ab7848a895
Merge master for testing of #2809
2014-07-06 22:27:58 -05:00
43d65cc93a
Merge branch 'master' into feature/recog
...
Resolves conflicts:
Gemfile
data/js/detect/os.js
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
41cd5527c8
Close the server socket in php bind stager
...
This was previously left dangling, which leaves the port open, but
doesn't do anything with subsequent connections.
2014-07-03 16:52:09 -05:00
9246f7a0ce
Strip the NULL that PHP no longer strips
...
As of PHP 5.5.0, unpack("a", ...) no longer strips the NULL byte from
the end of the string. A new format specifier, Z, was introduced to
perform the old behavior, but we don't have a good way to test for its
existence. Instead, just remove it with str_replace
2014-07-03 15:58:05 -05:00
8b63d3d467
Revert the revert of #3446
...
This reverts commit 9b35b0e13a
2014-06-29 17:22:21 -05:00
b680674b95
Merge branch 'master' into staging/electro-release
2014-06-27 11:55:57 -05:00
ce5d3b12e7
Land #3403 - MS13-097 Registry Symlink IE Sandbox Escape
2014-06-26 13:48:28 -05:00
0b6f7e4483
Land #3404 - MS14-009 .NET Deployment Service IE Sandbox Escape
2014-06-26 11:45:47 -05:00
9b35b0e13a
Revert "Land #3446 -- Meterpreter bins gem switch" due to build failures
...
This reverts commit bba8bd3498002234993f
2014-06-25 13:24:07 -05:00
fbb6808b1a
Re-add common.lib and ext_server_sniffer DLLs
...
These are not currently included in meterpreter_bins. Figure this out
with @cdoughty-r7 , probably just an oversight.
2014-06-19 16:10:22 -05:00
88b482118d
Remove local Meterpreter Windows binaries
2014-06-19 16:05:53 -05:00
b606448976
Merge branch 'feature/MSP-9689/jtr_cracker' into staging/electro-release
2014-06-19 10:14:57 -05:00
1c5cfeebb3
adding template and src for elf 64 shared object payload target
2014-06-19 00:38:16 -05:00
41f7bc1372
add common root words wordlist
...
this adds a new wordlist to the data directory.
This wordlist is compiled from statistical analysis of
common Numeric passwords and Common rootwords across
6 years of colleted password breach dumps. Every word in
this list has been seen thousands of times in password
breaches
2014-06-14 14:13:59 -05:00
af9028e867
Add Meterpreter bins for PR76
...
These are the binaries generated for rapid7/meterpreter#76 , against
commit 2776adb8b91d9967983033c0e770c46a10a68002
These bins are need to make #3416 actually functional
2014-06-12 14:29:40 -05:00
2a7227f443
Land #3427 - Adds webcam module for firefox privileged sessions on OSX
2014-06-11 22:27:25 -05:00
d868294d5b
MEM_RESERVE too
2014-06-08 17:37:57 +01:00
9d08ebe273
Fix VirtualAlloc call on PSH old template
2014-06-08 11:09:03 -05:00
a33de66da4
Fix transparent background, add VISIBLE option.
2014-06-06 16:52:00 -05:00
d990fb4999
Remove a number of stray edits and bs.
2014-06-06 16:24:45 -05:00
7c762ad42c
Fix some minor bugs in webrtc stuff, inline API code.
2014-06-06 16:18:39 -05:00
d9a5002bd3
Merge branch 'release'
...
Updates meterpreter bins and closes #3425 and #3423 .
2014-06-05 17:33:11 -05:00
97a70e49c8
Roll back the jar/py changes
2014-06-05 17:31:02 -05:00
737f06f600
Add Meterpreter bins for release branch.
...
This contains the same bins as #3423 , but it is targeted at the release
branch for rapid7/metasploit-framework.
