infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
45,281 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

2251 Commits (0f7b8a24536378fbc59b83817d1166021366b46a)

Author SHA1 Message Date
Brent Cook d2e6af1845 sort|uniq 2017-08-25 08:54:49 -05:00
Brent Cook 605330faf6
Land #8842, add linux/aarch64/shell_reverse_tcp 2017-08-21 15:44:28 -05:00
Brent Cook e734a7923a
Land #8267, Handle multiple entries in PSModulePath 2017-08-20 17:44:30 -05:00
Brent Cook d5a5321a8c Merge remote-tracking branch 'upstream/pr/8299' into land-8267- 2017-08-20 17:43:56 -05:00
h00die dc358dd087 unknow to unknown 2017-08-18 11:33:48 -04:00
Tim 8b4ccc66c7 add linux/aarch64/shell_reverse_tcp 2017-08-17 18:55:37 +08:00
Yorick Koster 81500f7336 Updated Mutex code, reduce the number of times the payload is executed 2017-08-03 10:26:55 -05:00
Yorick Koster c3bc27385e Added source code for DLL template 2017-08-02 15:47:22 -05:00
Yorick Koster 46ec04dd15 Removed This PC ItemID & increased timeout in WaitForSingleObject 
Remove the This PC ItemID to bypass (some) AV.

