adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,254 Commits 27 Branches 1,043 Tags
94de5a4e42cfb1dc0fdfc1233707f71b6d9a628b
Commit Graph

23791 Commits

Author SHA1 Message Date
root 33ddef9303 Add documentation, add configurable depth path 2017-05-26 16:14:03 +02:00
wchen-r7 162a660d45 Remove the old windows/fileformat/office_word_macro 
windows/fileformat/office_word_macro.rb has been deprecated and
it should have been removed on March 16th.

If you want to create a Microsoft Office macro exploit, please
use the multi/fileformat/office_word_macro exploit instead, which
supports multiple platforms, and will support template injection.
 2017-05-26 07:33:46 -05:00
wchen-r7 04a701dba5 Check template file extension name 2017-05-26 07:31:34 -05:00
HD Moore 072ab7291c Add /tank (from ryan-c) to search path 2017-05-26 06:56:41 -05:00
Tim 1582d3a902 support i386 2017-05-26 15:55:42 +08:00
wchen-r7 2835c165d7 Land #8390, Add module to execute powershell on Octopus Deploy server 2017-05-25 17:33:07 -05:00
wchen-r7 330526af72 Update check method 2017-05-25 17:30:58 -05:00
William Vu ae22b4ccf4 Land #8450, Samba is_known_pipename() exploit 2017-05-25 16:36:28 -05:00
HD Moore 1474faf909 Remove ARMLE for now, will re-PR once functional 2017-05-25 16:14:35 -05:00
HD Moore 2ad386948f Small cosmetic typo 2017-05-25 16:10:37 -05:00
HD Moore 18a871d6a4 Delete the .so, add PID bruteforce option, cleanup 2017-05-25 16:03:14 -05:00
wchen-r7 ee13195760 Update office_word_macro exploit to support template injection 2017-05-25 15:53:45 -05:00
David Maloney 0b0e2f64ca update SMB1 "Freehole" packet 
the 'Freehole' packet is now generated with
RubySMB and sent by the client, rather than raw bytes
sent over the bare socket
 2017-05-25 13:43:16 -05:00
nks 1a8961b5e3 fied typo 2017-05-25 19:14:59 +02:00
David Maloney bc8ad811aa remove old anonymous login packet 
we are now using the anonymous login from the
RubySMB client we no longer need this method to
manually build the packet
 2017-05-25 10:49:42 -05:00
David Maloney 238052a18b use RubySMB client echo 
replaced the manually created echo packet
with the RubySMB client echo command
 2017-05-25 10:47:14 -05:00
HD Moore cf7cfa9b2c Add check() implementation based on bcoles notes 2017-05-25 09:49:45 -05:00
Borja Merino 7077ac0523 Meterpreter Post-exploitation module to mount vmdk files 2017-05-25 11:47:04 +02:00
itsmeroy2012 92a1a3ecf7 Adding for loop instead of while, removing 'counter' 2017-05-25 15:09:34 +05:30
HD Moore 0520d7cf76 First crack at Samba CVE-2017-7494 2017-05-24 19:42:04 -05:00
David Maloney 4ffe666b52 improve the cred fallback 
we might get a successful sessionsetup
but a failure on IPC$ due to anonymous access
 2017-05-24 17:36:07 -05:00
David Maloney 4c02b7b13a added credentialed fallback 
if anonymous login is blocked, then the user can
supply credentials for the exploit to try as a fallback
 2017-05-24 16:09:51 -05:00
David Maloney dc67fcd5a8 use RubySMB for anonymous login 
use the new anonymous login capabilities in
RubySMB
 2017-05-24 15:40:05 -05:00
juushya af4eafdf70 Updated module and doc 2017-05-24 06:33:08 +05:30
William Vu e4ea618edf Land #8419, ETERNALBLUE fixes (round two) 
Hope I resolved the conflicts correctly.
 2017-05-23 17:03:21 -05:00
William Vu 46eb6bdf62 Land #8399, ETERNALBLUE fixes (round one) 2017-05-23 16:51:19 -05:00
William Vu f80c3aa3f4 Correct absolute path 2017-05-23 16:50:25 -05:00
bwatters-r7 461649ed34 Land #8378, Add check in archmigrate to prevent privdesc 2017-05-23 14:37:29 -05:00
Carter c73e7673b1 Please the rubocop god 2017-05-23 15:13:55 -04:00
Carter e945773576 Update archmigrate.rb 2017-05-23 14:40:42 -04:00
Matthew Daley 52363aec13 Add module for CVE-2017-8895, UAF in Backup Exec Windows agent 
This module exploits a use-after-free vulnerability in the handling of
SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for
Windows. When SSL is re-established on a NDMP connection that previously
has had SSL established, the BIO struct for the connection's previous
SSL session is reused, even though it has previously been freed.

Successful exploitation will give remote code execution as the user of
the Backup Exec Remote Agent for Windows service, almost always
NT AUTHORITY\SYSTEM.
 2017-05-24 00:18:20 +12:00
Tim d333077308 osx meterpreter 2017-05-23 14:23:22 +08:00
Jeffrey Martin b7b1995238 Land #8274, Wordpress admin upload check 2017-05-22 22:08:32 -05:00
Jeffrey Martin 5395d8f17c update python stageless payload sizes 2017-05-22 18:21:13 -05:00
Jeffrey Martin d69bfd509f store the credential using the new store_valid_credential 2017-05-22 15:08:03 -05:00
amaloteaux 93bb47d546 msftidy fix 2017-05-22 19:27:15 +01:00
amaloteaux 092e7b96b8 typo 2017-05-22 17:27:50 +01:00
amaloteaux 74c08cebee Add bypassuac fodhelper module for Windows 10 2017-05-22 17:25:17 +01:00
William Webb 467f1ce0ca Land #8411, Buffer overflow in VXSearch Enterprise v9.5.12 2017-05-22 07:37:31 -05:00
Christian Mehlmauer b5caeb29dd only support for 32bit so far 2017-05-22 12:30:52 +02:00
HD Moore 036f063988 Fix a stack trace when no SMB response is received 2017-05-19 16:24:41 -05:00
Pearce Barry a6f416e8df Land #8290, Hwbridge Automotive Fix and Extension Enhancements 2017-05-19 13:46:54 -05:00
lincoln b76229b5f7 removed unessessary line 2017-05-18 19:15:49 -07:00
lincoln 7ca0fe5a68 Added make_junk function 2017-05-18 19:06:09 -07:00
James Lee 4def7ce6cc Land #8327, Simplify storing credentials 2017-05-18 16:49:01 -05:00
Daniel Teixeira c1624d0967 VX Search Enterprise GET Buffer Overflow 2017-05-18 17:12:47 +01:00
zerosum0x0 bdf121e1c0 x86 kernels will safely ret instead of BSOD 2017-05-17 23:48:14 -06:00
zerosum0x0 d944bdfab0 expect 0xC00000D 2017-05-17 23:05:20 -06:00
zerosum0x0 646ca14375 basic OS verification, ghetto socket read code 2017-05-17 22:48:45 -06:00
wchen-r7 c0bf2cc6e7 Land #8401, Buffer Overflow on Sync Breeze Enterprise 9.4.28 2017-05-17 23:39:50 -05:00