c6e18ee469
cve-2022-1329
2022-10-02 15:59:58 -04:00
c17c78bc0f
Land #16995 , Add TrustedSec's COFFLoader as Meterpreter Extension
...
Merge branch 'land-16995' into upstream-master
2022-09-30 14:14:39 -05:00
e27dbd2787
Land #16794,Add exploit for CVE-2022-34918
...
Merge branch 'land-16794' into upstream-master
2022-09-27 16:37:52 -05:00
37d3c296ad
Add compiler support when mingw is available
2022-09-15 16:06:25 -04:00
a41ec9388f
Land #16725 , Add ManageEngine ADAudit Plus and DataSecurity Plus Xnode enum modules, docs and mixin (CVE-2020–11532)
2022-09-01 08:46:36 -05:00
9dcbf55ea8
Update ldap_query logic to handle binary data
2022-08-29 15:34:18 -05:00
ae5a9bd41b
Land #16734 , Add rtf support to cve-2022-30190
...
Add rtf support to cve-2022-30190 AKA Follina
2022-08-25 17:26:46 -04:00
109065e7c7
Fix up LDAP query syntax for some queries
2022-08-24 16:59:13 -05:00
e03f479659
Add a couple of ADCS related queries
2022-08-24 15:13:19 -04:00
3c495770b8
Allow configuring a base_dn prefix
2022-08-24 15:13:16 -04:00
97bce45e69
Land #16915 , Add exploit for CVE-2022-23277 (Exchange RCE)
2022-08-19 11:11:46 -05:00
62ab42b797
Update vulnerable version numbers and docs
2022-08-17 08:55:46 -04:00
e6d4a80e0f
data: powershell: msflag.ps1: Remove "from Metasploit" from flag message
2022-08-12 17:30:40 +10:00
4d4f7b8c55
mv scripts/ps/msflag.ps1 data/post/powershell/msflag.ps1
2022-08-08 18:00:36 +10:00
d6dabd4bfb
additional code review improvements for xnode auxiliary modules/lib/docs
2022-07-28 15:12:00 +03:00
78dae84871
Updates to the C source code (execl instead of execve, removal of some old comments)
2022-07-25 22:18:47 +02:00
14e3c694ff
Fix default LDAP query descriptions due to some typos
2022-07-22 12:13:14 -05:00
37f1fdd47b
Add module docs, add Ubuntu 22.04 offsets, update check method
2022-07-22 03:30:03 +02:00
73db035e57
Add more offsets to the exploit, clean up the exploit C source, add check method
2022-07-21 01:22:20 +02:00
fe2e413426
Add exploit for CVE-2022-34918
2022-07-20 13:51:22 +02:00
25f50e607c
Reduce code, be more permissive
...
This makes a few changes that should enable the module to function
better should it be dropped into a fresh MSF installation on its own.
2022-07-15 16:29:17 -05:00
c5f2507ee0
Fix up usage of the word columns where attributes was more appropriate. Also update the multi query logic to match new data format as it was broken before as a result of changes to file format. Finally remove extra parameters that are no longer needed.
2022-07-15 16:28:43 -05:00
8c236e789e
Rename files to follow proper format. Add in documentation for examples. Then update code so we use Msf::Config.get_config_root to store the config file that we parse to get the actions outside of a Git tracked location. We will still use the default file to populate this non-git tracked location if its not already populated though.
2022-07-15 16:28:43 -05:00
3c56e272a1
Remove default actions and move them to default.yaml, then update code accordingly. Also update the initialization code so it will now load the possible actions dynamically from default.yaml.
2022-07-15 16:28:37 -05:00
ef9f5ca463
Add rtf support to cve-2022-30190 AKA Follina
2022-06-30 17:30:06 -05:00
ba83b1bdf5
add manageengine adaudit plus and datasecurity plus xnode enum modles and manageengine_xnode lib
2022-06-10 10:32:25 -04:00
c751ef46c9
Land #16635 , Add 0-day MSWord RCE #Follina CVE-2022-30190
...
Merge branch 'land-16635' into upstream-master
2022-06-06 14:41:31 -05:00
97921b4ed9
fix chmod 644
2022-05-30 22:11:35 +04:00
dfc226cf5f
add. Supposed 0day MSWord RCE
2022-05-30 21:23:18 +04:00
246a3604b8
set the org to be 0x400000
2022-05-13 10:50:19 +08:00
934f193dc0
Land #16484 , Add vcenter_forge_saml_token aux module
...
