c76a1ab9f4
Land #3065 - Safari User-Assisted Download & Run Attack
2014-03-07 10:29:56 -06:00
9638bc7061
Allow a custom .app bundle.
...
* adds a method to Rex::Zip::Archive to allow recursive packing
2014-03-06 16:11:30 -06:00
311d4665ce
Re-use CreateService Handle
...
and remove unused variable
2014-03-06 21:37:49 +00:00
ee0aa20955
Land #3013 , Metasm update
2014-03-06 14:15:42 -06:00
05067b4e33
Oops. Need to init the profile before accessed.
2014-03-06 11:48:54 -06:00
ad592fd114
Remove unnecessary method.
2014-03-05 23:36:43 -06:00
a792f85a5f
Fix re-initialize bug.
2014-03-05 23:27:04 -06:00
38a2e6e436
Minor fixes.
2014-03-05 19:03:54 -06:00
12cf5a5138
Add BES, change extra_plist -> plist_extra.
2014-03-05 18:51:42 -06:00
096d6ad951
Land #3055 , heapLib2 integration
2014-03-05 15:48:13 -06:00
cd3c2f9979
Move osx-app format to EXE.
2014-03-04 22:54:00 -06:00
a1aef92652
Land #2431 - In-memory bypass uac
2014-03-05 11:15:54 +10:00
5790547d34
Start undoing some work.
2014-03-04 17:01:53 -06:00
6e88bbd827
No need for that kind of language
2014-03-04 14:34:50 -06:00
e638c3d50a
Land #3058 - Prevent jsobfu from generating reserved js keywords
2014-03-04 11:43:39 -06:00
72c6b995de
adjust timeout for shadowcopy
...
WMIC defaults to 10 sec timeout but shadowcopy
often needs longer.
2014-03-04 10:18:59 -06:00
0bdce4836f
Modify clipboard dump to support new format from Meterpreter
2014-03-04 19:37:57 +10:00
e452b81fb1
style changes as suggested by @jlee-r7
2014-03-04 08:49:52 +02:00
3360f7004d
Update form_post vars, add Expires to cookie.
2014-03-03 23:29:02 -06:00
6c3b667152
Kill extra comma.
2014-03-03 16:48:02 -06:00
bfecf9525d
Add Rex::RandomIdentifierGenerator.
2014-03-03 16:43:49 -06:00
43715eeb7f
Blame @OJ
...
He changed the clipboard API underneat me.
2014-03-03 22:06:05 +00:00
32d83887d3
Merge remote-tracking branch 'upstream/master' into wmic_post
2014-03-03 21:56:31 +00:00
517a85d141
Remove unneeded quotes.
2014-03-03 15:42:46 -06:00
b3ab8f7ce1
Make random_var_name public, add specs for it.
2014-03-03 15:39:56 -06:00
ae9ce962c0
Add future reserved words.
...
Gotta stay ahead of the game.
2014-03-03 14:59:46 -06:00
dd86a9188c
Prevent jsobfu from generating duplicate/reserved tokens.
...
I got an error from a script that tried to 'set void = 1'.
2014-03-03 14:56:50 -06:00
ee1209b7fb
This should work
2014-03-03 11:53:51 -06:00
e0438f570b
Merge branch 'upstream/master' into ext_server_kiwi
2014-03-03 17:28:44 +10:00
894d16af80
Add specs for new/returning/previous visitors.
2014-03-02 20:50:10 -06:00
b458b8ad63
Add specs for new methods.
2014-03-02 20:23:20 -06:00
6825fd2486
Whitespace tweaks and cleanup.
2014-03-02 19:57:48 -06:00
46f27289ed
Reorganizes form_post into separate file.
2014-03-02 19:55:21 -06:00
785a35a81a
Needed to kill objToQuery.
2014-03-02 19:48:55 -06:00
e8226f9d40
Use a keyed cookie. Moves AJAX call to a form post.
2014-03-02 19:47:24 -06:00
26db845438
Try to pthread_create. Fails.
2014-03-02 18:02:23 -06:00
8cf5c3b97e
Add heaplib2
...
[SeeRM #8769 ] Add heapLib2 for browser exploitation
2014-03-02 11:47:18 -06:00
8543da0fbd
Corrected uri_encode
2014-03-01 11:30:50 +01:00
1a0f77edb2
Land #2739 , DLL injection in msfvenom
...
lands Meatballs PR to fix dll injection
in Msfvenom. Test to ensure it still works
in the new MsfVenom
2014-02-28 14:22:17 -06:00
9e355e1265
Merge branch 'master' into dll_inject
2014-02-28 14:20:46 -06:00
ac446d3b3f
Land #3043 - randomization for Rex::Zip::Jar and java_signed_applet
2014-02-28 14:10:55 -06:00
566a791ef3
Land #2992 , Fix VNC Inject Defaults
2014-02-28 14:04:56 -06:00
fd1586ee6a
Land #2515 , plaintext creds fix for John
...
[FixRM #8481 ]
2014-02-28 09:53:47 -06:00
f66709b5bb
make bypassuac module clean itself up
...
since the IO redirection hangs our original process
we have the moudle wait for the session then kills
the spawning process and delete the exe we dropped
2014-02-27 12:54:40 -06:00
6c490af75e
Add randomization to Rex::Zip::Jar and java_signed_applet
2014-02-27 12:38:52 -06:00
d358fe5f94
Merge branch 'payload_defaults'
2014-02-26 10:28:46 -06:00
f51cbfffb8
minor fix to payload generator
...
was passing platform string instead of the
platform lsit when formatting the payload
2014-02-25 15:51:06 -06:00
d0780cd1a2
Land #3010 - EXITFUNC as OptEnum
2014-02-24 11:07:10 -06:00
c760d37703
use the actual shellcode length.
2014-02-24 09:55:44 -06:00
9fd635d645
Favor \! vs == false
2014-02-24 08:47:25 -06:00
dbbd080fc1
a first try of the cmd stager, wget in a seperated module included
2014-02-23 20:59:17 +01:00
2a6258be15
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
external/source/exploits/make.bat
2014-02-28 20:26:24 +00:00
5a7730b495
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
2014-02-25 23:15:47 +00:00
8bdb22aeb9
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
lib/msf/core/post/windows.rb
2014-02-25 22:15:05 +00:00
bbacaa477e
Add missing require
2014-02-25 22:08:27 +00:00
e31a144f4d
Use better system call
2014-02-22 20:34:56 +00:00
8af992e083
Use same coding style
2014-02-21 16:02:27 -06:00
0c44cc5ae4
Allow Exploits to provide Encoder Compat options
2014-02-21 15:49:39 -06:00
0179faa66f
Fix yardoc for Post::Windows::LDAP
...
