William Vu
3fbd4e2fe6
Land #5172 , x64 BSD shell_{bind,reverse}_tcp
2015-04-20 15:37:29 -05:00
Meatballs
b0d50dc2be
Create our own Rex connection to the endpoint
...
Ensure powershell process closes when module completes
Add a windows cmd interact payload
2015-04-19 23:41:28 +01:00
joev
9b6aea12e1
Oops, missed a comma.
2015-04-15 19:26:53 -05:00
joev
4a18714191
Update authors and license to original osx x86 module.
2015-04-15 14:34:26 -05:00
joev
a01d98d1f5
Implement shell_bind and shell_reverse payloads for bsd x64.
2015-04-15 14:33:27 -05:00
joev
0d19b5d4c3
Fix require order issue.
2015-04-14 23:23:02 -05:00
joev
e56590e1e3
DRY up common code between BSD / OSX.
2015-04-14 23:08:57 -05:00
William Vu
e114c85044
Land #5127 , x64 OS X prepend stubs 'n' stuff
2015-04-14 01:25:39 -05:00
joev
2d3614f647
Implement x64 BSD exec and exe template.
...
- Fixes bug in CachedSize due to all options being set
- Adds new payload to payload_spec.
2015-04-12 12:17:25 -05:00
joev
ceadd1e6ec
Update osx x86 payload cached sizes to be accurate.
...
- Right now there is a bug in the payload_spec, which causes the payload's
datastore during the spec run to have things like 'PrependSetuid' => 'false',
where 'false' is a string, which means 'if (datastore['PrependSetuid'])'
branch will be taken, resulting in incorrect behavior.
2015-04-12 00:21:18 -05:00
OJ
9fd40870d0
Update http(s) generator functions
...
Methods now require a hash. I went with the hash because 1) that's what
we seem to use everywhere else, and 2) I couldn't get the new keyword
arguments working nicely with the block syntax (I'm clearly stupid).
2015-04-08 07:56:54 +10:00
OJ
8f58e08c13
Add support for stageless reverse_http payloads
...
This includes both x64 and x86.
2015-04-07 11:01:24 +10:00
HD Moore
c9696d3f6c
Merge in stageless/transport work, deconflict
2015-04-04 11:52:26 -07:00
HD Moore
34ff94e0da
Fix the proxy user/pass options
2015-03-31 15:49:43 -05:00
HD Moore
a39ba05383
Functional Payload UUID embedding via PayloadUUIDSeed
2015-03-31 15:44:18 -05:00
OJ
253e5d7dff
Include correct module, remove specified encoder type
2015-03-31 07:23:51 +10:00
OJ
c28cc66398
Add x64 bind_tcp and reverse_ipv6_tcp
...
Also fix up a couple of modules to use Metasploit4 instead of
Metasploit3.
2015-03-30 18:59:30 +10:00
OJ
26792975eb
Refactor of code to reduce duplication
...
Add mixin for the stageless http preparation
2015-03-30 13:18:56 +10:00
OJ
f8851551c5
Add initial x64 stageless meterrpeter module
2015-03-30 11:23:51 +10:00
OJ
ce8f6d72e1
More work on x64 stageless
...
Testing with HD's new changes that allow for generation of larger x64
payloads
2015-03-30 09:51:04 +10:00
OJ
17dc2b184d
Merging upstream/master
2015-03-30 09:12:20 +10:00
OJ
24d74b26e3
Beginning work for stageless x64 meterpreter
2015-03-24 06:50:06 +10:00
OJ
9c9d333a1b
Create verify ssl mixin, adjust some formatting
2015-03-23 13:21:08 +10:00
oj@buffered.io
fd4ad9bd2e
Rework changes on top of HD's PR
...
This commit removes duplication, tidies up a couple of things and puts
some common code into the x509 module.
2015-03-20 13:06:57 +10:00
OJ
7b4161bdb4
Update code to handle cert validation properly
...
This code contains duplication from HD's PR. Once his has been landed
this code can be fixed up a bit so that duplication is removed.
2015-03-20 12:52:47 +10:00
OJ
7899881416
Update POSIX bins from master
2015-03-19 14:50:14 +10:00
Brent Cook
abb8a32e68
update spec for dynamic meterpreter payloads
2015-03-16 18:08:13 -05:00
OJ
35cfdf051a
Add support for meterpreter_reverse_ipv6_tcp
...
New payload added, makes use of existing functionality.
2015-03-13 20:15:31 +10:00
HD Moore
744b1a680e
Reworks how payload prepends work internally, see #1674
2015-03-12 02:30:06 -05:00
OJ
345b5cc8e1
Add stageless meterpreter support
...
