f9bf4e3100
Fix pymet for unicode files and directories
...
Closes #4958
2015-03-19 17:23:00 -04:00
35d29f5d08
update linux meterpreter bins
2015-03-18 23:24:32 -05:00
076f15f933
Land #4792 @jakxx Publish It PUI file exploit
2015-03-18 20:59:54 -04:00
085e6cc815
Implemented Recommended Changes
...
-corrected spelling error
-set only option to required
-dumped header data to included file
-Used Rex for jmp values
2015-03-17 16:39:56 -04:00
bb81107e51
Land #4927 , @wchen-r7's exploit for Flash PCRE CVE-2015-0318
2015-03-13 23:58:05 -05:00
0ee0a0da1c
This seems to work
2015-03-13 04:43:06 -05:00
0c3329f69e
Back on track
2015-03-12 15:26:55 -05:00
215c209f88
Land #4901 , CVE-2014-0311, Flash ByteArray Uncompress UAF
2015-03-11 14:04:17 -05:00
43b90610b1
Temp
2015-03-11 13:53:34 -05:00
2a9d6e64e2
Starting point for CVE-2015-0318
2015-03-11 09:58:41 -05:00
cb72b26874
Add module for CVE-2014-0311
2015-03-09 16:52:23 -05:00
df80d56fda
Land #4898 , prefer URI to open-uri
2015-03-09 09:14:10 -05:00
d7295959ca
Remove open-uri usage in msf.
2015-03-05 23:45:28 -06:00
64fd818364
Land #4411 , @bcook-r7's support for direct, atomic registry key access in meterpreter
2015-03-04 10:01:33 -06:00
0988c5e691
use the correct implementation for query_value_direct
2015-03-03 22:29:23 -06:00
c498ba64e4
Added a new pair of default Tomcat credentials. QLogic's QConvergeConsole comes with a bundled Tomcat with a hard-coded username and password for the manager app.
2015-02-19 15:08:50 -06:00
b90639fd66
Land #4726 , X360 Software actvx buffer overflow
2015-02-17 11:41:23 -06:00
0597d2defb
Land #4560 , Massive Java RMI update
2015-02-17 10:07:07 -06:00
cf0589f8c6
add support for direct reg access to pymeterpreter
...
When testing this, I found that the python meterpreter hangs running the
following, with or without these changes.
```
use exploit/multi/handler
set payload python/meterpreter/reverse_tcp
set PythonMeterpreterDebug true
set lhost 192.168.43.1
exploit -j
sleep 5
use exploit/windows/local/trusted_service_path
set SESSION 1
check
```
This turned out to be that pymeterpreter ate all the rest of the data in the
recv socket by consuming 4k unconditionally. This would only be exposed if
there were multiple simultaneous requests so the recv buffer filled beyond a
single request, e.g. when using the registry enumeration functions.
2015-02-17 06:11:20 -06:00
7e9a331087
remove unused .class files
...
These were added for multi/browser/java_signed_applet, but the class
files are already packaged in a jar file, which is what is actually
used.
2015-02-12 16:08:29 -06:00
7ab7add721
bump meterpreter_bins to 0.0.14, update Linux binaries.
...
Hopefully the last manual build before packaging the Linux bins into
meterpreter_bins as well.
This includes all of the fixes and improvements over the past month.
rapid7/meterpreter#116
rapid7/meterpreter#117
rapid7/meterpreter#121
rapid7/meterpreter#124
2015-02-10 12:43:47 -06:00
1f4fdb5d18
Update from master
2015-02-10 10:47:17 -06:00
511f637b31
Call CollectGarbage
2015-02-09 14:44:31 -06:00
af405eeb7d
Land #4287 , @timwr's exploit form CVS-2014-3153
2015-02-09 10:33:14 -06:00
0e4f3b0e80
added built data/exploits/CVE-2014-3153.elf
2015-02-09 09:50:31 -06:00
a46a53acaf
Provide more space for the payload
2015-02-06 14:49:49 -06:00
414349972f
Fix comment
2015-02-06 11:34:20 -06:00
b5e230f838
Add javascript exploit
2015-02-06 11:04:59 -06:00
5b2eb986c9
Land #4678 Add post module to phish credentials
2015-02-04 23:43:02 -06:00
2fdeeb3b13
Rebuilt Java Payloads with the latest NDK/SDK and meterpreter-javapayload
...
