github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-01-02 11:36:22 +01:00
Code Releases Activity
3,586 Commits 7 Branches 259 Tags 71 MiB
master
Commit Graph

1633 Commits

Author SHA1 Message Date
Alex Romero
6cf1f5bd56
minor changes in services.c 2023-03-22 06:52:35 -04:00
Alex Romero
f260c5f4c7
fix access right issues in query_service_status() function 2023-03-18 16:21:03 -04:00
Alex Romero
65fbe56a12
add query_service_status() function 2023-03-18 03:55:20 -04:00
Alex Romero
f187c6a947
check efs service status before using interface and version check for prior 2008 2023-03-17 20:18:52 -04:00
Alex Romero
8e9e5675a6
support \pipe\efsrpc interface for windows 2008 in getsystem command 2023-03-17 17:25:44 -04:00
Alex Romero
4c27ff79ef
return result from trigger_efs_connection() in condition thread terminated 2023-03-17 15:14:12 -04:00
Alex Romero
03360b18a9
check for existence of \pipe\efsrpc 2023-03-16 18:11:10 -04:00
Alex Romero
c9d2e9f9ab
return RPC_S_CALL_FAILED and show error message on debug output 2023-03-14 18:26:31 -04:00
Grant Willcox
a906755628
Use proper file attributes and also allow sharing of the pipe so we don't block others 2023-03-14 12:39:14 -05:00
Grant Willcox
e6ee74a273
Rename function to does_pipe_exist and fix some typos 2023-03-14 12:05:18 -05:00
Alex Romero
e475e15ebf
fix for #608 issue in getsystem methods 2023-03-10 13:29:53 -05:00
Spencer McIntyre
ae6d4e7956
Land #621, return interface name for arp command 
return interface name instead of index for arp command
 2023-03-09 09:21:10 -05:00
Spencer McIntyre
dd9db6530b
Land #624, Fix incorrect error handling 
Fix incorrect error handling in "packet_transmit_http"
 2023-03-09 09:12:39 -05:00
Spencer McIntyre
82631e898b Include the direction in the log message 2023-03-09 09:12:28 -05:00
Alex Romero
885d63d568
Update c/meterpreter/source/extensions/stdapi/server/net/config/arp.c 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2023-03-07 21:32:37 +03:30
guffre
2153df9f64 Use common.h break macro 2023-03-06 23:46:51 -06:00
Alex Romero
5df4982d73
return interface name instead of index for arp command 2023-03-06 16:25:20 -05:00
Spencer McIntyre
fb8bf774ed Set the metric so routes can be added and deleted 2023-03-02 10:52:20 -05:00
Spencer McIntyre
9f2491bac4
Land #610, Fix getprivs permissions set 
Fix getprivs permissions that are grabbed on C Meterpreter and Python Meterpreter So That They Match
 2023-02-28 14:32:47 -05:00
Grant Willcox
242e66ec44
Add in missing SE_DELEGATE_SESSION_USER_IMPERSONATE_NAME privilege that was not being obtained in C versions of Meterpreter 2023-02-28 10:32:13 -06:00
Spencer McIntyre
16a9a2d2f6
Land #614, Display IPv6 Routes on Windows 
Feature to display IPv6 Routes on Windows
 2023-02-28 10:24:20 -05:00
Spencer McIntyre
f402d7cb9e Fix Windows XP compatibility 
GetIpForwardTable2 is not available on Windows versions prior to Vista.
Use GetProcAddress to call it when it's available while avoiding
crashing on XP.
 2023-02-28 09:36:31 -05:00
Spencer McIntyre
bf7e5cb7c6 Fix compiler and other errors 2023-02-28 09:36:26 -05:00
guffre
fe2acd8332 Update server_transport_winhttp.c 
The response code from packet_transmit_http was hardcoded to always return ERROR_SUCCESS.

This fix emulates how errors are debug-printed and returned from server_transport_tcp and server_transport_pipe.
 2023-02-26 18:10:48 -06:00
guffre
dd91ed13e9 Update server_transport_winhttp.c 
The response code from packet_transmit_http was hardcoded to always return ERROR_SUCCESS.

This fix emulates how errors are debug-printed and returned from server_transport_tcp and server_transport_pipe.
