237827bfdc
Fix up payload cached sizes again
...
This time it's against the currently "installed" version of Meterpeter
binaries. When Meterpreter is landed down the track we'll need to make
sure that the payload sizes are updated again.
2015-05-12 12:44:34 +10:00
836feaa2d8
Fix uuid setting, fix reverse_https x64 payload
...
The payload changes in this PR will be fixed up/removed in the
update-x64-stagers PR.
2015-05-12 10:24:11 +10:00
51e6c13bc4
Adjust transport configuration include for x64/reverse_http
...
Not sure how I missed this, but I did!
2015-05-12 09:54:08 +10:00
474461d2a4
Merge format and structure changes from multi transport
2015-05-12 09:46:02 +10:00
69d2b8ffb1
Various code format, style changes, file moves
...
As per Egypt's suggestions.
2015-05-12 09:43:41 +10:00
0dbfc1e02b
Merge the stager size work from mult-transport-support
2015-05-12 07:50:56 +10:00
fe51f552b8
Make stageless, and reverse_tcp x64 non-dynamic
2015-05-12 07:37:12 +10:00
6fdf23ad98
Update payload sizes again
2015-05-11 22:33:45 +10:00
a97f24a12d
Update payload cached sizes
2015-05-11 10:00:14 +01:00
d9068b7719
Fix up payload cache sizes, and powershell include
2015-05-11 17:43:51 +10:00
e69e6c4a73
Implement winhttp for x64
...
Still has some quirks to fix up, but we're getting there. Everything
seems to work except for reverse_winhttps. I can't see why at this
point.
2015-05-11 17:27:47 +10:00
800ab11abd
Payload size adjustment, typo fix
...
Woot, this somehow reduces the payload sizes by 2 bytes... woot.. or
something.
2015-05-11 17:24:32 +10:00
21397b46aa
Add proxy user/pass to x64 reverse_http/s
2015-05-11 17:24:31 +10:00
b922da8f80
Add support for x64 reverse_http
...
Still need to bake in support for proxies in the stagers, but wer'e
getting there.
2015-05-11 17:24:31 +10:00
15e9fb7e40
Port reverse_https (wininet) x64 to metasm
...
This laid the groundwork for implementation of reverse_http as well.
2015-05-11 17:24:31 +10:00
c0388a770e
Update cached sizes
2015-05-10 22:01:30 +01:00
c916021fc5
SSL Support for Powershell Payloads
2015-05-10 21:45:59 +01:00
fd827db6dd
Fix up bind stager payload sizes
2015-05-07 10:13:27 +10:00
9d7a7cb68d
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
lib/msf/core/payload/linux/bind_tcp.rb
2015-05-07 07:24:22 +10:00
0493f58834
Reenable metasm bind_tcp stager
2015-05-06 09:34:35 -05:00
3c2e6bb698
rollback linux bind_tcp stager metasm port
...
The new metasm port of the linux bind_tcp stager doesn't yet generate valid
executables. While we're debugging the problem, this reverts the bind_tcp.rb
stager to use the static ASM again.
2015-05-06 09:26:04 -05:00
a0c806c213
Update java meterpreter and payload references to use metasploit-payloads
2015-05-05 15:01:00 -05:00
232117117b
Fix missing includes
...
The powershell one broke thanks to include hierarchy changes. The others
failed in the specs only for some reason.
2015-05-05 14:24:21 +10:00
146f41992f
Fix up payload sizes
2015-05-05 13:52:20 +10:00
852961f059
Tweaking of transport behaviour, removal of patch
2015-05-05 11:45:22 +10:00
cf62d1fd7c
Remove patch and old stageless stuff
2015-05-05 09:27:01 +10:00
b42f4f5cd2
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
lib/msf/core/payload/windows/stageless_meterpreter.rb
lib/msf/core/payload/windows/x64/stageless_meterpreter.rb
lib/rex/post/meterpreter/client_core.rb
modules/payloads/stages/linux/x86/meterpreter.rb
modules/payloads/stages/windows/meterpreter.rb
modules/payloads/stages/windows/x64/meterpreter.rb
2015-05-05 07:53:54 +10:00
05e4af8162
Land #5214 , initial meterpreter session recovery support
2015-05-04 16:25:27 -05:00
e6ea5511ca
update linux and windows meterpreters to use metasploit-payloads
2015-05-04 09:44:36 -05:00
c2dc4677fb
Prevent stagless from overwriting socket
...
Stageless payloads need to have the socket FD left along (ie. 0)
otherwise each of them will think that the socket is already open.
Instead we need to make sure it's left as 0 as per the configuration and
from there the stageless code will fire up a new socket based on the
transport in question.
2015-05-04 22:36:59 +10:00
e835f2b99c
Rejig transport config into module
...
Adjust a few other things along the way, including tidying of code,
removing of dead stuff.
2015-05-04 22:04:34 +10:00
93bf995b32
Reverse tcp support for POSIX
...
Ported the stager and wired in the new work to make the configuration
function.
2015-05-04 20:11:26 +10:00
9300158c9a
Initial rework of POSIX stuff to handle new configuration
2015-05-04 18:58:55 +10:00
0b580acfb4
\t removed
2015-05-02 21:16:50 +02:00
a0539cd672
new x64 bsd shellcodes (bind/reverse) ipv4/6. ipv4 shells are smaller than
...
the existing one.
2015-05-02 20:52:09 +02:00
6058dee99a
explicitly require bind_tcp/reverse_tcp modules
...
This transient error was noted in the release documentation builder.
metasploit-framework/modules/payloads/singles/windows/powershell_bind_tcp.rb:37:in
`initialize': uninitialized constant Msf::Handler::BindTcp (NameError)
2015-04-27 20:57:31 -05:00
1fd601510c
Lands #5194 , merges in PowerShell session support & initial payloads
2015-04-26 16:01:51 -05:00
f56eac7f10
Cosmetic cleanup and binary mode read for powershell script
2015-04-26 15:57:51 -05:00
82fe480c2e
Update session to display username and hostname
2015-04-26 21:47:49 +01:00
f2c745d2a7
update cached sizes
2015-04-26 20:24:41 +01:00
d19406c593
Update the payload cache size
2015-04-26 18:56:32 +01:00
1cc167a7fb
Inserted ARCH_X86 payloads, removed interactive_powershell and updated base powershell session
2015-04-26 18:50:42 +01:00
4cb1a6c255
Updated payload cached size
2015-04-26 09:30:41 +01:00
e6c61c461e
Updated payloads and fixed msftidy.
2015-04-26 09:20:29 +01:00
6da8a14f62
Initial work on x64 payloads for new config
2015-04-26 13:41:31 +10:00
6ac3ecfa7c
Refactor, add reverse_winhttps support
...
Getting closer to a normalised view of what this stuff will look like.
There URL patching is slowly being removed. Reverse HTTPS works fine,
and by default HTTP should too.
