0257861c4f
Remove debug statements and extra c/ruby libraries
2019-12-11 18:42:36 -06:00
942d1e3962
Trim exploit code and de-pasta-fy module
...
Better check for build number
2019-12-10 18:09:08 -06:00
8a9dd35793
First draft of windows comahawk priv esc
2019-12-09 19:09:15 -06:00
4c95150491
add xml erb file
2019-12-02 08:44:37 -06:00
f8c84c9928
Land #12530 , add encrypted, compilable shell payloads
2019-11-21 08:59:46 -06:00
deb57a1df0
add modified chacha implementation, format_uuid
2019-11-19 20:16:16 -06:00
a66a59ae2a
Changed Filename
2019-11-13 20:26:49 -06:00
03117ea685
Update SecKC.txt
2019-11-13 20:26:01 -06:00
6766d9f6f7
Fix exploit/windows/local/ms16_032_secondary_logon_handle_privesc
...
- Powershell script was outdated.
Updated from https://www.exploit-db.com/exploits/39719
- Powershell script was buggy when current directory
was set to e.g. C:\ProgramData. (Get-Item Error)
Fixed.
- Stager was being dropped to current directory, but
it is not guaranteed that we always have permission
to write a file there. Use %TEMP% instead.
- Exploit only seems to work when executed under
a powershell of the same architecture as the
host. (Not WOW64)
This module now ensures that no matter the
architecture of the meterpreter, a powershell
of the same architecture as the host is being
run. (Using Sysnative directory when on WOW64)
- Stager was broken, now generating stager with Rex
and dropping stager as `.ps1` instead of `.txt`.
Ideally the exploit should be rewritten to
accept a shellcode payload directly or a smaller
stager powershell should be created so that it
fits in under 1024 bytes and can be fed directly
to CreateProcessWithLogonW without dropping to
disk.
2019-11-13 05:01:47 +01:00
7d9ab29c8c
Create SecKC.txt
2019-11-12 15:55:26 -06:00
8b462083be
Update banner for MSF5
2019-11-07 20:47:44 +11:00
8bb1c5102b
opt for inline asm instead of pre-compiled object
2019-10-31 11:55:40 -05:00
991ccdbda5
Land #12106 , Add Linux PTRACE_TRACEME local root exploit
2019-10-23 14:01:14 +00:00
a5a3e28984
Initial commit of CVE-2019-2215 Android Binder Use-After-Free
2019-10-17 18:48:49 +08:00
b674f3dda3
add AlignRSP call, remove begin from linker script
2019-10-10 12:16:10 -05:00
12f4a89629
remove 64bithelper, add VirtualFree
2019-10-10 12:16:10 -05:00
c3a7d377f4
add payload for X64 arch
2019-10-10 12:16:10 -05:00
64145cdbf2
add header files
2019-10-10 12:16:09 -05:00
0b95acf0b3
Update honk.txt to MSF substitution sequences
...
as per: https://github.com/rapid7/metasploit-framework/pull/12430#issuecomment-539669624
2019-10-08 20:53:59 +01:00
ad70e10452
Add new Untitled Goose Game inspired logo
...
Inspired by an @IanColdwater tweet.
2019-10-08 19:52:11 +01:00
4710322cd7
Land #11762 , add sosreport privesc
2019-09-24 09:48:57 -05:00
2ccfbbe8f8
RHOSTS: fix syntax in doc examples
2019-09-11 19:22:37 +02:00
bade8bfc48
add live compiling
2019-09-03 17:31:04 +08:00
dc07b78dcd
@LoadLow Marks the generated ODT file readonly
2019-08-18 18:36:31 +02:00
9b1a3b4033
Marks the generated ODT file readonly
...
Prevents autosave and further modifications after opening the document on the target system.
2019-08-18 17:59:25 +02:00
e6b72b5b43
Cleanup odt metadata
...
Metadata part is not mandatory on ODT files
2019-08-18 17:51:36 +02:00
409b3c9c4b
using python payload for platform independence
2019-08-16 15:36:42 -05:00
5f478b7fd6
Adds exploit module for CVE-2019-9848
...
uses on dom-loaded event (triggered just after opening the document) and still working on 6.2.5
2019-07-30 23:07:20 +02:00
5b8a75f544
Land #12119 , Add OS X post module to manage Sonic Pi
2019-07-28 23:12:26 -05:00
2f720a1f26
Land #12137 , Update setting new .exe of Sophos AV
2019-07-28 21:49:31 -05:00
c47caec03f
Land #12107 , Add module Redis Unauthenticated Code Execution
2019-07-28 21:40:03 -05:00
4d6f16eac1
Update setting new .exe of Sophos AV
...
