infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
44,128 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

192 Commits (52f56527d80b1435c85d832f559d967417c6d007)

Author SHA1 Message Date
OJ 237827bfdc Fix up payload cached sizes again 
This time it's against the currently "installed" version of Meterpeter
binaries. When Meterpreter is landed down the track we'll need to make
sure that the payload sizes are updated again.
 2015-05-12 12:44:34 +10:00
OJ 69d2b8ffb1 Various code format, style changes, file moves 
As per Egypt's suggestions.
 2015-05-12 09:43:41 +10:00
OJ fe51f552b8 Make stageless, and reverse_tcp x64 non-dynamic 2015-05-12 07:37:12 +10:00
benpturner a97f24a12d Update payload cached sizes 2015-05-11 10:00:14 +01:00
benpturner c0388a770e Update cached sizes 2015-05-10 22:01:30 +01:00
benpturner c916021fc5 SSL Support for Powershell Payloads 2015-05-10 21:45:59 +01:00
OJ 232117117b Fix missing includes 
The powershell one broke thanks to include hierarchy changes. The others
failed in the specs only for some reason.
 2015-05-05 14:24:21 +10:00
OJ cf62d1fd7c Remove patch and old stageless stuff 2015-05-05 09:27:01 +10:00
OJ b42f4f5cd2 Merge branch 'upstream/master' into multi-transport-support 
Conflicts:
	lib/msf/core/payload/windows/stageless_meterpreter.rb
	lib/msf/core/payload/windows/x64/stageless_meterpreter.rb
	lib/rex/post/meterpreter/client_core.rb
	modules/payloads/stages/linux/x86/meterpreter.rb
	modules/payloads/stages/windows/meterpreter.rb
	modules/payloads/stages/windows/x64/meterpreter.rb
 2015-05-05 07:53:54 +10:00
OJ c2dc4677fb Prevent stagless from overwriting socket 
Stageless payloads need to have the socket FD left along (ie. 0)
otherwise each of them will think that the socket is already open.
Instead we need to make sure it's left as 0 as per the configuration and
from there the stageless code will fire up a new socket based on the
transport in question.
 2015-05-04 22:36:59 +10:00
OJ e835f2b99c Rejig transport config into module 
Adjust a few other things along the way, including tidying of code,
removing of dead stuff.
 2015-05-04 22:04:34 +10:00
Brent Cook 6058dee99a explicitly require bind_tcp/reverse_tcp modules 
This transient error was noted in the release documentation builder.

metasploit-framework/modules/payloads/singles/windows/powershell_bind_tcp.rb:37:in
   `initialize': uninitialized constant Msf::Handler::BindTcp (NameError)
 2015-04-27 20:57:31 -05:00
HD Moore f56eac7f10 Cosmetic cleanup and binary mode read for powershell script 2015-04-26 15:57:51 -05:00
benpturner f2c745d2a7 update cached sizes 2015-04-26 20:24:41 +01:00
benpturner d19406c593 Update the payload cache size 2015-04-26 18:56:32 +01:00
benpturner 1cc167a7fb Inserted ARCH_X86 payloads, removed interactive_powershell and updated base powershell session 2015-04-26 18:50:42 +01:00
benpturner e6c61c461e Updated payloads and fixed msftidy. 2015-04-26 09:20:29 +01:00
benpturner a02ea90824 New payloads which work with cmd 2015-04-25 16:49:22 +01:00
benpturner 7afb6e1aa6 Removed stand-alone payloads and will push these as a seperate fork request. 2015-04-25 07:57:43 +01:00
benpturner 6be2c0beab Dynamic 2015-04-25 07:49:34 +01:00
benpturner 2273fb541a payload cached_sizes 2015-04-25 07:33:51 +01:00
benpturner 215e67bcbd Updated comments 2015-04-25 07:02:25 +01:00
benpturner 941a4ee572 updated cached size using tools/update_payload_cached_sizes.rb 2015-04-24 19:13:54 +01:00
benpturner 9e137c6403 ref 2015-04-23 23:28:33 +01:00
benpturner 468166408e ref 2015-04-23 23:28:21 +01:00
benpturner 3711b2579c new powershell session 2015-04-23 23:13:12 +01:00
benpturner 0f7442dec2 new powershell session 2015-04-23 23:12:58 +01:00
benpturner b6abd9dc8e updates to rex 2015-04-23 22:14:11 +01:00
benpturner a3710752c6 updates to rex 2015-04-23 22:14:00 +01:00
benpturner 99156f1247 reverse payload 2015-04-22 20:41:45 +01:00
benpturner 4ae3c5925d bind payload 2015-04-22 20:41:35 +01:00
OJ 9fd40870d0 Update http(s) generator functions 
Methods now require a hash. I went with the hash because 1) that's what
we seem to use everywhere else, and 2) I couldn't get the new keyword
arguments working nicely with the block syntax (I'm clearly stupid).
 2015-04-08 07:56:54 +10:00
OJ 8f58e08c13 Add support for stageless reverse_http payloads 
This includes both x64 and x86.
 2015-04-07 11:01:24 +10:00
HD Moore c9696d3f6c Merge in stageless/transport work, deconflict 2015-04-04 11:52:26 -07:00
HD Moore 34ff94e0da Fix the proxy user/pass options 2015-03-31 15:49:43 -05:00
HD Moore a39ba05383 Functional Payload UUID embedding via PayloadUUIDSeed 2015-03-31 15:44:18 -05:00
OJ 253e5d7dff Include correct module, remove specified encoder type 2015-03-31 07:23:51 +10:00
OJ c28cc66398 Add x64 bind_tcp and reverse_ipv6_tcp 
Also fix up a couple of modules to use Metasploit4 instead of
Metasploit3.
 2015-03-30 18:59:30 +10:00
OJ 26792975eb Refactor of code to reduce duplication 
Add mixin for the stageless http preparation
 2015-03-30 13:18:56 +10:00
OJ f8851551c5 Add initial x64 stageless meterrpeter module 2015-03-30 11:23:51 +10:00
OJ ce8f6d72e1 More work on x64 stageless 
Testing with HD's new changes that allow for generation of larger x64
payloads
 2015-03-30 09:51:04 +10:00
OJ 17dc2b184d Merging upstream/master 2015-03-30 09:12:20 +10:00
OJ 24d74b26e3 Beginning work for stageless x64 meterpreter 2015-03-24 06:50:06 +10:00
OJ 9c9d333a1b Create verify ssl mixin, adjust some formatting 2015-03-23 13:21:08 +10:00
oj@buffered.io fd4ad9bd2e Rework changes on top of HD's PR 
This commit removes duplication, tidies up a couple of things and puts
some common code into the x509 module.
 2015-03-20 13:06:57 +10:00
OJ 7b4161bdb4 Update code to handle cert validation properly 
This code contains duplication from HD's PR. Once his has been landed
this code can be fixed up a bit so that duplication is removed.
 2015-03-20 12:52:47 +10:00
Brent Cook abb8a32e68 update spec for dynamic meterpreter payloads 2015-03-16 18:08:13 -05:00
OJ 35cfdf051a Add support for meterpreter_reverse_ipv6_tcp 
New payload added, makes use of existing functionality.
 2015-03-13 20:15:31 +10:00
OJ 345b5cc8e1 Add stageless meterpreter support 
This commit adds plumbing which allows for the creation of stageless
meterpreter payloads that include extensions. The included transprots at
this point are bind_tcp, reverse_tcp and reverse_https, all x86.

