adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
58,533 Commits 27 Branches 1,043 Tags
d50ac2972dfd2a4e5d089ff016c7aefb3b6e17bb
Commit Graph

2574 Commits

Author SHA1 Message Date
Grant Willcox 65fcf67ca5 Land #14279, Fix incorrect offset in BPF sign extension LPE 2020-10-23 16:02:13 -05:00
Grant Willcox 9e111d7fdf Add in compiled version of the exploit to meet Rapid7 compliance guidelines on having Rapid7 employees submit compiled binaries only 2020-10-23 16:01:00 -05:00
William Vu 3970b69734 Land #14229, Telerik UI for ASP.NET AJAX exploit 
CVE-2017-11317 && CVE-2019-18935
 2020-10-20 13:24:35 -05:00
Gustaf Blomqvist c5751a240b Fix incorrect offset in BPF sign extension LPE 
The uid field of the cred struct is normally the second field, followed
by the gid field. The first field is of type atomic_t, which has the
size of an int. Since the size of an int is usually 4 bytes, the uid is
normally located at an offset of 4 bytes from the start of the cred
struct, and not 8. Since the uid also is int-sized, the code set
test_uid to the gid, making the exploit fail for cases where uid != gid.
 2020-10-17 19:46:35 -04:00
Grant Willcox b932ed5225 Recompile the exploit.dll DLL for CVE-2019-1458 as per Rapid7 policies 2020-10-15 10:58:56 -05:00
Tim W 12c5f4f916 CVE-2019-1458 chrome sandbox escape initial commit 2020-10-15 10:57:46 -05:00
Spencer McIntyre adfc8f89c4 Implement version enumeration and report CVE-2017-11317 for Telerik 2020-10-07 10:27:50 -04:00
Spencer McIntyre d6e1eee635 Add a new Mixed Mode Assembly DLL payload template 2020-10-05 15:19:40 -04:00
bwatters e24a81919a Land #13996, Add module for CVE-2020-9801, CVE-2020-9850 and CVE-2020-9856, 
RCE for Safari on macOS 10.15.3 (pwn2own2020)

Merge branch 'land-13996' into upstream-master
 2020-10-01 09:46:39 -05:00
Shelby Pace f0f4da2b1e Land #14157, Windows update orchestrator privesc 2020-09-25 16:07:27 -05:00
Christophe De La Fuente 2d1b378a18 Land #14122, Jenkins Deserialization RCE (CVE-2017-1000353) 2020-09-22 12:32:09 +02:00
bwatters 534e945cd0 First attempt at CVE-2020-1313 2020-09-18 15:39:12 -05:00
bwatters 06f5518953 Update binaries 2020-09-16 11:41:02 -05:00
bwatters a2edcda819 Rubocop on module and update error handling on exploit C code + recompile 2020-09-16 11:17:39 -05:00
bwatters 95bb6ad71a Add new binaries 2020-09-16 11:17:39 -05:00
bwatters a5253c5674 remove old binaries before we added both x86 and x64 binaries 2020-09-16 11:17:39 -05:00
bwatters a72769909b Change exe to take destination and source files for copy 2020-09-16 11:17:39 -05:00
bwatters 17272209cc First try at CVE-2020-1048, needs lots of work 2020-09-16 11:17:38 -05:00
Shelby Pace ff500dd9fb add poc 2020-09-11 12:00:16 -05:00
bwatters e592736833 Land #13992, Add module for CVE-2020-9839, LPE for macOS <= 10.15.4 
Merge branch 'land-13992' into upstream-master
 2020-09-04 15:53:17 -05:00
bwatters 5e2a3a6f65 Recompiled binary exploit file to match source 2020-09-04 15:46:52 -05:00
Tim W 1693a3c787 add exploit binaries 2020-09-01 17:14:21 +08:00
Tim W 9150f0bc3a move int64.js and utils.js to javascript_utils folder 2020-09-01 16:14:31 +08:00
Tim W 46db23c35e fix int64.js and utils.js 2020-09-01 16:14:30 +08:00
Tim W c23cb63c6e exploit binary 2020-09-01 14:10:34 +08:00
h00die cd41d9c3c9 Land #13911, iphone 4 on ios 7.1.2 safari jit for root 2020-08-14 16:01:14 -04:00
Tim W 1eaf66dab1 CVE-2020-9850 2020-08-14 16:10:34 +08:00
Jeffrey Martin 35017886b8 Land #13935, Preliminary Version 6 2020-08-06 10:19:34 -05:00
h00die 41058775b3 add sharphound exe, rubocop, and final update run 2020-08-04 09:06:45 -04:00
h00die dc5fefcb20 update sharphound and john 2020-08-04 08:48:23 -04:00
h00die 0ca7581b67 disk write method success 2020-08-03 13:08:39 -04:00
Jeffrey Martin 9aa26d1208 Merge upstream into 6.x 2020-08-03 11:43:47 -05:00
Tim W 0b513d6c51 remove debug logging from the kernel exploit 2020-07-30 18:10:26 +08:00
Spencer McIntyre a886177b96 Land #13837, Add FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation module 2020-07-29 15:40:47 -04:00
Spencer McIntyre 428ce72108 Use colon instead of em-dash and add a URL comment to the doc template 2020-07-28 08:49:57 -04:00
Tim W 79adcf7904 Add module for iOS 7.1.2 2020-07-27 15:05:31 +08:00
Spencer McIntyre 9ba9690c14 Put more information into the generated module docs 2020-07-26 13:14:16 -04:00
Brendan Coles cbbd4fc517 Add CVE-2020-7457 exploit.c 2020-07-26 08:04:37 +00:00
Spencer McIntyre 65f9b62c52 Initial outline of module doc info template 2020-07-24 18:09:52 -04:00
gwillcox-r7 7d3653280f Land #13848, Add CDATA OLT telnet backdoor wordlist 2020-07-16 11:32:06 -05:00
0x44434241 703dc79710 Vim ate my trailing space for guest/[nopassword] 2020-07-16 12:50:08 +09:00
0x44434241 94b46209d9 Adding in C-Data FTTH OLT Device telnet backdoor credential pairs. 
Further information:
 - https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/
 - https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html
 2020-07-16 12:38:23 +09:00
Jeffrey Martin 65039a5091 Merge upstream into 6.x 2020-07-15 09:58:07 -05:00
Spencer McIntyre 6f153688ff Add labels to shuffled assembly source code for post-processing 2020-07-08 14:39:00 -04:00
Spencer McIntyre cfae4c76d0 Shuffle the block API source code every time 2020-07-07 15:55:32 -04:00
gwillcox-r7 586971428a Recompile everything so we don't have the messagebox calls 2020-06-11 00:18:45 -05:00
gwillcox-r7 93b28e662e Change out template_dll solution files so that it generates the DLL with the correct name and in the correct location 2020-06-10 11:41:34 -05:00
gwillcox-r7 7711cecee9 Final tweaks to make this more reliable, should be good now 2020-06-10 11:02:53 -05:00
gwillcox-r7 4a9c878132 Finally fix up the hanging issue via new template DLLs and associated code 2020-06-10 11:02:53 -05:00
gwillcox-r7 cb20eaf6f9 Finally fix the issue with the cleanup of the files within the exploit 2020-06-10 11:02:51 -05:00