1
mirror of https://github.com/rapid7/metasploit-payloads synced 2024-12-21 05:35:54 +01:00
Commit Graph

2325 Commits

Author SHA1 Message Date
OJ
9fd56beba0
Refactor pub key encryption code
Extract the publicy key encryption code out into another method and
cater for more error conditions.
2017-06-28 12:50:53 +10:00
Spencer McIntyre
1a0f47603b Add debgging around get and send packet for pymet 2017-06-27 20:15:04 -04:00
OJ
2c2583b975
Add support to java for new packet header 2017-06-26 19:28:09 +10:00
OJ
df6748130d
Update php meterpreter to support new packet header
This doesn't enable support for AES encryption PHP meterp yet, that's
coming later.
2017-06-26 16:48:01 +10:00
OJ
445db818be
Update Python meterpreter's packet header handling
This doesn't add AES encryption, just adds support for the new packet
header. AES encryption will come later.
2017-06-26 15:26:27 +10:00
Metasploit
8bf7d426b6 Bump to 1.2.38 2017-06-25 15:47:25 -07:00
Brent Cook
f95710249b
Land #209, Make keyscan active window tracking discretionary 2017-06-25 17:39:41 -05:00
OJ
a911045d5e
Merge upstrea/master + fix issues 2017-06-25 19:52:11 +10:00
OJ
12055fca25
Finalised support for RSA-encrypted AES key negotiation
Still needs to be wired into HTTP/S.
2017-06-25 10:24:40 +10:00
Brent Cook
0356a5068d add thread preamble that sets the per-thread error mode 2017-06-23 20:37:56 -05:00
Artem
fe8920640d Add Disable Windows Error Messages 2017-06-23 20:37:56 -05:00
Metasploit
af76e64a2e Bump to 1.2.37 2017-06-23 16:08:14 -07:00
Brent Cook
c7f614a799
Land #200, Fix winpmem builds, warnings, cleanup logging 2017-06-23 18:00:22 -05:00
William Webb
cad32aaa33
kill whitespace 2017-06-23 14:08:08 -05:00
William Webb
419533ce48
kill whitespace 2017-06-23 13:56:07 -05:00
William Webb
f437e6aef7
use conventional option/TLV scheme instead of dumb stuff 2017-06-23 13:51:08 -05:00
Spencer McIntyre
9538e2d03f Add an option to disable forking in pymet 2017-06-22 10:55:59 -05:00
Metasploit
df2b0d7e94 Bump to 1.2.36 2017-06-22 08:55:18 -07:00
Brent Cook
fb80f87ee3
Land #204, Update to Mimikatz 2.1.1 20170608 for changentlm function 2017-06-22 10:45:34 -05:00
Spencer McIntyre
c320233e86 Try to use find_library for OSX railgun_api 2017-06-21 08:50:57 -04:00
OJ
8ffb877610
Initial version of working AES encrypted TLV packets 2017-06-21 21:02:33 +10:00
Brent Cook
efe6f32197 fix 64-bit r7 target build 2017-06-21 03:01:56 -05:00
OJ
cb9ae6acd4
Rework the packet XOR code
Make the XOR key an array of bytes as a start to normalise the way the
XOR happens across the board. Given that we're going to be adding
encryption to the packet level and adding more stuff to the packet
header, now is the time to fix this up once and for all.
2017-06-20 19:20:41 +10:00
OJ
8858acb618
Initial attempt to AES encryption at the packet level 2017-06-20 17:50:58 +10:00
Metasploit
2d1f6dcfd3 Bump to 1.2.35 2017-06-19 13:55:39 -07:00
James Lee
6d774f59c8
Land #207, remove dead code of crypto context 2017-06-19 15:43:27 -05:00
Spencer McIntyre
d48b48df94 Implement pymet osx rg api and api_multi 2017-06-19 11:13:42 -04:00
OJ
813760a9e2
Remove support for the crypto context
Crypto context stuff appears to have only ever been supported in
Meterpreter on Windows. The only thing it allowed for is XOR, which is
redundant given that we have packet level XOR in place. Also, it would
appear that MSF didn't have support for it anyway!

