OJ
e41ae93524
Payload sizes, specs and more
2015-05-18 14:58:10 +10:00
OJ
0d56b3ee66
Stage UUIDs, generation options, php and python meterp uuid
2015-05-18 13:29:46 +10:00
OJ
bf2b113abb
Merge branch 'upstream/master' into update-x64-stagers
2015-05-18 13:28:36 +10:00
Brent Cook
d804f5fe49
update to metasploit-payloads 0.0.7
2015-05-17 10:06:38 -05:00
Brent Cook
829f8420e2
Update static payload sizes for metasploit-payloads-0.0.6
2015-05-15 18:43:47 -05:00
OJ
7b2aee2a60
Merge branch 'upstream/master' into update-x64-stagers
2015-05-15 12:27:40 +10:00
OJ
83fbd41970
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
Gemfile.lock
modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb
2015-05-14 14:50:25 +10:00
benpturner
36aa136091
missing require
2015-05-13 17:36:45 +01:00
benpturner
1f294eac0b
Updated to remove dup code
2015-05-13 17:26:21 +01:00
OJ
e9e3d9c1e4
Update payloads gem, and updated payload sizes
2015-05-13 15:37:09 +10:00
OJ
237827bfdc
Fix up payload cached sizes again
...
This time it's against the currently "installed" version of Meterpeter
binaries. When Meterpreter is landed down the track we'll need to make
sure that the payload sizes are updated again.
2015-05-12 12:44:34 +10:00
OJ
474461d2a4
Merge format and structure changes from multi transport
2015-05-12 09:46:02 +10:00
OJ
69d2b8ffb1
Various code format, style changes, file moves
...
As per Egypt's suggestions.
2015-05-12 09:43:41 +10:00
OJ
0dbfc1e02b
Merge the stager size work from mult-transport-support
2015-05-12 07:50:56 +10:00
OJ
fe51f552b8
Make stageless, and reverse_tcp x64 non-dynamic
2015-05-12 07:37:12 +10:00
benpturner
a97f24a12d
Update payload cached sizes
2015-05-11 10:00:14 +01:00
OJ
d9068b7719
Fix up payload cache sizes, and powershell include
2015-05-11 17:43:51 +10:00
benpturner
c0388a770e
Update cached sizes
2015-05-10 22:01:30 +01:00
benpturner
c916021fc5
SSL Support for Powershell Payloads
2015-05-10 21:45:59 +01:00
Brent Cook
a0c806c213
Update java meterpreter and payload references to use metasploit-payloads
2015-05-05 15:01:00 -05:00
OJ
232117117b
Fix missing includes
...
The powershell one broke thanks to include hierarchy changes. The others
failed in the specs only for some reason.
2015-05-05 14:24:21 +10:00
OJ
cf62d1fd7c
Remove patch and old stageless stuff
2015-05-05 09:27:01 +10:00
OJ
b42f4f5cd2
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
lib/msf/core/payload/windows/stageless_meterpreter.rb
lib/msf/core/payload/windows/x64/stageless_meterpreter.rb
lib/rex/post/meterpreter/client_core.rb
modules/payloads/stages/linux/x86/meterpreter.rb
modules/payloads/stages/windows/meterpreter.rb
modules/payloads/stages/windows/x64/meterpreter.rb
2015-05-05 07:53:54 +10:00
OJ
c2dc4677fb
Prevent stagless from overwriting socket
...
Stageless payloads need to have the socket FD left along (ie. 0)
otherwise each of them will think that the socket is already open.
Instead we need to make sure it's left as 0 as per the configuration and
from there the stageless code will fire up a new socket based on the
transport in question.
2015-05-04 22:36:59 +10:00
OJ
e835f2b99c
Rejig transport config into module
...
Adjust a few other things along the way, including tidying of code,
removing of dead stuff.
2015-05-04 22:04:34 +10:00
Balazs Bucsay
0b580acfb4
\t removed
2015-05-02 21:16:50 +02:00
Balazs Bucsay
a0539cd672
new x64 bsd shellcodes (bind/reverse) ipv4/6. ipv4 shells are smaller than
...
the existing one.
2015-05-02 20:52:09 +02:00
Brent Cook
6058dee99a
explicitly require bind_tcp/reverse_tcp modules
...
