Commit Graph

561 Commits (a50ab1ddd37feaf68017265ddb1e857ecffbcb2e)

Author SHA1 Message Date
HD Moore 5be4d41420 This is redundant/less-reliable than reverse_openssl 2013-02-03 17:35:14 -06:00
RageLtMan ffb88baf4a initial module import from SV rev_ssl branch 2013-02-03 15:06:24 -05:00
HD Moore c3801ad083 This adds an openssl CMD payload and handler 2013-02-03 04:44:25 -06:00
James Lee 92c736a6a9 Move fork stuff out of exploit into payload mixin
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
Kacper Nowak f691652594 attempt to fix cmd/windows/reverse_perl payload 2013-01-23 11:21:44 +00:00
scriptjunkie 52251867d8 Ensure Windows single payloads use payload backend
This means the singles that define their own assembly will use the payload backend to generate it.
2013-01-18 16:34:39 -06:00
James Lee c89b2b2ec6 Once more, with feeling 2013-01-10 15:29:54 -06:00
James Lee 7fd3440c1a Fix hd's attempt to rename ruby payloads 2013-01-10 15:25:50 -06:00
James Lee 4fcb8b6f8d Revert "Rename again to be consistent with payload naming"
This reverts commit 0fa2fcd811.
2013-01-10 15:24:25 -06:00
HD Moore 0fa2fcd811 Rename again to be consistent with payload naming 2013-01-10 14:16:37 -06:00
HD Moore 88b08087bf Renamed and made more robust 2013-01-10 14:05:29 -06:00
HD Moore e05f4ba927 Thread wrappers were causing instant session closure 2013-01-10 00:41:58 -06:00
HD Moore 4c1e501ed0 Exploit for CVE-2013-0156 and new ruby-platform modules 2013-01-09 23:10:13 -06:00
Christian Mehlmauer 8f2dd8e2ce msftidy: Remove $Revision$ 2013-01-04 00:48:10 +01:00
Christian Mehlmauer 25aaf7a676 msftidy: Remove $Id$ 2013-01-04 00:41:44 +01:00
Michael Schierl 269e507f68 Add stager modules for RC4 bind and reverse stagers
See the commit message of my last commit for caveats.
2012-12-31 22:33:30 +01:00
sinn3r 0822e8eae2 Merge branch 'kost-mipsle-shell_reverse_tcp' 2012-12-24 10:52:19 -06:00
jvazquez-r7 26f561795d fix cmd windows ruby payloads 2012-12-20 00:50:02 +01:00
sinn3r 7145078e63 Merge branch 'mipsle-shell_reverse_tcp' of git://github.com/kost/metasploit-framework into kost-mipsle-shell_reverse_tcp 2012-12-18 11:50:41 -06:00
Raphael Mudge 482846942a Fix: download_exec appends an extra / to request
The download_exec module parses the provided URL and appends an
unnecessary, nay--damaging I say!!!! '/' to the parsed URI. This
renders the module unusable for those who want a payload to
download and execute a file.

Before and after access.log snippets are in the redmine ticket

http://dev.metasploit.com/redmine/issues/7592
2012-12-12 14:01:31 -06:00
Vlatko Kosturjak 4ac79c91a6 Remove spaces at EOL 2012-11-17 12:00:59 +01:00
sinn3r 8648d21b3c Merge branch 'dns_txt_query_exe' of git://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-dns_txt_query_exe 2012-11-16 11:52:57 -06:00
corelanc0d3r 0bf92b5d97 improved payload dns_txt_query_exec 2012-11-13 00:55:32 +01:00
corelanc0d3r cad7eb0130 renamed and optimized download_exec payload 2012-11-13 00:02:49 +01:00
Vlatko Kosturjak bda7f68b02 Add zero byte on the end of the /bin/sh string 2012-11-08 02:00:49 +01:00
Vlatko Kosturjak ce82b37289 Few removals of unneccessary zero bytes in sc 2012-10-28 21:22:33 +01:00
Vlatko Kosturjak 2affb31958 Initial import of linux-mipsle shell_bind_tcp 2012-10-28 20:51:45 +01:00
Daniel Miller 8deead3bd2 Fix payload ambiguity with php/bind_tcp_ipv6 stager
Was seeing this in framework.log:

[w(0)] core: The module php/meterpreter/bind_tcp is ambiguous with
php/meterpreter/bind_tcp.

