adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

844 Commits

Author SHA1 Message Date
bwatters-r7 8a9dd35793 First draft of windows comahawk priv esc 2019-12-09 19:09:15 -06:00
Shelby Pace 4c95150491 add xml erb file 2019-12-02 08:44:37 -06:00
lle-bout 6766d9f6f7 Fix exploit/windows/local/ms16_032_secondary_logon_handle_privesc 
- Powershell script was outdated.
   Updated from https://www.exploit-db.com/exploits/39719

 - Powershell script was buggy when current directory
   was set to e.g. C:\ProgramData. (Get-Item Error)
   Fixed.

 - Stager was being dropped to current directory, but
   it is not guaranteed that we always have permission
   to write a file there. Use %TEMP% instead.

 - Exploit only seems to work when executed under
   a powershell of the same architecture as the
   host. (Not WOW64)
   This module now ensures that no matter the
   architecture of the meterpreter, a powershell
   of the same architecture as the host is being
   run. (Using Sysnative directory when on WOW64)

 - Stager was broken, now generating stager with Rex
   and dropping stager as `.ps1` instead of `.txt`.

   Ideally the exploit should be rewritten to
   accept a shellcode payload directly or a smaller
   stager powershell should be created so that it
   fits in under 1024 bytes and can be fed directly
   to CreateProcessWithLogonW without dropping to
   disk.
 2019-11-13 05:01:47 +01:00
Brendan Coles 991ccdbda5 Land #12106, Add Linux PTRACE_TRACEME local root exploit 2019-10-23 14:01:14 +00:00
Tim W a5a3e28984 Initial commit of CVE-2019-2215 Android Binder Use-After-Free 2019-10-17 18:48:49 +08:00
Shelby Pace 4710322cd7 Land #11762, add sosreport privesc 2019-09-24 09:48:57 -05:00
Tim W bade8bfc48 add live compiling 2019-09-03 17:31:04 +08:00
Load dc07b78dcd @LoadLow Marks the generated ODT file readonly 2019-08-18 18:36:31 +02:00
Load 9b1a3b4033 Marks the generated ODT file readonly 
Prevents autosave and further modifications after opening the document on the target system.
 2019-08-18 17:59:25 +02:00
Load e6b72b5b43 Cleanup odt metadata 
Metadata part is not mandatory on ODT files
 2019-08-18 17:51:36 +02:00
Shelby Pace 409b3c9c4b using python payload for platform independence 2019-08-16 15:36:42 -05:00
LoadLow 5f478b7fd6 Adds exploit module for CVE-2019-9848 
uses on dom-loaded event (triggered just after opening the document) and still working on 6.2.5
 2019-07-30 23:07:20 +02:00
Wei Chen c47caec03f Land #12107, Add module Redis Unauthenticated Code Execution 2019-07-28 21:40:03 -05:00
Green-m 07f3c074d4 Add doc and enhance the module. 2019-07-20 00:17:57 +08:00
Green-m b6697f5016 Add redis rce module and data stuff. 
To do:
1. Check env of system and compiler.
2. Add a compiled so file to be compatible with windows and mac.
3. Add doc.
 2019-07-17 15:33:02 +08:00
Wei Chen 27bb166938 Land #12011, Add module for cve-2018-8453 2019-07-15 11:31:07 -05:00
Jacob Robles 5c0bbbbaa0 Land #12070, Add module for CVE-2019-0841 2019-07-15 09:32:47 -05:00
Shelby Pace f7c252eef3 move source to external/source directory 2019-07-09 09:08:28 -05:00
Jacob Robles a55aea33a9 Add cve-2018-8453 exploit module 2019-07-09 07:15:13 -05:00
Shelby Pace c69799262d fixed issue with hard link exe 2019-07-03 15:44:00 -05:00
Shelby Pace a83812ad55 add source code, compiled exe for diaghub loading 2019-07-03 14:32:22 -05:00
Brent Cook e50ab5cd13 Land #11726, add exploit for CVE-2019-8513, macOS TimeMachine cmd injection 2019-06-29 05:36:12 -05:00
William Vu f3b509a1bc Implement on_request_uri 2019-06-25 23:47:19 -05:00
Shelby Pace d3cd1a3fa0 added VS2013 compiled executables 2019-06-19 15:19:00 -05:00
Shelby Pace 5b188a02ba add code that makes hard links 2019-06-06 15:59:53 -05:00
Wei Chen b8abb550e6 Land #11924, Update adobe_flash_opaque_background_uaf for Win 10 2019-06-04 00:51:34 -05:00
Tim W 6921ca74d8 add exploit binary 2019-06-02 10:19:24 +08:00
Tim W 32af9cb897 Initial commit of CVE-2018-4233 for iOS 10 2019-06-02 10:19:24 +08:00
suzu991154 0a6f1d5538 Add support for Windows 10(10240) to CVE-2015-5122 2019-06-01 14:44:30 +09:00
Tim W be1d185a04 Add CVE-2019-8565 OSX Feedback Assistant local root exploit 2019-05-07 04:30:47 +08:00
Tim W fbbcc2b607 add exploit binary 2019-04-21 16:02:10 +08:00
Brendan Coles a5b894dca3 Add sosreport-rhel7.py 2019-04-20 11:56:01 +00:00
Shelby Pace 54edf3c008 reduced file size 2019-04-16 09:06:44 -05:00
Tim W 0472f96209 add the exploit binary 2019-04-16 13:09:41 +08:00
Tim W c428684732 eject only the malformed images 2019-04-16 13:09:13 +08:00
Shelby Pace 391e7cf8ef adjusted font size and color 2019-04-12 14:01:29 -05:00
Shelby Pace 700562594c getting session on windows 2019-04-12 14:01:29 -05:00
Shelby Pace 4873b7c3e6 using a path for both Windows and Linux 2019-04-12 14:01:29 -05:00
Shelby Pace 9d0c045b0d added erb file and base for module 2019-04-12 14:01:29 -05:00
Brent Cook 468679f907 Land #11092, Add FreeBSD 8.3 / 9.0 Intel SYSRET Privilege Escalation module 2019-03-06 19:50:08 -06:00
Hervé Beraud 69d398865d python 3 compatibility 2019-02-13 22:20:29 +01:00
Tim W f589db6831 Land #11152, add macOS adobe flash player type confusion RCE 2019-02-09 18:46:48 +08:00
Brent Cook 5fc7167beb Merge remote-tracking branch 'upstream/master' into land-10812- 2019-02-07 09:31:02 -06:00
phra 9789547fe7 build: recompile dlls 2019-01-12 04:02:34 +01:00
phra 8e50838e62 build: recompile dlls 2019-01-11 18:22:13 +01:00
phra 953b97def1 build: recompile dlls 2019-01-11 16:29:15 +01:00
phra 5f244643bd feat: add compiled reflective DLL for juicy potato 2019-01-10 17:20:21 +01:00
Brendan Coles 983b39a5b3 Use @iZsh's exploit 2018-12-21 15:40:01 +00:00
Brent Cook dc6ae6f058 initial import, CVE-2016-4117 OSX exploit 2018-12-21 02:54:35 -06:00
Shelby Pace 2fc501d260 Land #11112, Fix bpf_priv_esc exploit module 2018-12-17 10:00:50 -06:00