infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
46,372 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

1144 Commits (67c7a718dbc9eda1ac20617b3bb71491a8eee182)

Author SHA1 Message Date
HD Moore 6556eecfda Update project 2012-06-24 14:03:58 -05:00
HD Moore 211b722ec1 Update project 2012-06-24 14:03:57 -05:00
HD Moore c1d143e580 Remove left over debug statements 2012-06-24 14:03:56 -05:00
HD Moore 3c7e87bacf Add missing project files 2012-06-24 14:03:54 -05:00
HD Moore 11b875d84d Checkin new code 2012-06-24 14:03:53 -05:00
HD Moore 2d0d5287d2 Commit EncodePointer stubs as a reference (temporary) 2012-06-24 14:03:52 -05:00
h0ng10 65197e79e2 added Exploit for CVE-2008-6508 (Openfire Auth bypass) 2012-06-24 07:35:38 -04:00
sinn3r 54309c3c3d Merge branch 'armitage' of https://github.com/rsmudge/metasploit-framework into rsmudge-armitage 2012-06-24 02:25:38 -05:00
Raphael Mudge 322e0766a1 Armitage 06.23.12 2012-06-23 13:03:55 -04:00
jvazquez-r7 b891e868f5 Added actionscript and swf needed 2012-06-23 08:36:35 +02:00
HD Moore a648c24b4e Move builds to VC10 2012-06-21 23:51:46 -05:00
HD Moore c5e9e5d374 Add Windows 8 / Server 2012 support to sysinfo 2012-06-21 23:50:29 -05:00
Steven Seeley fcf42d3e7b added adobe flashplayer array indexing exploit (CVE-2011-2110) 2012-06-20 12:52:37 +10:00
Michael Schierl 34ecc7fd18 Adding @schierlm 's AES encryption for Java 
Tested with and without AES, works as advertised. Set an AESPassword,
get encryptification. Score.

Squashed commit of the following:

commit cca6c5c36ca51d585b8d2fd0840ba34776bc0668
Author: Michael Schierl <schierlm@gmx.de>
Date:   Wed Apr 4 00:45:24 2012 +0200

    Do not break other architectures
    even when using `setg AESPassword`

commit 422d1e341b3865b02591d4c135427903c8da8ac5
Author: Michael Schierl <schierlm@gmx.de>
Date:   Tue Apr 3 21:50:42 2012 +0200

    binaries

commit 27368b5675222cc1730ac22e4b7a387b88d0d2b3
Author: Michael Schierl <schierlm@gmx.de>
Date:   Tue Apr 3 21:49:10 2012 +0200

    Add AES support to Java stager

    This is compatible to the AES mode of the JavaPayload project.

    I'm pretty sure the way I did it in the handlers (Rex::Socket::tcp_socket_pair())
    is not the supposed way, but it works :-)
 2012-06-11 16:13:25 -05:00
James Lee 1be9ce8649 Fixes command parsing in Post::Common 
The meterpreter API wants arguments in a seperate string (not an array,
mind you) just so it can concatenate them on the server side.
Originally, I worked around that by using Shellwords.shellwords to pull
out the first token. But! Shellwords.shellwords inexplicably and
inexcusably removes backslashes in ways that make it impossible to quote
things on Windows. This commit works around both of those things.
 2012-06-07 22:24:59 -06:00
Raphael Mudge 68dd0cd497 Armitage 06.07.12 - improved collaboration performance and fixed two bugs. 2012-06-07 13:16:16 -04:00
Raphael Mudge b5f1554caf Adding rsmudge's Armitage update 
Squashed commit of the following:

commit 60be1b2d1d66134c54c82857a569bbf3a005baf8
Author: Raphael Mudge <rsmudge@gmail.com>
Date:   Wed May 30 19:43:07 2012 -0400

    Armitage 05.30.12
    A small collection of bug fixes.
 2012-05-30 19:20:14 -05:00
sinn3r 3f1a72932e Merge pull request #401 from rsmudge/armitage 
Armitage 05.21.12
 2012-05-20 20:01:12 -07:00
Raphael Mudge c14a3e655e Armitage 05.21.12 
This release improves collaboration performance and fixes a few Windows specific issues.
 2012-05-20 22:54:25 -04:00
jvazquez-r7 14d8ba00af Added batik svg java module 2012-05-17 16:48:38 +02:00
sinn3r a88af1dd36 Merge pull request #391 from rsmudge/armitage 
add color to armitage's presentation of the Metasploit console
 2012-05-16 21:57:43 -07:00
Raphael Mudge 74e4812946 add color to armitage's presentation of the Metasploit console 2012-05-16 04:23:21 -04:00
James Lee 42719ab34b Squashed commit of the following: 
commit 6a3ad1d887df9d277e4878de94f8700ed8e404f9
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 16:22:49 2012 -0600

    Add register_command calls for md5 and sha1

commit dbd52c5a1edfe1818a580d4d46aac0a9ca038e9c
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 16:22:09 2012 -0600

    Read the file instead of downloading it

commit 55b84ad8e2a8532b3f8520ccb1162169b8e9c056
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 15:27:11 2012 -0600

    Re-compile linux meterp to support the loadlib api

commit d112e84e490aa30aa9533fb0bdb33a9713ce01a5
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 14:50:25 2012 -0600

    Re-compile java meterp to support the loadlib api

commit c137187b346b708487245a849b95343223e4e7b0
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 14:44:10 2012 -0600

    Don't try to get interfaces if this session doesn't implement it

commit 88bba1e6c360c5725c4174623f56bcb6d8b54228
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 14:38:17 2012 -0600

    Remove debugging load

commit 02954cbf93e2a13da967780cb703103b3f83ecf4
Merge: d9ef256 88b35a3
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 12:06:53 2012 -0600

    Merge branch 'rapid7' into feature/4905

    Conflicts:
    	data/meterpreter/ext_server_stdapi.php
    	modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb

commit d9ef2569b88ae8bce67f13316f6eff76311fd846
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 2 18:06:06 2012 -0600

    PHP doesn't support rev2self

commit bf13ea0ff25541da07b8c099218e5ad7ea6ae8ba
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 18:21:59 2012 -0600

    Add php support for returning new extension commands

commit 7e35f2d671d3797fc3fab12e54015387f44b0b33
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 16:03:26 2012 -0600

    Reset CVE-2012-0507 back to master

    Purges commits unrelated to this branch.

commit 86a77b3cd017e1e3a3f23d9fba3b9ed173761f80
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 15:59:35 2012 -0600

    Revert "Make building the jar for cve-2012-0507 a bit easier"

    This reverts commit 27ef76522ad10436ec785728445ed2cc0657f85f.

    Conflicts:

    	external/source/exploits/CVE-2012-0507/Makefile
    	external/source/exploits/CVE-2012-0507/src/msf/x/PayloadX.java

commit 8c259fb779f736be16fe972215ddff1dd32fd0f3
Merge: fe2c273 1c03c2b
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 15:35:44 2012 -0600

    Merge branch 'rapid7' into feature/4905

    Conflicts:
    	data/meterpreter/ext_server_stdapi.jar
    	data/meterpreter/meterpreter.jar
    	external/source/meterpreter/java/src/meterpreter/com/metasploit/meterpreter/Meterpreter.java
    	modules/auxiliary/server/browser_autopwn.rb

commit fe2c273a6d840c67040d6c9e337f908204337e18
Merge: 8caff47 4e955e5
Author: James Lee <egypt@metasploit.com>
Date:   Fri Apr 6 10:19:53 2012 -0600

    Merge branch 'rapid7' into feature/4905

commit 8caff47d97469f1a5459c04461fd1098487ea514
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 17:51:18 2012 -0600

    Fix requires to find the test library

commit 51c33574cee3c47f0b2900c388d3d1213dd0a90d
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 17:48:35 2012 -0600

    Fix a load order problem with solaris post mods

commit 81b658362e5e6bdd215d18b53d14429d163aff72
Merge: adad2cf 6ef4257
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 15:43:19 2012 -0600

    Merge branch 'master' into feature/4905

commit 6ef42579471c6fde4bba71d0d4ce2c6c3e836180
Merge: 70ab8c0 5852455
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 15:16:56 2012 -0600

    Merge branch 'rapid7'

    Conflicts:
    	lib/rex/exploitation/javascriptosdetect.rb

commit adad2cf04c501c2a787e5475b62abd31871c06a0
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 20:20:21 2012 -0600

    Deal with null data/jar

    Not sure why "" turns into null sometimes, but it was breaking shells;
    this fixes it.

commit 4f8a437b490e2b2774f9efd23b4891eaf007cf16
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:10:59 2012 -0600

    Prev commit moved these to src/a

commit 27ef76522ad10436ec785728445ed2cc0657f85f
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:08:32 2012 -0600

    Make building the jar for cve-2012-0507 a bit easier

    Mostly stolen from cve-2008-5353

commit db3dbad0a5ff20b05758be073c3502138ff095c2
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 14:52:23 2012 -0600

    Fix incorrect option name

commit 776976af31795bdf1b405e208a2d4b78a6b6c2cf
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:36:20 2012 -0600

    Add bap support to java_rhino

commit a611ab16e06bd324d6616d0bd69f2c09d671bca0
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:35:16 2012 -0600

    Put next_exploit on the window object so it's always in scope

    Solves some issues with Chrome not running more than one exploit

commit 5114d35de7c2f234ac7fe4288b344d4f2bb9731f
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 14:31:53 2012 -0600

    Pull common stuff up out of the body

commit 748309465a029593e2fe2fd445149745367513f4
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:04:03 2012 -0600

    Fix indentation level

commit 954d485e3b8ffea9a7451bd495c1956a098e0eda
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:02:42 2012 -0600

    Abstract out copy-pasted methods

    Need to do the same thing for OSX, but it's a different implementation.

commit cba8d7c911fb184f6358948022fd4a0e010878d0
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 23 18:04:50 2012 -0600

    Linux doesn't implement (drop|steal)_token

commit 1cfda3a7b045c08ecfae1ad688e0124e76bd0c8f
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 23 17:57:37 2012 -0600

    Add availability checks for net, sys, ui, and webcam

commit 4bdf39a8bf4b5aab293fc47cb8282d0346db0811
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 23 16:45:59 2012 -0600

    add requirement checking for fs and core commands

commit 42e35971c9f7348b57293b2b94a42dd0260ac7e4
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 21 17:20:59 2012 -0600

    Add a to_octal method that converts e.g. "A" to \0101

commit c3b9415a0a9e2b55b1effbaf2396e11f88301aaa
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 21 17:20:07 2012 -0600

    Don't use "echo -n"

    It's not portable

commit b0f3ceccfaedbeaf67fbbe76f1a0a9aec7b44548
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 20 17:01:10 2012 -0600

    Return a list of new commands after core_loadlib, java version

    Thanks mihi for the patch and the awesome responsiveness!

commit d65303e1b6458bd4b95138dc0d61e5354c4e8d3a
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 20 13:21:06 2012 -0600

    Make sure we have a response before doing stuff with it

commit 721001ead474a17d1a16de543f78b548879f5e7e
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 21:25:31 2012 -0600

    Add missing rmdir and mkdir protocol commands to PHP

    Now passes all the stdapi tests that it can
    	[*] Session type is meterpreter and platform is php/php
    	[+] should return a user id
    	[+] should return a sysinfo Hash
    	[-] FAILED: should return network interfaces
    	[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_interfaces: Operation failed: 1
    	[-] FAILED: should have an interface that matches session_host
    	[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_interfaces: Operation failed: 1
    	[-] FAILED: should return network routes
    	[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_routes: Operation failed: 1
    	[+] should return the proper directory separator
    	[+] should return the current working directory
    	[+] should list files in the current directory
    	[+] should stat a directory
    	[+] should create and remove a dir
    	[+] should change directories
    	[+] should create and remove files
    	[+] should upload a file
    	[-] Passed: 10; Failed: 3

commit 024e99167a025f4678a707e1ee809a1524007d4d
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 15:26:00 2012 -0600

    Use a proper TLV type instead of a generic one

commit 1836d915cbe0bfd2f536a667e74d8d6a6ccee72a
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 15:24:25 2012 -0600

    Fix a counting error that caused segfaults (Linux)

commit 1e419d3fc392e435ae0af703561ce10bd5a45eb0
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 15:06:02 2012 -0600

    Return a list of new commands after core_loadlib

    Gets Windows back in sync with Linux

commit 3d3959f720de68e2f36ebfabe8196e01f98fe904
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 14:50:55 2012 -0600

    Refactor extensionList -> extension_commands

    It's not the same as extension_list.

commit a7acb638af803732fc5f3975e0c0632f427e0deb
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sun Mar 18 00:07:27 2012 -0500

    Massive whitespace cleanup

commit ef8b9fd5cea7db43860a5b88d7397ba84393ecd5
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 16:00:20 2012 -0500

    Add back enum_protections with some new changes

commit d778eec36953bb9bf4985e967ad2c119a1acd79b
Author: ohdae <bindshell@live.com>
Date:   Sat Mar 17 13:28:31 2012 -0400

    Added fix for enum_protections

commit 64611819d43bf13ab2d68f4353513c39e5a64fe0
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 03:14:26 2012 -0500

    A bunch of fixes

commit bb1a0205d73e75a61a8fbf5ff6440dd09f9780f9
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 00:28:05 2012 -0500

    The comments in get_chatlogs need an update

commit 666477e42a734f3120dcc4282b01b5ab5819384a
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 00:25:41 2012 -0500

    Correct license format

commit 3c8eecbcd7b952abaca0b1ce14dca41e1d4cabb7
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 00:22:03 2012 -0500

    Add enum_adium.rb post module

commit d290cf4fef1309df9a1af748e7c6c259a6788576
Author: ohdae <bindshell@live.com>
Date:   Fri Mar 16 16:54:36 2012 -0300

    Changed store_note to store_loot. Fixed local/remote file retrieval

commit ccb830b594ea0f0a8ce7c29b24f2f137ecfd5c4c
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 16 11:29:07 2012 -0600

    Fall back to MIB method if we can't get netmasks

    Misses IPv6 addresses, but at least doesn't break everything.

    [Fixes #6525]

commit a9a30232dd5fcc0854c10b4d58df8511a23f3091
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Fri Mar 16 11:49:31 2012 -0500

    This module is not ready, yanked.

commit 6bb34f7fd0785d31902f1edc938a6b05b91a1495
Author: Gregory Man <man.gregory@gmail.com>
Date:   Fri Mar 16 18:09:08 2012 +0200

    sockso_traversal 1.8 compatibility fix

commit e76965ce565a8ae634dc0d3c743542f1a6d977d7
Author: ohdae <bindshell@live.com>
Date:   Fri Mar 16 09:17:35 2012 -0400

    fix

commit 61ce7b587de54363f7071bc19df5a29eb29e9aa7
Author: ohdae <bindshell@live.com>
Date:   Fri Mar 16 09:14:48 2012 -0400

    saves each config to loot instead of notes

commit f4713974fa82d8b13017cb0817b5fd36696194d9
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 16 03:46:10 2012 -0600

    Check for a 0 prefix length

    If the OnLinkPrefixLength is 0, something is wrong, try the value in the
    prefix linked list.  Appears to fix v4 addresses on XP but not 2k3.