Added handler_type_alias based on windows/bind_ipv6_tcp stager.
2012-10-23 12:31:14 -05:00
sinn3r 201518b66f msftidy corrections 2012-10-17 17:22:26 -05:00
jvazquez-r7 6f227dddff Related to #885 , allow Prepend* for osx/x86/exec payload 2012-10-16 16:26:18 +02:00
HD Moore 64f29952dc Merge branch 'master' into feature/updated-mobile 2012-10-07 00:32:02 -05:00
sinn3r 02617a6f3a Merge branch 'feature/redmine-7224-shellcode-cleanup' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/redmine-7224-shellcode-cleanup 2012-10-04 00:43:34 -05:00
Tod Beardsley a38724f53b Adds an apparently spurious require
SeeRM #7276

Sticking this in a branch for now while I ask Egypt and limhoff for a
second opinion.
2012-10-01 07:49:58 -05:00
Tod Beardsley 60b4190e4a Avoids a race on requires
Applies Raphael's patch.

[FixRM #7261]
2012-09-27 13:18:50 -05:00
sinn3r c0387f1441 Have a matching option like the post module
And make sure nemo won't get harassed by people because they
think he hacked into everyone's mac.
2012-09-24 18:33:13 -05:00
sinn3r 2769a88f9e Code cleanup 2012-09-24 17:47:14 -05:00
dcbz 202a78dd3f Added say.rb: uses /usr/bin/say to output a string 2012-09-22 09:13:29 -05:00
dcbz 09b8a6d87f Added reverse_tcp stager payload, and updated bind 2012-09-22 08:31:42 -05:00
dcbz 81ceff7370 Added a tcp stager, and a small exec for testing 2012-09-22 07:24:51 -05:00
dcbz dccb8d235d Adding OSX 64-bit find-tag module. 2012-09-21 15:39:35 -05:00
sinn3r 776d24d8a9 cleanup 2012-09-20 16:16:30 -05:00
sinn3r 311c01be46 Cleanup, improve option handlingg 2012-09-20 16:14:15 -05:00
dcbz f5df7e0e8a Added 2 payload modules (reverse and bind tcp shells) 2012-09-19 16:59:26 -05:00
Ramon de C Valle 11f82de098 Update author information 2012-09-19 14:00:51 -03:00
James Lee 3c6319b75f Add nonx stagers for linux
[See #784]
2012-09-13 15:15:38 -05:00
James Lee f38ac954b8 Update linux stagers for NX compatibility
- Adds a call to mprotect(2) to the reverse and bind stagers

- Adds accurate source for some other linux shellcode, including some
  comments to make it more maintainable

- Adds tools/module_payload.rb for listing all payloads for each exploit
  in a greppable format. Makes it easy to find out if a payload change
  causes a payload to no longer be compatible with a given exploit.

- Missing from this commit is source for reverse_ipv6_tcp
2012-09-12 18:44:00 -05:00
HD Moore c901002e75 Add ssh login module for cydia / ios defaults 2012-09-10 19:36:20 -05:00
James Lee 828f37701d Fix linux shell_bind_tcp payload
It was calling bind(2) with a family of 0x02ff, which makes no sense and
causes execution to fall off the end and segfault.  Fix it by replacing
0x02ff with the appropriate 0x0002, or AF_INET.

[Fixrm #7216]
2012-09-04 04:23:48 -05:00
Tod Beardsley a93c7836bd Fixes load order with reverse http
This was originally intended to fix #664.

