d0d389598a
Land #3086 , Android Java Meterpreter updates
...
w00t.
2014-06-02 17:28:38 -05:00
4840a05ada
Update from rapid7 master
2014-06-02 17:17:00 -05:00
b84297980d
Pymeterpreter use print_exc and not print_exception
2014-06-02 16:50:54 -04:00
d2b8706bd6
Include meterpreter bins, add Sandbox builds
...
This commit contains the binaries that are needed for Juan's sandbox
escape functionality (ie. the updated old libloader code). It also
contains rebuilt binaries for all meterpreter plugins.
I've also added command line build scripts for the sandbox escapes
and added that to the "exploits" build.
2014-05-31 08:12:34 +10:00
77eac38b01
Pymeterpreter fix processes_via_proc for Python v3
2014-05-30 16:32:03 -04:00
4f5ab2c596
Pymeterpreter support process channels for Python v3
2014-05-30 14:35:47 -04:00
e2cc2fece0
Pymeterpreter update win reg functions for python v3
2014-05-30 10:51:36 -04:00
1dbd36a3dd
Check for the .NET dfsvc and use %windir%
2014-05-30 09:02:43 -05:00
04e94b0c07
Fix meterpreter and file tests for Python v3.4 on Win
2014-05-29 16:42:28 -04:00
15dc33591b
In pymeterpreter use a MeterpreterFile obj for Py v3
2014-05-29 15:09:09 -04:00
d8dcfd8f41
Update pymeterpreter netlink to support python3
2014-05-29 13:48:15 -04:00
e145298c13
Add module for CVE-2014-0257
2014-05-29 11:45:19 -05:00
6e122e683a
Add module for CVE-2013-5045
2014-05-29 11:42:54 -05:00
145776db4d
Add a DEBUGGING option to the python meterpreter
2014-05-29 10:52:49 -04:00
15b1c79039
Adjust whitespace and set bytes to str for Python 2
2014-05-28 16:30:27 -04:00
eda8a90cea
Fix merge issues with os.js
2014-05-19 13:04:36 -05:00
ddc8a4f103
Merge branch 'master' of github.com:rapid7/metasploit-framework into feature/recog
2014-05-19 11:42:30 -05:00
9b29c572a7
Comments dont work with auth_brute.rb
2014-05-18 21:14:17 +02:00
c9bb2d5165
Added headers to files
2014-05-18 20:55:50 +02:00
97b63d708c
Corrected naming to be in line with msf convention
2014-05-18 18:18:23 +02:00
7d79f8a4c2
Removed wrongly named list.
2014-05-18 18:15:17 +02:00
d7bf66973c
Fixed userpass delimiters.
2014-05-18 18:13:03 +02:00
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
6ec926b573
Added separate users/pass/userpass dictionaries
2014-05-18 10:18:07 +02:00
af82ae262c
Added a large default password list for services.
2014-05-16 23:27:18 +02:00
5fd732d24a
Add module for CVE-2014-0515
2014-05-07 17:13:16 -05:00
6bfc9a8aa0
Land #3333 - Adobe Flash Player Integer Underflow Remote Code Execution
2014-05-05 10:39:26 -05:00
7e37939bf2
Land #3090 - Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
2014-05-04 16:41:17 +10:00
b4c7c5ed1f
Add module for CVE-2014-0497
2014-05-03 20:04:46 -05:00
06c8082187
Use signed binary
2014-05-02 14:45:14 +01:00
4bd2dabfcd
Land #3121 , new kiwi extension, with compiled bins
...
See also rapid7/meterpreter#79
2014-04-29 17:53:37 -05:00
60e7e9f515
Add module for CVE-2013-5331
2014-04-27 10:40:46 -05:00
5c0664fb3b
Land #3292 - Mac OS X NFS Mount Privilege Escalation Exploit
2014-04-24 13:43:20 -05:00
143aede19c
Add osx nfs_mount module.
2014-04-23 02:32:42 -05:00
acb12a8bef
Beautify and fix both ruby an AS
2014-04-17 23:32:29 -05:00
91d9f9ea7f
Update from master
2014-04-17 15:32:49 -05:00
749e141fc8
Do first clean up
2014-04-17 15:31:56 -05:00
abd76c5000
Add module for CVE-2014-0322
2014-04-15 17:55:24 -05:00
0b23fc2c40
Revert "Use actual vars so that jsobfu can randomize."
