c73e815974
Bump metasploit-payloads
2023-10-24 15:46:18 +01:00
7f7f106b92
Update metasploit-payloads gem to 2.0.156
...
Includes changes from:
* rapid7/metasploit-payloads#672
* rapid7/metasploit-payloads#678
2023-10-11 14:05:45 -04:00
d11f15b9af
Update gem dependencies
2023-10-06 15:49:06 +01:00
e70f356239
Show errors on inaccessible payload files
2023-10-02 14:46:25 +01:00
1878c08293
Land #18276 , Add sasl scram 256 auth support to postgres modules
2023-08-18 14:34:51 +01:00
d154247c84
Introduce `ruby-mysql` gem
2023-08-14 21:34:01 +02:00
98ac76d54f
Add sasl scram 256 auth support to postgres modules
2023-08-09 16:41:01 +01:00
39382c4652
Land #17600 , Add AWS Instance Connect Sessions
...
Implement AWS Instance Connect Sessions
2023-08-03 12:06:29 -04:00
a643fa517a
Give better error messages when failing to load mettle extensions
2023-08-02 23:03:27 +01:00
9a40e2612b
Land #17129 , Add OSX Aarch64 Payload support
2023-08-02 18:37:56 +01:00
eaa4768547
add aws-sdk-ec2instanceconnect gem
2023-08-01 15:04:30 -04:00
fa0e53775f
Update PHP Meterpreter to correctly show file sizes for large files
2023-06-30 10:22:13 +01:00
50c675cc90
Fix windows Meterpreter clipboard manipulation access denied errors
2023-06-29 00:00:48 +01:00
7aa1dafc1f
Fix windows python meterpreter getuid intermittent crash
2023-06-23 15:30:02 +01:00
5d96b23d19
Update metasploit-payloads gem to 2.0.143
...
Includes changes from:
* rapid7/metasploit-payloads#662
* rapid7/metasploit-payloads#660
2023-06-20 15:14:18 -04:00
7e3e30f9d0
Bump Mettle Version
2023-06-19 11:56:52 +02:00
8c4c260911
Mettle now supports aarch64-apple-darwin
...
This bumps the metasploit_payloads-mettle version to enable the new
target triple.
2023-06-19 10:57:37 +02:00
8f11798f5f
Update unknown windows errors on python meterpreter to include hex error code
2023-06-15 11:56:32 +01:00
6f297a8619
Land #18102 , bump metasploit-payloads 2.0.140
...
This metasploit-payloads bump is a fix for false negatives
on files not existing on windows python meterpreter
2023-06-14 13:51:27 -04:00
d3fa7608db
Land #18103 , lock nokogiri due to compile issue
2023-06-14 11:40:08 -05:00
b2d0cdaa28
lock nokogiri due to compile issue
2023-06-14 11:21:49 -05:00
00d1f03b8a
Fix false negatives on files not existing on windows python meterpreter
2023-06-14 17:09:06 +01:00
793e0887ff
Fix osx route command when mac addresses are split by dots
2023-06-14 16:43:51 +01:00
d6a50acf83
Fix python meterpreter subprocess deadlock and file descriptor leak
2023-06-14 13:10:46 +01:00
21b2e3a597
Fix python meterpreter crashing when extracting osx network configuration
2023-06-14 12:28:15 +01:00
eab324714d
Update metasploit-payloads gem to 2.0.136
...
Includes changes from:
* rapid7/metasploit-payloads#656
2023-06-09 12:57:02 -04:00
372f9cdcfc
Update metasploit-payloads gem to 2.0.135
...
Includes changes from:
* rapid7/metasploit-payloads#648
* rapid7/metasploit-payloads#637
* rapid7/metasploit-payloads#646
* rapid7/metasploit-payloads#645
* rapid7/metasploit-payloads#643
* rapid7/metasploit-payloads#640
2023-06-02 09:49:57 -04:00
8378435051
Land #17430 , Add AWS SSM Sessions
2023-06-01 11:34:40 -04:00
5a96979363
exclude IDE development collateral from gemspec
2023-05-22 08:28:23 -05:00
713ec6ae76
Merge branch 'master' into feature/aws_ssm_sessions
2023-05-16 14:39:37 -04:00
0a85cba56d
lock msgpack until build resolved
...
MessagePack 1.7.0 gem introduced code not compatible with the current
build env used for nightly packages. This may be addressed in several
ways and has been reported upstream. Lock the version a until a path
forward is determined.
2023-05-02 15:53:26 -05:00
36f9025cea
Update metasploit-payloads gem to 2.0.130
...
