Commit Graph

560 Commits (master)

Author SHA1 Message Date
Jacob Robles dfa030c2df
Use System Directory 2018-09-19 08:49:12 -05:00
William Vu 6a63feced4 Merge remote-tracking branch 'upstream/master' into pr/10418 2018-09-18 19:54:44 -05:00
Dhiraj Mishra 89b0ac6f87
Adding suport files 2018-09-18 14:59:43 +05:30
Jacob Robles 83af598e6a
Updated VS solution and module 2018-09-17 17:38:19 -05:00
bwatters-r7 f38e6f45ce
Redo dllinjection 2018-09-14 17:47:53 -05:00
asoto-r7 4cf344dd83
WIP: Initial CVE-2018-8440 / ALPC-TaskSched-LPE 2018-09-13 18:00:20 -05:00
Wei Chen d23b252393
Land #10592, support ERB for foxit_reader_uaf.rb 2018-09-05 21:48:52 -05:00
Wei Chen 254e8b9fd0 Cleanup for foxit_reader_uaf 2018-09-05 21:47:57 -05:00
William Vu 1491f13bd5 Add Ghostscript failed restore exploit 2018-09-05 19:56:32 -05:00
Shelby Pace 55bf6e5dd4
removed require in erb file 2018-09-05 18:09:29 -05:00
Shelby Pace 60cdd6dfe2
added erb file for foxit_reader_uaf exploit 2018-09-05 14:07:56 -05:00
7echSec 540e2699a6
Adding unmarshalpwn.exe 2018-08-30 21:31:14 +05:30
7echSec 8b02d2620c
Adding support files 2018-08-30 21:30:28 +05:30
7echSec d365001ddd
Adding support files. 2018-08-30 21:29:45 +05:30
h00die d299831efe updated windows udf files and documentation 2018-08-07 14:50:47 -04:00
Mumbai 4a88d643ba adding reflective Potato 2018-08-03 02:09:24 -04:00
Tim W 8785ec21b6
Land #9884, add linux ufo priv esc module 2018-08-02 17:53:36 +08:00
bwatters-r7 d343458dc5
Update documentation with build instructions
remove superfluous directory
2018-07-27 11:31:59 -05:00
bwatters-r7 b4792e08a4
Combine the modules and update the binaries 2018-07-27 11:08:04 -05:00
Tim W 70a1df70a1
Land #9753, Linux BPF sign extension local privesc 2018-07-18 18:44:14 +08:00
William Vu f93e4a24a9 Fix typo 2018-07-17 12:59:00 -05:00
Brendan Coles 6cd1593061 Add support for HTTP POST and Basic Auth to psnuffle 2018-07-15 14:16:37 +00:00
Brendan Coles 9bdec97b2e Fix bpf_sign_extension_priv_esc 2018-07-13 23:01:17 +00:00
bwatters-r7 156b822401
First stab at cve-2018-8897 2018-07-12 17:31:53 -05:00
Brendan Coles f14d06b9d1 Fix ufo_privilege_escalation 2018-07-08 11:05:30 +00:00
bwatters-r7 29f4870fa0
Land #10101, Add glibc 'realpath()' Privilege Escalation exploit 2018-06-12 16:41:07 -05:00
Aaron Soto f53d2a14df
Land #10067, Added `auxiliary/fileformat/odt_badodt` 2018-06-06 11:27:23 -05:00
Chris Higgins 78bcd57694
Land #10092, Cleanup linux/local/recvmmsg_priv_esc 2018-06-04 10:32:35 -05:00
Brent Cook 61a98b94b6
Land #9528, WebKit apple safari trident exploit (CVE-2016-4657) 2018-06-02 21:52:52 -05:00
Tim W 2ec7f11b90 add binary 2018-05-30 18:02:17 +08:00
Brendan Coles 0af5d44c42 Add glibc 'realpath()' Privilege Escalation exploit 2018-05-26 21:25:59 +00:00
Brendan Coles 651fb69585 Cleanup linux/local/recvmmsg_priv_esc module 2018-05-24 17:56:07 +00:00
rmdavy e82cb8351f
Add files via upload
New Location for files needed to build badodt file
2018-05-24 09:45:38 +01:00
Tim W 88ab836e15
Land #9987, AF_PACKET chocobo_root exploit 2018-05-21 17:05:53 +08:00
bwatters-r7 294b263159
Land #9966, Add Reliable Datagram Sockets (RDS) Privilege Escalation exploit
Merge branch 'land-9966' into upstream-master