This commit adds plumbing which allows for the creation of stageless
meterpreter payloads that include extensions. The included transprots at
this point are bind_tcp, reverse_tcp and reverse_https, all x86.
More coming for x64. Will also validate http soon.
2015-03-12 13:22:04 +10:00
HD Moore
da81f6b2a0
Correct the :dynamic cache sizes
2015-03-09 15:44:14 -05:00
HD Moore
02509d02e4
The result of running ./tools/update_payload_cached_sizes.rb
2015-03-09 15:31:04 -05:00
William Vu
a648e74c4b
Remove unnecessary semicolon
2015-03-02 15:36:45 -06:00
William Vu
80169de4d0
Remove -i from shell in reverse_python
2015-03-02 15:29:50 -06:00
sinn3r
2c0c732967
Fix #4414 & #4415 - exitfunc and proper null-terminated string
...
This patch fixes the following for messagebox.rb
Issue 1 (#4415 )
When exitfunc is none, the payload will not be able to generate
due to an "invalid opcode" error.
Issue 2: (#4414 )
After "user32.dll" is pushed onto the stack for the LoadLibrary
call, the payload does not actually ensure bl is a null byte, it
just assumes it is and uses it to modify the stack to get a
null-terminated string.
Fix #4414
Fix #4415
2014-12-19 03:19:06 -06:00
HD Moore
e3943682a2
Improves linux/armle payloads, lands #3315
2014-12-13 18:27:14 -06:00
HD Moore
92490ab5e8
Singles updated from the source
2014-12-13 12:22:07 -06:00
Tod Beardsley
79f2708a6e
Slight fixes to grammar/desc/whitespace
...
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00
HackSys Team
4a4608adbc
Add format_all_drives shellcode for Windows x86_x64
2014-11-27 23:06:54 +05:30
HackSys Team
8473ed144a
Add format_all_drives shellcode for Windows x86_x64
2014-11-27 14:13:49 +05:30
HackSys Team
f5633ba3c3
Add format_all_drives shellcode for Windows x86_x64
2014-11-26 20:29:25 +05:30
Mark Schloesser
8e7e5590c9
rename SHELLARG to ARGV0 because that's really what it is
2014-11-19 22:14:24 +01:00
mschloesser-r7
ac4c11ca39
work on linux/armle/shell_bind/tcp
...
same changes as to shell_reverse_tcp
2014-11-19 21:53:23 +01:00
mschloesser-r7
fd7248b3c0
work on linux/armle/shell_reverse_tcp
...
shorten the execve code, remove exit, grow argv[0] space
2014-11-19 21:53:23 +01:00
URI Assassin
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Brendan Coles
e0016d4af3
Remove hash rocket from refs array #3766
...
[SeeRM #8776 ]
2014-10-08 09:16:38 +00:00
Brendan Coles
3c7be9c4c5
Remove hash rockets from references #3766
...
[SeeRM #8776 ]
2014-10-08 09:01:19 +00:00
sinn3r
9e5826c4eb
Land #3844 - Add the JSObfu mixin to Firefox exploits
2014-09-29 11:15:14 -05:00
Joe Vennix
b96a7ed1d0
Install a global object in firefox payloads, bump jsobfu.
2014-09-24 16:05:00 -05:00
jvazquez-r7
0247e4a521
Change RequiredCmd for reverse_bash_telnet_ssl cmd payload
2014-09-24 00:40:14 -05:00
jvazquez-r7
e1b6ee283f
Allow Msf::Payload::JSP to guess system shell path if it isnt provided
2014-08-30 16:27:02 -05:00
jvazquez-r7
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
Tod Beardsley
2aa26fa290
Minor spacing and word choice fixups
2014-06-16 11:40:21 -05:00
sinn3r
2a7227f443
Land #3427 - Adds webcam module for firefox privileged sessions on OSX
2014-06-11 22:27:25 -05:00
jvazquez-r7
2c8a99143b
Land #3426 , @Meatballs1's Python v2.3.3 Compatible Command Shell payloads
2014-06-10 09:55:58 -05:00
Meatballs
dc69afebb1
License and Require
2014-06-09 21:41:38 +01:00
Meatballs
25ed68af6e
Land #3017 , Windows x86 Shell Hidden Bind
...
A bind shellcode that responds as 'closed' unless the client matches the
AHOST ip.
2014-06-08 13:49:49 +01:00
Meatballs
2be6b8befe
Remove bind hidden handler
2014-06-07 14:34:20 +01:00
joev
496be5c336
Ensure command_shell_options is present.
2014-06-06 16:26:45 -05:00
joev
d990fb4999
Remove a number of stray edits and bs.
