adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
76,154 Commits 27 Branches 1,043 Tags
441b671edd1531ceb457017fa7600aeee42072f7
Commit Graph

870 Commits

Author SHA1 Message Date
jheysel-r7 5374c7b362 Merge pull request #19676 from h00die/needrestart 
Ubuntu needrestart LPE (CVE-2024-48990)
 2025-01-09 17:02:54 -08:00
jheysel-r7 a6ba7bf9c2 Merge pull request #19734 from h00die/runc_arch 
arch linux compatibility for runc priv esc
 2025-01-09 16:45:02 -08:00
h00die 437c9fc99e review of ubuntu_needrestart_lpe 2025-01-09 16:23:09 -05:00
Jack Heysel 23db148aa9 Add check for nosuid 2025-01-09 09:59:09 -08:00
Brendan 7ddffc790c Merge pull request #19460 from gardnerapp/game_overlay 
Land #19460, CVE-2023-2640, CVE-2023-32629 Game Overlay Ubuntu Privilege Escalation
 2024-12-18 14:44:57 -06:00
bwatters-r7 59229ee612 Update payload name, fix payload escapes & quotation, add unix cmd support 2024-12-17 16:52:24 -06:00
h00die af462f7dcf arch linux compatibility for runc priv esc 2024-12-16 05:52:29 -05:00
h00die 6911e52d55 peer review 2024-12-06 15:39:19 -05:00
h00die bca3626cf2 peer review 2024-12-04 18:39:43 -05:00
h00die e41f5ad577 needrestart exploit updates 2024-11-27 15:41:23 -05:00
h00die d778f5469b needrestart improvements 2024-11-26 18:22:48 -05:00
h00die 19394960cd needrestart improvements 2024-11-25 16:40:00 -05:00
h00die d4bd00d48e needrestart improvements 2024-11-25 16:38:18 -05:00
h00die 7fd82b89df offload files to data 2024-11-22 15:57:18 -05:00
h00die 7025871d34 ubuntu needrestart lpe 2024-11-22 15:44:52 -05:00
h00die 94e5e49052 ubuntu needrestart lpe 2024-11-22 15:44:45 -05:00
h00die 0f6da56a52 vcenter sudo module 2024-11-21 04:34:15 -05:00
bwatters-r7 441a3215b2 Catch up to head on other branch 2024-11-19 08:59:22 -06:00
h00die 6bd049e346 operator working 2024-11-18 20:09:13 -05:00
gardnerapp 19770cf870 Remove unneeded file and rudocop corrections 
Update modules/exploits/linux/local/gameoverlay_privesc.rb

Co-authored-by: Brendan <bwatters@rapid7.com>

Give bwatters7 credit, add docs

Experiment with randomized bash copy and Rex::File.join

remove unused line

Add missing parenthesis

fix problem with bash copy

Remove rex::join, call proper method for generating payload

add exploit::exe mixin, bash copy randomization

Rubocop changes

Remove nc
 2024-11-18 17:01:08 -06:00
gardnerapp 6e09722f67 Rubocop changes and arch tracking for payload 
Update modules/exploits/linux/local/gameoverlay_privesc.rb

Co-authored-by: Brendan <bwatters@rapid7.com>

Rubocop changes
 2024-11-18 16:59:37 -06:00
gardnerapp c6425f7245 Break out command building to make it easier to read 
Update modules/exploits/linux/local/gameoverlay_privesc.rb

Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-18 16:58:56 -06:00
gardnerapp e506c34e13 Update modules/exploits/linux/local/gameoverlay_privesc.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-18 16:57:17 -06:00
gardnerapp 883a0f8985 Update modules/exploits/linux/local/gameoverlay_privesc.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-18 16:57:17 -06:00
gardnerapp 51194ad0c9 Rebase and maintain authorship 
Rebase and change payload delivery

Rebase and remove cmdstager
Update modules/exploits/linux/local/game_overlay_privesc.rb

Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>

remove CmdStager Mixin

Add PrependSetuid

Remove python from exploit

Remove generate_payload_exe and add dynamic directory to upper mount layer

Change where payload is dropped

Remove FileUtils module

Call proper method for generating payload

Seperate exploit and triggering of payload

Seperate exploit and triggering payload

test
 2024-11-18 16:55:59 -06:00
gardnerapp c927f22d66 Update modules/exploits/linux/local/game_overlay_privesc.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-11-18 16:44:33 -06:00
Corey 5edec2525f Rebase and Squash 
init