2018-05-18 17:06:04 -05:00
Tim W 6594cbb5cc
Land #9947, AF_PACKET packet_set_ring exploit 2018-05-17 18:43:52 +08:00
Brendan Coles 4322e56c71 Recompile pre-compiled exploit executable (stripped, no DEBUG) 2018-05-17 09:43:07 +00:00
Tim W ce5b24eda0 fork early and cleanup files in module 2018-05-17 00:32:01 +08:00
Tim W ed5f2bffa9
Land #9919, add libuser roothelper privilege escalation exploit 2018-05-12 17:11:21 +08:00
Brendan Coles 5ae9b0185d Add AF_PACKET chocobo_root Privilege Escalation exploit 2018-05-07 07:11:07 +00:00
bwatters-r7 ce5be387c4
Land #8795, Added CVE-2016-0040 Windows Privilege Escalation
Merge branch 'land-8795' into upstream-master
2018-05-03 16:33:53 -05:00
bwatters-r7 729461e448
Re-add compiled Binary 2018-05-03 15:50:15 -05:00
bwatters-r7 16432efd8f
Remove binary file 2018-05-03 14:45:58 -05:00
Brendan Coles 3a688451b6 Add Reliable Datagram Sockets (RDS) Privilege Escalation 2018-05-03 12:51:21 +00:00
Brendan Coles f7504dd9d5 Add AF_PACKET packet_set_ring Privilege Escalation exploit 2018-04-28 01:40:17 +00:00
Brendan Coles 00583caadf Add Libuser roothelper Privilege Escalation exploit 2018-04-23 17:49:11 +00:00
h00die 2914ebf631 lpe ufo 2018-04-17 20:39:59 -04:00
Tim W c5039251a2 add CVE-2016-4655
rebase
2018-04-03 14:58:57 +08:00
h00die 6b0691a91a cve-2017-16995 2018-03-23 21:09:56 -04:00
h00die 285b329ee1
Land #9422 abrt race condition priv esc on linux 2018-02-11 11:58:39 -05:00
h00die 7cb0a118c1
Land #9399 a linux priv esc against apport and abrt 2018-02-01 21:54:54 -05:00
Brent Cook aae77fc1a4
Land #9349, GoAhead LD_PRELOAD CGI Module 2018-01-22 23:10:36 -06:00
Brendan Coles 5e11d36351 Add ABRT raceabrt Privilege Escalation module 2018-01-16 14:52:33 +00:00
Brendan Coles 2f3e3b486a Use cross-compiled exploit 2018-01-13 05:44:42 +00:00
Brendan Coles 8bbffd20cd Add Apport chroot Privilege Escalation exploit 2018-01-12 07:25:35 +00:00
dmohanty-r7 a5fa63405f
Land #9206, Add Xplico RCE exploit module 2018-01-03 16:02:51 -06:00
HD Moore 0b9fbe5a63 Resolve a bug in reverse_tcp and segfaults across payloads 2017-12-29 14:18:55 -06:00
HD Moore ab8886e25c Updated payloads and addition of payload stubs 2017-12-28 16:21:37 -06:00
William Vu caae33b417
Land #9170, Linux UDF for mysql_udf_payload 2017-12-21 20:48:24 -06:00
HD Moore e73ae9e1a4 Remove the useless findsock wrapper 2017-12-18 22:09:35 -06:00
HD Moore a44010deb1 WIP for GoAhead LD_PRELOAD 2017-12-18 10:51:47 -06:00
Yorick Koster 942e44ceae Added local copies of the static content 2017-12-02 10:14:14 +01:00
Mehmet İnce 86e47589b0 Add xplico remote code execution 2017-11-14 09:30:57 +03:00
bwatters-r7 4abe8ff0d9
recompile binaries 2017-11-08 09:33:48 -06:00
bwatters-r7 9b24ed8406 Removed binaries for recompile 2017-11-08 09:26:40 -06:00
Spencer McIntyre c2578c1487 Refactor GetProcessSid to remove do while FALSE 2017-11-07 19:11:24 -05:00
h00die 697031eb36 mysql UDF now multi 2017-11-03 05:26:05 -04:00
Spencer McIntyre 3f6f70f820 Move the cve-2017-8464 source to external/source 2017-10-08 13:58:51 -04:00
Spencer McIntyre d0ebfa1950 Change the template technicque to work as an LPE 2017-10-05 10:30:28 -04:00
