Commit Graph

365 Commits (0e612045d31aed996394a15edab136aa9e2be77c)

Author SHA1 Message Date
Tim W 7c3e5da450 add more credits/references 2018-04-03 14:59:00 +08:00
Tim W c5039251a2 add CVE-2016-4655
rebase
2018-04-03 14:58:57 +08:00
Kirk Swidowski 34f2385b8b Merge branch 'master' of https://github.com/de7ec7ed/metasploit-framework 2018-03-07 08:20:37 -08:00
Kirk Swidowski d7cfe41983 removed files. 2018-03-07 08:20:22 -08:00
bwatters-r7 5a07be9b96
Land #9041, Add LPE on Windows using CVE-2017-8464 2017-11-08 10:09:03 -06:00
Spencer McIntyre c2578c1487 Refactor GetProcessSid to remove do while FALSE 2017-11-07 19:11:24 -05:00
Spencer McIntyre 3f6f70f820 Move the cve-2017-8464 source to external/source 2017-10-08 13:58:51 -04:00
Kirk Swidowski 2ee94ca3d9 made changes based on PR feedback. 2017-09-01 16:49:17 -07:00
Kirk Swidowski b7fc990d17 moved project to the source directory. 2017-09-01 16:09:53 -07:00
L3cr0f 6a3fc618a4 Add bypassuac_injection_winsxs.rb module 2017-06-03 12:59:50 +02:00
Brent Cook 176e88f293
Land #7835, Add Windows Local Privilege Escalation exploit stub 2017-03-08 06:20:58 -05:00
wchen-r7 3d269b46ad Support OS X for Microsoft Office macro exploit 2017-02-16 12:28:11 -06:00
wchen-r7 ccaa783a31 Add Microsoft Office Word Macro exploit 2017-02-02 17:44:55 -06:00
OJ b6e882c8eb
Add a Windows LPE exploit template for x64/x86 2017-01-17 11:20:14 +10:00
OJ 32173b9701
Move execute_payload to the kernel lib 2017-01-17 11:19:26 +10:00
Brent Cook 2585c8c8b5
Land #7461, convert futex_requeue (towelroot) module to use targetting and core_loadlib 2017-01-11 13:24:25 -06:00
Tim 25a8283af3
fork early and use WfsDelay 2016-12-20 00:59:27 +08:00
Tim f1efa760df
more fixes 2016-12-20 00:52:11 +08:00
Tim e6d4c0001c
hide debug printing 2016-12-20 00:52:11 +08:00
Tim 7ac3859393
convert futex_requeue module to use targetting and core_loadlib 2016-12-20 00:52:11 +08:00
Tim 3afa20a1af
fix double \n in printf 2016-12-13 17:02:23 +08:00
Tim fe9972cc25
fork early and use WfsDelay 2016-12-13 17:02:23 +08:00
Tim 891fccb4e2
add pattern for GT-S7392 2016-12-13 17:02:23 +08:00
Tim 07ce7f3aed
fix make run 2016-12-13 17:02:23 +08:00
Tim 9ece45a180
dont exit(0) when exploit fails 2016-12-13 17:02:23 +08:00
Tim ebf7ae0739
add CVE-2013-6282, put_user/get_user exploit for Android 2016-12-13 17:02:23 +08:00
h00die 0d1fe20ae5 revamped 2016-10-15 20:57:31 -04:00
h00die 12493d5c06 moved c code to external sources 2016-10-13 20:37:03 -04:00
OJ 0e82ced082
Add LPE exploit module for the capcom driver flaw
This commit includes:

* RDI binary that abuses the SMEP bypass and userland function pointer
  invocation that is provided by the driver.
* Related metasploit module.
* Associated make.build to build from command line.
* Updated command line build file.

This also includes the beginnings of a new set of functions that help
with the management/automation of kernel-related work on Windows for
local priv esc exploits.
