Commit Graph

1982 Commits (50c9293aabb4ca62d2ba80ad3eb9420fe209ce58)

Author SHA1 Message Date
jvazquez-r7 26789fa76c Add JMXPayload binary classes for testing 2015-01-15 17:58:09 -06:00
Brent Cook 47cd5a3e59
Land #4562, wchen-r7's Win8 NtApphelpCacheControl privilege escalation 2015-01-15 13:52:07 -06:00
sinn3r 74e8e057dd Use RDL 2015-01-09 19:02:08 -06:00
OJ dfdf99c8f4 Remove metcli
The metcli.exe binary doesn't get used any more and the source was removed
from Meterpreter ages ago. No point in having it in the repo any more.
2015-01-10 09:21:44 +10:00
Brent Cook ce87b126c1 Update to the latest meterpreter_bins
This removes checked-in sniffer extension in favor of the gem-packaged version.
It also pulls in the changes for verifying #4411
2015-01-09 16:57:10 -06:00
sinn3r fce564cde2 Meh, not the debug build. Should be the release build. 2015-01-08 22:06:07 -06:00
sinn3r 14c54cbc22 Update DLL 2015-01-08 21:36:02 -06:00
sinn3r d3738f0d1a Add DLL 2015-01-08 17:17:55 -06:00
sinn3r 50ecfbf64c
Land #4553 - Update bypass UAC to work on 7, 8, 8.1, and 2012 2015-01-08 16:19:55 -06:00
William Vu 3c4ec1d958
Land #4547, rm data/meterpreter/common.lib 2015-01-08 04:52:29 -06:00
OJ 844460dd87
Update bypass UAC to work on 8.1 and 2012
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.

I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
2015-01-08 15:39:19 +10:00
Brent Cook 32ddd5ccb4 delete unused library from meterpreter dir
common.lib is only used by the build process, not MSF
2015-01-07 16:00:37 -06:00
David Maloney 5480cb81f5
add updated KoreLogic rules to john.conf
updated our shipped john.conf to include a
more up to date version of the KoreLogic JtR rules.
They add overhead to the cracking time but are
probably some of the best/most effective JtR
rules out there.
2015-01-07 12:25:04 -06:00
Brent Cook 7ae56865f1 Update linux meterpreter binaries for rapid7/meterpreter#111
This rebuilds the binaries on Ubuntu 10.04 i386 for metepreter PR #111,
improving the reliability and fixing some bugs in linux process migration.

Tested against Ubuntu 10.04 i386 and Ubuntu 14.04 x86_64:

```
meterpreter > ps
...
 55994  48270  server                   0        bcook       ../metasploit-framework/server
 56009  44199  bash                     0        bcook       -bash
 56094  56009  dummy                    0        bcook       ./dummy

meterpreter > migrate 56094
[*] Migrating to 56094
[*] Migration completed successfully.
meterpreter > sysinfo
Computer     : mint
OS           : Linux mint 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:28:38 UTC 2014 (x86_64)
Architecture : x86_64
Meterpreter  : x86/linux
meterpreter > ps
...
 55994  48270  [server] <defunct>        0        bcook
 56009  44199  bash                      0        bcook       -bash
 56094  56009  dummy                     0        bcook       ./dummy

meterpreter >
```

Verified presence of call stub when debugging a session:

```
(gdb) x/32b 0x61cc28
0x61cc28:	0x90	0x90	0x90	0x90	0x90	0x90	0x90	0x90
0x61cc30:	0x90	0x90	0x90	0x90	0x90	0x90	0x90	0x90
0x61cc38:	0x90	0x90	0x68	0x04	0x00	0x00	0x00	0x68
0x61cc40:	0xff	0xff	0xff	0xff	0xb8	0x5a	0x5a	0x5a
```
2015-01-04 10:47:44 -06:00
jvazquez-r7 69bda63ef6 Update linux meterpreter binaries 2015-01-01 20:05:36 -06:00
jvazquez-r7 dccf189600 Update binaries 2014-12-30 18:39:29 -06:00
Tod Beardsley d3050de862
Remove references to Redmine in code
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Spencer McIntyre 0ee20561d4 Remove file exists check from stdapi_fs_delete_file 2014-12-09 11:03:57 -06:00
Spencer McIntyre 42710cc32e Error messages for the python meterpreter 2014-12-09 11:03:57 -06:00
Christian Mehlmauer 738fc78883
Land #4220, outlook gather post module 2014-12-07 22:41:28 +01:00
Christian Mehlmauer 9187a409ec
outlook post module fixes 2014-12-06 00:28:44 +01:00
Spencer McIntyre 83b0ac0209 Fix stdapi_sys_config_getenv for Python3 2014-12-04 15:58:17 -06:00
Spencer McIntyre 44816b84aa Prefer the pwd module for getuid when available 2014-12-04 15:58:17 -06:00
HD Moore fc96d011ab
Python reverse_http stager, lands #4225 2014-12-02 11:47:31 -06:00
jvazquez-r7 7a2c9c4c0d
Land #4263, @jvennix-r7's OSX Mavericks root privilege escalation
* Msf module for the Ian Beer exploit
2014-11-30 21:13:07 -06:00
jvazquez-r7 7772da5e3f Change paths, add makefile and compile 2014-11-30 21:06:11 -06:00
Meatballs f5f32fac06
Add token fiddling from nishang 2014-11-28 23:02:59 +00:00
Meatballs 48a5123607
Merge remote-tracking branch 'upstream/master' into pr4233_powerdump 2014-11-27 20:08:11 +00:00
Joe Vennix 7a3fb12124
Add an OSX privilege escalation from Google's Project Zero. 2014-11-25 12:34:16 -06:00
Peter Marszalik 830af7f95e identified instances of tabs vs spaces in the original
identified 16 instances in the original code where tab was used vs spaces. updated to keep consistent.
2014-11-25 12:17:43 -06:00
Peter Marszalik 705bd42b41 tab to space change - line 296 2014-11-22 14:48:44 -06:00
Peter Marszalik 900aa9cd6b powerdump.ps1 bug - corrupt hash fix
Fixed the bug where the hashes are not being extracted correctly when LM is disabled and history is enabled. 

