adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

992 Commits

Author SHA1 Message Date
Austin 9d11c60d88 Office DDE Payload Delivery 
Generate / Inject existing RTF files with DDE Payloads!
 2017-12-06 21:41:00 -05:00
William Webb adba277be0 axe errant spaces at EOL 2017-12-04 16:57:48 -08:00
William Webb 69b01d26bb Land #9226, Microsoft Office OLE object memory corruption 2017-12-04 16:50:27 -08:00
Austin b96dac28d5 fix info segment 2017-12-04 16:42:41 -05:00
Austin c788e4e540 Update office_ms17_11882.rb 2017-12-01 11:36:03 -05:00
Austin 7df46b33e8 disassembly ASM 2017-12-01 08:03:56 -05:00
Austin 2544b4d8db Change target name 2017-11-28 21:39:04 -05:00
Austin cb7f173811 Update office_ms17_11882.rb 2017-11-28 21:36:25 -05:00
Austin 960893b99d change default payload 2017-11-22 06:36:46 -05:00
Austin 275f70e77e better saving 2017-11-21 19:34:04 -05:00
Austin db4c0fcca9 spelling 2017-11-21 19:02:14 -05:00
Austin fcea6fd8d4 actually create new file ;-; 2017-11-21 15:00:06 -05:00
Austin 39a4d193a1 Create office_ms17_11882.rb 2017-11-21 14:47:02 -05:00
William Vu b7c604f941 Land #9189, s/patrick/aushack/g 2017-11-08 10:27:03 -06:00
Patrick Webster 2f6da89674 Change author name to nick. 2017-11-09 03:00:24 +11:00
Spencer McIntyre 70033e2b94 Enable the payload handler by default 2017-11-02 12:31:54 -04:00
Spencer McIntyre e4d99a14b6 Fix EXITFUNC back to process for the RCE too 2017-10-05 11:38:08 -04:00
Spencer McIntyre 825ad940e6 Update the advanced option names and a typo 2017-10-05 10:16:31 -04:00
Spencer McIntyre 482ce005fd Update the advanced option names and a typo 2017-10-05 10:11:00 -04:00
Spencer McIntyre f2f48cbc8f Update the CVE-2017-8464 module 2017-09-30 18:25:16 -04:00
Pearce Barry 8de6fa79c1 Tweakz, yo. 2017-09-22 18:49:09 -05:00
h00die 30f833f684 80 pages left 2017-09-13 22:03:34 -04:00
Brent Cook 367c760927 window move is now directly in the template 2017-08-20 17:48:59 -05:00
Brent Cook e734a7923a Land #8267, Handle multiple entries in PSModulePath 2017-08-20 17:44:30 -05:00
Brent Cook da3ca9eb90 update some documentation 2017-08-03 17:09:44 -05:00
Brent Cook ddd841c0a8 code style cleanup + add automatic targeting based on payload 2017-08-03 00:27:54 -05:00
Brent Cook b62429f6fa handle drive letters specified like E: nicely 2017-08-03 00:27:22 -05:00
Yorick Koster 46ec04dd15 Removed This PC ItemID & increased timeout in WaitForSingleObject 
Remove the This PC ItemID to bypass (some) AV.

Timeout for WaitForSingleObject is set to 2,5s. After this timeout a
mutex is released allowed a new payload to be executed.
 2017-08-02 15:47:22 -05:00
Yorick Koster e51e1d9638 Added new DLL templates to prevent crashing of Explorer 2017-08-02 15:47:21 -05:00
Yorick Koster 3229320ba9 Code review feedback from @nixawk 2017-08-02 15:46:51 -05:00
Yorick Koster 565a3355be CVE-2017-8464 LNK Remote Code Execution Vulnerability 
This module exploits a vulnerability in the handling of Windows
Shortcut files (.LNK) that contain a dynamic icon, loaded from a
malicious DLL.

This vulnerability is a variant of MS15-020 (CVE-2015-0096). The
created LNK file is similar except in an additional
SpecialFolderDataBlock is included. The folder ID set in this
SpecialFolderDataBlock is set to the Control Panel. This is enought to
bypass the CPL whitelist. This bypass can be used to trick Windows into
loading an arbitrary DLL file.
 2017-08-02 15:46:30 -05:00
mr_me bf4dce19fb I added the SSD advisory 2017-07-24 14:25:10 -07:00
mr_me b099196172 deregistered SSL, added the HTA dodgy try/catch feature 2017-07-24 10:28:03 -07:00
mr_me 17b28388e9 Added the advisory, opps 2017-07-24 10:09:21 -07:00
mr_me 14ca2ed325 Added a icon loading trick by Brendan 2017-07-24 10:06:20 -07:00
mr_me b2a002adc0 Brendan is an evil genius\! 2017-07-24 09:58:23 -07:00
mr_me cc8dc002e9 Added CVE-2017-7442 2017-07-24 08:21:59 -07:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
g0tmi1k ef826b3f2c OCD - print_good & print_error 2017-07-19 12:48:52 +01:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
g0tmi1k 3d4feffc62 OCD - Spaces & headings 2017-07-19 11:04:15 +01:00
g0tmi1k 4720d1a31e OCD fixes - Spaces 2017-07-14 08:46:59 +01:00
g0tmi1k fd843f364b Removed extra lines 2017-07-14 08:17:16 +01:00
g0tmi1k 424522147e OCD fixes - Start of *.rb files 2017-07-13 23:53:59 +01:00
wchen-r7 162a660d45 Remove the old windows/fileformat/office_word_macro 
windows/fileformat/office_word_macro.rb has been deprecated and
it should have been removed on March 16th.

If you want to create a Microsoft Office macro exploit, please
use the multi/fileformat/office_word_macro exploit instead, which
supports multiple platforms, and will support template injection.
 2017-05-26 07:33:46 -05:00
Brent Cook 841f63ad20 make office_word_hta backward compat with older Rubies 2017-05-08 15:10:48 -05:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
anhilo 56685bbfaa Update office_word_hta.rb 2017-04-26 11:05:21 +08:00
wchen-r7 6029a9ee2b Use a built-in HTA server and update doc 2017-04-24 16:04:27 -05:00
nixawk 3d082814cb Fix default options 2017-04-17 01:09:48 -05:00