Fix rapid7/meterpreter#95 , rebuilt with all outstanding PRs from
rapid7/metasploit-javapayload.
2015-02-02 13:09:15 -06:00
aa7f7d4d81
Add DLL source code
2015-02-01 19:59:10 -06:00
d211488e5d
Add Initial version
2015-02-01 19:47:58 -06:00
25ac9c1ed9
Add post module to phish windows user credentials
2015-01-30 19:50:04 +01:00
f9dccda75d
Delete unused files
2015-01-22 18:00:31 -06:00
75e04705d5
Land #4624 , Firefox 33-35 os.js support
2015-01-22 13:35:47 -06:00
5bfb88d55c
Update os.js to detect newer firefox versions.
2015-01-21 16:12:17 -06:00
94fda6e617
Land #4600 , jvazquez-r7's Linux meterpreter bins
2015-01-20 09:38:35 -06:00
76746eb209
New password from Hathaway
2015-01-19 21:45:47 -06:00
f12c6a1624
Update meterpreter.py
...
Read until exactly pkt_length bytes
2015-01-18 15:45:28 +02:00
d83c6ae215
Update meterpreter.py
...
Read exactly pkt_length from socket, prevents over-reading.
2015-01-18 15:29:23 +02:00
ffc676ead0
Update linux meterp binaries
2015-01-16 17:09:38 -06:00
26789fa76c
Add JMXPayload binary classes for testing
2015-01-15 17:58:09 -06:00
47cd5a3e59
Land #4562 , wchen-r7's Win8 NtApphelpCacheControl privilege escalation
2015-01-15 13:52:07 -06:00
74e8e057dd
Use RDL
2015-01-09 19:02:08 -06:00
dfdf99c8f4
Remove metcli
...
The metcli.exe binary doesn't get used any more and the source was removed
from Meterpreter ages ago. No point in having it in the repo any more.
2015-01-10 09:21:44 +10:00
ce87b126c1
Update to the latest meterpreter_bins
...
This removes checked-in sniffer extension in favor of the gem-packaged version.
It also pulls in the changes for verifying #4411
2015-01-09 16:57:10 -06:00
fce564cde2
Meh, not the debug build. Should be the release build.
2015-01-08 22:06:07 -06:00
14c54cbc22
Update DLL
2015-01-08 21:36:02 -06:00
d3738f0d1a
Add DLL
2015-01-08 17:17:55 -06:00
50ecfbf64c
Land #4553 - Update bypass UAC to work on 7, 8, 8.1, and 2012
2015-01-08 16:19:55 -06:00
3c4ec1d958
Land #4547 , rm data/meterpreter/common.lib
2015-01-08 04:52:29 -06:00
844460dd87
Update bypass UAC to work on 8.1 and 2012
...
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.
I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
2015-01-08 15:39:19 +10:00
32ddd5ccb4
delete unused library from meterpreter dir
...
common.lib is only used by the build process, not MSF
2015-01-07 16:00:37 -06:00
5480cb81f5
add updated KoreLogic rules to john.conf
...
updated our shipped john.conf to include a
more up to date version of the KoreLogic JtR rules.
They add overhead to the cracking time but are
probably some of the best/most effective JtR
rules out there.
2015-01-07 12:25:04 -06:00
7ae56865f1
Update linux meterpreter binaries for rapid7/meterpreter#111
...
This rebuilds the binaries on Ubuntu 10.04 i386 for metepreter PR #111 ,
improving the reliability and fixing some bugs in linux process migration.
Tested against Ubuntu 10.04 i386 and Ubuntu 14.04 x86_64:
```
meterpreter > ps
...
55994 48270 server 0 bcook ../metasploit-framework/server
56009 44199 bash 0 bcook -bash
56094 56009 dummy 0 bcook ./dummy
meterpreter > migrate 56094
[*] Migrating to 56094
[*] Migration completed successfully.
meterpreter > sysinfo
Computer : mint
OS : Linux mint 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:28:38 UTC 2014 (x86_64)
Architecture : x86_64
Meterpreter : x86/linux
meterpreter > ps
...
