adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

250 Commits

Author SHA1 Message Date
Shelby Pace 8e4a33f2a2 Land #15223, move TokenMagic validation logic 2021-05-24 14:51:13 -05:00
bwatters a89fffade1 Update check method and move it to earlier in the module to prevent crashing 
on windows 7 sp0 targets.
 2021-05-19 15:58:40 -05:00
Spencer McIntyre 78d47b11f2 Add targeting for Windows 10 v21H1 2021-05-18 12:56:02 -04:00
Grant Willcox 24352567e7 Add final touches to documentation for code highlights and minor fixes 2021-05-14 17:47:38 -05:00
Jack Heysel c8b62a1ff9 Fixed check method nil check, update numberd list in docs, added wfsdelay warning when in dll mode 2021-05-14 17:47:31 -05:00
Jack Heysel 950bbad852 Removed nil script check, updated docs 2021-05-14 17:47:15 -05:00
Jack Heysel eb4573164b Addressed comments 2021-05-14 17:46:26 -05:00
Jack Heysel d23df37b62 Responded to comments, refactored to remove duplicate code 2021-05-14 17:44:08 -05:00
Jack Heysel fab3a9afc8 Added wfsdelay, updated docs 2021-05-14 17:44:07 -05:00
Jack Heysel 1eab94cc26 beta draft 2021-05-14 17:43:44 -05:00
Spencer McIntyre d990e884af Add and test even more targets 2021-05-13 17:27:58 -04:00
Spencer McIntyre 7d841a0f79 Add a target for Windows 7 x64 2021-05-13 14:24:15 -04:00
Spencer McIntyre 477749f77f Refactor the code to be reusable and add docs 2021-05-12 16:36:17 -04:00
Pedro Ribeiro 62ba64375c fix typos and add default rport 2021-04-23 17:38:06 +07:00
Pedro Ribeiro 8b3687b9e6 update privesc sploit 2021-04-23 16:38:25 +07:00
bwatters 2c1869f9df Land #14907, Add exploit for CVE-2021-1732 
Merge branch 'land-14907' into upstream-master
 2021-03-18 14:29:59 -05:00
Spencer McIntyre 0bff88c0c0 Update the module metadata and add module docs 2021-03-16 10:40:34 -04:00
kalba-security 98c04eae6c Remove TODO comment, update documentaton to include WAIT_FOR_TIWORKER option. 2021-03-15 07:51:12 -04:00
kalba-security 68d4b197fa Add SrClient DLL Hijacking local exploit module and docs 2021-02-18 13:50:28 -05:00
Pedro Ribeiro d884df96e2 fix msftidy docs 2021-02-09 14:37:35 +07:00
Pedro Ribeiro 90f8c1f7b9 add tested for 2019.11 too 2021-01-30 21:54:48 +07:00
Pedro Ribeiro 137664818d add obm windows privesc sploit 2021-01-29 18:45:33 +07:00
Christophe De La Fuente c8819259ae Land #14414, CVE-2020-1337 - patch bypass for CVE-2020-1048 2021-01-15 19:13:14 +01:00
bwatters d8e68e6487 Specify you must be SYSTEM for dll removal in docs and removed unused variable in the module 2021-01-12 11:45:53 -06:00
Spencer McIntyre 33bd712e0a Land #14585, Create module for CVE-2020-17136: Cloud Filter Arbitrary File Creation EoP 2021-01-11 17:16:40 -05:00
bwatters 50e115b414 Cleanup and edits per review from Christophe 
Removed unused method from ps script
Cleaned up some code in the module
Added removal instructions to the documentation
 2021-01-11 16:02:58 -06:00
Grant Willcox 3072391d00 Make second round of review edits to fix Spencer's comments 2021-01-08 12:50:52 -06:00
Grant Willcox 3e52debd8b Update the exploit a bit more to remove excess options and also update the documentation accordingly. 2021-01-06 12:16:06 -06:00
Christophe De La Fuente 17c393f101 Land #14046, Adding juicypotato-like privilege escalation exploit for windows 2021-01-06 16:02:05 +01:00
Grant Willcox 863417fca7 Second round of updates and some rubocop changes to conform to standards. 2021-01-06 01:30:40 -06:00
Grant Willcox 81ee149ea2 Add check code support to module and update the documentation accordingly, plus rework the module description 2021-01-06 01:06:08 -06:00
bwatters d2ca5d331d Add documentation 2020-12-22 14:14:20 -06:00
C4ssandre 57c57a398d Adding new check to filter out Windows 7 and Windows XP. Indeed, lab experiments has shown that BITS does not attempt to connect to WinRM port, making those systems not vulnerable. 2020-12-19 02:51:48 +01:00
Tim W a30cdfc892 Fix #14254, Add CVE-2020-1054, win32k DrawIconEx OOB Write LPE 2020-12-14 14:54:54 +00:00
C4ssandre e02451fe13 Fixing mistake in doc. 2020-12-11 04:53:37 -05:00
C4ssandre 9c9e8929af Adding a scenario. 2020-12-11 04:50:53 -05:00
C4ssandre 53a12a7984 Updating doc. 2020-12-11 03:53:25 -05:00
Brendan Coles a9e231ad0a Use CVE-2020-5752 path traversal bypass for CVE-2019-3999 2020-12-10 12:14:47 +00:00
C4ssandre c005492ee9 Updating doc. 2020-12-10 00:58:53 -05:00
Spencer McIntyre 6d7c6c054a Update the module docs with more details for the registry technique 2020-12-08 17:39:34 -05:00
C4ssandre c86f93b9c0 Updating list of tested machines. 2020-12-07 21:38:42 -05:00
C4ssandre f901e91d70 Fixing markdown content and formatting issues. Markdown is not yet complete and will need additional modification when other changes will be brought to ruby module and C dll. 2020-11-30 14:12:57 +00:00
Spencer McIntyre cbc5899edf Add module docs for the Service Permissions LPE module 2020-11-19 14:17:20 -05:00
Che5hireC4t 996f58da26 Adding a documentation file. 2020-10-28 18:54:38 +01:00
Tim W 87104a7236 Update docs and make them msftidy_docs.rb compliant 2020-10-15 10:59:46 -05:00
Grant Willcox 59f74438da Rename the LPE exploit to a more appropriate name since their could be future bugs in NtUserMessageCall and also update the description info a bit more 2020-10-15 10:59:44 -05:00
Grant Willcox f2899186e4 Add in first round of initial updates to fix review comments 2020-10-15 10:59:40 -05:00
Tim W dcc322436b Update documentation files and module description to more accurately describe what the cause of the LPE bug for CVE-2019-1458 is. also apply RuboCop edits. 2020-10-15 10:58:58 -05:00
Tim W 00d209425b add documentation 2020-10-15 10:58:08 -05:00
h00die 15bb690308 fix vulnerability spelling 2020-10-04 13:00:48 -04:00