infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,585 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

292 Commits (b5e7009283a8ffc6899feb959464e2a80656f48c)

Author SHA1 Message Date
Matt Weeks ab4026cfb5 And do the same for pivoted PXE attacks. 
git-svn-id: file:///home/svn/framework3/trunk@13780 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-23 16:16:47 +00:00
Matt Weeks 10bf0fbe84 Whoops. Reset would be reset, not stop. 
git-svn-id: file:///home/svn/framework3/trunk@13752 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-18 20:26:09 +00:00
Matt Weeks 6853221762 Fixes #5313 by adding logging support to pivoted PXE attacks, and displaying results as the module runs. 
git-svn-id: file:///home/svn/framework3/trunk@13646 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-27 15:46:49 +00:00
Matt Weeks 06c3dabe31 Fixes #5312 for pivoted PXE attacks. 
git-svn-id: file:///home/svn/framework3/trunk@13634 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-25 02:07:35 +00:00
Matt Weeks 53e43fa847 whoops. Use these, not the dhcpserv.cpp/h 
git-svn-id: file:///home/svn/framework3/trunk@13633 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-25 01:41:57 +00:00
HD Moore 521b95b0c2 This fixes garbled characters in lsass hashdump on some platforms 
git-svn-id: file:///home/svn/framework3/trunk@13582 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-19 05:09:49 +00:00
Matt Weeks b2733c04db More PXE dust for extra magic! 
git-svn-id: file:///home/svn/framework3/trunk@13493 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-05 17:10:27 +00:00
James Lee 0f95070f3f add a request type for grabbing the host's directory separator, fixes #4892 
git-svn-id: file:///home/svn/framework3/trunk@13346 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-26 20:51:33 +00:00
James Lee 6b1dfd5908 meterpreter compiles on modern linux! see #2418 
git-svn-id: file:///home/svn/framework3/trunk@13333 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-25 07:59:51 +00:00
James Lee dd84169187 tell the linker to make DT_HASH sections instead of DT_GNU_HASH which msflinker can't handle 
git-svn-id: file:///home/svn/framework3/trunk@13332 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-24 23:50:55 +00:00
James Lee 5c5861cc9b add a 'clean' target 
git-svn-id: file:///home/svn/framework3/trunk@13328 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-24 19:25:19 +00:00
HD Moore 75bef2b98a Apply a diff to fix bad ifdef usage 
git-svn-id: file:///home/svn/framework3/trunk@13324 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-23 20:31:58 +00:00
HD Moore 47eb4cbd86 Add an ifdef around the wininet setup routine 
git-svn-id: file:///home/svn/framework3/trunk@13323 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-23 20:16:19 +00:00
James Lee 3c261c346f add support for java/meterpreter/reverse_http. assuming i didn't miss any files, fixes #4946, thanks mihi! 
git-svn-id: file:///home/svn/framework3/trunk@13213 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-18 23:15:06 +00:00
James Lee cdeacc85f3 fix some incorrect arguments to memset, thanks sbz for noticing. 
git-svn-id: file:///home/svn/framework3/trunk@13123 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-07 23:14:44 +00:00
James Lee f01d29e4a5 add support for absolute paths, fixes #4874 
git-svn-id: file:///home/svn/framework3/trunk@13108 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-06 21:35:51 +00:00
HD Moore 8816d2135f Merge in changes from thelightcosine that add RegLoadKey/RegUnloadKey support 
git-svn-id: file:///home/svn/framework3/trunk@13089 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-02 04:03:23 +00:00
HD Moore e9bb388593 Use size_t instead of int 
git-svn-id: file:///home/svn/framework3/trunk@13063 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-29 06:35:44 +00:00
HD Moore 35801febd7 Lets try this again, POSIX style 
git-svn-id: file:///home/svn/framework3/trunk@13061 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-29 06:30:24 +00:00
HD Moore 96ff575998 Add md5/sha1 
git-svn-id: file:///home/svn/framework3/trunk@13060 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-29 06:12:15 +00:00
HD Moore dc1e42af2c Make sure empty replies are take into account for the session keep alive 
git-svn-id: file:///home/svn/framework3/trunk@13052 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-28 21:22:48 +00:00
HD Moore 80643cc152 Adds a remote shutdown api 
git-svn-id: file:///home/svn/framework3/trunk@13050 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-28 18:11:17 +00:00
HD Moore c1935eda06 Re-add the missing SendRequest, make migrate work 
git-svn-id: file:///home/svn/framework3/trunk@13048 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-28 17:25:37 +00:00
HD Moore c53899f9b7 Clean a few things up 
git-svn-id: file:///home/svn/framework3/trunk@13046 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-28 07:40:32 +00:00
HD Moore 3bb2a2d07f Rework this for compatibility with older OSs 
git-svn-id: file:///home/svn/framework3/trunk@13045 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-28 07:30:48 +00:00
HD Moore fdfaf5b17b Merge in some recent meterpreter work, still a ways off before this is ready to use. 
