adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
43,599 Commits 27 Branches 1,043 Tags
f1be6b720b7aaec00d5d9e5dd19be2ebbfbaf64b
Commit Graph

747 Commits

Author SHA1 Message Date
OJ 6ee5d83a15 Add the COM hijack method for bypassing UAC 2017-07-31 14:26:39 +10:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
Brent Cook 8db3f74b81 fix a broken link 2017-07-24 05:53:09 -07:00
Brent Cook 838b066abe Merge branch 'master' into land-8716 2017-07-24 05:51:44 -07:00
g0tmi1k e710701416 Made msftidy.rb happy 
...untested with the set-cookie 'fix'
 2017-07-21 19:55:26 -07:00
g0tmi1k ef826b3f2c OCD - print_good & print_error 2017-07-19 12:48:52 +01:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
g0tmi1k a008f8e795 BruteForce - > Brute Force 2017-07-19 10:39:58 +01:00
David Maloney 2a1c661c79 Land #8723, Razr Synapse local exploit 
lands ZeroSteiner's Razr Synapse local priv esc module
 2017-07-17 13:34:17 -05:00
Spencer McIntyre b4813ce2c7 Update the pre-exploit check conditions 2017-07-15 14:48:54 -04:00
Spencer McIntyre 833b2a67d4 Fix the architecture check for only x64 2017-07-14 07:06:54 -04:00
g0tmi1k 4720d1a31e OCD fixes - Spaces 2017-07-14 08:46:59 +01:00
g0tmi1k fd843f364b Removed extra lines 2017-07-14 08:17:16 +01:00
Spencer McIntyre 5470670223 Change the hook for windows 10 compatibility 2017-07-13 11:49:06 -04:00
Spencer McIntyre 53d5060fbd Add the LPE for CVE-2017-9769 2017-07-10 16:57:23 -04:00
David Maloney 2ee6df66cf Land #8514, wmi persistence module 2017-07-10 09:53:55 -05:00
NickTyrer f4c739c190 check if running as system 2017-07-10 10:05:57 +01:00
NickTyrer 994f00622f tidy module output 2017-06-29 16:12:23 +01:00
NickTyrer bc8de0fc66 fixed issue where starting waitfor.exe would hang the module 2017-06-24 20:54:31 +01:00
NickTyrer aa18598580 updated cleanup method to remove_persistence to prevent creating rc file even if module fails 2017-06-24 19:20:02 +01:00
NickTyrer 655358cdf1 added missing newline in cleanup method 2017-06-23 17:58:11 +01:00
NickTyrer 916a4da182 fixed cleanup method to include all cleanup options 2017-06-23 17:38:48 +01:00
NickTyrer 412ea9432d removed whitespace 2017-06-23 17:17:07 +01:00
NickTyrer e7d6d5350f added WAITFOR persistence method 2017-06-23 17:05:39 +01:00
NickTyrer 24404ae40f added heredoc to tidy formatting 
changed USER persistence method to EVENT to better describe technique
removed "auditpol.exe /set /subcategory:Logon /failure:Enable" command from subscription_event method to be more opsec safe
added CUSTOM_PS_COMMAND advanced option
updated description to reflect changes
 2017-06-21 18:15:13 +01:00
NickTyrer 681f9f37a6 updated check if powershell is available 2017-06-19 08:35:57 +01:00
NickTyrer 096469a8ec added PROCESS persistence method 2017-06-18 20:42:07 +01:00
NickTyrer 6096e373cc removed whitespace 2017-06-17 10:44:30 +01:00
NickTyrer 85173f36f7 moved exploit method moved to top 
added logon persistence option
fixed typo
cleaned up formatting
 2017-06-17 10:30:38 +01:00
NickTyrer 09e4974b99 removed whitespace at end of lines 2017-06-06 14:44:37 +01:00
NickTyrer 1831056010 updated disclosure date 2017-06-06 14:32:19 +01:00
bwatters-r7 f47cc1a101 Rubocop readability changes 2017-06-05 14:32:45 -05:00
NickTyrer 994995671e added wmi_persistence module 2017-06-05 17:44:37 +01:00
amaloteaux 93bb47d546 msftidy fix 2017-05-22 19:27:15 +01:00
amaloteaux 092e7b96b8 typo 2017-05-22 17:27:50 +01:00
amaloteaux 74c08cebee Add bypassuac fodhelper module for Windows 10 2017-05-22 17:25:17 +01:00
Spencer McIntyre f39e378496 Land #8330, fix ps_wmi_exec and psh staging 2017-05-13 14:26:47 -04:00
William Vu b794bfe5db Land #8335, rank fixes for the msftidy god 2017-05-07 21:20:33 -05:00
Bryan Chu 88bef00f61 Add more ranks, remove module warnings 
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables

../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart

../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
 2017-05-07 15:41:26 -04:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
Brandon Knight c4b3ba0d14 Actually removing msf/core this time... >< 
Helps to actually remove the bits that were failing. Now with even more
removal of msf/core!
 2017-04-28 21:42:06 -04:00
Brandon Knight ff263812fc Fix msftidy warnings 
Remove explicitly loading msf/core and self.class from the register_
functions.
 2017-04-28 21:26:53 -04:00
Brandon Knight f8fb03682a Fix issue in ps_wmi_exec and powershell staging 
The staging function in the post/windows/powershell class was broken
in a previous commit as the definition for env_variable was removed and
env_prefix alone is now used. This caused an error to be thrown when
attempting to stage the payload. This changes the reference from
env_variable to env_prefix.

Additionally, the ps_wmi_exec module created a powershell script to be
run that was intended to be used with the EncodedCommand command line
option; however the script itself was never actually encoded. This
change passes the compressed script to the encode_script function to
resolve that issue.
 2017-04-28 03:31:56 -04:00
h00die a47a479bd3 add else case 2017-02-12 19:08:31 -05:00
wchen-r7 1e9d80c998 Fix another typo 2016-12-01 11:16:06 -06:00
wchen-r7 b8243b5d10 Fix a typo 2016-12-01 11:15:26 -06:00
OJ 6890e56b30 Remove call to missing function 2016-12-01 07:57:54 +10:00
OJ 6ae8a2dd2e Remove unused/empty function body 2016-11-21 17:59:49 +10:00
OJ 8c036885bc Fix msftidy issues 2016-11-21 17:23:03 +10:00
OJ e226047457 Merge 'upstream/master' into the bypassuac via eventvwr mod 2016-11-21 17:18:40 +10:00