Rather than relying on length, LM and NT headers are checked. Four bytes at 0xa0 show if LM exists and four bytes at 0xac show if NT exists. Details on this known issue can be found in the following whitepaper from blackhat:
https://media.blackhat.com/bh-us-12/Briefings/Reynolds/BH_US_12_Reynods_Stamp_Out_Hash_WP.pdf
2014-11-18 23:10:57 -06:00
Spencer McIntyre 2b36c1bb43 Fix pymeterp bugs from testing in osx and python3 2014-11-17 14:04:30 -05:00
HD Moore 1d8b746d89 Adds new TFTP file names, submitted by Chris McNab 2014-11-16 18:47:11 -06:00
Spencer McIntyre 0bf93acf6b Pymeterp http proxy and user agent support 2014-11-16 14:29:20 -05:00
Spencer McIntyre e562883ba9 Escape inserted vars and fix core_loadlib 2014-11-15 15:06:18 -05:00
Spencer McIntyre 7c14e818f6 Patch pymeterp http settings 2014-11-14 17:12:23 -05:00
Spencer McIntyre 681ae8ce6b Pymet reverse_http stager basic implementation 2014-11-14 14:15:46 -05:00
Spencer McIntyre 6b2387b7fc Prepare for a reverse_http stager 2014-11-14 11:15:22 -05:00
jvazquez-r7 c35dc2e6b3 Add module for CVE-2014-6352 2014-11-12 01:10:49 -06:00
William Vu adad3809cc
Rename logo file 2014-11-11 16:07:44 -06:00
Joshua Smith 329ea4fe01 the masterpiece is complete 2014-11-11 15:35:36 -06:00
Spencer McIntyre 7edc248207 Don't fail if username_from_token returns None 2014-11-10 09:15:16 -05:00
Spencer McIntyre 104841babf Add getsid to the python meterpreter 2014-11-08 20:57:24 -05:00
sinn3r c2391bf011 Add an R in /Info for the trailer dictionary to make it readable 2014-11-05 22:28:37 -06:00
sinn3r 1b2554bc0d Add a default template for CVE-2010-1240 PDF exploit 2014-11-05 17:08:38 -06:00
jvazquez-r7 f43a6e9be0 Use PDWORD_PTR and DWORD_PTR 2014-10-31 17:35:50 -05:00
jvazquez-r7 8e547e27b3 Use correct types 2014-10-31 12:37:21 -05:00
HD Moore 9b61ae5f63 This is halloween.
THISISHALLOWEEN=1 ./msfconsole
2014-10-30 23:35:12 -05:00
jvazquez-r7 6574db5dbb Fix the 64 bits code 2014-10-30 17:01:59 -05:00
jvazquez-r7 03a84a1de3 Search the AccessToken 2014-10-30 12:17:03 -05:00
OJ 908094c3d3 Remove debug, treat warnings as errors 2014-10-28 09:04:02 +10:00
OJ 0a03b2dd48 Final code tidy 2014-10-28 08:59:33 +10:00
William Vu 626cd55b5e
Land #4073, improved banner selection 2014-10-27 14:20:10 -05:00
Spencer McIntyre 04a99f09bb
Land #4064, Win32k.sys NULL Pointer Dereference 2014-10-27 14:01:07 -04:00
jvazquez-r7 042d29b1d6 Compile binaries in house 2014-10-27 12:18:33 -05:00
jvazquez-r7 4406972b46 Do version checking minor cleanup 2014-10-27 09:32:42 -05:00
jvazquez-r7 0aaebc7872 Make GetPtiCurrent USER32 independent 2014-10-26 18:51:02 -05:00
jvazquez-r7 34697a2240 Delete 'callback3' also from 32 bits version 2014-10-26 17:28:35 -05:00
Spencer McIntyre 7416c00416 Initial addition of x64 target for cve-2014-4113 2014-10-26 16:54:42 -04:00
Spencer McIntyre 91dc875af5 Remove seemingly useless file among banners 2014-10-24 13:11:58 -04:00
Spencer McIntyre c1a61e3b4e Support an MSFLOGO env var and logo enumeration 2014-10-24 13:07:28 -04:00
Spencer McIntyre 82f41d56a6 Add [user_]logos_directory to Msf::Config 2014-10-24 10:52:05 -04:00
Joshua Smith 34f29f218c really resolve merge conflicts 2014-10-23 21:51:33 -05:00
jvazquez-r7 a75186d770 Add module for CVE-2014-4113 2014-10-23 18:51:30 -05:00
jvazquez-r7 bf8dce574a Add ppsx template 2014-10-16 17:55:22 -05:00
William Vu 056ee4f207
Land #3958, kill command for pyterp 2014-10-07 10:58:37 -05:00
Spencer McIntyre 766a69e310 Add sys_process_kill to the python meterpreter 2014-10-07 10:10:22 -04:00
James Lee a65ee6cf30
Land #3373, recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
Spencer McIntyre 7da22d064d Remove an unnecessary var and fix process_close 2014-10-02 20:52:45 -04:00
sinn3r 135bed254d Update BrowserExploitServer for JSObfu 2014-09-20 17:59:36 -05:00
Joe Vennix 87aeac2b13
Fix syntax error in os.js, specs ftw. 2014-09-12 11:01:08 -05:00
Joe Vennix 8e091b6da0
Add support for ff 29 - 32 feature. 2014-09-11 22:01:36 -05:00
Tod Beardsley 4fc1ec09c7
Land #3759, Android UXSS, with ref/desc fixes
Incidentally, this also closes jvennix-r7#14 (let's see if I can close a
PR by merging from another repo!)

