b1f6937542
Updated exploit to compile on target, added control over directory creation
...
Added a method to get source code for the write and compile method
2021-12-01 14:54:47 -06:00
bf1b3b377c
Add cve-2021-3493 module
2021-12-01 14:54:47 -06:00
9f9942feb6
Make adjustments to dllmain.c from reviews and recompile the DLL again
2021-11-09 10:49:14 -06:00
780a9370a2
First draft of code, documentation, and exploit DLL plus exploit code
2021-11-09 10:36:40 -06:00
517b586f8b
Add in new definitions to external/source/include/windows/definitions.h including a proper THREADINFOCLASS definition, additional SYSTEM_INFORMATION_CLASS definitions, and a BIG_POOL_INFO definition
2021-11-08 16:46:52 -06:00
ab1316ac10
Update README.md with some minor additional notes
...
Add in a minor additional note about needing to potentially create one of the directories in case people run into errors as I encountered this during some recent testing.
2021-11-04 12:02:56 -05:00
2c7aa022d4
Add PoC for CVE-2021-22555 Netfilter Priv Escalation
2021-10-04 16:48:23 +01:00
3bca3b0bcb
Update exploit code to use & after the command to execute as root so it executes in the background and doesn't hang Metasploit. Also update the logic of the code to check the response from executing the exploit and respond accordingly and update the documentation to match
2021-08-31 15:07:37 -05:00
bd490d35ed
Add support for Linux 5.11.x on Fedora
2021-08-23 15:09:10 -05:00
e46611cffb
Add in support for exploiting Fedora 32 with Linux kernel 5.10.12
2021-08-20 18:04:59 -05:00
75ae2b76f5
Add support for Fedora 32 Linux Kernel 5.9.8-100 and also fix an error where the wrong file was being used for Fedora 32 Linux Kernel 5.8.8.
2021-08-20 16:50:20 -05:00
5abf407228
Add support for Fedora 32 with Linux Kernel 5.8.8-200
2021-08-20 15:42:34 -05:00
dd806a9d61
Add in support for Fedora 32 running kernel 5.7.11-200
2021-08-20 13:37:52 -05:00
b60ad3ee26
Fix up mistakes I noticed whilst doing edits on the code as well as some mistakes identified during peer review
2021-08-19 13:55:54 -05:00
d5df47692c
Add in first copy of the exploit along with the supporting source code and binaries. Documentation to come
2021-08-17 18:01:14 -05:00
ccaedd6c9a
Last additions and improvements
...
- add binaries
- add documentation
- backup `runc` binary in the exploit C file
- add `MeterpreterBackground` options to set Mettle `background` option
- add `WsfDelay` logic
- refactor code
- add cleanup logic
- add restore `runc` binary logic
2021-06-30 11:02:11 +02:00
1b59b8c83e
Rebase and fix conflicts in lib/msf/core/post/common.rb
2021-06-30 11:02:11 +02:00
8e1391f098
Land #15216 , Fix targeting for CVE-2021-21551
...
Merge branch 'land-15216' into upstream-master
2021-05-21 14:56:08 -05:00
72375d1f67
Land #15024 , Add RCE Exploit For CVE-2020-0796 (SMBGhost)
...
Merge branch 'land-15024' into upstream-master
2021-05-20 17:02:04 -05:00
5e13fdb7dc
Couple of minor cleanups for the assembly stub
2021-05-20 17:20:57 -04:00
78d47b11f2
Add targeting for Windows 10 v21H1
2021-05-18 12:56:02 -04:00
c5b022e2f2
Fix Windows 10 versioning by using ranges
2021-05-18 10:28:27 -04:00
d990e884af
Add and test even more targets
2021-05-13 17:27:58 -04:00
eb89550f85
Clear up some target offset discrepancies
2021-05-13 16:06:15 -04:00
7d841a0f79
Add a target for Windows 7 x64
2021-05-13 14:24:15 -04:00
4825407d21
Add a target for Windows 8.1 x64
2021-05-13 12:56:47 -04:00
8a1341060d
Fix a couple of errors from not cleaning up
2021-05-13 12:34:14 -04:00
ff2516a7f2
Update CVE-2021-1732 to reduce code reuse
2021-05-12 16:41:43 -04:00
477749f77f
Refactor the code to be reusable and add docs
2021-05-12 16:36:17 -04:00
d3de52da59
The exploit is now functional for Win10 v1803-20H2
2021-05-12 16:14:59 -04:00
5b39cead93
Add the UpgradeToken functionality
2021-05-12 14:53:41 -04:00
7f0a1d1707
Initial commit of CVE-2021-21551
...
This is still a work in progress but the initial requirements are
falling into place.
2021-05-12 12:28:20 -04:00
a9d3120aa9
Combine the shellcode move operations
2021-04-13 16:46:26 -04:00
ec962cf2be
Adjust the hal heap base address calculation
2021-04-13 13:11:24 -04:00
0e117cc83a
Update the LPE exploit paths in Visual Studio
2021-04-09 14:15:11 -04:00
d8bed16d4d
Refactor constants into a proper target hash
2021-04-09 14:15:11 -04:00
c4055f348c
Restructure and refactor the kernel mode shellcode
2021-04-09 14:15:11 -04:00
f3df076067
Only upgrade the token of EProcess was found
2021-03-16 15:20:44 -04:00
c11900b9ab
Add support for Windows 2004 & 20H2
2021-03-15 17:28:38 -04:00
f0a9a1deb3
Add the initial exploit for CVE-2021-1732
2021-03-12 17:30:22 -05:00
adbb6f164f
Add source code for generating emp.ser
2021-03-03 10:14:48 -06:00
ab9dd177b7
Add kernel file version check to avoid BSOD on Win10 x86
2021-02-15 21:10:10 +01:00
eaa550fa97
Changes compiler subsystem to window
2021-02-02 17:57:52 +01:00
4b3379a821
Remove CRT library from the Template
2021-01-28 19:59:46 +01:00
8af5ee8a32
Add Process Herpaderping evasion module and binaries
2021-01-22 18:33:10 +01:00
33bd712e0a
Land #14585 , Create module for CVE-2020-17136: Cloud Filter Arbitrary File Creation EoP
2021-01-11 17:16:40 -05:00
3072391d00
Make second round of review edits to fix Spencer's comments
2021-01-08 12:50:52 -06:00
17c393f101
Land #14046 , Adding juicypotato-like privilege escalation exploit for windows
2021-01-06 16:02:05 +01:00
b916789041
Add in source for the compiled exploit
2021-01-04 12:17:52 -06:00
7af996ae4c
add offsets
2020-12-14 14:54:54 +00:00
bwatters