c6e2be2cd7
Ensure deletion of exploit and payload even if the exploit fails.
2021-12-01 14:54:48 -06:00
b1f6937542
Updated exploit to compile on target, added control over directory creation
...
Added a method to get source code for the write and compile method
2021-12-01 14:54:47 -06:00
eba7803e1a
Add check method
2021-12-01 14:54:47 -06:00
bf1b3b377c
Add cve-2021-3493 module
2021-12-01 14:54:47 -06:00
1dd26bca03
Land #15802 , add OMIGOD LPE
2021-11-09 10:30:50 -06:00
278d940fee
Update the Python exploit code to fix a bug
2021-11-02 10:10:18 -04:00
73e55fcaee
Land #15665 , Add Meterpreter compatibility metadata
2021-10-29 12:45:26 +01:00
98528c8ba6
Fail over to default paths
2021-10-28 15:01:12 -04:00
ae56ffa934
Initial exploit for CVE-2021-38648
2021-10-27 12:05:56 -04:00
28eab4d871
Add Meterpreter compatibility metadata
2021-10-06 13:54:51 +01:00
2c7aa022d4
Add PoC for CVE-2021-22555 Netfilter Priv Escalation
2021-10-04 16:48:23 +01:00
46718e3390
Run Rubocop layout rules on modules
2021-09-10 12:53:39 +01:00
ff50a94348
Land #15567 , Add in Exploit for CVE-2021-3490
...
Merge branch 'land-15567' into upstream-master
2021-08-31 18:46:25 -05:00
488f58a068
Attempt to fix RuboCop errors
2021-08-31 15:36:00 -05:00
3bca3b0bcb
Update exploit code to use & after the command to execute as root so it executes in the background and doesn't hang Metasploit. Also update the logic of the code to check the response from executing the exploit and respond accordingly and update the documentation to match
2021-08-31 15:07:37 -05:00
4a9a15e638
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
6f9b06fb4b
Add in Manfred Paul's original blog post and chompie1337's original PoC to the list of links. Also add in a relatively detailed description of how to add in new targets to this exploit to the documentation in case that helps anyone down the line
2021-08-25 18:09:07 -05:00
29a230ec72
Improve error handling for module
2021-08-24 17:36:37 -05:00
bd490d35ed
Add support for Linux 5.11.x on Fedora
2021-08-23 15:09:10 -05:00
db5ac81ecf
Fix up mistakes bcoles pointed out and also add in a check to ensure we are only targetting x64 systems
2021-08-23 13:23:40 -05:00
e46611cffb
Add in support for exploiting Fedora 32 with Linux kernel 5.10.12
2021-08-20 18:04:59 -05:00
75ae2b76f5
Add support for Fedora 32 Linux Kernel 5.9.8-100 and also fix an error where the wrong file was being used for Fedora 32 Linux Kernel 5.8.8.
2021-08-20 16:50:20 -05:00
5abf407228
Add support for Fedora 32 with Linux Kernel 5.8.8-200
2021-08-20 15:42:34 -05:00
dd806a9d61
Add in support for Fedora 32 running kernel 5.7.11-200
2021-08-20 13:37:52 -05:00
b479cb61a4
Add in scenario for Ubuntu 20.04.02 LTS and show that its still working as expected
2021-08-19 15:05:03 -05:00
945004ed97
Fix up typo that was breaking the code and also fix RuboCop errors
2021-08-19 14:12:03 -05:00
b60ad3ee26
Fix up mistakes I noticed whilst doing edits on the code as well as some mistakes identified during peer review
2021-08-19 13:55:54 -05:00
d5df47692c
Add in first copy of the exploit along with the supporting source code and binaries. Documentation to come
2021-08-17 18:01:14 -05:00
951809e164
Land #15491 , add module stability notes
2021-07-29 17:24:42 +01:00
809081bc5f
Land #15279 , add Pi-Hole lpe
2021-07-29 11:15:17 -05:00
0561ae978f
fix typos, pihole version in docs
2021-07-29 11:13:58 -05:00
56510a2e8e
Updates some notes on modules that weren't passing tests due to new rubocop rule
2021-07-28 16:20:02 +01:00
570ba091f6
Update some typos in the documentation and also update the exploit module to handle various cases whereby the dbus-send command might end up timing out due to TIMEOUT being too low and to fix some final issues found during testing
2021-07-08 16:24:01 -05:00
9f88ef0954
Fix up review comments
2021-07-08 16:22:29 -05:00
54ee8f7ae7
Added cmd_delay nil check, updated title
2021-07-08 16:20:45 -05:00
0f67dd5212
Fixed get_cmd_delay, reponded to comments
2021-07-08 16:20:38 -05:00
9a07039e7e
Updated docs
2021-07-08 16:09:15 -05:00
fdbf669da2
Fixed check for /bin/su
2021-07-08 16:09:12 -05:00
285a6338fa
Print error instead of failwith when exploit commands unsuccessful
2021-07-08 16:09:12 -05:00
f797f30651
Fixed call to write directory
2021-07-08 16:09:04 -05:00
1a73cfbe25
Updated check method
2021-07-08 16:09:03 -05:00
c5a9ecd45b
WritableDir as advanced opt
2021-07-08 16:09:03 -05:00
f87f831aba
Module updates + Docs
2021-07-08 16:09:02 -05:00
8d2d445699
Send one large command over many of smaller size
2021-07-08 16:08:36 -05:00
e7608d79f6
Polkit authentication bypass
2021-07-08 16:08:33 -05:00
dc9c0035ab
Land #15371 , check if apport-cli is in $PATH
...
Fixes #15370
2021-07-08 09:28:35 -04:00
636b790acb
Update to using the AutoCheck mixin
2021-07-08 09:03:42 -04:00
daa5b32393
Update from review
...
- Remove `MeterpreterTryToFork` option logic
- Add `Prepend` code directly under `Payload` info
- Rebase to use the updated `PrependFork`
- Add logic to verify that shells specified in the options really exist
on the remote host
2021-06-30 18:13:35 +02:00
eca20bec92
Update from code review
...
- Fix documentation typos
- Rename `MeterpreterBackground` Mettle option to `MeterpreterTryToFork`
2021-06-30 11:02:11 +02:00
ccaedd6c9a
Last additions and improvements
...
- add binaries
- add documentation
- backup `runc` binary in the exploit C file
- add `MeterpreterBackground` options to set Mettle `background` option
- add `WsfDelay` logic
- refactor code
- add cleanup logic
- add restore `runc` binary logic
2021-06-30 11:02:11 +02:00
bwatters