1
mirror of https://github.com/rapid7/metasploit-payloads synced 2024-12-21 05:35:54 +01:00
Commit Graph

932 Commits

Author SHA1 Message Date
Brent Cook
b30d2df4ad update and integrate libpcap for POSIX meterpreter
I am working on automating POSIX meterpreter builds, and one step is
removing the requirement to download files from external sites during
the build process. So, this incorporates the latest stable libpcap
source and updates the patches as needed.

The Makefile also moves (@wvu-r7 was amused that Makefile.pcap wasn't
actually a pcap file :) and simplifies a little build foo.

I updated and got the 64-bit kernel + 32-bit userspace TPACKET v1 patch
merged upstream, but its not in a release yet, so the patch is still
needed. See https://github.com/the-tcpdump-group/libpcap/pull/421
2015-03-24 10:28:58 -05:00
Brent Cook
d3fe4fc0ff Land #140: OJ adds winhttp support to meterpreter 2015-03-23 16:51:40 -05:00
OJ
5cf9ae53ea Update from winhttp branch after proxy fixes 2015-03-23 12:47:03 +10:00
OJ
97398e0c07 Adjust length to include NULL terminator 2015-03-23 12:43:10 +10:00
OJ
15a151fce6 Add separate check for proxy user and pass 2015-03-23 12:39:31 +10:00
OJ
91a8bce4b6 Implement first pass of transport refactoring
* Transports are now defined by a set of callbacks that are bound to the Remote.
* Transport initialisation and dispatching is seprated.
* The context of the transport should be switchable depending on new transport requirements.

More to do, but it has begun.
2015-03-23 12:35:45 +10:00
OJ
5f6a7d84aa Change type definition to keep posix happy 2015-03-20 13:49:50 +10:00
OJ
97cd32524b Doubled meterpreter UI length to 512 2015-03-20 13:10:57 +10:00
OJ
b7d6eba46b Merge branch 'master' into winhttp 2015-03-20 11:59:28 +10:00
OJ
33d7c55429 Land #138 : short file names, file list fixes 2015-03-19 13:03:27 +10:00
Brent Cook
c7c673138f Land #139, OJ does the posix symbol shuffle (and fixes it up) 2015-03-18 21:26:39 -05:00
OJ
c93ba9608c Fix bad POSIX support for stageless meterpreter
* Make sure POSIX has the new extension command enumeration function.
* Add support for deinit of extensions.
* Make sure extensions are tracked like they in Windows.
* Fix up a few export definitions.
* Stop using strncpy_s in POSIX code.
2015-03-19 11:07:22 +10:00
Brent Cook
eba69cf20e add short name support to filesystem listing.
Also, fix path builder order for stat.
2015-03-18 16:05:30 -05:00
OJ
85783773d5 Land #137 : filesystem refactor and initial unicode support 2015-03-18 18:01:05 +10:00
Brent Cook
e8318f8c5b correct various issues listing files
* bury common _snprintf that snuck in while testing the Windows version back
   into the platform-specific code.
 * remove now-unneeded separator defines
 * don't free a stack variable on windows
2015-03-18 02:11:13 -05:00
Brent Cook
8944ca5156 modify fs_getwd so it allocates the path 2015-03-17 15:28:27 -05:00
Brent Cook
95e102a90c cast size_t on read/write to proper result for the TLV 2015-03-17 15:27:48 -05:00
Brent Cook
7c8b723c15 convert windows filesystem operations to unicode 2015-03-17 14:32:20 -05:00
Brent Cook
f0eac5877a Refactor filesystem operations
Separate the stdapi handling code from the OS-dependent code. This makes
testing and maintaining the code easier.

This also happens to fix a number of bugs as a side-effect, because it is
clearer what is happening now.
2015-03-17 14:32:20 -05:00
OJ
46ab7a02e8 Fix typo, bomb out on invalid cert
When the server cert checking fails, meterpreter now exits.
2015-03-17 14:39:41 +10:00
OJ
0739cbc0f3 Add support for SSL cert validation
Tweak the SSL implemention so that for https meterpreters the SSL certificate is validated against a hash that is specified in the payload. If the hash isn't specified, then certificate validation isn't attempted.
2015-03-17 13:27:33 +10:00
Brent Cook
47fc1b81bd Land #135, @OJ's support for stageless meterpreter 2015-03-16 14:27:27 -05:00
OJ
f44b44f2ce Implement https communications via winhttp
First pass, some instability still. Migration doesn't play nice.
2015-03-16 21:51:44 +10:00
OJ
5e8f9ff090 Land format and posix fixes from @bcook-r7 2015-03-16 10:01:55 +10:00
Brent Cook
f5fecb4b68 fix spelling 2015-03-13 13:24:10 -05:00
Brent Cook
038477f90d initial split server_setup into windows/posix variants 2015-03-13 13:05:35 -05:00
OJ
aaa384b51d Remove compiler warning, set warnings as errors 2015-03-13 20:47:30 +10:00
OJ
b6ec617fd7 Add support for IPv6
Add more work to the URI scheme handling, add functionality that works with IPv6. Tested on XP SP3, Windows 7.
2015-03-13 20:10:30 +10:00
OJ
6ffa34aedc Add support for stageless payloads
metsrv now makes use of the METERRPETER_URL for stageless payloads. This value is checked when Meterpreter starts to determine what should be done with communications. If the URL indicates that the payload is stageless, it then establishes communications appropriately, depending on the configuration.
2015-03-12 10:47:19 +10:00
OJ
0393927159 Add extension names, enuemrators, etc
This commit contains a bunch of code tidying (formatting, spaces, naming, etc) as well as new exports for each of the modules so that the extension can be identified. The plan is for the loader to know which modules are loaded so that when stageless meterpreter fires up MSF can query the existing extensions and load the appropriate functionality on the client side.
2015-03-09 21:28:27 +10:00
OJ
9c7f320301 Code formatting and tidying up
This is in preparation for diving into how to make Meterpreter work
nicely as a fully stageless entity.
2015-03-09 10:26:44 +10:00
OJ
aab29f8605 Land #129 : real_printf rework 2015-02-26 07:21:57 +10:00
Brent Cook
a4f81a51b5 make real_dprintf available even if DEBUGTRACE is not set
By making this a static _inline, it is not necessary to guard it, since
an inline is only instantiated if it is used. This also allows adding
one-off debug message for use during debugging sessions, without turning
on DEBUGTRACE all over the place.

