Commit Graph

288 Commits (598fdb5c509ff43298eb741b9fc6d78a9773778a)

Author SHA1 Message Date
James Lee 2d0d7b4470 777 is not the same as 0777
Fixes a bug where meterpreter created directories with absurd
permissions on posix (777 = 01411 = dr----x--t).
2012-03-02 13:16:52 -07:00
James Lee fbc8e25aaa Add the new stdapi/net TLVs to java 2012-02-29 20:31:12 -07:00
James Lee 14dfcce63a Add the MTU when it's available
This doesn't work on 1.4, but I'm not Java-savvy enough to figure out
how to only compile it for 1.4, so do a ghetto try-catch block in case
the method doesn't exist.
2012-02-29 20:30:03 -07:00
James Lee 4a5d7debd5 Add the usleep back in
MM convinced me.
2012-02-29 02:20:23 -07:00
James Lee ed3700b5da Fix a few more compiler warnings 2012-02-28 08:23:35 -07:00
James Lee 98157475af Fix a type-safety warning 2012-02-28 08:17:39 -07:00
James Lee ae37f74864 Fix a couple of warnings and a typo 2012-02-28 08:16:06 -07:00
James Lee a80056e6e5 Get rid of an unnecessary sleep() 2012-02-24 16:42:12 -07:00
MM f83a7f14ac Switch to netlink for listing interfaces
* Adds support for listing IPv6 addresses on POSIX meterpreter
* Ensures crash logs are only created if debugging is enabled
* Fixes a bug in sniffer where a lock was not acquired correctly

Squashed commit of the following:

commit 955124b264a675c7d67187703bf23b58f0aba6d8
Author: MM <gaspmat@gmail.com>
Date:   Thu Feb 23 23:42:26 2012 +0100

    posix meterpreter - IPv6 support for route and ipconfig using netlink sockets

[Closes #196]
2012-02-24 16:42:12 -07:00
James Lee 0ef8d8bb3a Ensure the dir exists before copying files there
Thanks MM for pointing out that this was missed.  The other dirs
referenced in #183 were addressed in 134b6c874f

[Closes #183]
2012-02-22 20:54:20 -07:00
James Lee c39f14591f No need for pcap in stdapi anymore
Pcap used to be required for the ipconfig command but since the fix
for #6328, it is no longer necessary.

[See #6328]
2012-02-18 12:46:13 -07:00
James Lee 134b6c874f Ensure output paths exist for compiled object files
Fixes build on clean checkout
2012-02-18 11:42:27 -07:00
James Lee a0bbbb0b7d Compile pcap without libnl since bionic doesn't have headers
Fixes build on systems that have libnl installed.
2012-02-18 11:41:09 -07:00
James Lee 8e8188d752 Add the missing include that broke Windows build
I swear I committed this before...

[See #6372]
2012-02-15 11:51:00 -07:00
James Lee 64cf8bb7ee Fix brokenness with the debug target
If a test returns false, make exits.  Duh.

[Fixes #6343]
2012-02-14 16:56:48 -07:00
James Lee bd86bfc6d5 Remove redundant __FUNCTION__ references in dprintf calls
From the Department of Redundancy Department.
2012-02-13 18:40:25 -07:00
James Lee 3e61fc1154 Adds a depclean target
Don't blow away libc with the "clean" target because I'm tired of
rebuilding everything.
2012-02-13 17:59:01 -07:00
James Lee 9e814bdf19 Whitespace cleanup 2012-02-13 15:21:01 -07:00
James Lee 60706033f4 Remove unnecessary -gstabs and fix a logic error
This drops the sniffer extension to a size of around 55k bytes.
2012-02-10 15:57:01 -07:00
James Lee 13c231afbc Really set the flag so we don't strip later
Oversight from last commit
2012-02-10 15:57:01 -07:00
James Lee d44c7896b6 Add a 'debug' target for posix meterpreter build
This new target adds debugging symbols and doesn't strip binaries. New
bins are considerably bigger, but may be more helpful when diagnosing
problems or adding new features.