2016-09-27 22:37:45 +10:00
William Webb 21e6211e8d add exploit for cve-2016-0189 2016-08-01 13:26:35 -05:00
William Webb b4b3a84fa5 refactor ms16-016 code 2016-07-05 20:50:43 -05:00
dmohanty-r7 eb4611642d Add Jenkins CLI Java serialization exploit module
CVE-2015-8103
2015-12-11 14:57:10 -06:00
jvazquez-r7 2c9734f178
Add exploit source 2015-09-15 14:54:05 -05:00
jvazquez-r7 6e857568e0
Delete comments 2015-09-03 13:33:40 -05:00
jvazquez-r7 b39575928e
Update reflective exploit 2015-09-03 11:01:41 -05:00
jvazquez-r7 ecf3fb61d6
Replace external source 2015-08-26 15:32:50 -05:00
William Vu d54249370b Move tpwn source to external/source/exploits 2015-08-17 18:27:47 -05:00
wchen-r7 7113c801b1
Land #5732, reliability update for adobe_flash_hacking_team_uaf 2015-07-17 16:43:39 -05:00
jvazquez-r7 255d8ed096
Improve adobe_flash_opaque_background_uaf 2015-07-16 14:56:32 -05:00
jvazquez-r7 bd5d372436
Add build comment 2015-07-15 18:30:05 -05:00
jvazquez-r7 138789b77c
Fix indentation 2015-07-15 18:29:28 -05:00
jvazquez-r7 b504f0be8e
Update adobe_flash_hacking_team_uaf 2015-07-15 18:18:04 -05:00
jvazquez-r7 299978d0e2
Put again old exploiter 2015-07-11 00:36:32 -05:00
jvazquez-r7 63005a3b92
Add module for flash CVE-2015-5122
* Just a fast port for the exploit leaked
* Just tested on win7sp1 / IE11
2015-07-11 00:28:55 -05:00
Tod Beardsley 3d630de353
Replace with a real CVE number 2015-07-07 14:44:12 -05:00
jvazquez-r7 d9aacf2d41
Add module for hacking team flash exploit 2015-07-07 11:19:48 -05:00
jvazquez-r7 1de94a6865
Add module for CVE-2015-3113 2015-07-01 13:13:57 -05:00
jvazquez-r7 e49c36998c
Fix indentation 2015-06-25 14:12:23 -05:00
jvazquez-r7 ee0377ca16
Add module for CVE-2015-3105 2015-06-25 13:35:01 -05:00
Spencer McIntyre 2206a6af73 Support older targets x86 for MS15-051 2015-06-25 09:33:15 +10:00
OJ 3686accadd
Merge branch 'upstream/master' into cve-2015-1701 2015-06-22 07:52:17 +10:00
OJ b78ba55c25
Merge minor CVE-2015-1701 from zeroSteiner 2015-06-22 07:50:26 +10:00
Spencer McIntyre d73a3a4a5f Dont call ExitProcess because it might kill the shell 2015-06-21 16:16:33 -04:00
jvazquez-r7 27a583853c
Fix one more line indentation 2015-06-18 12:40:30 -05:00
jvazquez-r7 55f077fa9e
Fix indentation 2015-06-18 12:38:36 -05:00
jvazquez-r7 de1542e589
Add module for CVE-2015-3090 2015-06-18 12:36:14 -05:00
wchen-r7 17b8ddc68a
Land #5524, adobe_flash_pixel_bender_bof in flash renderer 2015-06-15 02:42:16 -05:00
jvazquez-r7 72672fc8f7
Delete debug 2015-06-11 17:39:36 -05:00
jvazquez-r7 8ed13b1d1b
Add linux support for CVE-2014-0515 2015-06-11 16:18:50 -05:00
wchen-r7 ae21b0c260
Land #5523, adobe_flash_domain_memory_uaf in the flash renderer 2015-06-10 16:59:19 -05:00
wchen-r7 4c5b1fbcef
Land #5522, adobe_flash_worker_byte_array_uaf in the flash renderer 2015-06-10 14:49:41 -05:00
jvazquez-r7 af31112646
Fix exploit indentation 2015-06-10 14:19:36 -05:00
