adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
61,817 Commits 27 Branches 1,043 Tags
f96dc59cd4e50529c586fa59a4ef23125ed18a50
Commit Graph

2672 Commits

Author SHA1 Message Date
bwatters ff50a94348 Land #15567, Add in Exploit for CVE-2021-3490 
Merge branch 'land-15567' into upstream-master
 2021-08-31 18:46:25 -05:00
Grant Willcox 3bca3b0bcb Update exploit code to use & after the command to execute as root so it executes in the background and doesn't hang Metasploit. Also update the logic of the code to check the response from executing the exploit and respond accordingly and update the documentation to match 2021-08-31 15:07:37 -05:00
Grant Willcox bd490d35ed Add support for Linux 5.11.x on Fedora 2021-08-23 15:09:10 -05:00
h00die b8d3fda3a6 update wordpress themes and plugins list 2021-08-22 09:07:18 -04:00
Grant Willcox e46611cffb Add in support for exploiting Fedora 32 with Linux kernel 5.10.12 2021-08-20 18:04:59 -05:00
Grant Willcox 75ae2b76f5 Add support for Fedora 32 Linux Kernel 5.9.8-100 and also fix an error where the wrong file was being used for Fedora 32 Linux Kernel 5.8.8. 2021-08-20 16:50:20 -05:00
Grant Willcox 5abf407228 Add support for Fedora 32 with Linux Kernel 5.8.8-200 2021-08-20 15:42:34 -05:00
Grant Willcox dd806a9d61 Add in support for Fedora 32 running kernel 5.7.11-200 2021-08-20 13:37:52 -05:00
Spencer McIntyre 75e63992d6 Write an exploit for ProxyShell 2021-08-18 10:50:34 -04:00
Grant Willcox d5df47692c Add in first copy of the exploit along with the supporting source code and binaries. Documentation to come 2021-08-17 18:01:14 -05:00
Tim W 39455827aa Land #15254, use obfuscated powershell protection bypasses 2021-07-12 12:20:17 +01:00
Christophe De La Fuente ccaedd6c9a Last additions and improvements 
- add binaries
- add documentation
- backup `runc` binary in the exploit C file
- add `MeterpreterBackground` options to set Mettle `background` option
- add `WsfDelay` logic
- refactor code
- add cleanup logic
- add restore `runc` binary logic
 2021-06-30 11:02:11 +02:00
Spencer McIntyre 82c078c888 Updates for psexec usage 2021-05-25 14:38:52 -04:00
Spencer McIntyre 2dc2831d7a Obfuscate the ScriptBlock class reference 2021-05-25 14:38:52 -04:00
Spencer McIntyre 4920800340 Add a null check to the PSH bypass code 
Powershell version 3 does not have
`System.Management.Automation.AmsiUtils` so check that it's present
before setting the field.
