3392fa18d4
Add the x64 LPE exploit for CVE-2020-0796
2020-04-02 17:22:00 -04:00
f59ec03c42
Land #12465 , add Android Binder UAF (CVE-2019-2215)
2020-02-23 01:06:33 -08:00
394e99fbe9
Land #12568 , Fix exploit/windows/local/ms16_032_secondary_logon_handle_privesc
2020-01-30 11:57:56 +01:00
3491da7da0
Add a random sentinel to close channel when terminates ( #1 )
...
* Add a random sentinel to close channel when terminates
* Replace spaces with tabs to be consistent
* Remove unnecessary escaped quotes and use include? instead of regex
2020-01-25 23:30:49 +01:00
cfffb65a21
Land #12859 , update AF_PACKET chocobo_root linux LPE
2020-01-24 17:30:13 +08:00
6f6cc00871
Land #12751 , add Linux RDS socket NP deref privesc
2020-01-22 07:08:47 -06:00
19b1f567b2
Update AF_PACKET chocobo_root Privilege Escalation module
2020-01-19 11:51:01 +00:00
36b6ceb56f
Add rds_atomic_free_op_null_pointer_deref_priv_esc (CVE-2018-5333)
2020-01-18 08:34:52 +00:00
894927d960
Land #12693 , add Comahawk privilege escalation
2019-12-18 15:40:51 -06:00
7e05642a1b
Randomize container name
2019-12-12 07:48:01 -06:00
0257861c4f
Remove debug statements and extra c/ruby libraries
2019-12-11 18:42:36 -06:00
942d1e3962
Trim exploit code and de-pasta-fy module
...
Better check for build number
2019-12-10 18:09:08 -06:00
8a9dd35793
First draft of windows comahawk priv esc
2019-12-09 19:09:15 -06:00
4c95150491
add xml erb file
2019-12-02 08:44:37 -06:00
6766d9f6f7
Fix exploit/windows/local/ms16_032_secondary_logon_handle_privesc
...
- Powershell script was outdated.
Updated from https://www.exploit-db.com/exploits/39719
- Powershell script was buggy when current directory
was set to e.g. C:\ProgramData. (Get-Item Error)
Fixed.
- Stager was being dropped to current directory, but
it is not guaranteed that we always have permission
to write a file there. Use %TEMP% instead.
- Exploit only seems to work when executed under
a powershell of the same architecture as the
host. (Not WOW64)
This module now ensures that no matter the
architecture of the meterpreter, a powershell
of the same architecture as the host is being
run. (Using Sysnative directory when on WOW64)
- Stager was broken, now generating stager with Rex
and dropping stager as `.ps1` instead of `.txt`.
Ideally the exploit should be rewritten to
accept a shellcode payload directly or a smaller
stager powershell should be created so that it
fits in under 1024 bytes and can be fed directly
to CreateProcessWithLogonW without dropping to
disk.
2019-11-13 05:01:47 +01:00
991ccdbda5
Land #12106 , Add Linux PTRACE_TRACEME local root exploit
2019-10-23 14:01:14 +00:00
a5a3e28984
Initial commit of CVE-2019-2215 Android Binder Use-After-Free
2019-10-17 18:48:49 +08:00
4710322cd7
Land #11762 , add sosreport privesc
2019-09-24 09:48:57 -05:00
bade8bfc48
add live compiling
2019-09-03 17:31:04 +08:00
dc07b78dcd
@LoadLow Marks the generated ODT file readonly
2019-08-18 18:36:31 +02:00
9b1a3b4033
Marks the generated ODT file readonly
...
Prevents autosave and further modifications after opening the document on the target system.
2019-08-18 17:59:25 +02:00
e6b72b5b43
Cleanup odt metadata
...
Metadata part is not mandatory on ODT files
2019-08-18 17:51:36 +02:00
409b3c9c4b
using python payload for platform independence
2019-08-16 15:36:42 -05:00
5f478b7fd6
Adds exploit module for CVE-2019-9848
...
uses on dom-loaded event (triggered just after opening the document) and still working on 6.2.5
2019-07-30 23:07:20 +02:00
c47caec03f
Land #12107 , Add module Redis Unauthenticated Code Execution
2019-07-28 21:40:03 -05:00
07f3c074d4
Add doc and enhance the module.
2019-07-20 00:17:57 +08:00
b6697f5016
Add redis rce module and data stuff.
...
To do:
1. Check env of system and compiler.
2. Add a compiled so file to be compatible with windows and mac.
3. Add doc.
2019-07-17 15:33:02 +08:00
27bb166938
Land #12011 , Add module for cve-2018-8453
2019-07-15 11:31:07 -05:00
5c0bbbbaa0
Land #12070 , Add module for CVE-2019-0841
2019-07-15 09:32:47 -05:00
f7c252eef3
move source to external/source directory
2019-07-09 09:08:28 -05:00
a55aea33a9
Add cve-2018-8453 exploit module
2019-07-09 07:15:13 -05:00
c69799262d
fixed issue with hard link exe
2019-07-03 15:44:00 -05:00
a83812ad55
add source code, compiled exe for diaghub loading
2019-07-03 14:32:22 -05:00
e50ab5cd13
Land #11726 , add exploit for CVE-2019-8513, macOS TimeMachine cmd injection
2019-06-29 05:36:12 -05:00
f3b509a1bc
Implement on_request_uri
2019-06-25 23:47:19 -05:00
d3cd1a3fa0
added VS2013 compiled executables
2019-06-19 15:19:00 -05:00
5b188a02ba
add code that makes hard links
2019-06-06 15:59:53 -05:00
b8abb550e6
Land #11924 , Update adobe_flash_opaque_background_uaf for Win 10
2019-06-04 00:51:34 -05:00
6921ca74d8
add exploit binary
2019-06-02 10:19:24 +08:00
32af9cb897
Initial commit of CVE-2018-4233 for iOS 10
2019-06-02 10:19:24 +08:00
0a6f1d5538
Add support for Windows 10(10240) to CVE-2015-5122
2019-06-01 14:44:30 +09:00
be1d185a04
Add CVE-2019-8565 OSX Feedback Assistant local root exploit
2019-05-07 04:30:47 +08:00
fbbcc2b607
add exploit binary
2019-04-21 16:02:10 +08:00
a5b894dca3
Add sosreport-rhel7.py
2019-04-20 11:56:01 +00:00
54edf3c008
reduced file size
2019-04-16 09:06:44 -05:00
0472f96209
add the exploit binary
2019-04-16 13:09:41 +08:00
c428684732
eject only the malformed images
2019-04-16 13:09:13 +08:00
391e7cf8ef
adjusted font size and color
2019-04-12 14:01:29 -05:00
700562594c
getting session on windows
2019-04-12 14:01:29 -05:00
4873b7c3e6
using a path for both Windows and Linux
2019-04-12 14:01:29 -05:00
Spencer McIntyre