Also fix some style issues and warnings.
2014-02-21 13:25:11 -06:00
0b5e617236
Land #3016 lsanchez-r7's send_message mod to return info
2014-02-19 17:01:06 -06:00
c0cdea37f7
Initialize send_status at the function's start
2014-02-19 16:54:29 -06:00
f7a483523c
changing the initial state from false to nil
2014-02-19 16:45:00 -06:00
7c5ba3e46c
Retab metasm
2014-02-19 14:01:20 -06:00
bdb27b2cca
Manual loading shouldn't be needed
2014-02-19 13:13:41 -06:00
a78ccc7862
Add up to date metasm
2014-02-19 13:13:08 -06:00
f34078a7df
Delete old version of metasm
2014-02-19 13:09:53 -06:00
212ebb568c
EXITFUNC option should be an OptEnum.
2014-02-19 03:06:15 -06:00
50fb9b247e
Restructure some of the exploit methods.
2014-02-19 02:31:22 -06:00
4ca4d82d89
Land #2939 , @Meatballs1 exploit for Wikimedia RCE and a lot more...
2014-02-18 17:48:02 -06:00
e4aedfad43
Fixup netapi call
2014-02-18 23:30:29 +00:00
07fd3494e5
changing send_message to return more information
2014-02-18 16:48:52 -06:00
6f988209ab
Merge remote-tracking branch 'upstream/master' into enum_domain_users_update
2014-02-18 20:02:39 +00:00
4f9ab0b99f
Land #2903 , @Meatballs1 SPN gather post module
2014-02-18 13:53:32 -06:00
8e0a4aaa58
Land #2983 , webcam_chat for Meterpreter
2014-02-18 13:43:42 -06:00
5c8af63063
Fix regression
2014-02-18 17:41:35 +00:00
0519abb558
Fix the wrong conversion
2014-02-17 23:17:19 -06:00
1bc94b8a9d
Merge for retab
2014-02-17 19:19:47 -06:00
f07efc91a8
Land #2915 , @Meatballs1 improvements for LDAP post mixin
2014-02-17 19:14:59 -06:00
318ebdb4c8
Clean up // comments.
2014-02-17 15:34:42 -06:00
57449ac719
Adds working shellcode exec local exploit.
2014-02-17 15:31:45 -06:00
7f9b4a4bf4
Land #2655 , Re-do exe-small for scripting payloads.
2014-02-17 15:56:23 -05:00
f58b66adf8
Docs and more robust code
2014-02-14 23:15:05 +00:00
f5c401bee7
Yarddocs
2014-02-14 22:59:36 +00:00
3299b68adf
Landing #2767 , @Meatballs1 Powershell Reflective Payload
2014-02-14 16:12:46 -05:00
f7858bf1a7
SnakeCase option looks better
2014-02-14 21:05:24 +00:00
983f5abc2f
Make vnc a bit safer to use
2014-02-14 20:59:44 +00:00
d606be5efb
That's funny I changed the wrong method
2014-02-13 16:41:18 -06:00
5d3eed8600
Add info about browser requirements in help
2014-02-13 16:37:05 -06:00
9c48335764
Change to google.com
2014-02-13 16:30:44 -06:00
a44f235a8d
Fix things based on Tod's feedback
2014-02-13 16:13:42 -06:00
4dd60631cb
Land #2950 - New Payload Generator for MsfVenom
2014-02-13 15:13:10 -06:00
61563fb2af
Do minor cleanup
2014-02-13 09:10:04 -06:00
4565be18e3
require active_support numeric
...
ensure we have the activesupport numeric bytes extension
loaded for calling .gigabyte
2014-02-12 13:20:13 -06:00
8b25b6e343
Land #2980 , @wvu-r7 fix to handle invalid session id on post module runs
2014-02-12 13:13:34 -06:00
ff267a64b1
Have into account the Content-Transfer-Encoding header
2014-02-12 12:40:11 -06:00
40db1c4d0d
s/auxiliarly/auxiliary/
2014-02-12 12:17:53 -06:00
45d4b1e1fd
Land #2958 - Add options: Applicaiton-Name, Permissions for jar.rb
2014-02-12 11:14:25 -06:00
750ce3c4db
Make server configurable
2014-02-11 23:07:43 -06:00
beca4b8bc3
Fix issue with getenv failing
...
The call to `getenv` failed when `%` or `$` were used because of the
differences between Meterpreter handling and MSF handling.
Meterpreter effectively ignores (ie. strips out) the platform-specific
characters which are used for environment variables. In the `getenv`
call, MSF was invoking `getenvs` and getting a full hash of values, then
attempting to index into the hash using a string which may be "polluted"
with those platform-specific characters. This meant that there was a
discrepency between what was returned and what was used to index and
as a result, the value would come out as `nil`.
For example, calling `getenv('%FOO%')` would result in a hash with
`{'FOO'=>'bar'}`, so looking for '%FOO%' in this result would yield
nothing.
This commit changes this so that the name is ignored and the first
value is returned.
2014-02-12 13:51:30 +10:00
5a488b310d
Use a more correct error message
...
-1 is a valid session ID, even though it's a fake one.
2014-02-11 18:06:43 -06:00
4a603b9a8d
Merge remote-tracking branch 'upstream/master' into beug/session
...
Conflicts:
lib/msf/base/simple/post.rb
2014-02-11 16:38:16 -06:00
18816f3d5e
Land #2952 , -1 for last session ID
2014-02-11 16:22:36 -06:00
2476d9be2d
Fix invalid session ID bug
...
This fix should work seamlessly with #2952 .