Add .exe used by Sophos AV Endpoint
2019-07-27 16:47:05 -03:00
e6e3ec493b
Rename play_pattern_timed durations to beats
...
This is so I don't forget they're beats, not seconds. Also, "times"
already has special meaning in Ruby, so let's not confuse ourselves
further.
2019-07-26 17:41:24 -05:00
42c2d78731
Remove fluff for better effect
2019-07-26 17:18:39 -05:00
61e9f2b5bf
Fix rhythm of melody section
...
Thanks for your ears, @busterb!
2019-07-26 14:09:57 -05:00
a952fc303b
Fix play_pattern_timed
2019-07-22 23:53:24 -05:00
3bc65b0e9e
Play it like a real band
2019-07-22 22:23:44 -05:00
283f9d2e08
Add OS X Manage Sonic Pi post module
2019-07-22 18:46:02 -05:00
07f3c074d4
Add doc and enhance the module.
2019-07-20 00:17:57 +08:00
b6697f5016
Add redis rce module and data stuff.
...
To do:
1. Check env of system and compiler.
2. Add a compiled so file to be compatible with windows and mac.
3. Add doc.
2019-07-17 15:33:02 +08:00
27bb166938
Land #12011 , Add module for cve-2018-8453
2019-07-15 11:31:07 -05:00
5c0bbbbaa0
Land #12070 , Add module for CVE-2019-0841
2019-07-15 09:32:47 -05:00
f7c252eef3
move source to external/source directory
2019-07-09 09:08:28 -05:00
a55aea33a9
Add cve-2018-8453 exploit module
2019-07-09 07:15:13 -05:00
c69799262d
fixed issue with hard link exe
2019-07-03 15:44:00 -05:00
a83812ad55
add source code, compiled exe for diaghub loading
2019-07-03 14:32:22 -05:00
e50ab5cd13
Land #11726 , add exploit for CVE-2019-8513, macOS TimeMachine cmd injection
2019-06-29 05:36:12 -05:00
f3b509a1bc
Implement on_request_uri
2019-06-25 23:47:19 -05:00
d3cd1a3fa0
added VS2013 compiled executables
2019-06-19 15:19:00 -05:00
5b188a02ba
add code that makes hard links
2019-06-06 15:59:53 -05:00
b8abb550e6
Land #11924 , Update adobe_flash_opaque_background_uaf for Win 10
2019-06-04 00:51:34 -05:00
22e8d3488d
Land #11862 , wordlists for wordpress plugin/theme directories
...
Add wordlists for enumerating WordPress plugin/theme directories
2019-06-03 00:54:43 -05:00
6921ca74d8
add exploit binary
2019-06-02 10:19:24 +08:00
32af9cb897
Initial commit of CVE-2018-4233 for iOS 10
2019-06-02 10:19:24 +08:00
0a6f1d5538
Add support for Windows 10(10240) to CVE-2015-5122
2019-06-01 14:44:30 +09:00
2a5233156f
Updated wordlists to match generated script provided on https://github.com/rapid7/metasploit-framework/pull/11862
2019-05-28 12:02:03 -04:00
7bd9608d5e
Removed extraneous newline ending in wp-plugins.txt
2019-05-24 17:50:33 -04:00
d4e79cffe7
added wp-themes wordlist to reflect https://themes.svn.wordpress.org/
2019-05-24 17:40:37 -04:00
9f3e4e0b65
modified wordlist to reflect https://plugins.svn.wordpress.org/
2019-05-24 17:37:02 -04:00
5f889919b4
Added a wordlist of 1491 WordPress plugins that can be enumerated in the wp/wp-content/plugins directory
2019-05-20 14:30:02 -04:00
be1d185a04
Add CVE-2019-8565 OSX Feedback Assistant local root exploit
2019-05-07 04:30:47 +08:00
fbbcc2b607
add exploit binary
2019-04-21 16:02:10 +08:00
a5b894dca3
Add sosreport-rhel7.py
2019-04-20 11:56:01 +00:00
54edf3c008
reduced file size
2019-04-16 09:06:44 -05:00
0472f96209
add the exploit binary
2019-04-16 13:09:41 +08:00
c428684732
eject only the malformed images
2019-04-16 13:09:13 +08:00
391e7cf8ef
adjusted font size and color
2019-04-12 14:01:29 -05:00
700562594c
getting session on windows
2019-04-12 14:01:29 -05:00
4873b7c3e6
using a path for both Windows and Linux
2019-04-12 14:01:29 -05:00
9d0c045b0d
added erb file and base for module
2019-04-12 14:01:29 -05:00
5867158238
Land #11595 , can_flood post module
2019-04-01 12:38:46 -05:00
f5f4c4bec2
Clean up module
2019-04-01 12:24:35 -05:00
c98ed4b494
Updated ipmi_users.txt
...