git-svn-id: file:///home/svn/framework3/trunk@13044 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-28 05:57:36 +00:00
HD Moore 46eb182d81 Adds support for connecting to remote registry services with the current processes' credentials. See #1894 
git-svn-id: file:///home/svn/framework3/trunk@12923 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-12 00:00:56 +00:00
HD Moore 662840404f Fixes #4296 by merging in David Maloney's registry patch. The ruby side will be merged once the new binaries are in SVN 
git-svn-id: file:///home/svn/framework3/trunk@12920 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-11 23:04:25 +00:00
HD Moore 46dbaae454 Check the correct counter before bailing, this would cause a segmented header to kill the session. Pointed out by an anonymous contributor (new bins once the rest of the pending merge work is finished). 
git-svn-id: file:///home/svn/framework3/trunk@12918 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-11 22:53:04 +00:00
HD Moore 69b684ad0c Remove an unused variable 
git-svn-id: file:///home/svn/framework3/trunk@12917 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-11 22:43:31 +00:00
HD Moore 3833d2a098 Fix up the sniffer build environment, add the pivot project to the solution (even though its not part of the OSS tree). 
git-svn-id: file:///home/svn/framework3/trunk@12916 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-11 22:42:59 +00:00
James Lee 30bc742740 merge mihi's patch for adding ps and audio recording to java meterpreter, fixes #3898 
git-svn-id: file:///home/svn/framework3/trunk@12372 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-19 22:39:25 +00:00
James Lee 758da50090 use the correct length for copying arguments, fixes #3526, thanks mihi! 
git-svn-id: file:///home/svn/framework3/trunk@11700 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-02 21:26:29 +00:00
Stephen Fewer 41e5a4c61d Fix for #3482, the empty value occurs when no service pack is present. The fix simply tests for this. Also remove the two unused params on the _snprintf call. 
git-svn-id: file:///home/svn/framework3/trunk@11542 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-11 14:29:16 +00:00
Matt Weeks 599df0a71a Fix error with recording on certain Windows versions. 
git-svn-id: file:///home/svn/framework3/trunk@11311 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-12 20:12:03 +00:00
Matt Weeks 61242f3c2c Catch invalid webcam frame requests. 
git-svn-id: file:///home/svn/framework3/trunk@11160 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-29 02:23:01 +00:00
Matt Weeks 2e72926638 Add audio (microphone) recording support to stdapi. 
git-svn-id: file:///home/svn/framework3/trunk@11087 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-22 00:32:39 +00:00
Matt Weeks 560c1847c3 Properly return error if no webcams present (instead of killing session). 
git-svn-id: file:///home/svn/framework3/trunk@11041 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-14 19:59:31 +00:00
Matt Weeks 594a46bfc7 Merge webcam extension into stdapi. 
git-svn-id: file:///home/svn/framework3/trunk@10997 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-11 22:36:54 +00:00
Matt Weeks 2d2e1989aa Fix memory leak. 
git-svn-id: file:///home/svn/framework3/trunk@10964 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-09 23:37:56 +00:00
Matt Weeks db602dd478 Add functional in-memory webcam support. 
git-svn-id: file:///home/svn/framework3/trunk@10954 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-09 02:24:28 +00:00
pks 20b96ae0c1 Partial implementation of in memory execution and update binary 
git-svn-id: file:///home/svn/framework3/trunk@10839 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-28 12:44:39 +00:00
HD Moore 2e9138ebbc This commit overhauls much of the meterpreter timeouts and staging processes. This fixes a bug with concurrent session handling, reduces CPU load by caching a single SSL certificate for all sessions, increases all of the critical timeouts, and generally makes mass ownage work better. We still need to limit the maximum number of concurrent on_session() threads to something sane to prevent sesssion spikes from dragging out the process even longer. The C-side meterpreter change is minimal and will only help with future compatibility if we move to non-blocking fd's for the SSL socket. 
git-svn-id: file:///home/svn/framework3/trunk@10595 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-08 04:11:47 +00:00
pks 872c8b09c7 Add the ability to clean up file descriptors in the remote process. 
git-svn-id: file:///home/svn/framework3/trunk@10587 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-07 11:52:45 +00:00
pks 754225a80d Implement per dispatch run channel_write of packets, remove __FUNCTION__ due to dprintf changes, and fix shutting down networkpug interfaces. Re-add networkpug binary. 
git-svn-id: file:///home/svn/framework3/trunk@10586 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-07 11:52:38 +00:00
pks 14cabd2611 Allow debugging to be enabled. 
