sinn3r
8cf5c3b97e
Add heaplib2
...
[SeeRM #8769 ] Add heapLib2 for browser exploitation
2014-03-02 11:47:18 -06:00
Spencer McIntyre
699e534149
Add missing return statement.
2014-03-02 00:18:46 -05:00
Spencer McIntyre
1c9390c9cf
Support retrieving interface information via windows mib functions.
2014-03-02 00:17:00 -05:00
Spencer McIntyre
733a86ec74
Support retrieving interface information via netlink.
2014-03-01 22:34:38 -05:00
Spencer McIntyre
284d99aa6c
Add pymeterp TLV types for additional network functions.
2014-02-28 13:56:51 -05:00
jvazquez-r7
8922f6457b
Land #3045 , @wchen-r7's fix for browser autopwn
2014-02-28 12:55:32 -06:00
Spencer McIntyre
99e272e463
Return true in EOF when tell() > stat.st_size
2014-02-27 20:45:38 -05:00
David Maloney
9d9149d9d8
remove some dead code paths
...
refactor some dead conditionals and a case/switch
that wasn't doing anything
2014-02-27 11:45:57 -06:00
sinn3r
0c3891c0f9
Add more IE targets
2014-02-27 11:01:03 -06:00
sinn3r
151646156d
Check navigator.oscpu for FF
...
If we don't check navigator.oscpu, IE 11 is detected as FF.
2014-02-27 10:54:38 -06:00
David Maloney
2e512abd31
put new binaries in place
...
after cleaning up the source a bit and
updateing it for 2013, compiled new BINs.
These BINS avoid almost all current AV detections
and have been tested to ensure they still work.
2014-02-23 15:24:55 -06:00
Meatballs
7877589537
Delete correctly
2014-02-23 02:47:13 +00:00
Meatballs
6127ff92ce
Fix race condition
...
Wait for Sysprep to ExitProcess before cleaning up the DLLs...
2014-03-03 23:41:25 +00:00
Meatballs
2a6258be15
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
external/source/exploits/make.bat
2014-02-28 20:26:24 +00:00
Meatballs
8bdb22aeb9
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
lib/msf/core/post/windows.rb
2014-02-25 22:15:05 +00:00
David Maloney
b1dfed8577
rebuilt template DLLs
...
x86 dll template was way out of date and
did not match the x64 tempalte. rebuilt them both
2014-02-25 15:34:42 -06:00
David Maloney
3c773f031c
add new binaries compiled from latest src
...
compiled and added new binaries to make sure
most up to date source is used
2014-02-25 14:06:57 -06:00
David Maloney
289580777c
remove unneccsary logging elements
...
update soloutions for VS2013
remove the CLogger
Remove Print Usage
this removes unneccsary strings that can
be used to easily identify our executable
2014-02-20 20:00:19 -06:00
jvazquez-r7
4ca4d82d89
Land #2939 , @Meatballs1 exploit for Wikimedia RCE and a lot more...
2014-02-18 17:48:02 -06:00
Tod Beardsley
8e0a4aaa58
Land #2983 , webcam_chat for Meterpreter
2014-02-18 13:43:42 -06:00
sinn3r
e8f95c6cc0
Change error msg
2014-02-18 00:02:16 -06:00
sinn3r
608f800274
Support error handling in the message box
2014-02-18 00:01:44 -06:00
scriptjunkie
022c52d087
Added bundling to handle many sessions at once.
2014-02-15 15:37:22 -06:00
scriptjunkie
a6a731c8ee
Keep stage until replaced, nil check, prettify.
2014-02-15 15:21:16 -06:00
scriptjunkie
5f7a0e162c
Add reverse_hop_http stager and handler
2014-02-15 15:21:16 -06:00
Spencer McIntyre
3299b68adf
Landing #2767 , @Meatballs1 Powershell Reflective Payload
2014-02-14 16:12:46 -05:00
sinn3r
00ba0b5208
Land #2987 - Add ff 27 support to os.js
2014-02-13 15:20:53 -06:00
Joe Vennix
51f3ab1690
Add ff 27 support to os.js
2014-02-12 15:32:47 -06:00
sinn3r
750ce3c4db
Make server configurable
2014-02-11 23:07:43 -06:00
sinn3r
7eb20a37d4
offerer's interface gets a makeover
2014-02-11 19:43:52 -06:00
sinn3r
2bb15d3a87
answerer's interface gets a makeover
2014-02-11 02:15:22 -06:00
sinn3r
1114913298
Automatically turn on webcam in Firefox
2014-02-10 17:05:08 -06:00
Meatballs
a87f604c98
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-10 21:43:56 +00:00
sinn3r
575ee09b77
Change messages
2014-02-10 14:59:44 -06:00
jvazquez-r7
3d4d5a84b6
Land #2957 , @zeroSteiner's exploit for CVE-2013-3881
2014-02-10 13:59:45 -06:00
jvazquez-r7
78e1683f2d
Add binary compiled on vs2013
2014-02-10 13:52:27 -06:00
sinn3r
93ef3c784d
Update some JavaScript and other things
2014-02-08 22:23:19 -06:00
sinn3r
8edafc8c4c
Restore the original API
2014-02-08 20:06:26 -06:00
sinn3r
be8538f3bd
Tweak video attributes
2014-02-08 19:56:43 -06:00
sinn3r
8d55104712
Random channel
2014-02-08 19:36:33 -06:00
sinn3r
ccd12e66a7
Unwanted console.debug
2014-02-08 19:16:42 -06:00
sinn3r
e25767ceab
More progress
2014-02-08 17:28:15 -06:00
sinn3r
325214e37f
Fix bugs and stuff
2014-02-08 15:41:44 -06:00
sinn3r
e8ec6d1062
Rename command name
2014-02-08 03:53:49 -06:00
sinn3r
526bf9f6bc
This should work
2014-02-07 22:17:42 -06:00
Meatballs
103780c3da
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-07 20:07:04 +00:00
sinn3r
bab9a5522b
You will go deaf with the default volume value. No thanks.