...
This reverts commit b9284c5635
2014-04-11 16:51:29 -05:00
68a50e3663
Land #3224 - Fixes large-string expansion in JSObfu
2014-04-10 12:09:22 -05:00
b9284c5635
Use actual vars so that jsobfu can randomize.
2014-04-09 16:56:10 -05:00
85197dffe6
MS14-017 Word RTF listoverridecount memory corruption
2014-04-08 14:44:20 -04:00
2e4c2b1637
Disable Android 4.0, add arch detection.
...
Android 4.0, it turns out, has a different echo builtin than the other androids.
Until we can figure out how to drop a payload on a 4.0 shell, we cannot support it.
Arch detection allows mips/x86/arm ndkstagers to work, unfortunately
x86 ndkstager was not working, so it is disabled for now.
2014-04-07 09:44:43 -05:00
4d69f80728
Update explib2.js
...
Remove a few lines
2014-04-02 23:07:29 -05:00
74554ed805
Land #3174 , @wchen-r7's object detection for ie11
2014-04-02 15:27:13 -05:00
577bd7c855
Land #3146 , @wchen-r7's flash version detection code
2014-04-02 15:13:41 -05:00
5ffcfb22fa
Add object detection for IE11
...
While working on some stuff with IE11, I realized this is very
necessary.
2014-04-02 02:21:16 -05:00
7e227581a7
Rework OS fingerprinting to match Recog changes
...
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.
This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
389ad7aca3
Land #3155 - Explib2
2014-03-28 18:31:40 -05:00
4f5944cfb8
Add JavaScript detection for Adobe Flash
2014-03-28 14:31:21 -05:00
ce02f8a7c5
Allow easier control of sprayed memory
2014-03-28 11:58:41 -05:00
b0bbe3f6a9
Add explib2 with some fixes into metasploit
2014-03-28 10:44:13 -05:00
4c44f69e86
Undo the IE8/IE7 objection detection
2014-03-27 15:01:03 -05:00
fc1432fe53
This is probably the right way to do it for ie7/8
2014-03-27 13:53:24 -05:00
9c54421679
Update IE8/IE7 object detection
2014-03-27 13:34:07 -05:00
8df96a419b
Make IE10 detection safer for older IEs
2014-03-27 13:31:15 -05:00
1f90115c8f
Add default detection for IE 9 and IE 10
...
How it's done:
On IE10, which should come first before the IE 9 check, the nodeName
function always returns the name in uppercase.
One IE9, the "Object doesn't support property or method" error always
repeats the name of the invalid method.
2014-03-27 00:15:36 -05:00
46f7e6060f
Add the updated bins from timwr.
2014-03-25 09:39:53 -07:00
c71d52e769
Merge branch 'pr-android-bins' of https://github.com/jvennix-r7/metasploit-framework into new-android-bins
2014-03-25 09:35:25 -07:00
8c707b20e0
Add support for specific builds of MSIE 9 on Win 7 SP1
...
These IE9 versions are vulnerable to MS14-012 (see #3120 ). If we don't
add them, then os_detect might recognize the target as IE 8, and fail.
2014-03-19 21:54:36 -05:00
05436dc2c5
Refresh binaries for Meterpreter
...
This includes:
rapid7/meterpreter#69
rapid7/meterpreter#70
rapid7/meterpreter#75
rapid7/meterpreter#77
rapid7/meterpreter#78
As of commit: 45bcbd13a1e0215647f6a61631652b686931bba8
2014-03-19 08:57:04 -05:00
8e4708b51b
Add support for firefox 28.
2014-03-18 11:26:24 -05:00
409787346e
Bring build tools up to date, change some project settings
...
This commit brings the source into line with the general format/settings
that are used in other exploits.
2014-03-14 22:57:16 +10:00
6438b9372c
Land #3067 , python meterp net.config additions
2014-03-13 13:03:43 -05:00
6309c4a193
Metasploit LLC transferred assets to Rapid7
...
The license texts should reflect this.
2014-03-13 09:47:52 -05:00
5ea26688d7
Fix a syntax error for Python 2.4
2014-03-11 15:22:52 -04:00
f3493ce220
Merge branch 'master' into pymeterpreter-net
...