Merge branch 'land-16484' into upstream-master
2022-05-12 17:36:20 -05:00
7190a967ce
Refactor MKII vcenter_forge_saml_token
2022-04-25 11:44:39 -04:00
3e07b8c99b
Refactor MKI vcenter_forge_saml_token.rb
...
Extensive refactoring to move away from directly manipulating datastore
options and use local variables instead.
The initial template generation method has been redesigned to use an
external file via Erubi::Engine which is much cleaner vs. jamming a
multiline string into the module.
Response HTML from vCenter is now parsed with Nokogiri HTML vs. pulling
it out with regex.
Registered options have been reworked, following suggestions and
feedback. The use of VHOST in particular eliminates the need to pass
RHOSTS to the template and makes the module behave more closely to "real"
vCenter (i.e., always uses FQDN for the destination).
Added advanced datastore options to control the token lifetime
NOT_BEFORE and NOT_AFTER skew, in seconds. This also uncovered a bug with
the way I was deriving Zulu time which skewed based on the local system
time zone offset from Zulu; this has been fixed.
Corrected a stupid typo in the validate_fqdn method (don't need to check
for capital letters if the test string is always downcase...)
validate_idp_options now uses File.binread and can process certs in keys
in DER or PEM instead of just PEM.
Code optimization, particularly around error handling; other minor
tweaks based on improved understanding of the Framework's capabilities.
Many style changes and modifications based on suggestions and feedback.
Documentation was updated to reflect reality.
2022-04-23 19:42:24 -04:00
e2c6c36b2b
Land #1642 , Add module for cve-2022-0995
2022-04-21 09:12:47 -05:00
26f9175816
Update c source with argc check and CRASH notes for module
2022-04-20 17:37:48 -05:00
54f8d44639
add osx binary
2022-04-18 09:42:40 -05:00
96d86944da
Added precompiled binary and option to strip output, fixed comment-strip bug
2022-04-07 17:09:35 -05:00
5de966cfb1
Land #16382 , CVE-2022-26904 SuperProfile LPE
2022-04-07 12:52:39 -04:00
9e2d7f655b
Update data to fix more things found during review process
2022-04-05 12:48:11 -05:00
db4b22df5e
Update the exploit code to output errors in a better format, and fix a potential issue when trying to delete folders recursively. Also update exploit module to try kill msiexec.exe if its still running to prevent it holding onto handles when it shouldn't be.
2022-04-04 17:58:52 -05:00
8daecca5c3
Update code with latest changes
2022-04-01 12:11:05 -05:00
d29f5690a1
Add in backup code to DLL template to fall back to old way of executing things in case the BREAKAWAY_FROM_JOB flag cannot be used
2022-03-31 14:28:29 -05:00
743138abed
Add in initial fixes from review and remove extra BREAKAWAY_FROM_JOB code changes not directly related to this PR as we'll raise a separate PR for those
2022-03-31 12:13:29 -05:00
bd3e0c1b53
Add in support for exploiting domain joined systems
2022-03-28 16:14:19 -05:00
e5c0259723
Add CREATE_BREAKAWAY_FROM_JOB flag to source files related to DLL generation, update the exploit source to denote how to clean up in case the payload can't clean up
2022-03-23 19:38:32 -05:00
a25b3a70ad
Update permissions on template DLLs
2022-03-23 17:49:03 -05:00
b1ce05f97c
Add in updated Ruby code and also update the DLLs and prepend_migrate.rb to use the CREATE_BREAKAWAY_FROM_JOB flag with CreateProcess to break away from the job if the job has the JOB_OBJECT_LIMIT_BREAKAWAY_OK limit set to allow breakaway jobs
2022-03-23 17:47:25 -05:00
da16aad96a
Land #16298 , Add the capture plugin
2022-03-21 20:03:16 -04:00
715082a960
Update exploit and module with new delay timing and latest copy of DLL
2022-03-21 12:05:48 -05:00
c1d6dced8d
Update library code to read exchange versions from exchange_versions.json and populate exchange_versions.json with initial info
2022-03-17 11:29:01 -05:00
h00die