f2e5e77e27
Fix bypassuac_injection_winsxs for x64
...
Tested on Windows 8.1, prior to these chagnes the bad railgun definition
would cause the session to crash.
2023-02-03 13:02:53 -05:00
80dbbca020
Land #17371 , Lenovo Diagnostics Driver Privilege Escalation (CVE-2022-3699)
2023-02-03 13:43:04 +00:00
6ab7e177f4
Land #17392 , add F5 Big-IP priv esc module
...
Add a privilege escalation module for F5 that uses
the unsecured MCP socket to create a new root account
2023-02-02 15:10:33 -05:00
f4ad778bd0
Added missing session types
2023-02-02 13:29:43 -05:00
af2ef53462
Land #17415 , macOS dirty cow priv esc
2023-02-02 12:15:19 -05:00
952a4fe37a
Land #17581 , modules: Check datastore ForceExploit before checking if session is root
2023-02-02 10:19:07 +00:00
6f4a17230d
exploits/osx/local/vmware_fusion_lpe: Add notes
2023-02-02 18:46:08 +11:00
a83d070396
exploits/freebsd/local/ip6_setpktopt_uaf_priv_esc: Add Reliability notes
2023-02-02 18:45:43 +11:00
ef87a63bde
modules: Check datastore ForceExploit before checking if session is root
2023-02-02 18:17:02 +11:00
48a27ab555
Fix the remaining references to the old wiki site.
2023-02-01 21:25:06 -06:00
6870efc34a
Land #17426 , Update all references to old Wiki to point to new docs site
2023-02-01 23:49:20 +00:00
076ffbcc65
Merge branch 'mac_dirty_cow' of github.com:timwr/metasploit-framework into mac_dirty_cow
2023-02-01 16:57:36 -05:00
3c7cbf62e6
Updated default payload
2023-02-01 16:56:28 -05:00
595f34fc6f
Merge branch 'master' into mac_dirty_cow
2023-02-01 16:51:09 -05:00
cf172d22c8
Get rid of #String.hash in favour of UnixCrypt
2023-02-01 11:02:04 -08:00
1094221468
Merge branch 'rapid7:master' into f5-createuser-privesc
2023-02-01 10:20:43 -08:00
34d93e862c
Update modules/exploits/linux/local/f5_create_user.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-02-01 10:16:03 -08:00
e90b47fd17
Update modules/exploits/linux/local/f5_create_user.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-02-01 10:15:00 -08:00
d89c193db2
Update modules/exploits/linux/local/f5_create_user.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-02-01 10:14:38 -08:00
014bdddd1a
Land #17564 , Fixed AnyConnect IPC message format
2023-02-01 16:34:44 +00:00
a5990a5a7d
Land #17578 , modules/exploits/openbsd Add notes and use CheckCodes messages
2023-02-01 16:26:59 +00:00
a6f0a8abe3
Land #17301 , module for cve-2022-1043, linux LPE
...
This module exploits a bug in io_uring leading to an additional put_cred
that can be exploited to hijack credentials of other processes.
2023-02-01 10:38:10 -05:00
690d22f759
Rapid7 compiled binary
2023-02-01 10:08:13 -05:00
86a6611e98
modules/exploits/openbsd: Add notes and use CheckCodes messages
2023-02-01 22:26:44 +11:00
c9012ae222
modules/exploits/qnx: Use AutoCheck, add Notes, resolve Rubocop violations
2023-02-01 20:51:44 +11:00
2c72cc145a
updates to module
2023-01-31 20:05:33 -05:00
fa687d3614
argv instead of hardcoded payload path
2023-01-31 16:02:25 -05:00
5a374533af
cve-2022-1043
2023-01-31 16:02:25 -05:00
8d58eb6279
cve-2022-1043
2023-01-31 16:02:25 -05:00
022760d24a
Land #17300 , linux LPE cve-2022-22942 module
...
This PR adds a linux priv esc against VMWare virtual machines
with kernel 4.14-rc1 - 5.17-rc1 due to a VMWare driver bug.
2023-01-31 14:07:55 -05:00
56728fc7c2
Land #17573 , modules/exploits/linux/ssh Resolve Rubocop violations
2023-01-31 14:12:03 +00:00
bbf17c167c
Land #17511 , add exploit for CVE-2022-44877 command injection in CentOS Control Web Panel
2023-01-31 14:05:19 +00:00
11cf391da8
modules/exploits/linux/ssh: Resolve Rubocop violations
2023-01-31 23:59:22 +11:00
f676568d89
Fix CVE
2023-01-30 12:18:08 +01:00
a5ba1245c2
Fix CVE
2023-01-30 12:15:14 +01:00
a2f4a27614
updated module and added documentation
2023-01-29 10:06:14 +00:00
bf10b29a84
first drop module
2023-01-29 07:47:22 +00:00
62d43a6e96
use exploit retry function
2023-01-28 07:44:53 -05:00
a7ae3c9389
Fixed AnyConnect IPC message format:
...
- Made an error in the original research where the TLV had a type
and a index, when it only has a type and a modifier that makes
it into a TV (Type and Value, no Length).
- A TV has its value where the Length would be on a TLV.
- Also added a note on the endieness being correct/working because
endieness has no impact in the message being used to exploit the
vulnerability.
2023-01-28 09:08:51 +00:00
e11aaa8027
modules/exploits/multi/local: Resolve Rubocop and msftidy_docs violations
2023-01-28 15:02:24 +11:00
85d5b041aa
Add minimum build number check
2023-01-27 18:03:19 +01:00
6043d0ffba
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
e01239cf7b
Add exploit module and documentation
2023-01-26 21:53:14 +01:00
672fb9ce9f
Land #17460 , add support for feature kerberos authentication
2023-01-26 17:47:27 +00:00
ed2dd2fc0c
Add randomization in the XML when possible & fix BadChars issue
2023-01-26 18:42:09 +01:00
2be22752be
Add Linuc specifics and documentation
2023-01-26 16:16:00 +01:00
f81195d0cc
Fix a typo
2023-01-25 13:45:18 -05:00
38f0d33d6b
Add exploit module
2023-01-24 00:55:45 +01:00
153af9fb68
Land #17407 , add Cacti unauth command injection
2023-01-23 13:06:46 -06:00
58cd5bb003
specify command stager flavors
2023-01-23 11:53:19 -06:00
Spencer McIntyre