infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,022 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

345 Commits (d07e6135044f484665f9ae27ca2c733b902d3a0d)

Author SHA1 Message Date
Matt Weeks 85d07af548 Multiple-session script execution fixed. 
Build config updated for netbeans 6.9 and current tree.



git-svn-id: file:///home/svn/framework3/trunk@9830 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-14 19:27:23 +00:00
Stephen Fewer c78b87a356 Add support for the ring0 stager_sysenter_hook payload to run its ring3 payload in a new thread in order to preserve/resume the original hijacked ring3 thread. 
git-svn-id: file:///home/svn/framework3/trunk@9819 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-14 13:43:17 +00:00
Matt Weeks dcb3ab6441 Initial commit of Java Metasploit GUI source. Netbeans project files included. 
git-svn-id: file:///home/svn/framework3/trunk@9815 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-13 22:43:43 +00:00
HD Moore 30d3440b5d New bins, implements the server side of multi-call railgun 
git-svn-id: file:///home/svn/framework3/trunk@9806 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-13 19:19:21 +00:00
Stephen Fewer a47ced6ac4 Partial solution for #1448. Fall back to CreateProcessWithTokenW when CreateProcessAsUser fails with ERROR_PRIVILEGE_NOT_HELD. While only available on 2003 and above this works on my server 2008 test case which was failing before. 
git-svn-id: file:///home/svn/framework3/trunk@9781 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-11 18:36:57 +00:00
Stephen Fewer 7a57ca57a6 Bug fix for a misplaced & in call to DestroyEnvironmentBlock() during process_execute(), was causing a hang on Vista and an Access Violation on server 2008. 
git-svn-id: file:///home/svn/framework3/trunk@9779 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-11 16:37:50 +00:00
James Lee 11bad248c5 add a simple script for turning a regular checkout into a mini version 
git-svn-id: file:///home/svn/framework3/trunk@9778 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-11 16:13:20 +00:00
HD Moore d0c8f91f21 Bump to 3.4.1 
git-svn-id: file:///home/svn/framework3/trunk@9764 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-10 15:19:01 +00:00
HD Moore d3a6418e53 Revert changes to elevate, still not getting around restrictions on primary token creation, needs a deeper look 
git-svn-id: file:///home/svn/framework3/trunk@9759 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-09 21:59:31 +00:00
HD Moore d5932fc2fd Switch the namedpipe code to convert the thread token to a primary token first 
git-svn-id: file:///home/svn/framework3/trunk@9756 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-09 21:40:44 +00:00
HD Moore ec9156827e Switch the elevator methods to DuplicateHandleEx to get a primary token 
git-svn-id: file:///home/svn/framework3/trunk@9755 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-09 21:23:05 +00:00
HD Moore 29f9f6671e This *should* fix all cases where execute -t would fail to use an impersonated token 
git-svn-id: file:///home/svn/framework3/trunk@9754 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-09 19:32:51 +00:00
James Lee 7fd71dcbcb note the updated version of ruby 
git-svn-id: file:///home/svn/framework3/trunk@9753 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-09 19:29:34 +00:00
HD Moore 972e7bc282 Clean up some of the token impersonation code around process execution 
git-svn-id: file:///home/svn/framework3/trunk@9751 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-09 18:54:20 +00:00
HD Moore ccfea56ed5 Minor tweak to build without the include path for common 
git-svn-id: file:///home/svn/framework3/trunk@9715 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-07 16:46:58 +00:00
HD Moore 5d9a6622de Merge railgun, tweak configurations 
git-svn-id: file:///home/svn/framework3/trunk@9709 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-07 16:29:03 +00:00
James Lee fb43495ada meterpreter now compiles on 64-bit linux in a 32-bit chroot. still need payload handlers and some stdapi love to make it useable 
git-svn-id: file:///home/svn/framework3/trunk@9468 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-10 06:10:15 +00:00
Joshua Drake 6d1e7bdaa5 big commit - lots of cmdstager changes 
created 4 cmd stagers (instead of just one): CmdStagerVBS, CmdStagerDebugAsm, CmdStagerDebugWrite, CmdStagerTFTP
created a TFTPServer mixin
created Msf::Exploit::EXE mixin to generate executables
updated all uses of CmdStager to use CmdStagerVBS for the time being
add exploit for cve-2001-0333 using CmdStagerTFTP
updated tftp server to wait for transfers to finish (up to 30 seconds) before shutting down
write debug.exe stager stub in 16-bit assembly (used in CmdStagerDebugAsm)


git-svn-id: file:///home/svn/framework3/trunk@9375 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-26 22:39:56 +00:00
Ramon de C Valle 380ed580fb Update unixasm external source. 