Next up, x64 for the same main ones.
2015-04-26 12:11:14 +10:00
2455163d24
Refactor configuration for meterpreter payloads (x86)
...
RDI is now back to what it was before, as this leaves all the other RDI
style payloads alone. Instead we have a new Meterpreter loader which
does the stuff that is required to make meterpreter work well with the
new configuration options.
This is just the case for reverse_tcp and bind_tcp so far, need to do
the other payloads too, along with all the x64 versions.
2015-04-26 09:57:30 +10:00
ded904c72c
New payloads
2015-04-26 00:16:59 +01:00
a02ea90824
New payloads which work with cmd
2015-04-25 16:49:22 +01:00
7afb6e1aa6
Removed stand-alone payloads and will push these as a seperate fork request.
2015-04-25 07:57:43 +01:00
6be2c0beab
Dynamic
2015-04-25 07:49:34 +01:00
2273fb541a
payload cached_sizes
2015-04-25 07:33:51 +01:00
215e67bcbd
Updated comments
2015-04-25 07:02:25 +01:00
941a4ee572
updated cached size using tools/update_payload_cached_sizes.rb
2015-04-24 19:13:54 +01:00
00d8958cc8
New payloads for reverse_tcp for powershell
2015-04-24 10:25:37 +01:00
9e137c6403
ref
2015-04-23 23:28:33 +01:00
468166408e
ref
2015-04-23 23:28:21 +01:00
3711b2579c
new powershell session
2015-04-23 23:13:12 +01:00
0f7442dec2
new powershell session
2015-04-23 23:12:58 +01:00
b642ddb989
interact powershell session
2015-04-23 23:12:38 +01:00
b6abd9dc8e
updates to rex
2015-04-23 22:14:11 +01:00
a3710752c6
updates to rex
2015-04-23 22:14:00 +01:00
3e693c95df
update bind_tcp settings
2015-04-23 14:43:08 +01:00
19a6ae68ff
Update bind_tcp sizes to dynamic
...
This is required due to the fact that we can now turn on/off the
closing of the listen socket.
2015-04-23 09:53:18 +10:00
99156f1247
reverse payload
2015-04-22 20:41:45 +01:00
4ae3c5925d
bind payload
2015-04-22 20:41:35 +01:00
86957d9b07
Merge branch 'upstream/master' into connection-recovery
2015-04-21 20:01:59 +10:00
3fbd4e2fe6
Land #5172 , x64 BSD shell_{bind,reverse}_tcp
2015-04-20 15:37:29 -05:00
b0d50dc2be
Create our own Rex connection to the endpoint
...
Ensure powershell process closes when module completes
Add a windows cmd interact payload
2015-04-19 23:41:28 +01:00
19f8a76475
Porting bind_tcp for posix to metasm
...
And supporting SO_REUSEADDR and stageless meterp
2015-04-18 19:19:40 +10:00
97912882ca
Adjustments for POSIX meterpreter patching
2015-04-17 19:53:05 +10:00
0a8b29dd86
Merge branch 'upstream/master' into connection-recovery
...
Conflicts:
lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb
2015-04-17 14:40:21 +10:00
9b6aea12e1
Oops, missed a comma.
2015-04-15 19:26:53 -05:00
4a18714191
Update authors and license to original osx x86 module.
2015-04-15 14:34:26 -05:00
a01d98d1f5
Implement shell_bind and shell_reverse payloads for bsd x64.
2015-04-15 14:33:27 -05:00
0d19b5d4c3
Fix require order issue.
2015-04-14 23:23:02 -05:00
e56590e1e3
DRY up common code between BSD / OSX.
2015-04-14 23:08:57 -05:00
e114c85044
Land #5127 , x64 OS X prepend stubs 'n' stuff
2015-04-14 01:25:39 -05:00
2d3614f647
Implement x64 BSD exec and exe template.
...
- Fixes bug in CachedSize due to all options being set
- Adds new payload to payload_spec.
2015-04-12 12:17:25 -05:00
ceadd1e6ec
Update osx x86 payload cached sizes to be accurate.
...
- Right now there is a bug in the payload_spec, which causes the payload's
datastore during the spec run to have things like 'PrependSetuid' => 'false',
where 'false' is a string, which means 'if (datastore['PrependSetuid'])'
branch will be taken, resulting in incorrect behavior.
2015-04-12 00:21:18 -05:00
91202e2447
Port of reverse_tcp payload to metasm
2015-04-10 17:46:27 +10:00
fadb13b8ef
Porting block api, exitfunk, bind to metasm
...
Also add the flag which lets the bind stager leave the listen socket
open.
2015-04-10 16:23:03 +10:00
809409d8c4
Lots of changes to support moving timeouts to common spots
...
Session expiry, comms timeout, retry total/wait are all now part of all
of the meterpreter payloads as these are going to be used for
maintaining access with resiliency and will aim for consistency across
the payload types.
2015-04-09 17:57:43 +10:00
bc5fd4b813
A few adjustments to make bind_tcp keep listen sockets open
2015-04-09 08:46:35 +10:00
e7a4ee637a
Port windows reverse_tcp|bind_tcp to Metasm, add error handling
...
Conflicts:
lib/msf/core/payload/windows/bind_tcp.rb
modules/payloads/stagers/windows/bind_tcp.rb
Cherry-picked form @hmoore-r7's repo.
2015-04-08 16:21:10 +10:00
9ebcb27929
Merge branch 'upstream/master' into connection-recovery
2015-04-08 15:48:21 +10:00
a9804dff62
Initial work to support fault-tolerant connectivity
...
This code adjusts the bind_tcp stager for x86 so that the listener
socket isn't close for meterpreter payloads. This means that meterpreter
can make an educated guess as to whether or not the payload was a bind
or tcp payload, and from there can attempt to establish communications
in the same way as before should something break along the way.
Some simple adjustments to the x64 meterpreter stage as well, but more
to come here.
2015-04-08 14:41:32 +10:00
9fd40870d0
Update http(s) generator functions
...
Methods now require a hash. I went with the hash because 1) that's what
we seem to use everywhere else, and 2) I couldn't get the new keyword
arguments working nicely with the block syntax (I'm clearly stupid).
2015-04-08 07:56:54 +10:00
8f58e08c13
Add support for stageless reverse_http payloads
...
This includes both x64 and x86.
2015-04-07 11:01:24 +10:00
78c73cc2a3
Update cached sizes with the new uri defaults
2015-04-05 22:11:12 -05:00
c9696d3f6c
Merge in stageless/transport work, deconflict
2015-04-04 11:52:26 -07:00
fd043d4842
Fix up build and missing uri_checksum stuff
...
Somehow this made it into a merge when it shouldn't have. This fix moves
the URI checksum module to where it needs to be and updates all the
references where required. This will result in a class with the dynamic
transport branch, but I can fix that after.
