f4636c46a6
Removing unused endjunk, sections_end, cert_entry
2013-12-07 20:55:51 -06:00
77e9996501
Mitigate metasm relocation error by disabling ASLR
...
Deal with import error by actually using the GetProcAddress code.
2013-12-07 20:54:13 -06:00
8d33138489
Support silent shellcode injection into DLLs
...
Only run code on DLL_PROCESS_ATTACH, preventing infinite loop otherwise:
Added code would create thread -> calls DLL entry point -> calling added code...
2013-12-07 19:44:17 -06:00
3aebe968bb
Land #2721 Reflective DLL Mixin
...
Adds support to load a dll and identify the ReflectiveLoader offset.
Adds support to inject dll into process and execute it.
Updates kitrap0d, ppr_flatten_rec, reflective_dll_inject modules and
payload modules to use above features.
2013-12-06 12:26:51 +00:00
e90b7641ca
Allow self-destruct via "kill -s"
...
HTTP(s) payloads don't exit cleanly at the moment. This is an issue that's
being addressed through other work. However, there's a need to be able to
terminate the current HTTP(s) session forcably.
This commit add a -s option to kill, which (when specified) will kill
the current session.
2013-12-06 14:56:19 +10:00
4ca48308c1
Fix downloading of files
2013-12-06 13:40:20 +10:00
155836ddf9
Adjusted style as per egypt's points
2013-12-06 10:08:38 +10:00
ccbf305de1
Remove exception stuff from the payloads
2013-12-06 09:26:46 +10:00
5a0a2217dc
Add exception if DLL isn't RDI enabled
2013-12-06 09:18:08 +10:00
2cb991cace
Shuffle RDI stuff into more appropriate structure
...
Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
2013-12-06 08:25:24 +10:00
fb84d7e7fe
Update to yardoc conventions
2013-12-06 07:54:25 +10:00
c7bb80c1d7
Add wvu as an author to author.rb
2013-12-05 00:33:07 -06:00
b936831125
Renamed the mixin module
2013-12-05 08:13:54 +10:00
7b24f815ee
Missed a single module in rename
2013-12-04 22:54:07 +10:00
7e8db8662e
Update name of the mixin
...
Changed `RdiMixin` to `ReflectiveDLLInjection`.
2013-12-04 22:18:29 +10:00
f79af4c30e
Add RDI mixin module
...
MSF was starting to see more modules using RDI to load binaries into
remote processes, so it made sense to create a mixin which contained
the functionality that was being used in various locations.
This commit contains the new mixin, and adjustments to all the existing
exploits and modules which use RDI.
2013-12-04 16:09:41 +10:00
1d757c40db
Remove empty parens
2013-12-04 07:10:23 +10:00
8b77da4ef7
Fix non-rubyisms
2013-12-04 07:06:32 +10:00
18e1d9ce17
Revert "Start clipboard monitor functionality"
...
This reverts commit ecbdfd3502
2013-12-04 07:03:12 +10:00
4d3d02ae01
Land #2667 - Add num and dword output format
2013-12-02 13:52:17 -06:00
474a03475f
sorted out the sorts without .sort
2013-12-02 11:57:52 +01:00
8254c0bae2
this site is down
2013-12-01 14:26:03 +08:00
77b036ce5d
Land #2703 , uninit const fix for MSSQL_SQLI
2013-11-27 13:50:48 -06:00
a5aca618e2
fix fail_with usage on Exploit::Remote::MSSQL_SQLI
2013-11-27 11:33:19 -06:00
a32c9e5efc
Fix fail_with on Exploit::Remote::HttpClient
2013-11-27 11:19:46 -06:00
0343aef7c8
Land #2695 , @wchen-r7's support to detect silverlight
2013-11-27 09:40:12 -06:00
25b1ec5b75
Land #2689 , getenv
2013-11-26 23:33:25 -06:00
5d10b44430
Add support for Silverlight
...
Add support for Silverlight exploitation. [SeeRM #8705 ]
2013-11-26 14:47:27 -06:00
1a65566005
Add the getenv command which pulls env vars from the victim
...
This command will allow the attacker to grab environment variables from the
target, if they exist. Calling this function allows for one or more values
to be passed in, which should match the name of the variable required. If
the variable is found, it is returned. If it is not found, the variable
is not returned (ie. it's not present in the resulting hash).
Note 1: POSIX environment vars are case-senstive, whereas Windows is not.
Note 2: POSIX doesn't seem to cough up user environment vars, it only returns
system vars. I'm not sure why this is, but it could be because of the way
we do linking on POSIX.
