infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
22,108 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

181 Commits (57f2027e51a3eace0c9043268e1baf8e0ef70718)

Author SHA1 Message Date
Meatballs 41b1b30438 vba transform 2013-08-23 18:00:19 +01:00
Meatballs 4d21b06f4f Aspx uses transform 2013-08-23 17:22:33 +01:00
Meatballs 1cb1afa50a Fix aspx 2013-08-23 17:09:51 +01:00
Meatballs dd13a7e48f Working .asp 2013-08-23 16:55:07 +01:00
Meatballs 7370fc3f4e vbs transform 2013-08-23 16:26:03 +01:00
Meatballs 5040347521 Fix psh and add powershell transform 2013-08-23 15:59:19 +01:00
Meatballs 418505adc9 Fix psh-net 2013-08-23 15:21:26 +01:00
Meatballs 12b5dbedae Initialize the hash_sub 2013-08-23 14:58:14 +01:00
Meatballs cfd6c66ffd Fix VBS 2013-08-23 14:35:19 +01:00
Meatballs 23a067aab7 Refactor reading of script files and substitution 2013-08-23 13:51:10 +01:00
shellster a6e5e9c61d Updated using limhof-r7 advice 2013-08-21 16:43:10 -07:00
shellster 86a83391fd Merge remote-tracking branch 'upstream/master' 2013-08-21 16:16:20 -07:00
Shelby Spencer 97933c4954 Moving meterpreter scripts out of exe.rb into a templates folder. 2013-08-20 16:49:48 -07:00
sinn3r 92d57ef37d Fix merge conflict 
Conflicts:
	msfvenom
 2013-08-13 00:00:16 -05:00
James Lee ab976ddf8f Fix genarate command in msfconsole 
Thanks @Meatballs1 for spotting
 2013-08-06 14:46:53 -05:00
jvazquez-r7 214f337f58 Fix indentation 2013-07-24 16:55:01 -05:00
Meatballs c221360cc1 Retab 2013-07-24 22:16:41 +01:00
Meatballs edc297756b Tabs 2013-07-24 19:14:11 +01:00
Meatballs 4b84b49674 Fix payload corruption 2013-07-24 19:08:02 +01:00
James Lee 00c7581099 Fix constant names and 'exe-only' 
That'll teach me to commit before the specs finish.

Really [FixRM #8149]
 2013-07-06 12:39:15 -05:00
James Lee 1b504197be Check equality instead of regex 
Thanks, @Meatballs1 for finding the cause of this bug!

[FixRM #8149]
 2013-07-06 12:29:37 -05:00
James Lee e330916744 Pull out common stuff in Util::EXE/MsfVenom tests 2013-07-03 12:25:15 -05:00
James Lee 1466609c86 Add more supported formats to exe generation 
- Already supported, just added calls to the the right methods in
  the .to_executable_fmt method:
  - Linux armle, mipsle, and mipsbe
  - Mac arm, ppc

- makes the two (!?) copies of block_api for windows match more closely
  with the source used elsewhere. This is still needs to be refactored
  to get rid of the duplication.

