adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
60,845 Commits 27 Branches 1,043 Tags
5b3edd4cb2accbf2bd8eb835470f6e9cd59cd2f6
Commit Graph

6989 Commits

Author SHA1 Message Date
Shelby Pace 8e4a33f2a2 Land #15223, move TokenMagic validation logic 2021-05-24 14:51:13 -05:00
bwatters 8e1391f098 Land #15216, Fix targeting for CVE-2021-21551 
Merge branch 'land-15216' into upstream-master
 2021-05-21 14:56:08 -05:00
bwatters 72375d1f67 Land #15024, Add RCE Exploit For CVE-2020-0796 (SMBGhost) 
Merge branch 'land-15024' into upstream-master
 2021-05-20 17:02:04 -05:00
Spencer McIntyre a6f650a1a3 Add a clear warning about instability due to KPP 2021-05-20 17:28:14 -04:00
bwatters a89fffade1 Update check method and move it to earlier in the module to prevent crashing 
on windows 7 sp0 targets.
 2021-05-19 15:58:40 -05:00
Spencer McIntyre 78d47b11f2 Add targeting for Windows 10 v21H1 2021-05-18 12:56:02 -04:00
William Vu aad4ea8e09 Add check 
Thanks to @adfoster-r7 for the round of golf!
 2021-05-17 13:58:03 -05:00
William Vu 47740c8ac3 Add NetMotion Mobility CVE-2021-26914 exploit 2021-05-17 13:58:03 -05:00
Grant Willcox e7983c3b6f Land #15192, Enforce Style/RedundantBegin for new modules 2021-05-17 09:51:57 -05:00
Grant Willcox 7a9050c7ea Fix up check method so that it will correctly warn the user that the target might not be vulnerable only cause the DLL hijacking technique doesn't work on certain targets. 2021-05-14 17:47:39 -05:00
Jack Heysel c8b62a1ff9 Fixed check method nil check, update numberd list in docs, added wfsdelay warning when in dll mode 2021-05-14 17:47:31 -05:00
Jack Heysel 950bbad852 Removed nil script check, updated docs 2021-05-14 17:47:15 -05:00
Jack Heysel eb4573164b Addressed comments 2021-05-14 17:46:26 -05:00
Jack Heysel e29dce4f08 Removed comments from powershell script 2021-05-14 17:45:42 -05:00
Jack Heysel d23df37b62 Responded to comments, refactored to remove duplicate code 2021-05-14 17:44:08 -05:00
Jack Heysel d5f2cfb3de Added x86 codepath for uso trigger 2021-05-14 17:44:08 -05:00
Jack Heysel b112aae55c Rubocop offense 2021-05-14 17:44:08 -05:00
Jack Heysel fab3a9afc8 Added wfsdelay, updated docs 2021-05-14 17:44:07 -05:00
Jack Heysel addc1ad601 Replace shelled usoclient call with uso_trigger 2021-05-14 17:44:07 -05:00
Jack Heysel 5640dac24d Fixed sc command, updated check method, moved tokenmagic.ps1 2021-05-14 17:44:07 -05:00
Jack Heysel ca637be0c9 Fixed powershell script, updated authors 2021-05-14 17:44:06 -05:00
Jack Heysel 1eab94cc26 beta draft 2021-05-14 17:43:44 -05:00
bwatters 8792febcf8 Land #15190, Add Exploit For CVE-2021-21551 (Dell DBUtil_2_3 IOCTL) 
Merge branch 'land-15190' into upstream-master
 2021-05-14 13:55:12 -05:00
adfoster-r7 ac2c467121 Land #15011, Enhance analyze command API to understand modules' needs 2021-05-14 14:30:33 +01:00
Spencer McIntyre d990e884af Add and test even more targets 2021-05-13 17:27:58 -04:00
Spencer McIntyre eb89550f85 Clear up some target offset discrepancies 2021-05-13 16:06:15 -04:00
Spencer McIntyre 7d841a0f79 Add a target for Windows 7 x64 2021-05-13 14:24:15 -04:00
Spencer McIntyre 4825407d21 Add a target for Windows 8.1 x64 2021-05-13 12:56:47 -04:00
Alan Foster 100da2f1b1 Enforce Style/RedundantBegin for new modules 2021-05-13 04:01:03 +01:00
Spencer McIntyre 477749f77f Refactor the code to be reusable and add docs 2021-05-12 16:36:17 -04:00
Spencer McIntyre d3de52da59 The exploit is now functional for Win10 v1803-20H2 2021-05-12 16:14:59 -04:00
Grant Willcox 23bab9405a Land #15175, Change depreciated URI::encode call to URI::encode_www_form_component within rejetto_hfs_exec 2021-05-11 11:21:50 -05:00
Debjeet Banerjee 54dbedf181 URI.escape is obsolete and needs to be updated 
The current code results in the following error :
```
[*] Started reverse TCP handler on 192.168.1.105:4444 
[*] Using URL: http://0.0.0.0:8080/o6wYorU
[*] Local IP: http://192.168.1.105:8080/o6wYorU
[*] Server started.
[*] Sending a malicious request to /
/usr/share/metasploit-framework/modules/exploits/windows/http/rejetto_hfs_exec.rb:110: warning: URI.escape is obsolete
/usr/share/metasploit-framework/modules/exploits/windows/http/rejetto_hfs_exec.rb:110: warning: URI.escape is obsolete
[*] Server stopped.
[!] This exploit may require manual cleanup of '%TEMP%\jsywNguEzNXZF.vbs' on the target
[*] Exploit completed, but no session was created.
```