2014-06-06 16:24:45 -05:00
Meatballs
c032b8ce8e
Compat
2014-06-04 02:27:06 +01:00
joev
14b796acbf
First stab at refactoring webrtc mixin.
2014-05-21 15:32:29 -05:00
Michael Messner
111160147f
MIPS exec payload fixes for encoder
2014-04-30 20:37:54 +02:00
joev
b4f5784ba2
Land #3147 , @m-1-k-3's mipsbe exec payload.
2014-04-08 22:32:21 -05:00
Tod Beardsley
ffdca3bf42
Fixup on some modules for release
...
There may be more coming, but if not, this should cover
this week's minor style changes.
2014-03-31 12:42:19 -05:00
Michael Messner
657b096be3
make msftidy happy
2014-03-27 19:24:25 +01:00
Michael Messner
ad94653fc0
feedback included
2014-03-27 16:12:34 +01:00
Michael Messner
3fc114e265
exec payload - new try
2014-03-26 19:48:14 +01:00
Joe Vennix
33651d0753
Fix formatting of hash options.
2014-03-25 14:43:53 -05:00
Joe Vennix
c8784168d5
Fix references and whitespace in mips payloads.
2014-03-25 14:39:27 -05:00
joev
1ac3944627
Merge branch 'landing-pr-3095' into upstream-master
2014-03-25 10:56:42 -05:00
joev
1680f9cc5d
Land PR #3127 , @m-1-k-3's mipsbe reboot payload, into master
2014-03-25 10:44:37 -05:00
Michael Messner
50efd0b5d0
change name and filename and file included
2014-03-25 09:13:04 +01:00
Michael Messner
a9952fa294
change name and filename
2014-03-25 09:11:16 +01:00
Michael Messner
fca4425f95
feedback
2014-03-25 09:09:13 +01:00
Michael Messner
4f1404eecc
reboot payload for mipsbe
2014-03-20 12:37:58 +01:00
Daniel Miller
0b6a890137
Fix missing require in reverse_powershell
...
When initializing the db:
/opt/metasploit-framework/modules/payloads/singles/cmd/windows/reverse_powershell.rb:34:in `initialize': uninitialized constant Msf::Handler::ReverseTcp (NameError)
from /opt/metasploit-framework/lib/msf/core/payload_set.rb:198:in `new'
from /opt/metasploit-framework/lib/msf/core/payload_set.rb:198:in `add_module'
from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:72:in `on_module_load'
from /opt/metasploit-framework/lib/msf/core/modules/loader/base.rb:207:in `load_module'
from /opt/metasploit-framework/lib/msf/core/modules/loader/base.rb:271:in `block in load_modules'
from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:58:in `block (2 levels) in each_module_reference_name'
from /opt/metasploit-framework/lib/rex/file.rb:127:in `block in find'
from /opt/metasploit-framework/lib/rex/file.rb:126:in `catch'
from /opt/metasploit-framework/lib/rex/file.rb:126:in `find'
from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:45:in `block in each_module_reference_name'
from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:29:in `foreach'
from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:29:in `each_module_reference_name'
from /opt/metasploit-framework/lib/msf/core/modules/loader/base.rb:264:in `load_modules'
from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:118:in `block in load_modules'
from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:116:in `each'
from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:116:in `load_modules'
from /opt/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:56:in `block in add_module_path'
from /opt/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:55:in `each'
from /opt/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:55:in `add_module_path'
from /opt/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:14:in `init_module_paths'
from /opt/metasploit-framework/lib/msf/ui/console/driver.rb:228:in `initialize'
from /opt/metasploit-framework/msfconsole:148:in `new'
from /opt/metasploit-framework/msfconsole:148:in `<main>'
2014-03-14 19:28:00 +00:00
Michael Messner
8db5d854c2
typo, null terminator
2014-03-13 18:38:27 +01:00
Michael Messner
f39e784d19
mipsle execve payload
2014-03-12 21:08:40 +01:00
joev
46c11ea2eb
Small fixes to m-1-k-3's mipsle reboot shellcode.
2014-03-10 17:17:23 -05:00
joev
7da54eb9cf
Merge branch 'landing-3041' into upstream-master
...
Lands PR #3041 , @m-1-k-3's reboot shellcode.
2014-03-10 17:11:06 -05:00
root
3c95c021d0
Reference added
2014-03-10 12:17:20 +01:00
root
1fda6b86a1
Changed cmp eax by inc eax. Saved one byte
2014-03-10 12:13:10 +01:00
sinn3r
caaa419ef8
Land #3054 - Fix crash in osx/x64/exec on 10.9 Mavericks
2014-03-04 15:24:02 -06:00
OJ
f0868c35bf
Land #3050 - Fix tained perl payloads
2014-03-04 10:05:47 +10:00
Joe Vennix
6a02a2e3b3
NULL out envp pointer before execve call.