git-svn-id: file:///home/svn/framework3/trunk@9348 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-23 20:01:11 +00:00
James Lee 4f61fb6dc3 add a mini installer to the standard build. it can still use some more minification, it's at about 24MB and expands to 132MB 
git-svn-id: file:///home/svn/framework3/trunk@9341 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-21 06:25:26 +00:00
James Lee 0615dac174 break the common stuff out into a function 
git-svn-id: file:///home/svn/framework3/trunk@9337 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-21 04:53:46 +00:00
James Lee a89db83513 use the BINPATH 
git-svn-id: file:///home/svn/framework3/trunk@9329 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-20 20:39:55 +00:00
James Lee 3a928fc9c2 this is what i really meant. 
git-svn-id: file:///home/svn/framework3/trunk@9318 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-17 21:14:10 +00:00
James Lee 3ed28c0822 typo 
git-svn-id: file:///home/svn/framework3/trunk@9317 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-17 21:05:51 +00:00
James Lee b5cd499b06 only build an arch if we've got bins for it 
git-svn-id: file:///home/svn/framework3/trunk@9316 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-17 20:49:08 +00:00
James Lee 8d38f0da87 use a variable for the installation directory so we can eventually make it an option 
git-svn-id: file:///home/svn/framework3/trunk@9314 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-17 20:27:03 +00:00
James Lee c4a7368591 use our gems directory 
git-svn-id: file:///home/svn/framework3/trunk@9313 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-17 20:22:57 +00:00
HD Moore c93642b11f Update for 3.4.0 
git-svn-id: file:///home/svn/framework3/trunk@9307 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-16 17:35:56 +00:00
HD Moore 36836423d9 Add a warning, cosmetic comment to asm 
git-svn-id: file:///home/svn/framework3/trunk@9037 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-07 20:51:05 +00:00
HD Moore c6ebd735df Updated comments 
git-svn-id: file:///home/svn/framework3/trunk@9003 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 15:08:17 +00:00
HD Moore 11c10518b3 Bug fixes for better windows OS compatibility 
git-svn-id: file:///home/svn/framework3/trunk@9002 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 14:57:51 +00:00
HD Moore cd2760f2c2 Bug fixes and size improvements for the reverse_https stager 
git-svn-id: file:///home/svn/framework3/trunk@9001 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 13:53:35 +00:00
HD Moore e968c3894e More size tweaks 
git-svn-id: file:///home/svn/framework3/trunk@8999 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 08:03:28 +00:00
HD Moore c8defe9716 Size tweaks to bring the ssl stager + encoder + target_id to exactly 400 bytes 
git-svn-id: file:///home/svn/framework3/trunk@8998 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 07:48:53 +00:00
HD Moore c6c956ab46 Small patch to enable a new stager 
git-svn-id: file:///home/svn/framework3/trunk@8984 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 05:21:15 +00:00
HD Moore 5d0fb434b7 Adds a reverse_tcp_dns stager 
git-svn-id: file:///home/svn/framework3/trunk@8983 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 03:38:57 +00:00
Stephen Fewer 9a4293c445 In with the modified VNC payload which now supports an in memory breakout of session isolation for systems like Vista/2008/7 when the payload is run from a service in session 0 isolation. 
git-svn-id: file:///home/svn/framework3/trunk@8890 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-24 00:00:05 +00:00
Stephen Fewer c09ca4eba5 Commit all the code for the new 'screenshot' command in the stdapi extension. Screenshot will now work on NT4 - 7 on both x86 and x64 and on newer versions of Windows we can break out of session isolation (e.g. session 0 isolation for services) to screenshot the active desktop (or logon screen) without the need to migrate meterpreter. The majority of the migration code-injection stuff has been refactored out into base_inject.c so it can be shared with the new ps_inject() functionality to inject dlls. The 'ps' command now reports what session each process belongs to (if this is too verbose we can remove it or add a -v verbose switch to the ps command). The 'execute' command can now take a -s switch in order to create a process in a users session under the users privs (assuming you have the privs to do this). 
