sinn3r
6e37493471
Land #3091 - native shellcode payloads from a FF privileged js shell
2014-03-13 13:36:37 -05:00
Joe Vennix
db036e44ad
Use RdlCopyMemory from Kernel32.
2014-03-13 11:05:58 -05:00
sinn3r
7ead04414c
Land #3024 - Allow encoder Compat options
2014-03-13 10:59:40 -05:00
Tod Beardsley
520d1e69c4
Rapid7 Comma Inc
...
After some more discussion with Rapid7's legal fellow.
2014-03-13 09:46:20 -05:00
sinn3r
84b08a5a35
Fix check command host selection behavior
...
[SeeRM #8768 ] Instead of using the saved value for host, the check
command should use whatever the user specifies.
2014-03-12 22:54:01 -05:00
Tod Beardsley
9d4ceaa3a0
Let's try to be consistent about Rapid7 Inc.
...
According to
http://www.sec.gov/Archives/edgar/data/1560327/000156032712000001/0001560327-12-000001.txt
Rapid7 is actually "Rapid7 Inc" not "Rapid7, LLC" any more.
This does not address the few copyright/license statements around
"Metasploit LLC," whatever that is.
2014-03-12 11:20:17 -05:00
Joe Vennix
851fca2107
Add posix fork() call before running code.
2014-03-12 02:56:26 -05:00
Joe Vennix
7afcb6aee8
Add CreateThread wrapper for windows.
2014-03-12 02:49:09 -05:00
Joe Vennix
ce0c5380a5
Kill stray //.
2014-03-12 02:20:49 -05:00
Joe Vennix
9bdf570763
All working now. In-memory meterpreter even.
2014-03-12 02:19:28 -05:00
sinn3r
b431bf3da9
Land #3052 - Fix nil error in BES
2014-03-11 12:51:03 -05:00
OJ
1d70411ea7
Support service_control and new status field in query
...
This code adds support for the new service_control feature in meterpreter
and also supports the status field that comes from the service_query function.
2014-03-11 14:50:19 +10:00
Joe Vennix
c07f390382
Add CookieExpiration option, add trailing slash to URI.
2014-03-10 13:07:17 -05:00
sinn3r
c76a1ab9f4
Land #3065 - Safari User-Assisted Download & Run Attack
2014-03-07 10:29:56 -06:00
Joe Vennix
9638bc7061
Allow a custom .app bundle.
...
* adds a method to Rex::Zip::Archive to allow recursive packing
2014-03-06 16:11:30 -06:00
Meatballs
311d4665ce
Re-use CreateService Handle
...
and remove unused variable
2014-03-06 21:37:49 +00:00
William Vu
ee0aa20955
Land #3013 , Metasm update
2014-03-06 14:15:42 -06:00
Joe Vennix
05067b4e33
Oops. Need to init the profile before accessed.
2014-03-06 11:48:54 -06:00
Joe Vennix
ad592fd114
Remove unnecessary method.
2014-03-05 23:36:43 -06:00
Joe Vennix
a792f85a5f
Fix re-initialize bug.
2014-03-05 23:27:04 -06:00
Joe Vennix
38a2e6e436
Minor fixes.
2014-03-05 19:03:54 -06:00
Joe Vennix
12cf5a5138
Add BES, change extra_plist -> plist_extra.
2014-03-05 18:51:42 -06:00
William Vu
096d6ad951
Land #3055 , heapLib2 integration
2014-03-05 15:48:13 -06:00
Joe Vennix
cd3c2f9979
Move osx-app format to EXE.
2014-03-04 22:54:00 -06:00
OJ
a1aef92652
Land #2431 - In-memory bypass uac
2014-03-05 11:15:54 +10:00
Joe Vennix
5790547d34
Start undoing some work.
2014-03-04 17:01:53 -06:00
Tod Beardsley
6e88bbd827
No need for that kind of language
2014-03-04 14:34:50 -06:00
sinn3r
e638c3d50a
Land #3058 - Prevent jsobfu from generating reserved js keywords
2014-03-04 11:43:39 -06:00
David Maloney
72c6b995de
adjust timeout for shadowcopy
...
