adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,982 Commits 27 Branches 1,043 Tags
2a48dd265d8bb200ed6d2ead53700a52bbccee32
Commit Graph

2623 Commits

Author SHA1 Message Date
bwatters 2c1869f9df Land #14907, Add exploit for CVE-2021-1732 
Merge branch 'land-14907' into upstream-master
 2021-03-18 14:29:59 -05:00
Spencer McIntyre f3df076067 Only upgrade the token of EProcess was found 2021-03-16 15:20:44 -04:00
Spencer McIntyre c11900b9ab Add support for Windows 2004 & 20H2 2021-03-15 17:28:38 -04:00
Spencer McIntyre 2e3d98a36a Move the DLL injection code into a reusable function 2021-03-15 11:47:02 -04:00
Grant Willcox 89ce1c5229 Quick update to make the backdoor a bit stealthier by removing the extra Payload Success! message that wasn't needed 2021-03-14 00:00:17 -06:00
Grant Willcox 4f2e299d8f Update the exploit to use Python as its payload since this is a lot more flexible, allows Meterpreter, returns a shell faster, and we are already injecting into and executing a Python file 2021-03-14 00:00:06 -06:00
Grant Willcox 7d6e636114 Initial upload of exploit code for CVE-2021-21978 2021-03-13 23:59:47 -06:00
Spencer McIntyre f0a9a1deb3 Add the initial exploit for CVE-2021-1732 2021-03-12 17:30:22 -05:00
Spencer McIntyre 58be5b6add Regenerate a functioning YSoSerial data set 2021-03-11 12:09:29 -06:00
Grant Willcox f327d30e08 First attempt at CVE-2020-7200 module, with RuboCopped module 2021-03-02 16:38:19 -06:00
bwatters 18f6245637 Land #14648, Process Herpaderping evasion module 
Merge branch 'land-14648' into upstream-master
 2021-02-24 11:39:47 -06:00
Christophe De La Fuente ab9dd177b7 Add kernel file version check to avoid BSOD on Win10 x86 2021-02-15 21:10:10 +01:00
Spencer McIntyre b9dd1b927b Randomize the path to the library that's loaded 2021-02-10 08:45:52 -05:00
h00die 60cf48c94b move cve-2020-29583 to a better file 2021-02-05 17:43:34 -05:00
Spencer McIntyre 117cdc4fd7 Populate module metadata and cleanup files 2021-02-03 18:16:13 -05:00
Spencer McIntyre a00f165b6b Clean the C code and fix the exploitation environment 2021-02-03 18:16:13 -05:00
Spencer McIntyre b9413b4103 Update the exploit C code to allocate it's own PTY 2021-02-03 18:16:13 -05:00
Spencer McIntyre 13dd9ac10e Initial work on CVE-2021-3156 2021-02-03 18:16:13 -05:00
Christophe De La Fuente eaa550fa97 Changes compiler subsystem to window 2021-02-02 17:57:52 +01:00
Christophe De La Fuente 4b3379a821 Remove CRT library from the Template 2021-01-28 19:59:46 +01:00
Christophe De La Fuente 8af5ee8a32 Add Process Herpaderping evasion module and binaries 2021-01-22 18:33:10 +01:00
h00die c3a58f93ec cve-2020-29583 2021-01-18 09:52:09 -05:00
h00die ea4cade5c8 cve-2020-29583 2021-01-18 09:49:53 -05:00
Christophe De La Fuente c8819259ae Land #14414, CVE-2020-1337 - patch bypass for CVE-2020-1048 2021-01-15 19:13:14 +01:00
Spencer McIntyre 0bc05ae2e8 Land #14606, Add banner celebrating the awesome teams who joined us in the 2020 ctf 2021-01-13 10:53:57 -05:00
Spencer McIntyre 33bd712e0a Land #14585, Create module for CVE-2020-17136: Cloud Filter Arbitrary File Creation EoP 2021-01-11 17:16:40 -05:00
bwatters 50e115b414 Cleanup and edits per review from Christophe 
Removed unused method from ps script
Cleaned up some code in the module
Added removal instructions to the documentation
 2021-01-11 16:02:58 -06:00
bwatters b4a8f364b3 Add banner celebrating the awesome teams who joined us in the 2020 
Metasploit CTF.  (Except the one team with an F-bomb in it)
 2021-01-11 11:09:38 -06:00
Grant Willcox 3072391d00 Make second round of review edits to fix Spencer's comments 2021-01-08 12:50:52 -06:00
bwatters 5e5d7b1abb Update to execute_string to avoid the issue where an arbitrary 
length comment is required for the exploit to work.
 2021-01-06 17:08:22 -06:00
Christophe De La Fuente 17c393f101 Land #14046, Adding juicypotato-like privilege escalation exploit for windows 2021-01-06 16:02:05 +01:00
Christophe De La Fuente bf7627b33e Adding DLL's 2021-01-06 15:59:08 +01:00
Grant Willcox 839daf93e9 Update the compiled DLL and redo a lot of the module to get it into its first ready state using a different DLL hijack I found during research 2021-01-05 16:12:08 -06:00
Grant Willcox 668eeae4e1 Initial push of code 2021-01-04 12:04:38 -06:00
bwatters 7f4fac4548 Fix powershell issues and add comment because it is apparently magic 2020-12-16 13:57:02 -06:00
Christophe De La Fuente 33ef352f89 Add dll 
Compiled with Visual Studio Express 2013 with Platform Toolset v120
 2020-12-15 12:42:06 +01:00
Grant Willcox 9376accc05 Land #14410, Add synchronization to the DLL payload template 2020-12-04 16:08:18 -06:00
h00die 15b5a811e4 update check external scripts and wordpress files 2020-11-21 11:52:18 -05:00
bwatters 810898e97b Rough attempt at CVE-2020-1337 
Non-functional
 2020-11-20 17:36:19 -06:00
Spencer McIntyre efa125bb23 Document the synchronization procedure 2020-11-16 16:13:35 -05:00
Spencer McIntyre 3586644b62 Increase the payload space to 4096 within the DLL template 2020-11-16 15:58:59 -05:00
Spencer McIntyre 2d367b867d Add a synchronization primitive to the DLL template 2020-11-16 15:57:27 -05:00
Spencer McIntyre c6304704f4 Cleanup inconsistent whitespace in the DLL template 2020-11-16 11:26:15 -05:00
Spencer McIntyre 76ab0ee849 Land #14304, execute_dotnet_assembly fix parameters management 2020-11-10 09:56:18 -05:00
Spencer McIntyre 0ccb50ac02 Adjust how HostingCLR arguments are packed 2020-11-09 12:24:55 -05:00
b4rtik ddd9af83b9 Update 2020-10-29 22:49:41 +01:00
Grant Willcox 65fcf67ca5 Land #14279, Fix incorrect offset in BPF sign extension LPE 2020-10-23 16:02:13 -05:00
Grant Willcox 9e111d7fdf Add in compiled version of the exploit to meet Rapid7 compliance guidelines on having Rapid7 employees submit compiled binaries only 2020-10-23 16:01:00 -05:00
b4rtik 9779bbef77 Fix parameter managing 
Fix a problem running assemblies with Main signature (string[] args) and no passed parameters
 2020-10-23 21:14:10 +02:00
William Vu 3970b69734 Land #14229, Telerik UI for ASP.NET AJAX exploit 
CVE-2017-11317 && CVE-2019-18935
 2020-10-20 13:24:35 -05:00