Brent Cook
6ce7055130
Land #6737 , Added reverse shell JCL payload for z/OS
2016-04-13 22:19:15 -05:00
Bigendian Smalls
6a4d7e3b58
Revshell cmd JCL payload for z/OS
...
Added a JCL-based reverse shell. Uses the same source code as the
shellcode version does. Source code is in
external/source/shellcode/mainframe/shell_reverse_tcp.s
2016-03-31 20:42:42 -05:00
Bigendian Smalls
a6518b5273
Add generic JCL cmd payload for z/OS (mainframe)
...
This payload does nothing but return successfully. It can be used to
test exploits and as a basis for other JCL cmd payloads.
2016-03-28 21:01:39 -05:00
James Lee
1375600780
Land #6644 , datastore validation on assignment
2016-03-17 11:16:12 -05:00
Christian Mehlmauer
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
Brent Cook
8faae94338
Land #6592 , make linux/x86/shell_reverse_tcp's shell path configurable and remove shell_reverse_tcp2
2016-03-06 15:33:53 -06:00
Brent Cook
c7c0e12bb3
remove various module hacks for the datastore defaults not preserving types
2016-03-05 23:11:39 -06:00
Brent Cook
d355b0e8b7
update payload sizes
2016-03-02 13:55:32 -06:00
joev
c8b28d90d1
Fix old comment.
2016-02-19 19:08:38 -06:00
joev
b3e8cd4f51
Save some bytes on the padded string.
2016-02-18 20:36:52 -06:00
joev
2b784a48b9
Include cached size.
2016-02-18 20:29:42 -06:00
joev
e67e477362
Make x86/shell_reverse_tcp's shell path configurable.
...
Also removes shell_reverse_tcp2 shell.
2016-02-18 20:24:35 -06:00
Brent Cook
ff1cb4a2a4
update payload sizes
2016-02-10 22:44:17 -06:00
wchen-r7
a3cafc3bae
Update PHP meterpreter size
2016-01-22 15:14:18 -06:00
Brent Cook
28cf943bcb
Fix a couple of missing requires in payloads.
...
This pops up occasionally. This fixes a couple of anecdotal reports of missing
requires that cause the loader to fail, depending on the directory sort order.
It also fixes the problem as reported in #6460
2016-01-14 13:17:26 -06:00
Brent Cook
6eda702b25
Land #6292 , add reverse_tcp command shell for Z/OS (MVS)
2015-12-23 14:11:37 -06:00
wchen-r7
14b1b3a1f0
Land #6299 , Stageless HTTP(S) Python Meterpreter
2015-12-04 16:16:54 -06:00
wchen-r7
644c1347cd
Update payload sizes
2015-12-04 16:14:37 -06:00
jvazquez-r7
bb3a3ae8eb
Land #6176 , @ganzm's fix for 64 bits windows loadlibrary payload
2015-12-01 13:18:41 -06:00
Spencer McIntyre
3b3b569d8e
Fix payload CacheSize for current pymet
2015-12-01 13:00:15 -05:00
jvazquez-r7
bfe81db9a5
Update cached size
2015-12-01 11:45:45 -06:00
jvazquez-r7
2348cb7374
Update loadlibrary for 64 bits
2015-12-01 11:41:37 -06:00
Spencer McIntyre
fba9715a56
Add stageless python meterpreter http & https payloads
2015-11-28 17:41:55 -05:00
Bigendian Smalls
d2bfc4d8e0
Added reverse shell payload for Mainframe
...
This is the first and probably most useful shellcode for mainframe
platform. Standard reverse shell works just like any other platform
reverse shell.
2015-11-26 17:07:03 -06:00
Spencer McIntyre
1b495e73ac
Further reduce python reverse_http duplicate code
2015-11-26 14:31:00 -05:00
Spencer McIntyre
bd25ffa48c
Consolidate py reverse http uri code into a mixin
2015-11-26 13:32:50 -05:00
Brent Cook
a7a89adfac
Land #6264 , meterpreter per-extension init string support, update payloads to 1.0.17
...
This brings in the following changes:
Changes to support maven 3.3+
Don't fall back to 0.0.0.0
Remove all debug builds from the Windows projects
Add show_mount, ps_list, and some core tweaks
Refactor TLV layout, add more debug output, token stealing
Add incognito binding, code tidies
Update packaged libs
Add transport list binding
Add transport add command to python binding
Update python core lib archive
change source perms back to non-executable
First pass of stageless initialisation script
Finalise stageless initialisation scripts
add BOOT_COMPLETED receiver that starts the Payload
Improve the implementation of the getuid command
Switch to Utils.runCommand per timwr's suggestion
Updated init script method
also bumps msgpack 0.7.1, which fixes a failure packing messages > 256k
2015-11-25 22:27:27 -06:00
Brent Cook
78e306e281
s/Initialision/Initialization/
2015-11-25 22:07:25 -06:00
Brent Cook
d984e5c781
update payload sizes
2015-11-25 22:04:52 -06:00
scriptjunkie
8703987535
Add HTTPS and new transport support for hop
2015-11-11 21:25:23 -06:00
OJ
0afc5be3bc
Finalise set up of stageless init
2015-11-10 20:01:23 +10:00
OJ
a28ab216d3
Adding stageless init script support
2015-11-10 19:18:47 +10:00
Matthias Ganz
6458c591e4
Update loadlibrary.rb
2015-11-02 17:16:46 +01:00
Matthias Ganz
a01d7c966a
Bugfix loading address of library path into rcx
...
