adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,186 Commits 27 Branches 1,043 Tags
c8defe9716db08cc61a6652045ff4c8d54fd2879
Commit Graph

18 Commits

Author SHA1 Message Date
HD Moore c8defe9716 Size tweaks to bring the ssl stager + encoder + target_id to exactly 400 bytes 
git-svn-id: file:///home/svn/framework3/trunk@8998 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 07:48:53 +00:00
HD Moore c6c956ab46 Small patch to enable a new stager 
git-svn-id: file:///home/svn/framework3/trunk@8984 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 05:21:15 +00:00
HD Moore 5d0fb434b7 Adds a reverse_tcp_dns stager 
git-svn-id: file:///home/svn/framework3/trunk@8983 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-03 03:38:57 +00:00
Stephen Fewer c55e9af9ae Commit the updated APC injection stubs. fixes a nasty issue in some edge cases whereby when using APC injection for a process in another session then the current host process the injected APC can cause an access violation in kernel32 during a call the kernel32!CreateThread caused by the APC's host thread not having an initialized Activation Context inside its TEB. We now test for this and create a dummy ActivationContext entry to appease the kernel. This will both improve DLL injection reliability as well as meterpreter migration reliability. 
git-svn-id: file:///home/svn/framework3/trunk@8786 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-11 17:00:19 +00:00
Stephen Fewer 5f35f33cd1 Forgot the updated build.py, also add in a link to a blog post I wrote for this shellcode. 
git-svn-id: file:///home/svn/framework3/trunk@8657 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-26 14:27:13 +00:00
Stephen Fewer 88cc851a41 Commit the stager_sysenter_hook win32 kernel shellcode source and mixin patch, resolves #405. 
git-svn-id: file:///home/svn/framework3/trunk@8655 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-26 13:41:16 +00:00
Stephen Fewer 1e63f357cb For now just adding in the new APC migrate stubs and the wow64->x64 exec stub. (fix up the build scripts and use a dedicated migrate directory for this stuff). 
git-svn-id: file:///home/svn/framework3/trunk@8193 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-22 14:03:53 +00:00
Stephen Fewer f3fd2eae80 Commit the new x64 migrate stub. Compatible with x64->x64 migration (and x86->x64 migration once the remote thread issue is resolved) 
git-svn-id: file:///home/svn/framework3/trunk@8163 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-19 18:39:56 +00:00
Stephen Fewer d032955959 Commit the new x86 migrate stub. Compatible with x86->x86 migration and x64->x86 migration, on NT4 and up (where applicable). 
git-svn-id: file:///home/svn/framework3/trunk@8160 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-19 12:55:24 +00:00
HD Moore d0969746a4 Mostly cosmetic changes from local tree 
git-svn-id: file:///home/svn/framework3/trunk@7970 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-26 03:31:20 +00:00
HD Moore 21e82d8b69 This patch implements a much more flexible executable creation scheme at the cost of exe size. This also adds the "-x" option to msfencode, allowing the user to specify their own executable template for generation. 
git-svn-id: file:///home/svn/framework3/trunk@7315 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-01 04:11:43 +00:00
HD Moore 00b2915554 Fixes #342. Set ReverseConnectRetries to a value between 1 and 255 (default is 5). On failure it will ExitProcess (still better than a cpu spin) 
git-svn-id: file:///home/svn/framework3/trunk@7217 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-20 20:31:14 +00:00
James Lee 6a7a023844 I will not commit when sleep deprived. I will not commit when sleep deprived. I will not commit... 
git-svn-id: file:///home/svn/framework3/trunk@7061 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-25 06:40:42 +00:00
James Lee bc2c38c332 shave an instruction from the new allports stager 
git-svn-id: file:///home/svn/framework3/trunk@7060 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-25 06:13:13 +00:00
HD Moore ee9a8f4f76 Adds support for the reverse_tcp_allports stager for Windows. This payload tries to connect back on all ports, one at a time, from LPORT to 65535. This is incredibly slow (depends on the default socket timeout) and requires the user to forward all TCP ports of LHOST to a single listening port in the handler. Inspired by a few user requests and this blog post: http://clinicallyawesome.com/post/196352889/blind-connect-back-through-restrictive-firewall 
git-svn-id: file:///home/svn/framework3/trunk@7058 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-25 05:44:50 +00:00
James Lee e30e850ba7 shave a few bytes off of the windows stagers 
git-svn-id: file:///home/svn/framework3/trunk@7035 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-14 08:45:01 +00:00
HD Moore 26ca5ec646 Nuke the compiled bins 
git-svn-id: file:///home/svn/framework3/trunk@6926 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-01 03:21:22 +00:00
HD Moore 49b7dcb30c Overhaul of the metasploit payloads from Stephen Fewer - smaller/cleaner/new hashing/support for WinNT 4.0 -> Win7 with size reductions for the stagers and minimal size increases for the singles 
git-svn-id: file:///home/svn/framework3/trunk@6922 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-31 17:50:10 +00:00