This transient error was noted in the release documentation builder.
metasploit-framework/modules/payloads/singles/windows/powershell_bind_tcp.rb:37:in
`initialize': uninitialized constant Msf::Handler::BindTcp (NameError)
2015-04-27 20:57:31 -05:00
HD Moore
1fd601510c
Lands #5194 , merges in PowerShell session support & initial payloads
2015-04-26 16:01:51 -05:00
HD Moore
f56eac7f10
Cosmetic cleanup and binary mode read for powershell script
2015-04-26 15:57:51 -05:00
Ben Turner
82fe480c2e
Update session to display username and hostname
2015-04-26 21:47:49 +01:00
benpturner
f2c745d2a7
update cached sizes
2015-04-26 20:24:41 +01:00
benpturner
d19406c593
Update the payload cache size
2015-04-26 18:56:32 +01:00
benpturner
1cc167a7fb
Inserted ARCH_X86 payloads, removed interactive_powershell and updated base powershell session
2015-04-26 18:50:42 +01:00
benpturner
4cb1a6c255
Updated payload cached size
2015-04-26 09:30:41 +01:00
benpturner
e6c61c461e
Updated payloads and fixed msftidy.
2015-04-26 09:20:29 +01:00
benpturner
ded904c72c
New payloads
2015-04-26 00:16:59 +01:00
benpturner
a02ea90824
New payloads which work with cmd
2015-04-25 16:49:22 +01:00
benpturner
7afb6e1aa6
Removed stand-alone payloads and will push these as a seperate fork request.
2015-04-25 07:57:43 +01:00
benpturner
6be2c0beab
Dynamic
2015-04-25 07:49:34 +01:00
benpturner
2273fb541a
payload cached_sizes
2015-04-25 07:33:51 +01:00
benpturner
215e67bcbd
Updated comments
2015-04-25 07:02:25 +01:00
benpturner
941a4ee572
updated cached size using tools/update_payload_cached_sizes.rb
2015-04-24 19:13:54 +01:00
benpturner
00d8958cc8
New payloads for reverse_tcp for powershell
2015-04-24 10:25:37 +01:00
benpturner
9e137c6403
ref
2015-04-23 23:28:33 +01:00
benpturner
468166408e
ref
2015-04-23 23:28:21 +01:00
benpturner
3711b2579c
new powershell session
2015-04-23 23:13:12 +01:00
benpturner
0f7442dec2
new powershell session
2015-04-23 23:12:58 +01:00
benpturner
b642ddb989
interact powershell session
2015-04-23 23:12:38 +01:00
benpturner
b6abd9dc8e
updates to rex
2015-04-23 22:14:11 +01:00
benpturner
a3710752c6
updates to rex
2015-04-23 22:14:00 +01:00
benpturner
3e693c95df
update bind_tcp settings
2015-04-23 14:43:08 +01:00
benpturner
99156f1247
reverse payload
2015-04-22 20:41:45 +01:00
benpturner
4ae3c5925d
bind payload
2015-04-22 20:41:35 +01:00
William Vu
3fbd4e2fe6
Land #5172 , x64 BSD shell_{bind,reverse}_tcp
2015-04-20 15:37:29 -05:00
Meatballs
b0d50dc2be
Create our own Rex connection to the endpoint
...
Ensure powershell process closes when module completes
Add a windows cmd interact payload
2015-04-19 23:41:28 +01:00
joev
9b6aea12e1
Oops, missed a comma.
2015-04-15 19:26:53 -05:00
joev
4a18714191
Update authors and license to original osx x86 module.
2015-04-15 14:34:26 -05:00
joev
a01d98d1f5
Implement shell_bind and shell_reverse payloads for bsd x64.
2015-04-15 14:33:27 -05:00
joev
0d19b5d4c3
Fix require order issue.
2015-04-14 23:23:02 -05:00
joev
e56590e1e3
DRY up common code between BSD / OSX.
2015-04-14 23:08:57 -05:00
William Vu
e114c85044
Land #5127 , x64 OS X prepend stubs 'n' stuff
2015-04-14 01:25:39 -05:00
joev
2d3614f647
Implement x64 BSD exec and exe template.
...
- Fixes bug in CachedSize due to all options being set
- Adds new payload to payload_spec.
2015-04-12 12:17:25 -05:00
joev
ceadd1e6ec
Update osx x86 payload cached sizes to be accurate.
...
- Right now there is a bug in the payload_spec, which causes the payload's
datastore during the spec run to have things like 'PrependSetuid' => 'false',
where 'false' is a string, which means 'if (datastore['PrependSetuid'])'
branch will be taken, resulting in incorrect behavior.
2015-04-12 00:21:18 -05:00
OJ
9fd40870d0
Update http(s) generator functions
...
