b69db83398
Land #16202 , Add exploit for CVE-2022-21882 (Win32k LPE)
...
Merge branch 'land-16202' into upstream-master
2022-02-25 15:55:48 -06:00
fddd3f15c2
Fix up code so that it will not block on attempting to delete the configuration on the folder, just in case the configuration doesn't exist in the first place. Instead print a warning and continue.
2022-02-22 17:52:29 -06:00
443bf1249a
Remove all the old CVE-2021-1732 data
2022-02-18 15:25:39 -05:00
bcd7cb1122
Writeup the module metadata and docs
2022-02-18 15:23:44 -05:00
a7ace66b3f
Use send_request_cgi and update options to use HttpUsername and HttpPassword accordingly. This simplifies code. Also update documentation accordingly
2022-02-14 18:19:00 -06:00
c49591cf11
Add in changes to use targets array as per Spencer's suggestion so we can now spawn Meterpreter shells. Also remove ACCOUNT_LOCKOUTS and fix a call that should have been .get_xml_document
2022-02-14 17:38:10 -06:00
4c1b2478fa
Add in exploit and documentation
2022-02-11 13:58:56 -06:00
41ebb3aa29
Land #15903 , SMB Shadow Module: Direct SMB Session Takeover
2022-01-07 16:57:17 +01:00
3051c5d9f5
Add mutex to cleanup in smb_shadow
...
The mutex will prevent multiple calls to cleanup when the module is
stopped with Ctrl-C. Add a Notes section to the documentation which
describes arpspoof usage and such.
2022-01-07 14:18:15 +09:00
d55af3aa00
Add module doc
2021-12-23 12:27:57 -06:00
1915b1395e
Land #15742 , Added module for CVE-2021-40444
2021-12-08 17:46:02 -05:00
2f6710e02e
Remove the Not_Hosted target
...
It's not currently working and Metasploit should just handle everything
2021-12-08 17:22:44 -05:00
75deb69eab
Reformat the CVE-2021-40444 module docs
2021-12-08 16:45:22 -05:00
852230c739
Fix bug brought in by importing Msf::Post::File
...
Split out javascript to a file and deobfuscate it
Update documentation for new targets
Fix other small suggestions
2021-12-08 10:36:27 -06:00
609bf4be3c
Update smb_shadow module to clean unnecessary code
...
Remove the return statement after fail_with which will never be reached.
Add documentation for the module options. Reset the packet forwarding
settings during the module cleanup.
2021-12-07 08:41:52 +09:00
260ea0725c
Update smb_shadow module and docs for review
...
Add mutex to module to prevent race condition. Add sleep to after arp
query to prevent arp cache restoration. Add DefangedMode to indicate
system network changes. Change module INTERFACE option to be explicit.
Remove unnecessary module payload parameters. Add module Notes.
2021-12-03 14:33:40 +09:00
14064ff3f9
Update module description and remove extra module.
2021-11-29 15:23:02 -06:00
5fab1da09b
ms03_026_dcom: cleanup
2021-11-28 08:25:31 +00:00
e19511a31c
Update documentation for the smb_shadow module.
...
Add additional clarity and details to the existing documentation for the
smb_shadow module. Remove some outdated comments and fix some spelling
errors.
2021-11-25 08:12:13 +09:00
344bdacae4
Remove preferred payload
...
We'll add it back to Framework later.
2021-11-24 10:44:59 -06:00
e2734293e1
Add SMB Shadow Module: Direct SMB Session Takeover
...
This module intercepts direct SMB connections on the LAN.
Both the SMB Server and Client must be on the LAN.
The SMB Client must be authenticating to the Server as an Administrator.
This module is dependent on an external ARP spoofer.
2021-11-24 20:05:30 +09:00
d2c322e875
Revert option name styling in module doc
...
Bug in our local renderer's styling. GitHub renders it just fine.
2021-11-23 19:05:26 -06:00
053dc70782
Add words to module doc
2021-11-23 19:05:09 -06:00
a8daed1e79
Add module doc
2021-11-23 19:05:09 -06:00
8d55b16ade
Fix one more mistake and rename document and module to a more easy to find name
2021-11-11 16:42:58 -06:00
27310dc002
Add in exploit and documentation for CVE-2021-42237
2021-11-10 15:52:22 -06:00
3af93cbacc
Fix up changes from timwr's review so long
2021-11-09 10:36:50 -06:00
780a9370a2
First draft of code, documentation, and exploit DLL plus exploit code
2021-11-09 10:36:40 -06:00
38973510f7
update modules (auxiliary and exploit)
2021-11-09 15:18:58 +04:00
9f0804cbfb
Fix Meterpreter spelling mistake
2021-10-12 23:40:43 +01:00
56cd43a8b8
Land #15624 , Add module for CVE-2020-27955
2021-09-15 14:54:19 -04:00
abbb994dab
Updated docs
2021-09-07 13:55:21 -04:00
7fe44583fe
Updated docs
2021-09-07 13:32:52 -04:00
3c43bd409d
Added docs an Git User-Agent FP
2021-09-03 16:15:39 -05:00
95015f0c2b
Update the ProxyShell module docs
2021-08-27 17:50:28 -04:00
674628e600
Land #15384 , Improve Windows RDLL injection
2021-08-26 12:11:44 -04:00
5a80e9678c
Address Spencer's comments and remove changes that don't directly use the DLL injection library API change
2021-08-24 16:34:01 -05:00
31796c6236
Land #15561 , ProxyShell exploit
2021-08-19 10:31:02 -05:00
bcf00a0d3a
Update exchange_proxyshell_rce.md
2021-08-18 14:38:56 -05:00
75e63992d6
Write an exploit for ProxyShell
2021-08-18 10:50:34 -04:00
85ef49a79c
Land #15535 , Update psexec module to use SMBSHARE option name for consistency
2021-08-11 17:41:38 -05:00
5fdf990f24
Land #15519 , Lexmark Universal Print Driver Local Privilege Escalation
2021-08-11 15:03:53 -05:00
92327461d3
Add in driver installation instructions to documentation
2021-08-11 14:40:21 -05:00
7b25bd366f
Update documentation and fix a few typos so that it reflects latest changes
2021-08-11 12:25:36 -05:00
afa3d92774
Switched to upnp implementation
2021-08-10 18:17:18 -04:00
b9d2f30bbd
Update psexec module to use SMBSHARE option name for consistency
2021-08-10 13:17:57 +01:00
55404ff29f
Further fixes from review and further touch up edits
2021-08-09 14:23:05 -05:00
f8d838bba2
Fix first round of comments from the review process
2021-08-09 12:13:27 -05:00
838142362c
Apply first round of updates from review comments to improve explanations of the vulnerability and fix some minor issues
2021-08-09 09:59:09 -05:00
0e41a0e81e
Addressed all but one review items
2021-08-07 06:46:49 -04:00
bwatters