2013-11-26 10:05:50 +10:00
86b6d647bf
Merge branch 'upstream/master' into ext_server_extapi
2013-11-25 07:43:36 +10:00
b015dd4f1c
Land #2532 Enum LSA Secrets
...
With refactoring of common methods from smart_hashdump, hashdump,
cachedump to Windows::Post::Privs
2013-11-24 18:09:33 +00:00
8e23119e17
Land #2678 , DB_ALL_CREDS should default to false
2013-11-22 23:42:00 -06:00
8fc0a8199e
DB_ALL_CREDS should be disabled by default
...
[SeeRM #8699 ]
2013-11-22 22:16:40 -06:00
66edfe968d
Sorting output
2013-11-21 00:57:08 +01:00
e88da09894
Land #2660 , DLL/service creation for x64
2013-11-20 17:25:16 -06:00
0ea0dc168c
set _comment method to js for num and dword
2013-11-20 23:10:55 +01:00
742c52711a
added 2 new output types for msfencode: num and dword
2013-11-20 22:36:17 +01:00
ecbdfd3502
Start clipboard monitor functionality
...
Added the basics of the clipboard monitor functionality with usage
messages and stuff like that. Lots more to do.
2013-11-21 06:29:37 +10:00
135dad1f4e
Fix dll/service creation
2013-11-20 20:10:47 +00:00
110e78a1ad
Land #2507 , @todb-r7's fix to allow DCERPC misin to use RPORT
2013-11-20 10:21:32 -06:00
647c867c2d
Land #1681 , @sempervictus Rex::Text::Ui::Table [] method
2013-11-19 16:30:09 -06:00
e1eddc84aa
Check for inexistent column names
2013-11-19 16:02:52 -06:00
162d433014
Use snake_case for variables
2013-11-19 15:46:11 -06:00
6a13a0eee6
fix indentation
2013-11-19 15:42:12 -06:00
7435d74c59
Land #2093 , @sempervictus MaxChar for Rex::Ui::Text::Table cols
2013-11-19 13:34:45 -06:00
ac1fb2d1da
Just use a straight RPORT, don't sneak 593.
...
Incidentally, the endmap scanner doesn't appear to work at all for
http-rpc-epmap, so no harm done anyway (tested against Windows 2008
server).
It looks like a bigger change than it realy is, thanks to the indentaton
changes by removing the itertor. Diff this without whitespace changes to
get a better idea of what's actually different.
2013-11-19 13:29:02 -06:00
34dccaaa1f
Clean use of -c on creds command
2013-11-19 13:26:14 -06:00
f690667294
Land #2617 , @FireFart's mixin and login bruteforcer for TYPO3
2013-11-18 13:37:16 -06:00
7dd70d4c19
Switch to vprint_debug some mixin messages
2013-11-18 13:33:45 -06:00
ae440130f5
Reduce code complexity easily
2013-11-18 13:25:50 -06:00
f61c1548ee
Use verbose by default on mixin error messages
2013-11-18 13:23:05 -06:00
eb8c3ba657
Switch to normal indentation
2013-11-18 13:20:49 -06:00
4cf16cf360
Land #2633 , @OJ's port of Kitrap0d as local exploit
2013-11-14 09:27:10 -06:00
0aef145f64
Merge remote-tracking branch 'upstream/master' into land-2532-enum-lsa
2013-11-13 18:11:21 -06:00
8471f74b75
Refactor ivar to a more reasonable method
...
Also changes jtr output for cachedump to produce hashes that can be
auto-detected as mscash2 format for a better user experience.
2013-11-13 18:09:41 -06:00
16627c1bd3
Add spec for capture_lsa_key
2013-11-13 15:16:34 -06:00
6bd82d8589
Land #2636 , Win8 for {constants,platform}.rb
2013-11-13 14:20:52 -06:00
3a923422a3
Update class for Win 8
2013-11-13 13:27:44 -06:00
94a2f52ccc
Land #2637 , version number bump to 4.9.0-dev
2013-11-13 13:20:18 -06:00
3168359a82
Refactor lsa and add a spec for its crypto methods
2013-11-13 11:55:39 -06:00
74df9bd037
Bump version number since 4.8.0 is out
2013-11-13 11:42:31 -06:00
8e90116c89
Add Win 8 to constants
2013-11-13 11:38:27 -06:00
2fc43182be
Land #2622 - Fix up proxy/socks4a.rb
2013-11-12 18:22:32 -06:00
ef6d9db48f
Land #2613 , @wchen-r7's BrowserExploitServer mixin
2013-11-12 17:33:12 -06:00
fbe1b92c8f
Good bye get_resource
2013-11-12 17:25:55 -06:00
2035983d3c
Fix a handful of msftidy warnings, and XXX SSL
...
