adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
58,920 Commits 27 Branches 1,043 Tags
e26d6ca683cf309d255a016de18cafcb66076216
Commit Graph

2584 Commits

Author SHA1 Message Date
Grant Willcox 9376accc05 Land #14410, Add synchronization to the DLL payload template 2020-12-04 16:08:18 -06:00
h00die 15b5a811e4 update check external scripts and wordpress files 2020-11-21 11:52:18 -05:00
Spencer McIntyre efa125bb23 Document the synchronization procedure 2020-11-16 16:13:35 -05:00
Spencer McIntyre 3586644b62 Increase the payload space to 4096 within the DLL template 2020-11-16 15:58:59 -05:00
Spencer McIntyre 2d367b867d Add a synchronization primitive to the DLL template 2020-11-16 15:57:27 -05:00
Spencer McIntyre c6304704f4 Cleanup inconsistent whitespace in the DLL template 2020-11-16 11:26:15 -05:00
Spencer McIntyre 76ab0ee849 Land #14304, execute_dotnet_assembly fix parameters management 2020-11-10 09:56:18 -05:00
Spencer McIntyre 0ccb50ac02 Adjust how HostingCLR arguments are packed 2020-11-09 12:24:55 -05:00
b4rtik ddd9af83b9 Update 2020-10-29 22:49:41 +01:00
Grant Willcox 65fcf67ca5 Land #14279, Fix incorrect offset in BPF sign extension LPE 2020-10-23 16:02:13 -05:00
Grant Willcox 9e111d7fdf Add in compiled version of the exploit to meet Rapid7 compliance guidelines on having Rapid7 employees submit compiled binaries only 2020-10-23 16:01:00 -05:00
b4rtik 9779bbef77 Fix parameter managing 
Fix a problem running assemblies with Main signature (string[] args) and no passed parameters
 2020-10-23 21:14:10 +02:00
William Vu 3970b69734 Land #14229, Telerik UI for ASP.NET AJAX exploit 
CVE-2017-11317 && CVE-2019-18935
 2020-10-20 13:24:35 -05:00
Gustaf Blomqvist c5751a240b Fix incorrect offset in BPF sign extension LPE 
The uid field of the cred struct is normally the second field, followed
by the gid field. The first field is of type atomic_t, which has the
size of an int. Since the size of an int is usually 4 bytes, the uid is
normally located at an offset of 4 bytes from the start of the cred
struct, and not 8. Since the uid also is int-sized, the code set
test_uid to the gid, making the exploit fail for cases where uid != gid.
 2020-10-17 19:46:35 -04:00
Grant Willcox b932ed5225 Recompile the exploit.dll DLL for CVE-2019-1458 as per Rapid7 policies 2020-10-15 10:58:56 -05:00
Tim W 12c5f4f916 CVE-2019-1458 chrome sandbox escape initial commit 2020-10-15 10:57:46 -05:00
Spencer McIntyre adfc8f89c4 Implement version enumeration and report CVE-2017-11317 for Telerik 2020-10-07 10:27:50 -04:00
Spencer McIntyre d6e1eee635 Add a new Mixed Mode Assembly DLL payload template 2020-10-05 15:19:40 -04:00
bwatters e24a81919a Land #13996, Add module for CVE-2020-9801, CVE-2020-9850 and CVE-2020-9856, 
RCE for Safari on macOS 10.15.3 (pwn2own2020)

Merge branch 'land-13996' into upstream-master
 2020-10-01 09:46:39 -05:00
Shelby Pace f0f4da2b1e Land #14157, Windows update orchestrator privesc 2020-09-25 16:07:27 -05:00
Christophe De La Fuente 2d1b378a18 Land #14122, Jenkins Deserialization RCE (CVE-2017-1000353) 2020-09-22 12:32:09 +02:00
bwatters 534e945cd0 First attempt at CVE-2020-1313 2020-09-18 15:39:12 -05:00
bwatters 06f5518953 Update binaries 2020-09-16 11:41:02 -05:00
bwatters a2edcda819 Rubocop on module and update error handling on exploit C code + recompile 2020-09-16 11:17:39 -05:00
bwatters 95bb6ad71a Add new binaries 2020-09-16 11:17:39 -05:00
bwatters a5253c5674 remove old binaries before we added both x86 and x64 binaries 2020-09-16 11:17:39 -05:00
bwatters a72769909b Change exe to take destination and source files for copy 2020-09-16 11:17:39 -05:00
bwatters 17272209cc First try at CVE-2020-1048, needs lots of work 2020-09-16 11:17:38 -05:00
Shelby Pace ff500dd9fb add poc 2020-09-11 12:00:16 -05:00
bwatters e592736833 Land #13992, Add module for CVE-2020-9839, LPE for macOS <= 10.15.4 
Merge branch 'land-13992' into upstream-master
 2020-09-04 15:53:17 -05:00
bwatters 5e2a3a6f65 Recompiled binary exploit file to match source 2020-09-04 15:46:52 -05:00
Tim W 1693a3c787 add exploit binaries 2020-09-01 17:14:21 +08:00
Tim W 9150f0bc3a move int64.js and utils.js to javascript_utils folder 2020-09-01 16:14:31 +08:00
Tim W 46db23c35e fix int64.js and utils.js 2020-09-01 16:14:30 +08:00
Tim W c23cb63c6e exploit binary 2020-09-01 14:10:34 +08:00
h00die cd41d9c3c9 Land #13911, iphone 4 on ios 7.1.2 safari jit for root 2020-08-14 16:01:14 -04:00
Tim W 1eaf66dab1 CVE-2020-9850 2020-08-14 16:10:34 +08:00
Jeffrey Martin 35017886b8 Land #13935, Preliminary Version 6 2020-08-06 10:19:34 -05:00
h00die 41058775b3 add sharphound exe, rubocop, and final update run 2020-08-04 09:06:45 -04:00
h00die dc5fefcb20 update sharphound and john 2020-08-04 08:48:23 -04:00
h00die 0ca7581b67 disk write method success 2020-08-03 13:08:39 -04:00
Jeffrey Martin 9aa26d1208 Merge upstream into 6.x 2020-08-03 11:43:47 -05:00
Tim W 0b513d6c51 remove debug logging from the kernel exploit 2020-07-30 18:10:26 +08:00
Spencer McIntyre a886177b96 Land #13837, Add FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation module 2020-07-29 15:40:47 -04:00
Spencer McIntyre 428ce72108 Use colon instead of em-dash and add a URL comment to the doc template 2020-07-28 08:49:57 -04:00
Tim W 79adcf7904 Add module for iOS 7.1.2 2020-07-27 15:05:31 +08:00
Spencer McIntyre 9ba9690c14 Put more information into the generated module docs 2020-07-26 13:14:16 -04:00
Brendan Coles cbbd4fc517 Add CVE-2020-7457 exploit.c 2020-07-26 08:04:37 +00:00
Spencer McIntyre 65f9b62c52 Initial outline of module doc info template 2020-07-24 18:09:52 -04:00
gwillcox-r7 7d3653280f Land #13848, Add CDATA OLT telnet backdoor wordlist 2020-07-16 11:32:06 -05:00