespace
2013-04-13 16:22:52 +01:00
32bd812bdb
android meterpreter
2013-04-12 18:57:04 +01:00
9c0862ad7b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-11 21:53:07 +02:00
e3eef76372
Land #1223
...
This adds rc4-encrypting stagers for Windows.
[Closes #1223 ]
2013-04-10 12:14:52 -05:00
6c980981db
Break up long lines and add magic encoding comment
2013-04-10 09:28:45 -05:00
e149c8670b
Unconflicting ruby_string method
...
Looks like the conflict was created by the msftidy fixes that happened
over on the master branch. No big deal after all.
2013-03-20 15:49:23 -05:00
6603dcd652
up to date
2013-03-12 17:04:13 +01:00
627e7f6277
avoiding grouping options
2013-03-11 18:26:03 +01:00
f0cee29100
modified CommandDispatcher::Exploit to have the change into account
2013-03-11 18:08:46 +01:00
c9268c3d54
original modules renamed
2013-03-11 18:04:22 +01:00
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
7f80692457
everyone will comply, resistance is futile
2013-03-06 18:38:14 -05:00
1cc49f75f5
move flag comment to where it's used.
2013-03-03 03:26:43 -05:00
ecdb884b13
Make download_exec work with authenticated proxies
...
Adds INTERNET_FLAG_KEEP_CONNECTION to HttpOpenRequest flags to allow
download_exec to transparently authenticate to a proxy device through
wininet.
Fun trivia, Windows 7 systems uses Connection: keep-alive by default.
This flag benefits older targets (e.g., Windows XP).
2013-03-03 01:42:17 -05:00
4a17a30ffd
Regenerate ruby modules
...
For shellcode changes (removed unneeded instruction) committed in
46a5c4f4bf
2013-03-03 00:14:30 +01:00
3778ae09e9
This commit adds DNS resolution to rev_tcp_rc4
...
Due to the modular structure of payload stages its pretty trivial
to add DNS resolution instead of hard-coded IP address in stage0.
The only real complication here is that ReverseConnectRetries ends
up being one byte further down than in the original shellcode. It
appears that the original rev_tcp_dns payload suffers from the same
issue.
Hostname substitution is handled in the same method as the RC4 and
XOR keys, with an offset provided and replace_vars ignoring the
hostname.
Tested in x86 native and WOW64 on XP and 2k8r2 respectively.
This is a good option for those of us needing to leave persistent
binaries/payloads on hosts for long periods. Even if the hostname
resolves to a malicious party attempting to steal our hard earned
session, they'd be hard pressed to crypt the payload with the
appropriate RC4 pass. So long as we control the NS and records, the
hardenned shellcode should provide a better night's sleep if running
shells over the WAN. Changing the RC4 password string in the
shellcode and build.py should reduce the chances of recovery by RE.
Next step will likely be to start generating elipses for ECDH SSL
in meterpreter sessions and passing them with stage2 through the
RC4 socket. If P is 768-1024 the process is relatively quick, but
we may want to precompute a few defaults as well to have 2048+.
2013-02-28 02:59:20 -05:00
788c96566f
Allow HTTP stager to work with authenticated proxies
...
The HttpOpenRequest function from WinINet requires the
INTERNET_FLAG_KEEP_CONNECTION flag to communicate through an
authenticated proxy.
From MSDN ( http://tinyurl.com/chwt86j ):
"Uses keep-alive semantics, if available, for the connection. This
flag is required for Microsoft Network (MSN), NT LAN Manager (NTLM),
and other types of authentication."
Without this flag, the HTTP stager will fail when faced with a proxy
that requires authentication. The Windows HTTPS stager does not have
this problem.
For HTTP Meterpreter to communicate through an authenticated proxy a
separate patch will need to be made to the Meterpreter source code.
This is at line 1125 of source/common/core.c in the Meterpreter source
code.
My motivation for this request is for windows/dllinject/reverse_http
to download a DLL even when faced with an authenticated proxy. These
changes accomplish this.
Test environment:
I staged a SmoothWall device with the Advanced Proxy Web Add-on. I
enabled Integrated Windows Authentication with a W2K3 DC. I verified
the HTTP stager authenticated to and communicated through the proxy
by watching the proxy access.log
2013-02-24 17:33:00 -05:00
c423ad2583
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-02-21 15:30:43 -06:00
04ec4e432d
minor cleanup for shell_bind_tcp
2013-02-20 01:02:58 +01:00
3d199fe6db
Merge branch 'mipsle-shell_bind_tcp' of https://github.com/kost/metasploit-framework into kost-mipsle-shell_bind_tcp
2013-02-20 01:00:34 +01:00
e9f4900beb
Merge branch 'fixgenericcustom' of github.com:rsmudge/metasploit-framework into rsmudge-fixgenericcustom
2013-02-19 14:47:18 -06:00
06ba2ef791
Allow generic/custom payload to generate an exe
...
The datastore value of ARCH has no effect on the array of
architectures the generic/custom payload is compatible with.
This commit forces the payload to update its list of compatible
architectures on generation if the ARCH value is set in the
datastore.
See:
http://dev.metasploit.com/redmine/issues/7755
2013-02-17 20:39:54 -05:00
cae6661574
Handle invalid commands gracefully (dont exit)
2013-02-12 11:33:23 -08:00
4c2bddc452
Fix a typo and always treat ports as integers:
2013-02-12 08:59:11 -08:00
a33d1ef877
This allows the ruby payloads to work properly on Windows
2013-02-12 08:55:37 -08:00
47f3c09616
Fix typo that snuck in during merge
2013-02-03 17:38:19 -06:00
5be4d41420
This is redundant/less-reliable than reverse_openssl
2013-02-03 17:35:14 -06:00
ffb88baf4a
initial module import from SV rev_ssl branch
2013-02-03 15:06:24 -05:00
c3801ad083
This adds an openssl CMD payload and handler
2013-02-03 04:44:25 -06:00
92c736a6a9
Move fork stuff out of exploit into payload mixin
...
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
f691652594
attempt to fix cmd/windows/reverse_perl payload
2013-01-23 11:21:44 +00:00
52251867d8
Ensure Windows single payloads use payload backend
...
This means the singles that define their own assembly will use the payload backend to generate it.
2013-01-18 16:34:39 -06:00
c89b2b2ec6
Once more, with feeling
2013-01-10 15:29:54 -06:00
7fd3440c1a
Fix hd's attempt to rename ruby payloads
2013-01-10 15:25:50 -06:00
4fcb8b6f8d
Revert "Rename again to be consistent with payload naming"
...
This reverts commit 0fa2fcd811
2013-01-10 15:24:25 -06:00
0fa2fcd811
Rename again to be consistent with payload naming
2013-01-10 14:16:37 -06:00
88b08087bf
Renamed and made more robust
2013-01-10 14:05:29 -06:00
e05f4ba927
Thread wrappers were causing instant session closure
2013-01-10 00:41:58 -06:00
4c1e501ed0
Exploit for CVE-2013-0156 and new ruby-platform modules
2013-01-09 23:10:13 -06:00
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
269e507f68
Add stager modules for RC4 bind and reverse stagers
...
See the commit message of my last commit for caveats.
2012-12-31 22:33:30 +01:00
0822e8eae2
Merge branch 'kost-mipsle-shell_reverse_tcp'
2012-12-24 10:52:19 -06:00
26f561795d
fix cmd windows ruby payloads
2012-12-20 00:50:02 +01:00
7145078e63
Merge branch 'mipsle-shell_reverse_tcp' of git://github.com/kost/metasploit-framework into kost-mipsle-shell_reverse_tcp
2012-12-18 11:50:41 -06:00
482846942a
Fix: download_exec appends an extra / to request
...
The download_exec module parses the provided URL and appends an
unnecessary, nay--damaging I say!!!! '/' to the parsed URI. This
renders the module unusable for those who want a payload to
download and execute a file.
Before and after access.log snippets are in the redmine ticket
http://dev.metasploit.com/redmine/issues/7592
2012-12-12 14:01:31 -06:00
4ac79c91a6
Remove spaces at EOL
2012-11-17 12:00:59 +01:00
8648d21b3c
Merge branch 'dns_txt_query_exe' of git://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-dns_txt_query_exe
2012-11-16 11:52:57 -06:00
0bf92b5d97
improved payload dns_txt_query_exec
2012-11-13 00:55:32 +01:00
cad7eb0130
renamed and optimized download_exec payload
2012-11-13 00:02:49 +01:00
bda7f68b02
Add zero byte on the end of the /bin/sh string
2012-11-08 02:00:49 +01:00
ce82b37289
Few removals of unneccessary zero bytes in sc
2012-10-28 21:22:33 +01:00
2affb31958
Initial import of linux-mipsle shell_bind_tcp
2012-10-28 20:51:45 +01:00
8deead3bd2
Fix payload ambiguity with php/bind_tcp_ipv6 stager
...
Was seeing this in framework.log:
[w(0)] core: The module php/meterpreter/bind_tcp is ambiguous with
php/meterpreter/bind_tcp.
Added handler_type_alias based on windows/bind_ipv6_tcp stager.
2012-10-23 12:31:14 -05:00
201518b66f
msftidy corrections
2012-10-17 17:22:26 -05:00
6f227dddff
Related to #885 , allow Prepend* for osx/x86/exec payload
2012-10-16 16:26:18 +02:00
64f29952dc
Merge branch 'master' into feature/updated-mobile
2012-10-07 00:32:02 -05:00
02617a6f3a
Merge branch 'feature/redmine-7224-shellcode-cleanup' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/redmine-7224-shellcode-cleanup
2012-10-04 00:43:34 -05:00
a38724f53b
Adds an apparently spurious require
...
SeeRM #7276
Sticking this in a branch for now while I ask Egypt and limhoff for a
second opinion.
2012-10-01 07:49:58 -05:00
60b4190e4a
Avoids a race on requires
...
Applies Raphael's patch.
[FixRM #7261 ]
2012-09-27 13:18:50 -05:00
c0387f1441
Have a matching option like the post module
...
And make sure nemo won't get harassed by people because they
think he hacked into everyone's mac.
2012-09-24 18:33:13 -05:00
2769a88f9e
Code cleanup
2012-09-24 17:47:14 -05:00
202a78dd3f
Added say.rb: uses /usr/bin/say to output a string
2012-09-22 09:13:29 -05:00
09b8a6d87f
Added reverse_tcp stager payload, and updated bind
2012-09-22 08:31:42 -05:00
81ceff7370
Added a tcp stager, and a small exec for testing
2012-09-22 07:24:51 -05:00
dccb8d235d
Adding OSX 64-bit find-tag module.
2012-09-21 15:39:35 -05:00
776d24d8a9
cleanup
2012-09-20 16:16:30 -05:00
311c01be46
Cleanup, improve option handlingg
2012-09-20 16:14:15 -05:00
f5df7e0e8a
Added 2 payload modules (reverse and bind tcp shells)
2012-09-19 16:59:26 -05:00
11f82de098
Update author information
2012-09-19 14:00:51 -03:00
3c6319b75f
Add nonx stagers for linux
...
[See #784 ]
2012-09-13 15:15:38 -05:00
f38ac954b8
Update linux stagers for NX compatibility
...
- Adds a call to mprotect(2) to the reverse and bind stagers
- Adds accurate source for some other linux shellcode, including some
comments to make it more maintainable
- Adds tools/module_payload.rb for listing all payloads for each exploit
in a greppable format. Makes it easy to find out if a payload change
causes a payload to no longer be compatible with a given exploit.
- Missing from this commit is source for reverse_ipv6_tcp
2012-09-12 18:44:00 -05:00
c901002e75
Add ssh login module for cydia / ios defaults
2012-09-10 19:36:20 -05:00
828f37701d
Fix linux shell_bind_tcp payload
...