Changed the following instruction:
67 48 8D 8D 00 01 00 00 lea rcx,[ebp+100h]
Into
90 nop
48 8D 8D 00 01 00 00 lea rcx,[rbp+100h]
The old code breaks if the payload is executed from a memory area where the 4 most significant bytes are non-zero.
The bugfix removes the Address-Size override prefix 0x67 of the lea instruction and replaces it with a nop 0x90 (to not mess up code alignment,relative addressing or jmps).
2015-11-02 12:54:44 +01:00
Brent Cook
ec1682ebd9
update payload size cache
2015-10-30 17:35:05 -05:00
Spencer McIntyre
b4a8f80493
Update the cached size for the current met file
2015-10-22 08:54:14 -04:00
Spencer McIntyre
23d9efb5a3
Add stageless Python Meterpreter for bind tcp
2015-10-21 18:37:37 -04:00
Spencer McIntyre
8bb694fa5c
Add stageless Python Meterpreter for reverse tcp
2015-10-21 18:23:04 -04:00
jvazquez-r7
c35e99664e
Land #6003 , @earthquake's x86-64 pushq signedness error fixed
2015-10-01 11:52:28 -05:00
jvazquez-r7
aa01383361
Fix comment
2015-10-01 11:51:45 -05:00
jvazquez-r7
195418b262
Update the sin_family on bind_tcp_small
2015-10-01 11:22:59 -05:00
jvazquez-r7
77ce7ef5f0
Save 3 more bytes on shell_bind_ipv6_tcp
2015-10-01 09:45:02 -05:00
jvazquez-r7
4efb3bf26c
Save 3 more bytes on shell_bind_tcp_small
2015-10-01 09:42:35 -05:00
jvazquez-r7
04879ed752
Save two bytes on shell_bind_ipv6_tcp
2015-10-01 09:33:22 -05:00
jvazquez-r7
88eecca4b1
Save two bytes on shell_bind_tcp_small
2015-10-01 09:29:39 -05:00
OJ
b608abffbc
Update payload cache sizes for x64 windows
2015-09-29 09:03:57 +10:00
Brent Cook
46ed129966
update to metasploit-payloads 1.0.14
2015-09-26 10:50:20 -04:00
Balazs Bucsay
a863409734
x86-64 pushq signedness error fixed. Signed port numbers (2bytes) were not working properly. Fix means +6bytes in shellcode length
2015-09-24 13:07:02 +02:00
Brent Cook
d2a17074b1
update payload sizes
2015-09-16 17:24:41 -05:00
Brent Cook
1440f31756
Land #5637 , resiliency improvements to TCP stagers
2015-09-02 22:50:12 -05:00
OJ
3fd9e0311c
Update payload sizes
2015-09-03 12:01:11 +10:00
Brent Cook
56a1cfd9c8
updated cached payload sizes
2015-09-01 18:02:16 -05:00
Brent Cook
a8dd89cc0d
update cached payload sizes
2015-08-27 11:43:38 -05:00
Brent Cook
593f501571
finish move of php / python meterpreters to metasploit-payloads
2015-08-27 11:34:22 -05:00
Brent Cook
ca8353e1aa
update to metasploit-payloads 1.0.9
2015-08-25 17:44:01 -05:00
Brent Cook
6b1e911041
Instantiate payload modules so parameter validation occurs
...
Calling .new on payload modules does not perform parameter validation, leading
to a number cached sizes based on invalid parameters. Most notably,
normalization does not occur either, which makes all OptBool params default to
true.
2015-08-14 11:35:39 -05:00
Brent Cook
347f48b0ec
Land #5762 , adjust PHP stager to work in and outside of eval()
2015-07-24 17:43:26 -05:00
Brent Cook
c30127cfe8
Land #5729 , add user-agent list, MeterpreterUserAgent derives from this
...
Later PRs will convert modules to use this. A random user agent might be nice
for meterpreter actually.
2015-07-24 17:39:30 -05:00
OJ
728e9b19ec
Update payload cached sizes
2015-07-23 15:15:13 +10:00
OJ
121fe1adda
Land #5654 : Python Meterpreter Transport
2015-07-22 10:39:06 +10:00
OJ
b6e25506d0
Add a common user agent list, use the shortest for Meterpreter
2015-07-15 13:03:47 +10:00
Brent Cook
a2bdd0bab9
Land #5541 , add more compat fixed-cmd 64-bit BSD payloads
...