2015-04-03 13:42:25 +10:00
34ff94e0da
Fix the proxy user/pass options
2015-03-31 15:49:43 -05:00
a39ba05383
Functional Payload UUID embedding via PayloadUUIDSeed
2015-03-31 15:44:18 -05:00
253e5d7dff
Include correct module, remove specified encoder type
2015-03-31 07:23:51 +10:00
c28cc66398
Add x64 bind_tcp and reverse_ipv6_tcp
...
Also fix up a couple of modules to use Metasploit4 instead of
Metasploit3.
2015-03-30 18:59:30 +10:00
26792975eb
Refactor of code to reduce duplication
...
Add mixin for the stageless http preparation
2015-03-30 13:18:56 +10:00
f8851551c5
Add initial x64 stageless meterrpeter module
2015-03-30 11:23:51 +10:00
ce8f6d72e1
More work on x64 stageless
...
Testing with HD's new changes that allow for generation of larger x64
payloads
2015-03-30 09:51:04 +10:00
17dc2b184d
Merging upstream/master
2015-03-30 09:12:20 +10:00
e0568e95c2
Land #4978 @zerosteiner adds reverse https for python meterpreter
2015-03-26 19:16:46 -05:00
10e8cefd6d
Pymet dont validate ssl certs for 2.7.9/3.4.3
2015-03-25 19:49:42 -04:00
24d74b26e3
Beginning work for stageless x64 meterpreter
2015-03-24 06:50:06 +10:00
9c9d333a1b
Create verify ssl mixin, adjust some formatting
2015-03-23 13:21:08 +10:00
a407bc8d65
Fix the reverse_https stager CachedSize for the spec
2015-03-21 13:05:44 -04:00
7282968d8a
Python reverse HTTPS stager
2015-03-21 12:43:14 -04:00
fd4ad9bd2e
Rework changes on top of HD's PR
...
This commit removes duplication, tidies up a couple of things and puts
some common code into the x509 module.
2015-03-20 13:06:57 +10:00
7b4161bdb4
Update code to handle cert validation properly
...
This code contains duplication from HD's PR. Once his has been landed
this code can be fixed up a bit so that duplication is removed.
2015-03-20 12:52:47 +10:00
7899881416
Update POSIX bins from master
2015-03-19 14:50:14 +10:00
346b1d539f
Revert Java back to static size for cache purposes (less cpu usage on startup)
2015-03-18 16:24:01 -05:00
33bbf7cb7e
Dynamic URI generation for python/java http(s) stagers
2015-03-18 16:08:11 -05:00
7ae97393e0
fix x64/reverse_https stager shellcode
2015-03-18 15:34:31 -04:00
b62da42927
Merge branch 'master' into feature/add-proxies-to-wininet
2015-03-18 01:51:15 -05:00
ef443c83b9
Fix overgreed search/replace
2015-03-18 01:21:53 -05:00
f7a06d8e44
Rework PROXY_{HOST|PORT|TYPE|USERNAME|PASSWORD) to the new syntax
2015-03-18 01:15:32 -05:00
87a489907c
Place an IPv6 proxy IP between brackets
2015-03-18 01:01:16 -05:00
259db269bd
Remove user/pass and invalid class from the options
2015-03-18 01:01:16 -05:00
2ab14e7e79
Adds IPv6 and option-related issues with the previous patch
2015-03-18 01:01:10 -05:00
0601946830
Don't mandate and default PROXY_HOST (miscopy from the proxy stager)
2015-03-18 01:00:04 -05:00
85fb534e63
Fix up the offset detection again, cleanup redundant code
2015-03-18 00:59:25 -05:00
2f13988d7b
Use OptPort vs OptInt and cleanup the description
2015-03-18 00:59:25 -05:00
a01be365b0
Rework PROXYHOST/PROXYPORT to PROXY_HOST/PROXY_PORT
...
This also cleans up the windows reverse_https_proxy stager.
2015-03-18 00:59:13 -05:00
abb8a32e68
update spec for dynamic meterpreter payloads
2015-03-16 18:08:13 -05:00
7e89281485
Adds proxy (with authentication) support to reverse_http(s)
2015-03-16 00:03:31 -05:00
b68e05e536
Land #4914 , @hmoore-r7 and @BorjaMerino winhttp stagers
2015-03-13 08:24:11 -05:00
35cfdf051a
Add support for meterpreter_reverse_ipv6_tcp
...
New payload added, makes use of existing functionality.
2015-03-13 20:15:31 +10:00
744b1a680e
Reworks how payload prepends work internally, see #1674
2015-03-12 02:30:06 -05:00
345b5cc8e1
Add stageless meterpreter support
...
This commit adds plumbing which allows for the creation of stageless
meterpreter payloads that include extensions. The included transprots at
this point are bind_tcp, reverse_tcp and reverse_https, all x86.
More coming for x64. Will also validate http soon.
2015-03-12 13:22:04 +10:00
c3f2536ef6
Make the stager clear in the payload descriptions
2015-03-11 21:30:02 -05:00
b105a88b95
Fix https convention
2015-03-11 21:26:31 -05:00
8bae58d631
Updated cache sizes
2015-03-11 21:25:12 -05:00
1135e5e073
First take on WinHTTP stagers, untested
2015-03-11 16:27:14 -05:00
7e3b4017f0
Rename and resynced with master, ready for refactoring
2015-03-11 14:36:27 -05:00
ea1bc69e2e
Merge branch 'master' into feature/add-reverse_winhttp-stagers
2015-03-11 14:29:34 -05:00
ceeee4446f
Land #4904 , @hmoore-r7 reworks reverse_http/s stagers
...
They are now assembled dynamically and support more flexible options,
such as long URLs.
2015-03-11 10:41:59 -05:00
ad39adf9c2
Missing comma
2015-03-11 00:49:07 -05:00
a89926b663
Exclude vncinject from http stagers (depends on sockedi)
2015-03-11 00:46:04 -05:00
9ade107325
disable reverse_http methods from upexec and shell payloads
...
These don't work over http and don't appear to have ever, as far back as
I could test. They appear to be an accident perhaps.
2015-03-10 17:08:58 -05:00
db351317a5
Merge with PR branch
2015-03-10 14:08:35 -05:00
0f763c2cb3
First step to reworking the winhttp stagers
2015-03-10 14:07:25 -05:00
991e72a4fa
HTTP stager based on WinHttp
2015-03-10 13:40:16 -05:00
966848127a
Refactor x86 Windows reverse_http and reverse_https stagers
2015-03-10 12:48:30 -05:00
618fbf075a
Update CachedSize for the fixed stager
2015-03-09 16:57:14 -05:00
746f18d9bb
Fallback to a localhost variant to make the length predictable
2015-03-09 16:56:25 -05:00
6543c3c36f
Update CachedSize for the fixed stager
2015-03-09 16:54:57 -05:00
c676ac1499
Fallback to a localhost variant to make the length predictable
2015-03-09 16:53:28 -05:00
d0324e8ad3
Final cleanup, passing specs
2015-03-09 15:50:57 -05:00
da81f6b2a0
Correct the :dynamic cache sizes
2015-03-09 15:44:14 -05:00
02509d02e4
The result of running ./tools/update_payload_cached_sizes.rb
2015-03-09 15:31:04 -05:00
a648e74c4b
Remove unnecessary semicolon
2015-03-02 15:36:45 -06:00
80169de4d0
Remove -i from shell in reverse_python
2015-03-02 15:29:50 -06:00
5297ebc1a1
Merge branch 'master' into land-1396-http_proxy_pstore
...
