adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

6361 Commits

Author SHA1 Message Date
William Vu 32728742ea Clarify why we can't proceed 2019-09-30 14:18:41 -05:00
William Vu 4975a24900 Refactor methods to use @tree_id ivar 
Whoops, forgot this when I ivar'd it.
 2019-09-30 14:18:41 -05:00
William Vu b1f2fa4e64 Don't hardcode body size 2019-09-30 14:18:41 -05:00
William Vu ed0b856aac Prefer << over += 
Oops, spending too much time with Python.
 2019-09-30 14:18:41 -05:00
William Vu 255af7f2d3 Simplify data count calculation 2019-09-30 14:18:41 -05:00
William Vu ade715f88a Update disclosure date to dump date 2019-09-30 14:18:41 -05:00
William Vu 7417aa8a30 Rename module and note kill target in description 2019-09-30 14:18:41 -05:00
William Vu 0392521887 Fix same multiplex ID meaning implant not detected 2019-09-30 14:18:41 -05:00
William Vu 33d7a2a818 Remove SMB::Client::Authenticated 
They're fine as advanced options, since this targets a null session.
 2019-09-30 14:18:41 -05:00
William Vu 6b4cf4970e Don't support x86 at the moment 2019-09-30 14:18:41 -05:00
William Vu aa2f7d378a Create method for kernel shellcode size 2019-09-30 14:18:41 -05:00
William Vu 8190e7067a Calculate kernel shellcode size 2019-09-30 14:18:41 -05:00
William Vu 05b83ff5da Calculate max payload size automagically 2019-09-30 14:18:41 -05:00
William Vu 8cae04f194 Use constant for maximum shellcode size 2019-09-30 14:18:41 -05:00
William Vu fb1bb0fd2f Don't use NOPs because Peter would be sad 2019-09-30 14:18:41 -05:00
William Vu 530bf9bc0c Finish RCE with Jacob's help 2019-09-30 14:18:41 -05:00
William Vu 3a5a05f3a9 Use recently enhanced Rex::Text.xor 2019-09-30 14:18:41 -05:00
William Vu 90cb0e039f Add DOUBLEPULSAR payload execution 2019-09-30 14:18:41 -05:00
Brent Cook c0be631bf0 tweak groombase for vmware 15.1 2019-09-23 11:01:04 -05:00
Brent Cook acb351ac44 add a few more vmware targets (emphasising the fragility here) 2019-09-19 07:02:02 -05:00
Brent Cook 67ee46ec03 add additional target, set default target GROOMSIZE to 100M (thanks aconite33) 2019-09-19 06:05:08 -05:00
Brent Cook 8138e2f185 remove email 2019-09-19 06:05:08 -05:00
Brent Cook 458dc59594 move kernel shellcode comments to the correct place 2019-09-19 06:05:08 -05:00
Brent Cook d80ad89160 resolve msftidy error 2019-09-19 06:05:08 -05:00
Brent Cook 7e4a99689a remove separate PoC and shellcode files, replaced with new integrated module 2019-09-19 06:05:08 -05:00
Brent Cook 51c0c24c20 add and update documentation from original PoC 2019-09-19 06:05:08 -05:00
Brent Cook fb729b5f11 add bare metal target 2019-09-19 06:05:08 -05:00
Brent Cook 02ba21a0a0 remove WinVer 2019-09-19 06:05:08 -05:00
Brent Cook 4677e0f389 include internal OS version in target names 2019-09-19 06:05:08 -05:00
William Vu cdd3378acc Clean up BlueKeep exploit 2019-09-19 06:05:08 -05:00
Brent Cook e32409b379 merge Win 7/2008 targets 2019-09-19 06:05:08 -05:00
Brent Cook f2c475454a tag targets for Virtualbox, add Windows 2008R2 2019-09-19 06:05:08 -05:00
Brent Cook 15ce66cb02 adjust to ManualRanking 2019-09-19 06:05:08 -05:00
Brent Cook 35e3704526 add current caveats and notes from zerosum0x0 2019-09-19 06:05:08 -05:00
Brent Cook e243e1a50d add a more likely arch with the default fingerprint target 2019-09-19 06:05:08 -05:00
Brent Cook f3a9af2ea8 rename for consistency with scanner module 2019-09-19 06:05:08 -05:00
Brent Cook 855281b0ac add auto-target by default, only scan and show a user message for now 2019-09-19 06:05:08 -05:00
Brent Cook b860cafddf remove 'COMPACT' mode since it's not needed here 2019-09-19 06:05:08 -05:00
Brent Cook 49cb6204e5 explicit short jump no longer needed with relative address fixes 2019-09-19 06:05:08 -05:00
Brent Cook 559901865e add PR ref 2019-09-19 06:05:08 -05:00
Brent Cook 9e321dc30e move hack into fixup code 2019-09-19 06:05:08 -05:00
Brent Cook 9150ab4e1a add pre/post processor phase to address metasm limits 
This adds a pre/post processor phase that allows specifying relative
label offsets when loading effective addresses from metasm-generated
code.
 2019-09-19 06:05:08 -05:00
Brent Cook 6522866071 specify short jump opcodes explicitly 2019-09-19 06:05:08 -05:00
OJ f479ed2d73 Small refactors, comments and tidying up 2019-09-19 06:05:08 -05:00
William Vu 725bff5e2d Add CheckScanner and ForceExploit 2019-09-19 06:05:08 -05:00
Brent Cook 49762084f2 minor cleanup of debug code and remove some fixed encodings (still need a couple) 2019-09-19 06:05:08 -05:00
Brent Cook a529866e1a first working metasm shellcode 2019-09-19 06:05:08 -05:00
Brent Cook 6225c5c31f skip payload encoding, be a bit more self-documenting 2019-09-19 06:05:08 -05:00
Brent Cook 4edf91d0b2 add debug writes (to be removed later) 2019-09-19 06:05:08 -05:00
Brent Cook 121e337e13 fix incorrect bytes in kernel shellcode 2019-09-19 06:05:08 -05:00