adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

7658 Commits

Author SHA1 Message Date
Alan Foster 9c249e8c91 Landing #13456, distinct_tftp_traversal: increase delay between upload requests 2020-05-15 11:14:58 +01:00
William Vu aa6624e7f8 Land #13436, service encoder fix for psexec 2020-05-14 16:43:07 -05:00
William Vu ef069ce5ef Prefer exploit.rb's rand_text_alpha 2020-05-14 16:41:54 -05:00
Brendan Coles a5250072bf distinct_tftp_traversal: increase delay between upload requests 2020-05-14 05:22:36 +00:00
Shelby Pace fc762f8a82 Land #13402, add service_exists? method 2020-05-12 13:37:54 -05:00
bwatters-r7 9b40554ec6 Land #13370, Add Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation 
Merge branch 'land-13370' into upstream-master
 2020-05-12 13:20:27 -05:00
Clément Notin b7d16b1e72 Fix regression in psexec mixing filename and encoder 
Closes #13407
 2020-05-12 00:02:52 +02:00
bwatters-r7 1a9c04c2c4 Use new method 2020-05-08 14:49:01 -05:00
Spencer McIntyre b4e2599921 Remove trailing whitespace to fix build failures 2020-05-07 09:59:34 -04:00
Spencer McIntyre 9769e04b6e Land #13322, CVE-2020-0668 Service tracing file junction overwrite 2020-05-07 09:47:20 -04:00
Spencer McIntyre 26d4cb7a47 Tweak the service tracking checks and update docs markdown 2020-05-07 09:46:19 -04:00
gwillcox-r7 a1275845ec Land #13200, CVE-2019-0808 LPE for Windows 7 x86 SP0 and SP1 2020-05-06 17:23:52 -05:00
bwatters-r7 a5fe498610 Update ARCH handling, suggested changes, and last-minute fixes 2020-05-06 15:36:53 -05:00
Brendan Coles bf16307d7f Add Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation 2020-05-06 14:09:46 +00:00
gwillcox-r7 5609a99758 Neaten up alignment and spacing on ntusermndragover.rb 2020-05-05 21:28:51 -05:00
Spencer McIntyre 30b17c6323 Remove some whitespace for msftidy compliance 2020-05-04 10:14:00 -04:00
Spencer McIntyre 7fb17ecf17 Update some module metadata for the Kentico RCE exploit 2020-05-04 10:12:21 -04:00
Spencer McIntyre c128a3ba92 Add CmdStager and Powershell targets to the Kentico RCE exploit 2020-05-04 10:07:10 -04:00
Patrick Webster 60b83d536e Update modules/exploits/windows/http/kentico_staging_syncserver.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2020-05-04 09:26:14 -04:00
Patrick Webster c5adcbfd43 Update modules/exploits/windows/http/kentico_staging_syncserver.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2020-05-04 09:26:13 -04:00
Patrick Webster 0679f1b317 Update modules/exploits/windows/http/kentico_staging_syncserver.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2020-05-04 09:26:13 -04:00
Patrick Webster 376c61bc46 Added exploit module kentico_staging_syncserver. 2020-05-04 09:26:13 -04:00
Tim W f2752eab00 add win32k revision check to check method 2020-05-04 15:04:43 +08:00
William Vu 0bcc473ded Rename option to HOSTINFO_NAME and update doc 2020-05-01 12:59:01 -05:00
William Vu c27269105e Rename CmdStager to psh_invokewebrequest 2020-05-01 12:31:53 -05:00
William Vu 1364b08c4f Make host info name configurable as an option 
Though it has to be recognized by the server.
 2020-05-01 12:19:12 -05:00
William Vu 96f802585a Update dropper payload to stageless 
We're using Invoke-WebRequest now. Or anything similar.
 2020-05-01 12:19:12 -05:00
William Vu 9adaa08ddd Use new PowerShell Invoke-WebRequest CmdStager 2020-05-01 12:19:12 -05:00
William Vu 9bfecbc2aa Print the responses if found but don't bail 
The responses aren't always in sync, causing unexpected failures.
 2020-05-01 12:19:12 -05:00
William Vu bb034acd7c Note reason for SERVICE_RESOURCE_LOSS 2020-05-01 12:19:12 -05:00
William Vu 309475259a Remove doubled-up command prefix from dropper 
The library prefixes "cmd /c" automatically.
 2020-05-01 12:19:12 -05:00
William Vu 84061881b8 Clarify module description 2020-05-01 12:19:12 -05:00
William Vu 9d601b50c2 Note how we trigger the deserialization vuln 2020-05-01 12:19:12 -05:00
William Vu efab4f04f7 Add Veeam ONE Agent .NET deserialization exploit 2020-05-01 12:19:12 -05:00
Tim W bcf9449b29 add basic check method 2020-05-01 19:02:21 +08:00
bwatters-r7 717223e1a9 One more fix... 2020-04-30 08:09:15 -05:00
bwatters-r7 35913c829e add mkdir and other suggested fixes 2020-04-30 07:47:57 -05:00
Tim W 8e9a162b1b fix 2020-04-30 18:05:00 +08:00
Tim W ea22e34b9c fix description 2020-04-30 17:51:28 +08:00
Tim W 3ca0472b18 fix payload size 2020-04-30 17:47:41 +08:00
Tim W 109f0a01f7 add windows 7 sp1 scenario 2020-04-30 17:19:54 +08:00
Tim W ff0704b316 code review from grant <3 2020-04-30 17:19:54 +08:00
Tim W 5ed871a110 CVE-2019-0808 2020-04-30 17:19:46 +08:00
bwatters-r7 95a942d855 Add description 2020-04-29 14:44:59 -05:00
bwatters-r7 91c317f7b5 Rubocop autocorrect 2020-04-29 11:01:29 -05:00
bwatters-r7 191044cdad Final fixes and documentation 2020-04-29 10:18:22 -05:00
William Vu e5857d5544 Comments for the comment god 2020-04-27 20:58:39 -05:00
William Vu 3e9f7d5f0a Comment the absolute path prepended to traversal 2020-04-27 20:57:02 -05:00
William Vu f18ec9929b Remove directory traversal prefix altogether 2020-04-27 20:23:29 -05:00
William Vu 1318faa992 Clarify the quote is from the vendor's advisory 2020-04-27 16:53:34 -05:00