Bring things back to the future
2015-02-20 08:50:17 -06:00
91b4a59fc7
msftidy fixes
2015-02-20 08:42:54 -06:00
bae19405a7
Various grammar, spelling, word choice fixes
2015-01-26 11:00:07 -06:00
d14413579c
HTTP stager based on WinHttp
2015-01-19 13:01:56 +01:00
7a2f0553a8
Update reverse_tcp.rb
...
prevent over-reading from socket
2015-01-18 17:32:53 +02:00
9c12fcc2f1
Update bind_tcp.rb
...
Read exactly l bytes
2015-01-18 15:42:09 +02:00
18e15a109a
Update bind_tcp.rb
...
Prevent over reading from socket
2015-01-18 15:35:56 +02:00
9791acd0bf
Add stager ipknock shellcode (PR 2)
2014-12-27 22:03:45 +01:00
93be828738
Fix invalid URL in splat
2014-12-22 11:26:20 -06:00
f1b9862665
Align shellcode in bind_hidden_tcp
2014-12-22 11:17:14 -06:00
9a7e431a4a
New block_api applied
2014-12-22 17:21:13 +01:00
42636fb3c0
Handler and block_hidden_bind_tcp deleted
2014-12-22 17:21:13 +01:00
fa8e944e34
AHOST OptAddress moved to the payload
2014-12-22 17:21:11 +01:00
c0fa8c0e3f
Add stager for hidden bind shell payload
2014-12-22 17:21:11 +01:00
2c0c732967
Fix #4414 & #4415 - exitfunc and proper null-terminated string
...
This patch fixes the following for messagebox.rb
Issue 1 (#4415 )
When exitfunc is none, the payload will not be able to generate
due to an "invalid opcode" error.
Issue 2: (#4414 )
After "user32.dll" is pushed onto the stack for the LoadLibrary
call, the payload does not actually ensure bl is a null byte, it
just assumes it is and uses it to modify the stack to get a
null-terminated string.
Fix #4414
Fix #4415
2014-12-19 03:19:06 -06:00
e3943682a2
Improves linux/armle payloads, lands #3315
2014-12-13 18:27:14 -06:00
5a645c5eba
Stagers updated from source
2014-12-13 12:50:47 -06:00
92490ab5e8
Singles updated from the source
2014-12-13 12:22:07 -06:00
79f2708a6e
Slight fixes to grammar/desc/whitespace
...
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00
fc96d011ab
Python reverse_http stager, lands #4225
2014-12-02 11:47:31 -06:00
7fe72fd118
Cosmetic tweaks for #4225
2014-12-02 11:47:14 -06:00
4a4608adbc
Add format_all_drives shellcode for Windows x86_x64
2014-11-27 23:06:54 +05:30
8473ed144a
Add format_all_drives shellcode for Windows x86_x64
2014-11-27 14:13:49 +05:30
f5633ba3c3
Add format_all_drives shellcode for Windows x86_x64
2014-11-26 20:29:25 +05:30
8e7e5590c9
rename SHELLARG to ARGV0 because that's really what it is
2014-11-19 22:14:24 +01:00
ac4c11ca39
work on linux/armle/shell_bind/tcp
...
same changes as to shell_reverse_tcp
2014-11-19 21:53:23 +01:00
fd7248b3c0
work on linux/armle/shell_reverse_tcp
...
shorten the execve code, remove exit, grow argv[0] space
2014-11-19 21:53:23 +01:00
d5ebd8a2dc
Shorten the reverse_http stager by renaming a var
2014-11-17 19:04:26 -05:00
0bf93acf6b
Pymeterp http proxy and user agent support
2014-11-16 14:29:20 -05:00
7c14e818f6
Patch pymeterp http settings
2014-11-14 17:12:23 -05:00
681ae8ce6b
Pymet reverse_http stager basic implementation
2014-11-14 14:15:46 -05:00
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
e0016d4af3
Remove hash rocket from refs array #3766
...
[SeeRM #8776 ]
2014-10-08 09:16:38 +00:00
3c7be9c4c5
Remove hash rockets from references #3766
...
[SeeRM #8776 ]
2014-10-08 09:01:19 +00:00
9e5826c4eb
Land #3844 - Add the JSObfu mixin to Firefox exploits
2014-09-29 11:15:14 -05:00
b96a7ed1d0
Install a global object in firefox payloads, bump jsobfu.
2014-09-24 16:05:00 -05:00
0247e4a521
Change RequiredCmd for reverse_bash_telnet_ssl cmd payload
2014-09-24 00:40:14 -05:00
e1b6ee283f
Allow Msf::Payload::JSP to guess system shell path if it isnt provided
2014-08-30 16:27:02 -05:00
af3ca19ab2
Land #3501 , @AnwarMohamed's android meterpreter commands.
2014-08-09 16:29:59 -05:00
c31fc61617
Land #3270 , @jlee-r7 deprecation ipv6 payloads
...
These are not needed, since you can just config the regular handler now
and pick either.
This resolves the conflict (rm'ed the old modules)
Conflicts:
modules/payloads/stagers/windows/reverse_ipv6_http.rb
modules/payloads/stagers/windows/reverse_ipv6_https.rb
2014-08-01 16:27:59 -05:00
c2be3d6875
fixing autoload bug
2014-07-29 17:51:56 +02:00
6bbb2124a7
bug fixing
2014-07-29 15:49:14 +02:00
283046b25d
fixing auto load on new session
2014-07-28 10:49:50 +02:00
25f74b79b8
Land #3484 , bad pack/unpack specifier fix
2014-07-16 14:52:23 -05:00
de22aeba41
Land #3481 , meterpreter bins
2014-07-14 15:57:52 -05:00
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
bcec2df0a4
Fix Meterpreter PHP hop description
2014-07-10 11:35:48 -05:00
038d1e210a
Merge upstream/master to deconflict.
...
Conflicts:
Gemfile.lock
2014-07-09 17:43:42 -05:00
e908bb6819
formating
2014-07-08 11:02:41 +02:00
34dcb609e2
android extension
2014-07-08 04:52:06 +02:00
9fef2ca0f3
Description/whitespace changes (minor)
...
Four modules updated for the weekly release with minor cosmetic fixes.
- [ ] See all affected modules still load.
