adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
70,756 Commits 27 Branches 1,043 Tags
ae4e616c3bee9e8ce7bf6496ae786200142e2f9d
Commit Graph

19885 Commits

Author SHA1 Message Date
Spencer McIntyre 5b5c29842c Land #18022, Add post/windows/manage/make_token 
Add update_token to MSF + make_token post-ex module
 2023-06-08 14:53:22 -04:00
Metasploit 92cf562950 Bump version of framework to 6.3.21 2023-06-08 12:12:50 -05:00
Christophe De La Fuente 451735ad15 Fix exception handler & add doc 2023-06-06 17:43:22 +02:00
Grant Willcox 94ef437f9f Add in YARD documentation 2023-06-05 12:10:10 -05:00
Grant Willcox 9574c79d36 Remove extra code 2023-06-05 12:07:27 -05:00
Ashley Donaldson 795980260b Created mixin to retrieve the architecture of the current shell. 
Currently only supports Windows, but does work on Win2000 upwards.
 2023-06-05 11:10:53 +10:00
Spencer McIntyre 734e0b099e Land #18018, Add in CVE-2023-29084 
Add in CVE-2023-29084 - Zoho ManageEngine ADManager Plus ChangePasswordAction
Authenticated Command Injection
 2023-06-02 12:14:43 -04:00
bwatters 1e9d286c77 Land #18044, Add MIPS64 Linux Fetch Payloads 
Merge branch 'land-18044' into upstream-master
 2023-06-02 10:53:43 -05:00
Grant Willcox 7728e1e2fb Add in new library function for escaping PowerShell literals 2023-06-02 10:22:56 -05:00
Grant Willcox 0f71613b66 Land #18056, Modify command stagers to not go over 100% 2023-06-01 16:06:13 -05:00
Metasploit 25e8cf8faf Bump version of framework to 6.3.20 2023-06-01 12:10:08 -05:00
Zach Goldman 96f2c96a75 modify command stagers to not go over 100% 2023-06-01 12:07:07 -05:00
Spencer McIntyre 8378435051 Land #17430, Add AWS SSM Sessions 2023-06-01 11:34:40 -04:00
Spencer McIntyre 8a0dfa57a0 Drop size requirement and fix descriptions 
The size requriement is used when the adapted payload is executed from
the command line but that's not the case for the fetch payloads which
execute a command to fetch the payload from a URL. The payload size
doesn't matter because it's included in the executable file hosted at
the URL.
 2023-05-30 15:03:06 -04:00
Grant Willcox 3d63d0b097 Land #18030, Fix missing return in HTTP CmdStagers 2023-05-30 13:14:21 -05:00
Grant Willcox 42d4c73cda Land #18031, Improve help for "edit" and "log" commands 2023-05-30 11:43:21 -05:00
adfoster-r7 e2718eb40c Land #18019, Fixes validation for to_handler command for Evasion and Payload modules 2023-05-30 10:39:01 +01:00
wvu 00451e3aec Improve help for "edit" and "log" commands 
Talking about `LocalEditor` and `LocalPager`.
 2023-05-25 23:22:54 -05:00
wvu 9528339761 Fix missing return in HTTP CmdStagers 
Fetch payloads are cooler, but this was missed in https://github.com/rapid7/metasploit-framework/pull/13426.
 2023-05-25 22:22:23 -05:00
Jack Heysel d8255157c9 Land #18021, Fix #cd for Powershell Sessions 2023-05-25 14:26:01 -04:00
Metasploit 8368b80ad6 Bump version of framework to 6.3.19 2023-05-25 12:05:49 -05:00
attl4s 42ef5ad322 remove TLV_TYPE_TOKEN_UPDATE_RESULT - update_token sends empty response when succeeds 2023-05-24 16:12:12 +02:00
attl4s 3a685849a8 add update_token bridge + make_token module 2023-05-24 10:33:52 +02:00
Spencer McIntyre ed5d516c21 Sync the .NET working path for Powershell sessions 
See: https://github.com/PowerShell/PowerShell/issues/10278
 2023-05-23 15:21:52 -04:00
Spencer McIntyre afb31b0f21 Add a function to escaple cmd.exe string literals 2023-05-23 15:17:39 -04:00
cgranleese-r7 3e327efdc4 Fixes validation for to_hanler command for Evasion and Payload modules 2023-05-23 10:16:06 +01:00
Spencer McIntyre 120dc877ad Pr/collab/17430 (#41) 
* Prevent using post modules with the session

It doesn't work reliably because of winpty and how the output is
mangled.