This will make it easier to hopefully track down bugs.

exploitme-posix.c - make complete stack executable. On some kernel versions, execstack doesn't do the trick.

git-svn-id: file:///home/svn/framework3/trunk@10485 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-26 05:58:59 +00:00
pks 784e355d93 Networkpug improvements 
git-svn-id: file:///home/svn/framework3/trunk@10484 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-26 05:58:48 +00:00
pks 740e2c1ab2 Change base from 0x90040000 to 0x20040000. 
This is more portable across kernel versions / patches it seems. This
will be better for SEGMEXEC compatibility as well.

git-svn-id: file:///home/svn/framework3/trunk@10455 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-24 04:06:28 +00:00
pks 50241faa57 Implement a sniffer for posix meterpreter using libpcap. 
This version of the sniffer supports packet filtering after the packet count variable, like so:

meterpreter > sniffer_interfaces

1 - 'eth0' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
2 - 'any' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
3 - 'lo' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )

meterpreter > use sniffer
Loading extension sniffer...success.
meterpreter > sniffer_start 1 500000 icmp <-- picks up only icmp packets.
[*] Capture started on interface 1 (500000 packet buffer)
meterpreter > sniffer_stop 1
[*] Capture stopped on interface 1

git-svn-id: file:///home/svn/framework3/trunk@10424 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 11:43:30 +00:00
pks a179836fca Initial import of networkpug, a pivoting interface using libpcap to monitor/inject packets on a interface on the remote machine. 
git-svn-id: file:///home/svn/framework3/trunk@10423 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 09:35:46 +00:00
pks f196333e02 Strip debugging symbols when compiling the linker. 
git-svn-id: file:///home/svn/framework3/trunk@10419 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 05:13:53 +00:00
pks e30b420834 Railgun is windows specific at the moment, move the header include down a little bit and #ifdef the functions down a bit. 
git-svn-id: file:///home/svn/framework3/trunk@10418 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 05:13:47 +00:00
pks 49b87daa7d Implement locking in dl* functions 
git-svn-id: file:///home/svn/framework3/trunk@10417 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 05:13:40 +00:00
pks 89b33c2cc7 Implement a crash handler to ease debugging 
git-svn-id: file:///home/svn/framework3/trunk@10416 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 05:13:34 +00:00
pks 3c99897115 Missing file, QWORD compile fix, and thread error handling improvements. 
asm/ucontext.h will be used to implement a crash handler in msflinker,
which should allow for easier debugging and development of msflinker
and extension code.

thread.c/h, fixes a bug if you thread_create(), but stop the thread before
running it.

Compilation fix for WSAGetLastError

git-svn-id: file:///home/svn/framework3/trunk@10415 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 05:13:27 +00:00
Stephen Fewer 50e6d8f0e3 Delete the railgun meterpreter extension and add railgun support directly into stdapi. Support now includes Windows x64. Update meterpreter packet core to handle QWORD TLV's. 
git-svn-id: file:///home/svn/framework3/trunk@10317 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-14 23:21:36 +00:00
Joshua Drake d8fb8e5c49 merge in another posix meterpreter update from philip, see #2418 
git-svn-id: file:///home/svn/framework3/trunk@10307 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-13 14:44:00 +00:00
James Lee f15981074b add source for java meterpreter. see #406 
git-svn-id: file:///home/svn/framework3/trunk@10294 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-11 17:47:39 +00:00
Joshua Drake e3a5195c62 commit some fixes from philip, see #2418 
git-svn-id: file:///home/svn/framework3/trunk@10275 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-09 15:51:30 +00:00
Joshua Drake c3db1d7a7f commit some fixes from philip, see #2418 
git-svn-id: file:///home/svn/framework3/trunk@10272 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-09 15:39:28 +00:00
Joshua Drake 8dc12802fa add termio.h back, see #2418 
git-svn-id: file:///home/svn/framework3/trunk@10203 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-31 15:11:29 +00:00
Joshua Drake 3b67eefe4e sync up with Philip's code, see #2418 
git-svn-id: file:///home/svn/framework3/trunk@10202 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-31 15:10:41 +00:00
Stephen Fewer a0f86c62e3 Meterpreter search support to leverage the index on older systems (2000/XP/2003) via Windows Desktop Search v2. 
