adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

7658 Commits

Author SHA1 Message Date
bwatters f14d6ffe13 Rubocop and modularization 2020-09-16 11:17:39 -05:00
bwatters a72769909b Change exe to take destination and source files for copy 2020-09-16 11:17:39 -05:00
bwatters 17272209cc First try at CVE-2020-1048, needs lots of work 2020-09-16 11:17:38 -05:00
William Vu e118ff1509 Add Microsoft Exchange Server DLP Policy RCE 
CVE-2020-16875
 2020-09-16 02:41:08 -05:00
gwillcox-r7 593945ee61 Update module documentation with more detail r.e affected versions and the fact that the use of UNC paths could cause an issue if they are not typed in correctly. Also update the module documentation to use the output from recent tests to reflect recent changes. Shortern the module description and update its stability rating. Finally add in a reliability rating for the exploit module. 2020-09-10 11:32:45 -05:00
gwillcox-r7 16b27ae270 Add in version checking to ensure we only check if the target has the 'Enable insecure guest logons' enabled if their build number is greater than or equal to 10.0.16299.0, which was the build where this change first was implemented. 2020-09-10 11:32:45 -05:00
gwillcox-r7 45480373a9 Fix up the exploit module so that it will not wait for AV if a UNC path is used, as there is no chance the AV on the host can remove the file on the UNC share, and the UNC share won't be accessed until the exact moment it is needed 2020-09-10 11:32:45 -05:00
gwillcox-r7 7e1560ff26 Update documentation with the installation instructions I mentioned in the GitHub comments. Also RuboCop the exploit module code. 2020-09-10 11:32:18 -05:00
gwillcox-r7 0d493bbc54 Add in extra code to handle cases where the loops may enter a infinte loop state. New code should prevent this from happening 2020-09-10 11:32:18 -05:00
gwillcox-r7 a94d36248b Add in the AVTIMEOUT option to allow the module to check if any AV or other processes deleted the uploaded DLL file, thereby preventing a situation where the DNS server is unable to restart. Also add in some warning's r.e when we enter the danger section and when we exit it so that users at more aware of when this is happening. 2020-09-10 11:32:18 -05:00
gwillcox-r7 78dc43efa5 Fix up incorrect regex within the check method to fix a logic bug 2020-09-10 11:32:18 -05:00
ide0x90 c4d463e921 Added option to generate standalone DLL. 2020-09-10 11:32:18 -05:00
ide0x90 53f3b70b33 Changed DLL so that it doesn't block the DNS service from stopping after the module executes. 
Added OS check (>= Server 2003 is vulnerable so far).
Now cleans up dropped DLL and modified registry value.
 2020-09-10 11:32:18 -05:00
ide0x90 7701ea1bc8 Compile DLL so that the DNS service doesn't crash when the module is run. 2020-09-10 11:32:18 -05:00
ide0x90 151fdb7ea5 Reduced exploit ranking and added check to see if session is elevated. 2020-09-10 11:32:18 -05:00
ide0x90 d1e9039af4 Initial module and documentation for Microsoft Windows DNS ServerLevelPluginDll abuse 2020-09-10 11:31:51 -05:00
C4ssandre 3336040f2d Adding a new privilege escalation exploit for windows. 
New files and folders:

- metasploit-framework/modules/exploits/windows/local/bits_ntlm_token_impersonation.rb

- metasploit-framework/data/exploits/drunkpotato/

- metasploit-framework/external/source/exploits/drunkpotato/
 2020-08-25 14:27:41 +02:00
Shelby Pace 6e2a7001a9 Land #13994, add Dlink Wifi manager rce 2020-08-18 09:34:19 -05:00
Shelby Pace d79ad5efca minor rubocop fix 2020-08-18 09:33:32 -05:00
Niboucha Redouane 0a20a217dc Fix description of the vulnerability 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-08-17 21:06:46 +02:00
Niboucha Redouane 602865ef70 refactor if in check method 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-08-17 21:01:34 +02:00
William Vu a6f7c0c0de Backport miscellaneous fixes to my modules 2020-08-14 13:40:23 -05:00
Niboucha Redouane 1a468fa210 remove unneeded include, left from an attempt to execute native payloads 2020-08-13 15:51:09 +02:00
Niboucha Redouane 66d3b1cd59 Add exploit for CVE-2019-13372 2020-08-13 15:07:11 +02:00
Jeffrey Martin 35017886b8 Land #13935, Preliminary Version 6 2020-08-06 10:19:34 -05:00
bwatters ba7f1ea486 Land #13897, Fix dangling reference issue in cve_2020_0688_service_tracing.rb 
and filesystem.rb