...
This was causing a crash on 10.9.
2014-03-03 08:56:52 -06:00
Sagi Shahar
8c4b663643
Fix payloads to bypass Perl's Taint mode.
2014-03-02 18:39:05 +02:00
jvazquez-r7
6c490af75e
Add randomization to Rex::Zip::Jar and java_signed_applet
2014-02-27 12:38:52 -06:00
Michael Messner
d6b28e3b74
mipsel reboot payload
2014-02-26 20:34:35 +01:00
root
b4a22aa25d
hidden bind shell payload
2014-02-20 16:19:40 +01:00
jvazquez-r7
e75a0ea948
Fix typo
2014-02-19 15:21:02 -06:00
jvazquez-r7
aa07065f67
Land #2959 , reverse powershell payload by @Meatballs1
2014-02-19 15:14:54 -06:00
jvazquez-r7
9fad43da08
Add license information
2014-02-19 15:11:12 -06:00
Meatballs
9f04e0081d
Stick with command let encoder handle encoding
2014-02-08 19:28:03 +00:00
Meatballs
93b07b0e48
Add missing RequiredCmds
2014-02-08 12:24:49 +00:00
Meatballs
80814adaf9
Credit where credits due
2014-02-08 01:42:45 +00:00
Meatballs
efe4d6b41a
Tidyup
2014-02-08 01:03:02 +00:00
Meatballs
2d1a0c3a01
Windows CMD love too
2014-02-08 01:00:31 +00:00
sinn3r
bda93c2bbc
Land #2811 - Add generate_war to jsp_shell payloads
2014-02-04 15:06:45 -06:00
joev
0833da465a
Lands #2832 , @jvazquez-r7's fixes to mipsel shellcode.
2014-01-15 12:03:17 -06:00
sinn3r
ad832adfc1
Land #2846 - Update mipsle shell_bind_tcp shellcode
2014-01-13 17:37:08 -06:00
William Vu
61b30e8b60
Land #2869 , pre-release title/desc fixes
2014-01-13 14:29:27 -06:00
Tod Beardsley
671027a126
Pre-release title/desc fixes
2014-01-13 13:57:34 -06:00
Joe Vennix
3db143c452
Remove explicit requires for FF payload.
...
Adds ff payload require to msf/core/payload.rb
2014-01-13 13:07:55 -06:00
sinn3r
140d1fbf90
Land #2847 - Add MIPS big endian single shell_bind_tcp payload
2014-01-10 15:06:35 -06:00
sinn3r
96ba41a4b0
Land #2844 - Fix the mipsbe shell_reverse_tcp payload
2014-01-10 15:00:39 -06:00
jvazquez-r7
a0879b39e0
Add mips be shell_bind_tcp payload
2014-01-08 14:48:54 -06:00
jvazquez-r7
1727b7fb37
Allow the Msf::Payload::Linux's generate to make its work
2014-01-08 12:41:10 -06:00
jvazquez-r7
83e5169734
Don't use temporal register between syscals and save some bytes on the execve
2014-01-08 11:45:27 -06:00
jvazquez-r7
5f7582b72d
Don't use a temporary registerfor the dup2 loop counter
2014-01-07 18:02:55 -06:00
jvazquez-r7
c2dce19768
Don't use a temporary registerfor the dup2 loop counter
2014-01-07 17:39:27 -06:00
jvazquez-r7
a85492a2d7
Fix my own busted dup2 sequence
2014-01-07 16:27:01 -06:00
Joe Vennix
fb1a038024
Update async API to actually be async in all cases.
...
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
2014-01-07 16:17:34 -06:00
jvazquez-r7
3230b193e1
Make better comment
2014-01-07 15:32:46 -06:00
jvazquez-r7
80dcda6f76
Fix bind call
2014-01-07 15:31:42 -06:00
jvazquez-r7
b5524654d5
Delete comment
2014-01-07 14:50:26 -06:00
jvazquez-r7
45c86d149f
Modify authors field
2014-01-07 14:50:12 -06:00
jvazquez-r7
d6639294aa
Save some instructions with dup2
2014-01-07 14:41:33 -06:00
jvazquez-r7
9cf221cdd6
Delete delay slots after syscall
2014-01-07 13:18:20 -06:00
jvazquez-r7
70d4082c0c
Add formatting blank lines and delete comment
2014-01-07 09:55:36 -06:00
jvazquez-r7
3edd2a50e2
Shorter mipsle shell_reverse_tcp
2014-01-07 09:45:28 -06:00
Joe Vennix
3b29c370bd
Fix bug in the firefox/exec payload.