55994 48270 [server] <defunct> 0 bcook
56009 44199 bash 0 bcook -bash
56094 56009 dummy 0 bcook ./dummy
meterpreter >
```
Verified presence of call stub when debugging a session:
```
(gdb) x/32b 0x61cc28
0x61cc28: 0x90 0x90 0x90 0x90 0x90 0x90 0x90 0x90
0x61cc30: 0x90 0x90 0x90 0x90 0x90 0x90 0x90 0x90
0x61cc38: 0x90 0x90 0x68 0x04 0x00 0x00 0x00 0x68
0x61cc40: 0xff 0xff 0xff 0xff 0xb8 0x5a 0x5a 0x5a
```
2015-01-04 10:47:44 -06:00
69bda63ef6
Update linux meterpreter binaries
2015-01-01 20:05:36 -06:00
dccf189600
Update binaries
2014-12-30 18:39:29 -06:00
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
0ee20561d4
Remove file exists check from stdapi_fs_delete_file
2014-12-09 11:03:57 -06:00
42710cc32e
Error messages for the python meterpreter
2014-12-09 11:03:57 -06:00
738fc78883
Land #4220 , outlook gather post module
2014-12-07 22:41:28 +01:00
9187a409ec
outlook post module fixes
2014-12-06 00:28:44 +01:00
83b0ac0209
Fix stdapi_sys_config_getenv for Python3
2014-12-04 15:58:17 -06:00
44816b84aa
Prefer the pwd module for getuid when available
2014-12-04 15:58:17 -06:00
fc96d011ab
Python reverse_http stager, lands #4225
2014-12-02 11:47:31 -06:00
7a2c9c4c0d
Land #4263 , @jvennix-r7's OSX Mavericks root privilege escalation
...
* Msf module for the Ian Beer exploit
2014-11-30 21:13:07 -06:00
7772da5e3f
Change paths, add makefile and compile
2014-11-30 21:06:11 -06:00
f5f32fac06
Add token fiddling from nishang
2014-11-28 23:02:59 +00:00
48a5123607
Merge remote-tracking branch 'upstream/master' into pr4233_powerdump
2014-11-27 20:08:11 +00:00
7a3fb12124
Add an OSX privilege escalation from Google's Project Zero.
2014-11-25 12:34:16 -06:00
830af7f95e
identified instances of tabs vs spaces in the original
...
identified 16 instances in the original code where tab was used vs spaces. updated to keep consistent.
2014-11-25 12:17:43 -06:00
705bd42b41
tab to space change - line 296
2014-11-22 14:48:44 -06:00
900aa9cd6b
powerdump.ps1 bug - corrupt hash fix
...
Fixed the bug where the hashes are not being extracted correctly when LM is disabled and history is enabled.
Rather than relying on length, LM and NT headers are checked. Four bytes at 0xa0 show if LM exists and four bytes at 0xac show if NT exists. Details on this known issue can be found in the following whitepaper from blackhat:
https://media.blackhat.com/bh-us-12/Briefings/Reynolds/BH_US_12_Reynods_Stamp_Out_Hash_WP.pdf
2014-11-18 23:10:57 -06:00
2b36c1bb43
Fix pymeterp bugs from testing in osx and python3
2014-11-17 14:04:30 -05:00
1d8b746d89
Adds new TFTP file names, submitted by Chris McNab
2014-11-16 18:47:11 -06:00
0bf93acf6b
Pymeterp http proxy and user agent support
2014-11-16 14:29:20 -05:00
e562883ba9
Escape inserted vars and fix core_loadlib
2014-11-15 15:06:18 -05:00
7c14e818f6
Patch pymeterp http settings
2014-11-14 17:12:23 -05:00
681ae8ce6b
Pymet reverse_http stager basic implementation
2014-11-14 14:15:46 -05:00
6b2387b7fc
Prepare for a reverse_http stager
2014-11-14 11:15:22 -05:00
c35dc2e6b3
Add module for CVE-2014-6352
2014-11-12 01:10:49 -06:00
adad3809cc
Rename logo file
2014-11-11 16:07:44 -06:00
329ea4fe01
the masterpiece is complete
2014-11-11 15:35:36 -06:00
7edc248207
Don't fail if username_from_token returns None
2014-11-10 09:15:16 -05:00
104841babf
Add getsid to the python meterpreter
2014-11-08 20:57:24 -05:00
c2391bf011
Add an R in /Info for the trailer dictionary to make it readable
2014-11-05 22:28:37 -06:00
1b2554bc0d
Add a default template for CVE-2010-1240 PDF exploit
2014-11-05 17:08:38 -06:00
f43a6e9be0
Use PDWORD_PTR and DWORD_PTR
2014-10-31 17:35:50 -05:00
8e547e27b3
Use correct types
2014-10-31 12:37:21 -05:00
9b61ae5f63
This is halloween.