- [ ] See all affected modules have expected `info`
2014-07-07 12:39:05 -05:00
6f433db609
Minor typo fix
2014-07-06 23:44:17 -05:00
3ef35f19dc
Prefer strip over chomp
2014-07-06 23:17:09 -05:00
d76081bcef
Prefer strip over chomp
2014-07-06 23:16:56 -05:00
ab7848a895
Merge master for testing of #2809
2014-07-06 22:27:58 -05:00
c9b6c05eab
Fix improper use of host-endian or signed pack/unpack
...
Note that there are some cases of host-endian left, these
are intentional because they operate on host-local memory
or services.
When in doubt, please use:
```
ri pack
```
2014-06-30 02:50:10 -05:00
8b63d3d467
Revert the revert of #3446
...
This reverts commit 9b35b0e13a
2014-06-29 17:22:21 -05:00
9b35b0e13a
Revert "Land #3446 -- Meterpreter bins gem switch" due to build failures
...
This reverts commit bba8bd3498002234993f
2014-06-25 13:24:07 -05:00
5d6b582adc
Update modules to use new path.
2014-06-19 18:44:19 -05:00
8e1949f3c8
Added newline at EOF
2014-06-17 21:03:18 +02:00
2aa26fa290
Minor spacing and word choice fixups
2014-06-16 11:40:21 -05:00
2a7227f443
Land #3427 - Adds webcam module for firefox privileged sessions on OSX
2014-06-11 22:27:25 -05:00
2c8a99143b
Land #3426 , @Meatballs1's Python v2.3.3 Compatible Command Shell payloads
2014-06-10 09:55:58 -05:00
dc69afebb1
License and Require
2014-06-09 21:41:38 +01:00
25ed68af6e
Land #3017 , Windows x86 Shell Hidden Bind
...
A bind shellcode that responds as 'closed' unless the client matches the
AHOST ip.
2014-06-08 13:49:49 +01:00
2be6b8befe
Remove bind hidden handler
2014-06-07 14:34:20 +01:00
496be5c336
Ensure command_shell_options is present.
2014-06-06 16:26:45 -05:00
d990fb4999
Remove a number of stray edits and bs.
2014-06-06 16:24:45 -05:00
c032b8ce8e
Compat
2014-06-04 02:27:06 +01:00
6c7fd3642a
Land #3411 , Python 3.[34] Meterpreter support
2014-06-03 11:34:22 -05:00
0e4177fb75
Pymeterpreter shorten stagers by 3 bytes
2014-06-03 12:03:20 -04:00
95376bf6d3
Pymeterpreter update stager and stage descriptions
2014-06-03 10:17:27 -04:00
d0d389598a
Land #3086 , Android Java Meterpreter updates
...
w00t.
2014-06-02 17:28:38 -05:00
76c3aaf743
Pymeterpreter get type encoder from dict instead
2014-06-02 17:32:08 -04:00
aeca455a10
Pymeterpreter update pystagers for version 3.1/3.2
2014-06-02 17:18:13 -04:00
77eac38b01
Pymeterpreter fix processes_via_proc for Python v3
2014-05-30 16:32:03 -04:00
145776db4d
Add a DEBUGGING option to the python meterpreter
2014-05-29 10:52:49 -04:00
15b1c79039
Adjust whitespace and set bytes to str for Python 2
2014-05-28 16:30:27 -04:00
c559483176
Land #3392 , @TomSellers patch to use python constants
2014-05-25 16:18:42 -04:00
77f66f8510
Update reverse_tcp.rb
2014-05-25 14:04:54 -05:00
b5c567c462
Update bind_tcp.rb
2014-05-25 14:03:45 -05:00
14b796acbf
First stab at refactoring webrtc mixin.
2014-05-21 15:32:29 -05:00
1ada4831e0
Land #3293 , module deprecation constants
2014-05-14 01:37:29 -05:00
ae0691c586
make string replacement more robust
2014-05-10 17:00:25 +01:00
111160147f
MIPS exec payload fixes for encoder
2014-04-30 20:37:54 +02:00
ec1f7d644c
Support deprecation information from constants
2014-04-23 23:03:02 -04:00
af899254a3
Missed file
2014-04-16 19:14:17 -05:00
549e306572
Remove superfluous v6 http{,s} payload and handler
2014-04-16 18:32:35 -05:00
b4f5784ba2
Land #3147 , @m-1-k-3's mipsbe exec payload.
2014-04-08 22:32:21 -05:00
ffdca3bf42
Fixup on some modules for release
...
There may be more coming, but if not, this should cover
this week's minor style changes.
2014-03-31 12:42:19 -05:00
657b096be3
make msftidy happy
2014-03-27 19:24:25 +01:00
ad94653fc0
feedback included
2014-03-27 16:12:34 +01:00
3fc114e265
exec payload - new try
2014-03-26 19:48:14 +01:00
33651d0753
Fix formatting of hash options.
2014-03-25 14:43:53 -05:00
c8784168d5
Fix references and whitespace in mips payloads.
2014-03-25 14:39:27 -05:00
1ac3944627
Merge branch 'landing-pr-3095' into upstream-master
2014-03-25 10:56:42 -05:00
1680f9cc5d
Land PR #3127 , @m-1-k-3's mipsbe reboot payload, into master
2014-03-25 10:44:37 -05:00
50efd0b5d0
change name and filename and file included
2014-03-25 09:13:04 +01:00
a9952fa294
change name and filename
2014-03-25 09:11:16 +01:00
fca4425f95
feedback
2014-03-25 09:09:13 +01:00
4f1404eecc
reboot payload for mipsbe
2014-03-20 12:37:58 +01:00
0b6a890137
Fix missing require in reverse_powershell
...
When initializing the db:
/opt/metasploit-framework/modules/payloads/singles/cmd/windows/reverse_powershell.rb:34:in `initialize': uninitialized constant Msf::Handler::ReverseTcp (NameError)
from /opt/metasploit-framework/lib/msf/core/payload_set.rb:198:in `new'
from /opt/metasploit-framework/lib/msf/core/payload_set.rb:198:in `add_module'
from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:72:in `on_module_load'
from /opt/metasploit-framework/lib/msf/core/modules/loader/base.rb:207:in `load_module'
from /opt/metasploit-framework/lib/msf/core/modules/loader/base.rb:271:in `block in load_modules'
from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:58:in `block (2 levels) in each_module_reference_name'
from /opt/metasploit-framework/lib/rex/file.rb:127:in `block in find'
from /opt/metasploit-framework/lib/rex/file.rb:126:in `catch'
from /opt/metasploit-framework/lib/rex/file.rb:126:in `find'
from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:45:in `block in each_module_reference_name'
from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:29:in `foreach'
from /opt/metasploit-framework/lib/msf/core/modules/loader/directory.rb:29:in `each_module_reference_name'
from /opt/metasploit-framework/lib/msf/core/modules/loader/base.rb:264:in `load_modules'
from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:118:in `block in load_modules'
from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:116:in `each'
from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:116:in `load_modules'
from /opt/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:56:in `block in add_module_path'
from /opt/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:55:in `each'
from /opt/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:55:in `add_module_path'
from /opt/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:14:in `init_module_paths'
from /opt/metasploit-framework/lib/msf/ui/console/driver.rb:228:in `initialize'
from /opt/metasploit-framework/msfconsole:148:in `new'
from /opt/metasploit-framework/msfconsole:148:in `<main>'
2014-03-14 19:28:00 +00:00
8db5d854c2
typo, null terminator
2014-03-13 18:38:27 +01:00
f39e784d19
mipsle execve payload
2014-03-12 21:08:40 +01:00
15b1a5931c
Remove extra resources from android reverse_http(s).
