infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
43,074 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

755 Commits (80d18fae6a3021544e90a08b5c4a1a2c376b9ae3)

Author SHA1 Message Date
Brent Cook 9a873a7eb5 more style fixes 2016-04-23 12:18:28 -04:00
Brent Cook d86174c3bf style fixes 2016-04-23 12:18:28 -04:00
Brent Cook 4250725b13 fix incorrect hex port conversion 2016-04-23 12:18:28 -04:00
Brent Cook 7ff5a5fd7e switch mainframe payloads to fixed size 2016-04-23 11:40:05 -04:00
OJ 555352b210 Force lurl string duplication to avoid stageless issues 
I have NO idea why this is even a problem. Mutating state is the spawn of satan.
 2016-04-18 08:25:19 -05:00
OJ a74a7dde55 More fixies for LURI in Python, and native too 2016-04-18 08:25:19 -05:00
OJ b95267997d Fix LURI support for stageless, transport add/change and code tidies 2016-04-18 08:24:41 -05:00
Brent Cook 6ce7055130
Land #6737, Added reverse shell JCL payload for z/OS 2016-04-13 22:19:15 -05:00
Bigendian Smalls 6a4d7e3b58
Revshell cmd JCL payload for z/OS 
Added a JCL-based reverse shell.  Uses the same source code as the
shellcode version does.  Source code is in
external/source/shellcode/mainframe/shell_reverse_tcp.s
 2016-03-31 20:42:42 -05:00
Bigendian Smalls a6518b5273
Add generic JCL cmd payload for z/OS (mainframe) 
This payload does nothing but return successfully.  It can be used to
test exploits and as a basis for other JCL cmd payloads.
 2016-03-28 21:01:39 -05:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook 8faae94338
Land #6592, make linux/x86/shell_reverse_tcp's shell path configurable and remove shell_reverse_tcp2 2016-03-06 15:33:53 -06:00
Brent Cook d355b0e8b7
update payload sizes 2016-03-02 13:55:32 -06:00
joev c8b28d90d1 Fix old comment. 2016-02-19 19:08:38 -06:00
joev b3e8cd4f51 Save some bytes on the padded string. 2016-02-18 20:36:52 -06:00
joev 2b784a48b9 Include cached size. 2016-02-18 20:29:42 -06:00
joev e67e477362 Make x86/shell_reverse_tcp's shell path configurable. 
Also removes shell_reverse_tcp2 shell.
 2016-02-18 20:24:35 -06:00
Brent Cook ff1cb4a2a4 update payload sizes 2016-02-10 22:44:17 -06:00
wchen-r7 a3cafc3bae Update PHP meterpreter size 2016-01-22 15:14:18 -06:00
Brent Cook 6eda702b25
Land #6292, add reverse_tcp command shell for Z/OS (MVS) 2015-12-23 14:11:37 -06:00
wchen-r7 14b1b3a1f0
Land #6299, Stageless HTTP(S) Python Meterpreter 2015-12-04 16:16:54 -06:00
wchen-r7 644c1347cd Update payload sizes 2015-12-04 16:14:37 -06:00
jvazquez-r7 bb3a3ae8eb
Land #6176, @ganzm's fix for 64 bits windows loadlibrary payload 2015-12-01 13:18:41 -06:00
Spencer McIntyre 3b3b569d8e Fix payload CacheSize for current pymet 2015-12-01 13:00:15 -05:00
jvazquez-r7 bfe81db9a5
Update cached size 2015-12-01 11:45:45 -06:00
jvazquez-r7 2348cb7374
Update loadlibrary for 64 bits 2015-12-01 11:41:37 -06:00
Spencer McIntyre fba9715a56 Add stageless python meterpreter http & https payloads 2015-11-28 17:41:55 -05:00
Bigendian Smalls d2bfc4d8e0
Added reverse shell payload for Mainframe 
This is the first and probably most useful shellcode for mainframe
platform.  Standard reverse shell works just like any other platform
reverse shell.
