adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
62,239 Commits 27 Branches 1,043 Tags
dfc226cf5f7d5de0e2672c34ea923403dc79c708
Commit Graph

2685 Commits

Author SHA1 Message Date
RAMELLA Sébastien dfc226cf5f add. Supposed 0day MSWord RCE 2022-05-30 21:23:18 +04:00
RAMELLA Sébastien 38973510f7 update modules (auxiliary and exploit) 2021-11-09 15:18:58 +04:00
surya 4d4b51d158 => Added .gitignore 
=> Added Deobfuscated HTML Payload
=> Removed Extra Author Credits
=> Made SRVHOST AND SRVPORT MANDATORY
=> generate_uri replaced with builtin get_uri
 2021-10-08 02:50:27 +05:30
surya 3461c7aef6 Added module for CVE-2021-40444 2021-10-05 01:44:34 +05:30
Jack Heysel b7f7c30f2b Land #15594, a wordpress scanner enhancement 
This adds options to the wordpress scanner to allow the user
to only scan for plugins or themes that metasploit has
modules for.
 2021-09-24 15:51:07 -04:00
Spencer McIntyre 6acdced3f0 Land #15506, Add evasion module syscall_inject 2021-09-22 10:17:13 -04:00
Spencer McIntyre d4834631c3 Add the generated YSoSerial gadget chain 2021-09-14 09:10:44 -04:00
kensh1ro c1868d94cd add base64 encoding to shellcode 2021-09-12 17:00:24 +03:00
bwatters a7d99ebbfc Land # 15611, ProxyShell Improvements 
Merge branch 'land-15611' into upstream-master
 2021-09-07 11:47:13 -05:00
h00die 3c82f43644 only scan exploitable wordpress things 2021-09-06 11:56:32 -04:00
kensh1ro 1adde377ec Replace XOR with CHACHA and remove unnecassary code 2021-09-06 12:23:46 +03:00
bwatters ff50a94348 Land #15567, Add in Exploit for CVE-2021-3490 
Merge branch 'land-15567' into upstream-master
 2021-08-31 18:46:25 -05:00
Grant Willcox 3bca3b0bcb Update exploit code to use & after the command to execute as root so it executes in the background and doesn't hang Metasploit. Also update the logic of the code to check the response from executing the exploit and respond accordingly and update the documentation to match 2021-08-31 15:07:37 -05:00
Spencer McIntyre 6c01a0dbea Work off of the system mailbox 2021-08-27 14:32:26 -04:00
Spencer McIntyre d5fdcb8fcb Add the plumbing to enumerate email addresses 2021-08-27 11:44:27 -04:00
Grant Willcox bd490d35ed Add support for Linux 5.11.x on Fedora 2021-08-23 15:09:10 -05:00
h00die b8d3fda3a6 update wordpress themes and plugins list 2021-08-22 09:07:18 -04:00
Grant Willcox e46611cffb Add in support for exploiting Fedora 32 with Linux kernel 5.10.12 2021-08-20 18:04:59 -05:00
Grant Willcox 75ae2b76f5 Add support for Fedora 32 Linux Kernel 5.9.8-100 and also fix an error where the wrong file was being used for Fedora 32 Linux Kernel 5.8.8. 2021-08-20 16:50:20 -05:00
Grant Willcox 5abf407228 Add support for Fedora 32 with Linux Kernel 5.8.8-200 2021-08-20 15:42:34 -05:00
Grant Willcox dd806a9d61 Add in support for Fedora 32 running kernel 5.7.11-200 2021-08-20 13:37:52 -05:00
Spencer McIntyre 75e63992d6 Write an exploit for ProxyShell 2021-08-18 10:50:34 -04:00
Grant Willcox d5df47692c Add in first copy of the exploit along with the supporting source code and binaries. Documentation to come 2021-08-17 18:01:14 -05:00
Tim W 39455827aa Land #15254, use obfuscated powershell protection bypasses 2021-07-12 12:20:17 +01:00
Christophe De La Fuente ccaedd6c9a Last additions and improvements 
- add binaries
- add documentation
- backup `runc` binary in the exploit C file
- add `MeterpreterBackground` options to set Mettle `background` option
- add `WsfDelay` logic
- refactor code
- add cleanup logic
- add restore `runc` binary logic
 2021-06-30 11:02:11 +02:00
Spencer McIntyre 82c078c888 Updates for psexec usage 2021-05-25 14:38:52 -04:00
Spencer McIntyre 2dc2831d7a Obfuscate the ScriptBlock class reference 2021-05-25 14:38:52 -04:00
Spencer McIntyre 4920800340 Add a null check to the PSH bypass code 
Powershell version 3 does not have
`System.Management.Automation.AmsiUtils` so check that it's present
before setting the field.
