metasploit-gs

Author	SHA1	Message	Date
Christophe De La Fuente	ccaedd6c9a	Last additions and improvements - add binaries - add documentation - backup `runc` binary in the exploit C file - add `MeterpreterBackground` options to set Mettle `background` option - add `WsfDelay` logic - refactor code - add cleanup logic - add restore `runc` binary logic	2021-06-30 11:02:11 +02:00
Christophe De La Fuente	1b59b8c83e	Rebase and fix conflicts in lib/msf/core/post/common.rb	2021-06-30 11:02:11 +02:00
bwatters	8e1391f098	Land #15216 , Fix targeting for CVE-2021-21551 Merge branch 'land-15216' into upstream-master	2021-05-21 14:56:08 -05:00
bwatters	72375d1f67	Land #15024 , Add RCE Exploit For CVE-2020-0796 (SMBGhost) Merge branch 'land-15024' into upstream-master	2021-05-20 17:02:04 -05:00
Spencer McIntyre	5e13fdb7dc	Couple of minor cleanups for the assembly stub	2021-05-20 17:20:57 -04:00
Spencer McIntyre	78d47b11f2	Add targeting for Windows 10 v21H1	2021-05-18 12:56:02 -04:00
Spencer McIntyre	c5b022e2f2	Fix Windows 10 versioning by using ranges	2021-05-18 10:28:27 -04:00
Spencer McIntyre	d990e884af	Add and test even more targets	2021-05-13 17:27:58 -04:00
Spencer McIntyre	eb89550f85	Clear up some target offset discrepancies	2021-05-13 16:06:15 -04:00
Spencer McIntyre	7d841a0f79	Add a target for Windows 7 x64	2021-05-13 14:24:15 -04:00
Spencer McIntyre	4825407d21	Add a target for Windows 8.1 x64	2021-05-13 12:56:47 -04:00
Spencer McIntyre	8a1341060d	Fix a couple of errors from not cleaning up	2021-05-13 12:34:14 -04:00
Spencer McIntyre	ff2516a7f2	Update CVE-2021-1732 to reduce code reuse	2021-05-12 16:41:43 -04:00
Spencer McIntyre	477749f77f	Refactor the code to be reusable and add docs	2021-05-12 16:36:17 -04:00
Spencer McIntyre	d3de52da59	The exploit is now functional for Win10 v1803-20H2	2021-05-12 16:14:59 -04:00
Spencer McIntyre	5b39cead93	Add the UpgradeToken functionality	2021-05-12 14:53:41 -04:00
Spencer McIntyre	7f0a1d1707	Initial commit of CVE-2021-21551 This is still a work in progress but the initial requirements are falling into place.	2021-05-12 12:28:20 -04:00
Spencer McIntyre	a9d3120aa9	Combine the shellcode move operations	2021-04-13 16:46:26 -04:00
Spencer McIntyre	ec962cf2be	Adjust the hal heap base address calculation	2021-04-13 13:11:24 -04:00
Spencer McIntyre	0e117cc83a	Update the LPE exploit paths in Visual Studio	2021-04-09 14:15:11 -04:00
Spencer McIntyre	d8bed16d4d	Refactor constants into a proper target hash	2021-04-09 14:15:11 -04:00
Spencer McIntyre	c4055f348c	Restructure and refactor the kernel mode shellcode	2021-04-09 14:15:11 -04:00
Spencer McIntyre	f3df076067	Only upgrade the token of EProcess was found	2021-03-16 15:20:44 -04:00
Spencer McIntyre	c11900b9ab	Add support for Windows 2004 & 20H2	2021-03-15 17:28:38 -04:00
Spencer McIntyre	f0a9a1deb3	Add the initial exploit for CVE-2021-1732	2021-03-12 17:30:22 -05:00
Grant Willcox	adbb6f164f	Add source code for generating emp.ser	2021-03-03 10:14:48 -06:00
Christophe De La Fuente	ab9dd177b7	Add kernel file version check to avoid BSOD on Win10 x86	2021-02-15 21:10:10 +01:00
Christophe De La Fuente	eaa550fa97	Changes compiler subsystem to window	2021-02-02 17:57:52 +01:00
Christophe De La Fuente	4b3379a821	Remove CRT library from the Template	2021-01-28 19:59:46 +01:00
Christophe De La Fuente	8af5ee8a32	Add Process Herpaderping evasion module and binaries	2021-01-22 18:33:10 +01:00
Spencer McIntyre	33bd712e0a	Land #14585 , Create module for CVE-2020-17136: Cloud Filter Arbitrary File Creation EoP	2021-01-11 17:16:40 -05:00
Grant Willcox	3072391d00	Make second round of review edits to fix Spencer's comments	2021-01-08 12:50:52 -06:00
Christophe De La Fuente	17c393f101	Land #14046 , Adding juicypotato-like privilege escalation exploit for windows	2021-01-06 16:02:05 +01:00
Grant Willcox	b916789041	Add in source for the compiled exploit	2021-01-04 12:17:52 -06:00
Tim W	7af996ae4c	add offsets	2020-12-14 14:54:54 +00:00
Tim	69a26bfb6c	fix external/source/exploits/CVE-2020-1054/dllmain.cpp placeholder Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>	2020-12-14 14:54:54 +00:00
Tim W	a30cdfc892	Fix #14254 , Add CVE-2020-1054, win32k DrawIconEx OOB Write LPE	2020-12-14 14:54:54 +00:00
C4ssandre	4bfd9e4b2a	Fixing a little error.	2020-12-10 05:15:37 -05:00
C4ssandre	4883050f7f	Adding new options to module. Now it is possible to choose which process to launch as SYSTEM, as well as the port the exploit will listen (because on some Windows configuration, WinRM should listen on port 47001).	2020-12-10 03:53:06 -05:00
C4ssandre	61f76b77b9	Removing useless token verification batch of code.	2020-12-08 13:43:32 -05:00
C4ssandre	d997b07ded	Fixing inconsistency in flags for spnego token processes.	2020-12-08 13:35:40 -05:00
C4ssandre	bda377cb7e	Passing "notepad.exe" to const.	2020-12-08 13:19:56 -05:00
C4ssandre	43b49672d3	Removing old commented code.	2020-12-08 13:16:10 -05:00
C4ssandre	b903595443	Improving function in charge of isolate B64 negotiate token from NTLM1 request.	2020-12-08 13:14:45 -05:00
C4ssandre	58997efe9d	Complete change of IsTokenSystem function. Now the function uses windows built in API to check if token is system instead of checking username wstring. I did that because I noticed that in foreign language, SYSTEM account can be called differently such as "système" in french. Moreover, the original function was buggy and the exploit only succeeded because the tested account was called "système", and the function checked that the account is different from "SYSTEM".	2020-12-08 10:39:45 -05:00
C4ssandre	b39eb0658a	Reorganizing code in order to free allocated memory space.	2020-12-08 00:11:49 -05:00
C4ssandre	6821e52095	Adding a calloc check.	2020-12-07 23:45:12 -05:00
C4ssandre	669e668b65	Fixing potential buffer overflow.	2020-12-07 23:42:04 -05:00
C4ssandre	c7d9d02490	Initializing service at zero.	2020-12-07 23:26:36 -05:00
C4ssandre	e58c14add7	Removing old and weird commented code.	2020-12-07 23:25:59 -05:00

1 2 3 4 5 ...

1397 Commits