github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2024-11-26 17:41:08 +01:00
Code Releases Activity
2,839 Commits 6 Branches 258 Tags 70 MiB
2dc21da562
Commit Graph

2839 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
HD Moore
4ccc02d329 This *should* fix all cases where execute -t would fail to use an impersonated token 
git-svn-id: file:///home/svn/framework3/trunk@9754 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-09 19:32:51 +00:00
HD Moore
7c45fd988e Clean up some of the token impersonation code around process execution 
git-svn-id: file:///home/svn/framework3/trunk@9751 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-09 18:54:20 +00:00
James Lee
eebf92cd8b replace / and \ with the current system's directory separator so it doesn't matter what the user types 
git-svn-id: file:///home/svn/framework3/trunk@9727 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-07 20:40:19 +00:00
HD Moore
05278c2b5e Minor tweak to build without the include path for common 
git-svn-id: file:///home/svn/framework3/trunk@9715 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-07 16:46:58 +00:00
HD Moore
15ff9acb1c Merge railgun, tweak configurations 
git-svn-id: file:///home/svn/framework3/trunk@9709 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-07 16:29:03 +00:00
James Lee
d31cdd3ee8 abstract connect out into it's own function 
git-svn-id: file:///home/svn/framework3/trunk@9617 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-25 00:39:48 +00:00
James Lee
15dc10e9dc use $GLOBALS instead of assuming vars declared outside of a function will be global. allows it to work inside a create_function() eval 
git-svn-id: file:///home/svn/framework3/trunk@9597 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-23 22:38:01 +00:00
James Lee
80b544d1d2 split stadpi out into an extension, add a reverse_tcp stager, make the main meterpreter stage-aware so it will work as a standalone or eval'd by a stager that sets $msgsock and $msgsock_type; see #2128 
git-svn-id: file:///home/svn/framework3/trunk@9594 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-23 20:00:27 +00:00
James Lee
f29cb854f4 don't consider compression when looking for a tlv 
git-svn-id: file:///home/svn/framework3/trunk@9527 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-15 17:55:37 +00:00
James Lee
2ec9997020 consolidate debugging functions in the file 
git-svn-id: file:///home/svn/framework3/trunk@9517 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-15 00:33:24 +00:00
James Lee
2056586b20 replace $setsockopt with a function, remove unused hexdump function 
git-svn-id: file:///home/svn/framework3/trunk@9516 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-14 23:20:57 +00:00
James Lee
24e19d31e3 watch stderr as well as stdout 
git-svn-id: file:///home/svn/framework3/trunk@9513 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-14 05:01:37 +00:00
James Lee
ad4c28051d shell interaction works in linux, still broken in windows. kill and ps work in windows now 
git-svn-id: file:///home/svn/framework3/trunk@9512 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-13 16:44:22 +00:00
James Lee
ef6e2bf2d5 ps now works in windows by shelling out to tasklist.exe 
git-svn-id: file:///home/svn/framework3/trunk@9497 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-11 22:07:23 +00:00
James Lee
a664572f5b meterpreter now compiles on 64-bit linux in a 32-bit chroot. still need payload handlers and some stdapi love to make it useable 
git-svn-id: file:///home/svn/framework3/trunk@9468 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-10 06:10:15 +00:00
James Lee
c84a469f1d overhaul socket handling to use fsockopen if socket_create isn't available. portfwd now works on default Windows and Ubuntu installs 
git-svn-id: file:///home/svn/framework3/trunk@9450 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-08 07:59:36 +00:00
James Lee
9703c123a0 stdapi is still in the base payload, but this file needs to exist 
git-svn-id: file:///home/svn/framework3/trunk@9446 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-07 17:00:47 +00:00
James Lee
8b61470e40 turn off debug logging 
git-svn-id: file:///home/svn/framework3/trunk@9428 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-04 15:59:45 +00:00
James Lee
9a7d17cc3e fail if the socket couldn't connect 
git-svn-id: file:///home/svn/framework3/trunk@9427 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-04 15:28:11 +00:00
James Lee
fea66a542c Woot, portfwd works. 
