46fbe0bfb8
fix(shellcode): updating block-api to use Length instead of MaximumLength
2026-04-10 10:53:22 -04:00
c3c6a21e55
Update the block API hashing algorithm
...
Allow the block API hashing algorithm to accept an IV
2026-04-10 10:53:22 -04:00
b40fc5afa8
chore: update author information in poolparty shellcode 32-bit
2026-01-08 12:20:43 +01:00
c5fd212334
docs: add poolparty 32-bit, update poolparty 64-bit stubs
2026-01-08 05:15:28 -05:00
1537d3f193
Update the block_api assembly source files
...
This changes the x86 version to the (10 bytes) larger variant that can
handle full 32-bit jumps which is necesary for maximum compatibility
within the framwork.
Additionally, numeric literals are expressed in hex for compatibility
with the keystone assembler allowing these files to be compatitble with
external tools.
2020-07-08 15:28:41 -04:00
d50058cbc6
update to python standards
2019-12-19 09:22:48 -06:00
e8bbf2f117
fix remaining python3 compat bugs
2019-12-19 09:21:24 -06:00
0a846aaeb6
convert to standard python format
2019-12-19 08:59:36 -06:00
ce69efcfa2
python3 fixes, don't hide exception data
2019-12-19 08:56:00 -06:00
e804745766
Bugfix: correct reference to asm file
2019-11-12 09:30:27 -08:00
311b03af93
Action remainder of code review changes.
...
- Revert files that will only run as python2.
- Remove superfluous calls to list()
- Other minor cleanup
2019-11-01 19:24:22 -07:00
8563a29003
Convert all python code to python3. Fixes #12506 .
2019-10-31 14:16:14 -07:00
f17b28930d
Update executex64.asm
2017-06-04 13:18:50 +03:00
b604599c8e
Fix comments
2015-03-11 21:32:35 -05:00
479a9cc1a9
Fix missing stack variables & remove old comment
2015-03-11 21:23:27 -05:00
7e3b4017f0
Rename and resynced with master, ready for refactoring
2015-03-11 14:36:27 -05:00
991e72a4fa
HTTP stager based on WinHttp
2015-03-10 13:40:16 -05:00
5297ebc1a1
Merge branch 'master' into land-1396-http_proxy_pstore
...
Bring things back to the future
2015-02-20 08:50:17 -06:00
9791acd0bf
Add stager ipknock shellcode (PR 2)
2014-12-27 22:03:45 +01:00
e34c37042a
Readd block_hidden_bind_tcp.asm
...
Because stager_hidden_bind_tcp.asm includes it.
2014-12-22 11:13:07 -06:00
c0fa8c0e3f
Add stager for hidden bind shell payload
2014-12-22 17:21:11 +01:00
e8728943ec
Shave off two more bytes for HTTP(s) stagers
2014-12-13 11:49:30 -06:00
69c938f65a
More shellcode golf
2014-12-13 11:49:15 -06:00
25ed68af6e
Land #3017 , Windows x86 Shell Hidden Bind
...
A bind shellcode that responds as 'closed' unless the client matches the
AHOST ip.
2014-06-08 13:49:49 +01:00
bb4e9e2d4d
correct error in block service_change_description
2014-05-13 16:04:39 +02:00
6332957bd2
Try to add SERVICE_DESCRIPTION options to psexec, but it doesn't seem to work...
2014-05-13 16:04:39 +02:00
bdbb70ab71
up block_service_stopped.asm
2014-05-13 16:04:39 +02:00
e269c1e4f1
Improve service_block with service_stopped block to cleanly terminate service
2014-05-13 16:04:38 +02:00
c43e3cf581
Improve block_create_remote_process to point on shellcode everytime
2014-05-13 16:04:38 +02:00
25d48b7300
Add create_remote_process block, now used in exe_service generation
2014-05-13 16:04:38 +02:00
0bdf7904ff
Change author of single_service_stuff.asm
2014-05-13 16:04:38 +02:00
513f3de0f8
new service exe creation refreshed
2014-05-13 16:04:36 +02:00
1fda6b86a1
Changed cmp eax by inc eax. Saved one byte
2014-03-10 12:13:10 +01:00
99cd36c036
Fix description of Input
2014-03-06 03:16:55 +01:00
689523a26f
Clean Code based on jlee-r7's comments
...
- Put allocations in loop
- Decomment exitfunc
- Aligned comments
- Some more code cleaning
2014-03-06 02:44:24 +01:00
83929facc4
Fix bug on Windows XP
...
Correct the addresses of functions in pstorec.dll.
Successfully tested on Server 2003 and XP.
2014-03-06 02:35:44 +01:00
4aca648faf
Correct file information
2014-03-06 02:35:36 +01:00
ba31e304b5
Clean the code
...
Remove debugging functions from block_get_pstore_proxy_auth.asm.
Reduce allocation size to 1kB.
2014-03-06 02:35:25 +01:00
b6b46abe9f
Add new stager stager_reverse_http_proxy_pstore
...
This stager looks for proxy credentials in windows protected storage. If it finds proxy credentials, it will use them to connect back. If it does not find credentials, it will do the same as stager_reverse_http.
Works on:
- Windows Server 2003
- Windows XP
- Internet Explorer versions 4 to 6
2014-03-06 02:35:12 +01:00
b4a22aa25d
hidden bind shell payload
2014-02-20 16:19:40 +01:00
c70680cf1c
Fix infinite-retry bug
...
Derp, block_api clobbers ecx
2014-02-04 11:59:16 -06:00
9c3664bd45
Unify reverse_http and reverse_https
...
This will make copy-pasta less painful in the future. There's still the
problem of reverse_https_proxy being very similar, but the logic in how
it gets generated in the module is more than i want to tackle right now
2014-02-04 09:09:12 -06:00
6d53570c22
Fix abysmal mixed indentedness.
2014-02-03 11:39:03 -06:00
c29c6be212
Shave 3 bytes off of block_api
2014-02-03 11:34:41 -06:00
bfc0ac4dd4
Golf a few bytes off of reverse_http(s)
2014-02-03 11:33:55 -06:00
e28dd42992
add http authentification and socks
2013-07-15 15:36:58 +01:00
e8983a21c5
New meterpreter payload reverse_https_proxy
2013-07-12 16:45:16 -04:00
e3eef76372
Land #1223
...
This adds rc4-encrypting stagers for Windows.
[Closes #1223 ]
2013-04-10 12:14:52 -05:00
b3c78f74d2
Whitespace
2013-04-10 09:28:45 -05:00
754b32e9db
shameless plug for posterity in stager asm
2013-02-28 17:30:27 -05:00
dledda-r7