Commit Graph

52 Commits (fa916d863db0411bfc267ca18eacbd9e7abac328)

Author SHA1 Message Date
Patroklos Argyroudis 5f35ac8e01 Adjusted the function pointer to the right offset 2012-02-06 16:39:10 +02:00
Patroklos Argyroudis 2bf1ebe9d7 Mac OS X x64 Mach-o binary template 2012-02-06 16:15:36 +02:00
HD Moore 96766edfd0 Permission changes (to sync) 2011-11-10 19:48:32 -06:00
Wei Chen 7190888266 Add custom .Net control for exploit ms10-026
git-svn-id: file:///home/svn/framework3/trunk@13544 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 19:01:00 +00:00
Wei Chen 83cb04c0d6 Add x64 elf default template
git-svn-id: file:///home/svn/framework3/trunk@13128 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-08 19:22:13 +00:00
HD Moore 761b7d887f Merge patch from Stephen Haywood to make the PE service template easier to compile. Fixes #4167
git-svn-id: file:///home/svn/framework3/trunk@12367 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-19 14:44:29 +00:00
James Lee 02ac14c3c0 export the _start symbol so gdb can debug the resulting elf
git-svn-id: file:///home/svn/framework3/trunk@11185 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-01 01:07:48 +00:00
Joshua Drake 2d14c0054f add two contributed linux armle payloads, thx guys!
git-svn-id: file:///home/svn/framework3/trunk@10152 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-25 21:44:33 +00:00
Joshua Drake 64e07a095f rename x86 elf template src file
git-svn-id: file:///home/svn/framework3/trunk@10151 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-25 21:03:41 +00:00
Joshua Drake 2545410bc7 make exe template names more consistent
git-svn-id: file:///home/svn/framework3/trunk@10065 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-19 21:08:51 +00:00
Joshua Drake ec169b9722 add amd64 dll pe template
git-svn-id: file:///home/svn/framework3/trunk@10064 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-19 20:49:28 +00:00
Joshua Drake 41382b503b add a 64-bit compile mode for pe/dll
git-svn-id: file:///home/svn/framework3/trunk@10063 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-19 20:49:12 +00:00
HD Moore 7963d65f28 Only allow a single instance of a generated DLL to execute (prevent duplicate sessions, like with LNK)
git-svn-id: file:///home/svn/framework3/trunk@9871 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-19 23:24:57 +00:00
HD Moore f87b7bc59e Fix up the DLL payloads
git-svn-id: file:///home/svn/framework3/trunk@9868 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-19 22:13:34 +00:00
HD Moore 626c3f7d96 Swap out templates for one without a msvcrt71 dependency
git-svn-id: file:///home/svn/framework3/trunk@9836 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-15 16:58:47 +00:00
HD Moore 16851f56c9 Swizzle.
git-svn-id: file:///home/svn/framework3/trunk@9796 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-12 21:51:11 +00:00
Stephen Fewer 33086db682 Commit a simple x64 service exe template + source based directly off the x86 version (couldn't find the original source anywhere but this also builds to an x86 service.exe template if needed).
git-svn-id: file:///home/svn/framework3/trunk@9564 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-20 18:15:41 +00:00
James Lee 4f2c63dae7 add templates for creating linux armle ELFs, thanks Civ
git-svn-id: file:///home/svn/framework3/trunk@9455 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-09 07:20:21 +00:00
HD Moore 47cea7bbb3 Respin of the service file
git-svn-id: file:///home/svn/framework3/trunk@9226 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-05 18:25:26 +00:00
Joshua Drake e5d0e54de8 reduce payload space to 2048
git-svn-id: file:///home/svn/framework3/trunk@9078 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-14 22:16:31 +00:00
Joshua Drake f3bc38dc81 use nul padding
git-svn-id: file:///home/svn/framework3/trunk@9077 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-14 22:15:02 +00:00
Joshua Drake a9885c041d use nul padding
git-svn-id: file:///home/svn/framework3/trunk@9076 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-14 22:14:21 +00:00
Joshua Drake 7c9d347c23 use nul padding
git-svn-id: file:///home/svn/framework3/trunk@9075 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-14 22:14:08 +00:00
Joshua Drake 730b27eed1 fixup some of the payload exe generation/templating stuff, add pe/dll template+src
git-svn-id: file:///home/svn/framework3/trunk@9073 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-14 21:44:23 +00:00
Joshua Drake b251c0c4b7 re-organize template source
git-svn-id: file:///home/svn/framework3/trunk@9072 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-14 20:12:00 +00:00
James Lee 2f4ab39712 new, much smaller, elf template
git-svn-id: file:///home/svn/framework3/trunk@8448 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 02:31:36 +00:00
HD Moore 0f798f4674 Updated template, a little bit smaller
git-svn-id: file:///home/svn/framework3/trunk@7946 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-22 14:12:25 +00:00
HD Moore 15dca2285f Scrub the build path from the executable
git-svn-id: file:///home/svn/framework3/trunk@7636 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-28 22:55:54 +00:00
HD Moore 5d997f1b26 Reset the manifest to normal privs, this was causing issues on Vista
git-svn-id: file:///home/svn/framework3/trunk@7406 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-08 03:40:47 +00:00
HD Moore bec5fd192f Updated template, this one plays with vista better
git-svn-id: file:///home/svn/framework3/trunk@7350 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 16:02:45 +00:00
HD Moore 58ac7efcfa Fixes #457. Oddly enough, it was the nop sled garbling registers
git-svn-id: file:///home/svn/framework3/trunk@7342 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-03 23:50:32 +00:00
HD Moore 86bcabc411 Swizzle again.
