infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
36,165 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

1042 Commits (6c319469959f32ad4c542874de38e665db85622b)

Author SHA1 Message Date
Borja Merino 9791acd0bf Add stager ipknock shellcode (PR 2) 2014-12-27 22:03:45 +01:00
William Vu 93be828738
Fix invalid URL in splat 2014-12-22 11:26:20 -06:00
William Vu f1b9862665
Align shellcode in bind_hidden_tcp 2014-12-22 11:17:14 -06:00
root 9a7e431a4a New block_api applied 2014-12-22 17:21:13 +01:00
Peregrino Gris 42636fb3c0 Handler and block_hidden_bind_tcp deleted 2014-12-22 17:21:13 +01:00
root fa8e944e34 AHOST OptAddress moved to the payload 2014-12-22 17:21:11 +01:00
Peregrino Gris c0fa8c0e3f Add stager for hidden bind shell payload 2014-12-22 17:21:11 +01:00
sinn3r 2c0c732967 Fix #4414 & #4415 - exitfunc and proper null-terminated string 
This patch fixes the following for messagebox.rb

Issue 1 (#4415)
When exitfunc is none, the payload will not be able to generate
due to an "invalid opcode" error.

Issue 2: (#4414)
After "user32.dll" is pushed onto the stack for the LoadLibrary
call, the payload does not actually ensure bl is a null byte, it
just assumes it is and uses it to modify the stack to get a
null-terminated string.

Fix #4414
Fix #4415
 2014-12-19 03:19:06 -06:00
HD Moore e3943682a2
Improves linux/armle payloads, lands #3315 2014-12-13 18:27:14 -06:00
HD Moore 5a645c5eba Stagers updated from source 2014-12-13 12:50:47 -06:00
HD Moore 92490ab5e8 Singles updated from the source 2014-12-13 12:22:07 -06:00
Tod Beardsley 79f2708a6e
Slight fixes to grammar/desc/whitespace 
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
 2014-12-04 13:11:33 -06:00
HD Moore fc96d011ab
Python reverse_http stager, lands #4225 2014-12-02 11:47:31 -06:00
HD Moore 7fe72fd118 Cosmetic tweaks for #4225 2014-12-02 11:47:14 -06:00
HackSys Team 4a4608adbc Add format_all_drives shellcode for Windows x86_x64 2014-11-27 23:06:54 +05:30
HackSys Team 8473ed144a Add format_all_drives shellcode for Windows x86_x64 2014-11-27 14:13:49 +05:30
HackSys Team f5633ba3c3 Add format_all_drives shellcode for Windows x86_x64 2014-11-26 20:29:25 +05:30
Mark Schloesser 8e7e5590c9 rename SHELLARG to ARGV0 because that's really what it is 2014-11-19 22:14:24 +01:00
mschloesser-r7 ac4c11ca39 work on linux/armle/shell_bind/tcp 
same changes as to shell_reverse_tcp
 2014-11-19 21:53:23 +01:00
mschloesser-r7 fd7248b3c0 work on linux/armle/shell_reverse_tcp 
shorten the execve code, remove exit, grow argv[0] space
 2014-11-19 21:53:23 +01:00
Spencer McIntyre d5ebd8a2dc Shorten the reverse_http stager by renaming a var 2014-11-17 19:04:26 -05:00
Spencer McIntyre 0bf93acf6b Pymeterp http proxy and user agent support 2014-11-16 14:29:20 -05:00
Spencer McIntyre 7c14e818f6 Patch pymeterp http settings 2014-11-14 17:12:23 -05:00
Spencer McIntyre 681ae8ce6b Pymet reverse_http stager basic implementation 2014-11-14 14:15:46 -05:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
Brendan Coles e0016d4af3 Remove hash rocket from refs array #3766 
[SeeRM #8776]
 2014-10-08 09:16:38 +00:00
Brendan Coles 3c7be9c4c5 Remove hash rockets from references #3766 
[SeeRM #8776]
 2014-10-08 09:01:19 +00:00
sinn3r 9e5826c4eb
Land #3844 - Add the JSObfu mixin to Firefox exploits 2014-09-29 11:15:14 -05:00
Joe Vennix b96a7ed1d0
Install a global object in firefox payloads, bump jsobfu. 2014-09-24 16:05:00 -05:00
jvazquez-r7 0247e4a521 Change RequiredCmd for reverse_bash_telnet_ssl cmd payload 2014-09-24 00:40:14 -05:00
jvazquez-r7 e1b6ee283f Allow Msf::Payload::JSP to guess system shell path if it isnt provided 2014-08-30 16:27:02 -05:00
joev af3ca19ab2
Land #3501, @AnwarMohamed's android meterpreter commands. 2014-08-09 16:29:59 -05:00
Tod Beardsley c31fc61617
Land #3270, @jlee-r7 deprecation ipv6 payloads 
These are not needed, since you can just config the regular handler now
and pick either.

