Adds support to load a dll and identify the ReflectiveLoader offset.
Adds support to inject dll into process and execute it.
Updates kitrap0d, ppr_flatten_rec, reflective_dll_inject modules and
payload modules to use above features.
HTTP(s) payloads don't exit cleanly at the moment. This is an issue that's
being addressed through other work. However, there's a need to be able to
terminate the current HTTP(s) session forcably.
This commit add a -s option to kill, which (when specified) will kill
the current session.
Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
It's kind of a dumb reason but there are metasploit metadata parsers out
there that barf all over @names. They assume user@email.address. Should
be fixed some day.
This is a new set of binaries for Meterpreter as of commit hash
9e33acf3a283f1df62f264e557e1f6161d8c2999. We haven't yet finalised
the process we'll be using for releasing bins from Meterpreter to MSF
so this is hopefully the last time we will have to do it the old way.
MSF was starting to see more modules using RDI to load binaries into
remote processes, so it made sense to create a mixin which contained
the functionality that was being used in various locations.
This commit contains the new mixin, and adjustments to all the existing
exploits and modules which use RDI.
Some module submissions don't have a pcap, screenshot/video or anything
to prove the module is actually functional or not, because often due to
the author not having the test box anymore, or unable to share info
because of their NDA. We nee a way to prove the module runs by basically
simulating the vulnerable environment live, and this is the answer to that.
This test module is specifically for the cisco_asa_asdm.rb, but future
PRs with the same scenario can also borrow the same idea.
sinn3r
bmerinofe
Meatballs
OJ
DoI
jvazquez-r7
William Vu
Joshua Harper PI GCFE GCFA GSEC
Tod Beardsley
jiuweigui