Commit Graph

54 Commits (dfae4bbbf0c1a8f5e6dfda07fdc5302530904aa8)

Author SHA1 Message Date
Meatballs 33560a2657 Refactor Msf::Exploit::Powershell to Rex::Powershell to allow for
msfvenom usage.
2015-02-10 20:53:46 +00:00
Spencer McIntyre 2a3855c5af Skip the psh prepend sleep time error when it is 0 2015-02-09 14:20:04 -05:00
Tom Sellers 693e744da4 Hide icon flash on taskbar during cmd_psh_payload
When 'cmd_psh_payload' is run via 'cmd_exec' on a windows shell that is running in the context of an interactive user an icon will flash very quickly on the user's task bar.  This can be avoided (verified) by adding the /b switch to the start section of the command launcher text.  I have verified that this switch exists from Windows 2000 through Windows 2012 R2.
2014-08-02 15:52:52 -05:00
Meatballs 5f0533677e
Cheat/Rubycop all the things 2014-07-20 21:07:59 +01:00
Meatballs 19dd21abaf
Remove duplicate methods 2014-04-25 15:40:03 +01:00
Meatballs 72a2849bf1
Better specs
90.6% line coverage in Exploit::Powershell
77.32% in Rex::Exploitation::Powershell and haven't even started
writing those specs...
2014-04-23 08:07:42 +01:00
Meatballs 0137fdb690
Prepend sleep should be an int 2014-04-23 07:29:51 +01:00
Meatballs 61b8fb7921
Remove puts 2014-04-23 06:15:28 +01:00
Meatballs 11526b59a6
Boolean datastore options should always be present
Dont evaluate true/false as 'true'/'false'!
2014-04-23 05:03:16 +01:00
Meatballs 1347649a47
Remove unused EOFs 2014-04-23 02:37:07 +01:00
Meatballs 01bfad3489
Correct datastore values 2014-04-23 02:08:57 +01:00
Meatballs 647936e291
Add more yarddoc to Rex::Exploitation::Powershell
encode_code doesn't use eof
no need to unicode encode in gzip as this is handled by encode_code
2014-04-23 01:07:54 +01:00
Meatballs 88fe619c48
Yarddoc exploit::powershell 2014-04-23 00:15:55 +01:00
Meatballs 4c66e86f73
Dont add extra space in args 2014-04-22 14:44:01 +01:00
Meatballs 0f942d8c3d
Still :shorten command args 2014-04-19 18:58:26 +01:00
Meatballs 270b4b9728
Catch first arg with shorten 2014-04-19 18:54:42 +01:00
RageLtMan 9f05760c50 Merge with Meatballs' initial changes
Clean up arch detection code and dedup Msf/Rex
Reduce generated payload size
2014-04-18 00:28:48 -04:00
RageLtMan 5c3289bbc6 merge fix 2014-04-17 21:26:04 -04:00
Meatballs 0956ae5789
Fix payload selection 2014-03-02 20:56:55 +00:00
Meatballs 1ca690eccf
Do some rspec 2014-03-02 20:37:08 +00:00
Meatballs c9a2135959
Merge in semperv 2014-03-02 19:07:13 +00:00
RageLtMan 0056c26047 import msf exploit 2014-02-12 22:06:18 -05:00
Meatballs c76341c82d
Dont dsub Invoke-Command etc... 2014-02-09 17:45:30 +00:00
Meatballs 151e45d8d1
Better exception descriptions 2014-02-09 12:52:56 +00:00
Meatballs 77dda5dc67
Give option to remove badchars 2014-02-09 12:34:25 +00:00
Meatballs 0379dc128c
Raise exception on known issues 2014-02-09 12:15:02 +00:00
Meatballs 02f1ff27ee
Add option to encode inner payload 2014-02-09 00:55:26 +00:00
Meatballs f398c982e3
Include option to ensure payload is fully encoded 2014-02-08 23:51:13 +00:00
Meatballs ad308efc05
Really minimize commandline size 2014-02-08 22:53:47 +00:00
Meatballs c76862b391
Reduce payload size 2014-02-08 22:11:17 +00:00
Meatballs b10df54dbb
Dont need to encode the compress payload 2014-02-08 21:34:51 +00:00
Meatballs 435cc9b93f
Add single quote encapsulation
For WMI and psh_web_delivery
2013-12-16 15:13:13 +00:00
Meatballs 6c83109422
Really fix wmi 2013-11-23 16:44:44 +00:00
Meatballs 259d5a2dba
Backout Set-Variable as it is 3.0 only 2013-11-23 01:15:13 +00:00
Meatballs 1c60373f68
Reinstate %COMSPEC% 2013-11-23 00:45:04 +00:00
Meatballs c194fdc67e
Fixup WMI
-c doesn't like $var assignments
2013-11-23 00:31:11 +00:00
Meatballs 3cbf768d16
Small size reductions 2013-11-22 22:58:42 +00:00
Meatballs 4fc8bb2b4b
Auto arch detection 2013-10-22 00:42:59 +01:00
Meatballs 971d0b7536 Generate args 2013-09-27 12:48:10 +01:00
Meatballs 5add142789 Choose smallest smallest 2013-09-20 13:47:51 +01:00
Meatballs 9aca98a9d4 Dont need to bypass 2013-09-17 19:12:49 +01:00
Meatballs 60328d5b2a Bypass no profile and hidden by default 2013-09-13 21:22:15 +01:00
Meatballs 9ade4cb671 Refactor 2013-09-13 20:43:09 +01:00
Meatballs aa4ad2b005 Change to ' and remove " 2013-09-13 20:23:18 +01:00
Meatballs 243d3d6ebd Apply comments 2013-09-13 19:19:54 +01:00
Tab Assassin 7e5e0f7fc8 Retab lib 2013-08-30 16:28:33 -05:00
Meatballs e1cfe7cfe2 Update datastore changes 2013-07-29 15:31:59 +01:00
RageLtMan 4df3b0215c replace lib/msf/core/exploit/powershell.rb, thanks @Meatballs1 2013-07-20 19:55:01 -04:00
RageLtMan dc15c5b505 Merge branch 'master' into powershell_import
Resolve conflicts from old code being pulled into master.

Conflicts:
	lib/msf/core/exploit/powershell.rb
	modules/exploits/windows/smb/psexec_psh.rb
2013-07-20 19:29:55 -04:00
RageLtMan 4554cc6e51 Import Powershell libs and modules (again)
Add Rex powershell parser:
 reads PSH, determines functions, variables, blocks
 compresses and cleans up the code it's read, obfuscates
 handles string literals and reserved variable names
 extracts code blocks and functions for reuse
  turns powersploit into a useful sub-component for MSF
Rewire Msf powershell modules
 Make use of Rex parser
 Handles payload generation, substituions
 Brings convenience methods - byte array generation and download
 Re-add .NET compiler
  Compiles .NET code (C#/VB.NET) in memory
  Can generate binary output file (dynamic persistence)
  Handles code-signing (steal cert with mimikatz, sign your bin)
  Not detected by AV (still...)
 Update payload generation
  GZip compression and decompression (see Rex module as well)
  msftidy violations for space efficiency - each char counts
Re-submit psexec-psh
 Makes use of updated Msf and Rex modules
 Runs shellcode in-memory (in a hidden PSH window)
 Completely bypasses all AVs tested for the last year...
2013-07-04 14:04:19 -04:00