[Fixes #6343]
2012-02-10 15:57:01 -07:00
James Lee fc088fa379 Don't use the verboten 127.0.0.1
Alleviates some unnecessary headaches with the database
2012-02-10 15:57:01 -07:00
James Lee b5dc50968b Simplify creation of .h files from libs
Suffix rules are awesome.
2012-02-10 15:57:00 -07:00
James Lee 3d1c8ae383 Fix another errant use of dprintf 2012-02-08 16:45:12 -07:00
Joshua J. Drake 1a6cbd2bf0 Fix another dprintf from #6334, oops 2012-02-06 11:42:12 -06:00
Joshua J. Drake 4b2d8f88e8 Fix dprintf statements in meterpreter C src #6334 2012-02-06 11:38:14 -06:00
Joshua J. Drake d6616cd8a9 Fix up posix meterpreter rtld/Makefile rule 2012-02-06 11:28:59 -06:00
James Lee e045accfc3 Refactor interface listing
[See #6328]
2012-02-02 00:14:38 -07:00
James Lee 026c24c184 Replace the root-only pcap iface listing technique
Leaks memory, will remedy momentarily

[See #6328]
2012-02-02 00:14:38 -07:00
James Lee 10bd708a69 Just rm libpcap add re-extract instead of cleaning
It's faster.
2012-02-02 00:14:38 -07:00
James Lee c56d326368 Use the proper dirsep and allocate correctly
Thanks, mm__ for the bug report and the patch!

[Fixes #6322]
2012-01-31 17:31:15 -07:00
James Lee ba50f84229 More i386 and -m32 fixes for compiling meterpreter
This should be the last change necessary to compile a 32-bit meterpreter
from a 64-bit build host.

See #6268
2012-01-31 10:12:42 -07:00
James Lee e48da7b7db Merge branch 'stat-struct-fixes'
Conflicts:
	data/meterpreter/ext_server_stdapi.lso
2012-01-27 19:07:27 -07:00
James Lee e0a312e38d Get the return values in the right place
This should convert stat values to something portable enough to work on
POSIX and Windows.

Fixes #6294
2012-01-27 18:56:01 -07:00
James Lee 628f85cea3 Add -m32 and -march=i386 to the Jam build for bionic
This is hopefully the last thing that needs to be fixed up for i386
compatibility.

See #6268
2012-01-27 18:02:37 -07:00
James Lee 5bc1701a5a Ensure make.sh returns success 2012-01-27 17:20:36 -07:00
James Lee e7b15180d1 Add clean targets for openssl and libpcap
Also, a 'really-clean' target that does everything
2012-01-27 17:20:36 -07:00
James Lee 289dc81d60 Add -m32 to all the Makefiles
This is in an attempt to get it compilation working on 64-bit hosts.
2012-01-27 17:20:36 -07:00
James Lee 1a187c00aa Add a platform-independent stat struct
This should help with various issues on linux
2012-01-27 17:13:46 -07:00
James Lee 5be58513f9 Ensure make.sh returns success 2012-01-27 16:37:48 -07:00
James Lee 8108bf888e Add clean targets for openssl and libpcap
Also, a 'really-clean' target that does everything
2012-01-27 16:33:27 -07:00
James Lee abf031f224 Add -m32 to all the Makefiles
This is in an attempt to get it compilation working on 64-bit hosts.
2012-01-27 15:14:47 -07:00
James Lee 10237f7c12 Changes openssl/build.sh to create its own target
This should ensure we build everything for i386 and only link the lib
files we mean to.  Also no longer builds any of the superfluous openssl
executables since all we need are the .so files.

See #6268
2012-01-25 17:54:13 -07:00
James Lee e928efaa8c Force gcc to compile for i386
Makes meterpreter for linux work on older CPUs.