WMIC defaults to 10 sec timeout but shadowcopy
often needs longer.
2014-03-04 10:18:59 -06:00
OJ
0bdce4836f
Modify clipboard dump to support new format from Meterpreter
2014-03-04 19:37:57 +10:00
Etienne Stalmans
e452b81fb1
style changes as suggested by @jlee-r7
2014-03-04 08:49:52 +02:00
Joe Vennix
3360f7004d
Update form_post vars, add Expires to cookie.
2014-03-03 23:29:02 -06:00
Joe Vennix
6c3b667152
Kill extra comma.
2014-03-03 16:48:02 -06:00
Joe Vennix
bfecf9525d
Add Rex::RandomIdentifierGenerator.
2014-03-03 16:43:49 -06:00
Meatballs
43715eeb7f
Blame @OJ
...
He changed the clipboard API underneat me.
2014-03-03 22:06:05 +00:00
Meatballs
32d83887d3
Merge remote-tracking branch 'upstream/master' into wmic_post
2014-03-03 21:56:31 +00:00
Joe Vennix
517a85d141
Remove unneeded quotes.
2014-03-03 15:42:46 -06:00
Joe Vennix
b3ab8f7ce1
Make random_var_name public, add specs for it.
2014-03-03 15:39:56 -06:00
Joe Vennix
ae9ce962c0
Add future reserved words.
...
Gotta stay ahead of the game.
2014-03-03 14:59:46 -06:00
Joe Vennix
dd86a9188c
Prevent jsobfu from generating duplicate/reserved tokens.
...
I got an error from a script that tried to 'set void = 1'.
2014-03-03 14:56:50 -06:00
sinn3r
ee1209b7fb
This should work
2014-03-03 11:53:51 -06:00
Joe Vennix
894d16af80
Add specs for new/returning/previous visitors.
2014-03-02 20:50:10 -06:00
Joe Vennix
b458b8ad63
Add specs for new methods.
2014-03-02 20:23:20 -06:00
Joe Vennix
6825fd2486
Whitespace tweaks and cleanup.
2014-03-02 19:57:48 -06:00
Joe Vennix
46f27289ed
Reorganizes form_post into separate file.
2014-03-02 19:55:21 -06:00
Joe Vennix
785a35a81a
Needed to kill objToQuery.
2014-03-02 19:48:55 -06:00
Joe Vennix
e8226f9d40
Use a keyed cookie. Moves AJAX call to a form post.
2014-03-02 19:47:24 -06:00
Joe Vennix
26db845438
Try to pthread_create. Fails.
2014-03-02 18:02:23 -06:00
Meatballs
8dee9b22c3
Reinstate to_byte_array
2014-03-02 22:07:47 +00:00
Meatballs
2acd0a1b1e
Reinstance encode_code
2014-03-02 21:03:31 +00:00
Meatballs
2885ebcb40
Merge remote-tracking branch 'upstream/master' into pr2075
2014-03-02 20:57:02 +00:00
Meatballs
0956ae5789
Fix payload selection
2014-03-02 20:56:55 +00:00
Meatballs
1ca690eccf
Do some rspec
2014-03-02 20:37:08 +00:00
Meatballs
c9a2135959
Merge in semperv
2014-03-02 19:07:13 +00:00
sinn3r
8cf5c3b97e
Add heaplib2
...
[SeeRM #8769 ] Add heapLib2 for browser exploitation
2014-03-02 11:47:18 -06:00
FireFart
8543da0fbd
Corrected uri_encode
2014-03-01 11:30:50 +01:00
David Maloney
1a0f77edb2
Land #2739 , DLL injection in msfvenom
...
lands Meatballs PR to fix dll injection
in Msfvenom. Test to ensure it still works
in the new MsfVenom
2014-02-28 14:22:17 -06:00
David Maloney
9e355e1265
Merge branch 'master' into dll_inject
2014-02-28 14:20:46 -06:00
sinn3r
ac446d3b3f
Land #3043 - randomization for Rex::Zip::Jar and java_signed_applet
2014-02-28 14:10:55 -06:00
David Maloney
566a791ef3
Land #2992 , Fix VNC Inject Defaults
2014-02-28 14:04:56 -06:00
William Vu
fd1586ee6a
Land #2515 , plaintext creds fix for John
...