Conflicts:
data/meterpreter/ext_server_stdapi.py
2014-03-11 15:15:02 -04:00
e874223421
Land #3083 , fix pymet when ctypes isn't available
2014-03-11 14:31:44 -04:00
679cb03ac3
Yank armeabi-v7a bins.
2014-03-11 13:09:50 -05:00
b431bf3da9
Land #3052 - Fix nil error in BES
2014-03-11 12:51:03 -05:00
b87c2dca0b
Use older hash modules when hashlib isn't there
2014-03-11 12:25:54 -05:00
4f31eba7f4
android payload golf
2014-03-10 21:50:00 -05:00
66ff5998a5
New multi-arch stagers.
2014-03-10 21:49:56 -05:00
60b5191873
New meterpreter bins for testing.
2014-03-10 21:49:14 -05:00
667bed8905
New multi-arch stagers.
2014-03-10 18:50:27 -07:00
75c94cc5d7
Derp
2014-03-10 16:30:55 -05:00
e508079aff
Don't crash when ctypes isn't available
2014-03-10 16:10:24 -05:00
6616d36d63
New meterpreter bins for testing.
2014-03-07 13:21:30 -08:00
2a1e96165c
Adding MS013-058 for Windows7 x86
2014-03-06 18:39:34 +00:00
05067b4e33
Oops. Need to init the profile before accessed.
2014-03-06 11:48:54 -06:00
3d7bc6c589
Remove form_post.js.
2014-03-05 23:35:54 -06:00
096d6ad951
Land #3055 , heapLib2 integration
2014-03-05 15:48:13 -06:00
1dea1c030e
Add interface support via OSX SystemConfiguration
2014-03-05 13:59:13 -05:00
5790547d34
Start undoing some work.
2014-03-04 17:01:53 -06:00
0834102e2b
Support tcp server channels and add a python MeterpreterSocket
2014-03-04 13:31:29 -05:00
3360f7004d
Update form_post vars, add Expires to cookie.
2014-03-03 23:29:02 -06:00
7111e8aa59
Support retrieving interface information via GetAdaptersAddresses
2014-03-03 21:01:16 -05:00
6825fd2486
Whitespace tweaks and cleanup.
2014-03-02 19:57:48 -06:00
46f27289ed
Reorganizes form_post into separate file.
2014-03-02 19:55:21 -06:00
e8226f9d40
Use a keyed cookie. Moves AJAX call to a form post.
2014-03-02 19:47:24 -06:00
8cf5c3b97e
Add heaplib2
...
[SeeRM #8769 ] Add heapLib2 for browser exploitation
2014-03-02 11:47:18 -06:00
699e534149
Add missing return statement.
2014-03-02 00:18:46 -05:00
1c9390c9cf
Support retrieving interface information via windows mib functions.
2014-03-02 00:17:00 -05:00
733a86ec74
Support retrieving interface information via netlink.
2014-03-01 22:34:38 -05:00
284d99aa6c
Add pymeterp TLV types for additional network functions.
2014-02-28 13:56:51 -05:00
8922f6457b
Land #3045 , @wchen-r7's fix for browser autopwn
2014-02-28 12:55:32 -06:00
99e272e463
Return true in EOF when tell() > stat.st_size
2014-02-27 20:45:38 -05:00
9d9149d9d8
remove some dead code paths
...
refactor some dead conditionals and a case/switch
that wasn't doing anything
2014-02-27 11:45:57 -06:00
0c3891c0f9
Add more IE targets
2014-02-27 11:01:03 -06:00
151646156d
Check navigator.oscpu for FF
...
If we don't check navigator.oscpu, IE 11 is detected as FF.
2014-02-27 10:54:38 -06:00
2e512abd31
put new binaries in place
...
after cleaning up the source a bit and
updateing it for 2013, compiled new BINs.
These BINS avoid almost all current AV detections
and have been tested to ensure they still work.
2014-02-23 15:24:55 -06:00
7877589537
Delete correctly
2014-02-23 02:47:13 +00:00
6127ff92ce
Fix race condition
...
Wait for Sysprep to ExitProcess before cleaning up the DLLs...