2014-02-11 15:43:35 -06:00
1f0020a61c
Land #2946 , @jlee-r7's optimization of the x86 block_api code
2014-02-11 15:00:00 -06:00
e3aa838e52
Fix on_session_module_run bug
2014-02-11 11:37:58 -06:00
51df2d8b51
Use the fixed API on the mediawiki exploit
2014-02-11 08:28:58 -06:00
2bb15d3a87
answerer's interface gets a makeover
2014-02-11 02:15:22 -06:00
79d559a0c9
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
a67a14ff60
Land #2975 @wchen-r7's extra vprint_debug statements for ms13-090
2014-02-10 20:57:55 -05:00
fdd696fc31
Drop Opera support
...
It's sad nobody is actually using it. See article: "Across desktop and
mobile, Chrome is used more than Firefox, IE, and Opera combined" -
thenextweb.com
2014-02-10 18:03:42 -06:00
1414f6794c
Change the name of the video chat command
2014-02-10 17:44:47 -06:00
d8ea11b851
Redirect HTTP too
2014-02-10 23:41:15 +00:00
442d212a94
Add vprint_debug to show what requirements are being compared
2014-02-10 17:33:36 -06:00
4a0f37dc21
Save lost changes
2014-02-10 23:24:26 +00:00
44282d8a83
Add an exception handling
2014-02-10 17:06:56 -06:00
1114913298
Automatically turn on webcam in Firefox
2014-02-10 17:05:08 -06:00
a87f604c98
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-10 21:43:56 +00:00
48fdb08164
Add flag --use-fake-ui-for-media-stream
...
Thanks Joev!!
2014-02-10 14:47:25 -06:00
427fece52c
Add random mail address function
2014-02-10 21:04:44 +01:00
fab8e16a87
Unbreak server exploits
2014-02-10 10:54:14 -06:00
57320a59f1
Do small clean up for mediawiki_thumb pr
2014-02-10 08:57:09 -06:00
4eb9a16b2c
Remove unnecessary return statement.
2014-02-09 13:06:21 -05:00
93ef3c784d
Update some JavaScript and other things
2014-02-08 22:23:19 -06:00
b279c45db5
Update open_webrtc_browser method
2014-02-08 20:47:02 -06:00
0d24f06109
Not adding remote support for Linux meterpreter, here's why
2014-02-08 20:30:53 -06:00
be8538f3bd
Tweak video attributes
2014-02-08 19:56:43 -06:00
8d55104712
Random channel
2014-02-08 19:36:33 -06:00
e25767ceab
More progress
2014-02-08 17:28:15 -06:00
2cfc662e43
Use en-us instead
2014-02-08 16:16:09 -06:00
3f9ad8a6d5
Fix bugs and stuff
2014-02-08 16:11:39 -06:00
22cc665115
More error handling
2014-02-08 16:06:51 -06:00
07ad99ba3a
Remove unnecessary methods
2014-02-08 15:51:33 -06:00
a70c77c9eb
Handle some more exceptions
2014-02-08 15:51:11 -06:00
325214e37f
Fix bugs and stuff
2014-02-08 15:41:44 -06:00
d1f3afeacc
Correct MSB refs
2014-02-08 13:32:56 +00:00
76f0783eef
Raise error if no domain found or specified
2014-02-08 12:16:48 +00:00
a5cb03e409
Copy Meterpreter return hash
...
Dont add a key if no value is found
2014-02-08 12:12:45 +00:00
6e197ce535
Post get_envs library methods
2014-02-08 11:37:25 +00:00
e8ec6d1062
Rename command name
2014-02-08 03:53:49 -06:00
ee1900c273
progress
2014-02-08 03:29:15 -06:00
b188943bd1
Progress
2014-02-08 02:57:49 -06:00
526bf9f6bc
This should work
2014-02-07 22:17:42 -06:00
bd23fcf4b7
Land #2936 - Windows Command Shell Upgrade (Powershell)
2014-02-07 17:39:06 -06:00
f189b753e5
use more clear syntax for space
...
use 1.gigabyte as kronicdeth suggested, for great awesomeness
2014-02-07 15:52:19 -06:00
56359aa99f
Merge changes from other dev machine
2014-02-07 21:22:44 +00:00
103780c3da
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-07 20:07:04 +00:00
f0fd2f0598
Land #2944 , add platforms to encoders
...
This allows encoders to advertise compatibility with a particular
platform (or more accurately, non-compatibility with everything that
isn't that platform).
See also #2939
2014-02-07 13:38:05 -06:00
36f3a82b5c
A wise man once said do not abuse the power of expand_path
2014-02-07 12:10:58 -06:00
bab9a5522b
You will go deaf with the default volume value. No thanks.
2014-02-07 11:35:57 -06:00
3c3bd11aca
Oh look, more progress
2014-02-07 11:25:20 -06:00
aa3985c5e3
relign attribute tags
2014-02-07 11:04:17 -06:00
5d8dc76f48
put verbose messages to stderr
...
egypt pointed out we'll stomp on the payload output
otherwise. Good catch
2014-02-07 10:22:39 -06:00
2d93b38e2a
Fixed java_signed_applet for Java 7u51
2014-02-07 16:29:50 +01:00
43be99f31b
Save some progress
2014-02-07 03:06:52 -06:00
27d7df554c
Use a single return statement defaulting to nil.
2014-02-06 14:50:59 -05:00
b9fb8decad
Support a (latest) session id of -1.
2014-02-06 14:11:38 -05:00
3a95a169e1
Land #2930 - clipboard monitor for meterpreter
2014-02-06 11:29:22 -06:00
9d9305d2c0
more yardtag cleanup
2014-02-06 11:16:00 -06:00
f66fc15b9e
Add support for webrtc in meterpreter
2014-02-06 10:44:24 -06:00
34c4718e95
more style fixups
...
further kronicdeth appeasement
2014-02-05 18:12:44 -06:00
1bf11e5b92
some alpha-sorting
...
begining to appease KronicDeth
2014-02-05 17:47:32 -06:00
b226ecf591
Add block_api changes to prepend_migrate
2014-02-05 15:32:59 -06:00
ca48fb6590
fix encoding cycle if all encoders fail
...
we need to raise an exception if all encoders fail
2014-02-05 15:25:14 -06:00
1227a47342
fix exe template
...
don't pass an emtpy string for templates
this causes read errors. pass no value instead
2014-02-05 12:10:14 -06:00
508f251db2
add cli compat
...
add cli capability to putut verbose info to the console
2014-02-05 11:00:57 -06:00
293c231dfe
alpha-sort methods for ease
...
