adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
49,186 Commits 27 Branches 1,043 Tags
5a978dca2e902ec2344cd7f85dc43ba0b96df108
Commit Graph

11904 Commits

Author SHA1 Message Date
Carsten Maartmann-Moe 5a978dca2e Removed architecture to make payload selection work 2018-11-10 23:00:54 +01:00
Carsten Maartmann-Moe cbaacf696a Add exploit module for CVE-2017-12557 
HP Intelligent Management Java Deserialization RCE (Windows)
 2018-11-10 22:36:43 +01:00
Jacob Robles 6bc4b71ca3 Land #10873, Add notes to exploit modules 2018-11-02 14:11:11 -05:00
Brent Cook 86469cc5a0 Land #10836, Add Morris worm sendmail debug mode exploit 2018-11-02 11:17:33 -05:00
Brent Cook 1d81f3764f Land #10700, Add Morris worm fingerd exploit and VAX reverse shell 2018-11-02 11:16:46 -05:00
bwatters-r7 114a8127e8 Land #10858, bypassuac_eventvwr optimizations - reduce created processes and artifacts 
Merge branch 'land-10858' into upstream-master
 2018-10-31 16:44:32 -05:00
bwatters-r7 af7a7d586b Add validation check to make sure x64 remote host and a x86 session 
cannot select an x64 target.
 2018-10-31 16:31:52 -05:00
Elazar Broad 6fe7bb0bb6 Increase sleep time to 10 seconds 
Increase the wait time before removing the registry key - allows the payload to spawn successfully on slow systems.
 2018-10-29 12:55:03 -04:00
Brendan Coles 1c340f8202 Land #10853, Add universal targeting to Mercury/32 IMAP LOGIN exploit 2018-10-28 18:17:46 +00:00
kr3bz 370bcaf8d8 Update mercury_login.md 2018-10-28 09:49:15 +01:00
Brendan Coles a34310095c Update modules/exploits/windows/imap/mercury_login.md 
Co-Authored-By: kr3bz <44395414+kr3bz@users.noreply.github.com>
 2018-10-28 09:41:29 +01:00
Brendan Coles bfd3a17c0e Update modules/exploits/windows/imap/mercury_login.rb 
Co-Authored-By: kr3bz <44395414+kr3bz@users.noreply.github.com>
 2018-10-28 09:41:14 +01:00
kr3bz 5efbefdaea Update mercury_login.md 2018-10-28 09:37:47 +01:00
kr3bz 2839a73cbd Update mercury_login.rb 2018-10-28 09:35:15 +01:00
Spencer McIntyre caf76a6555 Add applicable notes to my exploit modules 2018-10-27 20:54:14 -04:00
kr3bz c61737bb18 Update mercury_login.md 2018-10-27 20:52:54 +02:00
kr3bz 239632ca03 Update mercury_login.md 2018-10-27 20:52:24 +02:00
kr3bz 3cf8a01b55 Update mercury_login.md 2018-10-27 20:51:31 +02:00
Brendan Coles 965c2d5c01 Update modules/exploits/windows/imap/mercury_login.rb 
Co-Authored-By: kr3bz <racic.ivan@gmail.com>
 2018-10-26 13:37:37 +02:00
Wei Chen e84ba62740 Cosmetic changes for local/webexec 2018-10-24 16:13:47 -05:00
Elazar Broad 16d633fabd Remove spaces before EOL 2018-10-24 11:04:41 -04:00
Shelby Pace 3729e9ed7b added description, references 2018-10-24 09:46:00 -05:00
kr3bz 2e2d742ae7 Added updated mercury_login 
Added additional space for the payload, made recommended changes, msftidy does not produce errors, readded null byte as a badchar.
 2018-10-24 11:08:37 +02:00
William Vu 458f635159 Add supported payloads to module description 2018-10-24 01:30:27 -05:00
William Vu 839c4e0467 Drop rank to AverageRanking for now 2018-10-24 01:30:17 -05:00
William Vu 37560760df Add RequiredCmd for generic and telnet 2018-10-24 01:23:15 -05:00
Elazar Broad ef2854c918 Use in-memory reflection for executing the payload 
Use to_win32pe_psh_reflection() instead of to_win32pe_psh_net() in order to reduce the amount of processes and forensic artifacts created by this module.
 2018-10-23 22:12:10 -04:00
Elazar Broad d75c599929 Use ShellExecuteA to spawn eventvwr.exe 
Use ShellExecuteA from railgun to spawn eventvwr.exe, as opposed to cmd /c. This reduces the amount of processes generated by this module.
 2018-10-23 21:52:36 -04:00
Elazar Broad da4b424780 Fix typo in cleanup message 2018-10-23 21:33:49 -04:00
Shelby Pace 34ae9c38f9 added WebEx modules, arch check 2018-10-23 15:51:23 -05:00
kr3bz be2ec76ed2 Added modified mercury_login.rb 
Modified the script with recommendations.
 2018-10-23 17:17:30 +02:00
Brendan Coles 0e7259040d Update modules/exploits/windows/imap/mercury_login.rb 
Co-Authored-By: kr3bz <racic.ivan@gmail.com>
 2018-10-23 14:32:53 +02:00
Brendan Coles 903f5e9ede Update modules/exploits/windows/imap/mercury_login.rb 
Co-Authored-By: kr3bz <racic.ivan@gmail.com>
 2018-10-23 14:32:44 +02:00
Brendan Coles 0b37e29c9a Update modules/exploits/windows/imap/mercury_login.rb 
Co-Authored-By: kr3bz <racic.ivan@gmail.com>
 2018-10-23 14:32:38 +02:00
Brendan Coles 43dd23042b Update modules/exploits/windows/imap/mercury_login.rb 
Co-Authored-By: kr3bz <racic.ivan@gmail.com>
 2018-10-23 14:32:10 +02:00
Ivan Racic ee3c663baf Upgraded exploit to work on any Windows target 
In short, added egghunter and return address of
the executable file itself, so it should work
on any windows system.

