sinn3r
50ecfbf64c
Land #4553 - Update bypass UAC to work on 7, 8, 8.1, and 2012
2015-01-08 16:19:55 -06:00
William Vu
3c4ec1d958
Land #4547 , rm data/meterpreter/common.lib
2015-01-08 04:52:29 -06:00
OJ
844460dd87
Update bypass UAC to work on 8.1 and 2012
...
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.
I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
2015-01-08 15:39:19 +10:00
Brent Cook
32ddd5ccb4
delete unused library from meterpreter dir
...
common.lib is only used by the build process, not MSF
2015-01-07 16:00:37 -06:00
David Maloney
5480cb81f5
add updated KoreLogic rules to john.conf
...
updated our shipped john.conf to include a
more up to date version of the KoreLogic JtR rules.
They add overhead to the cracking time but are
probably some of the best/most effective JtR
rules out there.
2015-01-07 12:25:04 -06:00
Brent Cook
7ae56865f1
Update linux meterpreter binaries for rapid7/meterpreter#111
...
This rebuilds the binaries on Ubuntu 10.04 i386 for metepreter PR #111 ,
improving the reliability and fixing some bugs in linux process migration.
Tested against Ubuntu 10.04 i386 and Ubuntu 14.04 x86_64:
```
meterpreter > ps
...
55994 48270 server 0 bcook ../metasploit-framework/server
56009 44199 bash 0 bcook -bash
56094 56009 dummy 0 bcook ./dummy
meterpreter > migrate 56094
[*] Migrating to 56094
[*] Migration completed successfully.
meterpreter > sysinfo
Computer : mint
OS : Linux mint 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:28:38 UTC 2014 (x86_64)
Architecture : x86_64
Meterpreter : x86/linux
meterpreter > ps
...
55994 48270 [server] <defunct> 0 bcook
56009 44199 bash 0 bcook -bash
56094 56009 dummy 0 bcook ./dummy
meterpreter >
```
Verified presence of call stub when debugging a session:
```
(gdb) x/32b 0x61cc28
0x61cc28: 0x90 0x90 0x90 0x90 0x90 0x90 0x90 0x90
0x61cc30: 0x90 0x90 0x90 0x90 0x90 0x90 0x90 0x90
0x61cc38: 0x90 0x90 0x68 0x04 0x00 0x00 0x00 0x68
0x61cc40: 0xff 0xff 0xff 0xff 0xb8 0x5a 0x5a 0x5a
```
2015-01-04 10:47:44 -06:00
jvazquez-r7
69bda63ef6
Update linux meterpreter binaries
2015-01-01 20:05:36 -06:00
jvazquez-r7
dccf189600
Update binaries
2014-12-30 18:39:29 -06:00
Tod Beardsley
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Spencer McIntyre
0ee20561d4
Remove file exists check from stdapi_fs_delete_file
2014-12-09 11:03:57 -06:00
Spencer McIntyre
42710cc32e
Error messages for the python meterpreter
2014-12-09 11:03:57 -06:00
Christian Mehlmauer
738fc78883
Land #4220 , outlook gather post module
2014-12-07 22:41:28 +01:00
Christian Mehlmauer
9187a409ec
outlook post module fixes
2014-12-06 00:28:44 +01:00
Spencer McIntyre
83b0ac0209
Fix stdapi_sys_config_getenv for Python3
2014-12-04 15:58:17 -06:00
Spencer McIntyre
44816b84aa
Prefer the pwd module for getuid when available
2014-12-04 15:58:17 -06:00
HD Moore
fc96d011ab
Python reverse_http stager, lands #4225
2014-12-02 11:47:31 -06:00
jvazquez-r7
7a2c9c4c0d
Land #4263 , @jvennix-r7's OSX Mavericks root privilege escalation
...
* Msf module for the Ian Beer exploit
2014-11-30 21:13:07 -06:00
jvazquez-r7
7772da5e3f
Change paths, add makefile and compile
2014-11-30 21:06:11 -06:00
Meatballs
f5f32fac06
Add token fiddling from nishang
2014-11-28 23:02:59 +00:00
Meatballs
48a5123607
Merge remote-tracking branch 'upstream/master' into pr4233_powerdump
2014-11-27 20:08:11 +00:00
Joe Vennix
7a3fb12124
Add an OSX privilege escalation from Google's Project Zero.