lexically sorted methods to make it easier to
look through code
2014-02-04 18:05:03 -06:00
fc9105d862
final generation and specs
...
generation wrapped method complete with specs
2014-02-04 17:52:20 -06:00
4dcae920f8
add specs for generate_java_payload
...
pretty self-explanatory
2014-02-04 17:40:59 -06:00
70d8246791
finish wiring up the final generation
...
formating and main generate methods wired up
still need to add some final tests
2014-02-04 15:52:18 -06:00
bda93c2bbc
Land #2811 - Add generate_war to jsp_shell payloads
2014-02-04 15:06:45 -06:00
80e7ae144b
Use the platform when selecting the payload
2014-02-04 14:34:11 -06:00
a58698c177
Land #2922 , multithreaded check command
2014-02-04 11:21:05 -06:00
0a3cb3377f
AppendEncoder
2014-02-04 15:41:10 +00:00
26c506da42
Naming of follow method
2014-02-04 15:25:51 +00:00
c8b7dc30b4
added encoding routines
...
now has a method for encoding the shellcode
and tests to go with
2014-02-03 17:51:22 -06:00
76515092ce
Small mime changes
2014-02-03 23:28:26 +00:00
595e5fd8b1
Correct mime logic
2014-02-03 21:59:17 +00:00
a8ff6eb429
Refactor send_request_cgi_follow_redirect
2014-02-03 21:49:49 +00:00
83925da2f1
Refactor form_data code
2014-02-03 21:16:58 +00:00
08493f2670
Merge remote-tracking branch 'upstream/master' into upgrade_psh
...
Conflicts:
lib/msf/core/post/file.rb
2014-02-03 18:02:09 +00:00
2ee1764ceb
Add method rhost, rport, and peer for post modules
...
[SeeRM #8761 ]
2014-02-03 01:05:43 -06:00
3b648346da
starting in on encoders
...
added get_encoders method to find propper encoders
started on encode_payload, incomplete
added specs
2014-02-03 00:59:08 -06:00
0d02f6d589
Add support for win shells for file?
2014-02-02 23:37:26 -06:00
4a82bc74cf
added nop sled generator
...
added code to prepend a nop sled
with tests to match
2014-02-02 22:51:12 -06:00
b9e234f62d
Log the size if it doesn't fit
2014-02-02 22:28:23 -06:00
bb5f5542f0
generating raw payload bits now
...
added raw payload generation, arch selection,
and specs for everything thus far
2014-02-02 21:09:17 -06:00
f9c31f988e
test platform selection
...
added tests around platform selection
2014-02-02 16:52:41 -06:00
f5d730e874
write specs around initialiser
...
added specs around object initialisation
2014-02-02 16:05:11 -06:00
e265d6f54c
begining of payload generator
...
started basics of generator
started adding specs
added option to simple framework to disable logging
2014-02-02 14:35:16 -06:00
95eb758642
Initial commit
2014-02-02 19:04:38 +00:00
9fa9402eb2
Better check and better follow redirect
2014-02-02 16:07:46 +00:00
0d3a40613e
Add auto 30x redirect to send_request_cgi
2014-02-02 15:03:44 +00:00
8b33ef1874
Not html its form-data...
2014-02-02 13:57:29 +00:00
9f35407a0c
Add MIME to_html method
2014-02-01 00:37:01 +00:00
4d008ca3f3
Fix ::Interrupt exception handling
2014-01-30 18:57:27 -06:00
9f669a8e39
Make check_multiple() thread-safe
2014-01-30 16:46:36 -06:00
b60398b020
Merge branch 'upstream/master' into clipboard_monitor
...
Conflicts:
lib/rex/post/meterpreter/extensions/extapi/tlv.rb
2014-01-29 23:07:05 +10:00
ad1dce38d2
Final fixes before the monitor PR
2014-01-29 23:04:43 +10:00
2ef0e7e2a5
Small tidy of code
2014-01-29 17:07:06 +10:00
e27707cac3
More tweaking of the clipboard monitor with dump/purge
2014-01-29 14:51:03 +10:00
10ac7a22af
Land #2897 Sane address resolution [FixRM #7259 ]
2014-01-28 23:09:44 +10:00
6435ddd162
loop do this too
2014-01-26 16:35:44 -06:00
0ffacc3420
{ } block this
2014-01-26 16:33:21 -06:00
45bb336c51
Loop do it
2014-01-26 16:27:36 -06:00
eec01e79ff
No explicit "return"
2014-01-26 16:25:30 -06:00
48836b45cf
Last commit before PR
...
Code changes address these feature requests:
[SeeRM #8737 ]
[SeeRM #8752 ]
[SeeRM #8755 ]
2014-01-26 12:15:47 -06:00
a14dddd1ef
Show warning
2014-01-26 12:08:20 -06:00
f0ebd13447
Make sure all threads are killed after interrupt
...
If threads aren't killed, then when the user triggers interrupt,
the console will keep the threads (vuln checks) running, which
looks weird.
2014-01-26 02:49:16 -06:00
6ffb750633
Change Unsupported message
...
Auxiliary modules can use check, too. Not just exploits.
2014-01-26 01:14:11 -06:00
60f1688bb8
Fix option validation
2014-01-26 00:57:02 -06:00
2d12c0a368
NoMethod check and stuff
2014-01-25 20:25:01 -06:00
3bb17dad72
Check argument
2014-01-25 20:10:22 -06:00
33da3a414b
Remove unnecessary options
2014-01-25 13:52:52 +00:00
27a434205c
More flexible domain and DN
2014-01-25 13:17:00 +00:00
7dfd4ab22c
Change default thread count
2014-01-25 01:40:05 -06:00
2046209291
This one looks like is working
2014-01-25 01:27:48 -06:00
216fa4503a
Save progress
2014-01-24 23:32:29 -06:00
93fa58ed45
aux scanner support
2014-01-24 17:54:40 -06:00
08885bde19
Always forget debugging stuff
2014-01-24 23:45:12 +00:00
be1da0e8a8
Move print statement
2014-01-24 23:37:20 +00:00
cb53ca261f
Tidyup logic
...
ADSI doesn't care about distinguished names or domain and can take
either, but legacy API needs a domain for binding and a dn for
searching.
Send nil if we dont know the domain rather than a ptr to an empty
string.