2014-06-05 17:17:32 -05:00
6c7fd3642a
Land #3411 , Python 3.[34] Meterpreter support
2014-06-03 11:34:22 -05:00
b8a2cf776b
Do test
2014-06-03 09:52:01 -05:00
05ed2340dc
Use powershell
2014-06-03 09:29:04 -05:00
f918bcc631
Use powershell instead of mshta
2014-06-03 09:01:56 -05:00
7f4702b65e
Update from rapid7 master
2014-06-02 17:41:41 -05:00
d0d389598a
Land #3086 , Android Java Meterpreter updates
...
w00t.
2014-06-02 17:28:38 -05:00
4840a05ada
Update from rapid7 master
2014-06-02 17:17:00 -05:00
b84297980d
Pymeterpreter use print_exc and not print_exception
2014-06-02 16:50:54 -04:00
d2b8706bd6
Include meterpreter bins, add Sandbox builds
...
This commit contains the binaries that are needed for Juan's sandbox
escape functionality (ie. the updated old libloader code). It also
contains rebuilt binaries for all meterpreter plugins.
I've also added command line build scripts for the sandbox escapes
and added that to the "exploits" build.
2014-05-31 08:12:34 +10:00
77eac38b01
Pymeterpreter fix processes_via_proc for Python v3
2014-05-30 16:32:03 -04:00
4f5ab2c596
Pymeterpreter support process channels for Python v3
2014-05-30 14:35:47 -04:00
e2cc2fece0
Pymeterpreter update win reg functions for python v3
2014-05-30 10:51:36 -04:00
1dbd36a3dd
Check for the .NET dfsvc and use %windir%
2014-05-30 09:02:43 -05:00
04e94b0c07
Fix meterpreter and file tests for Python v3.4 on Win
2014-05-29 16:42:28 -04:00
15dc33591b
In pymeterpreter use a MeterpreterFile obj for Py v3
2014-05-29 15:09:09 -04:00
d8dcfd8f41
Update pymeterpreter netlink to support python3
2014-05-29 13:48:15 -04:00
e145298c13
Add module for CVE-2014-0257
2014-05-29 11:45:19 -05:00
6e122e683a
Add module for CVE-2013-5045
2014-05-29 11:42:54 -05:00
145776db4d
Add a DEBUGGING option to the python meterpreter
2014-05-29 10:52:49 -04:00
15b1c79039
Adjust whitespace and set bytes to str for Python 2
2014-05-28 16:30:27 -04:00
eda8a90cea
Fix merge issues with os.js
2014-05-19 13:04:36 -05:00
ddc8a4f103
Merge branch 'master' of github.com:rapid7/metasploit-framework into feature/recog
2014-05-19 11:42:30 -05:00
9b29c572a7
Comments dont work with auth_brute.rb
2014-05-18 21:14:17 +02:00
c9bb2d5165
Added headers to files
2014-05-18 20:55:50 +02:00
97b63d708c
Corrected naming to be in line with msf convention
2014-05-18 18:18:23 +02:00
7d79f8a4c2
Removed wrongly named list.
2014-05-18 18:15:17 +02:00
d7bf66973c
Fixed userpass delimiters.
2014-05-18 18:13:03 +02:00
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
6ec926b573
Added separate users/pass/userpass dictionaries
2014-05-18 10:18:07 +02:00
af82ae262c
Added a large default password list for services.
2014-05-16 23:27:18 +02:00
5fd732d24a
Add module for CVE-2014-0515
2014-05-07 17:13:16 -05:00
6bfc9a8aa0
Land #3333 - Adobe Flash Player Integer Underflow Remote Code Execution
2014-05-05 10:39:26 -05:00
7e37939bf2
Land #3090 - Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
2014-05-04 16:41:17 +10:00
b4c7c5ed1f
Add module for CVE-2014-0497
2014-05-03 20:04:46 -05:00
06c8082187
Use signed binary
2014-05-02 14:45:14 +01:00
4bd2dabfcd
Land #3121 , new kiwi extension, with compiled bins
...
