sjanusz-r7
c73e815974
Bump metasploit-payloads
2023-10-24 15:46:18 +01:00
Spencer McIntyre
7f7f106b92
Update metasploit-payloads gem to 2.0.156
...
Includes changes from:
* rapid7/metasploit-payloads#672
* rapid7/metasploit-payloads#678
2023-10-11 14:05:45 -04:00
adfoster-r7
d11f15b9af
Update gem dependencies
2023-10-06 15:49:06 +01:00
sjanusz-r7
e70f356239
Show errors on inaccessible payload files
2023-10-02 14:46:25 +01:00
dwelch-r7
1878c08293
Land #18276 , Add sasl scram 256 auth support to postgres modules
2023-08-18 14:34:51 +01:00
Rory McKinley
d154247c84
Introduce `ruby-mysql` gem
2023-08-14 21:34:01 +02:00
adfoster-r7
98ac76d54f
Add sasl scram 256 auth support to postgres modules
2023-08-09 16:41:01 +01:00
Spencer McIntyre
39382c4652
Land #17600 , Add AWS Instance Connect Sessions
...
Implement AWS Instance Connect Sessions
2023-08-03 12:06:29 -04:00
adfoster-r7
a643fa517a
Give better error messages when failing to load mettle extensions
2023-08-02 23:03:27 +01:00
adfoster-r7
9a40e2612b
Land #17129 , Add OSX Aarch64 Payload support
2023-08-02 18:37:56 +01:00
Jeffrey Martin
eaa4768547
add aws-sdk-ec2instanceconnect gem
2023-08-01 15:04:30 -04:00
adfoster-r7
fa0e53775f
Update PHP Meterpreter to correctly show file sizes for large files
2023-06-30 10:22:13 +01:00
adfoster-r7
50c675cc90
Fix windows Meterpreter clipboard manipulation access denied errors
2023-06-29 00:00:48 +01:00
adfoster-r7
7aa1dafc1f
Fix windows python meterpreter getuid intermittent crash
2023-06-23 15:30:02 +01:00
Spencer McIntyre
5d96b23d19
Update metasploit-payloads gem to 2.0.143
...
Includes changes from:
* rapid7/metasploit-payloads#662
* rapid7/metasploit-payloads#660
2023-06-20 15:14:18 -04:00
usiegl00
7e3e30f9d0
Bump Mettle Version
2023-06-19 11:56:52 +02:00
usiegl00
8c4c260911
Mettle now supports aarch64-apple-darwin
...
This bumps the metasploit_payloads-mettle version to enable the new
target triple.
2023-06-19 10:57:37 +02:00
adfoster-r7
8f11798f5f
Update unknown windows errors on python meterpreter to include hex error code
2023-06-15 11:56:32 +01:00
Jack Heysel
6f297a8619
Land #18102 , bump metasploit-payloads 2.0.140
...
This metasploit-payloads bump is a fix for false negatives
on files not existing on windows python meterpreter
2023-06-14 13:51:27 -04:00
Jeffrey Martin
d3fa7608db
Land #18103 , lock nokogiri due to compile issue
2023-06-14 11:40:08 -05:00
Jeffrey Martin
b2d0cdaa28
lock nokogiri due to compile issue
2023-06-14 11:21:49 -05:00
adfoster-r7
00d1f03b8a
Fix false negatives on files not existing on windows python meterpreter
2023-06-14 17:09:06 +01:00
adfoster-r7
793e0887ff
Fix osx route command when mac addresses are split by dots
2023-06-14 16:43:51 +01:00
adfoster-r7
d6a50acf83
Fix python meterpreter subprocess deadlock and file descriptor leak
2023-06-14 13:10:46 +01:00
adfoster-r7
21b2e3a597
Fix python meterpreter crashing when extracting osx network configuration
2023-06-14 12:28:15 +01:00
Spencer McIntyre
eab324714d
Update metasploit-payloads gem to 2.0.136
...
Includes changes from:
* rapid7/metasploit-payloads#656
2023-06-09 12:57:02 -04:00
Spencer McIntyre
372f9cdcfc
Update metasploit-payloads gem to 2.0.135
...
Includes changes from:
* rapid7/metasploit-payloads#648
* rapid7/metasploit-payloads#637
* rapid7/metasploit-payloads#646
* rapid7/metasploit-payloads#645
* rapid7/metasploit-payloads#643
* rapid7/metasploit-payloads#640
2023-06-02 09:49:57 -04:00
Spencer McIntyre
8378435051
Land #17430 , Add AWS SSM Sessions
2023-06-01 11:34:40 -04:00
Jeffrey Martin
5a96979363
exclude IDE development collateral from gemspec
2023-05-22 08:28:23 -05:00
RageLtMan
713ec6ae76
Merge branch 'master' into feature/aws_ssm_sessions
2023-05-16 14:39:37 -04:00
Jeffrey Martin
0a85cba56d
lock msgpack until build resolved
...
MessagePack 1.7.0 gem introduced code not compatible with the current
build env used for nightly packages. This may be addressed in several
ways and has been reported upstream. Lock the version a until a path
forward is determined.