Fixes #6268
2012-01-23 15:20:36 -07:00
Matt Buck 16f45fc894 Add empty directories from svn repo. 2011-11-09 18:41:40 -06:00
Matt Weeks a82adb14f9 Allow boolean options of true and True as well as 0 and 1.
git-svn-id: file:///home/svn/framework3/trunk@13796 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-26 19:16:02 +00:00
Matt Weeks ab4026cfb5 And do the same for pivoted PXE attacks.
git-svn-id: file:///home/svn/framework3/trunk@13780 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-23 16:16:47 +00:00
Matt Weeks 10bf0fbe84 Whoops. Reset would be reset, not stop.
git-svn-id: file:///home/svn/framework3/trunk@13752 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-18 20:26:09 +00:00
Matt Weeks 6853221762 Fixes #5313 by adding logging support to pivoted PXE attacks, and displaying results as the module runs.
git-svn-id: file:///home/svn/framework3/trunk@13646 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-27 15:46:49 +00:00
Matt Weeks 06c3dabe31 Fixes #5312 for pivoted PXE attacks.
git-svn-id: file:///home/svn/framework3/trunk@13634 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-25 02:07:35 +00:00
Matt Weeks 53e43fa847 whoops. Use these, not the dhcpserv.cpp/h
git-svn-id: file:///home/svn/framework3/trunk@13633 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-25 01:41:57 +00:00
HD Moore 521b95b0c2 This fixes garbled characters in lsass hashdump on some platforms
git-svn-id: file:///home/svn/framework3/trunk@13582 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 05:09:49 +00:00
Matt Weeks b2733c04db More PXE dust for extra magic!
git-svn-id: file:///home/svn/framework3/trunk@13493 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-05 17:10:27 +00:00
James Lee 0f95070f3f add a request type for grabbing the host's directory separator, fixes #4892
git-svn-id: file:///home/svn/framework3/trunk@13346 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-26 20:51:33 +00:00
James Lee 6b1dfd5908 meterpreter compiles on modern linux! see #2418
git-svn-id: file:///home/svn/framework3/trunk@13333 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-25 07:59:51 +00:00
James Lee dd84169187 tell the linker to make DT_HASH sections instead of DT_GNU_HASH which msflinker can't handle
git-svn-id: file:///home/svn/framework3/trunk@13332 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-24 23:50:55 +00:00
James Lee 5c5861cc9b add a 'clean' target
git-svn-id: file:///home/svn/framework3/trunk@13328 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-24 19:25:19 +00:00
HD Moore 75bef2b98a Apply a diff to fix bad ifdef usage
git-svn-id: file:///home/svn/framework3/trunk@13324 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-23 20:31:58 +00:00
HD Moore 47eb4cbd86 Add an ifdef around the wininet setup routine
git-svn-id: file:///home/svn/framework3/trunk@13323 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-23 20:16:19 +00:00
James Lee 3c261c346f add support for java/meterpreter/reverse_http. assuming i didn't miss any files, fixes #4946, thanks mihi!
git-svn-id: file:///home/svn/framework3/trunk@13213 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 23:15:06 +00:00
James Lee cdeacc85f3 fix some incorrect arguments to memset, thanks sbz for noticing.
git-svn-id: file:///home/svn/framework3/trunk@13123 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-07 23:14:44 +00:00
James Lee f01d29e4a5 add support for absolute paths, fixes #4874
git-svn-id: file:///home/svn/framework3/trunk@13108 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-06 21:35:51 +00:00
HD Moore 8816d2135f Merge in changes from thelightcosine that add RegLoadKey/RegUnloadKey support
git-svn-id: file:///home/svn/framework3/trunk@13089 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-02 04:03:23 +00:00
HD Moore e9bb388593 Use size_t instead of int
git-svn-id: file:///home/svn/framework3/trunk@13063 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-29 06:35:44 +00:00
HD Moore 35801febd7 Lets try this again, POSIX style
git-svn-id: file:///home/svn/framework3/trunk@13061 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-29 06:30:24 +00:00
HD Moore 96ff575998 Add md5/sha1
git-svn-id: file:///home/svn/framework3/trunk@13060 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-29 06:12:15 +00:00
HD Moore dc1e42af2c Make sure empty replies are take into account for the session keep alive
git-svn-id: file:///home/svn/framework3/trunk@13052 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-28 21:22:48 +00:00
HD Moore 80643cc152 Adds a remote shutdown api
git-svn-id: file:///home/svn/framework3/trunk@13050 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-28 18:11:17 +00:00
HD Moore c1935eda06 Re-add the missing SendRequest, make migrate work
git-svn-id: file:///home/svn/framework3/trunk@13048 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-28 17:25:37 +00:00
HD Moore c53899f9b7 Clean a few things up
git-svn-id: file:///home/svn/framework3/trunk@13046 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-28 07:40:32 +00:00
HD Moore 3bb2a2d07f Rework this for compatibility with older OSs
git-svn-id: file:///home/svn/framework3/trunk@13045 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-28 07:30:48 +00:00
