This commit includes code that was missing from the original Python PR which adds support for the multiprocessing module in Python. I have no idea why this was missed, but it was. The code also includes adjustments to the loader which attempts to resolve modules appropriately based on name. This is a bit of a kludge thanks to the way that Python module resolution hooks work, as it's not clear exactly which namespace the module is intended to be loaded from at runtime as it's not passed to the resolver. Down the track we may need to get smarter with the resolver so that we have a per-module resolver (ie. a tree of resolvers).
The debug builds of Meterpreter compiled fine, but the resulting binaries were never functional. No debugging is really ever done with the debug builds anyway, so instead of carry them forward, this commit removes both `debug` and `r7_debug` from the source.
Updated the code so that the TCP stuff is moved into its own file and doesn't pollute the main server file with stuff that is specific to TCP transports.
Updated the winhttp functionality in the same way so that functionality is properly segregated.
Modified the global parameters so that they're part of a structure that can be passed around.
Added a stack of documnetation as well.
LibreSSL does not yet work well with Windows meterpreter for 2 reasons:
1. because its built with mingw/gcc, it does not have SAFESEH, requiring that
protection to be disabled for the whole stack. It could, it just needs a
way to be built with MSVS instead.
2. OpenSSL 1.0.1 and Libressl both make metsrv about 50% larger.
When transports are more abstracted and LibreSSL can build with MSVS, we will
revisit this.
Separate the stdapi handling code from the OS-dependent code. This makes
testing and maintaining the code easier.
This also happens to fix a number of bugs as a side-effect, because it is
clearer what is happening now.
Tweak the SSL implemention so that for https meterpreters the SSL certificate is validated against a hash that is specified in the payload. If the hash isn't specified, then certificate validation isn't attempted.
- try to share some bits between different makefiles, make modifying
global compiler flags not such a huge pain.
- directly specify we should be using the gold rather than bpf linker
- make compiler output largely quiet except where we care - allow
warnings to actually be visible
- don't delete downloaded tarballs with --really-clean
- add missing dependencies between libraries
(--no-add-needed/--no-copy-dt-needed-entries causes lots of trouble)
- update readme to show what to install to build
I made minimal changes to the loader makefile - it breaks easily.
-Os prevents if from being able to load libc, for instance
This is a seprate extension because the old Mimikatz supports more
operating systems, while the new Mimikatz has more features for
less operating systems.
This exploit has been causing crashes and BSODs on various systems and
hence is deemed too unstable to be included in the default deployment of
Meterpreter. `getsystem` should only contain code which attempts to get
SYSTEM privileges via safe means; it should not have exploits in it.
This commit removes kitrap0d from `getsystem`. The code will be moved to a
windows local exploit in MSF instead.
Does as it says on the tin. Various tweaks made to source and to project
files to make the builds come out with ZERO warnings.
Let's keep it clean from here!
The clipboard code now supports the `CF_DIB` format on the clipboard. When
found, it takes the data and uses GDI+ to convert it into a JPEG. GDI+ was
used because:
* It's on every Windows machine from XP SP0 onwards (Win2k doesn't work).
* It requires linking to a small gdiplus.lib instead of a massive jpeg
library.
* It's a really easy interface to use that interops easily with the
Windows bitmap header information structures.
I think it'd be worth considering this approach for the other screenshot
applications as well, as it'd reduce the jpeg lib dependency and simplify
the codebase.
This commit adds the beginnings of clipboard munging support. Getting and
setting of text-based data is supported. Over time, more formats will be
supported.
This commit adds the ability to enumerate services on the target machine,
showing the PID, the service name, the display name and an indication of
the service's ability to interact with the desktop.
Some other small code tidies were done too.
Decided to kick off a new extended API extension with mubix and
kernelsmith to include some more advanced enumeration stuff. The goal of
this extension is to take stuff that wouldn't be part of the std api but
is rather useful for enumeration of a target once meterpreter has been
established.
This commit kicks things off with enumeration of top level windows on the
current desktop.
No idea why they were broken, but they shouldn't have been. This fixes
them up and tidies a few other things up, especially the guts of the
stdapi project.
The boiler extension wasn't used and was old so it was removed. I've added
a new "bare" extension which is, as it says, just bare and doesn't do
anything. This can be used to create new extension projets just by copying
and pasting, then editing a couple of small things.
This will be added to the documentation.
* Rather than having various places where the PSSDK path is set scattered
through the solution I created a property which contains the version.
This means we can update that version property in the project and it'll
take effect everywhere it's required.
* Removed debug and release configurations from ext_server_sniffer.
As per @jlee-r7's request I've changed the output of both 32 and 64 bit
components so that the platform is included in the file name.
I also added "make clean" to the make script.
* r7_debug and r7_release configurations added.
* Make now detects if the appropriate libraries are on disk and will build
whatever it can. If PSSDK is present in the appropriate location then it
will attempt to build ext_server_sniffer.
* ext_server_sniffer is now buildable with VS 2012 with all the settings
correct.
* ext_server_sniffer was failing to load once built. The cause of this was
that the hMetSrv handle wasn't being set to a valid value prior to the
command_register calls happening, it was being set too late. I'm not
sure why this results in a crash, but moving this one call to a location
prior to the command_register calls does resolve that problem.
* Removed the old README.md from the `workspace` folder.
* Adjusted the build documentation in the main README.md.
* Added details of how to make sure VS2012 has beeen updated so that
things are able to be build.
* Pulled source from Stephen Fewer which contains a few updates including
support for Windows RT.
* Added Stephen Fewer's fix which includes a correct pointer size for the
reflective DLL loader function.
* Added ENABLE_STOPAGING to allow toggling of VirtualLock() call (defined
by default).
* Added ENABLE_OUTPUTDEBUG to allow toggling of calls to pOutputDebug
(undefined by default).
* Remove more warnings in some areas of the code.
* make_pair() changed in C++11 so this change fixes the code so that the
compiler doesn't complain any more.
* Compiler was also complaining about redefinition of U_CHAR. Undefining
before redefining resolves the issue.
* ext_server_stdapi wasn't including winmm.lib, despite the pragma
included in the source of audio.c. Adding the library as a link
input resolves the problem.
* Perform the upgrade of the projects using the VS wizard.
* Exclude the ext_server_pivot project for now as it doesn't exist on
disk.
Note: this changeset will not compile.
