85a39f75d8
Use a larger payload size to include the UUID
2019-10-10 22:08:26 -04:00
f95f952b65
fix separated spelling
2019-10-05 14:13:38 -04:00
3c0cb29a7c
Add Proxy/header opts to windows/python stageless
2019-09-23 08:45:43 +10:00
ee660d61ea
Land #12275 , Update payloads to 1.3.77
...
Merge branch 'land-12275' into upstream-master
2019-09-10 11:14:56 -05:00
598cf35e1e
Land #12271 , Don't mangle staged x86, x64 payloads
2019-09-05 11:18:45 -05:00
2ee5ec97e4
Use smallest stager size
...
Since these stagers can shrink based on the expected size of the next
stage, do our best to anticipate a small size. This makes the cached
payload size consistent for now, though if the x64 mettle stager grows
past 128 bytes I think we'll see the stager start oscillating in size
again. If you run into that and are reading this, sorry :(
2019-09-04 16:06:44 -05:00
4d89dd83e3
Update payload cached size
...
For real this time?
2019-09-04 15:17:34 -05:00
de554b315a
Update cached size
2019-09-04 14:56:12 -05:00
49c7fe8906
Update payload cache size
2019-09-03 18:25:26 -05:00
bcd181c87d
require bind tcp
2019-09-03 09:14:34 -05:00
97943261ed
Linux x86 reverse_tcp should read known # of bytes
...
See notes for x64.
This part does not appear to be working properly yet - stages
generated with this commit recv 102b on the first call to read(),
but subsequently things seem to go off the rails after the
intermediate stage is loaded.
Needs testing and fixup at present for x86 (no worse than before
in terms of success rate however).
2019-09-03 01:55:12 -04:00
05944ba8c1
Linux x64 reverse_tcp should read known # of bytes
...
The linux x64 reverse tcp stager is hardcoded to read 4K off the
socket. When a small intermediate stager is used, this can result
in reading part of the next stage as well, which means that the
intermediate stager will never recv the # of bytes it needs and
hang indefinitely.
Break out the mettle piece to use separate methods for assembly and
binary payload generation as well as actually putting the product
on the existing session socket.
Change the first part of the stage to check for the intermediate
stager generation method, and use the size of the produced stager
in the recvfrom call or fall back to the prior 4K read size.
Testing:
None yet
Ping @bcook-r7, @acammack-r7, @OJ, @ZeroSteiner
2019-09-03 01:27:27 -04:00
32334c2386
Update all module splats from http:// to https://
2019-08-15 18:10:44 -05:00
c9d2013ddb
Change generate method to match single payloads.
2019-08-02 15:47:36 -05:00
20438614bb
Stupid extra line....
2019-08-02 11:11:19 -05:00
c6defb0264
Rubocop complaints and require_size additions
2019-08-02 11:09:14 -05:00
14ee5c4a4f
Update Windows payloads to support exitfunk
2019-08-02 10:28:57 -05:00
517d32b082
Update payload cache sizes
2019-07-30 10:34:47 -05:00
23ea772076
Golf Ruby pingback payload syntax
2019-07-30 10:32:31 -05:00
e6ea0c9fd7
Use binascii for Python pingback UUID encoding
...
This gives us compatibility for Python 3.x and 1.x
2019-07-30 10:18:24 -05:00
3cb1b4588b
Golf Python payload variable names
2019-07-30 10:14:41 -05:00
05ffa6e4a0
More updates, optimizations, and style fixes
2019-07-29 16:29:32 -05:00
d6dc397b21
Fix bugs introduced by syntax changes.
2019-07-29 14:00:09 -05:00
6bf10e1f91
Fixups for syntax
2019-07-29 11:55:51 -05:00
cec29c6473
More fixes for syntax
2019-07-26 14:51:44 -05:00
79b7bbd2cf
Update payload cache size and fix import bug
2019-07-26 13:52:36 -05:00
2f804faed9
Rubocop and @acammack cleanup suggestions
2019-07-26 12:36:59 -05:00
7c2d214af2
Clean up debugging, move options to one place and delete superflous file
...
change the uuid handing to prevent changes to it when it gets put in payloads
2019-07-25 19:45:05 -05:00
6ae3f97c4a
Maybe include the super pingback type in the payloads?
2019-07-25 19:44:11 -05:00
9b6d4587a4
cmd/unix/pingback_bind: Add resiliency to netcat, per wvu's suggestion
2019-07-25 19:43:14 -05:00
949b356f09
Update the session to die after callback
...
Remove stale old file
2019-07-25 19:43:14 -05:00
8f0aaa70a6
cmd/unix/pingback_* payloads now use 'printf' in place of 'echo'
2019-07-25 19:43:13 -05:00
39f193e649
Stupid last trailing space
2019-07-25 19:43:13 -05:00
3e765090e2
Fix some spacing
2019-07-25 19:43:13 -05:00
08a765df81
Shut up, nmsftidy.... I hope
2019-07-25 19:42:51 -05:00
2a242d9b19
Add the new file
2019-07-25 19:42:51 -05:00
e1e75d87e9
Code deduplication
2019-07-25 19:42:51 -05:00
92fa8f4377
Clean up requires and includes
2019-07-25 19:42:50 -05:00
79c45a6c52
Clean up require's and calculate CachedSize
2019-07-25 19:42:50 -05:00
58f3a067ab
cmd/unix/pingback_reverse and cmd/unix/pingback_bind
2019-07-25 19:42:50 -05:00
9989c731d0
That's better.....
2019-07-25 19:42:50 -05:00
c866e0aff6
First swing at x86 windows reverse_tcp pingback
...
Still issues with the looping and counters.
2019-07-25 19:42:50 -05:00
e51e271c92
Remove extra stuff that was part of the staged attempt at pingback.
...
It is no longer required because pingback is now a single.
2019-07-25 19:42:50 -05:00
be011da9f9
Ruby pingback payload (bind and reverse)
2019-07-25 19:42:50 -05:00
4241d3384c
Python pingback payload (reverse only)
2019-07-25 19:42:50 -05:00
1d45c3a176
python pingback_bind_tcp: send UUID as raw bytes instead of ASCII
2019-07-25 19:42:50 -05:00
94c6ee3f7b
Python pingback payload (bind only)
2019-07-25 19:42:26 -05:00
247f246475
Linux pingback payloads
2019-07-25 19:42:26 -05:00
f4fa70da0a
Add error handling for users without a database configured
2019-07-25 19:42:26 -05:00
1b64b9f984
Fix odd edge case converting binary to hex string
2019-07-25 19:42:26 -05:00
Spencer McIntyre