It was calling bind(2) with a family of 0x02ff, which makes no sense and
causes execution to fall off the end and segfault. Fix it by replacing
0x02ff with the appropriate 0x0002, or AF_INET.
[Fixrm #7216 ]
2012-09-04 04:23:48 -05:00
a93c7836bd
Fixes load order with reverse http
...
This was originally intended to fix #664 .
SEERM #7141 also.
2012-08-23 12:16:47 -05:00
aac56fc29b
Fix load order issue
...
[See #664 ][SeeRM #7141 ]
2012-08-23 10:54:23 -05:00
b3791b1545
I missed one
2012-08-14 16:51:55 -05:00
6a0271fb11
Correct OSX naming. See ticket #7182
2012-08-14 15:29:21 -05:00
b46fb260a6
Comply with msftidy
...
*Knock, knock!* Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
8d3700cc3c
Add Zenoss <= 3.2.1 exploit and Python payload
...
- modules/exploits/linux/http/zenoss_3.2.1_showdaemonxmlconfig_exec.rb
- modules/payloads/singles/cmd/unix/reverse_python.rb
2012-07-30 01:24:27 +09:30
6cdd044e10
Remove a buggy payload that doesn't have NX support
2012-07-12 12:15:57 -05:00
59bb9ac23b
quoting ip to avoid php complaining
2012-06-25 18:52:26 +02:00
34ecc7fd18
Adding @schierlm 's AES encryption for Java
...
Tested with and without AES, works as advertised. Set an AESPassword,
get encryptification. Score.
Squashed commit of the following:
commit cca6c5c36ca51d585b8d2fd0840ba34776bc0668
Author: Michael Schierl <schierlm@gmx.de>
Date: Wed Apr 4 00:45:24 2012 +0200
Do not break other architectures
even when using `setg AESPassword`
commit 422d1e341b3865b02591d4c135427903c8da8ac5
Author: Michael Schierl <schierlm@gmx.de>
Date: Tue Apr 3 21:50:42 2012 +0200
binaries
commit 27368b5675222cc1730ac22e4b7a387b88d0d2b3
Author: Michael Schierl <schierlm@gmx.de>
Date: Tue Apr 3 21:49:10 2012 +0200
Add AES support to Java stager
This is compatible to the AES mode of the JavaPayload project.
I'm pretty sure the way I did it in the handlers (Rex::Socket::tcp_socket_pair())
is not the supposed way, but it works :-)
2012-06-11 16:13:25 -05:00
881ec8d920
Make the description clear that it only reads 4k, default datastore['FD'] to 1
2012-06-10 13:20:02 -05:00
15fa178a66
Add the MSF license text (since MSF_LICENSE is already set)
2012-06-10 02:07:27 -05:00
2b67c5132c
Adding read_file linux shellcode
2012-06-09 20:36:47 -04:00
462a91b005
Massive whitespace destruction
...
Remove tabs at the end of the line
2012-06-06 00:44:38 -05:00
3f0431cf51
Massive whitespace destruction
...
Remove whitespace found at the end of the line
2012-06-06 00:36:17 -05:00
c30af98b53
Massive whitespace destruction
...
Remove all the lines that have nothing but whitespace
2012-06-06 00:22:36 -05:00
2565888ec5
Change how we handle the password complexity failure
2012-06-03 13:13:44 -05:00
a51df5fc3a
Altered description to include information on the password complexity check
...
Altered the default password to meet the complexity checks
Note: The complexity checks (even if they fail) don't prevent the payload from running. At this point it only raises an warning and continues on. I can change this if it's more desirable however!
2012-06-03 09:22:48 +02:00
ea66deb779
Added WMIC and complexity checks
2012-06-02 19:41:12 +02:00
bada88cdf0
Added WMIC and complexity checks
2012-06-02 19:38:37 +02:00
86500aad47
Author is always singular.
2012-05-08 08:47:52 -05:00
1a30e221a0
See #362 by changing the exitfunc arguments to be the correct type
2012-05-07 02:42:29 -05:00
dd7bc23d16
Whitespace
2012-05-02 18:06:39 -06:00
bd4819e8f2
Merge pull request #238 from mak/linux-x64-find-port
...
linux/x64/shell_find_port payload
2012-03-29 05:54:54 -07:00
8fbf4cf6d9
Grammar on dns_txt_query_exec payload name and desc
2012-03-26 16:23:54 -05:00
182f3744de
Cosmetic cleanup
2012-03-26 09:23:14 -05:00
ad32911b1a
probably safer to use regex
2012-03-26 09:01:40 -05:00
2d29184adc
Use interpolation to ensure LPORT is a string for gsub
...
[Fixes #6542 ]
2012-03-21 21:05:05 -06:00
31228ed65a
Comment indentation
2012-03-21 15:21:10 -05:00
89d7363a8f
fixed crash
2012-03-21 10:39:05 +01:00
f81730a7e1
changes to the way jmp to payload is done
2012-03-21 09:52:22 +01:00
45ef7fc35d
reset author
2012-03-20 20:43:56 +01:00
a3035dc6d0
Adding corelandc0d3r's http/https/ftp payload
...
Picks up the one http/https/ftp payload, but not the other two DNS
payloads listed as part of the original pull request.
[Closes #173 ]
2012-03-19 16:50:59 -05:00
aeb691bbee
Massive whitespace cleanup
2012-03-18 00:07:27 -05:00
0389e47dfe
fix little mistake
2012-03-15 16:21:00 +01:00
f91b894375
added posibilities for generating payload from asm to more arch's
...
added linux/x64/shell_find_port payload
2012-03-14 22:39:56 +01:00
ab01a19f92
Fixes #6483 : Correct the include for the handler (was copypasta)
2012-03-07 11:23:44 -06:00
70162fde73
A few more author typos
2012-03-05 13:28:46 -07:00
6c0f8636ec
Merge pull request #217 from rapid7/reverse-http-randomness
...
Reverse http randomness
2012-03-02 16:36:26 -08:00
b70b41091b
Tested fairly well - this randomizes the URLs and removes the user-agent string from the request
2012-03-02 17:44:23 -06:00
96e03d2556
Merge pull request #44 from linuxgeek247/armle-bind-shell
...
Adding armle bind shellcode based on existing reverse shellcode
2012-03-02 14:25:43 -08:00
624e19fd8b
Merge session-host-rework branch back to master
...
Squashed commit of the following:
commit 2f4e8df33c5b4baa8d6fd67b400778a3f93482aa
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:31:03 2012 -0700
Clean up some rdoc comments
This adds categories for the various interfaces that meterpreter and
shell sessions implement so they are grouped logically in the docs.
commit 9d31bc1b35845f7279148412f49bda56a39c9d9d
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 13:00:25 2012 -0700
Combine the docs into one output dir
There's really no need to separate the API sections into their own
directory. Combining them makes it much easier to read.
commit eadd7fc136a9e7e4d9652d55dfb86e6f318332e0
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 08:27:22 2012 -0700
Keep the order of iface attributes the same accross rubies
1.8 doesn't maintain insertion order for Hash keys like 1.9 does so we
end up with ~random order for the display with the previous technique.
Switch to an Array instead of a Hash so it's always the same.
commit 6f66dd40f39959711f9bacbda99717253a375d21
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 08:23:35 2012 -0700
Fix a few more compiler warnings
commit f39cb536a80c5000a5b9ca1fec5902300ae4b440
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 08:17:39 2012 -0700
Fix a type-safety warning
commit 1e52785f38146515409da3724f858b9603d19454
Author: James Lee <egypt@metasploit.com>
Date: Mon Feb 27 15:21:36 2012 -0700
LHOST should be OptAddress, not OptAddressRange
commit acef978aa4233c7bd0b00ef63646eb4da5457f67
Author: James Lee <egypt@metasploit.com>
Date: Sun Feb 26 17:45:59 2012 -0700
Fix a couple of warnings and a typo
commit 29d87f88790aa1b3e5db6df650ecfb3fb93c675b
Author: HD Moore <hdm@digitaloffense.net>
Date: Mon Feb 27 11:54:29 2012 -0600
Fix ctype vs content_type typo
commit 83b5400356c47dd1973e6be3aa343084dfd09c73
Author: Gregory Man <man.gregory@gmail.com>
Date: Sun Feb 26 15:38:33 2012 +0200
Fixed scripts/meterpreter/enum_firefox to work with firefox > 3.6.x
commit 49c2c80b347820d02348d694cc71f1b3028b4365
Author: Steve Tornio <swtornio@gmail.com>
Date: Sun Feb 26 07:13:13 2012 -0600
add osvdb ref
commit e18e1fe97b89c3a2b8c22bc6c18726853d2c2bee
Author: Matt Andreko <mandreko@gmail.com>
Date: Sat Feb 25 18:02:56 2012 -0500
Added aspx target to msfvenom. This in turn added it to msfencode as well.
Ref: https://github.com/rapid7/metasploit-framework/pull/188
Tested on winxp with IIS in .net 1.1 and 2.0 modes
commit e6aa5072112d79bbf8a4d2289cf8d301db3932f5
Author: Joshua J. Drake <github.jdrake@qoop.org>
Date: Sat Feb 25 13:00:48 2012 -0600
Fixes #6308 : Fall back to 127.0.0.1 when SocketError is raised from the resolver
commit b3371e8bfeea4d84f9d0cba100352b57d7e9e78b
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 17:07:42 2012 -0700
Simplify logic for whether an inner iface has the same address
commit 5417419f35a40d1c08ca11ca40744722692d3b0d
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:58:16 2012 -0700
Whitespace
commit 9036875c2918439ae23e11ee7b958e30ccc29545
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:53:45 2012 -0700
Set session info before worrying about address
get_interfaces can take a while on Linux, grab uid and hostname earlier
so we can give the user an idea of what they popped as soon as possible.
commit f34b51c6291031ab25b5bfb1ac6307a516ab0ee9
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:48:42 2012 -0700
Clean up rdoc
commit e61a0663454400ec66f59a80d18b0baff4cb8cd9
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 04:54:45 2012 -0600
Ensure the architecture is only the first word (not the full WOW64
message in some cases)
commit 4c701610976a92298c1182eecc9291a1b301e43b
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 04:49:17 2012 -0600
More paranoia code, just in case RHOST is set to whitespace
commit c5ff89fe3dc9061e0fa9f761e6530f6571989d28
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 04:47:01 2012 -0600
A few more small bug fixes to handle cases with an empty string target
host resulting in a bad address
commit 462d0188a1298f29ac83b10349aec6737efc5b19
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 03:55:10 2012 -0600
Fix up the logic (reversed by accident)
commit 2b2b0adaec2448423dbd3ec54d90a5721965e2df
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 23:29:52 2012 -0600
Automatically parse system information and populate the db, identify and
report NAT when detected, show the real session_host in the sessions -l
listing
commit 547a4ab4c62dc3248f847dd5d305ad3b74157348
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:16:03 2012 -0600
Fix typo introduced
commit 27a7b7961e61894bdecd55310a8f45d0917c5a5c
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:11:38 2012 -0600
More session.session_host tweaks
commit e447302a1a9915795e89b5e29c89ff2ab9b6209b
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:08:20 2012 -0600
Additional tunnel_peer changes
commit 93369fcffaf8c6b00d992526b4083acfce036bb3
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:06:21 2012 -0600
Additional changes to session.session_host
commit c3552f66d158685909e2c8b51dfead7c240c4f40
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:00:19 2012 -0600
Merge changes into the new branch
2012-02-28 18:29:39 -07:00
65ed4bfa8b
Fixes #6308 : Fall back to 127.0.0.1 when SocketError is raised from the resolver
2012-02-25 13:00:48 -06:00
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
e371f0f64c
MSFTidy commits
...
Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.
