86b7ec4518
Address comments from the review
2023-10-12 09:50:19 -04:00
5a6dc7f9a6
Initial commit of CVE-2023-43654
2023-10-12 09:27:26 -04:00
1058291af9
Land #18314 , Windows Error Reporting RCE (CVE-2023-36874)
2023-09-27 15:25:06 +02:00
be731f330e
Add error checking and randomize the report directory
2023-09-22 14:43:21 -05:00
b4a1bb8fa2
Add docs and support for shell sessions; update exe to work without runtime lib.
2023-09-19 17:50:18 -05:00
8b56dc0117
Land #18250 , CVE-2023-28252: Windows CLFS Driver Privilege Escalation
2023-09-14 10:18:29 +01:00
91e7af4370
Added check, some stealth, and cleaned code
2023-09-05 14:29:13 -05:00
c69e983b30
Add module to create directory structures and upload/run exploit
2023-08-25 15:41:25 -05:00
c05582267c
Placeholder for VE-2023-36874
2023-08-23 20:13:03 -05:00
97dd22032c
Responded to comments, improved stability
2023-08-21 19:20:25 -04:00
bcfc892195
General code clean up
2023-08-04 14:27:14 -04:00
30b824d8ab
external sources
2023-08-02 19:33:25 -04:00
9a40e2612b
Land #17129 , Add OSX Aarch64 Payload support
2023-08-02 18:37:56 +01:00
89cd524acb
Update osx templates makefile and compile binaries
2023-08-02 01:26:18 +01:00
c028d33cae
Update OSX AARCH64 Stager
...
This fixes an issue with the stager size in the osx aarch64 payloads. It
also adds the source and Makefile for template_aarch64_darwin.bin
2023-07-31 20:30:30 -07:00
9019b51eaa
Update AARCH64 Shellcode Generation
...
This updates the aarch64 payloads to include comments with the
corresponding instructions for each little-endian integer. It also fixes
the debug output for x64 payloads under rosetta.
2023-07-29 08:26:56 -07:00
b15d595de2
Adjust files to be better shared
2023-07-14 12:47:04 -05:00
6772740f86
Fix bug in HostingCLR relating to the first argument passed to a dotnet assembly.
2023-06-28 09:24:33 +10:00
afe359281c
Remove manual signature handling, and figure it out for the user.
2023-06-28 09:22:01 +10:00
65a4dd3c39
Change ETW bypass method, so that CLR memory can be freed.
...
Fixed a crash and broken logic in hosting clr code.
2023-06-26 09:54:00 +10:00
977f8732c6
Fix cleanup code.
...
The _AppDomainPtr, _AssemblyPtr and _MethodInfoPtr variables are COM smart pointers which will auto-Release() when they go out of scope, so we should not directly Release() them.
2023-06-23 14:01:45 +10:00
a7ce4c7fa8
Free memory from the C++ side, rather than the Ruby side.
2023-06-23 09:57:53 +10:00
6e438d338e
Modify execute_dotnet_assembly to run in existing processes (including our own process) and receive output.
2023-06-21 12:04:09 +10:00
b8068bc781
Cleanup for Sonoma Dyld
...
This adds support for the dyld changes incorperated into Sonoma and
cleans up the existing support for Ventura. This does not break
compatibility with previous versions.
2023-06-19 10:57:37 +02:00
0415565396
Fix for Ventura Dyld
...
This adds support for the dyld changes incorperated into Ventura which
includes changes to the symbols used. This does not break compatibility
with previous versions.
2023-06-19 10:57:37 +02:00
44762f18e8
Increase Stack Space for Loader
...
This increases the stack stack space mmap'd for the 2nd stage loader and
should fix the invalid stack memory access crash on the staged payload.
2023-06-19 10:57:37 +02:00
8a5442f7f0
Fix AARCH64 MachO Generation
...
This updates the exe util to properly generate stageless aarch64 macho
payloads. I've also added comments on how to assemble the aarch64
stages.
2023-06-19 10:57:37 +02:00
5f8767f4cf
M1ssion Dyld Mettle: Aarch64 Payloads
...
This builds on Back from the dyld by adding the required aarch64
assembly code to enable the OSX loader to run on the m1. This enables
the use of native payloads on M1 or M2 devices that do not have Rosetta
installed.
2023-06-19 10:57:37 +02:00
ae4e616c3b
Update Navigating-And-Undstanding-Metasploits-Codebase to add new code navigation tools and debugging tools
...
Move debugging info into same file and make markdown match standards
Add more info on Pry debugging using Alan David Foster's explaination
Fix up broken URL links and format new URL links correctly
Fix up formatting and add information on Debug.gem supported commands
2023-06-09 09:17:46 -05:00
e5c636f931
Move folder descriptions into README.md files
2023-05-03 14:06:13 -05:00
6d4ee0c071
Add exploit for CVE-2023-21768
2023-03-27 20:08:22 +02:00
80dbbca020
Land #17371 , Lenovo Diagnostics Driver Privilege Escalation (CVE-2022-3699)
2023-02-03 13:43:04 +00:00
595f34fc6f
Merge branch 'master' into mac_dirty_cow
2023-02-01 16:51:09 -05:00
2c72cc145a
updates to module
2023-01-31 20:05:33 -05:00
022760d24a
Land #17300 , linux LPE cve-2022-22942 module
...
This PR adds a linux priv esc against VMWare virtual machines
with kernel 4.14-rc1 - 5.17-rc1 due to a VMWare driver bug.
2023-01-31 14:07:55 -05:00
dcda0c2ebc
Fix up text so we capitalize all words of Metasploit Framework
2023-01-20 17:05:20 -06:00
0e0f62c002
Removed 22621
2023-01-19 14:47:20 -05:00
d7215b84b4
Added offsets for W11 22H2
2023-01-19 09:30:28 -05:00
63d9445911
Fix for Win Server 2022 and 2019
2023-01-19 00:52:38 -05:00
2c2bfec4a0
Tested on Windows Build 19044, 19045 and 22000
2023-01-18 01:41:30 -05:00
158c557d58
Update LICENSE file and location of source file
2023-01-17 17:28:22 -05:00
145589f7a2
Add GetPteBaseW10
2023-01-12 01:15:23 -05:00
ce260f53f3
Add CVE-2022-46689 macOS dirty cow
2022-12-28 22:46:08 +07:00
87614cf2b3
Fixed spacing updated check method
2022-12-15 14:15:06 -05:00
f015d1425a
Added update to common.h
2022-12-14 20:39:31 -05:00
d6a5590c06
Land #17265 , Add Exploit for CVE-2020-25736
2022-12-13 18:49:56 +01:00
2fa7e7b2d5
Lenovo Diagnostics Driver Privilege Escaltion (CVE-2022-3699)
2022-12-12 21:53:53 -05:00
cf9e54909c
use 2021 helper name in objective-c code too
2022-12-12 15:55:36 -06:00
b866917ee1
review
2022-11-22 16:57:01 -05:00
d8f2b50b07
add compiled exploit and source
2022-11-17 17:16:08 -06:00
Spencer McIntyre