SEERM #7141 also.
2012-08-23 12:16:47 -05:00
James Lee aac56fc29b Fix load order issue
[See #664][SeeRM #7141]
2012-08-23 10:54:23 -05:00
sinn3r b3791b1545 I missed one 2012-08-14 16:51:55 -05:00
sinn3r 6a0271fb11 Correct OSX naming. See ticket #7182 2012-08-14 15:29:21 -05:00
sinn3r b46fb260a6 Comply with msftidy
*Knock, knock!*  Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
bcoles 8d3700cc3c Add Zenoss <= 3.2.1 exploit and Python payload
- modules/exploits/linux/http/zenoss_3.2.1_showdaemonxmlconfig_exec.rb
 - modules/payloads/singles/cmd/unix/reverse_python.rb
2012-07-30 01:24:27 +09:30
HD Moore 6cdd044e10 Remove a buggy payload that doesn't have NX support 2012-07-12 12:15:57 -05:00
jvazquez-r7 59bb9ac23b quoting ip to avoid php complaining 2012-06-25 18:52:26 +02:00
Michael Schierl 34ecc7fd18 Adding @schierlm 's AES encryption for Java
Tested with and without AES, works as advertised. Set an AESPassword,
get encryptification. Score.

Squashed commit of the following:

commit cca6c5c36ca51d585b8d2fd0840ba34776bc0668
Author: Michael Schierl <schierlm@gmx.de>
Date:   Wed Apr 4 00:45:24 2012 +0200

    Do not break other architectures
    even when using `setg AESPassword`

commit 422d1e341b3865b02591d4c135427903c8da8ac5
Author: Michael Schierl <schierlm@gmx.de>
Date:   Tue Apr 3 21:50:42 2012 +0200

    binaries

commit 27368b5675222cc1730ac22e4b7a387b88d0d2b3
Author: Michael Schierl <schierlm@gmx.de>
Date:   Tue Apr 3 21:49:10 2012 +0200

    Add AES support to Java stager

    This is compatible to the AES mode of the JavaPayload project.

    I'm pretty sure the way I did it in the handlers (Rex::Socket::tcp_socket_pair())
    is not the supposed way, but it works :-)
2012-06-11 16:13:25 -05:00
HD Moore 881ec8d920 Make the description clear that it only reads 4k, default datastore['FD'] to 1 2012-06-10 13:20:02 -05:00
sinn3r 15fa178a66 Add the MSF license text (since MSF_LICENSE is already set) 2012-06-10 02:07:27 -05:00
linuxgeek247 2b67c5132c Adding read_file linux shellcode 2012-06-09 20:36:47 -04:00
sinn3r 462a91b005 Massive whitespace destruction
Remove tabs at the end of the line
2012-06-06 00:44:38 -05:00
sinn3r 3f0431cf51 Massive whitespace destruction
Remove whitespace found at the end of the line
2012-06-06 00:36:17 -05:00
sinn3r c30af98b53 Massive whitespace destruction
Remove all the lines that have nothing but whitespace
2012-06-06 00:22:36 -05:00
sinn3r 2565888ec5 Change how we handle the password complexity failure 2012-06-03 13:13:44 -05:00
Chris John Riley a51df5fc3a Altered description to include information on the password complexity check
Altered the default password to meet the complexity checks