...
THISISHALLOWEEN=1 ./msfconsole
2014-10-30 23:35:12 -05:00
6574db5dbb
Fix the 64 bits code
2014-10-30 17:01:59 -05:00
03a84a1de3
Search the AccessToken
2014-10-30 12:17:03 -05:00
908094c3d3
Remove debug, treat warnings as errors
2014-10-28 09:04:02 +10:00
0a03b2dd48
Final code tidy
2014-10-28 08:59:33 +10:00
626cd55b5e
Land #4073 , improved banner selection
2014-10-27 14:20:10 -05:00
04a99f09bb
Land #4064 , Win32k.sys NULL Pointer Dereference
2014-10-27 14:01:07 -04:00
042d29b1d6
Compile binaries in house
2014-10-27 12:18:33 -05:00
4406972b46
Do version checking minor cleanup
2014-10-27 09:32:42 -05:00
0aaebc7872
Make GetPtiCurrent USER32 independent
2014-10-26 18:51:02 -05:00
34697a2240
Delete 'callback3' also from 32 bits version
2014-10-26 17:28:35 -05:00
7416c00416
Initial addition of x64 target for cve-2014-4113
2014-10-26 16:54:42 -04:00
91dc875af5
Remove seemingly useless file among banners
2014-10-24 13:11:58 -04:00
c1a61e3b4e
Support an MSFLOGO env var and logo enumeration
2014-10-24 13:07:28 -04:00
82f41d56a6
Add [user_]logos_directory to Msf::Config
2014-10-24 10:52:05 -04:00
34f29f218c
really resolve merge conflicts
2014-10-23 21:51:33 -05:00
a75186d770
Add module for CVE-2014-4113
2014-10-23 18:51:30 -05:00
bf8dce574a
Add ppsx template
2014-10-16 17:55:22 -05:00
056ee4f207
Land #3958 , kill command for pyterp
2014-10-07 10:58:37 -05:00
766a69e310
Add sys_process_kill to the python meterpreter
2014-10-07 10:10:22 -04:00
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
7da22d064d
Remove an unnecessary var and fix process_close
2014-10-02 20:52:45 -04:00
135bed254d
Update BrowserExploitServer for JSObfu
2014-09-20 17:59:36 -05:00
87aeac2b13
Fix syntax error in os.js, specs ftw.
2014-09-12 11:01:08 -05:00
8e091b6da0
Add support for ff 29 - 32 feature.
2014-09-11 22:01:36 -05:00
4fc1ec09c7
Land #3759 , Android UXSS, with ref/desc fixes
...
Incidentally, this also closes jvennix-r7#14 (let's see if I can close a
PR by merging from another repo!)
Also fixes #3782 (opened by accident).
2014-09-11 14:27:51 -05:00
7793ed4fea
Add some common UXSS scripts.
2014-09-09 02:31:27 -05:00
288a891665
Add the 'guest' IPMI user
...
The 'guest' IPMI user exists on many Cisco Unified Computing Server (UCS) implementations.
2014-09-01 07:01:06 -05:00
05f0d09828
Merge branch staging/electro-release into master
...
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master. Rather than merging with
history, he squashed all history into two commits (see
149c3ecc6382760bf5b319ba7772f362b81d681448f0743d1b
2014-08-22 10:50:38 -05:00
19ba7772f3
Revert "Various merge resolutions from master <- staging"
...
This reverts commit 149c3ecc63
2014-08-22 10:17:44 -05:00
6d92d701d7
Merge feature/recog into post-electro master for this PR
2014-08-16 01:19:08 -05:00
149c3ecc63
Various merge resolutions from master <- staging
...
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
af3ca19ab2
Land #3501 , @AnwarMohamed's android meterpreter commands.