See also rapid7/meterpreter#79
2014-04-29 17:53:37 -05:00
60e7e9f515
Add module for CVE-2013-5331
2014-04-27 10:40:46 -05:00
5c0664fb3b
Land #3292 - Mac OS X NFS Mount Privilege Escalation Exploit
2014-04-24 13:43:20 -05:00
143aede19c
Add osx nfs_mount module.
2014-04-23 02:32:42 -05:00
acb12a8bef
Beautify and fix both ruby an AS
2014-04-17 23:32:29 -05:00
91d9f9ea7f
Update from master
2014-04-17 15:32:49 -05:00
749e141fc8
Do first clean up
2014-04-17 15:31:56 -05:00
abd76c5000
Add module for CVE-2014-0322
2014-04-15 17:55:24 -05:00
0b23fc2c40
Revert "Use actual vars so that jsobfu can randomize."
...
This reverts commit b9284c5635
2014-04-11 16:51:29 -05:00
68a50e3663
Land #3224 - Fixes large-string expansion in JSObfu
2014-04-10 12:09:22 -05:00
b9284c5635
Use actual vars so that jsobfu can randomize.
2014-04-09 16:56:10 -05:00
85197dffe6
MS14-017 Word RTF listoverridecount memory corruption
2014-04-08 14:44:20 -04:00
2e4c2b1637
Disable Android 4.0, add arch detection.
...
Android 4.0, it turns out, has a different echo builtin than the other androids.
Until we can figure out how to drop a payload on a 4.0 shell, we cannot support it.
Arch detection allows mips/x86/arm ndkstagers to work, unfortunately
x86 ndkstager was not working, so it is disabled for now.
2014-04-07 09:44:43 -05:00
4d69f80728
Update explib2.js
...
Remove a few lines
2014-04-02 23:07:29 -05:00
74554ed805
Land #3174 , @wchen-r7's object detection for ie11
2014-04-02 15:27:13 -05:00
577bd7c855
Land #3146 , @wchen-r7's flash version detection code
2014-04-02 15:13:41 -05:00
5ffcfb22fa
Add object detection for IE11
...
While working on some stuff with IE11, I realized this is very
necessary.
2014-04-02 02:21:16 -05:00
7e227581a7
Rework OS fingerprinting to match Recog changes
...
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.
This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
389ad7aca3
Land #3155 - Explib2
2014-03-28 18:31:40 -05:00
4f5944cfb8
Add JavaScript detection for Adobe Flash
2014-03-28 14:31:21 -05:00
ce02f8a7c5
Allow easier control of sprayed memory
2014-03-28 11:58:41 -05:00
b0bbe3f6a9
Add explib2 with some fixes into metasploit
2014-03-28 10:44:13 -05:00
4c44f69e86
Undo the IE8/IE7 objection detection
2014-03-27 15:01:03 -05:00
fc1432fe53
This is probably the right way to do it for ie7/8
2014-03-27 13:53:24 -05:00
9c54421679
Update IE8/IE7 object detection
2014-03-27 13:34:07 -05:00
8df96a419b
Make IE10 detection safer for older IEs
2014-03-27 13:31:15 -05:00
1f90115c8f
Add default detection for IE 9 and IE 10
...
How it's done:
On IE10, which should come first before the IE 9 check, the nodeName
function always returns the name in uppercase.
One IE9, the "Object doesn't support property or method" error always
repeats the name of the invalid method.
2014-03-27 00:15:36 -05:00
46f7e6060f
Add the updated bins from timwr.
2014-03-25 09:39:53 -07:00
c71d52e769
Merge branch 'pr-android-bins' of https://github.com/jvennix-r7/metasploit-framework into new-android-bins
2014-03-25 09:35:25 -07:00
8c707b20e0
Add support for specific builds of MSIE 9 on Win 7 SP1
...
These IE9 versions are vulnerable to MS14-012 (see #3120 ). If we don't
add them, then os_detect might recognize the target as IE 8, and fail.
