The clipboard code now supports the `CF_DIB` format on the clipboard. When
found, it takes the data and uses GDI+ to convert it into a JPEG. GDI+ was
used because:
* It's on every Windows machine from XP SP0 onwards (Win2k doesn't work).
* It requires linking to a small gdiplus.lib instead of a massive jpeg
library.
* It's a really easy interface to use that interops easily with the
Windows bitmap header information structures.
I think it'd be worth considering this approach for the other screenshot
applications as well, as it'd reduce the jpeg lib dependency and simplify
the codebase.
Previous change stopped the session from crashing on NULL, but this change
actually has more realistic messages coming back intead of always
indicating that things happened correctly. It's still up to the caller to
check the return code to make sure it's ok
Fix issue where the railgun API was relyling on FormatMessage returning a
valid pointer when the error is `ERROR_SUCCESS`. On some platforms, such
as XP SP3, the function would return a NULL pointer for this case. This
fix makes sure that in the case of a NULL pointer the error message is set
to a value that matches that found on other platforms.
[FixRM 8505]
Updated to use `EXCLUDE_PATTERNS` instead of `EXCLUDE_PATHS`. This
properly excludes the source of the libraries we use and also the
generated output on POSIX.
Thanks again to @jlee-r7 for the catch.
Lists of files can now be downloaded from the clipboard. Downloading of
the files themselves is something that should be done by MSF as that's
already built in.
This commit adds the beginnings of clipboard munging support. Getting and
setting of text-based data is supported. Over time, more formats will be
supported.
Enumeration of child windows is now possible if the appropriate TLV is
included in the request message.
Inclusion of "unknown" windows is also possible now, again if the
appropriate TLV is included.
Big job, this documentation lark. Also modified the prototype the
packet_is_tlv_null_terminated function, which used to take a Packet
instance as well as the TLV, but never used the packet in its
implementation.
This commit adds the ability to enumerate services on the target machine,
showing the PID, the service name, the display name and an indication of
the service's ability to interact with the desktop.
Some other small code tidies were done too.
Decided to kick off a new extended API extension with mubix and
kernelsmith to include some more advanced enumeration stuff. The goal of
this extension is to take stuff that wouldn't be part of the std api but
is rather useful for enumeration of a target once meterpreter has been
established.
This commit kicks things off with enumeration of top level windows on the
current desktop.
No idea why they were broken, but they shouldn't have been. This fixes
them up and tidies a few other things up, especially the guts of the
stdapi project.
The boiler extension wasn't used and was old so it was removed. I've added
a new "bare" extension which is, as it says, just bare and doesn't do
anything. This can be used to create new extension projets just by copying
and pasting, then editing a couple of small things.
This will be added to the documentation.
The main issue with things being broken was because the calling
convention was not defaulting to "stdapi" and hence the call would
fail. Adding the default fixed it.
While fixing this, I brought the mulit-call functionality up to speed
with the error message functionality, so the calls all return the
properly formatted error message.
Thanks to @jvazquez-r7 doing some investigation we have a better solution
to this crash. This commit implements this fix and removes the need to
check the status of the memory that's being read.
* Added the doxygen binaries and configuration.
* Added a `make docs` which generates documentation to the `docs` folder.
* Added some documentation to various areas of the source that I was
working with. Over time I'll be adding more and more rather than trying
to do it all in one hit.
* Refactored the kitrap0d code a bit to try to reduce code size.
Tidies up the API to be more intuitive, including conversion of the
first parameter to a char pointer (removing MAX_PATH) and renaming
the second parameter to be more indicative of what it means.
Thanks to @jvazquez-r7 for the great discussion!
* Modified first and second parameters to use `dwOutputLength` which
is given to the function as an indicator of buffer size in bytes
anyway.
* Check the return value of the function call to see if the result
was a truncation, and if so, break from the current loop.
Realistically, truncation will not happen because the default windows
installation location folder name is very short.
Thanks @jvazquez-r7 for prodding me to validate this.
Calling getsystem or getsystem -t 4 was resulting in crashes due to
an incorrect usage of sizes in a call to _sprintf_s in the kitrap0d
code. This might have come about as a result of a move to the new
compiler which is C++11.
This code forces the size check to be correct and results in the
exploit functioning correctly on all platforms.
* Added the build status notification to the top of the README.
* Updated the order of details in the docs (put Linux build after Windows).
* Updated the details about where this repo came from.
Note: this PR should be merged AFTER #20 for ease of merging.
* Rather than having various places where the PSSDK path is set scattered
through the solution I created a property which contains the version.
This means we can update that version property in the project and it'll
take effect everywhere it's required.
* Removed debug and release configurations from ext_server_sniffer.