2014-01-05 11:24:41 -06:00
Joe Vennix
4329e5a21e
Update firefox payloads to use async runCmd.
2014-01-04 08:49:43 -06:00
Joe Vennix
fdca396bc8
Update exec to be diskless.
2014-01-04 08:48:58 -06:00
Joe Vennix
a5ebdce262
Add exec payload. Cleans up a lot of code.
...
Adds some yardocs and whatnot.
2014-01-03 18:23:48 -06:00
jvazquez-r7
f5f18965b9
Move the require to the payloads as ruby and nodejs payloads do
2014-01-02 16:05:03 -06:00
Joe Vennix
06fb2139b0
Digging around to get shell_command_token to work.
2014-01-02 14:05:06 -06:00
Joe Vennix
12fece3aa6
Kill unnecessary comment.
2014-01-02 10:48:28 -06:00
Joe Vennix
1f9ac12dda
DRYs up firefox payloads.
2014-01-02 10:48:28 -06:00
Joe Vennix
821aa47d7e
Add firefox paylods.
...
* Adds support for windows or posix shell escaping.
2014-01-02 10:48:28 -06:00
jvazquez-r7
0725b9c69c
Refactor JSP payloads
2013-12-31 08:27:37 -06:00
jvazquez-r7
aa38a23921
Add generate_war to jsp_shell payloads
2013-12-30 13:53:58 -06:00
sinn3r
f1c5ab95bf
Land #2690 - typo
2013-11-25 23:53:34 -06:00
William Vu
70139d05ea
Fix missed title
2013-11-25 22:46:35 -06:00
William Vu
e8eb983ae1
Resplat shell_bind_tcp_random_port
2013-11-20 14:48:53 -06:00
William Vu
2c485c509e
Fix caps on module titles (first pass)
2013-11-15 00:03:42 -06:00
Geyslan G. Bem
28c5dd63fd
references fix
2013-11-11 17:14:50 -03:00
Geyslan G. Bem
8f6917a117
references fix
2013-11-11 17:12:45 -03:00
Geyslan G. Bem
e3641158d9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-11-11 14:29:19 -03:00
Geyslan G. Bem
030fbba539
Merge branch 'master' of https://github.com/geyslan/metasploit-framework
2013-11-11 14:22:00 -03:00
Tod Beardsley
81a7b1a9bf
Fixes for #2350 , random bind shellcode
...
* Moved shortlink to a reference.
* Reformat e-mail address.
* Fixed whitespace
* Use multiline quote per most other module descriptions
Still need to resplat the modules, but it's no big thang to do that
after landing. Also, References do not seem to appear for post modules
in the normal msfconsole. This is a bug in the UI, not for these modules
-- many payloads would benefit from being explicit on their references,
so may as well start with these.
2013-11-11 10:33:15 -06:00
sinn3r
1599d1171d
Land #2558 - Release fixes
2013-10-21 13:48:11 -05:00
Tod Beardsley
bce8d9a90f
Update license comments with resplat.
2013-10-21 13:36:15 -05:00
Tod Beardsley
c070108da6
Release-related updates
...
* Lua is not an acronym
* Adds an OSVDB ref
* credit @jvazquez-r7, not HD, for the Windows CMD thing
2013-10-21 13:33:00 -05:00
sinn3r
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
sinn3r
cacaf40276
Land #2542 - D-Link DIR-605L Captcha Handling Buffer Overflow
2013-10-21 12:03:07 -05:00
sinn3r
6430fa3354
Land #2539 - Support Windows CMD generic payload
...
This also upgrades auxiliary/admin/scada/igss_exec_17 to an exploit
2013-10-21 11:26:13 -05:00
William Vu
5a0b8095c0
Land #2382 , Lua bind and reverse shells
2013-10-18 17:11:37 -05:00
jvazquez-r7
be1d6ee0d3
Support Windows CMD generic payload
2013-10-17 14:07:27 -05:00
jvazquez-r7
3d3a7b3818
Add support for OSVDB 86824
2013-10-17 01:08:01 -05:00
Tod Beardsley
5d86ab4ab8
Catch mis-formatted bracket comments.
2013-10-15 14:52:12 -05:00
Tod Beardsley
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
Tod Beardsley
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
sinn3r
e10dbf8a5d
Land #2508 - Add nodejs payloads
2013-10-14 12:23:31 -05:00
joev
c7bcc97dff
Add SSL support to #nodejs_reverse_tcp.
