adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

61 Commits

Author SHA1 Message Date
William Vu fa6573f8e7 Note arch in supported target 2020-02-03 11:16:16 -06:00
William Vu a3717e13f6 Unf*ck PAYLOAD being set for neutralization 2020-02-03 11:16:16 -06:00
William Vu e12d993027 Move SMB DOPU module to match new naming scheme 2020-02-03 11:16:16 -06:00
William Vu f49ee7c60e Prefer exploit.rb's rand_text wrapper 2020-02-03 11:16:16 -06:00
William Vu d64eb10b17 Update credit 2020-02-03 11:16:16 -06:00
William Vu 548529e1d4 Clean up parsing 2020-02-03 11:16:16 -06:00
William Vu 9e690414a1 Update ping response parsing with new information 
Found the struct that corresponds to the ping response!
 2020-02-03 11:16:16 -06:00
William Vu 6241555531 Fix service pack 2020-02-03 11:16:16 -06:00
William Vu 2ce49456a7 Fix arch detection and add product type 
Thanks to @tsellers-r7 for testing XP and producing output to compare
against. Without a 32-bit test, the architecture guess was incorrect.
Additionally, product type had yet to be determined. The trailing bytes
were indeed significant! Thanks, Tom!
 2020-02-03 11:16:16 -06:00
William Vu 992a386ece Use build_data_tpdu and note channelJoinConfirm 2020-02-03 11:16:16 -06:00
William Vu 4d21b0e88e Update prints in check for visibility 
vprint_good should be print_warning, and most vprints should be print,
even if in check, since check is critical functionality.
 2020-02-03 11:16:16 -06:00
William Vu 7ba7221a8f Parse ping response into version, build, and arch 2020-02-03 11:16:16 -06:00
William Vu db1a201885 Add RDP DOUBLEPULSAR RCE module 2020-02-03 11:16:16 -06:00
Brent Cook 33dadefd53 move rdp_move_mouse to rdp library, add GROOMDELAY 2020-01-12 08:19:44 -06:00
zerosum0x0 b76f2a9e08 inject mouse move events, verbose groom progress/elapsed time, danger zone warnings 2020-01-06 23:42:01 -07:00
William Vu f56b262eec Update modules 2019-12-03 10:36:34 -06:00
William Vu 6e904ea105 Fix/clarify target documentation for BlueKeep 2019-11-15 11:14:00 -06:00
William Vu 28ecefadb8 Warn about fDisableCam in automatic mode 2019-11-14 11:08:27 -06:00
William Vu cb6d85bee2 Add suggestion about GROOMBASE 2019-11-14 11:08:14 -06:00
William Vu fc64ac42af State 2008 caveat in module description and doc 2019-11-14 10:57:42 -06:00
William Vu 4f2cab4cf1 Add references 2019-11-11 17:33:10 -06:00
zerosum0x0 01d84c5654 remove syscall hook 2019-11-08 19:44:52 -07:00
Brent Cook c0be631bf0 tweak groombase for vmware 15.1 2019-09-23 11:01:04 -05:00
Brent Cook acb351ac44 add a few more vmware targets (emphasising the fragility here) 2019-09-19 07:02:02 -05:00
Brent Cook 67ee46ec03 add additional target, set default target GROOMSIZE to 100M (thanks aconite33) 2019-09-19 06:05:08 -05:00
Brent Cook 8138e2f185 remove email 2019-09-19 06:05:08 -05:00
Brent Cook 458dc59594 move kernel shellcode comments to the correct place 2019-09-19 06:05:08 -05:00
Brent Cook d80ad89160 resolve msftidy error 2019-09-19 06:05:08 -05:00
Brent Cook 7e4a99689a remove separate PoC and shellcode files, replaced with new integrated module 2019-09-19 06:05:08 -05:00
Brent Cook 51c0c24c20 add and update documentation from original PoC 2019-09-19 06:05:08 -05:00
Brent Cook fb729b5f11 add bare metal target 2019-09-19 06:05:08 -05:00
Brent Cook 02ba21a0a0 remove WinVer 2019-09-19 06:05:08 -05:00
Brent Cook 4677e0f389 include internal OS version in target names 2019-09-19 06:05:08 -05:00
William Vu cdd3378acc Clean up BlueKeep exploit 2019-09-19 06:05:08 -05:00
Brent Cook e32409b379 merge Win 7/2008 targets 2019-09-19 06:05:08 -05:00
Brent Cook f2c475454a tag targets for Virtualbox, add Windows 2008R2 2019-09-19 06:05:08 -05:00
Brent Cook 15ce66cb02 adjust to ManualRanking 2019-09-19 06:05:08 -05:00
Brent Cook 35e3704526 add current caveats and notes from zerosum0x0 2019-09-19 06:05:08 -05:00
Brent Cook e243e1a50d add a more likely arch with the default fingerprint target 2019-09-19 06:05:08 -05:00
Brent Cook f3a9af2ea8 rename for consistency with scanner module 2019-09-19 06:05:08 -05:00
Brent Cook 855281b0ac add auto-target by default, only scan and show a user message for now 2019-09-19 06:05:08 -05:00
Brent Cook b860cafddf remove 'COMPACT' mode since it's not needed here 2019-09-19 06:05:08 -05:00
Brent Cook 49cb6204e5 explicit short jump no longer needed with relative address fixes 2019-09-19 06:05:08 -05:00
Brent Cook 559901865e add PR ref 2019-09-19 06:05:08 -05:00
Brent Cook 9e321dc30e move hack into fixup code 2019-09-19 06:05:08 -05:00
Brent Cook 9150ab4e1a add pre/post processor phase to address metasm limits 
This adds a pre/post processor phase that allows specifying relative
label offsets when loading effective addresses from metasm-generated
code.
 2019-09-19 06:05:08 -05:00
Brent Cook 6522866071 specify short jump opcodes explicitly 2019-09-19 06:05:08 -05:00
OJ f479ed2d73 Small refactors, comments and tidying up 2019-09-19 06:05:08 -05:00
William Vu 725bff5e2d Add CheckScanner and ForceExploit 2019-09-19 06:05:08 -05:00
Brent Cook 49762084f2 minor cleanup of debug code and remove some fixed encodings (still need a couple) 2019-09-19 06:05:08 -05:00