Note: The complexity checks (even if they fail) don't prevent the payload from running. At this point it only raises an warning and continues on. I can change this if it's more desirable however!
2012-06-03 09:22:48 +02:00
Chris John Riley ea66deb779 Added WMIC and complexity checks 2012-06-02 19:41:12 +02:00
Chris John Riley bada88cdf0 Added WMIC and complexity checks 2012-06-02 19:38:37 +02:00
Tod Beardsley 86500aad47 Author is always singular. 2012-05-08 08:47:52 -05:00
HD Moore 1a30e221a0 See #362 by changing the exitfunc arguments to be the correct type 2012-05-07 02:42:29 -05:00
James Lee dd7bc23d16 Whitespace 2012-05-02 18:06:39 -06:00
Tod Beardsley bd4819e8f2 Merge pull request #238 from mak/linux-x64-find-port
linux/x64/shell_find_port payload
2012-03-29 05:54:54 -07:00
Tod Beardsley 8fbf4cf6d9 Grammar on dns_txt_query_exec payload name and desc 2012-03-26 16:23:54 -05:00
sinn3r 182f3744de Cosmetic cleanup 2012-03-26 09:23:14 -05:00
corelanc0d3r ad32911b1a probably safer to use regex 2012-03-26 09:01:40 -05:00
James Lee 2d29184adc Use interpolation to ensure LPORT is a string for gsub
[Fixes #6542]
2012-03-21 21:05:05 -06:00
Tod Beardsley 31228ed65a Comment indentation 2012-03-21 15:21:10 -05:00
Peter Van Eeckhoutte 89d7363a8f fixed crash 2012-03-21 10:39:05 +01:00
Peter Van Eeckhoutte f81730a7e1 changes to the way jmp to payload is done 2012-03-21 09:52:22 +01:00
corelanc0d3r 45ef7fc35d reset author 2012-03-20 20:43:56 +01:00
Peter Van Eeckhoutte a3035dc6d0 Adding corelandc0d3r's http/https/ftp payload
Picks up the one http/https/ftp payload, but not the other two DNS
payloads listed as part of the original pull request.

[Closes #173]
2012-03-19 16:50:59 -05:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
Maciej Kotowicz 0389e47dfe fix little mistake 2012-03-15 16:21:00 +01:00
Maciej Kotowicz f91b894375 added posibilities for generating payload from asm to more arch's
added linux/x64/shell_find_port payload
2012-03-14 22:39:56 +01:00
Joshua J. Drake ab01a19f92 Fixes #6483: Correct the include for the handler (was copypasta) 2012-03-07 11:23:44 -06:00
James Lee 70162fde73 A few more author typos 2012-03-05 13:28:46 -07:00
Tod Beardsley 6c0f8636ec Merge pull request #217 from rapid7/reverse-http-randomness
Reverse http randomness
2012-03-02 16:36:26 -08:00
HD Moore b70b41091b Tested fairly well - this randomizes the URLs and removes the user-agent string from the request 2012-03-02 17:44:23 -06:00
Tod Beardsley 96e03d2556 Merge pull request #44 from linuxgeek247/armle-bind-shell
Adding armle bind shellcode based on existing reverse shellcode
2012-03-02 14:25:43 -08:00
James Lee 624e19fd8b Merge session-host-rework branch back to master
Squashed commit of the following:

commit 2f4e8df33c5b4baa8d6fd67b400778a3f93482aa
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:31:03 2012 -0700

    Clean up some rdoc comments

    This adds categories for the various interfaces that meterpreter and
    shell sessions implement so they are grouped logically in the docs.

commit 9d31bc1b35845f7279148412f49bda56a39c9d9d
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 13:00:25 2012 -0700

    Combine the docs into one output dir

    There's really no need to separate the API sections into their own
    directory.  Combining them makes it much easier to read.

commit eadd7fc136a9e7e4d9652d55dfb86e6f318332e0
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 08:27:22 2012 -0700

    Keep the order of iface attributes the same accross rubies

    1.8 doesn't maintain insertion order for Hash keys like 1.9 does so we
    end up with ~random order for the display with the previous technique.
    Switch to an Array instead of a Hash so it's always the same.

commit 6f66dd40f39959711f9bacbda99717253a375d21
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 08:23:35 2012 -0700

    Fix a few more compiler warnings

commit f39cb536a80c5000a5b9ca1fec5902300ae4b440
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 08:17:39 2012 -0700

    Fix a type-safety warning

commit 1e52785f38146515409da3724f858b9603d19454
Author: James Lee <egypt@metasploit.com>
Date:   Mon Feb 27 15:21:36 2012 -0700