2013-10-12 03:32:52 -05:00
joev
6440a26f04
Move shared Node.js payload logic to mixin.
...
- this fixes the recursive loading issue when creating a payload
inside the cmd payload
- also dries up some of the node cmd invocation logic.
2013-10-12 03:19:06 -05:00
Meatballs
9ca9b4ab29
Merge branch 'master' into data_dir
...
Conflicts:
lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
joev
1e78c3ca1a
Add missing require to nodejs/bind payload.
2013-10-09 11:39:05 -05:00
Tod Beardsley
4266b88a20
Move author name to just 'joev'
...
[See #2476 ]
2013-10-07 12:50:04 -05:00
joev
da48565093
Add more payloads for nodejs.
...
* Adds a reverse and bind CMD payload
* Adds a bind payload (no bind_ssl for now).
2013-10-07 06:09:21 -05:00
Geyslan G. Bem
6492bde1c7
New Payload
...
Merge remote-tracking branch 'origin'
2013-10-05 09:17:14 -03:00
Geyslan G. Bem
31f265b411
New Shell Bind TCP Random Port Payload (x86_64)
2013-10-05 09:02:05 -03:00
Meatballs
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
joev
99e46d2cdb
Merge branch 'master' into cve-2013-4660_js_yaml_code_exec
...
Conflicts:
modules/exploits/multi/handler.rb
2013-09-25 00:32:56 -05:00
joev
cd98c4654d
Remove unecessary print from #generate in payloads.
2013-09-25 00:12:28 -05:00
Tod Beardsley
c547e84fa7
Prefer Ruby style for single word collections
...
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.
This change converts all Payloads to this format if there is more than
one payload to choose from.
It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.
See:
https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
Joe Vennix
801dda2b09
Change PayloadType to NodeJS.
2013-09-23 11:31:45 -05:00
xistence
41e1a3d05b
removed shell prompt in lua bind/reverse shells
2013-09-22 14:53:59 +07:00
Joe Vennix
a08d195308
Add Node.js as a platform.
...
* Fix some whitespace issues in platform.rb
2013-09-20 18:14:01 -05:00
Joe Vennix
a641bc41a8
Kill unnecessary comment.
2013-09-16 21:35:53 -05:00
Joe Vennix
f954e5299f
Now working on windows even.
2013-09-16 21:34:12 -05:00
Joe Vennix
2d936fb67c
Bail from payload if require() is not available.
...
* TODO: test on windows
2013-09-16 14:05:26 -05:00
RageLtMan
08f0abafd6
Add nodejs single payloads, thanks to RageLtMan.
2013-09-16 13:38:42 -05:00
xistence
79e08c1560
added LUA bind/reverse shells
2013-09-16 17:02:08 +07:00
Geyslan G. Bem
118cc900a7
new payload
2013-09-10 19:20:48 -03:00
Tab Assassin
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
sinn3r
10e9b97a88
Land #2180 - Accepting args for x64 osx exec payload
2013-08-02 00:45:09 -05:00
Joe Vennix
592176137a
Rewrite osx x64 cmd payload to accept args.
...
[SeeRM #8260 ]
2013-07-31 08:50:28 -05:00
Tod Beardsley
7e539332db
Reverting disaster merge to 593363c5f
with diff
...
There was a disaster of a merge at 6f37cf22eb
that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).
What this commit does is simulate a hard reset, by doing thing:
git checkout -b reset-hard-ohmu
git reset --hard 593363c5f9
git checkout upstream-master
git checkout -b revert-via-diff
git diff --no-prefix upstream-master..reset-hard-ohmy > patch
patch -p0 < patch
Since there was one binary change, also did this:
git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf
Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
jvazquez-r7
1a5e0e10a5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 13:53:57 -05:00
sinn3r
b64d0429ac
Format fix
...
Just to make this more pleasing to the eyes
2013-07-18 13:36:31 -05:00
Joe Vennix
cd2e352971
Kill extra whitespace.
2013-07-18 11:30:54 -05:00
Joe Vennix
766a8d5817
Shellwords! Now you can use exec to get you a perl shell
2013-07-17 21:16:04 -05:00
Joe Vennix
9c1228067c
Change to += syntax.
2013-07-17 21:11:24 -05:00
Joe Vennix
ab088712ba
Removes unnecessary copy-to-stack. Fixes arg-order issue.
...
* Now I simply point to the string in instruction-memory, which saves a few bytes.
2013-07-17 20:27:20 -05:00
Joe Vennix
5ab81e7e37
Convert to readable asm. Adds support for arguments.
...