jvazquez-r7 64562565fb
Fix method indentation 2015-06-10 14:16:47 -05:00
jvazquez-r7 2bb3a5059c
Fix else indentation 2015-06-10 14:15:58 -05:00
jvazquez-r7 1d05ce1cdc
Fix for indentation 2015-06-10 14:14:29 -05:00
jvazquez-r7 7202e27918
Fix indentation 2015-06-10 14:12:26 -05:00
jvazquez-r7 ab132290d7
Add Exploiter AS 2015-06-10 13:53:45 -05:00
jvazquez-r7 6c7ee10520 Update to use the new flash Exploiter 2015-06-10 13:52:43 -05:00
jvazquez-r7 0d2454de93
Fix indentation 2015-06-10 12:27:52 -05:00
jvazquez-r7 7fba64ed14
Allow more search space 2015-06-10 12:26:53 -05:00
jvazquez-r7 ecbddc6ef8
Play with memory al little bit better 2015-06-10 11:54:57 -05:00
wchen-r7 d622c782ef
Land #5519, adobe_flash_uncompress_zlib_uninitialized in the flash renderer 2015-06-10 11:52:47 -05:00
jvazquez-r7 2b4fe96cfd Tweak Heap Spray 2015-06-10 10:56:24 -05:00
jvazquez-r7 a6fe383852
Use AS Exploiter 2015-06-10 09:32:52 -05:00
jvazquez-r7 64b486eeac
Change filename 2015-06-10 09:12:52 -05:00
jvazquez-r7 d95a0f432d
Update AS codE 2015-06-10 09:12:25 -05:00
jvazquez-r7 e5d6c9a3cb Make last code cleanup 2015-06-09 16:01:57 -05:00
jvazquez-r7 d9db45690f
Delete debug messages 2015-06-09 15:47:59 -05:00
jvazquez-r7 cf8c6b510b
Debug version working 2015-06-09 15:46:21 -05:00
jvazquez-r7 f4649cb3fb
Delete old AS 2015-06-09 14:50:59 -05:00
jvazquez-r7 4f1ee3fcdf
Really fix indentation 2015-06-09 12:42:32 -05:00
jvazquez-r7 5bab1cfc68
Fix indentation 2015-06-09 12:38:24 -05:00
jvazquez-r7 39851d277d
Unset debug flag 2015-06-09 11:36:09 -05:00
jvazquez-r7 b7f0fad72f
Modify CVE-2014-0569 to use the flash exploitation code 2015-06-09 11:31:39 -05:00
OJ b291d41b76 Quick hack to remove hard-coded offsets 2015-06-05 13:19:41 +10:00
jvazquez-r7 51d98e1008
Update AS code 2015-06-04 18:34:08 -05:00
jvazquez-r7 02181addc5
Update CVE-2014-0556 2015-06-04 18:23:50 -05:00
wchen-r7 23df66bf3a
Land #5481, no powershell. exec shellcode from the renderer process. 2015-06-04 15:45:09 -05:00
jvazquez-r7 75454f05c4
Update AS source code 2015-06-04 12:12:49 -05:00
jvazquez-r7 80cb70cacf
Add support for Windows 8.1/Firefox 2015-06-03 22:46:04 -05:00
jvazquez-r7 74117a7a52
Allow to execute payload from the flash renderer 2015-06-03 16:33:41 -05:00
OJ 455a3b6b9d
Add butchered version of CVE-2015-1701 2015-06-03 21:48:23 +10:00
jvazquez-r7 e9714bfc82
Solve conflics 2015-05-27 23:22:00 -05:00
wchen-r7 e749733eb6
Land #5419, Fix Base64 decoding on ActionScript 2015-05-27 23:13:51 -05:00
jvazquez-r7 e5d42850c1
Add support for Linux to CVE-2015-0336 2015-05-27 17:05:10 -05:00
jvazquez-r7 801deeaddf Fix CVE-2015-0336 2015-05-27 15:42:06 -05:00
jvazquez-r7 bd1bdf22b5
Fix CVE-2015-0359 2015-05-26 17:27:20 -05:00
jvazquez-r7 19c7445d9d
Fix CVE-2015-0336 2015-05-26 17:20:49 -05:00
jvazquez-r7 23d244b1fa
Fix CVE-2015-0313 2015-05-26 16:11:44 -05:00
jvazquez-r7 5c8c5aef37
Fix CVE-2014-8440 2015-05-26 16:05:08 -05:00