Squashed commit of the following:
commit 2dfd2472f7afc1a05d3647c7ace0d031797c03d9
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:58:53 2012 -0600
Break up the multiline SOAP thing
commit 747e62c5be2e6ba99f70c03ecd436fc444fda99e
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:48:16 2012 -0600
More whitespace and indent
commit 12c42aa1efdbf633773096418172e60277162e22
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:39:36 2012 -0600
Whitespace fixes
commit 32d57444132fef3306ba2bc42743bfa063e498df
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:35:37 2012 -0600
Grammar fixes for new modules.
2012-02-01 10:59:58 -06:00
0c2a18d765
Fix up reverse_tcp ipv6 stager for freebsd
2012-02-01 01:41:24 -06:00
29d8feaa24
Use the ADDR6 type, not ADDR
2012-02-01 00:58:08 -06:00
aed27a2f82
Add missing trailing quote
2012-02-01 00:54:42 -06:00
45a785fde0
Adds BSD IPv6 payloads and stagers
2012-02-01 00:54:42 -06:00
ec5fd723ba
Merge in additional IPv6 support for PHP payloads
2012-01-31 01:11:55 -06:00
4e1029ae8b
Execute (execve) arbitrary command payload for Mac OS X x64
2012-01-30 11:01:57 +02:00
c6eb104132
bug fix for hardcoded max command length
2012-01-23 10:24:22 +02:00
9fe18cdc86
Add x64 LoadLibraryA payload. Because it should exist.
2012-01-17 21:16:26 -06:00
5761035371
This payload shouldn't be in here. Instead of adding a new one, exec.rb should be fixed
2012-01-16 22:41:27 -06:00
17ffc06f60
Merge branch 'osx_mozilla_mchannel' of https://github.com/argp/metasploit-framework into argp-osx_mozilla_mchannel
2012-01-16 19:35:29 -06:00
8eee54d1d0
Add e-mail addr for corelanc0d3r (found it in auxiliary/fuzzers/ftp/client_ftp.rb)
2012-01-09 14:23:37 -06:00
5a20b7d7ac
Fixed small typo
2012-01-09 14:19:00 +02:00
9a62b41ab7
Mac OS X x86 payload that executes Calculator.app
2012-01-09 12:12:20 +02:00
b202c29153
Correct e-mail format
2011-12-29 11:27:10 -06:00
8dc85f1cc5
Fix up some nascent typos
2011-12-14 00:30:31 -06:00
866e2b6bf3
Additional IPv6 payload support
2011-12-14 00:27:38 -06:00
17cc89ebad
Add IPv6 specific HTTP(S) handlers and payloads (simplifies
...
options/usage)
2011-12-11 13:26:48 -06:00
2d3064c1ec
Default the scope ID to 0, explicitly
2011-12-10 13:46:16 -06:00
100d8803f6
Adding armle bind shellcode based on existing reverse shellcode
2011-12-05 18:16:02 -05:00
c411c216c0
Solved most of msftidy issues with the /modules directory
2011-11-28 17:10:29 -06:00
62c8c6ea9f
big msftidy pass, ping me if there are issues
...
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
ac916baac5
Fixes #5581 : Stop hardcoding MIPS reverse shell IP/port
...
git-svn-id: file:///home/svn/framework3/trunk@13999 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 22:50:12 +00:00
30ac88694f
More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster.
...
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:58:53 +00:00
7e4826bae4
silly patch fail
...
git-svn-id: file:///home/svn/framework3/trunk@13742 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-16 21:11:57 +00:00
c6c133673f
add reverse_https support for java meterpreter, fixes #5288 ; thanks mihi!
...
git-svn-id: file:///home/svn/framework3/trunk@13741 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-16 21:10:11 +00:00
851bc8d7b8
add a single shell payload for java, partially reverts r13213
...
git-svn-id: file:///home/svn/framework3/trunk@13588 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 16:31:19 +00:00
76ea2ea2a3
That was weird. Id didn't set. Trying again.
...
git-svn-id: file:///home/svn/framework3/trunk@13403 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-29 02:31:18 +00:00
9f80b8d862
These modules forgot to do svn propset
...
git-svn-id: file:///home/svn/framework3/trunk@13402 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-29 02:28:46 +00:00
3c261c346f
add support for java/meterpreter/reverse_http. assuming i didn't miss any files, fixes #4946 , thanks mihi!
...
git-svn-id: file:///home/svn/framework3/trunk@13213 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 23:15:06 +00:00
7122ccbbd1
wscript necessary in certain contexts.
...
Also can avoid warnings in certain cases.
git-svn-id: file:///home/svn/framework3/trunk@13166 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-14 02:35:33 +00:00
ff53057965
Use consistent case for Spawn option
...
git-svn-id: file:///home/svn/framework3/trunk@13130 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-08 20:08:40 +00:00
afbf445a87
Custom payload.
...
Fixes #4708
git-svn-id: file:///home/svn/framework3/trunk@13058 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-29 01:26:24 +00:00
9220506ba2
Merge in recent meterpreter work. These are not the commits you are looking for (more info on what all this is later this week).
...
git-svn-id: file:///home/svn/framework3/trunk@13053 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-28 21:26:43 +00:00
5faaa7db07
Update cmd vbs download payloads.
...
Use : instead of longer echo statements.
Add eval version.
git-svn-id: file:///home/svn/framework3/trunk@12912 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-11 20:37:08 +00:00
3e0f3639ef
This adds a quick windows/loadlibrary payload for folks who have a need for such things. The library path can be a UNC location and works fine over WebDAV...
...
git-svn-id: file:///home/svn/framework3/trunk@12765 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-30 03:44:59 +00:00
56b4a092d6
Added Linux x64 payloads. Modified exe.rb to support elf x64 payloads.
...
git-svn-id: file:///home/svn/framework3/trunk@12676 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-20 23:51:19 +00:00
c48633cff0
Merge in a rewritten windows x86 reverse_ipv6_tcp stager (The previous one seems hosed since r6744 due to new host/port offsets[1] but the shellcode blob remained the same after modification[2]) - This new one uses the block_api_call technique, is 37 bytes smaller and can handle arbitrary size stages.
...
[1] https://dev.metasploit.com/redmine/projects/framework/repository/revisions/6744/diff/modules/payloads/stagers/windows/reverse_ipv6_tcp.rb
[2] https://dev.metasploit.com/redmine/projects/framework/repository/revisions/6744/diff/external/source/shellcode/windows/stager_reverse_ipv6_tcp_nx.asm
git-svn-id: file:///home/svn/framework3/trunk@12562 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-08 01:44:08 +00:00
7cb8e56cfe
Fix upexec handle_connection_stage arguments
...
git-svn-id: file:///home/svn/framework3/trunk@12511 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-02 18:54:02 +00:00
94fa25ee7a
remove crufty method
...
git-svn-id: file:///home/svn/framework3/trunk@12491 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-01 22:07:49 +00:00
0522b69de2
s instead of n
...
git-svn-id: file:///home/svn/framework3/trunk@12488 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-01 13:31:08 +00:00
6dd44fa516
massive keywords cleanup
...
git-svn-id: file:///home/svn/framework3/trunk@12196 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-01 00:51:33 +00:00
c679de9d7a
Closes #3976 by merging in an ARM adduser payload from Jonathan Salwan
...
git-svn-id: file:///home/svn/framework3/trunk@12045 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-21 01:26:14 +00:00
78396e94f9
move linux meterpreter bin to the correct place
...
git-svn-id: file:///home/svn/framework3/trunk@11938 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-11 20:29:25 +00:00
631af16d9f
revert back.
...
git-svn-id: file:///home/svn/framework3/trunk@11900 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-08 22:48:39 +00:00
54382c6080
patch recieved from Peter Van Eeckhout
...
git-svn-id: file:///home/svn/framework3/trunk@11898 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-08 22:23:13 +00:00
a944cbc50d
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@11612 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-20 20:40:47 +00:00
4971a0d7af
Add Skylined's "You Got Pwned" payload
...
git-svn-id: file:///home/svn/framework3/trunk@11485 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-06 17:34:09 +00:00
f0cc6ff596
big commit for converting meterpreter scripts to modules, see #3377 . also fixes payload tab-completion and 'show payloads' after TARGET has changed
...
git-svn-id: file:///home/svn/framework3/trunk@11421 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-27 17:46:42 +00:00
32c26f18f3
style compliance fixes, set test exploits to manual rank, fix s/ranking/rank/ in some exploits
...
git-svn-id: file:///home/svn/framework3/trunk@11039 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-14 19:03:24 +00:00
a6bade8795
convert to use metasm, also fixes silly off-by-one bug
...
git-svn-id: file:///home/svn/framework3/trunk@11000 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 23:07:50 +00:00
9fb0e1a0bb
fix comments
...
git-svn-id: file:///home/svn/framework3/trunk@10995 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 22:19:34 +00:00
0d664c3a71
add a Spawn advanced option to java stagers, see #3009
...
git-svn-id: file:///home/svn/framework3/trunk@10946 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-08 06:08:09 +00:00
56839ccf36
stupid debug prints
...
git-svn-id: file:///home/svn/framework3/trunk@10782 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 10:24:28 +00:00
f33d7cc670
revamp java payloads and make shells work with tomcat_mgr_deploy. tested java_trusted_chain and java_tester to verify that this doesn't break other java payload usage. see #3009 and #2973 , meterpreter doesn't work yet, so not marking resolved.
...
git-svn-id: file:///home/svn/framework3/trunk@10781 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 10:19:51 +00:00
04858c69fc
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@10758 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-19 22:54:19 +00:00
79c8e18e6b
Add a wfs_delay for reverse_https. This fixes #2508 and fixes #1764 . This should prevent the race condition that was the root cause of both issues.
...
git-svn-id: file:///home/svn/framework3/trunk@10716 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-17 02:33:47 +00:00
9902dcb9cc
Fixes #2661 by removing exitfunc as a parameter, since it needs to be ExitProcess
...
git-svn-id: file:///home/svn/framework3/trunk@10714 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-16 22:01:01 +00:00
5e1d181da5
Fixes #2132 by removing patchup version of vnc inject
...
git-svn-id: file:///home/svn/framework3/trunk@10708 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-16 18:10:10 +00:00
df8b9f8e95
Merge in the IPv6 Teredo patch.
...
git-svn-id: file:///home/svn/framework3/trunk@10543 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-04 11:02:46 +00:00
0f65deaf72
add messagebox payload from corelanc0d3r
...
git-svn-id: file:///home/svn/framework3/trunk@10495 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-27 13:31:48 +00:00
14cabd2611
Allow debugging to be enabled.
...
This will make it easier to hopefully track down bugs.
exploitme-posix.c - make complete stack executable. On some kernel versions, execstack doesn't do the trick.
git-svn-id: file:///home/svn/framework3/trunk@10485 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-26 05:58:59 +00:00
1392ef78d7
Use exit() instead of exit_group()
...
git-svn-id: file:///home/svn/framework3/trunk@10483 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-26 05:58:41 +00:00
740e2c1ab2
Change base from 0x90040000 to 0x20040000.
...
This is more portable across kernel versions / patches it seems. This
will be better for SEGMEXEC compatibility as well.
git-svn-id: file:///home/svn/framework3/trunk@10455 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-24 04:06:28 +00:00
4590844871
tons of indentation fixes, some other style tweaks
...
git-svn-id: file:///home/svn/framework3/trunk@10394 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 08:06:27 +00:00
d8fb8e5c49
merge in another posix meterpreter update from philip, see #2418
...
git-svn-id: file:///home/svn/framework3/trunk@10307 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-13 14:44:00 +00:00
5de3146533
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@10273 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-09 15:47:35 +00:00
3b67eefe4e
sync up with Philip's code, see #2418
...
git-svn-id: file:///home/svn/framework3/trunk@10202 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-31 15:10:41 +00:00
4651a0ad33
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@10160 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-26 20:21:41 +00:00
2d14c0054f
add two contributed linux armle payloads, thx guys!
