adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
49,186 Commits 27 Branches 1,043 Tags
5a978dca2e902ec2344cd7f85dc43ba0b96df108
Commit Graph

5878 Commits

Author SHA1 Message Date
Carsten Maartmann-Moe 5a978dca2e Removed architecture to make payload selection work 2018-11-10 23:00:54 +01:00
Carsten Maartmann-Moe cbaacf696a Add exploit module for CVE-2017-12557 
HP Intelligent Management Java Deserialization RCE (Windows)
 2018-11-10 22:36:43 +01:00
Jacob Robles 6bc4b71ca3 Land #10873, Add notes to exploit modules 2018-11-02 14:11:11 -05:00
bwatters-r7 114a8127e8 Land #10858, bypassuac_eventvwr optimizations - reduce created processes and artifacts 
Merge branch 'land-10858' into upstream-master
 2018-10-31 16:44:32 -05:00
bwatters-r7 af7a7d586b Add validation check to make sure x64 remote host and a x86 session 
cannot select an x64 target.
 2018-10-31 16:31:52 -05:00
Elazar Broad 6fe7bb0bb6 Increase sleep time to 10 seconds 
Increase the wait time before removing the registry key - allows the payload to spawn successfully on slow systems.
 2018-10-29 12:55:03 -04:00
Brendan Coles 1c340f8202 Land #10853, Add universal targeting to Mercury/32 IMAP LOGIN exploit 2018-10-28 18:17:46 +00:00
kr3bz 370bcaf8d8 Update mercury_login.md 2018-10-28 09:49:15 +01:00
Brendan Coles a34310095c Update modules/exploits/windows/imap/mercury_login.md 
Co-Authored-By: kr3bz <44395414+kr3bz@users.noreply.github.com>
 2018-10-28 09:41:29 +01:00
Brendan Coles bfd3a17c0e Update modules/exploits/windows/imap/mercury_login.rb 
Co-Authored-By: kr3bz <44395414+kr3bz@users.noreply.github.com>
 2018-10-28 09:41:14 +01:00
kr3bz 5efbefdaea Update mercury_login.md 2018-10-28 09:37:47 +01:00
kr3bz 2839a73cbd Update mercury_login.rb 2018-10-28 09:35:15 +01:00
Spencer McIntyre caf76a6555 Add applicable notes to my exploit modules 2018-10-27 20:54:14 -04:00
kr3bz c61737bb18 Update mercury_login.md 2018-10-27 20:52:54 +02:00
kr3bz 239632ca03 Update mercury_login.md 2018-10-27 20:52:24 +02:00
kr3bz 3cf8a01b55 Update mercury_login.md 2018-10-27 20:51:31 +02:00
Brendan Coles 965c2d5c01 Update modules/exploits/windows/imap/mercury_login.rb 
Co-Authored-By: kr3bz <racic.ivan@gmail.com>
 2018-10-26 13:37:37 +02:00
Wei Chen e84ba62740 Cosmetic changes for local/webexec 2018-10-24 16:13:47 -05:00
Elazar Broad 16d633fabd Remove spaces before EOL 2018-10-24 11:04:41 -04:00
Shelby Pace 3729e9ed7b added description, references 2018-10-24 09:46:00 -05:00
kr3bz 2e2d742ae7 Added updated mercury_login 
Added additional space for the payload, made recommended changes, msftidy does not produce errors, readded null byte as a badchar.
 2018-10-24 11:08:37 +02:00
Elazar Broad ef2854c918 Use in-memory reflection for executing the payload 
Use to_win32pe_psh_reflection() instead of to_win32pe_psh_net() in order to reduce the amount of processes and forensic artifacts created by this module.
 2018-10-23 22:12:10 -04:00
Elazar Broad d75c599929 Use ShellExecuteA to spawn eventvwr.exe 
Use ShellExecuteA from railgun to spawn eventvwr.exe, as opposed to cmd /c. This reduces the amount of processes generated by this module.
 2018-10-23 21:52:36 -04:00
Elazar Broad da4b424780 Fix typo in cleanup message 2018-10-23 21:33:49 -04:00
Shelby Pace 34ae9c38f9 added WebEx modules, arch check 2018-10-23 15:51:23 -05:00
kr3bz be2ec76ed2 Added modified mercury_login.rb 
Modified the script with recommendations.
 2018-10-23 17:17:30 +02:00
Brendan Coles 0e7259040d Update modules/exploits/windows/imap/mercury_login.rb 
Co-Authored-By: kr3bz <racic.ivan@gmail.com>
 2018-10-23 14:32:53 +02:00
Brendan Coles 903f5e9ede Update modules/exploits/windows/imap/mercury_login.rb 
Co-Authored-By: kr3bz <racic.ivan@gmail.com>
 2018-10-23 14:32:44 +02:00
Brendan Coles 0b37e29c9a Update modules/exploits/windows/imap/mercury_login.rb 
Co-Authored-By: kr3bz <racic.ivan@gmail.com>
 2018-10-23 14:32:38 +02:00
Brendan Coles 43dd23042b Update modules/exploits/windows/imap/mercury_login.rb 
Co-Authored-By: kr3bz <racic.ivan@gmail.com>
 2018-10-23 14:32:10 +02:00
Ivan Racic ee3c663baf Upgraded exploit to work on any Windows target 
In short, added egghunter and return address of
the executable file itself, so it should work
on any windows system.

Also, upgraded to modern exploit module requirements.
 2018-10-23 12:11:56 +02:00
Wei Chen 3cee96d8ed Land #10664, add Windows SetImeInfoEx Win32k NULL Pointer Dereference 2018-10-18 14:42:14 -05:00
Wei Chen fac05db154 Update rescue statement 2018-10-18 14:30:20 -05:00
Shelby Pace 9e069c95f5 add auto targeting 2018-10-15 23:26:08 -07:00
Shelby Pace 6cdfe604d4 removed exception handling for reg_file_for_handle 2018-10-15 18:29:15 -07:00
Wei Chen 8e442cc980 Update documenation 2018-10-15 15:45:39 -05:00
Wei Chen b0313dd25c Update getgodm_http_response_bof for proper auto targets 2018-10-15 15:25:55 -05:00
Wei Chen ff9f3ed9ff Add support for v5 2018-10-15 15:14:12 -05:00
Wei Chen 5433d2cca9 Sync up upstream master 2018-10-15 14:19:07 -05:00
Dhiraj Mishra f78ccbf995 Indentation 2018-10-15 08:32:58 +05:30
Shelby Pace a942654515 rescue-from-method addressed 2018-10-12 14:47:05 -05:00
Shelby Pace 26631bcfbd addressed suggestions 2018-10-12 14:35:42 -05:00
Dhiraj Mishra 96eeaf7da3 Made few changes 
Thank you bcoles
 2018-10-12 11:47:53 +05:30
Shelby Pace a67122aaf7 updated doc, added x86_64 binary 2018-10-11 12:37:51 -05:00
Shelby Pace 521b50af55 added separate binaries, extended for x86 2018-10-11 10:43:35 -05:00
Shelby Pace 04cc40136f changed formatting, deleted post, renamed files 2018-10-10 14:41:14 -05:00
Shelby Pace 76325bd21e fixed indentation 2018-10-10 14:18:44 -05:00
Jacob Robles 50a7ee5e6a Minor modifications 2018-10-10 12:22:47 -05:00
Dhiraj Mishra ee2c6274c7 Updating description 2018-10-10 22:26:07 +05:30
Dhiraj Mishra 4a821101ce Fixing cmd_exec_get_pid 2018-10-10 21:59:46 +05:30