adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
72,088 Commits 27 Branches 1,043 Tags
0cae369a455a1a60ac1265509b849162694de4bc
Commit Graph

2928 Commits

Author SHA1 Message Date
h00die b3b1595ef4 vmware aria ssh keys exploit 2023-10-16 13:06:17 -04:00
Spencer McIntyre 5a6dc7f9a6 Initial commit of CVE-2023-43654 2023-10-12 09:27:26 -04:00
Christophe De La Fuente 1058291af9 Land #18314, Windows Error Reporting RCE (CVE-2023-36874) 2023-09-27 15:25:06 +02:00
bwatters be731f330e Add error checking and randomize the report directory 2023-09-22 14:43:21 -05:00
bwatters b4a1bb8fa2 Add docs and support for shell sessions; update exe to work without runtime lib. 2023-09-19 17:50:18 -05:00
Simon Janusz 8b56dc0117 Land #18250, CVE-2023-28252: Windows CLFS Driver Privilege Escalation 2023-09-14 10:18:29 +01:00
h00die 94657d317b another round of review comments 2023-09-11 14:29:20 -04:00
bwatters 91e7af4370 Added check, some stealth, and cleaned code 2023-09-05 14:29:13 -05:00
bwatters ccba494e61 Exploit working, still needs to be cleaned up 2023-08-29 18:01:44 -05:00
bwatters c69e983b30 Add module to create directory structures and upload/run exploit 2023-08-25 15:41:25 -05:00
Jack Heysel 97dd22032c Responded to comments, improved stability 2023-08-21 19:20:25 -04:00
cgranleese-r7 89f8deb672 Land #18253, Add CVE-2023-34634, Greenshot Fileformat exploit 2023-08-17 15:30:02 +01:00
Jack Heysel bcfc892195 General code clean up 2023-08-04 14:27:14 -04:00
bwatters 59e3760509 First attempt at CVE-2023-34634 2023-08-03 10:58:07 -05:00
adfoster-r7 9a40e2612b Land #17129, Add OSX Aarch64 Payload support 2023-08-02 18:37:56 +01:00
adfoster-r7 89cd524acb Update osx templates makefile and compile binaries 2023-08-02 01:26:18 +01:00
Jack Heysel 416124705f Working in metasploit 2023-07-28 03:43:37 -04:00
h00die-gr3y a3daab88e6 Added documentation and updated exploitable plugins list 2023-07-25 14:06:42 +01:00
bwatters 297c484a1c Land #18173, Add Openfire Authentication Bypass RCE [CVE-2023-32315] 
Merge branch 'land-18173' into upstream-master
 2023-07-18 18:13:20 -05:00
bwatters b15d595de2 Adjust files to be better shared 2023-07-14 12:47:04 -05:00
h00die-gr3y 8edbf73b6f first release exploit module 2023-07-08 09:48:17 +00:00
h00die 375a315b3d woocommerce payments auth bypass 2023-07-04 13:05:07 -04:00
Ashley Donaldson 6772740f86 Fix bug in HostingCLR relating to the first argument passed to a dotnet assembly. 2023-06-28 09:24:33 +10:00
Spencer McIntyre 67f7a33d77 Land #18114, .NET assembly execution enhancements 
Allow .NET assembly execution within the meterpreter process
 2023-06-27 09:32:43 -04:00
Spencer McIntyre 767b22f7ef Recompile the DLL 2023-06-27 09:31:24 -04:00
Ashley Donaldson 65a4dd3c39 Change ETW bypass method, so that CLR memory can be freed. 
Fixed a crash and broken logic in hosting clr code.
 2023-06-26 09:54:00 +10:00
Ashley Donaldson 977f8732c6 Fix cleanup code. 
The _AppDomainPtr, _AssemblyPtr and _MethodInfoPtr variables are COM smart pointers which will auto-Release() when they go out of scope, so we should not directly Release() them.
 2023-06-23 14:01:45 +10:00
Ashley Donaldson a7ce4c7fa8 Free memory from the C++ side, rather than the Ruby side. 2023-06-23 09:57:53 +10:00
Jeffrey Martin 1b562dd02b Revert "Improve AMSI bypass on new Windows" 
This reverts commit f97ab80224, reversing
changes made to c8f942cc03.