This resolves the conflict (rm'ed the old modules)

Conflicts:
	modules/payloads/stagers/windows/reverse_ipv6_http.rb
	modules/payloads/stagers/windows/reverse_ipv6_https.rb
 2014-08-01 16:27:59 -05:00
AnwarMohamed c2be3d6875 fixing autoload bug 2014-07-29 17:51:56 +02:00
AnwarMohamed 6bbb2124a7 bug fixing 2014-07-29 15:49:14 +02:00
AnwarMohamed 283046b25d fixing auto load on new session 2014-07-28 10:49:50 +02:00
William Vu 25f74b79b8
Land #3484, bad pack/unpack specifier fix 2014-07-16 14:52:23 -05:00
James Lee de22aeba41
Land #3481, meterpreter bins 2014-07-14 15:57:52 -05:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
Tod Beardsley bcec2df0a4
Fix Meterpreter PHP hop description 2014-07-10 11:35:48 -05:00
Tod Beardsley 038d1e210a
Merge upstream/master to deconflict. 
Conflicts:
	Gemfile.lock
 2014-07-09 17:43:42 -05:00
AnwarMohamed e908bb6819 formating 2014-07-08 11:02:41 +02:00
AnwarMohamed 34dcb609e2 android extension 2014-07-08 04:52:06 +02:00
Tod Beardsley 9fef2ca0f3
Description/whitespace changes (minor) 
Four modules updated for the weekly release with minor cosmetic fixes.

- [ ] See all affected modules still load.
- [ ] See all affected modules have expected `info`
 2014-07-07 12:39:05 -05:00
HD Moore 6f433db609
Minor typo fix 2014-07-06 23:44:17 -05:00
HD Moore 3ef35f19dc Prefer strip over chomp 2014-07-06 23:17:09 -05:00
HD Moore d76081bcef Prefer strip over chomp 2014-07-06 23:16:56 -05:00
HD Moore ab7848a895
Merge master for testing of #2809 2014-07-06 22:27:58 -05:00
HD Moore c9b6c05eab Fix improper use of host-endian or signed pack/unpack 
Note that there are some cases of host-endian left, these
are intentional because they operate on host-local memory
or services.

When in doubt, please use:

```
ri pack
```
 2014-06-30 02:50:10 -05:00
Tod Beardsley 8b63d3d467 Revert the revert of #3446 
This reverts commit 9b35b0e13a.

This should not land on master until the Metasploit Pro folks (@trosen-r7
and friends) get their Meterpreter path specifications working the
same way as Framework's does.
 2014-06-29 17:22:21 -05:00
Chris Doughty 9b35b0e13a Revert "Land #3446 -- Meterpreter bins gem switch" due to build failures 
This reverts commit bba8bd3498, reversing
changes made to 002234993f.
 2014-06-25 13:24:07 -05:00
Tod Beardsley 5d6b582adc
Update modules to use new path. 2014-06-19 18:44:19 -05:00
Christian Mehlmauer 8e1949f3c8
Added newline at EOF 2014-06-17 21:03:18 +02:00
Tod Beardsley 2aa26fa290
Minor spacing and word choice fixups 2014-06-16 11:40:21 -05:00
sinn3r 2a7227f443
Land #3427 - Adds webcam module for firefox privileged sessions on OSX 2014-06-11 22:27:25 -05:00
jvazquez-r7 2c8a99143b
Land #3426, @Meatballs1's Python v2.3.3 Compatible Command Shell payloads 2014-06-10 09:55:58 -05:00
Meatballs dc69afebb1
License and Require 2014-06-09 21:41:38 +01:00
Meatballs 25ed68af6e
Land #3017, Windows x86 Shell Hidden Bind 
A bind shellcode that responds as 'closed' unless the client matches the
AHOST ip.
 2014-06-08 13:49:49 +01:00
Meatballs 2be6b8befe
Remove bind hidden handler 2014-06-07 14:34:20 +01:00
joev 496be5c336 Ensure command_shell_options is present. 2014-06-06 16:26:45 -05:00
joev d990fb4999
Remove a number of stray edits and bs. 2014-06-06 16:24:45 -05:00
Meatballs c032b8ce8e
Compat 2014-06-04 02:27:06 +01:00
William Vu 6c7fd3642a
Land #3411, Python 3.[34] Meterpreter support 2014-06-03 11:34:22 -05:00
Spencer McIntyre 0e4177fb75 Pymeterpreter shorten stagers by 3 bytes 2014-06-03 12:03:20 -04:00
Spencer McIntyre 95376bf6d3 Pymeterpreter update stager and stage descriptions 2014-06-03 10:17:27 -04:00
Tod Beardsley d0d389598a
Land #3086, Android Java Meterpreter updates 
w00t.
 2014-06-02 17:28:38 -05:00
Spencer McIntyre 76c3aaf743 Pymeterpreter get type encoder from dict instead 2014-06-02 17:32:08 -04:00
Spencer McIntyre aeca455a10 Pymeterpreter update pystagers for version 3.1/3.2 2014-06-02 17:18:13 -04:00
Spencer McIntyre 77eac38b01 Pymeterpreter fix processes_via_proc for Python v3 2014-05-30 16:32:03 -04:00
Spencer McIntyre 145776db4d Add a DEBUGGING option to the python meterpreter 2014-05-29 10:52:49 -04:00
Spencer McIntyre 15b1c79039 Adjust whitespace and set bytes to str for Python 2 2014-05-28 16:30:27 -04:00
Spencer McIntyre c559483176
Land #3392, @TomSellers patch to use python constants 2014-05-25 16:18:42 -04:00
Tom Sellers 77f66f8510 Update reverse_tcp.rb 2014-05-25 14:04:54 -05:00
Tom Sellers b5c567c462 Update bind_tcp.rb 2014-05-25 14:03:45 -05:00
joev 14b796acbf First stab at refactoring webrtc mixin. 2014-05-21 15:32:29 -05:00
William Vu 1ada4831e0
Land #3293, module deprecation constants 2014-05-14 01:37:29 -05:00
Tim Wright ae0691c586
make string replacement more robust 2014-05-10 17:00:25 +01:00
Michael Messner 111160147f MIPS exec payload fixes for encoder 2014-04-30 20:37:54 +02:00
Spencer McIntyre ec1f7d644c Support deprecation information from constants 2014-04-23 23:03:02 -04:00
James Lee af899254a3
Missed file 2014-04-16 19:14:17 -05:00
James Lee 549e306572
Remove superfluous v6 http{,s} payload and handler 2014-04-16 18:32:35 -05:00
joev b4f5784ba2
Land #3147, @m-1-k-3's mipsbe exec payload. 2014-04-08 22:32:21 -05:00
Tod Beardsley ffdca3bf42
Fixup on some modules for release 
There may be more coming, but if not, this should cover
this week's minor style changes.
 2014-03-31 12:42:19 -05:00
Michael Messner 657b096be3 make msftidy happy 2014-03-27 19:24:25 +01:00
Michael Messner ad94653fc0 feedback included 2014-03-27 16:12:34 +01:00
Michael Messner 3fc114e265 exec payload - new try 2014-03-26 19:48:14 +01:00
Joe Vennix 33651d0753
Fix formatting of hash options. 2014-03-25 14:43:53 -05:00
Joe Vennix c8784168d5 Fix references and whitespace in mips payloads. 2014-03-25 14:39:27 -05:00
joev 1ac3944627
Merge branch 'landing-pr-3095' into upstream-master 2014-03-25 10:56:42 -05:00
joev 1680f9cc5d
Land PR #3127, @m-1-k-3's mipsbe reboot payload, into master 2014-03-25 10:44:37 -05:00
Michael Messner 50efd0b5d0 change name and filename and file included 2014-03-25 09:13:04 +01:00
Michael Messner a9952fa294 change name and filename 2014-03-25 09:11:16 +01:00
Michael Messner fca4425f95 feedback 2014-03-25 09:09:13 +01:00
Michael Messner 4f1404eecc reboot payload for mipsbe 2014-03-20 12:37:58 +01:00
Daniel Miller 0b6a890137 Fix missing require in reverse_powershell 
When initializing the db:

/opt/metasploit-framework/modules/payloads/singles/cmd/windows/reverse_powershell.rb:34:in `initialize': uninitialized constant Msf::Handler::ReverseTcp (NameError)
    from /opt/metasploit-framework/lib/msf/core/payload_set.rb:198:in `new'
    from /opt/metasploit-framework/lib/msf/core/payload_set.rb:198:in `add_module'
    from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:72:in `on_module_load'
    from /opt/metasploit-framework/lib/msf/core/modules/loader/base.rb:207:in `load_module'
    from /opt/metasploit-framework/lib/msf/core/modules/loader/base.rb:271:in `block in load_modules'
    from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:58:in `block (2 levels) in each_module_reference_name'
    from /opt/metasploit-framework/lib/rex/file.rb:127:in `block in find'
    from /opt/metasploit-framework/lib/rex/file.rb:126:in `catch'
    from /opt/metasploit-framework/lib/rex/file.rb:126:in `find'
    from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:45:in `block in each_module_reference_name'
    from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:29:in `foreach'
    from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:29:in `each_module_reference_name'
    from /opt/metasploit-framework/lib/msf/core/modules/loader/base.rb:264:in `load_modules'
    from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:118:in `block in load_modules'
    from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:116:in `each'
    from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:116:in `load_modules'
    from /opt/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:56:in `block in add_module_path'
    from /opt/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:55:in `each'
    from /opt/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:55:in `add_module_path'
    from /opt/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:14:in `init_module_paths'
    from /opt/metasploit-framework/lib/msf/ui/console/driver.rb:228:in `initialize'
    from /opt/metasploit-framework/msfconsole:148:in `new'
    from /opt/metasploit-framework/msfconsole:148:in `<main>'
 2014-03-14 19:28:00 +00:00
Michael Messner 8db5d854c2 typo, null terminator 2014-03-13 18:38:27 +01:00
Michael Messner f39e784d19 mipsle execve payload 2014-03-12 21:08:40 +01:00
Joe Vennix 15b1a5931c Remove extra resources from android reverse_http(s). 2014-03-11 11:56:05 -05:00
Tim 4f31eba7f4 android payload golf 2014-03-10 21:50:00 -05:00
AnwarMohamed ad8b0ef3d1 using http(s)://LHOST:LPORT 2014-03-10 21:50:00 -05:00
AnwarMohamed b45524ecdd generate cert @ payload/dalvik.rb 2014-03-10 21:50:00 -05:00
AnwarMohamed 99cc94e6fc moving string_sub() to payload/dalvik.rb 2014-03-10 21:49:59 -05:00
AnwarMohamed dc8992924f android reverse_http/s 2014-03-10 21:49:59 -05:00
joev 46c11ea2eb Small fixes to m-1-k-3's mipsle reboot shellcode. 2014-03-10 17:17:23 -05:00
joev 7da54eb9cf
Merge branch 'landing-3041' into upstream-master 
Lands PR #3041, @m-1-k-3's reboot shellcode.
 2014-03-10 17:11:06 -05:00
root 3c95c021d0 Reference added 2014-03-10 12:17:20 +01:00
root 1fda6b86a1 Changed cmp eax by inc eax. Saved one byte 2014-03-10 12:13:10 +01:00
somename11111 689523a26f Clean Code based on jlee-r7's comments 
- Put allocations in loop

- Decomment exitfunc

- Aligned comments

- Some more code cleaning
 2014-03-06 02:44:24 +01:00
somename11111 83929facc4 Fix bug on Windows XP 
Correct the addresses of functions in pstorec.dll.