Also, upgraded to modern exploit module requirements.
 2018-10-23 12:11:56 +02:00
William Vu 3ca309423a Add check method to detect 4.3BSD fingerd 2018-10-22 18:32:37 -05:00
William Vu 01d11e71db Add Space, BadChars, Encoder, and DisableNops 2018-10-22 18:32:37 -05:00
William Vu fa892d8eba Add Morris worm fingerd stack buffer overflow 2018-10-22 18:32:37 -05:00
William Vu 58a6c4137d Add a better timeout than expect can provide 2018-10-20 13:56:37 -05:00
William Vu a965abaf36 Add full payload support by setting $PATH 2018-10-20 13:56:33 -05:00
William Vu 60c4b87ad1 Prefer expect over sleeping between writes 2018-10-20 13:15:15 -05:00
William Vu ad6f15c8ca Add Morris worm sendmail debug mode exploit 2018-10-20 13:15:01 -05:00
Brendan Coles 7a36056713 Move exploit/qnx/qconn_exec to exploit/qnx/qconn/qconn_exec 2018-10-20 18:16:59 +00:00
William Vu aae74472d2 Land #10817, QNX qconn module rename 2018-10-20 03:10:22 -05:00
Wei Chen 3cee96d8ed Land #10664, add Windows SetImeInfoEx Win32k NULL Pointer Dereference 2018-10-18 14:42:14 -05:00
Wei Chen fac05db154 Update rescue statement 2018-10-18 14:30:20 -05:00
Brendan Coles a14df8d86e Move exploit/unix/misc/qnx_qconn_exec to exploit/qnx/qconn_exec 2018-10-16 16:21:28 +00:00
Shelby Pace 9e069c95f5 add auto targeting 2018-10-15 23:26:08 -07:00
Shelby Pace 6cdfe604d4 removed exception handling for reg_file_for_handle 2018-10-15 18:29:15 -07:00