adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
53,692 Commits 27 Branches 1,043 Tags
9b9d3013a40698890d473360ac94de945e76200d
Commit Graph

404 Commits

Author SHA1 Message Date
Brendan Coles 991ccdbda5 Land #12106, Add Linux PTRACE_TRACEME local root exploit 2019-10-23 14:01:14 +00:00
Tim W 8c93b219d1 fix compile.rb and rubocop 2019-10-23 20:54:42 +08:00
Tim W 7ff71819e9 add architecture check to check method 2019-10-23 20:38:55 +08:00
Tim W 3b5d0b98e7 add a basic check method using loginctl 2019-10-23 19:50:19 +08:00
Tim W 4d4754a389 feedback from bcoles 2019-10-10 13:30:31 +08:00
h00die 905eb17132 begining to fix spelling errors 2019-10-05 14:26:34 -04:00
Shelby Pace 4710322cd7 Land #11762, add sosreport privesc 2019-09-24 09:48:57 -05:00
Tim W 5123fdbb5e s/pkexec_helper_ptrace/ptrace_traceme_pkexec_helper/g 2019-09-06 01:00:44 +08:00
Tim W bade8bfc48 add live compiling 2019-09-03 17:31:04 +08:00
h00die ea50149ba7 land #12212 linux LPE ktsuss exploit 2019-09-02 13:32:45 -04:00
h00die 4b9e748882 ktsuss misc fixes 2019-09-02 13:31:30 -04:00
h00die 5b89c221f0 land #11799 linux local priv esc for cached sudo privs 2019-09-02 11:12:21 -04:00
Shelby Pace 413cd7194d Land #12064, add Exim Local Privesc module 2019-08-23 12:23:53 -05:00
Brendan Coles ca82e6cd25 Add ktsuss suid Privilege Escalation module 2019-08-19 13:28:02 +00:00
Brendan Coles 9fdee466ca Update ptrace_sudo_token_priv_esc 2019-08-10 07:03:23 +00:00
Tim W 979681443c add rudimentary check method 2019-08-06 14:48:37 +08:00
Tim W b35b4674d0 fix forking behaviour 2019-08-06 14:17:28 +08:00
Tim W f48d1b1231 add more links 2019-08-06 13:54:15 +08:00
Adam Cammack cf9b94a964 Set needs_cleanup flag for exploits that need it 
The `needs_cleanup` flag needs to be set per-module when an exploit
needs an interactive session to clean up. Some `FileDropper` exploits
need additional cleanup to what the mixin provides, but since all
`FileDropper`s already mark themselves as needing cleanup those are not
covered here. A few of these could potentially be refactored to use the
original exploitation method to clean up or to compile the list of
files/commands to clean up ahead of time, but that is out of the scope
of this fix.
 2019-08-02 10:23:53 -05:00
Adam Cammack 5e64f8560a Fix whitespace 2019-08-02 10:23:41 -05:00
Tim W b258b8270e fix #12104, add CVE-2019-13272 PTRACE_TRACEME linux local exploit 2019-07-19 13:24:13 +08:00
Guillaume Andre 395e4d2424 Update documentation. Register options by alphabetical order. 
Change-Id: I46bb3701107a504dddbf030e0345d7adc83bafac
 2019-07-18 10:45:44 +01:00
yaumn e51138fa4b Establish a tcp connection to check for the exim version. 2019-07-13 22:45:21 +01:00
yaumn 764a4a0692 Improve check regex 2019-07-13 19:57:03 +01:00
yaumn e2a9907e99 Add SendExpectTimeout option 2019-07-13 19:55:12 +01:00
yaumn f465e43e34 Change tcp communication with meterpreter 2019-07-13 19:25:34 +01:00
Guillaume Andre 60dbbb0455 Ensure temp files are deleted in every case 
Change-Id: I53401e4bcce887048f433743a965421f93d699ba
 2019-07-12 12:20:37 +01:00
Guillaume Andre 642a71383d Classic shell exploit now uses a bash script 
Change-Id: I770cf9bcae5c5a265c19f2dc9e4a512e30705b6c
 2019-07-11 17:01:23 +01:00
Guillaume Andre 565e18cbe8 Add a few checks 
Change-Id: Ieca129a54d2105bf646e6f848cb5ecec804c372f
 2019-07-11 14:20:21 +01:00
yaumn 435240ed41 Update modules/exploits/linux/local/exim4_deliver_message_priv_esc.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-07-10 17:24:48 +01:00
yaumn 074c73236a Update modules/exploits/linux/local/exim4_deliver_message_priv_esc.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-07-10 17:24:32 +01:00
yaumn 7812e0037b Update modules/exploits/linux/local/exim4_deliver_message_priv_esc.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-07-10 17:24:13 +01:00
yaumn af89433c1d Update modules/exploits/linux/local/exim4_deliver_message_priv_esc.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-07-10 17:23:50 +01:00
yaumn 9ffbfe0985 Update modules/exploits/linux/local/exim4_deliver_message_priv_esc.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-07-10 17:23:38 +01:00
yaumn a06dffa174 Update modules/exploits/linux/local/exim4_deliver_message_priv_esc.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-07-10 17:22:52 +01:00
Guillaume Andre 5d52b0326b Add better checks at the beginning of the exploit. 
Change-Id: Ib80907f03f15b6c0cf32b48f059cf042e4d6a91f
 2019-07-10 11:33:09 +01:00
Guillaume Andre b68383141c Added Qualys and dhn to credits. Set suid bit of payload instead of shell launcher. Print detected exim version 
Change-Id: I61805a4d2b6f7f8a268b677c3c6f1d76ada034da
 2019-07-09 16:51:14 +01:00
yaumn df46faf71f Finish documentation. Exploit is stable. 2019-07-07 23:58:29 +01:00
yaumn 7b2a1b67ed Add a documentation file 2019-07-07 00:25:54 +01:00
yaumn a5843e48a9 Basic reverse shell does not disconnect anymore 2019-07-06 00:53:33 +01:00
Guillaume Andre 4c2cacd7d6 Add meterpreter support 2019-07-05 16:53:39 +01:00
yaumn 2c8ad0e357 First tests with meterpreter sockets 2019-07-05 01:04:15 +01:00
yaumn 74eb74e606 Pipe method with netcat now works 2019-07-04 23:15:23 +01:00
Guillaume Andre e4c27d3eab Clean pipe file 
Change-Id: Ibc78639ad44eb56ffa26fcfb4f656b5a78dbf76a
 2019-07-04 16:20:13 +01:00
Guillaume Andre 3c0b581371 Clean code 
Change-Id: I83287dcd52c4ba566396a0ff7e4f3c3125d12bb0
 2019-07-04 16:16:27 +01:00
Guillaume Andre 9b378ceb71 Add options. Add pipe netcat method 
Change-Id: I0c401add1c2ff76e3e2c3d82a8fb7f74db405a1f
 2019-07-04 15:02:03 +01:00
yaumn bddfef0cac Add options. Exploits now works with both setuid and nc methods 2019-07-04 00:16:28 +01:00
yaumn bb58160d10 Exploits now also works with netcat 2019-07-03 14:30:23 +01:00
yaumn 4f1d9af5fd Add netcat method (still buggy though) 2019-07-03 14:30:23 +01:00
Guillaume Andre a2411a1d63 First version of the exploit is now working 
Change-Id: Idf6b6d773cf71c477fe68885313f5f98d74d9c11
 2019-07-03 14:30:23 +01:00