 2023-02-26 18:03:28 -06:00
guffre
1c6241604d Fix error response in packet_transmit_http 
The response code from packet_transmit_http was hardcoded to always return ERROR_SUCCESS.

This fix emulates how errors are debug-printed and returned from server_transport_tcp and server_transport_pipe.
 2023-02-26 17:54:39 -06:00
Nishant Desai
98726de8be Display-ipv6-routes 2023-02-25 05:57:15 -05:00
Grant Willcox
890366cfd1
Land #605, Fix the output of getdesktop 2023-02-16 12:21:28 -06:00
Spencer McIntyre
b45fcc185a Fix the output of getdesktop 2023-01-27 17:38:39 -05:00
Grant Willcox
5ed840fdca
Land #599, Bind to the specified LocalHost 2023-01-19 17:55:02 -06:00
Grant Willcox
ca639d4756
Land #599, Bind to the specified LocalHost 2023-01-19 17:49:34 -06:00
Spencer McIntyre
a54ea83cb0 More error handling and documentation 2023-01-19 15:32:46 -05:00
Spencer McIntyre
b83af142c0 Allow binding to specific addresses in Windows 
Related to rapid7/metasploit-framework#17282
 2023-01-10 15:51:36 -05:00
Spencer McIntyre
2e4cb890d3 Pull in upstream COFFLoader changes 
Changes include fixes for running BOFs compiled from VS which contained
some relocations that were not being properly handled.

See:
  * https://github.com/trustedsec/COFFLoader/issues/7
  * https://github.com/trustedsec/COFFLoader/pull/8
  * https://github.com/trustedsec/COFFLoader/pull/9
 2022-12-12 08:51:28 -05:00
Spencer McIntyre
79341d9dfb
Land #595, Mimikatz update 2022-11-15 09:45:46 -05:00
Grant Willcox
f5bae3b63c
Cleanup handles if memory allocation fails before exiting get_token_list 2022-11-10 15:56:05 -06:00
Spencer McIntyre
80e8b721ef Close the handle when it wasn't copied 
Close the hObject handle when it wasn't copied into token_list.
 2022-11-10 16:08:16 -05:00
Spencer McIntyre
d0ab25e521 Close memory and handle leaks 2022-11-10 13:31:28 -05:00
bwatters-r7
c466356cb9
Update mimikatz pinned submodule 2022-11-09 08:16:13 -06:00
bwatters-r7
0331174548
Fixes to support compiling new updates to mimikatz 2022-11-03 10:50:18 -05:00
bwatters-r7
a5473e71df
land #588, Add TrustedSec's COFFLoader as Meterpreter Extension 
Merge branch 'land-588' into upstream-master
 2022-09-29 10:16:12 -05:00
Spencer McIntyre
b0ce0fb421 Update the COFFLoader submodule 2022-09-26 08:49:08 -04:00
Spencer McIntyre
36f3783279 Code and docs cleanups 2022-09-21 17:01:37 -04:00
joe
73e8f4f78e secure memzero 2022-09-12 20:18:52 -04:00
Spencer McIntyre
4582587df4 Pull upstream changes, stop disabing warnings 2022-09-09 13:54:07 -04:00
Spencer McIntyre
09001bd539 Get MinGW bofloader builds working 2022-09-09 13:54:07 -04:00
Spencer McIntyre
a3e6d86026 Revert accidental change 2022-09-09 13:54:07 -04:00
Spencer McIntyre
1f62d226a0 Use multiple TLVs instead of load_and_run 2022-09-09 13:53:55 -04:00
Spencer McIntyre
f2de5624e3 Rename some things that are not commands 2022-09-08 17:48:22 -04:00
Spencer McIntyre
cb230d93e5 Refactor a few things 2022-09-08 16:07:00 -04:00
Spencer McIntyre
d7005e679e Switch to using a submodule of TrustedSec/COFFLoader 2022-09-08 15:56:56 -04:00
Spencer McIntyre
b680804951 Don't assume the buffer is null terminated 
Apparently values returned by RegQueryValueExW may not actually be null
terminated.

See: https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regqueryvalueexw#return-value
 2022-09-08 12:07:49 -04:00
Spencer McIntyre
d40b95c1c2 Ensure that the parsed buffer is terminated 
This copies the input buffer to a private copy which is the easiest way
to guarantee that it has two null terminiating characters.