2014-03-11 11:56:05 -05:00
4f31eba7f4
android payload golf
2014-03-10 21:50:00 -05:00
ad8b0ef3d1
using http(s)://LHOST:LPORT
2014-03-10 21:50:00 -05:00
b45524ecdd
generate cert @ payload/dalvik.rb
2014-03-10 21:50:00 -05:00
99cc94e6fc
moving string_sub() to payload/dalvik.rb
2014-03-10 21:49:59 -05:00
dc8992924f
android reverse_http/s
2014-03-10 21:49:59 -05:00
46c11ea2eb
Small fixes to m-1-k-3's mipsle reboot shellcode.
2014-03-10 17:17:23 -05:00
7da54eb9cf
Merge branch 'landing-3041' into upstream-master
...
Lands PR #3041 , @m-1-k-3's reboot shellcode.
2014-03-10 17:11:06 -05:00
3c95c021d0
Reference added
2014-03-10 12:17:20 +01:00
1fda6b86a1
Changed cmp eax by inc eax. Saved one byte
2014-03-10 12:13:10 +01:00
689523a26f
Clean Code based on jlee-r7's comments
...
- Put allocations in loop
- Decomment exitfunc
- Aligned comments
- Some more code cleaning
2014-03-06 02:44:24 +01:00
83929facc4
Fix bug on Windows XP
...
Correct the addresses of functions in pstorec.dll.
Successfully tested on Server 2003 and XP.
2014-03-06 02:35:44 +01:00
b6b46abe9f
Add new stager stager_reverse_http_proxy_pstore
...
This stager looks for proxy credentials in windows protected storage. If it finds proxy credentials, it will use them to connect back. If it does not find credentials, it will do the same as stager_reverse_http.
Works on:
- Windows Server 2003
- Windows XP
- Internet Explorer versions 4 to 6
2014-03-06 02:35:12 +01:00
caaa419ef8
Land #3054 - Fix crash in osx/x64/exec on 10.9 Mavericks
2014-03-04 15:24:02 -06:00
f0868c35bf
Land #3050 - Fix tained perl payloads
2014-03-04 10:05:47 +10:00
6a02a2e3b3
NULL out envp pointer before execve call.
...
This was causing a crash on 10.9.
2014-03-03 08:56:52 -06:00
8c4b663643
Fix payloads to bypass Perl's Taint mode.
2014-03-02 18:39:05 +02:00
6c490af75e
Add randomization to Rex::Zip::Jar and java_signed_applet
2014-02-27 12:38:52 -06:00
d6b28e3b74
mipsel reboot payload
2014-02-26 20:34:35 +01:00
b4a22aa25d
hidden bind shell payload
2014-02-20 16:19:40 +01:00
e75a0ea948
Fix typo
2014-02-19 15:21:02 -06:00
aa07065f67
Land #2959 , reverse powershell payload by @Meatballs1
2014-02-19 15:14:54 -06:00
9fad43da08
Add license information
2014-02-19 15:11:12 -06:00
c0983138a0
Fix wrapping errors on long domains.
2014-02-15 15:21:16 -06:00
b0d2949f9a
Ensure no race conditions on handlers
...
Configurable WfsDelay
2014-02-15 15:21:16 -06:00
62f42c57a9
Add instructions for uploading hop.php
2014-02-15 15:21:16 -06:00
5f7a0e162c
Add reverse_hop_http stager and handler
2014-02-15 15:21:16 -06:00
1f0020a61c
Land #2946 , @jlee-r7's optimization of the x86 block_api code
2014-02-11 15:00:00 -06:00
9f04e0081d
Stick with command let encoder handle encoding
2014-02-08 19:28:03 +00:00
93b07b0e48
Add missing RequiredCmds
2014-02-08 12:24:49 +00:00
80814adaf9
Credit where credits due
2014-02-08 01:42:45 +00:00
efe4d6b41a
Tidyup
2014-02-08 01:03:02 +00:00
2d1a0c3a01
Windows CMD love too
2014-02-08 01:00:31 +00:00
14aa8ffd5c
Apply blockapi changes to bind_tcp and bind_tcp_rc4
2014-02-04 17:45:18 -06:00
bda93c2bbc
Land #2811 - Add generate_war to jsp_shell payloads
2014-02-04 15:06:45 -06:00
20b8062220
Apply blockapi changes to reverse_tcp_rc4
2014-02-04 12:30:56 -06:00
c70680cf1c
Fix infinite-retry bug
...
Derp, block_api clobbers ecx
2014-02-04 11:59:16 -06:00
9c3664bd45
Unify reverse_http and reverse_https
...
This will make copy-pasta less painful in the future. There's still the
problem of reverse_https_proxy being very similar, but the logic in how
it gets generated in the module is more than i want to tackle right now
2014-02-04 09:09:12 -06:00
f163bc7f7a
Unbreak reverse_https_proxy
...
Broken by #2448 , 063da8a22e
2014-02-03 15:07:59 -06:00
be0b9fc2f8
Use the new block_api in windows/reverse_tcp
2014-02-03 11:34:52 -06:00
bfc0ac4dd4
Golf a few bytes off of reverse_http(s)
2014-02-03 11:33:55 -06:00
1197426b40
Land PR #2881 , @jvazquez-r7's mips stagers.
2014-01-15 12:46:41 -06:00
0833da465a
Lands #2832 , @jvazquez-r7's fixes to mipsel shellcode.
2014-01-15 12:03:17 -06:00
a056d937e7
Fluch data cache and improve documentation
2014-01-14 14:06:01 -06:00
a8806887e9
Add support for MIPS reverse shell staged payloads
2014-01-14 12:25:11 -06:00
ad832adfc1
Land #2846 - Update mipsle shell_bind_tcp shellcode
2014-01-13 17:37:08 -06:00
61b30e8b60
Land #2869 , pre-release title/desc fixes
2014-01-13 14:29:27 -06:00
e6e6d7aae4
Land #2868 , fix Firefox mixin requires
2014-01-13 14:23:51 -06:00
671027a126
Pre-release title/desc fixes
2014-01-13 13:57:34 -06:00
3db143c452
Remove explicit requires for FF payload.
