adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
61,817 Commits 27 Branches 1,043 Tags
f96dc59cd4e50529c586fa59a4ef23125ed18a50
Commit Graph

1405 Commits

Author SHA1 Message Date
Grant Willcox 3bca3b0bcb Update exploit code to use & after the command to execute as root so it executes in the background and doesn't hang Metasploit. Also update the logic of the code to check the response from executing the exploit and respond accordingly and update the documentation to match 2021-08-31 15:07:37 -05:00
Grant Willcox bd490d35ed Add support for Linux 5.11.x on Fedora 2021-08-23 15:09:10 -05:00
Grant Willcox e46611cffb Add in support for exploiting Fedora 32 with Linux kernel 5.10.12 2021-08-20 18:04:59 -05:00
Grant Willcox 75ae2b76f5 Add support for Fedora 32 Linux Kernel 5.9.8-100 and also fix an error where the wrong file was being used for Fedora 32 Linux Kernel 5.8.8. 2021-08-20 16:50:20 -05:00
Grant Willcox 5abf407228 Add support for Fedora 32 with Linux Kernel 5.8.8-200 2021-08-20 15:42:34 -05:00
Grant Willcox dd806a9d61 Add in support for Fedora 32 running kernel 5.7.11-200 2021-08-20 13:37:52 -05:00
Grant Willcox b60ad3ee26 Fix up mistakes I noticed whilst doing edits on the code as well as some mistakes identified during peer review 2021-08-19 13:55:54 -05:00
Grant Willcox d5df47692c Add in first copy of the exploit along with the supporting source code and binaries. Documentation to come 2021-08-17 18:01:14 -05:00
Christophe De La Fuente ccaedd6c9a Last additions and improvements 
- add binaries
- add documentation
- backup `runc` binary in the exploit C file
- add `MeterpreterBackground` options to set Mettle `background` option
- add `WsfDelay` logic
- refactor code
- add cleanup logic
- add restore `runc` binary logic
 2021-06-30 11:02:11 +02:00
Christophe De La Fuente 1b59b8c83e Rebase and fix conflicts in lib/msf/core/post/common.rb 2021-06-30 11:02:11 +02:00
bwatters 8e1391f098 Land #15216, Fix targeting for CVE-2021-21551 
Merge branch 'land-15216' into upstream-master
 2021-05-21 14:56:08 -05:00
bwatters 72375d1f67 Land #15024, Add RCE Exploit For CVE-2020-0796 (SMBGhost) 
Merge branch 'land-15024' into upstream-master
 2021-05-20 17:02:04 -05:00
Spencer McIntyre 5e13fdb7dc Couple of minor cleanups for the assembly stub 2021-05-20 17:20:57 -04:00
Spencer McIntyre 78d47b11f2 Add targeting for Windows 10 v21H1 2021-05-18 12:56:02 -04:00
Spencer McIntyre c5b022e2f2 Fix Windows 10 versioning by using ranges 2021-05-18 10:28:27 -04:00
Spencer McIntyre d990e884af Add and test even more targets 2021-05-13 17:27:58 -04:00
Spencer McIntyre eb89550f85 Clear up some target offset discrepancies 2021-05-13 16:06:15 -04:00
Spencer McIntyre 7d841a0f79 Add a target for Windows 7 x64 2021-05-13 14:24:15 -04:00
Spencer McIntyre 4825407d21 Add a target for Windows 8.1 x64 2021-05-13 12:56:47 -04:00
Spencer McIntyre 8a1341060d Fix a couple of errors from not cleaning up 2021-05-13 12:34:14 -04:00
Spencer McIntyre ff2516a7f2 Update CVE-2021-1732 to reduce code reuse 2021-05-12 16:41:43 -04:00
Spencer McIntyre 477749f77f Refactor the code to be reusable and add docs 2021-05-12 16:36:17 -04:00
Spencer McIntyre d3de52da59 The exploit is now functional for Win10 v1803-20H2 2021-05-12 16:14:59 -04:00
Spencer McIntyre 5b39cead93 Add the UpgradeToken functionality 2021-05-12 14:53:41 -04:00
Spencer McIntyre 7f0a1d1707 Initial commit of CVE-2021-21551 
This is still a work in progress but the initial requirements are
falling into place.
 2021-05-12 12:28:20 -04:00
Spencer McIntyre a9d3120aa9 Combine the shellcode move operations 2021-04-13 16:46:26 -04:00
Spencer McIntyre ec962cf2be Adjust the hal heap base address calculation 2021-04-13 13:11:24 -04:00
Spencer McIntyre 0e117cc83a Update the LPE exploit paths in Visual Studio 2021-04-09 14:15:11 -04:00
Spencer McIntyre d8bed16d4d Refactor constants into a proper target hash 2021-04-09 14:15:11 -04:00
Spencer McIntyre c4055f348c Restructure and refactor the kernel mode shellcode 2021-04-09 14:15:11 -04:00
Spencer McIntyre f3df076067 Only upgrade the token of EProcess was found 2021-03-16 15:20:44 -04:00
Spencer McIntyre c11900b9ab Add support for Windows 2004 & 20H2 2021-03-15 17:28:38 -04:00
Spencer McIntyre f0a9a1deb3 Add the initial exploit for CVE-2021-1732 2021-03-12 17:30:22 -05:00
Grant Willcox adbb6f164f Add source code for generating emp.ser 2021-03-03 10:14:48 -06:00
Christophe De La Fuente ab9dd177b7 Add kernel file version check to avoid BSOD on Win10 x86 2021-02-15 21:10:10 +01:00
Christophe De La Fuente eaa550fa97 Changes compiler subsystem to window 2021-02-02 17:57:52 +01:00
Christophe De La Fuente 4b3379a821 Remove CRT library from the Template 2021-01-28 19:59:46 +01:00
Christophe De La Fuente 8af5ee8a32 Add Process Herpaderping evasion module and binaries 2021-01-22 18:33:10 +01:00
Spencer McIntyre 33bd712e0a Land #14585, Create module for CVE-2020-17136: Cloud Filter Arbitrary File Creation EoP 2021-01-11 17:16:40 -05:00
Grant Willcox 3072391d00 Make second round of review edits to fix Spencer's comments 2021-01-08 12:50:52 -06:00
Christophe De La Fuente 17c393f101 Land #14046, Adding juicypotato-like privilege escalation exploit for windows 2021-01-06 16:02:05 +01:00
Grant Willcox b916789041 Add in source for the compiled exploit 2021-01-04 12:17:52 -06:00
Tim W 7af996ae4c add offsets 2020-12-14 14:54:54 +00:00
Tim 69a26bfb6c fix external/source/exploits/CVE-2020-1054/dllmain.cpp placeholder 
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2020-12-14 14:54:54 +00:00
Tim W a30cdfc892 Fix #14254, Add CVE-2020-1054, win32k DrawIconEx OOB Write LPE 2020-12-14 14:54:54 +00:00
C4ssandre 4bfd9e4b2a Fixing a little error. 2020-12-10 05:15:37 -05:00
C4ssandre 4883050f7f Adding new options to module. Now it is possible to choose which process to launch as SYSTEM, as well as the port the exploit will listen (because on some Windows configuration, WinRM should listen on port 47001). 2020-12-10 03:53:06 -05:00
C4ssandre 61f76b77b9 Removing useless token verification batch of code. 2020-12-08 13:43:32 -05:00
C4ssandre d997b07ded Fixing inconsistency in flags for spnego token processes. 2020-12-08 13:35:40 -05:00
C4ssandre bda377cb7e Passing "notepad.exe" to const. 2020-12-08 13:19:56 -05:00