 2021-05-25 14:38:52 -04:00
Spencer McIntyre eddb6af650 Add block level randomization for the PSH bypass 2021-05-25 14:38:52 -04:00
Spencer McIntyre 38b45380f4 Fix and process block edges within the GraphML 2021-05-25 14:38:50 -04:00
bwatters 8e1391f098 Land #15216, Fix targeting for CVE-2021-21551 
Merge branch 'land-15216' into upstream-master
 2021-05-21 14:56:08 -05:00
Spencer McIntyre 86df5b0122 Add the data file for bypassing PSH protection 2021-05-19 12:42:43 -04:00
Spencer McIntyre 56388cd696 Land #15146, Add support for extra OSes for CVE-2021-3156 (Baron Samedit) 2021-05-18 18:02:30 -04:00
Spencer McIntyre 78d47b11f2 Add targeting for Windows 10 v21H1 2021-05-18 12:56:02 -04:00
Spencer McIntyre c5b022e2f2 Fix Windows 10 versioning by using ranges 2021-05-18 10:28:27 -04:00
h00die 19df33ee78 update wordpress plugins and themes 2021-05-15 09:42:01 -04:00
Jack Heysel eb4573164b Addressed comments 2021-05-14 17:46:26 -05:00
Jack Heysel e29dce4f08 Removed comments from powershell script 2021-05-14 17:45:42 -05:00
Jack Heysel 5640dac24d Fixed sc command, updated check method, moved tokenmagic.ps1 2021-05-14 17:44:07 -05:00
Jack Heysel ca637be0c9 Fixed powershell script, updated authors 2021-05-14 17:44:06 -05:00
Jack Heysel 1eab94cc26 beta draft 2021-05-14 17:43:44 -05:00
bwatters 8792febcf8 Land #15190, Add Exploit For CVE-2021-21551 (Dell DBUtil_2_3 IOCTL) 
Merge branch 'land-15190' into upstream-master
 2021-05-14 13:55:12 -05:00
Spencer McIntyre d990e884af Add and test even more targets 2021-05-13 17:27:58 -04:00
Spencer McIntyre eb89550f85 Clear up some target offset discrepancies 2021-05-13 16:06:15 -04:00
Spencer McIntyre 7d841a0f79 Add a target for Windows 7 x64 2021-05-13 14:24:15 -04:00
Spencer McIntyre 4825407d21 Add a target for Windows 8.1 x64 2021-05-13 12:56:47 -04:00
Spencer McIntyre 8a1341060d Fix a couple of errors from not cleaning up 2021-05-13 12:34:14 -04:00
Spencer McIntyre ff2516a7f2 Update CVE-2021-1732 to reduce code reuse 2021-05-12 16:41:43 -04:00
Spencer McIntyre 477749f77f Refactor the code to be reusable and add docs 2021-05-12 16:36:17 -04:00
Spencer McIntyre d3de52da59 The exploit is now functional for Win10 v1803-20H2 2021-05-12 16:14:59 -04:00