609bf4be3c
Update smb_shadow module to clean unnecessary code
...
Remove the return statement after fail_with which will never be reached.
Add documentation for the module options. Reset the packet forwarding
settings during the module cleanup.
2021-12-07 08:41:52 +09:00
260ea0725c
Update smb_shadow module and docs for review
...
Add mutex to module to prevent race condition. Add sleep to after arp
query to prevent arp cache restoration. Add DefangedMode to indicate
system network changes. Change module INTERFACE option to be explicit.
Remove unnecessary module payload parameters. Add module Notes.
2021-12-03 14:33:40 +09:00
e19511a31c
Update documentation for the smb_shadow module.
...
Add additional clarity and details to the existing documentation for the
smb_shadow module. Remove some outdated comments and fix some spelling
errors.
2021-11-25 08:12:13 +09:00
e2734293e1
Add SMB Shadow Module: Direct SMB Session Takeover
...
This module intercepts direct SMB connections on the LAN.
Both the SMB Server and Client must be on the LAN.
The SMB Client must be authenticating to the Server as an Administrator.
This module is dependent on an external ARP spoofer.
2021-11-24 20:05:30 +09:00
8d55b16ade
Fix one more mistake and rename document and module to a more easy to find name
2021-11-11 16:42:58 -06:00
27310dc002
Add in exploit and documentation for CVE-2021-42237
2021-11-10 15:52:22 -06:00
3af93cbacc
Fix up changes from timwr's review so long
2021-11-09 10:36:50 -06:00
780a9370a2
First draft of code, documentation, and exploit DLL plus exploit code
2021-11-09 10:36:40 -06:00
9f0804cbfb
Fix Meterpreter spelling mistake
2021-10-12 23:40:43 +01:00
56cd43a8b8
Land #15624 , Add module for CVE-2020-27955
2021-09-15 14:54:19 -04:00
abbb994dab
Updated docs
2021-09-07 13:55:21 -04:00
7fe44583fe
Updated docs
2021-09-07 13:32:52 -04:00
3c43bd409d
Added docs an Git User-Agent FP
2021-09-03 16:15:39 -05:00
95015f0c2b
Update the ProxyShell module docs
2021-08-27 17:50:28 -04:00
674628e600
Land #15384 , Improve Windows RDLL injection
2021-08-26 12:11:44 -04:00
5a80e9678c
Address Spencer's comments and remove changes that don't directly use the DLL injection library API change
2021-08-24 16:34:01 -05:00
31796c6236
Land #15561 , ProxyShell exploit
2021-08-19 10:31:02 -05:00
bcf00a0d3a
Update exchange_proxyshell_rce.md
2021-08-18 14:38:56 -05:00
75e63992d6
Write an exploit for ProxyShell
2021-08-18 10:50:34 -04:00
85ef49a79c
Land #15535 , Update psexec module to use SMBSHARE option name for consistency
2021-08-11 17:41:38 -05:00
5fdf990f24
Land #15519 , Lexmark Universal Print Driver Local Privilege Escalation
2021-08-11 15:03:53 -05:00
92327461d3
Add in driver installation instructions to documentation
2021-08-11 14:40:21 -05:00
7b25bd366f
Update documentation and fix a few typos so that it reflects latest changes
2021-08-11 12:25:36 -05:00
afa3d92774
Switched to upnp implementation
2021-08-10 18:17:18 -04:00
b9d2f30bbd
Update psexec module to use SMBSHARE option name for consistency
2021-08-10 13:17:57 +01:00
55404ff29f
Further fixes from review and further touch up edits
2021-08-09 14:23:05 -05:00
f8d838bba2
Fix first round of comments from the review process
2021-08-09 12:13:27 -05:00
838142362c
Apply first round of updates from review comments to improve explanations of the vulnerability and fix some minor issues
2021-08-09 09:59:09 -05:00
0e41a0e81e
Addressed all but one review items
2021-08-07 06:46:49 -04:00
8d699c0c4e
Addressed various review comments
2021-08-06 14:55:50 -04:00
f851faf2e4
Initial commit for Canon driver exploit
2021-08-05 11:17:45 -04:00
e6c48db072
Initial version of CVE-2021-35449
2021-08-04 16:08:43 -04:00
2fb379374f
Update documentation where possible for changed exploits
2021-07-23 12:34:12 -05:00
fabc566402
Improve process.rb's execute_dll to now automatically detect the architecture of the target and of the DLL and then appropriately decide if it needs to launch a WoW64 process to inject into.
2021-07-23 12:33:41 -05:00
bc0439fc47
Improve the list of potential processes to spawn and inject into to be more believable
2021-07-23 12:33:16 -05:00
b9a71449e5
Add module docs
2021-07-20 20:07:08 -05:00
a276f336f0
Final touchup work for PR 15438 to reference kernel pool and clear some wording up
2021-07-16 13:12:14 -05:00
42a751e0db
Add new supported targets
2021-07-16 16:58:34 +01:00
39455827aa
Land #15254 , use obfuscated powershell protection bypasses
2021-07-12 12:20:17 +01:00
6fbaecf919
Backport print changes to recent modules
2021-07-08 21:26:35 -05:00
410493f729
Land #15318 , NSClient priv esc post module
2021-07-06 16:07:30 +01:00
62f9d15ba3
Land #15314 , Add Exploit for CVE-2021-31181 (SharePoint RCE)
2021-06-16 10:39:49 -05:00
d1be69eae6
Implement changes based on PR feedback
2021-06-14 10:15:27 -04:00
edee95bbb2
Update the check to not fail if a COOKIE is used
2021-06-10 11:29:07 -04:00
1858b574ec
Land #15305 , Authenticated RCE module for NSClient++
2021-06-09 15:38:34 +01:00
ebc8dba921
intial commit
2021-06-09 15:10:03 +02:00
14c5924044
rubocop for documentation is ok
2021-06-09 09:08:19 +02:00
674eb51f86
add scenario + small changes
2021-06-09 08:59:35 +02:00
3afe3ebfa3
Add the module docs
2021-06-08 15:23:24 -04:00
fd988f7f29
Update documentation/modules/exploit/windows/http/nscp_authenticated_rce.md
...
Co-authored-by: bcoles <bcoles@gmail.com >
2021-06-08 16:35:10 +02:00
usiegl00