infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
30,260 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

789 Commits (e3450d71defa2cd4b7e88f043749109769089eb5)

Author SHA1 Message Date
AnwarMohamed b45524ecdd generate cert @ payload/dalvik.rb 2014-03-10 21:50:00 -05:00
AnwarMohamed 99cc94e6fc moving string_sub() to payload/dalvik.rb 2014-03-10 21:49:59 -05:00
AnwarMohamed dc8992924f android reverse_http/s 2014-03-10 21:49:59 -05:00
joev 46c11ea2eb Small fixes to m-1-k-3's mipsle reboot shellcode. 2014-03-10 17:17:23 -05:00
joev 7da54eb9cf
Merge branch 'landing-3041' into upstream-master 
Lands PR #3041, @m-1-k-3's reboot shellcode.
 2014-03-10 17:11:06 -05:00
root 3c95c021d0 Reference added 2014-03-10 12:17:20 +01:00
root 1fda6b86a1 Changed cmp eax by inc eax. Saved one byte 2014-03-10 12:13:10 +01:00
sinn3r caaa419ef8
Land #3054 - Fix crash in osx/x64/exec on 10.9 Mavericks 2014-03-04 15:24:02 -06:00
OJ f0868c35bf
Land #3050 - Fix tained perl payloads 2014-03-04 10:05:47 +10:00
Joe Vennix 6a02a2e3b3 NULL out envp pointer before execve call. 
This was causing a crash on 10.9.
 2014-03-03 08:56:52 -06:00
Sagi Shahar 8c4b663643 Fix payloads to bypass Perl's Taint mode. 2014-03-02 18:39:05 +02:00
jvazquez-r7 6c490af75e Add randomization to Rex::Zip::Jar and java_signed_applet 2014-02-27 12:38:52 -06:00
Michael Messner d6b28e3b74 mipsel reboot payload 2014-02-26 20:34:35 +01:00
root b4a22aa25d hidden bind shell payload 2014-02-20 16:19:40 +01:00
jvazquez-r7 e75a0ea948 Fix typo 2014-02-19 15:21:02 -06:00
jvazquez-r7 aa07065f67
Land #2959, reverse powershell payload by @Meatballs1 2014-02-19 15:14:54 -06:00
jvazquez-r7 9fad43da08 Add license information 2014-02-19 15:11:12 -06:00
scriptjunkie c0983138a0 Fix wrapping errors on long domains. 2014-02-15 15:21:16 -06:00
scriptjunkie b0d2949f9a Ensure no race conditions on handlers 
Configurable WfsDelay
 2014-02-15 15:21:16 -06:00
scriptjunkie 62f42c57a9 Add instructions for uploading hop.php 2014-02-15 15:21:16 -06:00
scriptjunkie 5f7a0e162c Add reverse_hop_http stager and handler 2014-02-15 15:21:16 -06:00
jvazquez-r7 1f0020a61c
Land #2946, @jlee-r7's optimization of the x86 block_api code 2014-02-11 15:00:00 -06:00
Meatballs 9f04e0081d
Stick with command let encoder handle encoding 2014-02-08 19:28:03 +00:00
Meatballs 93b07b0e48
Add missing RequiredCmds 2014-02-08 12:24:49 +00:00
Meatballs 80814adaf9
Credit where credits due 2014-02-08 01:42:45 +00:00
Meatballs efe4d6b41a
Tidyup 2014-02-08 01:03:02 +00:00
Meatballs 2d1a0c3a01
Windows CMD love too 2014-02-08 01:00:31 +00:00
James Lee 14aa8ffd5c
Apply blockapi changes to bind_tcp and bind_tcp_rc4 2014-02-04 17:45:18 -06:00
sinn3r bda93c2bbc
Land #2811 - Add generate_war to jsp_shell payloads 2014-02-04 15:06:45 -06:00
James Lee 20b8062220
Apply blockapi changes to reverse_tcp_rc4 2014-02-04 12:30:56 -06:00
James Lee c70680cf1c
Fix infinite-retry bug 
Derp, block_api clobbers ecx
 2014-02-04 11:59:16 -06:00
James Lee 9c3664bd45
Unify reverse_http and reverse_https 
