github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-01-02 11:36:22 +01:00
Code Releases Activity
3,572 Commits 7 Branches 259 Tags 71 MiB
7d4349047f
Commit Graph

1632 Commits

Author SHA1 Message Date
Christophe De La Fuente
c7abd47585 Update the ReflectiveDLLInjection submodule to the upstream repository 2024-01-19 17:43:25 +01:00
Christophe De La Fuente
83fa146f75
Update ReflectiveDLLInjection submodule to pull in new trampoline detection logic 2024-01-16 18:27:36 +01:00
Christophe De La Fuente
1556007bfd
Update ReflectiveDLLInjection submodule to pull in Win10/8 x86 fix 2024-01-12 19:24:01 +01:00
Christophe De La Fuente
a5e33d167d
Remove include DirectSyscall.c 2024-01-10 15:01:19 +01:00
Christophe De La Fuente
7082431dae
Pull in changes from ReflectiveDLLInjection to support direct syscalls 
- Includes ColdGate.c in each project
- Change railgun macro name to stdcall_func
- Update VS configs
- Update cmake files for mingw
- Fix cmake files for kiwi builds
- Update ReflectiveDLLInjection module to verify if CI passes
- Update include file names & ReflectiveDLLInjection submodule
 2024-01-08 18:53:17 +01:00
sjanusz-r7
aeb6945bd2 Fix incorrect Memory Search variable name 2024-01-08 10:10:16 +00:00
sjanusz-r7
4f19a1c4ae Fix Memory Search variable shadowing 2024-01-04 16:34:08 +00:00
sjanusz-r7
92d04de09c Add maximum match length limit to regex matcher 2023-12-11 14:06:32 +00:00
sjanusz-r7
8f51ee7e6d Move defs to top of file, remove pointer-to-pointer, make RegexNeedle contain static-size arrays 2023-12-11 14:06:32 +00:00
sjanusz-r7
72b39289d0 Compile regex in-place, rename CHAR to CHAR_RE due to Windows typedef'ing CHAR, correctly free compiled needle and associated buffer 2023-12-11 14:06:32 +00:00
sjanusz-r7
6e2889d64c Add Windows Memory Search support using regex 2023-12-11 14:06:30 +00:00
Spencer McIntyre
4e789ee80f Identify Windows Server 2003 as well 2023-11-29 15:56:38 -05:00
Spencer McIntyre
6bedffb29a Add version detection for newer Windows 
Add version detection by checking the build number for Server 2019,
Server 2022 and Windows 11.
 2023-11-28 13:32:34 -05:00
Grant Willcox
2e97a96c1f
Merge pull request #666, Update extapi OpenClipboard to support retrying if acquiring the lock failed 2023-06-28 17:33:31 -05:00
Grant Willcox
e5d546a17a
Improve description of open_clipboard_with_retries 2023-06-28 10:53:47 -05:00
adfoster-r7
475a7df4c1
Update extapi OpenClipboard to support retrying failing to acquire the lock 2023-06-27 22:42:58 +01:00
adfoster-r7
bb662d67ff Fix broken readme code snippets 2023-06-26 13:23:13 +01:00
adfoster-r7
3d6c8105be
Land #661, update install instructions 2023-06-21 22:58:27 +01:00
Zach Goldman
317c45b158
Update c/meterpreter/README.md 
change 2019 filename to 2017

Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-06-21 14:38:49 -04:00
Spencer McIntyre
0404af93b6
Land #662, Fix getenv bug for missing var 
fix bug where env lookups not found return garbage
 2023-06-20 14:48:41 -04:00
Zach Goldman
f193fe4c9e
Remove unnecessary second error check in env variable lookup 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-06-20 10:24:38 -04:00
Ashley Donaldson
0ebf3a90fc Switch to always using STARTUPINFOEXW 2023-06-19 06:52:32 +10:00
Zach Goldman
afecfab444
update 2017 section as well 2023-06-15 16:35:12 -05:00
Zach Goldman
670fd695cc fix bug where env lookups not found return garbage 2023-06-15 16:33:37 -05:00
Zach Goldman
52c8737f28
update install instructions with proper path 2023-06-15 15:37:53 -05:00
Ashley Donaldson
031f481212 Re-add memory handling for commandLine_w variable. 2023-06-15 08:56:47 +10:00
Ashley Donaldson
830b4f801a Revert "fix free() process.execute wchars" 
This reverts commit be443779ff.
 2023-06-15 08:56:47 +10:00
Ashley Donaldson
194a5a83b6 Fix double-free in free. 
Also removed TLV size parameter, which (according to MSDN) can never have any
value other than 0 with MEM_RELEASE.
 2023-06-08 14:33:40 +10:00
saim1z
bdd2885571 remove TLV_TYPE_TOKEN_UPDATE_RESULT and unnecessary code 2023-05-24 16:18:43 +02:00
saim1z
4913a7f783 moved COMMAND_ID_STDAPI_SYS_CONFIG_UPDATE_TOKEN with the others COMMAND_ID_STDAPI_SYS_CONFIG* definitions 2023-05-24 15:35:23 +02:00
saim1z
bc341d1ae9 add update_token function to stdapi 2023-05-24 11:01:13 +02:00
Spencer McIntyre
d5a325895d Update the MinGW builds 2023-04-27 10:53:17 -04:00
Spencer McIntyre
1c4f2df278 Use dump_sam for WOW64 support 
Switch to using the dump_sam RDLL for x86, WOW64 and x64 hashdump
support.
 2023-04-27 09:52:50 -04:00
Spencer McIntyre
d64c312029 Update the signature for inject_dll 
Need to be able to pass things that are not strings
 2023-04-27 09:52:50 -04:00
Spencer McIntyre
d114f5ec0a Add the dump_sam project 
This is going to build a stand-alone RDLL that can be injected into
LSASS for hashdump.

The samsrv.dll functions still need to be resolved because they're not
exported but the rest can be used normally thanks to the RDLL loader.
Defined 32-bit and 64-bit structures that are compatible with MSVC and
MinGW. DLLs are dynamically linked for size and the Visual-C Runtime is
not used.