2014-11-25 12:34:16 -06:00
Peter Marszalik
830af7f95e
identified instances of tabs vs spaces in the original
...
identified 16 instances in the original code where tab was used vs spaces. updated to keep consistent.
2014-11-25 12:17:43 -06:00
Peter Marszalik
705bd42b41
tab to space change - line 296
2014-11-22 14:48:44 -06:00
Peter Marszalik
900aa9cd6b
powerdump.ps1 bug - corrupt hash fix
...
Fixed the bug where the hashes are not being extracted correctly when LM is disabled and history is enabled.
Rather than relying on length, LM and NT headers are checked. Four bytes at 0xa0 show if LM exists and four bytes at 0xac show if NT exists. Details on this known issue can be found in the following whitepaper from blackhat:
https://media.blackhat.com/bh-us-12/Briefings/Reynolds/BH_US_12_Reynods_Stamp_Out_Hash_WP.pdf
2014-11-18 23:10:57 -06:00
Spencer McIntyre
2b36c1bb43
Fix pymeterp bugs from testing in osx and python3
2014-11-17 14:04:30 -05:00
HD Moore
1d8b746d89
Adds new TFTP file names, submitted by Chris McNab
2014-11-16 18:47:11 -06:00
Spencer McIntyre
0bf93acf6b
Pymeterp http proxy and user agent support
2014-11-16 14:29:20 -05:00
Spencer McIntyre
e562883ba9
Escape inserted vars and fix core_loadlib
2014-11-15 15:06:18 -05:00
Spencer McIntyre
7c14e818f6
Patch pymeterp http settings
2014-11-14 17:12:23 -05:00
Spencer McIntyre
681ae8ce6b
Pymet reverse_http stager basic implementation
2014-11-14 14:15:46 -05:00
Spencer McIntyre
6b2387b7fc
Prepare for a reverse_http stager
2014-11-14 11:15:22 -05:00
jvazquez-r7
c35dc2e6b3
Add module for CVE-2014-6352
2014-11-12 01:10:49 -06:00
William Vu
adad3809cc
Rename logo file
2014-11-11 16:07:44 -06:00
Joshua Smith
329ea4fe01
the masterpiece is complete
2014-11-11 15:35:36 -06:00
Spencer McIntyre
7edc248207
Don't fail if username_from_token returns None
2014-11-10 09:15:16 -05:00
Spencer McIntyre
104841babf
Add getsid to the python meterpreter
2014-11-08 20:57:24 -05:00
sinn3r
c2391bf011
Add an R in /Info for the trailer dictionary to make it readable
2014-11-05 22:28:37 -06:00
sinn3r
1b2554bc0d
Add a default template for CVE-2010-1240 PDF exploit
2014-11-05 17:08:38 -06:00
jvazquez-r7
f43a6e9be0
Use PDWORD_PTR and DWORD_PTR
2014-10-31 17:35:50 -05:00
jvazquez-r7
8e547e27b3
Use correct types
2014-10-31 12:37:21 -05:00
HD Moore
9b61ae5f63
This is halloween.
...
THISISHALLOWEEN=1 ./msfconsole
2014-10-30 23:35:12 -05:00
jvazquez-r7
6574db5dbb
Fix the 64 bits code
2014-10-30 17:01:59 -05:00
jvazquez-r7
03a84a1de3
Search the AccessToken
2014-10-30 12:17:03 -05:00
OJ
908094c3d3
Remove debug, treat warnings as errors
2014-10-28 09:04:02 +10:00
OJ
0a03b2dd48
Final code tidy
2014-10-28 08:59:33 +10:00
William Vu
626cd55b5e
Land #4073 , improved banner selection
2014-10-27 14:20:10 -05:00
Spencer McIntyre
04a99f09bb
Land #4064 , Win32k.sys NULL Pointer Dereference
2014-10-27 14:01:07 -04:00
jvazquez-r7
042d29b1d6
Compile binaries in house
2014-10-27 12:18:33 -05:00
jvazquez-r7
4406972b46
Do version checking minor cleanup
2014-10-27 09:32:42 -05:00
jvazquez-r7
0aaebc7872
Make GetPtiCurrent USER32 independent
2014-10-26 18:51:02 -05:00