This will make copy-pasta less painful in the future.  There's still the
problem of reverse_https_proxy being very similar, but the logic in how
it gets generated in the module is more than i want to tackle right now
 2014-02-04 09:09:12 -06:00
James Lee f163bc7f7a
Unbreak reverse_https_proxy 
Broken by #2448, 063da8a22e
 2014-02-03 15:07:59 -06:00
James Lee be0b9fc2f8 Use the new block_api in windows/reverse_tcp 2014-02-03 11:34:52 -06:00
James Lee bfc0ac4dd4 Golf a few bytes off of reverse_http(s) 2014-02-03 11:33:55 -06:00
joev 1197426b40
Land PR #2881, @jvazquez-r7's mips stagers. 2014-01-15 12:46:41 -06:00
joev 0833da465a
Lands #2832, @jvazquez-r7's fixes to mipsel shellcode. 2014-01-15 12:03:17 -06:00
jvazquez-r7 a056d937e7 Fluch data cache and improve documentation 2014-01-14 14:06:01 -06:00
jvazquez-r7 a8806887e9 Add support for MIPS reverse shell staged payloads 2014-01-14 12:25:11 -06:00
sinn3r ad832adfc1
Land #2846 - Update mipsle shell_bind_tcp shellcode 2014-01-13 17:37:08 -06:00
William Vu 61b30e8b60
Land #2869, pre-release title/desc fixes 2014-01-13 14:29:27 -06:00
Tod Beardsley e6e6d7aae4
Land #2868, fix Firefox mixin requires 2014-01-13 14:23:51 -06:00
Tod Beardsley 671027a126
Pre-release title/desc fixes 2014-01-13 13:57:34 -06:00
Joe Vennix 3db143c452 Remove explicit requires for FF payload. 
Adds ff payload require to msf/core/payload.rb
 2014-01-13 13:07:55 -06:00
jvazquez-r7 95a5d12345 Merge #2835, #2836, #2837, #2838, #2839, #2840, #2841, #2842 into one branch 2014-01-13 10:57:09 -06:00
sinn3r 140d1fbf90
Land #2847 - Add MIPS big endian single shell_bind_tcp payload 2014-01-10 15:06:35 -06:00
sinn3r 202e19674c
Land #2856 - Fix ARMLE stagers 2014-01-10 15:05:03 -06:00
sinn3r 96ba41a4b0
Land #2844 - Fix the mipsbe shell_reverse_tcp payload 2014-01-10 15:00:39 -06:00
jvazquez-r7 4e8092aceb Fix armle stagers 2014-01-09 17:34:59 -06:00
jvazquez-r7 a0879b39e0 Add mips be shell_bind_tcp payload 2014-01-08 14:48:54 -06:00
jvazquez-r7 1727b7fb37 Allow the Msf::Payload::Linux's generate to make its work 2014-01-08 12:41:10 -06:00
jvazquez-r7 83e5169734 Don't use temporal register between syscals and save some bytes on the execve 2014-01-08 11:45:27 -06:00
jvazquez-r7 5f7582b72d Don't use a temporary registerfor the dup2 loop counter 2014-01-07 18:02:55 -06:00
jvazquez-r7 c2dce19768 Don't use a temporary registerfor the dup2 loop counter 2014-01-07 17:39:27 -06:00
jvazquez-r7 a85492a2d7 Fix my own busted dup2 sequence 2014-01-07 16:27:01 -06:00
Joe Vennix fb1a038024 Update async API to actually be async in all cases. 
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
 2014-01-07 16:17:34 -06:00
jvazquez-r7 3230b193e1 Make better comment 2014-01-07 15:32:46 -06:00
jvazquez-r7 80dcda6f76 Fix bind call 2014-01-07 15:31:42 -06:00
Niel Nielsen d567737657 Update reverse_tcp_rc4_dns.rb 
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
 2014-01-07 22:12:38 +01:00
Niel Nielsen 385ae7ec38 Update reverse_tcp_rc4.rb 
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
