adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3aebe968bb91c97fe8a650e92dddde464fe0564e
metasploit-gs/external/source
T
History
OJ defc0ebe5c ppr_flatten_rec update, RDI submodule, and refactor 
This commit contains a few changes for the ppr_flatten_rec local windows
exploit. First, the exploit binary itself:

* Updated to use the RDI submodule.
* Updated to build with VS2013.
* Updated to generate a binary called `ppr_flatten_rc.x86.dll`.
* Invocation of the exploit requires address of the payload to run.

Second, the module in MSF behaved a little strange. I expected it to create
a new session with system privs and leave the existing session alone. This
wasn't the case. It used to create an instance of notepad, migrate the
_existing_ session to it, and run the exploit from there. This behaviour
didn't seem to be consistent with other local exploits. The changes
include:

* Existing session is now left alone, only used as a proxy.
* New notepad instance has exploit reflectively loaded.
* New notepad instance has payload directly injected.
* Exploit invocation takes the payload address as a parameter.
* A wait is added as the exploit is slow to run (nature of the exploit).
* Payloads are executed on successful exploit.
2013-11-27 20:44:18 +10:00
..
byakugan
Fix typo in license text
2013-01-07 23:29:49 -06:00
cmdstager/debug_asm
big commit - lots of cmdstager changes
2010-05-26 22:39:56 +00:00
DLLHijackAuditKit
Add a revision
2010-08-25 15:13:06 +00:00
dllinject
update comment
2008-05-26 10:27:22 +00:00
exploits
ppr_flatten_rec update, RDI submodule, and refactor
2013-11-27 20:44:18 +10:00
ipwn
Adds auto-execute support (hex edit the binary and change the # * 8192 to a list of commands, separated by newlines, ending with a NULL byte, keeping the same buffer size).
2007-10-23 23:22:27 +00:00
javapayload
Remove javapayload source
2013-06-12 10:57:23 -05:00
meterpreter
Remove meterpreter source
2013-06-11 16:42:30 -05:00
metsvc
crossing fingers, big cr removal batch
2009-12-30 22:24:22 +00:00
msfJavaToolkit
Add empty directories from svn repo.
2011-11-09 18:41:40 -06:00
osx
Stop breaking tar on OS X, thanks
2009-12-10 22:25:29 +00:00
passivex
Commit the PassiveX DLL updated to build with Visual Studio C++ 2008. Removed some compiler warnings. Use VirtualProtect to make second stage RWX. Use WSASocketA() over socket() for second stage compatibility. Seems to now work with the shell stage (Tested on XPSP2/IE7) but still not working with meterpreter.
2009-11-11 00:39:38 +00:00
pxesploit
Adds scriptjunkie's multilingual admin fie for pxexploit
2011-12-23 12:24:45 -06:00
ReflectiveDLLInjection @ 88e8e5f109
Add RDI submodule, port Kitrap0d
2013-11-27 16:04:41 +10:00
shellcode
Merge branch 'master' of https://github.com/geyslan/metasploit-framework
2013-11-11 14:22:00 -03:00
tightvnc
Adding TightVNC's java viewer to external/source. vnc.html works, it just needs to have the path set correctly.
2010-02-25 23:18:42 +00:00
unixasm
Add BSD license to unixasm, thanks Ramon!
2012-09-04 15:02:00 -05:00
vncdll
In with the modified VNC payload which now supports an in memory breakout of session isolation for systems like Vista/2008/7 when the payload is run from a service in session 0 isolation.
2010-03-24 00:00:05 +00:00
DLLHijackAuditKit.zip
Remove the duplicate copy
2010-08-25 19:22:02 +00:00