adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

4093 Commits

Author SHA1 Message Date
jvazquez-r7 bb36899699 Do templates names consistent 2015-02-24 18:26:46 -06:00
jvazquez-r7 d29e9fc20b Parse TRAN2_FIND_FIRST2 commands 2015-02-24 17:02:49 -06:00
William Vu 5f0aeda0be Land #4835, new hex format for msfvenom 2015-02-24 10:56:47 -06:00
Christian Mehlmauer 5880702552 added new hex format 2015-02-24 16:05:02 +01:00
Brent Cook ab4a416958 comment out duplicate keys that can only be used for reference 
ruby is ignoring all but the second instances, and 2.2 still throws a
warning
 2015-02-24 08:50:02 -06:00
William Vu 5eec07d4d1 Fix duplicate hash key "jpeg" 
In lib/rex/proto/http/server.rb.
 2015-02-24 05:19:42 -06:00
jvazquez-r7 ea483f14a1 Try to fix logic for query information levels 2015-02-23 17:17:33 -06:00
jvazquez-r7 3fca26a5de Add support for SMB_COM_TRANSACTION2 data blocks and params 2015-02-23 16:37:39 -06:00
jvazquez-r7 a06d07d6da Clean smb_cmd_trans2_query_file_information dispatching 2015-02-23 12:03:08 -06:00
jvazquez-r7 3d7381b62a Handle TRANS2 commands 2015-02-23 11:33:49 -06:00
HD Moore e5e3474af4 Handle ICMP "protocol not available" errors as connection errors 2015-02-22 16:36:53 -06:00
BAZIN-HSC d8132f86ff ajust buffer size 2015-02-22 08:51:16 +01:00
sinn3r 85871ab822 Fix #4382, Make errors more meaningful 
Fix #4382
 2015-02-20 20:09:58 -06:00
jvazquez-r7 52a0e6dd1c Mark a couple of handlers for later review 2015-02-20 16:28:04 -06:00
BAZIN-HSC 0d53dc1d13 use a buffer to avoid memory use on victims machine 
use a buffer to avoid memory use on victims machine
use attacker memory to store files
avoid bugs on large files
 2015-02-20 20:02:09 +01:00
jvazquez-r7 a91d19e0e7 Add template for SMB_QUERY_FILE_STANDARD_INFO 2015-02-20 10:58:15 -06:00
jvazquez-r7 21978a1bfe Add template for SMB_QUERY_FILE_BASIC_INFO 2015-02-20 10:40:45 -06:00
jvazquez-r7 cf63e09188 Add templates for SMB_FIND_FILE_FULL_DIRECTORY_INFO_HDR and SMB_FIND_FILE_NAMES_INFO_HDR 2015-02-20 09:17:51 -06:00
BAZIN-HSC fe75a31a59 NTFS parser optimisation 
NTFS Parser does not gather automaticaly non resident attribute
that were not necessary
Railgun is called 17 times instead of 32 on an examples on ntds.dit
 2015-02-20 13:11:53 +01:00
jvazquez-r7 f2405a5dc0 Create SMB_FIND_FILE_BOTH_DIRECTORY_INFO_HDR_LENGTH constant 2015-02-20 00:35:26 -06:00
jvazquez-r7 571dffa317 Create template for SMB_FIND_FILE_BOTH_DIRECTORY_INFO 2015-02-20 00:22:33 -06:00
jvazquez-r7 94ad64546c Create TRANS2_PARAMETERS template 2015-02-19 23:16:52 -06:00
jvazquez-r7 b24b94ddd3 Do first cleanup of find_first2 handlers 2015-02-19 19:08:56 -06:00
jvazquez-r7 874031b96d Delete require 2015-02-18 13:44:31 -06:00
jvazquez-r7 415c671416 Move Rex code, we'll redesign as mixin 2015-02-18 13:44:02 -06:00
jvazquez-r7 f960a77754 Solve merging conflicts 2015-02-18 11:36:47 -06:00
Matthew Hall 934af4cee9 Merge branch 'master' into module-smbfileserver 2015-02-17 17:01:44 +00:00
Matthew Hall 49971a6bc3 Add two more contants and handlers seen during testing. 2015-02-17 16:48:11 +00:00
sinn3r 0597d2defb Land #4560, Massive Java RMI update 2015-02-17 10:07:07 -06:00
Brent Cook b4cf2f5d8c use correct response filter TLV_TYPE_VALUE_NAME 2015-02-17 08:46:25 -06:00
Matthew Hall 1f6aebe3df Move to using constant values. 
This commit adds several constants for TRANS2, QUERY_PATH_INFO, MAX_DATA_COUNT,
and NT2 FLAG2 Bits to smb/constants.rb, which have then been utilised in smb/server.rb
to reduce the use of magic values.
 2015-02-17 14:31:31 +00:00
Brent Cook 8f74f8eeed pass down the new permissions parameters 2015-02-17 06:11:20 -06:00
Brent Cook 503f58375b add direct registry access methods 
Rather than operating on a passed-in HKEY, these open and close the registry
key directly for each operation.

