adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

652 Commits

Author SHA1 Message Date
Ashley Donaldson 904f4b68f7 Warn user if they are using PowerShell with impersonation 2025-05-27 10:14:48 -04:00
bcoles 5aa91bd57c Rubocop: Resolve Rubocop Style/RedundantRegexpArgument violations 2025-05-24 13:34:32 +10:00
Spencer McIntyre f8d8f1b1e3 Apply rubocop changes 2025-04-04 13:57:51 -04:00
Martin Sutovsky dcad2aea9d Refactoring clipboard options, using constants, changing default values 2025-04-03 10:51:28 +02:00
Martin Sutovsky e02362284f Moving constant, change return value to true 2025-04-02 10:28:10 +02:00
Martin Sutovsky 4851d648e4 Adding more constants, more granural status messages 2025-03-15 19:52:52 +01:00
Martin Sutovsky a1c980c64a Bug fix, rollback to previous default value for downloading files 2025-03-07 12:19:27 +01:00
Martin Sutovsky 4376716a5f Additional path traversal checks 2025-03-06 17:47:20 +01:00
adfoster-r7 fdfda1f7e3 Fix crash when running meterpreter shell command 2024-10-23 00:35:47 +01:00
Ashley Donaldson 0ab16ae3af Fix bug when no arguments are present 2024-10-12 14:36:08 +11:00
Ashley Donaldson 5d71aa26e3 Treat old-style path separately to new (unescaped) path 2024-10-12 14:36:08 +11:00
Ashley Donaldson 85d019cd3c Handle CommandLineToArgv behaviour 2024-10-12 14:36:08 +11:00
Ashley Donaldson e9f86c4865 Reworked unix create_process, as it was buggy 2024-10-12 14:36:08 +11:00
Ashley Donaldson 955c675334 Implement new cmd_exec API for PowerShell 2024-10-12 14:36:08 +11:00
Jack Heysel 3c46f51924 Land #18753, Fix typo in alloc_and_write_wstring 
The method str_to_uniz_a was being called but does not exist.
The actual method name is str_to_uni_z, this PR fixes that typo.
 2024-02-01 15:09:16 -05:00
upsidedwn 9391e11202 Fix typo in alloc_and_write_wstring calling non-existent method 
`str_to_uniz_a` does not exist, updated to `str_to_uni_z`. Looking at cross-references, only two modules use this method to convert from ruby strings to null-terminated WCHARs. Updated the comments to clarify usage of this method and fixed the typo.
 2024-01-27 00:01:03 +08:00
sjanusz-r7 aac74778b9 Move memory search method to Meterpreter stdapi 2024-01-24 19:53:30 +00:00
h00die 6a851855a8 spelling fixes for lib folder 2024-01-06 15:54:49 -05:00
Jack Heysel 3bad98afc6 Land #18488, add kerberos_tickets post module 
Adds a module to manage kerberos tickets from a compromised
host. This PR also includes rail gun enhancements.
 2023-12-07 19:12:48 -05:00
Spencer McIntyre 9d757990fe Fix LocalAlloc/LocalFree definitions 
Railgun should not be using DWORD for pointer sizes because it breaks
things on 64-bit sessions.