 2022-09-07 12:07:42 -04:00
Spencer McIntyre
2e6fb9c2f3 Add docs for the new functions 2022-09-07 12:07:42 -04:00
Spencer McIntyre
18a3d8d85d Fix REG_MULTI_SZ handling 
This updates the registry handling for the native Windows Meterpreter to
handle REG_MULTI_SZ values as UTF-8 encoded strings in a buffer with an
additional NULL terminator. This is basically what RegSetValueExW wants
but Meterpreter will encode the UTF-8 strings into UTF-16. They are
however split with a NULL byte and no longer \0.
 2022-09-07 12:07:32 -04:00
Spencer McIntyre
89aa11e177 Fix reading REG_MULTI_SZ values for Windows 2022-09-07 09:32:16 -04:00
Spencer McIntyre
d720a549a4 Use RegOpenKeyExW for checking existance 
This has two benefits:
1. It's the same function as what's used to open keys, ensuring that the
   options is consistent.
2. It allows the desired permissions to be explicitly set instead of
   being inferred from the "default securitya ccess mask". See:
   https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regopenkeya#return-value
 2022-09-07 09:32:05 -04:00
skylerknecht
cc6b6a1236 Don't delete responses joe! 2022-09-06 23:59:44 -04:00
joe
00aea8da1a visualstudio builds 2022-09-06 21:04:39 -04:00
joe
9412beeef4 dprintf 2022-09-05 20:14:11 -04:00
joe
b05945da8a no need to free mem, meterpreter takes care of it 2022-09-04 20:02:20 -04:00
joe
35d3dc0737 debugtrace 2022-09-04 19:40:53 -04:00
joe
5de520f527 bofloader nocrash 2022-09-04 19:28:41 -04:00
joe
35f950b4d2 wip++ hopefully working c portion 2022-09-03 16:35:44 -04:00
Kevin Clark
327125a3a4 add bofloader folder 2022-08-20 13:56:55 -07:00
Spencer McIntyre
e4b0ce2aa8 Fix docker builds 2022-06-23 11:31:39 -04:00
Christophe De La Fuente
3d322137f9
Fix from code review 2022-06-22 13:19:35 +02:00
Christophe De La Fuente
6cb3d86ffd
Add EFSRPC Named Pipe Impersonation (EfsPotato) elevation technique 2022-06-14 20:24:19 +02:00
Grant Willcox
5d26021080
Land #571, Update ReflectiveDLLInjection to include #12 and remove a few RWX memory sections. 2022-05-17 14:18:28 -05:00
dwelch-r7
f84aecff87 Add conditional logic to remove logging artifacts that made their way into the release build 2022-05-11 12:22:10 +01:00
Spencer McIntyre
683a986c7f Update to include ReflectiveDllInjection#12 2022-05-04 15:01:52 -04:00
jheysel-r7
bac639d94d
Land #565, update mimikatz 
Updates mimikatz (the kiwi extension)
 2022-05-03 12:35:29 -07:00
dwelch-r7
d17e7d3c63 fix line endings 2022-04-27 00:42:06 +01:00
dwelch-r7
181d31878b Fix common_logging name and location 2022-04-27 00:01:04 +01:00
dwelch-r7
0896fb294a Move and rename common/common_logging.c to logging/logging.c 2022-04-26 23:56:09 +01:00
dwelch-r7
66bbd5f078 Code review changes and small refactor 2022-04-26 23:49:04 +01:00
dwelch-r7
e29d876b2e Remove debug artifacts from release build 2022-04-26 15:56:53 +01:00
dwelch-r7
38e6787d84 Configure logging in all extnesions 2022-04-26 15:56:53 +01:00
dwelch-r7
9dfa3ec1fc winpmem failing to compile 2022-04-26 15:56:53 +01:00
Spencer McIntyre
e576a7c875 Various changes required for cross compilation 2022-04-21 15:52:27 -04:00
Spencer McIntyre
640b753659 Update the kiwi extension 2022-04-21 14:52:20 -04:00
dwelch-r7
c46550a00a Remove unused extension network pug 2022-04-14 14:11:56 +01:00
dwelch-r7
32890c2f59 Also build debug version for r7_all 2022-04-01 13:30:02 +01:00
