20cc2fa38d
* Adds Exploit::EXE to windows/postgres/postgres_payload. This gives us the ability to use generate_payload_dll() which generates a generic dll that spawns rundll32 and runs the shellcode in that process. This is basically what the linux version accomplishes by compiling the .so on the fly. On major advantage of this is that the resulting DLL will work on pretty much any version of postgres * Adds Exploit::FileDropper to windows version as well. This gives us the ability to delete the dll via the resulting session, which works because the template dll contains code to shove the shellcode into a new rundll32 process and exit, thus leaving the file closed after Postgres calls FreeLibrary. * Adds pre-auth fingerprints for 9.1.5 and 9.1.6 on Ubuntu and 9.2.1 on Windows * Adds a check method to both Windows and Linux versions that simply makes sure that the given credentials work against the target service. * Replaces the version-specific lo_create method with a generic technique that works on both 9.x and 8.x * Fixes a bug when targeting 9.x; "language C" in the UDF creation query gets downcased and subsequently causes postgres to error out before opening the DLL * Cleans up lots of rdoc in Exploit::Postgres |
||
---|---|---|
data | ||
documentation | ||
external | ||
lib | ||
modules | ||
plugins | ||
scripts | ||
spec | ||
test | ||
tools | ||
.gitignore | ||
.rspec | ||
.travis.yml | ||
CONTRIBUTING.md | ||
COPYING | ||
Gemfile | ||
Gemfile.lock | ||
HACKING | ||
README.md | ||
Rakefile | ||
THIRD-PARTY.md | ||
armitage | ||
msfbinscan | ||
msfcli | ||
msfconsole | ||
msfd | ||
msfelfscan | ||
msfencode | ||
msfgui | ||
msfmachscan | ||
msfpayload | ||
msfpescan | ||
msfrop | ||
msfrpc | ||
msfrpcd | ||
msfupdate | ||
msfvenom |
README.md
Metasploit
The Metasploit Framework is released under a BSD-style license. See COPYING for more details.
The latest version of this software is available from http://metasploit.com/
Bug tracking and development information can be found at: https://dev.metasploit.com/redmine/projects/framework/
The public GitHub source repository can be found at: https://github.com/rapid7/metasploit-framework
Questions and suggestions can be sent to: msfdev(at)metasploit.com
The framework mailing list is the place to discuss features and ask for help. To subscribe, visit the following web page: https://mail.metasploit.com/mailman/listinfo/framework
The mailing list archives are available from: https://mail.metasploit.com/pipermail/framework/
Installing
Generally, you should use the installer which contains all dependencies and will get you up and running with a few clicks. See the Dev Environment Setup if you'd like to deal with dependencies on your own.
Using Metasploit
Metasploit can do all sorts of things. The first thing you'll want to do
is start msfconsole
, but after that, you'll probably be best served by
reading some of the great tutorials online:
Contributing
See the Dev Environment Setup guide on GitHub which will walk you through the whole process starting from installing all the dependencies, to cloning the repository, and finally to submitting a pull request. For slightly more info, see Contributing.