2014-08-09 16:29:59 -05:00
91bb0b6e10
Metasploit Framework 4.9.3-2014072301
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
/lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
aJ0QgKJz8thZgafZc89I
=e1z9
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
AjGcfOzhhcsY+WAQ7OG+
=Pjob
-----END PGP SIGNATURE-----
Merge tag '2014072301' into staging/electro-release
Conflicts:
Gemfile.lock
modules/post/windows/gather/credentials/gpp.rb
This removes the active flag in the gpp.rb module. According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
2b46e76e85
Recompiled again.
2014-07-27 22:23:26 -07:00
ae1f498aae
Check in new android binaries.
2014-07-27 13:22:12 -07:00
8cabc753a9
Replace hpricot by nokogiri
2014-07-17 00:14:07 +02:00
52a29856b3
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-16 09:38:44 -05:00
77be5d3e0a
Land #3520 : Update Linux Meterpreter Binaries
...
Includes fixes for the sniffer which stop it breaking on x64 and make
it work with the `any` interface.
[FixRM #6355 ]
2014-07-15 09:27:30 +10:00
de22aeba41
Land #3481 , meterpreter bins
2014-07-14 15:57:52 -05:00
31c447e217
Update binaries
2014-07-14 08:50:30 -05:00
074632043f
Update meterpreter binaries
2014-07-10 16:36:48 -05:00
038d1e210a
Merge upstream/master to deconflict.
...
Conflicts:
Gemfile.lock
2014-07-09 17:43:42 -05:00
34dcb609e2
android extension
2014-07-08 04:52:06 +02:00
aeda74f394
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-07 16:41:23 -05:00
bdf27b1834
Fix up the TLVs that are now QWORD values in MSF
...
Various values were adjusted to become QWORD values in MSF an windows
meterpreter, but the changes were not ported over to python, php and
java. This commit fixes this inconsistency.
2014-07-07 10:42:58 -05:00
ab7848a895
Merge master for testing of #2809
2014-07-06 22:27:58 -05:00
43d65cc93a
Merge branch 'master' into feature/recog
...
Resolves conflicts:
Gemfile
data/js/detect/os.js
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
41cd5527c8
Close the server socket in php bind stager
...
This was previously left dangling, which leaves the port open, but
doesn't do anything with subsequent connections.
2014-07-03 16:52:09 -05:00
9246f7a0ce
Strip the NULL that PHP no longer strips
...
As of PHP 5.5.0, unpack("a", ...) no longer strips the NULL byte from
the end of the string. A new format specifier, Z, was introduced to
perform the old behavior, but we don't have a good way to test for its
existence. Instead, just remove it with str_replace
2014-07-03 15:58:05 -05:00
8b63d3d467
Revert the revert of #3446
...
This reverts commit 9b35b0e13a
2014-06-29 17:22:21 -05:00
b680674b95
Merge branch 'master' into staging/electro-release
2014-06-27 11:55:57 -05:00
ce5d3b12e7
Land #3403 - MS13-097 Registry Symlink IE Sandbox Escape
2014-06-26 13:48:28 -05:00
0b6f7e4483
Land #3404 - MS14-009 .NET Deployment Service IE Sandbox Escape
2014-06-26 11:45:47 -05:00
9b35b0e13a
Revert "Land #3446 -- Meterpreter bins gem switch" due to build failures
...
This reverts commit bba8bd3498002234993f
2014-06-25 13:24:07 -05:00
fbb6808b1a
Re-add common.lib and ext_server_sniffer DLLs
...
These are not currently included in meterpreter_bins. Figure this out
with @cdoughty-r7 , probably just an oversight.
2014-06-19 16:10:22 -05:00
88b482118d
Remove local Meterpreter Windows binaries
2014-06-19 16:05:53 -05:00
b606448976
Merge branch 'feature/MSP-9689/jtr_cracker' into staging/electro-release
2014-06-19 10:14:57 -05:00
1c5cfeebb3
adding template and src for elf 64 shared object payload target
2014-06-19 00:38:16 -05:00
41f7bc1372
add common root words wordlist
...
this adds a new wordlist to the data directory.
This wordlist is compiled from statistical analysis of
common Numeric passwords and Common rootwords across
6 years of colleted password breach dumps. Every word in
this list has been seen thousands of times in password
breaches
2014-06-14 14:13:59 -05:00
af9028e867
Add Meterpreter bins for PR76
...