Methods now require a hash. I went with the hash because 1) that's what
we seem to use everywhere else, and 2) I couldn't get the new keyword
arguments working nicely with the block syntax (I'm clearly stupid).
2015-04-08 07:56:54 +10:00
OJ
8f58e08c13
Add support for stageless reverse_http payloads
...
This includes both x64 and x86.
2015-04-07 11:01:24 +10:00
HD Moore
c9696d3f6c
Merge in stageless/transport work, deconflict
2015-04-04 11:52:26 -07:00
HD Moore
34ff94e0da
Fix the proxy user/pass options
2015-03-31 15:49:43 -05:00
HD Moore
a39ba05383
Functional Payload UUID embedding via PayloadUUIDSeed
2015-03-31 15:44:18 -05:00
OJ
253e5d7dff
Include correct module, remove specified encoder type
2015-03-31 07:23:51 +10:00
OJ
c28cc66398
Add x64 bind_tcp and reverse_ipv6_tcp
...
Also fix up a couple of modules to use Metasploit4 instead of
Metasploit3.
2015-03-30 18:59:30 +10:00
OJ
26792975eb
Refactor of code to reduce duplication
...
Add mixin for the stageless http preparation
2015-03-30 13:18:56 +10:00
OJ
f8851551c5
Add initial x64 stageless meterrpeter module
2015-03-30 11:23:51 +10:00
OJ
ce8f6d72e1
More work on x64 stageless
...
Testing with HD's new changes that allow for generation of larger x64
payloads
2015-03-30 09:51:04 +10:00
OJ
17dc2b184d
Merging upstream/master
2015-03-30 09:12:20 +10:00
OJ
24d74b26e3
Beginning work for stageless x64 meterpreter
2015-03-24 06:50:06 +10:00
OJ
9c9d333a1b
Create verify ssl mixin, adjust some formatting
2015-03-23 13:21:08 +10:00
oj@buffered.io
fd4ad9bd2e
Rework changes on top of HD's PR
...
This commit removes duplication, tidies up a couple of things and puts
some common code into the x509 module.
2015-03-20 13:06:57 +10:00
OJ
7b4161bdb4
Update code to handle cert validation properly
...
This code contains duplication from HD's PR. Once his has been landed
this code can be fixed up a bit so that duplication is removed.
2015-03-20 12:52:47 +10:00
OJ
7899881416
Update POSIX bins from master
2015-03-19 14:50:14 +10:00
Brent Cook
abb8a32e68
update spec for dynamic meterpreter payloads
2015-03-16 18:08:13 -05:00
OJ
35cfdf051a
Add support for meterpreter_reverse_ipv6_tcp
...
New payload added, makes use of existing functionality.
2015-03-13 20:15:31 +10:00
HD Moore
744b1a680e
Reworks how payload prepends work internally, see #1674
2015-03-12 02:30:06 -05:00
OJ
345b5cc8e1
Add stageless meterpreter support
...
This commit adds plumbing which allows for the creation of stageless
meterpreter payloads that include extensions. The included transprots at
this point are bind_tcp, reverse_tcp and reverse_https, all x86.
More coming for x64. Will also validate http soon.
2015-03-12 13:22:04 +10:00
HD Moore
da81f6b2a0
Correct the :dynamic cache sizes
2015-03-09 15:44:14 -05:00
HD Moore
02509d02e4
The result of running ./tools/update_payload_cached_sizes.rb
2015-03-09 15:31:04 -05:00
William Vu
a648e74c4b
Remove unnecessary semicolon
2015-03-02 15:36:45 -06:00
William Vu
80169de4d0
Remove -i from shell in reverse_python
2015-03-02 15:29:50 -06:00
sinn3r
2c0c732967
Fix #4414 & #4415 - exitfunc and proper null-terminated string
...
This patch fixes the following for messagebox.rb
Issue 1 (#4415 )
When exitfunc is none, the payload will not be able to generate
due to an "invalid opcode" error.
Issue 2: (#4414 )
After "user32.dll" is pushed onto the stack for the LoadLibrary
call, the payload does not actually ensure bl is a null byte, it
just assumes it is and uses it to modify the stack to get a
null-terminated string.
Fix #4414
Fix #4415
2014-12-19 03:19:06 -06:00
HD Moore
e3943682a2
Improves linux/armle payloads, lands #3315
2014-12-13 18:27:14 -06:00
HD Moore
92490ab5e8
Singles updated from the source
2014-12-13 12:22:07 -06:00
Tod Beardsley
79f2708a6e
Slight fixes to grammar/desc/whitespace
...
