d380435113
within Rex, allowing exploit modules to create a payload to be sent to an SMBFileServer instance. This can be useful in cases where you would find DLL injection in an system which will read files over a UNC share, or other instances where a payload can be delivered over SMB. This code borrows heavily from the ms13_071_theme module written by Juan Vazquez, however I have performed a fair amount of protocol analysis and debugging to provide support for delivering an arbitrary MSF payload over UNC. The main differences being the presence of functions to support: -SMB CMD Trans Query Path Info (Basic and Standard) - SMB CMD Trans Query File Info (Standard and Internal) This code can be considered "alpha", as I have only implemented support for the SMB functions discovered during development of an exploit of an arbitrary DLL injection into a server performing a "LoadLibraryA" call.* However, this provides a basis upon which additional SMB functions can be implemented to extend delivery of payloads over SMB. A separate commit will expose the SMBFileServer Module within ./lib/msf/core/exploit/smb.rb * This exploit will be committed separately once a fix has been confirmed by the vendor. |
||
|---|---|---|
| config | ||
| data | ||
| db | ||
| documentation | ||
| external | ||
| lib | ||
| modules | ||
| plugins | ||
| scripts | ||
| spec | ||
| test | ||
| tools | ||
| .gitignore | ||
| .gitmodules | ||
| .mailmap | ||
| .rspec | ||
| .ruby-gemset | ||
| .ruby-version | ||
| .simplecov | ||
| .travis.yml | ||
| .yardopts | ||
| CONTRIBUTING.md | ||
| COPYING | ||
| Gemfile | ||
| Gemfile.lock | ||
| HACKING | ||
| LICENSE | ||
| README.md | ||
| Rakefile | ||
| msfbinscan | ||
| msfcli | ||
| msfconsole | ||
| msfd | ||
| msfelfscan | ||
| msfencode | ||
| msfmachscan | ||
| msfpayload | ||
| msfpescan | ||
| msfrop | ||
| msfrpc | ||
| msfrpcd | ||
| msfupdate | ||
| msfvenom | ||
README.md
Metasploit 
The Metasploit Framework is released under a BSD-style license. See COPYING for more details.
The latest version of this software is available from http://metasploit.com/
Bug tracking and development information can be found at: https://dev.metasploit.com/redmine/projects/framework/
The public GitHub source repository can be found at: https://github.com/rapid7/metasploit-framework
Questions and suggestions can be sent to: msfdev(at)metasploit.com
The framework mailing list is the place to discuss features and ask for help. To subscribe, visit the following web page: https://mail.metasploit.com/mailman/listinfo/framework
The mailing list archives are available from: https://mail.metasploit.com/pipermail/framework/
Installing
Generally, you should use the installer which contains all dependencies and will get you up and running with a few clicks. See the Dev Environment Setup if you'd like to deal with dependencies on your own.
Using Metasploit
Metasploit can do all sorts of things. The first thing you'll want to do
is start msfconsole, but after that, you'll probably be best served by
reading some of the great tutorials online:
Contributing
See the Dev Environment Setup guide on GitHub which will walk you through the whole process starting from installing all the dependencies, to cloning the repository, and finally to submitting a pull request. For slightly more info, see Contributing.