The reflectively loaded DLL is freed once the operation has completed.
 2023-04-27 09:52:50 -04:00
bwatters-r7
d83c7b4e73
Land #630, Fix a MinGW issue in the stdapi extension 
Merge branch 'land-630' into upstream-master
 2023-04-20 17:54:35 -05:00
adfoster-r7
41e7a26c77
Fix debug logging for Windows 7 2023-04-19 16:28:03 +01:00
Spencer McIntyre
53467c9b7b Filter out systems older than Windows 6.0 
XP SP 2 does not work and while technically XP SP 3 does, they share the
same version information. This takes a conservative approach and
prevents running on XP at all to ensure the session won't crash.
 2023-04-07 16:33:42 -04:00
Spencer McIntyre
0aeeeee56f Cleanup things up a bit 
* Simplify pipe selection logic
* Make the version check more strict
* Remove debug messages from release builds
 2023-04-07 15:09:28 -04:00
Spencer McIntyre
c1e522f102 Update the mimikatz submodule 2023-04-07 15:09:28 -04:00
Spencer McIntyre
71a78040ac Fix a MinGW issue in the stdapi extension 
The stdapi extension was using free() instead of FreeMibTable() to free
memory allocated GetIpForwardTable2() which lead to a crash when
compiled with MinGW.
 2023-04-05 15:16:21 -04:00
Alex Romero
36bf125f7e
start efs service only in case no endpoint available, switch back to lsarpc for prior 22H2 versions 2023-03-28 15:20:02 -04:00
Alex Romero
e3a642848a
fix StubEfsRpcEncryptFileSrv function prototype 2023-03-24 07:06:35 -04:00
Alex Romero
0ed10329d7
use updated kiwi functions, bug fix version check, minor type fix 2023-03-23 04:28:12 -04:00
Alex Romero
0e5c950842
make use of service_wait_for_status() in service_stop function 2023-03-22 14:31:57 -04:00
Alex Romero
854bf651df
remove SetLastError() from service_query_status function 2023-03-22 14:15:51 -04:00
Alex Romero
5db46c6833
add service_wait_for_status function to services.c 2023-03-22 14:14:39 -04:00
Alex Romero
eb5b35ab24
display service name in debug output 2023-03-22 10:31:06 -04:00
Alex Romero
29d6b43174
check service status periodically to avoid long sleep 2023-03-22 07:31:26 -04:00
Alex Romero
6cf1f5bd56
minor changes in services.c 2023-03-22 06:52:35 -04:00
Alex Romero
f260c5f4c7
fix access right issues in query_service_status() function 2023-03-18 16:21:03 -04:00
Alex Romero
65fbe56a12
add query_service_status() function 2023-03-18 03:55:20 -04:00
Alex Romero
f187c6a947
check efs service status before using interface and version check for prior 2008 2023-03-17 20:18:52 -04:00
Alex Romero
8e9e5675a6
support \pipe\efsrpc interface for windows 2008 in getsystem command 2023-03-17 17:25:44 -04:00
Alex Romero
4c27ff79ef
return result from trigger_efs_connection() in condition thread terminated 2023-03-17 15:14:12 -04:00
Alex Romero
03360b18a9
check for existence of \pipe\efsrpc 2023-03-16 18:11:10 -04:00
Alex Romero
c9d2e9f9ab
return RPC_S_CALL_FAILED and show error message on debug output 2023-03-14 18:26:31 -04:00
Grant Willcox
a906755628
Use proper file attributes and also allow sharing of the pipe so we don't block others 2023-03-14 12:39:14 -05:00
Grant Willcox
e6ee74a273
Rename function to does_pipe_exist and fix some typos 2023-03-14 12:05:18 -05:00
Alex Romero
e475e15ebf
fix for #608 issue in getsystem methods 2023-03-10 13:29:53 -05:00
Spencer McIntyre
ae6d4e7956
Land #621, return interface name for arp command 
return interface name instead of index for arp command
 2023-03-09 09:21:10 -05:00
Spencer McIntyre
dd9db6530b
Land #624, Fix incorrect error handling 
Fix incorrect error handling in "packet_transmit_http"
 2023-03-09 09:12:39 -05:00
Spencer McIntyre
82631e898b Include the direction in the log message 2023-03-09 09:12:28 -05:00
Alex Romero
885d63d568
Update c/meterpreter/source/extensions/stdapi/server/net/config/arp.c 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2023-03-07 21:32:37 +03:30
guffre
2153df9f64 Use common.h break macro 2023-03-06 23:46:51 -06:00
Alex Romero
5df4982d73
return interface name instead of index for arp command 2023-03-06 16:25:20 -05:00
Spencer McIntyre
fb8bf774ed Set the metric so routes can be added and deleted 2023-03-02 10:52:20 -05:00
Spencer McIntyre
9f2491bac4
Land #610, Fix getprivs permissions set 
Fix getprivs permissions that are grabbed on C Meterpreter and Python Meterpreter So That They Match
 2023-02-28 14:32:47 -05:00
Grant Willcox
242e66ec44
Add in missing SE_DELEGATE_SESSION_USER_IMPERSONATE_NAME privilege that was not being obtained in C versions of Meterpreter 2023-02-28 10:32:13 -06:00
Spencer McIntyre
16a9a2d2f6
Land #614, Display IPv6 Routes on Windows 
Feature to display IPv6 Routes on Windows
 2023-02-28 10:24:20 -05:00
Spencer McIntyre
f402d7cb9e Fix Windows XP compatibility 
GetIpForwardTable2 is not available on Windows versions prior to Vista.
Use GetProcAddress to call it when it's available while avoiding
crashing on XP.
 2023-02-28 09:36:31 -05:00
Spencer McIntyre
bf7e5cb7c6 Fix compiler and other errors 2023-02-28 09:36:26 -05:00
guffre
fe2acd8332 Update server_transport_winhttp.c 
The response code from packet_transmit_http was hardcoded to always return ERROR_SUCCESS.

This fix emulates how errors are debug-printed and returned from server_transport_tcp and server_transport_pipe.
 2023-02-26 18:10:48 -06:00
guffre
dd91ed13e9 Update server_transport_winhttp.c 
The response code from packet_transmit_http was hardcoded to always return ERROR_SUCCESS.