git-svn-id: file:///home/svn/framework3/trunk@7336 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-03 19:55:42 +00:00
HD Moore a8113889ed Swizzle.
git-svn-id: file:///home/svn/framework3/trunk@7330 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-03 05:17:38 +00:00
HD Moore 21e82d8b69 This patch implements a much more flexible executable creation scheme at the cost of exe size. This also adds the "-x" option to msfencode, allowing the user to specify their own executable template for generation.
git-svn-id: file:///home/svn/framework3/trunk@7315 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-01 04:11:43 +00:00
HD Moore 2c15be2100 Make a copy of the win32 exe template
git-svn-id: file:///home/svn/framework3/trunk@7314 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-01 03:19:20 +00:00
HD Moore cf10a62dcc Merge in the beginnings of x64 support from Stephen Fewer
git-svn-id: file:///home/svn/framework3/trunk@6972 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-23 23:47:33 +00:00
HD Moore b3e36e5692 Reduce the size of the generated executables (works better with sqlmap and other tools that need small exes). Payloads are now capped at 2048 and the amount of random data appended to the exe has been reduced.
git-svn-id: file:///home/svn/framework3/trunk@6849 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-20 13:55:29 +00:00
HD Moore 2283e0ffe4 Update executable template and API
git-svn-id: file:///home/svn/framework3/trunk@6682 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-20 17:42:17 +00:00
HD Moore b80f50b6cb Fixes #268. Updates the executable template and provides a bug fix for msfencode to force the encoded version
git-svn-id: file:///home/svn/framework3/trunk@6043 4d416f70-5f16-0410-b530-b9f4589650da
2008-12-24 08:41:35 +00:00
HD Moore 5822ab75a7 Adds an exploit module (universal) for the new internet explorer xml bug. This module shows off the .NET memory techniques discovered by Alexander Sotirov and Mark Dowd. This code should bypass DEP, ASLR, and NX :-)
git-svn-id: file:///home/svn/framework3/trunk@6012 4d416f70-5f16-0410-b530-b9f4589650da
2008-12-12 01:45:00 +00:00
HD Moore 187f79eddf Switch the DLLs for vnc/meterp to Stephen Fewer's reflective versions, check in the reflectve_meterpreter source code project
git-svn-id: file:///home/svn/framework3/trunk@5837 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-04 20:08:24 +00:00
HD Moore b53695f7db The psexec module now uses a service-compatible exe, shellcode is spawned in a subprocess and the service cleans up properly
git-svn-id: file:///home/svn/framework3/trunk@5829 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-03 23:06:37 +00:00
HD Moore af9a8eba9a Swap back to 8192 until the exploits which use it are updated.
git-svn-id: file:///home/svn/framework3/trunk@5694 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-27 17:13:11 +00:00
HD Moore 14e8e75cb6 Another, smaller, win32 wrapper
git-svn-id: file:///home/svn/framework3/trunk@5693 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-27 05:02:36 +00:00
HD Moore 16d2825b83 Wrap the shellcode in SEH
git-svn-id: file:///home/svn/framework3/trunk@5692 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-26 23:35:47 +00:00
HD Moore b94d10f53c Switch the exe back to windows mode (vs console)
git-svn-id: file:///home/svn/framework3/trunk@5691 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-26 23:01:58 +00:00
HD Moore 6d5ac7eead Switches the executable template to something a little nicer and adds exe output to msfencode
git-svn-id: file:///home/svn/framework3/trunk@5689 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-26 22:34:51 +00:00
HD Moore b37f88f446 Added the x86 template (thanks KF!)
git-svn-id: file:///home/svn/framework3/trunk@5203 4d416f70-5f16-0410-b530-b9f4589650da
2007-11-26 22:21:43 +00:00
HD Moore cdbaf7d378 Adding the C template source
git-svn-id: file:///home/svn/framework3/trunk@5202 4d416f70-5f16-0410-b530-b9f4589650da
2007-11-26 22:16:11 +00:00
HD Moore 1527d92154 Correct offset typos in the new iphone modules. Add EXE output support for OS X PPC, Linux x86, and make the OS X ARM smaller.
git-svn-id: file:///home/svn/framework3/trunk@5119 4d416f70-5f16-0410-b530-b9f4589650da
2007-09-25 01:50:05 +00:00