HD Moore fdfaf5b17b Merge in some recent meterpreter work, still a ways off before this is ready to use.
git-svn-id: file:///home/svn/framework3/trunk@13044 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-28 05:57:36 +00:00
HD Moore 46eb182d81 Adds support for connecting to remote registry services with the current processes' credentials. See #1894
git-svn-id: file:///home/svn/framework3/trunk@12923 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-12 00:00:56 +00:00
HD Moore 662840404f Fixes #4296 by merging in David Maloney's registry patch. The ruby side will be merged once the new binaries are in SVN
git-svn-id: file:///home/svn/framework3/trunk@12920 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-11 23:04:25 +00:00
HD Moore 46dbaae454 Check the correct counter before bailing, this would cause a segmented header to kill the session. Pointed out by an anonymous contributor (new bins once the rest of the pending merge work is finished).
git-svn-id: file:///home/svn/framework3/trunk@12918 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-11 22:53:04 +00:00
HD Moore 69b684ad0c Remove an unused variable
git-svn-id: file:///home/svn/framework3/trunk@12917 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-11 22:43:31 +00:00
HD Moore 3833d2a098 Fix up the sniffer build environment, add the pivot project to the solution (even though its not part of the OSS tree).
git-svn-id: file:///home/svn/framework3/trunk@12916 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-11 22:42:59 +00:00
James Lee 30bc742740 merge mihi's patch for adding ps and audio recording to java meterpreter, fixes #3898
git-svn-id: file:///home/svn/framework3/trunk@12372 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-19 22:39:25 +00:00
James Lee 758da50090 use the correct length for copying arguments, fixes #3526, thanks mihi!
git-svn-id: file:///home/svn/framework3/trunk@11700 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-02 21:26:29 +00:00
Stephen Fewer 41e5a4c61d Fix for #3482, the empty value occurs when no service pack is present. The fix simply tests for this. Also remove the two unused params on the _snprintf call.
git-svn-id: file:///home/svn/framework3/trunk@11542 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-11 14:29:16 +00:00
Matt Weeks 599df0a71a Fix error with recording on certain Windows versions.
git-svn-id: file:///home/svn/framework3/trunk@11311 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-12 20:12:03 +00:00
Matt Weeks 61242f3c2c Catch invalid webcam frame requests.
git-svn-id: file:///home/svn/framework3/trunk@11160 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-29 02:23:01 +00:00
Matt Weeks 2e72926638 Add audio (microphone) recording support to stdapi.
git-svn-id: file:///home/svn/framework3/trunk@11087 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-22 00:32:39 +00:00
Matt Weeks 560c1847c3 Properly return error if no webcams present (instead of killing session).
git-svn-id: file:///home/svn/framework3/trunk@11041 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-14 19:59:31 +00:00
Matt Weeks 594a46bfc7 Merge webcam extension into stdapi.
git-svn-id: file:///home/svn/framework3/trunk@10997 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 22:36:54 +00:00
Matt Weeks 2d2e1989aa Fix memory leak.
git-svn-id: file:///home/svn/framework3/trunk@10964 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-09 23:37:56 +00:00
Matt Weeks db602dd478 Add functional in-memory webcam support.
git-svn-id: file:///home/svn/framework3/trunk@10954 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-09 02:24:28 +00:00
pks 20b96ae0c1 Partial implementation of in memory execution and update binary
git-svn-id: file:///home/svn/framework3/trunk@10839 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-28 12:44:39 +00:00
HD Moore 2e9138ebbc This commit overhauls much of the meterpreter timeouts and staging processes. This fixes a bug with concurrent session handling, reduces CPU load by caching a single SSL certificate for all sessions, increases all of the critical timeouts, and generally makes mass ownage work better. We still need to limit the maximum number of concurrent on_session() threads to something sane to prevent sesssion spikes from dragging out the process even longer. The C-side meterpreter change is minimal and will only help with future compatibility if we move to non-blocking fd's for the SSL socket.
git-svn-id: file:///home/svn/framework3/trunk@10595 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-08 04:11:47 +00:00
pks 872c8b09c7 Add the ability to clean up file descriptors in the remote process.
git-svn-id: file:///home/svn/framework3/trunk@10587 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-07 11:52:45 +00:00
pks 754225a80d Implement per dispatch run channel_write of packets, remove __FUNCTION__ due to dprintf changes, and fix shutting down networkpug interfaces. Re-add networkpug binary.
git-svn-id: file:///home/svn/framework3/trunk@10586 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-07 11:52:38 +00:00
pks 14cabd2611 Allow debugging to be enabled.
This will make it easier to hopefully track down bugs.