[FixRM #8481 ]
2014-02-28 09:53:47 -06:00
David Maloney
f66709b5bb
make bypassuac module clean itself up
...
since the IO redirection hangs our original process
we have the moudle wait for the session then kills
the spawning process and delete the exe we dropped
2014-02-27 12:54:40 -06:00
jvazquez-r7
6c490af75e
Add randomization to Rex::Zip::Jar and java_signed_applet
2014-02-27 12:38:52 -06:00
David Maloney
d358fe5f94
Merge branch 'payload_defaults'
2014-02-26 10:28:46 -06:00
David Maloney
f51cbfffb8
minor fix to payload generator
...
was passing platform string instead of the
platform lsit when formatting the payload
2014-02-25 15:51:06 -06:00
sinn3r
d0780cd1a2
Land #3010 - EXITFUNC as OptEnum
2014-02-24 11:07:10 -06:00
Joe Vennix
c760d37703
use the actual shellcode length.
2014-02-24 09:55:44 -06:00
jvazquez-r7
9fd635d645
Favor \! vs == false
2014-02-24 08:47:25 -06:00
Michael Messner
dbbd080fc1
a first try of the cmd stager, wget in a seperated module included
2014-02-23 20:59:17 +01:00
Meatballs
2a6258be15
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
external/source/exploits/make.bat
2014-02-28 20:26:24 +00:00
Meatballs
5a7730b495
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
2014-02-25 23:15:47 +00:00
Meatballs
8bdb22aeb9
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
lib/msf/core/post/windows.rb
2014-02-25 22:15:05 +00:00
Meatballs
bbacaa477e
Add missing require
2014-02-25 22:08:27 +00:00
Meatballs
e31a144f4d
Use better system call
2014-02-22 20:34:56 +00:00
jvazquez-r7
8af992e083
Use same coding style
2014-02-21 16:02:27 -06:00
jvazquez-r7
0c44cc5ae4
Allow Exploits to provide Encoder Compat options
2014-02-21 15:49:39 -06:00
James Lee
0179faa66f
Fix yardoc for Post::Windows::LDAP
...
Also fix some style issues and warnings.
2014-02-21 13:25:11 -06:00
jvazquez-r7
0b5e617236
Land #3016 lsanchez-r7's send_message mod to return info
2014-02-19 17:01:06 -06:00
jvazquez-r7
c0cdea37f7
Initialize send_status at the function's start
2014-02-19 16:54:29 -06:00
lsanchez-r7
f7a483523c
changing the initial state from false to nil
2014-02-19 16:45:00 -06:00
jvazquez-r7
7c5ba3e46c
Retab metasm
2014-02-19 14:01:20 -06:00
jvazquez-r7
bdb27b2cca
Manual loading shouldn't be needed
2014-02-19 13:13:41 -06:00
jvazquez-r7
a78ccc7862
Add up to date metasm
2014-02-19 13:13:08 -06:00
jvazquez-r7
f34078a7df
Delete old version of metasm
2014-02-19 13:09:53 -06:00
Joe Vennix
212ebb568c
EXITFUNC option should be an OptEnum.
2014-02-19 03:06:15 -06:00
Joe Vennix
50fb9b247e
Restructure some of the exploit methods.
2014-02-19 02:31:22 -06:00
jvazquez-r7
4ca4d82d89
Land #2939 , @Meatballs1 exploit for Wikimedia RCE and a lot more...