git-svn-id: file:///home/svn/framework3/trunk@8787 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-11 17:09:55 +00:00
Stephen Fewer c55e9af9ae Commit the updated APC injection stubs. fixes a nasty issue in some edge cases whereby when using APC injection for a process in another session then the current host process the injected APC can cause an access violation in kernel32 during a call the kernel32!CreateThread caused by the APC's host thread not having an initialized Activation Context inside its TEB. We now test for this and create a dummy ActivationContext entry to appease the kernel. This will both improve DLL injection reliability as well as meterpreter migration reliability. 
git-svn-id: file:///home/svn/framework3/trunk@8786 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-11 17:00:19 +00:00
Stephen Fewer 08d1850bcc Commit the new VNC x86/x64 DLL source code... 
git-svn-id: file:///home/svn/framework3/trunk@8745 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-08 14:49:45 +00:00
Stephen Fewer d0f2b589b6 Delete the old VNC source code. 
git-svn-id: file:///home/svn/framework3/trunk@8744 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-08 14:39:20 +00:00
Stephen Fewer 195d1ab4b8 Commit snojobs jpeg patch for espia with an x64 build and some minor changes on the ruby side (The 'screenshot' command is now 'screengrab' to avoid a future conflict with changes happening in stdapi). 
git-svn-id: file:///home/svn/framework3/trunk@8726 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-05 15:50:24 +00:00
Stephen Fewer 4e73d95dac Commit the JPEG-8 lib code from snowjobs patch. Added an x64 build environment and the libs directory for x86/x64 projects to link against. 
git-svn-id: file:///home/svn/framework3/trunk@8725 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-05 15:44:36 +00:00
Stephen Fewer 5f35f33cd1 Forgot the updated build.py, also add in a link to a blog post I wrote for this shellcode. 
git-svn-id: file:///home/svn/framework3/trunk@8657 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-26 14:27:13 +00:00
Stephen Fewer 88cc851a41 Commit the stager_sysenter_hook win32 kernel shellcode source and mixin patch, resolves #405. 
git-svn-id: file:///home/svn/framework3/trunk@8655 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-26 13:41:16 +00:00
Tod Beardsley d5f4ea9692 Adding TightVNC's java viewer to external/source. vnc.html works, it just needs to have the path set correctly. 
git-svn-id: file:///home/svn/framework3/trunk@8648 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-25 23:18:42 +00:00
Tod Beardsley 948d9d95d9 Deleting the winvnc java stuff. 
git-svn-id: file:///home/svn/framework3/trunk@8647 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-25 23:10:00 +00:00
Stephen Fewer 4ed9e71b76 Commit the meterpreter C side (and bins) for transparent zlib (zlib.c copied from the posix meterpreter source) compression of TLV's and channels. To use transparent compression with channels, create them with CHANNEL_FLAG_COMPRESS. To use transparent compression with any TLV value, bitwise or the TLV type with TLV_META_TYPE_COMPRESSED (Don't create the TLV type with TLV_META_TYPE_COMPRESSED as the compressed flag is removed on the remote end after compression). For consistency with the ruby side we could at a later stage add a boolean compress parameter to all the packet_add_tlv_* functions so you don't have to manually specify TLV_META_TYPE_COMPRESSED flag. 
git-svn-id: file:///home/svn/framework3/trunk@8515 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-16 14:56:24 +00:00
Stephen Fewer e732ef6872 Commit the Meterpreter C side for the UDP socket pivoting. (+1 bug fix for the TCP client socket notify event function) 
git-svn-id: file:///home/svn/framework3/trunk@8430 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-09 16:43:33 +00:00
Stephen Fewer a80d1ad2ee Commit the new TCP server channel support on the meterpreter end as well as some fixes to TCP client channels. 
git-svn-id: file:///home/svn/framework3/trunk@8383 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-06 17:55:41 +00:00