2023-05-02 15:53:26 -05:00
Spencer McIntyre
36f9025cea
Update metasploit-payloads gem to 2.0.130
...
Includes changes from:
* rapid7/metasploit-payloads#631
* rapid7/metasploit-payloads#639
* rapid7/metasploit-payloads#634
2023-04-27 13:47:37 -04:00
bwatters
f1602dd772
Bump payloads to 2.0.127
2023-04-20 18:50:36 -05:00
adfoster-r7
8e77b70c99
Fix Windows7 Meterpreter crash when in debug mode
2023-04-19 17:30:05 +01:00
Spencer McIntyre
afce19d378
Update metasploit-payloads gem to 2.0.125
...
Includes changes from:
* rapid7/metasploit-payloads#633
* rapid7/metasploit-payloads#625
2023-04-14 11:19:33 -04:00
dwelch-r7
2c8ad1f158
Land #17809 , Add bootsnap for bootup performance
2023-04-14 14:01:12 +01:00
Spencer McIntyre
eec0e71dd7
Update metasploit-payloads gem to 2.0.123
...
Includes changes from:
* rapid7/metasploit-payloads#628
2023-04-07 10:45:14 -04:00
adfoster-r7
653234e1d0
Add bootsnap for bootup performance
2023-04-04 10:35:53 +01:00
Spencer McIntyre
876b7c2c0f
Update metasploit-payloads gem to 2.0.122
...
Includes changes from:
* rapid7/metasploit-payloads#621
* rapid7/metasploit-payloads#623
2023-03-09 11:40:45 -05:00
Grant Willcox
deafceed00
Update documentation, library, and Gemspec from review
2023-03-09 09:28:27 -06:00
h00die-gr3y
d3f84af790
Included mixin for PHP code injection at PNGs
2023-03-09 09:28:14 -06:00
Grant Willcox
0bf809697c
Update metasploit-payloads gem to 2.0.120
2023-03-07 10:55:07 -06:00
Spencer McIntyre
2c1de9b2e4
Update metasploit-payloads gem to 2.0.118
...
Includes changes from:
* rapid7/metasploit-payloads#619
* rapid7/metasploit-payloads#617
* rapid7/metasploit-payloads#610
2023-03-03 17:19:05 -05:00
Spencer McIntyre
75ed29964e
Update metasploit-payloads gem to 2.0.115
...
Includes changes from:
* rapid7/metasploit-payloads#614
* rapid7/metasploit-payloads#611
2023-02-28 12:56:34 -05:00
Spencer McIntyre
7db2d86147
Update metasploit-payloads gem to 2.0.113
...
Includes changes from:
* rapid7/metasploit-payloads#604
* rapid7/metasploit-payloads#605
* rapid7/metasploit-payloads#607
* rapid7/metasploit-payloads#606
* rapid7/metasploit-payloads#609
2023-02-24 12:09:21 -05:00
Jeffrey Martin
bdb0cadc4f
Land #17291 , Add support for rails 7
2023-01-26 11:50:29 -06:00
adfoster-r7
672fb9ce9f
Land #17460 , add support for feature kerberos authentication
2023-01-26 17:47:27 +00:00
Jeffrey Martin
149870d8a5
update Ruby version requirement
2023-01-23 09:57:16 -06:00
Spencer McIntyre
15237e5154
Update metasploit-payloads gem to 2.0.108
...
Includes changes from:
* rapid7/metasploit-payloads#599
* rapid7/metasploit-payloads#600
* rapid7/metasploit-payloads#602
2023-01-20 09:21:28 -05:00
RageLtMan
3624bee263
Initial implementation for AWS SSM shells
...
Amazon Web Services provides conveniently privileged backdoors in
the form of their SSM agents which do not require connectivity with
the target instance, merely valid credentials to AWS' API. Due to
this indirect "connection" paradigm, this mechanism can be used to
control otherwise "air-gapped" targets.
This approach abstracts asynchronous request/response parsing for
SSM requests into an IO channel with which the AWS SSM client is
then wrapped to emulate the expected Stream. The mechanism is rather
raw and could use better error handling, retries on laggy output,
and a threadsafe cursor implementation. It may be possible to start
an actually interactive session using the #start_session method in
the AWS client library, but so far testing has not yielded positive
results.
There is a significant limitation with these sessions not present
in normal stream-wise abstractions: a response limit of 2500 chars.
This limitation can be overcome by utilizing an S3 bucket to store
command output; however, due to the nature of access we seek to
obtain, it would not only add to the logged event loads but retain
the results of our TTPs in a "buffer" accessible to other people.
This functionality can be added down the line in the form of S3
config options in the handler to be passed into the SSM client for
command execution and acquisition of output.
Testing:
Gets sessions, provides command IO, leaves a bunch of log entries
in CloudTrail (something to keep in mind for opsec considerations).
Next steps:
Reorganize our WebSocket code a bit to provide connection and WS
state management inside Rex::Proto::Http::Client which can then be
exposed to the Handler without having to mix-in other namespaces
from Exploit.
Use the #start_session SSM Client method to extract the WS URL
for the relevant channel, and utilize that as the underpinning for
our session comms.
2022-12-31 15:04:27 -05:00