Commit Graph

281 Commits (e4ea618edf838edeb9a646f0842db5fb82cba8eb)

Author SHA1 Message Date
sinn3r 985245e8a1 Document method
Fix #4366 (support dynamic_base templates)
2014-12-12 01:22:32 -06:00
sinn3r b8e58d0f04 Support 32 and 64-bit for exe-only, and fix -k 2014-12-12 01:13:09 -06:00
sinn3r d311059e75 Fix DYNAMIC_BASE templates 2014-12-11 20:44:03 -06:00
agix 333d420c94 Fix refactoring bug from 23 october in util/exe
23 October, {} instead of #{} totally break windows service generation
f19b093529 (diff-0f5729034d8b0b321e738f2fc047854fL578)
2014-11-04 11:59:36 +01:00
Joshua Smith a9e52437f0 fixes inverted EICAR corruption logic 2014-10-24 10:27:13 -05:00
Joshua Smith 3b8067e9a2 fixes refactor error in msf/util/exe 2014-10-23 22:15:19 -05:00
Joshua Smith bf63d85e5c fixes merge conflicts msfpayload & exe 2014-10-23 21:43:46 -05:00
Joshua Smith f19b093529 cleans & DRYs exploit/exe & util/exe & msfpayload 2014-10-23 01:10:38 -05:00
navs 5f19af67a8 amateur hour, forgot the X on ARCH_X64 2014-06-19 14:24:28 -05:00
navs fe49393cf1 added ARCH_x64 case for Msf::Util::EXE.to_executable_fmt - failed CI #8173 2014-06-19 14:12:22 -05:00
navs ccf967fdfe added support to msfpayload to use elf so payload target 2014-06-19 00:59:49 -05:00
Meatballs 897ad6f963
Some service yarddoc 2014-06-07 13:27:32 +01:00
Florian Gaultier 808f87d213 SERVICE_DESCRIPTION doesn't concern this PR 2014-05-13 16:04:39 +02:00
Florian Gaultier bb4e9e2d4d correct error in block service_change_description 2014-05-13 16:04:39 +02:00
Florian Gaultier 6332957bd2 Try to add SERVICE_DESCRIPTION options to psexec, but it doesn't seem to work... 2014-05-13 16:04:39 +02:00
Florian Gaultier bdbb70ab71 up block_service_stopped.asm 2014-05-13 16:04:39 +02:00
Florian Gaultier 94f97ab963 Prevent import table overwritting by shifting entry point 2014-05-13 16:04:39 +02:00
Florian Gaultier e269c1e4f1 Improve service_block with service_stopped block to cleanly terminate service 2014-05-13 16:04:38 +02:00
Florian Gaultier c43e3cf581 Improve block_create_remote_process to point on shellcode everytime 2014-05-13 16:04:38 +02:00
Florian Gaultier 25d48b7300 Add create_remote_process block, now used in exe_service generation 2014-05-13 16:04:38 +02:00
Florian Gaultier 5ecebc3427 Add options `SERVICE_NAME` and `SERVICE_DISPLAYNAME` to psexec and correct service payload generation 2014-05-13 16:04:37 +02:00
Florian Gaultier 0b462ceea6 refactor `to_winpe_only` code to be used by `to_win32pe_service` 2014-05-13 16:04:37 +02:00
Florian Gaultier 914d15c285 fix typo 2014-05-13 16:04:37 +02:00
Florian Gaultier ca7a2c7a36 Add string_to_pushes to use non fixed size service_name 2014-05-13 16:04:37 +02:00
Florian Gaultier b3fd21b98d Change to try to follow ruby guidelines 2014-05-13 16:04:37 +02:00
Florian Gaultier 72a3e49fbb fix typo 2014-05-13 16:04:36 +02:00
Florian Gaultier 513f3de0f8 new service exe creation refreshed 2014-05-13 16:04:36 +02:00
agix ac63e84d02 Fix little bug when using msfencode and exe-only
When arch is not defined, arch is null so it crashs.
It should be 'x86' by default
2014-04-14 01:02:31 +02:00
sinn3r c76a1ab9f4