2014-02-07 11:35:57 -06:00
sinn3r
3c3bd11aca
Oh look, more progress
2014-02-07 11:25:20 -06:00
Spencer McIntyre
01f41a209c
Remove the DLL and add make.msbuild for easier compiling.
2014-02-07 10:05:05 -05:00
sinn3r
43be99f31b
Save some progress
2014-02-07 03:06:52 -06:00
Spencer McIntyre
cc32c877a9
Add CVE-2013-3881 win32k Null Page exploit
2014-02-06 17:23:38 -05:00
William Vu
19fff3c33e
Land #2942 , @jvennix-r7's Android awesomesauce
...
Also, thanks to @jduck for testing!
2014-02-06 11:53:11 -06:00
sinn3r
f66fc15b9e
Add support for webrtc in meterpreter
2014-02-06 10:44:24 -06:00
OJ
096e06baa6
Added binaries from Meterpreter PR #74
...
Meterpreter PR https://github.com/rapid7/meterpreter/pull/74 was landed,
this adds the binaries from that PR.
2014-02-06 11:47:29 +10:00
Joe Vennix
636d7016a8
Fix android detection in os.js.
2014-02-04 02:31:46 -06:00
Meatballs
486a9d5e19
Use msf branded djvu
2014-02-01 00:37:28 +00:00
dukeBarman
766c408d86
Add CVE-2013-0634: Adobe Flash Player 11.5 memory corruption
2014-01-18 11:07:11 -05:00
OJ
80c4a6e9eb
Updated binaries for Meterpreter
...
This includes changes up to commit hash e77c87cdb79a2732108be937e056622b45cb093c
2014-01-17 09:02:48 +10:00
Joe Vennix
96e97d4768
Oops, the default bufsize is 0 anyways.
2014-01-05 18:57:56 -06:00
Joe Vennix
b64df51fa0
Fixes #8732 by reading until EOF reached.
...
* use a lambda for cleaner iterator.
* also disables buffering, since we are reading byte-by-byte in the first place
and maintaining our own buffer (#data).
2014-01-05 18:36:22 -06:00
Meatballs
dc87575b9d
Retab and whitespace
2013-12-22 21:04:44 +00:00
Meatballs
f112e78de9
Fixes .war file creation
2013-12-22 20:58:21 +00:00
OJ
0db062a1ce
Merge branch 'meatballs-vncdll-submodule'
2013-12-20 18:29:27 +10:00
OJ
34cdec5155
Update project VS 2013, clean CLI build
...
* Project system updated to VS 2013.
* Clean builds, had to remove a bunch of warnings.
* `make.bat` for building from the command line.
* Removed RDI stuff that shouldn't be there any more.
* Renamed the x86 DLL to include the platform name.
2013-12-20 09:49:15 +10:00
OJ
a4811bd0c3
Land #2760
2013-12-18 17:17:10 +10:00
jvazquez-r7
533accaa87
Add module for CVE-2013-3346
2013-12-16 14:13:47 -06:00
Meatballs
14c0096115
Update template
...
Use Copy instead of memset
Remove | Out-Null
2013-12-16 13:38:14 +00:00
Meatballs
25b84217ac
Correctly VAlloc
2013-12-16 12:47:03 +00:00
Meatballs
8dfcc8aa77
WaitForThread
2013-12-16 12:44:58 +00:00
Meatballs
0a29176855
Update psh_web_delivery for reflection
2013-12-16 09:08:01 +00:00
Meatballs
7cc99d76ad
Merge remote-tracking branch 'upstream/master' into powershell_auto_arch
...
Conflicts:
lib/msf/util/exe.rb
2013-12-16 09:07:08 +00:00
OJ
0c82817445
Final changes before PR
2013-12-15 01:12:49 +00:00
OJ
db29af0f97
First batch of submodule refactorings
2013-12-15 01:12:48 +00:00
Meatballs
3d1646d18e
Exit process when complete
2013-12-15 01:12:47 +00:00
Meatballs
c6623b380a
Initial commit
2013-12-15 01:12:45 +00:00
zeknox
6931c918af
removed bogus urls that are throwing errors
2013-12-13 12:13:23 -06:00
zeknox
554cd41403
added dns_cache_scraper and useful wordlists
2013-12-12 20:18:18 -06:00
sinn3r
bf831616e5
Land #2749 - Add firefox 26 feature detection support to detect/os.js
2013-12-10 16:30:33 -06:00
Joe Vennix
6cd315da64
Add ff26 feature detection support.
2013-12-10 10:47:11 -06:00
Meatballs
45a0ac9e68
Land #2602 , Windows Extended API
...
Retrieve clipboard data
Retrieve window handles
Retrieve service information
2013-12-08 19:01:35 +00:00
Meatballs
496b017e33
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
2013-12-05 17:09:32 +00:00
Meatballs
dc0f2b7291
Use ExitProcess
2013-12-05 17:08:47 +00:00
OJ
c8e2c8d085
Add binaries from Meterpreter 9e33acf3a283f1df62f264e557e1f6161d8c2999
...
This is a new set of binaries for Meterpreter as of commit hash
9e33acf3a283f1df62f264e557e1f6161d8c2999. We haven't yet finalised
the process we'll be using for releasing bins from Meterpreter to MSF
so this is hopefully the last time we will have to do it the old way.
