github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2024-11-26 17:41:08 +01:00
Code Releases Activity
97 Commits 6 Branches 258 Tags 70 MiB
c80fcf9558
Commit Graph

97 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stephen Fewer
c80fcf9558 modularize the source for each technique, making it cleaner to add in new techniques at a later stage. 
git-svn-id: file:///home/svn/framework3/trunk@8298 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 15:04:27 +00:00
Stephen Fewer
e081adaaf3 update the workspace files. 
git-svn-id: file:///home/svn/framework3/trunk@8295 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:46:51 +00:00
Stephen Fewer
8fc8a49cd2 Add in the elevator dll, used by getsystem for a number of things. 
git-svn-id: file:///home/svn/framework3/trunk@8294 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:45:31 +00:00
Stephen Fewer
aaef21e860 Add in the new getsystem command to the priv extension. 
git-svn-id: file:///home/svn/framework3/trunk@8293 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:40:55 +00:00
Stephen Fewer
776b9f108c Update RDI by adding in the LoadRemoteLibraryR function to use RDI to inject into arbitrary processes. Current limitation is it only works on x86->x86 and x64->x64 scenarios, due to the offsets used in parsing the PE file being determined at compile time (e.g. if we compile LoadRemoteLibraryR into an x86 binary it wont be able to load x64 images). Solution is to not rely on compiler for the offset but to do it manually which shouldn't be too much work. 
git-svn-id: file:///home/svn/framework3/trunk@8292 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:37:55 +00:00
Stephen Fewer
8db12b034f bug fix for the stdapi command rev2self. was not playing nice with new thread token stuff. 
git-svn-id: file:///home/svn/framework3/trunk@8291 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:33:24 +00:00
Stephen Fewer
cfabafb09c move these macros from base_dispatch.c to common.h as they are useful to use elsewhere. 
git-svn-id: file:///home/svn/framework3/trunk@8290 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 13:32:16 +00:00
Stephen Fewer
43347e4dc5 Complete overhaul of process migration. Migration across x86->x86, x64->x64, wow64->x64 and x64->wow64 all supported using a number of techniques. 
git-svn-id: file:///home/svn/framework3/trunk@8198 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-22 19:46:18 +00:00
Stephen Fewer
ff9d9f48aa updated stapi project file. 
git-svn-id: file:///home/svn/framework3/trunk@8158 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-19 11:07:21 +00:00
Stephen Fewer
ee34102435 First cut for improved process listing. Now works well on NT4 and up. One issue with getting the path for x64 processes on an x86 meterpreter. 
git-svn-id: file:///home/svn/framework3/trunk@8156 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-19 10:40:02 +00:00
Stephen Fewer
95974ba681 small bug fix to get getuid working on NT4 
git-svn-id: file:///home/svn/framework3/trunk@8155 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-19 10:36:12 +00:00
HD Moore
fc341ada59 Adds the process username to the ps output (when possible). 
git-svn-id: file:///home/svn/framework3/trunk@8056 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-02 03:41:21 +00:00
HD Moore
3abb8ddb16 Fixes #745. This commit changes how token manipulation works, adds the steal_token, drop_token, and getprivs commands. Tested on NT 4.0, 2000 SP4, XP SP3, 2003 SP2, Vista, and Windows 7 
git-svn-id: file:///home/svn/framework3/trunk@8055 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-02 00:35:10 +00:00
HD Moore
7a24ead09d Adds reg queryclass 
git-svn-id: file:///home/svn/framework3/trunk@8046 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-31 15:52:30 +00:00
HD Moore
489c5adb98 Fixes #658 by adding a 250ms sleep to the dispatch of the close call. 
git-svn-id: file:///home/svn/framework3/trunk@7934 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-21 19:53:10 +00:00
Stephen Fewer
5c5815cdde Bug fix for meterpreter on NT4 (Tested on NT4.0 SP6). Add a function thread_open() in thread.c to wrap the use kernel32!OpenThread and ntdll!NtOpenThread for backwards compatibility. 