2014-03-03 23:41:25 +00:00
2a6258be15
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
external/source/exploits/make.bat
2014-02-28 20:26:24 +00:00
8bdb22aeb9
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
lib/msf/core/post/windows.rb
2014-02-25 22:15:05 +00:00
b1dfed8577
rebuilt template DLLs
...
x86 dll template was way out of date and
did not match the x64 tempalte. rebuilt them both
2014-02-25 15:34:42 -06:00
3c773f031c
add new binaries compiled from latest src
...
compiled and added new binaries to make sure
most up to date source is used
2014-02-25 14:06:57 -06:00
289580777c
remove unneccsary logging elements
...
update soloutions for VS2013
remove the CLogger
Remove Print Usage
this removes unneccsary strings that can
be used to easily identify our executable
2014-02-20 20:00:19 -06:00
4ca4d82d89
Land #2939 , @Meatballs1 exploit for Wikimedia RCE and a lot more...
2014-02-18 17:48:02 -06:00
8e0a4aaa58
Land #2983 , webcam_chat for Meterpreter
2014-02-18 13:43:42 -06:00
e8f95c6cc0
Change error msg
2014-02-18 00:02:16 -06:00
608f800274
Support error handling in the message box
2014-02-18 00:01:44 -06:00
022c52d087
Added bundling to handle many sessions at once.
2014-02-15 15:37:22 -06:00
a6a731c8ee
Keep stage until replaced, nil check, prettify.
2014-02-15 15:21:16 -06:00
5f7a0e162c
Add reverse_hop_http stager and handler
2014-02-15 15:21:16 -06:00
3299b68adf
Landing #2767 , @Meatballs1 Powershell Reflective Payload
2014-02-14 16:12:46 -05:00
00ba0b5208
Land #2987 - Add ff 27 support to os.js
2014-02-13 15:20:53 -06:00
51f3ab1690
Add ff 27 support to os.js
2014-02-12 15:32:47 -06:00
750ce3c4db
Make server configurable
2014-02-11 23:07:43 -06:00
7eb20a37d4
offerer's interface gets a makeover
2014-02-11 19:43:52 -06:00
2bb15d3a87
answerer's interface gets a makeover
2014-02-11 02:15:22 -06:00
1114913298
Automatically turn on webcam in Firefox
2014-02-10 17:05:08 -06:00
a87f604c98
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-10 21:43:56 +00:00
575ee09b77
Change messages
2014-02-10 14:59:44 -06:00
3d4d5a84b6
Land #2957 , @zeroSteiner's exploit for CVE-2013-3881
2014-02-10 13:59:45 -06:00
78e1683f2d
Add binary compiled on vs2013
2014-02-10 13:52:27 -06:00
93ef3c784d
Update some JavaScript and other things
2014-02-08 22:23:19 -06:00
8edafc8c4c
Restore the original API
2014-02-08 20:06:26 -06:00
be8538f3bd
Tweak video attributes
2014-02-08 19:56:43 -06:00
8d55104712
Random channel
2014-02-08 19:36:33 -06:00
ccd12e66a7
Unwanted console.debug
2014-02-08 19:16:42 -06:00
e25767ceab
More progress
2014-02-08 17:28:15 -06:00
325214e37f
Fix bugs and stuff
2014-02-08 15:41:44 -06:00
e8ec6d1062
Rename command name
2014-02-08 03:53:49 -06:00
526bf9f6bc
This should work
2014-02-07 22:17:42 -06:00
103780c3da
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-07 20:07:04 +00:00
bab9a5522b
You will go deaf with the default volume value. No thanks.
2014-02-07 11:35:57 -06:00
3c3bd11aca
Oh look, more progress
2014-02-07 11:25:20 -06:00
01f41a209c
Remove the DLL and add make.msbuild for easier compiling.
2014-02-07 10:05:05 -05:00
43be99f31b
Save some progress
2014-02-07 03:06:52 -06:00
cc32c877a9
Add CVE-2013-3881 win32k Null Page exploit
2014-02-06 17:23:38 -05:00
19fff3c33e
Land #2942 , @jvennix-r7's Android awesomesauce
...
Also, thanks to @jduck for testing!
2014-02-06 11:53:11 -06:00
f66fc15b9e
Add support for webrtc in meterpreter
2014-02-06 10:44:24 -06:00
096e06baa6
Added binaries from Meterpreter PR #74
...
Meterpreter PR https://github.com/rapid7/meterpreter/pull/74 was landed,
this adds the binaries from that PR.
