Matt Weeks scriptjunkie

@scriptjunkie
@scriptjunkie
Add JBoss Seam 2 upload and execute module
2 commits with 311 additions and 0 deletions
@scriptjunkie

Tested and validated it works!

@scriptjunkie

spellcheck to mipsle?

@scriptjunkie

I don't know for sure if calc's weird behavior is related to warbird, but that's what I'm assuming. http://thisissecurity.net/2014/10/15/warbird-op…

@scriptjunkie

Don't use win7 calc. It has weird DRM stuff in it. Try this as an experiment. Copy Win7's calc from system32 to the desktop (No changes). Double-cl…

@scriptjunkie
Use payload, not generate, in payload modules
@scriptjunkie

Agreed!

@scriptjunkie

Merged as 1) Fixes the initial bugs 2) Provides a good way forward to enable further prepend payload enhancements 3) Doesn't alter the classic payl…

@scriptjunkie
@scriptjunkie
Reworks how payload prepends work internally, see #1674
1 commit with 48 additions and 33 deletions
@scriptjunkie
@scriptjunkie

I only see two exploits that call payload.generate, which we should swap with .generate_raw or .generate_complete: exploits/windows/misc/gimp_scrip…

@scriptjunkie

Done. I still use stay-with-request-host as the default, because changing host = lost shells. So I think if someone wants to move their callbacks, …

@scriptjunkie
  • @scriptjunkie dfbc50f
    Make Host header override optional
@scriptjunkie
Use host header in reverse_http(s)
1 commit with 11 additions and 9 deletions
@scriptjunkie
@scriptjunkie

-I'm not sure what else I can do to show it a. fixes bugs and b. doesn't break anything aside from maybe stepping through source: -Generate in Msf:…

@scriptjunkie

Yeah, just set the SSL flag if the URL starts with "https" - I was talking about the SSL on the controller side, not the shellcode side; I see wher…

@scriptjunkie

I think we really need a monolithic all-in-one, so we have the flexibility to choose all the combinations of options (e.g. S4U and VSS...)

@scriptjunkie

hey @bannedit, is there actually any difference between the HTTP and HTTPS reverse hop handlers? I originally thought there would have to be to dea…

@scriptjunkie

"Post Successful"

@scriptjunkie

remove this commented-out block

@scriptjunkie

ditto

@scriptjunkie

Spellcheck performance

@scriptjunkie

Don't leave commented-out code in the source. If it's something that might be useful while debugging, try vprint_debug, which will only output when…

@scriptjunkie
@scriptjunkie
Add post module to phish windows user credentials
2 commits with 146 additions and 0 deletions
@scriptjunkie

When you're waiting for the process to start, it looks like the procmon method runs a tight polling loop; I don't see any added delays. It seems li…