- Get rid of some of the logic in msfvenom duplicated from Util::EXE
 2013-07-01 17:36:58 -05:00
agix e48cfcae8e delete a debug puts 2013-05-19 19:21:10 +02:00
agix e844247163 Little change in exe-only to work with x64 arch. 2013-05-19 19:01:03 +02:00
Alexandre Maloteaux 2a9dbb2654 msfvenom and exe-small fmt bug fix 2013-05-16 21:13:45 +01:00
scriptjunkie 79a72a18a9 Merge branch 'exe_only_patch' of git://github.com/agix/metasploit-framework 2013-03-27 18:30:07 -05:00
jvazquez-r7 a644ceb016 Added support for mipsbe elf 2013-03-26 17:20:43 +01:00
jvazquez-r7 4fff624632 added initial support for ELF misple 2013-03-26 01:08:31 +01:00
Tod Beardsley bf85545b4d Fix egypt's typo 2013-03-20 17:15:14 -05:00
Tod Beardsley 1873053a34 Restore win32pe as the default (not _only) 2013-03-18 15:55:01 -05:00
Tod Beardsley 3a183ffa94 Retabbed for consistent whitespace 2013-03-18 15:40:26 -05:00
Tod Beardsley 418a373f6c Avoid merge conflict over Id SVN tag 2013-03-18 15:39:16 -05:00
Meatballs b6da5f84bb Refactor 2013-03-17 14:09:00 -04:00
Meatballs 3acb2f561a Retab 2013-03-09 17:59:20 +00:00
Meatballs 465c00c5ff Msftidy msi sections 2013-03-09 17:25:59 +00:00
Meatballs f37d9c2834 Initial commit 2013-03-09 17:24:03 +00:00
James Lee 3fc9b5d636 Doc cleanup 2013-01-28 00:01:45 -06:00
sinn3r 3d3799d38d Ok... even more explicit 2013-01-05 13:39:31 -06:00
sinn3r 4ff186c23d Change the .text-too-small error message. 
The original error message apparently confuses people, and this
can be easily improved.  See the following:
https://community.rapid7.com/thread/2356
 2013-01-05 01:57:41 -06:00
agix 23b6890959 added exe-only options to win32pe generation 2012-10-14 14:23:45 +02:00
HD Moore d656e3185f Mark all libraries as defaulting to 8-bit strings 2012-06-29 00:18:28 -05:00
Alexandre Maloteaux 2eddfa3444 fix bsd ans solaris platform when using encoder too 2012-06-25 03:12:33 +01:00
James Lee 5bf973871c Space at EOF cleanup 2012-05-24 16:28:20 -06:00
Tod Beardsley 7811b0a3fd Landing sempervictus's Powershell features 
Adding the payload generator, but not the post module -- couldn't get a
satisfactory test out of the module (see the comments on #251).

Please open a new request with the post module and a test scenario, like
a sample script or something to drop into /scripts/powershell.

I like the powershell stuff a lot; I imagine it's a popular set of
tools on high-value targets, like workstations of IT people.

[Closes #251]

Squashed commit of the following:

commit 46475c27a2d0a84b62167a65c9a158dfb7c9e755
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri May 18 15:23:22 2012 -0500

    Fixing whitespace on msfvenom case list.

commit 7e4c6613004e9b70e0ba4653e9eaa83470429c7e
Merge: 81a7d62 52183aa
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri May 18 15:06:51 2012 -0500

    Merge branch 'master' into rage-ps

commit 81a7d62c6dab8404c1c0566a8be84c7280edeef8
Author: RageLtMan <rageltman [at] sempervictus>
Date:   Tue Mar 20 20:19:13 2012 -0400

    powershell for msfvenom

commit 672c7bc37ea37a3b111f755ef17fe0c16047e488
Merge: 3e86dc4 ed542e2
Author: RageLtMan <rageltman [at] sempervictus>
Date:   Tue Mar 20 20:08:12 2012 -0400

    exe.rb merge cleanup

commit 3e86dc4c40da1df3d0ff4a9ab6fffe8eeda52544
Author: RageLtMan <rageltman [at] sempervictus>
Date:   Tue Mar 20 20:06:03 2012 -0400

    psh encoder cleanup

commit f619ed477fef7a2830b99ce6a9b27bb523c9d3ce
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Sun Feb 5 13:35:11 2012 -0500

    method call fix for psh-net encoder

commit 7b035e6da0ead328aebbfdf9fbbebed506cdca18
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Fri Feb 3 18:53:54 2012 -0500

    PS encoders: .net and architecture dependent native (psh-net, psh)

commit 7a2749bf2682686a87d37d240e61adece53fba8e
Merge: 32730b9 f89853d
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Fri Feb 3 18:38:03 2012 -0500

    Merge branch 'master' into powershell

commit 32730b96be4c9bd73f1f45b5d2d4330b8fb72cb8
Merge: e69fcd1 f6a6963
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Wed Jan 25 10:33:17 2012 -0500

    Merge branch 'master' of https://github.com/rapid7/metasploit-framework into powershell

commit e69fcd1a83412d6c0c96605b5acf0675e5b07205
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Wed Jan 25 07:59:38 2012 -0500

    msfvenom psh addition

commit 9a5d8ead7e69c40ff5e9a73244165a5685ca47ec
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Wed Jan 25 07:29:38 2012 -0500