These are the binaries generated for rapid7/meterpreter#76 , against
commit 2776adb8b91d9967983033c0e770c46a10a68002
These bins are need to make #3416 actually functional
2014-06-12 14:29:40 -05:00
2a7227f443
Land #3427 - Adds webcam module for firefox privileged sessions on OSX
2014-06-11 22:27:25 -05:00
d868294d5b
MEM_RESERVE too
2014-06-08 17:37:57 +01:00
9d08ebe273
Fix VirtualAlloc call on PSH old template
2014-06-08 11:09:03 -05:00
a33de66da4
Fix transparent background, add VISIBLE option.
2014-06-06 16:52:00 -05:00
d990fb4999
Remove a number of stray edits and bs.
2014-06-06 16:24:45 -05:00
7c762ad42c
Fix some minor bugs in webrtc stuff, inline API code.
2014-06-06 16:18:39 -05:00
d9a5002bd3
Merge branch 'release'
...
Updates meterpreter bins and closes #3425 and #3423 .
2014-06-05 17:33:11 -05:00
97a70e49c8
Roll back the jar/py changes
2014-06-05 17:31:02 -05:00
737f06f600
Add Meterpreter bins for release branch.
...
This contains the same bins as #3423 , but it is targeted at the release
branch for rapid7/metasploit-framework.
2014-06-05 17:17:32 -05:00
6c7fd3642a
Land #3411 , Python 3.[34] Meterpreter support
2014-06-03 11:34:22 -05:00
b8a2cf776b
Do test
2014-06-03 09:52:01 -05:00
05ed2340dc
Use powershell
2014-06-03 09:29:04 -05:00
f918bcc631
Use powershell instead of mshta
2014-06-03 09:01:56 -05:00
7f4702b65e
Update from rapid7 master
2014-06-02 17:41:41 -05:00
d0d389598a
Land #3086 , Android Java Meterpreter updates
...
w00t.
2014-06-02 17:28:38 -05:00
4840a05ada
Update from rapid7 master
2014-06-02 17:17:00 -05:00
b84297980d
Pymeterpreter use print_exc and not print_exception
2014-06-02 16:50:54 -04:00
d2b8706bd6
Include meterpreter bins, add Sandbox builds
...
This commit contains the binaries that are needed for Juan's sandbox
escape functionality (ie. the updated old libloader code). It also
contains rebuilt binaries for all meterpreter plugins.
I've also added command line build scripts for the sandbox escapes
and added that to the "exploits" build.
2014-05-31 08:12:34 +10:00
77eac38b01
Pymeterpreter fix processes_via_proc for Python v3
2014-05-30 16:32:03 -04:00
4f5ab2c596
Pymeterpreter support process channels for Python v3
2014-05-30 14:35:47 -04:00
e2cc2fece0
Pymeterpreter update win reg functions for python v3
2014-05-30 10:51:36 -04:00
1dbd36a3dd
Check for the .NET dfsvc and use %windir%
2014-05-30 09:02:43 -05:00
04e94b0c07
Fix meterpreter and file tests for Python v3.4 on Win
2014-05-29 16:42:28 -04:00
15dc33591b
In pymeterpreter use a MeterpreterFile obj for Py v3
2014-05-29 15:09:09 -04:00
d8dcfd8f41
Update pymeterpreter netlink to support python3
2014-05-29 13:48:15 -04:00
e145298c13
Add module for CVE-2014-0257
2014-05-29 11:45:19 -05:00
6e122e683a
Add module for CVE-2013-5045
2014-05-29 11:42:54 -05:00
145776db4d
Add a DEBUGGING option to the python meterpreter
2014-05-29 10:52:49 -04:00
15b1c79039
Adjust whitespace and set bytes to str for Python 2
2014-05-28 16:30:27 -04:00
eda8a90cea
Fix merge issues with os.js
2014-05-19 13:04:36 -05:00
ddc8a4f103
Merge branch 'master' of github.com:rapid7/metasploit-framework into feature/recog
2014-05-19 11:42:30 -05:00
9b29c572a7
Comments dont work with auth_brute.rb
2014-05-18 21:14:17 +02:00
c9bb2d5165
Added headers to files
2014-05-18 20:55:50 +02:00
97b63d708c
Corrected naming to be in line with msf convention
2014-05-18 18:18:23 +02:00
7d79f8a4c2
Removed wrongly named list.