git-svn-id: file:///home/svn/framework3/trunk@9418 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-04 02:43:17 +00:00
James Lee
eaf4329829 standardize whitespace 
git-svn-id: file:///home/svn/framework3/trunk@9413 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-03 23:18:21 +00:00
James Lee
be44066098 basic client sockets, connect and write work 
git-svn-id: file:///home/svn/framework3/trunk@9404 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-03 04:45:48 +00:00
James Lee
36fa6067d1 break out of the main loop when we get eof (or any other area) on the main socket. fixes infinite loop in the server when client exits 
git-svn-id: file:///home/svn/framework3/trunk@9402 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-03 00:24:55 +00:00
James Lee
066f6f4092 switch debug logging to the webserver error_log for easier perusement; add fs_stat which fixes downloads; only return success from delete_file if it actually deleted the file 
git-svn-id: file:///home/svn/framework3/trunk@9399 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-02 22:43:03 +00:00
James Lee
a4c48f0179 add support for deleting files 
git-svn-id: file:///home/svn/framework3/trunk@9398 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-02 18:36:14 +00:00
James Lee
8e089b3d3b use posix_getuid if it exists 
git-svn-id: file:///home/svn/framework3/trunk@9397 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-02 18:08:09 +00:00
James Lee
7ebefbd629 initial commit of php meterpreter, see #391. upload, download, cd, pwd, ls, cat, sysinfo, getpid, and ps all work fine. 
* execute works with channel read/write but no interact yet
* getuid is weird, since php's get_current_user() and getmyuid() return the owner of the file instead of the running uid (wtf?)



git-svn-id: file:///home/svn/framework3/trunk@9393 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-02 08:28:39 +00:00
HD Moore
e8d2b79524 Small patch to enable a new stager 
git-svn-id: file:///home/svn/framework3/trunk@8984 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 05:21:15 +00:00
Stephen Fewer
6f25e39b27 Commit all the code for the new 'screenshot' command in the stdapi extension. Screenshot will now work on NT4 - 7 on both x86 and x64 and on newer versions of Windows we can break out of session isolation (e.g. session 0 isolation for services) to screenshot the active desktop (or logon screen) without the need to migrate meterpreter. The majority of the migration code-injection stuff has been refactored out into base_inject.c so it can be shared with the new ps_inject() functionality to inject dlls. The 'ps' command now reports what session each process belongs to (if this is too verbose we can remove it or add a -v verbose switch to the ps command). The 'execute' command can now take a -s switch in order to create a process in a users session under the users privs (assuming you have the privs to do this). 
git-svn-id: file:///home/svn/framework3/trunk@8787 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-11 17:09:55 +00:00
Stephen Fewer
795faa0295 Commit snojobs jpeg patch for espia with an x64 build and some minor changes on the ruby side (The 'screenshot' command is now 'screengrab' to avoid a future conflict with changes happening in stdapi). 
git-svn-id: file:///home/svn/framework3/trunk@8726 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-05 15:50:24 +00:00
Stephen Fewer
50e8e356a4 Commit the JPEG-8 lib code from snowjobs patch. Added an x64 build environment and the libs directory for x86/x64 projects to link against. 
git-svn-id: file:///home/svn/framework3/trunk@8725 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-05 15:44:36 +00:00
Stephen Fewer
2bcfe8f18c Commit the meterpreter C side (and bins) for transparent zlib (zlib.c copied from the posix meterpreter source) compression of TLV's and channels. To use transparent compression with channels, create them with CHANNEL_FLAG_COMPRESS. To use transparent compression with any TLV value, bitwise or the TLV type with TLV_META_TYPE_COMPRESSED (Don't create the TLV type with TLV_META_TYPE_COMPRESSED as the compressed flag is removed on the remote end after compression). For consistency with the ruby side we could at a later stage add a boolean compress parameter to all the packet_add_tlv_* functions so you don't have to manually specify TLV_META_TYPE_COMPRESSED flag. 
git-svn-id: file:///home/svn/framework3/trunk@8515 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-16 14:56:24 +00:00
Stephen Fewer
5a0d64211e Commit the Meterpreter C side for the UDP socket pivoting. (+1 bug fix for the TCP client socket notify event function) 
git-svn-id: file:///home/svn/framework3/trunk@8430 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-09 16:43:33 +00:00
Stephen Fewer
85ed7baa43 Commit the new TCP server channel support on the meterpreter end as well as some fixes to TCP client channels. 
