1
mirror of https://github.com/rapid7/metasploit-payloads synced 2024-12-21 05:35:54 +01:00
Commit Graph

646 Commits

Author SHA1 Message Date
OJ
f1fbf2064f Enable service control and status in queries.
This commit adds service status to the query functionality for a single
service so that it doesn't have to be found in the full list of services.

It also adds the ability for the caller to control services using the
typical start/stop/pause/resume/restart style functions. To use these
functions the caller has to have appropriate rights.
2014-03-11 14:49:19 +10:00
OJ
a4beeba7bc Rejig service initialisation
Gathering of function pointers is now done during initialisation. This
means that it doesn't have to be done each time a function is called
and allows for reuse across other functions.
2014-03-11 09:37:36 +10:00
James Lee
7ea5d4d35a Land #72, create_remote_thread fixes 2014-02-19 16:14:09 -06:00
OJ
f74962cf2f Reinstate stack size parameter
Previous commits removed the stack size parameter from the remote thread
creation function call. This caused issues in systems prior to Vista/2k8.

This fix puts that value back in and now everything is honky dory.

Tested on 2k/XP/2k3/Vista/7/2k8
2014-02-12 13:27:41 +10:00
James Lee
2c9a8cf9ab Whitespace 2014-02-10 16:45:58 -06:00
James Lee
7d823d1634 Land #71, hashdump fixes 2014-02-10 15:26:54 -06:00
sinn3r
63d516750f Land #74 - clipboard monitor 2014-02-05 19:45:07 -06:00
sinn3r
f0be562baf Merge branch 'clipboard_monitor' of github.com:OJ/meterpreter into OJ-clipboard_monitor 2014-02-05 19:44:28 -06:00
OJ
94468e1313 One last tweak to remove all evidence of stupidity 2014-02-05 23:06:10 +10:00
OJ
cca2f14835 Fix number of issues revealed in x64 testing
Thanks to sinner being on the ball, x64 was broken and causing some
crazy things to happen. The CPU would peg at 100% despite x86 being
quite happy. It turns out, I suck at C, so I had to fix that up.

This commit includes the following changes:

* Fix up the WNDPROC callback so that the parameters are in the right
  order.
* Specify the correct array size for wait handles in the monitor thread.
* Add extra debugging.
* Handle WM_* messages correctly and add WM_NCCREATE.
* Correctly use the CREATESTRUCT to pass in the state.

"How on earth did this ever work?"

Fixed now, thanks again sinner!
2014-02-05 22:37:55 +10:00
OJ
2cebe3c19e INCLUDE the resume event in the monitored array
I am clearly stupid. How did this ever work? This change tells the
wait call to include the signal handle for the resume event.
2014-02-05 07:54:08 +10:00
Tod Beardsley
3b5dd66b81 Emphasise the correct version of VS2013.
cc @wchen-r7
2014-02-03 10:22:31 -06:00
OJ
2c56a1bcb1 Add documentation to the functionality 2014-01-29 15:51:57 +10:00
OJ
54b596674d Add purge and dump functionality, remove dup caps
This no longer captures duplicate content if the user does the same
thing twice.
2014-01-29 14:51:27 +10:00
OJ
5740b8421d Land #73 Add support for multimonitor screenshots 2014-01-28 22:46:34 +10:00
DiabloHorn
6041f973c5 added default multi monitor support 2014-01-27 22:51:40 +01:00
OJ
b03c074bf1 Comment out debug tracing 2014-01-26 08:13:28 +10:00
OJ
633851be56 Updated other uses of CreateRemoteThread
Make use of the new create_remote_thread function so that it
is used by other areas of the code, including migration.
2014-01-24 23:11:47 +10:00
OJ
a7f2458a4e Force "warnings as errors" in stdapi
This should have been done ages ago, not sure why I need to do it again.
2014-01-24 21:53:50 +10:00
OJ
3e8025eae8 Fix hashdump so it works without migrating
Hashdumping on Windows XP and earlier worked fine for processes
running as SYSTEM because CreateRemoteThread didn't have security
in place that Vista and later operating systems do. However, Vista
onwards required migration to SYSTEM processes (which behind the
scenes uses injection via APC) before hashdumping would succeed.

This commit fixes this so that in those cases the hidden API function
RtlCreateUserThread() to create the remote thread in lsass exe. The
result is that hashdumping works without having to migrate first.

