sinn3r
2c0c732967
Fix #4414 & #4415 - exitfunc and proper null-terminated string
...
This patch fixes the following for messagebox.rb
Issue 1 (#4415 )
When exitfunc is none, the payload will not be able to generate
due to an "invalid opcode" error.
Issue 2: (#4414 )
After "user32.dll" is pushed onto the stack for the LoadLibrary
call, the payload does not actually ensure bl is a null byte, it
just assumes it is and uses it to modify the stack to get a
null-terminated string.
Fix #4414
Fix #4415
2014-12-19 03:19:06 -06:00
HD Moore
92490ab5e8
Singles updated from the source
2014-12-13 12:22:07 -06:00
Tod Beardsley
79f2708a6e
Slight fixes to grammar/desc/whitespace
...
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00
HackSys Team
4a4608adbc
Add format_all_drives shellcode for Windows x86_x64
2014-11-27 23:06:54 +05:30
HackSys Team
8473ed144a
Add format_all_drives shellcode for Windows x86_x64
2014-11-27 14:13:49 +05:30
HackSys Team
f5633ba3c3
Add format_all_drives shellcode for Windows x86_x64
2014-11-26 20:29:25 +05:30
URI Assassin
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
jvazquez-r7
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
Meatballs
2be6b8befe
Remove bind hidden handler
2014-06-07 14:34:20 +01:00
root
3c95c021d0
Reference added
2014-03-10 12:17:20 +01:00
root
1fda6b86a1
Changed cmp eax by inc eax. Saved one byte
2014-03-10 12:13:10 +01:00
root
b4a22aa25d
hidden bind shell payload
2014-02-20 16:19:40 +01:00
Tod Beardsley
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
Tod Beardsley
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
Tab Assassin
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
Raphael Mudge
1cc49f75f5
move flag comment to where it's used.
2013-03-03 03:26:43 -05:00
Raphael Mudge
ecdb884b13
Make download_exec work with authenticated proxies
...
Adds INTERNET_FLAG_KEEP_CONNECTION to HttpOpenRequest flags to allow
download_exec to transparently authenticate to a proxy device through
wininet.
Fun trivia, Windows 7 systems uses Connection: keep-alive by default.
This flag benefits older targets (e.g., Windows XP).
2013-03-03 01:42:17 -05:00
scriptjunkie
52251867d8
Ensure Windows single payloads use payload backend
...
This means the singles that define their own assembly will use the payload backend to generate it.
2013-01-18 16:34:39 -06:00
Christian Mehlmauer
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
Christian Mehlmauer
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
Raphael Mudge
482846942a
Fix: download_exec appends an extra / to request
...
The download_exec module parses the provided URL and appends an
unnecessary, nay--damaging I say!!!! '/' to the parsed URI. This
renders the module unusable for those who want a payload to
download and execute a file.
Before and after access.log snippets are in the redmine ticket
http://dev.metasploit.com/redmine/issues/7592
2012-12-12 14:01:31 -06:00
sinn3r
8648d21b3c
Merge branch 'dns_txt_query_exe' of git://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-dns_txt_query_exe
2012-11-16 11:52:57 -06:00
corelanc0d3r
0bf92b5d97
improved payload dns_txt_query_exec
2012-11-13 00:55:32 +01:00
corelanc0d3r
cad7eb0130
renamed and optimized download_exec payload
2012-11-13 00:02:49 +01:00
sinn3r
b46fb260a6
Comply with msftidy
...
*Knock, knock!* Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
HD Moore
6cdd044e10
Remove a buggy payload that doesn't have NX support
2012-07-12 12:15:57 -05:00
sinn3r
3f0431cf51
Massive whitespace destruction
...
Remove whitespace found at the end of the line
2012-06-06 00:36:17 -05:00
sinn3r
2565888ec5
Change how we handle the password complexity failure
2012-06-03 13:13:44 -05:00
Chris John Riley
a51df5fc3a
Altered description to include information on the password complexity check
...
Altered the default password to meet the complexity checks
Note: The complexity checks (even if they fail) don't prevent the payload from running. At this point it only raises an warning and continues on. I can change this if it's more desirable however!
2012-06-03 09:22:48 +02:00
Chris John Riley
ea66deb779
Added WMIC and complexity checks
2012-06-02 19:41:12 +02:00
HD Moore
1a30e221a0
See #362 by changing the exitfunc arguments to be the correct type
2012-05-07 02:42:29 -05:00
James Lee
dd7bc23d16
Whitespace
2012-05-02 18:06:39 -06:00
Tod Beardsley
e651c9ba3b
Grammar on dns_txt_query_exec payload name and desc
2012-03-28 14:33:24 -06:00
sinn3r
cfc0fdac7d
Cosmetic cleanup
2012-03-28 14:29:31 -06:00
corelanc0d3r
1501cf1932
probably safer to use regex
2012-03-28 14:29:31 -06:00
Tod Beardsley
31228ed65a
Comment indentation
2012-03-21 15:21:10 -05:00
Peter Van Eeckhoutte
89d7363a8f
fixed crash
2012-03-21 10:39:05 +01:00
Peter Van Eeckhoutte
f81730a7e1
changes to the way jmp to payload is done
2012-03-21 09:52:22 +01:00
corelanc0d3r
45ef7fc35d
reset author
2012-03-20 20:43:56 +01:00
Peter Van Eeckhoutte
a3035dc6d0
Adding corelandc0d3r's http/https/ftp payload
...
Picks up the one http/https/ftp payload, but not the other two DNS
payloads listed as part of the original pull request.
[Closes #173 ]
2012-03-19 16:50:59 -05:00
HD Moore
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
scriptjunkie
9fe18cdc86
Add x64 LoadLibraryA payload. Because it should exist.
2012-01-17 21:16:26 -06:00
sinn3r
8eee54d1d0
Add e-mail addr for corelanc0d3r (found it in auxiliary/fuzzers/ftp/client_ftp.rb)
2012-01-09 14:23:37 -06:00
Joshua Drake
62c8c6ea9f
big msftidy pass, ping me if there are issues
...
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
Wei Chen
76ea2ea2a3
That was weird. Id didn't set. Trying again.
...
git-svn-id: file:///home/svn/framework3/trunk@13403 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-29 02:31:18 +00:00
Wei Chen
9f80b8d862
These modules forgot to do svn propset
...
git-svn-id: file:///home/svn/framework3/trunk@13402 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-29 02:28:46 +00:00
HD Moore
3e0f3639ef
This adds a quick windows/loadlibrary payload for folks who have a need for such things. The library path can be a UNC location and works fine over WebDAV...
...
git-svn-id: file:///home/svn/framework3/trunk@12765 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-30 03:44:59 +00:00
Mario Ceballos
631af16d9f
revert back.
...
git-svn-id: file:///home/svn/framework3/trunk@11900 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-08 22:48:39 +00:00
Mario Ceballos
54382c6080
patch recieved from Peter Van Eeckhout
...
git-svn-id: file:///home/svn/framework3/trunk@11898 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-08 22:23:13 +00:00
Joshua Drake
a944cbc50d
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@11612 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-20 20:40:47 +00:00