2014-02-18 17:48:02 -06:00
Meatballs
e4aedfad43
Fixup netapi call
2014-02-18 23:30:29 +00:00
lsanchez-r7
07fd3494e5
changing send_message to return more information
2014-02-18 16:48:52 -06:00
Meatballs
6f988209ab
Merge remote-tracking branch 'upstream/master' into enum_domain_users_update
2014-02-18 20:02:39 +00:00
jvazquez-r7
4f9ab0b99f
Land #2903 , @Meatballs1 SPN gather post module
2014-02-18 13:53:32 -06:00
Tod Beardsley
8e0a4aaa58
Land #2983 , webcam_chat for Meterpreter
2014-02-18 13:43:42 -06:00
Meatballs
5c8af63063
Fix regression
2014-02-18 17:41:35 +00:00
sinn3r
0519abb558
Fix the wrong conversion
2014-02-17 23:17:19 -06:00
jvazquez-r7
1bc94b8a9d
Merge for retab
2014-02-17 19:19:47 -06:00
jvazquez-r7
f07efc91a8
Land #2915 , @Meatballs1 improvements for LDAP post mixin
2014-02-17 19:14:59 -06:00
Joe Vennix
318ebdb4c8
Clean up // comments.
2014-02-17 15:34:42 -06:00
Joe Vennix
57449ac719
Adds working shellcode exec local exploit.
2014-02-17 15:31:45 -06:00
Spencer McIntyre
7f9b4a4bf4
Land #2655 , Re-do exe-small for scripting payloads.
2014-02-17 15:56:23 -05:00
Meatballs
f58b66adf8
Docs and more robust code
2014-02-14 23:15:05 +00:00
Meatballs
f5c401bee7
Yarddocs
2014-02-14 22:59:36 +00:00
Meatballs
b8b36ef528
Merge remote-tracking branch 'upstream/master' into pr2075
2014-02-14 22:52:55 +00:00
Spencer McIntyre
3299b68adf
Landing #2767 , @Meatballs1 Powershell Reflective Payload
2014-02-14 16:12:46 -05:00
Meatballs
f7858bf1a7
SnakeCase option looks better
2014-02-14 21:05:24 +00:00
Meatballs
983f5abc2f
Make vnc a bit safer to use
2014-02-14 20:59:44 +00:00
sinn3r
d606be5efb
That's funny I changed the wrong method
2014-02-13 16:41:18 -06:00
sinn3r
5d3eed8600
Add info about browser requirements in help
2014-02-13 16:37:05 -06:00
sinn3r
9c48335764
Change to google.com
2014-02-13 16:30:44 -06:00
sinn3r
a44f235a8d
Fix things based on Tod's feedback
2014-02-13 16:13:42 -06:00
sinn3r
4dd60631cb
Land #2950 - New Payload Generator for MsfVenom
2014-02-13 15:13:10 -06:00
jvazquez-r7
61563fb2af
Do minor cleanup
2014-02-13 09:10:04 -06:00
RageLtMan
0056c26047
import msf exploit
2014-02-12 22:06:18 -05:00
RageLtMan
29bf296b61
import rex powershell
2014-02-12 16:45:57 -05:00
RageLtMan
b453362a52
Merge remote-tracking branch 'upstream/pr/2966' into integrate_with_meatballs
2014-02-12 16:43:30 -05:00
David Maloney
4565be18e3
require active_support numeric
...
ensure we have the activesupport numeric bytes extension
loaded for calling .gigabyte
2014-02-12 13:20:13 -06:00
jvazquez-r7
8b25b6e343
Land #2980 , @wvu-r7 fix to handle invalid session id on post module runs
2014-02-12 13:13:34 -06:00
jvazquez-r7
ff267a64b1
Have into account the Content-Transfer-Encoding header
2014-02-12 12:40:11 -06:00
William Vu
40db1c4d0d
s/auxiliarly/auxiliary/
2014-02-12 12:17:53 -06:00
sinn3r
45d4b1e1fd
Land #2958 - Add options: Applicaiton-Name, Permissions for jar.rb
2014-02-12 11:14:25 -06:00
sinn3r
750ce3c4db
Make server configurable
2014-02-11 23:07:43 -06:00
OJ
beca4b8bc3
Fix issue with getenv failing
...
The call to `getenv` failed when `%` or `$` were used because of the
differences between Meterpreter handling and MSF handling.
