ff14cf9bfb
Implement QUERY_FILE_INFO_NETWORK SMB command
...
This commit adds support for the TRANS2 request 'query file info
network' (smb_cmd_trans_query_file_info_network) used in some SMB client
requests. This adds specific support for functions used by Apache Tomcat
in the Struts2 JSP injection exploit (CVE-2014-0094).
2014-05-01 12:23:31 +01:00
b899504580
Bugfixes and additional protocol support for extra FIND_FIRST2 functions
...
These additions queue up support for the SMB functions used by the
ms13_071_theme expoit developed by Juan Vazquez, including support for
the FIND_FIRST2 functions:
* Find File Both Directory Info
* Find File Names Info
Additionally this commit fixes a few bugs in how the client SMB payload
is handled to determine whether a file, directory or "not found"
response needs to be returned and allows metasploit to serve arbitrary
files directly over SMB in addition to files being loaded in runtime
processes calling "LoadLibrary".
2014-04-30 11:58:34 +01:00
c3fb5bf614
fix a few clarical errors and typos
2014-04-29 22:42:26 -04:00
4bd2dabfcd
Land #3121 , new kiwi extension, with compiled bins
...
See also rapid7/meterpreter#79
2014-04-29 17:53:37 -05:00
b860cecad6
Function spec (doesnt pass)
2014-04-28 14:09:39 +01:00
8031e50d35
Make Exploitation::Powershell testable
...
Example test
2014-04-26 13:27:25 +01:00
98d2b2293b
Unnecessary return
2014-04-26 13:05:47 +01:00
be10c8e4ac
Split Rex::Exploitation::Powershell::* into individual files
2014-04-26 12:59:43 +01:00
206184007f
Move methods and rename file so it is run by rspec
2014-04-25 15:16:15 +01:00
32fa8748a8
Fix up decompress
2014-04-23 05:20:54 +01:00
e774411b63
Revert Enum removal
...
.NET 4.5 has two constructors with 2 args so this becomes ambiguous
2014-04-23 02:06:14 +01:00
d2e8e07cfe
Fix old powershell generation
2014-04-23 01:58:02 +01:00
dd38a81dfc
Fix a @parma
2014-04-23 01:10:13 +01:00
647936e291
Add more yarddoc to Rex::Exploitation::Powershell
...
encode_code doesn't use eof
no need to unicode encode in gzip as this is handled by encode_code
2014-04-23 01:07:54 +01:00
86cfecdd95
Shave some chars off compression code
2014-04-22 14:52:30 +01:00
354311d191
No need to out-null if no windows is shown
2014-04-22 14:42:03 +01:00
cec12edd99
Use enum integer values
2014-04-22 14:40:32 +01:00
71b43d392b
Dont need to specify ASCII mode
2014-04-22 14:36:02 +01:00
49bd86f077
Clean up yardocs and a few style issues
2014-04-21 03:12:23 -05:00
c936dc963c
Shorten compression
2014-04-19 18:55:45 +01:00
67f44072ca
Merge remote-tracking branch 'upstream/master' into pr2075
2014-04-19 18:45:55 +01:00
9f05760c50
Merge with Meatballs' initial changes
...
Clean up arch detection code and dedup Msf/Rex
Reduce generated payload size
2014-04-18 00:28:48 -04:00
5c3289bbc6
merge fix
2014-04-17 21:26:04 -04:00
38d8df4040
Merge remote-tracking branch 'upstream/master' into pr2075
...
Conflicts:
modules/exploits/windows/local/wmi.rb
2014-04-15 22:06:45 +01:00
02b11afddc
Merge remote-tracking branch 'upstream/master' into netapi_change_passwd
...
Conflicts:
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb
2014-04-15 21:23:45 +01:00
fc018eb32e
Initial commit
2014-04-15 21:05:06 +01:00
e09f887c4c
Revert "Fixes large-string expansion in JSObfu."
...
This reverts commit 14fed8c610
2014-04-11 16:51:47 -05:00
4cb04b6b9a
Revert "Use implicit return for assignment."
...
This reverts commit 49139cc07f
2014-04-11 16:51:40 -05:00
21b2697b95
Revert "Use tiny var names by default."
...
This reverts commit 52432ef482
2014-04-11 16:51:34 -05:00
d41b3467f8
Revert "Re-add the #random_string(len) method to pass specs."
...
This reverts commit bd8918e4e1
2014-04-11 16:51:21 -05:00
a6a6ad2217
Land #3227 - Remove bundled rkelly, to Gemfile
2014-04-10 12:31:59 -05:00
68a50e3663
Land #3224 - Fixes large-string expansion in JSObfu
2014-04-10 12:09:22 -05:00
bd8918e4e1
Re-add the #random_string(len) method to pass specs.
2014-04-09 17:44:48 -05:00
57aa1eec11
Kick rkelly out to a gem, add rkelly-remixed.
...
rkelly-remixed is a faster fork of rkelly that is more frequently updated
nowadays. With the new gem, jsobfu obfuscates os.js about twice as fast on
my dev environment.
2014-04-09 17:21:22 -05:00
52432ef482
Use tiny var names by default.
2014-04-09 16:54:02 -05:00
49139cc07f
Use implicit return for assignment.
2014-04-09 15:48:07 -05:00
14fed8c610
Fixes large-string expansion in JSObfu.
2014-04-09 15:45:48 -05:00
ae3ead6ef9
Land #2107 Post Enum Domain Users
2014-04-09 11:32:12 +01:00
80b069f161
Add support for spoofed zip Central Dir names at Entry level
2014-04-07 09:21:26 -05:00
46e6f937f1
Revert "Add central directory zip spoofing"
...
This reverts commit d0700e8ac4
2014-04-07 08:50:33 -05:00
d0700e8ac4
Add central directory zip spoofing
2014-04-07 08:49:49 -05:00
6d72860d58
Land #3004 , @m-1-k-3's linksys moon exploit
2014-04-04 14:04:48 -05:00
9779913060
Land #3184 , Rex::Proto::Http::Client IOError fix
2014-04-03 15:58:50 -05:00
42d59d269e
Check #closed? instead of rescuing.
2014-04-03 14:20:48 -05:00
98628b814e
Prevent Rex::Proto::Http::Client from raising on close.
2014-04-03 11:36:18 -05:00
231138da1b
Fix a typo in the nexpose raw importer
2014-04-03 07:12:45 -07:00
670a0c8e0f
Merge branch 'upstream/master' into ext_server_kiwi
2014-04-02 19:36:42 +10:00
cceb146680
Support for the new ADSI result structure
2014-04-02 17:37:23 +10:00
e61e532223
Add support for extraction of wifi profile creds
2014-04-02 17:16:40 +10:00
1d46e65897
Update to match meterpreter changes
...
This also includes the ability to specify id and groups for the
golden ticket feature.
2014-04-02 12:29:35 +10:00
Matthew Hall