adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

98 Commits

Author SHA1 Message Date
adfoster-r7 9a40e2612b Land #17129, Add OSX Aarch64 Payload support 2023-08-02 18:37:56 +01:00
adfoster-r7 f3adc3f79f Fix invalid references in modules 2023-07-27 16:02:37 +01:00
usiegl00 1c5b88c59f Update CachedSize for Mettle 2023-06-19 12:23:40 +02:00
adfoster-r7 0d9cca79b4 Fix crash when generating payload sizes 2022-11-04 02:10:58 +00:00
Spencer McIntyre 83de0924f0 Move #generate_stage to #generate for singles 2022-09-22 12:55:41 -04:00
space-r7 1e18013a9b update payload cached sizes 2022-08-30 10:15:36 -05:00
dwelch-r7 1f4ee19c05 Expose options for logging to a file in mettle 2022-05-06 14:36:55 +01:00
bwatters f3f3f8726c update payload cache sizes 2022-01-27 09:18:08 -06:00
dwelch-r7 f2292c4b5c update payload cache sizes 2021-10-18 17:33:32 +01:00
Tim W de398ae61f update payload cached sizes 2021-09-27 15:31:14 +01:00
Grant Willcox fb9aa68b7a Comment out several additional parts of the shellcode for better clarity 2021-04-12 17:26:46 -05:00
Geyslan G. Bem 6f5c82c388 payloads/x64: exec.rb new behaviour 
This patch adds new behaviour to CMD option.

Now if CMD is empty or unset, a 21 byte not null-free execve payload is built.
The arbitrary command option continues the same when CMD is set.

It also adds the OptBool NullFreeVersion advanced option.

Its default value is false. When set as true, generate will output a
self included null-free version of the payload without need of encoding.

Signed-off-by: Geyslan G. Bem <geyslan@gmail.com>
 2021-04-10 00:55:44 -03:00
Geyslan G. Bem 8e0d6d2675 payloads/x64: exec.rb metasm, refactoring 
This patch converts shellcode to metasm and make it more efficient, resulting
in its size being reduced to 37 bytes + CMD length.

Signed-off-by: Geyslan G. Bem <geyslan@gmail.com>
 2021-04-09 21:50:18 -03:00
Grant Willcox 0588672415 Land #15020, Update mettle payloads to 1.0.9 2021-04-09 12:33:32 -05:00
Alan Foster c7635296a1 Update mettle payloads to 1.0.9 2021-04-09 12:09:47 +01:00
Geyslan G. Bem 74a77fb66e x64/shell_bind_tcp_random_port: rip one byte off 
Gets rid of one more byte and adjusts mentions to //bin/sh string.

Signed-off-by: Geyslan G. Bem <geyslan@gmail.com>
 2021-04-03 12:04:32 -03:00
Tim W c05ed60dd8 update payloads cached size 2021-03-26 15:25:35 +00:00
Geyslan G. Bem ab307fbd87 payload/x64: shell_bind_tcp_random_port improvement 
This patch reduces the payload to 52 bytes while preserving its functionality
using coordinated xchg instructions.
It also guarantees dup2 call without garbage in rax.

