adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
45,321 Commits 27 Branches 1,043 Tags
4aac4cf3a9f2c8d5d56d34538ab5a41bf316632a
Commit Graph

861 Commits

Author SHA1 Message Date
William Vu 2ee6a49a27 Land #10649, https://seclists.org references 2018-09-17 15:09:39 -07:00
Wei Chen e9a94595c2 Land #10592, support ERB for foxit_reader_uaf.rb 2018-09-05 19:50:30 -07:00
Jacob Robles 7a99fc7066 Land #10545, foxit fix generated strings, update doc 2018-08-30 03:58:19 -07:00
William Vu 08e069bbe1 Land #10542, CVE ref for office_ms17_11882 exploit 2018-08-28 22:44:41 -07:00
Brent Cook f22e6ec2bf Land #10527, Fix msftdiy EDB link check, enable HTTPS 2018-08-27 08:53:05 -07:00
Brent Cook 3c0f3f68f2 Land #10523, Update Foxit Reader PoC Link 2018-08-24 09:38:06 -07:00
Wei Chen 7b7c5a73c4 Land #10504, add Foxit Reader UAF Module and Docs 2018-08-23 16:57:43 -07:00
Wei Chen 465dceb182 Land #10299, Add 88 CVEs to various auxiliary and exploit modules 2018-07-12 16:28:05 -07:00
Jacob Robles d480ee8e20 Land #10275, Update missing CVE references for exploit modules 2018-07-12 11:24:01 -05:00
Wei Chen 144923db3a Land #10237, Add Boxoft WAV to MP3 Converter exploit module 2018-07-02 12:03:05 -07:00
Brent Cook b696665adc Land #9478, Improve Dup Scout BOF exploit 2018-02-08 10:25:39 -06:00
Jacob Robles 4fa68f29d9 Land #9457, Dup Scout Enterprise v10.4.16 - Import Command Buffer Overflow 2018-02-01 11:23:26 -06:00
bwatters-r7 2ea9ab2625 Land #9416, Sync Breeze Enterprise 9.5.16 Import Command buffer overflow 
Merge branch 'land-9416' into upstream-master
 2018-01-24 17:13:16 -06:00
Wei Chen b99663fb6c Bring #9282 up to date with upstream-master 2017-12-13 13:16:30 -06:00
Austin 5a81f8091d change some options for somethinf for sensible 2017-12-07 14:44:36 -05:00
Austin 335cc13cab remove option, advanced Message seems to break it. 2017-12-07 14:17:14 -05:00
Austin 7bdc99a153 Fix HANDLER + some default options! 2017-12-07 13:53:39 -05:00
Austin 09aa433fdc Add MESSAGE field for "obfuscation" 2017-12-07 08:04:31 -05:00
Austin 8bb6a8f47c Rename office_dde_delivery to office_dde_delivery.rb 2017-12-06 22:40:37 -05:00
Austin 9d11c60d88 Office DDE Payload Delivery 
Generate / Inject existing RTF files with DDE Payloads!
 2017-12-06 21:41:00 -05:00
William Webb adba277be0 axe errant spaces at EOL 2017-12-04 16:57:48 -08:00
William Webb 69b01d26bb Land #9226, Microsoft Office OLE object memory corruption 2017-12-04 16:50:27 -08:00
Austin b96dac28d5 fix info segment 2017-12-04 16:42:41 -05:00
Austin c788e4e540 Update office_ms17_11882.rb 2017-12-01 11:36:03 -05:00
Austin 7df46b33e8 disassembly ASM 2017-12-01 08:03:56 -05:00
Austin 2544b4d8db Change target name 2017-11-28 21:39:04 -05:00
Austin cb7f173811 Update office_ms17_11882.rb 2017-11-28 21:36:25 -05:00
Austin 960893b99d change default payload 2017-11-22 06:36:46 -05:00
Austin 275f70e77e better saving 2017-11-21 19:34:04 -05:00
Austin db4c0fcca9 spelling 2017-11-21 19:02:14 -05:00
Austin fcea6fd8d4 actually create new file ;-; 2017-11-21 15:00:06 -05:00
Austin 39a4d193a1 Create office_ms17_11882.rb 2017-11-21 14:47:02 -05:00
William Vu b7c604f941 Land #9189, s/patrick/aushack/g 2017-11-08 10:27:03 -06:00
Patrick Webster 2f6da89674 Change author name to nick. 2017-11-09 03:00:24 +11:00
Spencer McIntyre 70033e2b94 Enable the payload handler by default 2017-11-02 12:31:54 -04:00
Spencer McIntyre e4d99a14b6 Fix EXITFUNC back to process for the RCE too 2017-10-05 11:38:08 -04:00
Spencer McIntyre 825ad940e6 Update the advanced option names and a typo 2017-10-05 10:16:31 -04:00
Spencer McIntyre 482ce005fd Update the advanced option names and a typo 2017-10-05 10:11:00 -04:00
Spencer McIntyre f2f48cbc8f Update the CVE-2017-8464 module 2017-09-30 18:25:16 -04:00
Pearce Barry 8de6fa79c1 Tweakz, yo. 2017-09-22 18:49:09 -05:00
h00die 30f833f684 80 pages left 2017-09-13 22:03:34 -04:00
Brent Cook 367c760927 window move is now directly in the template 2017-08-20 17:48:59 -05:00
Brent Cook e734a7923a Land #8267, Handle multiple entries in PSModulePath 2017-08-20 17:44:30 -05:00
Brent Cook da3ca9eb90 update some documentation 2017-08-03 17:09:44 -05:00
Brent Cook ddd841c0a8 code style cleanup + add automatic targeting based on payload 2017-08-03 00:27:54 -05:00
Brent Cook b62429f6fa handle drive letters specified like E: nicely 2017-08-03 00:27:22 -05:00
Yorick Koster 46ec04dd15 Removed This PC ItemID & increased timeout in WaitForSingleObject 
Remove the This PC ItemID to bypass (some) AV.

Timeout for WaitForSingleObject is set to 2,5s. After this timeout a
mutex is released allowed a new payload to be executed.
 2017-08-02 15:47:22 -05:00
Yorick Koster e51e1d9638 Added new DLL templates to prevent crashing of Explorer 2017-08-02 15:47:21 -05:00
Yorick Koster 3229320ba9 Code review feedback from @nixawk 2017-08-02 15:46:51 -05:00
Yorick Koster 565a3355be CVE-2017-8464 LNK Remote Code Execution Vulnerability 
This module exploits a vulnerability in the handling of Windows
Shortcut files (.LNK) that contain a dynamic icon, loaded from a
malicious DLL.

This vulnerability is a variant of MS15-020 (CVE-2015-0096). The
created LNK file is similar except in an additional
SpecialFolderDataBlock is included. The folder ID set in this
SpecialFolderDataBlock is set to the Control Panel. This is enought to
bypass the CPL whitelist. This bypass can be used to trick Windows into
loading an arbitrary DLL file.
 2017-08-02 15:46:30 -05:00