adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

16492 Commits

Author SHA1 Message Date
RageLtMan 0e69040a6a Implement reverse_tcp_dns as metasm payload 
Using the separation of block_recv and reverse_tcp, implement
reverse_tcp_dns using original shellcode as template with dynamic
injection of parameters. Concatenate the whole thing in the
generation call chain, and compile the resulting shellcode for
delivery.

Metasploit module pruned to bare minimum, with the LHOST OptString
moved into the library component.

Testing:
  Win2k8r2

ToDo:
  Update payload sizes when this branch is "complete"
  Ensure UUIDs and adjacent black magic all work properly

Misc:
  Clean up rc4.rb to use the rc4_keys method when generating a
stage. Makes the implementation far more readable and reduces
redundant code.
 2016-05-23 14:27:11 -05:00
RageLtMan df2346d9e0 Implement RC4 metasm payloads for tcp bind and rev 
Convert reverse_tcp_rc4 and bind_tcp_rc4 from static shellcode
substitution payloads to metasm compiled assembly approach.

Splits up metasm methods for bind_tcp and reverse_tcp into socket
creation and block_recv to allow for reuse of the socket methods
with the RC4 payloads, while substituting the block_recv methods
for those carrying the appropriate decryptor stubs.

Creates a new rc4 module carrying the bulk of the decryptor and
adjacent convenince methods for standard payload generation.

Testing:
 Tested against Win2k8r2, Win7x64, and WinXPx86

ToDo:
 Ensure all the methods around payload sizing, UUIDs, and other
new functionality, the semantics of which i do not yet fully
understand, are appropriate and do not introduce breakage.
 2016-05-23 14:27:11 -05:00
Brent Cook 9fc07eeb99 Land #6902, Respect SSLCipher in server mixins 2016-05-20 17:34:38 -05:00
Adam Cammack fda4c62c1f Respect SSLCipher in server mixins 
This allows us to set a sane cipher spec for SSL-enabled server modules.
 2016-05-20 16:59:36 -05:00
Metasploit 100300c819 Bump version of framework to 4.12.4 2016-05-18 07:04:09 -07:00
Brent Cook 6a4a9742e8 handle bad user 2016-05-17 17:24:46 -05:00
Brent Cook c6db5bf34a add a missing postgresql 9.4.1-5 matching case 2016-05-17 17:12:47 -05:00
Jenkins c9dd863085 Bump version of framework to 4.12.3 2016-05-17 10:18:08 -07:00
Jon Hart 8bccfef571 Fix merge conflict 2016-05-16 17:29:45 -07:00
wchen-r7 04d70640b1 Land #6868, Add axis2 payload generator for msfvenom 2016-05-16 17:48:50 -05:00
David Maloney c40b8ea3fb Land #6864, Meterp Suspend 2016-05-16 11:13:43 -05:00
Jenkins 621a908b2d Bump version of framework to 4.12.2 2016-05-13 12:51:58 -07:00
David Maloney ba4bfca806 Revert "arg bad build, resetting version back one" 
This reverts commit d86392e96b.
 2016-05-13 14:48:35 -05:00
David Maloney d86392e96b arg bad build, resetting version back one 2016-05-13 14:44:02 -05:00
Jenkins b6a83f734d Bump version of framework to 4.12.1 2016-05-13 12:39:43 -07:00
David Maloney 31050a8da7 Rails upgrade to 4.2.6 
lands all of the rails 4.2 upgrade work
Merge branch 'staging/rails-upgrade'
 2016-05-13 14:34:50 -05:00
Jenkins 6c11054d5a Bump version of framework to 4.12.0 2016-05-13 11:46:03 -07:00
Christian Mehlmauer 7fcddd5a05 Add axis2 payload generator 2016-05-12 22:48:07 +02:00
David Maloney d9abb06a5a Merge branch 'master' into staging/rails-upgrade 2016-05-12 11:18:51 -05:00
David Maloney 7edaa2abcc still trying to fix these migrations 
seeing odd behaviour with mgirations in
rspec
 2016-05-11 14:54:40 -05:00
David Maloney 2fb3123ef2 fix migration crazieness 
MS-1486
 2016-05-11 14:05:34 -05:00
David Maloney 993709e076 Land #6862, jar payloads 
lands FireFarts jar payload pr
 2016-05-11 09:56:41 -05:00
Brent Cook af84e85174 fix exception suspending channels from meterpreter 2016-05-10 04:21:31 -05:00
Christian Mehlmauer e2dd844e34 reenable jar format 2016-05-09 21:25:23 +02:00
David Maloney 6142d2cef1 Merge branch 'master' into staging/rails-upgrade 2016-05-09 09:27:17 -05:00
Brent Cook 7b1148c438 disambiguate NetBSD/OpenBSD 2016-05-09 05:11:47 -05:00
Brent Cook 71a674434a Solaris 11 2016-05-09 05:11:09 -05:00
Brent Cook bbe35ac21a match solaris uname 2016-05-09 05:06:59 -05:00
Brent Cook 1a97042a0d include running CPU architecture in platform string 2016-05-09 05:06:37 -05:00
Brent Cook f466464e80 set a recommended number of threads per session type 2016-05-08 22:39:41 -05:00
Brent Cook 9268f66540 auto-set the meterpreter platform based on the sysinfo os 2016-05-08 22:39:41 -05:00
Jenkins 805f98f599 Bump version of framework to 4.11.27 2016-05-06 11:32:46 -07:00
David Maloney 1ffab935cc pull dep mgirations from credential 
credential pulls mdm, so we don't combine these
 2016-05-06 11:57:40 -05:00
David Maloney a763863ff3 remove #truncate_session_desc 
this method was absed around a char limit
for the desc column which no longer exists
trying to perform this operation generates an error
removing the method since it is not needed
 2016-05-06 09:36:12 -05:00
Adam Cammack f75009a9c6 Don't duplicate headers when sending emails 
If Date: and Subject: are present, we should not try to add them again.
This made Amazon SES puke, and that made us sad :(.