Successfully tested on Server 2003 and XP.
 2014-03-06 02:35:44 +01:00
somename11111 b6b46abe9f Add new stager stager_reverse_http_proxy_pstore 
This stager looks for proxy credentials in windows protected storage. If it finds proxy credentials, it will use them to connect back. If it does not find credentials, it will do the same as stager_reverse_http.

Works on:

- Windows Server 2003

- Windows XP

- Internet Explorer versions 4 to 6
 2014-03-06 02:35:12 +01:00
sinn3r caaa419ef8
Land #3054 - Fix crash in osx/x64/exec on 10.9 Mavericks 2014-03-04 15:24:02 -06:00
OJ f0868c35bf
Land #3050 - Fix tained perl payloads 2014-03-04 10:05:47 +10:00
Joe Vennix 6a02a2e3b3 NULL out envp pointer before execve call. 
This was causing a crash on 10.9.
 2014-03-03 08:56:52 -06:00
Sagi Shahar 8c4b663643 Fix payloads to bypass Perl's Taint mode. 2014-03-02 18:39:05 +02:00
jvazquez-r7 6c490af75e Add randomization to Rex::Zip::Jar and java_signed_applet 2014-02-27 12:38:52 -06:00
Michael Messner d6b28e3b74 mipsel reboot payload 2014-02-26 20:34:35 +01:00
root b4a22aa25d hidden bind shell payload 2014-02-20 16:19:40 +01:00
jvazquez-r7 e75a0ea948 Fix typo 2014-02-19 15:21:02 -06:00
jvazquez-r7 aa07065f67
Land #2959, reverse powershell payload by @Meatballs1 2014-02-19 15:14:54 -06:00
jvazquez-r7 9fad43da08 Add license information 2014-02-19 15:11:12 -06:00
scriptjunkie c0983138a0 Fix wrapping errors on long domains. 2014-02-15 15:21:16 -06:00
scriptjunkie b0d2949f9a Ensure no race conditions on handlers 
Configurable WfsDelay
 2014-02-15 15:21:16 -06:00
scriptjunkie 62f42c57a9 Add instructions for uploading hop.php 2014-02-15 15:21:16 -06:00
scriptjunkie 5f7a0e162c Add reverse_hop_http stager and handler 2014-02-15 15:21:16 -06:00
jvazquez-r7 1f0020a61c
Land #2946, @jlee-r7's optimization of the x86 block_api code 2014-02-11 15:00:00 -06:00
Meatballs 9f04e0081d
Stick with command let encoder handle encoding 2014-02-08 19:28:03 +00:00
Meatballs 93b07b0e48
Add missing RequiredCmds 2014-02-08 12:24:49 +00:00
Meatballs 80814adaf9
Credit where credits due 2014-02-08 01:42:45 +00:00
Meatballs efe4d6b41a
Tidyup 2014-02-08 01:03:02 +00:00
Meatballs 2d1a0c3a01
Windows CMD love too 2014-02-08 01:00:31 +00:00
James Lee 14aa8ffd5c
Apply blockapi changes to bind_tcp and bind_tcp_rc4 2014-02-04 17:45:18 -06:00
sinn3r bda93c2bbc
Land #2811 - Add generate_war to jsp_shell payloads 2014-02-04 15:06:45 -06:00
James Lee 20b8062220
Apply blockapi changes to reverse_tcp_rc4 2014-02-04 12:30:56 -06:00
James Lee c70680cf1c
Fix infinite-retry bug 
Derp, block_api clobbers ecx
 2014-02-04 11:59:16 -06:00
James Lee 9c3664bd45
Unify reverse_http and reverse_https 
This will make copy-pasta less painful in the future.  There's still the
problem of reverse_https_proxy being very similar, but the logic in how
it gets generated in the module is more than i want to tackle right now
 2014-02-04 09:09:12 -06:00
James Lee f163bc7f7a
Unbreak reverse_https_proxy 
Broken by #2448, 063da8a22e
 2014-02-03 15:07:59 -06:00
James Lee be0b9fc2f8 Use the new block_api in windows/reverse_tcp 2014-02-03 11:34:52 -06:00
James Lee bfc0ac4dd4 Golf a few bytes off of reverse_http(s) 2014-02-03 11:33:55 -06:00
joev 1197426b40
Land PR #2881, @jvazquez-r7's mips stagers. 2014-01-15 12:46:41 -06:00
joev 0833da465a
Lands #2832, @jvazquez-r7's fixes to mipsel shellcode. 2014-01-15 12:03:17 -06:00
jvazquez-r7 a056d937e7 Fluch data cache and improve documentation 2014-01-14 14:06:01 -06:00
jvazquez-r7 a8806887e9 Add support for MIPS reverse shell staged payloads 2014-01-14 12:25:11 -06:00
sinn3r ad832adfc1
Land #2846 - Update mipsle shell_bind_tcp shellcode 2014-01-13 17:37:08 -06:00
William Vu 61b30e8b60
Land #2869, pre-release title/desc fixes 2014-01-13 14:29:27 -06:00
Tod Beardsley e6e6d7aae4
Land #2868, fix Firefox mixin requires 2014-01-13 14:23:51 -06:00
Tod Beardsley 671027a126
Pre-release title/desc fixes 2014-01-13 13:57:34 -06:00
Joe Vennix 3db143c452 Remove explicit requires for FF payload. 
Adds ff payload require to msf/core/payload.rb
 2014-01-13 13:07:55 -06:00
jvazquez-r7 95a5d12345 Merge #2835, #2836, #2837, #2838, #2839, #2840, #2841, #2842 into one branch 2014-01-13 10:57:09 -06:00
sinn3r 140d1fbf90
Land #2847 - Add MIPS big endian single shell_bind_tcp payload 2014-01-10 15:06:35 -06:00
sinn3r 202e19674c
Land #2856 - Fix ARMLE stagers 2014-01-10 15:05:03 -06:00