2014-05-18 18:15:17 +02:00
d7bf66973c
Fixed userpass delimiters.
2014-05-18 18:13:03 +02:00
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
6ec926b573
Added separate users/pass/userpass dictionaries
2014-05-18 10:18:07 +02:00
af82ae262c
Added a large default password list for services.
2014-05-16 23:27:18 +02:00
5fd732d24a
Add module for CVE-2014-0515
2014-05-07 17:13:16 -05:00
6bfc9a8aa0
Land #3333 - Adobe Flash Player Integer Underflow Remote Code Execution
2014-05-05 10:39:26 -05:00
7e37939bf2
Land #3090 - Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
2014-05-04 16:41:17 +10:00
b4c7c5ed1f
Add module for CVE-2014-0497
2014-05-03 20:04:46 -05:00
06c8082187
Use signed binary
2014-05-02 14:45:14 +01:00
4bd2dabfcd
Land #3121 , new kiwi extension, with compiled bins
...
See also rapid7/meterpreter#79
2014-04-29 17:53:37 -05:00
60e7e9f515
Add module for CVE-2013-5331
2014-04-27 10:40:46 -05:00
5c0664fb3b
Land #3292 - Mac OS X NFS Mount Privilege Escalation Exploit
2014-04-24 13:43:20 -05:00
143aede19c
Add osx nfs_mount module.
2014-04-23 02:32:42 -05:00
acb12a8bef
Beautify and fix both ruby an AS
2014-04-17 23:32:29 -05:00
91d9f9ea7f
Update from master
2014-04-17 15:32:49 -05:00
749e141fc8
Do first clean up
2014-04-17 15:31:56 -05:00
abd76c5000
Add module for CVE-2014-0322
2014-04-15 17:55:24 -05:00
0b23fc2c40
Revert "Use actual vars so that jsobfu can randomize."
...
This reverts commit b9284c5635
2014-04-11 16:51:29 -05:00
68a50e3663
Land #3224 - Fixes large-string expansion in JSObfu
2014-04-10 12:09:22 -05:00
b9284c5635
Use actual vars so that jsobfu can randomize.
2014-04-09 16:56:10 -05:00
85197dffe6
MS14-017 Word RTF listoverridecount memory corruption
2014-04-08 14:44:20 -04:00
2e4c2b1637
Disable Android 4.0, add arch detection.
...
Android 4.0, it turns out, has a different echo builtin than the other androids.
Until we can figure out how to drop a payload on a 4.0 shell, we cannot support it.
Arch detection allows mips/x86/arm ndkstagers to work, unfortunately
x86 ndkstager was not working, so it is disabled for now.
2014-04-07 09:44:43 -05:00
4d69f80728
Update explib2.js
...
Remove a few lines
2014-04-02 23:07:29 -05:00
74554ed805
Land #3174 , @wchen-r7's object detection for ie11
2014-04-02 15:27:13 -05:00
577bd7c855
Land #3146 , @wchen-r7's flash version detection code
2014-04-02 15:13:41 -05:00
5ffcfb22fa
Add object detection for IE11
...
While working on some stuff with IE11, I realized this is very
necessary.
2014-04-02 02:21:16 -05:00
7e227581a7
Rework OS fingerprinting to match Recog changes
...
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.
This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
389ad7aca3
Land #3155 - Explib2
2014-03-28 18:31:40 -05:00
4f5944cfb8
Add JavaScript detection for Adobe Flash
2014-03-28 14:31:21 -05:00
ce02f8a7c5
Allow easier control of sprayed memory
2014-03-28 11:58:41 -05:00
b0bbe3f6a9
Add explib2 with some fixes into metasploit
2014-03-28 10:44:13 -05:00
4c44f69e86
Undo the IE8/IE7 objection detection
2014-03-27 15:01:03 -05:00
fc1432fe53
This is probably the right way to do it for ie7/8
2014-03-27 13:53:24 -05:00
9c54421679
Update IE8/IE7 object detection
2014-03-27 13:34:07 -05:00
8df96a419b
Make IE10 detection safer for older IEs
2014-03-27 13:31:15 -05:00
1f90115c8f
Add default detection for IE 9 and IE 10
...
How it's done:
On IE10, which should come first before the IE 9 check, the nodeName
function always returns the name in uppercase.