...
git-svn-id: file:///home/svn/framework3/trunk@10152 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-25 21:44:33 +00:00
d7e9a25bc7
add two windows cmd payloads from scriptjunkie, fixes #1876
...
git-svn-id: file:///home/svn/framework3/trunk@10122 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-23 22:50:24 +00:00
2572bb6919
add svn:keywords property
...
git-svn-id: file:///home/svn/framework3/trunk@10121 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-23 22:49:43 +00:00
eda50fc89e
spawn out into another process so killing the browser won't drop our shell
...
git-svn-id: file:///home/svn/framework3/trunk@10091 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-21 06:28:29 +00:00
871a6185b8
refactor
...
git-svn-id: file:///home/svn/framework3/trunk@10077 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-20 07:15:23 +00:00
5d95f48848
add preliminary support for the new java payloads. Working meterpreter and shell stages with tcp bind and reverse stagers, see #406
...
git-svn-id: file:///home/svn/framework3/trunk@10073 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-20 07:01:23 +00:00
2482a83526
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@9927 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-25 19:14:00 +00:00
2a2f6fde56
not a command shell, it's a stager
...
git-svn-id: file:///home/svn/framework3/trunk@9912 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-22 16:29:01 +00:00
929163834a
change the name to not lie
...
git-svn-id: file:///home/svn/framework3/trunk@9889 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 20:21:54 +00:00
a066ebc85b
Remove rescue
...
git-svn-id: file:///home/svn/framework3/trunk@9886 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 14:16:12 +00:00
2ce616fa1a
Hide this exception until loader.jar is checked in
...
git-svn-id: file:///home/svn/framework3/trunk@9880 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 03:10:15 +00:00
08d705c1db
add java meterpreter and update java_calendar_deserialize to be able to use it, see #406
...
git-svn-id: file:///home/svn/framework3/trunk@9874 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 00:53:24 +00:00
dec6bfee0a
add missing includes
...
git-svn-id: file:///home/svn/framework3/trunk@9856 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-19 04:28:09 +00:00
2a8a058519
add a bind stager for php
...
git-svn-id: file:///home/svn/framework3/trunk@9855 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-17 22:42:12 +00:00
2f5970e30b
set keywords property
...
git-svn-id: file:///home/svn/framework3/trunk@9655 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 23:46:05 +00:00
0882838491
ensure binary mode when opening files, whitespace fixes
...
git-svn-id: file:///home/svn/framework3/trunk@9653 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 23:33:07 +00:00
42f540258a
really, actually commit the meterpreter stage
...
git-svn-id: file:///home/svn/framework3/trunk@9638 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-30 23:51:29 +00:00
920710a5fd
actually commit the stager, see #2128
...
git-svn-id: file:///home/svn/framework3/trunk@9595 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-23 22:24:50 +00:00
c3d183c98d
split stadpi out into an extension, add a reverse_tcp stager, make the main meterpreter stage-aware so it will work as a standalone or eval'd by a stager that sets $msgsock and $msgsock_type; see #2128
...
git-svn-id: file:///home/svn/framework3/trunk@9594 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-23 20:00:27 +00:00
171543624a
fix typos
...
git-svn-id: file:///home/svn/framework3/trunk@9581 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-22 16:11:02 +00:00
ef5c0f77eb
move copy-paste into a mixin
...
git-svn-id: file:///home/svn/framework3/trunk@9576 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-22 00:46:52 +00:00
d1d2f8af0a
explain to the user that we couldn't find a vncviewer
...
git-svn-id: file:///home/svn/framework3/trunk@9575 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-22 00:14:08 +00:00
6fb4a5630a
explain to the user that we couldn't find a vncviewer
...
git-svn-id: file:///home/svn/framework3/trunk@9574 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-22 00:13:43 +00:00
c5203f72a0
missed deleting this when moving it to meterpreter_reverse_tcp
...
git-svn-id: file:///home/svn/framework3/trunk@9557 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-18 21:33:21 +00:00
b03047094d
make the payload name match the standard
...
git-svn-id: file:///home/svn/framework3/trunk@9534 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-16 16:55:05 +00:00
e32abab8dc
a HTTP -> an HTTP ( http://www.english-zone.com/grammar/a-anlessn.html )
...
git-svn-id: file:///home/svn/framework3/trunk@9488 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 16:12:05 +00:00
faefb09b8c
Only gsub datastore variables if they aren't nil
...
git-svn-id: file:///home/svn/framework3/trunk@9403 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-03 01:23:02 +00:00
9dc298f56d
make it work for more than localhost...
...
git-svn-id: file:///home/svn/framework3/trunk@9401 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-03 00:21:24 +00:00
f974f59c32
make sure we have reverse_tcp
...
git-svn-id: file:///home/svn/framework3/trunk@9400 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-02 23:20:45 +00:00
2470470405
stupid debug print
...
git-svn-id: file:///home/svn/framework3/trunk@9394 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-02 08:31:44 +00:00
fe43e91bad
initial commit of php meterpreter, see #391 . upload, download, cd, pwd, ls, cat, sysinfo, getpid, and ps all work fine.
...
* execute works with channel read/write but no interact yet
* getuid is weird, since php's get_current_user() and getmyuid() return the owner of the file instead of the running uid (wtf?)
git-svn-id: file:///home/svn/framework3/trunk@9393 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-02 08:28:39 +00:00
a1ee346d59
Try a little harder to read the full image
...
git-svn-id: file:///home/svn/framework3/trunk@9379 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-29 02:20:23 +00:00
34f12a38ec
Change the base value used for calculating the system call numbers and
...
arguments to avoid null bytes in newer versions of AIX.
git-svn-id: file:///home/svn/framework3/trunk@9347 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-23 19:47:48 +00:00
0e72894e58
more cleanups
...
git-svn-id: file:///home/svn/framework3/trunk@9212 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-03 17:13:09 +00:00
0ea6eca4bc
big module whitespace/formatting cleanup pass
...
git-svn-id: file:///home/svn/framework3/trunk@9179 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-30 08:40:19 +00:00
321404e2fe
add payload/generic/tight_loop - x86 debug payload
...
git-svn-id: file:///home/svn/framework3/trunk@9070 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-14 07:40:04 +00:00
11c10518b3
Bug fixes for better windows OS compatibility
...
git-svn-id: file:///home/svn/framework3/trunk@9002 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-03 14:57:51 +00:00
cd2760f2c2
Bug fixes and size improvements for the reverse_https stager
...
git-svn-id: file:///home/svn/framework3/trunk@9001 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-03 13:53:35 +00:00
e968c3894e
More size tweaks
...
git-svn-id: file:///home/svn/framework3/trunk@8999 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-03 08:03:28 +00:00
c8defe9716
Size tweaks to bring the ssl stager + encoder + target_id to exactly 400 bytes
...
git-svn-id: file:///home/svn/framework3/trunk@8998 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-03 07:48:53 +00:00
d2f44f4a22
Keywords
...
git-svn-id: file:///home/svn/framework3/trunk@8986 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-03 05:22:20 +00:00
b50d9049f0
Add the actual stager
...
git-svn-id: file:///home/svn/framework3/trunk@8985 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-03 05:21:42 +00:00
c6c956ab46
Small patch to enable a new stager
...
git-svn-id: file:///home/svn/framework3/trunk@8984 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-03 05:21:15 +00:00
5d0fb434b7
Adds a reverse_tcp_dns stager
...
git-svn-id: file:///home/svn/framework3/trunk@8983 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-03 03:38:57 +00:00
75661291fa
and the bins, tiny modification to the ruby side and update the README.
...
git-svn-id: file:///home/svn/framework3/trunk@8891 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-24 00:03:32 +00:00
46cc8e538f
The new x64 VNC inject payload stage.
...
git-svn-id: file:///home/svn/framework3/trunk@8746 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-08 14:51:43 +00:00
a0d5ce473b
add (staged) to the descriptions of staged payloads, fixes #955
...
git-svn-id: file:///home/svn/framework3/trunk@8733 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-06 05:27:13 +00:00
138d45d095
more missing constant errors fixed, fixes #975
...
git-svn-id: file:///home/svn/framework3/trunk@8642 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-25 21:11:12 +00:00
75533423dd
add requires for 2 stages missing them
...
git-svn-id: file:///home/svn/framework3/trunk@8634 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-25 06:05:02 +00:00
7d99a33b20
remove double-on_session call from generic payloads
...
git-svn-id: file:///home/svn/framework3/trunk@8621 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-24 20:57:09 +00:00
b391abd32d
adds scripting for command shell sessions
...
1. InitialAutoRunScript and AutoRunScript vars work
2. scripts/shells was created to hold them
3. *_shell methods were renamed shell_*
4. added "shell_command" method to command shell sessions
5. converted all uses of *_shell to shell_*
6. all payloads that produce command shell sessions include Msf::Sessions::CommandShellOptions
git-svn-id: file:///home/svn/framework3/trunk@8615 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-24 01:19:59 +00:00
f8ca490b98
move meterpreter on_session functionality into a mixin
...
git-svn-id: file:///home/svn/framework3/trunk@8586 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-22 21:05:08 +00:00
17bd4b8b7d
fixed aix payloads to REALLY do variable substitution
...
git-svn-id: file:///home/svn/framework3/trunk@8418 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 22:41:36 +00:00
d68efa61d2
initial commit of aix cmsd exploit (not fully working yet)
...
git-svn-id: file:///home/svn/framework3/trunk@8397 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 00:44:37 +00:00
31949c4343
svn keywords fixups
...
fixed a bunch of $Id$ and $Revision$ typos
added keywords property to files missing it
git-svn-id: file:///home/svn/framework3/trunk@8242 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 20:12:13 +00:00
831833667a
Minor tweak (run inside of sh -c '')
...
git-svn-id: file:///home/svn/framework3/trunk@8107 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-13 20:19:51 +00:00
2283e029db
crossing fingers, big cr removal batch
...
git-svn-id: file:///home/svn/framework3/trunk@8038 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-30 22:24:22 +00:00
bcdb44b835
See #667 . This adds InitialAutoRunScript support, to be defaulted by browser modules (and others)
...
git-svn-id: file:///home/svn/framework3/trunk@7904 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 06:00:14 +00:00
b1c9b7e927
a few more svn:keywords fixes
...
git-svn-id: file:///home/svn/framework3/trunk@7870 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 02:11:42 +00:00
5ddfffc94f
only accept one connection for bind_perl shells. fixes 669
...
git-svn-id: file:///home/svn/framework3/trunk@7790 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-09 23:49:50 +00:00
61e233df91
Keywords on all modules, plugins, and scripts
...
git-svn-id: file:///home/svn/framework3/trunk@7550 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-17 00:05:19 +00:00
dc0dc98771
Fixes #517 . Disables meterpreter stages for passivex stagers
...
git-svn-id: file:///home/svn/framework3/trunk@7546 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-16 22:45:33 +00:00
6142f5d509
re-enable the passivex stager. we still need to force the meterpreter stage to be incompatible with this stager as their is a known issue between the two.
...
git-svn-id: file:///home/svn/framework3/trunk@7544 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-16 19:34:14 +00:00
159ca526b4
Fixed a null pointer dereference bug (occurring in stages loaded by the PassiveX stager) that was being caused when an invalid exit funk was being patched into the stage by the PassiveX stager. This happened because the PassiveX stager uses the old type exit funks while the stages use the new type. This fix ensures the PassiveX stager gets the expected old exit funk value while the chosen stage gets the new exit funk value. This patch does not fix Bug #291 (PassiveX broken). Also I have left the PassiveX stager disabled until we can resolve the rest of the problems.
