adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
44,717 Commits 27 Branches 1,043 Tags
a87ae41d81d680b3ea202ff3c59ff3c052d273a7
Commit Graph

849 Commits

Author SHA1 Message Date
bwatters-r7 2ea9ab2625 Land #9416, Sync Breeze Enterprise 9.5.16 Import Command buffer overflow 
Merge branch 'land-9416' into upstream-master
 2018-01-24 17:13:16 -06:00
Wei Chen b99663fb6c Bring #9282 up to date with upstream-master 2017-12-13 13:16:30 -06:00
Austin 5a81f8091d change some options for somethinf for sensible 2017-12-07 14:44:36 -05:00
Austin 335cc13cab remove option, advanced Message seems to break it. 2017-12-07 14:17:14 -05:00
Austin 7bdc99a153 Fix HANDLER + some default options! 2017-12-07 13:53:39 -05:00
Austin 09aa433fdc Add MESSAGE field for "obfuscation" 2017-12-07 08:04:31 -05:00
Austin 8bb6a8f47c Rename office_dde_delivery to office_dde_delivery.rb 2017-12-06 22:40:37 -05:00
Austin 9d11c60d88 Office DDE Payload Delivery 
Generate / Inject existing RTF files with DDE Payloads!
 2017-12-06 21:41:00 -05:00
William Webb adba277be0 axe errant spaces at EOL 2017-12-04 16:57:48 -08:00
William Webb 69b01d26bb Land #9226, Microsoft Office OLE object memory corruption 2017-12-04 16:50:27 -08:00
Austin b96dac28d5 fix info segment 2017-12-04 16:42:41 -05:00
Austin c788e4e540 Update office_ms17_11882.rb 2017-12-01 11:36:03 -05:00
Austin 7df46b33e8 disassembly ASM 2017-12-01 08:03:56 -05:00
Austin 2544b4d8db Change target name 2017-11-28 21:39:04 -05:00
Austin cb7f173811 Update office_ms17_11882.rb 2017-11-28 21:36:25 -05:00
Austin 960893b99d change default payload 2017-11-22 06:36:46 -05:00
Austin 275f70e77e better saving 2017-11-21 19:34:04 -05:00
Austin db4c0fcca9 spelling 2017-11-21 19:02:14 -05:00
Austin fcea6fd8d4 actually create new file ;-; 2017-11-21 15:00:06 -05:00
Austin 39a4d193a1 Create office_ms17_11882.rb 2017-11-21 14:47:02 -05:00
William Vu b7c604f941 Land #9189, s/patrick/aushack/g 2017-11-08 10:27:03 -06:00
Patrick Webster 2f6da89674 Change author name to nick. 2017-11-09 03:00:24 +11:00
Spencer McIntyre 70033e2b94 Enable the payload handler by default 2017-11-02 12:31:54 -04:00
Spencer McIntyre e4d99a14b6 Fix EXITFUNC back to process for the RCE too 2017-10-05 11:38:08 -04:00
Spencer McIntyre 825ad940e6 Update the advanced option names and a typo 2017-10-05 10:16:31 -04:00
Spencer McIntyre 482ce005fd Update the advanced option names and a typo 2017-10-05 10:11:00 -04:00
Spencer McIntyre f2f48cbc8f Update the CVE-2017-8464 module 2017-09-30 18:25:16 -04:00
Pearce Barry 8de6fa79c1 Tweakz, yo. 2017-09-22 18:49:09 -05:00
h00die 30f833f684 80 pages left 2017-09-13 22:03:34 -04:00
Brent Cook 367c760927 window move is now directly in the template 2017-08-20 17:48:59 -05:00
Brent Cook e734a7923a Land #8267, Handle multiple entries in PSModulePath 2017-08-20 17:44:30 -05:00
Brent Cook da3ca9eb90 update some documentation 2017-08-03 17:09:44 -05:00
Brent Cook ddd841c0a8 code style cleanup + add automatic targeting based on payload 2017-08-03 00:27:54 -05:00
Brent Cook b62429f6fa handle drive letters specified like E: nicely 2017-08-03 00:27:22 -05:00
Yorick Koster 46ec04dd15 Removed This PC ItemID & increased timeout in WaitForSingleObject 
Remove the This PC ItemID to bypass (some) AV.

Timeout for WaitForSingleObject is set to 2,5s. After this timeout a
mutex is released allowed a new payload to be executed.
 2017-08-02 15:47:22 -05:00
Yorick Koster e51e1d9638 Added new DLL templates to prevent crashing of Explorer 2017-08-02 15:47:21 -05:00
Yorick Koster 3229320ba9 Code review feedback from @nixawk 2017-08-02 15:46:51 -05:00
Yorick Koster 565a3355be CVE-2017-8464 LNK Remote Code Execution Vulnerability 
This module exploits a vulnerability in the handling of Windows
Shortcut files (.LNK) that contain a dynamic icon, loaded from a
malicious DLL.

This vulnerability is a variant of MS15-020 (CVE-2015-0096). The
created LNK file is similar except in an additional
SpecialFolderDataBlock is included. The folder ID set in this
SpecialFolderDataBlock is set to the Control Panel. This is enought to
bypass the CPL whitelist. This bypass can be used to trick Windows into
loading an arbitrary DLL file.
 2017-08-02 15:46:30 -05:00
mr_me bf4dce19fb I added the SSD advisory 2017-07-24 14:25:10 -07:00
mr_me b099196172 deregistered SSL, added the HTA dodgy try/catch feature 2017-07-24 10:28:03 -07:00
mr_me 17b28388e9 Added the advisory, opps 2017-07-24 10:09:21 -07:00
mr_me 14ca2ed325 Added a icon loading trick by Brendan 2017-07-24 10:06:20 -07:00
mr_me b2a002adc0 Brendan is an evil genius\! 2017-07-24 09:58:23 -07:00
mr_me cc8dc002e9 Added CVE-2017-7442 2017-07-24 08:21:59 -07:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
g0tmi1k ef826b3f2c OCD - print_good & print_error 2017-07-19 12:48:52 +01:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
g0tmi1k 3d4feffc62 OCD - Spaces & headings 2017-07-19 11:04:15 +01:00
g0tmi1k 4720d1a31e OCD fixes - Spaces 2017-07-14 08:46:59 +01:00
g0tmi1k fd843f364b Removed extra lines 2017-07-14 08:17:16 +01:00