Signed-off-by: Geyslan G. Bem <geyslan@gmail.com>
 2021-01-29 16:58:14 -03:00
bwatters 1ad7ae2707 Land #14621, Refactor (reduce) linux/x64/shell_bind_tcp_random_port 
Merge branch 'land-14621' into upstream-master
 2021-01-21 12:38:53 -06:00
Geyslan G. Bem d0cf0ef0e9 get rid of tabs 
Signed-off-by: Geyslan G. Bem <geyslan@gmail.com>
 2021-01-17 11:18:59 -03:00
Geyslan G. Bem 5edb4cd135 reduce to 53 bytes and refactor to embed nasm 
Signed-off-by: Geyslan G. Bem <geyslan@gmail.com>
 2021-01-17 11:11:07 -03:00
dwelch-r7 bad5ccbc49 Remove msf/base requires 2021-01-05 14:59:46 +00:00
dwelch-r7 1617b3ec9b Use zeitwerk for lib/msf/core folder 2020-12-07 10:31:45 +00:00
Brent Cook 6ec8e942c2 update sizes 2020-06-09 08:59:51 +10:00
Tim W def95c41ce update payload cached sizes 2020-03-30 16:12:42 +08:00
Brent Cook 40cc170578 bump payload sizes 2020-03-05 10:12:14 -06:00
Shelby Pace bcd181c87d require bind tcp 2019-09-03 09:14:34 -05:00
bwatters-r7 6bf10e1f91 Fixups for syntax 2019-07-29 11:55:51 -05:00
bwatters-r7 79b7bbd2cf Update payload cache size and fix import bug 2019-07-26 13:52:36 -05:00
bwatters-r7 2f804faed9 Rubocop and @acammack cleanup suggestions 2019-07-26 12:36:59 -05:00
bwatters-r7 7c2d214af2 Clean up debugging, move options to one place and delete superflous file 
change the uuid handing to prevent changes to it when it gets put in payloads
 2019-07-25 19:45:05 -05:00
bwatters-r7 6ae3f97c4a Maybe include the super pingback type in the payloads? 2019-07-25 19:44:11 -05:00
bwatters-r7 39f193e649 Stupid last trailing space 2019-07-25 19:43:13 -05:00
bwatters-r7 3e765090e2 Fix some spacing 2019-07-25 19:43:13 -05:00
bwatters-r7 08a765df81 Shut up, nmsftidy.... I hope 2019-07-25 19:42:51 -05:00
asoto-r7 247f246475 Linux pingback payloads 2019-07-25 19:42:26 -05:00
CCob aaa017e9cd Fix issue where Linux x64 shell_find_port did not set the sockaddr_len value 2019-06-02 09:23:09 +01:00
bwatters-r7 068ba6e3f2 Update Payload cache sizes 2019-05-21 12:40:27 -05:00
Brent Cook e7974e4955 bump mettle and other gems 2019-04-11 17:26:15 -05:00
bwatters 239cce53ea Land #11039, Add linux x64 ipv6 reverse shell 
Merge branch 'land-11039' into upstream-master
 2019-02-01 16:21:24 -06:00
Jeffrey Martin 5a63e629e4 update payload sizes for mettle 0.5.4 2019-01-31 00:12:45 -06:00
bwatters 6c9a5b3fea Update Cache Sizes 2019-01-28 15:53:19 -06:00
epi cb3ea8dfed Remove binding.pry from bind payload. 
In response to
https://github.com/rapid7/metasploit-framework/pull/11039#discussion_r241890477.
 2018-12-14 16:32:19 -06:00
Brent Cook 0345c8f66c update mettle payloads 
This is a large update to mettle payloads including:

 * Adds globbing support to the `ls` command (https://github.com/rapid7/mettle/pull/139)
 * Fixes crashes on iOS platforms when cryptTLV is enabled (https://github.com/rapid7/mettle/pull/142)
 * Fixes display of the OS version on macOS and iOS (https://github.com/rapid7/mettle/pull/143)
 * Fixes the local port handling for pivoted client network connections (https://github.com/rapid7/mettle/pull/144)
 * Fixes an unaligned memory access in TLV packet handling, needed for some CPUs (https://github.com/rapid7/mettle/pull/145)
 * Fixes some compatibility issues building on Solaris (https://github.com/rapid7/mettle/pull/147)
 * Updated libpcap, mbedtls, and libcurl to the latest versions (https://github.com/rapid7/mettle/pull/146)
 2018-12-06 21:16:41 -06:00
epi c3a40d3752 Remove trailing whitespace at EOL. 2018-12-06 20:18:21 -06:00
epi 392ad18dba Implement reverse_ipv6 shellcode via metasm in lib. 
Per the linked request
    https://github.com/rapid7/metasploit-framework/pull/11039#issuecomment-443915955
Rewrote previous version of payload module to make use of metasm for
more reusable shellcode.
 2018-12-06 20:10:07 -06:00
epi f728b46a80 WIP on add-linux-x64-ipv6-bind-shell: 87fa3af6b9 Implement shellcode via metasm in lib. 2018-12-06 16:23:20 -06:00
epi 87fa3af6b9 Implement shellcode via metasm in lib. 
Per the linked request
    https://github.com/rapid7/metasploit-framework/pull/11039#issuecomment-443915955
Rewrote previous payload module to make use of metasm for more reusable
shellcode.
 2018-12-05 06:14:31 -06:00
epi 8cece2cf54 Add Linux x86_64 IPv6 Inline Bind Shell 
Implements inline x86_64 Linux bourne bind shell over IPv6.
 2018-12-01 07:39:38 -06:00
epi 5058afb615 Fixed lport and scopeid offsets. 
Offsets for scopeid and lport were incorrect in the previous commit.
Updated offsets to the correct values.  Confirmed by viewing the connect
syscall values with strace.
 2018-11-29 05:42:54 -06:00