adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,996 Commits 27 Branches 1,043 Tags
e2e8568860e381fc09e1ecedd5ddfc6fdfa3ce99
Commit Graph

813 Commits

Author SHA1 Message Date
h00die 34b1e66f90 tomcat 8 priv esc on ubuntu prebuilt so file 2023-02-04 18:17:41 -05:00
h00die 2b09af78e1 tomcat 8 priv esc on ubuntu 2023-02-04 18:17:41 -05:00
cgranleese-r7 80dbbca020 Land #17371, Lenovo Diagnostics Driver Privilege Escalation (CVE-2022-3699) 2023-02-03 13:43:04 +00:00
Jack Heysel 1f224fd2d3 Rapid7 compiled binary 2023-02-02 11:11:06 -05:00
Jack Heysel 690d22f759 Rapid7 compiled binary 2023-02-01 10:08:13 -05:00
h00die 2c72cc145a updates to module 2023-01-31 20:05:33 -05:00
h00die fa687d3614 argv instead of hardcoded payload path 2023-01-31 16:02:25 -05:00
h00die 8d58eb6279 cve-2022-1043 2023-01-31 16:02:25 -05:00
Jack Heysel e99407fe26 Updated pre_compiled binary 2023-01-31 13:37:45 -05:00
Jack Heysel 4da94325f3 Rubocop 2023-01-19 13:52:58 -05:00
Jack Heysel 63d9445911 Fix for Win Server 2022 and 2019 2023-01-19 00:52:38 -05:00
Jack Heysel 2c2bfec4a0 Tested on Windows Build 19044, 19045 and 22000 2023-01-18 01:41:30 -05:00
bwatters 0dbb0dc8c9 Fix margins for readability and delete file 2023-01-17 17:28:27 -05:00
h00die be7ca91a8f cve-2022-22942 2023-01-17 15:30:36 -05:00
Jack Heysel 145589f7a2 Add GetPteBaseW10 2023-01-12 01:15:23 -05:00
Christophe De La Fuente d6a5590c06 Land #17265, Add Exploit for CVE-2020-25736 2022-12-13 18:49:56 +01:00
Jack Heysel 2fa7e7b2d5 Lenovo Diagnostics Driver Privilege Escaltion (CVE-2022-3699) 2022-12-12 21:53:53 -05:00
space-r7 cf9e54909c use 2021 helper name in objective-c code too 2022-12-12 15:55:36 -06:00
Spencer McIntyre 96da805014 Fix enumerating emails via ProxyShell 
The ResolveNames endpoint used to gather emails addresses for targeting
only returns 100 at a time. This updates the module to check if the
search result contains all entries and when it does, it recurses into
itself with a refined search prefix. All results are returned to match
the original functionality instead of enumerating and halting once one
that's suitable for exploitation has been found.
 2022-12-02 15:58:50 -05:00
Spencer McIntyre 29d57dde66 Consolidate into ProxyMaybeShell 2022-11-18 17:01:01 -05:00
Spencer McIntyre fc7594dbc8 Add exploit for CVE-2022-41082 AKA ProxyNotShell 2022-11-18 17:00:27 -05:00
space-r7 d8f2b50b07 add compiled exploit and source 2022-11-17 17:16:08 -06:00
space-r7 ea486169b4 use erb template for objective-c code 2022-11-17 11:55:19 -06:00
space-r7 27d4f45e09 add documentation and exploit file 2022-11-15 12:55:00 -06:00
bwatters e27dbd2787 Land #16794,Add exploit for CVE-2022-34918 
Merge branch 'land-16794' into upstream-master
 2022-09-27 16:37:52 -05:00
Grant Willcox a41ec9388f Land #16725, Add ManageEngine ADAudit Plus and DataSecurity Plus Xnode enum modules, docs and mixin (CVE-2020–11532) 2022-09-01 08:46:36 -05:00
ErikWynter d6dabd4bfb additional code review improvements for xnode auxiliary modules/lib/docs 2022-07-28 15:12:00 +03:00
Redouane NIBOUCHA 78dae84871 Updates to the C source code (execl instead of execve, removal of some old comments) 2022-07-25 22:18:47 +02:00
Redouane NIBOUCHA 37f1fdd47b Add module docs, add Ubuntu 22.04 offsets, update check method 2022-07-22 03:30:03 +02:00
Redouane NIBOUCHA 73db035e57 Add more offsets to the exploit, clean up the exploit C source, add check method 2022-07-21 01:22:20 +02:00
Redouane NIBOUCHA fe2e413426 Add exploit for CVE-2022-34918 2022-07-20 13:51:22 +02:00
bwatters ef9f5ca463 Add rtf support to cve-2022-30190 AKA Follina 2022-06-30 17:30:06 -05:00
kalba-security ba83b1bdf5 add manageengine adaudit plus and datasecurity plus xnode enum modles and manageengine_xnode lib 2022-06-10 10:32:25 -04:00
bwatters c751ef46c9 Land #16635, Add 0-day MSWord RCE #Follina CVE-2022-30190 
Merge branch 'land-16635' into upstream-master
 2022-06-06 14:41:31 -05:00
RAMELLA Sébastien 97921b4ed9 fix chmod 644 2022-05-30 22:11:35 +04:00
RAMELLA Sébastien dfc226cf5f add. Supposed 0day MSWord RCE 2022-05-30 21:23:18 +04:00
Grant Willcox e2c6c36b2b Land #1642, Add module for cve-2022-0995 2022-04-21 09:12:47 -05:00
bwatters 26f9175816 Update c source with argc check and CRASH notes for module 2022-04-20 17:37:48 -05:00
bwatters 96d86944da Added precompiled binary and option to strip output, fixed comment-strip bug 2022-04-07 17:09:35 -05:00
Grant Willcox 9e2d7f655b Update data to fix more things found during review process 2022-04-05 12:48:11 -05:00
Grant Willcox db4b22df5e Update the exploit code to output errors in a better format, and fix a potential issue when trying to delete folders recursively. Also update exploit module to try kill msiexec.exe if its still running to prevent it holding onto handles when it shouldn't be. 2022-04-04 17:58:52 -05:00
Grant Willcox 8daecca5c3 Update code with latest changes 2022-04-01 12:11:05 -05:00
Grant Willcox bd3e0c1b53 Add in support for exploiting domain joined systems 2022-03-28 16:14:19 -05:00
Grant Willcox 715082a960 Update exploit and module with new delay timing and latest copy of DLL 2022-03-21 12:05:48 -05:00
space-r7 2102c7daca add binaries for pre-compiled option 2022-03-10 08:50:48 -06:00
Tim W 955cc9c986 fix cross compiling 2022-03-09 06:59:25 +00:00
Tim W 676c4a6f4f improve fork behaviour 2022-03-08 10:24:25 +00:00
Tim W 7ca6a28c05 embed payload inside exploit and add check method 2022-03-08 09:51:49 +00:00
Tim W 5bd48d0a7d initial commit of dirtypipe 2022-03-07 15:49:27 +00:00
Spencer McIntyre 6be3443680 Land #16103, LPE in polkit's pkexec (CVE-2021-4034) 2022-03-03 09:24:11 -05:00