4e106c2a73
Fix aarch64 elf shared object bus error
2023-12-13 00:26:53 +00:00
89cd524acb
Update osx templates makefile and compile binaries
2023-08-02 01:26:18 +01:00
658c87996d
Hotwire MachO Signing
...
This commit hotwires in executable signing to some of the aarch64 osx
payloads in order to ensure that they are fully functional.
2023-06-19 10:57:37 +02:00
5f8767f4cf
M1ssion Dyld Mettle: Aarch64 Payloads
...
This builds on Back from the dyld by adding the required aarch64
assembly code to enable the OSX loader to run on the m1. This enables
the use of native payloads on M1 or M2 devices that do not have Rosetta
installed.
2023-06-19 10:57:37 +02:00
025ba6775d
Add a README file with some basic information
2023-02-09 15:09:50 -05:00
126e3a9c9a
Add larger 256KiB DLL templates
2023-02-09 15:09:50 -05:00
2608852d8c
Consolidate gdiplus build code
...
This references the main dll/template.c code as the mixed-mode variant
already does. This will make future changes easier as we won't need to
copy them from the main to this one.
See https://github.com/rapid7/metasploit-framework/pull/8509 for the
origin of these files.
2023-02-09 15:09:50 -05:00
b866917ee1
review
2022-11-22 16:57:01 -05:00
637ad5f809
make ducky more psh friendly
2022-11-21 17:55:48 -05:00
29b7fa5336
ducky_script format for msfvenom
2022-11-18 17:02:52 -05:00
246a3604b8
set the org to be 0x400000
2022-05-13 10:50:19 +08:00
d29f5690a1
Add in backup code to DLL template to fall back to old way of executing things in case the BREAKAWAY_FROM_JOB flag cannot be used
2022-03-31 14:28:29 -05:00
743138abed
Add in initial fixes from review and remove extra BREAKAWAY_FROM_JOB code changes not directly related to this PR as we'll raise a separate PR for those
2022-03-31 12:13:29 -05:00
e5c0259723
Add CREATE_BREAKAWAY_FROM_JOB flag to source files related to DLL generation, update the exploit source to denote how to clean up in case the payload can't clean up
2022-03-23 19:38:32 -05:00
a25b3a70ad
Update permissions on template DLLs
2022-03-23 17:49:03 -05:00
b1ce05f97c
Add in updated Ruby code and also update the DLLs and prepend_migrate.rb to use the CREATE_BREAKAWAY_FROM_JOB flag with CreateProcess to break away from the job if the job has the JOB_OBJECT_LIMIT_BREAKAWAY_OK limit set to allow breakaway jobs
2022-03-23 17:47:25 -05:00
9635fde12d
Add support and templates for aarch64 targets
2022-02-10 10:49:02 -06:00
efa125bb23
Document the synchronization procedure
2020-11-16 16:13:35 -05:00
3586644b62
Increase the payload space to 4096 within the DLL template
2020-11-16 15:58:59 -05:00
2d367b867d
Add a synchronization primitive to the DLL template
2020-11-16 15:57:27 -05:00
c6304704f4
Cleanup inconsistent whitespace in the DLL template
2020-11-16 11:26:15 -05:00
d6e1eee635
Add a new Mixed Mode Assembly DLL payload template
2020-10-05 15:19:40 -04:00
c63d5fb4fb
Recompiled binaries
2017-10-09 12:44:58 -05:00
0bf948e906
Removed binary files before recompiling
2017-10-09 11:35:41 -05:00
7df18e378d
Fix conflicts in PR 8509 by mergeing to master
2017-10-09 10:30:21 -05:00
605330faf6
Land #8842 , add linux/aarch64/shell_reverse_tcp
2017-08-21 15:44:28 -05:00
e734a7923a
Land #8267 , Handle multiple entries in PSModulePath
2017-08-20 17:44:30 -05:00
d5a5321a8c
Merge remote-tracking branch 'upstream/pr/8299' into land-8267-
2017-08-20 17:43:56 -05:00
8b4ccc66c7
add linux/aarch64/shell_reverse_tcp
2017-08-17 18:55:37 +08:00
6a3fc618a4
Add bypassuac_injection_winsxs.rb module
2017-06-03 12:59:50 +02:00
0520d7cf76
First crack at Samba CVE-2017-7494
2017-05-24 19:42:04 -05:00
f3d6a8c456
split PSModulePath in multi strings with ';'
...
1、allows the HTA window to be invisible
2017-04-26 11:01:59 +08:00
c724f0e05d
Handle multiple entries in PSModulePath
...
This commit handles the case where more than one entry exists in
the PSModulePath environment variable. The updated code will loop
through each entry in the PSModulePath checking for the presence of
powershell.exe. When one is encountered it will execute the payload
and exit the for loop.
2017-04-19 11:22:38 -04:00
637098466c
Hidden black flash windows / Close HTA windows
2017-04-16 22:53:17 -05:00
af4f3e7a0d
use templates from the gem for psh
...
use the templates now contained within the magical
gem of rex-powershell
7309
MS-2106
2016-10-04 14:14:25 -05:00
dcc77fda5b
Add back accidentally-deleted nasm comment.
2016-10-03 23:47:13 -05:00
eff85e4118
Just remove DT_HASH.
2016-10-03 23:43:19 -05:00
8828060886
Fix linux x64 elf-so template.
...
Previously the elf-so would crash when loaded with LD_PRELOAD,
due to not enough room for the symbol table.
2016-10-03 23:24:31 -05:00
c6012e7947
add jsp payload generator
2016-09-06 22:17:21 +02:00
629bc00696
Use MSXML decoder instead
2016-03-25 22:52:16 +09:00
19bd7b98f4
Fix minor indenting issue
2016-03-01 11:50:56 +09:00
c8c5549b19
Send base64ed shellcode and decode with certutil
2016-03-01 10:48:25 +09:00
737559bcbb
Land #5180 , VBA Powershell for Office Macro
2015-05-28 19:55:27 -05:00
3bc3614be6
Do a check for powershell.exe before running it.
2015-05-15 11:48:21 -05:00
381f6ffe0a
HTA Powershell template
2015-04-20 23:19:54 +01:00
b229e87940
Create VBA powershell
2015-04-17 16:52:12 +01:00
2d3614f647
Implement x64 BSD exec and exe template.
...
- Fixes bug in CachedSize due to all options being set
- Adds new payload to payload_spec.
2015-04-12 12:17:25 -05:00
1c5cfeebb3
adding template and src for elf 64 shared object payload target
2014-06-19 00:38:16 -05:00
d868294d5b
MEM_RESERVE too
2014-06-08 17:37:57 +01:00
9d08ebe273
Fix VirtualAlloc call on PSH old template
2014-06-08 11:09:03 -05:00
adfoster-r7