infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
51,630 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

2400 Commits (master)

Author SHA1 Message Date
Mumbai 4a88d643ba adding reflective Potato 2018-08-03 02:09:24 -04:00
Tim W 8785ec21b6
Land #9884, add linux ufo priv esc module 2018-08-02 17:53:36 +08:00
bwatters-r7 d343458dc5
Update documentation with build instructions 
remove superfluous directory
 2018-07-27 11:31:59 -05:00
bwatters-r7 b4792e08a4
Combine the modules and update the binaries 2018-07-27 11:08:04 -05:00
Wei Chen b404a5fbe4 Add a license 2018-07-19 10:04:47 -05:00
Wei Chen f2fd24780c Add support for XOR 2018-07-18 23:13:45 -05:00
Wei Chen 1534613cda Add Base64 support 2018-07-18 20:07:27 -05:00
Wei Chen 999d0e994f Add RC4 decryption 2018-07-18 19:50:46 -05:00
Tim W 70a1df70a1
Land #9753, Linux BPF sign extension local privesc 2018-07-18 18:44:14 +08:00
William Vu f93e4a24a9 Fix typo 2018-07-17 12:59:00 -05:00
Brendan Coles 6cd1593061 Add support for HTTP POST and Basic Auth to psnuffle 2018-07-15 14:16:37 +00:00
Brendan Coles 9bdec97b2e Fix bpf_sign_extension_priv_esc 2018-07-13 23:01:17 +00:00
bwatters-r7 156b822401
First stab at cve-2018-8897 2018-07-12 17:31:53 -05:00
Brendan Coles f14d06b9d1 Fix ufo_privilege_escalation 2018-07-08 11:05:30 +00:00
bwatters-r7 29f4870fa0
Land #10101, Add glibc 'realpath()' Privilege Escalation exploit 2018-06-12 16:41:07 -05:00
Jacob Robles ad249ad62b
Sort Wordlist 2018-06-07 11:34:07 -05:00
Jacob Robles cf962b28a5
Add Lync Subdomain Wordlist 2018-06-06 13:05:56 -05:00
Aaron Soto f53d2a14df
Land #10067, Added `auxiliary/fileformat/odt_badodt` 2018-06-06 11:27:23 -05:00
Chris Higgins 78bcd57694
Land #10092, Cleanup linux/local/recvmmsg_priv_esc 2018-06-04 10:32:35 -05:00
Brent Cook 61a98b94b6
Land #9528, WebKit apple safari trident exploit (CVE-2016-4657) 2018-06-02 21:52:52 -05:00
Tim W 2ec7f11b90 add binary 2018-05-30 18:02:17 +08:00
Brendan Coles 0af5d44c42 Add glibc 'realpath()' Privilege Escalation exploit 2018-05-26 21:25:59 +00:00
Brendan Coles 651fb69585 Cleanup linux/local/recvmmsg_priv_esc module 2018-05-24 17:56:07 +00:00
Wei Chen cab2daf4ed Add Winsock2 API for Metasploit::Framework::Compiler::Windows 2018-05-24 11:57:41 -05:00
rmdavy e82cb8351f
Add files via upload 
New Location for files needed to build badodt file
 2018-05-24 09:45:38 +01:00
follower 57bb7fd819
Add correct filename for `/etc/group` 
AFAICT the correct filename is the singular form `group` not `groups` (e.g. [see](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Introduction_To_System_Administration/s3-acctspgrps-group.html) & [see](https://linux.die.net/man/5/group)).

Rather than just correcting the filename in place I'm adding the correct form because when even [official Red Hat documentation](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.3_release_notes/bug_fixes_authentication_and_interoperability#idm140113937457168) sometimes gets it wrong, maybe one day someone will get lucky with the misspelling.