This minor edit should fix it.
 2021-05-09 12:40:48 +05:30
Alan Foster 48697625da Ensure adobe sandbox collab sync session types is an array 2021-05-07 18:51:06 +01:00
Shelby Pace 45a8e1f49f Land #15087, Operations Bridge Reporter support 2021-04-30 08:41:35 -05:00
Alan Foster 04ff0f6bd7 Update exchange ecp dlp policy to work with new cookie jar 2021-04-29 21:26:02 +01:00
Pedro Ribeiro 83329cc8de clarify it's only for winblows 2021-04-23 19:24:49 +07:00
Pedro Ribeiro 62ba64375c fix typos and add default rport 2021-04-23 17:38:06 +07:00
Pedro Ribeiro 092c22ab4e fix typo in URL 2021-04-23 16:47:46 +07:00
Pedro Ribeiro 8b3687b9e6 update privesc sploit 2021-04-23 16:38:25 +07:00
Spencer McIntyre 00db3767b1 Fix a bug when restoring corrupted memory 2021-04-20 18:18:42 -04:00
Spencer McIntyre cc1aa34534 Tweak what is restored to avoid a bugcheck 2021-04-16 09:16:38 -04:00
adfoster-r7 4c37e35d82 Land #14770, guard when spawn is used with TcpServer mixin 2021-04-14 11:34:25 +01:00
Spencer McIntyre 6176f6fd16 Avoid a CRITICAL_STRUCTURE_CORRUPTION bugcheck from patch guard 2021-04-13 17:39:32 -04:00
Spencer McIntyre ba9674ca69 Search a wider range of the hal heap and remove an irrelevant sentence 2021-04-13 14:44:24 -04:00
Spencer McIntyre ec962cf2be Adjust the hal heap base address calculation 2021-04-13 13:11:24 -04:00
Spencer McIntyre 63e438e992 Bump RubySMB and add a simple check method 2021-04-09 14:44:27 -04:00
Spencer McIntyre f9e632231b Update module metadata for SMBGhost 2021-04-09 14:15:11 -04:00
Spencer McIntyre dd9936ae84 Add SMBGhost RCE module docs 2021-04-09 14:15:11 -04:00
Spencer McIntyre d8bed16d4d Refactor constants into a proper target hash 2021-04-09 14:15:11 -04:00