2014-01-24 23:28:08 +00:00
6d9e395d40
Use LPVOID to avoid ptr trunc
2014-01-24 23:27:56 +00:00
856feb82e8
Land #2906 , check a given range
2014-01-24 16:01:57 -06:00
1ff063d7de
Test the object not the class duhhh
2014-01-24 11:46:48 -06:00
37b11ce2e1
Use Class#kind_of? instead of ==
2014-01-24 11:31:04 -06:00
ae13d1f3e6
Grab the default domain to improve ldap
2014-01-24 16:36:37 +00:00
23ba52641b
Revert ldap
2014-01-24 16:25:48 +00:00
9fce617462
Fixup railgun utils
...
Implement DsGetDcNamea to return current domain using example
railgun utils techniques.
2014-01-24 16:22:05 +00:00
3c8d82e363
Ensure the rhost datastore option is restored
2014-01-23 21:12:59 -06:00
4bac297f66
Land #1473 , add LDAP hotness
2014-01-23 18:11:39 -06:00
4b21672b60
Remove hardcoded string
2014-01-23 23:55:09 +00:00
790e4d7559
Move options to mixin
2014-01-23 23:47:46 +00:00
398e8463b1
Add more informative errors
2014-01-23 23:19:00 +00:00
de06480f4f
Add a defined? check to fix older versions of OpenSSL.
...
Older versions of OpenSSL did not export the OP_NO_COMPRESSION constant,
so users running metasploit on systems with old copies of openssl
would throw a NameError since the constant did not exist.
2014-01-23 14:51:47 -06:00
b5f61024c5
Land #2907 , fixes qual asset importer
...
Addresses MSP-9311
2014-01-23 13:32:22 -06:00
b07e87b1d6
Fix nil rhost
2014-01-23 10:33:05 -06:00
256f2b12eb
Land #2894 , @wchen-r7's CheckCode documentation update
2014-01-23 07:31:24 -06:00
c48595f239
Add support to scan a range of IPs for the check command
...
[SeeRM #8737 ] This allows the check command to scan multiple hosts.
2014-01-23 00:37:32 -06:00
58cf7193f9
fixing NameError undefined local variable in an import
2014-01-22 16:54:31 -06:00
9acd0f4b56
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-22 21:46:50 +00:00
636c43dcdc
Land #2736 , basic ADSI support via meterp extapi
2014-01-22 15:24:01 -06:00
90207628cc
Land #2666 , SSLCompression option
...
[SeeRM #823 ], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
83358fbbf0
More work on the clipboard monitor
2014-01-22 22:56:13 +10:00
80452767c8
Comments
2014-01-22 10:24:24 +00:00
156e3c046e
Dont lookup twice
2014-01-22 10:14:56 +00:00
6d6d1e1033
No need to fiddle with naming context
2014-01-22 10:06:36 +00:00
a7d4aa5d46
Merge branch 'upstream/master' into clipboard_monitor
...
Conflicts:
lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
2014-01-22 11:51:10 +10:00
e9ccec4755
Refactor load_session_info
...
All of this code is in sore need of some specs but I think this change
makes it a bit easier to understand what it is supposed to be doing.
2014-01-21 18:55:54 -06:00
0b6e03df75
More comment docs on SSLCompression
2014-01-21 16:48:26 -06:00
b8219e3e91
Warn the user about SSLCompression
2014-01-21 16:41:45 -06:00
720f892e2f
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-21 21:00:51 +00:00
dc4b4218b3
Make {COUNT,SIZE}_MAX more readable
...
Good suggestion, @jlee-r7.
2014-01-21 12:13:14 -06:00
6a16cf96ba
Fix bug in fsupload
...
Badchar analysis: file may contain form feeds.
2014-01-21 11:36:24 -06:00
ac151794f3
Make Meterpreter Session Address Resolution Sane
...
If MSF can not match the visible IP address of a Meterpreter session
to an interface--it will attempt to find an IP address associated
with a default route and use it as the session's address.
This commit fixes the logic associated with this process. The old
logic only considers one IP address per Interface, even though an
Interface may have multiple addresses/masks associated with it.
This flaw led to situations where MSF would favor an IPv6 link-local
address over the IPv4 address associated with the default route,
solely because the IPv4 address was not the first value in the
addresses array.
[FixRM #7259 ]
2014-01-21 00:32:50 -05:00
ea47da5682
Add wiki link "How to write a check() method" to documentation
2014-01-20 20:10:50 -06:00
e48b8ae14c
Use a better term
2014-01-19 16:01:38 -06:00
afd0e71457
Use the term "exploit" is a little more correctly
...
So Metasploit uses the term "exploit" to describe something, a module
or an action, that results popping a shell. A check normally doesn't
pop a shell, so avoid that language.
2014-01-17 13:50:23 -06:00
363c53e14e
Clearify when to use a specific CheckCode
...
An example of the biggest confusion module developers face is not
actually knowing the difference between Detected vs Appears vs
Vulnerable. For example: a module might flag something as a
vulnerable by simply doing a banner check, but this is often
unreliable because either 1) that banner can be fooled, or 2)
the patch does not actually update the banner. More reasons may
apply. Just because the banner LOOKS vulnearble doesn't mean it is.
2014-01-17 13:35:17 -06:00
524bbceb1a
Merge branch 'upstream/master' into ext_server_kiwi
2014-01-17 11:53:07 +10:00
9212013c3e
Add error message support
...
This commit enables returning of error messages based on the HRESULT.
They still aren't nice, but they're better than nothing.
2014-01-17 11:42:07 +10:00
ac9e634cbb
Land #2874 , @mandreko's sercomm exploit fixes
2014-01-16 16:35:32 -06:00
a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules
2014-01-16 15:57:38 -06:00
9bf90b836b
Add environment variables support
2014-01-16 14:53:25 -06:00
0915212249
Fix socket timeout bug
2014-01-16 11:58:37 -06:00
0b9ff43217
Make slice_up_payload easier
2014-01-16 11:03:22 -06:00
f41849c921
Clean CmdStagerEcho
2014-01-16 11:00:57 -06:00
8e1d3c9c2a
Final tweaks for WMI support
2014-01-16 22:02:28 +10:00
69abffaff6
First pass of WMI support
...
Close but more to do.