 2018-05-22 00:12:20 +12:00
Tim W 88ab836e15
Land #9987, AF_PACKET chocobo_root exploit 2018-05-21 17:05:53 +08:00
bwatters-r7 294b263159
Land #9966, Add Reliable Datagram Sockets (RDS) Privilege Escalation exploit 
Merge branch 'land-9966' into upstream-master
 2018-05-18 17:06:04 -05:00
Brent Cook eadb464a75 add licenses 2018-05-17 21:21:37 -05:00
Wei Chen e5c763f6bf Add support for stdio.h, stdlib.h, and String.h 2018-05-17 14:40:49 -05:00
Tim W 6594cbb5cc
Land #9947, AF_PACKET packet_set_ring exploit 2018-05-17 18:43:52 +08:00
Brendan Coles 4322e56c71 Recompile pre-compiled exploit executable (stripped, no DEBUG) 2018-05-17 09:43:07 +00:00
Brent Cook da07113194
Land #10007, add C interface for building Windows shell code (metasm-backed) 2018-05-16 22:58:32 -05:00
Tim W ce5b24eda0 fork early and cleanup files in module 2018-05-17 00:32:01 +08:00
Tim W ed5f2bffa9
Land #9919, add libuser roothelper privilege escalation exploit 2018-05-12 17:11:21 +08:00
Wei Chen 6cd59faa69 Namespace update 2018-05-11 10:27:54 -05:00
Wei Chen 76865732c8 Namespace update 2018-05-11 10:26:59 -05:00
Wei Chen 82c8138de0 Update naming and license 2018-05-11 10:08:16 -05:00
Wei Chen caf07116db Add compiler support capable of including headers. 
This is basically a wrapper for metasm, but supports built-in
headers so that as an user, I don't have manually do this
every time I compile something with metasm.
 2018-05-10 00:33:01 -05:00
Brendan Coles 5ae9b0185d Add AF_PACKET chocobo_root Privilege Escalation exploit 2018-05-07 07:11:07 +00:00
bwatters-r7 ce5be387c4
Land #8795, Added CVE-2016-0040 Windows Privilege Escalation 
Merge branch 'land-8795' into upstream-master
 2018-05-03 16:33:53 -05:00
bwatters-r7 729461e448
Re-add compiled Binary 2018-05-03 15:50:15 -05:00
bwatters-r7 16432efd8f
Remove binary file 2018-05-03 14:45:58 -05:00
Brendan Coles 3a688451b6 Add Reliable Datagram Sockets (RDS) Privilege Escalation 2018-05-03 12:51:21 +00:00
Brendan Coles f7504dd9d5 Add AF_PACKET packet_set_ring Privilege Escalation exploit 2018-04-28 01:40:17 +00:00
Brendan Coles 00583caadf Add Libuser roothelper Privilege Escalation exploit 2018-04-23 17:49:11 +00:00
h00die 2914ebf631 lpe ufo 2018-04-17 20:39:59 -04:00
bwatters-r7 0faf2f4e04
Land # 8007, Added NTDSgrab module to metasploit. 
Merge branch 'land-8007' into upstream-master
 2018-04-03 15:56:37 -05:00
Tim W c5039251a2 add CVE-2016-4655 
rebase
 2018-04-03 14:58:57 +08:00
William Vu 862a3ff74d
Land #9618, pipe auditing improvements 2018-03-26 17:01:48 -05:00
h00die 6b0691a91a cve-2017-16995 2018-03-23 21:09:56 -04:00
Auxilus 6e9a4916f5 scanner update 2018-03-13 00:23:18 +05:30
Auxilus 2b7364a637 Add wordlist 2018-03-09 21:46:07 +05:30
Auxilus 1342284dc9 Add wordlist 2018-03-09 21:38:59 +05:30
Matthew Kienow 8453bc7f01
Correct metasploit heart banner filename 2018-03-02 17:23:34 -05:00
Matthew Kienow 952c112f4a
Add metasploit heart banners 2018-03-01 15:18:58 -05:00
Tim W a01f0f3023 fix #9366, fix osx x64 stage location 2018-02-20 13:50:44 +08:00
h00die 285b329ee1
Land #9422 abrt race condition priv esc on linux 2018-02-11 11:58:39 -05:00