 2015-11-26 17:07:03 -06:00
Brent Cook 78e306e281 s/Initialision/Initialization/ 2015-11-25 22:07:25 -06:00
Brent Cook d984e5c781 update payload sizes 2015-11-25 22:04:52 -06:00
OJ 0afc5be3bc Finalise set up of stageless init 2015-11-10 20:01:23 +10:00
OJ a28ab216d3 Adding stageless init script support 2015-11-10 19:18:47 +10:00
Matthias Ganz 6458c591e4 Update loadlibrary.rb 2015-11-02 17:16:46 +01:00
Matthias Ganz a01d7c966a Bugfix loading address of library path into rcx 
Changed the following instruction:
67 48 8D 8D 00 01 00 00 lea         rcx,[ebp+100h]

Into
90                                              nop
48 8D 8D 00 01 00 00 lea         rcx,[rbp+100h]

The old code breaks if the payload is executed from a memory area where the 4 most significant bytes are non-zero. 

The bugfix removes the Address-Size override prefix 0x67 of the lea instruction and replaces it with a nop 0x90 (to not mess up code alignment,relative addressing or jmps).
 2015-11-02 12:54:44 +01:00
Brent Cook ec1682ebd9
update payload size cache 2015-10-30 17:35:05 -05:00
Spencer McIntyre b4a8f80493 Update the cached size for the current met file 2015-10-22 08:54:14 -04:00
Spencer McIntyre 23d9efb5a3 Add stageless Python Meterpreter for bind tcp 2015-10-21 18:37:37 -04:00
Spencer McIntyre 8bb694fa5c Add stageless Python Meterpreter for reverse tcp 2015-10-21 18:23:04 -04:00
jvazquez-r7 c35e99664e
Land #6003, @earthquake's x86-64 pushq signedness error fixed 2015-10-01 11:52:28 -05:00
jvazquez-r7 aa01383361
Fix comment 2015-10-01 11:51:45 -05:00
jvazquez-r7 195418b262
Update the sin_family on bind_tcp_small 2015-10-01 11:22:59 -05:00
jvazquez-r7 77ce7ef5f0
Save 3 more bytes on shell_bind_ipv6_tcp 2015-10-01 09:45:02 -05:00
jvazquez-r7 4efb3bf26c
Save 3 more bytes on shell_bind_tcp_small 2015-10-01 09:42:35 -05:00
jvazquez-r7 04879ed752
Save two bytes on shell_bind_ipv6_tcp 2015-10-01 09:33:22 -05:00
jvazquez-r7 88eecca4b1
Save two bytes on shell_bind_tcp_small 2015-10-01 09:29:39 -05:00
Brent Cook 46ed129966 update to metasploit-payloads 1.0.14 2015-09-26 10:50:20 -04:00
Balazs Bucsay a863409734 x86-64 pushq signedness error fixed. Signed port numbers (2bytes) were not working properly. Fix means +6bytes in shellcode length 2015-09-24 13:07:02 +02:00
Brent Cook d2a17074b1
update payload sizes 2015-09-16 17:24:41 -05:00
Brent Cook 56a1cfd9c8 updated cached payload sizes 2015-09-01 18:02:16 -05:00
Brent Cook a8dd89cc0d update cached payload sizes 2015-08-27 11:43:38 -05:00
Brent Cook 593f501571 finish move of php / python meterpreters to metasploit-payloads 2015-08-27 11:34:22 -05:00
Brent Cook ca8353e1aa update to metasploit-payloads 1.0.9 2015-08-25 17:44:01 -05:00
Brent Cook 6b1e911041 Instantiate payload modules so parameter validation occurs 
Calling .new on payload modules does not perform parameter validation, leading
to a number cached sizes based on invalid parameters. Most notably,
normalization does not occur either, which makes all OptBool params default to
true.
 2015-08-14 11:35:39 -05:00
Brent Cook a2bdd0bab9
Land #5541, add more compat fixed-cmd 64-bit BSD payloads 
Merge branch 'land-5541-bsd-shellcode' into upstream-master
 2015-07-13 21:01:55 -05:00
Brent Cook 226137896e updated cached payload sizes 2015-07-10 22:30:20 -05:00
Brent Cook d6261a54b1
Land #5608, part 2, update payload cache sizes 2015-07-01 00:31:40 -05:00
Brent Cook 6711091c70 update cached payload sizes 2015-07-01 00:31:09 -05:00
Brent Cook bb43f7e30f use the correct transport for x64/meterpreter_reverse_https 2015-06-27 10:50:54 -05:00
OJ 007da4af41 Force :init_connect for stageless 2015-06-27 18:21:15 +10:00
Brent Cook 8ade66027a update cached payload sizes 2015-06-22 17:19:02 -05:00
root a99b001bd7 payloads_spec.rb modified, payloads added 2015-06-16 05:33:30 -04:00
wchen-r7 5a6a16c4ec Resolve #4326, remove msfpayload & msfencode. Use msfvenom instead! 
msfpayload and msfencode are no longer in metasploit. Please use
msfvenom instead.