    [See #6525]

commit cde7fcc012e04880f2faa28226a1fc5834a2e3d5
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 16 01:46:41 2012 -0600

    Return network prefixes when available

    Solves #6525 on Vista+.  Win2k still works using the old MIB method
    (which doesn't support ipv6).  Win2k3 and XP are still busted for
    unknown reasons.

commit 98bd9a7bd09149f524ebbe1501ec916bf99b078d
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 22:59:42 2012 -0400

    Enumerate important and interesting configuration files

commit 9336df2ac28ee2df10a0e66e7006df3d23493492
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Thu Mar 15 19:06:48 2012 -0500

    More Virtualisation SSL fixes

commit f24c378281ee6c85f687d4823f09ef5848812daf
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Thu Mar 15 18:15:29 2012 -0500

    Default SSL to true for esx_fingerprint module

commit d6e14c42120df0fd16b79709ac5723d0e2818810
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 15:56:24 2012 -0500

    Fix typo

commit b24dcfe43e625740ec8a1465f33be02f7ec40162
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 15:55:54 2012 -0500

    Add sockso dir traversal

commit 033052c1e075fcf43e9c17e5ee4a5006247cb375
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 15 14:31:25 2012 -0600

    Fix syntax error in 1.8, thanks Jun Koi for the patch

commit 4529efaeaa22e52c9c7c1528c68efb60af8af729
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 14:27:40 2012 -0500

    enum_protections is now find_apps

commit 49e823802bd8f2cb1940545e74db04f3788352d1
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 14:22:23 2012 -0500

    File rename, as well as design and cosmetic changes

commit ccf6b011145cf9db444f7e2d3fb3ec61738e88cb
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 15:29:52 2012 -0300

    added report_note, removed store_loot function, cleaned up info/author

commit 27d571932e51afbac0c0fcd95c52f038786a9a28
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 12:18:29 2012 -0300

    fixed output newline issue

commit 5a828e35d1629dc68825fe7d9322d1316888f8d7
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 01:05:35 2012 -0300

    fixed save line

commit 805c2ee9871c076a8c0ac62b028a7942af70b6a5
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 01:02:07 2012 -0300

    removed unneeded comments

commit 5861e1512f2949c0d7848d9ebed8241277462085
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 01:00:55 2012 -0300

    fixed output issue

commit 593a3648111f1db1f56a410250539261c2a7cd9f
Author: ohdae <bindshell@live.com>
Date:   Wed Mar 14 18:26:53 2012 -0300

    removed unneeded dependency

commit 05053e6e74b0ac99bbd4005c40ecc3b1196fd13f
Author: ohdae <bindshell@live.com>
Date:   Wed Mar 14 13:30:16 2012 -0400

    locates installed 3rd part av, fws, etc

commit 5bf512d0e9d2b412c4107228db178a7078111443
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Wed Mar 14 16:50:54 2012 -0500

    Add OSVDB-79863 NetDecision Directory Traversal

commit 18715d0367f4ef01b5998d732043cbe224e1787e
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 23:03:01 2012 -0600

    Store the retrieved commands on the session

commit b752cb8b31fd8dcd221fb6caa483f6202bf5a4fd
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 22:45:16 2012 -0600

    Retrieve the list of new commands

    The client side doesn't do anything with them yet

commit 69ce8ef42d4089a0b26644bd4d6bebf57c4cfd50
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 22:41:16 2012 -0600

    Return a list of the new commands in response to core_loadlib

    Linux

commit 354c754aa4cce63ffebb4567f3bbfd621ffef46c
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 15:13:45 2012 -0600

    Whitespace at EOL

commit 4afcb4cb9da1921ede29b03b149433cc65d680da
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 14:30:09 2012 -0600

    Create instance methods that return extensions

    Before this change, meterpreter sessions would not #respond_to? their
    extensions despite having a pseudo-accessor for them:
    ```
    >> client.respond_to? :sys
    => false
    >> client.sys
    => #<Rex::Post::Meterpreter::ObjectAliases:0x0000000e263488 @aliases={"config"=>#<Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Config:0x0000000e268dc8 @client=#<Session:meterpreter 192.168.99.1:55882 (192.168.99.1) "uid=1000, gid=1000, euid=1000, egid=1000, suid=1000, sgid=1000 @ wpad">>, "process"=>#<Class:0x0000000e268d20>, "registry"=>#<Class:0x0000000e266da0>, "eventlog"=>#<Class:0x0000000e2654e8>, "power"=>#<Class:0x0000000e263c30>}>

    ```

    After:
    ```
    >> client.respond_to? :sys
    => true
    ```

commit 70ab8c018f67d15929b6f41322540837ab7b37c5
Merge: a8a3938 5f2bace
Author: James Lee <egypt@metasploit.com>
Date:   Tue Apr 3 11:46:25 2012 -0600

    Merge branch 'master' into bap-refactor

    Conflicts:
    	external/source/exploits/CVE-2012-0507/Help.java
    	external/source/exploits/CVE-2012-0507/Makefile
    	external/source/exploits/CVE-2012-0507/msf/x/Help.java
    	external/source/exploits/CVE-2012-0507/src/a/Exploit.java
    	external/source/exploits/CVE-2012-0507/src/a/Help.java

commit a8a393891588a8b5c18e3c2173f1cd9c2480b2d0
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 20:20:21 2012 -0600

    Deal with null data/jar

    Not sure why "" turns into null sometimes, but it was breaking shells;
    this fixes it.

commit 5e5eb39d3ccb62a9fc006be8241cfb97723caa06
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:10:59 2012 -0600

    Prev commit moved these to src/a

commit 5074eadbea426fc4f83d6d165a01e640ef42b4de
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:08:32 2012 -0600

    Make building the jar for cve-2012-0507 a bit easier

    Mostly stolen from cve-2008-5353

commit bdb3fbe7fd19aa76b4069edca5a78c53fec668c0
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 14:52:23 2012 -0600

    Fix incorrect option name

commit 78824ef60084510d3befe0ded6eed314d55eeb12
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 13:24:33 2012 -0600

    Add the detected browser version to the DOM

    Doing it this way lets modules grab the info a bit more easily.

commit 9813ccb8d6b14e0e728b8a13bacf59dd31b9c4b9
Merge: 0faa3f6 b5fc8e4
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 13:19:05 2012 -0600

    Merge branch 'master' into bap-refactor

commit 0faa3f65240c3a2b3ab0e72f4aeb2e9f50ed54ee
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:36:20 2012 -0600

    Add bap support to java_rhino

commit 66ca27f994e3b11c9c8adae85642820768158860
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:35:16 2012 -0600

    Put next_exploit on the window object so it's always in scope

    Solves some issues with Chrome not running more than one exploit

commit 7fc2ca1a0690c7a973307772aed42ab3514e1761
Merge: 325d306 e48c47e
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:10:54 2012 -0600

    Merge branch 'master' into bap-refactor

commit 325d3060599bc79674e93dd5f55a4e60061e9bdb
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 14:31:53 2012 -0600

    Pull common stuff up out of the body

commit 4f2b3260bf7f14f4d763625792adb0c3cfd1ed7c
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:04:03 2012 -0600

    Fix indentation level

commit 9b905c53b4d46beb86da8168a1c2c5b2da340f6d
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:02:42 2012 -0600

    Abstract out copy-pasted methods

    Need to do the same thing for OSX, but it's a different implementation.
 2012-05-15 17:00:02 -06:00
MM 55bb7abc89 Squashed commit of the following: 
commit 2027502c5c1364161854794529738344dddb5c50
Author: MM <gaspmat@gmail.com>
Date:   Thu Mar 22 18:12:07 2012 +0100

    link type must be signed, because dlt_to_linktype can return -1

commit 86027ea77d36d36e39070a54eb5caf3d3490e2e9
Author: MM <gaspmat@gmail.com>
Date:   Wed Mar 21 16:03:58 2012 +0100

    enable sniffing on any type of interface

commit df6eef12147a294d7f198d057c27e87ed4ffbeb3
Author: MM <gaspmat@gmail.com>
Date:   Tue Mar 20 18:01:50 2012 +0100

    ps support for linux meterpreter

[Closes #254]
 2012-05-15 16:58:18 -06:00
MM 5d7190e8cb Squashed commit of the following: 
commit df6eef12147a294d7f198d057c27e87ed4ffbeb3
Author: MM <gaspmat@gmail.com>
Date:   Tue Mar 20 18:01:50 2012 +0100

    ps support for linux meterpreter

[Closes #250]
 2012-05-15 16:57:17 -06:00
sinn3r 0b817944c3 Merge pull request #386 from jlee-r7/fix-posix-execute 
Fix posix execute
 2012-05-13 16:17:34 -07:00
sinn3r 2e8b11ca78 Merge pull request #383 from rsmudge/armitage 
Armitage 05.14.12
 2012-05-13 16:15:59 -07:00
James Lee 73331b66e6 Fix execution with spaces in args by using sh -c 
In posix, a command like "echo 'foo bar'" would previously get parsed
out into arguments for execve like [ "echo", "'foo", "bar'" ] which
obviously isn't what you want. After this commit, it sticks the whole
thing in an arg to sh so the execve call ends up looking like
  execve("/bin/sh", ["sh", "-c", "echo 'foo bar'"], [/* 26 vars */]) = 0
This is still a little less than ideal because shell escapes become a
problem; fortunately, that's easy to deal with on the client side as
long as module developers take it into account.
 2012-05-13 14:55:57 -06:00
Raphael Mudge c7b9b711f1 Armitage 05.14.12 
This release SSL-enables the red team collaboration architecture, adds several keyboard
shortcuts and it improves the workflow for viewing downloaded files/loots.
 2012-05-13 13:56:10 -04:00
Michael Schierl 5bf03aff7d Squashed commit of the following: 
commit db8a4fe575ec09607036ae5550adb83b345d9f2c
Author: Michael Schierl <schierlm@gmx.de>
Date:   Wed Apr 11 00:41:51 2012 +0200

    Ensure the manifest is always at the beginning of the JAR files

    Might create strange errors when loading stdapi if not.

commit fc02de4e36b3b952e256885d277e9c8e91f8f065
Author: Michael Schierl <schierlm@gmx.de>
Date:   Wed Apr 4 23:20:20 2012 +0200

    Change the build file so that it generates fixed timestamps inside meterpreter.jar / ext_server_stdapi.jar

[Closes #304]
 2012-05-08 13:48:21 -06:00
sinn3r 122a3b7848 Merge pull request #366 from rsmudge/armitage 
give source code a correct home.
 2012-05-07 13:53:07 -07:00
Raphael Mudge 24a9cd92a6 give source code a correct home. 2012-05-06 01:52:16 -04:00
sinn3r 9a00823828 Merge branch '0a2940-CVE-2008-5499_adobe_flashplayer_aslaunch' 2012-04-19 18:08:22 -05:00
sinn3r f5e8f57497 Minor fixes 2012-04-19 18:07:35 -05:00
James Lee 15913dd92c Squashed commit of the following: 
commit 97755336f2227a7db668b61e548d2956dddaccb8
Author: Michael Schierl <schierlm@gmx.de>
Date:   Thu Apr 5 22:33:40 2012 +0200

    make sure PayloadTrustManager gets dropped when using Spawn > 0

commit 0d096043e23af5d46a20b7f2c30c5d926ff66f8d
Author: Michael Schierl <schierlm@gmx.de>
Date:   Wed Apr 4 22:15:23 2012 +0200

    Fix connection hangs when using java/meterpreter/reverse_https with recent Java versions

    Reason is that Java thinks the SSL certificate presented by Metasploit is untrusted;
    therefore add a hack similar to the one in the metasploit.Payload class to trust all
    certificates here.

[Closes #303]
 2012-04-16 13:15:33 -06:00
James Lee b1dbb50953 Squashed commit of the following: 
commit 2b24a5e93da0b0dd61c29b6124794fa11c5b3d92
Author: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date:   Sun Apr 15 22:01:23 2012 -0500

    Document HTTPS options for Proxy

commit 24a8635b96d723465eb2bf212c83d31325990c28
Author: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date:   Sun Apr 15 21:52:47 2012 -0500

    Document HTTPS options

[Closes #337]
 2012-04-16 12:57:03 -06:00
Michael Schierl eedd7be453 Squashed commit of the following: 
commit 9afece529a33739a088c9c4d10b76dd52f23b99e
Author: Michael Schierl <schierlm@gmx.de>
Date:   Thu Apr 12 17:58:12 2012 +0200

    fix cat ... command by making stdapi_fs_stat return a sensible result

[Closes #330]
 2012-04-16 12:24:54 -06:00
sinn3r 835d8b209d clear whitespace 2012-04-12 01:08:22 -05:00
0a2940 654701f1b2 new file: data/exploits/CVE-2008-5499.swf 
new file:   external/source/exploits/CVE-2008-5499/Exploit.as
	new file:   modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb
 2012-04-10 20:58:22 +01:00
Michael Schierl 1d56ffe225 Update javapayload and java meterpreter 
* Add support for hashing commands (stdapi_fs_md5 and sha1)
* Replace MTU detection with the Proper Java Way

Squashed commit of the following:

commit 0207b6e2e0c0eb55c7c5f04bd3008f674f6239ad
Author: Michael Schierl <schierlm@gmx.de>
Date:   Sat Mar 24 22:02:15 2012 +0100

    add support for stdapi_fs_{md5|sha1} commands

commit a187e7bc79f8d89e66df8d3a3f892c6dce10307b
Author: Michael Schierl <schierlm@gmx.de>
Date:   Sat Mar 24 20:32:03 2012 +0100

    update binaries

commit 0fc553bdac76cc8997fc581141483a3efbdefdfc
Author: Michael Schierl <schierlm@gmx.de>
Date:   Sat Mar 24 20:29:48 2012 +0100

    Add support to Java Meterpreter for multiple addresses on same interface

    For more information, see https://dev.metasploit.com/redmine/issues/6476

    Tested with Java 1.4, 1.5, 1.6, 1.7.

commit fc6dba99fe0b13bf8837ed7a699c5dbad35100e6
Author: Michael Schierl <schierlm@gmx.de>
Date:   Sat Mar 24 16:55:15 2012 +0100

    Fix Eclipse warnings

commit 4168d025507c1ecfbc50164cfc7f25f3f222b0ab
Author: Michael Schierl <schierlm@gmx.de>
Date:   Sat Mar 24 16:29:37 2012 +0100

    Update pretty-printing of unsupported command TLVs

    This adds the TLVs added by commit fbc8e25aaa to the pretty-printer.

commit 4a9335abdabb1b8a7741c5ec67852d7c5d552d6b
Author: Michael Schierl <schierlm@gmx.de>
Date:   Sat Mar 24 16:17:25 2012 +0100

    Un-ghetto Java Meterpreter MTU determination

    This splits the change from commit 14dfcce63a into a 1.6-specific and a 1.4-specific implementation (the latter being empty).

    Tested with Java 1.4, 1.5, 1.6, 1.7.

commit 968edd210ed68ba4974f051e280d90f0151df222
Author: Michael Schierl <schierlm@gmx.de>
Date:   Sat Mar 24 15:52:46 2012 +0100

    update .gitignore to ignore IDE generated files in JavaPayload projects

commit 86111625bee318411cf43da7706d37ce5d7045c5
Author: Michael Schierl <schierlm@gmx.de>
Date:   Sat Mar 24 15:49:58 2012 +0100

    synchronize stages with upstream JavaPayload

commit 2360f2e6eb8703ae762868678ac952203be35d93
Author: Michael Schierl <schierlm@gmx.de>
Date:   Sat Mar 24 15:39:58 2012 +0100

    remove unused stages

[Closes #270]
 2012-04-04 09:56:07 -06:00
James Lee 6b996ed9de Add checks for data being null, too, just in case 2012-03-30 16:46:49 -06:00
James Lee b424475774 Add a makefile 
Compiles with an old -target so it will work on older JVMs
 2012-03-30 16:25:47 -06:00
sinn3r e018c6604f Modify CVE-2012-0507 2012-03-30 02:06:56 -05:00
sinn3r 791ebdb679 Add CVE-2012-0507 (Java) 2012-03-29 10:31:14 -05:00
James Lee 4ed55dc958 Fall back to MIB method if we can't get netmasks 
Misses IPv6 addresses, but at least doesn't break everything.

[Fixes #6525]
 2012-03-16 11:30:25 -06:00
James Lee ba1ed93ee2 Check for a 0 prefix length 
If the OnLinkPrefixLength is 0, something is wrong, try the value in the
prefix linked list.  Appears to fix v4 addresses on XP but not 2k3.

[See #6525]
 2012-03-16 03:46:10 -06:00
James Lee 9aaf6af072 Return network prefixes when available 
Solves #6525 on Vista+.  Win2k still works using the old MIB method
(which doesn't support ipv6).  Win2k3 and XP are still busted for
unknown reasons.
 2012-03-16 01:50:26 -06:00
James Lee bd3f27afa8 Remove some debug output 2012-03-14 13:24:34 -06:00
James Lee 48486a6518 malloc properly in Linux instead of living on hopes and dreams 
Also fixes a mem leak in windows.
 2012-03-14 13:02:11 -06:00
James Lee 5ca9c95f1d Remove some debugging junk 2012-03-14 12:51:09 -06:00
James Lee 5fafb8bf02 Refactor entryCount -> tlv_cnt for consistency 2012-03-14 12:50:45 -06:00
James Lee 6036691517 Adjust snaplen to grab the whole packet in case mtu > 1514 
Fixes an issue where pcap_dispatch would return -1 and pcap_geterror
said "corrupted frame on kernel ring mac"

[Fixes #6527]
 2012-03-14 12:36:36 -06:00
gaspmat@gmail.com 248a73a73c change sniffer behaviour when stopping capture. workaround if pcap_findalldev fails 2012-03-14 11:07:31 -06:00
James Lee 6a6dd06103 Merge branch 'feature/6476-list-all-ifaces' 
Conflicts:
	modules/auxiliary/scanner/afp/afp_server_info.rb
 2012-03-13 13:55:45 -06:00
James Lee 89e3fee5a8 Revert "Squashed commit of the following:" 
This reverts commit dd9ac8a6c0.
 2012-03-13 13:38:35 -06:00
James Lee dd9ac8a6c0 Squashed commit of the following: 
commit 8b4750d0dcbac0686f9403acdf5cab50c918212f
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 13 13:14:43 2012 -0600

    Add bins for listing all addresses

    [Fixes #6476]

commit 213dd92ebc9b706a45725e6515c7939d2edace0e
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 13 02:08:34 2012 -0600

    Accept multiple addresses and netmasks

    [See #6476]

commit 2e8bd3c3ecfb319bf9456485d2420bb5829b60cc
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 13 01:55:57 2012 -0600

    Make inspecting meterpreter packets a little less painful

    Not sure why I originally thought there was no way to access extensions'
    constants before.  A simple `require` makes it all happy.

commit da367907cf579bd3aefaffbc84d2f96a41b85f00
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 11 22:08:44 2012 -0600

    Fix up Linux after changes for Windows

commit ec9f04378b0155f69df95d4a94e62d33ce61977c
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 11 21:56:11 2012 -0600

    Grab IPv6 addresses on Windows when possible

    Tries to GetProcAddress of GetAdaptersAddresses and falls back to the
    old GetIpAddrTable() function when it isn't available. This should work
    on XPSP1 and newer, albeit without netmasks on versions before Vista.
    Still trying to figure that one out.

commit 1052ebdcf86114fbc03d1a37ab5d4c6a78e82daa
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 6 15:34:09 2012 -0700

    Wrap Windows-specifc headers in ifdef

commit f23f20587b3117c38a77e7e5a93d542411e9504f
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 6 14:36:34 2012 -0700

    Handle multiple addrs on one iface on the ruby side

commit d7207d075ac6462875d9da531cf20c175629a416
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 5 21:57:39 2012 -0700

    Adds IPv6 addrs to win32 get_interfaces response

commit 11ae7e8a45bd56d25841ea8724377e0fb6789d72
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 5 09:07:28 2012 -0700

    Don't distinguish between 4 and 6.