Includes changes from:
* rapid7/metasploit-payloads#631
* rapid7/metasploit-payloads#639
* rapid7/metasploit-payloads#634
2023-04-27 13:47:37 -04:00
f1602dd772
Bump payloads to 2.0.127
2023-04-20 18:50:36 -05:00
8e77b70c99
Fix Windows7 Meterpreter crash when in debug mode
2023-04-19 17:30:05 +01:00
afce19d378
Update metasploit-payloads gem to 2.0.125
...
Includes changes from:
* rapid7/metasploit-payloads#633
* rapid7/metasploit-payloads#625
2023-04-14 11:19:33 -04:00
2c8ad1f158
Land #17809 , Add bootsnap for bootup performance
2023-04-14 14:01:12 +01:00
eec0e71dd7
Update metasploit-payloads gem to 2.0.123
...
Includes changes from:
* rapid7/metasploit-payloads#628
2023-04-07 10:45:14 -04:00
653234e1d0
Add bootsnap for bootup performance
2023-04-04 10:35:53 +01:00
876b7c2c0f
Update metasploit-payloads gem to 2.0.122
...
Includes changes from:
* rapid7/metasploit-payloads#621
* rapid7/metasploit-payloads#623
2023-03-09 11:40:45 -05:00
deafceed00
Update documentation, library, and Gemspec from review
2023-03-09 09:28:27 -06:00
d3f84af790
Included mixin for PHP code injection at PNGs
2023-03-09 09:28:14 -06:00
0bf809697c
Update metasploit-payloads gem to 2.0.120
2023-03-07 10:55:07 -06:00
2c1de9b2e4
Update metasploit-payloads gem to 2.0.118
...
Includes changes from:
* rapid7/metasploit-payloads#619
* rapid7/metasploit-payloads#617
* rapid7/metasploit-payloads#610
2023-03-03 17:19:05 -05:00
75ed29964e
Update metasploit-payloads gem to 2.0.115
...
Includes changes from:
* rapid7/metasploit-payloads#614
* rapid7/metasploit-payloads#611
2023-02-28 12:56:34 -05:00
7db2d86147
Update metasploit-payloads gem to 2.0.113
...
Includes changes from:
* rapid7/metasploit-payloads#604
* rapid7/metasploit-payloads#605
* rapid7/metasploit-payloads#607
* rapid7/metasploit-payloads#606
* rapid7/metasploit-payloads#609
2023-02-24 12:09:21 -05:00
bdb0cadc4f
Land #17291 , Add support for rails 7
2023-01-26 11:50:29 -06:00
672fb9ce9f
Land #17460 , add support for feature kerberos authentication
2023-01-26 17:47:27 +00:00
149870d8a5
update Ruby version requirement
2023-01-23 09:57:16 -06:00
15237e5154
Update metasploit-payloads gem to 2.0.108
...
Includes changes from:
* rapid7/metasploit-payloads#599
* rapid7/metasploit-payloads#600
* rapid7/metasploit-payloads#602
2023-01-20 09:21:28 -05:00
3624bee263
Initial implementation for AWS SSM shells
...
Amazon Web Services provides conveniently privileged backdoors in
the form of their SSM agents which do not require connectivity with
the target instance, merely valid credentials to AWS' API. Due to
this indirect "connection" paradigm, this mechanism can be used to
control otherwise "air-gapped" targets.
This approach abstracts asynchronous request/response parsing for
SSM requests into an IO channel with which the AWS SSM client is
then wrapped to emulate the expected Stream. The mechanism is rather
raw and could use better error handling, retries on laggy output,
and a threadsafe cursor implementation. It may be possible to start
an actually interactive session using the #start_session method in
the AWS client library, but so far testing has not yielded positive
results.
There is a significant limitation with these sessions not present
in normal stream-wise abstractions: a response limit of 2500 chars.
This limitation can be overcome by utilizing an S3 bucket to store
command output; however, due to the nature of access we seek to
obtain, it would not only add to the logged event loads but retain
the results of our TTPs in a "buffer" accessible to other people.
This functionality can be added down the line in the form of S3
config options in the handler to be passed into the SSM client for
command execution and acquisition of output.
Testing:
Gets sessions, provides command IO, leaves a bunch of log entries
in CloudTrail (something to keep in mind for opsec considerations).
Next steps:
Reorganize our WebSocket code a bit to provide connection and WS
state management inside Rex::Proto::Http::Client which can then be
exposed to the Handler without having to mix-in other namespaces
from Exploit.
Use the #start_session SSM Client method to extract the WS URL
for the relevant channel, and utilize that as the underpinning for
our session comms.
2022-12-31 15:04:27 -05:00
sjanusz-r7