2014-03-19 21:54:36 -05:00
05436dc2c5
Refresh binaries for Meterpreter
...
This includes:
rapid7/meterpreter#69
rapid7/meterpreter#70
rapid7/meterpreter#75
rapid7/meterpreter#77
rapid7/meterpreter#78
As of commit: 45bcbd13a1e0215647f6a61631652b686931bba8
2014-03-19 08:57:04 -05:00
8e4708b51b
Add support for firefox 28.
2014-03-18 11:26:24 -05:00
409787346e
Bring build tools up to date, change some project settings
...
This commit brings the source into line with the general format/settings
that are used in other exploits.
2014-03-14 22:57:16 +10:00
6438b9372c
Land #3067 , python meterp net.config additions
2014-03-13 13:03:43 -05:00
6309c4a193
Metasploit LLC transferred assets to Rapid7
...
The license texts should reflect this.
2014-03-13 09:47:52 -05:00
5ea26688d7
Fix a syntax error for Python 2.4
2014-03-11 15:22:52 -04:00
f3493ce220
Merge branch 'master' into pymeterpreter-net
...
Conflicts:
data/meterpreter/ext_server_stdapi.py
2014-03-11 15:15:02 -04:00
e874223421
Land #3083 , fix pymet when ctypes isn't available
2014-03-11 14:31:44 -04:00
679cb03ac3
Yank armeabi-v7a bins.
2014-03-11 13:09:50 -05:00
b431bf3da9
Land #3052 - Fix nil error in BES
2014-03-11 12:51:03 -05:00
b87c2dca0b
Use older hash modules when hashlib isn't there
2014-03-11 12:25:54 -05:00
4f31eba7f4
android payload golf
2014-03-10 21:50:00 -05:00
66ff5998a5
New multi-arch stagers.
2014-03-10 21:49:56 -05:00
60b5191873
New meterpreter bins for testing.
2014-03-10 21:49:14 -05:00
667bed8905
New multi-arch stagers.
2014-03-10 18:50:27 -07:00
75c94cc5d7
Derp
2014-03-10 16:30:55 -05:00
e508079aff
Don't crash when ctypes isn't available
2014-03-10 16:10:24 -05:00
6616d36d63
New meterpreter bins for testing.
2014-03-07 13:21:30 -08:00
2a1e96165c
Adding MS013-058 for Windows7 x86
2014-03-06 18:39:34 +00:00
05067b4e33
Oops. Need to init the profile before accessed.
2014-03-06 11:48:54 -06:00
3d7bc6c589
Remove form_post.js.
2014-03-05 23:35:54 -06:00
096d6ad951
Land #3055 , heapLib2 integration
2014-03-05 15:48:13 -06:00
1dea1c030e
Add interface support via OSX SystemConfiguration
2014-03-05 13:59:13 -05:00
5790547d34
Start undoing some work.
2014-03-04 17:01:53 -06:00
0834102e2b
Support tcp server channels and add a python MeterpreterSocket
2014-03-04 13:31:29 -05:00
3360f7004d
Update form_post vars, add Expires to cookie.
2014-03-03 23:29:02 -06:00
7111e8aa59
Support retrieving interface information via GetAdaptersAddresses
2014-03-03 21:01:16 -05:00
6825fd2486
Whitespace tweaks and cleanup.
2014-03-02 19:57:48 -06:00
46f27289ed
Reorganizes form_post into separate file.
2014-03-02 19:55:21 -06:00
e8226f9d40
Use a keyed cookie. Moves AJAX call to a form post.
2014-03-02 19:47:24 -06:00
8cf5c3b97e
Add heaplib2
...
[SeeRM #8769 ] Add heapLib2 for browser exploitation
2014-03-02 11:47:18 -06:00
699e534149
Add missing return statement.
2014-03-02 00:18:46 -05:00
1c9390c9cf
Support retrieving interface information via windows mib functions.