    LHOST should be OptAddress, not OptAddressRange

commit acef978aa4233c7bd0b00ef63646eb4da5457f67
Author: James Lee <egypt@metasploit.com>
Date:   Sun Feb 26 17:45:59 2012 -0700

    Fix a couple of warnings and a typo

commit 29d87f88790aa1b3e5db6df650ecfb3fb93c675b
Author: HD Moore <hdm@digitaloffense.net>
Date:   Mon Feb 27 11:54:29 2012 -0600

    Fix ctype vs content_type typo

commit 83b5400356c47dd1973e6be3aa343084dfd09c73
Author: Gregory Man <man.gregory@gmail.com>
Date:   Sun Feb 26 15:38:33 2012 +0200

    Fixed scripts/meterpreter/enum_firefox to work with firefox > 3.6.x

commit 49c2c80b347820d02348d694cc71f1b3028b4365
Author: Steve Tornio <swtornio@gmail.com>
Date:   Sun Feb 26 07:13:13 2012 -0600

    add osvdb ref

commit e18e1fe97b89c3a2b8c22bc6c18726853d2c2bee
Author: Matt Andreko <mandreko@gmail.com>
Date:   Sat Feb 25 18:02:56 2012 -0500

    Added aspx target to msfvenom.  This in turn added it to msfencode as well.
    Ref: https://github.com/rapid7/metasploit-framework/pull/188
    Tested on winxp with IIS in .net 1.1 and 2.0 modes

commit e6aa5072112d79bbf8a4d2289cf8d301db3932f5
Author: Joshua J. Drake <github.jdrake@qoop.org>
Date:   Sat Feb 25 13:00:48 2012 -0600

    Fixes #6308: Fall back to 127.0.0.1 when SocketError is raised from the resolver

commit b3371e8bfeea4d84f9d0cba100352b57d7e9e78b
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 17:07:42 2012 -0700

    Simplify logic for whether an inner iface has the same address

commit 5417419f35a40d1c08ca11ca40744722692d3b0d
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:58:16 2012 -0700

    Whitespace

commit 9036875c2918439ae23e11ee7b958e30ccc29545
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:53:45 2012 -0700

    Set session info before worrying about address

    get_interfaces can take a while on Linux, grab uid and hostname earlier
    so we can give the user an idea of what they popped as soon as possible.

commit f34b51c6291031ab25b5bfb1ac6307a516ab0ee9
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:48:42 2012 -0700

    Clean up rdoc

commit e61a0663454400ec66f59a80d18b0baff4cb8cd9
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 04:54:45 2012 -0600

    Ensure the architecture is only the first word (not the full WOW64
    message in some cases)

commit 4c701610976a92298c1182eecc9291a1b301e43b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 04:49:17 2012 -0600

    More paranoia code, just in case RHOST is set to whitespace

commit c5ff89fe3dc9061e0fa9f761e6530f6571989d28
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 04:47:01 2012 -0600

    A few more small bug fixes to handle cases with an empty string target
    host resulting in a bad address

commit 462d0188a1298f29ac83b10349aec6737efc5b19
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 03:55:10 2012 -0600

    Fix up the logic (reversed by accident)

commit 2b2b0adaec2448423dbd3ec54d90a5721965e2df
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 23:29:52 2012 -0600

    Automatically parse system information and populate the db, identify and
    report NAT when detected, show the real session_host in the sessions -l
    listing

commit 547a4ab4c62dc3248f847dd5d305ad3b74157348
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:16:03 2012 -0600

    Fix typo introduced

commit 27a7b7961e61894bdecd55310a8f45d0917c5a5c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:11:38 2012 -0600

    More session.session_host tweaks

commit e447302a1a9915795e89b5e29c89ff2ab9b6209b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:08:20 2012 -0600

    Additional tunnel_peer changes

commit 93369fcffaf8c6b00d992526b4083acfce036bb3
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:06:21 2012 -0600

    Additional changes to session.session_host

commit c3552f66d158685909e2c8b51dfead7c240c4f40
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:00:19 2012 -0600

    Merge changes into the new branch
2012-02-28 18:29:39 -07:00
Joshua J. Drake 65ed4bfa8b Fixes #6308: Fall back to 127.0.0.1 when SocketError is raised from the resolver 2012-02-25 13:00:48 -06:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
Tod Beardsley e371f0f64c MSFTidy commits
Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.