Resolves #4326
 2015-06-08 11:30:04 -05:00
HD Moore 1f11cd5470
Lands #5446, support for 64-bit native powershell payloads 2015-06-07 14:16:19 -05:00
benpturner dddbf3886b Updated payload spec to be in the correct order and updated payload cached size 2015-06-02 18:33:06 +01:00
benpturner 9d1a7cead4 New modules to support 64bit process powershell. 2015-06-01 16:11:23 +01:00
OJ 1c73c190fc Add machine_id support to windows php meterp 2015-05-22 14:55:29 +10:00
OJ 5963a5833a Fix up php stageless payload includes 2015-05-20 16:50:00 +10:00
OJ d0a5b803e8 Use generate_payload_uuid instead of manual obj creation 2015-05-20 16:25:52 +10:00
OJ 9296a024e2 PHP meterpreter refactoring in prep for uuid work 2015-05-18 17:40:48 +10:00
OJ e41ae93524 Payload sizes, specs and more 2015-05-18 14:58:10 +10:00
OJ 0d56b3ee66 Stage UUIDs, generation options, php and python meterp uuid 2015-05-18 13:29:46 +10:00
OJ bf2b113abb
Merge branch 'upstream/master' into update-x64-stagers 2015-05-18 13:28:36 +10:00
Brent Cook d804f5fe49 update to metasploit-payloads 0.0.7 2015-05-17 10:06:38 -05:00
Brent Cook 829f8420e2
Update static payload sizes for metasploit-payloads-0.0.6 2015-05-15 18:43:47 -05:00
OJ 7b2aee2a60
Merge branch 'upstream/master' into update-x64-stagers 2015-05-15 12:27:40 +10:00
OJ 83fbd41970 Merge branch 'upstream/master' into multi-transport-support 
Conflicts:
	Gemfile.lock
	modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb
 2015-05-14 14:50:25 +10:00
benpturner 36aa136091 missing require 2015-05-13 17:36:45 +01:00
benpturner 1f294eac0b Updated to remove dup code 2015-05-13 17:26:21 +01:00
OJ e9e3d9c1e4 Update payloads gem, and updated payload sizes 2015-05-13 15:37:09 +10:00
OJ 237827bfdc Fix up payload cached sizes again 
This time it's against the currently "installed" version of Meterpeter
binaries. When Meterpreter is landed down the track we'll need to make
sure that the payload sizes are updated again.
 2015-05-12 12:44:34 +10:00
OJ 474461d2a4 Merge format and structure changes from multi transport 2015-05-12 09:46:02 +10:00
OJ 69d2b8ffb1 Various code format, style changes, file moves 
As per Egypt's suggestions.
 2015-05-12 09:43:41 +10:00
OJ 0dbfc1e02b
Merge the stager size work from mult-transport-support 2015-05-12 07:50:56 +10:00
OJ fe51f552b8 Make stageless, and reverse_tcp x64 non-dynamic 2015-05-12 07:37:12 +10:00
benpturner a97f24a12d Update payload cached sizes 2015-05-11 10:00:14 +01:00
OJ d9068b7719 Fix up payload cache sizes, and powershell include 2015-05-11 17:43:51 +10:00
benpturner c0388a770e Update cached sizes 2015-05-10 22:01:30 +01:00
benpturner c916021fc5 SSL Support for Powershell Payloads 2015-05-10 21:45:59 +01:00
Brent Cook a0c806c213 Update java meterpreter and payload references to use metasploit-payloads 2015-05-05 15:01:00 -05:00
OJ 232117117b Fix missing includes 
The powershell one broke thanks to include hierarchy changes. The others
failed in the specs only for some reason.