    Proper author reference

commit 9fd8ac75a89ca2678b0d09192227eb23f00bf549
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Tue Jan 24 19:07:30 2012 -0500

    Fix script handling

commit fa363dfe965382a9f89ff404398e38e8f164c11a
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Tue Jan 24 17:31:09 2012 -0500

    added Msf::Post::Windows::Powershell, reworked post module to use mixin

commit e078d15b5464ff47ce616334d8cb1aa84a00df33
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Mon Jan 23 13:42:35 2012 -0500

    vprint_good change

commit 355f8bb19a62d974c5c89079dd26dd4cbb756c0a
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Mon Jan 23 12:50:51 2012 -0500

    exec powershell module

commit 5f9509444953f25352c994f90cae8a168878f7ea
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Mon Jan 23 12:45:41 2012 -0500

    powershell encoder support - Redmine Feature #6049
 2012-05-18 16:39:49 -05:00
syndrowm fec2ec37f8 Squashed commit of the following: 
commit fa9b2841cfcb7c833da5454f108f15ad229e6b75
Author: syndrowm <syndrowm@gmail.com>
Date:   Mon Apr 2 17:00:59 2012 -0600

    header files needed to generate solaris and bsd elf executables

commit f03fb2ff97823f3c177f3e1678aec26d92dd16ab
Author: syndrowm <syndrowm@gmail.com>
Date:   Mon Apr 2 16:59:46 2012 -0600

    add functions to allow generating elf executables for bsd and solaris

[Closes #292]
 2012-05-18 10:21:34 -06:00
James Lee 32654b3578 Whitespace at EOL 2012-04-04 09:41:50 -06:00
Matt Andreko 85645a81c1 Added aspx target to msfvenom. This in turn added it to msfencode as well. 
Ref: https://github.com/rapid7/metasploit-framework/pull/188
Tested on winxp with IIS in .net 1.1 and 2.0 modes
 2012-02-25 18:02:56 -05:00
Patroklos Argyroudis a3af2a1868 Spelling error fix 2012-02-06 16:25:56 +02:00
Patroklos Argyroudis f3345eb2b8 Mac OS X x64 binary template support 2012-02-06 15:58:01 +02:00
scriptjunkie ee2823d23b Compatibility - don't assign LongPtr to Long on x64 2012-01-23 22:17:28 -05:00
scriptjunkie c5590a6c40 Add x64 support to VBA in-mem shellcode execution. 2012-01-23 12:43:47 -05:00
scriptjunkie c6f66f6bb4 Add in-memory shellcode execution via VBA macro. 
Keep old embedded exe method as 'vba-exe'.
 2012-01-22 07:23:21 -05:00
Tod Beardsley b6d56e8410 Fixes VBS executable creator util 
Fixes #6152, using booleans instead of ints.

Tip o' the hat to cloder for the MSDN ref:
http://msdn.microsoft.com/en-us/library/aa265018%28v=vs.60%29.aspx

