3181d4e080
Add zsh completion definitions for utilities
2014-09-27 20:12:02 -04:00
8cca4d7795
Fix the makefile to use the right directory
...
Reported by severos on IRC, the current output
class is in the right place, but the makefile
was broken.
2014-08-03 13:38:15 -05:00
ce5d3b12e7
Land #3403 - MS13-097 Registry Symlink IE Sandbox Escape
2014-06-26 13:48:28 -05:00
0b6f7e4483
Land #3404 - MS14-009 .NET Deployment Service IE Sandbox Escape
2014-06-26 11:45:47 -05:00
25ed68af6e
Land #3017 , Windows x86 Shell Hidden Bind
...
A bind shellcode that responds as 'closed' unless the client matches the
AHOST ip.
2014-06-08 13:49:49 +01:00
bf1a665259
Land #2657 , Dynamic generation of windows service executable functions
...
Allows a user to specify non service executables as EXE::Template as
long as the file has enough size to store the payload.
2014-06-07 13:28:20 +01:00
443f9f175c
Update IE11Sandbox exploit source
2014-06-03 09:58:07 -05:00
372a12b966
Restore make.msbuild permissions
2014-06-03 09:07:34 -05:00
98a06b3d72
Restore make.msbuild
2014-06-03 09:05:26 -05:00
f918bcc631
Use powershell instead of mshta
2014-06-03 09:01:56 -05:00
f6862cd130
Land @OJ's updated meterpreter binaries
2014-05-30 20:27:28 -05:00
d2b8706bd6
Include meterpreter bins, add Sandbox builds
...
This commit contains the binaries that are needed for Juan's sandbox
escape functionality (ie. the updated old libloader code). It also
contains rebuilt binaries for all meterpreter plugins.
I've also added command line build scripts for the sandbox escapes
and added that to the "exploits" build.
2014-05-31 08:12:34 +10:00
c1368dbb4c
Use %windir%
2014-05-30 09:06:41 -05:00
75777cb3f9
Add IE11SandboxEscapes source
2014-05-29 11:38:43 -05:00
bb4e9e2d4d
correct error in block service_change_description
2014-05-13 16:04:39 +02:00
6332957bd2
Try to add SERVICE_DESCRIPTION options to psexec, but it doesn't seem to work...
2014-05-13 16:04:39 +02:00
bdbb70ab71
up block_service_stopped.asm
2014-05-13 16:04:39 +02:00
e269c1e4f1
Improve service_block with service_stopped block to cleanly terminate service
2014-05-13 16:04:38 +02:00
c43e3cf581
Improve block_create_remote_process to point on shellcode everytime
2014-05-13 16:04:38 +02:00
25d48b7300
Add create_remote_process block, now used in exe_service generation
2014-05-13 16:04:38 +02:00
0bdf7904ff
Change author of single_service_stuff.asm
2014-05-13 16:04:38 +02:00
513f3de0f8
new service exe creation refreshed
2014-05-13 16:04:36 +02:00
58c46cc73d
Add compilation instructions for the AS
2014-05-08 16:48:42 -05:00
5fd732d24a
Add module for CVE-2014-0515
2014-05-07 17:13:16 -05:00
6bfc9a8aa0
Land #3333 - Adobe Flash Player Integer Underflow Remote Code Execution
2014-05-05 10:39:26 -05:00
7e37939bf2
Land #3090 - Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
2014-05-04 16:41:17 +10:00
b4c7c5ed1f
Add module for CVE-2014-0497
2014-05-03 20:04:46 -05:00
850f6b0276
Address OJ's comments
2014-05-02 13:33:55 +01:00
60e7e9f515
Add module for CVE-2013-5331
2014-04-27 10:40:46 -05:00
5c0664fb3b
Land #3292 - Mac OS X NFS Mount Privilege Escalation Exploit
2014-04-24 13:43:20 -05:00
143aede19c
Add osx nfs_mount module.
2014-04-23 02:32:42 -05:00
acb12a8bef
Beautify and fix both ruby an AS
2014-04-17 23:32:29 -05:00
abd76c5000
Add module for CVE-2014-0322
2014-04-15 17:55:24 -05:00
409787346e
Bring build tools up to date, change some project settings
...
This commit brings the source into line with the general format/settings
that are used in other exploits.
2014-03-14 22:57:16 +10:00
6309c4a193
Metasploit LLC transferred assets to Rapid7
...
The license texts should reflect this.
2014-03-13 09:47:52 -05:00
520d1e69c4
Rapid7 Comma Inc
...
After some more discussion with Rapid7's legal fellow.
2014-03-13 09:46:20 -05:00
9d4ceaa3a0
Let's try to be consistent about Rapid7 Inc.
...
According to
http://www.sec.gov/Archives/edgar/data/1560327/000156032712000001/0001560327-12-000001.txt
Rapid7 is actually "Rapid7 Inc" not "Rapid7, LLC" any more.
This does not address the few copyright/license statements around
"Metasploit LLC," whatever that is.
2014-03-12 11:20:17 -05:00
41720428e4
Refactoring exploit and adding build files for dll.
2014-03-12 10:25:52 +00:00
1fda6b86a1
Changed cmp eax by inc eax. Saved one byte
2014-03-10 12:13:10 +01:00
2a1e96165c
Adding MS013-058 for Windows7 x86
2014-03-06 18:39:34 +00:00
99cd36c036
Fix description of Input
2014-03-06 03:16:55 +01:00
689523a26f
Clean Code based on jlee-r7's comments
...
- Put allocations in loop
- Decomment exitfunc
- Aligned comments
- Some more code cleaning
2014-03-06 02:44:24 +01:00
83929facc4
Fix bug on Windows XP
...
Correct the addresses of functions in pstorec.dll.
Successfully tested on Server 2003 and XP.
2014-03-06 02:35:44 +01:00
4aca648faf
Correct file information
2014-03-06 02:35:36 +01:00
ba31e304b5
Clean the code
...
Remove debugging functions from block_get_pstore_proxy_auth.asm.
Reduce allocation size to 1kB.
2014-03-06 02:35:25 +01:00
b6b46abe9f
Add new stager stager_reverse_http_proxy_pstore
...
This stager looks for proxy credentials in windows protected storage. If it finds proxy credentials, it will use them to connect back. If it does not find credentials, it will do the same as stager_reverse_http.
Works on:
- Windows Server 2003
- Windows XP
- Internet Explorer versions 4 to 6
2014-03-06 02:35:12 +01:00
7877589537
Delete correctly
2014-02-23 02:47:13 +00:00
6127ff92ce
Fix race condition
...
Wait for Sysprep to ExitProcess before cleaning up the DLLs...
2014-03-03 23:41:25 +00:00
2a6258be15
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
external/source/exploits/make.bat
2014-02-28 20:26:24 +00:00
9d9149d9d8
remove some dead code paths
...
refactor some dead conditionals and a case/switch
that wasn't doing anything
2014-02-27 11:45:57 -06:00
Spencer McIntyre