* shellcode appears to do an unnecessary copy-to-stack, so will look into
improving that.
2013-07-17 19:20:47 -05:00
jvazquez-r7
785639148c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-20 17:18:42 -05:00
William Vu
589b4be384
Land #1999 , zsh bind shell
2013-06-20 13:51:48 -05:00
sinn3r
86fc101c1f
Add payload module bind zsh
...
For #1984
2013-06-20 13:45:02 -05:00
sinn3r
660c97f512
Add module for reverse zsh payload
...
For #1985
2013-06-20 13:40:17 -05:00
jvazquez-r7
b20a38add4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-10 12:22:52 -05:00
Tod Beardsley
f58e279066
Cleanup on module names, descriptions.
2013-06-10 10:52:22 -05:00
jvazquez-r7
e5a17ba227
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-05 09:41:23 -05:00
William Vu
1596fb478a
Land #1886 , awk bind shell
2013-06-05 09:05:37 -05:00
Roberto Soares Espreto
f6977c41c3
Modifications done in each PR.
2013-06-05 07:55:05 -03:00
Roberto Soares Espreto
b20401ca8c
Modifications done in each PR.
2013-06-05 07:51:10 -03:00
Roberto Soares Espreto
34243165c5
Some changes with improvements.
2013-06-04 21:22:10 -03:00
Roberto Soares Espreto
e2988727fb
Some changes with improvements.
2013-06-04 21:10:51 -03:00
Roberto Soares Espreto
d9609fb03e
Was breaking with repeated commands
2013-05-31 18:44:48 -03:00
Roberto Soares Espreto
00debd01c6
Listen for a connection and spawn a command shell via AWK
2013-05-29 21:22:49 -03:00
Roberto Soares Espreto
d4a864c29f
Creates an interactive shell via AWK (reverse)
2013-05-29 21:19:08 -03:00
jvazquez-r7
a4632b773a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-28 12:59:16 -05:00
sinn3r
1d9a695d2b
Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238)
...
[Closes #1772 ]
2013-04-28 12:17:16 -05:00
James Lee
9c8b93f1b7
Make sure LPORT is a string when subbing
...
* Gets rid of conversion errors like this:
[-] Exploit failed: can't convert Fixnum into String
* also removes comments from php meterp. Works for me with the
phpmyadmin_preg_replace bug, so seems legit.
2013-04-26 15:26:31 -05:00
jvazquez-r7
cc35591723
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-15 17:43:15 -05:00
Tod Beardsley
be39079830
Trailing whitespace fix
...
Note that this commit needed a --no-verify because of the erroneous
check in msftidy for writing to stdout. The particular syntax of this
payload makes it look like we're doing that when we're really not.
So don't sweat it.
2013-04-15 13:58:06 -05:00
Tod Beardsley
efdf4e3983
Lands #1485 , fixes for Windows-based Ruby targets
2013-04-15 13:56:41 -05:00
Tod Beardsley
e149c8670b
Unconflicting ruby_string method
...
Looks like the conflict was created by the msftidy fixes that happened
over on the master branch. No big deal after all.
2013-03-20 15:49:23 -05:00
jvazquez-r7
6603dcd652
up to date
2013-03-12 17:04:13 +01:00
jvazquez-r7
627e7f6277
avoiding grouping options
2013-03-11 18:26:03 +01:00
jvazquez-r7
f0cee29100
modified CommandDispatcher::Exploit to have the change into account
2013-03-11 18:08:46 +01:00
jvazquez-r7
c9268c3d54
original modules renamed
2013-03-11 18:04:22 +01:00
James Lee
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
RageLtMan
7f80692457
everyone will comply, resistance is futile
2013-03-06 18:38:14 -05:00
Raphael Mudge
1cc49f75f5
move flag comment to where it's used.
2013-03-03 03:26:43 -05:00
Raphael Mudge
ecdb884b13
Make download_exec work with authenticated proxies
...
Adds INTERNET_FLAG_KEEP_CONNECTION to HttpOpenRequest flags to allow
download_exec to transparently authenticate to a proxy device through
wininet.
Fun trivia, Windows 7 systems uses Connection: keep-alive by default.
This flag benefits older targets (e.g., Windows XP).
2013-03-03 01:42:17 -05:00
James Lee
c423ad2583
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-02-21 15:30:43 -06:00
jvazquez-r7
04ec4e432d
minor cleanup for shell_bind_tcp
2013-02-20 01:02:58 +01:00
jvazquez-r7
3d199fe6db
Merge branch 'mipsle-shell_bind_tcp' of https://github.com/kost/metasploit-framework into kost-mipsle-shell_bind_tcp
2013-02-20 01:00:34 +01:00
sinn3r
e9f4900beb
Merge branch 'fixgenericcustom' of github.com:rsmudge/metasploit-framework into rsmudge-fixgenericcustom
2013-02-19 14:47:18 -06:00
Raphael Mudge
06ba2ef791
Allow generic/custom payload to generate an exe
...
