adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

638 Commits

Author SHA1 Message Date
Jack Heysel 3c46f51924 Land #18753, Fix typo in alloc_and_write_wstring 
The method str_to_uniz_a was being called but does not exist.
The actual method name is str_to_uni_z, this PR fixes that typo.
 2024-02-01 15:09:16 -05:00
upsidedwn 9391e11202 Fix typo in alloc_and_write_wstring calling non-existent method 
`str_to_uniz_a` does not exist, updated to `str_to_uni_z`. Looking at cross-references, only two modules use this method to convert from ruby strings to null-terminated WCHARs. Updated the comments to clarify usage of this method and fixed the typo.
 2024-01-27 00:01:03 +08:00
sjanusz-r7 aac74778b9 Move memory search method to Meterpreter stdapi 2024-01-24 19:53:30 +00:00
h00die 6a851855a8 spelling fixes for lib folder 2024-01-06 15:54:49 -05:00
Jack Heysel 3bad98afc6 Land #18488, add kerberos_tickets post module 
Adds a module to manage kerberos tickets from a compromised
host. This PR also includes rail gun enhancements.
 2023-12-07 19:12:48 -05:00
Spencer McIntyre 9d757990fe Fix LocalAlloc/LocalFree definitions 
Railgun should not be using DWORD for pointer sizes because it breaks
things on 64-bit sessions.

Fixes #18544
 2023-11-20 16:23:33 -05:00
Spencer McIntyre 79a3e756b3 Add the ENUM_LUIDS action 2023-10-27 12:47:19 -04:00
Spencer McIntyre 0dea63904f Allow passing pointers for PBLOB in parameters 
This will cause railgun to use the pointer as is it were defined as an
LPVOID parameter type. This is useful in cases where the contents are
already in the target's memory.
 2023-10-27 12:47:19 -04:00
Spencer McIntyre ba9cb1ef40 Update advapi32 definitions 
Add definitions for ConvertSidToStringSid and fix the data type of the
ThreadHandle parameter.
 2023-10-27 12:47:19 -04:00
Spencer McIntyre 71f019c359 Add initial secur32.dll railgun definitions 2023-10-27 12:47:19 -04:00
Spencer McIntyre ff699aae00 Accept BinData::Struct instances in railgun 
This updates railgun to accept BinData::Structs in key locations of
railgun for convenience.
 2023-10-27 12:47:19 -04:00
Spencer McIntyre 5b5d5ade40 Free data using the new util API 2023-10-27 12:47:19 -04:00
Spencer McIntyre 9253b35fb2 Allow freeing allocated utility strings 
Also use HeapAlloc so we're not leaking entire pages.
 2023-10-24 17:18:36 -04:00
sjanusz-r7 daa8b8ae99 Use Metasploit-Payloads Crypto to decrypt payloads 2023-10-13 14:42:10 +01:00
bwatters 38f542174d Land #17336, A more robust implementation for Windows version comparisons 
Merge branch 'land-17336' into upstream-master
 2023-06-13 15:38:56 -05:00
Spencer McIntyre 296a7afc86 Land #18076, Don't use length for freeing. 2023-06-09 10:10:29 -04:00
Ashley Donaldson 717ceae45b Don't use length for freeing. 
MSDN says this will never succeed - should always be zero.
 2023-06-08 15:02:41 +10:00
Ashley Donaldson 75ba9110e2 Added module for Windows version comparisons 
Utilised it in various existing modules - this should fix some subtle bugs in specific modules' version detection.
 2023-05-25 14:36:46 +10:00
attl4s 42ef5ad322 remove TLV_TYPE_TOKEN_UPDATE_RESULT - update_token sends empty response when succeeds 2023-05-24 16:12:12 +02:00
attl4s 3a685849a8 add update_token bridge + make_token module 2023-05-24 10:33:52 +02:00
adfoster-r7 069ad805c1 Fix ruby 3.1 crashes when garbage collecting meterpreter resources 2023-05-05 14:04:17 +01:00
bwatters a8043adef0 Fix accidental copy/paste 2023-04-24 17:19:18 -05:00
bwatters 9215488d31 Update pointer type to support 64 bit calls 2023-04-24 17:14:50 -05:00
Spencer McIntyre 9706ee9d9e Need to use #native_arch 
Using #arch instead of #native_arch means that the Python Meterpreter
will be misclassified as ARCH_PYTHON and will be unable to use util
functions correctly.
 2023-02-24 13:46:11 -05:00
Spencer McIntyre 42bd87e0c1 Update how railgun handles pointer return types 
Update railgun to handle pointer return types. If the type that is
pointed to is known (i.e. PCHAR, PULONG_PTR) and not LPVOID, the
contents returned to the caller. The raw address is also returned in the
&return key to enable the caller to free the buffer if necessary which
is determined by the function that was called.
 2023-02-23 08:42:59 -06:00
Grant Willcox 4c25530afe Fix up PCHAR and PWCHAR definitions to correctly handle cases where the return value may be 0. Also fix some definitions to be clearer and work on x64. 2023-02-23 08:41:26 -06:00
Grant Willcox ae461c2395 Add in ULONG alias to DWORD and update definitions to fix some mistakes 2023-02-23 08:40:28 -06:00
Grant Willcox 59eb419d28 Make PULONG_PTR definitions PLPVOID to be more accurate, and correctly define some structures as PBLOB so they be handled correctly 2023-02-23 08:40:23 -06:00
Grant Willcox d16905ca49 Fix incorrect definitions for ldap_search functions 2023-02-23 08:40:22 -06:00
Grant Willcox 43b4ee268c Land #17592, Fix bypassuac_injection_winsxs for x64 2023-02-09 11:41:51 -06:00
adfoster-r7 f145a214ca Add exception handling for finalizer methods 2023-02-07 20:28:15 +00:00
Spencer McIntyre f2e5e77e27 Fix bypassuac_injection_winsxs for x64 
Tested on Windows 8.1, prior to these chagnes the bad railgun definition
would cause the session to crash.
 2023-02-03 13:02:53 -05:00
Grant Willcox b5a83ffd0f Add in PULONG alias to PDWORD and update definitions 2023-02-01 12:36:22 -06:00
Grant Willcox be85aa253d Fix input and output buffers for some mislabeled functions 2023-01-27 14:09:45 -06:00
Spencer McIntyre d1f5fa06cf Don't use File in cmd_upload / cmd_download 
It does not look like shell sessions define their own File class,
meaning that the local-platform specific one is always used. Instead
we'll define the separator ourselves since it's all we need to perform
the basic operations necessary to analyze the path string.
 2022-12-15 10:05:02 -05:00
Spencer McIntyre 34451940c7 Fix uploading from shell sessions 2022-12-12 12:02:33 -05:00
Spencer McIntyre a9cdb77a72 Use consistent casing and fix typos 2022-12-12 10:30:50 -05:00
bcoles 431804ef15 Fix typos: Replace 'the the' with 'the' 2022-12-04 17:41:24 +11:00
Spencer McIntyre 218e8c2d0c Fix a Ruby 3 syntax issue 
Closes #17124