 2021-05-25 14:38:52 -04:00
Spencer McIntyre eddb6af650 Add block level randomization for the PSH bypass 2021-05-25 14:38:52 -04:00
Spencer McIntyre 38b45380f4 Fix and process block edges within the GraphML 2021-05-25 14:38:50 -04:00
bwatters 8e1391f098 Land #15216, Fix targeting for CVE-2021-21551 
Merge branch 'land-15216' into upstream-master
 2021-05-21 14:56:08 -05:00
Spencer McIntyre 86df5b0122 Add the data file for bypassing PSH protection 2021-05-19 12:42:43 -04:00
Spencer McIntyre 56388cd696 Land #15146, Add support for extra OSes for CVE-2021-3156 (Baron Samedit) 2021-05-18 18:02:30 -04:00
Spencer McIntyre 78d47b11f2 Add targeting for Windows 10 v21H1 2021-05-18 12:56:02 -04:00
Spencer McIntyre c5b022e2f2 Fix Windows 10 versioning by using ranges 2021-05-18 10:28:27 -04:00
h00die 19df33ee78 update wordpress plugins and themes 2021-05-15 09:42:01 -04:00
Jack Heysel eb4573164b Addressed comments 2021-05-14 17:46:26 -05:00
Jack Heysel e29dce4f08 Removed comments from powershell script 2021-05-14 17:45:42 -05:00
Jack Heysel 5640dac24d Fixed sc command, updated check method, moved tokenmagic.ps1 2021-05-14 17:44:07 -05:00
Jack Heysel ca637be0c9 Fixed powershell script, updated authors 2021-05-14 17:44:06 -05:00
Jack Heysel 1eab94cc26 beta draft 2021-05-14 17:43:44 -05:00
bwatters 8792febcf8 Land #15190, Add Exploit For CVE-2021-21551 (Dell DBUtil_2_3 IOCTL) 
Merge branch 'land-15190' into upstream-master
 2021-05-14 13:55:12 -05:00
Spencer McIntyre d990e884af Add and test even more targets 2021-05-13 17:27:58 -04:00
Spencer McIntyre eb89550f85 Clear up some target offset discrepancies 2021-05-13 16:06:15 -04:00
Spencer McIntyre 7d841a0f79 Add a target for Windows 7 x64 2021-05-13 14:24:15 -04:00
Spencer McIntyre 4825407d21 Add a target for Windows 8.1 x64 2021-05-13 12:56:47 -04:00
Spencer McIntyre 8a1341060d Fix a couple of errors from not cleaning up 2021-05-13 12:34:14 -04:00
Spencer McIntyre ff2516a7f2 Update CVE-2021-1732 to reduce code reuse 2021-05-12 16:41:43 -04:00
Spencer McIntyre 477749f77f Refactor the code to be reusable and add docs 2021-05-12 16:36:17 -04:00
Spencer McIntyre d3de52da59 The exploit is now functional for Win10 v1803-20H2 2021-05-12 16:14:59 -04:00
Justin Steven fa73c0af3e Add CVE-2021-22204 ExifTool ANT perl injection 2021-05-11 12:02:12 +10:00
Ashley Donaldson fbc291bc22 Tested on various other Fedora's 2021-05-04 14:18:16 +10:00
Ashley Donaldson 0435e281d9 Updated CVE-2021-3156 documentation to reflect code changes. 2021-05-03 16:45:50 +10:00
Ashley Donaldson b1d2c39c98 Added second CentOS 7 exploit 2021-04-30 18:30:19 +10:00
Ashley Donaldson 124d157a1c Added CVE-2021-3156 exploits for CentOS 7 and 8 2021-04-30 17:25:59 +10:00
Ashley Donaldson 79152cafe6 Added support for Ubuntu 14.04.3 for CVE-2021-3156 2021-04-29 20:48:51 +10:00
Ashley Donaldson 0ee1d5fbe3 Ensure exploit is compatible with both python3 and python2 2021-04-29 18:52:56 +10:00
Ashley Donaldson 9d9d3ce061 Added Ubuntu 16.04-specific exploit script to CVE-2021-3156 module 
The generic approach used for other targets doesn't work for 16.04, as that one relies on tcache bins, which are not present in glibc 2.23.
 2021-04-29 18:28:13 +10:00
Ashley Donaldson fcd17ed3b1 Port sudoedit exploit to Python 
It's assumed that Python is more likely to be present on the target system
than gcc, so is better as a dependency.
 2021-04-29 13:17:32 +10:00
bwatters 11b12e4c63 Land #14869, Add Windows post module for gathering Exchange mailboxes 
Merge branch 'land-14869' into upstream-master
 2021-03-26 15:08:06 -05:00
sophosyaniv 87580c1340 randomize output delimiters 2021-03-25 20:15:34 -07:00
bwatters 2c1869f9df Land #14907, Add exploit for CVE-2021-1732 
Merge branch 'land-14907' into upstream-master
 2021-03-18 14:29:59 -05:00
Spencer McIntyre f3df076067 Only upgrade the token of EProcess was found 2021-03-16 15:20:44 -04:00