Tested works on winxp and win7 targets via the persistence meterpreter
script.
 2011-12-22 13:13:34 -06:00
James Lee bf105f48cb massive removal of spaces at EOL and some bad tabs 2011-11-20 12:32:06 +11:00
Wei Chen 4f2a0f8c6a Allow more custom settings for creating a .Net control 
git-svn-id: file:///home/svn/framework3/trunk@13546 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-12 19:03:09 +00:00
Matt Weeks 9c3d738b60 Addresses #4781 for signed executables. 
git-svn-id: file:///home/svn/framework3/trunk@13320 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-23 16:38:13 +00:00
Wei Chen e55d2289cd I totally missed this: x64 linux payloads in msfencode should still remain in 64-bit format, not 32. 
git-svn-id: file:///home/svn/framework3/trunk@13140 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-10 06:40:03 +00:00
Wei Chen dfc7f39e1c Modified how function to_linux_x64_elf() loads a template file 
git-svn-id: file:///home/svn/framework3/trunk@13129 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-08 19:24:22 +00:00
Wei Chen 946074feb9 Add a waitFor() function to make sure chmod is finished running. Thx Juan. 
git-svn-id: file:///home/svn/framework3/trunk@13119 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-07 19:40:34 +00:00
Matt Weeks 078d5d7790 Enable rwx exec thread method to generate jump offset off end. (for multipayload) 
git-svn-id: file:///home/svn/framework3/trunk@13056 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-29 01:13:12 +00:00
James Lee e30252df02 add support for the new xml format of .svn/entries 
git-svn-id: file:///home/svn/framework3/trunk@12966 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-17 20:54:42 +00:00
James Lee 8e5311cb61 File.read is not binary safe. replace it with File.open in a few places where it matters. 
git-svn-id: file:///home/svn/framework3/trunk@12957 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-16 22:02:00 +00:00
Wei Chen 56b4a092d6 Added Linux x64 payloads. Modified exe.rb to support elf x64 payloads. 
git-svn-id: file:///home/svn/framework3/trunk@12676 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-20 23:51:19 +00:00
James Lee 9003622af3 fix a typo in the dtd url, thanks tebo for noticing 
git-svn-id: file:///home/svn/framework3/trunk@12674 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-20 16:52:51 +00:00
James Lee d43d542316 re-add elf template support which was inadvertantly reverted in r12600, see #4384 
git-svn-id: file:///home/svn/framework3/trunk@12646 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-17 17:10:55 +00:00
HD Moore 9ce47c01bd Reverting the autoload changes until we can upgrade to a new ActiveSupport library or find a workaround 
git-svn-id: file:///home/svn/framework3/trunk@12600 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-12 20:03:55 +00:00
Joshua Drake fd4e6db85d Fixes 4373, Migrates lib/msf to use autoload instead of require (first try) 
git-svn-id: file:///home/svn/framework3/trunk@12596 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-12 19:07:35 +00:00
James Lee 06779bc8c0 remove unnecessary requires for stuff in rex. autoload and a high-level require 'rex' in lib/msf/core.rb should take care of everything. see #4371, #4373, r12587, and r12554. 
git-svn-id: file:///home/svn/framework3/trunk@12588 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-12 00:53:33 +00:00
James Lee 69d09113b5 use Metasm to parse elf templates and set appropriate header flags for marking .text as rwx, fixes #4384 
git-svn-id: file:///home/svn/framework3/trunk@12579 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-10 21:06:19 +00:00
HD Moore 09f861736a Lets try this without breaking msfpayload 
git-svn-id: file:///home/svn/framework3/trunk@12533 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-03 15:07:27 +00:00
James Lee 1e3df538f9 use more specific config directory for future-proofing. 
git-svn-id: file:///home/svn/framework3/trunk@11574 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-13 18:55:26 +00:00
Joshua Drake 9e03e8a142 fix service name handling 
git-svn-id: file:///home/svn/framework3/trunk@11198 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-02 02:23:27 +00:00
Joshua Drake c5c2b37c8b dont mangle offset 0x88 if using sub_method 
git-svn-id: file:///home/svn/framework3/trunk@11174 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-30 04:53:43 +00:00
James Lee 326dc42bca add EncodedPayload#encoded_exe, encoded_jar, and encoded_war. simplifies exploits that need java and native payloads. see #406 and #3009 
git-svn-id: file:///home/svn/framework3/trunk@10999 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-11 23:01:35 +00:00
HD Moore f69a1190a4 Commit the EICAR Canary check for meddling AVs 
git-svn-id: file:///home/svn/framework3/trunk@10536 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-04 03:07:58 +00:00
Joshua Drake d1de6fde36 remove _old from filename 
git-svn-id: file:///home/svn/framework3/trunk@10428 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 17:07:00 +00:00
Joshua Drake 001a6ffbdb really use simple substitution method, oops 
git-svn-id: file:///home/svn/framework3/trunk@10412 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 02:59:42 +00:00
Joshua Drake eab9c22657 add support for more dll template types 
git-svn-id: file:///home/svn/framework3/trunk@10407 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 02:32:12 +00:00
Joshua Drake 837e6e5075 fix inject support 
git-svn-id: file:///home/svn/framework3/trunk@10406 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 02:19:33 +00:00
Joshua Drake 8e5cf31e9a big exe/dll update, see #2017 
NOTE: These changes specifically affect payload encoding via RPC, "use
payload", and msfencode