 2015-05-05 14:24:21 +10:00
OJ cf62d1fd7c Remove patch and old stageless stuff 2015-05-05 09:27:01 +10:00
OJ b42f4f5cd2 Merge branch 'upstream/master' into multi-transport-support 
Conflicts:
	lib/msf/core/payload/windows/stageless_meterpreter.rb
	lib/msf/core/payload/windows/x64/stageless_meterpreter.rb
	lib/rex/post/meterpreter/client_core.rb
	modules/payloads/stages/linux/x86/meterpreter.rb
	modules/payloads/stages/windows/meterpreter.rb
	modules/payloads/stages/windows/x64/meterpreter.rb
 2015-05-05 07:53:54 +10:00
OJ c2dc4677fb Prevent stagless from overwriting socket 
Stageless payloads need to have the socket FD left along (ie. 0)
otherwise each of them will think that the socket is already open.
Instead we need to make sure it's left as 0 as per the configuration and
from there the stageless code will fire up a new socket based on the
transport in question.
 2015-05-04 22:36:59 +10:00
OJ e835f2b99c Rejig transport config into module 
Adjust a few other things along the way, including tidying of code,
removing of dead stuff.
 2015-05-04 22:04:34 +10:00
Balazs Bucsay 0b580acfb4 \t removed 2015-05-02 21:16:50 +02:00
Balazs Bucsay a0539cd672 new x64 bsd shellcodes (bind/reverse) ipv4/6. ipv4 shells are smaller than 
the existing one.
 2015-05-02 20:52:09 +02:00
Brent Cook 6058dee99a explicitly require bind_tcp/reverse_tcp modules 
This transient error was noted in the release documentation builder.

metasploit-framework/modules/payloads/singles/windows/powershell_bind_tcp.rb:37:in
   `initialize': uninitialized constant Msf::Handler::BindTcp (NameError)
 2015-04-27 20:57:31 -05:00
HD Moore 1fd601510c
Lands #5194, merges in PowerShell session support & initial payloads 2015-04-26 16:01:51 -05:00
HD Moore f56eac7f10 Cosmetic cleanup and binary mode read for powershell script 2015-04-26 15:57:51 -05:00
Ben Turner 82fe480c2e Update session to display username and hostname 2015-04-26 21:47:49 +01:00
benpturner f2c745d2a7 update cached sizes 2015-04-26 20:24:41 +01:00
benpturner d19406c593 Update the payload cache size 2015-04-26 18:56:32 +01:00
benpturner 1cc167a7fb Inserted ARCH_X86 payloads, removed interactive_powershell and updated base powershell session 2015-04-26 18:50:42 +01:00
benpturner 4cb1a6c255 Updated payload cached size 2015-04-26 09:30:41 +01:00
benpturner e6c61c461e Updated payloads and fixed msftidy. 2015-04-26 09:20:29 +01:00
benpturner ded904c72c New payloads 2015-04-26 00:16:59 +01:00
benpturner a02ea90824 New payloads which work with cmd 2015-04-25 16:49:22 +01:00
benpturner 7afb6e1aa6 Removed stand-alone payloads and will push these as a seperate fork request. 2015-04-25 07:57:43 +01:00
benpturner 6be2c0beab Dynamic 2015-04-25 07:49:34 +01:00
benpturner 2273fb541a payload cached_sizes 2015-04-25 07:33:51 +01:00
benpturner 215e67bcbd Updated comments 2015-04-25 07:02:25 +01:00
benpturner 941a4ee572 updated cached size using tools/update_payload_cached_sizes.rb 2015-04-24 19:13:54 +01:00
benpturner 00d8958cc8 New payloads for reverse_tcp for powershell 2015-04-24 10:25:37 +01:00
benpturner 9e137c6403 ref 2015-04-23 23:28:33 +01:00
benpturner 468166408e ref 2015-04-23 23:28:21 +01:00
benpturner 3711b2579c new powershell session 2015-04-23 23:13:12 +01:00
benpturner 0f7442dec2 new powershell session 2015-04-23 23:12:58 +01:00
benpturner b642ddb989 interact powershell session 2015-04-23 23:12:38 +01:00
benpturner b6abd9dc8e updates to rex 2015-04-23 22:14:11 +01:00
benpturner a3710752c6 updates to rex 2015-04-23 22:14:00 +01:00
benpturner 3e693c95df update bind_tcp settings 2015-04-23 14:43:08 +01:00
benpturner 99156f1247 reverse payload 2015-04-22 20:41:45 +01:00
benpturner 4ae3c5925d bind payload 2015-04-22 20:41:35 +01:00
William Vu 3fbd4e2fe6
Land #5172, x64 BSD shell_{bind,reverse}_tcp 2015-04-20 15:37:29 -05:00
Meatballs b0d50dc2be
Create our own Rex connection to the endpoint 
Ensure powershell process closes when module completes
Add a windows cmd interact payload
 2015-04-19 23:41:28 +01:00
joev 9b6aea12e1 Oops, missed a comma. 2015-04-15 19:26:53 -05:00
joev 4a18714191 Update authors and license to original osx x86 module. 2015-04-15 14:34:26 -05:00
joev a01d98d1f5 Implement shell_bind and shell_reverse payloads for bsd x64. 2015-04-15 14:33:27 -05:00
joev 0d19b5d4c3 Fix require order issue. 2015-04-14 23:23:02 -05:00
joev e56590e1e3 DRY up common code between BSD / OSX. 2015-04-14 23:08:57 -05:00
William Vu e114c85044
Land #5127, x64 OS X prepend stubs 'n' stuff 2015-04-14 01:25:39 -05:00
joev 2d3614f647 Implement x64 BSD exec and exe template. 