 2014-01-07 22:11:16 +01:00
Niel Nielsen 693d95526b Update bind_tcp_rc4.rb 
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
 2014-01-07 22:09:53 +01:00
jvazquez-r7 b5524654d5 Delete comment 2014-01-07 14:50:26 -06:00
jvazquez-r7 45c86d149f Modify authors field 2014-01-07 14:50:12 -06:00
jvazquez-r7 d6639294aa Save some instructions with dup2 2014-01-07 14:41:33 -06:00
jvazquez-r7 9cf221cdd6 Delete delay slots after syscall 2014-01-07 13:18:20 -06:00
jvazquez-r7 70d4082c0c Add formatting blank lines and delete comment 2014-01-07 09:55:36 -06:00
jvazquez-r7 3edd2a50e2 Shorter mipsle shell_reverse_tcp 2014-01-07 09:45:28 -06:00
Joe Vennix 3b29c370bd Fix bug in the firefox/exec payload. 2014-01-05 11:24:41 -06:00
Joe Vennix 4329e5a21e Update firefox payloads to use async runCmd. 2014-01-04 08:49:43 -06:00
Joe Vennix fdca396bc8 Update exec to be diskless. 2014-01-04 08:48:58 -06:00
Joe Vennix a5ebdce262 Add exec payload. Cleans up a lot of code. 
Adds some yardocs and whatnot.
 2014-01-03 18:23:48 -06:00
jvazquez-r7 f5f18965b9 Move the require to the payloads as ruby and nodejs payloads do 2014-01-02 16:05:03 -06:00
Joe Vennix 06fb2139b0 Digging around to get shell_command_token to work. 2014-01-02 14:05:06 -06:00
Joe Vennix 12fece3aa6 Kill unnecessary comment. 2014-01-02 10:48:28 -06:00
Joe Vennix 1f9ac12dda DRYs up firefox payloads. 2014-01-02 10:48:28 -06:00
Joe Vennix 821aa47d7e Add firefox paylods. 
* Adds support for windows or posix shell escaping.
 2014-01-02 10:48:28 -06:00
jvazquez-r7 0725b9c69c Refactor JSP payloads 2013-12-31 08:27:37 -06:00
jvazquez-r7 aa38a23921 Add generate_war to jsp_shell payloads 2013-12-30 13:53:58 -06:00
OJ 0db062a1ce
Merge branch 'meatballs-vncdll-submodule' 2013-12-20 18:29:27 +10:00
OJ 34cdec5155
Update project VS 2013, clean CLI build 
* Project system updated to VS 2013.
* Clean builds, had to remove a bunch of warnings.
* `make.bat` for building from the command line.
* Removed RDI stuff that shouldn't be there any more.
* Renamed the x86 DLL to include the platform name.
 2013-12-20 09:49:15 +10:00
William Vu 252909a609
Land #2448, @OJ's ReverseListenerBindPort :) 2013-12-17 11:24:09 -06:00
sinn3r f1c5ab95bf
Land #2690 - typo 2013-11-25 23:53:34 -06:00
William Vu 70139d05ea Fix missed title 2013-11-25 22:46:35 -06:00
William Vu e8eb983ae1 Resplat shell_bind_tcp_random_port 2013-11-20 14:48:53 -06:00
William Vu 2c485c509e Fix caps on module titles (first pass) 2013-11-15 00:03:42 -06:00
Geyslan G. Bem 28c5dd63fd references fix 2013-11-11 17:14:50 -03:00
Geyslan G. Bem 8f6917a117 references fix 2013-11-11 17:12:45 -03:00
Geyslan G. Bem e3641158d9 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-11-11 14:29:19 -03:00
Geyslan G. Bem 030fbba539 Merge branch 'master' of https://github.com/geyslan/metasploit-framework 2013-11-11 14:22:00 -03:00
Tod Beardsley 81a7b1a9bf
Fixes for #2350, random bind shellcode 
* Moved shortlink to a reference.
  * Reformat e-mail address.
  * Fixed whitespace
  * Use multiline quote per most other module descriptions