Also fixes #3782 (opened by accident).
2014-09-11 14:27:51 -05:00
Joe Vennix 7793ed4fea
Add some common UXSS scripts. 2014-09-09 02:31:27 -05:00
Tom Sellers 288a891665 Add the 'guest' IPMI user
The 'guest' IPMI user exists on many Cisco Unified Computing Server (UCS) implementations.
2014-09-01 07:01:06 -05:00
Brandon Turner 05f0d09828
Merge branch staging/electro-release into master
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master.  Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63 and
82760bf5b3).

We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3).

This merge commit merges the staging/electro-release branch
(62b81d6814) into master
(48f0743d1b).  It ensures that any changes
committed to master since the original squashed merge are retained.

As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
Brandon Turner 19ba7772f3
Revert "Various merge resolutions from master <- staging"
This reverts commit 149c3ecc63.

Conflicts:
	lib/metasploit/framework/command/base.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/require.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/smb/smb_login.rb
	msfconsole
2014-08-22 10:17:44 -05:00
HD Moore 6d92d701d7 Merge feature/recog into post-electro master for this PR 2014-08-16 01:19:08 -05:00
Samuel Huckins 149c3ecc63
Various merge resolutions from master <- staging
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
joev af3ca19ab2
Land #3501, @AnwarMohamed's android meterpreter commands. 2014-08-09 16:29:59 -05:00
Brandon Turner 91bb0b6e10 Metasploit Framework 4.9.3-2014072301
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
 iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
 mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
 6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
 gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
 783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
 /lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
 BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
 zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
 yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
 W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
 aJ0QgKJz8thZgafZc89I
 =e1z9
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
 gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
 qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
 ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
 CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
 olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
 pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
 F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
 tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
 z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
 8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
 AjGcfOzhhcsY+WAQ7OG+
 =Pjob
 -----END PGP SIGNATURE-----

Merge tag '2014072301' into staging/electro-release

Conflicts:
	Gemfile.lock
	modules/post/windows/gather/credentials/gpp.rb

This removes the active flag in the gpp.rb module.  According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
Joe Vennix 2b46e76e85
Recompiled again. 2014-07-27 22:23:26 -07:00
Joe Vennix ae1f498aae
Check in new android binaries. 2014-07-27 13:22:12 -07:00
Sam 8cabc753a9 Replace hpricot by nokogiri 2014-07-17 00:14:07 +02:00
David Maloney 52a29856b3
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-16 09:38:44 -05:00
OJ 77be5d3e0a
Land #3520 : Update Linux Meterpreter Binaries
Includes fixes for the sniffer which stop it breaking on x64 and make
it work with the `any` interface.

