github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-10-29 18:07:27 +01:00
Code Releases Activity
28,313 Commits 17 Branches 918 Tags 1.2 GiB
062eff8ede
Commit Graph

1729 Commits

Author SHA1 Message Date
James Lee
4bd2dabfcd
Land #3121, new kiwi extension, with compiled bins 
See also rapid7/meterpreter#79
 2014-04-29 17:53:37 -05:00
jvazquez-r7
60e7e9f515 Add module for CVE-2013-5331 2014-04-27 10:40:46 -05:00
sinn3r
5c0664fb3b
Land #3292 - Mac OS X NFS Mount Privilege Escalation Exploit 2014-04-24 13:43:20 -05:00
Joe Vennix
143aede19c
Add osx nfs_mount module. 2014-04-23 02:32:42 -05:00
jvazquez-r7
acb12a8bef Beautify and fix both ruby an AS 2014-04-17 23:32:29 -05:00
jvazquez-r7
91d9f9ea7f Update from master 2014-04-17 15:32:49 -05:00
jvazquez-r7
749e141fc8 Do first clean up 2014-04-17 15:31:56 -05:00
jvazquez-r7
abd76c5000 Add module for CVE-2014-0322 2014-04-15 17:55:24 -05:00
joev
0b23fc2c40 Revert "Use actual vars so that jsobfu can randomize." 
This reverts commit b9284c5635.
 2014-04-11 16:51:29 -05:00
sinn3r
68a50e3663
Land #3224 - Fixes large-string expansion in JSObfu 2014-04-10 12:09:22 -05:00
Joe Vennix
b9284c5635 Use actual vars so that jsobfu can randomize. 2014-04-09 16:56:10 -05:00
Spencer McIntyre
85197dffe6 MS14-017 Word RTF listoverridecount memory corruption 2014-04-08 14:44:20 -04:00
joev
2e4c2b1637 Disable Android 4.0, add arch detection. 
Android 4.0, it turns out, has a different echo builtin than the other androids.
Until we can figure out how to drop a payload on a 4.0 shell, we cannot support it.

Arch detection allows mips/x86/arm ndkstagers to work, unfortunately
x86 ndkstager was not working, so it is disabled for now.
 2014-04-07 09:44:43 -05:00
sinn3r
4d69f80728 Update explib2.js 
Remove a few lines
 2014-04-02 23:07:29 -05:00
jvazquez-r7
74554ed805
Land #3174, @wchen-r7's object detection for ie11 2014-04-02 15:27:13 -05:00
jvazquez-r7
577bd7c855
Land #3146, @wchen-r7's flash version detection code 2014-04-02 15:13:41 -05:00
sinn3r
5ffcfb22fa Add object detection for IE11 
While working on some stuff with IE11, I realized this is very
necessary.
 2014-04-02 02:21:16 -05:00
HD Moore
7e227581a7 Rework OS fingerprinting to match Recog changes 
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.

This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
 2014-04-01 08:14:58 -07:00
sinn3r
389ad7aca3
Land #3155 - Explib2 2014-03-28 18:31:40 -05:00
sinn3r
4f5944cfb8 Add JavaScript detection for Adobe Flash 2014-03-28 14:31:21 -05:00
jvazquez-r7
ce02f8a7c5 Allow easier control of sprayed memory 2014-03-28 11:58:41 -05:00
jvazquez-r7
b0bbe3f6a9 Add explib2 with some fixes into metasploit 2014-03-28 10:44:13 -05:00
sinn3r
4c44f69e86 Undo the IE8/IE7 objection detection 2014-03-27 15:01:03 -05:00
sinn3r
fc1432fe53 This is probably the right way to do it for ie7/8 2014-03-27 13:53:24 -05:00
sinn3r
9c54421679 Update IE8/IE7 object detection 2014-03-27 13:34:07 -05:00
sinn3r
8df96a419b Make IE10 detection safer for older IEs 2014-03-27 13:31:15 -05:00
sinn3r
1f90115c8f Add default detection for IE 9 and IE 10 
How it's done:

On IE10, which should come first before the IE 9 check, the nodeName
function always returns the name in uppercase.