2014-02-06 11:47:29 +10:00
636d7016a8
Fix android detection in os.js.
2014-02-04 02:31:46 -06:00
486a9d5e19
Use msf branded djvu
2014-02-01 00:37:28 +00:00
766c408d86
Add CVE-2013-0634: Adobe Flash Player 11.5 memory corruption
2014-01-18 11:07:11 -05:00
80c4a6e9eb
Updated binaries for Meterpreter
...
This includes changes up to commit hash e77c87cdb79a2732108be937e056622b45cb093c
2014-01-17 09:02:48 +10:00
96e97d4768
Oops, the default bufsize is 0 anyways.
2014-01-05 18:57:56 -06:00
b64df51fa0
Fixes #8732 by reading until EOF reached.
...
* use a lambda for cleaner iterator.
* also disables buffering, since we are reading byte-by-byte in the first place
and maintaining our own buffer (#data).
2014-01-05 18:36:22 -06:00
dc87575b9d
Retab and whitespace
2013-12-22 21:04:44 +00:00
f112e78de9
Fixes .war file creation
2013-12-22 20:58:21 +00:00
0db062a1ce
Merge branch 'meatballs-vncdll-submodule'
2013-12-20 18:29:27 +10:00
34cdec5155
Update project VS 2013, clean CLI build
...
* Project system updated to VS 2013.
* Clean builds, had to remove a bunch of warnings.
* `make.bat` for building from the command line.
* Removed RDI stuff that shouldn't be there any more.
* Renamed the x86 DLL to include the platform name.
2013-12-20 09:49:15 +10:00
a4811bd0c3
Land #2760
2013-12-18 17:17:10 +10:00
533accaa87
Add module for CVE-2013-3346
2013-12-16 14:13:47 -06:00
14c0096115
Update template
...
Use Copy instead of memset
Remove | Out-Null
2013-12-16 13:38:14 +00:00
25b84217ac
Correctly VAlloc
2013-12-16 12:47:03 +00:00
8dfcc8aa77
WaitForThread
2013-12-16 12:44:58 +00:00
0a29176855
Update psh_web_delivery for reflection
2013-12-16 09:08:01 +00:00
7cc99d76ad
Merge remote-tracking branch 'upstream/master' into powershell_auto_arch
...
Conflicts:
lib/msf/util/exe.rb
2013-12-16 09:07:08 +00:00
0c82817445
Final changes before PR
2013-12-15 01:12:49 +00:00
db29af0f97
First batch of submodule refactorings
2013-12-15 01:12:48 +00:00
3d1646d18e
Exit process when complete
2013-12-15 01:12:47 +00:00
c6623b380a
Initial commit
2013-12-15 01:12:45 +00:00
6931c918af
removed bogus urls that are throwing errors
2013-12-13 12:13:23 -06:00
554cd41403
added dns_cache_scraper and useful wordlists
2013-12-12 20:18:18 -06:00
bf831616e5
Land #2749 - Add firefox 26 feature detection support to detect/os.js
2013-12-10 16:30:33 -06:00
6cd315da64
Add ff26 feature detection support.
2013-12-10 10:47:11 -06:00
45a0ac9e68
Land #2602 , Windows Extended API
...
Retrieve clipboard data
Retrieve window handles
Retrieve service information
2013-12-08 19:01:35 +00:00
496b017e33
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
2013-12-05 17:09:32 +00:00
dc0f2b7291
Use ExitProcess
2013-12-05 17:08:47 +00:00
c8e2c8d085
Add binaries from Meterpreter 9e33acf3a283f1df62f264e557e1f6161d8c2999
...
This is a new set of binaries for Meterpreter as of commit hash
9e33acf3a283f1df62f264e557e1f6161d8c2999. We haven't yet finalised
the process we'll be using for releasing bins from Meterpreter to MSF
so this is hopefully the last time we will have to do it the old way.
2013-12-04 16:23:03 +10:00
ddbd5858e0
Land #2701 - Refactor of `ppr_flatten_rec`
...
Also [SeeRM #8140 ]
2013-12-03 10:51:58 -06:00
cf12826d2c
Dont use xp toolchain
...
and dont bother editbin
2013-11-30 20:04:00 +00:00
d3a0199539
Update for new Reflective DLL Submodule
...
