adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

7658 Commits

Author SHA1 Message Date
Grant Willcox 81ee149ea2 Add check code support to module and update the documentation accordingly, plus rework the module description 2021-01-06 01:06:08 -06:00
Grant Willcox 839daf93e9 Update the compiled DLL and redo a lot of the module to get it into its first ready state using a different DLL hijack I found during research 2021-01-05 16:12:08 -06:00
Grant Willcox 668eeae4e1 Initial push of code 2021-01-04 12:04:38 -06:00
CSharperMantle d99c2ac783 linguistic fixes of 'does not exists' 2020-12-23 11:36:38 +08:00
C4ssandre 57c57a398d Adding new check to filter out Windows 7 and Windows XP. Indeed, lab experiments has shown that BITS does not attempt to connect to WinRM port, making those systems not vulnerable. 2020-12-19 02:51:48 +01:00
bwatters 222d510e44 Rubocop fixes 2020-12-16 13:59:47 -06:00
bwatters 7f4fac4548 Fix powershell issues and add comment because it is apparently magic 2020-12-16 13:57:02 -06:00
Tim W 9c47803609 increase wfsdelay 2020-12-14 14:54:54 +00:00
Tim W 7af996ae4c add offsets 2020-12-14 14:54:54 +00:00
Tim W a30cdfc892 Fix #14254, Add CVE-2020-1054, win32k DrawIconEx OOB Write LPE 2020-12-14 14:54:54 +00:00
C4ssandre 1fec224bae Adding a new check raised by an unforeseen usecase. I tested the usecase of a webserver on which a malicious user succeeded to upload a meterpreter .exe and execute it by calling its url. The meterpreter sessions belongs to IUSRS, which is not allowed to enumerate services. Thus the exploit fails, but checks pass. So added new checks for filtering this usecase. 2020-12-11 05:22:37 -05:00
C4ssandre d1956199aa Updating a warning message. 2020-12-11 03:58:14 -05:00
C4ssandre 53a12a7984 Updating doc. 2020-12-11 03:53:25 -05:00
Brendan Coles a9e231ad0a Use CVE-2020-5752 path traversal bypass for CVE-2019-3999 2020-12-10 12:14:47 +00:00
C4ssandre 38cd5817d7 Updating authors. 2020-12-10 02:09:24 -05:00
C4ssandre c005492ee9 Updating doc. 2020-12-10 00:58:53 -05:00
C4ssandre b7bf7fcc86 Updating functions comments. 2020-12-10 04:08:49 -05:00
C4ssandre 4883050f7f Adding new options to module. Now it is possible to choose which process to launch as SYSTEM, as well as the port the exploit will listen (because on some Windows configuration, WinRM should listen on port 47001). 2020-12-10 03:53:06 -05:00
Spencer McIntyre 367c5e747f Land #14470, Fix ssi template for some sharepoint versions 2020-12-09 16:23:34 -05:00
Tim W fb9b1c5de4 Land #14409, add weak services technique to the service permissions LPE 2020-12-09 17:16:53 +00:00
C4ssandre f8a7517633 Improving description of SHUTDOWN_SERVICES option. 2020-12-09 08:01:56 +00:00
C4ssandre 7a358cf577 Giving to the user the choice for if the module should attempt or not to shutdown WinRM and BITS services. 2020-12-09 07:43:32 +00:00
C4ssandre d2db1fba4a Updating exploit metatdata. 2020-12-09 07:06:31 +00:00
C4ssandre 8f72102116 Updating exploit description (got by "info" command). 2020-12-09 06:55:17 +00:00
C4ssandre d43fba1ae1 Adding new check functionalities. Now, ruby module check through the previous meterpreter session if BITS and WinRM are currently running, and tries to shutdown them if they are. It is not necessary anymore to deal with windows versions to know if target is vulnerable: the module can guess it reliably by its own. 2020-12-09 06:47:29 +00:00
Spencer McIntyre 175d4a5c43 Add a check to see if the session is already running as SYSTEM 2020-12-08 18:05:28 -05:00
Spencer McIntyre 6d7c6c054a Update the module docs with more details for the registry technique 2020-12-08 17:39:34 -05:00
adfoster-r7 85a9accbee Land #14202, Add initial zeitwerk autoloader approach for lib/msf/core 2020-12-08 12:53:02 +00:00
C4ssandre 748d11dfe4 Removing a useless batch of code remaining from outdated powershell functions. 2020-12-07 22:43:15 -05:00
C4ssandre 134c0fdc73 Fixing an issue in getting notepad path. 2020-12-08 03:13:39 +00:00
C4ssandre ff8981c4ee Various little corrections. 2020-12-07 21:38:55 -05:00
C4ssandre c86f93b9c0 Updating list of tested machines. 2020-12-07 21:38:42 -05:00
C4ssandre 8a3790f265 Adding process informations to hide notepad.exe when launching. 2020-12-07 21:38:30 -05:00
C4ssandre 46f59a76f0 Removing powershell payload serving method, and replacing it by just writing and executing in remote SYSTEM process. 2020-12-07 21:37:35 -05:00
Shelby Pace 8e1cab0131 Land #14339, add flexdotnetcms rce 2020-12-07 14:28:01 -06:00
Shelby Pace cd900a0507 fix comment 2020-12-07 14:27:07 -06:00
S3cur3Th1ssh1t 6c1ac7f9a2 Fix ssi template for some sharepoint versions 2020-12-07 14:34:09 +01:00
dwelch-r7 49a6b1b257 Remove requires that sneaked in while the PR was up 2020-12-07 11:02:10 +00:00
dwelch-r7 1617b3ec9b Use zeitwerk for lib/msf/core folder 2020-12-07 10:31:45 +00:00
Grant Willcox a96a290d32 Land #14467, Add missing CheckCode::Unknown return code if the response object is empty to fix #14462 2020-12-06 01:25:17 -06:00
Grant Willcox 02ebe745d9 Improve the CheckCode::Unknown No Response error message to make it clearer to users 2020-12-06 01:24:51 -06:00
Brendan Coles eb7514d94d nimcontroller_bof: return CheckCode::Unknown if response is empty 2020-12-06 03:16:39 +00:00
cgranleese-r7 96c62aea20 Lands #14411 Fixes eternalblue-win8 to run only with python3 2020-12-05 14:22:32 +00:00
A Galway c83c21bcea additional string to byte conversions 2020-12-03 16:21:55 +00:00
Spencer McIntyre cea4c92781 Clarify the message by printing the actual path 2020-12-01 13:41:01 -05:00
Spencer McIntyre 0bf9dcfdb8 Check that additional success checks for the registry technique 2020-11-30 18:03:58 -05:00
C4ssandre 7d0c6c3b87 Applying rubocop. 2020-11-30 15:09:53 +00:00
C4ssandre 612096ce03 Passing default waiting time for module to complete from 20 to 120. 2020-11-30 15:02:16 +00:00
C4ssandre b894053efe Changing instance variables to local variables. 2020-11-30 14:31:45 +00:00
C4ssandre 71a33301b7 Removing outdated comment. 2020-11-30 14:27:40 +00:00