Win.
2014-01-24 20:23:43 +10:00
OJ
e85ff80bb4 Reformatting of code to make it a bit more readable 2014-01-24 11:01:56 +10:00
OJ
5b1007e940 Merge branch 'upstream/master' into clipboard_monitor
Conflicts:
	source/ReflectiveDLLInjection
	source/extensions/extapi/extapi.c
	source/extensions/extapi/extapi.h
	workspace/ext_server_extapi/ext_server_extapi.vcxproj
2014-01-22 22:53:29 +10:00
OJ
2918920b15 Handle NULL values when clipboard is cleared 2014-01-22 22:49:03 +10:00
OJ
d691124cd3 Changes and tweaks to make clipboard monitor work 2014-01-22 22:07:33 +10:00
Tod Beardsley
5b35852e32 Land #68 to resolve the Redmine issue.
FixRM #8747
2014-01-16 13:34:21 -06:00
Tod Beardsley
ffa8a9a04c Update GitHub status.
SeeRM #8747
2014-01-16 13:32:46 -06:00
James Lee
5db4f962b9 Land #66, fix incognito ptr truncation 2014-01-15 13:03:30 -06:00
OJ
6bb128dcbf Merge branch 'upstream/master' into incognito_pointer_truncation_fix 2014-01-15 17:13:26 +10:00
William Vu
7f3bbe6911 Land #67, command impersonation fix 2014-01-15 01:02:37 -06:00
OJ
07f2c00559 Fix command impersonation
In a previous commit, I rejigged the way commands were overloaded,
and added what appeared to be a micro-optimisation to prevent
the thread from being imperonsated twice. Ultimately it wouldn't
make any differnce, so why I put it in there I really don't know.

The optimisation actually resulted in a breakage in the case where
base commands weren't present but extension commands were. As a
result all extended commands didn't get impersonated unless they
were overloading. This is not a good thing at all.

This fix removed that total stupidity and restores some level of
sanity.

Apologies for my idiocy.
2014-01-15 16:35:17 +10:00
OJ
1b0be5f3c5 Remove unused param, force 'treat warnings as error'
For some reason this project setting wasn't present in incognito.
2014-01-15 15:53:02 +10:00
OJ
2c300df811 Fix pointer truncation during process iteration
In similar vein to the migration issue, incognito was crashing when
running under SYSTEM processes (such as lsass.exe). This was because
of a pointer truncation problem when processes were being enumerated.

There was also some other quirky logic going on, but nothing too
damaging. I added some other simple code tidies while I was in there.
2014-01-13 20:56:13 +10:00
OJ
518611b2f6 Land #65 2014-01-08 08:17:55 +10:00
Tod Beardsley
4588057616 Land #64, check and exit w/o submodule 2014-01-07 16:18:43 -06:00
Tod Beardsley
3114ebe8e9 More README lies about build targets 2014-01-07 16:14:44 -06:00
OJ
140c3bde5a Land #3
Thanks Tod for fixing my stupidity.
2014-01-08 08:07:10 +10:00
Tod Beardsley
044c262134 Land #63, update openssl sources. 2014-01-07 16:05:49 -06:00
Tod Beardsley
6a6e82f611 Actually check if the submodule is there 2014-01-07 15:56:15 -06:00
OJ
bdea197999 Update documentation and makefile for submodules
* We now check to make sure that the required files are on disk and
  show an error message if not found.
* README updated to indicate that submodule initialisation is needed.
2014-01-08 07:37:01 +10:00
Meatballs1
10adb2c03f Merge pull request #2 from todb-r7/update-readme-for-https
make README.md consistent w https
2014-01-07 13:12:47 -08:00
Tod Beardsley
734b1f03da Derp add www. too 2014-01-07 14:50:22 -06:00
Tod Beardsley
19e06ff406 make README.md consistent w https 2014-01-07 14:48:18 -06:00
Meatballs
5db286bc4b Dont trust http... 2014-01-07 12:48:39 +00:00
Meatballs
c5bcc09f81 No line wrap 2014-01-07 12:46:52 +00:00
Meatballs
2e54b4733e Use full dns name 2014-01-07 12:45:09 +00:00
Meatballs
880c247554 Land #60, Add ADSI support to ExtAPI 2014-01-07 11:23:07 +00:00
OJ
d7b0e6d3fd Default to a sensible page size if not given 2014-01-07 17:19:53 +10:00
OJ
fda91a3f1d Last debug code, force valid result
Sometimes results can be success values but not S_OK, so this change
contains code which will force the result to S_OK in those cases so that
the caller doesn't get an indication which makes it believe that there is
an error.
2014-01-05 19:59:43 +10:00
OJ
e0da82d12b Extra debug info, force adsi limit
The ADSI API is supposed to support the notion of only returning
a fixed number of results from AD when we specify the
ADS_SEARCHPREF_SIZE_LIMIT value in the search parameters, but it
doesn't appear to do that (at least not my Win2k setup).

This change includes a bit more debugging output and keeps track of
the number of rows processed so that the maximum site is actually
honoured.
2014-01-05 19:46:52 +10:00
OJ
243d3da596 Merge branch 'upstream/master' into basic_asdi_support 2014-01-05 18:46:40 +10:00