Update to VS2013 Toolsets
Include .msbuild and make.bat
Tidyup of if { }
Post build step to copy to output directory
2013-11-30 19:58:25 +00:00
915d741f86
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
.gitmodules
external/source/ReflectiveDLLInjection
2013-11-30 19:10:04 +00:00
bcab716ec0
Add the binaries from the meterpreter repo
...
Given this is a new extension, building bins and including them in this
PR can't cause any issues regarding lost functionality (like it can
with existing bins).
Adding to this PR so that it's easier to test and land.
2013-11-29 09:02:07 +10:00
0343aef7c8
Land #2695 , @wchen-r7's support to detect silverlight
2013-11-27 09:40:12 -06:00
defc0ebe5c
ppr_flatten_rec update, RDI submodule, and refactor
...
This commit contains a few changes for the ppr_flatten_rec local windows
exploit. First, the exploit binary itself:
* Updated to use the RDI submodule.
* Updated to build with VS2013.
* Updated to generate a binary called `ppr_flatten_rc.x86.dll`.
* Invocation of the exploit requires address of the payload to run.
Second, the module in MSF behaved a little strange. I expected it to create
a new session with system privs and leave the existing session alone. This
wasn't the case. It used to create an instance of notepad, migrate the
_existing_ session to it, and run the exploit from there. This behaviour
didn't seem to be consistent with other local exploits. The changes
include:
* Existing session is now left alone, only used as a proxy.
* New notepad instance has exploit reflectively loaded.
* New notepad instance has payload directly injected.
* Exploit invocation takes the payload address as a parameter.
* A wait is added as the exploit is slow to run (nature of the exploit).
* Payloads are executed on successful exploit.
2013-11-27 20:44:18 +10:00
25b1ec5b75
Land #2689 , getenv
2013-11-26 23:33:25 -06:00
72813c1f3e
Merge branch 'egypt/feature/getenv-php' into getenv_cmd
2013-11-27 15:22:15 +10:00
a3337e5de5
Add PHP side for meterpreter getenv
2013-11-26 23:16:28 -06:00
a0f703ee44
Add getenv support to python meterpreter
...
This change adds support for `getenv` to python meterpreter. Nothing too
complex going on here. I tidied up the definitions of the TLVs as well
so that they look nice.
2013-11-27 11:19:26 +10:00
5d10b44430
Add support for Silverlight
...
Add support for Silverlight exploitation. [SeeRM #8705 ]
2013-11-26 14:47:27 -06:00
6cb63cdad6
Land #2679 , @wchen-r7's exploit for cve-2013-3906
2013-11-25 22:04:26 -06:00
25eb13cb3c
Small fix to interface
2013-11-22 17:02:08 -06:00
136c18c070
Add binary objects for MS13-022
2013-11-22 16:45:07 -06:00
94e13a0b8a
Initial commit of CVE-2013-3906
2013-11-19 23:10:32 -06:00
0b413aa0b8
Remove extapi binaries
...
These were committed in the flurry of merges last night by me. They
should be removed until the extapi PR has been fully reviewed and
merged. This commit just removes the binaries from master, they'll
be re-added when appropriate.
2013-11-15 06:24:00 +10:00
4cf16cf360
Land #2633 , @OJ's port of Kitrap0d as local exploit
2013-11-14 09:27:10 -06:00
4bd0900359
Updated meterpreter binaries
...
Includes the following:
* Clean builds
* Removal of kitrap0d from getsystem
* Doc updates
* Webcam crash fix
* Schedular and channel refactor
* Posix crash fix for post modules
2013-11-15 01:14:14 +10:00
506a4d9e67
Remove genericity, x64 and renamed stuff
...
As per discussion on the github issue, the following changes were made:
* Project renamed from elevate to kitrap0d, implying that this is not
intended to be a generic local priv esc exploit container.
* Container DLL no longer generic, always calls the kitrap0d exploit.
* Removal of all x64 code and project configurations.
* Invocation of the exploit changed so that the address of the payload
is passed in to the exploit entry point. The exploit is now responsible
for executing the payload if the exploit is successful. This removes
the possibility of the payload getting executed when the exploit fails.
* Source moved to the appropriate CVE folder.
* Binary moved to the appropriate CVE folder.
* Little bit of source rejigging to tidy things up.
