adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,342 Commits 27 Branches 1,043 Tags
f2e5e77e2700a39bf447300e53bb52eeafdcbea3
Commit Graph

1378 Commits

Author SHA1 Message Date
Spencer McIntyre f2e5e77e27 Fix bypassuac_injection_winsxs for x64 
Tested on Windows 8.1, prior to these chagnes the bad railgun definition
would cause the session to crash.
 2023-02-03 13:02:53 -05:00
Spencer McIntyre 3ddcf73c2b Remove the QUICK option altogether 
Use blocks to check whether each service is exploitable as they are
enumerated. With this change, it is the service and path enumeration
halts once an exploitable one is found that yields a session.

Also all files are registered for cleanup.
 2023-01-13 17:06:42 -05:00
h00die f98d1d838b unquoted service path tweaks to check 2023-01-13 17:06:42 -05:00
h00die 90a12cf3b0 unquoted service path tweaks 2023-01-13 17:06:42 -05:00
h00die a6ec7762ea unquoted service path tweaks 2023-01-13 17:06:42 -05:00
h00die c52eb09cbb unquoted service path tweaks 2023-01-13 17:06:42 -05:00
Spencer McIntyre d09aef7dc5 Land #17350, Remove unnecesary sleep 
Remove unnecesary sleep in several bypassuac modules
 2022-12-12 17:45:10 -05:00
Spencer McIntyre 5a66666b4d Fix check methods by using #present? 2022-12-12 16:53:34 -05:00
Ashley Donaldson 8d097e0fd0 Fixes bug in s4u_persistence module 2022-12-09 11:24:16 +11:00
Ashley Donaldson c54109586c Remove unnecesary sleep in several bypassuac modules 2022-12-09 11:09:19 +11:00
cgranleese-r7 8e9e8468f2 Land #17338, Lint modules 2022-12-05 13:17:40 +00:00
adfoster-r7 14d05c9c6c Lint modules 2022-12-05 10:41:31 +00:00
bcoles 431804ef15 Fix typos: Replace 'the the' with 'the' 2022-12-04 17:41:24 +11:00
bwatters ef0ca2edbb Land #17057, Msf::Post::Windows::ExtAPI: Remove load_extapi method 
Merge branch 'land-17057' into upstream-master
 2022-10-07 15:54:52 -05:00
bcoles 5f92d9418d Modules: Fix Stability/SideEffects/Reliability notes for several modules 2022-10-01 17:54:59 +10:00
bcoles 5531e3dcab Msf::Post::Windows::ExtAPI: Remove load_extapi method 2022-09-23 17:41:20 +10:00
adfoster-r7 3a281234df Add feature flagged datastore rewrite, with support for option fallback lookups 2022-09-16 12:59:02 +01:00
bcoles 666a3efcfd ms10_092_schelevator: Cleanup 2022-08-19 15:19:28 +10:00
Grant Willcox 7df60f71b6 Remove SCHELEVATOR echo statement as its not needed anymore 2022-07-28 11:02:59 -05:00
Christophe De La Fuente 0e3fdd0799 Fix from code review 2022-06-29 19:18:47 +02:00
Christophe De La Fuente a9d3e7c758 Fix run_as module on x64 systems 2022-06-27 13:21:58 +02:00
Christophe De La Fuente 52a8191821 Fix vss_persistence module and remove Windows 7 target 2022-05-25 13:11:34 +02:00
Christophe De La Fuente 5fd18ef864 Fixes from review 2022-05-19 14:54:07 +02:00
Christophe De La Fuente 7992cb2072 Update vss_persistenceand persistence_exe modules to includes 
changes in `TaskScheduler` mixin
 2022-05-17 14:52:47 +02:00
Christophe De La Fuente 14cd7bc335 Add task scheduler mixin and update persistence_exe and vss_persistence modules 2022-05-17 14:52:47 +02:00
Jeff McJunkin d1034c8b57 s4u_persistence.rb: Allow all post-Vista builds 
Currently this module doesn't account for Server builds 2016 and above, nor Windows 10 builds. This PR fixes the `sysinfo` comparison to allow later builds.