...
git-svn-id: file:///home/svn/framework3/trunk@7448 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-10 16:07:01 +00:00
d9b5d62a3e
disable passivex for the rc1 until we can figure out why it doesn't work. see #291
...
git-svn-id: file:///home/svn/framework3/trunk@7419 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-09 04:32:22 +00:00
b38a74c961
Another mega-patch from Yoann Guillot: fixes warnings generated by method calls with a space betwee the method and the parans, corrects a problem with the alpha encoders that causes them to overwrite the allowed charset, hardcodes the metasm output size of some modules in order to reduce load time, more to come
...
git-svn-id: file:///home/svn/framework3/trunk@7246 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 16:40:19 +00:00
995745d642
Commit a jsp bind shell payload (and add a missing require to the jsp reverse shell).
...
git-svn-id: file:///home/svn/framework3/trunk@7220 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-20 23:11:28 +00:00
00b2915554
Fixes #342 . Set ReverseConnectRetries to a value between 1 and 255 (default is 5). On failure it will ExitProcess (still better than a cpu spin)
...
git-svn-id: file:///home/svn/framework3/trunk@7217 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-20 20:31:14 +00:00
5972666f63
See #339 . Massive cleanup of author names, make them consistent across modules
...
git-svn-id: file:///home/svn/framework3/trunk@7075 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-27 21:30:45 +00:00
1a220d6dc5
add java payload jsp_shell_reverse_tcp.
...
git-svn-id: file:///home/svn/framework3/trunk@7071 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-27 18:35:07 +00:00
6a7a023844
I will not commit when sleep deprived. I will not commit when sleep deprived. I will not commit...
...
git-svn-id: file:///home/svn/framework3/trunk@7061 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-25 06:40:42 +00:00
bc2c38c332
shave an instruction from the new allports stager
...
git-svn-id: file:///home/svn/framework3/trunk@7060 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-25 06:13:13 +00:00
b47b46e7c0
Set keywords
...
git-svn-id: file:///home/svn/framework3/trunk@7059 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-25 05:45:03 +00:00
ee9a8f4f76
Adds support for the reverse_tcp_allports stager for Windows. This payload tries to connect back on all ports, one at a time, from LPORT to 65535. This is incredibly slow (depends on the default socket timeout) and requires the user to forward all TCP ports of LHOST to a single listening port in the handler. Inspired by a few user requests and this blog post: http://clinicallyawesome.com/post/196352889/blind-connect-back-through-restrictive-firewall
...
git-svn-id: file:///home/svn/framework3/trunk@7058 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-25 05:44:50 +00:00
e30e850ba7
shave a few bytes off of the windows stagers
...
git-svn-id: file:///home/svn/framework3/trunk@7035 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-14 08:45:01 +00:00
782f830abf
make cd work by special-casing it to call chdir()
...
git-svn-id: file:///home/svn/framework3/trunk@7027 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-10 06:19:10 +00:00
0f957f236e
make cd work by special-casing it to call chdir()
...
git-svn-id: file:///home/svn/framework3/trunk@7026 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-10 06:11:47 +00:00
185b93bf29
Enforce max password length of 14 to avoid a default policy warning about back compat
...
git-svn-id: file:///home/svn/framework3/trunk@7024 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-10 03:29:51 +00:00
40ca641a96
Initial commit of the windows x64 meterpreter payloads!
...
git-svn-id: file:///home/svn/framework3/trunk@6997 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-03 17:47:21 +00:00
97725a489c
Round 3 of x64 support from Stephen Fewer - new payloads!
...
git-svn-id: file:///home/svn/framework3/trunk@6980 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-27 19:29:54 +00:00
cf10a62dcc
Merge in the beginnings of x64 support from Stephen Fewer
...
git-svn-id: file:///home/svn/framework3/trunk@6972 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-23 23:47:33 +00:00
f84cadd9ea
Correct the class/require name
...
git-svn-id: file:///home/svn/framework3/trunk@6929 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-01 04:02:47 +00:00
b70dad9186
Merge the new stubs for meterpreter on other platforms
...
git-svn-id: file:///home/svn/framework3/trunk@6928 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-01 03:50:40 +00:00
296703de77
Add the new metsvc singles
...
git-svn-id: file:///home/svn/framework3/trunk@6927 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-01 03:48:45 +00:00
b47226797d
Updating the whitespace to match the rest of the modules
...
git-svn-id: file:///home/svn/framework3/trunk@6925 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-31 18:02:14 +00:00
49b7dcb30c
Overhaul of the metasploit payloads from Stephen Fewer - smaller/cleaner/new hashing/support for WinNT 4.0 -> Win7 with size reductions for the stagers and minimal size increases for the singles
...
git-svn-id: file:///home/svn/framework3/trunk@6922 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-31 17:50:10 +00:00
24e1af3f74
fix a pastographical error
...
git-svn-id: file:///home/svn/framework3/trunk@6919 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-28 15:23:52 +00:00
b5769ead52
Small corrections.
...
git-svn-id: file:///home/svn/framework3/trunk@6911 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-28 04:46:57 +00:00
9c9669f5d9
add php/download_exec and remove an erroneous comment from windows/download_exec
...
git-svn-id: file:///home/svn/framework3/trunk@6905 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-26 23:08:31 +00:00
e70ac6cc19
Added a new set of match flags for cmd injection exploits (RequiredCmds). This reduces the number of 'bad' payloads listed for explot modules. A good example is disabling the netcat -e payloads for old Solaris exploits
...
git-svn-id: file:///home/svn/framework3/trunk@6854 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-21 15:20:35 +00:00
47ebd62092
Adds coverage for the DD-WRT web interface command execution flaw, adds two netcat -e payloads to work with it
...
git-svn-id: file:///home/svn/framework3/trunk@6852 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-21 12:56:42 +00:00
17d6de4247
Adds a reverse_tcp for metsvc
...
git-svn-id: file:///home/svn/framework3/trunk@6848 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-19 20:51:58 +00:00
d5a15718b5
Fix up AutoRunScript support (reflective had not been updated before being switched as default)
...
git-svn-id: file:///home/svn/framework3/trunk@6802 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-14 21:36:23 +00:00
48e1e5f351
Merge Stephen Fewer's patches to enable support for Windows 7 (fixes support for NT and 2000 as well)
...
git-svn-id: file:///home/svn/framework3/trunk@6744 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-05 20:24:37 +00:00
8a9675f27e
Switch the reflective loaders to the new default, fixes an issue in the old loader with large DLLs within some processes
...
git-svn-id: file:///home/svn/framework3/trunk@6743 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-05 06:23:46 +00:00
4ffd60a089
Move the old DLL injection payloads to a new naming convention
...
git-svn-id: file:///home/svn/framework3/trunk@6742 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-05 06:21:58 +00:00
fefaaa1884
Convert ; comments to // for debug mode
...
git-svn-id: file:///home/svn/framework3/trunk@6713 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-25 19:48:37 +00:00
d981332b89
Better search behavior for console and msfweb
...
git-svn-id: file:///home/svn/framework3/trunk@6706 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-24 01:31:16 +00:00
c2362ec409
All your POWER are belong to us.
...
git-svn-id: file:///home/svn/framework3/trunk@6698 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-23 03:49:25 +00:00
1fba3f678b
Adds Windows 7 support for the primary stagers: http://www.harmonysecurity.com/blog/2009/06/retrieving-kernel32s-base-address.html
...
git-svn-id: file:///home/svn/framework3/trunk@6677 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-20 04:35:44 +00:00
e1d17d6922
Add stdapi by default and support AutoRunScript
...
git-svn-id: file:///home/svn/framework3/trunk@6527 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-06 03:27:39 +00:00
7f9e020438
This adds a stub payload for interacting with sotirov's metsvc.exe
...
git-svn-id: file:///home/svn/framework3/trunk@6526 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-06 03:24:23 +00:00
533cae760d
fix author field
...
git-svn-id: file:///home/svn/framework3/trunk@6512 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-30 06:12:27 +00:00
9144e8378d
fix author field
...
git-svn-id: file:///home/svn/framework3/trunk@6510 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-30 06:10:12 +00:00
cf5caf3d31
remove 'persistent' from the description in bind_php
...
git-svn-id: file:///home/svn/framework3/trunk@6491 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-18 23:51:20 +00:00
37c2e301ed
replacing defunct framework URL in header comments in most modules and pcap_log
...
git-svn-id: file:///home/svn/framework3/trunk@6479 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-13 14:33:26 +00:00
1eb8c8dfc0
meh, what can I say? I like my name
...
git-svn-id: file:///home/svn/framework3/trunk@6459 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-03 15:05:35 +00:00
9482b4080e
set a few more modules' Versions to Revision, only did aux by accident last time
...
git-svn-id: file:///home/svn/framework3/trunk@6439 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-30 01:09:09 +00:00
eccfcdfced
Sets svn keywords on modules missing it, tweaks the emailer module
...
git-svn-id: file:///home/svn/framework3/trunk@6407 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-28 06:03:35 +00:00
13706d1bde
Tons of new Mac OS X code from Dino Dai Zovi and Charlie Miller, more to follow
...
git-svn-id: file:///home/svn/framework3/trunk@6353 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-18 23:28:24 +00:00
fd7399210d
updated info for payload/php/shell_findsock
...
git-svn-id: file:///home/svn/framework3/trunk@6231 4d416f70-5f16-0410-b530-b9f4589650da
2009-02-17 06:04:02 +00:00
3cfee47b00
remove dll option from reflectivevncinject
...
git-svn-id: file:///home/svn/framework3/trunk@6180 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-24 03:44:59 +00:00
55daaf64bd
remove dll option from reflectivemeterpreter, too
...
git-svn-id: file:///home/svn/framework3/trunk@6179 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-24 03:29:07 +00:00
3a8935b2c6
remove the ability to set the dll path for meterp and vncinject
...
git-svn-id: file:///home/svn/framework3/trunk@6178 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-23 23:06:10 +00:00
70feb8152c
Switch to the new TTY session type
...
git-svn-id: file:///home/svn/framework3/trunk@6141 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-13 07:02:22 +00:00
4fdca1f6d7
Update info to reflect TTY class
...
git-svn-id: file:///home/svn/framework3/trunk@6138 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-13 06:47:53 +00:00
5b75b5d5a6
Move interact_tty to the TTY arch
...
git-svn-id: file:///home/svn/framework3/trunk@6137 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-13 06:47:04 +00:00
0d1ca42ed6
Adds support for exploitation over dialup via the new Telephony library.