git-svn-id: file:///home/svn/framework3/trunk@10187 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-30 09:50:41 +00:00
Stephen Fewer 53bfdb6f37 Commit the source for meterpreter file searching... 
git-svn-id: file:///home/svn/framework3/trunk@10165 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-27 14:44:42 +00:00
Joshua Drake aee73a3129 resolve some case insensitive filename issues 
git-svn-id: file:///home/svn/framework3/trunk@10158 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-26 17:32:34 +00:00
Joshua Drake 778ee60d2c update additional files, see #2418 
git-svn-id: file:///home/svn/framework3/trunk@10156 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-26 07:25:15 +00:00
Joshua Drake 067830a8d0 remove the old elf server, see #2418, should have been part of r10154 
git-svn-id: file:///home/svn/framework3/trunk@10155 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-26 05:24:20 +00:00
Joshua Drake 6d1ed6d779 first attempt to merge in Philip Sanderson's work on the POSIX meterpreter 
git-svn-id: file:///home/svn/framework3/trunk@10154 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-26 05:16:27 +00:00
Stephen Fewer 73f7b20935 Add meterpreter server side support for cleaning up loaded extensions upon server termination by calling the loaded extensions DeinisServerExtension() functions. 
git-svn-id: file:///home/svn/framework3/trunk@10053 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-19 11:34:23 +00:00
Stephen Fewer fd0b96ee9d Add a list_shift() function to the common linked list code. 
git-svn-id: file:///home/svn/framework3/trunk@10052 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-19 11:25:11 +00:00
HD Moore 30d3440b5d New bins, implements the server side of multi-call railgun 
git-svn-id: file:///home/svn/framework3/trunk@9806 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-13 19:19:21 +00:00
Stephen Fewer a47ced6ac4 Partial solution for #1448. Fall back to CreateProcessWithTokenW when CreateProcessAsUser fails with ERROR_PRIVILEGE_NOT_HELD. While only available on 2003 and above this works on my server 2008 test case which was failing before. 
git-svn-id: file:///home/svn/framework3/trunk@9781 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-11 18:36:57 +00:00
Stephen Fewer 7a57ca57a6 Bug fix for a misplaced & in call to DestroyEnvironmentBlock() during process_execute(), was causing a hang on Vista and an Access Violation on server 2008. 
git-svn-id: file:///home/svn/framework3/trunk@9779 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-11 16:37:50 +00:00
HD Moore d3a6418e53 Revert changes to elevate, still not getting around restrictions on primary token creation, needs a deeper look 
git-svn-id: file:///home/svn/framework3/trunk@9759 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-09 21:59:31 +00:00
HD Moore d5932fc2fd Switch the namedpipe code to convert the thread token to a primary token first 
git-svn-id: file:///home/svn/framework3/trunk@9756 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-09 21:40:44 +00:00
HD Moore ec9156827e Switch the elevator methods to DuplicateHandleEx to get a primary token 
git-svn-id: file:///home/svn/framework3/trunk@9755 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-09 21:23:05 +00:00
HD Moore 29f9f6671e This *should* fix all cases where execute -t would fail to use an impersonated token 
git-svn-id: file:///home/svn/framework3/trunk@9754 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-09 19:32:51 +00:00
HD Moore 972e7bc282 Clean up some of the token impersonation code around process execution 
git-svn-id: file:///home/svn/framework3/trunk@9751 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-09 18:54:20 +00:00
HD Moore ccfea56ed5 Minor tweak to build without the include path for common 
git-svn-id: file:///home/svn/framework3/trunk@9715 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-07 16:46:58 +00:00
HD Moore 5d9a6622de Merge railgun, tweak configurations 
git-svn-id: file:///home/svn/framework3/trunk@9709 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-07 16:29:03 +00:00
James Lee fb43495ada meterpreter now compiles on 64-bit linux in a 32-bit chroot. still need payload handlers and some stdapi love to make it useable 
git-svn-id: file:///home/svn/framework3/trunk@9468 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-10 06:10:15 +00:00
HD Moore c6c956ab46 Small patch to enable a new stager 
git-svn-id: file:///home/svn/framework3/trunk@8984 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 05:21:15 +00:00
Stephen Fewer c09ca4eba5 Commit all the code for the new 'screenshot' command in the stdapi extension. Screenshot will now work on NT4 - 7 on both x86 and x64 and on newer versions of Windows we can break out of session isolation (e.g. session 0 isolation for services) to screenshot the active desktop (or logon screen) without the need to migrate meterpreter. The majority of the migration code-injection stuff has been refactored out into base_inject.c so it can be shared with the new ps_inject() functionality to inject dlls. The 'ps' command now reports what session each process belongs to (if this is too verbose we can remove it or add a -v verbose switch to the ps command). The 'execute' command can now take a -s switch in order to create a process in a users session under the users privs (assuming you have the privs to do this). 