One IE9, the "Object doesn't support property or method" error always
repeats the name of the invalid method.
 2014-03-27 00:15:36 -05:00
joe
46f7e6060f Add the updated bins from timwr. 2014-03-25 09:39:53 -07:00
joe
c71d52e769 Merge branch 'pr-android-bins' of https://github.com/jvennix-r7/metasploit-framework into new-android-bins 2014-03-25 09:35:25 -07:00
sinn3r
8c707b20e0 Add support for specific builds of MSIE 9 on Win 7 SP1 
These IE9 versions are vulnerable to MS14-012 (see #3120). If we don't
add them, then os_detect might recognize the target as IE 8, and fail.
 2014-03-19 21:54:36 -05:00
Tod Beardsley
05436dc2c5
Refresh binaries for Meterpreter 
This includes:

rapid7/meterpreter#69
rapid7/meterpreter#70
rapid7/meterpreter#75
rapid7/meterpreter#77
rapid7/meterpreter#78

As of commit: 45bcbd13a1e0215647f6a61631652b686931bba8
 2014-03-19 08:57:04 -05:00
joev
8e4708b51b Add support for firefox 28. 2014-03-18 11:26:24 -05:00
OJ
409787346e
Bring build tools up to date, change some project settings 
This commit brings the source into line with the general format/settings
that are used in other exploits.
 2014-03-14 22:57:16 +10:00
James Lee
6438b9372c
Land #3067, python meterp net.config additions 2014-03-13 13:03:43 -05:00
Tod Beardsley
6309c4a193
Metasploit LLC transferred assets to Rapid7 
The license texts should reflect this.
 2014-03-13 09:47:52 -05:00
Spencer McIntyre
5ea26688d7 Fix a syntax error for Python 2.4 2014-03-11 15:22:52 -04:00
Spencer McIntyre
f3493ce220 Merge branch 'master' into pymeterpreter-net 
Conflicts:
	data/meterpreter/ext_server_stdapi.py
 2014-03-11 15:15:02 -04:00
Spencer McIntyre
e874223421
Land #3083, fix pymet when ctypes isn't available 2014-03-11 14:31:44 -04:00
Joe Vennix
679cb03ac3 Yank armeabi-v7a bins. 2014-03-11 13:09:50 -05:00
sinn3r
b431bf3da9
Land #3052 - Fix nil error in BES 2014-03-11 12:51:03 -05:00
James Lee
b87c2dca0b
Use older hash modules when hashlib isn't there 2014-03-11 12:25:54 -05:00
Tim
4f31eba7f4 android payload golf 2014-03-10 21:50:00 -05:00
joe
66ff5998a5 New multi-arch stagers. 2014-03-10 21:49:56 -05:00
joe
60b5191873 New meterpreter bins for testing. 2014-03-10 21:49:14 -05:00
joe
667bed8905 New multi-arch stagers. 2014-03-10 18:50:27 -07:00
James Lee
75c94cc5d7
Derp 2014-03-10 16:30:55 -05:00
James Lee
e508079aff
Don't crash when ctypes isn't available 2014-03-10 16:10:24 -05:00
joe
6616d36d63 New meterpreter bins for testing. 2014-03-07 13:21:30 -08:00
kyuzo
2a1e96165c Adding MS013-058 for Windows7 x86 2014-03-06 18:39:34 +00:00
Joe Vennix
05067b4e33 Oops. Need to init the profile before accessed. 2014-03-06 11:48:54 -06:00
Joe Vennix
3d7bc6c589 Remove form_post.js. 2014-03-05 23:35:54 -06:00
William Vu
096d6ad951
Land #3055, heapLib2 integration 2014-03-05 15:48:13 -06:00
Spencer McIntyre
1dea1c030e Add interface support via OSX SystemConfiguration 2014-03-05 13:59:13 -05:00
Joe Vennix
5790547d34 Start undoing some work. 2014-03-04 17:01:53 -06:00
Spencer McIntyre
0834102e2b Support tcp server channels and add a python MeterpreterSocket 2014-03-04 13:31:29 -05:00
Joe Vennix
3360f7004d Update form_post vars, add Expires to cookie. 2014-03-03 23:29:02 -06:00
Spencer McIntyre
7111e8aa59 Support retrieving interface information via GetAdaptersAddresses 2014-03-03 21:01:16 -05:00
Joe Vennix
6825fd2486 Whitespace tweaks and cleanup. 2014-03-02 19:57:48 -06:00
Joe Vennix
46f27289ed Reorganizes form_post into separate file. 2014-03-02 19:55:21 -06:00
Joe Vennix
e8226f9d40 Use a keyed cookie. Moves AJAX call to a form post. 2014-03-02 19:47:24 -06:00
sinn3r
8cf5c3b97e Add heaplib2 
[SeeRM #8769] Add heapLib2 for browser exploitation