git-svn-id: file:///home/svn/framework3/trunk@8383 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-06 17:55:41 +00:00
HD Moore
75d5d3c136 Fix #790. Initialize the client state to be alive, tweak a few things on the meterpreter side 
git-svn-id: file:///home/svn/framework3/trunk@8327 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-29 18:52:44 +00:00
Stephen Fewer
6c4759f083 fix ps so an x64 process's path is returned correctly when ps is run from a wow64 meterpeter. 
git-svn-id: file:///home/svn/framework3/trunk@8322 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-29 12:00:45 +00:00
Stephen Fewer
d0d1bce6c9 ...update the project files. I have added in an extra post build step for elevator.dll so it can work on NT4 (when used with rundll32.exe for getsystem technique #2). The post build step uses the editbin.exe to set the major OS/Subsystem version to 4 instead of 5 so NT4 will load it, (visual c++ 2008 cant build NT4 binaries, only 2000 and above). 
git-svn-id: file:///home/svn/framework3/trunk@8318 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-29 01:12:35 +00:00
Stephen Fewer
00de4d1561 Add in KiTrap0D to the priv getsystem command. 
git-svn-id: file:///home/svn/framework3/trunk@8317 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-29 01:09:57 +00:00
HD Moore
9299f443e2 Disable debug tracing 
git-svn-id: file:///home/svn/framework3/trunk@8312 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 23:10:58 +00:00
HD Moore
be80aa81b9 Fixes #744. The core issue was the migrate code waiting on SetEvent, but the migrate stub was blocked on a WSASocket due to a pending packet_receive in the main server thread. Simply settin the thread termination signal did not work, as the SSL_read was already in progress. This change forcible terminates the main server thread before waiting on the event in order to bypass this deadlock. The downside is a failed migrate has no way to recover if it makes it this far. 
git-svn-id: file:///home/svn/framework3/trunk@8309 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 22:55:41 +00:00
Stephen Fewer
9ce8766d91 modularize the source for each technique in elevator too. 
git-svn-id: file:///home/svn/framework3/trunk@8299 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 16:30:09 +00:00
Stephen Fewer
c80fcf9558 modularize the source for each technique, making it cleaner to add in new techniques at a later stage. 
git-svn-id: file:///home/svn/framework3/trunk@8298 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 15:04:27 +00:00
Stephen Fewer
e081adaaf3 update the workspace files. 
git-svn-id: file:///home/svn/framework3/trunk@8295 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:46:51 +00:00
Stephen Fewer
8fc8a49cd2 Add in the elevator dll, used by getsystem for a number of things. 
git-svn-id: file:///home/svn/framework3/trunk@8294 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:45:31 +00:00
Stephen Fewer
aaef21e860 Add in the new getsystem command to the priv extension. 
git-svn-id: file:///home/svn/framework3/trunk@8293 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:40:55 +00:00
Stephen Fewer
776b9f108c Update RDI by adding in the LoadRemoteLibraryR function to use RDI to inject into arbitrary processes. Current limitation is it only works on x86->x86 and x64->x64 scenarios, due to the offsets used in parsing the PE file being determined at compile time (e.g. if we compile LoadRemoteLibraryR into an x86 binary it wont be able to load x64 images). Solution is to not rely on compiler for the offset but to do it manually which shouldn't be too much work. 
git-svn-id: file:///home/svn/framework3/trunk@8292 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:37:55 +00:00
Stephen Fewer
8db12b034f bug fix for the stdapi command rev2self. was not playing nice with new thread token stuff. 
git-svn-id: file:///home/svn/framework3/trunk@8291 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:33:24 +00:00
Stephen Fewer
cfabafb09c move these macros from base_dispatch.c to common.h as they are useful to use elsewhere. 
git-svn-id: file:///home/svn/framework3/trunk@8290 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:32:16 +00:00
Stephen Fewer
43347e4dc5 Complete overhaul of process migration. Migration across x86->x86, x64->x64, wow64->x64 and x64->wow64 all supported using a number of techniques. 
git-svn-id: file:///home/svn/framework3/trunk@8198 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-22 19:46:18 +00:00
Stephen Fewer
ff9d9f48aa updated stapi project file. 
git-svn-id: file:///home/svn/framework3/trunk@8158 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-19 11:07:21 +00:00