Matthew Kienow 2eca3b925b
Land #9491, remove extra HTML from doc templates 2018-02-02 18:15:02 -05:00
Brent Cook 955bb5e38a remove extra HTML from doc markdown templates 2018-02-02 17:02:23 -06:00
Brent Cook 0a3fe0c608 fix html escaping for UTF-8 module metadata 2018-02-02 16:35:50 -06:00
h00die 7cb0a118c1
Land #9399 a linux priv esc against apport and abrt 2018-02-01 21:54:54 -05:00
Brent Cook aae77fc1a4
Land #9349, GoAhead LD_PRELOAD CGI Module 2018-01-22 23:10:36 -06:00
Matthew Kienow 035cdb1bca Add v5 under construction banner 2018-01-17 17:24:28 -06:00
Brendan Coles 5e11d36351 Add ABRT raceabrt Privilege Escalation module 2018-01-16 14:52:33 +00:00
Brendan Coles 2f3e3b486a Use cross-compiled exploit 2018-01-13 05:44:42 +00:00
Brendan Coles 8bbffd20cd Add Apport chroot Privilege Escalation exploit 2018-01-12 07:25:35 +00:00
dmohanty-r7 a5fa63405f
Land #9206, Add Xplico RCE exploit module 2018-01-03 16:02:51 -06:00
HD Moore 0b9fbe5a63 Resolve a bug in reverse_tcp and segfaults across payloads 2017-12-29 14:18:55 -06:00
HD Moore ab8886e25c Updated payloads and addition of payload stubs 2017-12-28 16:21:37 -06:00
Jon Hart d4bc98c13f
Merge branch 'upstream-master' into feature/mqtt-login 2017-12-22 08:07:40 -08:00
William Vu caae33b417
Land #9170, Linux UDF for mysql_udf_payload 2017-12-21 20:48:24 -06:00
Jon Hart 37ae5e1303
Add admin as a default unix passwd 2017-12-20 18:44:21 -08:00
HD Moore e73ae9e1a4 Remove the useless findsock wrapper 2017-12-18 22:09:35 -06:00
HD Moore a44010deb1 WIP for GoAhead LD_PRELOAD 2017-12-18 10:51:47 -06:00
Yorick Koster 942e44ceae Added local copies of the static content 2017-12-02 10:14:14 +01:00
Mehmet İnce 86e47589b0 Add xplico remote code execution 2017-11-14 09:30:57 +03:00
bwatters-r7 5a07be9b96
Land #9041, Add LPE on Windows using CVE-2017-8464 2017-11-08 10:09:03 -06:00
bwatters-r7 4abe8ff0d9
recompile binaries 2017-11-08 09:33:48 -06:00
bwatters-r7 9b24ed8406 Removed binaries for recompile 2017-11-08 09:26:40 -06:00
Spencer McIntyre c2578c1487 Refactor GetProcessSid to remove do while FALSE 2017-11-07 19:11:24 -05:00
h00die 697031eb36 mysql UDF now multi 2017-11-03 05:26:05 -04:00
bwatters-r7 294230c455
Land #8509, add Winsxs bypass for UAC 2017-10-11 16:24:52 -05:00
bwatters-r7 fd963245a4
Recompiled old binaries that used 
external/source/exploits/bypassuac_injection/dll/src/Exploit.cpp
to make sure the changes don't break them later.
 2017-10-10 11:28:49 -05:00
bwatters-r7 c63d5fb4fb
Recompiled binaries 2017-10-09 12:44:58 -05:00
bwatters-r7 0bf948e906
Removed binary files before recompiling 2017-10-09 11:35:41 -05:00
bwatters-r7 7df18e378d Fix conflicts in PR 8509 by mergeing to master 2017-10-09 10:30:21 -05:00
Spencer McIntyre 3f6f70f820 Move the cve-2017-8464 source to external/source 2017-10-08 13:58:51 -04:00
Spencer McIntyre d0ebfa1950 Change the template technicque to work as an LPE 2017-10-05 10:30:28 -04:00
Spencer McIntyre 949633e816 Cleanup cve-2017-8464 template and build script 2017-10-02 15:18:13 -04:00
james 831b148ac6 Fix consistency issue in 'r7-metasploit' banner 
This has bugged me for a while, finally fixing it.
