github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-05-06 16:09:38 +02:00
Code Releases Activity
1,635 Commits 7 Branches 260 Tags
5ca5fe89f0
Commit Graph

263 Commits

Author SHA1 Message Date
OJ
5ca5fe89f0 Begin to enable DWORD xor out of the box 2015-12-02 13:30:22 +10:00
Brent Cook
bc0138093d
Land , add python transport bindings 2015-11-09 21:13:18 -06:00
Brent Cook
98fae3e075 change source perms back to non-executable 2015-11-09 21:10:30 -06:00
Brent Cook
888ec2574a
Land , add misc python bindings. 2015-11-09 20:56:51 -06:00
OJ
cbb50227a5 Refactor TLV layout, add more debug output, token stealing 2015-11-03 14:03:33 +10:00
Brent Cook
7d94abd9b0
Land , don't fall back to 0.0.0.0 it the user-specified bind fails 2015-11-02 17:24:57 -06:00
Brent Cook
ecbcb17dec
Land , add show_mount support for Windows meterpreter 2015-10-30 15:26:33 -05:00
OJ
4b2257c791 More bindings, including kiwi as an example 2015-10-30 15:23:01 -05:00
OJ
04cb09737e More work on the meterpreter bindings for python 2015-10-30 15:23:00 -05:00
James Lee
4d37ec6646
Don't fall back to 0.0.0.0 
This allows the client side to determine whether to fall back and gives
the user a better chance of seeing that it isn't listening where they
told it to.
 2015-10-30 11:46:25 -05:00
OJ
14740bfa9c Add support for the show_mount command (windows) 2015-10-29 07:22:59 +10:00
OJ
f76b51e265 Use RtlGetVersion to detect version 
This means we can actually correctly detect the version of Windows in
use past 8.1 (ie including 10 and later).
 2015-09-24 15:42:37 +10:00
Brent Cook
73e57f258a add initial Windows 10 matching to sysinfo output 2015-08-24 15:50:28 -05:00
Brent Cook
3a0427bcbc cleanup record_mic handler, use the right heap for freeing 
When reallocating the record buffer, we need to pass the correct heap pointer
or this will crash.

This also simplifies error handling and switches audio.h to use Windows EOL
characters.
 2015-06-30 21:36:36 -05:00
Brent Cook
602e18591c fixup build for posix, fix memory leak in utf conversion 2015-05-15 16:01:59 -05:00
David Maloney
e8449a1698 Merge branch 'master' into feature/MSP-12715/sysinfo-upgrade 2015-05-15 15:14:23 -05:00
David Maloney
30a1ecbbcb add domain and loggedonusers to sysinfo 
added the domain name and logged on user counts
to the sysinfo command

MSP-12715
 2015-05-15 15:10:35 -05:00
Brent Cook
d9ce138eed remove hash sizeof workaround 2015-05-14 11:29:44 -05:00
Tim
caf6c0c6c8 add TLV_TYPE_FILE_HASH 2015-05-10 14:57:03 +01:00
OJ
fe566d5f07 Moved transport stuff from core to metsrv 
Lots of transported related things were in the core library which didn't make any sense given that the only thing that needed it was metsrv. This moves the functionality out into metsrv, reformats stuff and gets rid of some dead code.

TODO: Make this work with POSIX.
 2015-04-23 19:41:25 +10:00
OJ
6de5738e21 Merge branch 'upstream/master' into cert-hash-switching 
Conflicts:
	source/server/server_setup_win.c - line endings
 2015-04-08 08:10:10 +10:00
OJ
602715aaf8 Use group packets and add curlieeees 
This commit just adds the braces around single-line blocks as per our "standard". This is important, especially in the case where those single lines contain macros which could expand to multiple lines.