2013-12-04 16:23:03 +10:00
sinn3r
ddbd5858e0
Land #2701 - Refactor of `ppr_flatten_rec`
...
Also [SeeRM #8140 ]
2013-12-03 10:51:58 -06:00
Meatballs
cf12826d2c
Dont use xp toolchain
...
and dont bother editbin
2013-11-30 20:04:00 +00:00
Meatballs
d3a0199539
Update for new Reflective DLL Submodule
...
Update to VS2013 Toolsets
Include .msbuild and make.bat
Tidyup of if { }
Post build step to copy to output directory
2013-11-30 19:58:25 +00:00
Meatballs
915d741f86
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
.gitmodules
external/source/ReflectiveDLLInjection
2013-11-30 19:10:04 +00:00
OJ
bcab716ec0
Add the binaries from the meterpreter repo
...
Given this is a new extension, building bins and including them in this
PR can't cause any issues regarding lost functionality (like it can
with existing bins).
Adding to this PR so that it's easier to test and land.
2013-11-29 09:02:07 +10:00
jvazquez-r7
0343aef7c8
Land #2695 , @wchen-r7's support to detect silverlight
2013-11-27 09:40:12 -06:00
OJ
defc0ebe5c
ppr_flatten_rec update, RDI submodule, and refactor
...
This commit contains a few changes for the ppr_flatten_rec local windows
exploit. First, the exploit binary itself:
* Updated to use the RDI submodule.
* Updated to build with VS2013.
* Updated to generate a binary called `ppr_flatten_rc.x86.dll`.
* Invocation of the exploit requires address of the payload to run.
Second, the module in MSF behaved a little strange. I expected it to create
a new session with system privs and leave the existing session alone. This
wasn't the case. It used to create an instance of notepad, migrate the
_existing_ session to it, and run the exploit from there. This behaviour
didn't seem to be consistent with other local exploits. The changes
include:
* Existing session is now left alone, only used as a proxy.
* New notepad instance has exploit reflectively loaded.
* New notepad instance has payload directly injected.
* Exploit invocation takes the payload address as a parameter.
* A wait is added as the exploit is slow to run (nature of the exploit).
* Payloads are executed on successful exploit.
2013-11-27 20:44:18 +10:00
James Lee
25b1ec5b75
Land #2689 , getenv
2013-11-26 23:33:25 -06:00
OJ
72813c1f3e
Merge branch 'egypt/feature/getenv-php' into getenv_cmd
2013-11-27 15:22:15 +10:00
James Lee
a3337e5de5
Add PHP side for meterpreter getenv
2013-11-26 23:16:28 -06:00
OJ
a0f703ee44
Add getenv support to python meterpreter
...
This change adds support for `getenv` to python meterpreter. Nothing too
complex going on here. I tidied up the definitions of the TLVs as well
so that they look nice.
2013-11-27 11:19:26 +10:00
sinn3r
5d10b44430
Add support for Silverlight
...
Add support for Silverlight exploitation. [SeeRM #8705 ]
2013-11-26 14:47:27 -06:00
jvazquez-r7
6cb63cdad6
Land #2679 , @wchen-r7's exploit for cve-2013-3906
2013-11-25 22:04:26 -06:00
jvazquez-r7
25eb13cb3c
Small fix to interface
2013-11-22 17:02:08 -06:00
jvazquez-r7
136c18c070
Add binary objects for MS13-022
2013-11-22 16:45:07 -06:00
sinn3r
94e13a0b8a
Initial commit of CVE-2013-3906
2013-11-19 23:10:32 -06:00
OJ
0b413aa0b8
Remove extapi binaries
...
These were committed in the flurry of merges last night by me. They
should be removed until the extapi PR has been fully reviewed and
merged. This commit just removes the binaries from master, they'll
be re-added when appropriate.
2013-11-15 06:24:00 +10:00
jvazquez-r7
4cf16cf360
Land #2633 , @OJ's port of Kitrap0d as local exploit
2013-11-14 09:27:10 -06:00
OJ
4bd0900359
Updated meterpreter binaries
...
Includes the following:
* Clean builds
* Removal of kitrap0d from getsystem
* Doc updates
* Webcam crash fix
* Schedular and channel refactor
* Posix crash fix for post modules
2013-11-15 01:14:14 +10:00
OJ
506a4d9e67
Remove genericity, x64 and renamed stuff
...
As per discussion on the github issue, the following changes were made:
* Project renamed from elevate to kitrap0d, implying that this is not
intended to be a generic local priv esc exploit container.
* Container DLL no longer generic, always calls the kitrap0d exploit.
* Removal of all x64 code and project configurations.
* Invocation of the exploit changed so that the address of the payload
is passed in to the exploit entry point. The exploit is now responsible
for executing the payload if the exploit is successful. This removes
the possibility of the payload getting executed when the exploit fails.
* Source moved to the appropriate CVE folder.
* Binary moved to the appropriate CVE folder.
* Little bit of source rejigging to tidy things up.
2013-11-14 12:22:53 +10:00
jvazquez-r7
ef6d9db48f
Land #2613 , @wchen-r7's BrowserExploitServer mixin
2013-11-12 17:33:12 -06:00
OJ
40f58ce534
Finalise the local exploit for kitrap0d
...
The exploit now properly injects the DLL using RDI and invokes the
exploit based on a parameter passed by the Ruby module. The elevate
code is 'generic' with a goal of possibly supporting more exploits
down the track.
New sessions are now created with the SYSTEM creds, rather than
modifying the existing session. This is now inline with how things
are done with other local modules.
