394e99fbe9
Land #12568 , Fix exploit/windows/local/ms16_032_secondary_logon_handle_privesc
2020-01-30 11:57:56 +01:00
3491da7da0
Add a random sentinel to close channel when terminates ( #1 )
...
* Add a random sentinel to close channel when terminates
* Replace spaces with tabs to be consistent
* Remove unnecessary escaped quotes and use include? instead of regex
2020-01-25 23:30:49 +01:00
cfffb65a21
Land #12859 , update AF_PACKET chocobo_root linux LPE
2020-01-24 17:30:13 +08:00
6f6cc00871
Land #12751 , add Linux RDS socket NP deref privesc
2020-01-22 07:08:47 -06:00
19b1f567b2
Update AF_PACKET chocobo_root Privilege Escalation module
2020-01-19 11:51:01 +00:00
36b6ceb56f
Add rds_atomic_free_op_null_pointer_deref_priv_esc (CVE-2018-5333)
2020-01-18 08:34:52 +00:00
a8f8502d19
Update haKCers.txt
...
Corrected minor (but major - sorry!) transposition error on line 18.
2019-12-20 09:05:49 -06:00
894927d960
Land #12693 , add Comahawk privilege escalation
2019-12-18 15:40:51 -06:00
e1e668d7da
Land #12651 , add OpenMRS deserialization exploit
2019-12-16 11:31:24 -06:00
7e05642a1b
Randomize container name
2019-12-12 07:48:01 -06:00
0257861c4f
Remove debug statements and extra c/ruby libraries
2019-12-11 18:42:36 -06:00
942d1e3962
Trim exploit code and de-pasta-fy module
...
Better check for build number
2019-12-10 18:09:08 -06:00
8a9dd35793
First draft of windows comahawk priv esc
2019-12-09 19:09:15 -06:00
4c95150491
add xml erb file
2019-12-02 08:44:37 -06:00
f8c84c9928
Land #12530 , add encrypted, compilable shell payloads
2019-11-21 08:59:46 -06:00
deb57a1df0
add modified chacha implementation, format_uuid
2019-11-19 20:16:16 -06:00
a66a59ae2a
Changed Filename
2019-11-13 20:26:49 -06:00
03117ea685
Update SecKC.txt
2019-11-13 20:26:01 -06:00
6766d9f6f7
Fix exploit/windows/local/ms16_032_secondary_logon_handle_privesc
...
- Powershell script was outdated.
Updated from https://www.exploit-db.com/exploits/39719
- Powershell script was buggy when current directory
was set to e.g. C:\ProgramData. (Get-Item Error)
Fixed.
- Stager was being dropped to current directory, but
it is not guaranteed that we always have permission
to write a file there. Use %TEMP% instead.
- Exploit only seems to work when executed under
a powershell of the same architecture as the
host. (Not WOW64)
This module now ensures that no matter the
architecture of the meterpreter, a powershell
of the same architecture as the host is being
run. (Using Sysnative directory when on WOW64)
- Stager was broken, now generating stager with Rex
and dropping stager as `.ps1` instead of `.txt`.
Ideally the exploit should be rewritten to
accept a shellcode payload directly or a smaller
stager powershell should be created so that it
fits in under 1024 bytes and can be fed directly
to CreateProcessWithLogonW without dropping to
disk.
2019-11-13 05:01:47 +01:00
7d9ab29c8c
Create SecKC.txt
2019-11-12 15:55:26 -06:00
8b462083be
Update banner for MSF5
2019-11-07 20:47:44 +11:00
8bb1c5102b
opt for inline asm instead of pre-compiled object
2019-10-31 11:55:40 -05:00
991ccdbda5
Land #12106 , Add Linux PTRACE_TRACEME local root exploit
2019-10-23 14:01:14 +00:00
b674f3dda3
add AlignRSP call, remove begin from linker script
2019-10-10 12:16:10 -05:00
12f4a89629
remove 64bithelper, add VirtualFree
2019-10-10 12:16:10 -05:00
c3a7d377f4
add payload for X64 arch
2019-10-10 12:16:10 -05:00
64145cdbf2
add header files
2019-10-10 12:16:09 -05:00
0b95acf0b3
Update honk.txt to MSF substitution sequences
...
as per: https://github.com/rapid7/metasploit-framework/pull/12430#issuecomment-539669624
2019-10-08 20:53:59 +01:00
ad70e10452
Add new Untitled Goose Game inspired logo
...
Inspired by an @IanColdwater tweet.
2019-10-08 19:52:11 +01:00
4710322cd7
Land #11762 , add sosreport privesc
2019-09-24 09:48:57 -05:00
2ccfbbe8f8
RHOSTS: fix syntax in doc examples
2019-09-11 19:22:37 +02:00
bade8bfc48
add live compiling
2019-09-03 17:31:04 +08:00
dc07b78dcd
@LoadLow Marks the generated ODT file readonly
2019-08-18 18:36:31 +02:00
9b1a3b4033
Marks the generated ODT file readonly
...
Prevents autosave and further modifications after opening the document on the target system.
2019-08-18 17:59:25 +02:00
e6b72b5b43
Cleanup odt metadata
...
Metadata part is not mandatory on ODT files
2019-08-18 17:51:36 +02:00
409b3c9c4b
using python payload for platform independence
2019-08-16 15:36:42 -05:00
5f478b7fd6
Adds exploit module for CVE-2019-9848
...
uses on dom-loaded event (triggered just after opening the document) and still working on 6.2.5
2019-07-30 23:07:20 +02:00
5b8a75f544
Land #12119 , Add OS X post module to manage Sonic Pi
2019-07-28 23:12:26 -05:00
2f720a1f26
Land #12137 , Update setting new .exe of Sophos AV
2019-07-28 21:49:31 -05:00
c47caec03f
Land #12107 , Add module Redis Unauthenticated Code Execution
2019-07-28 21:40:03 -05:00
4d6f16eac1
Update setting new .exe of Sophos AV
...
Add .exe used by Sophos AV Endpoint
2019-07-27 16:47:05 -03:00
e6e3ec493b
Rename play_pattern_timed durations to beats
...
This is so I don't forget they're beats, not seconds. Also, "times"
already has special meaning in Ruby, so let's not confuse ourselves
further.
2019-07-26 17:41:24 -05:00
42c2d78731
Remove fluff for better effect
2019-07-26 17:18:39 -05:00
61e9f2b5bf
Fix rhythm of melody section
...
Thanks for your ears, @busterb!
2019-07-26 14:09:57 -05:00
a952fc303b
Fix play_pattern_timed
2019-07-22 23:53:24 -05:00
3bc65b0e9e
Play it like a real band
2019-07-22 22:23:44 -05:00
283f9d2e08
Add OS X Manage Sonic Pi post module
2019-07-22 18:46:02 -05:00
07f3c074d4
Add doc and enhance the module.
2019-07-20 00:17:57 +08:00
b6697f5016
Add redis rce module and data stuff.
...
To do:
1. Check env of system and compiler.
2. Add a compiled so file to be compatible with windows and mac.
3. Add doc.
2019-07-17 15:33:02 +08:00
27bb166938
Land #12011 , Add module for cve-2018-8453
2019-07-15 11:31:07 -05:00
Christophe De La Fuente