a215d64574
Linux x64 binary reverse SCTP stager
...
Implement binary SCTP stager for Linux x64.
Testing:
Successful test against Arch Linux x64 VM in local Libvirt
2023-02-08 21:47:28 -05:00
d32df1d3dc
Fix linux reverse_tcp_x64 rdx register value
2022-11-23 19:36:37 +08:00
a8a9b4bbe1
Update the #generate signature to take opts
2022-05-19 16:30:54 -04:00
5c5728a973
Stop applying prepends twice
2021-06-09 10:27:10 -04:00
9e41dfec62
Land #14334 , close socket in x86 bind payloads
2021-01-04 11:50:07 -06:00
1617b3ec9b
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
5132882c58
Ref #14333 : Fix Linux_BindTcp Payload
2020-11-03 13:11:32 +01:00
2ee5ec97e4
Use smallest stager size
...
Since these stagers can shrink based on the expected size of the next
stage, do our best to anticipate a small size. This makes the cached
payload size consistent for now, though if the x64 mettle stager grows
past 128 bytes I think we'll see the stager start oscillating in size
again. If you run into that and are reading this, sorry :(
2019-09-04 16:06:44 -05:00
bb0f1b02ac
Fully golf the x86 read size
2019-09-04 14:54:48 -05:00
04e750024c
Clean up linux/x86/rev_tcp asm per acammack
...
Push read_size to edx as suggested by Adam, optimize shellcode a
bit by selecting using dx instead of edx for sizes under 64K.
Testing:
Internal only, creates session on every try instead of every 5th.
2019-09-04 01:51:54 -04:00
80522a5712
Clean up linux/x64/rev_tcp asm per acammack
...
Address Adam's comments on the PR - remove redundantly pushed
size from mmap section.
2019-09-03 15:01:52 -04:00
97943261ed
Linux x86 reverse_tcp should read known # of bytes
...
See notes for x64.
This part does not appear to be working properly yet - stages
generated with this commit recv 102b on the first call to read(),
but subsequently things seem to go off the rails after the
intermediate stage is loaded.
Needs testing and fixup at present for x86 (no worse than before
in terms of success rate however).
2019-09-03 01:55:12 -04:00
05944ba8c1
Linux x64 reverse_tcp should read known # of bytes
...
The linux x64 reverse tcp stager is hardcoded to read 4K off the
socket. When a small intermediate stager is used, this can result
in reading part of the next stage as well, which means that the
intermediate stager will never recv the # of bytes it needs and
hang indefinitely.
Break out the mettle piece to use separate methods for assembly and
binary payload generation as well as actually putting the product
on the existing session socket.
Change the first part of the stage to check for the intermediate
stager generation method, and use the size of the produced stager
in the recvfrom call or fall back to the prior 4K read size.
Testing:
None yet
Ping @bcook-r7, @acammack-r7, @OJ, @ZeroSteiner
2019-09-03 01:27:27 -04:00
4216d06ffb
fix #9963 , update x64 linux reverse_tcp stager cached size
2018-05-05 16:30:45 +08:00
9338de15d3
Fix stack in payload/linux/x64/reverse_tcp
2018-05-03 15:34:00 +02:00
a5588ec174
use same datastore retry option for x86 and x64 linux stagers
2018-04-17 15:57:54 -10:00
ec51ab2547
Exit function param bug
2017-09-26 11:16:41 +03:00
74f89857d8
fix extra sleep on linux x86 stager
2017-08-18 15:20:35 +09:00
debbc31142
use separate module names for x86 and x64 generators
2017-08-15 08:02:01 -04:00
db2e3f2ddd
add retry to linux reverse tcp x64
2017-08-15 12:49:29 +09:00
59086af261
Land #8771 , rewrite linux x64 stagers with Metasm
2017-08-14 02:32:29 -04:00
4ca68a178b
switch reverse_tcp stagers to all prefer StagerRetryCount
...
This leaves ReverseConnectRetries as an alternate spelling.
2017-08-08 19:27:00 -05:00
331279d891
handle fractional seconds
2017-08-08 19:06:46 -05:00
a396d860e7
change SleepSeconds to StagerRetryWait
2017-08-08 19:26:24 +09:00
f961d7da13
update src
2017-07-29 21:08:52 +09:00
bc6f19a919
add sleepSeconds, sleepNanoseconds option
2017-07-29 20:55:53 +09:00
2ec064418f
fix desc
2017-07-26 14:22:09 +09:00
2f3090599e
change to use option
2017-07-16 19:58:50 +09:00
6c5d8279ca
change to generate payload from metasm
2017-07-16 19:21:09 +09:00
4e046db9b3
add retry to linux reverse tcp x86
2017-07-14 12:47:32 +09:00
82a83af6c2
add error handling to x86 linux reverse tcp
2017-06-03 04:04:55 +09:00
f69b4a330e
handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations
2017-01-22 10:20:03 -06:00
6e7f07f0f3
Fix off-by-one error in #6954
...
Props to @egypt for noticing. My bad. :-)
2016-07-05 11:12:12 -05:00
4b01213fb5
Rewrite the logic to be positive
...
unless is the devil. unless/else doubly so.
2016-07-01 09:15:42 -05:00
340792aae4
don't jump past the uuid sender on win32/tcp connect
2015-05-29 14:34:27 -05:00
d0a5b803e8
Use generate_payload_uuid instead of manual obj creation
2015-05-20 16:25:52 +10:00
e7f80042d4
Finalise work on the bind_ipv6_tcp stager for UUID support
2015-05-18 21:19:04 +10:00
593f6e5fc4
Fix issue with bind UUID
2015-05-18 20:25:15 +10:00
0d56b3ee66
Stage UUIDs, generation options, php and python meterp uuid
2015-05-18 13:29:46 +10:00
69d2b8ffb1
Various code format, style changes, file moves
...
As per Egypt's suggestions.
2015-05-12 09:43:41 +10:00
9d7a7cb68d
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
lib/msf/core/payload/linux/bind_tcp.rb
2015-05-07 07:24:22 +10:00
5a8b6e90f2
restore ecx after setting the socket options, set default size
2015-05-06 11:56:07 -05:00
852961f059
Tweaking of transport behaviour, removal of patch
2015-05-05 11:45:22 +10:00
e835f2b99c
Rejig transport config into module
...
Adjust a few other things along the way, including tidying of code,
removing of dead stuff.
2015-05-04 22:04:34 +10:00
93bf995b32
Reverse tcp support for POSIX
...
Ported the stager and wired in the new work to make the configuration
function.
2015-05-04 20:11:26 +10:00
9300158c9a
Initial rework of POSIX stuff to handle new configuration
2015-05-04 18:58:55 +10:00
fca4d852a1
Remove the passing on off listen socket values
2015-04-28 13:51:48 +10:00
1b11322618
Remove STDERR debug statement
2015-04-23 19:36:17 +10:00
19f8a76475
Porting bind_tcp for posix to metasm
...
And supporting SO_REUSEADDR and stageless meterp
2015-04-18 19:19:40 +10:00
RageLtMan