...
git-svn-id: file:///home/svn/framework3/trunk@6120 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-11 06:09:02 +00:00
114067e7bb
standardize names
...
git-svn-id: file:///home/svn/framework3/trunk@6059 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-02 21:21:10 +00:00
200cedeb25
clean up name and description
...
git-svn-id: file:///home/svn/framework3/trunk@6058 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-02 21:18:51 +00:00
232145819b
Adding Linux/x86 inline IPv6 bind shell payload
...
git-svn-id: file:///home/svn/framework3/trunk@6036 4d416f70-5f16-0410-b530-b9f4589650da
2008-12-21 07:10:27 +00:00
4ae6d81616
Add bind_ruby and reverse_ruby cmd payloads for unix and windows
...
git-svn-id: file:///home/svn/framework3/trunk@5967 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-20 03:42:55 +00:00
d7ad8fa452
Adding Linux/x86 IPv6 bind and reverse-connect stagers
...
git-svn-id: file:///home/svn/framework3/trunk@5951 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-18 21:01:26 +00:00
26692d3437
Added AIX Power payload modules
...
git-svn-id: file:///home/svn/framework3/trunk@5900 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-13 01:58:36 +00:00
dfbf6b34a5
Added Linux Power/Cell Broadband Engine Architecture payload modules and advanced payload options
...
git-svn-id: file:///home/svn/framework3/trunk@5899 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-13 01:57:53 +00:00
ec4fffaa61
Removing old AIX Power payload modules
...
git-svn-id: file:///home/svn/framework3/trunk@5897 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-13 01:52:57 +00:00
75feaa6fab
allow passing args to meterpreter scripts through AutoRunScript
...
git-svn-id: file:///home/svn/framework3/trunk@5853 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-08 19:39:06 +00:00
be3bfb36a9
Correct the DLL path
...
git-svn-id: file:///home/svn/framework3/trunk@5844 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-05 06:13:26 +00:00
187f79eddf
Switch the DLLs for vnc/meterp to Stephen Fewer's reflective versions, check in the reflectve_meterpreter source code project
...
git-svn-id: file:///home/svn/framework3/trunk@5837 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-04 20:08:24 +00:00
0193cd5219
fix session vs client variable problems with meterpreter AutoRunScript and make usage actually reflect what the code does
...
git-svn-id: file:///home/svn/framework3/trunk@5834 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-04 06:40:12 +00:00
56a413d803
Reflective DLL injection payloads from Stephen Fewer
...
git-svn-id: file:///home/svn/framework3/trunk@5806 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-30 22:17:32 +00:00
8d19ba7bbf
Changed AIX_VERSION to AIXLEVEL
...
git-svn-id: file:///home/svn/framework3/trunk@5786 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-23 13:22:12 +00:00
c66d6c4e46
Set property 'svn:keywords'
...
git-svn-id: file:///home/svn/framework3/trunk@5783 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-23 02:43:21 +00:00
eb0c6d1a65
Added missing Linux x86 payload modules from unixasm
...
git-svn-id: file:///home/svn/framework3/trunk@5782 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-23 02:19:50 +00:00
693202fd4b
Updated AIX POWER/PowerPC payload modules
...
git-svn-id: file:///home/svn/framework3/trunk@5781 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-23 02:04:18 +00:00
e6127313c9
Updated AIX POWER/PowerPC payload modules
...
git-svn-id: file:///home/svn/framework3/trunk@5774 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-19 21:41:12 +00:00
f124597a56
Code cleanups
...
git-svn-id: file:///home/svn/framework3/trunk@5773 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-19 21:03:39 +00:00
76dc2920d5
implemented in lib/msf/core/payload/php.rb
...
git-svn-id: file:///home/svn/framework3/trunk@5745 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-13 05:49:11 +00:00
38b565399e
actually randomize myexec function name
...
git-svn-id: file:///home/svn/framework3/trunk@5744 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-13 05:31:36 +00:00
fd256ec4a1
This massive commit changes the metasploit 3 module format. The new syntax allows for greater scalability and future improvements to the metasploit module loader. This change also makes it easier for users to add new modules, since the class name no longer needs to match the directory structure.
...
git-svn-id: file:///home/svn/framework3/trunk@5709 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-02 05:23:59 +00:00
422e58c51f
Close the listening socket, allows the same shellcode to beused on the same port repeatedly, thanks antoine!
...
git-svn-id: file:///home/svn/framework3/trunk@5705 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-01 16:16:34 +00:00
647118f333
remove debug statements, add disabled_functions evasion in php findsock stuff
...
git-svn-id: file:///home/svn/framework3/trunk@5700 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-30 19:56:16 +00:00
36a06e7576
initial commit of php findsock. This patch makes all http connections global and removes the "close if (!pipelining)" checks, so beware of bugs.
...
git-svn-id: file:///home/svn/framework3/trunk@5678 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-24 04:41:51 +00:00
309618a3f8
Fixed indentation
...
git-svn-id: file:///home/svn/framework3/trunk@5673 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-21 21:59:15 +00:00
40b8f1896e
Moving it in again. Thanks antoine for the fix!
...
git-svn-id: file:///home/svn/framework3/trunk@5672 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-21 19:35:27 +00:00
89ba4c289c
Moving out temporarily
...
git-svn-id: file:///home/svn/framework3/trunk@5671 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-20 18:18:29 +00:00
590ac24121
Moving out temporarily
...
git-svn-id: file:///home/svn/framework3/trunk@5670 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-20 18:17:05 +00:00
58cef5775e
Added ARCH_POWER constant and fixed AIX payload modules
...
git-svn-id: file:///home/svn/framework3/trunk@5663 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-17 01:42:51 +00:00
07c838e4e0
Merge patch and module from Robert, adds a x86 int3 payload for debugging, patches for the testsrv
...
git-svn-id: file:///home/svn/framework3/trunk@5660 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-15 19:38:50 +00:00
6772685f3e
Merge patch from Julien TINNES for MIPS support (LE/BE)
...
git-svn-id: file:///home/svn/framework3/trunk@5658 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-15 18:50:34 +00:00
4dd9b23f37
Added AIX POWER/PowerPC payload modules
...
git-svn-id: file:///home/svn/framework3/trunk@5655 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-10 20:15:38 +00:00
f0976fad87
avoid logging socket errors
...
git-svn-id: file:///home/svn/framework3/trunk@5651 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-04 03:52:02 +00:00
98632ac069
add simple command execution payload for php
...
git-svn-id: file:///home/svn/framework3/trunk@5646 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-01 04:41:18 +00:00
d53dd66701
Adds initial support for IPv6, including two stager. Tested Meterpreter over IPv6 stages on XP and Vista. Using this is still tricky, I will add a wiki page tomorrow to explain the ScopeID stuff for link-local testing. This commit also includes the raw (oversized) assembler for the stagers as well as the entire old metasploit assembly set (useful for development).
...
git-svn-id: file:///home/svn/framework3/trunk@5635 4d416f70-5f16-0410-b530-b9f4589650da
2008-08-22 06:34:57 +00:00
cb2efe6356
Swap the new NX-enabled stagers for the old ones, keep the old ones since they are still much smaller.
...
git-svn-id: file:///home/svn/framework3/trunk@5628 4d416f70-5f16-0410-b530-b9f4589650da
2008-08-13 01:49:07 +00:00
fae008d1b0
Adds the bind_nx_tcp stager (NX support)
...
git-svn-id: file:///home/svn/framework3/trunk@5625 4d416f70-5f16-0410-b530-b9f4589650da
2008-08-11 22:51:28 +00:00
eaa91fd8f4
Adds a reverse_tcp stager that downloads the stage into a RWX page created with VirtualAlloc. Results in NX support
...
git-svn-id: file:///home/svn/framework3/trunk@5624 4d416f70-5f16-0410-b530-b9f4589650da
2008-08-11 22:41:35 +00:00
9b3c8e2d72
tebodell's patch to autorun meterpeter scripts on session creation
...
git-svn-id: file:///home/svn/framework3/trunk@5557 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-19 04:52:12 +00:00
8800372e46
initial commit of browser_autopwn;
...
revamp php payloads;
socks5 for IPv6 (untested)
git-svn-id: file:///home/svn/framework3/trunk@5546 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-01 01:44:56 +00:00
2db9dd6ab2
Reversing over greedy commit. =(
...
git-svn-id: file:///home/svn/framework3/trunk@5506 4d416f70-5f16-0410-b530-b9f4589650da
2008-05-17 06:17:41 +00:00
93199c5610
"set foo" prints the value of foo if it exists
...
git-svn-id: file:///home/svn/framework3/trunk@5505 4d416f70-5f16-0410-b530-b9f4589650da
2008-05-17 05:29:32 +00:00
297e4f4b4d
Fork doesn't work on windows
...
git-svn-id: file:///home/svn/framework3/trunk@5495 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-25 04:37:53 +00:00
6cb21b2dc7
Windows port of the Perl based cmd payloads
...
git-svn-id: file:///home/svn/framework3/trunk@5465 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-03 09:36:01 +00:00
9019b077bd
fix timeout issues in reverse php shell
...
git-svn-id: file:///home/svn/framework3/trunk@5461 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-01 02:08:19 +00:00
7f5d7c5a29
Update payloads from toto
...
git-svn-id: file:///home/svn/framework3/trunk@5449 4d416f70-5f16-0410-b530-b9f4589650da
2008-03-18 15:57:38 +00:00
cfaa70cf30
New chmod payload from Kris Katterjohn
...
git-svn-id: file:///home/svn/framework3/trunk@5439 4d416f70-5f16-0410-b530-b9f4589650da
2008-03-10 21:21:51 +00:00
c546d6ec9c
Really fix the empty LHOST bug
...
git-svn-id: file:///home/svn/framework3/trunk@5431 4d416f70-5f16-0410-b530-b9f4589650da
2008-03-04 21:40:04 +00:00
7b10ffbae6
Fix empty LHOST problem and space generation
...
git-svn-id: file:///home/svn/framework3/trunk@5430 4d416f70-5f16-0410-b530-b9f4589650da
2008-03-04 20:50:39 +00:00
dfa0f6c0c4
More reliable reverse shell
...
git-svn-id: file:///home/svn/framework3/trunk@5429 4d416f70-5f16-0410-b530-b9f4589650da
2008-03-04 07:34:26 +00:00
77f431fea3
autoload meterpreter's priv extension if the exploit gave us admin
...
git-svn-id: file:///home/svn/framework3/trunk@5427 4d416f70-5f16-0410-b530-b9f4589650da
2008-03-02 23:07:33 +00:00
685241ab31
I suck.
...
git-svn-id: file:///home/svn/framework3/trunk@5414 4d416f70-5f16-0410-b530-b9f4589650da
2008-02-13 16:02:39 +00:00
d8d9db3299
Fixes #188 . This adds an exec stage to the OSX payloads
...
git-svn-id: file:///home/svn/framework3/trunk@5405 4d416f70-5f16-0410-b530-b9f4589650da
2008-02-09 07:58:38 +00:00
6677beb174
Merged revisions 5366-5377 via svnmerge from
...
svn+ssh://metasploit.com/home/svn/framework3/branches/framework-3.1
........
r5366 | hdm | 2008-01-26 20:30:53 -0600 (Sat, 26 Jan 2008) | 2 lines
Update version information
........
r5367 | hdm | 2008-01-26 21:10:57 -0600 (Sat, 26 Jan 2008) | 3 lines
Updated for version 3.1
........
r5369 | hdm | 2008-01-26 21:13:31 -0600 (Sat, 26 Jan 2008) | 3 lines
Wipe the private directories from the branch.