    The client can figure it out from the length.

commit 2c7490bdf3e4079f30857ee323d2ce23ab1bd9a5
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 4 04:25:26 2012 -0700

    Append to the list instead of assigning to it

    All addresses are being sent to the client now.  Just need a way to
    parse them out correctly on the other side and meterpreter will be able
    to list all addresses on all interfaces on Linux.  Next step is to
    allocate the proper number of TLVs to avoid good ol' stack smashes on
    systems with lots of addresses and then make sure we clean all the
    memory leaks.

    [See #6476]

commit 73bba037ad968b922341c02459017afcc8407a76
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 4 03:12:28 2012 -0700

    Lay the groundwork for returning all addresses

    This commit only sends the last interface in the list, but it is looping
    through all of them as evidenced by the log, just need to make sure
    we're not overwriting as we go.

    [See #6476]
 2012-03-13 13:19:18 -06:00
James Lee 3ba471176e Return an appropriate error when stat() fails 
Tested on Linux and Windows

[Fixes #6517]
 2012-03-13 01:45:58 -06:00
James Lee 5dc03c6ac0 Fix up Linux after changes for Windows 2012-03-11 22:08:44 -06:00
James Lee 602408743c Grab IPv6 addresses on Windows when possible 
Tries to GetProcAddress of GetAdaptersAddresses and falls back to the
old GetIpAddrTable() function when it isn't available. This should work
on XPSP1 and newer, albeit without netmasks on versions before Vista.
Still trying to figure that one out.
 2012-03-11 21:56:11 -06:00
sinn3r befb60217c Add CVE-2012-0754 .as source 2012-03-07 19:25:51 -06:00
James Lee 806a3c01b7 Wrap Windows-specifc headers in ifdef 2012-03-06 15:34:09 -07:00
James Lee 085b3b5640 Adds IPv6 addrs to win32 get_interfaces response 2012-03-05 21:57:39 -07:00
James Lee cd990917be Don't distinguish between 4 and 6. 
The client can figure it out from the length.
 2012-03-05 09:10:47 -07:00
James Lee c81dce2013 Append to the list instead of assigning to it 
All addresses are being sent to the client now.  Just need a way to
parse them out correctly on the other side and meterpreter will be able
to list all addresses on all interfaces on Linux.  Next step is to
allocate the proper number of TLVs to avoid good ol' stack smashes on
systems with lots of addresses and then make sure we clean all the
memory leaks.

[See #6476]
 2012-03-05 09:10:47 -07:00
James Lee cb998b91e5 Lay the groundwork for returning all addresses 
This commit only sends the last interface in the list, but it is looping
through all of them as evidenced by the log, just need to make sure
we're not overwriting as we go.

[See #6476]
 2012-03-05 09:10:46 -07:00
HD Moore cea4529f5e Add an example of preconfigured proxy stager 2012-03-05 00:59:47 -06:00
James Lee 9f05562a18 Don't distinguish between IPv4 and IPv6 routes 
It's easier to deal with one Array of all routes regardless of INET
family than having get_routes() return a two-element Array of Arrays.
Also fixes a bug in each_route() which was expecting get_routes() to
return a single Array of all routes. Thanks to valsmith for reporting.
 2012-03-02 18:26:57 -07:00
HD Moore 165257db75 Remove unused "plus" code 2012-03-02 17:46:59 -06:00
HD Moore b70b41091b Tested fairly well - this randomizes the URLs and removes the user-agent string from the request 2012-03-02 17:44:23 -06:00
HD Moore ce94ffd755 First round of changes to http(s) payloads 2012-03-02 17:13:51 -06:00
James Lee 2d0d7b4470 777 is not the same as 0777 
Fixes a bug where meterpreter created directories with absurd
permissions on posix (777 = 01411 = dr----x--t).
 2012-03-02 13:16:52 -07:00
James Lee fbc8e25aaa Add the new stdapi/net TLVs to java 2012-02-29 20:31:12 -07:00
James Lee 14dfcce63a Add the MTU when it's available 
This doesn't work on 1.4, but I'm not Java-savvy enough to figure out
how to only compile it for 1.4, so do a ghetto try-catch block in case
the method doesn't exist.
 2012-02-29 20:30:03 -07:00
James Lee 4a5d7debd5 Add the usleep back in 
MM convinced me.
 2012-02-29 02:20:23 -07:00
James Lee ed3700b5da Fix a few more compiler warnings 2012-02-28 08:23:35 -07:00
James Lee 98157475af Fix a type-safety warning 2012-02-28 08:17:39 -07:00
James Lee ae37f74864 Fix a couple of warnings and a typo 2012-02-28 08:16:06 -07:00
James Lee a80056e6e5 Get rid of an unnecessary sleep() 2012-02-24 16:42:12 -07:00
MM f83a7f14ac Switch to netlink for listing interfaces 
* Adds support for listing IPv6 addresses on POSIX meterpreter
* Ensures crash logs are only created if debugging is enabled
* Fixes a bug in sniffer where a lock was not acquired correctly

Squashed commit of the following:

commit 955124b264a675c7d67187703bf23b58f0aba6d8
Author: MM <gaspmat@gmail.com>
Date:   Thu Feb 23 23:42:26 2012 +0100

    posix meterpreter - IPv6 support for route and ipconfig using netlink sockets

[Closes #196]
 2012-02-24 16:42:12 -07:00
James Lee 0ef8d8bb3a Ensure the dir exists before copying files there 
Thanks MM for pointing out that this was missed.  The other dirs
referenced in #183 were addressed in 134b6c874f

[Closes #183]
 2012-02-22 20:54:20 -07:00
James Lee c39f14591f No need for pcap in stdapi anymore 
Pcap used to be required for the ipconfig command but since the fix
for #6328, it is no longer necessary.

[See #6328]
 2012-02-18 12:46:13 -07:00
James Lee 134b6c874f Ensure output paths exist for compiled object files 
Fixes build on clean checkout
 2012-02-18 11:42:27 -07:00
James Lee a0bbbb0b7d Compile pcap without libnl since bionic doesn't have headers 
Fixes build on systems that have libnl installed.
 2012-02-18 11:41:09 -07:00
juan e69037959f Added CVE-2010-0842 2012-02-15 23:32:31 +01:00
James Lee 8e8188d752 Add the missing include that broke Windows build 
I swear I committed this before...

[See #6372]
 2012-02-15 11:51:00 -07:00
James Lee 64cf8bb7ee Fix brokenness with the debug target 
If a test returns false, make exits.  Duh.

[Fixes #6343]
 2012-02-14 16:56:48 -07:00
James Lee bd86bfc6d5 Remove redundant __FUNCTION__ references in dprintf calls 
From the Department of Redundancy Department.
 2012-02-13 18:40:25 -07:00
James Lee 3e61fc1154 Adds a depclean target 
Don't blow away libc with the "clean" target because I'm tired of
rebuilding everything.
 2012-02-13 17:59:01 -07:00
James Lee 9e814bdf19 Whitespace cleanup 2012-02-13 15:21:01 -07:00
James Lee 60706033f4 Remove unnecessary -gstabs and fix a logic error 
This drops the sniffer extension to a size of around 55k bytes.
 2012-02-10 15:57:01 -07:00
James Lee 13c231afbc Really set the flag so we don't strip later 
Oversight from last commit
 2012-02-10 15:57:01 -07:00
James Lee d44c7896b6 Add a 'debug' target for posix meterpreter build 
This new target adds debugging symbols and doesn't strip binaries. New
bins are considerably bigger, but may be more helpful when diagnosing
problems or adding new features.

[Fixes #6343]
 2012-02-10 15:57:01 -07:00
James Lee fc088fa379 Don't use the verboten 127.0.0.1 
Alleviates some unnecessary headaches with the database
 2012-02-10 15:57:01 -07:00
James Lee b5dc50968b Simplify creation of .h files from libs 
Suffix rules are awesome.
 2012-02-10 15:57:00 -07:00
James Lee 3d1c8ae383 Fix another errant use of dprintf 2012-02-08 16:45:12 -07:00
Joshua J. Drake 1a6cbd2bf0 Fix another dprintf from #6334, oops 2012-02-06 11:42:12 -06:00
Joshua J. Drake 4b2d8f88e8 Fix dprintf statements in meterpreter C src #6334 2012-02-06 11:38:14 -06:00
Joshua J. Drake d6616cd8a9 Fix up posix meterpreter rtld/Makefile rule 2012-02-06 11:28:59 -06:00
James Lee e045accfc3 Refactor interface listing 
[See #6328]
 2012-02-02 00:14:38 -07:00
James Lee 026c24c184 Replace the root-only pcap iface listing technique 
Leaks memory, will remedy momentarily

[See #6328]
 2012-02-02 00:14:38 -07:00
James Lee 10bd708a69 Just rm libpcap add re-extract instead of cleaning 
It's faster.
 2012-02-02 00:14:38 -07:00
HD Moore 0c2a18d765 Fix up reverse_tcp ipv6 stager for freebsd 2012-02-01 01:41:24 -06:00
HD Moore 45a785fde0 Adds BSD IPv6 payloads and stagers 2012-02-01 00:54:42 -06:00
HD Moore 7630ef17e3 Add BSD IPv6 payloads (source only for now) 2012-02-01 00:54:42 -06:00
James Lee c56d326368 Use the proper dirsep and allocate correctly 
Thanks, mm__ for the bug report and the patch!

[Fixes #6322]
 2012-01-31 17:31:15 -07:00
James Lee ba50f84229 More i386 and -m32 fixes for compiling meterpreter 
This should be the last change necessary to compile a 32-bit meterpreter
from a 64-bit build host.

See #6268
 2012-01-31 10:12:42 -07:00
scriptjunkie fd9aab4de1 Get output format list in msfgui dynamically from RPC. 2012-01-28 23:38:46 -05:00
James Lee e48da7b7db Merge branch 'stat-struct-fixes' 
Conflicts:
	data/meterpreter/ext_server_stdapi.lso
 2012-01-27 19:07:27 -07:00
James Lee e0a312e38d Get the return values in the right place 
This should convert stat values to something portable enough to work on
POSIX and Windows.

Fixes #6294
 2012-01-27 18:56:01 -07:00
James Lee 628f85cea3 Add -m32 and -march=i386 to the Jam build for bionic 
This is hopefully the last thing that needs to be fixed up for i386
compatibility.

See #6268
 2012-01-27 18:02:37 -07:00
James Lee 5bc1701a5a Ensure make.sh returns success 2012-01-27 17:20:36 -07:00
James Lee e7b15180d1 Add clean targets for openssl and libpcap 
Also, a 'really-clean' target that does everything
 2012-01-27 17:20:36 -07:00
James Lee 289dc81d60 Add -m32 to all the Makefiles 
This is in an attempt to get it compilation working on 64-bit hosts.
 2012-01-27 17:20:36 -07:00
James Lee 1a187c00aa Add a platform-independent stat struct 
This should help with various issues on linux
 2012-01-27 17:13:46 -07:00
James Lee 5be58513f9 Ensure make.sh returns success 2012-01-27 16:37:48 -07:00
James Lee 8108bf888e Add clean targets for openssl and libpcap 
Also, a 'really-clean' target that does everything
 2012-01-27 16:33:27 -07:00
James Lee abf031f224 Add -m32 to all the Makefiles 
This is in an attempt to get it compilation working on 64-bit hosts.
 2012-01-27 15:14:47 -07:00
James Lee 10237f7c12 Changes openssl/build.sh to create its own target 
This should ensure we build everything for i386 and only link the lib
files we mean to.  Also no longer builds any of the superfluous openssl
executables since all we need are the .so files.

See #6268
 2012-01-25 17:54:13 -07:00
James Lee e928efaa8c Force gcc to compile for i386 
Makes meterpreter for linux work on older CPUs.

Fixes #6268
 2012-01-23 15:20:36 -07:00
scriptjunkie 9fe18cdc86 Add x64 LoadLibraryA payload. Because it should exist. 2012-01-17 21:16:26 -06:00
scriptjunkie 1e811aed02 Adds scriptjunkie's multilingual admin fie for pxexploit 
Also removes duplicated code between external/source/exploits/pxesploit
and external/source/pxesploit.

[Closes #63]

Squashed commit of the following:

commit 325f52527233ded1bf6506c366ec8cb9efdc2610
Author: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date:   Fri Dec 16 12:14:18 2011 -0600

    Jetzt auf Deutsch! y español! 中國人!
    [update pxexploit to resolve administrators' group name rather than assume the English 'Administrators']
    Also remove duplicate/old pxexploit source code from the tree.
 2011-12-23 12:24:45 -06:00
scriptjunkie 5bad92e021 Gui Bugfixen: Msgpack-error-fixen, Unneccessary-error-message-removen, popup-showen, und lock-contention-reducen. 
Viel besser!
 2011-12-16 09:52:12 -06:00
scriptjunkie e34555dc22 Remove XML RPC option for msfgui. 2011-12-11 14:44:12 -06:00
sinn3r e7c179d0b5 The more description the better 2011-12-01 03:03:37 -06:00
sinn3r 9e71be8ed0 Add source for CVE-2011-3544 2011-11-29 18:04:31 -06:00
scriptjunkie 8d58ea227f Add UAC bypass to default pxesploit attack. 2011-11-16 08:16:22 -08:00
scriptjunkie 8358edac2e Add badchars field to msfgui payload popup, so badchars can be added (in hex form) 2011-11-11 14:05:58 -06:00
Matt Buck 16f45fc894 Add empty directories from svn repo. 2011-11-09 18:41:40 -06:00
Matt Weeks ce5b999e5e Change of case on error message and convert db time field to date. 
git-svn-id: file:///home/svn/framework3/trunk@14199 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-09 03:48:50 +00:00
Matt Weeks fb6e828a30 Only poll for sessions/jobs once a connection comes in. 
git-svn-id: file:///home/svn/framework3/trunk@14198 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-09 03:13:29 +00:00
Matt Weeks 2dd0417941 Fix progress bar on initial start. 
git-svn-id: file:///home/svn/framework3/trunk@14195 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-08 21:28:39 +00:00
Matt Weeks 0b4996a38c Put tables into an array. 
git-svn-id: file:///home/svn/framework3/trunk@14178 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-07 01:54:24 +00:00
Matt Weeks b1bb0ae729 Backward-compatible for recent DB changes. 
git-svn-id: file:///home/svn/framework3/trunk@14177 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-07 00:17:09 +00:00
Matt Weeks 4629c0867b Address #5887 and #5888 for RPC DB and msfgui 
git-svn-id: file:///home/svn/framework3/trunk@14167 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-05 18:12:10 +00:00
Matt Weeks 11c5801895 Clean up error opening Events table and reading new database credentials. 
git-svn-id: file:///home/svn/framework3/trunk@14123 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-30 22:24:29 +00:00
Matt Weeks cf9ad43683 Specify MsgPack API Version. 
git-svn-id: file:///home/svn/framework3/trunk@14019 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-20 22:21:36 +00:00
Matt Weeks a82adb14f9 Allow boolean options of true and True as well as 0 and 1. 
git-svn-id: file:///home/svn/framework3/trunk@13796 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-26 19:16:02 +00:00
Matt Weeks ab4026cfb5 And do the same for pivoted PXE attacks. 
git-svn-id: file:///home/svn/framework3/trunk@13780 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-23 16:16:47 +00:00
Matt Weeks 7a3be4fe38 Allow hidden windows to resurrect properly after restart. 
git-svn-id: file:///home/svn/framework3/trunk@13770 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-22 03:04:34 +00:00
Matt Weeks b3f29cbddf Fix MsgRPC over SSL support. 
git-svn-id: file:///home/svn/framework3/trunk@13754 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-18 23:02:31 +00:00
Matt Weeks 10bf0fbe84 Whoops. Reset would be reset, not stop. 
git-svn-id: file:///home/svn/framework3/trunk@13752 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-18 20:26:09 +00:00
Matt Weeks 9ada448a16 Replace references to tabbedPane since that may not exist. 
git-svn-id: file:///home/svn/framework3/trunk@13746 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-17 15:09:04 +00:00
James Lee c6c133673f add reverse_https support for java meterpreter, fixes #5288; thanks mihi! 
git-svn-id: file:///home/svn/framework3/trunk@13741 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-16 21:10:11 +00:00
Matt Weeks 0293417c29 Whoops - make status bar visible again. 
git-svn-id: file:///home/svn/framework3/trunk@13732 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-15 00:29:11 +00:00
Matt Weeks 5847de9435 Whoops fix pane splitting. 
And minor scroll speed improvement on payload popup.