 2014-03-02 11:47:18 -06:00
Spencer McIntyre
699e534149 Add missing return statement. 2014-03-02 00:18:46 -05:00
Spencer McIntyre
1c9390c9cf Support retrieving interface information via windows mib functions. 2014-03-02 00:17:00 -05:00
Spencer McIntyre
733a86ec74 Support retrieving interface information via netlink. 2014-03-01 22:34:38 -05:00
Spencer McIntyre
284d99aa6c Add pymeterp TLV types for additional network functions. 2014-02-28 13:56:51 -05:00
jvazquez-r7
8922f6457b
Land #3045, @wchen-r7's fix for browser autopwn 2014-02-28 12:55:32 -06:00
Spencer McIntyre
99e272e463 Return true in EOF when tell() > stat.st_size 2014-02-27 20:45:38 -05:00
David Maloney
9d9149d9d8
remove some dead code paths 
refactor some dead conditionals and a case/switch
that wasn't doing anything
 2014-02-27 11:45:57 -06:00
sinn3r
0c3891c0f9 Add more IE targets 2014-02-27 11:01:03 -06:00
sinn3r
151646156d Check navigator.oscpu for FF 
If we don't check navigator.oscpu, IE 11 is detected as FF.
 2014-02-27 10:54:38 -06:00
David Maloney
2e512abd31 put new binaries in place 
after cleaning up the source a bit and
updateing it for 2013, compiled new BINs.
These BINS avoid almost all current AV detections
and have been tested to ensure they still work.
 2014-02-23 15:24:55 -06:00
Meatballs
7877589537
Delete correctly 2014-02-23 02:47:13 +00:00
Meatballs
6127ff92ce
Fix race condition 
Wait for Sysprep to ExitProcess before cleaning up the DLLs...
 2014-03-03 23:41:25 +00:00
Meatballs
2a6258be15
Merge remote-tracking branch 'upstream/master' into bypassuac_redo 
Conflicts:
	external/source/exploits/make.bat
 2014-02-28 20:26:24 +00:00
Meatballs
8bdb22aeb9
Merge remote-tracking branch 'upstream/master' into bypassuac_redo 
Conflicts:
	lib/msf/core/post/windows.rb
 2014-02-25 22:15:05 +00:00
David Maloney
b1dfed8577
rebuilt template DLLs 
x86 dll template was way out of date and
did not match the x64 tempalte. rebuilt them both
 2014-02-25 15:34:42 -06:00
David Maloney
3c773f031c
add new binaries compiled from latest src 
compiled and added new binaries to make sure
most up to date source is used
 2014-02-25 14:06:57 -06:00
David Maloney
289580777c remove unneccsary logging elements 
update soloutions for VS2013
remove the CLogger
Remove Print Usage
this removes unneccsary strings that can
be used to easily identify our executable
 2014-02-20 20:00:19 -06:00
jvazquez-r7
4ca4d82d89
Land #2939, @Meatballs1 exploit for Wikimedia RCE and a lot more... 2014-02-18 17:48:02 -06:00
Tod Beardsley
8e0a4aaa58
Land #2983, webcam_chat for Meterpreter 2014-02-18 13:43:42 -06:00
sinn3r
e8f95c6cc0 Change error msg 2014-02-18 00:02:16 -06:00
sinn3r
608f800274 Support error handling in the message box 2014-02-18 00:01:44 -06:00
scriptjunkie
022c52d087
Added bundling to handle many sessions at once. 2014-02-15 15:37:22 -06:00
scriptjunkie
a6a731c8ee Keep stage until replaced, nil check, prettify. 2014-02-15 15:21:16 -06:00
scriptjunkie
5f7a0e162c Add reverse_hop_http stager and handler 2014-02-15 15:21:16 -06:00
Spencer McIntyre
3299b68adf
Landing #2767, @Meatballs1 Powershell Reflective Payload 2014-02-14 16:12:46 -05:00
sinn3r
00ba0b5208
Land #2987 - Add ff 27 support to os.js 2014-02-13 15:20:53 -06:00
Joe Vennix
51f3ab1690 Add ff 27 support to os.js 2014-02-12 15:32:47 -06:00
sinn3r
750ce3c4db Make server configurable 2014-02-11 23:07:43 -06:00
sinn3r
7eb20a37d4 offerer's interface gets a makeover 2014-02-11 19:43:52 -06:00
sinn3r
2bb15d3a87 answerer's interface gets a makeover 2014-02-11 02:15:22 -06:00
sinn3r
1114913298 Automatically turn on webcam in Firefox 2014-02-10 17:05:08 -06:00
Meatballs
a87f604c98