git-svn-id: file:///home/svn/framework3/trunk@8787 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-11 17:09:55 +00:00
Stephen Fewer 195d1ab4b8 Commit snojobs jpeg patch for espia with an x64 build and some minor changes on the ruby side (The 'screenshot' command is now 'screengrab' to avoid a future conflict with changes happening in stdapi). 
git-svn-id: file:///home/svn/framework3/trunk@8726 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-05 15:50:24 +00:00
Stephen Fewer 4e73d95dac Commit the JPEG-8 lib code from snowjobs patch. Added an x64 build environment and the libs directory for x86/x64 projects to link against. 
git-svn-id: file:///home/svn/framework3/trunk@8725 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-05 15:44:36 +00:00
Stephen Fewer 4ed9e71b76 Commit the meterpreter C side (and bins) for transparent zlib (zlib.c copied from the posix meterpreter source) compression of TLV's and channels. To use transparent compression with channels, create them with CHANNEL_FLAG_COMPRESS. To use transparent compression with any TLV value, bitwise or the TLV type with TLV_META_TYPE_COMPRESSED (Don't create the TLV type with TLV_META_TYPE_COMPRESSED as the compressed flag is removed on the remote end after compression). For consistency with the ruby side we could at a later stage add a boolean compress parameter to all the packet_add_tlv_* functions so you don't have to manually specify TLV_META_TYPE_COMPRESSED flag. 
git-svn-id: file:///home/svn/framework3/trunk@8515 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-16 14:56:24 +00:00
Stephen Fewer e732ef6872 Commit the Meterpreter C side for the UDP socket pivoting. (+1 bug fix for the TCP client socket notify event function) 
git-svn-id: file:///home/svn/framework3/trunk@8430 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-09 16:43:33 +00:00
Stephen Fewer a80d1ad2ee Commit the new TCP server channel support on the meterpreter end as well as some fixes to TCP client channels. 
git-svn-id: file:///home/svn/framework3/trunk@8383 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-06 17:55:41 +00:00
HD Moore 42b331b47f Fix #790. Initialize the client state to be alive, tweak a few things on the meterpreter side 
git-svn-id: file:///home/svn/framework3/trunk@8327 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-29 18:52:44 +00:00
Stephen Fewer 7a32f9f2e2 fix ps so an x64 process's path is returned correctly when ps is run from a wow64 meterpeter. 
git-svn-id: file:///home/svn/framework3/trunk@8322 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-29 12:00:45 +00:00
Stephen Fewer 3824a2938c ...update the project files. I have added in an extra post build step for elevator.dll so it can work on NT4 (when used with rundll32.exe for getsystem technique #2). The post build step uses the editbin.exe to set the major OS/Subsystem version to 4 instead of 5 so NT4 will load it, (visual c++ 2008 cant build NT4 binaries, only 2000 and above). 
git-svn-id: file:///home/svn/framework3/trunk@8318 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-29 01:12:35 +00:00
Stephen Fewer 0e08aa0094 Add in KiTrap0D to the priv getsystem command. 
git-svn-id: file:///home/svn/framework3/trunk@8317 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-29 01:09:57 +00:00
HD Moore 284af1260a Disable debug tracing 
git-svn-id: file:///home/svn/framework3/trunk@8312 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 23:10:58 +00:00
HD Moore f3408fd327 Fixes #744. The core issue was the migrate code waiting on SetEvent, but the migrate stub was blocked on a WSASocket due to a pending packet_receive in the main server thread. Simply settin the thread termination signal did not work, as the SSL_read was already in progress. This change forcible terminates the main server thread before waiting on the event in order to bypass this deadlock. The downside is a failed migrate has no way to recover if it makes it this far. 