2013-11-12 23:01:24 +10:00
sinn3r
62102dd1f9
Land #2544 - Vbs minimize
2013-11-11 11:14:56 -06:00
sinn3r
33f65dd611
Land #2577 - Use base64 to reduce psh-net payload size
2013-11-11 10:21:20 -06:00
William Vu
f402f4c16e
Land #2614 , another default OWA URL
2013-11-08 17:20:20 -06:00
Rob Fuller
cdc6a863dd
Add another default owa url
...
Its not default, but not uncommon to find /exchange/ NTLM protected
2013-11-07 08:50:22 -05:00
sinn3r
b34b4ac2b6
Update the java stuff again
2013-11-07 00:57:20 -06:00
sinn3r
991240a87e
Support java version detection
2013-11-07 00:54:52 -06:00
OJ
715fdc05ec
Updated meterpreter binaries
...
Includes the following changes:
* Security cleanup - remove use of insecure functions
* Windows 8/8.1/2012 R2 support to sysinfo
* VS 2013 upgrade
* Command dispatcher refactor
* Getproxy command added (needs MSF side too)
2013-11-07 14:31:54 +10:00
sinn3r
cf5d9c7f01
Add case for IE10 + Win 7 SP1 detection
2013-11-06 11:41:36 -06:00
sinn3r
5f2d8358c0
Be more browser specific with Javascript generation
2013-11-05 01:04:52 -06:00
joev
5f85ede389
Prevent xhr shim from leaking.
2013-11-02 16:47:50 -05:00
joev
90d8da6a21
Fix some bugs in my edits, add a spec.
2013-11-02 16:46:33 -05:00
joev
c7c1fcfa98
Pull shared XHR shim out, add option to static Js module method.
...
* Moves shim to data/js/network/xhr_shim.js
* Add some yardoc comments
2013-11-02 14:52:50 -05:00
sinn3r
391360d67f
Update xmlhttprequest
2013-10-31 16:09:05 -05:00
sinn3r
6e7e5a0ff9
Put postInfo() in the js directory
2013-10-31 13:55:22 -05:00
joev
4425cf1dc1
Add support for firefox 25.
...
Also replaces a bunch of missing semicolons.
2013-10-30 12:19:22 -05:00
jvazquez-r7
2b5e2df94e
Land #2568 , @h0ng10's update of SAP url's wordlist
2013-10-28 09:01:33 -05:00
jvazquez-r7
e88e523eaa
Delete newline
2013-10-28 09:01:00 -05:00
Meatballs
e18dd3ec0b
Use base64 to reduce size
2013-10-25 01:19:43 +01:00
Tod Beardsley
27739a0351
Meterpreter bins after Meterpreter PR 32
...
Protects against potential BOFs due to strcpy usage.
These binaries were built against meterpreter master after
https://github.com/rapid7/meterpreter/pull/32 landed.
The CI tests can be seen here:
https://ci.metasploit.com/view/Meterpreter/job/MeterpreterWin/75/
Note, this commit is signed. Your merge commit should be signed, too, so
people can be assured that nobody is backdooring Meterpreter on the sly.
2013-10-24 15:15:49 -05:00
Tod Beardsley
b5f26455a3
Land #2545 , javascript library overhaul
2013-10-23 16:12:49 -05:00
Meatballs
e6a2a1006f
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
lib/msf/core/post/windows/priv.rb
modules/exploits/windows/local/bypassuac.rb
2013-10-23 21:02:32 +01:00
h0ng10
a834fec889
Added URL for PT-2013-13/SAP Note 1820894
2013-10-23 21:20:18 +02:00
h0ng10
e02bf0cce6
Added /AdapterFramework/version/version.jsp
2013-10-23 21:09:19 +02:00
sinn3r
19615ac4b7
Apparently I missed a lot of stuff
2013-10-21 21:02:01 -05:00
Tod Beardsley
824dd84982
Merge remote-tracking branch 'upstream/pr/2500' into temp
2013-10-21 14:26:05 -05:00
Meatballs1
1717a98ba3
Update to_exe.vbs.template
...
Rename values
2013-10-21 13:49:09 +01:00
sinn3r
8a94df7dcd
Change category name for base64
2013-10-18 21:20:16 -05:00
sinn3r
62dadc80d3
Make sure the data type for the return value is a string
2013-10-18 21:08:46 -05:00
sinn3r
711399bb34
Update property_spray.js
2013-10-18 20:56:00 -05:00
sinn3r
e1ca2d2730
Fix mstime_malloc.js
2013-10-18 20:49:33 -05:00
sinn3r
298f23c91c
Fix extra slashes that cause browser autopwn to fail.
2013-10-18 20:43:39 -05:00
Meatballs
2ef89eaf35
Randomize exe name
2013-10-18 19:01:28 +01:00
Meatballs
56aa9ab01c
Reduce size
2013-10-18 18:59:30 +01:00
OJ
827bf23979
Updated binaries with railgun crash fixes
2013-10-18 19:43:17 +10:00
sinn3r
c926fa710b
Move all exploitation-related JavaScript to their new home
2013-10-17 16:43:29 -05:00
Meatballs
b3cc9f6f1e
Use sysnative to delete the cryptbase.dll when in SYSWOW64 process.
...
Merge branch 'master' of github.com:Meatballs1/metasploit-framework into bypassuac_redo
Conflicts:
modules/exploits/windows/local/bypassuac.rb
2013-10-17 21:01:57 +01:00
Tod Beardsley
bd405277d9
Add a default Samsung community string
...