git-svn-id: file:///home/svn/framework3/trunk@13720 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-12 00:49:41 +00:00
Matt Weeks ea2a1be834 Save and restore splitpane layout 
fix issues with splitpane layout - focus locking with multiple panes & splitting panes that can't be split


git-svn-id: file:///home/svn/framework3/trunk@13719 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-11 20:59:28 +00:00
Matt Weeks adcc9fcbbb Fix issue with URI decoding. 
git-svn-id: file:///home/svn/framework3/trunk@13717 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-11 03:47:01 +00:00
Matt Weeks 35a6f26654 Add pane-splitting. 
git-svn-id: file:///home/svn/framework3/trunk@13714 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-11 00:21:01 +00:00
Matt Weeks 135e4c25e3 Start msfrpcd in root of metasploit tree to avoid path issues. 
git-svn-id: file:///home/svn/framework3/trunk@13693 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-04 21:55:08 +00:00
Matt Weeks a57769f336 Address a few remaining MsgPack/XML differences, 
remove Msg warning.



git-svn-id: file:///home/svn/framework3/trunk@13649 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-28 21:09:03 +00:00
Matt Weeks b3d169b590 Standardize locking and tabbing for GUI. 
git-svn-id: file:///home/svn/framework3/trunk@13648 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-28 20:29:06 +00:00
Matt Weeks 6853221762 Fixes #5313 by adding logging support to pivoted PXE attacks, and displaying results as the module runs. 
git-svn-id: file:///home/svn/framework3/trunk@13646 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-27 15:46:49 +00:00
Matt Weeks 06c3dabe31 Fixes #5312 for pivoted PXE attacks. 
git-svn-id: file:///home/svn/framework3/trunk@13634 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-25 02:07:35 +00:00
Matt Weeks 53e43fa847 whoops. Use these, not the dhcpserv.cpp/h 
git-svn-id: file:///home/svn/framework3/trunk@13633 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-25 01:41:57 +00:00
Matt Weeks 4ec69f3dfd Fix more encoding issues with msgpack RPC, especially with payload generation/encoding. 
git-svn-id: file:///home/svn/framework3/trunk@13623 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-24 20:31:18 +00:00
Matt Weeks 161b4eacb5 Fix some base64 encoding issues with MsgPack. 
Use "busy" indicator in console.



git-svn-id: file:///home/svn/framework3/trunk@13617 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-24 03:05:09 +00:00
Matt Weeks 7a933bdf2c MessagePack support for GUI. Woohoo! Still backend errors though; see #5309 
git-svn-id: file:///home/svn/framework3/trunk@13616 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-24 01:06:53 +00:00
Matt Weeks 31d1628dde Some payload fixes 
git-svn-id: file:///home/svn/framework3/trunk@13596 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-20 02:18:20 +00:00
James Lee 851bc8d7b8 add a single shell payload for java, partially reverts r13213 
git-svn-id: file:///home/svn/framework3/trunk@13588 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-19 16:31:19 +00:00
HD Moore 521b95b0c2 This fixes garbled characters in lsass hashdump on some platforms 
git-svn-id: file:///home/svn/framework3/trunk@13582 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-19 05:09:49 +00:00
Matt Weeks 3e0c3e5f76 Add source for pxesploit tools. 
git-svn-id: file:///home/svn/framework3/trunk@13534 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-11 22:57:21 +00:00
Matt Weeks b2733c04db More PXE dust for extra magic! 
git-svn-id: file:///home/svn/framework3/trunk@13493 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-05 17:10:27 +00:00
Matt Weeks f866b3ecdf Use different check to see if SSL will work. 
git-svn-id: file:///home/svn/framework3/trunk@13440 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-31 00:56:40 +00:00
Matt Weeks 630fb999f8 Don't display or load events table by default. Also, only reload visible windows on refresh. 
git-svn-id: file:///home/svn/framework3/trunk@13436 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-30 21:51:07 +00:00
Matt Weeks 8447141a0c Include check for crypto algorithm support. 
git-svn-id: file:///home/svn/framework3/trunk@13430 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-30 19:38:35 +00:00
Matt Weeks b4a58989c4 Give choice of rpcd to connect to when last remembered connection is still running. 
git-svn-id: file:///home/svn/framework3/trunk@13424 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-30 15:22:27 +00:00
James Lee 0f95070f3f add a request type for grabbing the host's directory separator, fixes #4892 
git-svn-id: file:///home/svn/framework3/trunk@13346 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-26 20:51:33 +00:00
James Lee 6b1dfd5908 meterpreter compiles on modern linux! see #2418 
git-svn-id: file:///home/svn/framework3/trunk@13333 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-25 07:59:51 +00:00
James Lee dd84169187 tell the linker to make DT_HASH sections instead of DT_GNU_HASH which msflinker can't handle 
git-svn-id: file:///home/svn/framework3/trunk@13332 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-24 23:50:55 +00:00
James Lee 5c5861cc9b add a 'clean' target 
git-svn-id: file:///home/svn/framework3/trunk@13328 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-24 19:25:19 +00:00
HD Moore 75bef2b98a Apply a diff to fix bad ifdef usage 
git-svn-id: file:///home/svn/framework3/trunk@13324 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-23 20:31:58 +00:00
HD Moore 47eb4cbd86 Add an ifdef around the wininet setup routine 
git-svn-id: file:///home/svn/framework3/trunk@13323 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-23 20:16:19 +00:00
Matt Weeks 9ebbe84a4a Update to version 4. 
Add first-run detection that farms out database initialization to msfconsole.
Autostart RPC if no other option is selected.
Check for RPC death in startup.
More lenient socket timeouts.



git-svn-id: file:///home/svn/framework3/trunk@13301 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-23 00:05:38 +00:00
James Lee 3c261c346f add support for java/meterpreter/reverse_http. assuming i didn't miss any files, fixes #4946, thanks mihi! 
git-svn-id: file:///home/svn/framework3/trunk@13213 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-18 23:15:06 +00:00
James Lee 0d585ffb4c add the source files for RMILoader and RMIPayload. fixes #4738, which has nothing to do with #4378 that i dyslexified in r13185 
git-svn-id: file:///home/svn/framework3/trunk@13187 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-15 22:28:40 +00:00
James Lee 1d25a6d7d1 add an exploit for java's rmid and rmiregistry code-execution-by-design and supporting source. fixes #4378, thanks mihi! 
git-svn-id: file:///home/svn/framework3/trunk@13185 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-15 20:42:31 +00:00
Matt Weeks 8f79fd1e5f Add "crack passwords" option. 
git-svn-id: file:///home/svn/framework3/trunk@13169 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-14 03:06:07 +00:00
Matt Weeks fdf6660a55 Properly filter error messages which have changed, 
escape options passed through command line,
run database reload in separate thread,
and make connecting to the database even more automagical.



git-svn-id: file:///home/svn/framework3/trunk@13168 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-14 02:39:16 +00:00
James Lee cdeacc85f3 fix some incorrect arguments to memset, thanks sbz for noticing. 
git-svn-id: file:///home/svn/framework3/trunk@13123 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-07 23:14:44 +00:00
James Lee f01d29e4a5 add support for absolute paths, fixes #4874 
git-svn-id: file:///home/svn/framework3/trunk@13108 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-06 21:35:51 +00:00
HD Moore 8816d2135f Merge in changes from thelightcosine that add RegLoadKey/RegUnloadKey support 
git-svn-id: file:///home/svn/framework3/trunk@13089 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-02 04:03:23 +00:00
HD Moore e9bb388593 Use size_t instead of int 
git-svn-id: file:///home/svn/framework3/trunk@13063 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-29 06:35:44 +00:00
HD Moore 35801febd7 Lets try this again, POSIX style 
git-svn-id: file:///home/svn/framework3/trunk@13061 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-29 06:30:24 +00:00
HD Moore 96ff575998 Add md5/sha1 
git-svn-id: file:///home/svn/framework3/trunk@13060 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-29 06:12:15 +00:00
HD Moore 9220506ba2 Merge in recent meterpreter work. These are not the commits you are looking for (more info on what all this is later this week). 
git-svn-id: file:///home/svn/framework3/trunk@13053 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-28 21:26:43 +00:00
HD Moore dc1e42af2c Make sure empty replies are take into account for the session keep alive 
git-svn-id: file:///home/svn/framework3/trunk@13052 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-28 21:22:48 +00:00
HD Moore 80643cc152 Adds a remote shutdown api 
git-svn-id: file:///home/svn/framework3/trunk@13050 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-28 18:11:17 +00:00
HD Moore c1935eda06 Re-add the missing SendRequest, make migrate work 
git-svn-id: file:///home/svn/framework3/trunk@13048 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-28 17:25:37 +00:00
HD Moore c53899f9b7 Clean a few things up 
git-svn-id: file:///home/svn/framework3/trunk@13046 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-28 07:40:32 +00:00
HD Moore 3bb2a2d07f Rework this for compatibility with older OSs 
git-svn-id: file:///home/svn/framework3/trunk@13045 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-28 07:30:48 +00:00
HD Moore fdfaf5b17b Merge in some recent meterpreter work, still a ways off before this is ready to use. 
git-svn-id: file:///home/svn/framework3/trunk@13044 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-28 05:57:36 +00:00
Matt Weeks b70eeec942 Cleanup error messages; more descriptive and appropriate. 
git-svn-id: file:///home/svn/framework3/trunk@13021 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-25 03:53:32 +00:00
HD Moore 46eb182d81 Adds support for connecting to remote registry services with the current processes' credentials. See #1894 
git-svn-id: file:///home/svn/framework3/trunk@12923 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-12 00:00:56 +00:00
HD Moore 662840404f Fixes #4296 by merging in David Maloney's registry patch. The ruby side will be merged once the new binaries are in SVN 
git-svn-id: file:///home/svn/framework3/trunk@12920 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-11 23:04:25 +00:00
HD Moore 46dbaae454 Check the correct counter before bailing, this would cause a segmented header to kill the session. Pointed out by an anonymous contributor (new bins once the rest of the pending merge work is finished). 
git-svn-id: file:///home/svn/framework3/trunk@12918 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-11 22:53:04 +00:00
HD Moore 69b684ad0c Remove an unused variable 
git-svn-id: file:///home/svn/framework3/trunk@12917 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-11 22:43:31 +00:00
HD Moore 3833d2a098 Fix up the sniffer build environment, add the pivot project to the solution (even though its not part of the OSS tree). 
git-svn-id: file:///home/svn/framework3/trunk@12916 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-11 22:42:59 +00:00
Matt Weeks 2ea3e5ee0f Fix issues with showing popups on exit, and make it clear why start/connect fails on bad creds. 
git-svn-id: file:///home/svn/framework3/trunk@12914 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-11 22:25:14 +00:00
Matt Weeks d4e9e303c6 rejigger session list columns. 
git-svn-id: file:///home/svn/framework3/trunk@12789 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-31 23:09:44 +00:00
HD Moore 3e0f3639ef This adds a quick windows/loadlibrary payload for folks who have a need for such things. The library path can be a UNC location and works fine over WebDAV... 
git-svn-id: file:///home/svn/framework3/trunk@12765 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-30 03:44:59 +00:00
Matt Weeks 23ee4b3aa8 Display additional version info in about box. 
git-svn-id: file:///home/svn/framework3/trunk@12658 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-18 21:43:52 +00:00
Matt Weeks 543ec2c3a1 Format fix. 
git-svn-id: file:///home/svn/framework3/trunk@12613 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-14 17:19:28 +00:00
Stephen Fewer c48633cff0 Merge in a rewritten windows x86 reverse_ipv6_tcp stager (The previous one seems hosed since r6744 due to new host/port offsets[1] but the shellcode blob remained the same after modification[2]) - This new one uses the block_api_call technique, is 37 bytes smaller and can handle arbitrary size stages. 
[1] https://dev.metasploit.com/redmine/projects/framework/repository/revisions/6744/diff/modules/payloads/stagers/windows/reverse_ipv6_tcp.rb
[2] https://dev.metasploit.com/redmine/projects/framework/repository/revisions/6744/diff/external/source/shellcode/windows/stager_reverse_ipv6_tcp_nx.asm

git-svn-id: file:///home/svn/framework3/trunk@12562 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-08 01:44:08 +00:00
Matt Weeks 5fa2a9458f Don't encode when not instructed. 
git-svn-id: file:///home/svn/framework3/trunk@12561 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-07 21:22:03 +00:00
Matt Weeks 971b6f96f6 pxesploit update; compatibility with x64, compatibility with different windows versions. 
Still no custom payload yet.



git-svn-id: file:///home/svn/framework3/trunk@12430 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-25 02:51:07 +00:00
James Lee 30bc742740 merge mihi's patch for adding ps and audio recording to java meterpreter, fixes #3898 
git-svn-id: file:///home/svn/framework3/trunk@12372 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-19 22:39:25 +00:00
Matt Weeks fa808addd0 New Icon. 
git-svn-id: file:///home/svn/framework3/trunk@12345 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-17 13:29:01 +00:00
Matt Weeks 86ef20a6c2 Removing unnecessary print. 
git-svn-id: file:///home/svn/framework3/trunk@12340 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-16 23:07:12 +00:00
Matt Weeks 41d3b6fb93 Accessibility/personalization: Allow choosing custom foreground/background color. 
git-svn-id: file:///home/svn/framework3/trunk@12337 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-16 22:12:34 +00:00
Matt Weeks 8e60901ebf Add support for changing font size application-wide. Also make Look and Feel changes immediately visible and added jar output format support for payloads. 
git-svn-id: file:///home/svn/framework3/trunk@12332 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-16 02:15:35 +00:00
Matt Weeks aa72f18ec2 Use quotes less. Fixes browsing to directories with spaces in them issue. 
git-svn-id: file:///home/svn/framework3/trunk@12222 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-03 00:26:25 +00:00
Matt Weeks 6024459780 Better autoreconnect on crash/kill. 
git-svn-id: file:///home/svn/framework3/trunk@12149 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-26 18:53:16 +00:00
David Rude 8c614a9296 made the shellcode request random to avoid signatures 
git-svn-id: file:///home/svn/framework3/trunk@12148 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-26 16:00:52 +00:00
David Rude ff3659aa37 Lots of work to make this a lot more reliable =) 
git-svn-id: file:///home/svn/framework3/trunk@12146 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-26 06:35:28 +00:00
Matt Weeks b220156911 Get rid of error message for non-error. 
git-svn-id: file:///home/svn/framework3/trunk@12120 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-24 00:15:18 +00:00
Matt Weeks 5274cfdc13 Save workspace. 
git-svn-id: file:///home/svn/framework3/trunk@12076 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 00:21:37 +00:00
Matt Weeks 1a68ab3b07 Retry on certain timeouts, and properly synchronize timeouts. 
git-svn-id: file:///home/svn/framework3/trunk@12075 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-22 23:58:10 +00:00
Matt Weeks b1b0004aa4 Stack trace on session list errors. Should help addressing #3677 
git-svn-id: file:///home/svn/framework3/trunk@12064 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-22 01:05:48 +00:00
Matt Weeks 299de38302 Fix some option processing. 
git-svn-id: file:///home/svn/framework3/trunk@12054 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-21 03:40:26 +00:00
Matt Weeks fd4712e795 Typo. 
git-svn-id: file:///home/svn/framework3/trunk@12053 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-21 03:13:15 +00:00
Matt Weeks b06e9b5696 Fix locking issue and set default LnF to nimbus. (works better with, e.g. Backtrack) 
git-svn-id: file:///home/svn/framework3/trunk@12052 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-21 03:08:20 +00:00
Matt Weeks b413b8aa99 Fix null pointer bug. 
git-svn-id: file:///home/svn/framework3/trunk@12047 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-21 01:49:54 +00:00
Matt Weeks 931e2179b7 Add ability to arbitrarily change Look and Feel. 
git-svn-id: file:///home/svn/framework3/trunk@12038 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-20 20:17:51 +00:00
Matt Weeks ea274d1537 Tabs-moveable in, out of, and between windows. 
Databse nmap and export added.
Number of view preferences added.
Some bugs fixed.



