metasploit-gs

Author	SHA1	Message	Date
Christophe De La Fuente	17c393f101	Land #14046 , Adding juicypotato-like privilege escalation exploit for windows	2021-01-06 16:02:05 +01:00
C4ssandre	57c57a398d	Adding new check to filter out Windows 7 and Windows XP. Indeed, lab experiments has shown that BITS does not attempt to connect to WinRM port, making those systems not vulnerable.	2020-12-19 02:51:48 +01:00
Tim W	a30cdfc892	Fix #14254 , Add CVE-2020-1054, win32k DrawIconEx OOB Write LPE	2020-12-14 14:54:54 +00:00
C4ssandre	e02451fe13	Fixing mistake in doc.	2020-12-11 04:53:37 -05:00
C4ssandre	9c9e8929af	Adding a scenario.	2020-12-11 04:50:53 -05:00
C4ssandre	53a12a7984	Updating doc.	2020-12-11 03:53:25 -05:00
Brendan Coles	a9e231ad0a	Use CVE-2020-5752 path traversal bypass for CVE-2019-3999	2020-12-10 12:14:47 +00:00
C4ssandre	c005492ee9	Updating doc.	2020-12-10 00:58:53 -05:00
Spencer McIntyre	6d7c6c054a	Update the module docs with more details for the registry technique	2020-12-08 17:39:34 -05:00
C4ssandre	c86f93b9c0	Updating list of tested machines.	2020-12-07 21:38:42 -05:00
C4ssandre	f901e91d70	Fixing markdown content and formatting issues. Markdown is not yet complete and will need additional modification when other changes will be brought to ruby module and C dll.	2020-11-30 14:12:57 +00:00
Spencer McIntyre	cbc5899edf	Add module docs for the Service Permissions LPE module	2020-11-19 14:17:20 -05:00
Che5hireC4t	996f58da26	Adding a documentation file.	2020-10-28 18:54:38 +01:00
Tim W	87104a7236	Update docs and make them msftidy_docs.rb compliant	2020-10-15 10:59:46 -05:00
Grant Willcox	59f74438da	Rename the LPE exploit to a more appropriate name since their could be future bugs in NtUserMessageCall and also update the description info a bit more	2020-10-15 10:59:44 -05:00
Grant Willcox	f2899186e4	Add in first round of initial updates to fix review comments	2020-10-15 10:59:40 -05:00
Tim W	dcc322436b	Update documentation files and module description to more accurately describe what the cause of the LPE bug for CVE-2019-1458 is. also apply RuboCop edits.	2020-10-15 10:58:58 -05:00
Tim W	00d209425b	add documentation	2020-10-15 10:58:08 -05:00
h00die	15bb690308	fix vulnerability spelling	2020-10-04 13:00:48 -04:00
bwatters	3aeeede4a6	Land #14187 , Added CVE-2020-3433 module Merge branch 'land-14187' into upstream-master	2020-09-29 13:41:33 -05:00
Shelby Pace	f0f4da2b1e	Land #14157 , Windows update orchestrator privesc	2020-09-25 16:07:27 -05:00
Antoine GOICHOT	fef88f27eb	Added CVE-2020-3433 module	2020-09-25 23:04:58 +02:00
Shelby Pace	2111865acf	remove stray backtick	2020-09-25 16:04:46 -05:00
bwatters	2ed72007e0	Typos and cleanup	2020-09-25 12:27:55 -05:00
bwatters	6cf3c0491f	Add documentation	2020-09-22 12:16:29 -05:00
bwatters	198f3905ae	Logic errors and typos	2020-09-16 11:17:39 -05:00
bwatters	ce8033714d	remove copy/pasta code and fix version check	2020-09-16 11:17:39 -05:00
bwatters	c2e2a4fe2c	More Rubocop, add documentation, and typo fix	2020-09-16 11:17:39 -05:00
gwillcox-r7	593945ee61	Update module documentation with more detail r.e affected versions and the fact that the use of UNC paths could cause an issue if they are not typed in correctly. Also update the module documentation to use the output from recent tests to reflect recent changes. Shortern the module description and update its stability rating. Finally add in a reliability rating for the exploit module.	2020-09-10 11:32:45 -05:00
gwillcox-r7	7e1560ff26	Update documentation with the installation instructions I mentioned in the GitHub comments. Also RuboCop the exploit module code.	2020-09-10 11:32:18 -05:00
gwillcox-r7	d0fe87fbf6	Update documentation with some updated info about potentially bad situations the module could run into, and also include some new documentation on the new option we have added in to try to prevent this from happening	2020-09-10 11:32:18 -05:00
ide0x90	c4d463e921	Added option to generate standalone DLL.	2020-09-10 11:32:18 -05:00
ide0x90	53f3b70b33	Changed DLL so that it doesn't block the DNS service from stopping after the module executes. Added OS check (>= Server 2003 is vulnerable so far). Now cleans up dropped DLL and modified registry value.	2020-09-10 11:32:18 -05:00
ide0x90	7701ea1bc8	Compile DLL so that the DNS service doesn't crash when the module is run.	2020-09-10 11:32:18 -05:00
ide0x90	151fdb7ea5	Reduced exploit ranking and added check to see if session is elevated.	2020-09-10 11:32:18 -05:00
ide0x90	d1e9039af4	Initial module and documentation for Microsoft Windows DNS ServerLevelPluginDll abuse	2020-09-10 11:31:51 -05:00
gwillcox-r7	0dde85f562	Land #13739 , Cisco AnyConnect Priv Esc via Path Traversal	2020-06-24 17:47:52 -05:00
gwillcox-r7	15de510623	Add in RuboCop and msftidy_docs.rb fixes	2020-06-24 17:19:21 -05:00
Christophe De La Fuente	5f64444d4f	Update module and documentation from code review	2020-06-24 23:34:26 +02:00
Christophe De La Fuente	3997dbdade	Updates from code review	2020-06-22 16:06:09 +02:00
Christophe De La Fuente	2e33241a90	Update module and add documentation	2020-06-19 20:17:11 +02:00
Shelby Pace	1cb57a7e79	Land #13444 , add GOG Galaxy Client Privesc	2020-06-15 08:53:12 -05:00
Shelby Pace	801ef062a1	modify docs for new output	2020-06-15 08:42:27 -05:00
gwillcox-r7	d0ff2b116a	Add in some changes to the documentation to conform to linting standards	2020-06-10 23:22:43 -05:00
gwillcox-r7	9db73454aa	Update documentation to better describe the versions tested	2020-06-10 18:52:49 -05:00
gwillcox-r7	542581a377	Update documentation to reflect recent changes to the exploit	2020-06-10 12:22:00 -05:00
gwillcox-r7	d6b5a1009d	Add in Windows 10 v1803 x64 exploit documentation	2020-06-10 11:02:53 -05:00
gwillcox-r7	477418539b	Upload documentation	2020-06-10 11:02:51 -05:00
Joe Testa	5508bda29e	Moved module into exploit/windows/local. Added documentation.	2020-05-18 17:09:10 -04:00
bwatters-r7	9b40554ec6	Land #13370 , Add Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation Merge branch 'land-13370' into upstream-master	2020-05-12 13:20:27 -05:00

1 2 3 4

169 Commits