[FixRM #6355]
2014-07-15 09:27:30 +10:00
James Lee de22aeba41
Land #3481, meterpreter bins 2014-07-14 15:57:52 -05:00
jvazquez-r7 31c447e217 Update binaries 2014-07-14 08:50:30 -05:00
jvazquez-r7 074632043f Update meterpreter binaries 2014-07-10 16:36:48 -05:00
Tod Beardsley 038d1e210a
Merge upstream/master to deconflict.
Conflicts:
	Gemfile.lock
2014-07-09 17:43:42 -05:00
AnwarMohamed 34dcb609e2 android extension 2014-07-08 04:52:06 +02:00
David Maloney aeda74f394
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-07 16:41:23 -05:00
OJ bdf27b1834 Fix up the TLVs that are now QWORD values in MSF
Various values were adjusted to become QWORD values in MSF an windows
meterpreter, but the changes were not ported over to python, php and
java. This commit fixes this inconsistency.
2014-07-07 10:42:58 -05:00
HD Moore ab7848a895
Merge master for testing of #2809 2014-07-06 22:27:58 -05:00
HD Moore 43d65cc93a Merge branch 'master' into feature/recog
Resolves conflicts:
	Gemfile
	data/js/detect/os.js
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
James Lee 41cd5527c8
Close the server socket in php bind stager
This was previously left dangling, which leaves the port open, but
doesn't do anything with subsequent connections.
2014-07-03 16:52:09 -05:00
James Lee 9246f7a0ce
Strip the NULL that PHP no longer strips
As of PHP 5.5.0, unpack("a", ...) no longer strips the NULL byte from
the end of the string. A new format specifier, Z, was introduced to
perform the old behavior, but we don't have a good way to test for its
existence. Instead, just remove it with str_replace
2014-07-03 15:58:05 -05:00
Tod Beardsley 8b63d3d467 Revert the revert of #3446
This reverts commit 9b35b0e13a.

This should not land on master until the Metasploit Pro folks (@trosen-r7
and friends) get their Meterpreter path specifications working the
same way as Framework's does.
2014-06-29 17:22:21 -05:00
David Maloney b680674b95
Merge branch 'master' into staging/electro-release 2014-06-27 11:55:57 -05:00
sinn3r ce5d3b12e7
Land #3403 - MS13-097 Registry Symlink IE Sandbox Escape 2014-06-26 13:48:28 -05:00
sinn3r 0b6f7e4483
Land #3404 - MS14-009 .NET Deployment Service IE Sandbox Escape 2014-06-26 11:45:47 -05:00
Chris Doughty 9b35b0e13a Revert "Land #3446 -- Meterpreter bins gem switch" due to build failures
This reverts commit bba8bd3498, reversing
changes made to 002234993f.
2014-06-25 13:24:07 -05:00
Tod Beardsley fbb6808b1a
Re-add common.lib and ext_server_sniffer DLLs
These are not currently included in meterpreter_bins. Figure this out
with @cdoughty-r7 , probably just an oversight.
2014-06-19 16:10:22 -05:00
Tod Beardsley 88b482118d
Remove local Meterpreter Windows binaries 2014-06-19 16:05:53 -05:00
James Lee b606448976
Merge branch 'feature/MSP-9689/jtr_cracker' into staging/electro-release 2014-06-19 10:14:57 -05:00
navs 1c5cfeebb3 adding template and src for elf 64 shared object payload target 2014-06-19 00:38:16 -05:00
David Maloney 41f7bc1372
add common root words wordlist
this adds a new wordlist to the data directory.
This wordlist is compiled from statistical analysis of
common Numeric passwords and Common rootwords across
6 years of colleted password breach dumps. Every word in
this list has been seen thousands of times in password
breaches
2014-06-14 14:13:59 -05:00
Tod Beardsley af9028e867
Add Meterpreter bins for PR76
These are the binaries generated for rapid7/meterpreter#76 , against
commit 2776adb8b91d9967983033c0e770c46a10a68002