One IE9, the "Object doesn't support property or method" error always
repeats the name of the invalid method.
2014-03-27 00:15:36 -05:00
46f7e6060f
Add the updated bins from timwr.
2014-03-25 09:39:53 -07:00
c71d52e769
Merge branch 'pr-android-bins' of https://github.com/jvennix-r7/metasploit-framework into new-android-bins
2014-03-25 09:35:25 -07:00
8c707b20e0
Add support for specific builds of MSIE 9 on Win 7 SP1
...
These IE9 versions are vulnerable to MS14-012 (see #3120 ). If we don't
add them, then os_detect might recognize the target as IE 8, and fail.
2014-03-19 21:54:36 -05:00
05436dc2c5
Refresh binaries for Meterpreter
...
This includes:
rapid7/meterpreter#69
rapid7/meterpreter#70
rapid7/meterpreter#75
rapid7/meterpreter#77
rapid7/meterpreter#78
As of commit: 45bcbd13a1e0215647f6a61631652b686931bba8
2014-03-19 08:57:04 -05:00
8e4708b51b
Add support for firefox 28.
2014-03-18 11:26:24 -05:00
409787346e
Bring build tools up to date, change some project settings
...
This commit brings the source into line with the general format/settings
that are used in other exploits.
2014-03-14 22:57:16 +10:00
6438b9372c
Land #3067 , python meterp net.config additions
2014-03-13 13:03:43 -05:00
6309c4a193
Metasploit LLC transferred assets to Rapid7
...
The license texts should reflect this.
2014-03-13 09:47:52 -05:00
5ea26688d7
Fix a syntax error for Python 2.4
2014-03-11 15:22:52 -04:00
f3493ce220
Merge branch 'master' into pymeterpreter-net
...
Conflicts:
data/meterpreter/ext_server_stdapi.py
2014-03-11 15:15:02 -04:00
e874223421
Land #3083 , fix pymet when ctypes isn't available
2014-03-11 14:31:44 -04:00
679cb03ac3
Yank armeabi-v7a bins.
2014-03-11 13:09:50 -05:00
b431bf3da9
Land #3052 - Fix nil error in BES
2014-03-11 12:51:03 -05:00
b87c2dca0b
Use older hash modules when hashlib isn't there
2014-03-11 12:25:54 -05:00
4f31eba7f4
android payload golf
2014-03-10 21:50:00 -05:00
66ff5998a5
New multi-arch stagers.
2014-03-10 21:49:56 -05:00
60b5191873
New meterpreter bins for testing.
2014-03-10 21:49:14 -05:00
667bed8905
New multi-arch stagers.
2014-03-10 18:50:27 -07:00
75c94cc5d7
Derp
2014-03-10 16:30:55 -05:00
e508079aff
Don't crash when ctypes isn't available
2014-03-10 16:10:24 -05:00
6616d36d63
New meterpreter bins for testing.
2014-03-07 13:21:30 -08:00
2a1e96165c
Adding MS013-058 for Windows7 x86
2014-03-06 18:39:34 +00:00
05067b4e33
Oops. Need to init the profile before accessed.
2014-03-06 11:48:54 -06:00
3d7bc6c589
Remove form_post.js.
2014-03-05 23:35:54 -06:00
096d6ad951
Land #3055 , heapLib2 integration
2014-03-05 15:48:13 -06:00
1dea1c030e
Add interface support via OSX SystemConfiguration
2014-03-05 13:59:13 -05:00
5790547d34
Start undoing some work.
2014-03-04 17:01:53 -06:00
0834102e2b
Support tcp server channels and add a python MeterpreterSocket
2014-03-04 13:31:29 -05:00
3360f7004d
Update form_post vars, add Expires to cookie.
2014-03-03 23:29:02 -06:00
Spencer McIntyre
Brent Cook
jakxx
jvazquez-r7
sinn3r
Tod Beardsley
joev
Ferenc Spala
scriptjunkie
wez3
William Vu
Joe Vennix
eyalgr
OJ
David Maloney
Christian Mehlmauer
HD Moore
Meatballs
Peter Marszalik
Joshua Smith
James Lee
Tom Sellers
Brandon Turner
Samuel Huckins
Sam
AnwarMohamed
Chris Doughty
navs
Tonimir Kisasondi
Tim
kyuzo