adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
78,922 Commits 27 Branches 1,043 Tags
1e4527d8338b4f431cdc8011c052d3744e29d7ed
Commit Graph

37 Commits

Author SHA1 Message Date
h00die c4936d1b0f adjustments to the persistence lib and modules 2025-09-09 10:02:06 -04:00
h00die dcde8d1580 adjust spaces and review comments for persistence lib 2025-07-27 19:07:39 -04:00
h00die f9a804d649 persistence libraries 2025-07-11 17:35:06 -04:00
bcoles 5aa91bd57c Rubocop: Resolve Rubocop Style/RedundantRegexpArgument violations 2025-05-24 13:34:32 +10:00
Jack Heysel 904e34434e Land #18626, SaltStack Minion Deployer 
This PR adds an exploit module which allows for
a user who has compromised a host acting as a
SaltStack Master to deploy payloads to the Minions
attached to that Master.
 2024-01-23 11:58:38 -05:00
Christophe De La Fuente 6dec82ec24 Remove exec.nil? statement 2024-01-17 15:06:15 +01:00
h00die 56a9beb39d ansible review 2024-01-15 17:18:49 -05:00
h00die b031311892 ansible review 2024-01-10 17:29:15 -05:00
h00die e711c9ea43 ansible review 2024-01-10 17:16:57 -05:00
h00die 47a58bda3b saltstack library rubocop and comments 2023-12-24 11:54:22 -05:00
h00die 357bdc8c10 ansible post library 2023-12-24 11:49:27 -05:00
h00die b654275ec4 add saltstack lib 2023-12-23 13:52:52 -05:00
h00die d64ed33cdf code spell for a bunch of modules 2023-09-24 17:42:00 -04:00
adfoster-r7 059e39a6f0 Specify meterpreter compatibility command requirements 2021-09-08 22:59:25 +01:00
Vladimir Ivanov 1f4046c45f Update references and delete check_addr in post module smdagent_get_properties.rb 2021-03-29 22:58:48 +03:00
Ivanov Vladimir a803d7a0d1 CVE-2019-0307 
Add post module smdagent_get_properties.rb
Add lib sap_smd_agent_unencrypted_property.rb
Update auxiliary module cve_2020_6207_solman_rce.rb
Update lib sap_sol_man_eem_miss_auth.rb
 2021-03-29 20:29:30 +03:00
dwelch-r7 1617b3ec9b Use zeitwerk for lib/msf/core folder 2020-12-07 10:31:45 +00:00
Spencer McIntyre 5a39ba32f6 Make the ret instruction for token stealing optional 2015-02-05 14:00:38 -05:00
Christian Mehlmauer 4f11dc009a fixes #4490, class.to_s should not be used for checks 2014-12-31 10:46:24 +01:00
HD Moore 5e123e024d Add 'coding: binary' to all msf/rex library files 
This fixes a huge number of hard-to-detect runtime bugs
that occur when a default utf-8 string from one of these
libraries is passed into a method expecting ascii-8bit
 2014-08-17 17:31:53 -05:00
Meatballs 256204f2af Use correct pack/unpack specifier 2014-08-13 11:36:16 +01:00
Meatballs b277f588fb Use railgun helper functions 2014-08-10 21:52:12 +01:00
Spencer McIntyre 2ed02c30a8 Use better variable names instad of an array 2014-08-05 21:34:36 -07:00
Spencer McIntyre b602e47454 Implement improvements based on feedback 2014-08-05 21:24:37 -07:00
Spencer McIntyre 6543b08eb4 Support writing a copy of the original token 2014-08-04 11:49:00 -07:00
Spencer McIntyre 4b73ad6f40 Fix guessing the arch with modules specifying an array 2014-08-04 11:49:00 -07:00
Spencer McIntyre 893b9a6e99 Add an open_device function for wrapping CreateFileA 2014-08-04 11:49:00 -07:00
Spencer McIntyre 43a5120696 Cleanup the WindowsKernel mixin 2014-08-04 11:49:00 -07:00
Spencer McIntyre 49837a3ba6 Create a basic WindowsKernel exploit mixin 2014-08-04 11:49:00 -07:00
James Lee 36f96d343e Revert "Revert "Land #2505" to resolve new rspec fails" 
This reverts commit e7d3206dc9.
 2013-11-05 13:45:00 -06:00
Tod Beardsley e7d3206dc9 Revert "Land #2505" to resolve new rspec fails 
This reverts commit 717dfefead, reversing
changes made to 6430fa3354.
 2013-10-21 12:47:57 -05:00
James Lee 947925e3a3 Use a proper main signature with arguments 
Allows us to `unlink(argv[0])`
 2013-10-09 17:22:01 -05:00
Tab Assassin 7e5e0f7fc8 Retab lib 2013-08-30 16:28:33 -05:00
James Lee c1cf71c4e9 Remove debugging load() 2012-07-18 11:02:21 -06:00
James Lee 7091d1c65b Add an exploit for sock_sendpage 
Unfortunately, adds a dep on bionic for runtime compilation.

Gets ring0, sets the (res)uid to 0 and jumps to the payload.  Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into.  Single payloads work fine, though.

Also cleans up and improves local exploits' ability to compile C.

[SEERM #3038]
 2012-07-15 20:29:48 -06:00
James Lee 6913440d67 More progress on syscall wrappers 
Something is still broken, my socket() is returning EAFNOSUPPORT whereas
what looks like the same syscall in wunderbar_emporium's exploit.c is
returning a socket. Similarly, my __mmap2() is returning EFAULT when
trying to map anything, not just NULL.
 2012-06-22 17:45:49 -06:00
James Lee fd8b1636b9 Add the first bits of a sock_sendpage exploit 
This can currently build an executable that creates a socket, opens a
temporary file, truncates that file with ftruncate(2) and calls
sendfile. Still needs to mmap NULL and figure out ring0 shellcode.

Baby steps.
 2012-06-22 00:03:29 -06:00