These bins are need to make #3416 actually functional
2014-06-12 14:29:40 -05:00
sinn3r 2a7227f443
Land #3427 - Adds webcam module for firefox privileged sessions on OSX 2014-06-11 22:27:25 -05:00
Meatballs d868294d5b
MEM_RESERVE too 2014-06-08 17:37:57 +01:00
jvazquez-r7 9d08ebe273 Fix VirtualAlloc call on PSH old template 2014-06-08 11:09:03 -05:00
joev a33de66da4 Fix transparent background, add VISIBLE option. 2014-06-06 16:52:00 -05:00
joev d990fb4999
Remove a number of stray edits and bs. 2014-06-06 16:24:45 -05:00
joev 7c762ad42c Fix some minor bugs in webrtc stuff, inline API code. 2014-06-06 16:18:39 -05:00
Brandon Turner d9a5002bd3
Merge branch 'release'
Updates meterpreter bins and closes #3425 and #3423.
2014-06-05 17:33:11 -05:00
Tod Beardsley 97a70e49c8
Roll back the jar/py changes 2014-06-05 17:31:02 -05:00
Tod Beardsley 737f06f600
Add Meterpreter bins for release branch.
This contains the same bins as #3423, but it is targeted at the release
branch for rapid7/metasploit-framework.
2014-06-05 17:17:32 -05:00
William Vu 6c7fd3642a
Land #3411, Python 3.[34] Meterpreter support 2014-06-03 11:34:22 -05:00
jvazquez-r7 b8a2cf776b Do test 2014-06-03 09:52:01 -05:00
jvazquez-r7 05ed2340dc Use powershell 2014-06-03 09:29:04 -05:00
jvazquez-r7 f918bcc631 Use powershell instead of mshta 2014-06-03 09:01:56 -05:00
jvazquez-r7 7f4702b65e Update from rapid7 master 2014-06-02 17:41:41 -05:00
Tod Beardsley d0d389598a
Land #3086, Android Java Meterpreter updates
w00t.
2014-06-02 17:28:38 -05:00
jvazquez-r7 4840a05ada Update from rapid7 master 2014-06-02 17:17:00 -05:00
Spencer McIntyre b84297980d Pymeterpreter use print_exc and not print_exception 2014-06-02 16:50:54 -04:00
OJ d2b8706bd6
Include meterpreter bins, add Sandbox builds
This commit contains the binaries that are needed for Juan's sandbox
escape functionality (ie. the updated old libloader code). It also
contains rebuilt binaries for all meterpreter plugins.

I've also added command line build scripts for the sandbox escapes
and added that to the "exploits" build.
2014-05-31 08:12:34 +10:00
Spencer McIntyre 77eac38b01 Pymeterpreter fix processes_via_proc for Python v3 2014-05-30 16:32:03 -04:00
Spencer McIntyre 4f5ab2c596 Pymeterpreter support process channels for Python v3 2014-05-30 14:35:47 -04:00
Spencer McIntyre e2cc2fece0 Pymeterpreter update win reg functions for python v3 2014-05-30 10:51:36 -04:00
jvazquez-r7 1dbd36a3dd Check for the .NET dfsvc and use %windir% 2014-05-30 09:02:43 -05:00
Spencer McIntyre 04e94b0c07 Fix meterpreter and file tests for Python v3.4 on Win 2014-05-29 16:42:28 -04:00
Spencer McIntyre 15dc33591b In pymeterpreter use a MeterpreterFile obj for Py v3 2014-05-29 15:09:09 -04:00
Spencer McIntyre d8dcfd8f41 Update pymeterpreter netlink to support python3 2014-05-29 13:48:15 -04:00
jvazquez-r7 e145298c13 Add module for CVE-2014-0257 2014-05-29 11:45:19 -05:00
jvazquez-r7 6e122e683a Add module for CVE-2013-5045 2014-05-29 11:42:54 -05:00
Spencer McIntyre 145776db4d Add a DEBUGGING option to the python meterpreter 2014-05-29 10:52:49 -04:00
Spencer McIntyre 15b1c79039 Adjust whitespace and set bytes to str for Python 2 2014-05-28 16:30:27 -04:00
HD Moore eda8a90cea Fix merge issues with os.js 2014-05-19 13:04:36 -05:00
HD Moore ddc8a4f103 Merge branch 'master' of github.com:rapid7/metasploit-framework into feature/recog 2014-05-19 11:42:30 -05:00
Tonimir Kisasondi 9b29c572a7 Comments dont work with auth_brute.rb 2014-05-18 21:14:17 +02:00
Tonimir Kisasondi c9bb2d5165 Added headers to files 2014-05-18 20:55:50 +02:00
Tonimir Kisasondi 97b63d708c Corrected naming to be in line with msf convention 2014-05-18 18:18:23 +02:00
Tonimir Kisasondi 7d79f8a4c2 Removed wrongly named list. 2014-05-18 18:15:17 +02:00
Tonimir Kisasondi d7bf66973c Fixed userpass delimiters. 2014-05-18 18:13:03 +02:00
HD Moore a844b5c30a Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
Tonimir Kisasondi 6ec926b573 Added separate users/pass/userpass dictionaries 2014-05-18 10:18:07 +02:00
Tonimir Kisasondi af82ae262c Added a large default password list for services. 2014-05-16 23:27:18 +02:00
jvazquez-r7 5fd732d24a Add module for CVE-2014-0515 2014-05-07 17:13:16 -05:00
sinn3r 6bfc9a8aa0
Land #3333 - Adobe Flash Player Integer Underflow Remote Code Execution 2014-05-05 10:39:26 -05:00
OJ 7e37939bf2
Land #3090 - Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei) 2014-05-04 16:41:17 +10:00
jvazquez-r7 b4c7c5ed1f Add module for CVE-2014-0497 2014-05-03 20:04:46 -05:00
Meatballs 06c8082187
Use signed binary 2014-05-02 14:45:14 +01:00
James Lee 4bd2dabfcd
Land #3121, new kiwi extension, with compiled bins
See also rapid7/meterpreter#79
2014-04-29 17:53:37 -05:00
jvazquez-r7 60e7e9f515 Add module for CVE-2013-5331 2014-04-27 10:40:46 -05:00
sinn3r 5c0664fb3b
Land #3292 - Mac OS X NFS Mount Privilege Escalation Exploit 2014-04-24 13:43:20 -05:00
Joe Vennix 143aede19c
Add osx nfs_mount module. 2014-04-23 02:32:42 -05:00
jvazquez-r7 acb12a8bef Beautify and fix both ruby an AS 2014-04-17 23:32:29 -05:00
jvazquez-r7 91d9f9ea7f Update from master 2014-04-17 15:32:49 -05:00
jvazquez-r7 749e141fc8 Do first clean up 2014-04-17 15:31:56 -05:00
jvazquez-r7 abd76c5000 Add module for CVE-2014-0322 2014-04-15 17:55:24 -05:00
joev 0b23fc2c40 Revert "Use actual vars so that jsobfu can randomize."
This reverts commit b9284c5635.
2014-04-11 16:51:29 -05:00
sinn3r 68a50e3663
Land #3224 - Fixes large-string expansion in JSObfu 2014-04-10 12:09:22 -05:00
Joe Vennix b9284c5635 Use actual vars so that jsobfu can randomize. 2014-04-09 16:56:10 -05:00
Spencer McIntyre 85197dffe6 MS14-017 Word RTF listoverridecount memory corruption 2014-04-08 14:44:20 -04:00
joev 2e4c2b1637 Disable Android 4.0, add arch detection.
Android 4.0, it turns out, has a different echo builtin than the other androids.
Until we can figure out how to drop a payload on a 4.0 shell, we cannot support it.