* Set the limit correctly

* Fix Linux PTY downgrade issues

* Remove filtering

The filtering implementation is incomplete and unnecessary.

Filtering is unnecessary because Linux sessions execute a stub on
session start up that uses a combiantion of stty and a fifo to emulate a
PTY-less session. Windows sessions do not need filtering because they
have been explictly marked as being incompatible with the Post API which
is confused by the extra characters.

The filtering implementation is incomplete because it does not account for
echo fragments that are split across lines. It also does not account for
all of the ANSI escape codes.

* Add module docs for enum_ssm
 2023-05-22 17:11:16 -04:00
adfoster-r7 1eb6996ea5 Land #17989, Improves flag formatting for kerberos ticket presenter 2023-05-22 17:42:10 +01:00
space-r7 60f6574bf3 Land #17965, add module for AD CS cert management 2023-05-22 09:50:53 -05:00
Spencer McIntyre ff4fafda2f Add support for parsing SDDL 2023-05-22 09:21:24 -04:00
Spencer McIntyre 3af052390d Add well known SID and RID constants 2023-05-22 09:21:24 -04:00
Spencer McIntyre 49fd6e876a Add constants from MS-CRTD 2023-05-22 09:21:24 -04:00
Spencer McIntyre 1ffefcbea4 Treat the subauthority as optional 
This allows some additional SIDs to function such as
SECURITY_CREATOR_SID_AUTHORITY.
 2023-05-22 09:21:24 -04:00
Spencer McIntyre d23f407c44 Monkey patch #modify to accept controls 2023-05-22 09:21:24 -04:00
Spencer McIntyre dcbc6d19c5 Update #validate_query_result! 
The function required a filter argument, but not every query has a
filter. By removing it, we can reuse the same logic for other operations
including modifications.
 2023-05-22 09:21:20 -04:00
adfoster-r7 9dd10d6df7 Fix edgecase crash when running smb_login with Kerberos auth activated 2023-05-19 16:12:16 +01:00
Metasploit 428229aede Bump version of framework to 6.3.18 2023-05-18 12:10:55 -05:00
Spencer McIntyre f464401dde Land #17782, Add fetch payloads 
Add http wget cmd based fetch payload for Linux and Windows
 2023-05-18 12:18:27 -04:00
bwatters 548a2d7ab4 Add fetch payloads for Windows and Linux x64 2023-05-18 10:47:29 -05:00
cgranleese-r7 73a33a9f73 Addresses PR feedback 2023-05-17 16:45:15 +01:00
RageLtMan f929d2c90f Drop redundant shell_command in powershell.rb 2023-05-16 15:43:16 -04:00
RageLtMan 713ec6ae76 Merge branch 'master' into feature/aws_ssm_sessions 2023-05-16 14:39:37 -04:00
cgranleese-r7 82bf51647d Improves flag formatting for kerberos ticket presenter 2023-05-16 15:25:36 +01:00
adfoster-r7 c723a2865e Land #17987, Split recalculate out into multiple functions 2023-05-12 18:27:46 +01:00
Dean Welch 3036a53697 Change name to single_name for consistency 2023-05-12 16:59:33 +01:00
Dean Welch f6855f6aa4 Split recalculate out into multiple functions 2023-05-12 16:30:14 +01:00
dwelch-r7 b752735db1 Land #17967, Fix ruby 3.1 crashes and resource leaks when garbage collecting Meterpreter resources 2023-05-12 14:14:02 +01:00
Metasploit 484639a2e0 Bump version of framework to 6.3.17 2023-05-11 12:13:25 -05:00
adfoster-r7 fa6a5e24f0 Land #17807, Add in documentation on Metasploit's file system 2023-05-11 16:11:12 +01:00
adfoster-r7 eb959e2e40 Land #17060, GSoC Project: Implement HTTP-Trace enabled login scanners 2023-05-11 15:45:01 +01:00