 2017-09-15 22:19:00 -05:00
Kirk Swidowski 2ee94ca3d9 made changes based on PR feedback. 2017-09-01 16:49:17 -07:00
Kirk Swidowski b7fc990d17 moved project to the source directory. 2017-09-01 16:09:53 -07:00
Brent Cook 6fb0a06672 add pastebin IoT credentials 2017-08-25 08:57:20 -05:00
Brent Cook d2e6af1845 sort|uniq 2017-08-25 08:54:49 -05:00
Brent Cook 605330faf6
Land #8842, add linux/aarch64/shell_reverse_tcp 2017-08-21 15:44:28 -05:00
Brent Cook e734a7923a
Land #8267, Handle multiple entries in PSModulePath 2017-08-20 17:44:30 -05:00
Brent Cook d5a5321a8c Merge remote-tracking branch 'upstream/pr/8299' into land-8267- 2017-08-20 17:43:56 -05:00
h00die dc358dd087 unknow to unknown 2017-08-18 11:33:48 -04:00
Tim 8b4ccc66c7 add linux/aarch64/shell_reverse_tcp 2017-08-17 18:55:37 +08:00
Kirk R. Swidowski cad266d469 added source code for CVE-2016-0040 2017-08-11 15:54:01 -04:00
Kirk R. Swidowski 33d3fd20a1 added CVE-2016-0040 privilege escalation exploit. 2017-08-03 19:12:32 -04:00
Yorick Koster 81500f7336 Updated Mutex code, reduce the number of times the payload is executed 2017-08-03 10:26:55 -05:00
Yorick Koster c3bc27385e Added source code for DLL template 2017-08-02 15:47:22 -05:00
Yorick Koster 46ec04dd15 Removed This PC ItemID & increased timeout in WaitForSingleObject 
Remove the This PC ItemID to bypass (some) AV.

Timeout for WaitForSingleObject is set to 2,5s. After this timeout a
mutex is released allowed a new payload to be executed.
 2017-08-02 15:47:22 -05:00
Yorick Koster e6e94bad4b Replace CreateEvent with CreateMutex/WaitForSingleObject 
Time out is set to 1500 ms to prevent running the payload multiple times
 2017-08-02 15:47:22 -05:00
Yorick Koster e51e1d9638 Added new DLL templates to prevent crashing of Explorer 2017-08-02 15:47:21 -05:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
Pearce Barry bc3b883758
Add docs, fix typo, add missing report mixin to avoid error. 2017-06-05 13:49:59 -05:00
L3cr0f 6a3fc618a4 Add bypassuac_injection_winsxs.rb module 2017-06-03 12:59:50 +02:00
Brent Cook a01a2ead1a
Land #8467, Samba CVE-2017-7494 Improvements 2017-05-30 00:15:03 -05:00
HD Moore 38491fd7ba Rename payloads with os+libc, shrink array inits 2017-05-27 19:50:31 -05:00
HD Moore b7b0c26f4a Reduce minimum GLIBC versions where we can 2017-05-27 19:28:41 -05:00
HD Moore 184c8f50f1 Rework the Samba exploit & payload model to be magic. 2017-05-27 17:03:01 -05:00
William Webb d4ba28a20b
Land #8457, Update multi/fileformat/office_word_macro to allow custom templates 2017-05-26 15:09:23 -05:00
wchen-r7 ee13195760 Update office_word_macro exploit to support template injection 2017-05-25 15:53:45 -05:00
HD Moore 0520d7cf76 First crack at Samba CVE-2017-7494 2017-05-24 19:42:04 -05:00
HD Moore afc804fa03 Quick Ghostscript module based on the public PoC 2017-04-28 09:56:52 -05:00
anhilo f3d6a8c456 split PSModulePath in multi strings with ';' 
1、allows the HTA window to be invisible
 2017-04-26 11:01:59 +08:00
wchen-r7 5bbb4d755a
Land #8254, Add CVE-2017-0199 - Office Word HTA Module 2017-04-24 16:05:00 -05:00
Brandon Knight c724f0e05d Handle multiple entries in PSModulePath 
This commit handles the case where more than one entry exists in
the PSModulePath environment variable. The updated code will loop
through each entry in the PSModulePath checking for the presence of
powershell.exe. When one is encountered it will execute the payload
and exit the for loop.