sinn3r 96ba41a4b0
Land #2844 - Fix the mipsbe shell_reverse_tcp payload 2014-01-10 15:00:39 -06:00
jvazquez-r7 4e8092aceb Fix armle stagers 2014-01-09 17:34:59 -06:00
jvazquez-r7 a0879b39e0 Add mips be shell_bind_tcp payload 2014-01-08 14:48:54 -06:00
jvazquez-r7 1727b7fb37 Allow the Msf::Payload::Linux's generate to make its work 2014-01-08 12:41:10 -06:00
jvazquez-r7 83e5169734 Don't use temporal register between syscals and save some bytes on the execve 2014-01-08 11:45:27 -06:00
jvazquez-r7 5f7582b72d Don't use a temporary registerfor the dup2 loop counter 2014-01-07 18:02:55 -06:00
jvazquez-r7 c2dce19768 Don't use a temporary registerfor the dup2 loop counter 2014-01-07 17:39:27 -06:00
jvazquez-r7 a85492a2d7 Fix my own busted dup2 sequence 2014-01-07 16:27:01 -06:00
Joe Vennix fb1a038024 Update async API to actually be async in all cases. 
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
 2014-01-07 16:17:34 -06:00
jvazquez-r7 3230b193e1 Make better comment 2014-01-07 15:32:46 -06:00
jvazquez-r7 80dcda6f76 Fix bind call 2014-01-07 15:31:42 -06:00
Niel Nielsen d567737657 Update reverse_tcp_rc4_dns.rb 
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
 2014-01-07 22:12:38 +01:00
Niel Nielsen 385ae7ec38 Update reverse_tcp_rc4.rb 
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
 2014-01-07 22:11:16 +01:00
Niel Nielsen 693d95526b Update bind_tcp_rc4.rb 
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
 2014-01-07 22:09:53 +01:00
jvazquez-r7 b5524654d5 Delete comment 2014-01-07 14:50:26 -06:00
jvazquez-r7 45c86d149f Modify authors field 2014-01-07 14:50:12 -06:00
jvazquez-r7 d6639294aa Save some instructions with dup2 2014-01-07 14:41:33 -06:00
jvazquez-r7 9cf221cdd6 Delete delay slots after syscall 2014-01-07 13:18:20 -06:00
jvazquez-r7 70d4082c0c Add formatting blank lines and delete comment 2014-01-07 09:55:36 -06:00
jvazquez-r7 3edd2a50e2 Shorter mipsle shell_reverse_tcp 2014-01-07 09:45:28 -06:00
Joe Vennix 3b29c370bd Fix bug in the firefox/exec payload. 2014-01-05 11:24:41 -06:00
Joe Vennix 4329e5a21e Update firefox payloads to use async runCmd. 2014-01-04 08:49:43 -06:00
Joe Vennix fdca396bc8 Update exec to be diskless. 2014-01-04 08:48:58 -06:00
Joe Vennix a5ebdce262 Add exec payload. Cleans up a lot of code. 
Adds some yardocs and whatnot.
 2014-01-03 18:23:48 -06:00
jvazquez-r7 f5f18965b9 Move the require to the payloads as ruby and nodejs payloads do 2014-01-02 16:05:03 -06:00
Joe Vennix 06fb2139b0 Digging around to get shell_command_token to work. 2014-01-02 14:05:06 -06:00
Joe Vennix 12fece3aa6 Kill unnecessary comment. 2014-01-02 10:48:28 -06:00
Joe Vennix 1f9ac12dda DRYs up firefox payloads. 2014-01-02 10:48:28 -06:00
Joe Vennix 821aa47d7e Add firefox paylods. 
* Adds support for windows or posix shell escaping.
 2014-01-02 10:48:28 -06:00
jvazquez-r7 0725b9c69c Refactor JSP payloads 2013-12-31 08:27:37 -06:00
jvazquez-r7 aa38a23921 Add generate_war to jsp_shell payloads 2013-12-30 13:53:58 -06:00
OJ 0db062a1ce
Merge branch 'meatballs-vncdll-submodule' 2013-12-20 18:29:27 +10:00
OJ 34cdec5155
Update project VS 2013, clean CLI build 
* Project system updated to VS 2013.
* Clean builds, had to remove a bunch of warnings.
* `make.bat` for building from the command line.
* Removed RDI stuff that shouldn't be there any more.
* Renamed the x86 DLL to include the platform name.
 2013-12-20 09:49:15 +10:00
William Vu 252909a609
Land #2448, @OJ's ReverseListenerBindPort :) 2013-12-17 11:24:09 -06:00
sinn3r f1c5ab95bf
Land #2690 - typo 2013-11-25 23:53:34 -06:00
William Vu 70139d05ea Fix missed title 2013-11-25 22:46:35 -06:00
William Vu e8eb983ae1 Resplat shell_bind_tcp_random_port 2013-11-20 14:48:53 -06:00
William Vu 2c485c509e Fix caps on module titles (first pass) 2013-11-15 00:03:42 -06:00
Geyslan G. Bem 28c5dd63fd references fix 2013-11-11 17:14:50 -03:00
Geyslan G. Bem 8f6917a117 references fix 2013-11-11 17:12:45 -03:00
Geyslan G. Bem e3641158d9 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-11-11 14:29:19 -03:00
Geyslan G. Bem 030fbba539 Merge branch 'master' of https://github.com/geyslan/metasploit-framework 2013-11-11 14:22:00 -03:00
Tod Beardsley 81a7b1a9bf
Fixes for #2350, random bind shellcode 
* Moved shortlink to a reference.
  * Reformat e-mail address.
  * Fixed whitespace
  * Use multiline quote per most other module descriptions