Still need to resplat the modules, but it's no big thang to do that
after landing. Also, References do not seem to appear for post modules
in the normal msfconsole. This is a bug in the UI, not for these modules
-- many payloads would benefit from being explicit on their references,
so may as well start with these.
 2013-11-11 10:33:15 -06:00
OJ 063da8a22e Update reverse_https_proxy stager/handler 
This change updates the proxy handler code, which for some reason was
ommitted in the orginal commits. This now uses the same mechanism as
the new code. It removes `HIDDENHOST` and `HIDDENPORT`, and instead
uses `ReverseListenerBindHost` and `ReverseListenerBindAddress`.
 2013-11-11 22:21:05 +10:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib 
It wasn't just cmdstager_printf.rb. :/
 2013-10-30 19:51:25 -05:00
sinn3r 1599d1171d
Land #2558 - Release fixes 2013-10-21 13:48:11 -05:00
Tod Beardsley bce8d9a90f
Update license comments with resplat. 2013-10-21 13:36:15 -05:00
Tod Beardsley c070108da6
Release-related updates 
* Lua is not an acronym
  * Adds an OSVDB ref
  * credit @jvazquez-r7, not HD, for the Windows CMD thing
 2013-10-21 13:33:00 -05:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
sinn3r cacaf40276
Land #2542 - D-Link DIR-605L Captcha Handling Buffer Overflow 2013-10-21 12:03:07 -05:00
sinn3r 6430fa3354
Land #2539 - Support Windows CMD generic payload 
This also upgrades auxiliary/admin/scada/igss_exec_17 to an exploit
 2013-10-21 11:26:13 -05:00
William Vu 5a0b8095c0
Land #2382, Lua bind and reverse shells 2013-10-18 17:11:37 -05:00
jvazquez-r7 be1d6ee0d3 Support Windows CMD generic payload 2013-10-17 14:07:27 -05:00
jvazquez-r7 3d3a7b3818 Add support for OSVDB 86824 2013-10-17 01:08:01 -05:00
Tod Beardsley f0aedd932d
More stragglers 2013-10-16 16:29:55 -05:00
Tod Beardsley ba2c52c5de
Fixed up some more weird splat formatting. 2013-10-16 16:25:48 -05:00
Tod Beardsley 5d86ab4ab8
Catch mis-formatted bracket comments. 2013-10-15 14:52:12 -05:00
Tod Beardsley ed0b84b7f7
Another round of re-splatting. 2013-10-15 14:14:15 -05:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat 
[SeeRM #8496]
 2013-10-15 13:51:57 -05:00
sinn3r e10dbf8a5d
Land #2508 - Add nodejs payloads 2013-10-14 12:23:31 -05:00
joev c7bcc97dff Add SSL support to #nodejs_reverse_tcp. 2013-10-12 03:32:52 -05:00
joev 6440a26f04 Move shared Node.js payload logic to mixin. 
- this fixes the recursive loading issue when creating a payload
  inside the cmd payload
- also dries up some of the node cmd invocation logic.
 2013-10-12 03:19:06 -05:00
Meatballs 9ca9b4ab29
Merge branch 'master' into data_dir 
Conflicts:
	lib/msf/core/auxiliary/jtr.rb
 2013-10-10 19:55:26 +01:00
joev 1e78c3ca1a Add missing require to nodejs/bind payload. 2013-10-09 11:39:05 -05:00
Tod Beardsley 4266b88a20
Move author name to just 'joev' 
[See #2476]
 2013-10-07 12:50:04 -05:00
joev da48565093 Add more payloads for nodejs. 
* Adds a reverse and bind CMD payload
* Adds a bind payload (no bind_ssl for now).
 2013-10-07 06:09:21 -05:00
Geyslan G. Bem 6492bde1c7 New Payload 
Merge remote-tracking branch 'origin'
 2013-10-05 09:17:14 -03:00
Geyslan G. Bem 31f265b411 New Shell Bind TCP Random Port Payload (x86_64) 2013-10-05 09:02:05 -03:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
joev 99e46d2cdb Merge branch 'master' into cve-2013-4660_js_yaml_code_exec 
Conflicts:
	modules/exploits/multi/handler.rb
 2013-09-25 00:32:56 -05:00
joev cd98c4654d Remove unecessary print from #generate in payloads. 2013-09-25 00:12:28 -05:00
Tod Beardsley c547e84fa7 Prefer Ruby style for single word collections 
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.

