adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
64,141 Commits 27 Branches 1,043 Tags
653e48eb3ca3752b00a80d803a83d536d88636f0
Commit Graph

2786 Commits

Author SHA1 Message Date
Grant Willcox e2c6c36b2b Land #1642, Add module for cve-2022-0995 2022-04-21 09:12:47 -05:00
bwatters 26f9175816 Update c source with argc check and CRASH notes for module 2022-04-20 17:37:48 -05:00
space-r7 54f8d44639 add osx binary 2022-04-18 09:42:40 -05:00
bwatters 96d86944da Added precompiled binary and option to strip output, fixed comment-strip bug 2022-04-07 17:09:35 -05:00
Spencer McIntyre 5de966cfb1 Land #16382, CVE-2022-26904 SuperProfile LPE 2022-04-07 12:52:39 -04:00
Grant Willcox 9e2d7f655b Update data to fix more things found during review process 2022-04-05 12:48:11 -05:00
Grant Willcox db4b22df5e Update the exploit code to output errors in a better format, and fix a potential issue when trying to delete folders recursively. Also update exploit module to try kill msiexec.exe if its still running to prevent it holding onto handles when it shouldn't be. 2022-04-04 17:58:52 -05:00
Grant Willcox 8daecca5c3 Update code with latest changes 2022-04-01 12:11:05 -05:00
Grant Willcox d29f5690a1 Add in backup code to DLL template to fall back to old way of executing things in case the BREAKAWAY_FROM_JOB flag cannot be used 2022-03-31 14:28:29 -05:00
Grant Willcox 743138abed Add in initial fixes from review and remove extra BREAKAWAY_FROM_JOB code changes not directly related to this PR as we'll raise a separate PR for those 2022-03-31 12:13:29 -05:00
Grant Willcox bd3e0c1b53 Add in support for exploiting domain joined systems 2022-03-28 16:14:19 -05:00
Grant Willcox e5c0259723 Add CREATE_BREAKAWAY_FROM_JOB flag to source files related to DLL generation, update the exploit source to denote how to clean up in case the payload can't clean up 2022-03-23 19:38:32 -05:00
Grant Willcox a25b3a70ad Update permissions on template DLLs 2022-03-23 17:49:03 -05:00
Grant Willcox b1ce05f97c Add in updated Ruby code and also update the DLLs and prepend_migrate.rb to use the CREATE_BREAKAWAY_FROM_JOB flag with CreateProcess to break away from the job if the job has the JOB_OBJECT_LIMIT_BREAKAWAY_OK limit set to allow breakaway jobs 2022-03-23 17:47:25 -05:00
Spencer McIntyre da16aad96a Land #16298, Add the capture plugin 2022-03-21 20:03:16 -04:00
Grant Willcox 715082a960 Update exploit and module with new delay timing and latest copy of DLL 2022-03-21 12:05:48 -05:00
Grant Willcox c1d6dced8d Update library code to read exchange versions from exchange_versions.json and populate exchange_versions.json with initial info 2022-03-17 11:29:01 -05:00
Ashley Donaldson 9074d7b2bd Reformatted yaml file to be more flexible in future 2022-03-17 08:47:10 +11:00
Ashley Donaldson b34189e24c Take more parameters from a config file 2022-03-11 15:10:08 +11:00
space-r7 b747e55dda Land #16303, add Dirty Pipe exploit 2022-03-10 11:16:28 -06:00
space-r7 2102c7daca add binaries for pre-compiled option 2022-03-10 08:50:48 -06:00
Tim W 955cc9c986 fix cross compiling 2022-03-09 06:59:25 +00:00
Tim W 676c4a6f4f improve fork behaviour 2022-03-08 10:24:25 +00:00
Tim W 7ca6a28c05 embed payload inside exploit and add check method 2022-03-08 09:51:49 +00:00
Ashley Donaldson e4f5d5a539 Merge branch 'master' into hash_capture 2022-03-08 07:57:42 +11:00
space-r7 7a9d30e5b1 Land #16227, add wp masterstudy privesc module 2022-03-07 10:58:23 -06:00
Tim W 5bd48d0a7d initial commit of dirtypipe 2022-03-07 15:49:27 +00:00
Ashley Donaldson 02bb5234a3 Update help, fix POP3S port and disable DNS (broken) and WPAD (not actually useful) 2022-03-07 21:40:31 +11:00
Spencer McIntyre 6be3443680 Land #16103, LPE in polkit's pkexec (CVE-2021-4034) 2022-03-03 09:24:11 -05:00
Ashley Donaldson 6bffa663a9 Don't try to launch UDP services remotely. 
Use normal capitalisation when showing service names to users.
 2022-03-02 14:00:41 +11:00
Ashley Donaldson 75c0951fc9 Track capture jobs by session, and support stopping captures per-session 2022-03-02 09:59:56 +11:00
Ashley Donaldson 8dd459edbb Read some config in from a file 2022-03-01 15:29:50 +11:00
space-r7 0d10409d67 Land #16131, add modern events calendar sqli 2022-02-28 12:27:45 -06:00
h00die 9799d87ec9 update exploitable plugins 2022-02-25 17:00:34 -05:00
bwatters b69db83398 Land #16202, Add exploit for CVE-2022-21882 (Win32k LPE) 
Merge branch 'land-16202' into upstream-master
 2022-02-25 15:55:48 -06:00
bwatters 9e9ae9a8cc Remove unneeded files 2022-02-18 16:33:39 -06:00
bwatters 3ea032472d Updated exploit with better check method, added OnSessionCmd option 
to run a command when a session is bootstrapped, added more
documentation.
 2022-02-18 16:30:47 -06:00
Spencer McIntyre 443bf1249a Remove all the old CVE-2021-1732 data 2022-02-18 15:25:39 -05:00
Spencer McIntyre d92259f868 One exploit for CVE-2021-1732 and CVE-2022-21882 2022-02-18 15:23:38 -05:00
h00die 864ce9471f wp_secure_copy sqli 2022-02-13 15:04:17 -05:00
bwatters 74521c8ced Update check for supported CentOS, Ubuntu, and Debian Targets 2022-02-11 20:30:05 -06:00
bwatters 9635fde12d Add support and templates for aarch64 targets 2022-02-10 10:49:02 -06:00
bwatters d1ba43e4c8 Remove hard-coded values 2022-02-08 16:00:20 -06:00
bwatters 65ebeafacc Use the supplied directory 2022-02-08 16:00:19 -06:00
bwatters c44fb6a9d3 ugly but working no-gcc module 2022-02-08 16:00:19 -06:00
h00die 5f45e40192 update wp-exploitable-plugins 2022-02-03 17:37:27 -05:00
Dhiraj Mishra 2df0f8bf55 delete compiled binary 2022-02-02 20:46:11 +04:00
Dhiraj Mishra 6b1c4f4efd Add files via upload 2022-01-26 23:21:16 +04:00
Dhiraj Mishra bfb9882fd4 cve_2021_4034.c 2022-01-26 23:20:55 +04:00
h00die 7a7b009161 add more smarts to nolog for jtr 2022-01-17 15:33:41 -05:00