........
r5371 | hdm | 2008-01-27 17:24:24 -0600 (Sun, 27 Jan 2008) | 5 lines
Timeout options added for dcerpc connect and read times. Addition of novell netware as a supported target platform. Inclusion of the serverprotect exploit (still works on the latest version). Addition of the first remote netware kernel exploit that leads to a shell, addition of netware stager and shell, and first draft of the release notes for 3.1
........
r5372 | hdm | 2008-01-27 17:30:08 -0600 (Sun, 27 Jan 2008) | 3 lines
Formatting, indentation, fixed the static IP embedded in the request
........
r5373 | hdm | 2008-01-27 20:02:48 -0600 (Sun, 27 Jan 2008) | 3 lines
Correctly trap exploit errors in a way that works with all of the UIs
........
r5374 | hdm | 2008-01-27 20:23:25 -0600 (Sun, 27 Jan 2008) | 3 lines
More last-minute bug fixes
........
r5375 | hdm | 2008-01-27 20:37:43 -0600 (Sun, 27 Jan 2008) | 3 lines
Force multi-bind off in netware, correct label display in gtk gui labels
........
r5376 | hdm | 2008-01-27 20:50:03 -0600 (Sun, 27 Jan 2008) | 3 lines
More exception handling fun
........
git-svn-id: file:///home/svn/framework3/trunk@5378 4d416f70-5f16-0410-b530-b9f4589650da
2008-01-28 03:06:31 +00:00
31d121da82
Speedup to local relay
...
git-svn-id: file:///home/svn/framework3/trunk@5358 4d416f70-5f16-0410-b530-b9f4589650da
2008-01-26 22:17:59 +00:00
5ebeacda65
Automaticalyl use the ipwn file path
...
git-svn-id: file:///home/svn/framework3/trunk@5204 4d416f70-5f16-0410-b530-b9f4589650da
2007-11-26 22:22:18 +00:00
053165eb72
git-svn-id: file:///home/svn/framework3/trunk@5164 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-20 17:32:46 +00:00
3a5a25c133
A new iphone/itouch stages which remounts the drive rwx, writes an exe, and executes it with stdio mapped to the socket
...
git-svn-id: file:///home/svn/framework3/trunk@5163 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-20 03:51:15 +00:00
a927464cd8
8Mb > 32k :-)
...
git-svn-id: file:///home/svn/framework3/trunk@5162 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-20 02:08:42 +00:00
ad050b492d
Adding the staged versions of the OS X payloads. One step closer to download + execute
...
git-svn-id: file:///home/svn/framework3/trunk@5160 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-19 07:53:23 +00:00
83fdda022e
Correct the euid to 0
...
git-svn-id: file:///home/svn/framework3/trunk@5158 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-19 06:39:10 +00:00
46d14f16b3
typo fix
...
git-svn-id: file:///home/svn/framework3/trunk@5138 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-05 21:10:37 +00:00
6f79e14c91
Fixes #157 . Patches from egypt@nmt.edu
...
git-svn-id: file:///home/svn/framework3/trunk@5137 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-05 19:23:45 +00:00
b113940b03
Buzzer payload! http://securityevaluators.com/iphone/bh07.pdf
...
git-svn-id: file:///home/svn/framework3/trunk@5121 4d416f70-5f16-0410-b530-b9f4589650da
2007-09-25 04:21:48 +00:00
1527d92154
Correct offset typos in the new iphone modules. Add EXE output support for OS X PPC, Linux x86, and make the OS X ARM smaller.
...
git-svn-id: file:///home/svn/framework3/trunk@5119 4d416f70-5f16-0410-b530-b9f4589650da
2007-09-25 01:50:05 +00:00
aa51f559e8
Keywords for SVN
...
git-svn-id: file:///home/svn/framework3/trunk@5111 4d416f70-5f16-0410-b530-b9f4589650da
2007-09-24 03:13:50 +00:00
b6e1dc00f7
nops and payloads for arm-darwin (aka iphone) :-)
...
git-svn-id: file:///home/svn/framework3/trunk@5110 4d416f70-5f16-0410-b530-b9f4589650da
2007-09-24 03:13:08 +00:00
04c6dbc748
Updated svn:keywords
...
git-svn-id: file:///home/svn/framework3/trunk@5100 4d416f70-5f16-0410-b530-b9f4589650da
2007-09-10 01:01:20 +00:00
7b65a56d65
initial support for metasm integration, ported sample payload to use it
...
git-svn-id: file:///home/svn/framework3/trunk@5076 4d416f70-5f16-0410-b530-b9f4589650da
2007-08-11 00:37:50 +00:00
6462ede937
Fixes #106 . Added new single shell_bind_tcp payload module for Linux x86. See #106 .
...
git-svn-id: file:///home/svn/framework3/trunk@5068 4d416f70-5f16-0410-b530-b9f4589650da
2007-07-31 02:10:49 +00:00
f60810d00c
Added more advanced payload options and advanced payload options support for Solaris.
...
git-svn-id: file:///home/svn/framework3/trunk@5060 4d416f70-5f16-0410-b530-b9f4589650da
2007-07-25 03:24:51 +00:00
f3dd74cfc9
Added advanced payload options for *BSD, improved solaris targets of lsa_transnames_heap.rb, some code cleanups.
...
git-svn-id: file:///home/svn/framework3/trunk@5044 4d416f70-5f16-0410-b530-b9f4589650da
2007-07-11 03:19:28 +00:00
d186725ac6
Added new Samba lsa_io_trans_names heap overflow exploit module for Solaris x86 and SPARC.
...
git-svn-id: file:///home/svn/framework3/trunk@5039 4d416f70-5f16-0410-b530-b9f4589650da
2007-07-08 04:11:53 +00:00
99f806b0e9
Added OSX payloads advanced options and improved Samba exploit module.
...
git-svn-id: file:///home/svn/framework3/trunk@5033 4d416f70-5f16-0410-b530-b9f4589650da
2007-07-06 01:22:54 +00:00
735c0b5d4e
Added svn:keywords and adjusted code indentation.
...
git-svn-id: file:///home/svn/framework3/trunk@5031 4d416f70-5f16-0410-b530-b9f4589650da
2007-07-05 02:02:39 +00:00
7a5c4c29cc
Added new Samba lsa_io_trans_names heap overflow exploit module for Mac OS X x86 and PowerPC
...
git-svn-id: file:///home/svn/framework3/trunk@5030 4d416f70-5f16-0410-b530-b9f4589650da
2007-07-05 01:41:39 +00:00
fe56bc418f
Sample payload rewrite that uses METASM
...
git-svn-id: file:///home/svn/framework3/trunk@5017 4d416f70-5f16-0410-b530-b9f4589650da
2007-07-03 04:22:32 +00:00
d33675d870
framework now properly handles using singles without handlers as both stages and singles, fixes #115
...
git-svn-id: file:///home/svn/framework3/trunk@4994 4d416f70-5f16-0410-b530-b9f4589650da
2007-06-16 05:04:03 +00:00
40511cffb7
This adds a Linux-payload specific mixin which allows for new advanced options, such as setuid/chroot prepends.
...
git-svn-id: file:///home/svn/framework3/trunk@4984 4d416f70-5f16-0410-b530-b9f4589650da
2007-06-09 02:25:31 +00:00
fe4f3119c1
More payloads from Ramon ( fixes #98 , #99 , #100 , #101 )
...
git-svn-id: file:///home/svn/framework3/trunk@4840 4d416f70-5f16-0410-b530-b9f4589650da
2007-05-03 03:11:49 +00:00
2af13aa4ef
Fixes #88 #89 #90 #91 #92 . Replaces bind/reverse for BSD x86, replaces bind for OS X x86, adds reverse/find for OS X x86.
...
git-svn-id: file:///home/svn/framework3/trunk@4803 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-28 19:00:34 +00:00
6df72d9f41
Patch from GML to fix call calculation
...
git-svn-id: file:///home/svn/framework3/trunk@4438 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-18 22:38:54 +00:00
7136d6bbd4
PassiveX only works with IE 6 (5.x and 7.x fail)
...
git-svn-id: file:///home/svn/framework3/trunk@4428 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-18 06:19:42 +00:00
52ebcde5a0
mention IE 6 dependency in the description
...
git-svn-id: file:///home/svn/framework3/trunk@4426 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-18 06:16:38 +00:00
abbeb2e87e
Adding an Id tag and a standard header to all modules
...
git-svn-id: file:///home/svn/framework3/trunk@4419 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-18 00:10:39 +00:00
854607771c
fixes #4 . This is just a test of the post-commit hook
...
git-svn-id: file:///home/svn/framework3/trunk@4408 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-17 23:44:05 +00:00
ce01a25e0c
This patch fixes #4 . Pick a random file descriptor and make sure its closed before we use it
...
git-svn-id: file:///home/svn/framework3/trunk@4407 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-17 23:41:22 +00:00
bf2f1a7472
Updates from diaul
...
git-svn-id: file:///home/svn/framework3/trunk@4314 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-04 01:53:43 +00:00
4a484d8c68
Fancy new metasploit.com address for lin0xx
...
git-svn-id: file:///home/svn/framework3/trunk@4309 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-03 05:03:55 +00:00
d1033c5832
Importing lin0xx's XPFW killing bind payload
...
git-svn-id: file:///home/svn/framework3/trunk@4308 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-03 04:59:12 +00:00
68274d6870
PHP tags are now added by the php_include handler and no longer a part of the payloads themselves
...
git-svn-id: file:///home/svn/framework3/trunk@4254 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 03:31:18 +00:00
2bd17e31a8
new payloads from diaul
...
git-svn-id: file:///home/svn/framework3/trunk@4220 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-18 22:06:19 +00:00
ffc626675b
Initial support for PHP payloads
...
git-svn-id: file:///home/svn/framework3/trunk@4215 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-17 07:57:51 +00:00
8a922d0641
Always use IO.read vs IO.readlines.join
...
git-svn-id: file:///home/svn/framework3/trunk@4211 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-17 07:00:44 +00:00
b477547a3d
partial fix for mod cache issue? committed vlad's new stagers
...
git-svn-id: file:///home/svn/framework3/trunk@4013 4d416f70-5f16-0410-b530-b9f4589650da
2006-10-10 06:44:15 +00:00
c0f55ed478
Corrected the authors line
...
git-svn-id: file:///home/svn/framework3/trunk@3999 4d416f70-5f16-0410-b530-b9f4589650da
2006-10-01 16:52:55 +00:00
7376f9a421
Imported the download-exec payload from msf 2.x
...
git-svn-id: file:///home/svn/framework3/trunk@3998 4d416f70-5f16-0410-b530-b9f4589650da
2006-10-01 16:50:13 +00:00
ea06abe5bb
support for generic payloads
...
git-svn-id: file:///home/svn/framework3/trunk@3843 4d416f70-5f16-0410-b530-b9f4589650da
2006-08-26 02:13:25 +00:00
66b99d69ae
more fixes for the meterpreter pivoting issues
...
git-svn-id: file:///home/svn/framework3/trunk@3840 4d416f70-5f16-0410-b530-b9f4589650da
2006-08-22 07:19:59 +00:00
d8b2f95178
auto load stdapi before interact, implement type? interface
...
git-svn-id: file:///home/svn/framework3/trunk@3833 4d416f70-5f16-0410-b530-b9f4589650da
2006-08-15 04:07:25 +00:00
25c08bb206
Bug fixes, list of known bugs, final prep for beta-1
...
git-svn-id: file:///home/svn/framework3/trunk@3803 4d416f70-5f16-0410-b530-b9f4589650da
2006-08-02 06:30:36 +00:00
c572f4cb8c
Typo fix
...
git-svn-id: file:///home/svn/framework3/trunk@3765 4d416f70-5f16-0410-b530-b9f4589650da
2006-07-27 21:03:24 +00:00
d086a1bedf
BSD license the default for non-msfdev created modules.
...
git-svn-id: file:///home/svn/incoming/trunk@3636 4d416f70-5f16-0410-b530-b9f4589650da
2006-05-06 16:34:39 +00:00
3a37749de6
support for demand-loading of modules to improve load speed, expect problems
...
git-svn-id: file:///home/svn/incoming/trunk@3534 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-21 03:10:58 +00:00
d14646e084
* remove redundant stringification
...
git-svn-id: file:///home/svn/incoming/trunk@3510 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-06 15:15:41 +00:00
5b497d5e4d
Added Irix platform
...
Tweaked reverse.rb to use a subshell and background it
Added Irix lpdexec
git-svn-id: file:///home/svn/incoming/trunk@3505 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-05 18:10:08 +00:00
868d7bf561
Working findtag + samba
...
Removed call to evasions that didnt have corresponding definition
git-svn-id: file:///home/svn/incoming/trunk@3501 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-04 21:04:50 +00:00
2290b14c7d
PPC fixes
...
git-svn-id: file:///home/svn/incoming/trunk@3500 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-04 20:40:25 +00:00
04341837f7
Bug fix to msfencode when invalid -e is specified
...
Small tweaks to type77, mostly for print_status and -find
Fixed busted payload port in shell_reverse_tcp
git-svn-id: file:///home/svn/incoming/trunk@3469 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-29 21:47:51 +00:00
4d432875d0
via perl...
