adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,182 Commits 27 Branches 1,043 Tags
ee2ad8affeff0806c8dab4842e007efe17c6f765
Commit Graph

203 Commits

Author SHA1 Message Date
Brent Cook 0fa0358993 Land #9853, Update Linux sock_sendpage local exploit module 2018-04-26 14:30:51 -05:00
Brendan Coles fc7040099c Update Linux sock_sendpage local exploit module 2018-04-10 11:15:42 +00:00
Brendan Coles 9bb6e72020 Add lastore-daemon D-Bus Privilege Escalation exploit 2018-03-24 23:16:42 +00:00
h00die 285b329ee1 Land #9422 abrt race condition priv esc on linux 2018-02-11 11:58:39 -05:00
Pearce Barry add7ae8fa1 Land #9536, Add Ubuntu notes to documentation 2018-02-11 07:27:00 -06:00
Pearce Barry 321b78b0fe Land #9408, Add Juju-run Agent Privilege Escalation module (CVE-2017-9232) 2018-02-11 07:19:49 -06:00
Brendan Coles 4e5cbd68b9 Add Ubuntu notes to documentation 2018-02-11 06:52:36 +00:00
Brendan Coles 0d573e1434 Support shell sessions 2018-02-09 16:15:04 -05:00
Brendan Coles 45249d582d Add partition check 2018-02-09 16:15:04 -05:00
Brendan Coles 0ba37f8104 Add glibc $ORIGIN Expansion Privilege Escalation exploit 2018-02-09 16:15:04 -05:00
h00die cb1b59545b Land #9469 linux local exploit for glibc ld audit 2018-02-09 14:00:42 -05:00
Brendan Coles 5b251ae672 Support shell sessions on Debian 2018-02-08 11:29:09 +00:00
Brendan Coles 696817215b Update tested versions 2018-02-05 04:48:52 +00:00
Brendan Coles e158ccb20b Support cleanup for meterpreter sessions 2018-02-04 04:38:53 +00:00
Brendan Coles 74ab02f27b Support meterpreter sessions 2018-02-03 11:55:08 +00:00
Brendan Coles 3c21eb8111 Update documentation 2018-02-02 02:27:13 +00:00
Brendan Coles 0d80ca6f79 Change documentation extension from rb to md 2018-01-31 23:26:30 +00:00
Brendan Coles 092eb0cd11 Add glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation exploit 2018-01-28 05:11:38 +00:00
Brendan Coles 23f4bf1583 Add documentation 2018-01-27 03:15:06 +00:00
Brendan Coles 5e11d36351 Add ABRT raceabrt Privilege Escalation module 2018-01-16 14:52:33 +00:00
Brendan Coles 4ade798cef Fix check for juju-run path 2018-01-16 07:19:48 +00:00
Brendan Coles e1cbe4e906 Rename apport_chroot_priv_esc to apport_abrt_chroot_priv_esc 2018-01-14 08:33:43 +00:00
Brendan Coles c234d0523a Add support for abrt on Fedora 2018-01-14 08:33:10 +00:00
Brendan Coles c94763bfe0 Add Juju-run Agent Privilege Escalation module 2018-01-14 05:57:17 +00:00
Brendan Coles 2f3e3b486a Use cross-compiled exploit 2018-01-13 05:44:42 +00:00
Brendan Coles 842736f7b1 register_dir_for_cleanup 2018-01-12 14:21:43 +00:00
Brendan Coles 8bbffd20cd Add Apport chroot Privilege Escalation exploit 2018-01-12 07:25:35 +00:00
Brent Cook 520e890520 Land #8581, VMware Workstation ALSA Config File Local Privilege Escalation 2018-01-03 21:35:57 -06:00
Brendan Coles c153788424 Remove sleeps 2017-12-30 15:20:56 +00:00
James Barnett 7e9d0b3e9b Fix permissions in docker priv_esc module 
The previous command didn't give the original user enough permissions
to execute the payload. This was resulting in permission denied
and preventing me from getting a root shell.

Fixes #8937
 2017-09-07 16:48:02 -05:00
h00die a40429158f 40% done 2017-08-28 20:17:58 -04:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
g0tmi1k 4720d1a31e OCD fixes - Spaces 2017-07-14 08:46:59 +01:00
Brendan Coles e20169c428 Disable VMware hint popups 2017-06-20 11:39:57 +00:00
Brendan Coles 668aa4edaf Use WfsDelay 2017-06-20 08:56:33 +00:00
Brendan Coles 4f6eab102f Code cleanup 2017-06-20 00:55:33 +00:00
Brendan Coles 1bd7a0ea2a Replace tabs with spaces 2017-06-20 00:06:50 +00:00
Brendan Coles cf8cf564b2 Add VMware Workstation ALSA Config File Privesc module 2017-06-18 11:16:25 +00:00
h00die 361cc2dbeb fix newline issue and service call 2017-05-30 22:37:26 -04:00
h00die f98b40d038 adds check on service writing before running it 2017-05-30 22:14:49 -04:00
William Vu b794bfe5db Land #8335, rank fixes for the msftidy god 2017-05-07 21:20:33 -05:00
Bryan Chu 88bef00f61 Add more ranks, remove module warnings 
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables

../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart

../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
 2017-05-07 15:41:26 -04:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
Brent Cook a60e5789ed update mettle->meterpreter references in modules 2017-04-26 17:55:10 -05:00
bwatters-r7 64c06a512e Land #8020, ntfs-3g local privilege escalation 2017-04-04 09:48:15 -05:00
Bryan Chu 151ed16c02 Re-ranking files 
../exec_shellcode.rb
Rank Great -> Excellent

../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent

../hp_smhstart.rb
Rank Average -> Normal
 2017-04-02 18:33:46 -04:00
h00die e80b8cb373 move sploit.c out to data folder 2017-03-31 20:51:33 -04:00
Bryan Chu 5e31a32771 Add missing ranks 
../exec_shellcode.rb
Rank = Great
This exploit is missing autodetection and version checks,
but should be ranked Great due to high number of possible targets

../cfme_manageiq_evm_upload_exec.rb
Rank = Great
This exploit implements a check to assess target availability,
and the vulnerability does not require any user action

../dlink_dcs_930l_authenticated_remote_command_execution
Rank = Excellent
Exploit utilizes command injection

../efw_chpasswd_exec
Rank = Excellent
Exploit utilizes command injection

../foreman_openstack_satellite_code_exec
Rank = Excellent
Exploit utilizes code injection

../nginx_chunked_size
Rank = Great
Exploit has explicit targets with nginx version auto-detection

../tp_link_sc2020n_authenticated_telnet_injection
Rank = Excellent
See dlink_dcs_930l_authenticated_remote_command_execution,
exploit uses OS Command Injection

../hp_smhstart
Rank = Average
Must be specific user to exploit, no autodetection,
specific versions only
 2017-03-31 02:39:44 -04:00
h00die fb5e090f15 fixes from jvoisin 2017-02-28 20:09:26 -05:00