Also added the use of the group packet functionality to make the search result code a little easier on the eye.
 2015-04-07 10:02:41 +10:00
Brent Cook
21b4064a3d normalize slashes, remove debug output 2015-04-06 07:47:27 -05:00
OJ
e9b7ec97c0 Implement support for ssl cert verify toggling 
Querying of the status of SSL cert verification is now possible. This commit allows for this to be enabled and disabled on the fly.
 2015-04-06 14:42:38 +10:00
Brent Cook
cc2dbb2045 use size_t for wcslen results 2015-04-05 20:45:52 -05:00
Brent Cook
b1dadbb98e make search_all_drives a separate function 2015-04-05 18:41:02 -05:00
Brent Cook
5c16ddf270 avoid infinite recursion when encountering a bad symlink 
reduce stack usage per level
 2015-04-05 18:41:01 -05:00
Brent Cook
e1148a0bca first working unicode search 
refactor a few giant functions into smaller ones
 2015-04-05 18:41:01 -05:00
Brent Cook
61b19560d7 cleanups, use utf8_to_wchar 2015-04-05 18:41:01 -05:00
Brent Cook
517dcfea05 convert wds queries to use unicode 2015-04-05 18:41:01 -05:00
Brent Cook
7e017d4771 move unicode helper functions to a common place 2015-04-05 18:36:36 -05:00
Brent Cook
69d6b48e67 normalize and tidy the code a bit 2015-04-05 18:36:36 -05:00
OJ
33d7c55429 Land : short file names, file list fixes 2015-03-19 13:03:27 +10:00
OJ
c93ba9608c Fix bad POSIX support for stageless meterpreter 
* Make sure POSIX has the new extension command enumeration function.
* Add support for deinit of extensions.
* Make sure extensions are tracked like they in Windows.
* Fix up a few export definitions.
* Stop using strncpy_s in POSIX code.
 2015-03-19 11:07:22 +10:00
Brent Cook
eba69cf20e add short name support to filesystem listing. 
Also, fix path builder order for stat.
 2015-03-18 16:05:30 -05:00
OJ
85783773d5 Land : filesystem refactor and initial unicode support 2015-03-18 18:01:05 +10:00
Brent Cook
e8318f8c5b correct various issues listing files 
* bury common _snprintf that snuck in while testing the Windows version back
   into the platform-specific code.
 * remove now-unneeded separator defines
 * don't free a stack variable on windows
 2015-03-18 02:11:13 -05:00
Brent Cook
8944ca5156 modify fs_getwd so it allocates the path 2015-03-17 15:28:27 -05:00
Brent Cook
95e102a90c cast size_t on read/write to proper result for the TLV 2015-03-17 15:27:48 -05:00
Brent Cook
7c8b723c15 convert windows filesystem operations to unicode 2015-03-17 14:32:20 -05:00
Brent Cook
f0eac5877a Refactor filesystem operations 
Separate the stdapi handling code from the OS-dependent code. This makes
testing and maintaining the code easier.

This also happens to fix a number of bugs as a side-effect, because it is
clearer what is happening now.
 2015-03-17 14:32:20 -05:00
OJ
0393927159 Add extension names, enuemrators, etc 
This commit contains a bunch of code tidying (formatting, spaces, naming, etc) as well as new exports for each of the modules so that the extension can be identified. The plan is for the loader to know which modules are loaded so that when stageless meterpreter fires up MSF can query the existing extensions and load the appropriate functionality on the client side.
 2015-03-09 21:28:27 +10:00
Brent Cook
38c9460ba4 enumerate all processes even if we cannot read the executable type 2015-02-12 10:54:44 -06:00
William Vu
eb3b163951 Add arch to Linux ps 
Uses /proc/<PID>/exe and e_ident[EI_CLASS].
 2015-02-12 08:15:58 -06:00
Brent Cook
6299e2de5b handle zero-byte reads and writes gracefully 
Otherwise, doing an empty file open, like:

  ::File.open(local_file_name, "")

or write_file("meterpreter-test", "") in test/modules/post/test/file.rb
fails

Before:
```
$ touch hello
$ ./msfconsole -q
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.56.1
lhost => 192.168.56.1
msf exploit(handler) > run

[*] Started reverse handler on 192.168.56.1:4444
[*] Starting the payload handler...
[*] Sending stage (787456 bytes) to 192.168.56.1
[*] Meterpreter session 1 opened (192.168.56.1:4444 ->
192.168.56.1:55621) at 2015-01-27 11:23:09 -0600

meterpreter > upload hello
[-] Error running command upload: Errno::ENOENT No such file or
directory @ rb_file_s_stat - hello
meterpreter > upload hello
[*] uploading  : hello -> hello
[-] core_channel_write: Operation failed: The parameter is incorrect.
```

After:
```
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.56.1
lhost => 192.168.56.1
msf exploit(handler) > run

[*] Started reverse handler on 192.168.56.1:4444
[*] Starting the payload handler...
[*] Sending stage (770048 bytes) to 192.168.56.10
[*] Meterpreter session 1 opened (192.168.56.1:4444 ->
192.168.56.10:49833) at 2015-01-27 11:26:03 -0600

meterpreter > upload hello
[*] uploading  : hello -> hello
[*] uploaded   : hello -> hello
```
 2015-01-27 11:24:21 -06:00
Tod Beardsley
74cb136099 Land , add direct access reg methods 2015-01-07 14:56:12 -06:00
Tod Beardsley
43ce54e6af Undo the 755 mode change 2015-01-07 14:32:57 -06:00
jvazquez-r7
22975bd716 Require getsid only on windows 2015-01-01 19:04:10 -06:00
Brent Cook
0f2dcf50d0 add direct access registry methods 
This adds registry access methods that do an atomic open/<action>/close on
registry keys. They improve efficiency and safety, since we're not passing
HKEY's back and forth to enumerate or read registry keys. This fits the common
use pattern in MSF better anyway.
 2014-12-16 15:31:11 -06:00
Brent Cook
405d55f8c9 invert error check for POSIX filesytem functions 
Fixes
2014-12-16 15:11:27 -06:00