adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

1433 Commits

Author SHA1 Message Date
Adrian Șendroiu 2007e6d8fb Fix inconsistent casing in windows/local/wmi_persistence 2024-03-12 12:17:46 +02:00
Spencer McIntyre 202db99004 Land #18801, Fix revision number checks 
Fix revision number checks in cve_2022_26904_superprofile.rb
 2024-02-12 15:52:16 -05:00
Spencer McIntyre 45365c8666 Land #18800, Fix revision number checks 
Fix revision number checks for cve_2021_40449.rb
 2024-02-12 15:19:56 -05:00
Spencer McIntyre ce0498377d Land #18798, fix version checks 
windows/local/cve_2020_0787_bits_arbitrary_file_move (and similar) fails due to incorrect revision_number checks
 2024-02-12 15:11:07 -05:00
upsidedwn 4b5d04e59e Fix revision number checks in cve_2022_26904_superprofile.rb 2024-02-07 11:30:42 +08:00
upsidedwn ccb446f2ae Fix revision number checks for cve_2021_40449.rb 2024-02-07 11:28:00 +08:00
upsidedwn 436efad4ca Fix revision number checks 2024-02-07 11:25:41 +08:00
upsidedwn 47d30696bc Fix revision_number checks 2024-02-07 11:20:12 +08:00
adfoster-r7 094d6ee36b Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
Spencer McIntyre 7307c9810b Use the new style of Windows version detection 
This will become more important once the Windows Meterpreter returns a
more accurate string for the sysinfo OS field.
 2023-11-28 14:35:26 -05:00
sjanusz-r7 daa8b8ae99 Use Metasploit-Payloads Crypto to decrypt payloads 2023-10-13 14:42:10 +01:00
sjanusz-r7 b428736e03 Add support for injection of encrypted dll payloads 2023-10-13 14:42:10 +01:00
bwatters a4c6b11237 Fix pass by reference bug on the module side 2023-09-27 09:43:32 -05:00
Christophe De La Fuente 1058291af9 Land #18314, Windows Error Reporting RCE (CVE-2023-36874) 2023-09-27 15:25:06 +02:00
bwatters 0b84feaf60 updates from code review 2023-09-26 14:03:31 -05:00
bwatters be731f330e Add error checking and randomize the report directory 2023-09-22 14:43:21 -05:00
bwatters 03fa034ff5 Actually delete the file I told you to delete 2023-09-20 09:10:51 -05:00
bwatters b4a1bb8fa2 Add docs and support for shell sessions; update exe to work without runtime lib. 2023-09-19 17:50:18 -05:00
Simon Janusz 8b56dc0117 Land #18250, CVE-2023-28252: Windows CLFS Driver Privilege Escalation 2023-09-14 10:18:29 +01:00
Jack Heysel b80f9a84e4 Updated check method and reliability 2023-09-11 13:10:57 -04:00
Jack Heysel 96a6baa500 Land #17474, Add Windows 11 support for Capcom LPE 
This PR adds support to the Capcom.sys LPE for Windows 11 21H1
 2023-09-08 13:43:07 -04:00
jheysel-r7 0111e55006 Update modules/exploits/windows/local/capcom_sys_exec.rb 2023-09-08 13:05:44 -04:00
bwatters 91e7af4370 Added check, some stealth, and cleaned code 2023-09-05 14:29:13 -05:00
bwatters ccba494e61 Exploit working, still needs to be cleaned up 2023-08-29 18:01:44 -05:00
bwatters c69e983b30 Add module to create directory structures and upload/run exploit 2023-08-25 15:41:25 -05:00
Jack Heysel d43bbb6655 rubocop 2023-08-21 19:57:37 -04:00
Jack Heysel 97dd22032c Responded to comments, improved stability 2023-08-21 19:20:25 -04:00
Jack Heysel 29c2361a9c Module clean up, docs, metadata, rubocop 2023-08-02 18:53:20 -04:00
Jack Heysel 416124705f Working in metasploit 2023-07-28 03:43:37 -04:00
adfoster-r7 c26d44a177 Fix bypassuac_comhijack module crash 2023-07-21 16:46:43 +01:00
Grant Willcox 3ab7b3ddc7 Add in autocheck and expand check logic for Windows 11 targets 2023-06-30 16:41:03 -05:00
Grant Willcox 17ffd4e0f6 Add in description about why versions after 22000.194 aren't affected 2023-06-30 16:40:53 -05:00
Wrathdemon 7870bfe94e fix #15890: Support Windows 11 in Capcom.sys LPE Module 2023-06-30 16:40:43 -05:00
Ashley Donaldson 381d291da9 Use revision in MSF modules 2023-06-16 10:07:35 +10:00
Ashley Donaldson 75ba9110e2 Added module for Windows version comparisons 
Utilised it in various existing modules - this should fix some subtle bugs in specific modules' version detection.
 2023-05-25 14:36:46 +10:00
adfoster-r7 f35b9e4fa5 Fix crash when running local exploit suggester 2023-04-21 10:13:37 +01:00
cgranleese-r7 e004be00fe Converted to Active Support 2023-04-05 16:53:01 +01:00
cgranleese-r7 c3a7da54d5 reduces code duplication 2023-04-04 10:27:11 +01:00
cgranleese-r7 40e6917b7f tests passing 2023-04-04 10:24:09 +01:00
jheysel-r7 152ef4a86b Update modules/exploits/windows/local/cve_2023_21768_afd_lpe.rb 2023-03-30 11:28:46 -04:00
jheysel-r7 6f400052b1 Update modules/exploits/windows/local/cve_2023_21768_afd_lpe.rb 2023-03-30 11:00:55 -04:00
Christophe De La Fuente 6d4ee0c071 Add exploit for CVE-2023-21768 2023-03-27 20:08:22 +02:00
Grant Willcox 43b4ee268c Land #17592, Fix bypassuac_injection_winsxs for x64 2023-02-09 11:41:51 -06:00
Spencer McIntyre e6f4e96544 Close hFindFile 2023-02-09 11:43:20 -05:00
adfoster-r7 25ee41df68 Run rubocop on exploit modules 2023-02-08 15:20:32 +00:00
Spencer McIntyre f2e5e77e27 Fix bypassuac_injection_winsxs for x64 
Tested on Windows 8.1, prior to these chagnes the bad railgun definition
would cause the session to crash.
 2023-02-03 13:02:53 -05:00
cgranleese-r7 80dbbca020 Land #17371, Lenovo Diagnostics Driver Privilege Escalation (CVE-2022-3699) 2023-02-03 13:43:04 +00:00
adfoster-r7 014bdddd1a Land #17564, Fixed AnyConnect IPC message format 2023-02-01 16:34:44 +00:00
Duarte Silva a7ae3c9389 Fixed AnyConnect IPC message format: 
- Made an error in the original research where the TLV had a type
  and a index, when it only has a type and a modifier that makes
  it into a TV (Type and Value, no Length).
- A TV has its value where the Length would be on a TLV.
- Also added a note on the endieness being correct/working because
  endieness has no impact in the message being used to exploit the
  vulnerability.
 2023-01-28 09:08:51 +00:00
Jack Heysel 6ac0d9ba27 Trailing whitespace corrected 2023-01-19 22:16:54 -05:00