Arch detection allows mips/x86/arm ndkstagers to work, unfortunately
x86 ndkstager was not working, so it is disabled for now.
2014-04-07 09:44:43 -05:00
sinn3r 4d69f80728 Update explib2.js
Remove a few lines
2014-04-02 23:07:29 -05:00
jvazquez-r7 74554ed805
Land #3174, @wchen-r7's object detection for ie11 2014-04-02 15:27:13 -05:00
jvazquez-r7 577bd7c855
Land #3146, @wchen-r7's flash version detection code 2014-04-02 15:13:41 -05:00
sinn3r 5ffcfb22fa Add object detection for IE11
While working on some stuff with IE11, I realized this is very
necessary.
2014-04-02 02:21:16 -05:00
HD Moore 7e227581a7 Rework OS fingerprinting to match Recog changes
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.

This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
sinn3r 389ad7aca3
Land #3155 - Explib2 2014-03-28 18:31:40 -05:00
sinn3r 4f5944cfb8 Add JavaScript detection for Adobe Flash 2014-03-28 14:31:21 -05:00
jvazquez-r7 ce02f8a7c5 Allow easier control of sprayed memory 2014-03-28 11:58:41 -05:00
jvazquez-r7 b0bbe3f6a9 Add explib2 with some fixes into metasploit 2014-03-28 10:44:13 -05:00
sinn3r 4c44f69e86 Undo the IE8/IE7 objection detection 2014-03-27 15:01:03 -05:00
sinn3r fc1432fe53 This is probably the right way to do it for ie7/8 2014-03-27 13:53:24 -05:00
sinn3r 9c54421679 Update IE8/IE7 object detection 2014-03-27 13:34:07 -05:00
sinn3r 8df96a419b Make IE10 detection safer for older IEs 2014-03-27 13:31:15 -05:00
sinn3r 1f90115c8f Add default detection for IE 9 and IE 10
How it's done:

On IE10, which should come first before the IE 9 check, the nodeName
function always returns the name in uppercase.

