adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,802 Commits 27 Branches 1,043 Tags
3da8fce9cfc19dd5cea218d73b9859fa7a5a6bbf
Commit Graph

625 Commits

Author SHA1 Message Date
Brendan Coles 3da8fce9cf Add Microsoft Windows RRAS Service MIBEntryGet Overflow 2021-03-03 02:50:42 +00:00
Brendan Coles 743248d993 Update KarjaSoft Sami FTP Server v2.0.2 USER Overflow module 2021-02-25 20:53:30 +00:00
A Galway f227e82600 Land #14730, OBM Local PrivEsc to SYSTEM 2021-02-15 10:24:34 +00:00
Spencer McIntyre 77cc799974 Fix a target version discrepancy in the CVE-2020-17132 docs 2021-02-11 18:04:03 -05:00
Christophe De La Fuente 88eaf97e79 Land #14607, Updates for Exchange ECP DLP Policy Exploit 2021-02-11 15:15:34 +01:00
Pedro Ribeiro d884df96e2 fix msftidy docs 2021-02-09 14:37:35 +07:00
Pedro Ribeiro 90f8c1f7b9 add tested for 2019.11 too 2021-01-30 21:54:48 +07:00
Pedro Ribeiro 137664818d add obm windows privesc sploit 2021-01-29 18:45:33 +07:00
JulienBedel 8f6dd43025 Add documentation 2021-01-18 12:02:46 +01:00
Christophe De La Fuente c8819259ae Land #14414, CVE-2020-1337 - patch bypass for CVE-2020-1048 2021-01-15 19:13:14 +01:00
Spencer McIntyre 7936ce8b5e Update the documentation with additional information 2021-01-13 09:53:10 -05:00
bwatters d8e68e6487 Specify you must be SYSTEM for dll removal in docs and removed unused variable in the module 2021-01-12 11:45:53 -06:00
Spencer McIntyre 33bd712e0a Land #14585, Create module for CVE-2020-17136: Cloud Filter Arbitrary File Creation EoP 2021-01-11 17:16:40 -05:00
bwatters 50e115b414 Cleanup and edits per review from Christophe 
Removed unused method from ps script
Cleaned up some code in the module
Added removal instructions to the documentation
 2021-01-11 16:02:58 -06:00
Grant Willcox 3072391d00 Make second round of review edits to fix Spencer's comments 2021-01-08 12:50:52 -06:00
Grant Willcox 3e52debd8b Update the exploit a bit more to remove excess options and also update the documentation accordingly. 2021-01-06 12:16:06 -06:00
Christophe De La Fuente 17c393f101 Land #14046, Adding juicypotato-like privilege escalation exploit for windows 2021-01-06 16:02:05 +01:00
Grant Willcox 863417fca7 Second round of updates and some rubocop changes to conform to standards. 2021-01-06 01:30:40 -06:00
Grant Willcox 81ee149ea2 Add check code support to module and update the documentation accordingly, plus rework the module description 2021-01-06 01:06:08 -06:00
bwatters d2ca5d331d Add documentation 2020-12-22 14:14:20 -06:00
C4ssandre 57c57a398d Adding new check to filter out Windows 7 and Windows XP. Indeed, lab experiments has shown that BITS does not attempt to connect to WinRM port, making those systems not vulnerable. 2020-12-19 02:51:48 +01:00
Tim W a30cdfc892 Fix #14254, Add CVE-2020-1054, win32k DrawIconEx OOB Write LPE 2020-12-14 14:54:54 +00:00
C4ssandre e02451fe13 Fixing mistake in doc. 2020-12-11 04:53:37 -05:00
C4ssandre 9c9e8929af Adding a scenario. 2020-12-11 04:50:53 -05:00
C4ssandre 53a12a7984 Updating doc. 2020-12-11 03:53:25 -05:00
Brendan Coles a9e231ad0a Use CVE-2020-5752 path traversal bypass for CVE-2019-3999 2020-12-10 12:14:47 +00:00
C4ssandre c005492ee9 Updating doc. 2020-12-10 00:58:53 -05:00
Tim W fb9b1c5de4 Land #14409, add weak services technique to the service permissions LPE 2020-12-09 17:16:53 +00:00
Spencer McIntyre 6d7c6c054a Update the module docs with more details for the registry technique 2020-12-08 17:39:34 -05:00
C4ssandre c86f93b9c0 Updating list of tested machines. 2020-12-07 21:38:42 -05:00
Shelby Pace 8e1cab0131 Land #14339, add flexdotnetcms rce 2020-12-07 14:28:01 -06:00
C4ssandre f901e91d70 Fixing markdown content and formatting issues. Markdown is not yet complete and will need additional modification when other changes will be brought to ruby module and C dll. 2020-11-30 14:12:57 +00:00
Spencer McIntyre 1031b12c57 Land #14206, Rockwell FactoryTalk CVE-2020-12027 RCE 2020-11-20 08:49:39 -05:00
Spencer McIntyre cbc5899edf Add module docs for the Service Permissions LPE module 2020-11-19 14:17:20 -05:00
Pedro Ribeiro e7196256d4 Update rockwell_factorytalk_rce.md 2020-11-19 17:53:25 +07:00
William Vu 20a90557bf Update module doc 2020-11-18 15:08:12 -06:00
kalba-security 0a9589166f Add CVE ID 2020-11-05 06:55:37 -05:00
kalba-security 8aceea1872 Add flexdotnetcms_upload_exec module and docs 2020-11-03 09:50:28 -05:00
Che5hireC4t 996f58da26 Adding a documentation file. 2020-10-28 18:54:38 +01:00
Brendan Coles 6258d5b561 Land #14296, Move mercury_login module docs to documentation directory 2020-10-22 13:24:54 +00:00
h00die 5890bc45b5 move docs out of exploits folder 2020-10-21 16:37:02 -04:00
William Vu e4fb76d74f Add version check to exchange_ecp_dlp_policy 
And update modules/exploits/windows/http/sharepoint_ssi_viewstate.rb.
 2020-10-20 14:32:43 -05:00
William Vu 3970b69734 Land #14229, Telerik UI for ASP.NET AJAX exploit 
CVE-2017-11317 && CVE-2019-18935
 2020-10-20 13:24:35 -05:00
William Vu 253928570b Update module doc 2020-10-19 11:18:00 -05:00
Spencer McIntyre 0f344b0661 Land #14265, Add SharePoint Server-Side Include (SSI) and ViewState RCE (CVE-2020-16952) 2020-10-19 10:27:58 -04:00
William Vu 4cb08f7426 Address outstanding issues 2020-10-15 13:24:08 -05:00
Tim W 87104a7236 Update docs and make them msftidy_docs.rb compliant 2020-10-15 10:59:46 -05:00
Grant Willcox 59f74438da Rename the LPE exploit to a more appropriate name since their could be future bugs in NtUserMessageCall and also update the description info a bit more 2020-10-15 10:59:44 -05:00
Grant Willcox f2899186e4 Add in first round of initial updates to fix review comments 2020-10-15 10:59:40 -05:00
Tim W dcc322436b Update documentation files and module description to more accurately describe what the cause of the LPE bug for CVE-2019-1458 is. also apply RuboCop edits. 2020-10-15 10:58:58 -05:00