More coming for x64. Will also validate http soon.
 2015-03-12 13:22:04 +10:00
HD Moore 02509d02e4 The result of running ./tools/update_payload_cached_sizes.rb 2015-03-09 15:31:04 -05:00
sinn3r 2c0c732967 Fix #4414 & #4415 - exitfunc and proper null-terminated string 
This patch fixes the following for messagebox.rb

Issue 1 (#4415)
When exitfunc is none, the payload will not be able to generate
due to an "invalid opcode" error.

Issue 2: (#4414)
After "user32.dll" is pushed onto the stack for the LoadLibrary
call, the payload does not actually ensure bl is a null byte, it
just assumes it is and uses it to modify the stack to get a
null-terminated string.

Fix #4414
Fix #4415
 2014-12-19 03:19:06 -06:00
HD Moore 92490ab5e8 Singles updated from the source 2014-12-13 12:22:07 -06:00
Tod Beardsley 79f2708a6e
Slight fixes to grammar/desc/whitespace 
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
 2014-12-04 13:11:33 -06:00
HackSys Team 4a4608adbc Add format_all_drives shellcode for Windows x86_x64 2014-11-27 23:06:54 +05:30
HackSys Team 8473ed144a Add format_all_drives shellcode for Windows x86_x64 2014-11-27 14:13:49 +05:30
HackSys Team f5633ba3c3 Add format_all_drives shellcode for Windows x86_x64 2014-11-26 20:29:25 +05:30
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
Meatballs 2be6b8befe
Remove bind hidden handler 2014-06-07 14:34:20 +01:00
root 3c95c021d0 Reference added 2014-03-10 12:17:20 +01:00
root 1fda6b86a1 Changed cmp eax by inc eax. Saved one byte 2014-03-10 12:13:10 +01:00
root b4a22aa25d hidden bind shell payload 2014-02-20 16:19:40 +01:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat 
[SeeRM #8496]
 2013-10-15 13:51:57 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
Raphael Mudge 1cc49f75f5 move flag comment to where it's used. 2013-03-03 03:26:43 -05:00
Raphael Mudge ecdb884b13 Make download_exec work with authenticated proxies 
Adds INTERNET_FLAG_KEEP_CONNECTION to HttpOpenRequest flags to allow
download_exec to transparently authenticate to a proxy device through
wininet.

