github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-01-02 11:36:22 +01:00
Code Releases Activity
1,570 Commits 7 Branches 259 Tags 71 MiB
f76b51e265
Commit Graph

950 Commits

Author SHA1 Message Date
OJ
f76b51e265 Use RtlGetVersion to detect version 
This means we can actually correctly detect the version of Windows in
use past 8.1 (ie including 10 and later).
 2015-09-24 15:42:37 +10:00
Brent Cook
600ed34f1e merge and cleanup @stufus's pageantjacker extension into extapi 
see https://github.com/rapid7/meterpreter/pull/164 for details
 2015-09-20 20:18:02 -05:00
Brent Cook
73e57f258a add initial Windows 10 matching to sysinfo output 2015-08-24 15:50:28 -05:00
Brent Cook
224ac67dc7 update build status link for windows meterpreter 2015-07-24 14:28:57 -05:00
Brent Cook
8732204833
Land #7, fix posix transport switching/deleting 2015-07-12 00:29:06 -05:00
OJ
a0c7262624 Remove invalid SAFE_FREE call 2015-07-12 13:21:20 +10:00
Brent Cook
8de19e788a We don't have to log an error if it's expected. 
There is a close log message right below anyway.
 2015-07-10 07:11:53 -05:00
Brent Cook
28425e7a99 On socket flush, stop reading on error 
We are currently inconsistently handling errors in recv() when flushing data from a TCP socket. In one case, we handle the graceful close, but not the error case. In the other, we handle exactly the opposite.

Both of these loops may spin indefinitely depending on the recv value from the remote server. In one, if the TCP connection is abruptly closed in stageless meterpreter or on a transport switch, the flush function may loop. In the other, if the remote server does a socket shutdown, but not a close, we will also loop.
 2015-07-10 07:04:57 -05:00
OJ
d16e5276c5 Use temp storage for URL parsing 
This removes the issue where URLs were truncated during parsing,
resulting in them not working later on when transports are changed.
 2015-07-10 14:57:23 +10:00
Brent Cook
819f6a3455
Land #5, add WinInet fallback when WinHTTP cannot work against certain proxies 2015-07-09 23:00:16 -05:00
OJ
863138d803 Avoid fallback when SSL cert verification is on 
This is to avoid unintended MITM when Meterpreter is configured in
paranoid mode.
 2015-07-04 14:45:49 +10:00
OJ
18a814d3a0 Refactor wininet/winhttp code to reduce code duplication 2015-07-03 20:46:18 +10:00
OJ
09c4d8b137 Initial WinINET fallback implementation 2015-07-03 18:55:14 +10:00
Brent Cook
3a0427bcbc cleanup record_mic handler, use the right heap for freeing 
When reallocating the record buffer, we need to pass the correct heap pointer
or this will crash.

This also simplifies error handling and switches audio.h to use Windows EOL
characters.
 2015-06-30 21:36:36 -05:00
Brent Cook
c7e1c385c8
Merged c 2015-06-28 13:29:59 -05:00
Brent Cook
91f10aa760 Land #175, fix clipboard file size confusion 2015-06-28 12:21:16 -05:00
OJ
c8de66fd31 Remove extra htonq call 2015-06-27 21:44:41 +10:00
OJ
86eb62832d Fix silly mistake with type casts 2015-06-27 21:37:05 +10:00
OJ
c2f141679e Fix up URI switching for stageless 
This prevents horrible crashes when migrating from a stageless HTTP/S session.
 2015-06-27 21:19:04 +10:00
Brent Cook
9fb2c004c1 Adjust posix install paths 2015-06-22 15:02:47 -05:00
Brent Cook
5afc05e122 Adjust submodule and pssdk paths 2015-06-22 15:02:47 -05:00
Brent Cook
701d30197e Land #154, NTDS parsing support 2015-06-22 09:07:02 -05:00
Brent Cook
ba86e968d7 fix broken partial-batch / eof handling 2015-06-22 03:58:24 -05:00
Brent Cook
9ff7339644 move ntds parser from priv to extapi 2015-06-22 03:58:24 -05:00
Brent Cook
eb7c696f00 Land #170, support deleting transports 2015-06-19 15:46:10 -05:00
OJ
2e78a4379a Add POSIX support for transport remove 2015-06-16 12:24:00 +10:00
OJ
149e4c2a7e Implement transport removal 2015-06-16 11:37:09 +10:00
Brent Cook
bfe1060b40 Merge branch 'master' into land-154-ntds 2015-06-04 13:47:44 -05:00
Brent Cook
905f25a03b compile error 2015-06-04 13:16:05 -05:00
Brent Cook
25731fee03 free utf8 conversion strings and avoid non-null terminated values 2015-06-04 09:00:24 -05:00
Brent Cook
c47c973b83 logon names can actually be up to 104 characters 
practical limit is 64, this gives us margin
 2015-06-04 08:53:09 -05:00
Brent Cook
773008d921 whitespace tweaks 2015-06-04 08:50:24 -05:00
OJ
ef14f0e7ab Update to simpler, less hacky implementation 2015-06-03 16:27:31 +10:00
OJ
d89cd69bc5 Implement a sleep in windows that lasts longer 2015-06-03 14:06:17 +10:00
David Maloney
2b07377328 fix copy error 
use strncpy not memcpy to transfer the re-encoded
name and description into our account object.
also use sizeof for precise copy size. eliminates lingering
errors