1. consolidate user-specified exe generation routine (now
Msf::Util::EXE.to_executable_fmt)
2. supported format types are now queried/checked using arrays
3. cleaned up and standardized exe option passing
4. rename data store options for EXE mixin
5. add generate_payload_exe_service for psexec/smb_relay
6. reworked default template handling in Msf::Util::EXE
  a. added template search path option (not used if template includes
a path separator)
  b. "fallback" flag to enable using default if specified file doesn't
exist
7. added Msf::Util::EXE.to_win64pe_dll
8. improved error messages from exe generation



git-svn-id: file:///home/svn/framework3/trunk@10404 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 00:13:30 +00:00
Joshua Drake bd1eeb3722 rework to_jsp_war a bit, fix uses, default msfencode -t war to x86/win32 
git-svn-id: file:///home/svn/framework3/trunk@10397 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-20 15:59:46 +00:00
Joshua Drake 3c505f4c5d remove loop instruction, it was causing problems when the destination was too far away, fixes #2459 
git-svn-id: file:///home/svn/framework3/trunk@10385 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-20 03:26:41 +00:00
HD Moore 77917c80e6 This should fix #2459 - the "short" qualifiers were not being removed from all asm stubs 
git-svn-id: file:///home/svn/framework3/trunk@10164 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-27 05:11:19 +00:00
HD Moore 7ad4f80014 Add a badchars argument 
git-svn-id: file:///home/svn/framework3/trunk@10094 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-21 07:20:58 +00:00
Joshua Drake 2545410bc7 make exe template names more consistent 
git-svn-id: file:///home/svn/framework3/trunk@10065 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-19 21:08:51 +00:00
Joshua Drake d803cf0ea9 un-break the tree! *facepalm* -- see #2398 
git-svn-id: file:///home/svn/framework3/trunk@10018 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-14 20:52:54 +00:00
Joshua Drake 6c05d425dc change remaining methods to take an opts hash and allow template override for them 
git-svn-id: file:///home/svn/framework3/trunk@10016 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-14 20:40:45 +00:00
HD Moore 7963d65f28 Only allow a single instance of a generated DLL to execute (prevent duplicate sessions, like with LNK) 
git-svn-id: file:///home/svn/framework3/trunk@9871 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-19 23:24:57 +00:00
HD Moore f87b7bc59e Fix up the DLL payloads 
git-svn-id: file:///home/svn/framework3/trunk@9868 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-19 22:13:34 +00:00
HD Moore 16851f56c9 Swizzle. 
git-svn-id: file:///home/svn/framework3/trunk@9796 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-12 21:51:11 +00:00
Joshua Drake 2c91164494 allow x64 payloads to be used with psexec 
git-svn-id: file:///home/svn/framework3/trunk@9565 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-21 03:49:39 +00:00
Joshua Drake 025cfa9286 break to_war out from to_jsp_war 
git-svn-id: file:///home/svn/framework3/trunk@9559 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-18 21:54:33 +00:00
James Lee 4f2c63dae7 add templates for creating linux armle ELFs, thanks Civ 
git-svn-id: file:///home/svn/framework3/trunk@9455 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-09 07:20:21 +00:00
HD Moore 47cea7bbb3 Respin of the service file 
git-svn-id: file:///home/svn/framework3/trunk@9226 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-05 18:25:26 +00:00
Joshua Drake 6fec79926c revert service name string insertion 
git-svn-id: file:///home/svn/framework3/trunk@9079 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-14 22:17:19 +00:00
Joshua Drake 730b27eed1 fixup some of the payload exe generation/templating stuff, add pe/dll template+src 
git-svn-id: file:///home/svn/framework3/trunk@9073 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-14 21:44:23 +00:00
HD Moore 4fe58a8f02 Revert previous exe change 
git-svn-id: file:///home/svn/framework3/trunk@8989 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 05:44:40 +00:00
HD Moore 5f3def5bee License corrections 
git-svn-id: file:///home/svn/framework3/trunk@8982 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-02 21:34:15 +00:00
HD Moore 2efa31cfec Closes #1244 with a caveat. If the template injected calls ExitProcess(), the payload will be killed. This means that -k is not compatible with our default executable 
git-svn-id: file:///home/svn/framework3/trunk@8896 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-24 15:55:24 +00:00