Still need to resplat the modules, but it's no big thang to do that
after landing. Also, References do not seem to appear for post modules
in the normal msfconsole. This is a bug in the UI, not for these modules
-- many payloads would benefit from being explicit on their references,
so may as well start with these.
 2013-11-11 10:33:15 -06:00
OJ 063da8a22e Update reverse_https_proxy stager/handler 
This change updates the proxy handler code, which for some reason was
ommitted in the orginal commits. This now uses the same mechanism as
the new code. It removes `HIDDENHOST` and `HIDDENPORT`, and instead
uses `ReverseListenerBindHost` and `ReverseListenerBindAddress`.
 2013-11-11 22:21:05 +10:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib 
It wasn't just cmdstager_printf.rb. :/
 2013-10-30 19:51:25 -05:00
sinn3r 1599d1171d
Land #2558 - Release fixes 2013-10-21 13:48:11 -05:00
Tod Beardsley bce8d9a90f
Update license comments with resplat. 2013-10-21 13:36:15 -05:00
Tod Beardsley c070108da6
Release-related updates 
* Lua is not an acronym
  * Adds an OSVDB ref
  * credit @jvazquez-r7, not HD, for the Windows CMD thing
 2013-10-21 13:33:00 -05:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
sinn3r cacaf40276
Land #2542 - D-Link DIR-605L Captcha Handling Buffer Overflow 2013-10-21 12:03:07 -05:00
sinn3r 6430fa3354
Land #2539 - Support Windows CMD generic payload 
This also upgrades auxiliary/admin/scada/igss_exec_17 to an exploit
 2013-10-21 11:26:13 -05:00
William Vu 5a0b8095c0
Land #2382, Lua bind and reverse shells 2013-10-18 17:11:37 -05:00
jvazquez-r7 be1d6ee0d3 Support Windows CMD generic payload 2013-10-17 14:07:27 -05:00
jvazquez-r7 3d3a7b3818 Add support for OSVDB 86824 2013-10-17 01:08:01 -05:00
Tod Beardsley f0aedd932d
More stragglers 2013-10-16 16:29:55 -05:00
Tod Beardsley ba2c52c5de
Fixed up some more weird splat formatting. 2013-10-16 16:25:48 -05:00
Tod Beardsley 5d86ab4ab8
Catch mis-formatted bracket comments. 2013-10-15 14:52:12 -05:00
Tod Beardsley ed0b84b7f7
Another round of re-splatting. 2013-10-15 14:14:15 -05:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat 
[SeeRM #8496]
 2013-10-15 13:51:57 -05:00
sinn3r e10dbf8a5d
Land #2508 - Add nodejs payloads 2013-10-14 12:23:31 -05:00
joev c7bcc97dff Add SSL support to #nodejs_reverse_tcp. 2013-10-12 03:32:52 -05:00
joev 6440a26f04 Move shared Node.js payload logic to mixin. 
- this fixes the recursive loading issue when creating a payload
  inside the cmd payload
- also dries up some of the node cmd invocation logic.
 2013-10-12 03:19:06 -05:00
Meatballs 9ca9b4ab29
Merge branch 'master' into data_dir 
Conflicts:
	lib/msf/core/auxiliary/jtr.rb
 2013-10-10 19:55:26 +01:00
joev 1e78c3ca1a Add missing require to nodejs/bind payload. 2013-10-09 11:39:05 -05:00
Tod Beardsley 4266b88a20
Move author name to just 'joev' 
[See #2476]
 2013-10-07 12:50:04 -05:00
joev da48565093 Add more payloads for nodejs. 
* Adds a reverse and bind CMD payload
* Adds a bind payload (no bind_ssl for now).
 2013-10-07 06:09:21 -05:00
Geyslan G. Bem 6492bde1c7 New Payload 
Merge remote-tracking branch 'origin'
 2013-10-05 09:17:14 -03:00
Geyslan G. Bem 31f265b411 New Shell Bind TCP Random Port Payload (x86_64) 2013-10-05 09:02:05 -03:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
joev 99e46d2cdb Merge branch 'master' into cve-2013-4660_js_yaml_code_exec 
Conflicts:
	modules/exploits/multi/handler.rb
 2013-09-25 00:32:56 -05:00
joev cd98c4654d Remove unecessary print from #generate in payloads. 2013-09-25 00:12:28 -05:00
Tod Beardsley c547e84fa7 Prefer Ruby style for single word collections 
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.

This change converts all Payloads to this format if there is more than
one payload to choose from.

It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.