Merge remote-tracking branch 'upstream/master' into mediawiki 2014-02-10 21:43:56 +00:00
sinn3r
575ee09b77 Change messages 2014-02-10 14:59:44 -06:00
jvazquez-r7
3d4d5a84b6
Land #2957, @zeroSteiner's exploit for CVE-2013-3881 2014-02-10 13:59:45 -06:00
jvazquez-r7
78e1683f2d Add binary compiled on vs2013 2014-02-10 13:52:27 -06:00
sinn3r
93ef3c784d Update some JavaScript and other things 2014-02-08 22:23:19 -06:00
sinn3r
8edafc8c4c Restore the original API 2014-02-08 20:06:26 -06:00
sinn3r
be8538f3bd Tweak video attributes 2014-02-08 19:56:43 -06:00
sinn3r
8d55104712 Random channel 2014-02-08 19:36:33 -06:00
sinn3r
ccd12e66a7 Unwanted console.debug 2014-02-08 19:16:42 -06:00
sinn3r
e25767ceab More progress 2014-02-08 17:28:15 -06:00
sinn3r
325214e37f Fix bugs and stuff 2014-02-08 15:41:44 -06:00
sinn3r
e8ec6d1062 Rename command name 2014-02-08 03:53:49 -06:00
sinn3r
526bf9f6bc This should work 2014-02-07 22:17:42 -06:00
Meatballs
103780c3da
Merge remote-tracking branch 'upstream/master' into mediawiki 2014-02-07 20:07:04 +00:00
sinn3r
bab9a5522b You will go deaf with the default volume value. No thanks. 2014-02-07 11:35:57 -06:00
sinn3r
3c3bd11aca Oh look, more progress 2014-02-07 11:25:20 -06:00
Spencer McIntyre
01f41a209c Remove the DLL and add make.msbuild for easier compiling. 2014-02-07 10:05:05 -05:00
sinn3r
43be99f31b Save some progress 2014-02-07 03:06:52 -06:00
Spencer McIntyre
cc32c877a9 Add CVE-2013-3881 win32k Null Page exploit 2014-02-06 17:23:38 -05:00
William Vu
19fff3c33e
Land #2942, @jvennix-r7's Android awesomesauce 
Also, thanks to @jduck for testing!
 2014-02-06 11:53:11 -06:00
sinn3r
f66fc15b9e Add support for webrtc in meterpreter 2014-02-06 10:44:24 -06:00
OJ
096e06baa6 Added binaries from Meterpreter PR #74 
Meterpreter PR https://github.com/rapid7/meterpreter/pull/74 was landed,
this adds the binaries from that PR.
 2014-02-06 11:47:29 +10:00
Joe Vennix
636d7016a8 Fix android detection in os.js. 2014-02-04 02:31:46 -06:00
Meatballs
486a9d5e19
Use msf branded djvu 2014-02-01 00:37:28 +00:00
dukeBarman
766c408d86 Add CVE-2013-0634: Adobe Flash Player 11.5 memory corruption 2014-01-18 11:07:11 -05:00
OJ
80c4a6e9eb
Updated binaries for Meterpreter 
This includes changes up to commit hash e77c87cdb79a2732108be937e056622b45cb093c
 2014-01-17 09:02:48 +10:00
Joe Vennix
96e97d4768 Oops, the default bufsize is 0 anyways. 2014-01-05 18:57:56 -06:00
Joe Vennix
b64df51fa0 Fixes #8732 by reading until EOF reached. 
* use a lambda for cleaner iterator.
* also disables buffering, since we are reading byte-by-byte in the first place
and maintaining our own buffer (#data).
 2014-01-05 18:36:22 -06:00
Meatballs
dc87575b9d
Retab and whitespace 2013-12-22 21:04:44 +00:00
Meatballs
f112e78de9
Fixes .war file creation 2013-12-22 20:58:21 +00:00
OJ
0db062a1ce
Merge branch 'meatballs-vncdll-submodule' 2013-12-20 18:29:27 +10:00
OJ
34cdec5155
Update project VS 2013, clean CLI build 
* Project system updated to VS 2013.
* Clean builds, had to remove a bunch of warnings.
* `make.bat` for building from the command line.
* Removed RDI stuff that shouldn't be there any more.
* Renamed the x86 DLL to include the platform name.
 2013-12-20 09:49:15 +10:00
OJ
a4811bd0c3
Land #2760 2013-12-18 17:17:10 +10:00
jvazquez-r7
533accaa87 Add module for CVE-2013-3346 2013-12-16 14:13:47 -06:00
Meatballs
14c0096115
Update template 
Use Copy instead of memset
Remove | Out-Null
 2013-12-16 13:38:14 +00:00
Meatballs
25b84217ac
Correctly VAlloc 2013-12-16 12:47:03 +00:00
Meatballs
8dfcc8aa77
WaitForThread 2013-12-16 12:44:58 +00:00
Meatballs
0a29176855
Update psh_web_delivery for reflection 2013-12-16 09:08:01 +00:00
Meatballs
7cc99d76ad