...
Adds ff payload require to msf/core/payload.rb
2014-01-13 13:07:55 -06:00
95a5d12345
Merge #2835 , #2836 , #2837 , #2838 , #2839 , #2840 , #2841 , #2842 into one branch
2014-01-13 10:57:09 -06:00
140d1fbf90
Land #2847 - Add MIPS big endian single shell_bind_tcp payload
2014-01-10 15:06:35 -06:00
202e19674c
Land #2856 - Fix ARMLE stagers
2014-01-10 15:05:03 -06:00
96ba41a4b0
Land #2844 - Fix the mipsbe shell_reverse_tcp payload
2014-01-10 15:00:39 -06:00
4e8092aceb
Fix armle stagers
2014-01-09 17:34:59 -06:00
a0879b39e0
Add mips be shell_bind_tcp payload
2014-01-08 14:48:54 -06:00
1727b7fb37
Allow the Msf::Payload::Linux's generate to make its work
2014-01-08 12:41:10 -06:00
83e5169734
Don't use temporal register between syscals and save some bytes on the execve
2014-01-08 11:45:27 -06:00
5f7582b72d
Don't use a temporary registerfor the dup2 loop counter
2014-01-07 18:02:55 -06:00
c2dce19768
Don't use a temporary registerfor the dup2 loop counter
2014-01-07 17:39:27 -06:00
a85492a2d7
Fix my own busted dup2 sequence
2014-01-07 16:27:01 -06:00
fb1a038024
Update async API to actually be async in all cases.
...
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
2014-01-07 16:17:34 -06:00
3230b193e1
Make better comment
2014-01-07 15:32:46 -06:00
80dcda6f76
Fix bind call
2014-01-07 15:31:42 -06:00
d567737657
Update reverse_tcp_rc4_dns.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:12:38 +01:00
385ae7ec38
Update reverse_tcp_rc4.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:11:16 +01:00
693d95526b
Update bind_tcp_rc4.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:09:53 +01:00
b5524654d5
Delete comment
2014-01-07 14:50:26 -06:00
45c86d149f
Modify authors field
2014-01-07 14:50:12 -06:00
d6639294aa
Save some instructions with dup2
2014-01-07 14:41:33 -06:00
9cf221cdd6
Delete delay slots after syscall
2014-01-07 13:18:20 -06:00
70d4082c0c
Add formatting blank lines and delete comment
2014-01-07 09:55:36 -06:00
3edd2a50e2
Shorter mipsle shell_reverse_tcp
2014-01-07 09:45:28 -06:00
3b29c370bd
Fix bug in the firefox/exec payload.
2014-01-05 11:24:41 -06:00
4329e5a21e
Update firefox payloads to use async runCmd.
2014-01-04 08:49:43 -06:00
fdca396bc8
Update exec to be diskless.
2014-01-04 08:48:58 -06:00
a5ebdce262
Add exec payload. Cleans up a lot of code.
...
Adds some yardocs and whatnot.
2014-01-03 18:23:48 -06:00
f5f18965b9
Move the require to the payloads as ruby and nodejs payloads do
2014-01-02 16:05:03 -06:00
06fb2139b0
Digging around to get shell_command_token to work.
2014-01-02 14:05:06 -06:00
12fece3aa6
Kill unnecessary comment.
2014-01-02 10:48:28 -06:00
1f9ac12dda
DRYs up firefox payloads.
2014-01-02 10:48:28 -06:00
821aa47d7e
Add firefox paylods.
...
* Adds support for windows or posix shell escaping.
2014-01-02 10:48:28 -06:00
0725b9c69c
Refactor JSP payloads
2013-12-31 08:27:37 -06:00
aa38a23921
Add generate_war to jsp_shell payloads
2013-12-30 13:53:58 -06:00
0db062a1ce
Merge branch 'meatballs-vncdll-submodule'
2013-12-20 18:29:27 +10:00
34cdec5155
Update project VS 2013, clean CLI build
...
* Project system updated to VS 2013.
* Clean builds, had to remove a bunch of warnings.
* `make.bat` for building from the command line.
* Removed RDI stuff that shouldn't be there any more.
* Renamed the x86 DLL to include the platform name.
2013-12-20 09:49:15 +10:00
252909a609
Land #2448 , @OJ's ReverseListenerBindPort :)
2013-12-17 11:24:09 -06:00
f1c5ab95bf
Land #2690 - typo
2013-11-25 23:53:34 -06:00
70139d05ea
Fix missed title
2013-11-25 22:46:35 -06:00
e8eb983ae1
Resplat shell_bind_tcp_random_port
2013-11-20 14:48:53 -06:00
2c485c509e
Fix caps on module titles (first pass)
2013-11-15 00:03:42 -06:00
28c5dd63fd
references fix
2013-11-11 17:14:50 -03:00
8f6917a117
references fix
2013-11-11 17:12:45 -03:00
e3641158d9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-11-11 14:29:19 -03:00
030fbba539
Merge branch 'master' of https://github.com/geyslan/metasploit-framework
2013-11-11 14:22:00 -03:00
81a7b1a9bf
Fixes for #2350 , random bind shellcode
...
* Moved shortlink to a reference.
* Reformat e-mail address.
* Fixed whitespace
* Use multiline quote per most other module descriptions
Still need to resplat the modules, but it's no big thang to do that
after landing. Also, References do not seem to appear for post modules
in the normal msfconsole. This is a bug in the UI, not for these modules
-- many payloads would benefit from being explicit on their references,
so may as well start with these.
2013-11-11 10:33:15 -06:00
063da8a22e
Update reverse_https_proxy stager/handler
...
This change updates the proxy handler code, which for some reason was
ommitted in the orginal commits. This now uses the same mechanism as
the new code. It removes `HIDDENHOST` and `HIDDENPORT`, and instead
uses `ReverseListenerBindHost` and `ReverseListenerBindAddress`.
2013-11-11 22:21:05 +10:00
f5d1d8eace
chmod -x .rb files without #! in modules and lib
...
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
1599d1171d
Land #2558 - Release fixes
2013-10-21 13:48:11 -05:00
bce8d9a90f
Update license comments with resplat.
2013-10-21 13:36:15 -05:00
c070108da6
Release-related updates
...
* Lua is not an acronym
* Adds an OSVDB ref
* credit @jvazquez-r7, not HD, for the Windows CMD thing
2013-10-21 13:33:00 -05:00
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
cacaf40276
Land #2542 - D-Link DIR-605L Captcha Handling Buffer Overflow
2013-10-21 12:03:07 -05:00
6430fa3354
Land #2539 - Support Windows CMD generic payload
...
