8473662e32
Land #13463 , Oracle WebLogic CVE-2020-2555 exploit
2020-05-20 23:21:07 -05:00
8631babcbb
Update CVE-2019-13272 pre-compiled exploit
2020-05-11 13:36:41 +00:00
dbc2b8b006
Update CVE-2019-13272 exploit C code to prefer auto targeting
...
Previously, the exploit would attempt to use a hardcoded list of
known useful helpers and fall back to automatic targeting. This
logic has been reversed, preferring automatic targeting first.
2020-05-09 03:59:31 +00:00
9769e04b6e
Land #13322 , CVE-2020-0668 Service tracing file junction overwrite
2020-05-07 09:47:20 -04:00
a1275845ec
Land #13200 , CVE-2019-0808 LPE for Windows 7 x86 SP0 and SP1
2020-05-06 17:23:52 -05:00
1c79674620
Recompile DLL and alter vcxproj file to automatically place generated DLL in right folder
2020-05-06 16:33:01 -05:00
587fc0ff09
add PoC
2020-05-04 11:08:38 -05:00
b8dc843b48
add binary
2020-05-01 19:02:54 +08:00
7213d379ec
Add Uso dll
2020-04-23 15:18:22 -05:00
0bbb822fe4
Working through mountpoint issues
2020-04-21 09:54:45 -05:00
e1f1ad45bc
working exploit
2020-04-19 15:19:19 -04:00
58074dc6bb
waiting on metasm question
2020-04-18 20:26:45 -04:00
3392fa18d4
Add the x64 LPE exploit for CVE-2020-0796
2020-04-02 17:22:00 -04:00
f59ec03c42
Land #12465 , add Android Binder UAF (CVE-2019-2215)
2020-02-23 01:06:33 -08:00
394e99fbe9
Land #12568 , Fix exploit/windows/local/ms16_032_secondary_logon_handle_privesc
2020-01-30 11:57:56 +01:00
3491da7da0
Add a random sentinel to close channel when terminates ( #1 )
...
* Add a random sentinel to close channel when terminates
* Replace spaces with tabs to be consistent
* Remove unnecessary escaped quotes and use include? instead of regex
2020-01-25 23:30:49 +01:00
cfffb65a21
Land #12859 , update AF_PACKET chocobo_root linux LPE
2020-01-24 17:30:13 +08:00
6f6cc00871
Land #12751 , add Linux RDS socket NP deref privesc
2020-01-22 07:08:47 -06:00
19b1f567b2
Update AF_PACKET chocobo_root Privilege Escalation module
2020-01-19 11:51:01 +00:00
36b6ceb56f
Add rds_atomic_free_op_null_pointer_deref_priv_esc (CVE-2018-5333)
2020-01-18 08:34:52 +00:00
894927d960
Land #12693 , add Comahawk privilege escalation
2019-12-18 15:40:51 -06:00
7e05642a1b
Randomize container name
2019-12-12 07:48:01 -06:00
0257861c4f
Remove debug statements and extra c/ruby libraries
2019-12-11 18:42:36 -06:00
942d1e3962
Trim exploit code and de-pasta-fy module
...
Better check for build number
2019-12-10 18:09:08 -06:00
8a9dd35793
First draft of windows comahawk priv esc
2019-12-09 19:09:15 -06:00
4c95150491
add xml erb file
2019-12-02 08:44:37 -06:00
6766d9f6f7
Fix exploit/windows/local/ms16_032_secondary_logon_handle_privesc
...
- Powershell script was outdated.
Updated from https://www.exploit-db.com/exploits/39719
- Powershell script was buggy when current directory
was set to e.g. C:\ProgramData. (Get-Item Error)
Fixed.
- Stager was being dropped to current directory, but
it is not guaranteed that we always have permission
to write a file there. Use %TEMP% instead.
- Exploit only seems to work when executed under
a powershell of the same architecture as the
host. (Not WOW64)
This module now ensures that no matter the
architecture of the meterpreter, a powershell
of the same architecture as the host is being
run. (Using Sysnative directory when on WOW64)
- Stager was broken, now generating stager with Rex
and dropping stager as `.ps1` instead of `.txt`.
Ideally the exploit should be rewritten to
accept a shellcode payload directly or a smaller
stager powershell should be created so that it
fits in under 1024 bytes and can be fed directly
to CreateProcessWithLogonW without dropping to
disk.
2019-11-13 05:01:47 +01:00
991ccdbda5
Land #12106 , Add Linux PTRACE_TRACEME local root exploit
2019-10-23 14:01:14 +00:00
a5a3e28984
Initial commit of CVE-2019-2215 Android Binder Use-After-Free
2019-10-17 18:48:49 +08:00
4710322cd7
Land #11762 , add sosreport privesc
2019-09-24 09:48:57 -05:00
bade8bfc48
add live compiling
2019-09-03 17:31:04 +08:00
dc07b78dcd
@LoadLow Marks the generated ODT file readonly
2019-08-18 18:36:31 +02:00
9b1a3b4033
Marks the generated ODT file readonly
...
Prevents autosave and further modifications after opening the document on the target system.
2019-08-18 17:59:25 +02:00
e6b72b5b43
Cleanup odt metadata
...
Metadata part is not mandatory on ODT files
2019-08-18 17:51:36 +02:00
409b3c9c4b
using python payload for platform independence
2019-08-16 15:36:42 -05:00
5f478b7fd6
Adds exploit module for CVE-2019-9848
...
uses on dom-loaded event (triggered just after opening the document) and still working on 6.2.5
2019-07-30 23:07:20 +02:00
c47caec03f
Land #12107 , Add module Redis Unauthenticated Code Execution
2019-07-28 21:40:03 -05:00
07f3c074d4
Add doc and enhance the module.
2019-07-20 00:17:57 +08:00
b6697f5016
Add redis rce module and data stuff.
...
To do:
1. Check env of system and compiler.
2. Add a compiled so file to be compatible with windows and mac.
3. Add doc.
2019-07-17 15:33:02 +08:00
27bb166938
Land #12011 , Add module for cve-2018-8453
2019-07-15 11:31:07 -05:00
5c0bbbbaa0
Land #12070 , Add module for CVE-2019-0841
2019-07-15 09:32:47 -05:00
f7c252eef3
move source to external/source directory
2019-07-09 09:08:28 -05:00
a55aea33a9
Add cve-2018-8453 exploit module
2019-07-09 07:15:13 -05:00
c69799262d
fixed issue with hard link exe
2019-07-03 15:44:00 -05:00
a83812ad55
add source code, compiled exe for diaghub loading
2019-07-03 14:32:22 -05:00
e50ab5cd13
Land #11726 , add exploit for CVE-2019-8513, macOS TimeMachine cmd injection
2019-06-29 05:36:12 -05:00
f3b509a1bc
Implement on_request_uri
2019-06-25 23:47:19 -05:00
d3cd1a3fa0
added VS2013 compiled executables
2019-06-19 15:19:00 -05:00
5b188a02ba
add code that makes hard links
2019-06-06 15:59:53 -05:00
b8abb550e6
Land #11924 , Update adobe_flash_opaque_background_uaf for Win 10
2019-06-04 00:51:34 -05:00
William Vu