2013-11-14 12:22:53 +10:00
ef6d9db48f
Land #2613 , @wchen-r7's BrowserExploitServer mixin
2013-11-12 17:33:12 -06:00
40f58ce534
Finalise the local exploit for kitrap0d
...
The exploit now properly injects the DLL using RDI and invokes the
exploit based on a parameter passed by the Ruby module. The elevate
code is 'generic' with a goal of possibly supporting more exploits
down the track.
New sessions are now created with the SYSTEM creds, rather than
modifying the existing session. This is now inline with how things
are done with other local modules.
2013-11-12 23:01:24 +10:00
62102dd1f9
Land #2544 - Vbs minimize
2013-11-11 11:14:56 -06:00
33f65dd611
Land #2577 - Use base64 to reduce psh-net payload size
2013-11-11 10:21:20 -06:00
f402f4c16e
Land #2614 , another default OWA URL
2013-11-08 17:20:20 -06:00
cdc6a863dd
Add another default owa url
...
Its not default, but not uncommon to find /exchange/ NTLM protected
2013-11-07 08:50:22 -05:00
b34b4ac2b6
Update the java stuff again
2013-11-07 00:57:20 -06:00
991240a87e
Support java version detection
2013-11-07 00:54:52 -06:00
715fdc05ec
Updated meterpreter binaries
...
Includes the following changes:
* Security cleanup - remove use of insecure functions
* Windows 8/8.1/2012 R2 support to sysinfo
* VS 2013 upgrade
* Command dispatcher refactor
* Getproxy command added (needs MSF side too)
2013-11-07 14:31:54 +10:00
cf5d9c7f01
Add case for IE10 + Win 7 SP1 detection
2013-11-06 11:41:36 -06:00
5f2d8358c0
Be more browser specific with Javascript generation
2013-11-05 01:04:52 -06:00
5f85ede389
Prevent xhr shim from leaking.
2013-11-02 16:47:50 -05:00
90d8da6a21
Fix some bugs in my edits, add a spec.
2013-11-02 16:46:33 -05:00
c7c1fcfa98
Pull shared XHR shim out, add option to static Js module method.
...
* Moves shim to data/js/network/xhr_shim.js
* Add some yardoc comments
2013-11-02 14:52:50 -05:00
391360d67f
Update xmlhttprequest
2013-10-31 16:09:05 -05:00
6e7e5a0ff9
Put postInfo() in the js directory
2013-10-31 13:55:22 -05:00
4425cf1dc1
Add support for firefox 25.
...
Also replaces a bunch of missing semicolons.
2013-10-30 12:19:22 -05:00
2b5e2df94e
Land #2568 , @h0ng10's update of SAP url's wordlist
2013-10-28 09:01:33 -05:00
e88e523eaa
Delete newline
2013-10-28 09:01:00 -05:00
e18dd3ec0b
Use base64 to reduce size
2013-10-25 01:19:43 +01:00
27739a0351
Meterpreter bins after Meterpreter PR 32
...
Protects against potential BOFs due to strcpy usage.
These binaries were built against meterpreter master after
https://github.com/rapid7/meterpreter/pull/32 landed.
The CI tests can be seen here:
https://ci.metasploit.com/view/Meterpreter/job/MeterpreterWin/75/
Note, this commit is signed. Your merge commit should be signed, too, so
people can be assured that nobody is backdooring Meterpreter on the sly.
2013-10-24 15:15:49 -05:00
b5f26455a3
Land #2545 , javascript library overhaul
2013-10-23 16:12:49 -05:00
e6a2a1006f
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
lib/msf/core/post/windows/priv.rb
modules/exploits/windows/local/bypassuac.rb
2013-10-23 21:02:32 +01:00
a834fec889
Added URL for PT-2013-13/SAP Note 1820894
2013-10-23 21:20:18 +02:00
e02bf0cce6
Added /AdapterFramework/version/version.jsp
2013-10-23 21:09:19 +02:00
19615ac4b7
Apparently I missed a lot of stuff
2013-10-21 21:02:01 -05:00
824dd84982
Merge remote-tracking branch 'upstream/pr/2500' into temp
2013-10-21 14:26:05 -05:00
1717a98ba3
Update to_exe.vbs.template
...
