adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
76,154 Commits 27 Branches 1,043 Tags
441b671edd1531ceb457017fa7600aeee42072f7
Commit Graph

1525 Commits

Author SHA1 Message Date
Diego Ledda 289e95d530 Land #19367, fix ARM stager restore r0 in loop 
Land #19367, fix ARM stager restore r0 in loop
 2025-01-06 17:14:47 +01:00
Jack Heysel 10cd8d1020 Removed unnecessary code from exploit.cpp 2024-11-05 15:47:52 -08:00
Jack Heysel 7a5bc60aab Windows Access Mode Mismatch LPE in ks.sys [CVE-2024-35250] 2024-11-05 15:31:44 -08:00
Brendan dbc020a745 Merge pull request #19441 from Takahiro-Yoko/cve_2023_0386_priv_esc 
Land #19441, Add module: Linux Priv Esc (OverlayFS copying bug) CVE-2023-0386
 2024-09-26 14:07:17 -05:00
Takah1ro 755830024c Update exploit binary and remove unnecessary 2024-09-24 08:37:20 +09:00
Takah1ro 75329cc7c7 Add ; 2024-09-24 08:24:24 +09:00
Takah1ro a10459e772 Formatting exploit 2024-09-24 08:14:21 +09:00
Takahiro Yokoyama 33152bf0ac Update external/source/exploits/CVE-2023-0386/cve_2023_0386.c 
Add setuid(0) and setgid(0)

Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-09-24 08:03:20 +09:00
Takah1ro dd932844b6 Remove unused variables 2024-09-09 08:15:08 +09:00
Takah1ro 212c96d195 Add last blank line 2024-09-07 12:29:32 +09:00
Takah1ro 8366252ba2 Not call payload directory 2024-09-07 12:28:40 +09:00
Takah1ro 692531bb87 Call payload directory 2024-09-07 12:16:04 +09:00
Takah1ro 2b63f8bb88 Rename exploit 2024-09-07 10:29:41 +09:00
Takah1ro fd7321dd3f Strip_comments 2024-09-06 22:58:31 +09:00
Takahiro Yokoyama ccc4727dfd Update external/source/exploits/CVE-2023-0386/exploit.c 
Avoid recursively delete files indiscriminate.

Co-authored-by: bcoles <bcoles@gmail.com>
 2024-09-06 21:48:29 +09:00
Takah1ro cd97b08c62 Move C code to separate file 2024-09-06 21:09:39 +09:00
Takah1ro 216590f84a Add last blank line 2024-09-05 23:00:06 +09:00
Takah1ro 3d20dd6ddf Add module: 
Linux Priv Esc (OverlayFS copying bug) CVE-2023-0386
 2024-09-05 22:54:55 +09:00
Jack Heysel 7bfd814297 Removed memory polling 2024-08-30 12:52:18 -07:00
Jack Heysel b011b67f80 Responded to comments 2024-08-29 22:25:20 -07:00
Jack Heysel b32234382e Add correct missing file 2024-08-29 18:53:39 -04:00
Jack Heysel e40f6cb785 Add missing file 2024-08-29 08:38:08 -04:00
Jack Heysel f6378913c3 Merge branch 'win-kernel-lpe-cve-2024-30038' of github.com:jheysel-r7/metasploit-framework into win-kernel-lpe-cve-2024-30038 2024-08-22 13:07:30 -07:00
Jack Heysel 6689614d8f Responded to comments 2024-08-22 13:06:29 -07:00
jheysel-r7 bde9fca9e4 Apply suggestions from code review 2024-08-22 02:35:21 -04:00
Jack Heysel 31348dac33 Windows LPE CVE-2024-30088 2024-08-21 23:16:37 -07:00
Ivan Nikolskiy be90a4e3fd Restore r0 on each iteration 2024-08-06 00:01:58 +02:00
Ivan Nikolskiy 9436e0011f Put sockfd to r0 
r0 has return value instead of sockfd in second loop interation
 2024-08-05 23:51:22 +02:00
bwatters 636c72965c Land #19084, Add CVE-2022-1373 and CVE-2022-2334 exploit chain 
Merge branch 'land-19084' into upstream-master
 2024-07-19 12:22:25 -05:00
Imran E. Dawoodjee afd4b8af2e Remove x86 things, include AutoCheck 2024-04-19 22:49:40 +08:00
Imran E. Dawoodjee 6268235cd3 Add CVE-2022-1373 and CVE-2022-2334 exploit chain 2024-04-13 18:10:45 +08:00
Spencer McIntyre e5635c4bfd Add source code for Python deserialization gadgets 2024-03-29 09:33:47 -04:00
Spencer McIntyre 86b7ec4518 Address comments from the review 2023-10-12 09:50:19 -04:00
Spencer McIntyre 5a6dc7f9a6 Initial commit of CVE-2023-43654 2023-10-12 09:27:26 -04:00
Christophe De La Fuente 1058291af9 Land #18314, Windows Error Reporting RCE (CVE-2023-36874) 2023-09-27 15:25:06 +02:00
bwatters be731f330e Add error checking and randomize the report directory 2023-09-22 14:43:21 -05:00
bwatters b4a1bb8fa2 Add docs and support for shell sessions; update exe to work without runtime lib. 2023-09-19 17:50:18 -05:00
Simon Janusz 8b56dc0117 Land #18250, CVE-2023-28252: Windows CLFS Driver Privilege Escalation 2023-09-14 10:18:29 +01:00
bwatters 91e7af4370 Added check, some stealth, and cleaned code 2023-09-05 14:29:13 -05:00
bwatters c69e983b30 Add module to create directory structures and upload/run exploit 2023-08-25 15:41:25 -05:00
bwatters c05582267c Placeholder for VE-2023-36874 2023-08-23 20:13:03 -05:00
Jack Heysel 97dd22032c Responded to comments, improved stability 2023-08-21 19:20:25 -04:00
Jack Heysel bcfc892195 General code clean up 2023-08-04 14:27:14 -04:00
Jack Heysel 30b824d8ab external sources 2023-08-02 19:33:25 -04:00
adfoster-r7 9a40e2612b Land #17129, Add OSX Aarch64 Payload support 2023-08-02 18:37:56 +01:00
adfoster-r7 89cd524acb Update osx templates makefile and compile binaries 2023-08-02 01:26:18 +01:00
usiegl00 c028d33cae Update OSX AARCH64 Stager 
This fixes an issue with the stager size in the osx aarch64 payloads. It
also adds the source and Makefile for template_aarch64_darwin.bin
 2023-07-31 20:30:30 -07:00
usiegl00 9019b51eaa Update AARCH64 Shellcode Generation 
This updates the aarch64 payloads to include comments with the
corresponding instructions for each little-endian integer. It also fixes
the debug output for x64 payloads under rosetta.
 2023-07-29 08:26:56 -07:00
bwatters b15d595de2 Adjust files to be better shared 2023-07-14 12:47:04 -05:00
Ashley Donaldson 6772740f86 Fix bug in HostingCLR relating to the first argument passed to a dotnet assembly. 2023-06-28 09:24:33 +10:00