exploitme-posix.c - make complete stack executable. On some kernel versions, execstack doesn't do the trick.

git-svn-id: file:///home/svn/framework3/trunk@10485 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-26 05:58:59 +00:00
pks 784e355d93 Networkpug improvements
git-svn-id: file:///home/svn/framework3/trunk@10484 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-26 05:58:48 +00:00
pks 740e2c1ab2 Change base from 0x90040000 to 0x20040000.
This is more portable across kernel versions / patches it seems. This
will be better for SEGMEXEC compatibility as well.

git-svn-id: file:///home/svn/framework3/trunk@10455 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-24 04:06:28 +00:00
pks 50241faa57 Implement a sniffer for posix meterpreter using libpcap.
This version of the sniffer supports packet filtering after the packet count variable, like so:

meterpreter > sniffer_interfaces

1 - 'eth0' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
2 - 'any' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
3 - 'lo' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )

meterpreter > use sniffer
Loading extension sniffer...success.
meterpreter > sniffer_start 1 500000 icmp <-- picks up only icmp packets.
[*] Capture started on interface 1 (500000 packet buffer)
meterpreter > sniffer_stop 1
[*] Capture stopped on interface 1

git-svn-id: file:///home/svn/framework3/trunk@10424 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-21 11:43:30 +00:00
pks a179836fca Initial import of networkpug, a pivoting interface using libpcap to monitor/inject packets on a interface on the remote machine.
git-svn-id: file:///home/svn/framework3/trunk@10423 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-21 09:35:46 +00:00
pks f196333e02 Strip debugging symbols when compiling the linker.
git-svn-id: file:///home/svn/framework3/trunk@10419 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-21 05:13:53 +00:00
pks e30b420834 Railgun is windows specific at the moment, move the header include down a little bit and #ifdef the functions down a bit.
git-svn-id: file:///home/svn/framework3/trunk@10418 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-21 05:13:47 +00:00
pks 49b87daa7d Implement locking in dl* functions
git-svn-id: file:///home/svn/framework3/trunk@10417 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-21 05:13:40 +00:00
pks 89b33c2cc7 Implement a crash handler to ease debugging
git-svn-id: file:///home/svn/framework3/trunk@10416 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-21 05:13:34 +00:00