adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
53,692 Commits 27 Branches 1,043 Tags
9b9d3013a40698890d473360ac94de945e76200d
Commit Graph

935 Commits

Author SHA1 Message Date
Brent Cook aadfb843bb add module move metadata 2019-10-08 13:18:47 -05:00
h00die 9f29f5f419 fix spelling received 2019-10-05 14:40:27 -04:00
bwatters-r7 8142f22f6e shutup, rubocop 2019-10-02 14:50:00 -05:00
bwatters-r7 477a70934f Fix copy/pasta error in options 2019-10-01 10:10:51 -05:00
bwatters-r7 273e8b6a82 Add image execute options persistence module 2019-09-30 16:34:43 -05:00
h00die 054a092eb2 fix references in bypassuac modules 2019-09-08 00:42:21 -04:00
h00die 78c4bfee95 add url for fodhelper 2019-09-08 00:33:16 -04:00
bwatters-r7 17acaf9720 Land #12226, fix #11574, add WSReset.exe UAC Bypass 
Merge branch 'land-12226' into upstream-master
 2019-09-06 09:19:24 -05:00
Tim W 1a717a5624 minor fixes 2019-09-06 02:11:06 +08:00
Tim W cc9d9bb483 s/bypassuac_windows_store/bypassuac_windows_store_filesys/g 2019-09-06 00:52:13 +08:00
bwatters-r7 481c13ea0f Rubocop changes 2019-09-05 11:44:00 -05:00
bwatters-r7 cf3f6c90f8 Renamed file to make room for the other UAC bypass targeting the same exe 2019-09-05 11:35:10 -05:00
bwatters-r7 b876afa20f Fixed up the code before pushing it. 2019-09-05 11:33:05 -05:00
bwatters-r7 9281c0de12 Add some missing pieces to the UAC pypass? 2019-09-04 17:03:32 -05:00
Tim W cd13a83eb2 add arch check 2019-08-31 20:54:18 +08:00
Tim W ea3e2c1047 fix #11574, add WSReset UAC Bypass 2019-08-24 13:35:40 +08:00
William Vu 32334c2386 Update all module splats from http:// to https:// 2019-08-15 18:10:44 -05:00
Adam Cammack cf9b94a964 Set needs_cleanup flag for exploits that need it 
The `needs_cleanup` flag needs to be set per-module when an exploit
needs an interactive session to clean up. Some `FileDropper` exploits
need additional cleanup to what the mixin provides, but since all
`FileDropper`s already mark themselves as needing cleanup those are not
covered here. A few of these could potentially be refactored to use the
original exploitation method to clean up or to compile the list of
files/commands to clean up ahead of time, but that is out of the scope
of this fix.
 2019-08-02 10:23:53 -05:00
Wei Chen 27bb166938 Land #12011, Add module for cve-2018-8453 2019-07-15 11:31:07 -05:00
Jacob Robles 5c0bbbbaa0 Land #12070, Add module for CVE-2019-0841 2019-07-15 09:32:47 -05:00
William Vu e6300bfd63 Fix cmd_psh_payload requiring an arch string 
We may want to update Rex::Powershell to take the first in an array.
 2019-07-09 17:43:23 -05:00
Shelby Pace 70d67f1dbb merged write_to_disk and load_dll_with_diaghub 2019-07-09 11:39:38 -05:00
Shelby Pace 86d0d1d153 remove validate_target 2019-07-09 10:52:02 -05:00
Shelby Pace f7aa6d79d7 Update modules/exploits/windows/local/appxsvc_hard_link_privesc.rb 
Co-Authored-By: @shellfail <jrobles@rapid7.com>
 2019-07-09 10:47:57 -05:00
Shelby Pace c647d0ba52 made suggested change to write_payload 2019-07-09 10:46:46 -05:00
Shelby Pace 096857d1ad swap check codes 2019-07-09 10:01:49 -05:00
Jacob Robles a55aea33a9 Add cve-2018-8453 exploit module 2019-07-09 07:15:13 -05:00
Shelby Pace ccdb7ba262 remove unused variable 2019-07-08 12:57:47 -05:00
Shelby Pace f0f1a41ba5 add documentation and module 2019-07-08 12:49:22 -05:00
William Vu 5e04ab2e66 Add lokiuox to bypassuac_silentcleanup authors 
Looks like they were removed by accident.
 2019-07-02 12:36:07 -05:00
William Vu 1503dcd168 Land #11997, SilentCleanup UAC bypass 2019-06-27 11:52:56 -05:00
William Vu 6f1aaac70e Add enigma0x3 and fix nyshone69 researchers 2019-06-27 11:38:34 -05:00
William Vu 7b0aac72ec Fix missing is_in_admin_group? method 
This was missed in the refactor, since admin_group was removed.
 2019-06-27 11:16:49 -05:00
Jeff McJunkin 2927fd5dc8 Update bypassuac_sluihijack: Fix typo 2019-06-26 14:25:32 -07:00
Carter Brainerd 5e8b076714 Final review changes 2019-06-25 07:21:08 +02:00
Carter Brainerd d2dc5f6077 Review changes 2019-06-22 00:18:44 -04:00
Carter Brainerd d90dba5d6e Hopefully final msftidy fixes 2019-06-20 17:03:38 -04:00
Carter Brainerd 1a877abe09 Msftidy was not happy 2019-06-20 14:50:56 -04:00
Carter Brainerd 534e2bc405 Make the darn thing work 2019-06-20 14:40:46 -04:00
Carter Brainerd fded7fb922 Create bypassuac_silentcleanup.rb 2019-06-20 13:53:54 -04:00
Shelby Pace d818a27a7c added check, path for diaghub exploit 2019-06-19 16:14:02 -05:00
Shelby Pace 76ef689827 add hard link creation code 2019-06-06 15:58:44 -05:00
Brent Cook 53557cc92e replace trivial usage of expand_path with getenv 
expand_path is not implemented consistently across platforms and
sessions, which leads to confusing behavior. In places where we have trivial
single variable expansions, this changes modules and library code to just use
getenv.

We'll look at the rest individually to see if they can also be reimplemented in
terms of getenv.
 2019-05-31 17:44:35 -05:00
William Vu 496f270b30 Update use_single_quotes to wrap_double_quotes 2019-03-29 18:14:56 -05:00
phra e69d509bdf chore: update description and ranking 2019-01-12 04:32:21 +01:00
phra 3a865a0c05 feat: spawn as NT AUTHORITY\SYSTEM 2019-01-12 04:03:26 +01:00
phra 149f895329 feat: add LOGFILE support for debug 2019-01-11 18:21:54 +01:00
phra dca99552e6 feat: pass payload length to the dll 2019-01-11 16:28:49 +01:00
phra 7653d64c4a fix: improve exploit check 2019-01-11 15:38:57 +01:00
phra dc2d3c5774 feat: add juicy potato post module, fixes #11229 2019-01-10 17:20:43 +01:00