...
git-svn-id: file:///home/svn/incoming/trunk@3454 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 15:11:16 +00:00
e249d9ebe5
Massive update to tab indentation (used ./dev/tabify.rb)
...
git-svn-id: file:///home/svn/incoming/trunk@3450 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 05:00:35 +00:00
7cedfcc828
* connectback perl payload
...
git-svn-id: file:///home/svn/incoming/trunk@3435 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-23 17:14:33 +00:00
ec46bc70fd
Typo
...
git-svn-id: file:///home/svn/incoming/trunk@3431 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-22 20:01:38 +00:00
1bffccf605
New licensing terms, revision bump to v3
...
git-svn-id: file:///home/svn/incoming/trunk@3425 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-21 22:10:20 +00:00
49016b9d99
* perl bind shell
...
git-svn-id: file:///home/svn/incoming/trunk@3417 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-20 22:31:58 +00:00
d07e5fd330
patch from bmc
...
git-svn-id: file:///home/svn/incoming/trunk@3410 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-19 17:03:55 +00:00
68a8a5262b
change unknown license to GPL
...
git-svn-id: file:///home/svn/incoming/trunk@3379 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-16 03:48:36 +00:00
2e19a86843
added license to all modules
...
git-svn-id: file:///home/svn/incoming/trunk@3377 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-16 02:59:47 +00:00
75a0aa2e76
Bind added, reverse fixed module name
...
git-svn-id: file:///home/svn/incoming/trunk@3373 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-15 21:13:41 +00:00
884fffa28c
Ported the unix revers command payloads and handler
...
git-svn-id: file:///home/svn/incoming/trunk@3372 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-14 20:12:53 +00:00
eccdce049c
Fixed attribution to reference spoonm
...
git-svn-id: file:///home/svn/incoming/trunk@3357 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-09 02:09:40 +00:00
c5993b7b9b
Is now smaller and deletes the file after execution
...
git-svn-id: file:///home/svn/incoming/trunk@3345 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-08 06:08:43 +00:00
b011d080b3
No stagers can use this
...
git-svn-id: file:///home/svn/incoming/trunk@3344 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-08 03:26:41 +00:00
ed5323e72b
Smaller stager
...
git-svn-id: file:///home/svn/incoming/trunk@3341 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-08 02:23:49 +00:00
443a34da7a
Smaller stager, that also does closesocket so you can use it on the same port repeatdly.
...
git-svn-id: file:///home/svn/incoming/trunk@3340 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-08 02:23:36 +00:00
d0a00445d7
Clear space for variables
...
git-svn-id: file:///home/svn/incoming/trunk@3339 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-08 01:47:23 +00:00
d7813bf8c7
My version of upexec,doesn't depend on hd's EBP shellcode structure
...
git-svn-id: file:///home/svn/incoming/trunk@3333 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-07 23:58:59 +00:00
2f4467ebcd
stupid cvs
...
git-svn-id: file:///home/svn/incoming/trunk@3330 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-07 19:41:31 +00:00
b5cb5e913c
change name
...
git-svn-id: file:///home/svn/incoming/trunk@3329 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-07 19:39:53 +00:00
45bfed8935
17 bytes smaller.
...
git-svn-id: file:///home/svn/incoming/trunk@3328 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-07 19:31:24 +00:00
a6d4abb4cd
My shell stage
...
git-svn-id: file:///home/svn/incoming/trunk@3327 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-07 19:26:09 +00:00
ab05f41a40
remove pipe shell
...
git-svn-id: file:///home/svn/incoming/trunk@3326 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-07 19:26:00 +00:00
4934bd7709
rename pipe shell to shell and shell to shell_revert
...
git-svn-id: file:///home/svn/incoming/trunk@3325 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-07 19:25:18 +00:00
ae5c816e85
various enhancements to support passivex, seems to be functional, somewhat
...
git-svn-id: file:///home/svn/incoming/trunk@3322 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-07 10:04:30 +00:00
a77bdaa93c
rename author to jt, fix bug in html escape in payloads section of msfweb
...
git-svn-id: file:///home/svn/incoming/trunk@3306 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-05 02:04:04 +00:00
2bcfd6f0e5
Bug fixen
...
git-svn-id: file:///home/svn/incoming/trunk@3291 4d416f70-5f16-0410-b530-b9f4589650da
2005-12-31 19:21:39 +00:00
f468b10cff
Tweaks
...
git-svn-id: file:///home/svn/incoming/trunk@3286 4d416f70-5f16-0410-b530-b9f4589650da
2005-12-31 18:03:02 +00:00
3234172a41
Fix payload (missing +)
...
git-svn-id: file:///home/svn/incoming/trunk@3283 4d416f70-5f16-0410-b530-b9f4589650da
2005-12-30 21:07:47 +00:00
c8d273cec0
Wee, works
...
git-svn-id: file:///home/svn/incoming/trunk@3258 4d416f70-5f16-0410-b530-b9f4589650da
2005-12-27 04:16:23 +00:00
93c3178732
No so worky
...
git-svn-id: file:///home/svn/incoming/trunk@3257 4d416f70-5f16-0410-b530-b9f4589650da
2005-12-27 03:07:46 +00:00
97129d0303
New modules, module renames
...
git-svn-id: file:///home/svn/incoming/trunk@3254 4d416f70-5f16-0410-b530-b9f4589650da
2005-12-26 14:34:22 +00:00
51ed1b3eca
fixed up vncinject a bit
...
git-svn-id: file:///home/svn/incoming/trunk@3206 4d416f70-5f16-0410-b530-b9f4589650da
2005-12-13 03:48:33 +00:00
bbb94762b2
support for disabling the courtesy shell
...
git-svn-id: file:///home/svn/incoming/trunk@3205 4d416f70-5f16-0410-b530-b9f4589650da
2005-12-13 03:43:17 +00:00
22278ce458
vncinject payload
...
git-svn-id: file:///home/svn/incoming/trunk@3201 4d416f70-5f16-0410-b530-b9f4589650da
2005-12-12 07:07:19 +00:00
ca149ac9fa
fix for meterp hang
...
git-svn-id: file:///home/svn/incoming/trunk@3090 4d416f70-5f16-0410-b530-b9f4589650da
2005-11-24 20:46:38 +00:00
0e9c5bab5b
logging fix, meterpreter multi-load fixed, advanced option display, meterpreter optino to autoload stdapi
...
git-svn-id: file:///home/svn/incoming/trunk@3052 4d416f70-5f16-0410-b530-b9f4589650da
2005-11-19 15:09:41 +00:00
9fee6fe983
copy/paste prob
...
git-svn-id: file:///home/svn/incoming/trunk@2983 4d416f70-5f16-0410-b530-b9f4589650da
2005-10-30 23:10:58 +00:00
b06a2ca030
initial support for compat filtering, may be buggy
...
git-svn-id: file:///home/svn/incoming/trunk@2971 4d416f70-5f16-0410-b530-b9f4589650da
2005-10-19 01:48:10 +00:00
95d77b761a
solaris singles
...
git-svn-id: file:///home/svn/incoming/trunk@2966 4d416f70-5f16-0410-b530-b9f4589650da
2005-10-16 01:31:59 +00:00
acd28ca7b5
solaris x86 singles
...
git-svn-id: file:///home/svn/incoming/trunk@2965 4d416f70-5f16-0410-b530-b9f4589650da
2005-10-16 01:24:20 +00:00
9b9e13be5b
some of the osx payloads
...
git-svn-id: file:///home/svn/incoming/trunk@2964 4d416f70-5f16-0410-b530-b9f4589650da
2005-10-12 05:44:15 +00:00
efc02cfd89
sparc payloads, untested
...
git-svn-id: file:///home/svn/incoming/trunk@2963 4d416f70-5f16-0410-b530-b9f4589650da
2005-10-11 22:37:41 +00:00
49788fe34a
bsdi payloads
...
git-svn-id: file:///home/svn/incoming/trunk@2960 4d416f70-5f16-0410-b530-b9f4589650da
2005-10-11 07:40:59 +00:00
b66a1dae2d
bsdi singles
...
git-svn-id: file:///home/svn/incoming/trunk@2959 4d416f70-5f16-0410-b530-b9f4589650da
2005-10-11 07:37:10 +00:00
28785b573b
bsd payloads
...
git-svn-id: file:///home/svn/incoming/trunk@2958 4d416f70-5f16-0410-b530-b9f4589650da
2005-10-11 07:32:21 +00:00
5d4e95c94f
bsd single payloads
...
git-svn-id: file:///home/svn/incoming/trunk@2957 4d416f70-5f16-0410-b530-b9f4589650da
2005-10-11 07:22:38 +00:00
55a27a01f6
updated convention on some payload stagers
...
git-svn-id: file:///home/svn/incoming/trunk@2927 4d416f70-5f16-0410-b530-b9f4589650da
2005-10-01 06:22:25 +00:00
f07ae8dcb0
more foo
...
git-svn-id: file:///home/svn/incoming/trunk@2832 4d416f70-5f16-0410-b530-b9f4589650da
2005-07-26 02:01:27 +00:00
c494a71957
find port/tag stagers
...
git-svn-id: file:///home/svn/incoming/trunk@2799 4d416f70-5f16-0410-b530-b9f4589650da
2005-07-19 14:33:25 +00:00
203f185ad7
rockin 32 windows payloads, fixed some bugs, other cool shit, OptInt, what what what
...
git-svn-id: file:///home/svn/incoming/trunk@2796 4d416f70-5f16-0410-b530-b9f4589650da
2005-07-18 23:32:34 +00:00
4679586c49
more meterp action
...
git-svn-id: file:///home/svn/incoming/trunk@2791 4d416f70-5f16-0410-b530-b9f4589650da
2005-07-18 05:13:21 +00:00
7f8db62b9c
workin on integrating meterp client
...
git-svn-id: file:///home/svn/incoming/trunk@2790 4d416f70-5f16-0410-b530-b9f4589650da
2005-07-18 04:07:56 +00:00
577a5c3095
dll injection working, had to fix nop stack alignment crap
...
git-svn-id: file:///home/svn/incoming/trunk@2788 4d416f70-5f16-0410-b530-b9f4589650da
2005-07-18 02:01:36 +00:00
cc32a21386
bind tcp stager/inline for linux
...
git-svn-id: file:///home/svn/incoming/trunk@2776 4d416f70-5f16-0410-b530-b9f4589650da
2005-07-17 07:43:24 +00:00
46c2cd2ac1
added ui subscriber stuff
...
git-svn-id: file:///home/svn/incoming/trunk@2775 4d416f70-5f16-0410-b530-b9f4589650da
2005-07-17 07:06:05 +00:00
William Vu
Tim Wright
Michael Messner
Spencer McIntyre
James Lee
joev
Tod Beardsley
Daniel Miller
AnwarMohamed
root
somename11111
sinn3r
OJ
Sagi Shahar
jvazquez-r7
scriptjunkie
Meatballs
Niel Nielsen
Geyslan G. Bem
jvazquez-r7
Joe Vennix
xistence
Ryan Wincey
RageLtMan
MosDefAssassin
HD Moore
Tab Assassin
Alexandre Maloteaux
corelanc0d3r
Roberto Soares Espreto
dcbz
agix
Michael Schierl
Tod Beardsley
Raphael Mudge
sinn3r
Kacper Nowak
Christian Mehlmauer
Vlatko Kosturjak
Ramon de C Valle
bcoles
linuxgeek247
Chris John Riley
Maciej Kotowicz
Joshua J. Drake
HD Moore
Patroklos Argyroudis
Rob Fuller
James Lee
Stephen Fewer
Mario Ceballos
amaloteaux
Ramon de C Valle
Patrick Webster
Matt Miller