This fixes a Ruby 3 syntax issue in how the parameters are passed. The
issue caused TcpServerChannels to fail to enqueue new client
connections.
 2022-11-14 17:01:51 -05:00
Spencer McIntyre 7fa29c4345 Don't bother with the address type 
The address is returned in the packed format so it's always a string of
either length 0 (resolution failed), length 4 (IPv4) or length 16
(IPv6).

Anything else is invalid and will actually cause Rex::Socket.addr_ntoa
to throw an error. All meterpreters today return the IP address in one
of those three correct lengths.
 2022-11-10 11:13:30 -05:00
Spencer McIntyre 83b3bfa19c Fix an error when a hostname fails to resolve 2022-11-09 08:49:19 -05:00
Spencer McIntyre 1cc5345cf1 Fix the data types 2022-10-27 15:53:26 -04:00
adfoster-r7 c436f42c8c Land #16994, Fix Multiple Registry Related Issues 2022-09-27 11:43:02 +01:00
Spencer McIntyre 0c5377b808 Consolidate registry value conversion logic 2022-09-21 09:06:58 -04:00
Spencer McIntyre d82774be59 Test and handle REG_QWORD 2022-09-20 16:31:54 -04:00
Spencer McIntyre 2654752585 Fix REG_EXPAND_SZ correctly 2022-09-20 16:31:47 -04:00
bwatters 88f14950a0 Land #16688, Add Mimipenguin 
Merge branch 'land-16688' into upstream-master
 2022-09-19 12:43:16 -05:00
Spencer McIntyre 61a2bde27d Fix and test writing REG_EXPAND_SZ values 2022-09-08 12:18:28 -04:00
Spencer McIntyre eaf149ac21 Add a missing type to #type_to_s 2022-09-07 11:52:12 -04:00
Spencer McIntyre f1a7be6c49 Fix how REG_MULTI_SZ is handled 2022-09-06 16:53:30 -04:00