See:
  https://github.com/bbatsov/ruby-style-guide#collections
 2013-09-24 12:33:31 -05:00
Joe Vennix 801dda2b09 Change PayloadType to NodeJS. 2013-09-23 11:31:45 -05:00
xistence 41e1a3d05b removed shell prompt in lua bind/reverse shells 2013-09-22 14:53:59 +07:00
Joe Vennix a08d195308 Add Node.js as a platform. 
* Fix some whitespace issues in platform.rb
 2013-09-20 18:14:01 -05:00
Meatballs 02044e8b5e Land #2373, Corrects x64 reverse_https alignment 
It appears that testing of the original submit was performed
on VMWare which worked. On a non virtualized machine the
payload would crash.

[Closes #2373] [FixRm #8271]
 2013-09-17 22:50:04 +01:00
Meatballs 6bf0d9b761 Cleanup 2013-09-17 21:46:38 +01:00
James Lee 21055f6856 Add x86 to meterpreter's binary suffix 
This makes x86 more consistent with x64.

Also replaces a bunch of instances of:
  File.join(Msf::Config.install_root, 'data', ...)
with the simpler
  File.join(Msf::Config.data_directory, ...)

[See rapid7/meterpreter#19]
 2013-09-16 21:52:04 -05:00
Joe Vennix a641bc41a8 Kill unnecessary comment. 2013-09-16 21:35:53 -05:00
Joe Vennix f954e5299f Now working on windows even. 2013-09-16 21:34:12 -05:00
Ryan Wincey fe86325fd4 Fixed memory alignment for x64 reverse_http stager 2013-09-16 16:43:20 -04:00
Joe Vennix 2d936fb67c Bail from payload if require() is not available. 
* TODO: test on windows
 2013-09-16 14:05:26 -05:00
RageLtMan 08f0abafd6 Add nodejs single payloads, thanks to RageLtMan. 2013-09-16 13:38:42 -05:00
xistence 79e08c1560 added LUA bind/reverse shells 2013-09-16 17:02:08 +07:00
MosDefAssassin b7dec23a1d Update meterpreter.rb 
Meterpreter Error: Uninitialized Constant Error Prevents a 32bit Meterpreter session from migrating to a 64bit process.
Discovered: September 9th 2013
Fixed: September 11th 2013 By MosDefAssassin
Contact:ara1212@gmail.com
Tested on Windows 2008 R2 SP1 Running as a Domain Controller

Issue:
An issue has been discovered when you have created a simple 32bit windows/meterpreter/reverse_tcp payload and have launched the payload on the victim to obtain a remote meterpreter session. While in this session you attempt to migrate your 32bit process over to a 64bit process in order to take advantage of tools like hashdump or mimikatz or obtain system level access under a 64bit process that runs as system such as dns.exe. However when you attempt to migrate to a 64bit process you receive the following error:
 
Error running command migrate: NameError uninitialized constant Msf::Payload::Windows::ReflectiveDllInject_x64