git-svn-id: file:///home/svn/framework3/trunk@12031 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-20 00:59:38 +00:00
Joshua Drake fb6107ffb5 enable java payloads, currently via one-off method 
git-svn-id: file:///home/svn/framework3/trunk@12012 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-17 23:57:11 +00:00
Joshua Drake 4644110962 add exploit for cve-2010-4452, currently windows only and no payloads :( 
git-svn-id: file:///home/svn/framework3/trunk@11982 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-16 04:50:25 +00:00
Matt Weeks fa3c038f1d Check for nulls/nils when retrieving client list 
git-svn-id: file:///home/svn/framework3/trunk@11963 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-15 16:52:01 +00:00
Matt Weeks 27aaab9e8d Save window sizes and make formatting nicer. 
git-svn-id: file:///home/svn/framework3/trunk@11939 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-12 00:49:29 +00:00
Matt Weeks dafb085772 Unify option handling code, reducing duplicate code while improving payload option handling and enabling payload handlers to be run in console. 
git-svn-id: file:///home/svn/framework3/trunk@11895 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-08 02:53:04 +00:00
Matt Weeks 14bc4ecbe7 Fix bugs with rerunning post modules and searching. 
git-svn-id: file:///home/svn/framework3/trunk@11883 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-05 22:37:17 +00:00
Matt Weeks f78d1bc7b7 Different types of input elements for the different types of options. 
git-svn-id: file:///home/svn/framework3/trunk@11781 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-21 18:18:29 +00:00
Matt Weeks fd03824a46 Fix errors when msfrpc is killed outside of msfgui. 
git-svn-id: file:///home/svn/framework3/trunk@11720 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-08 00:51:01 +00:00
James Lee 758da50090 use the correct length for copying arguments, fixes #3526, thanks mihi! 
git-svn-id: file:///home/svn/framework3/trunk@11700 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-02 21:26:29 +00:00
Matt Weeks 8a32407375 Oops, use this one. 
git-svn-id: file:///home/svn/framework3/trunk@11637 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-25 02:25:02 +00:00
Matt Weeks 5ef1cbe966 Add GUI ability to disable DB, and properly restore saved options. 
git-svn-id: file:///home/svn/framework3/trunk@11627 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-23 22:23:27 +00:00
Matt Weeks 067c612d9e Make creds visible to RPC and GUI. 
git-svn-id: file:///home/svn/framework3/trunk@11602 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-19 20:09:18 +00:00
Matt Weeks 3b7253aa8b Add generic support for post modules. 
Now supporting options.
Also, code clean up and better comments



git-svn-id: file:///home/svn/framework3/trunk@11582 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-16 00:06:22 +00:00
Matt Weeks 71ff357bf1 Add support for bypassuac and SNMP post modules and update scripts which have been converted to post modules. 
git-svn-id: file:///home/svn/framework3/trunk@11578 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-14 04:05:14 +00:00
Stephen Fewer 41e5a4c61d Fix for #3482, the empty value occurs when no service pack is present. The fix simply tests for this. Also remove the two unused params on the _snprintf call. 
git-svn-id: file:///home/svn/framework3/trunk@11542 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-11 14:29:16 +00:00
Matt Weeks d25cda1f74 Add sound recording support to GUI. 
git-svn-id: file:///home/svn/framework3/trunk@11530 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-10 02:50:45 +00:00
Matt Weeks 91151f1d1d Update persistence options dialog. 
git-svn-id: file:///home/svn/framework3/trunk@11522 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-08 18:27:21 +00:00
Matt Weeks b2ed512f44 Fix advanced/evasion opts display. 
git-svn-id: file:///home/svn/framework3/trunk@11510 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-07 21:01:41 +00:00
Matt Weeks b098690d5c Can now save webcam frame; console history now kept per-window. 
git-svn-id: file:///home/svn/framework3/trunk@11487 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-06 17:55:44 +00:00
HD Moore 4971a0d7af Add Skylined's "You Got Pwned" payload 
git-svn-id: file:///home/svn/framework3/trunk@11485 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-06 17:34:09 +00:00
HD Moore 5d23306f01 Add bypassuac source to the tree 
git-svn-id: file:///home/svn/framework3/trunk@11484 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-06 17:30:20 +00:00
Matt Weeks 99ab6a59dd Msfgui fixes: 
Make module window work better with smaller screens. 
Fix option title display issues on GTK and in smaller windows. 
RPC backend handles tabs and avoids crash on embedded nulls. 
Cancelling exit confirmation aborts exit. 
Reopening file browser and other session windows is faster and saves location. 
Remove defunct vendor on about window.



git-svn-id: file:///home/svn/framework3/trunk@11461 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-02 22:34:27 +00:00
HD Moore 5875fdb701 Two new SNMP community enumeration tools for Windows by tebo (local account list and SMB shares). Addition of a Meterpreter script for snagging the SNMP community from the registry 
git-svn-id: file:///home/svn/framework3/trunk@11410 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-25 06:08:34 +00:00
Matt Weeks a3126ad8b5 Fix typo error on re-selecting stored target while loading a previously run module. 
git-svn-id: file:///home/svn/framework3/trunk@11379 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-20 01:59:29 +00:00
Matt Weeks d390c2eb80 Reduce number of menu items on module lists to work with a little bit smaller screens and clean up log output. 
git-svn-id: file:///home/svn/framework3/trunk@11378 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-20 00:57:38 +00:00
Matt Weeks 599df0a71a Fix error with recording on certain Windows versions. 
git-svn-id: file:///home/svn/framework3/trunk@11311 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-12 20:12:03 +00:00
Matt Weeks d28cc9bb5a Fixes #3290, allows address to be specified in an address bar and allows downloading multiple files. 
git-svn-id: file:///home/svn/framework3/trunk@11229 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-05 20:06:28 +00:00
Matt Weeks afa572e03b Fix issue with scroll bars not being shown when many sessions were visible but the window had been resized to a small size. 
git-svn-id: file:///home/svn/framework3/trunk@11184 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-30 23:52:25 +00:00
James Lee 191c4e8eb7 make java_signed_applet work with generic java payloads, but keep the default target as Windows/x86 since it is by far the most common victim. 
git-svn-id: file:///home/svn/framework3/trunk@11172 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-30 03:50:40 +00:00
Matt Weeks aa827488cd Auto-load database connection info from windows install into database connection dialog if connection info is missing. 
git-svn-id: file:///home/svn/framework3/trunk@11170 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-30 01:34:26 +00:00
Matt Weeks 3812aa95f4 Add webcam support to GUI. 
git-svn-id: file:///home/svn/framework3/trunk@11161 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-29 02:31:59 +00:00
Matt Weeks 61242f3c2c Catch invalid webcam frame requests. 
git-svn-id: file:///home/svn/framework3/trunk@11160 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-29 02:23:01 +00:00
Matt Weeks c3f98de6f5 Add task scheduler permissions escalation support to GUI. 
git-svn-id: file:///home/svn/framework3/trunk@11153 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-25 15:48:05 +00:00
James Lee 90182c01f5 update documentation for executable dropper, thanks mihi 
git-svn-id: file:///home/svn/framework3/trunk@11105 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-23 00:58:17 +00:00
James Lee 85a4eb703c remove examples. if a user wants examples, they can build them. 
git-svn-id: file:///home/svn/framework3/trunk@11104 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-23 00:56:54 +00:00
Matt Weeks 2e72926638 Add audio (microphone) recording support to stdapi. 
git-svn-id: file:///home/svn/framework3/trunk@11087 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-22 00:32:39 +00:00
James Lee 6f7af42667 add an exploit for cve-2010-3563, thanks Matthias Kaiser 
git-svn-id: file:///home/svn/framework3/trunk@11078 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-19 23:02:35 +00:00
Matt Weeks c424d6b403 Make options more consistent when launching a handler. 
git-svn-id: file:///home/svn/framework3/trunk@11054 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-17 00:26:39 +00:00
Matt Weeks 2a333d8106 Properly handle cancelling certain GUI commands, and issuing them multiple times, etc. 
git-svn-id: file:///home/svn/framework3/trunk@11044 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-14 20:39:14 +00:00
Matt Weeks 7f53f36150 Sanity check on connecting. Also IDE update. 
git-svn-id: file:///home/svn/framework3/trunk@11043 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-14 20:12:20 +00:00
Matt Weeks 560c1847c3 Properly return error if no webcams present (instead of killing session). 
git-svn-id: file:///home/svn/framework3/trunk@11041 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-14 19:59:31 +00:00
Matt Weeks bbf5cb9e5f Typo. 
git-svn-id: file:///home/svn/framework3/trunk@11040 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-14 19:57:48 +00:00
Matt Weeks 594a46bfc7 Merge webcam extension into stdapi. 
git-svn-id: file:///home/svn/framework3/trunk@10997 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-11 22:36:54 +00:00
James Lee 85640627ab add ability to drop an executable from the jar. see #406, thanks mihi 
git-svn-id: file:///home/svn/framework3/trunk@10973 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-10 19:54:56 +00:00
Matt Weeks 2d2e1989aa Fix memory leak. 
git-svn-id: file:///home/svn/framework3/trunk@10964 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-09 23:37:56 +00:00
Matt Weeks db602dd478 Add functional in-memory webcam support. 
git-svn-id: file:///home/svn/framework3/trunk@10954 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-09 02:24:28 +00:00
Matt Weeks ec70016b53 Don't update data if no data received. 
git-svn-id: file:///home/svn/framework3/trunk@10934 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-06 19:43:47 +00:00
Matt Weeks 7d6add8a35 Fix prompt error, update prompt even if no data received. 
git-svn-id: file:///home/svn/framework3/trunk@10931 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-06 17:38:29 +00:00
Matt Weeks f15b370127 And add logging. 
git-svn-id: file:///home/svn/framework3/trunk@10930 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-06 17:04:47 +00:00
Matt Weeks bc983ea52c Run meterpreter GUI commands in background to not interfere with active shell or other channel interaction. 
Also simplify calling commands in file browser and process viewer.



git-svn-id: file:///home/svn/framework3/trunk@10929 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-06 16:51:48 +00:00
Matt Weeks de6feffcd9 Add rank class. 
git-svn-id: file:///home/svn/framework3/trunk@10875 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-03 00:40:33 +00:00
Matt Weeks b15ba92567 Add rank; fix issue with searching. 
git-svn-id: file:///home/svn/framework3/trunk@10873 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-02 23:35:12 +00:00
Matt Weeks db4c6ae246 Properly show compatible payloads. Important for cross-platform exploits. 
git-svn-id: file:///home/svn/framework3/trunk@10870 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-02 22:41:49 +00:00
James Lee 68815a27ba add the servlet lib to classpath for eclipse project 
git-svn-id: file:///home/svn/framework3/trunk@10869 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-02 22:39:08 +00:00
James Lee dcb850f56a merge patches to fix a race condition in java meterpreter stager and a compatibility fix for gcj-based JVMs, thanks mihi\! java meterpreter now works with tomcat_mgr_deploy, see #3009 
git-svn-id: file:///home/svn/framework3/trunk@10864 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-02 19:59:57 +00:00
Matt Weeks c94c95bb04 Make the bottom button work too. 
git-svn-id: file:///home/svn/framework3/trunk@10859 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-02 00:22:57 +00:00
Matt Weeks 6970e1834e Fix bug with summarized options. 
git-svn-id: file:///home/svn/framework3/trunk@10858 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-02 00:05:25 +00:00
Matt Weeks 3dd35cdcd4 Msfgui log fix. Fix identification of empty host list when consoles have been opened. Also change colors. Colors were a dumb idea. 
git-svn-id: file:///home/svn/framework3/trunk@10849 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-30 22:12:15 +00:00
pks 20b96ae0c1 Partial implementation of in memory execution and update binary 
git-svn-id: file:///home/svn/framework3/trunk@10839 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-28 12:44:39 +00:00
Matt Weeks 85e7c799f7 Log modules runs that are started through console. 
git-svn-id: file:///home/svn/framework3/trunk@10811 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-24 20:20:10 +00:00
Matt Weeks ec15abd8dc Add SSL support to connection starting/connecting. 
git-svn-id: file:///home/svn/framework3/trunk@10810 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-24 20:09:04 +00:00
Matt Weeks 5619b7d57e Fix for 3.5. 
git-svn-id: file:///home/svn/framework3/trunk@10808 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-24 13:17:19 +00:00
Matt Weeks 780bdb32d3 Try ruby.exe first. 
git-svn-id: file:///home/svn/framework3/trunk@10807 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-24 00:59:11 +00:00
Matt Weeks cdef02c382 Add new command to try when starting msfrpcd. 
git-svn-id: file:///home/svn/framework3/trunk@10801 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-23 23:13:12 +00:00
Matt Weeks 32875e1524 Propery highlight recent modules. 
git-svn-id: file:///home/svn/framework3/trunk@10799 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-23 22:02:22 +00:00
Matt Weeks 560d79bb78 Standardize duplicate-option removal. 
git-svn-id: file:///home/svn/framework3/trunk@10797 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-23 21:37:58 +00:00
Matt Weeks a2801e5dc1 Add detach/kill support to interacting meterpreter channels over RPC. Also clean some duplicated code in session interaction. 
git-svn-id: file:///home/svn/framework3/trunk@10794 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-23 17:05:48 +00:00
James Lee f33d7cc670 revamp java payloads and make shells work with tomcat_mgr_deploy. tested java_trusted_chain and java_tester to verify that this doesn't break other java payload usage. see #3009 and #2973, meterpreter doesn't work yet, so not marking resolved. 
git-svn-id: file:///home/svn/framework3/trunk@10781 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-22 10:19:51 +00:00
Joshua Drake f997b37245 remove the kitrap0d meterpreter script in favor of the "getsystem" implementation, fixes #800, fixes #801 
git-svn-id: file:///home/svn/framework3/trunk@10739 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-18 23:57:41 +00:00
Matt Weeks 63d578dd7e Add GUI support to service permissions escalate script. 
git-svn-id: file:///home/svn/framework3/trunk@10723 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-17 23:34:37 +00:00
Matt Weeks 881f8e7919 Better error handling in gui shutdown code 
git-svn-id: file:///home/svn/framework3/trunk@10710 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-16 19:18:53 +00:00
Matt Weeks ca127fcf43 Display error in getting session list without displaying a new dialog window. 
git-svn-id: file:///home/svn/framework3/trunk@10709 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-16 18:54:54 +00:00
Matt Weeks f644580ec3 Minor fix on recent modules. 
git-svn-id: file:///home/svn/framework3/trunk@10702 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-16 00:19:42 +00:00
Matt Weeks ec4343c686 Improved object/XML conversion in XMLRPC code and changed config file to reuse the same code 
so that normal java HashMaps, Lists, Strings, etc can be used instead of converting to and 
from DOM nodes (easier to store complex objects). Module list is now stored with time each 
module was first seen, and recent modules are highlighted. Accompanying minor edits included.



git-svn-id: file:///home/svn/framework3/trunk@10701 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-15 23:02:53 +00:00
Matt Weeks 11bd6b2a95 Change conf file location to main msf conf dir; add scripts. 
git-svn-id: file:///home/svn/framework3/trunk@10677 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-14 01:10:17 +00:00
Matt Weeks 51169377a9 Remove bad shell hack. 
git-svn-id: file:///home/svn/framework3/trunk@10676 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-14 00:39:45 +00:00
Matt Weeks 2ba327c3aa Don't lose history when connection is unsuccessful or connection info when not starting up an rpcd. 
git-svn-id: file:///home/svn/framework3/trunk@10675 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-14 00:34:07 +00:00
Matt Weeks e981b89ed4 Add Ctrl+C and Ctrl+Z support to gui console. 
git-svn-id: file:///home/svn/framework3/trunk@10641 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-11 15:57:01 +00:00
HD Moore 2e9138ebbc This commit overhauls much of the meterpreter timeouts and staging processes. This fixes a bug with concurrent session handling, reduces CPU load by caching a single SSL certificate for all sessions, increases all of the critical timeouts, and generally makes mass ownage work better. We still need to limit the maximum number of concurrent on_session() threads to something sane to prevent sesssion spikes from dragging out the process even longer. The C-side meterpreter change is minimal and will only help with future compatibility if we move to non-blocking fd's for the SSL socket. 
git-svn-id: file:///home/svn/framework3/trunk@10595 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-08 04:11:47 +00:00
pks 872c8b09c7 Add the ability to clean up file descriptors in the remote process. 
git-svn-id: file:///home/svn/framework3/trunk@10587 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-07 11:52:45 +00:00
pks 754225a80d Implement per dispatch run channel_write of packets, remove __FUNCTION__ due to dprintf changes, and fix shutting down networkpug interfaces. Re-add networkpug binary. 
git-svn-id: file:///home/svn/framework3/trunk@10586 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-07 11:52:38 +00:00
Matt Weeks cb453a97ab Temporary workaround for #2261 - make new console for shell. 
git-svn-id: file:///home/svn/framework3/trunk@10578 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-06 23:10:18 +00:00
Stephen Fewer df8b9f8e95 Merge in the IPv6 Teredo patch. 
git-svn-id: file:///home/svn/framework3/trunk@10543 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-04 11:02:46 +00:00
Matt Weeks dc108abc56 Oops. Typo. 
git-svn-id: file:///home/svn/framework3/trunk@10506 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-28 23:19:18 +00:00
pks 14cabd2611 Allow debugging to be enabled. 
This will make it easier to hopefully track down bugs.

exploitme-posix.c - make complete stack executable. On some kernel versions, execstack doesn't do the trick.

git-svn-id: file:///home/svn/framework3/trunk@10485 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-26 05:58:59 +00:00
pks 784e355d93 Networkpug improvements 
git-svn-id: file:///home/svn/framework3/trunk@10484 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-26 05:58:48 +00:00
Matt Weeks 2290b47c96 Add encoder support to exploits 
git-svn-id: file:///home/svn/framework3/trunk@10480 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-26 00:07:02 +00:00
pks 740e2c1ab2 Change base from 0x90040000 to 0x20040000. 
This is more portable across kernel versions / patches it seems. This
will be better for SEGMEXEC compatibility as well.

git-svn-id: file:///home/svn/framework3/trunk@10455 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-24 04:06:28 +00:00
pks 50241faa57 Implement a sniffer for posix meterpreter using libpcap. 
This version of the sniffer supports packet filtering after the packet count variable, like so:

meterpreter > sniffer_interfaces

1 - 'eth0' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
2 - 'any' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
3 - 'lo' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )

meterpreter > use sniffer
Loading extension sniffer...success.
meterpreter > sniffer_start 1 500000 icmp <-- picks up only icmp packets.
[*] Capture started on interface 1 (500000 packet buffer)
meterpreter > sniffer_stop 1
[*] Capture stopped on interface 1

git-svn-id: file:///home/svn/framework3/trunk@10424 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 11:43:30 +00:00
pks a179836fca Initial import of networkpug, a pivoting interface using libpcap to monitor/inject packets on a interface on the remote machine. 
git-svn-id: file:///home/svn/framework3/trunk@10423 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 09:35:46 +00:00
pks f196333e02 Strip debugging symbols when compiling the linker. 
git-svn-id: file:///home/svn/framework3/trunk@10419 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 05:13:53 +00:00
pks e30b420834 Railgun is windows specific at the moment, move the header include down a little bit and #ifdef the functions down a bit. 
git-svn-id: file:///home/svn/framework3/trunk@10418 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 05:13:47 +00:00
pks 49b87daa7d Implement locking in dl* functions 
git-svn-id: file:///home/svn/framework3/trunk@10417 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 05:13:40 +00:00
pks 89b33c2cc7 Implement a crash handler to ease debugging 
git-svn-id: file:///home/svn/framework3/trunk@10416 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 05:13:34 +00:00
pks 3c99897115 Missing file, QWORD compile fix, and thread error handling improvements. 
asm/ucontext.h will be used to implement a crash handler in msflinker,
which should allow for easier debugging and development of msflinker
and extension code.

thread.c/h, fixes a bug if you thread_create(), but stop the thread before
running it.

