b40fc5afa8
chore: update author information in poolparty shellcode 32-bit
2026-01-08 12:20:43 +01:00
c5fd212334
docs: add poolparty 32-bit, update poolparty 64-bit stubs
2026-01-08 05:15:28 -05:00
4774c03888
docs: removing unused sources
2026-01-08 04:46:05 -05:00
98f0183805
fix(sources): fixed poolparty stub to graceful exit after callback
2024-09-25 08:10:53 -04:00
3a4b5eb372
feat(sources): including shellcodes used during pool-party injection
2024-09-25 05:14:58 -04:00
7bfd814297
Removed memory polling
2024-08-30 12:52:18 -07:00
b011b67f80
Responded to comments
2024-08-29 22:25:20 -07:00
b32234382e
Add correct missing file
2024-08-29 18:53:39 -04:00
e40f6cb785
Add missing file
2024-08-29 08:38:08 -04:00
f6378913c3
Merge branch 'win-kernel-lpe-cve-2024-30038' of github.com:jheysel-r7/metasploit-framework into win-kernel-lpe-cve-2024-30038
2024-08-22 13:07:30 -07:00
6689614d8f
Responded to comments
2024-08-22 13:06:29 -07:00
bde9fca9e4
Apply suggestions from code review
2024-08-22 02:35:21 -04:00
31348dac33
Windows LPE CVE-2024-30088
2024-08-21 23:16:37 -07:00
636c72965c
Land #19084 , Add CVE-2022-1373 and CVE-2022-2334 exploit chain
...
Merge branch 'land-19084' into upstream-master
2024-07-19 12:22:25 -05:00
afd4b8af2e
Remove x86 things, include AutoCheck
2024-04-19 22:49:40 +08:00
6268235cd3
Add CVE-2022-1373 and CVE-2022-2334 exploit chain
2024-04-13 18:10:45 +08:00
e5635c4bfd
Add source code for Python deserialization gadgets
2024-03-29 09:33:47 -04:00
86b7ec4518
Address comments from the review
2023-10-12 09:50:19 -04:00
5a6dc7f9a6
Initial commit of CVE-2023-43654
2023-10-12 09:27:26 -04:00
1058291af9
Land #18314 , Windows Error Reporting RCE (CVE-2023-36874)
2023-09-27 15:25:06 +02:00
be731f330e
Add error checking and randomize the report directory
2023-09-22 14:43:21 -05:00
b4a1bb8fa2
Add docs and support for shell sessions; update exe to work without runtime lib.
2023-09-19 17:50:18 -05:00
8b56dc0117
Land #18250 , CVE-2023-28252: Windows CLFS Driver Privilege Escalation
2023-09-14 10:18:29 +01:00
91e7af4370
Added check, some stealth, and cleaned code
2023-09-05 14:29:13 -05:00
c69e983b30
Add module to create directory structures and upload/run exploit
2023-08-25 15:41:25 -05:00
c05582267c
Placeholder for VE-2023-36874
2023-08-23 20:13:03 -05:00
97dd22032c
Responded to comments, improved stability
2023-08-21 19:20:25 -04:00
bcfc892195
General code clean up
2023-08-04 14:27:14 -04:00
30b824d8ab
external sources
2023-08-02 19:33:25 -04:00
9a40e2612b
Land #17129 , Add OSX Aarch64 Payload support
2023-08-02 18:37:56 +01:00
89cd524acb
Update osx templates makefile and compile binaries
2023-08-02 01:26:18 +01:00
c028d33cae
Update OSX AARCH64 Stager
...
This fixes an issue with the stager size in the osx aarch64 payloads. It
also adds the source and Makefile for template_aarch64_darwin.bin
2023-07-31 20:30:30 -07:00
9019b51eaa
Update AARCH64 Shellcode Generation
...
This updates the aarch64 payloads to include comments with the
corresponding instructions for each little-endian integer. It also fixes
the debug output for x64 payloads under rosetta.
2023-07-29 08:26:56 -07:00
b15d595de2
Adjust files to be better shared
2023-07-14 12:47:04 -05:00
6772740f86
Fix bug in HostingCLR relating to the first argument passed to a dotnet assembly.
2023-06-28 09:24:33 +10:00
afe359281c
Remove manual signature handling, and figure it out for the user.
2023-06-28 09:22:01 +10:00
65a4dd3c39
Change ETW bypass method, so that CLR memory can be freed.
...
Fixed a crash and broken logic in hosting clr code.
2023-06-26 09:54:00 +10:00
977f8732c6
Fix cleanup code.
...
The _AppDomainPtr, _AssemblyPtr and _MethodInfoPtr variables are COM smart pointers which will auto-Release() when they go out of scope, so we should not directly Release() them.
2023-06-23 14:01:45 +10:00
a7ce4c7fa8
Free memory from the C++ side, rather than the Ruby side.
2023-06-23 09:57:53 +10:00
6e438d338e
Modify execute_dotnet_assembly to run in existing processes (including our own process) and receive output.
2023-06-21 12:04:09 +10:00
b8068bc781
Cleanup for Sonoma Dyld
...
This adds support for the dyld changes incorperated into Sonoma and
cleans up the existing support for Ventura. This does not break
compatibility with previous versions.
2023-06-19 10:57:37 +02:00
0415565396
Fix for Ventura Dyld
...
This adds support for the dyld changes incorperated into Ventura which
includes changes to the symbols used. This does not break compatibility
with previous versions.
2023-06-19 10:57:37 +02:00
44762f18e8
Increase Stack Space for Loader
...
This increases the stack stack space mmap'd for the 2nd stage loader and
should fix the invalid stack memory access crash on the staged payload.
2023-06-19 10:57:37 +02:00
8a5442f7f0
Fix AARCH64 MachO Generation
...
This updates the exe util to properly generate stageless aarch64 macho
payloads. I've also added comments on how to assemble the aarch64
stages.
2023-06-19 10:57:37 +02:00
5f8767f4cf
M1ssion Dyld Mettle: Aarch64 Payloads
...
This builds on Back from the dyld by adding the required aarch64
assembly code to enable the OSX loader to run on the m1. This enables
the use of native payloads on M1 or M2 devices that do not have Rosetta
installed.
2023-06-19 10:57:37 +02:00
6d4ee0c071
Add exploit for CVE-2023-21768
2023-03-27 20:08:22 +02:00
80dbbca020
Land #17371 , Lenovo Diagnostics Driver Privilege Escalation (CVE-2022-3699)
2023-02-03 13:43:04 +00:00
595f34fc6f
Merge branch 'master' into mac_dirty_cow
2023-02-01 16:51:09 -05:00
2c72cc145a
updates to module
2023-01-31 20:05:33 -05:00
0e0f62c002
Removed 22621
2023-01-19 14:47:20 -05:00
Diego Ledda