Land #3065 - Safari User-Assisted Download & Run Attack 2014-03-07 10:29:56 -06:00
Joe Vennix 38a2e6e436 Minor fixes. 2014-03-05 19:03:54 -06:00
Joe Vennix 12cf5a5138 Add BES, change extra_plist -> plist_extra. 2014-03-05 18:51:42 -06:00
Joe Vennix cd3c2f9979 Move osx-app format to EXE. 2014-03-04 22:54:00 -06:00
OJ a1aef92652
Land #2431 - In-memory bypass uac 2014-03-05 11:15:54 +10:00
David Maloney 1a0f77edb2
Land #2739, DLL injection in msfvenom
lands Meatballs PR to fix dll injection
in Msfvenom. Test to ensure it still works
in the new MsfVenom
2014-02-28 14:22:17 -06:00
David Maloney 9e355e1265 Merge branch 'master' into dll_inject 2014-02-28 14:20:46 -06:00
jvazquez-r7 6c490af75e Add randomization to Rex::Zip::Jar and java_signed_applet 2014-02-27 12:38:52 -06:00
Meatballs 2a6258be15
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
Conflicts:
	external/source/exploits/make.bat
2014-02-28 20:26:24 +00:00
Meatballs 8bdb22aeb9
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
Conflicts:
	lib/msf/core/post/windows.rb
2014-02-25 22:15:05 +00:00
Spencer McIntyre 7f9b4a4bf4
Land #2655, Re-do exe-small for scripting payloads. 2014-02-17 15:56:23 -05:00
Spencer McIntyre 3299b68adf
Landing #2767, @Meatballs1 Powershell Reflective Payload 2014-02-14 16:12:46 -05:00
Meatballs f112e78de9
Fixes .war file creation 2013-12-22 20:58:21 +00:00
Meatballs 0c5ac0176f
Undo psh net change 2013-12-16 13:43:40 +00:00
Meatballs dd5b66f827
Undo psh net change 2013-12-16 13:42:37 +00:00
Meatballs 14c0096115
Update template
Use Copy instead of memset
Remove | Out-Null
2013-12-16 13:38:14 +00:00
Meatballs 8dfcc8aa77
WaitForThread 2013-12-16 12:44:58 +00:00
Meatballs 637be1bdfa
Should use RIG 2013-12-16 09:19:17 +00:00
Meatballs 0a29176855
Update psh_web_delivery for reflection 2013-12-16 09:08:01 +00:00
Meatballs 7cc99d76ad
Merge remote-tracking branch 'upstream/master' into powershell_auto_arch
Conflicts:
	lib/msf/util/exe.rb
2013-12-16 09:07:08 +00:00
Meatballs 28f8ac322f
Enable inject 2013-12-14 21:30:52 +00:00
Meatballs 7347cb170c Revert "Enable DLL injection in msfvenom"
This reverts commit 64e6531bbc.
2013-12-14 21:26:13 +00:00
Meatballs bc0c080947
Indentation 2013-12-08 18:18:44 +00:00
Meatballs 64e6531bbc
Enable DLL injection in msfvenom 2013-12-08 18:16:23 +00:00
scriptjunkie f4636c46a6
Removing unused endjunk, sections_end, cert_entry 2013-12-07 20:55:51 -06:00
scriptjunkie 8d33138489 Support silent shellcode injection into DLLs
Only run code on DLL_PROCESS_ATTACH, preventing infinite loop otherwise:
Added code would create thread -> calls DLL entry point -> calling added code...
2013-12-07 19:44:17 -06:00
Meatballs 1e60ff91ea
Move ExitThread patching to Msf::Util::EXE 2013-12-05 17:16:14 +00:00
corelanc0d3r 474a03475f sorted out the sorts without .sort 2013-12-02 11:57:52 +01:00
corelanc0d3r 66edfe968d Sorting output 2013-11-21 00:57:08 +01:00
Meatballs a327321558
Re-do 'exe-small' for scripting payloads.
Fall back to default x64 exe for ARCH_X86_64
2013-11-19 21:19:12 +00:00
Tod Beardsley 8c1d7d936b Revert "Fix conflcit lib/msf/util/exe.rb"
This was causing build failures:

https://travis-ci.org/rapid7/metasploit-framework/builds/13816889

It looks like there were a whole bunch of changes that weren't intended.

This reverts commit 3996557ec6, reversing
changes made to 62102dd1f9.
2013-11-11 13:48:39 -06:00
sinn3r 3996557ec6 Fix conflcit lib/msf/util/exe.rb
Conflicts:
	lib/msf/util/exe.rb
2013-11-11 11:43:09 -06:00
sinn3r 62102dd1f9
Land #2544 - Vbs minimize 2013-11-11 11:14:56 -06:00
sinn3r 33f65dd611
Land #2577 - Use base64 to reduce psh-net payload size 2013-11-11 10:21:20 -06:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
Meatballs e18dd3ec0b
Use base64 to reduce size 2013-10-25 01:19:43 +01:00
Meatballs1 58a82f0518 Update exe.rb
Rename values
2013-10-21 13:50:07 +01:00
Meatballs 2ef89eaf35
Randomize exe name 2013-10-18 19:01:28 +01:00
Meatballs 56aa9ab01c
Reduce size 2013-10-18 18:59:30 +01:00
Meatballs 29a7059eb4
Update AlwaysInstallElevated to use a generated MSI file
Fixes bugs with MSI::UAC option, invalid logic and typo...
2013-09-29 17:09:03 +01:00
Meatballs 8aeb134581
Retab... 2013-09-27 20:40:16 +01:00
Meatballs 6ca01adf1d
Merge branch 'master' into msi_payload
Conflicts:
	lib/msf/util/exe.rb
2013-09-27 20:37:40 +01:00
Meatballs 34c443f346
Forgot msi-nouac 2013-09-27 20:36:00 +01:00
Meatballs 8a9843cca6
Merge upstream/master 2013-09-27 20:02:23 +01:00
Tab Assassin c94e8a616f Retabbed to catch new bad tabs 2013-09-27 13:34:13 -05:00
Meatballs 695fdf836c Generate NonUAC MSIs 2013-09-21 13:13:18 +01:00
Meatballs 85ea9ca05a Merge branch 'master' of github.com:rapid7/metasploit-framework into msi_payload 2013-09-21 12:49:38 +01:00
Meatballs 3dd75db584 Address feedback 2013-09-20 17:20:42 +01:00
Meatballs 11bdf5d332 New pull 2013-09-19 19:57:38 +01:00
David Maloney 34e5f69fbf fix merge conflict 2013-09-12 13:56:08 -05:00
Tab Assassin 2bd1fb451b Retab changes for PR #1569 2013-09-05 16:16:05 -05:00
Tab Assassin 48cf2af685 Merge for retab 2013-09-05 16:16:00 -05:00
Tab Assassin 0d884ebbab Retab changes for PR #2278 2013-09-05 14:08:14 -05:00
Tab Assassin 63612a64e9 Merge for retab 2013-09-05 14:08:09 -05:00
Tab Assassin 7e00e2aaba Retab changes for PR #2307 2013-09-05 13:37:58 -05:00
Tab Assassin 76c98cb610 Merge for retab 2013-09-05 13:37:55 -05:00
Tab Assassin d0a3ea6156 Retab changes for PR #2320 2013-09-05 13:27:47 -05:00
Tab Assassin bff7d0e6ae Merge for retab 2013-09-05 13:27:09 -05:00
Meatballs 4c9e6a865a Default to exe-small 2013-09-03 00:01:20 +01:00
Tab Assassin 7e5e0f7fc8 Retab lib 2013-08-30 16:28:33 -05:00
Meatballs 53c3f6b2db Deconflict 2013-08-30 10:52:42 +01:00
shellster 345bc7da03 New Reflection Powershell Payload
Adds Powershell payload which, unlike existing payloads does not
drop any temporary files onto the target's computer.  All needed
methods are dynamically loaded via reflection.
2013-08-29 19:11:29 -07:00
James Lee eba6762977 Land #2270, Util::EXE refactor
With a minor rebase to fix a commit message

[Closes #2270]

Conflicts:
	spec/support/shared/contexts/msf/util/exe.rb
2013-08-28 21:49:59 -05:00
shellster ee9b1ef8e0 Greatly shortened to_mem_old.ps1.template by using [Math]::max.
Added necessary end of line conversion in lib/msf/util/exe.rb so
that Powershell will parse multiline strings.
2013-08-28 21:39:42 -05:00
Meatballs 96c093dce0 Fix Exploit::Exe 2013-08-25 19:56:29 +01:00
Meatballs 66ee15f461 Merge and deconflict 2013-08-25 19:14:15 +01:00
David Maloney 5e5f5acf19 plug in 64bit injector
64 bit exe generation only had subsitution method
add the x64 injector in there too.
2013-08-25 12:19:57 -05:00
Meatballs 19e47d5e82 Really fix war 2013-08-25 00:06:31 +01:00
David Maloney 4c57af051a Revert "'remove unused framework references"
This reverts commit 98a09b9f5c.
2013-08-24 17:52:57 -05:00
David Maloney 98a09b9f5c 'remove unused framework references
passing around framework references that are never used
removing these whever possible
2013-08-24 16:59:29 -05:00
David Maloney bd5f184e2b Dry up the exe subsitution stuff
6 different methods were doing essentially
the same exact thing. DRY it up a bit
2013-08-24 16:50:45 -05:00
David Maloney d38117a521 replace old inject method
replacing jsut the win32 inject method this time
with out new injector method.
2013-08-24 16:30:47 -05:00