2014-03-02 00:17:00 -05:00
733a86ec74
Support retrieving interface information via netlink.
2014-03-01 22:34:38 -05:00
284d99aa6c
Add pymeterp TLV types for additional network functions.
2014-02-28 13:56:51 -05:00
8922f6457b
Land #3045 , @wchen-r7's fix for browser autopwn
2014-02-28 12:55:32 -06:00
99e272e463
Return true in EOF when tell() > stat.st_size
2014-02-27 20:45:38 -05:00
9d9149d9d8
remove some dead code paths
...
refactor some dead conditionals and a case/switch
that wasn't doing anything
2014-02-27 11:45:57 -06:00
0c3891c0f9
Add more IE targets
2014-02-27 11:01:03 -06:00
151646156d
Check navigator.oscpu for FF
...
If we don't check navigator.oscpu, IE 11 is detected as FF.
2014-02-27 10:54:38 -06:00
2e512abd31
put new binaries in place
...
after cleaning up the source a bit and
updateing it for 2013, compiled new BINs.
These BINS avoid almost all current AV detections
and have been tested to ensure they still work.
2014-02-23 15:24:55 -06:00
7877589537
Delete correctly
2014-02-23 02:47:13 +00:00
6127ff92ce
Fix race condition
...
Wait for Sysprep to ExitProcess before cleaning up the DLLs...
2014-03-03 23:41:25 +00:00
2a6258be15
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
external/source/exploits/make.bat
2014-02-28 20:26:24 +00:00
8bdb22aeb9
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
lib/msf/core/post/windows.rb
2014-02-25 22:15:05 +00:00
b1dfed8577
rebuilt template DLLs
...
x86 dll template was way out of date and
did not match the x64 tempalte. rebuilt them both
2014-02-25 15:34:42 -06:00
3c773f031c
add new binaries compiled from latest src
...
compiled and added new binaries to make sure
most up to date source is used
2014-02-25 14:06:57 -06:00
289580777c
remove unneccsary logging elements
...
update soloutions for VS2013
remove the CLogger
Remove Print Usage
this removes unneccsary strings that can
be used to easily identify our executable
2014-02-20 20:00:19 -06:00
4ca4d82d89
Land #2939 , @Meatballs1 exploit for Wikimedia RCE and a lot more...
2014-02-18 17:48:02 -06:00
8e0a4aaa58
Land #2983 , webcam_chat for Meterpreter
2014-02-18 13:43:42 -06:00
e8f95c6cc0
Change error msg
2014-02-18 00:02:16 -06:00
608f800274
Support error handling in the message box
2014-02-18 00:01:44 -06:00
022c52d087
Added bundling to handle many sessions at once.
2014-02-15 15:37:22 -06:00
a6a731c8ee
Keep stage until replaced, nil check, prettify.
2014-02-15 15:21:16 -06:00
5f7a0e162c
Add reverse_hop_http stager and handler
2014-02-15 15:21:16 -06:00
3299b68adf
Landing #2767 , @Meatballs1 Powershell Reflective Payload
2014-02-14 16:12:46 -05:00
00ba0b5208
Land #2987 - Add ff 27 support to os.js
2014-02-13 15:20:53 -06:00
51f3ab1690
Add ff 27 support to os.js
2014-02-12 15:32:47 -06:00
750ce3c4db
Make server configurable
2014-02-11 23:07:43 -06:00
7eb20a37d4
offerer's interface gets a makeover
2014-02-11 19:43:52 -06:00
2bb15d3a87
answerer's interface gets a makeover
2014-02-11 02:15:22 -06:00
HD Moore
James Lee
Tod Beardsley
David Maloney
sinn3r
Chris Doughty
navs
Meatballs
jvazquez-r7
joev
Brandon Turner
William Vu
Spencer McIntyre
OJ
Tonimir Kisasondi
Tim
kyuzo
scriptjunkie