git-svn-id: file:///home/svn/framework3/trunk@7806 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-10 18:12:51 +00:00
HD Moore
49b712c2c8 Updated meterpreter binaries with a slight change to the thread schedule (solves a looping problem when the socket is dead). 
git-svn-id: file:///home/svn/framework3/trunk@7793 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-10 05:42:47 +00:00
HD Moore
4fbd5b4983 See #662. This should fix most of the meterpreter-side issues with sockets, there is still a second piece of this which is unflushed data on the local forwards from the ruby code. 
git-svn-id: file:///home/svn/framework3/trunk@7761 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-08 22:08:06 +00:00
HD Moore
7539286182 Cleanups to the socket code, its still not perfect, but much more usable now 
git-svn-id: file:///home/svn/framework3/trunk@7750 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-08 14:52:07 +00:00
Stephen Fewer
3c9eb16fe0 Replace the use of Critical Sections for locking with Mutex's (thread.c). This appears to resolve a deadlock issue with OpenSSL on some Windows systems. This commit resolves a bug in interactive processes where an interactive waiter thread will chew cpu due to a tight loop introduced by anonymous pipes not blocking (process.c). Dynamic lock creation for OpenSSL has been re-enabled should a future version of OpenSSL require it, AFAIK the current version used, v0.8.9, does not use dynamic lock creation (server_setup.c). Channels have been given locks to help synchronize concurrent access to a single channel. 
git-svn-id: file:///home/svn/framework3/trunk@7732 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-07 13:04:41 +00:00
HD Moore
9588c24f71 See #607. Switch sniffer code to use mutexes 
git-svn-id: file:///home/svn/framework3/trunk@7728 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-07 05:19:46 +00:00
Stephen Fewer
0a5c87b678 Initial commit of the multi-threaded meterpreter. 
git-svn-id: file:///home/svn/framework3/trunk@7698 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-04 17:37:21 +00:00
HD Moore
be09667d9c Switch the meterpreter to SSLv3 and try to generate a slightly more realistic CN for the certificate. The goal is to work through a wider range of inline proxies. 
git-svn-id: file:///home/svn/framework3/trunk@7311 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-31 20:44:23 +00:00
HD Moore
267e317444 Fixes 416. Adds the rm/del commands to meterpreter, fixes build problems triggered by the POSIX code merge 
git-svn-id: file:///home/svn/framework3/trunk@7291 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-27 02:31:07 +00:00
HD Moore
088a92fa13 Use _WIN32 instead of __WIN32__ to be consistent 
git-svn-id: file:///home/svn/framework3/trunk@7290 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-27 01:13:35 +00:00
HD Moore
a0b6ee7885 Merge in the POSIX stdapi extension, still some work left to finish 
git-svn-id: file:///home/svn/framework3/trunk@7266 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-26 04:34:20 +00:00
HD Moore
185ccc3d31 Fixes #288 and #320. This should fix the BSoD issue with the sniffer module (other than the mac filter change, this matches the vendor's example) and confirmed that the keyscan_dump fix works 
git-svn-id: file:///home/svn/framework3/trunk@7066 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-26 16:26:05 +00:00
et
18f0d3588c Finally screenshot capture. BMP at this time 
git-svn-id: file:///home/svn/framework3/trunk@7063 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-26 04:05:09 +00:00
Stephen Fewer
a9db28fc8a Patch meterpreter's sysinfo command to resolve the system language and architecture. 
git-svn-id: file:///home/svn/framework3/trunk@7028 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-10 13:09:48 +00:00
Stephen Fewer
5ad901fdb1 Commit the x64 build of the meterpreter incognito extension. 
git-svn-id: file:///home/svn/framework3/trunk@7009 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-07 09:25:25 +00:00
Stephen Fewer
245bb65c54 Commit the x64 build of the meterpreter priv extension. 
git-svn-id: file:///home/svn/framework3/trunk@7008 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-07 09:17:29 +00:00
Stephen Fewer
ffe2462999 Commit the openssl x64 static libraries required for compilation. These are freshly built using the latest stable release (openssl-0.9.8k). Instructions for re-building the libraries also included. 