Rename values
2013-10-21 13:49:09 +01:00
8a94df7dcd
Change category name for base64
2013-10-18 21:20:16 -05:00
62dadc80d3
Make sure the data type for the return value is a string
2013-10-18 21:08:46 -05:00
711399bb34
Update property_spray.js
2013-10-18 20:56:00 -05:00
e1ca2d2730
Fix mstime_malloc.js
2013-10-18 20:49:33 -05:00
298f23c91c
Fix extra slashes that cause browser autopwn to fail.
2013-10-18 20:43:39 -05:00
2ef89eaf35
Randomize exe name
2013-10-18 19:01:28 +01:00
56aa9ab01c
Reduce size
2013-10-18 18:59:30 +01:00
827bf23979
Updated binaries with railgun crash fixes
2013-10-18 19:43:17 +10:00
c926fa710b
Move all exploitation-related JavaScript to their new home
2013-10-17 16:43:29 -05:00
b3cc9f6f1e
Use sysnative to delete the cryptbase.dll when in SYSWOW64 process.
...
Merge branch 'master' of github.com:Meatballs1/metasploit-framework into bypassuac_redo
Conflicts:
modules/exploits/windows/local/bypassuac.rb
2013-10-17 21:01:57 +01:00
bd405277d9
Add a default Samsung community string
...
See http://www.kb.cert.org/vuls/id/281284
and
http://www.h-online.com/security/news/item/Samsung-network-printer-vulnerability-discovered-Update-2-1757967.html
2013-10-17 10:35:59 -05:00
6f23e95c14
Fix an endianess issue in pymeterpreter registry_query_value.
2013-10-12 23:39:22 +01:00
378f403fab
Land #2453 , Add stdapi_net_resolve_host(s) to Python Meterpreter.
...
Moves resolve_host post module to multi and depreciates Windows module.
Resolve will now return nil for failed lookups instead of an empty
string.
2013-10-10 20:13:06 +01:00
6b004086ea
Removed SVN from msfupdate
2013-10-10 12:25:00 +00:00
b477ae369b
Updated stdapi binaries with railgun fix
...
Changes are from https://github.com/rapid7/meterpreter/pull/28
2013-10-10 16:03:38 +10:00
0a194b203d
Updated sniffer binaries
...
These updated binaries include a packet-sniffer fix which results in
sniffing working on x86 builds of Windows 8 and Windows 8.1.
2013-10-09 07:38:54 +10:00
11519e8465
Add compiled binaries
2013-10-08 00:23:33 +01:00
7414dff958
Add fault tolerance for resolve_hosts.
2013-10-04 08:51:13 -04:00
bc8604f151
Use safe_negate_size for hxds
2013-10-03 23:15:29 -05:00
63d7b8c309
Use safe_negate_size for java
2013-10-03 23:13:57 -05:00
ab62af220b
Use safe_negate_size key for msvcrt (XP)
2013-10-03 23:12:58 -05:00
9df676ca7e
Land #2447 , @wchen-r7's new msvcrt ROP chains without nulls
2013-10-03 22:38:29 -05:00
ecf286a8c4
Add support for stdapi_net_resolve_host.
2013-10-03 10:31:54 -04:00
56b6f0be02
Add bins for #2443
...
See #740 and meterpreter#26
2013-10-01 23:47:24 -05:00
cd1f023f72
Update msvcrt.dll ROP chain for Windows Server 2003
2013-10-01 16:18:57 -05:00
14d99ffbdb
Update Win XP msvcrt.dll ROP
...
This updated ROP chain for msvcrt.dll does not have any null bytes.
2013-10-01 15:00:43 -05:00
7c6c8291e2
Add ROP chains for Office 2007 and Office 2010 (hxds.dll)
...
This adds two ROP chains for Office 2007 and Office 2010 based on
hxds.dll.
2013-10-01 01:33:35 -05:00
2e8d19edcf
Retab all the things (except external/)
2013-09-30 13:47:53 -05:00
e806047411
Add MSI bins
2013-09-27 20:03:19 +01:00
Tod Beardsley
jvazquez-r7
Spencer McIntyre
OJ
HD Moore
Tonimir Kisasondi
sinn3r
Meatballs
James Lee
Joe Vennix
Tim
kyuzo
William Vu
David Maloney
scriptjunkie
dukeBarman
zeknox
Rob Fuller
jvazquez-r7
h0ng10
Meatballs1
g0tmi1k
Tab Assassin