This change converts all Payloads to this format if there is more than
one payload to choose from.

It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.

See:
  https://github.com/bbatsov/ruby-style-guide#collections
 2013-09-24 12:33:31 -05:00
Joe Vennix 801dda2b09 Change PayloadType to NodeJS. 2013-09-23 11:31:45 -05:00
xistence 41e1a3d05b removed shell prompt in lua bind/reverse shells 2013-09-22 14:53:59 +07:00
Joe Vennix a08d195308 Add Node.js as a platform. 
* Fix some whitespace issues in platform.rb
 2013-09-20 18:14:01 -05:00
Meatballs 02044e8b5e Land #2373, Corrects x64 reverse_https alignment 
It appears that testing of the original submit was performed
on VMWare which worked. On a non virtualized machine the
payload would crash.

[Closes #2373] [FixRm #8271]
 2013-09-17 22:50:04 +01:00
Meatballs 6bf0d9b761 Cleanup 2013-09-17 21:46:38 +01:00
James Lee 21055f6856 Add x86 to meterpreter's binary suffix 
This makes x86 more consistent with x64.

Also replaces a bunch of instances of:
  File.join(Msf::Config.install_root, 'data', ...)
with the simpler
  File.join(Msf::Config.data_directory, ...)

[See rapid7/meterpreter#19]
 2013-09-16 21:52:04 -05:00
Joe Vennix a641bc41a8 Kill unnecessary comment. 2013-09-16 21:35:53 -05:00
Joe Vennix f954e5299f Now working on windows even. 2013-09-16 21:34:12 -05:00
Ryan Wincey fe86325fd4 Fixed memory alignment for x64 reverse_http stager 2013-09-16 16:43:20 -04:00
Joe Vennix 2d936fb67c Bail from payload if require() is not available. 
* TODO: test on windows
 2013-09-16 14:05:26 -05:00
RageLtMan 08f0abafd6 Add nodejs single payloads, thanks to RageLtMan. 2013-09-16 13:38:42 -05:00
xistence 79e08c1560 added LUA bind/reverse shells 2013-09-16 17:02:08 +07:00
MosDefAssassin b7dec23a1d Update meterpreter.rb 
Meterpreter Error: Uninitialized Constant Error Prevents a 32bit Meterpreter session from migrating to a 64bit process.
Discovered: September 9th 2013
Fixed: September 11th 2013 By MosDefAssassin
Contact:ara1212@gmail.com
Tested on Windows 2008 R2 SP1 Running as a Domain Controller

Issue:
An issue has been discovered when you have created a simple 32bit windows/meterpreter/reverse_tcp payload and have launched the payload on the victim to obtain a remote meterpreter session. While in this session you attempt to migrate your 32bit process over to a 64bit process in order to take advantage of tools like hashdump or mimikatz or obtain system level access under a 64bit process that runs as system such as dns.exe. However when you attempt to migrate to a 64bit process you receive the following error:
 
Error running command migrate: NameError uninitialized constant Msf::Payload::Windows::ReflectiveDllInject_x64

Cause and Resolution:
This issue occurs because the meterpreter.rb file that is being called from within
“/opt/metasploit/apps/pro/msf3/modules/payloads/stages/windows/” folder
does not contain the following classes:
require 'msf/core/payload/windows/x64/reflectivedllinject'
require 'msf/base/sessions/meterpreter_x64_win'
Once you add these two classes to the meterpreter.rb file, you will be able to migrate to 64bit processes from a basic msfpayload generated 32bit meterpreter payload.
 2013-09-12 14:32:13 -05:00
Geyslan G. Bem 118cc900a7 new payload 2013-09-10 19:20:48 -03:00
HD Moore 06f7abc552 Helps to put the rand() wrapper in 2013-09-09 20:26:11 -05:00
HD Moore baff3577e5 FixRM #8034 Pick a valid certificate expiration 2013-09-09 20:24:52 -05:00
Tab Assassin 896bb129cd Retab changes for PR #2325 2013-09-05 13:24:09 -05:00
Tab Assassin 5ff25d8b96 Merge for retab 2013-09-05 13:23:25 -05:00
James Lee b913fcf1a7 Add a proper PrependFork for linux 
Also fixes a typo bug for AppendExit
 2013-09-04 00:15:07 -05:00
Tab Assassin cbb9984358 Merge branch 'master' into retab/rumpus 2013-09-03 14:11:16 -05:00
jvazquez-r7 ff6ee5b145 Fix require 2013-09-03 10:52:52 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
Spencer McIntyre ffac6478cc Un typo a client and server socket mixup. 2013-08-21 14:59:30 -04:00
Spencer McIntyre e276b57ee7 Merge remote-tracking branch 'upstream/master' into python-meterpreter-dev 2013-08-19 08:37:12 -04:00
Spencer McIntyre 2d69174c5b Initial commit of the python meterpreter. 2013-08-05 23:38:49 -04:00
Tod Beardsley bddcb33507 Update description for reverse_https_proxy 2013-08-05 09:35:14 -05:00
sinn3r 10e9b97a88 Land #2180 - Accepting args for x64 osx exec payload 2013-08-02 00:45:09 -05:00
Joe Vennix 592176137a Rewrite osx x64 cmd payload to accept args. 
[SeeRM #8260]
 2013-07-31 08:50:28 -05:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff 
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
 2013-07-29 21:47:52 -05:00
jvazquez-r7 4a0b33241f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-25 18:41:50 -05:00