Squashed commit of the following:

commit 2dfd2472f7afc1a05d3647c7ace0d031797c03d9
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed Feb 1 10:58:53 2012 -0600

    Break up the multiline SOAP thing

commit 747e62c5be2e6ba99f70c03ecd436fc444fda99e
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed Feb 1 10:48:16 2012 -0600

    More whitespace and indent

commit 12c42aa1efdbf633773096418172e60277162e22
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed Feb 1 10:39:36 2012 -0600

    Whitespace fixes

commit 32d57444132fef3306ba2bc42743bfa063e498df
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed Feb 1 10:35:37 2012 -0600

    Grammar fixes for new modules.
2012-02-01 10:59:58 -06:00
HD Moore 0c2a18d765 Fix up reverse_tcp ipv6 stager for freebsd 2012-02-01 01:41:24 -06:00
HD Moore 29d8feaa24 Use the ADDR6 type, not ADDR 2012-02-01 00:58:08 -06:00
HD Moore aed27a2f82 Add missing trailing quote 2012-02-01 00:54:42 -06:00
HD Moore 45a785fde0 Adds BSD IPv6 payloads and stagers 2012-02-01 00:54:42 -06:00
HD Moore ec5fd723ba Merge in additional IPv6 support for PHP payloads 2012-01-31 01:11:55 -06:00
Patroklos Argyroudis 4e1029ae8b Execute (execve) arbitrary command payload for Mac OS X x64 2012-01-30 11:01:57 +02:00
Patroklos Argyroudis c6eb104132 bug fix for hardcoded max command length 2012-01-23 10:24:22 +02:00
scriptjunkie 9fe18cdc86 Add x64 LoadLibraryA payload. Because it should exist. 2012-01-17 21:16:26 -06:00
sinn3r 5761035371 This payload shouldn't be in here. Instead of adding a new one, exec.rb should be fixed 2012-01-16 22:41:27 -06:00
sinn3r 17ffc06f60 Merge branch 'osx_mozilla_mchannel' of https://github.com/argp/metasploit-framework into argp-osx_mozilla_mchannel 2012-01-16 19:35:29 -06:00
sinn3r 8eee54d1d0 Add e-mail addr for corelanc0d3r (found it in auxiliary/fuzzers/ftp/client_ftp.rb) 2012-01-09 14:23:37 -06:00
Patroklos Argyroudis 5a20b7d7ac Fixed small typo 2012-01-09 14:19:00 +02:00
Patroklos Argyroudis 9a62b41ab7 Mac OS X x86 payload that executes Calculator.app 2012-01-09 12:12:20 +02:00
sinn3r b202c29153 Correct e-mail format 2011-12-29 11:27:10 -06:00
HD Moore 8dc85f1cc5 Fix up some nascent typos 2011-12-14 00:30:31 -06:00
HD Moore 866e2b6bf3 Additional IPv6 payload support 2011-12-14 00:27:38 -06:00
HD Moore 17cc89ebad Add IPv6 specific HTTP(S) handlers and payloads (simplifies
options/usage)
2011-12-11 13:26:48 -06:00
HD Moore 2d3064c1ec Default the scope ID to 0, explicitly 2011-12-10 13:46:16 -06:00
Christopher McBee 100d8803f6 Adding armle bind shellcode based on existing reverse shellcode 2011-12-05 18:16:02 -05:00
Rob Fuller c411c216c0 Solved most of msftidy issues with the /modules directory 2011-11-28 17:10:29 -06:00
Joshua Drake 62c8c6ea9f big msftidy pass, ping me if there are issues
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
Joshua Drake ac916baac5 Fixes #5581: Stop hardcoding MIPS reverse shell IP/port
git-svn-id: file:///home/svn/framework3/trunk@13999 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 22:50:12 +00:00
Tod Beardsley 30ac88694f More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster.
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:58:53 +00:00
James Lee 7e4826bae4 silly patch fail
git-svn-id: file:///home/svn/framework3/trunk@13742 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-16 21:11:57 +00:00
James Lee c6c133673f add reverse_https support for java meterpreter, fixes #5288; thanks mihi!
git-svn-id: file:///home/svn/framework3/trunk@13741 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-16 21:10:11 +00:00
James Lee 851bc8d7b8 add a single shell payload for java, partially reverts r13213
git-svn-id: file:///home/svn/framework3/trunk@13588 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 16:31:19 +00:00
Wei Chen 76ea2ea2a3 That was weird. Id didn't set. Trying again.
git-svn-id: file:///home/svn/framework3/trunk@13403 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-29 02:31:18 +00:00
Wei Chen 9f80b8d862 These modules forgot to do svn propset
git-svn-id: file:///home/svn/framework3/trunk@13402 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-29 02:28:46 +00:00
James Lee 3c261c346f add support for java/meterpreter/reverse_http. assuming i didn't miss any files, fixes #4946, thanks mihi!
git-svn-id: file:///home/svn/framework3/trunk@13213 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 23:15:06 +00:00
Matt Weeks 7122ccbbd1 wscript necessary in certain contexts.
Also can avoid warnings in certain cases.



