adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,982 Commits 27 Branches 1,043 Tags
2a48dd265d8bb200ed6d2ead53700a52bbccee32
Commit Graph

1227 Commits

Author SHA1 Message Date
bwatters 2c1869f9df Land #14907, Add exploit for CVE-2021-1732 
Merge branch 'land-14907' into upstream-master
 2021-03-18 14:29:59 -05:00
Spencer McIntyre 0bff88c0c0 Update the module metadata and add module docs 2021-03-16 10:40:34 -04:00
bwatters ae5d31cb39 Land # 14776, Add Window Server 2012 SrClient DLL Hijacking local exploit module 
Merge branch 'land-14776' into upstream-master
 2021-03-15 14:34:35 -05:00
Spencer McIntyre 2e3d98a36a Move the DLL injection code into a reusable function 2021-03-15 11:47:02 -04:00
kalba-security 98c04eae6c Remove TODO comment, update documentaton to include WAIT_FOR_TIWORKER option. 2021-03-15 07:51:12 -04:00
Spencer McIntyre f0a9a1deb3 Add the initial exploit for CVE-2021-1732 2021-03-12 17:30:22 -05:00
kalba-security ab632b93d1 Drop x86 target, add checks for Windows Update nil setting and for when TiWorker.exe is already running on the target 2021-03-06 10:47:59 -05:00
Spencer McIntyre 53f4d3f193 Land #14792, Apply fixes for invalid architecture checks to affected modules 
Fixes #14599
 2021-03-05 09:24:34 -05:00
Grant Willcox 41794fe4e7 Remove redundant assignments of sysinfo["Architecture"] to unused "arch" variable 2021-03-04 15:54:38 -06:00
dwelch-r7 319f15d938 Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
Alan Foster b06c5c12aa Rubocop recently landed modules continued 2021-02-25 14:13:40 +00:00
Grant Willcox f65b4155e5 Fix up modules to use more explicit reference to ARCH_X64 and to correctly check sysinfo['Architecture'] as per #14599 2021-02-22 18:47:46 -06:00
agalway-r7 8a339f54c1 Land #14734, updates and runs rubocop against recent modules 
Rubocop recently landed modules
 2021-02-19 13:48:47 +00:00
agalway-r7 275e9c5454 Land #14696, Further Zeitwerk lands to improve boot speed 
Zeitwerk rex folder
 2021-02-19 10:33:37 +00:00
kalba-security 68d4b197fa Add SrClient DLL Hijacking local exploit module and docs 2021-02-18 13:50:28 -05:00
Alan Foster 5b3fde7735 Rubocop recently landed modules 2021-02-16 15:08:08 +00:00
A Galway f227e82600 Land #14730, OBM Local PrivEsc to SYSTEM 2021-02-15 10:24:34 +00:00
dwelch-r7 b95be3ed10 Zeitwerk rex folder 2021-02-08 12:24:12 +00:00
cgranleese-r7 3a2932b798 Migrate old uses of manual autocheck to use the new prepend autocheck 2021-02-02 10:15:46 +00:00
Pedro Ribeiro 90f8c1f7b9 add tested for 2019.11 too 2021-01-30 21:54:48 +07:00
Pedro Ribeiro 137664818d add obm windows privesc sploit 2021-01-29 18:45:33 +07:00
Christophe De La Fuente c8819259ae Land #14414, CVE-2020-1337 - patch bypass for CVE-2020-1048 2021-01-15 19:13:14 +01:00
bwatters 9beb570ca3 Remove unnecessary require that broke things 2021-01-15 08:32:05 -06:00
Spencer McIntyre ea154717aa Use an absolute assembly path for the CVE-2020-17136 exploit 2021-01-14 08:53:11 -05:00
Grant Willcox 6fc4518625 Land #14600, Refactor and document some of the FileSystem mixin methods 2021-01-12 16:10:23 -06:00
bwatters d8e68e6487 Specify you must be SYSTEM for dll removal in docs and removed unused variable in the module 2021-01-12 11:45:53 -06:00