The datastore value of ARCH has no effect on the array of
architectures the generic/custom payload is compatible with.
This commit forces the payload to update its list of compatible
architectures on generation if the ARCH value is set in the
datastore.
See:
http://dev.metasploit.com/redmine/issues/7755
2013-02-17 20:39:54 -05:00
HD Moore
cae6661574
Handle invalid commands gracefully (dont exit)
2013-02-12 11:33:23 -08:00
HD Moore
4c2bddc452
Fix a typo and always treat ports as integers:
2013-02-12 08:59:11 -08:00
HD Moore
a33d1ef877
This allows the ruby payloads to work properly on Windows
2013-02-12 08:55:37 -08:00
HD Moore
47f3c09616
Fix typo that snuck in during merge
2013-02-03 17:38:19 -06:00
HD Moore
5be4d41420
This is redundant/less-reliable than reverse_openssl
2013-02-03 17:35:14 -06:00
RageLtMan
ffb88baf4a
initial module import from SV rev_ssl branch
2013-02-03 15:06:24 -05:00
HD Moore
c3801ad083
This adds an openssl CMD payload and handler
2013-02-03 04:44:25 -06:00
James Lee
92c736a6a9
Move fork stuff out of exploit into payload mixin
...
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
Kacper Nowak
f691652594
attempt to fix cmd/windows/reverse_perl payload
2013-01-23 11:21:44 +00:00
scriptjunkie
52251867d8
Ensure Windows single payloads use payload backend
...
This means the singles that define their own assembly will use the payload backend to generate it.
2013-01-18 16:34:39 -06:00
James Lee
c89b2b2ec6
Once more, with feeling
2013-01-10 15:29:54 -06:00
James Lee
7fd3440c1a
Fix hd's attempt to rename ruby payloads
2013-01-10 15:25:50 -06:00
James Lee
4fcb8b6f8d
Revert "Rename again to be consistent with payload naming"
...
This reverts commit 0fa2fcd811
.
2013-01-10 15:24:25 -06:00
HD Moore
0fa2fcd811
Rename again to be consistent with payload naming
2013-01-10 14:16:37 -06:00
HD Moore
88b08087bf
Renamed and made more robust
2013-01-10 14:05:29 -06:00
HD Moore
e05f4ba927
Thread wrappers were causing instant session closure
2013-01-10 00:41:58 -06:00
HD Moore
4c1e501ed0
Exploit for CVE-2013-0156 and new ruby-platform modules
2013-01-09 23:10:13 -06:00
Christian Mehlmauer
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
Christian Mehlmauer
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
sinn3r
0822e8eae2
Merge branch 'kost-mipsle-shell_reverse_tcp'
2012-12-24 10:52:19 -06:00
jvazquez-r7
26f561795d
fix cmd windows ruby payloads
2012-12-20 00:50:02 +01:00
sinn3r
7145078e63
Merge branch 'mipsle-shell_reverse_tcp' of git://github.com/kost/metasploit-framework into kost-mipsle-shell_reverse_tcp
2012-12-18 11:50:41 -06:00
Raphael Mudge
482846942a
Fix: download_exec appends an extra / to request
...
The download_exec module parses the provided URL and appends an
unnecessary, nay--damaging I say!!!! '/' to the parsed URI. This
renders the module unusable for those who want a payload to
download and execute a file.
Before and after access.log snippets are in the redmine ticket
http://dev.metasploit.com/redmine/issues/7592
2012-12-12 14:01:31 -06:00
Vlatko Kosturjak
4ac79c91a6
Remove spaces at EOL
2012-11-17 12:00:59 +01:00
sinn3r
8648d21b3c
Merge branch 'dns_txt_query_exe' of git://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-dns_txt_query_exe
2012-11-16 11:52:57 -06:00
corelanc0d3r
0bf92b5d97
improved payload dns_txt_query_exec
2012-11-13 00:55:32 +01:00
corelanc0d3r
cad7eb0130
renamed and optimized download_exec payload
2012-11-13 00:02:49 +01:00
Vlatko Kosturjak
bda7f68b02
Add zero byte on the end of the /bin/sh string
2012-11-08 02:00:49 +01:00
Vlatko Kosturjak
ce82b37289
Few removals of unneccessary zero bytes in sc
2012-10-28 21:22:33 +01:00