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00
HackSys Team
4a4608adbc
Add format_all_drives shellcode for Windows x86_x64
2014-11-27 23:06:54 +05:30
HackSys Team
8473ed144a
Add format_all_drives shellcode for Windows x86_x64
2014-11-27 14:13:49 +05:30
HackSys Team
f5633ba3c3
Add format_all_drives shellcode for Windows x86_x64
2014-11-26 20:29:25 +05:30
Mark Schloesser
8e7e5590c9
rename SHELLARG to ARGV0 because that's really what it is
2014-11-19 22:14:24 +01:00
mschloesser-r7
ac4c11ca39
work on linux/armle/shell_bind/tcp
...
same changes as to shell_reverse_tcp
2014-11-19 21:53:23 +01:00
mschloesser-r7
fd7248b3c0
work on linux/armle/shell_reverse_tcp
...
shorten the execve code, remove exit, grow argv[0] space
2014-11-19 21:53:23 +01:00
URI Assassin
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Brendan Coles
e0016d4af3
Remove hash rocket from refs array #3766
...
[SeeRM #8776 ]
2014-10-08 09:16:38 +00:00
Brendan Coles
3c7be9c4c5
Remove hash rockets from references #3766
...
[SeeRM #8776 ]
2014-10-08 09:01:19 +00:00
sinn3r
9e5826c4eb
Land #3844 - Add the JSObfu mixin to Firefox exploits
2014-09-29 11:15:14 -05:00
Joe Vennix
b96a7ed1d0
Install a global object in firefox payloads, bump jsobfu.
2014-09-24 16:05:00 -05:00
jvazquez-r7
0247e4a521
Change RequiredCmd for reverse_bash_telnet_ssl cmd payload
2014-09-24 00:40:14 -05:00
jvazquez-r7
e1b6ee283f
Allow Msf::Payload::JSP to guess system shell path if it isnt provided
2014-08-30 16:27:02 -05:00
jvazquez-r7
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
Tod Beardsley
2aa26fa290
Minor spacing and word choice fixups
2014-06-16 11:40:21 -05:00
sinn3r
2a7227f443
Land #3427 - Adds webcam module for firefox privileged sessions on OSX
2014-06-11 22:27:25 -05:00
jvazquez-r7
2c8a99143b
Land #3426 , @Meatballs1's Python v2.3.3 Compatible Command Shell payloads
2014-06-10 09:55:58 -05:00
Meatballs
dc69afebb1
License and Require
2014-06-09 21:41:38 +01:00
Meatballs
25ed68af6e
Land #3017 , Windows x86 Shell Hidden Bind
...
A bind shellcode that responds as 'closed' unless the client matches the
AHOST ip.
2014-06-08 13:49:49 +01:00
Meatballs
2be6b8befe
Remove bind hidden handler
2014-06-07 14:34:20 +01:00
joev
496be5c336
Ensure command_shell_options is present.
2014-06-06 16:26:45 -05:00
joev
d990fb4999
Remove a number of stray edits and bs.
2014-06-06 16:24:45 -05:00
Meatballs
c032b8ce8e
Compat
2014-06-04 02:27:06 +01:00
joev
14b796acbf
First stab at refactoring webrtc mixin.
2014-05-21 15:32:29 -05:00
Michael Messner
111160147f
MIPS exec payload fixes for encoder
2014-04-30 20:37:54 +02:00
joev
b4f5784ba2
Land #3147 , @m-1-k-3's mipsbe exec payload.
2014-04-08 22:32:21 -05:00
Tod Beardsley
ffdca3bf42
Fixup on some modules for release
...
There may be more coming, but if not, this should cover
this week's minor style changes.
2014-03-31 12:42:19 -05:00
Michael Messner
657b096be3
make msftidy happy
2014-03-27 19:24:25 +01:00
Michael Messner
ad94653fc0
feedback included
2014-03-27 16:12:34 +01:00
Michael Messner
3fc114e265
exec payload - new try
2014-03-26 19:48:14 +01:00
Joe Vennix
33651d0753
Fix formatting of hash options.
2014-03-25 14:43:53 -05:00
Joe Vennix
c8784168d5
Fix references and whitespace in mips payloads.