Added username 'Admin'
2019-03-22 11:40:24 -04:00
ce218fc86a
Add can_flood post exploitation for CAN and added example list of frames
2019-03-20 13:17:41 +01:00
ac0dc8be1f
cable-d -> cable-docsis
...
cable-docsis is a known hidden community string in Cisco devices.
www.cisco.com/warp/public/707/cisco-sa-20010228-ios-snmp-community.shtml
To me, it looks like cable-d should be cable-docsis
2019-03-16 20:55:43 +01:00
42be66a2cf
add root/ubnt to router creds
2019-03-12 19:26:58 -04:00
468679f907
Land #11092 , Add FreeBSD 8.3 / 9.0 Intel SYSRET Privilege Escalation module
2019-03-06 19:50:08 -06:00
69d398865d
python 3 compatibility
2019-02-13 22:20:29 +01:00
930d1fb78a
Land #11351 , many new John the Ripper module improvements
2019-02-13 03:05:14 -06:00
f589db6831
Land #11152 , add macOS adobe flash player type confusion RCE
2019-02-09 18:46:48 +08:00
5fc7167beb
Merge remote-tracking branch 'upstream/master' into land-10812-
2019-02-07 09:31:02 -06:00
cb6d7fa210
Land #11165 , Fix intermittent problem with native osx stager
2019-02-06 22:39:07 -06:00
9930edf704
jtr modernizations
2019-01-25 14:07:24 -05:00
1947bae45b
Land #11230 , add JuicyPotato local privilege escalation
2019-01-15 21:20:25 -06:00
27d6fffdad
Land #11125 , Import/generate `ysoserial` Java serialization objects
2019-01-15 17:09:56 -06:00
72d3f6538e
Updated ysoserial_payloads.json cache
2019-01-14 17:43:27 -06:00
9789547fe7
build: recompile dlls
2019-01-12 04:02:34 +01:00
3a48282138
ysoserial: Updated JSON
2019-01-11 16:56:52 -06:00
8e50838e62
build: recompile dlls
2019-01-11 18:22:13 +01:00
953b97def1
build: recompile dlls
2019-01-11 16:29:15 +01:00
8f746cd6ae
Update MSF v5 banner for MSF5 release
2019-01-10 13:39:57 -05:00
5f244643bd
feat: add compiled reflective DLL for juicy potato
2019-01-10 17:20:21 +01:00
49b8552d59
update joomla wordlists
2019-01-04 21:38:49 -05:00
0ca4dd829e
Fixed an off-by-one error in fingerprinting string randomization
2019-01-04 16:31:43 -06:00
940f255c4b
update x64_osx_stage binary
2018-12-24 19:26:54 +08:00
983b39a5b3
Use @iZsh's exploit
2018-12-21 15:40:01 +00:00
dc6ae6f058
initial import, CVE-2016-4117 OSX exploit
2018-12-21 02:54:35 -06:00
7557624c00
ysoserial: Generated more compact JSON and renamed script
2018-12-18 15:42:50 -06:00
e20c250977
ysoserial: Removed newlines from ysoserial_payloads.json
2018-12-18 15:21:56 -06:00
60f3cfbb79
ysoserial: Cleaned up ysoserial payload in `hp_imc_java_deserialize`
2018-12-18 15:17:51 -06:00
bwatters-r7