Compilation fix for WSAGetLastError

git-svn-id: file:///home/svn/framework3/trunk@10415 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 05:13:27 +00:00
Matt Weeks 6736f6d5be Make encoding payloads a million times faster. 
git-svn-id: file:///home/svn/framework3/trunk@10374 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-19 02:45:55 +00:00
Matt Weeks 16f2e33442 Better support issuing commands to multiple sessions. 
git-svn-id: file:///home/svn/framework3/trunk@10360 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-17 22:18:52 +00:00
Matt Weeks 908976c70a Add ability to refresh console list, and only start polling for input on sessions when the window is opened. 
git-svn-id: file:///home/svn/framework3/trunk@10359 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-17 21:41:08 +00:00
Matt Weeks 9712a99e42 Properly save host connecting to. 
git-svn-id: file:///home/svn/framework3/trunk@10356 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-17 21:13:42 +00:00
Matt Weeks c68861e4f4 Logout if not stopping the rpc daemon. 
git-svn-id: file:///home/svn/framework3/trunk@10349 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-17 17:43:45 +00:00
Stephen Fewer 50e6d8f0e3 Delete the railgun meterpreter extension and add railgun support directly into stdapi. Support now includes Windows x64. Update meterpreter packet core to handle QWORD TLV's. 
git-svn-id: file:///home/svn/framework3/trunk@10317 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-14 23:21:36 +00:00
Joshua Drake d8fb8e5c49 merge in another posix meterpreter update from philip, see #2418 
git-svn-id: file:///home/svn/framework3/trunk@10307 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-13 14:44:00 +00:00
Matt Weeks f18ce42d1f Remove unnecessary options to console run. 
git-svn-id: file:///home/svn/framework3/trunk@10298 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-11 22:40:13 +00:00
Matt Weeks cefe0ecb45 Add ability to run modules in console, some other fixes. 
git-svn-id: file:///home/svn/framework3/trunk@10297 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-11 21:54:19 +00:00
James Lee f15981074b add source for java meterpreter. see #406 
git-svn-id: file:///home/svn/framework3/trunk@10294 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-11 17:47:39 +00:00
Matt Weeks 12b15506c6 Log database connection, plugin loading/unloading, and session upgrades. 
git-svn-id: file:///home/svn/framework3/trunk@10292 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-11 16:35:03 +00:00
Matt Weeks cb41474f49 fix typo and import errors. 
git-svn-id: file:///home/svn/framework3/trunk@10291 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-11 16:17:12 +00:00
Matt Weeks 711cf6d9ef Prefer autodetect on importing, since other options are deprecated. 
git-svn-id: file:///home/svn/framework3/trunk@10290 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-11 16:13:26 +00:00
Matt Weeks 995b289635 Add session upgrade capability to command shells. 
git-svn-id: file:///home/svn/framework3/trunk@10289 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-11 15:59:19 +00:00
Matt Weeks f8dafa0308 Display platform on session list for meterpreter sessions. 
git-svn-id: file:///home/svn/framework3/trunk@10288 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-11 15:31:42 +00:00
Joshua Drake e3a5195c62 commit some fixes from philip, see #2418 
git-svn-id: file:///home/svn/framework3/trunk@10275 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-09 15:51:30 +00:00
Joshua Drake c3db1d7a7f commit some fixes from philip, see #2418 
git-svn-id: file:///home/svn/framework3/trunk@10272 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-09 15:39:28 +00:00
James Lee 85126af521 add an exploit module for cve-2010-0094, thanks Matthias Kaiser. 
git-svn-id: file:///home/svn/framework3/trunk@10255 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-08 08:20:55 +00:00
Matt Weeks b24a7db785 Add workspace support throughout GUI; add/select/remove db workspace and set default workspace when running modules. 
git-svn-id: file:///home/svn/framework3/trunk@10233 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-03 17:13:53 +00:00
Matt Weeks 62e27afa36 Add support for deleting items and add clients, notes, and loots db queries. 
git-svn-id: file:///home/svn/framework3/trunk@10226 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-03 00:43:06 +00:00
Matt Weeks 9e86da570e Initialize framework after forking when running msfrpcd as a daemon. Fixes #2465 by running database task thread in daemon. 
git-svn-id: file:///home/svn/framework3/trunk@10207 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-31 23:24:54 +00:00
Joshua Drake 8dc12802fa add termio.h back, see #2418 
git-svn-id: file:///home/svn/framework3/trunk@10203 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-31 15:11:29 +00:00
Joshua Drake 3b67eefe4e sync up with Philip's code, see #2418 
git-svn-id: file:///home/svn/framework3/trunk@10202 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-31 15:10:41 +00:00
Matt Weeks 6dcd8a8269 Use new search command and script for search/download in gui. 
git-svn-id: file:///home/svn/framework3/trunk@10198 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-30 22:59:46 +00:00
Stephen Fewer a0f86c62e3 Meterpreter search support to leverage the index on older systems (2000/XP/2003) via Windows Desktop Search v2. 
git-svn-id: file:///home/svn/framework3/trunk@10187 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-30 09:50:41 +00:00
Matt Weeks 77aa35c53f Allow viewing connection details. 
git-svn-id: file:///home/svn/framework3/trunk@10182 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-29 02:50:03 +00:00
Matt Weeks d5b31adc6d Only enable menus when connected to an msfrpc server 
git-svn-id: file:///home/svn/framework3/trunk@10180 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-28 19:56:11 +00:00
Matt Weeks a32e88b509 Simplify calling RPC functions in gui with implicit argument array. 
git-svn-id: file:///home/svn/framework3/trunk@10179 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-28 19:43:38 +00:00
Matt Weeks 60105d8f24 Basic gui plugin support. 
git-svn-id: file:///home/svn/framework3/trunk@10178 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-28 19:23:19 +00:00
Matt Weeks 633f84888e Add support for database connect and disconnect, saving connection details. 
git-svn-id: file:///home/svn/framework3/trunk@10176 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-28 18:09:30 +00:00
Stephen Fewer 53bfdb6f37 Commit the source for meterpreter file searching... 
git-svn-id: file:///home/svn/framework3/trunk@10165 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-27 14:44:42 +00:00
Matt Weeks 8f52ae02df Tabs disabled until loaded from database, auto-load database on connect, and more simplified database calls, 
git-svn-id: file:///home/svn/framework3/trunk@10161 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-26 23:49:35 +00:00
Joshua Drake aee73a3129 resolve some case insensitive filename issues 
git-svn-id: file:///home/svn/framework3/trunk@10158 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-26 17:32:34 +00:00
Joshua Drake 778ee60d2c update additional files, see #2418 
git-svn-id: file:///home/svn/framework3/trunk@10156 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-26 07:25:15 +00:00
Joshua Drake 067830a8d0 remove the old elf server, see #2418, should have been part of r10154 
git-svn-id: file:///home/svn/framework3/trunk@10155 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-26 05:24:20 +00:00
Joshua Drake 6d1ed6d779 first attempt to merge in Philip Sanderson's work on the POSIX meterpreter 
git-svn-id: file:///home/svn/framework3/trunk@10154 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-26 05:16:27 +00:00
HD Moore 3b7c23b841 Remove the duplicate copy 
git-svn-id: file:///home/svn/framework3/trunk@10145 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-25 19:22:02 +00:00
HD Moore 24e4645ecb Updated with revision data, additional bug fixes 
git-svn-id: file:///home/svn/framework3/trunk@10141 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-25 15:13:27 +00:00
HD Moore df918670a2 Add a revision 
git-svn-id: file:///home/svn/framework3/trunk@10140 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-25 15:13:06 +00:00
HD Moore 633a169971 Add a packaging script 
git-svn-id: file:///home/svn/framework3/trunk@10139 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-25 15:11:19 +00:00
HD Moore c12947192c Use the same wait logic for analyze 
git-svn-id: file:///home/svn/framework3/trunk@10138 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-25 15:05:37 +00:00
HD Moore d7b2831557 Fix CSV parsing when the timestamp has a comma, extend the wait period during the audit to handle slow systems better. 
git-svn-id: file:///home/svn/framework3/trunk@10137 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-25 15:04:19 +00:00
HD Moore 68a5837b07 Regenerated binaries, error when CSV is missing 
git-svn-id: file:///home/svn/framework3/trunk@10136 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-25 14:33:09 +00:00
HD Moore db1adc0e76 Actually track this in SVN 
git-svn-id: file:///home/svn/framework3/trunk@10135 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-25 14:21:53 +00:00
HD Moore 7ea537c7ea Better, Faster, Stronger: DLLHijackAuditKit v2 
git-svn-id: file:///home/svn/framework3/trunk@10134 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-25 06:57:36 +00:00
Matt Weeks 4af82f2937 Add import capability and simplify reloading database. 
git-svn-id: file:///home/svn/framework3/trunk@10133 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-25 02:05:03 +00:00
HD Moore f2b30738b1 Add /accepteula to the batch script 
git-svn-id: file:///home/svn/framework3/trunk@10125 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-24 14:13:52 +00:00
Matt Weeks f94e174d97 Initial Database support, with improved basic view. 
git-svn-id: file:///home/svn/framework3/trunk@10124 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-24 00:22:49 +00:00
Joshua Drake 5201aa885a remove asm file now that the assembly is inlined in the class 
git-svn-id: file:///home/svn/framework3/trunk@10120 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-23 22:32:32 +00:00
HD Moore f02956a816 Fix typo in audit.rb 
git-svn-id: file:///home/svn/framework3/trunk@10115 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-23 19:28:20 +00:00
Joshua Drake 15c7a25d68 add omlet stub asm source 
git-svn-id: file:///home/svn/framework3/trunk@10110 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-23 17:43:53 +00:00
HD Moore cc3554601f Tools for testing DLL hijack flaws 
git-svn-id: file:///home/svn/framework3/trunk@10100 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-23 05:43:47 +00:00
James Lee b35cea94cd add source code for cve-2010-0840 
git-svn-id: file:///home/svn/framework3/trunk@10095 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-21 07:27:26 +00:00
Matt Weeks 57b48314a6 Add logging support to console sessions. 
git-svn-id: file:///home/svn/framework3/trunk@10084 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-20 19:07:15 +00:00
James Lee 232af015cb add source code for javapayload, thanks mihi. see #406 
git-svn-id: file:///home/svn/framework3/trunk@10075 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-20 07:09:51 +00:00
Matt Weeks 937606ab1f Ability to close consoles and discover old consoles. 
git-svn-id: file:///home/svn/framework3/trunk@10068 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-19 23:22:22 +00:00
Matt Weeks 6c38930db6 Do not poll for output on hidden windows. Improves performance with many windows open. 
git-svn-id: file:///home/svn/framework3/trunk@10066 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-19 23:02:31 +00:00
Stephen Fewer 73f7b20935 Add meterpreter server side support for cleaning up loaded extensions upon server termination by calling the loaded extensions DeinisServerExtension() functions. 
git-svn-id: file:///home/svn/framework3/trunk@10053 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-19 11:34:23 +00:00
Stephen Fewer fd0b96ee9d Add a list_shift() function to the common linked list code. 
git-svn-id: file:///home/svn/framework3/trunk@10052 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-19 11:25:11 +00:00
Matt Weeks f3648b15cc Add console support to gui. Includes tab completion. 
git-svn-id: file:///home/svn/framework3/trunk@10033 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-18 00:30:41 +00:00
Matt Weeks ffb4b611c6 Confirm rpc exit for menu close operations too. 
git-svn-id: file:///home/svn/framework3/trunk@9947 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-03 02:42:41 +00:00
Matt Weeks 7f87cb9e55 Fix for date error on job.info call. 
git-svn-id: file:///home/svn/framework3/trunk@9916 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-23 21:54:18 +00:00
Matt Weeks 9b0e9fca55 Support stopping rpcd on exit, based on user confirmation. Fixes #2287 
git-svn-id: file:///home/svn/framework3/trunk@9915 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-23 21:28:39 +00:00
James Lee 50914a1e68 add a makefile so i don't forget how to compile this stuff 
git-svn-id: file:///home/svn/framework3/trunk@9901 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-21 07:27:15 +00:00
Matt Weeks ed74422a62 Fix for Linux error on get system icon call. Fixes bug #2283 
git-svn-id: file:///home/svn/framework3/trunk@9894 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-20 23:57:02 +00:00
Matt Weeks e065891a65 Fix for width of version label. 
git-svn-id: file:///home/svn/framework3/trunk@9877 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-20 03:06:17 +00:00
Matt Weeks e7f748118b Display number of modules and show console window on double-click 
git-svn-id: file:///home/svn/framework3/trunk@9876 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-20 03:04:18 +00:00
James Lee 119f9328fc remove debug prints. =/ 
git-svn-id: file:///home/svn/framework3/trunk@9875 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-20 00:57:03 +00:00
James Lee 08d705c1db add java meterpreter and update java_calendar_deserialize to be able to use it, see #406 
git-svn-id: file:///home/svn/framework3/trunk@9874 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-20 00:53:24 +00:00
Matt Weeks 9029bdf722 Sort modules (exploits, auxiliary, payloads) alphabetically in menu. 
git-svn-id: file:///home/svn/framework3/trunk@9846 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-16 21:44:55 +00:00
Matt Weeks 85d07af548 Multiple-session script execution fixed. 
Build config updated for netbeans 6.9 and current tree.



git-svn-id: file:///home/svn/framework3/trunk@9830 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-14 19:27:23 +00:00
Stephen Fewer c78b87a356 Add support for the ring0 stager_sysenter_hook payload to run its ring3 payload in a new thread in order to preserve/resume the original hijacked ring3 thread. 
git-svn-id: file:///home/svn/framework3/trunk@9819 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-14 13:43:17 +00:00
Matt Weeks dcb3ab6441 Initial commit of Java Metasploit GUI source. Netbeans project files included. 
git-svn-id: file:///home/svn/framework3/trunk@9815 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-13 22:43:43 +00:00
HD Moore 30d3440b5d New bins, implements the server side of multi-call railgun 
git-svn-id: file:///home/svn/framework3/trunk@9806 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-13 19:19:21 +00:00
Stephen Fewer a47ced6ac4 Partial solution for #1448. Fall back to CreateProcessWithTokenW when CreateProcessAsUser fails with ERROR_PRIVILEGE_NOT_HELD. While only available on 2003 and above this works on my server 2008 test case which was failing before. 
git-svn-id: file:///home/svn/framework3/trunk@9781 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-11 18:36:57 +00:00
Stephen Fewer 7a57ca57a6 Bug fix for a misplaced & in call to DestroyEnvironmentBlock() during process_execute(), was causing a hang on Vista and an Access Violation on server 2008. 
git-svn-id: file:///home/svn/framework3/trunk@9779 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-11 16:37:50 +00:00
HD Moore d3a6418e53 Revert changes to elevate, still not getting around restrictions on primary token creation, needs a deeper look 
git-svn-id: file:///home/svn/framework3/trunk@9759 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-09 21:59:31 +00:00
HD Moore d5932fc2fd Switch the namedpipe code to convert the thread token to a primary token first 
git-svn-id: file:///home/svn/framework3/trunk@9756 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-09 21:40:44 +00:00
HD Moore ec9156827e Switch the elevator methods to DuplicateHandleEx to get a primary token 
git-svn-id: file:///home/svn/framework3/trunk@9755 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-09 21:23:05 +00:00
HD Moore 29f9f6671e This *should* fix all cases where execute -t would fail to use an impersonated token 
git-svn-id: file:///home/svn/framework3/trunk@9754 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-09 19:32:51 +00:00
HD Moore 972e7bc282 Clean up some of the token impersonation code around process execution 
git-svn-id: file:///home/svn/framework3/trunk@9751 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-09 18:54:20 +00:00
HD Moore ccfea56ed5 Minor tweak to build without the include path for common 
git-svn-id: file:///home/svn/framework3/trunk@9715 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-07 16:46:58 +00:00
HD Moore 5d9a6622de Merge railgun, tweak configurations 
git-svn-id: file:///home/svn/framework3/trunk@9709 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-07 16:29:03 +00:00
James Lee fb43495ada meterpreter now compiles on 64-bit linux in a 32-bit chroot. still need payload handlers and some stdapi love to make it useable 
git-svn-id: file:///home/svn/framework3/trunk@9468 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-10 06:10:15 +00:00
Joshua Drake 6d1e7bdaa5 big commit - lots of cmdstager changes 
created 4 cmd stagers (instead of just one): CmdStagerVBS, CmdStagerDebugAsm, CmdStagerDebugWrite, CmdStagerTFTP
created a TFTPServer mixin
created Msf::Exploit::EXE mixin to generate executables
updated all uses of CmdStager to use CmdStagerVBS for the time being
add exploit for cve-2001-0333 using CmdStagerTFTP
updated tftp server to wait for transfers to finish (up to 30 seconds) before shutting down
write debug.exe stager stub in 16-bit assembly (used in CmdStagerDebugAsm)