This also upgrades auxiliary/admin/scada/igss_exec_17 to an exploit
2013-10-21 11:26:13 -05:00
5a0b8095c0
Land #2382 , Lua bind and reverse shells
2013-10-18 17:11:37 -05:00
be1d6ee0d3
Support Windows CMD generic payload
2013-10-17 14:07:27 -05:00
3d3a7b3818
Add support for OSVDB 86824
2013-10-17 01:08:01 -05:00
f0aedd932d
More stragglers
2013-10-16 16:29:55 -05:00
ba2c52c5de
Fixed up some more weird splat formatting.
2013-10-16 16:25:48 -05:00
5d86ab4ab8
Catch mis-formatted bracket comments.
2013-10-15 14:52:12 -05:00
ed0b84b7f7
Another round of re-splatting.
2013-10-15 14:14:15 -05:00
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
e10dbf8a5d
Land #2508 - Add nodejs payloads
2013-10-14 12:23:31 -05:00
c7bcc97dff
Add SSL support to #nodejs_reverse_tcp.
2013-10-12 03:32:52 -05:00
6440a26f04
Move shared Node.js payload logic to mixin.
...
- this fixes the recursive loading issue when creating a payload
inside the cmd payload
- also dries up some of the node cmd invocation logic.
2013-10-12 03:19:06 -05:00
9ca9b4ab29
Merge branch 'master' into data_dir
...
Conflicts:
lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
1e78c3ca1a
Add missing require to nodejs/bind payload.
2013-10-09 11:39:05 -05:00
4266b88a20
Move author name to just 'joev'
...
[See #2476 ]
2013-10-07 12:50:04 -05:00
da48565093
Add more payloads for nodejs.
...
* Adds a reverse and bind CMD payload
* Adds a bind payload (no bind_ssl for now).
2013-10-07 06:09:21 -05:00
6492bde1c7
New Payload
...
Merge remote-tracking branch 'origin'
2013-10-05 09:17:14 -03:00
31f265b411
New Shell Bind TCP Random Port Payload (x86_64)
2013-10-05 09:02:05 -03:00
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
99e46d2cdb
Merge branch 'master' into cve-2013-4660_js_yaml_code_exec
...
Conflicts:
modules/exploits/multi/handler.rb
2013-09-25 00:32:56 -05:00
cd98c4654d
Remove unecessary print from #generate in payloads.
2013-09-25 00:12:28 -05:00
c547e84fa7
Prefer Ruby style for single word collections
...
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.
This change converts all Payloads to this format if there is more than
one payload to choose from.
It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.
See:
https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
801dda2b09
Change PayloadType to NodeJS.
2013-09-23 11:31:45 -05:00
41e1a3d05b
removed shell prompt in lua bind/reverse shells
2013-09-22 14:53:59 +07:00
a08d195308
Add Node.js as a platform.
...
* Fix some whitespace issues in platform.rb
2013-09-20 18:14:01 -05:00
02044e8b5e
Land #2373 , Corrects x64 reverse_https alignment
...
It appears that testing of the original submit was performed
on VMWare which worked. On a non virtualized machine the
payload would crash.
[Closes #2373 ] [FixRm #8271 ]
2013-09-17 22:50:04 +01:00
6bf0d9b761
Cleanup
2013-09-17 21:46:38 +01:00
21055f6856
Add x86 to meterpreter's binary suffix
...
This makes x86 more consistent with x64.
Also replaces a bunch of instances of:
File.join(Msf::Config.install_root, 'data', ...)
with the simpler
File.join(Msf::Config.data_directory, ...)
[See rapid7/meterpreter#19 ]
2013-09-16 21:52:04 -05:00
a641bc41a8
Kill unnecessary comment.
2013-09-16 21:35:53 -05:00
f954e5299f
Now working on windows even.
2013-09-16 21:34:12 -05:00
fe86325fd4
Fixed memory alignment for x64 reverse_http stager
2013-09-16 16:43:20 -04:00
2d936fb67c
Bail from payload if require() is not available.
...
* TODO: test on windows
2013-09-16 14:05:26 -05:00
08f0abafd6
Add nodejs single payloads, thanks to RageLtMan.
2013-09-16 13:38:42 -05:00
79e08c1560
added LUA bind/reverse shells
2013-09-16 17:02:08 +07:00
b7dec23a1d
Update meterpreter.rb
...
Meterpreter Error: Uninitialized Constant Error Prevents a 32bit Meterpreter session from migrating to a 64bit process.
Discovered: September 9th 2013
Fixed: September 11th 2013 By MosDefAssassin
Contact:ara1212@gmail.com
Tested on Windows 2008 R2 SP1 Running as a Domain Controller
Issue:
An issue has been discovered when you have created a simple 32bit windows/meterpreter/reverse_tcp payload and have launched the payload on the victim to obtain a remote meterpreter session. While in this session you attempt to migrate your 32bit process over to a 64bit process in order to take advantage of tools like hashdump or mimikatz or obtain system level access under a 64bit process that runs as system such as dns.exe. However when you attempt to migrate to a 64bit process you receive the following error:
Error running command migrate: NameError uninitialized constant Msf::Payload::Windows::ReflectiveDllInject_x64
Cause and Resolution:
This issue occurs because the meterpreter.rb file that is being called from within
“/opt/metasploit/apps/pro/msf3/modules/payloads/stages/windows/” folder
does not contain the following classes:
require 'msf/core/payload/windows/x64/reflectivedllinject'
require 'msf/base/sessions/meterpreter_x64_win'
Once you add these two classes to the meterpreter.rb file, you will be able to migrate to 64bit processes from a basic msfpayload generated 32bit meterpreter payload.
2013-09-12 14:32:13 -05:00
118cc900a7
new payload
2013-09-10 19:20:48 -03:00
06f7abc552
Helps to put the rand() wrapper in
2013-09-09 20:26:11 -05:00
baff3577e5
FixRM #8034 Pick a valid certificate expiration
2013-09-09 20:24:52 -05:00
896bb129cd
Retab changes for PR #2325
2013-09-05 13:24:09 -05:00
5ff25d8b96
Merge for retab
2013-09-05 13:23:25 -05:00
b913fcf1a7
Add a proper PrependFork for linux
...
Also fixes a typo bug for AppendExit
2013-09-04 00:15:07 -05:00
OJ
benpturner
Brent Cook
Balazs Bucsay
HD Moore
Ben Turner
William Vu
Meatballs
joev
Spencer McIntyre
rwhitcroft
Borja Merino
Tod Beardsley
eyalgr
root
Peregrino Gris
sinn3r
HackSys Team
Mark Schloesser
URI Assassin
Brendan Coles
Joe Vennix
jvazquez-r7
AnwarMohamed
James Lee
Chris Doughty
Christian Mehlmauer
Tom Sellers
Tim Wright
Michael Messner
Daniel Miller
somename11111
Sagi Shahar
scriptjunkie
Niel Nielsen
Geyslan G. Bem
jvazquez-r7
xistence
Ryan Wincey
RageLtMan
MosDefAssassin