Fixes #18544
 2023-11-20 16:23:33 -05:00
Spencer McIntyre 79a3e756b3 Add the ENUM_LUIDS action 2023-10-27 12:47:19 -04:00
Spencer McIntyre 0dea63904f Allow passing pointers for PBLOB in parameters 
This will cause railgun to use the pointer as is it were defined as an
LPVOID parameter type. This is useful in cases where the contents are
already in the target's memory.
 2023-10-27 12:47:19 -04:00
Spencer McIntyre ba9cb1ef40 Update advapi32 definitions 
Add definitions for ConvertSidToStringSid and fix the data type of the
ThreadHandle parameter.
 2023-10-27 12:47:19 -04:00
Spencer McIntyre 71f019c359 Add initial secur32.dll railgun definitions 2023-10-27 12:47:19 -04:00
Spencer McIntyre ff699aae00 Accept BinData::Struct instances in railgun 
This updates railgun to accept BinData::Structs in key locations of
railgun for convenience.
 2023-10-27 12:47:19 -04:00
Spencer McIntyre 5b5d5ade40 Free data using the new util API 2023-10-27 12:47:19 -04:00
Spencer McIntyre 9253b35fb2 Allow freeing allocated utility strings 
Also use HeapAlloc so we're not leaking entire pages.
 2023-10-24 17:18:36 -04:00
sjanusz-r7 daa8b8ae99 Use Metasploit-Payloads Crypto to decrypt payloads 2023-10-13 14:42:10 +01:00
bwatters 38f542174d Land #17336, A more robust implementation for Windows version comparisons 
Merge branch 'land-17336' into upstream-master
 2023-06-13 15:38:56 -05:00
Spencer McIntyre 296a7afc86 Land #18076, Don't use length for freeing. 2023-06-09 10:10:29 -04:00
Ashley Donaldson 717ceae45b Don't use length for freeing. 
MSDN says this will never succeed - should always be zero.
 2023-06-08 15:02:41 +10:00
Ashley Donaldson 75ba9110e2 Added module for Windows version comparisons 
Utilised it in various existing modules - this should fix some subtle bugs in specific modules' version detection.
 2023-05-25 14:36:46 +10:00
attl4s 42ef5ad322 remove TLV_TYPE_TOKEN_UPDATE_RESULT - update_token sends empty response when succeeds 2023-05-24 16:12:12 +02:00
attl4s 3a685849a8 add update_token bridge + make_token module 2023-05-24 10:33:52 +02:00
adfoster-r7 069ad805c1 Fix ruby 3.1 crashes when garbage collecting meterpreter resources 2023-05-05 14:04:17 +01:00
bwatters a8043adef0 Fix accidental copy/paste 2023-04-24 17:19:18 -05:00
bwatters 9215488d31 Update pointer type to support 64 bit calls 2023-04-24 17:14:50 -05:00
Spencer McIntyre 9706ee9d9e Need to use #native_arch 
Using #arch instead of #native_arch means that the Python Meterpreter
will be misclassified as ARCH_PYTHON and will be unable to use util
functions correctly.
 2023-02-24 13:46:11 -05:00
Spencer McIntyre 42bd87e0c1 Update how railgun handles pointer return types 
Update railgun to handle pointer return types. If the type that is
pointed to is known (i.e. PCHAR, PULONG_PTR) and not LPVOID, the
contents returned to the caller. The raw address is also returned in the
&return key to enable the caller to free the buffer if necessary which
is determined by the function that was called.
 2023-02-23 08:42:59 -06:00
Grant Willcox 4c25530afe Fix up PCHAR and PWCHAR definitions to correctly handle cases where the return value may be 0. Also fix some definitions to be clearer and work on x64. 2023-02-23 08:41:26 -06:00
Grant Willcox ae461c2395 Add in ULONG alias to DWORD and update definitions to fix some mistakes 2023-02-23 08:40:28 -06:00
Grant Willcox 59eb419d28 Make PULONG_PTR definitions PLPVOID to be more accurate, and correctly define some structures as PBLOB so they be handled correctly 2023-02-23 08:40:23 -06:00
Grant Willcox d16905ca49 Fix incorrect definitions for ldap_search functions 2023-02-23 08:40:22 -06:00
Grant Willcox 43b4ee268c Land #17592, Fix bypassuac_injection_winsxs for x64 2023-02-09 11:41:51 -06:00
adfoster-r7 f145a214ca Add exception handling for finalizer methods 2023-02-07 20:28:15 +00:00
Spencer McIntyre f2e5e77e27 Fix bypassuac_injection_winsxs for x64 
Tested on Windows 8.1, prior to these chagnes the bad railgun definition
would cause the session to crash.
 2023-02-03 13:02:53 -05:00
Grant Willcox b5a83ffd0f Add in PULONG alias to PDWORD and update definitions 2023-02-01 12:36:22 -06:00
Grant Willcox be85aa253d Fix input and output buffers for some mislabeled functions 2023-01-27 14:09:45 -06:00
Spencer McIntyre d1f5fa06cf Don't use File in cmd_upload / cmd_download 
It does not look like shell sessions define their own File class,
meaning that the local-platform specific one is always used. Instead
we'll define the separator ourselves since it's all we need to perform
the basic operations necessary to analyze the path string.
 2022-12-15 10:05:02 -05:00
Spencer McIntyre 34451940c7 Fix uploading from shell sessions 2022-12-12 12:02:33 -05:00