adfoster-r7
cf5ab07f22
Land #553, Build and ship debug builds for windows meterpreter 2022-04-01 01:30:33 +01:00
dwelch-r7
395c31d03e Build and ship debug builds for windows meterpreter 2022-03-09 13:42:39 +00:00
Spencer McIntyre
0153448ddd Update mimikatz to 61cd1b9168 2022-03-01 14:22:58 -05:00
Spencer McIntyre
078845440b Fail on invalid impersonation levels 2022-02-22 10:17:47 -05:00
Spencer McIntyre
86641ef90d Return an error for invalid getsystem techniques 2022-01-24 15:12:27 -05:00
bwatters-r7
2b607061c5
Land #509, Metasploit-side logic to support a 5th getsystem mechanism 
Merge branch 'land-509' into upstream-master
 2022-01-21 17:50:29 -06:00
dwelch-r7
be85e3d576 Convert error codes to be consistent HRESULTS 2022-01-17 14:15:07 +00:00
Spencer McIntyre
229637bcc5 Fix the mingw builds for the priv extension 2022-01-14 17:33:32 -05:00
Spencer McIntyre
174ae1ab09 Reuse mimikatz RPRN definitions 2022-01-14 15:19:20 -05:00
Ashley Donaldson
3b0862b182
Set version size before API call 2021-11-30 23:17:27 +11:00
Ashley Donaldson
713b0e1b41
Fixed OS Version checking 2021-11-30 22:43:28 +11:00
Ashley Donaldson
0c0001b134
Implementing a 5th getsystem mechanism: print spooler. 
Leverages the SeImpersonatePrivilege with the Print Spooler primitive.
 2021-11-19 20:12:19 +11:00
Tim W
0d2f0f380d whitespace fixup 2021-09-22 15:48:12 +01:00
Tim W
4f49792feb fix windows wds3_search 2021-09-22 14:51:10 +01:00
Tim W
8ec7d7b254 cleanup windows fs_search 2021-09-22 13:13:27 +01:00
Tim W
027de2be9c fix windows build 2021-09-20 19:08:06 +01:00
Tim W
a5d2e6cbe3 move packet_get_tlv_uint to core 2021-09-20 15:47:04 +01:00
Tim W
949b9de394 minor cleanups on windows search.c 2021-09-20 15:38:13 +01:00
test
e43f437a2c Clarified variable names 2021-09-20 15:38:13 +01:00
test
e2f9e64779 Updated search functionality 2021-09-20 15:38:13 +01:00
test
13a1b7e0b3 Source code for searching by date 2021-09-20 15:38:13 +01:00
Tim W
e61d89c235
Land #498, fix windows meterpreter mingw build 2021-08-02 17:43:17 +01:00
Spencer McIntyre
af80d5279a Pull in changes from rapid7/mimikatz#6 2021-08-02 12:08:08 -04:00
Spencer McIntyre
47abfda386
Land #497, Fix windows meterpreter expiration 2021-08-02 12:06:28 -04:00
Tim W
acd5f4e8d4
Land #493, fix cmake build errors 2021-07-31 15:32:57 +01:00
Tim W
6c8eee5e95 Fix windows meterpreter transport session expiry time, 0 should never expire 2021-07-28 22:42:17 +01:00
Spencer McIntyre
8eee62d80e Fix a mingw build error 2021-07-16 15:53:22 -04:00
Spencer McIntyre
5b9ad76be7 Disable C4756 in mimikatz\modules\sqlite3.c 
Warning C4756 (overflow in constant arithmetic) is causing build
failures. Disable it for this one file.
 2021-06-11 16:11:32 -04:00
Spencer McIntyre
50aac33fe6 Update mimikatz (the kiwi extension) 2021-06-11 14:22:55 -04:00
Tim W
dc4d69d695 fix request_fs_ls on an inaccessible file 2021-03-30 19:35:16 +01:00
Spencer McIntyre
16e2c2d52b
Land #475, Set nMaxInstances to 1 for named pipes 2021-03-04 13:31:43 -05:00
dwelch-r7
316846e929 Add debugging info to Readme 2021-02-26 12:35:19 +00:00
Zeev R
8825987525 Tiny bug fix. 
The nMaxInstances argument refers only to subsequent calls to CreateNamedPipe and not to calls that just open the pipe.
There is no reason to enable anybody else but us to create a pipe with the same name.
