adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,125 Commits 27 Branches 1,043 Tags
c8d50bda0f2ade01c0b38fdd4fbf6eeca030d0e9
Commit Graph

764 Commits

Author SHA1 Message Date
Christophe De La Fuente 747d328bcb Land #18786, Fix option collision in service_persistence 2024-02-14 17:25:15 +01:00
lihe07 29524fa7f8 Fix option collision in service_persistence 
The option `SHELLPATH` collide with `cmd/unix/reverse_netcat`,
resulting in abnormal backdoors. This commit rename it to BACKDOOR_PATH
 2024-02-03 23:18:45 +08:00
h00die cf2f76e6a2 cve-2024-21626 review 2024-02-02 16:27:02 -05:00
h00die 1c73cf938f cve-2024-21626 2024-02-01 15:28:04 -05:00
Jack Heysel 4c525dad66 Land #18648, Add enhancement to Asan check method 
Before this PR when running asan_suid_executable_priv_esc
if the user did not set the SUID_EXECUTABLE option the
module would fail with an undescriptive error message.
This PR removes the default value of an empty string from
SUID_EXECUTABLE so now if it's not set the user is informed.
 2024-01-23 15:22:33 -05:00
Jack Heysel 08f6da7b33 Removed default empty string for SUID_EXECUTABLE 2024-01-23 14:21:58 -05:00
Jack Heysel 904e34434e Land #18626, SaltStack Minion Deployer 
This PR adds an exploit module which allows for
a user who has compromised a host acting as a
SaltStack Master to deploy payloads to the Minions
attached to that Master.
 2024-01-23 11:58:38 -05:00
Jack Heysel 953382731e Land #18645, improve glibc tunables exploit 
This PR adds a way to get the Build ID from ld.so by
using the perf command. Before this the module depended
on file and readelf being installed to get the Build ID.
 2024-01-22 22:00:28 -05:00
Christophe De La Fuente a8d46b3e7a Land #18627, Ansible: post gather module, payload deployer, and file reader 2024-01-17 15:26:25 +01:00
h00die 56a9beb39d ansible review 2024-01-15 17:18:49 -05:00
h00die 381b840f11 salt review 2024-01-10 17:19:58 -05:00
h00die e711c9ea43 ansible review 2024-01-10 17:16:57 -05:00
h00die e9296d1add saltstack review 2024-01-10 17:04:03 -05:00
h00die 80e9f1b97d saltstack salt-master review 2024-01-06 06:38:59 -05:00
Julien Voisin ed421c21ca Add a way to get the buildid via perf 2023-12-29 17:24:27 +01:00
Jack Heysel 11d58ef2e8 Land #18631, Improve vScalation Priv Esc Check 
This PR adds an improvement to the check method of the
vcenter_java_wrapper_vmon_priv_esc module. Before the module
would attempt to run stat on a file before checking if the file
existed on the system. This fixes that issue.
 2023-12-28 13:16:11 -05:00
h00die 357bdc8c10 ansible post library 2023-12-24 11:49:27 -05:00
h00die b654275ec4 add saltstack lib 2023-12-23 13:52:52 -05:00
h00die 11c12fcb6d review comments 2023-12-23 13:23:34 -05:00
h00die e72242949e review comments 2023-12-23 12:22:57 -05:00
h00die a5698f6aa6 review comments 2023-12-23 12:18:06 -05:00
h00die 91c58ba268 asan local better check 2023-12-20 21:00:17 -05:00
h00die 526da210ad asan local better check 2023-12-20 20:58:00 -05:00
jvoisin fc66cd1522 Improve a bit glibc_tunables_priv_esc 
- Fix some typos
- Add a check via `readelf` should `file` not be available
- Add a message before launching the exploit, since it might take some time to finish.
 2023-12-20 20:59:47 +01:00
Christophe De La Fuente fb26c93291 Land #18541, Glibc Tunables Privilege Escalation CVE-2023-4911 (Looney Tunables) 2023-12-20 20:04:21 +01:00
Jack Heysel 77fb5d02b2 Fixed up indentation and rubocop complaints 2023-12-20 13:16:32 -05:00
jheysel-r7 342492557d Apply suggestions from code review 2023-12-20 13:09:13 -05:00
jheysel-r7 6a16602a08 Apply suggestions from code review 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-12-20 13:08:33 -05:00
h00die 1e374403ec better check for vmon 2023-12-19 19:01:45 -05:00
Jack Heysel d65ceb9abc Rubocop 2023-12-19 13:54:23 -05:00
Jack Heysel b86df4820c Responded to comments from jvoisin 2023-12-19 13:50:09 -05:00
jheysel-r7 96241f509a Apply suggestions from code review 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-12-19 13:18:45 -05:00
Jack Heysel 065abf6b92 Rubocop, doc scenario update 2023-12-19 12:30:02 -05:00
Jack Heysel 44b4b3b5bc Update version parsing 2023-12-19 12:16:17 -05:00
Jack Heysel 4e61596e7a Check Build ID before running exploit 2023-12-19 12:15:35 -05:00
Jack Heysel e858628292 Execute python payload in memory 2023-12-19 00:46:11 -05:00
Jack Heysel 549ee43df9 Update docs description minor comments 2023-12-19 00:32:21 -05:00
Jack Heysel c6a6809700 Updated attribution 2023-12-18 19:41:49 -05:00
h00die 5e30328268 move options 2023-12-17 15:24:56 -05:00
h00die 6b376b9156 move options 2023-12-17 15:24:16 -05:00
h00die 02302439a0 saltstack salt minion deployer 2023-12-16 10:13:46 -05:00
h00die c911ec1413 ansible collection 2023-12-16 07:16:26 -05:00
Jack Heysel df111afb06 Glibc Tunables Exploit 2023-12-14 18:28:43 -05:00
h00die f1fc6b7cdd review comments, adding new payloads 2023-12-01 16:06:48 -05:00
h00die b171b5e77c working cve-2022-0492 2023-11-28 15:16:18 -05:00
h00die 4ae62a431b not-working docker escape 2023-11-28 13:44:08 -05:00
h00die 2ca5ca1f63 stronger grep 2023-05-16 16:18:14 -04:00
h00die 6bee4f56d9 updates from review 2023-05-13 15:49:11 -04:00
h00die e692e927dc review fixes 2023-05-05 16:43:47 -04:00
h00die 95562e04aa sudoedit work 2023-05-02 18:39:59 -04:00