github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-01-02 11:36:22 +01:00
Code Releases Activity
944 Commits 7 Branches 259 Tags 71 MiB
1daa927175
Commit Graph

864 Commits

Author SHA1 Message Date
David Maloney
1daa927175 split off hash reading functions 
moved the reading o the nt and lm hash records
into seperate sub functions. more cleanup/readability work

MSP-12356
 2015-05-06 13:30:44 -05:00
David Maloney
bc5b6a1554 split off hash history reading 
moved the hash history read into a seperate sub function
to make it easier to read

MSP-12356
 2015-05-06 13:20:21 -05:00
David Maloney
879d062aa0 un typedef structs 
bcook says to not typedef structs and just use them as
raw structs, so i have made that conversion here

MSP-12356
 2015-05-06 11:24:06 -05:00
David Maloney
dff1a12c38 some more code cleanup 
just some various bits and bobs here to make
the code a little cleaner and easier to read

MSP-12356
 2015-05-06 10:42:03 -05:00
David Maloney
a8b4010ed0 cleanup #get_column_info a bit 
bcook showed me how to do this the way i originally
wanted to but didn't know how. This is much cleaner to read

MSP-12356
 2015-05-06 10:31:18 -05:00
David Maloney
df1181fe32 cleanup flag conversion 
use simpler conversion of bit flags to
quasi-boolean values. just a little space saved and easier to read hopefully

MSP-12356
 2015-05-06 09:54:36 -05:00
David Maloney
39d1860f7d switch from malloc to calloc 
calloc does our memory init for us
so all the malloc/memset usage was totally
redudnant

MSP-12356
 2015-05-06 09:45:31 -05:00
David Maloney
9d1af4c696 add doxygen to new code 
added doygen style comments to the new NTDS
functions and typedefs as requested by OJ.

MSP-12356
 2015-05-05 13:32:32 -05:00
David Maloney
e0665a2ba5 add some additional function comments 
add some basic function documentation in
the form of comments. not eprfect, but a start
on propper documentation

MSP-12356
 2015-05-04 11:14:42 -05:00
David Maloney
dee9a5efab some more code smell cleanup 
bad memory cleanup issues around CAPI
and another constant for the length of a hash string

MSP-12356
 2015-05-04 10:47:49 -05:00
David Maloney
8e93c26ce8 add constants for HASH Length 
added constants for byte length of a hash
as well as athe null terminated length

MSP-12356
 2015-05-04 10:41:48 -05:00
David Maloney
651e7a5135 Revert "Revert "Merge branch 'master' into feature/MSP-12356/ntds-parser"" 
This reverts commit 5a7d2ae84f830242486301cad0b26168f3ec973b.
 2015-05-01 10:32:15 -05:00
David Maloney
a208343153 and again 
another missing free

MSP-12356
 2015-04-30 16:01:22 -05:00
David Maloney
c9cf6be97a more memory cleanup 
more missing free calls

MSP-12356
 2015-04-30 15:43:58 -05:00
David Maloney
e2f4438dc4 do account reads in batches 
a channel read on the ntds channel will now read
up to 20 accounts at a time. when we run out of accounts
we set the EOF flag to let the other side know
we are done

MSP-12356
 2015-04-30 14:05:10 -05:00
David Maloney
8ff6ebab85 add channel close 
the channel close will now initiate the jet engine
shutdown, and free the context

MSP-12356
 2015-04-30 13:23:39 -05:00
David Maloney
5c1c9c317d free the useraccount each time too 
make sure we are doing good memory cleanup

MSP-12356
 2015-04-30 13:18:55 -05:00
David Maloney
3ebf0513b0 properly cleanup memory around hash history 
we were not freeing the buffers we created
as palceholders for decrypting hash history.
this would cause crashes when we wold start dealing
with multiple accounts in a row with a hash history.
freeing the buffers seems to fix the problem

MSP-12356
 2015-04-30 13:15:17 -05:00
David Maloney
1612fce10c Revert "Merge branch 'master' into feature/MSP-12356/ntds-parser" 
This reverts commit 336fb48756942c73846f191135751e5d4e9b552d, reversing
changes made to be7e34858b88bbc816f208d16259b058c5819ad8.
 2015-04-29 15:08:17 -05:00
David Maloney
6dc046eeea Merge branch 'master' into feature/MSP-12356/ntds-parser 2015-04-28 08:23:17 -05:00
Brent Cook
c268efc325 disable debug by default 2015-04-27 12:12:24 -05:00
Brent Cook
644bef77f6 remove duplicate check in SAFE_FREE 2015-04-27 11:43:35 -05:00
David Maloney
6914b3947a move on to the next user each time 2015-04-24 13:33:37 -05:00
David Maloney
3bfeec2a7a w00t pulled an account down 
successfully pulled an account down over the chanel

MSP-12356
 2015-04-24 13:04:36 -05:00
David Maloney
52571872c4 move to the first user record 
move through the datatable until we find
the first sam user object.

