adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
58,321 Commits 27 Branches 1,043 Tags
339c1941efdbe265cfe586f11f1da2d000c19d44
Commit Graph

1124 Commits

Author SHA1 Message Date
bwatters 3aeeede4a6 Land #14187, Added CVE-2020-3433 module 
Merge branch 'land-14187' into upstream-master
 2020-09-29 13:41:33 -05:00
bwatters 81fd2ea8a8 rubocop changes 2020-09-29 13:38:31 -05:00
Shelby Pace f0f4da2b1e Land #14157, Windows update orchestrator privesc 2020-09-25 16:07:27 -05:00
Antoine GOICHOT fef88f27eb Added CVE-2020-3433 module 2020-09-25 23:04:58 +02:00
bwatters 2ed72007e0 Typos and cleanup 2020-09-25 12:27:55 -05:00
bwatters 7e68c42876 Rubocop, fix check method, clean up c code 2020-09-22 07:45:02 -05:00
bwatters 534e945cd0 First attempt at CVE-2020-1313 2020-09-18 15:39:12 -05:00
Shelby Pace 8b75401fcf remove requires 2020-09-17 16:04:56 -05:00
bwatters d8df8a3422 Change description and fix typo 2020-09-16 11:17:39 -05:00
bwatters dcd0918694 Fixed cleanup and check 2020-09-16 11:17:39 -05:00
bwatters 198f3905ae Logic errors and typos 2020-09-16 11:17:39 -05:00
bwatters fe59099678 Clean up C code, add support for x86 targets 2020-09-16 11:17:39 -05:00
bwatters ce8033714d remove copy/pasta code and fix version check 2020-09-16 11:17:39 -05:00
bwatters c2e2a4fe2c More Rubocop, add documentation, and typo fix 2020-09-16 11:17:39 -05:00
bwatters f14d6ffe13 Rubocop and modularization 2020-09-16 11:17:39 -05:00
bwatters a72769909b Change exe to take destination and source files for copy 2020-09-16 11:17:39 -05:00
bwatters 17272209cc First try at CVE-2020-1048, needs lots of work 2020-09-16 11:17:38 -05:00
gwillcox-r7 593945ee61 Update module documentation with more detail r.e affected versions and the fact that the use of UNC paths could cause an issue if they are not typed in correctly. Also update the module documentation to use the output from recent tests to reflect recent changes. Shortern the module description and update its stability rating. Finally add in a reliability rating for the exploit module. 2020-09-10 11:32:45 -05:00
gwillcox-r7 16b27ae270 Add in version checking to ensure we only check if the target has the 'Enable insecure guest logons' enabled if their build number is greater than or equal to 10.0.16299.0, which was the build where this change first was implemented. 2020-09-10 11:32:45 -05:00
gwillcox-r7 45480373a9 Fix up the exploit module so that it will not wait for AV if a UNC path is used, as there is no chance the AV on the host can remove the file on the UNC share, and the UNC share won't be accessed until the exact moment it is needed 2020-09-10 11:32:45 -05:00
gwillcox-r7 7e1560ff26 Update documentation with the installation instructions I mentioned in the GitHub comments. Also RuboCop the exploit module code. 2020-09-10 11:32:18 -05:00
gwillcox-r7 0d493bbc54 Add in extra code to handle cases where the loops may enter a infinte loop state. New code should prevent this from happening 2020-09-10 11:32:18 -05:00
gwillcox-r7 a94d36248b Add in the AVTIMEOUT option to allow the module to check if any AV or other processes deleted the uploaded DLL file, thereby preventing a situation where the DNS server is unable to restart. Also add in some warning's r.e when we enter the danger section and when we exit it so that users at more aware of when this is happening. 2020-09-10 11:32:18 -05:00
gwillcox-r7 78dc43efa5 Fix up incorrect regex within the check method to fix a logic bug 2020-09-10 11:32:18 -05:00
ide0x90 c4d463e921 Added option to generate standalone DLL. 2020-09-10 11:32:18 -05:00
ide0x90 53f3b70b33 Changed DLL so that it doesn't block the DNS service from stopping after the module executes. 