Spencer McIntyre 949633e816 Cleanup cve-2017-8464 template and build script 2017-10-02 15:18:13 -04:00
Kirk Swidowski 2ee94ca3d9 made changes based on PR feedback. 2017-09-01 16:49:17 -07:00
Kirk Swidowski b7fc990d17 moved project to the source directory. 2017-09-01 16:09:53 -07:00
h00die dc358dd087 unknow to unknown 2017-08-18 11:33:48 -04:00
Kirk R. Swidowski cad266d469 added source code for CVE-2016-0040 2017-08-11 15:54:01 -04:00
Kirk R. Swidowski 33d3fd20a1 added CVE-2016-0040 privilege escalation exploit. 2017-08-03 19:12:32 -04:00
Yorick Koster 81500f7336 Updated Mutex code, reduce the number of times the payload is executed 2017-08-03 10:26:55 -05:00
Yorick Koster c3bc27385e Added source code for DLL template 2017-08-02 15:47:22 -05:00
Yorick Koster 46ec04dd15 Removed This PC ItemID & increased timeout in WaitForSingleObject
Remove the This PC ItemID to bypass (some) AV.

Timeout for WaitForSingleObject is set to 2,5s. After this timeout a
mutex is released allowed a new payload to be executed.
2017-08-02 15:47:22 -05:00
Yorick Koster e6e94bad4b Replace CreateEvent with CreateMutex/WaitForSingleObject
Time out is set to 1500 ms to prevent running the payload multiple times
2017-08-02 15:47:22 -05:00
Yorick Koster e51e1d9638 Added new DLL templates to prevent crashing of Explorer 2017-08-02 15:47:21 -05:00
Brent Cook a01a2ead1a
Land #8467, Samba CVE-2017-7494 Improvements 2017-05-30 00:15:03 -05:00
HD Moore 38491fd7ba Rename payloads with os+libc, shrink array inits 2017-05-27 19:50:31 -05:00
HD Moore b7b0c26f4a Reduce minimum GLIBC versions where we can 2017-05-27 19:28:41 -05:00
HD Moore 184c8f50f1 Rework the Samba exploit & payload model to be magic. 2017-05-27 17:03:01 -05:00
wchen-r7 ee13195760 Update office_word_macro exploit to support template injection 2017-05-25 15:53:45 -05:00
HD Moore afc804fa03 Quick Ghostscript module based on the public PoC 2017-04-28 09:56:52 -05:00
nixawk a9df917257 Fix rtf info author 2017-04-14 21:16:39 -05:00
nixawk 8c662562d3 add CVE-2017-0199 format 2017-04-14 13:22:32 -05:00
bwatters-r7 64c06a512e
Land #8020, ntfs-3g local privilege escalation 2017-04-04 09:48:15 -05:00
h00die e80b8cb373 move sploit.c out to data folder 2017-03-31 20:51:33 -04:00
wchen-r7 6965a00b45 Resolve #8023, Support backward compatibility for Office macro
Resolve #8023
2017-02-27 13:02:41 -06:00
wchen-r7 3d269b46ad Support OS X for Microsoft Office macro exploit 2017-02-16 12:28:11 -06:00
bwatters-r7 272d1845fa
Land #7934, Add exploit module for OpenOffice with a malicious macro 2017-02-09 13:42:58 -06:00
wchen-r7 047a9b17cf Completed version of openoffice_document_macro 2017-02-08 16:29:40 -06:00
wchen-r7 cefbee2df4 Add PoC for OpenOffice macro module 2017-02-07 10:12:23 -06:00
wchen-r7 ccaa783a31 Add Microsoft Office Word Macro exploit 2017-02-02 17:44:55 -06:00
William Webb fb74b2d8f3
initial commit of finished product 2017-01-20 11:01:36 -06:00
Brent Cook 24f7959805
add binary for futex_requeue 2017-01-11 13:25:30 -06:00
Brent Cook 2585c8c8b5
Land #7461, convert futex_requeue (towelroot) module to use targetting and core_loadlib 2017-01-11 13:24:25 -06:00
Brent Cook 2652f347fa add module binary 2016-12-22 03:25:10 -06:00