This fix emulates how errors are debug-printed and returned from server_transport_tcp and server_transport_pipe.
 2023-02-26 18:03:28 -06:00
guffre
1c6241604d Fix error response in packet_transmit_http 
The response code from packet_transmit_http was hardcoded to always return ERROR_SUCCESS.

This fix emulates how errors are debug-printed and returned from server_transport_tcp and server_transport_pipe.
 2023-02-26 17:54:39 -06:00
Nishant Desai
98726de8be Display-ipv6-routes 2023-02-25 05:57:15 -05:00
Grant Willcox
890366cfd1
Land #605, Fix the output of getdesktop 2023-02-16 12:21:28 -06:00
Spencer McIntyre
b45fcc185a Fix the output of getdesktop 2023-01-27 17:38:39 -05:00
Grant Willcox
5ed840fdca
Land #599, Bind to the specified LocalHost 2023-01-19 17:55:02 -06:00
Grant Willcox
ca639d4756
Land #599, Bind to the specified LocalHost 2023-01-19 17:49:34 -06:00
Spencer McIntyre
a54ea83cb0 More error handling and documentation 2023-01-19 15:32:46 -05:00
Spencer McIntyre
b83af142c0 Allow binding to specific addresses in Windows 
Related to rapid7/metasploit-framework#17282
 2023-01-10 15:51:36 -05:00
Spencer McIntyre
2e4cb890d3 Pull in upstream COFFLoader changes 
Changes include fixes for running BOFs compiled from VS which contained
some relocations that were not being properly handled.

See:
  * https://github.com/trustedsec/COFFLoader/issues/7
  * https://github.com/trustedsec/COFFLoader/pull/8
  * https://github.com/trustedsec/COFFLoader/pull/9
 2022-12-12 08:51:28 -05:00
Spencer McIntyre
79341d9dfb
Land #595, Mimikatz update 2022-11-15 09:45:46 -05:00
Grant Willcox
f5bae3b63c
Cleanup handles if memory allocation fails before exiting get_token_list 2022-11-10 15:56:05 -06:00
Spencer McIntyre
80e8b721ef Close the handle when it wasn't copied 
Close the hObject handle when it wasn't copied into token_list.
 2022-11-10 16:08:16 -05:00
Spencer McIntyre
d0ab25e521 Close memory and handle leaks 2022-11-10 13:31:28 -05:00
bwatters-r7
c466356cb9
Update mimikatz pinned submodule 2022-11-09 08:16:13 -06:00
bwatters-r7
0331174548
Fixes to support compiling new updates to mimikatz 2022-11-03 10:50:18 -05:00
bwatters-r7
a5473e71df
land #588, Add TrustedSec's COFFLoader as Meterpreter Extension 
Merge branch 'land-588' into upstream-master
 2022-09-29 10:16:12 -05:00
Spencer McIntyre
b0ce0fb421 Update the COFFLoader submodule 2022-09-26 08:49:08 -04:00
Spencer McIntyre
36f3783279 Code and docs cleanups 2022-09-21 17:01:37 -04:00
joe
73e8f4f78e secure memzero 2022-09-12 20:18:52 -04:00
Spencer McIntyre
4582587df4 Pull upstream changes, stop disabing warnings 2022-09-09 13:54:07 -04:00
Spencer McIntyre
09001bd539 Get MinGW bofloader builds working 2022-09-09 13:54:07 -04:00
Spencer McIntyre
a3e6d86026 Revert accidental change 2022-09-09 13:54:07 -04:00
Spencer McIntyre
1f62d226a0 Use multiple TLVs instead of load_and_run 2022-09-09 13:53:55 -04:00
Spencer McIntyre
f2de5624e3 Rename some things that are not commands 2022-09-08 17:48:22 -04:00
Spencer McIntyre
cb230d93e5 Refactor a few things 2022-09-08 16:07:00 -04:00
Spencer McIntyre
d7005e679e Switch to using a submodule of TrustedSec/COFFLoader 2022-09-08 15:56:56 -04:00