git-svn-id: file:///home/svn/framework3/trunk@7001 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-04 01:58:17 +00:00
Stephen Fewer
96bf84163d Commit the source code for the cross compilable reflective dll injection module. Some minor modifications to the stdapi extension were also required. All the projects (.vcproj) now have an x64 debug/release target as well as an x86 counterpart. 
git-svn-id: file:///home/svn/framework3/trunk@7000 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-04 01:53:58 +00:00
HD Moore
e47be2ef4f Fixes #299 - corrects the win32 build environment and source to build properly again 
git-svn-id: file:///home/svn/framework3/trunk@6987 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-30 01:57:25 +00:00
HD Moore
109991ecd1 Patch from snfernandez to fix posix extension loading 
git-svn-id: file:///home/svn/framework3/trunk@6954 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-12 23:15:08 +00:00
HD Moore
071f888b16 Major merge of Meterpreter POSIX codebase from JR, Win32 projects may need a few more fixes to work properly 
git-svn-id: file:///home/svn/framework3/trunk@6949 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-10 02:02:16 +00:00
HD Moore
8f3db3cb8b fix the posix build (patch from JR) 
git-svn-id: file:///home/svn/framework3/trunk@6945 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-09 17:28:44 +00:00
HD Moore
34580b5785 Merge in JR's ulibc code 
git-svn-id: file:///home/svn/framework3/trunk@6944 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-09 02:27:52 +00:00
HD Moore
cf3bca5278 Updated meterpreter code/binaries to scrub memory after use, works around Peter's memoryze signatures from BH/DC 2009 
git-svn-id: file:///home/svn/framework3/trunk@6942 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-08 14:22:32 +00:00
HD Moore
d5476de6cf First round of posix meterpreter commits from jr 
git-svn-id: file:///home/svn/framework3/trunk@6934 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-01 14:21:58 +00:00
HD Moore
7a9c17adec Updated reflective stuff to match the new hashing function 
git-svn-id: file:///home/svn/framework3/trunk@6923 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-31 17:57:51 +00:00
HD Moore
903ac091ba Closes #297. Switches to the dnet headers for the sniffer packet decodes 
git-svn-id: file:///home/svn/framework3/trunk@6822 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-17 19:39:31 +00:00
HD Moore
14f1a6d753 Fixes #296. Removes polarssl references 
git-svn-id: file:///home/svn/framework3/trunk@6811 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-16 16:00:29 +00:00
HD Moore
81e434af80 Updated VC++ project files to fix the directory paths/includes for OpenSSL 
git-svn-id: file:///home/svn/framework3/trunk@6774 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-13 03:14:20 +00:00
HD Moore
0b63c1fb82 Updated libraries and source code now using OpenSSL 
git-svn-id: file:///home/svn/framework3/trunk@6773 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-13 03:10:39 +00:00
HD Moore
0f9246b4bf Goodbye PolarSSL (your license stinks). 
git-svn-id: file:///home/svn/framework3/trunk@6772 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-13 03:03:53 +00:00
HD Moore
5580844eaf Fixes up the sniffer to handle large packet captures better, fixes a regression in the sysinfo command. 
git-svn-id: file:///home/svn/framework3/trunk@6768 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-12 13:17:37 +00:00
HD Moore
218eafdd04 Free packet memory when the capture is stopped 
git-svn-id: file:///home/svn/framework3/trunk@6765 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-11 18:19:42 +00:00
HD Moore
26f7464427 Fixes a bug where if the sniffer SDK could not initialize, it would still be treated as initialized the next time it was checked. 
git-svn-id: file:///home/svn/framework3/trunk@6764 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-11 17:52:40 +00:00
HD Moore
8bbbd84aeb Fixes a memory corruption issue with the SSL file descriptor (was using a stack reference instead of the Remote->fd reference), adds the source code sans the Packet SDK for the sniffer module 
git-svn-id: file:///home/svn/framework3/trunk@6763 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-11 17:32:50 +00:00