See http://www.kb.cert.org/vuls/id/281284
and
http://www.h-online.com/security/news/item/Samsung-network-printer-vulnerability-discovered-Update-2-1757967.html
2013-10-17 10:35:59 -05:00
Spencer McIntyre
6f23e95c14
Fix an endianess issue in pymeterpreter registry_query_value.
2013-10-12 23:39:22 +01:00
Meatballs
378f403fab
Land #2453 , Add stdapi_net_resolve_host(s) to Python Meterpreter.
...
Moves resolve_host post module to multi and depreciates Windows module.
Resolve will now return nil for failed lookups instead of an empty
string.
2013-10-10 20:13:06 +01:00
g0tmi1k
6b004086ea
Removed SVN from msfupdate
2013-10-10 12:25:00 +00:00
OJ
b477ae369b
Updated stdapi binaries with railgun fix
...
Changes are from https://github.com/rapid7/meterpreter/pull/28
2013-10-10 16:03:38 +10:00
OJ
0a194b203d
Updated sniffer binaries
...
These updated binaries include a packet-sniffer fix which results in
sniffing working on x86 builds of Windows 8 and Windows 8.1.
2013-10-09 07:38:54 +10:00
Meatballs
11519e8465
Add compiled binaries
2013-10-08 00:23:33 +01:00
Spencer McIntyre
7414dff958
Add fault tolerance for resolve_hosts.
2013-10-04 08:51:13 -04:00
sinn3r
bc8604f151
Use safe_negate_size for hxds
2013-10-03 23:15:29 -05:00
sinn3r
63d7b8c309
Use safe_negate_size for java
2013-10-03 23:13:57 -05:00
sinn3r
ab62af220b
Use safe_negate_size key for msvcrt (XP)
2013-10-03 23:12:58 -05:00
jvazquez-r7
9df676ca7e
Land #2447 , @wchen-r7's new msvcrt ROP chains without nulls
2013-10-03 22:38:29 -05:00
Spencer McIntyre
ecf286a8c4
Add support for stdapi_net_resolve_host.
2013-10-03 10:31:54 -04:00
James Lee
56b6f0be02
Add bins for #2443
...
See #740 and meterpreter#26
2013-10-01 23:47:24 -05:00
sinn3r
cd1f023f72
Update msvcrt.dll ROP chain for Windows Server 2003
2013-10-01 16:18:57 -05:00
sinn3r
14d99ffbdb
Update Win XP msvcrt.dll ROP
...
This updated ROP chain for msvcrt.dll does not have any null bytes.
2013-10-01 15:00:43 -05:00
sinn3r
7c6c8291e2
Add ROP chains for Office 2007 and Office 2010 (hxds.dll)
...
This adds two ROP chains for Office 2007 and Office 2010 based on
hxds.dll.
2013-10-01 01:33:35 -05:00
Tab Assassin
2e8d19edcf
Retab all the things (except external/)
2013-09-30 13:47:53 -05:00
Meatballs
e806047411
Add MSI bins
2013-09-27 20:03:19 +01:00
Meatballs
8a9843cca6
Merge upstream/master
2013-09-27 20:02:23 +01:00
Meatballs
9fde8bee2b
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2013-09-27 18:12:17 +01:00
Tod Beardsley
869c10af04
Land #2396 , aspx-exe shellcode generator
...
Looks good to me, specs are all happy (also added a #to_h spec)
2013-09-27 11:42:16 -05:00
OJ
c38f3b4a56
New meterpreter binaries
...
New binaries contain fixes for:
* kitrap0d crashing during `getsystem` calls.
* https://github.com/rapid7/meterpreter/pull/23
* Meterpreter crashing on XP SP0 in certain scenarios.
* https://github.com/rapid7/meterpreter/pull/21
2013-09-27 09:31:53 +10:00
Meatballs
079eec0aea
Compile.bat and gitignore
2013-09-21 13:14:01 +01:00
Meatballs
85ea9ca05a
Merge branch 'master' of github.com:rapid7/metasploit-framework into msi_payload
2013-09-21 12:49:38 +01:00
Meatballs
1bd1c3587d
No UAC prompt MSI
2013-09-21 12:47:58 +01:00
OJ
3cdddb8ff3
New meterpreter binaries for ip resolv feature
...
* New meterpreter binaries that include the IP resolve feature.
* Updated .gitignore to correctly match pivot file name.
2013-09-21 07:12:40 +10:00
Meatballs
11bdf5d332
New pull
2013-09-19 19:57:38 +01:00
James Lee
dc9246a770
New compiled bins for shiny vs2012 build
...
* Fixes x64 sniffer [FixRM #8364 ]
2013-09-17 18:11:13 -05:00
James Lee
21055f6856
Add x86 to meterpreter's binary suffix
...
This makes x86 more consistent with x64.
Also replaces a bunch of instances of:
File.join(Msf::Config.install_root, 'data', ...)
with the simpler
File.join(Msf::Config.data_directory, ...)
[See rapid7/meterpreter#19 ]
2013-09-16 21:52:04 -05:00
jvazquez-r7
299860b09d
Land #2329 , @kaospunk auxiliary module to enumerate ntlm info
2013-09-16 08:16:30 -05:00
James Lee
705e262061
Non-broken compiled bins for meterpreter/#14
...
Somehow built bins with fatal linker errors last time. These seem to be
solid.
[SeeRM #8361 ]
2013-09-12 23:36:05 -05:00
James Lee
9dae838422
New compiled bins for meterpreter/#14
...
Should fix the flakiness of migrataion on 64-bit systems.
[FixRM #8361 ]
2013-09-12 22:34:31 -05:00
Spencer McIntyre
e3e2c69de1
Fix additional issues in the python meterpreter.