git-svn-id: file:///home/svn/framework3/trunk@9375 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-26 22:39:56 +00:00
Ramon de C Valle 380ed580fb Update unixasm external source. 
git-svn-id: file:///home/svn/framework3/trunk@9348 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-23 20:01:11 +00:00
HD Moore 36836423d9 Add a warning, cosmetic comment to asm 
git-svn-id: file:///home/svn/framework3/trunk@9037 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-07 20:51:05 +00:00
HD Moore c6ebd735df Updated comments 
git-svn-id: file:///home/svn/framework3/trunk@9003 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 15:08:17 +00:00
HD Moore 11c10518b3 Bug fixes for better windows OS compatibility 
git-svn-id: file:///home/svn/framework3/trunk@9002 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 14:57:51 +00:00
HD Moore cd2760f2c2 Bug fixes and size improvements for the reverse_https stager 
git-svn-id: file:///home/svn/framework3/trunk@9001 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 13:53:35 +00:00
HD Moore e968c3894e More size tweaks 
git-svn-id: file:///home/svn/framework3/trunk@8999 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 08:03:28 +00:00
HD Moore c8defe9716 Size tweaks to bring the ssl stager + encoder + target_id to exactly 400 bytes 
git-svn-id: file:///home/svn/framework3/trunk@8998 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 07:48:53 +00:00
HD Moore c6c956ab46 Small patch to enable a new stager 
git-svn-id: file:///home/svn/framework3/trunk@8984 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 05:21:15 +00:00
HD Moore 5d0fb434b7 Adds a reverse_tcp_dns stager 
git-svn-id: file:///home/svn/framework3/trunk@8983 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 03:38:57 +00:00
Stephen Fewer 9a4293c445 In with the modified VNC payload which now supports an in memory breakout of session isolation for systems like Vista/2008/7 when the payload is run from a service in session 0 isolation. 
git-svn-id: file:///home/svn/framework3/trunk@8890 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-24 00:00:05 +00:00
Stephen Fewer c09ca4eba5 Commit all the code for the new 'screenshot' command in the stdapi extension. Screenshot will now work on NT4 - 7 on both x86 and x64 and on newer versions of Windows we can break out of session isolation (e.g. session 0 isolation for services) to screenshot the active desktop (or logon screen) without the need to migrate meterpreter. The majority of the migration code-injection stuff has been refactored out into base_inject.c so it can be shared with the new ps_inject() functionality to inject dlls. The 'ps' command now reports what session each process belongs to (if this is too verbose we can remove it or add a -v verbose switch to the ps command). The 'execute' command can now take a -s switch in order to create a process in a users session under the users privs (assuming you have the privs to do this). 
git-svn-id: file:///home/svn/framework3/trunk@8787 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-11 17:09:55 +00:00
Stephen Fewer c55e9af9ae Commit the updated APC injection stubs. fixes a nasty issue in some edge cases whereby when using APC injection for a process in another session then the current host process the injected APC can cause an access violation in kernel32 during a call the kernel32!CreateThread caused by the APC's host thread not having an initialized Activation Context inside its TEB. We now test for this and create a dummy ActivationContext entry to appease the kernel. This will both improve DLL injection reliability as well as meterpreter migration reliability. 
git-svn-id: file:///home/svn/framework3/trunk@8786 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-11 17:00:19 +00:00
Stephen Fewer 08d1850bcc Commit the new VNC x86/x64 DLL source code... 
git-svn-id: file:///home/svn/framework3/trunk@8745 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-08 14:49:45 +00:00
Stephen Fewer d0f2b589b6 Delete the old VNC source code. 
git-svn-id: file:///home/svn/framework3/trunk@8744 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-08 14:39:20 +00:00
Stephen Fewer 195d1ab4b8 Commit snojobs jpeg patch for espia with an x64 build and some minor changes on the ruby side (The 'screenshot' command is now 'screengrab' to avoid a future conflict with changes happening in stdapi). 
git-svn-id: file:///home/svn/framework3/trunk@8726 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-05 15:50:24 +00:00
Stephen Fewer 4e73d95dac Commit the JPEG-8 lib code from snowjobs patch. Added an x64 build environment and the libs directory for x86/x64 projects to link against. 
git-svn-id: file:///home/svn/framework3/trunk@8725 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-05 15:44:36 +00:00
Stephen Fewer 5f35f33cd1 Forgot the updated build.py, also add in a link to a blog post I wrote for this shellcode. 
git-svn-id: file:///home/svn/framework3/trunk@8657 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-26 14:27:13 +00:00
Stephen Fewer 88cc851a41 Commit the stager_sysenter_hook win32 kernel shellcode source and mixin patch, resolves #405. 
git-svn-id: file:///home/svn/framework3/trunk@8655 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-26 13:41:16 +00:00
Tod Beardsley d5f4ea9692 Adding TightVNC's java viewer to external/source. vnc.html works, it just needs to have the path set correctly. 
git-svn-id: file:///home/svn/framework3/trunk@8648 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-25 23:18:42 +00:00
Tod Beardsley 948d9d95d9 Deleting the winvnc java stuff. 
git-svn-id: file:///home/svn/framework3/trunk@8647 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-25 23:10:00 +00:00
Stephen Fewer 4ed9e71b76 Commit the meterpreter C side (and bins) for transparent zlib (zlib.c copied from the posix meterpreter source) compression of TLV's and channels. To use transparent compression with channels, create them with CHANNEL_FLAG_COMPRESS. To use transparent compression with any TLV value, bitwise or the TLV type with TLV_META_TYPE_COMPRESSED (Don't create the TLV type with TLV_META_TYPE_COMPRESSED as the compressed flag is removed on the remote end after compression). For consistency with the ruby side we could at a later stage add a boolean compress parameter to all the packet_add_tlv_* functions so you don't have to manually specify TLV_META_TYPE_COMPRESSED flag. 
git-svn-id: file:///home/svn/framework3/trunk@8515 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-16 14:56:24 +00:00
Stephen Fewer e732ef6872 Commit the Meterpreter C side for the UDP socket pivoting. (+1 bug fix for the TCP client socket notify event function) 
git-svn-id: file:///home/svn/framework3/trunk@8430 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-09 16:43:33 +00:00
Stephen Fewer a80d1ad2ee Commit the new TCP server channel support on the meterpreter end as well as some fixes to TCP client channels. 
git-svn-id: file:///home/svn/framework3/trunk@8383 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-06 17:55:41 +00:00
HD Moore 42b331b47f Fix #790. Initialize the client state to be alive, tweak a few things on the meterpreter side 
git-svn-id: file:///home/svn/framework3/trunk@8327 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-29 18:52:44 +00:00
Stephen Fewer 7a32f9f2e2 fix ps so an x64 process's path is returned correctly when ps is run from a wow64 meterpeter. 
git-svn-id: file:///home/svn/framework3/trunk@8322 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-29 12:00:45 +00:00
Stephen Fewer 3824a2938c ...update the project files. I have added in an extra post build step for elevator.dll so it can work on NT4 (when used with rundll32.exe for getsystem technique #2). The post build step uses the editbin.exe to set the major OS/Subsystem version to 4 instead of 5 so NT4 will load it, (visual c++ 2008 cant build NT4 binaries, only 2000 and above). 
git-svn-id: file:///home/svn/framework3/trunk@8318 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-29 01:12:35 +00:00
Stephen Fewer 0e08aa0094 Add in KiTrap0D to the priv getsystem command. 
git-svn-id: file:///home/svn/framework3/trunk@8317 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-29 01:09:57 +00:00
HD Moore 284af1260a Disable debug tracing 
git-svn-id: file:///home/svn/framework3/trunk@8312 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 23:10:58 +00:00
HD Moore f3408fd327 Fixes #744. The core issue was the migrate code waiting on SetEvent, but the migrate stub was blocked on a WSASocket due to a pending packet_receive in the main server thread. Simply settin the thread termination signal did not work, as the SSL_read was already in progress. This change forcible terminates the main server thread before waiting on the event in order to bypass this deadlock. The downside is a failed migrate has no way to recover if it makes it this far. 
git-svn-id: file:///home/svn/framework3/trunk@8309 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 22:55:41 +00:00
natron 69ad365b46 Added STDERR to pure java payload, cleaned up user's view. 
git-svn-id: file:///home/svn/framework3/trunk@8308 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 22:53:36 +00:00
Stephen Fewer 5793ab128c modularize the source for each technique in elevator too. 
git-svn-id: file:///home/svn/framework3/trunk@8299 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 16:30:09 +00:00
Stephen Fewer 8eb036d704 modularize the source for each technique, making it cleaner to add in new techniques at a later stage. 
git-svn-id: file:///home/svn/framework3/trunk@8298 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 15:04:27 +00:00
Stephen Fewer 62c1a99c8e update the workspace files. 
git-svn-id: file:///home/svn/framework3/trunk@8295 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:46:51 +00:00
Stephen Fewer fad278566b Add in the elevator dll, used by getsystem for a number of things. 
git-svn-id: file:///home/svn/framework3/trunk@8294 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:45:31 +00:00
Stephen Fewer e58847009c Add in the new getsystem command to the priv extension. 
git-svn-id: file:///home/svn/framework3/trunk@8293 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:40:55 +00:00
Stephen Fewer f82b6c5952 Update RDI by adding in the LoadRemoteLibraryR function to use RDI to inject into arbitrary processes. Current limitation is it only works on x86->x86 and x64->x64 scenarios, due to the offsets used in parsing the PE file being determined at compile time (e.g. if we compile LoadRemoteLibraryR into an x86 binary it wont be able to load x64 images). Solution is to not rely on compiler for the offset but to do it manually which shouldn't be too much work. 
git-svn-id: file:///home/svn/framework3/trunk@8292 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:37:55 +00:00
Stephen Fewer 9f4332ce60 bug fix for the stdapi command rev2self. was not playing nice with new thread token stuff. 
git-svn-id: file:///home/svn/framework3/trunk@8291 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:33:24 +00:00
Stephen Fewer 095b6ee7ed move these macros from base_dispatch.c to common.h as they are useful to use elsewhere. 
git-svn-id: file:///home/svn/framework3/trunk@8290 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:32:16 +00:00
natron cd5e5880d2 Initial commit of Msf::Exploit::Java mixin and multi/browser/java_signed_applet exploit. 
git-svn-id: file:///home/svn/framework3/trunk@8267 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-27 19:46:39 +00:00
HD Moore cf26fcb9ad Fixes #784. Adds .NET server support 
git-svn-id: file:///home/svn/framework3/trunk@8256 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-27 07:02:07 +00:00
pusscat 227dd5ba12 Remove test trap ;) 
git-svn-id: file:///home/svn/framework3/trunk@8243 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-26 20:20:16 +00:00
Joshua Drake e765288c6c lol, fix funny $Id$ replacement 
git-svn-id: file:///home/svn/framework3/trunk@8241 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-26 20:10:56 +00:00
HD Moore 4b637c4912 Updated with new target system, signature for 2000 SP4, fixed SP4 usage, but the priv esclation is non-functional, use twunk16/debug depending on what is available. 
git-svn-id: file:///home/svn/framework3/trunk@8240 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-26 19:13:28 +00:00
HD Moore a898901ad3 Switch to twunk_16 for Windows 7 compatibility 
git-svn-id: file:///home/svn/framework3/trunk@8230 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-25 18:07:48 +00:00
HD Moore 9f37906ba9 Tweaks for reliability 
git-svn-id: file:///home/svn/framework3/trunk@8226 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-25 16:55:53 +00:00
Stephen Fewer 4e4a65b9a4 Complete overhaul of process migration. Migration across x86->x86, x64->x64, wow64->x64 and x64->wow64 all supported using a number of techniques. 
git-svn-id: file:///home/svn/framework3/trunk@8198 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-22 19:46:18 +00:00
Stephen Fewer cfcbfd5d3c bug fix x64 migrate shellcodes for wow64->x64 migration. 
git-svn-id: file:///home/svn/framework3/trunk@8197 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-22 19:37:10 +00:00
Stephen Fewer 538a647671 The stub for wow64->x64 migration. 
git-svn-id: file:///home/svn/framework3/trunk@8195 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-22 17:12:41 +00:00
Stephen Fewer 1e63f357cb For now just adding in the new APC migrate stubs and the wow64->x64 exec stub. (fix up the build scripts and use a dedicated migrate directory for this stuff). 
git-svn-id: file:///home/svn/framework3/trunk@8193 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-22 14:03:53 +00:00
HD Moore c419511386 Minor changes to make scripting easier and allow it to escalate a specific pid 
git-svn-id: file:///home/svn/framework3/trunk@8168 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-19 22:30:15 +00:00
HD Moore 752f8db83b Add KiTrap0d to the external/source/ as a reference 
git-svn-id: file:///home/svn/framework3/trunk@8167 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-19 22:22:19 +00:00
Stephen Fewer f3fd2eae80 Commit the new x64 migrate stub. Compatible with x64->x64 migration (and x86->x64 migration once the remote thread issue is resolved) 
git-svn-id: file:///home/svn/framework3/trunk@8163 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-19 18:39:56 +00:00
Stephen Fewer d032955959 Commit the new x86 migrate stub. Compatible with x86->x86 migration and x64->x86 migration, on NT4 and up (where applicable). 
git-svn-id: file:///home/svn/framework3/trunk@8160 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-19 12:55:24 +00:00
Stephen Fewer 159e240f3a updated stapi project file. 
git-svn-id: file:///home/svn/framework3/trunk@8158 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-19 11:07:21 +00:00
Stephen Fewer 757276d70f First cut for improved process listing. Now works well on NT4 and up. One issue with getting the path for x64 processes on an x86 meterpreter. 
git-svn-id: file:///home/svn/framework3/trunk@8156 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-19 10:40:02 +00:00
Stephen Fewer 0286a67f1e small bug fix to get getuid working on NT4 
git-svn-id: file:///home/svn/framework3/trunk@8155 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-19 10:36:12 +00:00
HD Moore 42b3a5774d Adds the process username to the ps output (when possible). 
git-svn-id: file:///home/svn/framework3/trunk@8056 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-02 03:41:21 +00:00
HD Moore 4d7aec7c2d Fixes #745. This commit changes how token manipulation works, adds the steal_token, drop_token, and getprivs commands. Tested on NT 4.0, 2000 SP4, XP SP3, 2003 SP2, Vista, and Windows 7 
git-svn-id: file:///home/svn/framework3/trunk@8055 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-02 00:35:10 +00:00
HD Moore 98f83bbab1 Adds reg queryclass 
git-svn-id: file:///home/svn/framework3/trunk@8046 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-31 15:52:30 +00:00
Joshua Drake 2283e029db crossing fingers, big cr removal batch 
git-svn-id: file:///home/svn/framework3/trunk@8038 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-30 22:24:22 +00:00
HD Moore d0969746a4 Mostly cosmetic changes from local tree 
git-svn-id: file:///home/svn/framework3/trunk@7970 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-26 03:31:20 +00:00
HD Moore 68aafc8e13 Fixes #658 by adding a 250ms sleep to the dispatch of the close call. 
git-svn-id: file:///home/svn/framework3/trunk@7934 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-21 19:53:10 +00:00
Joshua Drake b37c34579b add exploit module for cve-2009-3869 
NOTE: no policy change is required for this exploit to succeed.