One IE9, the "Object doesn't support property or method" error always
repeats the name of the invalid method.
2014-03-27 00:15:36 -05:00
joe 46f7e6060f Add the updated bins from timwr. 2014-03-25 09:39:53 -07:00
joe c71d52e769 Merge branch 'pr-android-bins' of https://github.com/jvennix-r7/metasploit-framework into new-android-bins 2014-03-25 09:35:25 -07:00
sinn3r 8c707b20e0 Add support for specific builds of MSIE 9 on Win 7 SP1
These IE9 versions are vulnerable to MS14-012 (see #3120). If we don't
add them, then os_detect might recognize the target as IE 8, and fail.
2014-03-19 21:54:36 -05:00
Tod Beardsley 05436dc2c5
Refresh binaries for Meterpreter
This includes:

rapid7/meterpreter#69
rapid7/meterpreter#70
rapid7/meterpreter#75
rapid7/meterpreter#77
rapid7/meterpreter#78

As of commit: 45bcbd13a1e0215647f6a61631652b686931bba8
2014-03-19 08:57:04 -05:00
joev 8e4708b51b Add support for firefox 28. 2014-03-18 11:26:24 -05:00
OJ 409787346e
Bring build tools up to date, change some project settings
This commit brings the source into line with the general format/settings
that are used in other exploits.
2014-03-14 22:57:16 +10:00
James Lee 6438b9372c
Land #3067, python meterp net.config additions 2014-03-13 13:03:43 -05:00
Tod Beardsley 6309c4a193
Metasploit LLC transferred assets to Rapid7
The license texts should reflect this.
2014-03-13 09:47:52 -05:00
Spencer McIntyre 5ea26688d7 Fix a syntax error for Python 2.4 2014-03-11 15:22:52 -04:00
Spencer McIntyre f3493ce220 Merge branch 'master' into pymeterpreter-net
Conflicts:
	data/meterpreter/ext_server_stdapi.py
2014-03-11 15:15:02 -04:00
Spencer McIntyre e874223421
Land #3083, fix pymet when ctypes isn't available 2014-03-11 14:31:44 -04:00
Joe Vennix 679cb03ac3 Yank armeabi-v7a bins. 2014-03-11 13:09:50 -05:00
sinn3r b431bf3da9
Land #3052 - Fix nil error in BES 2014-03-11 12:51:03 -05:00
James Lee b87c2dca0b
Use older hash modules when hashlib isn't there 2014-03-11 12:25:54 -05:00
Tim 4f31eba7f4 android payload golf 2014-03-10 21:50:00 -05:00
joe 66ff5998a5 New multi-arch stagers. 2014-03-10 21:49:56 -05:00
joe 60b5191873 New meterpreter bins for testing. 2014-03-10 21:49:14 -05:00
joe 667bed8905 New multi-arch stagers. 2014-03-10 18:50:27 -07:00
James Lee 75c94cc5d7
Derp 2014-03-10 16:30:55 -05:00
James Lee e508079aff
Don't crash when ctypes isn't available 2014-03-10 16:10:24 -05:00
joe 6616d36d63 New meterpreter bins for testing. 2014-03-07 13:21:30 -08:00
kyuzo 2a1e96165c Adding MS013-058 for Windows7 x86 2014-03-06 18:39:34 +00:00
Joe Vennix 05067b4e33 Oops. Need to init the profile before accessed. 2014-03-06 11:48:54 -06:00
Joe Vennix 3d7bc6c589 Remove form_post.js. 2014-03-05 23:35:54 -06:00
William Vu 096d6ad951
Land #3055, heapLib2 integration 2014-03-05 15:48:13 -06:00
Spencer McIntyre 1dea1c030e Add interface support via OSX SystemConfiguration 2014-03-05 13:59:13 -05:00
Joe Vennix 5790547d34 Start undoing some work. 2014-03-04 17:01:53 -06:00
Spencer McIntyre 0834102e2b Support tcp server channels and add a python MeterpreterSocket 2014-03-04 13:31:29 -05:00
Joe Vennix 3360f7004d Update form_post vars, add Expires to cookie. 2014-03-03 23:29:02 -06:00
Spencer McIntyre 7111e8aa59 Support retrieving interface information via GetAdaptersAddresses 2014-03-03 21:01:16 -05:00
Joe Vennix 6825fd2486 Whitespace tweaks and cleanup. 2014-03-02 19:57:48 -06:00
Joe Vennix 46f27289ed Reorganizes form_post into separate file. 2014-03-02 19:55:21 -06:00
Joe Vennix e8226f9d40 Use a keyed cookie. Moves AJAX call to a form post. 2014-03-02 19:47:24 -06:00
sinn3r 8cf5c3b97e Add heaplib2
[SeeRM #8769] Add heapLib2 for browser exploitation
2014-03-02 11:47:18 -06:00
Spencer McIntyre 699e534149 Add missing return statement. 2014-03-02 00:18:46 -05:00
Spencer McIntyre 1c9390c9cf Support retrieving interface information via windows mib functions. 2014-03-02 00:17:00 -05:00
