adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
60,845 Commits 27 Branches 1,043 Tags
5b3edd4cb2accbf2bd8eb835470f6e9cd59cd2f6
Commit Graph

709 Commits

Author SHA1 Message Date
bwatters 8e1391f098 Land #15216, Fix targeting for CVE-2021-21551 
Merge branch 'land-15216' into upstream-master
 2021-05-21 14:56:08 -05:00
Spencer McIntyre 56388cd696 Land #15146, Add support for extra OSes for CVE-2021-3156 (Baron Samedit) 2021-05-18 18:02:30 -04:00
Spencer McIntyre 78d47b11f2 Add targeting for Windows 10 v21H1 2021-05-18 12:56:02 -04:00
Spencer McIntyre c5b022e2f2 Fix Windows 10 versioning by using ranges 2021-05-18 10:28:27 -04:00
Jack Heysel eb4573164b Addressed comments 2021-05-14 17:46:26 -05:00
Jack Heysel e29dce4f08 Removed comments from powershell script 2021-05-14 17:45:42 -05:00
Jack Heysel 5640dac24d Fixed sc command, updated check method, moved tokenmagic.ps1 2021-05-14 17:44:07 -05:00
Jack Heysel ca637be0c9 Fixed powershell script, updated authors 2021-05-14 17:44:06 -05:00
Jack Heysel 1eab94cc26 beta draft 2021-05-14 17:43:44 -05:00
bwatters 8792febcf8 Land #15190, Add Exploit For CVE-2021-21551 (Dell DBUtil_2_3 IOCTL) 
Merge branch 'land-15190' into upstream-master
 2021-05-14 13:55:12 -05:00
Spencer McIntyre d990e884af Add and test even more targets 2021-05-13 17:27:58 -04:00
Spencer McIntyre eb89550f85 Clear up some target offset discrepancies 2021-05-13 16:06:15 -04:00
Spencer McIntyre 7d841a0f79 Add a target for Windows 7 x64 2021-05-13 14:24:15 -04:00
Spencer McIntyre 4825407d21 Add a target for Windows 8.1 x64 2021-05-13 12:56:47 -04:00
Spencer McIntyre 8a1341060d Fix a couple of errors from not cleaning up 2021-05-13 12:34:14 -04:00
Spencer McIntyre ff2516a7f2 Update CVE-2021-1732 to reduce code reuse 2021-05-12 16:41:43 -04:00
Spencer McIntyre 477749f77f Refactor the code to be reusable and add docs 2021-05-12 16:36:17 -04:00
Spencer McIntyre d3de52da59 The exploit is now functional for Win10 v1803-20H2 2021-05-12 16:14:59 -04:00
Justin Steven fa73c0af3e Add CVE-2021-22204 ExifTool ANT perl injection 2021-05-11 12:02:12 +10:00
Ashley Donaldson fbc291bc22 Tested on various other Fedora's 2021-05-04 14:18:16 +10:00
Ashley Donaldson 0435e281d9 Updated CVE-2021-3156 documentation to reflect code changes. 2021-05-03 16:45:50 +10:00
Ashley Donaldson b1d2c39c98 Added second CentOS 7 exploit 2021-04-30 18:30:19 +10:00
Ashley Donaldson 124d157a1c Added CVE-2021-3156 exploits for CentOS 7 and 8 2021-04-30 17:25:59 +10:00
Ashley Donaldson 79152cafe6 Added support for Ubuntu 14.04.3 for CVE-2021-3156 2021-04-29 20:48:51 +10:00
Ashley Donaldson 0ee1d5fbe3 Ensure exploit is compatible with both python3 and python2 2021-04-29 18:52:56 +10:00
Ashley Donaldson 9d9d3ce061 Added Ubuntu 16.04-specific exploit script to CVE-2021-3156 module 
The generic approach used for other targets doesn't work for 16.04, as that one relies on tcache bins, which are not present in glibc 2.23.
 2021-04-29 18:28:13 +10:00
Ashley Donaldson fcd17ed3b1 Port sudoedit exploit to Python 
It's assumed that Python is more likely to be present on the target system
than gcc, so is better as a dependency.
 2021-04-29 13:17:32 +10:00
bwatters 2c1869f9df Land #14907, Add exploit for CVE-2021-1732 
Merge branch 'land-14907' into upstream-master
 2021-03-18 14:29:59 -05:00
Spencer McIntyre f3df076067 Only upgrade the token of EProcess was found 2021-03-16 15:20:44 -04:00
Spencer McIntyre c11900b9ab Add support for Windows 2004 & 20H2 2021-03-15 17:28:38 -04:00
Spencer McIntyre 2e3d98a36a Move the DLL injection code into a reusable function 2021-03-15 11:47:02 -04:00
Grant Willcox 89ce1c5229 Quick update to make the backdoor a bit stealthier by removing the extra Payload Success! message that wasn't needed 2021-03-14 00:00:17 -06:00
Grant Willcox 4f2e299d8f Update the exploit to use Python as its payload since this is a lot more flexible, allows Meterpreter, returns a shell faster, and we are already injecting into and executing a Python file 2021-03-14 00:00:06 -06:00
Grant Willcox 7d6e636114 Initial upload of exploit code for CVE-2021-21978 2021-03-13 23:59:47 -06:00
Spencer McIntyre f0a9a1deb3 Add the initial exploit for CVE-2021-1732 2021-03-12 17:30:22 -05:00
Grant Willcox f327d30e08 First attempt at CVE-2020-7200 module, with RuboCopped module 2021-03-02 16:38:19 -06:00
Spencer McIntyre b9dd1b927b Randomize the path to the library that's loaded 2021-02-10 08:45:52 -05:00
Spencer McIntyre 117cdc4fd7 Populate module metadata and cleanup files 2021-02-03 18:16:13 -05:00
Spencer McIntyre a00f165b6b Clean the C code and fix the exploitation environment 2021-02-03 18:16:13 -05:00
Spencer McIntyre b9413b4103 Update the exploit C code to allocate it's own PTY 2021-02-03 18:16:13 -05:00
Spencer McIntyre 13dd9ac10e Initial work on CVE-2021-3156 2021-02-03 18:16:13 -05:00
Christophe De La Fuente c8819259ae Land #14414, CVE-2020-1337 - patch bypass for CVE-2020-1048 2021-01-15 19:13:14 +01:00
Spencer McIntyre 33bd712e0a Land #14585, Create module for CVE-2020-17136: Cloud Filter Arbitrary File Creation EoP 2021-01-11 17:16:40 -05:00
bwatters 50e115b414 Cleanup and edits per review from Christophe 
Removed unused method from ps script
Cleaned up some code in the module
Added removal instructions to the documentation
 2021-01-11 16:02:58 -06:00
Grant Willcox 3072391d00 Make second round of review edits to fix Spencer's comments 2021-01-08 12:50:52 -06:00
bwatters 5e5d7b1abb Update to execute_string to avoid the issue where an arbitrary 
length comment is required for the exploit to work.
 2021-01-06 17:08:22 -06:00
Christophe De La Fuente 17c393f101 Land #14046, Adding juicypotato-like privilege escalation exploit for windows 2021-01-06 16:02:05 +01:00
Christophe De La Fuente bf7627b33e Adding DLL's 2021-01-06 15:59:08 +01:00
Grant Willcox 839daf93e9 Update the compiled DLL and redo a lot of the module to get it into its first ready state using a different DLL hijack I found during research 2021-01-05 16:12:08 -06:00
Grant Willcox 668eeae4e1 Initial push of code 2021-01-04 12:04:38 -06:00