- Fixes bug in CachedSize due to all options being set
- Adds new payload to payload_spec.
 2015-04-12 12:17:25 -05:00
joev ceadd1e6ec Update osx x86 payload cached sizes to be accurate. 
- Right now there is a bug in the payload_spec, which causes the payload's
  datastore during the spec run to have things like 'PrependSetuid' => 'false',
  where 'false' is a string, which means 'if (datastore['PrependSetuid'])'
  branch will be taken, resulting in incorrect behavior.
 2015-04-12 00:21:18 -05:00
OJ 9fd40870d0 Update http(s) generator functions 
Methods now require a hash. I went with the hash because 1) that's what
we seem to use everywhere else, and 2) I couldn't get the new keyword
arguments working nicely with the block syntax (I'm clearly stupid).
 2015-04-08 07:56:54 +10:00
OJ 8f58e08c13 Add support for stageless reverse_http payloads 
This includes both x64 and x86.
 2015-04-07 11:01:24 +10:00
HD Moore c9696d3f6c Merge in stageless/transport work, deconflict 2015-04-04 11:52:26 -07:00
HD Moore 34ff94e0da Fix the proxy user/pass options 2015-03-31 15:49:43 -05:00
HD Moore a39ba05383 Functional Payload UUID embedding via PayloadUUIDSeed 2015-03-31 15:44:18 -05:00
OJ 253e5d7dff Include correct module, remove specified encoder type 2015-03-31 07:23:51 +10:00
OJ c28cc66398 Add x64 bind_tcp and reverse_ipv6_tcp 
Also fix up a couple of modules to use Metasploit4 instead of
Metasploit3.
 2015-03-30 18:59:30 +10:00
OJ 26792975eb Refactor of code to reduce duplication 
Add mixin for the stageless http preparation
 2015-03-30 13:18:56 +10:00
OJ f8851551c5 Add initial x64 stageless meterrpeter module 2015-03-30 11:23:51 +10:00
OJ ce8f6d72e1 More work on x64 stageless 
Testing with HD's new changes that allow for generation of larger x64
payloads
 2015-03-30 09:51:04 +10:00
OJ 17dc2b184d Merging upstream/master 2015-03-30 09:12:20 +10:00
OJ 24d74b26e3 Beginning work for stageless x64 meterpreter 2015-03-24 06:50:06 +10:00
OJ 9c9d333a1b Create verify ssl mixin, adjust some formatting 2015-03-23 13:21:08 +10:00
oj@buffered.io fd4ad9bd2e Rework changes on top of HD's PR 
This commit removes duplication, tidies up a couple of things and puts
some common code into the x509 module.
 2015-03-20 13:06:57 +10:00
OJ 7b4161bdb4 Update code to handle cert validation properly 
This code contains duplication from HD's PR. Once his has been landed
this code can be fixed up a bit so that duplication is removed.
 2015-03-20 12:52:47 +10:00
OJ 7899881416 Update POSIX bins from master 2015-03-19 14:50:14 +10:00
Brent Cook abb8a32e68 update spec for dynamic meterpreter payloads 2015-03-16 18:08:13 -05:00