Added OS check (>= Server 2003 is vulnerable so far).
Now cleans up dropped DLL and modified registry value.
 2020-09-10 11:32:18 -05:00
ide0x90 7701ea1bc8 Compile DLL so that the DNS service doesn't crash when the module is run. 2020-09-10 11:32:18 -05:00
ide0x90 151fdb7ea5 Reduced exploit ranking and added check to see if session is elevated. 2020-09-10 11:32:18 -05:00
ide0x90 d1e9039af4 Initial module and documentation for Microsoft Windows DNS ServerLevelPluginDll abuse 2020-09-10 11:31:51 -05:00
gwillcox-r7 b6bce114ea Add in further edits to the library code to remove the possiblity of dangling handles and also update the module code accordingly. 2020-07-30 10:45:19 -05:00
gwillcox-r7 35e48c83bb Add in call to session.fs.dir.rmdir() in library code and in the module as sometimes the file might not be deleted otherwise. 2020-07-24 15:39:19 -05:00
gwillcox-r7 b5b8630a5b Fix minor RuboCop mistake 2020-07-23 22:11:51 -05:00
gwillcox-r7 88c10de36f Add in proposed changes to cve_2020_0688_service_tracing.rb and filesystem.rb so that we can properly create mount points without dangling handle references 2020-07-23 21:44:18 -05:00
Alan Foster b841246536 Update autocheck to use prepend instead of include, add ForceExploit functionality 2020-06-30 11:40:46 +01:00
gwillcox-r7 0dde85f562 Land #13739, Cisco AnyConnect Priv Esc via Path Traversal 2020-06-24 17:47:52 -05:00
gwillcox-r7 15de510623 Add in RuboCop and msftidy_docs.rb fixes 2020-06-24 17:19:21 -05:00
Christophe De La Fuente 5f64444d4f Update module and documentation from code review 2020-06-24 23:34:26 +02:00
adfoster-r7 fceb96e659 Land #13608, update elog calls to be consistent across 2020-06-23 09:47:01 +01:00
Christophe De La Fuente 3997dbdade Updates from code review 2020-06-22 16:06:09 +02:00
Adam Galway 1a2bf98222 creates standard elog & updates exisiting usages 2020-06-22 12:48:39 +01:00
Christophe De La Fuente 2e33241a90 Update module and add documentation 2020-06-19 20:17:11 +02:00
Christophe De La Fuente 681bd63f18 Add AnyConnect RCE exploit module 2020-06-17 14:41:22 +02:00
Shelby Pace 1cb57a7e79 Land #13444, add GOG Galaxy Client Privesc 2020-06-15 08:53:12 -05:00
Shelby Pace 21ccb229b2 rubocop changes 2020-06-15 08:48:51 -05:00
Shelby Pace 34366ea680 add notes, finish check 2020-06-15 08:36:32 -05:00
Shelby Pace f7f711674a remove cmd target 2020-06-12 14:28:39 -05:00
gwillcox-r7 0bf5a1b5ec Add in AutoCheck as per @wvu-r7's recommendation 2020-06-11 00:59:22 -05:00
gwillcox-r7 0eed09e8bd The wisdom of le @wvu-r7 has shown that CheckCode(Reason) is the way to go. Lets use this :) 2020-06-11 00:55:39 -05:00
gwillcox-r7 6171c0b6fc Redo some of the messages in the module so we get more feedback on where we are in exploitation process, and shorten wait time for job 2020-06-11 00:31:07 -05:00
gwillcox-r7 d716580ffa Fix up the module to fix a Nil reference issue, and to prefer session.shell_command_token() over cmd_exec() due to weird errors in latter 2020-06-10 23:45:47 -05:00