git-svn-id: file:///home/svn/framework3/trunk@8309 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 22:55:41 +00:00
Stephen Fewer 5793ab128c modularize the source for each technique in elevator too. 
git-svn-id: file:///home/svn/framework3/trunk@8299 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 16:30:09 +00:00
Stephen Fewer 8eb036d704 modularize the source for each technique, making it cleaner to add in new techniques at a later stage. 
git-svn-id: file:///home/svn/framework3/trunk@8298 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 15:04:27 +00:00
Stephen Fewer 62c1a99c8e update the workspace files. 
git-svn-id: file:///home/svn/framework3/trunk@8295 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:46:51 +00:00
Stephen Fewer fad278566b Add in the elevator dll, used by getsystem for a number of things. 
git-svn-id: file:///home/svn/framework3/trunk@8294 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:45:31 +00:00
Stephen Fewer e58847009c Add in the new getsystem command to the priv extension. 
git-svn-id: file:///home/svn/framework3/trunk@8293 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:40:55 +00:00
Stephen Fewer f82b6c5952 Update RDI by adding in the LoadRemoteLibraryR function to use RDI to inject into arbitrary processes. Current limitation is it only works on x86->x86 and x64->x64 scenarios, due to the offsets used in parsing the PE file being determined at compile time (e.g. if we compile LoadRemoteLibraryR into an x86 binary it wont be able to load x64 images). Solution is to not rely on compiler for the offset but to do it manually which shouldn't be too much work. 
git-svn-id: file:///home/svn/framework3/trunk@8292 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:37:55 +00:00
Stephen Fewer 9f4332ce60 bug fix for the stdapi command rev2self. was not playing nice with new thread token stuff. 
git-svn-id: file:///home/svn/framework3/trunk@8291 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:33:24 +00:00
Stephen Fewer 095b6ee7ed move these macros from base_dispatch.c to common.h as they are useful to use elsewhere. 
git-svn-id: file:///home/svn/framework3/trunk@8290 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:32:16 +00:00
Stephen Fewer 4e4a65b9a4 Complete overhaul of process migration. Migration across x86->x86, x64->x64, wow64->x64 and x64->wow64 all supported using a number of techniques. 
git-svn-id: file:///home/svn/framework3/trunk@8198 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-22 19:46:18 +00:00
Stephen Fewer 159e240f3a updated stapi project file. 
git-svn-id: file:///home/svn/framework3/trunk@8158 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-19 11:07:21 +00:00
Stephen Fewer 757276d70f First cut for improved process listing. Now works well on NT4 and up. One issue with getting the path for x64 processes on an x86 meterpreter. 
git-svn-id: file:///home/svn/framework3/trunk@8156 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-19 10:40:02 +00:00
Stephen Fewer 0286a67f1e small bug fix to get getuid working on NT4 
git-svn-id: file:///home/svn/framework3/trunk@8155 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-19 10:36:12 +00:00
HD Moore 42b3a5774d Adds the process username to the ps output (when possible). 
git-svn-id: file:///home/svn/framework3/trunk@8056 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-02 03:41:21 +00:00
HD Moore 4d7aec7c2d Fixes #745. This commit changes how token manipulation works, adds the steal_token, drop_token, and getprivs commands. Tested on NT 4.0, 2000 SP4, XP SP3, 2003 SP2, Vista, and Windows 7 
git-svn-id: file:///home/svn/framework3/trunk@8055 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-02 00:35:10 +00:00
HD Moore 98f83bbab1 Adds reg queryclass 
git-svn-id: file:///home/svn/framework3/trunk@8046 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-31 15:52:30 +00:00
HD Moore 68aafc8e13 Fixes #658 by adding a 250ms sleep to the dispatch of the close call. 
git-svn-id: file:///home/svn/framework3/trunk@7934 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-21 19:53:10 +00:00
Stephen Fewer be588716c5 Bug fix for meterpreter on NT4 (Tested on NT4.0 SP6). Add a function thread_open() in thread.c to wrap the use kernel32!OpenThread and ntdll!NtOpenThread for backwards compatibility. 
git-svn-id: file:///home/svn/framework3/trunk@7806 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-10 18:12:51 +00:00
HD Moore 6da0fda5ed Updated meterpreter binaries with a slight change to the thread schedule (solves a looping problem when the socket is dead). 