This pattern better reflects the actual API usage within msf, and removes extra
round-trips to open and close the registry key, reducing traffic and increasing
performance. I did not add direct versions of every registry operation.
There was no benefit for more rarely-used operations, other than requiring more
churn in the meterpreters.

The primary beneficiary of this is post exploitation modules that do registry
or service enumeration. See #3693 for test cases.
 2015-02-17 06:11:20 -06:00
Matthew Hall 3110c7b40f Adds smb_cmd_trans_find_first2_full to respond to "Find File Full Directory Info" FIND_FIRST2 requests, 
as seen when using "type \\ip\share\file".
 2015-02-17 11:37:44 +00:00
sinn3r 50c72125a4 ::Errno::EINVAL, disable obfuscation, revoke ms14-064 2015-02-12 11:54:01 -06:00
sinn3r 22811257db Fix #4711 - Errno::EINVA (getpeername(2)) BrowserAutoPwn Fix 
This patch fixes #4711.

The problem here is that the browser sometimes will shutdown some of our
exploit's connections (in my testing, all Java), and that will cause Ruby
to call a rb_sys_fail with "getpeername(2)". The error goes all the
way to Rex::IO::StreamServer's monitor_listener method, which triggers a
"break" to quit monitoring. And then this causes another chain of reactions
that eventually forces BrowserAutoPwn to quit completely (while the
JavaScript on the browser is still running)
 2015-02-10 18:28:02 -06:00
Meatballs 33560a2657 Refactor Msf::Exploit::Powershell to Rex::Powershell to allow for 
msfvenom usage.
 2015-02-10 20:53:46 +00:00
jvazquez-r7 1f4fdb5d18 Update from master 2015-02-10 10:47:17 -06:00
Meatballs 133ae4cd04 Land #4679, Windows Post Gather File from raw NTFS. 2015-02-08 18:50:50 +00:00
Bazin Danil 8cefe637df bug with testing Win2k8 correction 2015-02-08 17:28:33 +01:00
Meatballs 358ab2590e Small tidyup 2015-02-07 11:35:47 +00:00
Bazin Danil 970c5d115a spellcheck 2015-02-05 22:08:39 +01:00
HD Moore ffe0e52cb6 The iax2 stack now works properly with asterisk 1.8 
Note that the requirecalltoken=no setting is still required in the asterisk configuration at this point.
 2015-02-02 22:29:13 -06:00
HD Moore 0ba34422d5 Pass the debugging option for IAX2 Client 2015-02-02 21:08:16 -06:00
Bazin Danil fbb85c0391 using string concatenation for performence 2015-01-31 05:13:44 +01:00
Bazin Danil d9c64397fd shorter the line, using more variables 2015-01-31 04:32:32 +01:00
Bazin Danil 0fce908045 add constant class 2015-01-31 04:19:27 +01:00
Bazin Danil f4ec6bdc78 - use non-native pack/unpack directives 
- coding: binary
- use constant for data_attribute
 2015-01-31 03:59:23 +01:00
Bazin Danil 68b735dbda Add a NTFS parser and a post module to dump files 
This commit add a draft of an NTFS Parser and a post module
to gather file using the raw NTFS device (\\.\C:)
bypassing restriction like already open file with lock
Can be used to retreive file like NTDS.DIT without volume shadow copy
 2015-01-30 19:16:44 +01:00
Meatballs 02864b4401 Railgun DWORD handling 2015-01-30 11:20:03 +00:00