Fun trivia, Windows 7 systems uses Connection: keep-alive by default.
This flag benefits older targets (e.g., Windows XP).
 2013-03-03 01:42:17 -05:00
scriptjunkie 52251867d8 Ensure Windows single payloads use payload backend 
This means the singles that define their own assembly will use the payload backend to generate it.
 2013-01-18 16:34:39 -06:00
Christian Mehlmauer 8f2dd8e2ce msftidy: Remove $Revision$ 2013-01-04 00:48:10 +01:00
Christian Mehlmauer 25aaf7a676 msftidy: Remove $Id$ 2013-01-04 00:41:44 +01:00
Raphael Mudge 482846942a Fix: download_exec appends an extra / to request 
The download_exec module parses the provided URL and appends an
unnecessary, nay--damaging I say!!!! '/' to the parsed URI. This
renders the module unusable for those who want a payload to
download and execute a file.

Before and after access.log snippets are in the redmine ticket

http://dev.metasploit.com/redmine/issues/7592
 2012-12-12 14:01:31 -06:00
sinn3r 8648d21b3c Merge branch 'dns_txt_query_exe' of git://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-dns_txt_query_exe 2012-11-16 11:52:57 -06:00
corelanc0d3r 0bf92b5d97 improved payload dns_txt_query_exec 2012-11-13 00:55:32 +01:00
corelanc0d3r cad7eb0130 renamed and optimized download_exec payload 2012-11-13 00:02:49 +01:00
sinn3r b46fb260a6 Comply with msftidy 
*Knock, knock!*  Who's there? Me, the msftidy nazi!
 2012-08-07 15:59:01 -05:00
HD Moore 6cdd044e10 Remove a buggy payload that doesn't have NX support 2012-07-12 12:15:57 -05:00
sinn3r 3f0431cf51 Massive whitespace destruction 
Remove whitespace found at the end of the line
 2012-06-06 00:36:17 -05:00
sinn3r 2565888ec5 Change how we handle the password complexity failure 2012-06-03 13:13:44 -05:00
Chris John Riley a51df5fc3a Altered description to include information on the password complexity check 
Altered the default password to meet the complexity checks

Note: The complexity checks (even if they fail) don't prevent the payload from running. At this point it only raises an warning and continues on. I can change this if it's more desirable however!
 2012-06-03 09:22:48 +02:00
Chris John Riley ea66deb779 Added WMIC and complexity checks 2012-06-02 19:41:12 +02:00
HD Moore 1a30e221a0 See #362 by changing the exitfunc arguments to be the correct type 2012-05-07 02:42:29 -05:00
James Lee dd7bc23d16 Whitespace 2012-05-02 18:06:39 -06:00
Tod Beardsley e651c9ba3b Grammar on dns_txt_query_exec payload name and desc 2012-03-28 14:33:24 -06:00
sinn3r cfc0fdac7d Cosmetic cleanup 2012-03-28 14:29:31 -06:00
corelanc0d3r 1501cf1932 probably safer to use regex 2012-03-28 14:29:31 -06:00
Tod Beardsley 31228ed65a Comment indentation 2012-03-21 15:21:10 -05:00
Peter Van Eeckhoutte 89d7363a8f fixed crash 2012-03-21 10:39:05 +01:00
Peter Van Eeckhoutte f81730a7e1 changes to the way jmp to payload is done 2012-03-21 09:52:22 +01:00
corelanc0d3r 45ef7fc35d reset author 2012-03-20 20:43:56 +01:00
Peter Van Eeckhoutte a3035dc6d0 Adding corelandc0d3r's http/https/ftp payload 
Picks up the one http/https/ftp payload, but not the other two DNS
payloads listed as part of the original pull request.

[Closes #173]
 2012-03-19 16:50:59 -05:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
scriptjunkie 9fe18cdc86 Add x64 LoadLibraryA payload. Because it should exist. 2012-01-17 21:16:26 -06:00
sinn3r 8eee54d1d0 Add e-mail addr for corelanc0d3r (found it in auxiliary/fuzzers/ftp/client_ftp.rb) 2012-01-09 14:23:37 -06:00
Joshua Drake 62c8c6ea9f big msftidy pass, ping me if there are issues 
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-23 11:56:13 +00:00
Wei Chen 76ea2ea2a3 That was weird. Id didn't set. Trying again. 
git-svn-id: file:///home/svn/framework3/trunk@13403 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-29 02:31:18 +00:00
Wei Chen 9f80b8d862 These modules forgot to do svn propset 
git-svn-id: file:///home/svn/framework3/trunk@13402 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-29 02:28:46 +00:00
HD Moore 3e0f3639ef This adds a quick windows/loadlibrary payload for folks who have a need for such things. The library path can be a UNC location and works fine over WebDAV... 
git-svn-id: file:///home/svn/framework3/trunk@12765 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-30 03:44:59 +00:00
Mario Ceballos 631af16d9f revert back. 
git-svn-id: file:///home/svn/framework3/trunk@11900 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-08 22:48:39 +00:00
Mario Ceballos 54382c6080 patch recieved from Peter Van Eeckhout 
git-svn-id: file:///home/svn/framework3/trunk@11898 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-08 22:23:13 +00:00
Joshua Drake a944cbc50d style compliance fixes 
git-svn-id: file:///home/svn/framework3/trunk@11612 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-20 20:40:47 +00:00