git-svn-id: file:///home/svn/framework3/trunk@7793 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-10 05:42:47 +00:00
HD Moore ff19b649f3 See #662. This should fix most of the meterpreter-side issues with sockets, there is still a second piece of this which is unflushed data on the local forwards from the ruby code. 
git-svn-id: file:///home/svn/framework3/trunk@7761 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-08 22:08:06 +00:00
HD Moore 792724c3f3 Cleanups to the socket code, its still not perfect, but much more usable now 
git-svn-id: file:///home/svn/framework3/trunk@7750 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-08 14:52:07 +00:00
Stephen Fewer 4f8cfc27d4 Replace the use of Critical Sections for locking with Mutex's (thread.c). This appears to resolve a deadlock issue with OpenSSL on some Windows systems. This commit resolves a bug in interactive processes where an interactive waiter thread will chew cpu due to a tight loop introduced by anonymous pipes not blocking (process.c). Dynamic lock creation for OpenSSL has been re-enabled should a future version of OpenSSL require it, AFAIK the current version used, v0.8.9, does not use dynamic lock creation (server_setup.c). Channels have been given locks to help synchronize concurrent access to a single channel. 
git-svn-id: file:///home/svn/framework3/trunk@7732 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-07 13:04:41 +00:00
HD Moore dfa0d155fc See #607. Switch sniffer code to use mutexes 
git-svn-id: file:///home/svn/framework3/trunk@7728 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-07 05:19:46 +00:00
Stephen Fewer a273c9f07c Initial commit of the multi-threaded meterpreter. 
git-svn-id: file:///home/svn/framework3/trunk@7698 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-04 17:37:21 +00:00
HD Moore e5e89906d0 Switch the meterpreter to SSLv3 and try to generate a slightly more realistic CN for the certificate. The goal is to work through a wider range of inline proxies. 
git-svn-id: file:///home/svn/framework3/trunk@7311 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-31 20:44:23 +00:00
HD Moore 5234fe8ff8 Fixes 416. Adds the rm/del commands to meterpreter, fixes build problems triggered by the POSIX code merge 
git-svn-id: file:///home/svn/framework3/trunk@7291 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-27 02:31:07 +00:00
HD Moore 276a3f8052 Use _WIN32 instead of __WIN32__ to be consistent 
git-svn-id: file:///home/svn/framework3/trunk@7290 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-27 01:13:35 +00:00
HD Moore 7d7c565a37 Merge in the POSIX stdapi extension, still some work left to finish 
git-svn-id: file:///home/svn/framework3/trunk@7266 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-26 04:34:20 +00:00
HD Moore bf5068f6b1 Fixes #288 and #320. This should fix the BSoD issue with the sniffer module (other than the mac filter change, this matches the vendor's example) and confirmed that the keyscan_dump fix works 
git-svn-id: file:///home/svn/framework3/trunk@7066 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-26 16:26:05 +00:00
et a89914d448 Finally screenshot capture. BMP at this time 
git-svn-id: file:///home/svn/framework3/trunk@7063 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-26 04:05:09 +00:00
Stephen Fewer 1937839e79 Patch meterpreter's sysinfo command to resolve the system language and architecture. 
git-svn-id: file:///home/svn/framework3/trunk@7028 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-10 13:09:48 +00:00
Stephen Fewer 36d60d5d12 Commit the x64 build of the meterpreter incognito extension. 
git-svn-id: file:///home/svn/framework3/trunk@7009 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-07 09:25:25 +00:00
Stephen Fewer ff9efacffa Commit the x64 build of the meterpreter priv extension. 
git-svn-id: file:///home/svn/framework3/trunk@7008 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-07 09:17:29 +00:00
Stephen Fewer 402608ec6f Commit the openssl x64 static libraries required for compilation. These are freshly built using the latest stable release (openssl-0.9.8k). Instructions for re-building the libraries also included. 
git-svn-id: file:///home/svn/framework3/trunk@7001 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-04 01:58:17 +00:00
Stephen Fewer 5dee5819b1 Commit the source code for the cross compilable reflective dll injection module. Some minor modifications to the stdapi extension were also required. All the projects (.vcproj) now have an x64 debug/release target as well as an x86 counterpart. 
