1
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-06-09 12:03:41 +02:00

148 Commits

Author SHA1 Message Date
OJ
46ab7a02e8 Fix typo, bomb out on invalid cert
When the server cert checking fails, meterpreter now exits.
2015-03-17 14:39:41 +10:00
OJ
0739cbc0f3 Add support for SSL cert validation
Tweak the SSL implemention so that for https meterpreters the SSL certificate is validated against a hash that is specified in the payload. If the hash isn't specified, then certificate validation isn't attempted.
2015-03-17 13:27:33 +10:00
OJ
f44b44f2ce Implement https communications via winhttp
First pass, some instability still. Migration doesn't play nice.
2015-03-16 21:51:44 +10:00
OJ
6ffa34aedc Add support for stageless payloads
metsrv now makes use of the METERRPETER_URL for stageless payloads. This value is checked when Meterpreter starts to determine what should be done with communications. If the URL indicates that the payload is stageless, it then establishes communications appropriately, depending on the configuration.
2015-03-12 10:47:19 +10:00
OJ
0393927159 Add extension names, enuemrators, etc
This commit contains a bunch of code tidying (formatting, spaces, naming, etc) as well as new exports for each of the modules so that the extension can be identified. The plan is for the loader to know which modules are loaded so that when stageless meterpreter fires up MSF can query the existing extensions and load the appropriate functionality on the client side.
2015-03-09 21:28:27 +10:00
OJ
9c7f320301 Code formatting and tidying up
This is in preparation for diving into how to make Meterpreter work
nicely as a fully stageless entity.
2015-03-09 10:26:44 +10:00
Brent Cook
a4f81a51b5 make real_dprintf available even if DEBUGTRACE is not set
By making this a static _inline, it is not necessary to guard it, since
an inline is only instantiated if it is used. This also allows adding
one-off debug message for use during debugging sessions, without turning
on DEBUGTRACE all over the place.

Convert a few of the extensions to also do this as well, making them perhaps
slightly smaller.

I am curious why Windows builds define debug this way, vs posix that
just includes it in common.c. Could I just do that instead, assuming
there's no historical reason.

Finally, correct the docs in the posix version of real_dprintf.
2015-02-25 13:03:18 -06:00
Rich Whitcroft
d7e54b2dad merge windows and posix scheduler.c into one source file 2015-02-06 10:02:05 -08:00
Brent Cook
0d59fc7447 support building on newer Linux systems and Makefile cleanups
- try to share some bits between different makefiles, make modifying
   global compiler flags not such a huge pain.
 - directly specify we should be using the gold rather than bpf linker
 - make compiler output largely quiet except where we care - allow
   warnings to actually be visible
 - don't delete downloaded tarballs with --really-clean
 - add missing dependencies between libraries
   (--no-add-needed/--no-copy-dt-needed-entries causes lots of trouble)
 - update readme to show what to install to build

I made minimal changes to the loader makefile - it breaks easily.
 -Os prevents if from being able to load libc, for instance
2015-01-13 16:33:56 -06:00
jvazquez-r7
775d94cb65 Do minor cleanup 2015-01-02 19:09:43 -06:00
jvazquez-r7
cdae73a282 Fix accept call 2015-01-02 19:06:19 -06:00
jvazquez-r7
a87ef6fcd7 nonblock 2015-01-02 18:48:14 -06:00
jvazquez-r7
58238efcbb Looks like fixed :-) 2015-01-02 18:21:46 -06:00
jvazquez-r7
10ed187016 Add semicolon 2015-01-02 16:27:08 -06:00
jvazquez-r7
63e993c735 Create new code memory 2015-01-02 12:48:00 -06:00
jvazquez-r7
79692d5986 Fix stub sizes 2015-01-02 09:47:43 -06:00
Brent Cook
9f91b5a921 Land , @jvazquez-r7's linux meterpreter process migration
Tested on Ubuntu 14.04 with 32-bit processes, with and without ptrace
protections enabled.
2014-12-30 17:27:15 -06:00
Brent Cook
a9cab9f8c6 fix whitespace consistency 2014-12-30 17:26:05 -06:00
Joshua Smith
3d5550648c fixes comment referring to other source code
source/common/arch/win/i386/base_dispatch.c was referring to:
see '/msf3/external/source/shellcode/x86/migrate/migrate.asm'
which was updated to:
see '/msf3/external/source/shellcode/windows/x86/src/migrate/migrate.asm'
and see '/msf3/external/source/shellcode/x64/migrate/migrate.asm'
was updated to:
see '/msf3/external/source/shellcode/windows/x64/src/migrate/migrate.asm'
2014-08-15 13:34:44 -05:00
jvazquez-r7
5deb3502b1 Use spaces to align details 2014-07-31 15:00:32 -05:00
jvazquez-r7
1542286fae Compare, not assign 2014-07-31 14:19:18 -05:00
jvazquez-r7
7bc25728d5 Add *full support* for linux migrate 2014-07-31 13:47:10 -05:00
jvazquez-r7
74bac30dc8 Add support for linux migrate 2014-07-31 13:45:11 -05:00
OJ
cabf3af8df Merge branch 'upstream/master' into fix_thread_create 2014-06-01 21:04:01 +10:00
OJ
d7c455edee Remove a function that is no longer used 2014-04-21 19:25:17 +10:00
OJ
02312e1972 Debugging output, crash fix
In some cases this extension would crash. This was due to the code using the
incorrect "length" variable when dumping LSA data. This commit includes addition
of some debug output, removal of other debug output, and changing of the
kiwi-specific debug definition.