git-svn-id: file:///home/svn/framework3/trunk@13166 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-14 02:35:33 +00:00
James Lee ff53057965 Use consistent case for Spawn option
git-svn-id: file:///home/svn/framework3/trunk@13130 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-08 20:08:40 +00:00
Matt Weeks afbf445a87 Custom payload.
Fixes #4708



git-svn-id: file:///home/svn/framework3/trunk@13058 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-29 01:26:24 +00:00
HD Moore 9220506ba2 Merge in recent meterpreter work. These are not the commits you are looking for (more info on what all this is later this week).
git-svn-id: file:///home/svn/framework3/trunk@13053 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-28 21:26:43 +00:00
Matt Weeks 5faaa7db07 Update cmd vbs download payloads.
Use : instead of longer echo statements.
Add eval version.



git-svn-id: file:///home/svn/framework3/trunk@12912 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-11 20:37:08 +00:00
HD Moore 3e0f3639ef This adds a quick windows/loadlibrary payload for folks who have a need for such things. The library path can be a UNC location and works fine over WebDAV...
git-svn-id: file:///home/svn/framework3/trunk@12765 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-30 03:44:59 +00:00
Wei Chen 56b4a092d6 Added Linux x64 payloads. Modified exe.rb to support elf x64 payloads.
git-svn-id: file:///home/svn/framework3/trunk@12676 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-20 23:51:19 +00:00
Stephen Fewer c48633cff0 Merge in a rewritten windows x86 reverse_ipv6_tcp stager (The previous one seems hosed since r6744 due to new host/port offsets[1] but the shellcode blob remained the same after modification[2]) - This new one uses the block_api_call technique, is 37 bytes smaller and can handle arbitrary size stages.
[1] https://dev.metasploit.com/redmine/projects/framework/repository/revisions/6744/diff/modules/payloads/stagers/windows/reverse_ipv6_tcp.rb
[2] https://dev.metasploit.com/redmine/projects/framework/repository/revisions/6744/diff/external/source/shellcode/windows/stager_reverse_ipv6_tcp_nx.asm