MS-1476
 2016-05-05 10:47:21 -05:00
David Maloney 19af279ce9 Merge branch 'master' into staging/rails-upgrade 2016-05-05 10:46:12 -05:00
dmohanty-r7 f096c3bb99 Land #6821 Fix send_request_cgi! redirection 2016-05-05 09:09:30 -05:00
David Maloney 55b38ad089 Land #6398, content length header 
lands wei's content length header pr
 2016-05-04 11:53:46 -05:00
Jenkins e7ff4665e1 Bump version of framework to 4.11.26 2016-05-04 09:44:18 -07:00
Rob Fuller 4c9eba333e Land #6753, MSF-side support for reverse port forwards 
Huge thanks to @OJ for making this happen.
Tested targets Win7,10,2008,2012
Tested payloads Win32 native, Win64 native, python
 2016-05-04 07:39:05 -04:00
Jenkins 7490ab1c78 Bump version of framework to 4.11.25 2016-05-03 17:09:07 -07:00
OJ 60f81a69ea Remove the pfservice close call on shutdown 2016-05-03 12:03:37 +10:00
OJ d136844d3b Add error handling around double-bind of ports 2016-05-03 10:42:41 +10:00
wchen-r7 ffc91a193c Fix #6841, info -d [module path] not spawning module documentation 
Fix #6841
 2016-05-02 14:23:29 -05:00
Brian Patterson be363411de Land #6317, Add delay(with jitter) option to auxiliary scanner and portscan modules 2016-05-02 13:09:40 -05:00
David Maloney fb5b228984 Merge branch 'master' into staging/rails-upgrade 2016-05-02 11:33:35 -05:00
dmaloney-r7 3b893cf740 Merge pull request #6581 from bcook-r7/uuidretry 
don't send a response on invalid UUID, allow stagers to survive another day
 2016-05-02 11:23:02 -05:00
Jenkins d4f1c78c5c Bump version of framework to 4.11.24 2016-04-29 13:38:06 -07:00
dmohanty-r7 20ec56d06a Do not parse empty web_sites 
MS-255
 2016-04-28 13:17:03 -05:00
dmohanty-r7 5a4e70fdf0 Fixes indentation in check_msf_xml_version! 
MS-255
 2016-04-28 13:17:02 -05:00