2013-09-10 15:06:33 -04:00
Tab Assassin
48cf2af685
Merge for retab
2013-09-05 16:16:00 -05:00
Tab Assassin
76c98cb610
Merge for retab
2013-09-05 13:37:55 -05:00
Tab Assassin
760943af2f
Merge for retab
2013-09-05 13:02:51 -05:00
kaospunk
533643fe2c
Host Information Enumeration via NTLM Authentication
...
This aux module makes requests to resources on the target server in
an attempt to find resources which permit NTLM authentication. For
resources which permit NTLM authentication a blank NTLM type 1 message
is sent to enumerate a a type 2 message from the target server. The type
2 message is then parsed for information such as the Active Directory
domain and NetBIOS name.
The user can provide their own TARGETURIS file which contains URIs
to request to attempt to get a 401 with NTLM. This PR also includes
a list of URLs that can be used as the default.
2013-09-04 21:39:02 -04:00
jvazquez-r7
94125a434b
Add module for ZDI-13-205
2013-09-04 15:57:22 -05:00
Spencer McIntyre
d84939c83b
Fixes three minor issues in the python meterpreter.
2013-08-30 15:31:40 -04:00
Meatballs
1ea3d91f48
Lands #2244 Python Meterpreter
...
[Closes #2244 ]
2013-08-30 14:33:35 +01:00
Meatballs
53c3f6b2db
Deconflict
2013-08-30 10:52:42 +01:00
shellster
1b36fe9e51
Added Template
...
New template for previous commit.
2013-08-29 19:11:59 -07:00
James Lee
eba6762977
Land #2270 , Util::EXE refactor
...
With a minor rebase to fix a commit message
[Closes #2270 ]
Conflicts:
spec/support/shared/contexts/msf/util/exe.rb
2013-08-28 21:49:59 -05:00
shellster
ee9b1ef8e0
Greatly shortened to_mem_old.ps1.template by using [Math]::max.
...
Added necessary end of line conversion in lib/msf/util/exe.rb so
that Powershell will parse multiline strings.
2013-08-28 21:39:42 -05:00
James Lee
9f04fa6ab4
Add metsrv.dll updates for proxy support
...
See #1033 , #2014 , and meterpreter/#12
2013-08-28 21:18:59 -05:00
Spencer McIntyre
f490277c6d
Always os.fork() when available.
2013-08-28 17:19:49 -04:00
Meatballs
96c093dce0
Fix Exploit::Exe
2013-08-25 19:56:29 +01:00
Meatballs
66ee15f461
Merge and deconflict
2013-08-25 19:14:15 +01:00
Meatballs
cf5ddfeebf
Some war fixes
2013-08-23 18:59:48 +01:00
Meatballs
dfc606fe56
Slightly saner filenames
2013-08-23 18:06:48 +01:00
Meatballs
41b1b30438
vba transform
2013-08-23 18:00:19 +01:00
Meatballs
cd83077bec
Fix vba_exe
2013-08-23 17:42:46 +01:00
Meatballs
4d21b06f4f
Aspx uses transform
2013-08-23 17:22:33 +01:00
Meatballs
1cb1afa50a
Fix aspx
2013-08-23 17:09:51 +01:00
Meatballs
dd13a7e48f
Working .asp
2013-08-23 16:55:07 +01:00
Meatballs
7370fc3f4e
vbs transform
2013-08-23 16:26:03 +01:00
Meatballs
5040347521
Fix psh and add powershell transform
2013-08-23 15:59:19 +01:00
Meatballs
418505adc9
Fix psh-net
2013-08-23 15:21:26 +01:00
Meatballs
cfd6c66ffd
Fix VBS
2013-08-23 14:35:19 +01:00
shellster
86a83391fd
Merge remote-tracking branch 'upstream/master'
2013-08-21 16:16:20 -07:00
Shelby Spencer
c2cf822013
Commit adding the template scripts.
2013-08-20 16:52:58 -07:00
Spencer McIntyre
e276b57ee7
Merge remote-tracking branch 'upstream/master' into python-meterpreter-dev
2013-08-19 08:37:12 -04:00
jvazquez-r7
795ad70eab
Change directory names
2013-08-15 22:52:42 -05:00
jvazquez-r7
cc5804f5f3
Add Port for OSVDB 96277
2013-08-15 18:34:51 -05:00
Spencer McIntyre
71285f395d
Sort import statements alphabetically.
2013-08-15 09:27:13 -04:00
Spencer McIntyre
fcf2d4bf19
Remove debug print and fix channel additions.
2013-08-13 12:50:52 -04:00
Spencer McIntyre
fdc9312272
Add process enumeration via PS for OSX.
2013-08-12 16:38:15 -04:00
Spencer McIntyre
dd2438dd1e
Improve process execution on Linux.
2013-08-09 10:39:19 -04:00
Spencer McIntyre
3fb4c2d27c
Add Windows registry manipulation support.
2013-08-09 08:39:05 -04:00
Spencer McIntyre
f3f4290783
Add process enumeration for windows.
2013-08-06 22:33:43 -04:00
Spencer McIntyre
2d69174c5b
Initial commit of the python meterpreter.
