adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
56,079 Commits 27 Branches 1,043 Tags
1116635477d8d168131048e52d055eeac7b0630a
Commit Graph

2498 Commits

Author SHA1 Message Date
L 7dc1b8afb4 Update data/ysoserial_payloads.json 2020-04-27 10:50:09 -05:00
Tim W bba9b76d25 fix infinite loop in find_macho 
fix osx loader to work within python macho
 2020-04-24 15:13:57 +08:00
bwatters-r7 b9e83bd055 Update VS build destination 2020-04-13 18:20:20 -05:00
b4rtik e3c8c6b0cc Enabled output from clr loading 2020-04-10 15:06:39 -05:00
b4rtik b4d2dfe753 Added EtwEventWrite patching 2020-04-10 15:06:00 -05:00
b4rtik 8743cdfecc Update and USETHREADTOKEN 2020-04-10 15:05:20 -05:00
b4rtik 4c26fa7a67 Fix arguments managing 2020-04-10 15:05:19 -05:00
b4rtik 1476f08dd0 Fix arguments managing 2020-04-10 15:05:18 -05:00
b4rtik baf25fb064 Removed dependency on vc runtime 2020-04-10 15:04:51 -05:00
b4rtik a3abfb13da Some fix 2020-04-10 14:57:41 -05:00
b4rtik 33cd725562 Add dynamic size for assembly and args 2020-04-10 14:57:37 -05:00
bwatters-r7 182bd67287 Land #13187, Add LPE Exploit For CVE-2020-0796 (AKA: SMBGhost) 
Merge branch 'land-13187' into upstream-master
 2020-04-03 11:19:50 -05:00
Brent Cook 8451c1345b Land #10579, add sharphound post module, upstream updating tool 2020-04-03 09:10:40 -05:00
Brent Cook f848f735a6 update sharphound to latest 2020-04-02 21:32:39 -05:00
Spencer McIntyre 3392fa18d4 Add the x64 LPE exploit for CVE-2020-0796 2020-04-02 17:22:00 -04:00
William Vu 8f6331d0d5 Pretty-print JSON in data/ysoserial_payloads.json 
jq . data/ysoserial_payloads.json
 2020-03-13 14:04:32 -05:00
Tim W e36db605a6 Land #12907, update unix_users.txt 2020-02-27 15:18:31 +08:00
Brent Cook f59ec03c42 Land #12465, add Android Binder UAF (CVE-2019-2215) 2020-02-23 01:06:33 -08:00
h00die 91add39ceb extra blank line removed 2020-02-09 19:05:46 -05:00
h00die 65951dd97b nnposter list 2020-02-09 19:04:03 -05:00
h00die b997e5679f update bloodhound to recent version 2020-02-08 16:06:06 -05:00
h00die cca3184b36 update userlist to ubuntu 18.04 lamp 2020-02-03 19:07:08 -05:00
Christophe De La Fuente 394e99fbe9 Land #12568, Fix exploit/windows/local/ms16_032_secondary_logon_handle_privesc 2020-01-30 11:57:56 +01:00
cdelafuente-r7 3491da7da0 Add a random sentinel to close channel when terminates (#1) 
* Add a random sentinel to close channel when terminates

* Replace spaces with tabs to be consistent

* Remove unnecessary escaped quotes and use include? instead of regex
 2020-01-25 23:30:49 +01:00
Tim W cfffb65a21 Land #12859, update AF_PACKET chocobo_root linux LPE 2020-01-24 17:30:13 +08:00
Brent Cook 6f6cc00871 Land #12751, add Linux RDS socket NP deref privesc 2020-01-22 07:08:47 -06:00
Brendan Coles 19b1f567b2 Update AF_PACKET chocobo_root Privilege Escalation module 2020-01-19 11:51:01 +00:00
Brendan Coles 36b6ceb56f Add rds_atomic_free_op_null_pointer_deref_priv_esc (CVE-2018-5333) 2020-01-18 08:34:52 +00:00
Cory Kennedy a8f8502d19 Update haKCers.txt 
Corrected minor (but major - sorry!) transposition error on line 18.
 2019-12-20 09:05:49 -06:00
Shelby Pace 894927d960 Land #12693, add Comahawk privilege escalation 2019-12-18 15:40:51 -06:00
Brent Cook e1e668d7da Land #12651, add OpenMRS deserialization exploit 2019-12-16 11:31:24 -06:00
bwatters-r7 7e05642a1b Randomize container name 2019-12-12 07:48:01 -06:00
bwatters-r7 0257861c4f Remove debug statements and extra c/ruby libraries 2019-12-11 18:42:36 -06:00
bwatters-r7 942d1e3962 Trim exploit code and de-pasta-fy module 
Better check for build number
 2019-12-10 18:09:08 -06:00
bwatters-r7 8a9dd35793 First draft of windows comahawk priv esc 2019-12-09 19:09:15 -06:00
Shelby Pace 4c95150491 add xml erb file 2019-12-02 08:44:37 -06:00
Brent Cook f8c84c9928 Land #12530, add encrypted, compilable shell payloads 2019-11-21 08:59:46 -06:00
Shelby Pace deb57a1df0 add modified chacha implementation, format_uuid 2019-11-19 20:16:16 -06:00
Cory Kennedy a66a59ae2a Changed Filename 2019-11-13 20:26:49 -06:00
Cory Kennedy 03117ea685 Update SecKC.txt 2019-11-13 20:26:01 -06:00
lle-bout 6766d9f6f7 Fix exploit/windows/local/ms16_032_secondary_logon_handle_privesc 
- Powershell script was outdated.
   Updated from https://www.exploit-db.com/exploits/39719

 - Powershell script was buggy when current directory
   was set to e.g. C:\ProgramData. (Get-Item Error)
   Fixed.

 - Stager was being dropped to current directory, but
   it is not guaranteed that we always have permission
   to write a file there. Use %TEMP% instead.

 - Exploit only seems to work when executed under
   a powershell of the same architecture as the
   host. (Not WOW64)
   This module now ensures that no matter the
   architecture of the meterpreter, a powershell
   of the same architecture as the host is being
   run. (Using Sysnative directory when on WOW64)

 - Stager was broken, now generating stager with Rex
   and dropping stager as `.ps1` instead of `.txt`.

   Ideally the exploit should be rewritten to
   accept a shellcode payload directly or a smaller
   stager powershell should be created so that it
   fits in under 1024 bytes and can be fed directly
   to CreateProcessWithLogonW without dropping to
   disk.
 2019-11-13 05:01:47 +01:00
Cory Kennedy 7d9ab29c8c Create SecKC.txt 2019-11-12 15:55:26 -06:00
Jeff McJunkin 8b462083be Update banner for MSF5 2019-11-07 20:47:44 +11:00
Shelby Pace 8bb1c5102b opt for inline asm instead of pre-compiled object 2019-10-31 11:55:40 -05:00
Brendan Coles 991ccdbda5 Land #12106, Add Linux PTRACE_TRACEME local root exploit 2019-10-23 14:01:14 +00:00
Tim W a5a3e28984 Initial commit of CVE-2019-2215 Android Binder Use-After-Free 2019-10-17 18:48:49 +08:00
Shelby Pace b674f3dda3 add AlignRSP call, remove begin from linker script 2019-10-10 12:16:10 -05:00
Shelby Pace 12f4a89629 remove 64bithelper, add VirtualFree 2019-10-10 12:16:10 -05:00
Shelby Pace c3a7d377f4 add payload for X64 arch 2019-10-10 12:16:10 -05:00
Shelby Pace 64145cdbf2 add header files 2019-10-10 12:16:09 -05:00