adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
58,920 Commits 27 Branches 1,043 Tags
e26d6ca683cf309d255a016de18cafcb66076216
Commit Graph

654 Commits

Author SHA1 Message Date
Grant Willcox 9e111d7fdf Add in compiled version of the exploit to meet Rapid7 compliance guidelines on having Rapid7 employees submit compiled binaries only 2020-10-23 16:01:00 -05:00
Gustaf Blomqvist c5751a240b Fix incorrect offset in BPF sign extension LPE 
The uid field of the cred struct is normally the second field, followed
by the gid field. The first field is of type atomic_t, which has the
size of an int. Since the size of an int is usually 4 bytes, the uid is
normally located at an offset of 4 bytes from the start of the cred
struct, and not 8. Since the uid also is int-sized, the code set
test_uid to the gid, making the exploit fail for cases where uid != gid.
 2020-10-17 19:46:35 -04:00
Grant Willcox b932ed5225 Recompile the exploit.dll DLL for CVE-2019-1458 as per Rapid7 policies 2020-10-15 10:58:56 -05:00
Tim W 12c5f4f916 CVE-2019-1458 chrome sandbox escape initial commit 2020-10-15 10:57:46 -05:00
bwatters e24a81919a Land #13996, Add module for CVE-2020-9801, CVE-2020-9850 and CVE-2020-9856, 
RCE for Safari on macOS 10.15.3 (pwn2own2020)

Merge branch 'land-13996' into upstream-master
 2020-10-01 09:46:39 -05:00
Shelby Pace f0f4da2b1e Land #14157, Windows update orchestrator privesc 2020-09-25 16:07:27 -05:00
Christophe De La Fuente 2d1b378a18 Land #14122, Jenkins Deserialization RCE (CVE-2017-1000353) 2020-09-22 12:32:09 +02:00
bwatters 534e945cd0 First attempt at CVE-2020-1313 2020-09-18 15:39:12 -05:00
bwatters 06f5518953 Update binaries 2020-09-16 11:41:02 -05:00
bwatters a2edcda819 Rubocop on module and update error handling on exploit C code + recompile 2020-09-16 11:17:39 -05:00
bwatters 95bb6ad71a Add new binaries 2020-09-16 11:17:39 -05:00
bwatters a5253c5674 remove old binaries before we added both x86 and x64 binaries 2020-09-16 11:17:39 -05:00
bwatters a72769909b Change exe to take destination and source files for copy 2020-09-16 11:17:39 -05:00
bwatters 17272209cc First try at CVE-2020-1048, needs lots of work 2020-09-16 11:17:38 -05:00
Shelby Pace ff500dd9fb add poc 2020-09-11 12:00:16 -05:00
bwatters e592736833 Land #13992, Add module for CVE-2020-9839, LPE for macOS <= 10.15.4 
Merge branch 'land-13992' into upstream-master
 2020-09-04 15:53:17 -05:00
bwatters 5e2a3a6f65 Recompiled binary exploit file to match source 2020-09-04 15:46:52 -05:00
Tim W 1693a3c787 add exploit binaries 2020-09-01 17:14:21 +08:00
Tim W 9150f0bc3a move int64.js and utils.js to javascript_utils folder 2020-09-01 16:14:31 +08:00
Tim W 46db23c35e fix int64.js and utils.js 2020-09-01 16:14:30 +08:00
Tim W c23cb63c6e exploit binary 2020-09-01 14:10:34 +08:00
h00die cd41d9c3c9 Land #13911, iphone 4 on ios 7.1.2 safari jit for root 2020-08-14 16:01:14 -04:00
Tim W 1eaf66dab1 CVE-2020-9850 2020-08-14 16:10:34 +08:00
Tim W 0b513d6c51 remove debug logging from the kernel exploit 2020-07-30 18:10:26 +08:00
Tim W 79adcf7904 Add module for iOS 7.1.2 2020-07-27 15:05:31 +08:00
Brendan Coles cbbd4fc517 Add CVE-2020-7457 exploit.c 2020-07-26 08:04:37 +00:00
gwillcox-r7 586971428a Recompile everything so we don't have the messagebox calls 2020-06-11 00:18:45 -05:00
gwillcox-r7 93b28e662e Change out template_dll solution files so that it generates the DLL with the correct name and in the correct location 2020-06-10 11:41:34 -05:00
gwillcox-r7 7711cecee9 Final tweaks to make this more reliable, should be good now 2020-06-10 11:02:53 -05:00
gwillcox-r7 4a9c878132 Finally fix up the hanging issue via new template DLLs and associated code 2020-06-10 11:02:53 -05:00
gwillcox-r7 cb20eaf6f9 Finally fix the issue with the cleanup of the files within the exploit 2020-06-10 11:02:51 -05:00
gwillcox-r7 401feb3e53 Change code so that we automatically exit Notepad upon DLL completing its work. Should help tidy things up more 2020-06-10 11:02:50 -05:00
gwillcox-r7 cf17b2065c Updated module with some output corrections, recompiled DLLs 2020-06-10 11:02:50 -05:00
gwillcox-r7 ae2b40bf99 Update the output of the module to be more correct. Also upload updated DLLs 2020-06-10 11:02:49 -05:00
gwillcox-r7 1607b8c342 Add initial files for CVE-2020-0787 2020-06-10 11:02:35 -05:00
Shelby Pace c8ab30a40a add poc code 2020-06-02 14:29:02 -05:00
William Vu 8473662e32 Land #13463, Oracle WebLogic CVE-2020-2555 exploit 2020-05-20 23:21:07 -05:00
Brendan Coles 8631babcbb Update CVE-2019-13272 pre-compiled exploit 2020-05-11 13:36:41 +00:00
Brendan Coles dbc2b8b006 Update CVE-2019-13272 exploit C code to prefer auto targeting 
Previously, the exploit would attempt to use a hardcoded list of
known useful helpers and fall back to automatic targeting. This
logic has been reversed, preferring automatic targeting first.
 2020-05-09 03:59:31 +00:00
Spencer McIntyre 9769e04b6e Land #13322, CVE-2020-0668 Service tracing file junction overwrite 2020-05-07 09:47:20 -04:00
gwillcox-r7 a1275845ec Land #13200, CVE-2019-0808 LPE for Windows 7 x86 SP0 and SP1 2020-05-06 17:23:52 -05:00
gwillcox-r7 1c79674620 Recompile DLL and alter vcxproj file to automatically place generated DLL in right folder 2020-05-06 16:33:01 -05:00
Shelby Pace 587fc0ff09 add PoC 2020-05-04 11:08:38 -05:00
Tim W b8dc843b48 add binary 2020-05-01 19:02:54 +08:00
bwatters-r7 7213d379ec Add Uso dll 2020-04-23 15:18:22 -05:00
bwatters-r7 0bbb822fe4 Working through mountpoint issues 2020-04-21 09:54:45 -05:00
h00die e1f1ad45bc working exploit 2020-04-19 15:19:19 -04:00
h00die 58074dc6bb waiting on metasm question 2020-04-18 20:26:45 -04:00
Spencer McIntyre 3392fa18d4 Add the x64 LPE exploit for CVE-2020-0796 2020-04-02 17:22:00 -04:00
Brent Cook f59ec03c42 Land #12465, add Android Binder UAF (CVE-2019-2215) 2020-02-23 01:06:33 -08:00