This change impacted the default `psexec` powershell target and needs further
testing to be reintroduced.
 2023-06-21 16:35:41 -05:00
Ashley Donaldson 6e438d338e Modify execute_dotnet_assembly to run in existing processes (including our own process) and receive output. 2023-06-21 12:04:09 +10:00
usiegl00 658c87996d Hotwire MachO Signing 
This commit hotwires in executable signing to some of the aarch64 osx
payloads in order to ensure that they are fully functional.
 2023-06-19 10:57:37 +02:00
usiegl00 5f8767f4cf M1ssion Dyld Mettle: Aarch64 Payloads 
This builds on Back from the dyld by adding the required aarch64
assembly code to enable the OSX loader to run on the m1. This enables
the use of native payloads on M1 or M2 devices that do not have Rosetta
installed.
 2023-06-19 10:57:37 +02:00
Jack Heysel c98cc00de9 Land #18075, RocketMQ version scanner 2023-06-13 18:15:34 -04:00
Jack Heysel f97ab80224 Land #17942, Improve AMSI bypass on new Windows 
The script generated by the web_delivery module is blocked
by the Antimalware Scan Interface (AMSI) on newer versions
of windows. This PR allows the script to bypass AMSI.
 2023-06-12 18:50:48 -04:00
h00die 3e538a34af review comments 2023-06-08 16:38:22 -04:00
Grant Willcox 7ca7c6aee1 Slight efficiency improvements 2023-05-24 17:36:39 -05:00
Grant Willcox 9e8d1ed2ea Add in Java class file, raw source code, and tidy up the module a bit 2023-05-24 13:17:48 -05:00
space-r7 60f6574bf3 Land #17965, add module for AD CS cert management 2023-05-22 09:50:53 -05:00
Spencer McIntyre 8258657a45 Add the ESC1 certificate template 2023-05-22 09:21:24 -04:00
Grant Willcox e5c636f931 Move folder descriptions into README.md files 2023-05-03 14:06:13 -05:00
Christophe De La Fuente 62806caeae Update web_delivery 2023-04-28 16:09:51 +02:00
Christophe De La Fuente a6b478e046 Land #17832, Two modules for UniRPC - CVE-2023-28502 and CVE-2023-28503 2023-04-12 11:43:13 +02:00
Ron Bowes 41fe44ef1a Merge branch 'master' into unirpc-auth-bypass 2023-03-29 08:03:05 -07:00
Ron Bowes 6897be4b01 Add two Metasploit modules for UniData vulnerabilities 2023-03-29 08:01:50 -07:00
Christophe De La Fuente 6d4ee0c071 Add exploit for CVE-2023-21768 2023-03-27 20:08:22 +02:00
adfoster-r7 236de61130 Land #17583, Enhances info -d with references to AttackerKB 2023-03-21 12:38:36 +00:00
Tod Beardsley de58b96d2a Add "a good example" of a LastPass password 
When setting a new master password, LastPass helpfully suggests "r50$K28vaIFiYxaY" as a good example.

Sure, sounds good to me.
 2023-03-07 13:32:50 -06:00
Spencer McIntyre 025ba6775d Add a README file with some basic information 2023-02-09 15:09:50 -05:00
Spencer McIntyre 126e3a9c9a Add larger 256KiB DLL templates 2023-02-09 15:09:50 -05:00
Spencer McIntyre 2608852d8c Consolidate gdiplus build code 
This references the main dll/template.c code as the mixed-mode variant
already does. This will make future changes easier as we won't need to
copy them from the main to this one.

See https://github.com/rapid7/metasploit-framework/pull/8509 for the
origin of these files.
 2023-02-09 15:09:50 -05:00