adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

7956 Commits

Author SHA1 Message Date
Meatballs 8d5f298d3d Clear clipboard first 2013-12-14 20:26:46 +00:00
Meatballs 7902f061ca Final tidyup 2013-12-14 20:18:14 +00:00
Meatballs 04496a539c Fix up local wmi exploit. 2013-12-14 20:05:51 +00:00
Meatballs 4224c016f4 Use WaitForSingleObject instead of loop 2013-12-14 18:42:31 +00:00
Meatballs 12afdd2cbb Get and parse result from clipboard 2013-12-14 18:30:43 +00:00
Meatballs 3ad1e57f8d Merge remote-tracking branch 'upstream/master' into wmic_post 2013-12-14 16:25:31 +00:00
jvazquez-r7 83e448f4ae Restore vprint_error message 2013-12-12 09:06:29 -06:00
jvazquez-r7 5c1ca97e21 Create a new process to host the final payload 2013-12-12 08:26:44 -06:00
William Vu ff9cb481fb Land #2464, fixes for llmnr_response and friends 
Fixed conflict in lib/msf/core/exploit/http/server.rb.
 2013-12-10 13:41:45 -06:00
scriptjunkie 77e9996501 Mitigate metasm relocation error by disabling ASLR 
Deal with import error by actually using the GetProcAddress code.
 2013-12-07 20:54:13 -06:00
scriptjunkie 8d33138489 Support silent shellcode injection into DLLs 
Only run code on DLL_PROCESS_ATTACH, preventing infinite loop otherwise:
Added code would create thread -> calls DLL entry point -> calling added code...
 2013-12-07 19:44:17 -06:00
Meatballs 3aebe968bb Land #2721 Reflective DLL Mixin 
Adds support to load a dll and identify the ReflectiveLoader offset.
Adds support to inject dll into process and execute it.

Updates kitrap0d, ppr_flatten_rec, reflective_dll_inject modules and
payload modules to use above features.
 2013-12-06 12:26:51 +00:00
OJ 155836ddf9 Adjusted style as per egypt's points 2013-12-06 10:08:38 +10:00
OJ ccbf305de1 Remove exception stuff from the payloads 2013-12-06 09:26:46 +10:00
OJ 5a0a2217dc Add exception if DLL isn't RDI enabled 2013-12-06 09:18:08 +10:00
OJ 2cb991cace Shuffle RDI stuff into more appropriate structure 
Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
 2013-12-06 08:25:24 +10:00
OJ fb84d7e7fe Update to yardoc conventions 2013-12-06 07:54:25 +10:00
sinn3r c7bb80c1d7 Add wvu as an author to author.rb 2013-12-05 00:33:07 -06:00
OJ b936831125 Renamed the mixin module 2013-12-05 08:13:54 +10:00
OJ 7b24f815ee Missed a single module in rename 2013-12-04 22:54:07 +10:00
OJ 7e8db8662e Update name of the mixin 
Changed `RdiMixin` to `ReflectiveDLLInjection`.
 2013-12-04 22:18:29 +10:00
OJ f79af4c30e Add RDI mixin module 
MSF was starting to see more modules using RDI to load binaries into
remote processes, so it made sense to create a mixin which contained
the functionality that was being used in various locations.

This commit contains the new mixin, and adjustments to all the existing
exploits and modules which use RDI.
 2013-12-04 16:09:41 +10:00
yehualiu 8254c0bae2 this site is down 2013-12-01 14:26:03 +08:00
William Vu 77b036ce5d Land #2703, uninit const fix for MSSQL_SQLI 2013-11-27 13:50:48 -06:00
jvazquez-r7 a5aca618e2 fix fail_with usage on Exploit::Remote::MSSQL_SQLI 2013-11-27 11:33:19 -06:00
jvazquez-r7 a32c9e5efc Fix fail_with on Exploit::Remote::HttpClient 2013-11-27 11:19:46 -06:00
sinn3r 5d10b44430 Add support for Silverlight 
Add support for Silverlight exploitation. [SeeRM #8705]
 2013-11-26 14:47:27 -06:00
Meatballs b015dd4f1c Land #2532 Enum LSA Secrets 
With refactoring of common methods from smart_hashdump, hashdump,
cachedump to Windows::Post::Privs
 2013-11-24 18:09:33 +00:00
Meatballs a3c7dccfc0 Add disconnect option to psexec 
Allow the module to prevent the mixin from ending the SMB session.
 2013-11-24 16:37:25 +00:00
Meatballs dd9bb459bf PSEXEC Refactor 
Move peer into mixin
PSEXEC should use the psexec mixin
 2013-11-24 16:24:05 +00:00
Meatballs c03c33f6f6 Initial commit 2013-11-24 14:58:18 +00:00
Meatballs e7dfda00db Documentation 2013-11-23 22:03:43 +00:00
Meatballs becc521406 Constants, yey 2013-11-23 21:46:11 +00:00
Meatballs 699d13eef1 Share the wealth 
Move LDAP methods to a Post mixin.
 2013-11-23 21:42:09 +00:00
Meatballs 6c83109422 Really fix wmi 2013-11-23 16:44:44 +00:00
William Vu 8e23119e17 Land #2678, DB_ALL_CREDS should default to false 2013-11-22 23:42:00 -06:00
Tod Beardsley 8fc0a8199e DB_ALL_CREDS should be disabled by default 
[SeeRM #8699]
 2013-11-22 22:16:40 -06:00
Meatballs 259d5a2dba Backout Set-Variable as it is 3.0 only 2013-11-23 01:15:13 +00:00
Meatballs 1c60373f68 Reinstate %COMSPEC% 2013-11-23 00:45:04 +00:00
Meatballs c194fdc67e Fixup WMI 
-c doesn't like $var assignments
 2013-11-23 00:31:11 +00:00
Meatballs 3cbf768d16 Small size reductions 2013-11-22 22:58:42 +00:00
Meatballs 20b76602a1 Merge remote-tracking branch 'upstream/master' into pr2075 
Conflicts:
	lib/msf/core/exploit/powershell.rb
 2013-11-22 22:41:08 +00:00
Tod Beardsley e88da09894 Land #2660, DLL/service creation for x64 2013-11-20 17:25:16 -06:00
Joe Vennix 739c7b4ca2 More dead code and tweaks. 2013-11-20 14:44:53 -06:00
Joe Vennix 3ff9da5643 Remove compression options from client sockets. 
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
 2013-11-20 14:41:45 -06:00
Meatballs 3ed84d1e0b Remove puts 2013-11-20 20:29:54 +00:00
Meatballs 7253cc73d5 :payload_instance 2013-11-20 20:28:00 +00:00
Meatballs f27194a8ce Always default to payload options 2013-11-20 20:14:59 +00:00
Meatballs 135dad1f4e Fix dll/service creation 2013-11-20 20:10:47 +00:00
jvazquez-r7 110e78a1ad Land #2507, @todb-r7's fix to allow DCERPC misin to use RPORT 2013-11-20 10:21:32 -06:00