Convert a few of the extensions to also do this as well, making them perhaps
slightly smaller.

I am curious why Windows builds define debug this way, vs posix that
just includes it in common.c. Could I just do that instead, assuming
there's no historical reason.

Finally, correct the docs in the posix version of real_dprintf.
2015-02-25 13:03:18 -06:00
William Vu
8906b29559 Land #128, rm dup OpenSSL headers 2015-02-25 12:41:16 -06:00
Brent Cook
d4f1af0900 remove duplicate openssl headers
prepping for an upgrade later, this just cleans up some unused headers
2015-02-25 12:18:45 -06:00
Brent Cook
4ad58d65b4 Land #127 - @wvu-r7 adds per-process arch detection to ps on linux 2015-02-12 13:35:23 -06:00
William Vu
c1e3616a20 Land wvu-r7#1, fopen() permission denied fix
That damn continue.
2015-02-12 13:07:00 -06:00
Brent Cook
38c9460ba4 enumerate all processes even if we cannot read the executable type 2015-02-12 10:54:44 -06:00
William Vu
eb3b163951 Add arch to Linux ps
Uses /proc/<PID>/exe and e_ident[EI_CLASS].
2015-02-12 08:15:58 -06:00
OJ
a657db41fc Land #124 - Unify Windows and POSIX scheduler 2015-02-09 20:58:23 +10:00
Rich Whitcroft
c9cb640612 add path to new scheduler.c location 2015-02-06 13:44:07 -05:00
Rich Whitcroft
8435383cc3 updated VS2013 configs 2015-02-06 13:33:36 -05:00
Rich Whitcroft
d7e54b2dad merge windows and posix scheduler.c into one source file 2015-02-06 10:02:05 -08:00
Brent Cook
1256cacca3 Land #121, OJ's fix for double-starting the clipboard monitor 2015-01-30 16:52:33 -06:00
OJ
5e0fbedd30 Make state destruction set pointers to NULL 2015-01-31 08:23:54 +10:00
OJ
c9d9e5978c Fix issue with double-start of clipboard
If a user attempts to start the clipboard monitor when it is already started then the code path that is taken results in the current clipboard monitor state pointers being lost. The net effect of this is that the existing monitor thread will never be shut down. Not a good thing!

This code fixes that case so that the monitor doesn't create a new monitor thread and doesn't reset important pointers to NULL.

This change also results in a "success" status being returned to the caller. This means it looks like the clipboard monitor has been started even if it was already running. I think this is acceptable and is better than an obscure error.
2015-01-31 07:00:06 +10:00
OJ
237897c218 Land #117 - handle zero-byte reads and writes gracefully 2015-01-28 19:47:53 +10:00
Brent Cook
6299e2de5b handle zero-byte reads and writes gracefully
Otherwise, doing an empty file open, like:

  ::File.open(local_file_name, "")

or write_file("meterpreter-test", "") in test/modules/post/test/file.rb
fails

Before:
```
$ touch hello
$ ./msfconsole -q
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.56.1
lhost => 192.168.56.1
msf exploit(handler) > run

[*] Started reverse handler on 192.168.56.1:4444
[*] Starting the payload handler...
[*] Sending stage (787456 bytes) to 192.168.56.1
[*] Meterpreter session 1 opened (192.168.56.1:4444 ->
192.168.56.1:55621) at 2015-01-27 11:23:09 -0600

meterpreter > upload hello
[-] Error running command upload: Errno::ENOENT No such file or
directory @ rb_file_s_stat - hello
meterpreter > upload hello
[*] uploading  : hello -> hello
[-] core_channel_write: Operation failed: The parameter is incorrect.
```

After:
```
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.56.1
lhost => 192.168.56.1
msf exploit(handler) > run

[*] Started reverse handler on 192.168.56.1:4444
[*] Starting the payload handler...
[*] Sending stage (770048 bytes) to 192.168.56.10
[*] Meterpreter session 1 opened (192.168.56.1:4444 ->
192.168.56.10:49833) at 2015-01-27 11:26:03 -0600

meterpreter > upload hello
[*] uploading  : hello -> hello
[*] uploaded   : hello -> hello
```
2015-01-27 11:24:21 -06:00
jvazquez-r7
6445556e14 Land #116, @bcook-r7's support for building on newer linux distros 2015-01-16 16:51:53 -06:00
Brent Cook
99cf4da2d4 be more clever about cleanup by not making a mess 2015-01-13 17:24:05 -06:00