 William Vu
|
b1f2fa4e64
|
Don't hardcode body size
|
2019-09-30 14:18:41 -05:00 |
|
|
William Vu
|
ed0b856aac
|
Prefer << over +=
Oops, spending too much time with Python.
|
2019-09-30 14:18:41 -05:00 |
|
|
William Vu
|
255af7f2d3
|
Simplify data count calculation
|
2019-09-30 14:18:41 -05:00 |
|
|
William Vu
|
ade715f88a
|
Update disclosure date to dump date
|
2019-09-30 14:18:41 -05:00 |
|
|
William Vu
|
7417aa8a30
|
Rename module and note kill target in description
|
2019-09-30 14:18:41 -05:00 |
|
|
William Vu
|
0392521887
|
Fix same multiplex ID meaning implant not detected
|
2019-09-30 14:18:41 -05:00 |
|
|
William Vu
|
33d7a2a818
|
Remove SMB::Client::Authenticated
They're fine as advanced options, since this targets a null session.
|
2019-09-30 14:18:41 -05:00 |
|
|
William Vu
|
6b4cf4970e
|
Don't support x86 at the moment
|
2019-09-30 14:18:41 -05:00 |
|
|
William Vu
|
aa2f7d378a
|
Create method for kernel shellcode size
|
2019-09-30 14:18:41 -05:00 |
|
|
William Vu
|
8190e7067a
|
Calculate kernel shellcode size
|
2019-09-30 14:18:41 -05:00 |
|
|
William Vu
|
05b83ff5da
|
Calculate max payload size automagically
|
2019-09-30 14:18:41 -05:00 |
|
|
William Vu
|
8cae04f194
|
Use constant for maximum shellcode size
|
2019-09-30 14:18:41 -05:00 |
|
|
William Vu
|
fb1bb0fd2f
|
Don't use NOPs because Peter would be sad
|
2019-09-30 14:18:41 -05:00 |
|
|
William Vu
|
530bf9bc0c
|
Finish RCE with Jacob's help
|
2019-09-30 14:18:41 -05:00 |
|
|
William Vu
|
3a5a05f3a9
|
Use recently enhanced Rex::Text.xor
|
2019-09-30 14:18:41 -05:00 |
|
|
William Vu
|
90cb0e039f
|
Add DOUBLEPULSAR payload execution
|
2019-09-30 14:18:41 -05:00 |
|
|
dwelch-r7
|
f6eaeaac71
|
Merge remote-tracking branch 'upstream/pr/12316' into HEAD
|
2019-09-26 15:20:45 +01:00 |
|
|
Brent Cook
|
2227903585
|
Land #12313, Add mazda_ic_mover module that moves the instrument cluster
|
2019-09-26 03:50:29 -05:00 |
|
|
Brent Cook
|
c86511722a
|
Land #12258, Update gpp.rb to display GPO name
|
2019-09-26 03:36:28 -05:00 |
|
|
Brent Cook
|
026f9cbd96
|
Land #12354, Remove unused targets from aux and post modules
|
2019-09-25 07:40:06 -05:00 |
|
|
Brent Cook
|
c53346d500
|
Land #12353, Make BlueKeep scanner less chatty by default
|
2019-09-25 07:37:55 -05:00 |
|
|
Shelby Pace
|
4710322cd7
|
Land #11762, add sosreport privesc
|
2019-09-24 09:48:57 -05:00 |
|
|
William Vu
|
2ce3e4f1c4
|
Make BlueKeep scanner's output less chatty
|
2019-09-24 08:49:27 -05:00 |
|
|
dwelch-r7
|
285244e877
|
Remove commented out code
|
2019-09-24 13:51:54 +01:00 |
|
|
dwelch-r7
|
a587668b9e
|
Remove Default targets from aux modules
|
2019-09-24 12:15:43 +01:00 |
|
|
Brent Cook
|
0ed09cc9bf
|
Land #11927, Add Brocade post module and config parser
|
2019-09-24 05:59:21 -05:00 |
|
|
Brent Cook
|
2d1e7ffa2f
|
Land #12349, Add Proxy/header opts to windows/python stageless
|
2019-09-24 05:54:51 -05:00 |
|
|
dwelch-r7
|
fe2b3f8f29
|
Remove targets from post modules
|
2019-09-23 17:26:36 +01:00 |
|
|
Brent Cook
|
b668e1fa5b
|
Land #12283, Add exploit module for CVE-2019-0708 / BlueKeep
|
2019-09-23 11:22:36 -05:00 |
|
|
Brent Cook
|
c0be631bf0
|
tweak groombase for vmware 15.1
|
2019-09-23 11:01:04 -05:00 |
|
|
dwelch-r7
|
134765dc40
|
Remove targets from aux modules
|
2019-09-23 15:29:38 +01:00 |
|
|
OJ
|
3c0cb29a7c
|
Add Proxy/header opts to windows/python stageless
|
2019-09-23 08:45:43 +10:00 |
|
|
h00die
|
5e52f47c17
|
land #12279 resolve_hosts now databases results
|
2019-09-20 17:18:07 -04:00 |
|
|
Brent Cook
|
47a3204e34
|
Land #12295, Update to modbusclient to use modbus read functions 2 and 4
|
2019-09-19 14:47:52 -05:00 |
|
|
Brent Cook
|
acb351ac44
|
add a few more vmware targets (emphasising the fragility here)
|
2019-09-19 07:02:02 -05:00 |
|
|
Brent Cook
|
67ee46ec03
|
add additional target, set default target GROOMSIZE to 100M (thanks aconite33)
|
2019-09-19 06:05:08 -05:00 |
|
|
Brent Cook
|
8138e2f185
|
remove email
|
2019-09-19 06:05:08 -05:00 |
|
|
Brent Cook
|
458dc59594
|
move kernel shellcode comments to the correct place
|
2019-09-19 06:05:08 -05:00 |
|
|
Brent Cook
|
d80ad89160
|
resolve msftidy error
|
2019-09-19 06:05:08 -05:00 |
|
|
Brent Cook
|
7e4a99689a
|
remove separate PoC and shellcode files, replaced with new integrated module
|
2019-09-19 06:05:08 -05:00 |
|
|
Brent Cook
|
51c0c24c20
|
add and update documentation from original PoC
|
2019-09-19 06:05:08 -05:00 |
|
|
Brent Cook
|
fb729b5f11
|
add bare metal target
|
2019-09-19 06:05:08 -05:00 |
|
|
Brent Cook
|
02ba21a0a0
|
remove WinVer
|
2019-09-19 06:05:08 -05:00 |
|
|
Brent Cook
|
4677e0f389
|
include internal OS version in target names
|
2019-09-19 06:05:08 -05:00 |
|
|
Brent Cook
|
fec749d3b2
|
perform fingerprinting in scanner
|
2019-09-19 06:05:08 -05:00 |
|
|
William Vu
|
de34bc484e
|
Ensure rdp_disconnect in rdp_scanner
|
2019-09-19 06:05:08 -05:00 |
|
|
William Vu
|
cdd3378acc
|
Clean up BlueKeep exploit
|
2019-09-19 06:05:08 -05:00 |
|
|
Brent Cook
|
e32409b379
|
merge Win 7/2008 targets
|
2019-09-19 06:05:08 -05:00 |
|
|
Brent Cook
|
ab631044af
|
adjust rdp fingerprint code to match self.rdp_sock changes in exploit mixin
|
2019-09-19 06:05:08 -05:00 |
|
|
Brent Cook
|
f2c475454a
|
tag targets for Virtualbox, add Windows 2008R2
|
2019-09-19 06:05:08 -05:00 |
|