Spencer McIntyre 33bd712e0a Land #14585, Create module for CVE-2020-17136: Cloud Filter Arbitrary File Creation EoP 2021-01-11 17:16:40 -05:00
bwatters 50e115b414 Cleanup and edits per review from Christophe 
Removed unused method from ps script
Cleaned up some code in the module
Added removal instructions to the documentation
 2021-01-11 16:02:58 -06:00
Spencer McIntyre 829bacbef6 Refactor and document some of the FileSystem mixin methods 2021-01-08 16:10:36 -05:00
Grant Willcox 3072391d00 Make second round of review edits to fix Spencer's comments 2021-01-08 12:50:52 -06:00
Grant Willcox d5bb36c530 Fix up code to use built in cd() and mkdir() commands, and adjust code to not overwrite datastore hash. Also use service_hash over manually starting the service. 2021-01-07 17:39:30 -06:00
bwatters 7d81b4826d Update credits 2021-01-07 16:30:19 -06:00
bwatters 5e5d7b1abb Update to execute_string to avoid the issue where an arbitrary 
length comment is required for the exploit to work.
 2021-01-06 17:08:22 -06:00
Grant Willcox 3e52debd8b Update the exploit a bit more to remove excess options and also update the documentation accordingly. 2021-01-06 12:16:06 -06:00
Grant Willcox 5262e16694 Make adjustments since the exploit can currently only target x64 systems 2021-01-06 11:40:02 -06:00
Christophe De La Fuente 17c393f101 Land #14046, Adding juicypotato-like privilege escalation exploit for windows 2021-01-06 16:02:05 +01:00
Grant Willcox 863417fca7 Second round of updates and some rubocop changes to conform to standards. 2021-01-06 01:30:40 -06:00
Grant Willcox 81ee149ea2 Add check code support to module and update the documentation accordingly, plus rework the module description 2021-01-06 01:06:08 -06:00
Grant Willcox 839daf93e9 Update the compiled DLL and redo a lot of the module to get it into its first ready state using a different DLL hijack I found during research 2021-01-05 16:12:08 -06:00
Grant Willcox 668eeae4e1 Initial push of code 2021-01-04 12:04:38 -06:00
CSharperMantle d99c2ac783 linguistic fixes of 'does not exists' 2020-12-23 11:36:38 +08:00
C4ssandre 57c57a398d Adding new check to filter out Windows 7 and Windows XP. Indeed, lab experiments has shown that BITS does not attempt to connect to WinRM port, making those systems not vulnerable. 2020-12-19 02:51:48 +01:00
bwatters 222d510e44 Rubocop fixes 2020-12-16 13:59:47 -06:00
bwatters 7f4fac4548 Fix powershell issues and add comment because it is apparently magic 2020-12-16 13:57:02 -06:00
Tim W 9c47803609 increase wfsdelay 2020-12-14 14:54:54 +00:00
Tim W 7af996ae4c add offsets 2020-12-14 14:54:54 +00:00
Tim W a30cdfc892 Fix #14254, Add CVE-2020-1054, win32k DrawIconEx OOB Write LPE 2020-12-14 14:54:54 +00:00
C4ssandre 1fec224bae Adding a new check raised by an unforeseen usecase. I tested the usecase of a webserver on which a malicious user succeeded to upload a meterpreter .exe and execute it by calling its url. The meterpreter sessions belongs to IUSRS, which is not allowed to enumerate services. Thus the exploit fails, but checks pass. So added new checks for filtering this usecase. 2020-12-11 05:22:37 -05:00
C4ssandre d1956199aa Updating a warning message. 2020-12-11 03:58:14 -05:00
C4ssandre 53a12a7984 Updating doc. 2020-12-11 03:53:25 -05:00