Spencer McIntyre 733a86ec74 Support retrieving interface information via netlink. 2014-03-01 22:34:38 -05:00
Spencer McIntyre 284d99aa6c Add pymeterp TLV types for additional network functions. 2014-02-28 13:56:51 -05:00
jvazquez-r7 8922f6457b
Land #3045, @wchen-r7's fix for browser autopwn 2014-02-28 12:55:32 -06:00
Spencer McIntyre 99e272e463 Return true in EOF when tell() > stat.st_size 2014-02-27 20:45:38 -05:00
David Maloney 9d9149d9d8
remove some dead code paths
refactor some dead conditionals and a case/switch
that wasn't doing anything
2014-02-27 11:45:57 -06:00
sinn3r 0c3891c0f9 Add more IE targets 2014-02-27 11:01:03 -06:00
sinn3r 151646156d Check navigator.oscpu for FF
If we don't check navigator.oscpu, IE 11 is detected as FF.
2014-02-27 10:54:38 -06:00
David Maloney 2e512abd31 put new binaries in place
after cleaning up the source a bit and
updateing it for 2013, compiled new BINs.
These BINS avoid almost all current AV detections
and have been tested to ensure they still work.
2014-02-23 15:24:55 -06:00
Meatballs 7877589537
Delete correctly 2014-02-23 02:47:13 +00:00
Meatballs 6127ff92ce
Fix race condition
Wait for Sysprep to ExitProcess before cleaning up the DLLs...
2014-03-03 23:41:25 +00:00
Meatballs 2a6258be15
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
Conflicts:
	external/source/exploits/make.bat
2014-02-28 20:26:24 +00:00
Meatballs 8bdb22aeb9
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
Conflicts:
	lib/msf/core/post/windows.rb
2014-02-25 22:15:05 +00:00
David Maloney b1dfed8577
rebuilt template DLLs
x86 dll template was way out of date and
did not match the x64 tempalte. rebuilt them both
2014-02-25 15:34:42 -06:00
David Maloney 3c773f031c
add new binaries compiled from latest src
compiled and added new binaries to make sure
most up to date source is used
2014-02-25 14:06:57 -06:00
David Maloney 289580777c remove unneccsary logging elements
update soloutions for VS2013
remove the CLogger
Remove Print Usage
this removes unneccsary strings that can
be used to easily identify our executable
2014-02-20 20:00:19 -06:00
jvazquez-r7 4ca4d82d89
Land #2939, @Meatballs1 exploit for Wikimedia RCE and a lot more... 2014-02-18 17:48:02 -06:00
Tod Beardsley 8e0a4aaa58
Land #2983, webcam_chat for Meterpreter 2014-02-18 13:43:42 -06:00
sinn3r e8f95c6cc0 Change error msg 2014-02-18 00:02:16 -06:00
sinn3r 608f800274 Support error handling in the message box 2014-02-18 00:01:44 -06:00
scriptjunkie 022c52d087
Added bundling to handle many sessions at once. 2014-02-15 15:37:22 -06:00
scriptjunkie a6a731c8ee Keep stage until replaced, nil check, prettify. 2014-02-15 15:21:16 -06:00
scriptjunkie 5f7a0e162c Add reverse_hop_http stager and handler 2014-02-15 15:21:16 -06:00
Spencer McIntyre 3299b68adf
Landing #2767, @Meatballs1 Powershell Reflective Payload 2014-02-14 16:12:46 -05:00
sinn3r 00ba0b5208
Land #2987 - Add ff 27 support to os.js 2014-02-13 15:20:53 -06:00
Joe Vennix 51f3ab1690 Add ff 27 support to os.js 2014-02-12 15:32:47 -06:00
sinn3r 750ce3c4db Make server configurable 2014-02-11 23:07:43 -06:00
sinn3r 7eb20a37d4 offerer's interface gets a makeover 2014-02-11 19:43:52 -06:00
sinn3r 2bb15d3a87 answerer's interface gets a makeover 2014-02-11 02:15:22 -06:00
sinn3r 1114913298 Automatically turn on webcam in Firefox 2014-02-10 17:05:08 -06:00
Meatballs a87f604c98
Merge remote-tracking branch 'upstream/master' into mediawiki 2014-02-10 21:43:56 +00:00
sinn3r 575ee09b77 Change messages 2014-02-10 14:59:44 -06:00
jvazquez-r7 3d4d5a84b6
Land #2957, @zeroSteiner's exploit for CVE-2013-3881 2014-02-10 13:59:45 -06:00
jvazquez-r7 78e1683f2d Add binary compiled on vs2013 2014-02-10 13:52:27 -06:00
sinn3r 93ef3c784d Update some JavaScript and other things 2014-02-08 22:23:19 -06:00