2013-08-05 23:38:49 -04:00
Tod Beardsley
9f5f191a6b
Add Main.swf from 593363c
2013-07-29 21:53:40 -05:00
jvazquez-r7
c7361043ae
up to date
2013-07-17 11:47:06 -05:00
jvazquez-r7
11f8b351c0
Merge branch 'nvidia' of https://github.com/Meatballs1/metasploit-framework
2013-07-17 11:44:42 -05:00
Meatballs
22601e6cc7
Exit process when complete
2013-07-06 09:27:27 +01:00
Meatballs
66c2b79177
Initial commit
2013-07-05 19:48:27 +01:00
jvazquez-r7
4ac5261802
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-02 11:20:26 -05:00
jvazquez-r7
2ceb404f7d
Land #2047 , @hmoore-r7 ipmi related work
2013-07-02 11:13:25 -05:00
jvazquez-r7
72f19181d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-01 16:38:19 -05:00
HD Moore
1e21f0e2aa
Updated output formats, top 1000 passwords
2013-06-29 22:01:25 -05:00
jvazquez-r7
a4d353fcb3
Clean a little more the VS project
2013-06-29 15:15:27 -05:00
jvazquez-r7
6878534d4b
Clean Visual Studio Project
2013-06-29 09:20:40 -05:00
jvazquez-r7
7725937461
Add Module for cve-2013-3660
2013-06-28 18:18:21 -05:00
HD Moore
f0db04c2a6
Updates to common password db
2013-06-28 10:47:14 -05:00
jvazquez-r7
3c1af8217b
Land #2011 , @matthiaskaiser's exploit for cve-2013-2460
2013-06-26 14:35:22 -05:00
jvazquez-r7
81a2d9d1d5
Merge branch 'module_java_jre17_provider_skeleton' of https://github.com/matthiaskaiser/metasploit-framework
2013-06-26 14:32:59 -05:00
jvazquez-r7
d25e1ba44e
Make fixes proposed by review and clean
2013-06-25 12:58:00 -05:00
jvazquez-r7
1ade467ac9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 11:10:43 -05:00
jvazquez-r7
b32513b1b8
Fix CVE-2013-2171 with @jlee-r7 feedback
2013-06-25 10:40:55 -05:00
jvazquez-r7
3244013b1f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 09:48:20 -05:00
sinn3r
6780566a54
Add CVE-2013-2171: FreeBSD 9 Address Space Manipulation Module
2013-06-24 11:50:21 -05:00
Matthias Kaiser
8a96b7f9f2
added Java7u21 RCE module
...
Click2Play bypass doesn't seem to work anymore.
2013-06-24 02:04:38 -04:00
HD Moore
722d33e8fa
Updated common password list
2013-06-23 13:15:31 -05:00
HD Moore
d9737ec03a
Updated common passwords
2013-06-23 01:52:18 -05:00
HD Moore
c869112407
Cleanup, reporting, and automatic cracking
2013-06-23 01:35:31 -05:00
HD Moore
5656e0cb7a
Initial commit of IPMI library, scanner, & cracker
2013-06-22 23:38:28 -05:00
jvazquez-r7
9d0047ff74
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-07 16:44:52 -05:00
sinn3r
19a6f310cd
Land #1927 - Add common passwords from xato.net
2013-06-07 15:24:09 -05:00
Tod Beardsley
dc680e7106
Underscores because the rest are.
2013-06-07 15:16:39 -05:00
Tod Beardsley
0265dd8860
Add common passwords from xato.net
...
Mark Burnett publishes lists of top passwords occasionally. This PR adds
the top 500 and top 1024 passwords, as of 2011-06-20, linked from this
blog post:
http://xato.net/passwords/more-top-worst-passwords/
He also does a fair bit of frequency analysis there.
The 1024 list, should probably used instead of the original
unix_password.txt file. unix_password.txt was added on 2010 from an
unknown source (and since edited occasionally to add known good default
passwords). Pulling those changes into this list probably would be
helpful to guess better.
As far as I can tell, there are no special licensing terms for these
lists.
2013-06-07 15:10:14 -05:00
jvazquez-r7
7090d4609b
Add module for CVE-2013-1488
2013-06-07 13:38:41 -05:00
jvazquez-r7
66ea59b03f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-28 15:22:46 -05:00
James Lee
9843dc4cb4
Land #1708 , android meterpreter
...
Conflicts:
data/meterpreter/ext_server_stdapi.jar
2013-05-28 12:19:45 -05:00
jvazquez-r7
d5cf6c1fbc
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-23 12:37:54 -05:00
sinn3r
81ad280107
Landing #1856 - CVE-2013-0758 Firefox <= 17.0.1 + Flash RCE
...
Chained exploit using CVE-2013-0758 and CVE-2013-0757
2013-05-23 12:21:10 -05:00
Joe Vennix
4d5c4f68cb
Initial commit, works on three OSes, but automatic mode fails.
2013-05-15 23:32:02 -05:00
jvazquez-r7
a7e4ba5015
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-30 08:32:24 -05:00
James Lee
d53d6370b3
Land #1747 , mimikatz meterpreter extension
...
[Closes #1747 ]
See rapid7/meterpreter#9
2013-04-29 14:45:07 -05:00
James Lee
99f5376606
Binaries for #1747
...
See rapid7/meterpeter#9
2013-04-29 14:44:18 -05:00
jvazquez-r7
a4632b773a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-28 12:59:16 -05:00
sinn3r
1d9a695d2b
Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238)
...
[Closes #1772 ]
2013-04-28 12:17:16 -05:00
James Lee
5900a7c03f
Whitespace
2013-04-26 15:24:02 -05:00
jvazquez-r7
38e41f20fe
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-24 13:24:13 -05:00
James Lee
01d790eb54
Land #1748 , fix for java meterp network prefixes
...
[Closes #1748 ]
2013-04-24 12:27:28 -05:00
James Lee
a7effaf9c6
Add bins for #1748
2013-04-24 12:27:05 -05:00
jvazquez-r7
1761b1ad7b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-23 17:35:35 -05:00
Tod Beardsley
80fb7b85ef
Drop msfgui.jar, too.
