1dadec8369
Revive windows/aarch64/exec Payload
2025-06-27 23:57:12 +02:00
00852f4682
Adding PPC64 template, fixing PPC64 single payloads
2025-06-19 17:17:19 +02:00
5aa91bd57c
Rubocop: Resolve Rubocop Style/RedundantRegexpArgument violations
2025-05-24 13:34:32 +10:00
37bb14ba9c
fix(payloads): removing hardcoded block-api hashes
2024-11-26 12:07:30 -05:00
05cbd1d9a3
Land #19593 Add exploit for CVE-2023-28324 (Unauthenticated RCE in Ivanti EPM)
...
This exploits an unauthenticated RCE in Ivanti's EPM where a .NET remoting client can invoke a method that results in an OS command being executed in the context of NT AUTHORITY\SYSTEM.
2024-11-20 11:18:58 -08:00
39698ec1ed
Add the BinaryArray record definition
2024-10-17 12:54:25 -04:00
574654888b
Add the BinaryMethodCall record definition
2024-10-17 12:54:25 -04:00
1c84d5719f
Add a basic MethodReturn definition
2024-10-17 12:54:25 -04:00
f244d07bd0
Msf::Util::EXE: Add support for RISC-V ELF executables
2024-10-15 22:51:36 +11:00
4f6e2bcd22
Code review
2024-04-26 18:47:42 +02:00
1294ed0bbb
Add inline technique to dump SAM hashes, LSA secrets and cached hashes
2024-04-26 18:44:05 +02:00
e5635c4bfd
Add source code for Python deserialization gadgets
2024-03-29 09:33:47 -04:00
2292da9164
Add the UNC loading technique too
2024-03-29 09:33:47 -04:00
1140efc8b4
Support adding encrypted files to archives & jars
2023-10-13 14:42:10 +01:00
05dd2e1473
Land #18351 , Apache Superset RCE (CVE-2023-37941)
2023-10-12 17:10:10 -04:00
59da2865d9
Use an exec-in-place gadget for Python
...
This adds a Python deserialization gadget that will exec arbitrary
Python code in place. It is only compatible with Python 3.x due to
differences in Python's exec function and statement between 2 and 3.
2023-10-10 14:01:24 -04:00
d64ed33cdf
code spell for a bunch of modules
2023-09-24 17:42:00 -04:00
9a40e2612b
Land #17129 , Add OSX Aarch64 Payload support
2023-08-02 18:37:56 +01:00
8e0a909b18
Fixes incorrect usage of pack/unpack directives
2023-07-19 11:39:00 +01:00
085943bd78
Add Ruby 3.3.0-preview1 to test suite
2023-06-29 22:53:17 +01:00
e70bdb028a
Basic MachO Signing
...
This commit adds the sign method to Payload::MachO which performs a
basic SHA256 signature update on the provided macho to enable it to run
under osx aarch64 systems.
2023-06-19 10:57:37 +02:00
658c87996d
Hotwire MachO Signing
...
This commit hotwires in executable signing to some of the aarch64 osx
payloads in order to ensure that they are fully functional.
2023-06-19 10:57:37 +02:00
8a5442f7f0
Fix AARCH64 MachO Generation
...
This updates the exe util to properly generate stageless aarch64 macho
payloads. I've also added comments on how to assemble the aarch64
stages.
2023-06-19 10:57:37 +02:00
5f8767f4cf
M1ssion Dyld Mettle: Aarch64 Payloads
...
This builds on Back from the dyld by adding the required aarch64
assembly code to enable the OSX loader to run on the m1. This enables
the use of native payloads on M1 or M2 devices that do not have Rosetta
installed.
2023-06-19 10:57:37 +02:00
c41483250f
Fix an edge case in .to_win32pe
...
When the entry point is after the payload, there woud occassionally be
cases where `poff` and `eidx` to be invalid, causing `entry` to be
truncated. `poff` should never be negative and `eidx` should reserve the
256 bytes that `entry` may occupy.
2023-06-13 13:41:47 -04:00
f9c6caa804
Land #17785 , add SolarWinds (SWIS) deser RCE
2023-03-27 15:25:17 -05:00
bfac7e6e0b
Add a formatter_compatible_gadget_chains function
2023-03-23 17:28:58 -04:00
ff3b68a352
Add the ObjectDataProvider+JsonNetFormatter
2023-03-23 17:28:58 -04:00
236de61130
Land #17583 , Enhances info -d with references to AttackerKB
2023-03-21 12:38:36 +00:00
9dcaf93b29
Replace deprecated File.exists? with File.exist?
2023-03-05 14:30:47 +11:00
e7da4c4612
Land #17594 , Add larger DLL templates
2023-02-15 19:35:37 -06:00
301d25ddfa
Raise more explicit errors for invalid arguments
2023-02-15 09:07:01 -05:00
5725dd2ded
Fix an off by one size error
2023-02-14 18:01:14 -05:00
ac9d60ce9e
Land #17281 , Added module for CVE-2022-2992
...
Added module for CVE-2022-2992 - Gitlab Remote Command Execution via Github import
2023-02-14 16:57:29 -05:00
fd6cd82f30
Upgrade DLL template size automatically
2023-02-09 15:09:50 -05:00
b789e00ea7
Enhances info -d with references to AttackerKB
2023-02-03 10:15:55 +00:00
6043d0ffba
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
2783e92203
Update windows_secrets_dump and Keytab module to export kerberos keys
2022-12-14 13:40:39 +00:00
cf6d5d3a14
It made the gadgets being used more readable
2022-12-06 17:47:49 +01:00
704cee436b
Apply suggestions from code review
2022-11-29 15:25:14 +01:00
c1236500f1
Apply suggestions from code review
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2022-11-29 14:12:39 +01:00
637ad5f809
make ducky more psh friendly
2022-11-21 17:55:48 -05:00
34d191b06c
Added Ruby serialized payload generator
2022-11-19 15:20:49 +01:00
29b7fa5336
ducky_script format for msfvenom
2022-11-18 17:02:52 -05:00
0d9cca79b4
Fix crash when generating payload sizes
2022-11-04 02:10:58 +00:00
97bce45e69
Land #16915 , Add exploit for CVE-2022-23277 (Exchange RCE)
2022-08-19 11:11:46 -05:00
7c1dd17c86
Add a missing verison, fix typos
2022-08-17 17:36:31 -04:00
5faee26f10
Add the DataSetTypeSpoof .NET deserialization chain
2022-08-08 17:52:51 -04:00
852fac48b1
Add the DataSet .NET deserialization chain
2022-08-08 17:51:37 -04:00
310cfde62b
Fix a bug with empty length-prefixed strings
2022-08-08 15:14:17 -04:00
Alex