2014-03-25 14:39:27 -05:00
joev
1ac3944627
Merge branch 'landing-pr-3095' into upstream-master
2014-03-25 10:56:42 -05:00
joev
1680f9cc5d
Land PR #3127 , @m-1-k-3's mipsbe reboot payload, into master
2014-03-25 10:44:37 -05:00
Michael Messner
50efd0b5d0
change name and filename and file included
2014-03-25 09:13:04 +01:00
Michael Messner
a9952fa294
change name and filename
2014-03-25 09:11:16 +01:00
Michael Messner
fca4425f95
feedback
2014-03-25 09:09:13 +01:00
Michael Messner
4f1404eecc
reboot payload for mipsbe
2014-03-20 12:37:58 +01:00
Daniel Miller
0b6a890137
Fix missing require in reverse_powershell
...
When initializing the db:
/opt/metasploit-framework/modules/payloads/singles/cmd/windows/reverse_powershell.rb:34:in `initialize': uninitialized constant Msf::Handler::ReverseTcp (NameError)
from /opt/metasploit-framework/lib/msf/core/payload_set.rb:198:in `new'
from /opt/metasploit-framework/lib/msf/core/payload_set.rb:198:in `add_module'
from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:72:in `on_module_load'
from /opt/metasploit-framework/lib/msf/core/modules/loader/base.rb:207:in `load_module'
from /opt/metasploit-framework/lib/msf/core/modules/loader/base.rb:271:in `block in load_modules'
from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:58:in `block (2 levels) in each_module_reference_name'
from /opt/metasploit-framework/lib/rex/file.rb:127:in `block in find'
from /opt/metasploit-framework/lib/rex/file.rb:126:in `catch'
from /opt/metasploit-framework/lib/rex/file.rb:126:in `find'
from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:45:in `block in each_module_reference_name'
from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:29:in `foreach'
from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:29:in `each_module_reference_name'
from /opt/metasploit-framework/lib/msf/core/modules/loader/base.rb:264:in `load_modules'
from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:118:in `block in load_modules'
from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:116:in `each'
from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:116:in `load_modules'
from /opt/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:56:in `block in add_module_path'
from /opt/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:55:in `each'
from /opt/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:55:in `add_module_path'
from /opt/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:14:in `init_module_paths'
from /opt/metasploit-framework/lib/msf/ui/console/driver.rb:228:in `initialize'
from /opt/metasploit-framework/msfconsole:148:in `new'
from /opt/metasploit-framework/msfconsole:148:in `<main>'
2014-03-14 19:28:00 +00:00
Michael Messner
8db5d854c2
typo, null terminator
2014-03-13 18:38:27 +01:00
Michael Messner
f39e784d19
mipsle execve payload
2014-03-12 21:08:40 +01:00
joev
46c11ea2eb
Small fixes to m-1-k-3's mipsle reboot shellcode.
2014-03-10 17:17:23 -05:00
joev
7da54eb9cf
Merge branch 'landing-3041' into upstream-master
...
Lands PR #3041 , @m-1-k-3's reboot shellcode.
2014-03-10 17:11:06 -05:00
root
3c95c021d0
Reference added
2014-03-10 12:17:20 +01:00
root
1fda6b86a1
Changed cmp eax by inc eax. Saved one byte
2014-03-10 12:13:10 +01:00
sinn3r
caaa419ef8
Land #3054 - Fix crash in osx/x64/exec on 10.9 Mavericks
2014-03-04 15:24:02 -06:00
OJ
f0868c35bf
Land #3050 - Fix tained perl payloads
2014-03-04 10:05:47 +10:00
Joe Vennix
6a02a2e3b3
NULL out envp pointer before execve call.
...
This was causing a crash on 10.9.
2014-03-03 08:56:52 -06:00
Sagi Shahar
8c4b663643
Fix payloads to bypass Perl's Taint mode.
2014-03-02 18:39:05 +02:00
jvazquez-r7
6c490af75e
Add randomization to Rex::Zip::Jar and java_signed_applet
2014-02-27 12:38:52 -06:00
Michael Messner
d6b28e3b74
mipsel reboot payload
2014-02-26 20:34:35 +01:00
root
b4a22aa25d
hidden bind shell payload
2014-02-20 16:19:40 +01:00
jvazquez-r7
e75a0ea948
Fix typo
2014-02-19 15:21:02 -06:00
jvazquez-r7
aa07065f67
Land #2959 , reverse powershell payload by @Meatballs1
2014-02-19 15:14:54 -06:00
jvazquez-r7
9fad43da08
Add license information
2014-02-19 15:11:12 -06:00
Meatballs
9f04e0081d
Stick with command let encoder handle encoding
2014-02-08 19:28:03 +00:00
Meatballs
93b07b0e48
Add missing RequiredCmds
2014-02-08 12:24:49 +00:00
Meatballs
80814adaf9
Credit where credits due
2014-02-08 01:42:45 +00:00