Merge remote-tracking branch 'upstream/master' into powershell_auto_arch 
Conflicts:
	lib/msf/util/exe.rb
 2013-12-16 09:07:08 +00:00
OJ
0c82817445 Final changes before PR 2013-12-15 01:12:49 +00:00
OJ
db29af0f97 First batch of submodule refactorings 2013-12-15 01:12:48 +00:00
Meatballs
3d1646d18e Exit process when complete 2013-12-15 01:12:47 +00:00
Meatballs
c6623b380a Initial commit 2013-12-15 01:12:45 +00:00
zeknox
6931c918af removed bogus urls that are throwing errors 2013-12-13 12:13:23 -06:00
zeknox
554cd41403 added dns_cache_scraper and useful wordlists 2013-12-12 20:18:18 -06:00
sinn3r
bf831616e5
Land #2749 - Add firefox 26 feature detection support to detect/os.js 2013-12-10 16:30:33 -06:00
Joe Vennix
6cd315da64 Add ff26 feature detection support. 2013-12-10 10:47:11 -06:00
Meatballs
45a0ac9e68
Land #2602, Windows Extended API 
Retrieve clipboard data
Retrieve window handles
Retrieve service information
 2013-12-08 19:01:35 +00:00
Meatballs
496b017e33
Merge remote-tracking branch 'upstream/master' into bypassuac_redo 2013-12-05 17:09:32 +00:00
Meatballs
dc0f2b7291
Use ExitProcess 2013-12-05 17:08:47 +00:00
OJ
c8e2c8d085 Add binaries from Meterpreter 9e33acf3a283f1df62f264e557e1f6161d8c2999 
This is a new set of binaries for Meterpreter as of commit hash
9e33acf3a283f1df62f264e557e1f6161d8c2999. We haven't yet finalised
the process we'll be using for releasing bins from Meterpreter to MSF
so this is hopefully the last time we will have to do it the old way.
 2013-12-04 16:23:03 +10:00
sinn3r
ddbd5858e0
Land #2701 - Refactor of ppr_flatten_rec 
Also [SeeRM #8140]
 2013-12-03 10:51:58 -06:00
Meatballs
cf12826d2c
Dont use xp toolchain 
and dont bother editbin
 2013-11-30 20:04:00 +00:00
Meatballs
d3a0199539
Update for new Reflective DLL Submodule 
Update to VS2013 Toolsets
Include .msbuild and make.bat
Tidyup of if { }
Post build step to copy to output directory
 2013-11-30 19:58:25 +00:00
Meatballs
915d741f86
Merge remote-tracking branch 'upstream/master' into bypassuac_redo 
Conflicts:
	.gitmodules
	external/source/ReflectiveDLLInjection
 2013-11-30 19:10:04 +00:00
OJ
bcab716ec0
Add the binaries from the meterpreter repo 
Given this is a new extension, building bins and including them in this
PR can't cause any issues regarding lost functionality (like it can
with existing bins).

Adding to this PR so that it's easier to test and land.
 2013-11-29 09:02:07 +10:00
jvazquez-r7
0343aef7c8
Land #2695, @wchen-r7's support to detect silverlight 2013-11-27 09:40:12 -06:00
OJ
defc0ebe5c
ppr_flatten_rec update, RDI submodule, and refactor 
This commit contains a few changes for the ppr_flatten_rec local windows
exploit. First, the exploit binary itself:

* Updated to use the RDI submodule.
* Updated to build with VS2013.
* Updated to generate a binary called `ppr_flatten_rc.x86.dll`.
* Invocation of the exploit requires address of the payload to run.

Second, the module in MSF behaved a little strange. I expected it to create
a new session with system privs and leave the existing session alone. This
wasn't the case. It used to create an instance of notepad, migrate the
_existing_ session to it, and run the exploit from there. This behaviour
didn't seem to be consistent with other local exploits. The changes
include:

* Existing session is now left alone, only used as a proxy.
* New notepad instance has exploit reflectively loaded.
* New notepad instance has payload directly injected.
* Exploit invocation takes the payload address as a parameter.
* A wait is added as the exploit is slow to run (nature of the exploit).
* Payloads are executed on successful exploit.
 2013-11-27 20:44:18 +10:00