 2017-04-19 11:22:38 -04:00
nixawk 637098466c Hidden black flash windows / Close HTA windows 2017-04-16 22:53:17 -05:00
nixawk a9df917257 Fix rtf info author 2017-04-14 21:16:39 -05:00
nixawk 8c662562d3 add CVE-2017-0199 format 2017-04-14 13:22:32 -05:00
Koen Riepe 437d9b6f02
Fixed newline error in powershell script. 2017-04-05 12:38:38 +02:00
bwatters-r7 64c06a512e
Land #8020, ntfs-3g local privilege escalation 2017-04-04 09:48:15 -05:00
h00die e80b8cb373 move sploit.c out to data folder 2017-03-31 20:51:33 -04:00
Pearce Barry c00b9ca1e5
Land #8175, Get into the DANGER ZOOOOOOONE 2017-03-31 14:31:22 -05:00
HD Moore b5771b0f72 Get into the DANGER ZOOOOOOONE 2017-03-31 12:26:42 -05:00
dmohanty-r7 1ce7bf3938
Land #8126, Add SolarWind LEM Default SSH Pass/RCE 2017-03-31 11:21:32 -05:00
Mehmet Ince e9f816272d
Adding solarwinds lem default ssh credentials to the wordlist 2017-03-24 13:24:05 +03:00
Jon P 4628dfe16b Remove old banner + rubygems requirements 2017-03-13 17:36:21 +01:00
Jon P c9a5190726 Patching "undefined method empty?" errors + "encoding error" 2017-03-13 17:32:56 +01:00
Jon P e8257122b3 Creation of a sub-module for modules/auxiliary/crawler/msfcrawler 
Catching links in comments
 2017-03-13 17:18:39 +01:00
Koen Riepe 2fb42ff019
Fixed an issue in the powershell script 2017-03-07 13:56:18 +01:00
wchen-r7 6965a00b45 Resolve #8023, Support backward compatibility for Office macro 
Resolve #8023
 2017-02-27 13:02:41 -06:00
Koen Riepe 0fa0fe3bf8
Added NTDSgrab module to metasploit. 2017-02-24 10:15:13 +01:00
William Webb 83cc28a091
Land #7972, Microsoft Office Word Macro Generator OS X Edition 2017-02-21 13:26:42 -06:00
Brent Cook 2c570b6709
Land #7942, Microsoft SQL Server Clr Stored Procedure Payload Execution 2017-02-17 17:28:54 -06:00
wchen-r7 3d269b46ad Support OS X for Microsoft Office macro exploit 2017-02-16 12:28:11 -06:00
OJ 2d834a3f5a
Finalise module, and add supporting binaries 2017-02-10 12:56:40 +10:00
bwatters-r7 272d1845fa
Land #7934, Add exploit module for OpenOffice with a malicious macro 2017-02-09 13:42:58 -06:00
wchen-r7 047a9b17cf Completed version of openoffice_document_macro 2017-02-08 16:29:40 -06:00
wchen-r7 cefbee2df4 Add PoC for OpenOffice macro module 2017-02-07 10:12:23 -06:00
wchen-r7 ccaa783a31 Add Microsoft Office Word Macro exploit 2017-02-02 17:44:55 -06:00
William Webb fb74b2d8f3
initial commit of finished product 2017-01-20 11:01:36 -06:00
bwatters_r7 4035dd7485
Land #7796, Improve zip module windows script fallback 2017-01-17 10:59:04 -06:00
Brent Cook 24f7959805
add binary for futex_requeue 2017-01-11 13:25:30 -06:00
Brent Cook 2585c8c8b5
Land #7461, convert futex_requeue (towelroot) module to use targetting and core_loadlib 2017-01-11 13:24:25 -06:00
Brent Cook 31f85b905a add comments 2017-01-07 12:50:11 -06:00