89f8deb672
Land #18253 , Add CVE-2023-34634, Greenshot Fileformat exploit
2023-08-17 15:30:02 +01:00
59e3760509
First attempt at CVE-2023-34634
2023-08-03 10:58:07 -05:00
9a40e2612b
Land #17129 , Add OSX Aarch64 Payload support
2023-08-02 18:37:56 +01:00
89cd524acb
Update osx templates makefile and compile binaries
2023-08-02 01:26:18 +01:00
a3daab88e6
Added documentation and updated exploitable plugins list
2023-07-25 14:06:42 +01:00
297c484a1c
Land #18173 , Add Openfire Authentication Bypass RCE [CVE-2023-32315]
...
Merge branch 'land-18173' into upstream-master
2023-07-18 18:13:20 -05:00
b15d595de2
Adjust files to be better shared
2023-07-14 12:47:04 -05:00
8edbf73b6f
first release exploit module
2023-07-08 09:48:17 +00:00
375a315b3d
woocommerce payments auth bypass
2023-07-04 13:05:07 -04:00
6772740f86
Fix bug in HostingCLR relating to the first argument passed to a dotnet assembly.
2023-06-28 09:24:33 +10:00
67f7a33d77
Land #18114 , .NET assembly execution enhancements
...
Allow .NET assembly execution within the meterpreter process
2023-06-27 09:32:43 -04:00
767b22f7ef
Recompile the DLL
2023-06-27 09:31:24 -04:00
65a4dd3c39
Change ETW bypass method, so that CLR memory can be freed.
...
Fixed a crash and broken logic in hosting clr code.
2023-06-26 09:54:00 +10:00
977f8732c6
Fix cleanup code.
...
The _AppDomainPtr, _AssemblyPtr and _MethodInfoPtr variables are COM smart pointers which will auto-Release() when they go out of scope, so we should not directly Release() them.
2023-06-23 14:01:45 +10:00
a7ce4c7fa8
Free memory from the C++ side, rather than the Ruby side.
2023-06-23 09:57:53 +10:00
1b562dd02b
Revert "Improve AMSI bypass on new Windows"
...
This reverts commit f97ab80224c8f942cc03
2023-06-21 16:35:41 -05:00
6e438d338e
Modify execute_dotnet_assembly to run in existing processes (including our own process) and receive output.
2023-06-21 12:04:09 +10:00
658c87996d
Hotwire MachO Signing
...
This commit hotwires in executable signing to some of the aarch64 osx
payloads in order to ensure that they are fully functional.
2023-06-19 10:57:37 +02:00
5f8767f4cf
M1ssion Dyld Mettle: Aarch64 Payloads
...
This builds on Back from the dyld by adding the required aarch64
assembly code to enable the OSX loader to run on the m1. This enables
the use of native payloads on M1 or M2 devices that do not have Rosetta
installed.
2023-06-19 10:57:37 +02:00
c98cc00de9
Land #18075 , RocketMQ version scanner
2023-06-13 18:15:34 -04:00
f97ab80224
Land #17942 , Improve AMSI bypass on new Windows
...
The script generated by the web_delivery module is blocked
by the Antimalware Scan Interface (AMSI) on newer versions
of windows. This PR allows the script to bypass AMSI.
2023-06-12 18:50:48 -04:00
3e538a34af
review comments
2023-06-08 16:38:22 -04:00
7ca7c6aee1
Slight efficiency improvements
2023-05-24 17:36:39 -05:00
9e8d1ed2ea
Add in Java class file, raw source code, and tidy up the module a bit
2023-05-24 13:17:48 -05:00
60f6574bf3
Land #17965 , add module for AD CS cert management
2023-05-22 09:50:53 -05:00
8258657a45
Add the ESC1 certificate template
2023-05-22 09:21:24 -04:00
e5c636f931
Move folder descriptions into README.md files
2023-05-03 14:06:13 -05:00
62806caeae
Update web_delivery
2023-04-28 16:09:51 +02:00
a6b478e046
Land #17832 , Two modules for UniRPC - CVE-2023-28502 and CVE-2023-28503
2023-04-12 11:43:13 +02:00
41fe44ef1a
Merge branch 'master' into unirpc-auth-bypass
2023-03-29 08:03:05 -07:00
6897be4b01
Add two Metasploit modules for UniData vulnerabilities
2023-03-29 08:01:50 -07:00
6d4ee0c071
Add exploit for CVE-2023-21768
2023-03-27 20:08:22 +02:00
236de61130
Land #17583 , Enhances info -d with references to AttackerKB
2023-03-21 12:38:36 +00:00
de58b96d2a
Add "a good example" of a LastPass password
...
When setting a new master password, LastPass helpfully suggests "r50$K28vaIFiYxaY" as a good example.
Sure, sounds good to me.
2023-03-07 13:32:50 -06:00
025ba6775d
Add a README file with some basic information
2023-02-09 15:09:50 -05:00
126e3a9c9a
Add larger 256KiB DLL templates
2023-02-09 15:09:50 -05:00
2608852d8c
Consolidate gdiplus build code
...
This references the main dll/template.c code as the mixed-mode variant
already does. This will make future changes easier as we won't need to
copy them from the main to this one.
See https://github.com/rapid7/metasploit-framework/pull/8509 for the
origin of these files.
2023-02-09 15:09:50 -05:00
34b1e66f90
tomcat 8 priv esc on ubuntu prebuilt so file
2023-02-04 18:17:41 -05:00
2b09af78e1
tomcat 8 priv esc on ubuntu
2023-02-04 18:17:41 -05:00
80dbbca020
Land #17371 , Lenovo Diagnostics Driver Privilege Escalation (CVE-2022-3699)
2023-02-03 13:43:04 +00:00
b789e00ea7
Enhances info -d with references to AttackerKB
2023-02-03 10:15:55 +00:00
af2ef53462
Land #17415 , macOS dirty cow priv esc
2023-02-02 12:15:19 -05:00
1f224fd2d3
Rapid7 compiled binary
2023-02-02 11:11:06 -05:00
6870efc34a
Land #17426 , Update all references to old Wiki to point to new docs site
2023-02-01 23:49:20 +00:00
690d22f759
Rapid7 compiled binary
2023-02-01 10:08:13 -05:00
2c72cc145a
updates to module
2023-01-31 20:05:33 -05:00
fa687d3614
argv instead of hardcoded payload path
2023-01-31 16:02:25 -05:00
8d58eb6279
cve-2022-1043
2023-01-31 16:02:25 -05:00
2306736383
Land #17300 , the latest commit in PR 17300
...
I made a mistake and was not up to date with the latest commit
in the PR before I landed, this fixes that mistake.
2023-01-31 14:18:01 -05:00
022760d24a
Land #17300 , linux LPE cve-2022-22942 module
...
This PR adds a linux priv esc against VMWare virtual machines
with kernel 4.14-rc1 - 5.17-rc1 due to a VMWare driver bug.
2023-01-31 14:07:55 -05:00
cgranleese-r7