2013-04-22 16:03:38 -05:00
Tod Beardsley
1112daaff2
Remove msfgui and armitage
...
This removes the Armitage and MSFGui components from the Metasploit
distribution. You can track the latest stable releases of these
alternate GUIs here:
MSFGui: http://www.scriptjunkie.us/msfgui/
Armitage: http://www.fastandeasyhacking.com/download
2013-04-22 15:26:44 -05:00
jvazquez-r7
b6365db0b5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-22 09:38:32 -05:00
jvazquez-r7
19f2e72dbb
Added module for Java 7u17 sandboxy bypass
2013-04-20 01:43:13 -05:00
jvazquez-r7
cc35591723
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-15 17:43:15 -05:00
timwr
32bd812bdb
android meterpreter
2013-04-12 18:57:04 +01:00
James Lee
15e2ceb749
Land #1660 , dlink backdoor wordlist
...
[Closes #1660 ][See #1648 ]
2013-04-11 23:04:02 -05:00
jvazquez-r7
9c0862ad7b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-11 21:53:07 +02:00
James Lee
8376531a32
Land #1217 , java payload build system refactor
...
[Closes #1217 ]
2013-04-11 13:10:03 -05:00
James Lee
1d09d7e6e9
Java payload bins
...
Compiled with the shiny new maven system
2013-04-11 13:08:16 -05:00
jvazquez-r7
6f1fb4a873
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-06 17:23:24 +02:00
James Lee
ab0535bc41
Bins for new stdapi_fs_file_move command
...
See rapid7/meterpreter#6
2013-04-04 23:39:22 -05:00
James Lee
2d47be425f
Latest meterpreter bins
...
See rapid7/meterpreter#1 and rapid7/meterpreter#5
2013-04-04 22:57:13 -05:00
jvazquez-r7
224188ddf6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-29 21:49:40 +01:00
Tod Beardsley
bafb50a173
Merge commit for JtR recompile
...
Also changes a bunch of file modes to be less permissive.
[Closes #1662 ]
2013-03-29 09:05:12 -05:00
jvazquez-r7
6cd6a7d6b9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-28 12:16:18 +01:00
sinn3r
7bf87f3546
Merge branch 'mipsbe_elf' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-mipsbe_elf
2013-03-27 11:55:09 -05:00
jvazquez-r7
c225d8244e
Added module for CVE-2013-1493
2013-03-26 22:30:18 +01:00
jvazquez-r7
18559e35fc
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-26 19:50:45 +01:00
jvazquez-r7
a644ceb016
Added support for mipsbe elf
2013-03-26 17:20:43 +01:00
James Lee
73c2610822
Merge remote-tracking branch 'jvazquez-r7/mipsle_elf_support' into rapid7
...
[Closes 1666]
2013-03-26 10:38:32 -05:00
jvazquez-r7
ae56bc0b37
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-26 11:21:16 +01:00
jvazquez-r7
e78635fc0f
fix segment virtual address
2013-03-26 10:50:29 +01:00
Josh
ee199f64cb
Merge pull request #1664 from scriptjunkie/msfguiKaliConnect
...
MSFGUI service autoconnect, DB fixes
2013-03-25 21:58:28 -07:00
scriptjunkie
1b6398d4fd
Service autoconnect, DB fixes
...
First check if database is connected before trying to connect.
Autologin in Kali with new token login.
2013-03-25 20:44:48 -05:00
jvazquez-r7
4fff624632
added initial support for ELF misple
2013-03-26 01:08:31 +01:00
Brandon Turner
83d1f8d499
Compile John the Ripper against libssl 1.0.0
...
We use OpenSSL 1.0.0 in installed environments. Previously, John the
Ripper was compiled against 0.9.8 which prevented it from running. This
recompiles the same version (jtr 1.7.8 jumbo 2) against OpenSSL 1.0.0.
[FIXRM #7834 ]
2013-03-25 17:12:51 -05:00
sinn3r
5504c58b11
Add dlink pass for #1648
2013-03-25 13:25:19 -05:00
jvazquez-r7
393d5d8bf5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-25 19:09:42 +01:00
jvazquez-r7
660d3d5388
Merge branch 'linksys-traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys-traversal
2013-03-25 17:31:11 +01:00
jvazquez-r7
2d5a0d6916
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-25 17:08:23 +01:00
Josh
dfcce010c1
Merge pull request #1650 from scriptjunkie/msfguiKaliConnect
...
Kali fixes, changes only affect msfgui
2013-03-24 19:34:22 -07:00
scriptjunkie
438d348fda
Kali fixes
...
Check the new database config location.
Don't crash on sporadic JRE style error.
2013-03-24 21:00:38 -05:00
m-1-k-3
36d1746c0d
linksys traversal module - initial commit
2013-03-23 17:01:02 +01:00
jvazquez-r7
80d218b284
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-19 19:55:51 +01:00
jvazquez-r7
27778e6ea9
fix comma typo
2013-03-19 19:20:39 +01:00
sinn3r
be9d4ec393
New pt for virtualprotect, and readjust size to 0x401
2013-03-19 09:25:06 -05:00
sinn3r
ea4c88bc2c
Java Rop null-byte free
...
Our new heap spray routine does not like double nulls, so we need
to adjust our ROP.
2013-03-18 23:42:17 -05:00
jvazquez-r7
2d99b949a2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-13 09:36:35 +01:00
scriptjunkie
16fad29cb0
Update creds schema.
2013-03-12 23:07:40 -05:00
jvazquez-r7
74b58185cd
up to date
2013-03-12 16:48:11 +01:00
Meatballs
f37d9c2834
Initial commit
2013-03-09 17:24:03 +00:00