2014-01-16 13:47:46 +10:00
311704fc0a
Perform final cleanup
2014-01-15 13:49:37 -06:00
870349acd0
Merge branch 'upstream/master' into basic_adsi_support
2014-01-15 19:57:07 +10:00
68ccdc8386
Fix a stack trace when module_payloads.rb is run
...
This fixes a missing check for self.target being nil in the compatible_payloads method
2014-01-13 15:36:33 -08:00
b7b1ddf1e8
Sercomm Exploit module fixes
...
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
2014-01-13 16:58:32 -05:00
4ccf1a4720
Land #2873 , Msf::Handler::ReverseHttp::UriChecksum
2014-01-13 15:38:56 -06:00
41807d7e4e
move rev_http uri checksum code
...
need access to the uri checksum
routines outside of the handler.
moved them to their own mixin
and then mixed into the handler.
added specs also
2014-01-13 15:18:16 -06:00
e6e6d7aae4
Land #2868 , fix Firefox mixin requires
2014-01-13 14:23:51 -06:00
3db143c452
Remove explicit requires for FF payload.
...
Adds ff payload require to msf/core/payload.rb
2014-01-13 13:07:55 -06:00
95a5d12345
Merge #2835 , #2836 , #2837 , #2838 , #2839 , #2840 , #2841 , #2842 into one branch
2014-01-13 10:57:09 -06:00
cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells
2014-01-10 14:29:32 -06:00
0f722cbe6d
Add ext_server_kiwi, which is Mimikatz v2
...
This is a separate extension because the new version doesn't support
as many operating systems as the old version, but it does have more
new features which are really funky.
2014-01-10 16:51:01 +10:00
b43a221959
Land #2855 , Rex::Socket refactor and specs
2014-01-09 16:20:50 -06:00
ba252ec0c3
Use 'unless' instead of 'if not'
2014-01-09 16:01:58 -06:00
f00e5a678b
Land #2854 , #next nil beug fix
2014-01-09 15:39:06 -06:00
c3b1eea5fd
Land #2853 , user survey banner splat
2014-01-23 00:05:25 -06:00
02018077ea
dangit odd number of ]s
2014-01-09 15:15:47 -06:00
7cb6836209
Replace unused var with purpose-revealing comment
2014-01-09 15:07:04 -06:00
27133257a4
Better docs, more accurate var names
2014-01-09 15:05:19 -06:00
20a5bf45f5
Fix beug with #next raising after the end
...
... instead of the old behavior or just returning nil again
2014-01-09 15:03:11 -06:00
25337888b0
Move back the expires date.
2014-01-09 14:51:23 -06:00
fe3fed1dba
Add a link to http://bit.ly/msfsurvey in banner
2014-01-09 14:37:41 -06:00
e4460278d2
Fix the closing brackets on the banner.
2014-01-09 14:37:25 -06:00
1893cbca0e
Land #2843 , RangeWalker resolution failure bug fix
2014-01-09 14:36:32 -06:00
1519af33f5
Refactor `getaddress` in terms of `getaddresses`
2014-01-09 11:03:24 -06:00
85203c2f2a
Land #2823 , @mandreko's exploit module for OSVDB 101653
2014-01-09 10:27:44 -06:00
01f350964f
Add specs for some stuff in Rex::Socket
2014-01-09 10:19:19 -06:00
27f079ad7c
Move {begin,end}_job from libs to modules
2014-01-09 01:03:01 -06:00
025fc79683
Refactor commands for modularity
2014-01-09 01:03:01 -06:00
3fca11e5ac
Replace magic numbers with constants
2014-01-09 01:03:01 -06:00
2f2823e323
Remove newline from end_job to conform to spec
2014-01-09 01:03:01 -06:00
d3bbe5b5d0
Add filesystem commands and new PoC modules
...
This commit also refactors some of the code.
2014-01-09 01:03:01 -06:00
af66310e3a
Address @jlee-r7's comments
2014-01-09 01:03:01 -06:00
bab32d15f3
Address @wchen-r7's comments
2014-01-09 01:03:00 -06:00
1c889beada
Add Rex::Proto::PJL and PoC modules
2014-01-09 01:03:00 -06:00
d2458bcd2a
Code Review Feedback
...
Migrated the Sercomm module to use the CmdStager mixin to provide
uploading of the ELF binary.
Modified the CmdStagerEcho mixin to allow bypass of the "-en " since in
this case, the device messed up when it was used, and would actually
write the "-en " to the file, from some flaky busybox version of "echo".
2014-01-08 22:21:32 -05:00
4bfe6b1b08
Remove pointless checks and add some docs
2014-01-08 14:37:40 -06:00
4ba0020934
Simplify the logic deciding when we're finished
2014-01-08 14:22:44 -06:00
22bdca92f4
Remove the ipv6 attr on Range
...
Makes more sense in the option hash.
2014-01-07 16:52:34 -06:00
9c23910b69
Refactor Socket::Range
...
There was really no reason for it to inherit from Array. Also adds a few
more specs and gets coverage up to a more respectable percentage.
2014-01-07 16:31:55 -06:00
7af8fe9cd1
Catch exceptions in an XSS script and return the error.
2014-01-07 16:23:24 -06:00
fb1a038024
Update async API to actually be async in all cases.
...
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
2014-01-07 16:17:34 -06:00
73e359ede1
Update reverse_tcp.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:06:11 +01:00
e3a3b560e2
Update bind_tcp.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:02:52 +01:00
2ed9772080
Fix unhandled exceptions when resolution fails
2014-01-07 12:00:04 -06:00
3bf728da61
Dont store in DB by default
2014-01-07 12:20:44 +00:00
9d3b86ecf4
Add explicit require for JSON, so msfpayload runs.
2014-01-05 14:58:18 -06:00
e3b90f3c4e
Fix issue with incorrect parameter parsing
...
Code was looking for -s instead of -a when dealing with domain
queries. This commit fixes that.
2014-01-05 20:06:47 +10:00
d00acccd4f
Remove Java target, since it no longer works.
2014-01-04 21:22:47 -06:00
8898486820
Change display message to show actual bind address
...
When running a http/https listener the address:port that was being
shown in the output was that which was passed to the victim as part
of the stager and not the actual listener address:port.
This commit fixes this so that the display is correct.
2014-01-05 11:28:51 +10:00
f2f68a61aa
Use shell primitives instead of resorting to
...
echo hacks.