Merge branch 'land-5541-bsd-shellcode' into upstream-master
2015-07-13 21:01:55 -05:00
Brent Cook
226137896e
updated cached payload sizes
2015-07-10 22:30:20 -05:00
Brent Cook
c86d16ffb6
update payload sizes
2015-07-07 23:15:57 -05:00
Brent Cook
23abc288c8
Resolved conflicts with master
2015-07-07 22:34:30 -05:00
Spencer McIntyre
e16cd08599
Update the payload CachedSize
2015-07-06 17:16:56 -04:00
Spencer McIntyre
2a89e248d7
Pymet fix send uuid logic for Python 3.x
2015-07-06 11:20:34 -04:00
Spencer McIntyre
29d45e3b18
Pymet patch in timeout info on generate_stage
2015-07-03 14:12:29 -04:00
Brent Cook
d6261a54b1
Land #5608 , part 2, update payload cache sizes
2015-07-01 00:31:40 -05:00
Brent Cook
6711091c70
update cached payload sizes
2015-07-01 00:31:09 -05:00
Brent Cook
e99d63687f
Land #5608 , android and java meterpreter transport and sleep support
...
This also includes stageless Windows meterpreter fixes for process migration.
2015-07-01 00:23:36 -05:00
OJ
a44c31052b
reverse_tcp x64 stager reliability fixes
...
Also includes a slight tweak to x86
2015-07-01 12:43:41 +10:00
Brent Cook
bb43f7e30f
use the correct transport for x64/meterpreter_reverse_https
2015-06-27 10:50:54 -05:00
OJ
007da4af41
Force :init_connect for stageless
2015-06-27 18:21:15 +10:00
OJ
a773979992
Java config wiring, tweak to include block counts
...
This commit adjusts the way that the config block is set for java and
android because behind the scenes the stageless connect-backs need to
know what to discard. as a result of connecting back to staged listeners
we need to be able to discard a number of bytes/blocks before we can
continue process (at least in the case of TCP).
2015-06-26 13:59:09 +10:00
OJ
0493ba83a0
Add transport configuration support
2015-06-24 21:26:47 +10:00
OJ
e796e56c6c
Modify the staging process
2015-06-24 13:22:33 +10:00
Brent Cook
8ade66027a
update cached payload sizes
2015-06-22 17:19:02 -05:00
root
a99b001bd7
payloads_spec.rb modified, payloads added
2015-06-16 05:33:30 -04:00
wchen-r7
5a6a16c4ec
Resolve #4326 , remove msfpayload & msfencode. Use msfvenom instead!
...
msfpayload and msfencode are no longer in metasploit. Please use
msfvenom instead.
Resolves #4326
2015-06-08 11:30:04 -05:00
HD Moore
1f11cd5470
Lands #5446 , support for 64-bit native powershell payloads
2015-06-07 14:16:19 -05:00
benpturner
dddbf3886b
Updated payload spec to be in the correct order and updated payload cached size
2015-06-02 18:33:06 +01:00
Tim
ac2a52b522
fix android/java reverse_tcp
2015-06-02 10:54:49 +01:00
Brent Cook
449ce32f07
update for new UUID namespace
2015-06-01 15:16:04 -05:00
benpturner
9d1a7cead4
New modules to support 64bit process powershell.
2015-06-01 16:11:23 +01:00
Brent Cook
64e86165ef
remove android meterpreter bins, update to payloads 1.0.2
...
This switches us to using the Android payload files from the
metasploit-payloads gem
2015-06-01 09:14:31 -05:00
Brent Cook
70ef1b83f9
Merge branch 'master' into land-5366-android
2015-06-01 09:07:55 -05:00
OJ
3dd3ef5edb
Merge branch 'upstrea/master' into winhttp-ie-proxy
2015-05-30 08:03:43 +10:00
Brent Cook
b8a8e65c2c
Merge branch 'master' into land-5394-uuid-tracker
2015-05-29 16:22:45 -05:00
OJ
307dcd09dd
Update payload cache sizes again
2015-05-25 20:12:20 +10:00
OJ
7f59a7482e
Update authors and stuff
2015-05-25 12:02:52 +10:00
OJ
e103b2365a
Update payload sizes and add new payloads to spec
2015-05-25 11:31:15 +10:00
OJ
9042f141ff
Implement the IPv6 UUID bind stagers
2015-05-25 11:21:28 +10:00
HD Moore
c17ee64d81
Merge branch 'master' into feature/uuid-registration
2015-05-22 00:29:16 -05:00
OJ
1c73c190fc
Add machine_id support to windows php meterp
2015-05-22 14:55:29 +10:00
Tim
7a9e875a25
use uuid aware generate_uri_uuid_mode
2015-05-22 05:21:08 +01:00
OJ
5963a5833a
Fix up php stageless payload includes
2015-05-20 16:50:00 +10:00
Tim
96a30118e2
add https cert validation
2015-05-20 07:27:59 +01:00
OJ
d0a5b803e8
Use generate_payload_uuid instead of manual obj creation
2015-05-20 16:25:52 +10:00
OJ
289873c25f
Merge all the stager changes
2015-05-20 16:02:37 +10:00