9391e11202
Fix typo in alloc_and_write_wstring calling non-existent method
...
`str_to_uniz_a` does not exist, updated to `str_to_uni_z`. Looking at cross-references, only two modules use this method to convert from ruby strings to null-terminated WCHARs. Updated the comments to clarify usage of this method and fixed the typo.
2024-01-27 00:01:03 +08:00
6a851855a8
spelling fixes for lib folder
2024-01-06 15:54:49 -05:00
3bad98afc6
Land #18488 , add kerberos_tickets post module
...
Adds a module to manage kerberos tickets from a compromised
host. This PR also includes rail gun enhancements.
2023-12-07 19:12:48 -05:00
9d757990fe
Fix LocalAlloc/LocalFree definitions
...
Railgun should not be using DWORD for pointer sizes because it breaks
things on 64-bit sessions.
Fixes #18544
2023-11-20 16:23:33 -05:00
79a3e756b3
Add the ENUM_LUIDS action
2023-10-27 12:47:19 -04:00
0dea63904f
Allow passing pointers for PBLOB in parameters
...
This will cause railgun to use the pointer as is it were defined as an
LPVOID parameter type. This is useful in cases where the contents are
already in the target's memory.
2023-10-27 12:47:19 -04:00
ba9cb1ef40
Update advapi32 definitions
...
Add definitions for ConvertSidToStringSid and fix the data type of the
ThreadHandle parameter.
2023-10-27 12:47:19 -04:00
71f019c359
Add initial secur32.dll railgun definitions
2023-10-27 12:47:19 -04:00
ff699aae00
Accept BinData::Struct instances in railgun
...
This updates railgun to accept BinData::Structs in key locations of
railgun for convenience.
2023-10-27 12:47:19 -04:00
5b5d5ade40
Free data using the new util API
2023-10-27 12:47:19 -04:00
9253b35fb2
Allow freeing allocated utility strings
...
Also use HeapAlloc so we're not leaking entire pages.
2023-10-24 17:18:36 -04:00
75ba9110e2
Added module for Windows version comparisons
...
Utilised it in various existing modules - this should fix some subtle bugs in specific modules' version detection.
2023-05-25 14:36:46 +10:00
a8043adef0
Fix accidental copy/paste
2023-04-24 17:19:18 -05:00
9215488d31
Update pointer type to support 64 bit calls
2023-04-24 17:14:50 -05:00
9706ee9d9e
Need to use #native_arch
...
Using #arch instead of #native_arch means that the Python Meterpreter
will be misclassified as ARCH_PYTHON and will be unable to use util
functions correctly.
2023-02-24 13:46:11 -05:00
42bd87e0c1
Update how railgun handles pointer return types
...
Update railgun to handle pointer return types. If the type that is
pointed to is known (i.e. PCHAR, PULONG_PTR) and not LPVOID, the
contents returned to the caller. The raw address is also returned in the
&return key to enable the caller to free the buffer if necessary which
is determined by the function that was called.
2023-02-23 08:42:59 -06:00
4c25530afe
Fix up PCHAR and PWCHAR definitions to correctly handle cases where the return value may be 0. Also fix some definitions to be clearer and work on x64.
2023-02-23 08:41:26 -06:00
ae461c2395
Add in ULONG alias to DWORD and update definitions to fix some mistakes
2023-02-23 08:40:28 -06:00
59eb419d28
Make PULONG_PTR definitions PLPVOID to be more accurate, and correctly define some structures as PBLOB so they be handled correctly
2023-02-23 08:40:23 -06:00
d16905ca49
Fix incorrect definitions for ldap_search functions
2023-02-23 08:40:22 -06:00
43b4ee268c
Land #17592 , Fix bypassuac_injection_winsxs for x64
2023-02-09 11:41:51 -06:00
f2e5e77e27
Fix bypassuac_injection_winsxs for x64
...
Tested on Windows 8.1, prior to these chagnes the bad railgun definition
would cause the session to crash.
2023-02-03 13:02:53 -05:00
b5a83ffd0f
Add in PULONG alias to PDWORD and update definitions
2023-02-01 12:36:22 -06:00
be85aa253d
Fix input and output buffers for some mislabeled functions
2023-01-27 14:09:45 -06:00
1cc5345cf1
Fix the data types
2022-10-27 15:53:26 -04:00
bc9f64f043
use default printer in case target is server
...
clean up code, add EnumPrinters definitions
2022-03-10 16:45:20 -06:00
aa87d5d387
add fixed definitions and exploit
2022-03-04 15:56:28 -06:00
40bb5e2afa
correct return val for definition, add module
2022-02-25 18:13:49 -06:00
9c56a9a2bc
add more definitions / constants for permissions
2022-02-24 20:20:38 -06:00
99226f1a5c
add definitions for winspool and spoolss libs
2022-02-15 15:51:22 -06:00
06762d0934
Update references to railgun to be consistent
2021-09-27 12:37:14 +01:00
278c6532d0
Implemented suggested changes.
...
Download directly to loot directory.
2021-05-07 09:28:31 +10:00
a47b1af60b
Added module to dump memory for processes, using Windows Meterpreter
2021-05-05 18:12:40 +10:00
088c49aa00
Add two more railgun definitions for kernel32
2021-01-04 10:45:07 -05:00
7db96aba68
actually fix railgun file_version
2020-12-11 15:26:06 +00:00
cef120b0cd
fix railgun file_version and add test
2020-12-11 15:08:19 +00:00
7d97e2e306
Fix a couple of railgun related bugs with the new refactoring
2020-12-03 12:09:35 -05:00
c0143e7111
Fix two PVOID definitions to the correct LPVOID
2020-12-01 18:00:23 -05:00
0ef912d489
Consolidate railgun code
2020-12-01 12:27:12 -05:00
7e78721788
Add and use a ULONG_PTR / PULONG_PTR data type in railgun
2020-12-01 10:42:28 -05:00
8070074da3
Almost final refactor of how IDs are handled
2020-06-09 08:58:26 +10:00
9769e04b6e
Land #13322 , CVE-2020-0668 Service tracing file junction overwrite
2020-05-07 09:47:20 -04:00
0bbb822fe4
Working through mountpoint issues
2020-04-21 09:54:45 -05:00
d92d1448ef
Minor whitespace and verbage cleanups
2020-03-24 16:03:40 -04:00
2c3ad585a3
Add the enumeration function
2020-03-07 20:56:58 +08:00
106ef40376
Add Function alloc_and_write_wstring and alloc_and_write_string
2020-03-01 14:28:46 +08:00
e9c16fb2bb
New Function and Fix data type in the NetLocalGroupAddMembers parameter
2020-02-29 00:20:09 +08:00
2ef04153b4
Add Api Constants
2020-02-29 00:18:48 +08:00
04d54bc786
Added additional netapi32.dll functions
2020-02-25 20:00:21 +08:00
9a81cc70dd
Fix corruption of non-latin characters in W methods
2017-11-21 20:58:38 -06:00
upsidedwn