Cause and Resolution:
This issue occurs because the meterpreter.rb file that is being called from within
“/opt/metasploit/apps/pro/msf3/modules/payloads/stages/windows/” folder
does not contain the following classes:
require 'msf/core/payload/windows/x64/reflectivedllinject'
require 'msf/base/sessions/meterpreter_x64_win'
Once you add these two classes to the meterpreter.rb file, you will be able to migrate to 64bit processes from a basic msfpayload generated 32bit meterpreter payload.
 2013-09-12 14:32:13 -05:00
Geyslan G. Bem 118cc900a7 new payload 2013-09-10 19:20:48 -03:00
HD Moore 06f7abc552 Helps to put the rand() wrapper in 2013-09-09 20:26:11 -05:00
HD Moore baff3577e5 FixRM #8034 Pick a valid certificate expiration 2013-09-09 20:24:52 -05:00
Tab Assassin 896bb129cd Retab changes for PR #2325 2013-09-05 13:24:09 -05:00
Tab Assassin 5ff25d8b96 Merge for retab 2013-09-05 13:23:25 -05:00
James Lee b913fcf1a7 Add a proper PrependFork for linux 
Also fixes a typo bug for AppendExit
 2013-09-04 00:15:07 -05:00
Tab Assassin cbb9984358 Merge branch 'master' into retab/rumpus 2013-09-03 14:11:16 -05:00
jvazquez-r7 ff6ee5b145 Fix require 2013-09-03 10:52:52 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
Spencer McIntyre ffac6478cc Un typo a client and server socket mixup. 2013-08-21 14:59:30 -04:00
Spencer McIntyre e276b57ee7 Merge remote-tracking branch 'upstream/master' into python-meterpreter-dev 2013-08-19 08:37:12 -04:00
Spencer McIntyre 2d69174c5b Initial commit of the python meterpreter. 2013-08-05 23:38:49 -04:00
Tod Beardsley bddcb33507 Update description for reverse_https_proxy 2013-08-05 09:35:14 -05:00
sinn3r 10e9b97a88 Land #2180 - Accepting args for x64 osx exec payload 2013-08-02 00:45:09 -05:00
Joe Vennix 592176137a Rewrite osx x64 cmd payload to accept args. 
[SeeRM #8260]
 2013-07-31 08:50:28 -05:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff 
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
 2013-07-29 21:47:52 -05:00
jvazquez-r7 4a0b33241f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-25 18:41:50 -05:00
sinn3r 7b7603a5e7 Land #2104 - reverse_https_proxy 2013-07-25 17:26:56 -05:00
sinn3r 8dae114c7c msftidy happiness 2013-07-25 17:25:36 -05:00
jvazquez-r7 1a5e0e10a5 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-18 13:53:57 -05:00
sinn3r b64d0429ac Format fix 
Just to make this more pleasing to the eyes
 2013-07-18 13:36:31 -05:00
Joe Vennix cd2e352971 Kill extra whitespace. 2013-07-18 11:30:54 -05:00
Joe Vennix 766a8d5817 Shellwords! Now you can use exec to get you a perl shell 2013-07-17 21:16:04 -05:00
Joe Vennix 9c1228067c Change to += syntax. 2013-07-17 21:11:24 -05:00
Joe Vennix ab088712ba Removes unnecessary copy-to-stack. Fixes arg-order issue. 
* Now I simply point to the string in instruction-memory, which saves a few bytes.
 2013-07-17 20:27:20 -05:00
Joe Vennix 5ab81e7e37 Convert to readable asm. Adds support for arguments. 
* shellcode appears to do an unnecessary copy-to-stack, so will look into
  improving that.
 2013-07-17 19:20:47 -05:00
Alexandre Maloteaux e28dd42992 add http authentification and socks 2013-07-15 15:36:58 +01:00
Alexandre Maloteaux f48c70d468 enable tor and small fix 2013-07-13 17:59:49 +01:00
corelanc0d3r e8983a21c5 New meterpreter payload reverse_https_proxy 2013-07-12 16:45:16 -04:00
jvazquez-r7 785639148c Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-20 17:18:42 -05:00
William Vu 589b4be384 Land #1999, zsh bind shell 2013-06-20 13:51:48 -05:00
sinn3r 86fc101c1f Add payload module bind zsh 
For #1984
 2013-06-20 13:45:02 -05:00
sinn3r 660c97f512 Add module for reverse zsh payload 
For #1985
 2013-06-20 13:40:17 -05:00
jvazquez-r7 b20a38add4 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-10 12:22:52 -05:00
Tod Beardsley f58e279066 Cleanup on module names, descriptions. 2013-06-10 10:52:22 -05:00
jvazquez-r7 e5a17ba227 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-05 09:41:23 -05:00
William Vu 1596fb478a Land #1886, awk bind shell 2013-06-05 09:05:37 -05:00
William Vu 8ffa4ac9ac Land #1885, awk reverse shell 2013-06-05 09:04:49 -05:00
Roberto Soares Espreto f6977c41c3 Modifications done in each PR. 2013-06-05 07:55:05 -03:00
Roberto Soares Espreto b20401ca8c Modifications done in each PR. 2013-06-05 07:51:10 -03:00
Roberto Soares Espreto 34243165c5 Some changes with improvements. 2013-06-04 21:22:10 -03:00
Roberto Soares Espreto e2988727fb Some changes with improvements. 2013-06-04 21:10:51 -03:00
Roberto Soares Espreto d9609fb03e Was breaking with repeated commands 2013-05-31 18:44:48 -03:00
jvazquez-r7 48b14c09e3 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-31 01:12:46 -05:00
Tod Beardsley 9c771435f2 Touchup on author credit 2013-05-30 16:13:40 -05:00
Tod Beardsley 67128a3841 Land #1821, x64_reverse_https stagers 2013-05-30 13:55:13 -05:00
jvazquez-r7 3361a660ba Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-29 22:01:36 -05:00
Roberto Soares Espreto 00debd01c6 Listen for a connection and spawn a command shell via AWK 2013-05-29 21:22:49 -03:00
Roberto Soares Espreto d4a864c29f Creates an interactive shell via AWK (reverse) 2013-05-29 21:19:08 -03:00
jvazquez-r7 07c99f821e Land #1879, @dcbz ARM stagers 2013-05-29 17:43:37 -05:00
jvazquez-r7 7c41e239b4 Fix author name 2013-05-29 14:19:10 -05:00
jvazquez-r7 52aae8e04c Add small fixes for stagers 2013-05-29 14:01:59 -05:00
dcbz 2c0f0f5f04 Changed reverse payload as suggested. 2013-05-28 21:52:16 -05:00
dcbz 07c3565e3c Made changes as suggested, forgot to remove exit() after testing was complete. 2013-05-28 21:31:36 -05:00
jvazquez-r7 66ea59b03f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-28 15:22:46 -05:00
James Lee 9843dc4cb4 Land #1708, android meterpreter 
Conflicts:
	data/meterpreter/ext_server_stdapi.jar
 2013-05-28 12:19:45 -05:00
dcbz a53ab4cff9 Moved dupandexecve.rb to shell.rb due to pull request coments. 2013-05-20 17:05:57 -05:00
dcbz 9c0814505a Added reverse stager. 2013-05-17 21:52:10 -05:00
dcbz 14d5111b37 Added a sample stage + updated bind stager. 2013-05-17 21:03:03 -05:00
dcbz ad95eff9d4 added bind_tcp.rb 2013-05-17 12:09:45 -05:00
agix 6db1fea6b9 create x64_reverse_https stagers 2013-05-13 01:41:56 +02:00
Michael Schierl a13cf53b9f Android Meterpreter bugfixes 
- classes.dex gets mangled on windows; use binary mode when reading it
- UnknownHostExceptions on API Level 3 emulator because of trailing
  whitespace after the hostname/IP
- Work around integer overflow at year 2038 when signing the payload
 2013-05-01 18:01:37 +02:00
jvazquez-r7 a4632b773a Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-28 12:59:16 -05:00
sinn3r 1d9a695d2b Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238) 
[Closes #1772]
 2013-04-28 12:17:16 -05:00