2014-01-04 19:00:36 -06:00
6034c26fa7
Honor LPORT as callback port for HTTP/S handler
...
This commit completes our quest to (optionally) decouple the stage's
callback parameters from the interface/port our handler binds to.
LPORT is now patched into the stage over ReverseListenerBindPort.
2014-01-04 18:52:19 -05:00
3c9d684759
Cleanup - Remove bind_address from reverse_http.rb
...
This commit removes the now unused bind_address function from
reverse_http.rb. This function returns an array of hosts the handler
should attempt to bind to (e.g., [LHOST value, any])
Other handlers (e.g., reverse_tcp.rb) loop through these values until
they're able to start a server with that bind address.
The HTTP server doesn't work this way. It's setup to try one address
and that's it. It makes sense to have the HTTP server always bind to
0.0.0.0 by default as future modules run by the user may register
resources with the same HTTP server.
2014-01-04 16:02:32 -05:00
6f55579acd
HTTP Handler Bind to 0.0.0.0 or ReverseListenerBindAddress
...
This commit returns the HTTP/S handler to its former semantic glory.
By default the HTTP/S handler will bind to :: or 0.0.0.0. If the
user specifies a ReverseListenerBindAddress then, instead, the
server will bind to that address.
The previous commit to change the URL to always reference LHOST
should go with this too. LHOST is always my intent of where the
stage should call home too. ReverseListenerBindAddress would make
sense as my intent as to where I want to bind to. The two options
shouldn't take on each other's meanings.
2014-01-04 15:50:06 -05:00
f93210ca74
Always Use LHOST for Full URL in HTTP/S Stage
...
Redmine #8726 documents a change where the reverse HTTP/S
tries to bind LHOST and if it can not it does a hard stop
If it's expected that users will use ReverseListenerBind-
-Address then this commit addresses #8726 by patching the
HTTP/S stage with the host provided by the user in LHOST.
Currently ReverseListenerBindAddress (if used) is patched
into the stage. This makes for a broken HTTP/S session if
the user sets this option to 0.0.0.0.
With this commit--users can provide any LHOST they like
and set ReverseListenerBindAddress to 0.0.0.0 and things
will work.
This commit does not attempt to bring the HTTP/S handler
back to the old behavior of falling back to 0.0.0.0 when
it can't bind LHOST. I'd welcome the old behavior but I
leave it to you to decide what makes sense. :)
2014-01-04 15:16:22 -05:00
b9c46cde47
Refactor runCmd, allow js exec.
...
* Updates exec payload to not touch disk
* Adds XSS module that uses hiddenWindow (to avoid X-Frame-Options)
2014-01-04 08:46:57 -06:00
60991b08eb
Whitespace tweak.
2014-01-03 18:40:31 -06:00
a5ebdce262
Add exec payload. Cleans up a lot of code.
...
Adds some yardocs and whatnot.
2014-01-03 18:23:48 -06:00
8fd517f9ef
Fixes shell escaping errors with nested quotes in windows.
2014-01-03 16:14:28 -06:00
bd2033c587
Land #2814 , streaming webcam STDAPI add
2014-01-03 12:09:25 -06:00
13464d0aae
Minor cleanup of firefox.rb.
2014-01-03 01:34:57 -06:00
7961b3eecd
Rework windows shell to use wscript.
2014-01-03 01:29:34 -06:00
5606958320
Resolve require order
2014-01-02 23:46:18 +00:00
ef281bf31d
Adjust the getenv API
...
The getenv call in sys/config was renamed to getenvs and now uses
the splat operator so that arrays don't have to be passed in. A
new function called getenv was added which takes a single argument
and returns a single value back (for ease of use).
2014-01-03 08:05:45 +10:00
f5f18965b9
Move the require to the payloads as ruby and nodejs payloads do
2014-01-02 16:05:03 -06:00
764d0822f6
Use the current msf's naming convention
2014-01-02 15:57:09 -06:00
06fb2139b0
Digging around to get shell_command_token to work.
2014-01-02 14:05:06 -06:00
dc80f30e03
Merge remote-tracking branch 'metasploit-framework/master' into masked-cred-format-update
2014-01-02 11:49:04 -06:00
8d3130b19e
Reorder targets.
2014-01-02 10:48:28 -06:00
9b39ea55ee
Fix comment.{
2014-01-02 10:48:28 -06:00
1f9ac12dda
DRYs up firefox payloads.
2014-01-02 10:48:28 -06:00
694cb11025
Add firefox platform, architecture, and payload.
...
* Enables chrome privilege exploits in firefox to run a javascript cmd
shell session without touching the disk.
* Adds a spec for the addon_generator.
2014-01-02 10:48:28 -06:00
e6823c39c2
Incorrect variable used
2014-01-02 00:50:32 -06:00
2554ad9b79
Land #2800 , lib/msf/base YARD comments
2014-01-01 21:51:54 -06:00
3ad8b0d530
Removed space from readable_text.rb
2013-12-31 16:38:40 -08:00
a1e42e5c16
config.rb typo correction
2013-12-31 16:02:18 -08:00
a979aedd9e
Avoid initial spaces on the JSP
...
So the jsp isn't affected by changes on the framework indentation standards
2013-12-31 08:38:38 -06:00
0725b9c69c
Refactor JSP payloads
2013-12-31 08:27:37 -06:00
92a0ff1096
Add webcam livestream feature for meterpreter
...
[SeeRM #8729 ] - This meterpreter command allows the attacker to observe the target at real-time
by turning their webcam live. There is also a HTML-based player provided, which does not require
a plugin or anything, just open it with a browser. The HTML-based player also allows the attacker
to put livestream on the web (evil? yeah, kind of.)
2013-12-30 18:38:13 -06:00
2f8f46c984
Merge remote-tracking branch 'metasploit-framework/master' into masked-cred-format-update
2013-12-30 13:31:49 -06:00
8986659861
Land #2804 , @rcvalle's support for disasm on msfelfscan
2013-12-30 12:24:22 -06:00
985af3adfe
Update to masked credential format
...
* To support change in Pro export format. Previous format looked
like an XML element, for no reason, failed validation.