git-svn-id: file:///home/svn/framework3/trunk@7899 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-17 04:52:40 +00:00
Joshua Drake 255724d640 compile java applet with 1.3, Fixes #685 
git-svn-id: file:///home/svn/framework3/trunk@7850 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-14 17:26:19 +00:00
Joshua Drake 34408c5e3e add exploit module for CVE-2009-3867 (JRE getSoundbank) 
git-svn-id: file:///home/svn/framework3/trunk@7827 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-11 21:18:31 +00:00
HD Moore 3e98ff9d9a Stop breaking tar on OS X, thanks 
git-svn-id: file:///home/svn/framework3/trunk@7815 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-10 22:25:29 +00:00
Stephen Fewer be588716c5 Bug fix for meterpreter on NT4 (Tested on NT4.0 SP6). Add a function thread_open() in thread.c to wrap the use kernel32!OpenThread and ntdll!NtOpenThread for backwards compatibility. 
git-svn-id: file:///home/svn/framework3/trunk@7806 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-10 18:12:51 +00:00
HD Moore 6da0fda5ed Updated meterpreter binaries with a slight change to the thread schedule (solves a looping problem when the socket is dead). 
git-svn-id: file:///home/svn/framework3/trunk@7793 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-10 05:42:47 +00:00
HD Moore ff19b649f3 See #662. This should fix most of the meterpreter-side issues with sockets, there is still a second piece of this which is unflushed data on the local forwards from the ruby code. 
git-svn-id: file:///home/svn/framework3/trunk@7761 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-08 22:08:06 +00:00
HD Moore 792724c3f3 Cleanups to the socket code, its still not perfect, but much more usable now 
git-svn-id: file:///home/svn/framework3/trunk@7750 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-08 14:52:07 +00:00
Stephen Fewer 4f8cfc27d4 Replace the use of Critical Sections for locking with Mutex's (thread.c). This appears to resolve a deadlock issue with OpenSSL on some Windows systems. This commit resolves a bug in interactive processes where an interactive waiter thread will chew cpu due to a tight loop introduced by anonymous pipes not blocking (process.c). Dynamic lock creation for OpenSSL has been re-enabled should a future version of OpenSSL require it, AFAIK the current version used, v0.8.9, does not use dynamic lock creation (server_setup.c). Channels have been given locks to help synchronize concurrent access to a single channel. 
git-svn-id: file:///home/svn/framework3/trunk@7732 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-07 13:04:41 +00:00
HD Moore dfa0d155fc See #607. Switch sniffer code to use mutexes 
git-svn-id: file:///home/svn/framework3/trunk@7728 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-07 05:19:46 +00:00
Stephen Fewer a273c9f07c Initial commit of the multi-threaded meterpreter. 
git-svn-id: file:///home/svn/framework3/trunk@7698 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-04 17:37:21 +00:00
Stephen Fewer 8c48a9a3f5 Commit the PassiveX DLL updated to build with Visual Studio C++ 2008. Removed some compiler warnings. Use VirtualProtect to make second stage RWX. Use WSASocketA() over socket() for second stage compatibility. Seems to now work with the shell stage (Tested on XPSP2/IE7) but still not working with meterpreter. 
git-svn-id: file:///home/svn/framework3/trunk@7461 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-11 00:39:38 +00:00
pusscat 9e85a3bf0f Update binaries and readme file 
git-svn-id: file:///home/svn/framework3/trunk@7433 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-09 20:16:05 +00:00
pusscat a8576a584f Initial import of David Weston's "smart file" loading that allows (among other things) importation of buffers annotated with 010's map files! 
git-svn-id: file:///home/svn/framework3/trunk@7431 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-09 19:56:33 +00:00
pusscat bcc8d5d8ca Update all binaries 
git-svn-id: file:///home/svn/framework3/trunk@7341 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-03 21:52:00 +00:00
pusscat c7030e7705 Add tenketsu heap logging 
git-svn-id: file:///home/svn/framework3/trunk@7340 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-03 21:49:24 +00:00
HD Moore 21e82d8b69 This patch implements a much more flexible executable creation scheme at the cost of exe size. This also adds the "-x" option to msfencode, allowing the user to specify their own executable template for generation. 
git-svn-id: file:///home/svn/framework3/trunk@7315 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-01 04:11:43 +00:00
HD Moore e5e89906d0 Switch the meterpreter to SSLv3 and try to generate a slightly more realistic CN for the certificate. The goal is to work through a wider range of inline proxies. 
git-svn-id: file:///home/svn/framework3/trunk@7311 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-31 20:44:23 +00:00
HD Moore 5234fe8ff8 Fixes 416. Adds the rm/del commands to meterpreter, fixes build problems triggered by the POSIX code merge 
git-svn-id: file:///home/svn/framework3/trunk@7291 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-27 02:31:07 +00:00
HD Moore 276a3f8052 Use _WIN32 instead of __WIN32__ to be consistent 
git-svn-id: file:///home/svn/framework3/trunk@7290 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-27 01:13:35 +00:00
HD Moore 7d7c565a37 Merge in the POSIX stdapi extension, still some work left to finish 
git-svn-id: file:///home/svn/framework3/trunk@7266 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-26 04:34:20 +00:00
HD Moore e07bce0101 Copyright updates reflecting the news 
git-svn-id: file:///home/svn/framework3/trunk@7222 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-21 12:58:56 +00:00
HD Moore 00b2915554 Fixes #342. Set ReverseConnectRetries to a value between 1 and 255 (default is 5). On failure it will ExitProcess (still better than a cpu spin) 
git-svn-id: file:///home/svn/framework3/trunk@7217 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-20 20:31:14 +00:00
HD Moore 62b06f5e16 Add Alexander Sotirov's metsvc to svn 
git-svn-id: file:///home/svn/framework3/trunk@7213 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-20 18:42:47 +00:00
HD Moore bf5068f6b1 Fixes #288 and #320. This should fix the BSoD issue with the sniffer module (other than the mac filter change, this matches the vendor's example) and confirmed that the keyscan_dump fix works 
git-svn-id: file:///home/svn/framework3/trunk@7066 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-26 16:26:05 +00:00
et a89914d448 Finally screenshot capture. BMP at this time 
git-svn-id: file:///home/svn/framework3/trunk@7063 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-26 04:05:09 +00:00
James Lee 6a7a023844 I will not commit when sleep deprived. I will not commit when sleep deprived. I will not commit... 
git-svn-id: file:///home/svn/framework3/trunk@7061 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-25 06:40:42 +00:00
James Lee bc2c38c332 shave an instruction from the new allports stager 
git-svn-id: file:///home/svn/framework3/trunk@7060 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-25 06:13:13 +00:00
HD Moore ee9a8f4f76 Adds support for the reverse_tcp_allports stager for Windows. This payload tries to connect back on all ports, one at a time, from LPORT to 65535. This is incredibly slow (depends on the default socket timeout) and requires the user to forward all TCP ports of LHOST to a single listening port in the handler. Inspired by a few user requests and this blog post: http://clinicallyawesome.com/post/196352889/blind-connect-back-through-restrictive-firewall 
git-svn-id: file:///home/svn/framework3/trunk@7058 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-25 05:44:50 +00:00
James Lee e30e850ba7 shave a few bytes off of the windows stagers 
git-svn-id: file:///home/svn/framework3/trunk@7035 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-14 08:45:01 +00:00
Stephen Fewer 1937839e79 Patch meterpreter's sysinfo command to resolve the system language and architecture. 
git-svn-id: file:///home/svn/framework3/trunk@7028 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-10 13:09:48 +00:00
Stephen Fewer 36d60d5d12 Commit the x64 build of the meterpreter incognito extension. 
git-svn-id: file:///home/svn/framework3/trunk@7009 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-07 09:25:25 +00:00
Stephen Fewer ff9efacffa Commit the x64 build of the meterpreter priv extension. 
git-svn-id: file:///home/svn/framework3/trunk@7008 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-07 09:17:29 +00:00
Stephen Fewer 402608ec6f Commit the openssl x64 static libraries required for compilation. These are freshly built using the latest stable release (openssl-0.9.8k). Instructions for re-building the libraries also included. 
git-svn-id: file:///home/svn/framework3/trunk@7001 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-04 01:58:17 +00:00
Stephen Fewer 5dee5819b1 Commit the source code for the cross compilable reflective dll injection module. Some minor modifications to the stdapi extension were also required. All the projects (.vcproj) now have an x64 debug/release target as well as an x86 counterpart. 
git-svn-id: file:///home/svn/framework3/trunk@7000 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-04 01:53:58 +00:00
Stephen Fewer 1cb3c42589 First commit! update vnc server with the new exitfunk hash values as well as modify ReflectiveLoader to retrieve kernel32 base address dynamically ala its meterpreter counterpart. 
git-svn-id: file:///home/svn/framework3/trunk@6989 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-31 10:28:26 +00:00
HD Moore 87ea275a17 Fixes #299 - corrects the win32 build environment and source to build properly again 
git-svn-id: file:///home/svn/framework3/trunk@6987 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-30 01:57:25 +00:00
pusscat 4361028a45 New binaries 
git-svn-id: file:///home/svn/framework3/trunk@6984 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-28 16:01:36 +00:00
HD Moore 97725a489c Round 3 of x64 support from Stephen Fewer - new payloads! 
git-svn-id: file:///home/svn/framework3/trunk@6980 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-27 19:29:54 +00:00
HD Moore cf10a62dcc Merge in the beginnings of x64 support from Stephen Fewer 
git-svn-id: file:///home/svn/framework3/trunk@6972 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-23 23:47:33 +00:00
pusscat 56881d35d2 Fix a pile of identBuf parsing issues that occur if you forget an argument for a specific buf type 
git-svn-id: file:///home/svn/framework3/trunk@6970 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-21 12:48:16 +00:00
pusscat 1bfd5a1cd6 Add new winxp bins 
git-svn-id: file:///home/svn/framework3/trunk@6969 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-20 13:13:11 +00:00
pusscat f3131404b9 Replace # wih REM for xp 
git-svn-id: file:///home/svn/framework3/trunk@6967 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-19 17:37:20 +00:00
HD Moore a811f28535 Patch from snfernandez to fix posix extension loading 
git-svn-id: file:///home/svn/framework3/trunk@6954 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-12 23:15:08 +00:00
pusscat d61860eda0 Add searchVtptr readme info 
git-svn-id: file:///home/svn/framework3/trunk@6953 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-12 21:51:42 +00:00
pusscat c3011bd07c Addition of searchVtptr 
git-svn-id: file:///home/svn/framework3/trunk@6952 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-12 21:31:45 +00:00
HD Moore 41121f5870 Major merge of Meterpreter POSIX codebase from JR, Win32 projects may need a few more fixes to work properly 
git-svn-id: file:///home/svn/framework3/trunk@6949 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-10 02:02:16 +00:00
HD Moore d5ffcc1907 fix the posix build (patch from JR) 
git-svn-id: file:///home/svn/framework3/trunk@6945 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-09 17:28:44 +00:00
HD Moore 79df0ab405 Merge in JR's ulibc code 
git-svn-id: file:///home/svn/framework3/trunk@6944 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-09 02:27:52 +00:00
HD Moore da32f1bdea Updated meterpreter code/binaries to scrub memory after use, works around Peter's memoryze signatures from BH/DC 2009 
git-svn-id: file:///home/svn/framework3/trunk@6942 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-08 14:22:32 +00:00
pusscat b9c2d57630 Update heap modeler coalesce functionality, as well as searchOpcode 
git-svn-id: file:///home/svn/framework3/trunk@6941 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-06 20:09:38 +00:00
HD Moore 9a1e07c4f3 First round of posix meterpreter commits from jr 
git-svn-id: file:///home/svn/framework3/trunk@6934 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-01 14:21:58 +00:00
HD Moore 26ca5ec646 Nuke the compiled bins 
git-svn-id: file:///home/svn/framework3/trunk@6926 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-01 03:21:22 +00:00
HD Moore c173bff563 Updated reflective stuff to match the new hashing function 
git-svn-id: file:///home/svn/framework3/trunk@6923 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-31 17:57:51 +00:00
HD Moore 49b7dcb30c Overhaul of the metasploit payloads from Stephen Fewer - smaller/cleaner/new hashing/support for WinNT 4.0 -> Win7 with size reductions for the stagers and minimal size increases for the singles 
git-svn-id: file:///home/svn/framework3/trunk@6922 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-31 17:50:10 +00:00
pusscat 4fd458a309 Update some identBuf documentation 
git-svn-id: file:///home/svn/framework3/trunk@6853 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-21 14:54:34 +00:00
James Lee 0044635e3b remove a temp commit leftover 
git-svn-id: file:///home/svn/framework3/trunk@6834 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-18 20:59:10 +00:00
HD Moore 5577fac39e Closes #297. Switches to the dnet headers for the sniffer packet decodes 
git-svn-id: file:///home/svn/framework3/trunk@6822 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-17 19:39:31 +00:00
HD Moore 2c4acca92a Fixes #296. Removes polarssl references 
git-svn-id: file:///home/svn/framework3/trunk@6811 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-16 16:00:29 +00:00
HD Moore 975093efca Updated VC++ project files to fix the directory paths/includes for OpenSSL 
git-svn-id: file:///home/svn/framework3/trunk@6774 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-13 03:14:20 +00:00
HD Moore 148ca687f5 Updated libraries and source code now using OpenSSL 
git-svn-id: file:///home/svn/framework3/trunk@6773 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-13 03:10:39 +00:00
HD Moore 6b0974f618 Goodbye PolarSSL (your license stinks). 
git-svn-id: file:///home/svn/framework3/trunk@6772 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-13 03:03:53 +00:00
HD Moore e8784d68fb Fixes up the sniffer to handle large packet captures better, fixes a regression in the sysinfo command. 
git-svn-id: file:///home/svn/framework3/trunk@6768 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-12 13:17:37 +00:00
HD Moore f76d73a823 Free packet memory when the capture is stopped 
git-svn-id: file:///home/svn/framework3/trunk@6765 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-11 18:19:42 +00:00
HD Moore 4989f9bdbe Fixes a bug where if the sniffer SDK could not initialize, it would still be treated as initialized the next time it was checked. 
git-svn-id: file:///home/svn/framework3/trunk@6764 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-11 17:52:40 +00:00
HD Moore 645ca020e9 Fixes a memory corruption issue with the SSL file descriptor (was using a stack reference instead of the Remote->fd reference), adds the source code sans the Packet SDK for the sniffer module 
git-svn-id: file:///home/svn/framework3/trunk@6763 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-11 17:32:50 +00:00
HD Moore 608ca7aae8 This patch removes some of the meterpreter compiler warnings and fixes migration over SSL 
git-svn-id: file:///home/svn/framework3/trunk@6761 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-09 22:44:33 +00:00
HD Moore 7b516e06fe Transfer the migration payload over SSL, still working on a crash bug after migration completes 
git-svn-id: file:///home/svn/framework3/trunk@6756 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-09 03:22:10 +00:00
HD Moore 48e1e5f351 Merge Stephen Fewer's patches to enable support for Windows 7 (fixes support for NT and 2000 as well) 
git-svn-id: file:///home/svn/framework3/trunk@6744 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-05 20:24:37 +00:00
HD Moore 0ad96dd656 Adds a top-level SEH handler around the initialization stub, prevents a fatal error from preventing EXITFUNC from being called. 
git-svn-id: file:///home/svn/framework3/trunk@6722 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-27 19:39:10 +00:00
HD Moore 43372de9f0 Fix a bug in the new SSL code that broke large transfers 
git-svn-id: file:///home/svn/framework3/trunk@6720 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-27 01:52:36 +00:00
HD Moore aaff989294 Add the PolarSSL lib file and output directory to make building easier 
git-svn-id: file:///home/svn/framework3/trunk@6719 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-26 23:22:07 +00:00
HD Moore a74d3a3f38 Switches meterpreter to SSL by default, using the PolarSSL library. To build this, just place polarssl.lib into an workspace/common/Release/ 
git-svn-id: file:///home/svn/framework3/trunk@6718 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-26 23:18:53 +00:00
HD Moore 1fba3f678b Adds Windows 7 support for the primary stagers: http://www.harmonysecurity.com/blog/2009/06/retrieving-kernel32s-base-address.html 
git-svn-id: file:///home/svn/framework3/trunk@6677 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-20 04:35:44 +00:00
HD Moore b8efb1bbf9 Add Stephen Fewer's shiny exploit for the Java deserialization flaw 
git-svn-id: file:///home/svn/framework3/trunk@6664 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-16 17:19:44 +00:00
James Lee 0a8235eb44 removing them 
git-svn-id: file:///home/svn/framework3/trunk@6570 4d416f70-5f16-0410-b530-b9f4589650da
 2009-05-20 17:51:45 +00:00
James Lee 1ab4a0457b preparing to remove unnecessary exes trigger AV 
git-svn-id: file:///home/svn/framework3/trunk@6569 4d416f70-5f16-0410-b530-b9f4589650da
 2009-05-20 17:50:49 +00:00
et 746a3c533a ext. sample dll. not ready for production enviroments 
git-svn-id: file:///home/svn/framework3/trunk@6506 4d416f70-5f16-0410-b530-b9f4589650da
 2009-04-29 03:38:42 +00:00
et 205a57da77 ext code and project adjustments 
git-svn-id: file:///home/svn/framework3/trunk@6500 4d416f70-5f16-0410-b530-b9f4589650da
 2009-04-27 04:34:28 +00:00
et 03d8541b3f espia early stages 
git-svn-id: file:///home/svn/framework3/trunk@6499 4d416f70-5f16-0410-b530-b9f4589650da
 2009-04-27 03:43:22 +00:00
HD Moore f059fbece7 Source code and VS project changes for cleaner build and new keyboard logging code 
git-svn-id: file:///home/svn/framework3/trunk@6374 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-23 05:26:11 +00:00
HD Moore 67ed4d2b68 Commit the patched reflective DLL injection tree for VNC from Stephen Fewer 
git-svn-id: file:///home/svn/framework3/trunk@6373 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-23 05:19:33 +00:00
HD Moore 678370d57f Swapping out the old code for the new reflective DLL based tree 
git-svn-id: file:///home/svn/framework3/trunk@6372 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-23 05:18:22 +00:00
HD Moore ac7aa759cd Swapping in the latest patched copy of Meterpreter. See #275 
git-svn-id: file:///home/svn/framework3/trunk@6357 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-22 18:56:28 +00:00