 2021-02-24 18:55:04 +02:00
Spencer McIntyre
777fadd00b Cleanup base.c based on PR feedback 2021-01-27 09:07:00 -05:00
Spencer McIntyre
9aece96e94 Cleanup registered commands using the pseudo extension's deinit callback 2021-01-15 13:59:39 -05:00
Spencer McIntyre
ebdcd95615 Handle core commands like they're provided by the pseudo core extension 2021-01-15 13:59:32 -05:00
Tim W
e31371c813 add debug option 2020-12-20 15:47:39 +00:00
Spencer McIntyre
c911749430 Fix a guard condition to check the correct thing 2020-12-18 16:08:14 -05:00
Spencer McIntyre
f9e62ba042 Add a Debug configuration to include debug logs 2020-12-18 16:07:04 -05:00
Tim W
be443779ff fix free() process.execute wchars 2020-11-30 18:48:26 +00:00
Kali-Team
7933f06484 [stdapi] support_unicode_characters_for_execute 2020-11-24 17:41:07 +08:00
vixfwis
9f0b9008bb Fix endless loop bug 
Main thread will be stuck in loop if recv returns SOCKET_ERROR (-1) due
to int to DWORD casting
 2020-10-09 20:24:37 +03:00
Spencer McIntyre
1aac00a6ce Disconnect the named pipe and break after the impersonation callback 2020-10-06 15:21:25 -04:00
Spencer McIntyre
9ebb095a0a
Land #437, Fix Metasploit 6 pivoting issue 2020-10-06 09:05:15 -04:00
Alan Foster
985ccbd3af
Fix Metasploit 6 pivoting issue 2020-10-01 22:58:21 +01:00
Spencer McIntyre
e96d8e5fc8 Fix a bad comment 2020-08-20 14:42:17 -04:00
Spencer McIntyre
25a0b76797 Filter out Windows < 6.3 for the namedpipe_rpcss technique 2020-08-20 14:05:48 -04:00
Spencer McIntyre
666ee4f57e Cleanup the ext_server_priv.vcxproj file 2020-08-19 12:05:53 -04:00
Spencer McIntyre
ee69b4f274 Revert "Add a fourth parameter to the thread API" 
This reverts commit 0afe17d160.
 2020-08-19 11:54:45 -04:00
Spencer McIntyre
cf4614c941 Working on Windows 10 from native x64 and WOW64 2020-08-19 11:54:45 -04:00
Spencer McIntyre
ce7dd3f699 Clean up the namedpipe_rpcss code 2020-08-19 11:54:21 -04:00
Spencer McIntyre
7967fd569d x64 version is working 2020-08-18 15:41:42 -04:00
Spencer McIntyre
ee72ac26b9 Add support for a callback after named pipe impersonation 2020-08-14 18:12:02 -04:00
Spencer McIntyre
0afe17d160 Add a fourth parameter to the thread API 2020-08-14 17:47:59 -04:00
OJ
da7fb0e27f
Makefile tweak, RDI changeset update 2020-07-06 20:03:18 +10:00
OJ
68e27f00fa
Force mimikatz and RDI submodules to point to master 2020-07-03 08:47:41 +10:00
OJ
19bb68ea51
Update readme for cross compilation 2020-06-30 21:28:59 +10:00
OJ
9f859fe208
Make sure output folder exists 2020-06-27 08:32:37 +10:00
OJ
1fc117743f
Fix kiwi build 2020-06-25 23:29:36 +10:00
OJ
0c9e909a2f
Remove reference to Mimikatz from cmake 2020-06-25 10:56:01 +10:00
OJ
754aeacacf
Fix makefile to point to toolsets 2020-06-25 10:50:27 +10:00
OJ
325048a5e6
Fix build, remove metsrv warning 2020-06-25 10:41:29 +10:00
OJ
9dc7a32d6a
Add peinjector cross compile 2020-06-25 10:32:45 +10:00
OJ
dd5243fae5
Add helper to build the container with the right name 2020-06-25 10:32:41 +10:00
OJ
c36e5274b8
Finalise kiwi support fix up Makefiles some more 2020-06-25 10:32:37 +10:00
OJ
7fab0b200a
Building, but not working yet 
Got an issue where certain functions aren't being resolved and hence are
null when being invoked. Need to debug the loading of the DLL to see why
this is the case.
 2020-06-25 10:32:32 +10:00
OJ
f4dd751b23
Add libs to linker input for VS project 2020-06-25 10:31:56 +10:00