Merge branch 'land-13897' into upstream-master
 2020-08-05 17:04:15 -05:00
gwillcox-r7 6ed05df308 Land #13517, Documalis Free PDF Editor and Free PDF Scanner JPEG PDF Stack Buffer Overflow 2020-08-03 14:11:50 -05:00
gwillcox-r7 b64e843d9f Remove CVE reference for now until we can add in a proper CVE reference, fix some alignment issues for Notes section 2020-08-03 13:06:45 -05:00
Jeffrey Martin 9aa26d1208 Merge upstream into 6.x 2020-08-03 11:43:47 -05:00
gwillcox-r7 513f2dac9b Add in Notes section to exploit 2020-08-03 11:00:17 -05:00
gwillcox-r7 b13b3b3d77 Add in a temp valid CVE number to see if that will get builds to pass or not 2020-07-31 17:49:14 -05:00
gwillcox-r7 8ad94e5484 Remove trailing new line at end of the line that was causing the last commit to fail for reasons other than the CVE being missing 2020-07-31 17:47:58 -05:00
gwillcox-r7 2d5fa912c3 Apply fixes to documentation to fix some errors and make it msftidy_docs.rb compliant. Also apply RuboCop updates to the module 2020-07-31 17:36:51 -05:00
gwillcox-r7 e355bc783c Update the module's description and title to be more accurate, and also remove the EDB field and replace it with a temporary CVE field 2020-07-31 16:07:33 -05:00
gwillcox-r7 96859ba492 Add in the proper instructions corresponding to the gadgets that we use for the SEH handler overwrite within the exploit 2020-07-31 15:50:49 -05:00
gwillcox-r7 907bedca34 Edit up the exploit to correct the size calculation logic so it correctly calculates the maximum size of the payload and ensures we don't overrun this. 2020-07-31 15:36:37 -05:00
Spencer McIntyre a32d4c2a20 Land #13875, CVE-2020-8010 & CVE-2020-8012 2020-07-31 09:08:36 -04:00
gwillcox-r7 b6bce114ea Add in further edits to the library code to remove the possiblity of dangling handles and also update the module code accordingly. 2020-07-30 10:45:19 -05:00
Spencer McIntyre a7274afd46 Add an optional delay when executing PSExec commands 2020-07-30 09:45:22 -04:00
gwillcox-r7 17c26b098b Ninja edit to make sure that if we fail to authenticate to the server, we return CheckCode::Unknown rather than CheckCode::Safe 2020-07-29 16:08:51 -05:00
Spencer McIntyre 4fa657d6eb Fix a bunch of documentation typos and minor code cleanups 2020-07-29 16:30:44 -04:00
Spencer McIntyre 7af4297e86 Add the exploit for CVE-2020-1147 2020-07-29 11:58:38 -04:00
h00die 5a40c6dc00 move config_changes 2020-07-27 15:35:05 -04:00
wetw0rk 8421b1a956 fixes, and format 2020-07-24 15:50:00 -05:00
gwillcox-r7 35e48c83bb Add in call to session.fs.dir.rmdir() in library code and in the module as sometimes the file might not be deleted otherwise. 2020-07-24 15:39:19 -05:00
gwillcox-r7 b5b8630a5b Fix minor RuboCop mistake 2020-07-23 22:11:51 -05:00
gwillcox-r7 88c10de36f Add in proposed changes to cve_2020_0688_service_tracing.rb and filesystem.rb so that we can properly create mount points without dangling handle references 2020-07-23 21:44:18 -05:00
wetw0rk 938342793e removed vuln-confirmation 2020-07-23 09:46:13 -05:00
wetw0rk dbd6129ec4 if-vuln-check 2020-07-23 09:32:04 -05:00
Shelby Pace bf4d0bf6ee Land #13828, add Zentao Pro rce 2020-07-22 09:42:11 -05:00