Meterpreter effectively ignores (ie. strips out) the platform-specific
characters which are used for environment variables. In the `getenv`
call, MSF was invoking `getenvs` and getting a full hash of values, then
attempting to index into the hash using a string which may be "polluted"
with those platform-specific characters. This meant that there was a
discrepency between what was returned and what was used to index and
as a result, the value would come out as `nil`.
For example, calling `getenv('%FOO%')` would result in a hash with
`{'FOO'=>'bar'}`, so looking for '%FOO%' in this result would yield
nothing.
This commit changes this so that the name is ignored and the first
value is returned.
2014-02-12 13:51:30 +10:00
William Vu
5a488b310d
Use a more correct error message
...
-1 is a valid session ID, even though it's a fake one.
2014-02-11 18:06:43 -06:00
William Vu
4a603b9a8d
Merge remote-tracking branch 'upstream/master' into beug/session
...
Conflicts:
lib/msf/base/simple/post.rb
2014-02-11 16:38:16 -06:00
William Vu
18816f3d5e
Land #2952 , -1 for last session ID
2014-02-11 16:22:36 -06:00
William Vu
2476d9be2d
Fix invalid session ID bug
...
This fix should work seamlessly with #2952 .
2014-02-11 15:43:35 -06:00
jvazquez-r7
1f0020a61c
Land #2946 , @jlee-r7's optimization of the x86 block_api code
2014-02-11 15:00:00 -06:00
jvazquez-r7
e3aa838e52
Fix on_session_module_run bug
2014-02-11 11:37:58 -06:00
jvazquez-r7
51df2d8b51
Use the fixed API on the mediawiki exploit
2014-02-11 08:28:58 -06:00
sinn3r
2bb15d3a87
answerer's interface gets a makeover
2014-02-11 02:15:22 -06:00
jvazquez-r7
79d559a0c9
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
Spencer McIntyre
a67a14ff60
Land #2975 @wchen-r7's extra vprint_debug statements for ms13-090
2014-02-10 20:57:55 -05:00
sinn3r
fdd696fc31
Drop Opera support
...
It's sad nobody is actually using it. See article: "Across desktop and
mobile, Chrome is used more than Firefox, IE, and Opera combined" -
thenextweb.com
2014-02-10 18:03:42 -06:00
sinn3r
1414f6794c
Change the name of the video chat command
2014-02-10 17:44:47 -06:00
Meatballs
d8ea11b851
Redirect HTTP too
2014-02-10 23:41:15 +00:00
sinn3r
442d212a94
Add vprint_debug to show what requirements are being compared
2014-02-10 17:33:36 -06:00
Meatballs
4a0f37dc21
Save lost changes
2014-02-10 23:24:26 +00:00
sinn3r
44282d8a83
Add an exception handling
2014-02-10 17:06:56 -06:00
sinn3r
1114913298
Automatically turn on webcam in Firefox
2014-02-10 17:05:08 -06:00
Meatballs
a87f604c98
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-10 21:43:56 +00:00
sinn3r
48fdb08164
Add flag --use-fake-ui-for-media-stream
...
Thanks Joev!!
2014-02-10 14:47:25 -06:00
Matteo Cantoni
427fece52c
Add random mail address function
2014-02-10 21:04:44 +01:00
James Lee
fab8e16a87
Unbreak server exploits
2014-02-10 10:54:14 -06:00
jvazquez-r7
57320a59f1
Do small clean up for mediawiki_thumb pr
2014-02-10 08:57:09 -06:00
Spencer McIntyre
4eb9a16b2c
Remove unnecessary return statement.
2014-02-09 13:06:21 -05:00
Meatballs
c76341c82d
Dont dsub Invoke-Command etc...
2014-02-09 17:45:30 +00:00
Meatballs
151e45d8d1
Better exception descriptions
2014-02-09 12:52:56 +00:00
Meatballs
77dda5dc67
Give option to remove badchars
2014-02-09 12:34:25 +00:00
Meatballs
0379dc128c
Raise exception on known issues
2014-02-09 12:15:02 +00:00
Meatballs
1f9b452425
Dont tidy up template yet
2014-02-09 11:23:39 +00:00
sinn3r
93ef3c784d
Update some JavaScript and other things
2014-02-08 22:23:19 -06:00