Another packet function was added to aid in construction of this fix, and the
group packet function was added to one of the calls.
2014-03-28 13:40:02 +10:00
OJ
637e839de2 Merge branch 'upstream/master' into ext_server_kiwi 2014-03-20 09:17:18 +10:00
OJ
32c7126793 Fixes, documentation and tidying of kiwi code 2014-03-19 17:48:44 +10:00
OJ
83d4d2b0b7 Fix leaking memory 2014-03-19 15:01:02 +10:00
OJ
063d370e86 Change thread creation to support x86->x64
The create thread functionality would work in all cases except where
the thread was being created in an x64 process from an x86 process.

This commit adds support for this by reusing the wow64 injection code
in this case.
2014-03-10 11:37:43 +10:00
OJ
a7927a4105 Added the notion of "group packets"
A group packet is a special packet that is to be used as a group of TLVs that
will live under another packet. Using this functionality means that we can
easily nest groupings of data to arbitrary depths, which wasn't something we
were able to do before easily.

The MSF side is easily capable of handling this scenario, but this side had
always been lacking.

The clipboard dump code has been updated to show how this can be used.
2014-03-04 19:38:15 +10:00
OJ
d8760fdf9a Merge branch 'upstream/master' into ext_server_kiwi 2014-03-03 17:30:37 +10:00
OJ
f74962cf2f Reinstate stack size parameter
Previous commits removed the stack size parameter from the remote thread
creation function call. This caused issues in systems prior to Vista/2k8.

This fix puts that value back in and now everything is honky dory.

Tested on 2k/XP/2k3/Vista/7/2k8
2014-02-12 13:27:41 +10:00
OJ
b03c074bf1 Comment out debug tracing 2014-01-26 08:13:28 +10:00
OJ
633851be56 Updated other uses of CreateRemoteThread
Make use of the new create_remote_thread function so that it
is used by other areas of the code, including migration.
2014-01-24 23:11:47 +10:00
OJ
c6f516da4c Merge branch 'upstream/master' into ext_server_kiwi 2014-01-17 11:55:46 +10:00
OJ
07f2c00559 Fix command impersonation
In a previous commit, I rejigged the way commands were overloaded,
and added what appeared to be a micro-optimisation to prevent
the thread from being imperonsated twice. Ultimately it wouldn't
make any differnce, so why I put it in there I really don't know.

The optimisation actually resulted in a breakage in the case where
base commands weren't present but extension commands were. As a
result all extended commands didn't get impersonated unless they
were overloading. This is not a good thing at all.

This fix removed that total stupidity and restores some level of
sanity.

Apologies for my idiocy.
2014-01-15 16:35:17 +10:00
OJ
eca73429f3 Initial integration of Mimikatz 2.0
This is a seprate extension because the old Mimikatz supports more
operating systems, while the new Mimikatz has more features for
less operating systems.
2014-01-10 16:51:51 +10:00
OJ
445df8ad36 Merge branch 'upstream/master' into command_req_update
Conflicts:
	source/ReflectiveDLLInjection
2013-12-21 13:31:28 +10:00
Meatballs
0f4f470761 Land Reflective DLL Submodule
Conflicts:
	source/ReflectiveDLLInjection
2013-12-19 21:00:20 +00:00
OJ
c6bdc26a55 Update Meterpreter to use the RDI submodule 2013-11-27 14:01:45 +10:00
OJ
550da5946e Merge branch 'upstream/master' into command_req_update
A few minor issues around formatting collisions, nothing huge.
.gitignore fixes too

Conflicts:
	source/common/base_dispatch_common.c
	source/extensions/stdapi/server/stdapi.c
2013-11-27 06:51:12 +10:00
OJ
8090a6393e Fix migrate exit condition
I felt into the C progrmmer's trap of accidentally using `=` instead of `==`. This is
not good. Good catch @jlee-r7.

This commit fixes this, swaps the values around and tidies up code a bit.
2013-11-26 07:07:26 +10:00
OJ
31fdf23f7b Comment fixes 2013-11-26 06:56:34 +10:00
OJ
5812d59059 Fix meterpreter not shutting down properly
The work that was done a while back to fix up command dispatching allowed
inline commands to run so that the server could be told to shutdown. Those
commands that want the server to terminate (such as migrate and shutdown)
should have returned `FALSE` instead of `TRUE` to tell the server thread to
stop.

I have no idea why those values were incorrect, but it's my work so it's
definitely my fault. I will have to sick back and lick my wounds for a while.
I hate it when I'm stupid.

Thanks to Kevin Mitnick for the bug, and @todb-r7 for the investigating the
history.

Redmine: [FixRM ]
2013-11-22 12:38:50 +10:00
OJ
c947f9d1f6 Add more documnetation, tidying
More of the usual, added during investigations.
2013-11-22 12:22:48 +10:00
OJ
48f9ae5116 Fix commands to properly invoke base and extensions
In previous work done during the command refactor the mechanism for overriding
commands changed such that it wasn't invoking commands if they were overriden
by an extension. This, it would appear, broke some stuff. Badly.

This commit fixes this issue by reinstating the way things were done before.
If a base command exists, it is always executed. If an extension also exists
which overrides this command then the base command result is ignored, the
extension command is executed, and the result of that command is returned.
2013-11-21 13:40:54 +10:00
OJ
1c09ac08d5 Merge branch 'master' into warning_removal 2013-11-14 19:20:27 +10:00
James Lee
572af2c761 Land, doc updates 2013-11-14 02:57:16 -06:00
James Lee
454e56adb3 Land , fix webcam crashes 2013-11-14 02:50:28 -06:00