Note: Many other modules have this problem, and it's probably worth Rapid7 staff time to standardize the usage of build comparisons inside modules.
 2022-04-21 15:33:42 -07:00
Spencer McIntyre 5de966cfb1 Land #16382, CVE-2022-26904 SuperProfile LPE 2022-04-07 12:52:39 -04:00
Grant Willcox 51e37bbe42 Add in process kill off code for Meterpreter sessions, seems I forgot to include this 2022-04-07 10:48:08 -05:00
Grant Willcox 4638067723 Fix RuboCop errors 2022-04-06 09:18:05 -05:00
Grant Willcox c8c91fcaf3 Add in fix to ensure that we can spawn sessions automatically on Windows 10 20H2 and other systems were we hit a bug with UAC prompts from the exploit DLL itself not triggering the payload 2022-04-05 19:16:48 -05:00
Grant Willcox db4b22df5e Update the exploit code to output errors in a better format, and fix a potential issue when trying to delete folders recursively. Also update exploit module to try kill msiexec.exe if its still running to prevent it holding onto handles when it shouldn't be. 2022-04-04 17:58:52 -05:00
Grant Willcox 57473850c1 Fix up RuboCop errors as last change made it so that we had an unless elsif statement which isn't valid in Ruby 2022-03-31 12:52:16 -05:00
Grant Willcox 743138abed Add in initial fixes from review and remove extra BREAKAWAY_FROM_JOB code changes not directly related to this PR as we'll raise a separate PR for those 2022-03-31 12:13:29 -05:00
Grant Willcox 51df37de87 Add in documentation and also update the module to handle NarratorQuickstart.exe which sometimes comes up and can lead to visual indicators 2022-03-28 17:53:53 -05:00
Grant Willcox bd3e0c1b53 Add in support for exploiting domain joined systems 2022-03-28 16:14:19 -05:00
Grant Willcox b408197cb7 Another round of RuboCop 2022-03-25 17:37:05 -05:00
Grant Willcox 393765a2f0 Add in UAC checks to ensure PromptOnSecureDesktop is set appropriately before attempting to exploit. Also clean up some of the extra code to prevent unneeded cmd level commands from running 2022-03-25 17:26:48 -05:00
Grant Willcox 56e21ae3a2 Update check code to now use cmd_exe as other call was hanging forever, and also update the check code to use Meterpreter functions if available vs always running shell commands. 2022-03-25 15:25:48 -05:00
Grant Willcox f7c271aaf4 Add in fixes from Spencer's quick initial review of module to address typos and proper check code return values 2022-03-25 14:14:56 -05:00
Grant Willcox e82c25841c RuboCop module to pass tests 2022-03-25 12:45:00 -05:00
Grant Willcox 561c5d513e Update module's on_new_session code 2022-03-25 12:16:44 -05:00
Grant Willcox 8e73710843 Add in on_new_session method to do automatic cleanup with supported session types. Think this is only Meterpreter at the moment 2022-03-24 14:36:29 -05:00
Grant Willcox e5c0259723 Add CREATE_BREAKAWAY_FROM_JOB flag to source files related to DLL generation, update the exploit source to denote how to clean up in case the payload can't clean up 2022-03-23 19:38:32 -05:00
Grant Willcox b1ce05f97c Add in updated Ruby code and also update the DLLs and prepend_migrate.rb to use the CREATE_BREAKAWAY_FROM_JOB flag with CreateProcess to break away from the job if the job has the JOB_OBJECT_LIMIT_BREAKAWAY_OK limit set to allow breakaway jobs 2022-03-23 17:47:25 -05:00
Grant Willcox 715082a960 Update exploit and module with new delay timing and latest copy of DLL 2022-03-21 12:05:48 -05:00
sjanusz bbf9e3163a Fix file reads on Windows for binary files 2022-03-21 12:47:39 +00:00
bwatters b4de9fa92a Land #16344, Add module for CVE-2022-21999 and More Railgun Definitions 
Merge branch 'land-16344' into upstream-master
 2022-03-16 08:37:05 -05:00
Shelby Pace 381b91de45 change wording in arch check 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-03-15 16:45:36 -05:00
space-r7 e96ec401bf add arch check, fix logic error, add aka note 2022-03-15 12:58:39 -05:00
space-r7 99664efed7 use full user name, add test output to docs 2022-03-14 09:15:36 -05:00