git-svn-id: file:///home/svn/framework3/trunk@7000 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-04 01:53:58 +00:00
HD Moore 87ea275a17 Fixes #299 - corrects the win32 build environment and source to build properly again 
git-svn-id: file:///home/svn/framework3/trunk@6987 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-30 01:57:25 +00:00
HD Moore a811f28535 Patch from snfernandez to fix posix extension loading 
git-svn-id: file:///home/svn/framework3/trunk@6954 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-12 23:15:08 +00:00
HD Moore 41121f5870 Major merge of Meterpreter POSIX codebase from JR, Win32 projects may need a few more fixes to work properly 
git-svn-id: file:///home/svn/framework3/trunk@6949 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-10 02:02:16 +00:00
HD Moore d5ffcc1907 fix the posix build (patch from JR) 
git-svn-id: file:///home/svn/framework3/trunk@6945 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-09 17:28:44 +00:00
HD Moore 79df0ab405 Merge in JR's ulibc code 
git-svn-id: file:///home/svn/framework3/trunk@6944 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-09 02:27:52 +00:00
HD Moore da32f1bdea Updated meterpreter code/binaries to scrub memory after use, works around Peter's memoryze signatures from BH/DC 2009 
git-svn-id: file:///home/svn/framework3/trunk@6942 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-08 14:22:32 +00:00
HD Moore 9a1e07c4f3 First round of posix meterpreter commits from jr 
git-svn-id: file:///home/svn/framework3/trunk@6934 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-01 14:21:58 +00:00
HD Moore c173bff563 Updated reflective stuff to match the new hashing function 
git-svn-id: file:///home/svn/framework3/trunk@6923 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-31 17:57:51 +00:00
HD Moore 5577fac39e Closes #297. Switches to the dnet headers for the sniffer packet decodes 
git-svn-id: file:///home/svn/framework3/trunk@6822 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-17 19:39:31 +00:00
HD Moore 2c4acca92a Fixes #296. Removes polarssl references 
git-svn-id: file:///home/svn/framework3/trunk@6811 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-16 16:00:29 +00:00
HD Moore 975093efca Updated VC++ project files to fix the directory paths/includes for OpenSSL 
git-svn-id: file:///home/svn/framework3/trunk@6774 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-13 03:14:20 +00:00
HD Moore 148ca687f5 Updated libraries and source code now using OpenSSL 
git-svn-id: file:///home/svn/framework3/trunk@6773 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-13 03:10:39 +00:00
HD Moore 6b0974f618 Goodbye PolarSSL (your license stinks). 
git-svn-id: file:///home/svn/framework3/trunk@6772 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-13 03:03:53 +00:00
HD Moore e8784d68fb Fixes up the sniffer to handle large packet captures better, fixes a regression in the sysinfo command. 
git-svn-id: file:///home/svn/framework3/trunk@6768 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-12 13:17:37 +00:00
HD Moore f76d73a823 Free packet memory when the capture is stopped 
git-svn-id: file:///home/svn/framework3/trunk@6765 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-11 18:19:42 +00:00
HD Moore 4989f9bdbe Fixes a bug where if the sniffer SDK could not initialize, it would still be treated as initialized the next time it was checked. 
git-svn-id: file:///home/svn/framework3/trunk@6764 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-11 17:52:40 +00:00
HD Moore 645ca020e9 Fixes a memory corruption issue with the SSL file descriptor (was using a stack reference instead of the Remote->fd reference), adds the source code sans the Packet SDK for the sniffer module 
git-svn-id: file:///home/svn/framework3/trunk@6763 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-11 17:32:50 +00:00
HD Moore 608ca7aae8 This patch removes some of the meterpreter compiler warnings and fixes migration over SSL 
git-svn-id: file:///home/svn/framework3/trunk@6761 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-09 22:44:33 +00:00
HD Moore 7b516e06fe Transfer the migration payload over SSL, still working on a crash bug after migration completes 
git-svn-id: file:///home/svn/framework3/trunk@6756 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-09 03:22:10 +00:00
HD Moore 48e1e5f351 Merge Stephen Fewer's patches to enable support for Windows 7 (fixes support for NT and 2000 as well) 
git-svn-id: file:///home/svn/framework3/trunk@6744 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-05 20:24:37 +00:00
HD Moore 0ad96dd656 Adds a top-level SEH handler around the initialization stub, prevents a fatal error from preventing EXITFUNC from being called. 
git-svn-id: file:///home/svn/framework3/trunk@6722 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-27 19:39:10 +00:00
HD Moore 43372de9f0 Fix a bug in the new SSL code that broke large transfers 
git-svn-id: file:///home/svn/framework3/trunk@6720 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-27 01:52:36 +00:00