git-svn-id: file:///home/svn/framework3/trunk@12562 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-08 01:44:08 +00:00
HD Moore 7cb8e56cfe Fix upexec handle_connection_stage arguments
git-svn-id: file:///home/svn/framework3/trunk@12511 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-02 18:54:02 +00:00
Joshua Drake 94fa25ee7a remove crufty method
git-svn-id: file:///home/svn/framework3/trunk@12491 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-01 22:07:49 +00:00
Mario Ceballos 0522b69de2 s instead of n
git-svn-id: file:///home/svn/framework3/trunk@12488 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-01 13:31:08 +00:00
James Lee 6dd44fa516 massive keywords cleanup
git-svn-id: file:///home/svn/framework3/trunk@12196 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-01 00:51:33 +00:00
HD Moore c679de9d7a Closes #3976 by merging in an ARM adduser payload from Jonathan Salwan
git-svn-id: file:///home/svn/framework3/trunk@12045 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-21 01:26:14 +00:00
amaloteaux 78396e94f9 move linux meterpreter bin to the correct place
git-svn-id: file:///home/svn/framework3/trunk@11938 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-11 20:29:25 +00:00
Mario Ceballos 631af16d9f revert back.
git-svn-id: file:///home/svn/framework3/trunk@11900 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-08 22:48:39 +00:00
Mario Ceballos 54382c6080 patch recieved from Peter Van Eeckhout
git-svn-id: file:///home/svn/framework3/trunk@11898 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-08 22:23:13 +00:00
Joshua Drake a944cbc50d style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@11612 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-20 20:40:47 +00:00
HD Moore 4971a0d7af Add Skylined's "You Got Pwned" payload
git-svn-id: file:///home/svn/framework3/trunk@11485 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-06 17:34:09 +00:00
James Lee f0cc6ff596 big commit for converting meterpreter scripts to modules, see #3377. also fixes payload tab-completion and 'show payloads' after TARGET has changed
git-svn-id: file:///home/svn/framework3/trunk@11421 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-27 17:46:42 +00:00
Joshua Drake 32c26f18f3 style compliance fixes, set test exploits to manual rank, fix s/ranking/rank/ in some exploits
git-svn-id: file:///home/svn/framework3/trunk@11039 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-14 19:03:24 +00:00
Joshua Drake a6bade8795 convert to use metasm, also fixes silly off-by-one bug
git-svn-id: file:///home/svn/framework3/trunk@11000 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 23:07:50 +00:00
Joshua Drake 9fb0e1a0bb fix comments
git-svn-id: file:///home/svn/framework3/trunk@10995 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 22:19:34 +00:00
James Lee 0d664c3a71 add a Spawn advanced option to java stagers, see #3009
git-svn-id: file:///home/svn/framework3/trunk@10946 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-08 06:08:09 +00:00
James Lee 56839ccf36 stupid debug prints
git-svn-id: file:///home/svn/framework3/trunk@10782 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 10:24:28 +00:00
James Lee f33d7cc670 revamp java payloads and make shells work with tomcat_mgr_deploy. tested java_trusted_chain and java_tester to verify that this doesn't break other java payload usage. see #3009 and #2973, meterpreter doesn't work yet, so not marking resolved.
git-svn-id: file:///home/svn/framework3/trunk@10781 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 10:19:51 +00:00
Joshua Drake 04858c69fc style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@10758 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-19 22:54:19 +00:00
HD Moore 79c8e18e6b Add a wfs_delay for reverse_https. This fixes #2508 and fixes #1764. This should prevent the race condition that was the root cause of both issues.
git-svn-id: file:///home/svn/framework3/trunk@10716 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-17 02:33:47 +00:00
HD Moore 9902dcb9cc Fixes #2661 by removing exitfunc as a parameter, since it needs to be ExitProcess
git-svn-id: file:///home/svn/framework3/trunk@10714 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-16 22:01:01 +00:00
HD Moore 5e1d181da5 Fixes #2132 by removing patchup version of vnc inject
git-svn-id: file:///home/svn/framework3/trunk@10708 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-16 18:10:10 +00:00