With the move torwards packet-level encryption, this is unnecessary so
it needs to go bye bye.
2017-06-19 16:51:54 +10:00
OJ
9e3aef62bc
Hack to ignore metsrv.dll stage when connecting to staged listener
The last issue we had in removing the OpenSSL library from Windows
meterp is making it so that reconnects would behave. With a staged
listener, the first thing that gets sent down the wire is metsrv.dll. As
a result, when a fully staged connect comes in (whether it be from
a stageless payload, from a transport switch or from a sleeping session
waking up), Meterpreter needs to handle the case that the data coming
down the wire is no actually a TLV packet, and hence ignore it.

This "hack" abuses the properties of the XOR key for the packet,
relying on the fact that the XOR key will never contain NULl bytes and
that the first 4 bytes from a staged listener starts with the length of
the metsrv DLL, which is small enough to result in a NULL byte in the
MSB position.

If we see a NULL byte in that position, we assume it's the metsrv header
coming in, and we just ignore it and move on. If the XOR key looks
legit, we assume it's a valid TLV packet.

Dirty, but it's quick and it works!
2017-06-16 13:34:46 +10:00
Spencer McIntyre
e0c26186c1 Implement pymet osx rg memread and memwrite 2017-06-15 10:56:47 -04:00
OJ
3554aff9de
Remove SSL from all but the python extension
Re-implement MD5 and SHA1 file hashing using CSP.
2017-06-14 21:40:20 +10:00
Brent Cook
28a9f42e14 more ssl flensing 2017-06-14 04:56:47 -05:00
Brent Cook
36f3d346fe fix line endings 2017-06-14 04:56:47 -05:00
Brent Cook
36771d6309 initial pass at flensing openssl code from reverse_tcp 2017-06-14 04:56:47 -05:00
OJ
5fcff5ea76
Update to Mimikatz 2.1.1 20170608 for changentlm function 2017-06-13 15:29:02 +10:00
Metasploit
31f65cf365 Bump to 1.2.34 2017-06-08 23:08:58 -07:00
Brent Cook
0ba547b360
Land #203, Add session GUID support 2017-06-09 00:59:37 -05:00
OJ
cf575a05dd
Add session GUID support to Meterpreter payloads 2017-06-06 17:24:36 +10:00
Metasploit
d572bc423e Bump to 1.2.33 2017-06-04 23:14:00 -07:00
Brent Cook
ae41f2a12d
Land #201, fix access violation on AMD cpus with 64-bit memory from 32-bit apps 2017-06-05 00:13:40 -05:00
RaMMicHaeL
dd224a91f0 Fixed an elusive bug on AMD CPUs
Details:
http://blog.rewolf.pl/blog/?p=1484
8771485dd3
2017-06-03 11:24:01 +03:00
Metasploit
730b393601 Bump to 1.2.32 2017-05-14 01:03:15 -07:00
Brent Cook
0c1b6b252e
Land #159, delete old Linux meterpreter support 2017-05-14 02:37:11 -05:00
Brent Cook
b855404bdd mettle ref 2017-05-14 02:17:43 -05:00
Brent Cook
0a2d768e77 delete Linux meterpreter support 2017-05-14 02:11:57 -05:00
Metasploit
24db1df26c Bump to 1.2.31 2017-05-11 11:30:30 -07:00
Jeffrey Martin
2d1f9faa1e
update spec to require Ruby 2.2.0 or greater 2017-05-11 13:11:37 -05:00
Metasploit
5114fe99bc Bump to 1.2.30 2017-05-08 20:24:11 -07:00
Brent Cook
87c106eaa8
Land #194, Python Meterpreter Linux Railgun 2017-05-08 22:11:05 -05:00
Metasploit
5df86f5a55 Bump to 1.2.29 2017-05-08 15:07:00 -07:00