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints
[SeeRM #8498 ]
2013-11-11 21:23:35 -06:00
cf8f2940b0
Oops, this is the right filename
2013-11-11 15:45:11 -06:00
85150823cd
rename again
2013-11-11 15:44:27 -06:00
8c1d7d936b
Revert "Fix conflcit lib/msf/util/exe.rb"
...
This was causing build failures:
https://travis-ci.org/rapid7/metasploit-framework/builds/13816889
It looks like there were a whole bunch of changes that weren't intended.
This reverts commit 3996557ec662102dd1f9
2013-11-11 13:48:39 -06:00
6a840fc169
Move file to get a matching name
2013-11-11 12:41:03 -06:00
8d4d7dae50
Restore comment header and remove carriage returns
2013-11-11 12:16:14 -06:00
d483f2ad79
Land #2618 - rm shebangs
2013-11-11 11:55:23 -06:00
36064ca886
remove EOL carriage return from socks4a.rb
2013-11-11 12:47:41 -05:00
3996557ec6
Fix conflcit lib/msf/util/exe.rb
...
Conflicts:
lib/msf/util/exe.rb
2013-11-11 11:43:09 -06:00
62102dd1f9
Land #2544 - Vbs minimize
2013-11-11 11:14:56 -06:00
33f65dd611
Land #2577 - Use base64 to reduce psh-net payload size
2013-11-11 10:21:20 -06:00
063da8a22e
Update reverse_https_proxy stager/handler
...
This change updates the proxy handler code, which for some reason was
ommitted in the orginal commits. This now uses the same mechanism as
the new code. It removes `HIDDENHOST` and `HIDDENPORT`, and instead
uses `ReverseListenerBindHost` and `ReverseListenerBindAddress`.
2013-11-11 22:21:05 +10:00
6a25ba18be
Move kitrap0d exploit from getsystem to local exploit
...
This version modifies the existing meterpreter session and bumps the privs
up to SYSTEM. However it's not how local exploits are supposed to work.
More work will be done to make this create a new session with the elevated
privs instead.
2013-11-11 17:14:40 +10:00
26482f9ebd
reset head~2 and removed shebang from unattend.rb
2013-11-09 15:05:56 -05:00
cc9ac7695d
Land #2592 , add getproxy
...
Needed for new functionality in #2612
2013-11-08 13:20:20 -06:00
575072585f
removed shebangs from files within rex
2013-11-07 18:51:59 -05:00
866f240337
A little update on documentation
2013-11-07 17:06:43 -06:00
32b12609bd
Forgot to pass optional headers
2013-11-07 16:50:58 -06:00
bdd33d4daf
implement feedback from @jlee-r7
2013-11-07 23:07:58 +01:00
aab4d4ae76
first commit for typo3
2013-11-07 22:38:27 +01:00
7615264b17
Merge branch 'lanattacks_fix' of git://github.com/OJ/metasploit-framework into OJ-lanattacks_fix
2013-11-07 10:35:00 -06:00
991240a87e
Support java version detection
2013-11-07 00:54:52 -06:00
3e1771aa77
Being able to pass binding when we need to
2013-11-07 00:12:29 -06:00
23996ec32c
Fix up some things
2013-11-06 22:47:02 -06:00
1dacf7e57e
Last lot of shebangs removed
2013-11-07 07:35:51 +10:00
6422e1d6e8
Remove shebang, code tidy, as per @jlee-r7's gripes
2013-11-07 07:32:04 +10:00
c338f7a8c0
Change how requirements are defined, rspec, etc
2013-11-06 14:01:29 -06:00
c92116060e
Forgot to rm this line
2013-11-06 01:53:46 -06:00
f2e4d5507c
More rspec
2013-11-06 01:45:40 -06:00
636adc81de
Add rop_junk and rop_nop
2013-11-06 01:04:33 -06:00
65c96a1f45
Allow the module to be target specific
2013-11-06 00:57:53 -06:00
63d3c7e8bb
Put proxy headers in a constant
2013-11-05 16:33:36 -06:00
73701462ed
Fix ActiveX. Use ERB for Javascript detection code.
2013-11-05 16:26:41 -06:00
7dcb071f11
Remote shebang and fix pxexeploit
2013-11-06 07:10:25 +10:00
36f96d343e
Revert "Revert "Land #2505" to resolve new rspec fails"
...
This reverts commit e7d3206dc9
2013-11-05 13:45:00 -06:00
scriptjunkie
Meatballs
OJ
sinn3r
corelanc0d3r
yehualiu
William Vu
jvazquez-r7
James Lee
Tod Beardsley
Tod Beardsley
Jonathan
FireFart