2013-12-30 10:59:15 -06:00
b8569a1698
Land #2794 , @Meatballs1's fix for to_exe_jsp on J7u21, [FixRM #8717 ]
2013-12-30 09:28:27 -06:00
39844e90c3
Don't user merge! because can modify self.compat
2013-12-27 16:37:34 -06:00
c1f377fda6
Add disasm option to msfelfscan
2013-12-26 16:26:45 -02:00
e51fab01fc
Doc tag changes based on feedback.
2013-12-26 10:14:41 -08:00
a20e888551
Added YARD tags/comments to readable_text.rb
...
Also fixed a few other tags.
2013-12-25 02:24:26 -08:00
6c871a7e43
Added YARD comments to persistent_storage.rb
...
Also, fixed logging.rb link to Msf::Session
Added --no-private to .yardopts. This will hide anything marked with
@private from the generated documentation.
Previous additions in the msf/base directory and not msf/core.
2013-12-24 19:45:11 -08:00
b07dfc4f44
Added YARD tags to msf/core/logging.rb
2013-12-24 19:42:24 -08:00
ff4e94cd91
Added YARD comments to msf/core/config.rb
2013-12-24 19:42:24 -08:00
9c484dd0a3
Land #2786 - HP SiteScope issueSiebelCmd Remote Code Execution
2013-12-23 02:34:01 -06:00
f112e78de9
Fixes .war file creation
2013-12-22 20:58:21 +00:00
ed838d73a6
Allow targets to specify Compat[ible] payloads
2013-12-19 17:48:15 -06:00
ca23b32161
Add support for Procs in browserexploit requirements.
2013-12-19 12:49:05 -06:00
62ef810e7c
Use Extapi if available
2013-12-19 18:18:47 +00:00
737154c2fe
Update to use extapi
2013-12-19 16:46:09 +00:00
3ef1c0ecd6
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2013-12-19 14:25:07 +00:00
6e43edff4c
Merge in extapi post mixin
2013-12-19 14:25:02 +00:00
244cf3b3f6
Merge remote-tracking branch 'upstream/pr/2736' into enum_ad_perf
2013-12-19 13:59:57 +00:00
cb390bee7d
Move comment.
2013-12-18 20:37:33 -06:00
f411313505
Tidy whitespace.
2013-12-18 20:31:31 -06:00
9ff82b5422
Move datastore options to mixin.
2013-12-18 14:52:41 -06:00
64273fe41d
Move addon datastore options into mixin.
2013-12-18 14:42:01 -06:00
1235615f5f
Add firefox 15 chrome privilege exploit.
...
* Moves the logic for generating a firefox addon into its own mixin
* Updates the firefox_xpi_bootstrapped_addon module to use the mixin
* Module only works if you move your mouse 1px in any direction.
2013-12-18 14:30:35 -06:00
3e54379b0e
Merge remote-tracking branch 'upstream/master' into wmic_post
...
Conflicts:
lib/msf/core/post/windows.rb
2013-12-18 13:40:54 +00:00
687cbe5f60
Shadowcopy should use common wmic command
...
Small fix to ensure output is retrieved (args -> nil)
Modify shadowcopy to use wmic_query
2013-12-18 13:34:50 +00:00
252909a609
Land #2448 , @OJ's ReverseListenerBindPort :)
2013-12-17 11:24:09 -06:00
6ee1a9c6e1
Fix duplicate error
2013-12-17 00:11:37 +00:00
06b399ee30
Remove ERROR_
...
To access as Error::NO_ACCESS
2013-12-16 19:52:11 +00:00
08a44fdfb7
Filename match module
2013-12-16 19:48:17 +00:00
57f2027e51
Move to module
2013-12-16 19:45:52 +00:00
c9084bd2d5
Remove errant fullstops
2013-12-16 18:53:37 +00:00
75c87faaf8
Add Windows Error Codes to Windows Post Mixin
2013-12-16 18:50:18 +00:00
0c5ac0176f
Undo psh net change
2013-12-16 13:43:40 +00:00
dd5b66f827
Undo psh net change
2013-12-16 13:42:37 +00:00
14c0096115
Update template
...
Use Copy instead of memset
Remove | Out-Null
2013-12-16 13:38:14 +00:00
8dfcc8aa77
WaitForThread
2013-12-16 12:44:58 +00:00
637be1bdfa
Should use RIG
2013-12-16 09:19:17 +00:00
0a29176855
Update psh_web_delivery for reflection
2013-12-16 09:08:01 +00:00
7cc99d76ad
Merge remote-tracking branch 'upstream/master' into powershell_auto_arch
...
Conflicts:
lib/msf/util/exe.rb
2013-12-16 09:07:08 +00:00
ca1c887e68
Add missing ]
2013-12-15 01:12:50 +00:00
819ba30a33
msftidy
...
Conflicts:
lib/msf/core/post/windows/services.rb
2013-12-15 01:12:46 +00:00
a930056d7f
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
Conflicts:
lib/msf/core/post/windows/services.rb
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb
2013-12-15 01:12:45 +00:00
284a45a6c5
Convert UTF16 to ASCII
2013-12-14 22:58:16 +00:00
e46b5c9d55
Revert to file io if no EXTAPI
2013-12-14 22:46:22 +00:00
ca5ee7e156
Load extapi before wmic
2013-12-14 22:45:56 +00:00
28f8ac322f
Enable inject
2013-12-14 21:30:52 +00:00
7347cb170c
Revert "Enable DLL injection in msfvenom"
...
This reverts commit 64e6531bbc
2013-12-14 21:26:13 +00:00
b532987b8f
Re-add file out to wmic_command
2013-12-14 20:58:33 +00:00
8d5f298d3d
Clear clipboard first
2013-12-14 20:26:46 +00:00
7902f061ca
Final tidyup
2013-12-14 20:18:14 +00:00
04496a539c
Fix up local wmi exploit.
2013-12-14 20:05:51 +00:00
4224c016f4
Use WaitForSingleObject instead of loop
2013-12-14 18:42:31 +00:00
sinn3r
Joe Vennix
Meatballs
William Vu
OJ
Tod Beardsley
David Maloney
Etienne Stalmans
FireFart
jvazquez-r7
Michael Messner
James Lee
lsanchez-r7
Spencer McIntyre
Matteo Cantoni
grimmlin
Raphael Mudge
HD Moore
Matt Andreko
Niel Nielsen
Samuel Huckins
Timothy Swartz
Ramon de C Valle