MSP-12356
 2015-06-02 12:44:49 -05:00
David Maloney
84cea10260 use all unicode for ntds account struct 
force convert account name and description
to unicode for transport over the wire

MSP-12356
 2015-06-02 12:35:30 -05:00
OJ
ddd82d20fc Fix check for auto detect proxy settings 
This setting doesn't appear to have any bearing at all on the way the proxy stuff is managed, as a result looking for this flag doesn't make sense. Instead, we just look for presence of the URLs to use, and if found, that's what we use.

This also uses the WinHttpSetOption function for setting credentials which allows for independenc use of user and password.
 2015-05-25 16:35:31 +10:00
David Maloney
37e7ab2fc9 just a little more cleanup 
this should hpefully address the last of Juan's code review
feedback appropriately.

MSP-12356
 2015-05-18 11:21:10 -05:00
David Maloney
a3b4b53029 size and signedness issue fixes 
fixes several size and signedness issues caught
during code review

MSP-12356
 2015-05-18 11:08:58 -05:00
David Maloney
7c0c78d766 more missing garbage collection 
pek structures also were not being garbage collected properly

MSP-12356
 2015-05-18 10:46:43 -05:00
David Maloney
6c15c0c0a0 better garbage collection on initial setup 
the ntds_parse method that gets everything started
was missing garbage collection for accountColumns.

MSP-12356
 2015-05-18 10:43:27 -05:00
Brent Cook
bb00b00b2c do not log UUID as a string 2015-05-17 09:25:33 -05:00
OJ
5f7c2e7207 Fix handling of UUIDs in Meterpreter 
The original implementation assumed that the UUIDs were coming through a strings, but this was changed at some point to use the 16-byte UUID format straight out of MSF.

This was causing issues when UUIDs had null bytes in them because the UUID was being truncated and the result was that UUIDs that were being parsed in MSF were too small, resulting in exceptions.
 2015-05-17 17:43:59 +10:00
Brent Cook
68a24e3a47 Land #159, user proxy settings support with winhttp 2015-05-15 16:41:22 -05:00
Brent Cook
602e18591c fixup build for posix, fix memory leak in utf conversion 2015-05-15 16:01:59 -05:00
David Maloney
e8449a1698 Merge branch 'master' into feature/MSP-12715/sysinfo-upgrade 2015-05-15 15:14:23 -05:00
David Maloney
30a1ecbbcb add domain and loggedonusers to sysinfo 
added the domain name and logged on user counts
to the sysinfo command

MSP-12715
 2015-05-15 15:10:35 -05:00
Brent Cook
ed1bccd0fc Land #160, fix the bare example extension 2015-05-15 15:04:14 -05:00
OJ
7ff8263ce0 Actually set the result to success 2015-05-15 15:03:47 -05:00
OJ
f6c1485ebe Add support for the sleep command 2015-05-15 15:03:47 -05:00