MSP-12356
 2015-04-23 16:51:07 -05:00
David Maloney
9d5c3c1610 pass CRYPT_VERIFYCONTEXT flag 
not passing this flag was causing an error attempting
to open the keyset. by setting this we are telling the
CAPI that we only care about ephemeral keys, and so we don't
run into the container issues.

MSP-12356
 2015-04-23 15:27:00 -05:00
David Maloney
ac0978abcd attaching database correctly 
we have the database attaching properly
seems to be an error decrypting the PEK though

MSP-12356
 2015-04-23 14:43:28 -05:00
David Maloney
54b91aab08 clean build 
the project now builds cleanly. the code isn't fully itnegrated
but it's in there and it builds which means it's nearly
perfect =P

MSP-12356
 2015-04-23 11:53:33 -05:00
David Maloney
2769d986fe migrate all the poc code in 
all of the poc libs are migrated in,
compiler warnings are blocking compile at this moment
 2015-04-23 10:39:25 -05:00
OJ
1b600dbfbe Couple of small tweaks to make posix happy again 2015-04-23 20:00:57 +10:00
OJ
fe566d5f07 Moved transport stuff from core to metsrv 
Lots of transported related things were in the core library which didn't make any sense given that the only thing that needed it was metsrv. This moves the functionality out into metsrv, reformats stuff and gets rid of some dead code.

TODO: Make this work with POSIX.
 2015-04-23 19:41:25 +10:00
David Maloney
85987b9cbe start migrating ntds code in 
moving the code chunks from the poc into
the actual meterp project
 2015-04-22 16:03:30 -05:00
David Maloney
1d1ebe0592 Merge branch 'master' into feature/MSP-12356/ntds-parser 2015-04-21 09:46:34 -05:00
David Maloney
b6d8909227 testing channel creation 
just a simple test to make sure i
understand streampool channel creation
 2015-04-21 09:45:30 -05:00
OJ
969b8fb4af Update of code from Windows 2015-04-21 20:11:53 +10:00
OJ
5f0422943f Merge branch 'connection-recovery' of github.com:OJ/meterpreter into connection-recovery 2015-04-21 20:02:54 +10:00
OJ
4ca9daa254 Merge branch 'upstream/master' into connection-recovery 2015-04-21 19:59:16 +10:00
OJ
60c4749a91 Land #150 : WinHttp send/receive code dedupe 2015-04-21 19:57:50 +10:00
Brent Cook
9269a14e6a Merge common WinHttp init code between send and receive functions. 
So we don't have any missing initialization between send and receive, this
factors out the common bits.
 2015-04-20 16:30:26 -05:00
OJ
9bc8eac20c More posix work for connection resiliency 2015-04-18 19:22:53 +10:00
OJ
1d6e87180a Fix posix extension tracking and transport sleeps 
This changeset fixes an issue with POSIX failing to keep track of loaded
extensions properly. The timeout calcs for waiting were trying to be too
smart and hence were simplified.

Also added another flush when reconnecting so that the body of the
second instance of metsrv is ignored by the POSIX side. In future, when
stageless meterpreter works with POSIX, we won't have to do this.
 2015-04-17 21:22:16 +10:00
OJ
83f82f3129 Adjust http func pointer type, adjust poll timeout 2015-04-17 19:58:24 +10:00
OJ
fa0d3fc95c Porting of connection reslience work to POSIX 2015-04-17 18:08:26 +10:00
OJ
4807375480 More work moving towards POSIX 2015-04-17 16:41:47 +10:00
OJ
f83dfb46f4 Merge branch 'upstream/master' into connection-recovery 
Conflicts:
	source/common/arch/win/i386/base_dispatch.c
	source/server/server_setup_win.c
 2015-04-17 14:41:27 +10:00
OJ
60b5eff975 Land #149 : relax the select timeout interval 2015-04-17 11:26:25 +10:00
Brent Cook
78860c8d30 Land #148, support URI patching 2015-04-16 18:03:30 -05:00
Brent Cook
416939af00 relax the select timeout interval on the server socket 
Currently, the select timeout on the server socket is 100 ns, meaning that
while idle, the process can wake up 100k times per second. This switches the
timeout to 0.5 second, reducing the idle CPU usage and seemingly increasing
the reliability of posix meterpreter as well.

Tested with various test post test modules without failures.
 2015-04-15 16:14:21 -05:00
OJ
4ff18b8bab Add support for URI patching 
This commit includes code which will allow for HTTP/S payload URIs to be hot-patched by the server without losing the UUID information. This was put in so that the stageless payloads can be used over and over again and not have issues with session URIs colliding.
 2015-04-14 15:26:45 +10:00
OJ
22b207a7a4 More tidying/refactoring, gearing up for POSIX 2015-04-14 13:06:27 +10:00