69ed4be81d
Remove trailing comma after :auth_bypass
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-09-14 19:03:37 +02:00
485c51c88c
Add VyOS restricted-shell Escape and Privilege Escalation
2020-09-11 18:19:25 +00:00
febe38e1ce
resolve qa comments
2020-09-11 17:16:10 +00:00
d86f9427c9
change version check and add sleep
2020-09-11 11:49:14 -05:00
e5c9439974
rubocop and metadata additions
2020-09-10 18:32:30 -05:00
8474462458
add command stager usage
2020-09-10 18:02:07 -05:00
593945ee61
Update module documentation with more detail r.e affected versions and the fact that the use of UNC paths could cause an issue if they are not typed in correctly. Also update the module documentation to use the output from recent tests to reflect recent changes. Shortern the module description and update its stability rating. Finally add in a reliability rating for the exploit module.
2020-09-10 11:32:45 -05:00
16b27ae270
Add in version checking to ensure we only check if the target has the 'Enable insecure guest logons' enabled if their build number is greater than or equal to 10.0.16299.0, which was the build where this change first was implemented.
2020-09-10 11:32:45 -05:00
45480373a9
Fix up the exploit module so that it will not wait for AV if a UNC path is used, as there is no chance the AV on the host can remove the file on the UNC share, and the UNC share won't be accessed until the exact moment it is needed
2020-09-10 11:32:45 -05:00
7e1560ff26
Update documentation with the installation instructions I mentioned in the GitHub comments. Also RuboCop the exploit module code.
2020-09-10 11:32:18 -05:00
0d493bbc54
Add in extra code to handle cases where the loops may enter a infinte loop state. New code should prevent this from happening
2020-09-10 11:32:18 -05:00
a94d36248b
Add in the AVTIMEOUT option to allow the module to check if any AV or other processes deleted the uploaded DLL file, thereby preventing a situation where the DNS server is unable to restart. Also add in some warning's r.e when we enter the danger section and when we exit it so that users at more aware of when this is happening.
2020-09-10 11:32:18 -05:00
78dc43efa5
Fix up incorrect regex within the check method to fix a logic bug
2020-09-10 11:32:18 -05:00
c4d463e921
Added option to generate standalone DLL.
2020-09-10 11:32:18 -05:00
53f3b70b33
Changed DLL so that it doesn't block the DNS service from stopping after the module executes.
...
Added OS check (>= Server 2003 is vulnerable so far).
Now cleans up dropped DLL and modified registry value.
2020-09-10 11:32:18 -05:00
7701ea1bc8
Compile DLL so that the DNS service doesn't crash when the module is run.
2020-09-10 11:32:18 -05:00
151fdb7ea5
Reduced exploit ranking and added check to see if session is elevated.
2020-09-10 11:32:18 -05:00
d1e9039af4
Initial module and documentation for Microsoft Windows DNS ServerLevelPluginDll abuse
2020-09-10 11:31:51 -05:00
e592736833
Land #13992 , Add module for CVE-2020-9839, LPE for macOS <= 10.15.4
...
Merge branch 'land-13992' into upstream-master
2020-09-04 15:53:17 -05:00
7b1f5c1728
add documentation
2020-09-04 17:42:30 +08:00
be2fe15116
fix pdfpath and uripath
2020-09-04 16:09:40 +08:00
149566b30e
Run rubocop
2020-09-02 17:14:30 -05:00
4d9f5e14e8
remove pry statement and comments
2020-09-02 13:41:33 -05:00
1e90d10531
add functionality for channel setup
2020-09-02 13:37:41 -05:00
314fb755c0
update comment on Author metadata
2020-09-02 19:43:06 +02:00
1b09ecfd04
make auth_bypass return a checkcode
2020-09-02 17:50:09 +02:00
62d3d9bc9a
fix: reverts misuse of in zip_slip exploit
2020-09-01 21:49:55 +01:00
1d4c0bedfc
base64-encode the command in the check method
2020-09-01 20:58:37 +02:00
9d3981723b
use hex encoding in command injection
2020-09-01 18:26:25 +02:00
9150f0bc3a
move int64.js and utils.js to javascript_utils folder
2020-09-01 16:14:31 +08:00
cd38077974
Add the non-encoded serialized object in the script, to make it more readable
2020-08-31 15:15:52 +02:00
788244150c
Add support for zip generation in zip_slip exploit
2020-08-31 13:18:14 +01:00
82d8b92e24
add module documentation
2020-08-30 16:57:01 +02:00
f96ad15dfa
minor fix / refactoring
2020-08-30 16:31:04 +02:00
9d33ebd54a
Add Mida Solutions eFramework ajaxreq.php Command Injection
2020-08-30 12:46:00 +00:00
efdbf5716c
avoid printing on methods called from check, and remove autocheck
2020-08-30 13:53:55 +02:00
2fde21a621
add check method, and address feedback from bcoles
2020-08-30 12:45:40 +02:00
7a120ef60b
Add EDB and PACKETSTORM references
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-08-30 12:44:12 +02:00
62d45870dc
Land #14040 , Use CheckModule auxiliary/scanner/misc/java_rmi_server in exploit/multi/misc/java_rmi_server
2020-08-28 10:22:35 +01:00
806455abbc
fix
2020-08-27 19:36:45 +08:00
33fa4d1424
dynamic offsets
2020-08-27 19:36:45 +08:00
a94389fb76
cleanup cvm_side
2020-08-27 19:36:45 +08:00
0a1fb600a2
fix source versions and jscell headers
2020-08-27 19:36:45 +08:00
27238abfdc
kill first time app launch popup
2020-08-27 19:36:45 +08:00
8ba7e9ca62
msftidy
2020-08-27 19:36:45 +08:00
990ecdd097
split exploit js into function
2020-08-27 19:36:45 +08:00
8ac2a27596
fix payload targets
2020-08-27 19:36:45 +08:00
a8b34bae67
whitespace
2020-08-27 19:36:44 +08:00
c069d940a9
fix restoring of /etc/pam.d/login
2020-08-27 19:04:43 +08:00
3336040f2d
Adding a new privilege escalation exploit for windows.
...
New files and folders:
- metasploit-framework/modules/exploits/windows/local/bits_ntlm_token_impersonation.rb
- metasploit-framework/data/exploits/drunkpotato/
- metasploit-framework/external/source/exploits/drunkpotato/
2020-08-25 14:27:41 +02:00
Niboucha Redouane