Add moduel scaffolding

Add Opts, check and exploit methods

Rubocop changes

Add checks for vunerable kernel versions

Write check for distro type

Finish protoype of check add exploit

Make changes to check method

Add checkcode

Add x86 for payload compatability

remove check, add kernel version

add codenam, transform keys in vuln

Note

minor spelling change

Add description

Add cve references

Start trying to drop payloads on disk

Change description, include modules for file upload, use proper methods for writing payload

continue trying to upload

Use write_file instead of upload_and_chmodx

remove upload_dir opt

expirement w g1vi exploit

Include cmd_stage module, add generate_payload_exe, run payload in new namespace

Add missing call to setcap, fix description

Fix unterminated string, fix directory for calling python copy

Rubocop changes

Create dynamic payload

Add mkdir_p and WritableDir opts

Update modules/exploits/linux/local/game_overlay_privesc.rb

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>

Revert back to python exploit, add dynamic writable dir

Add todos

Remove FileUtils

Change module name

Add checkcodes

Add more checkcodes
 2024-11-18 16:41:38 -06:00
h00die f38661d6c3 pod user working 2024-11-18 07:30:21 -05:00
h00die 773355f0e8 making bcenter lpe progress 2024-11-04 16:26:08 -05:00
h00die 8ba4332c33 Merge remote-tracking branch 'upstream/master' into vcenter_privesc 2024-11-03 13:56:14 -05:00
jvoisin 811678a793 Add openrc to exploits/linux/local/service_persistence.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-10-02 12:54:33 +02:00
Brendan dbc020a745 Merge pull request #19441 from Takahiro-Yoko/cve_2023_0386_priv_esc 
Land #19441, Add module: Linux Priv Esc (OverlayFS copying bug) CVE-2023-0386
 2024-09-26 14:07:17 -05:00
Takah1ro 6d541b625f Remove unnecessary shell_path 2024-09-24 08:18:30 +09:00
Takahiro Yokoyama 130f146819 Apply suggestions from code review 
Change to call setgid and setuid in the exploit before executing the payload

Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-09-24 08:06:26 +09:00
Takah1ro 30704c494a Remove unnecessary strip_comments 2024-09-15 10:00:43 +09:00
dledda-r7 83a31c8a2a Land #19454, Persistence post module using motd 2024-09-13 09:02:22 -04:00
jvoisin 6d659e3aa8 Add modules/exploits/linux/local/motd_persistence.rb 2024-09-12 17:41:47 +02:00
Spencer McIntyre 5e71490b66 Fix a typo when the kernel is not Ubuntu 2024-09-09 14:19:20 -04:00
Takah1ro 8ddf8a04ff Remove options 2024-09-07 12:44:37 +09:00
Takah1ro 8366252ba2 Not call payload directory 2024-09-07 12:28:40 +09:00
Takah1ro 692531bb87 Call payload directory 2024-09-07 12:16:04 +09:00
Takah1ro 2b63f8bb88 Rename exploit 2024-09-07 10:29:41 +09:00
Takah1ro 731780ca1a Formatting 2024-09-07 09:21:30 +09:00
Takah1ro 9e832eb483 Use exploit_path variable 2024-09-07 09:19:17 +09:00
Takah1ro fd7321dd3f Strip_comments 2024-09-06 22:58:31 +09:00
Takah1ro b34e807277 Remove unnecessary directory existing check 2024-09-06 22:05:34 +09:00
Takah1ro a40fbb2a7b Remove unnecessary check 2024-09-06 22:04:51 +09:00
Takah1ro d4ac300d73 Fix typo 2024-09-06 21:59:16 +09:00
Takahiro Yokoyama 7a921bbeff Update modules/exploits/linux/local/cve_2023_0386_overlayfs_priv_esc.rb 
Use kernel_version.btween

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-09-06 21:45:32 +09:00
Takah1ro cd97b08c62 Move C code to separate file 2024-09-06 21:09:39 +09:00