Timeout for WaitForSingleObject is set to 2,5s. After this timeout a
mutex is released allowed a new payload to be executed.
 2017-08-02 15:47:22 -05:00
Yorick Koster e6e94bad4b Replace CreateEvent with CreateMutex/WaitForSingleObject 
Time out is set to 1500 ms to prevent running the payload multiple times
 2017-08-02 15:47:22 -05:00
Yorick Koster e51e1d9638 Added new DLL templates to prevent crashing of Explorer 2017-08-02 15:47:21 -05:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
Pearce Barry bc3b883758
Add docs, fix typo, add missing report mixin to avoid error. 2017-06-05 13:49:59 -05:00
L3cr0f 6a3fc618a4 Add bypassuac_injection_winsxs.rb module 2017-06-03 12:59:50 +02:00
Brent Cook a01a2ead1a
Land #8467, Samba CVE-2017-7494 Improvements 2017-05-30 00:15:03 -05:00
HD Moore 38491fd7ba Rename payloads with os+libc, shrink array inits 2017-05-27 19:50:31 -05:00
HD Moore b7b0c26f4a Reduce minimum GLIBC versions where we can 2017-05-27 19:28:41 -05:00
HD Moore 184c8f50f1 Rework the Samba exploit & payload model to be magic. 2017-05-27 17:03:01 -05:00
William Webb d4ba28a20b
Land #8457, Update multi/fileformat/office_word_macro to allow custom templates 2017-05-26 15:09:23 -05:00
wchen-r7 ee13195760 Update office_word_macro exploit to support template injection 2017-05-25 15:53:45 -05:00
HD Moore 0520d7cf76 First crack at Samba CVE-2017-7494 2017-05-24 19:42:04 -05:00
HD Moore afc804fa03 Quick Ghostscript module based on the public PoC 2017-04-28 09:56:52 -05:00
anhilo f3d6a8c456 split PSModulePath in multi strings with ';' 
1、allows the HTA window to be invisible
 2017-04-26 11:01:59 +08:00
wchen-r7 5bbb4d755a
Land #8254, Add CVE-2017-0199 - Office Word HTA Module 2017-04-24 16:05:00 -05:00
Brandon Knight c724f0e05d Handle multiple entries in PSModulePath 
This commit handles the case where more than one entry exists in
the PSModulePath environment variable. The updated code will loop
through each entry in the PSModulePath checking for the presence of
powershell.exe. When one is encountered it will execute the payload
and exit the for loop.
 2017-04-19 11:22:38 -04:00
nixawk 637098466c Hidden black flash windows / Close HTA windows 2017-04-16 22:53:17 -05:00
nixawk a9df917257 Fix rtf info author 2017-04-14 21:16:39 -05:00
nixawk 8c662562d3 add CVE-2017-0199 format 2017-04-14 13:22:32 -05:00
bwatters-r7 64c06a512e
Land #8020, ntfs-3g local privilege escalation 2017-04-04 09:48:15 -05:00
h00die e80b8cb373 move sploit.c out to data folder 2017-03-31 20:51:33 -04:00
Pearce Barry c00b9ca1e5
Land #8175, Get into the DANGER ZOOOOOOONE 2017-03-31 14:31:22 -05:00
HD Moore b5771b0f72 Get into the DANGER ZOOOOOOONE 2017-03-31 12:26:42 -05:00
dmohanty-r7 1ce7bf3938
Land #8126, Add SolarWind LEM Default SSH Pass/RCE 2017-03-31 11:21:32 -05:00
Mehmet Ince e9f816272d
Adding solarwinds lem default ssh credentials to the wordlist 2017-03-24 13:24:05 +03:00
Jon P 4628dfe16b Remove old banner + rubygems requirements 2017-03-13 17:36:21 +01:00
Jon P c9a5190726 Patching "undefined method empty?" errors + "encoding error" 2017-03-13 17:32:56 +01:00
Jon P e8257122b3 Creation of a sub-module for modules/auxiliary/crawler/msfcrawler 
Catching links in comments
 2017-03-13 17:18:39 +01:00
wchen-r7 6965a00b45 Resolve #8023, Support backward compatibility for Office macro 
Resolve #8023
 2017-02-27 13:02:41 -06:00
William Webb 83cc28a091
Land #7972, Microsoft Office Word Macro Generator OS X Edition 2017-02-21 13:26:42 -06:00
Brent Cook 2c570b6709
Land #7942, Microsoft SQL Server Clr Stored Procedure Payload Execution 2017-02-17 17:28:54 -06:00
wchen-r7 3d269b46ad Support OS X for Microsoft Office macro exploit 2017-02-16 12:28:11 -06:00
OJ 2d834a3f5a
Finalise module, and add supporting binaries 2017-02-10 12:56:40 +10:00
bwatters-r7 272d1845fa
Land #7934, Add exploit module for OpenOffice with a malicious macro 2017-02-09 13:42:58 -06:00
wchen-r7 047a9b17cf Completed version of openoffice_document_macro 2017-02-08 16:29:40 -06:00
wchen-r7 cefbee2df4 Add PoC for OpenOffice macro module 2017-02-07 10:12:23 -06:00
wchen-r7 ccaa783a31 Add Microsoft Office Word Macro exploit 2017-02-02 17:44:55 -06:00
William Webb fb74b2d8f3
initial commit of finished product 2017-01-20 11:01:36 -06:00
bwatters_r7 4035dd7485
Land #7796, Improve zip module windows script fallback 2017-01-17 10:59:04 -06:00
Brent Cook 24f7959805
add binary for futex_requeue 2017-01-11 13:25:30 -06:00
Brent Cook 2585c8c8b5
Land #7461, convert futex_requeue (towelroot) module to use targetting and core_loadlib 2017-01-11 13:24:25 -06:00
Brent Cook 31f85b905a add comments 2017-01-07 12:50:11 -06:00
Brent Cook cdcf4cce7d improve zip module windows script fallback 
- handle non-English locales
 - wait more reliably, handle network paths where FS info gets stale
 - use absolute paths correctly
 2017-01-07 12:27:03 -06:00
Brent Cook 2652f347fa add module binary 2016-12-22 03:25:10 -06:00
Tim e6d4c0001c
hide debug printing 2016-12-20 00:52:11 +08:00
Pearce Barry 1dae206fde
Land #7379, Linux Kernel BPF Priv Esc (CVE-2016-4557) 2016-11-11 16:50:20 -06:00
scriptjunkie 268a72f210
Land #7193 Office DLL hijack module 2016-11-08 23:15:27 -06:00
Yorick Koster 3c1f642c7b Moved PPSX to data/exploits folder 2016-11-08 16:04:46 +01:00
William Webb 31b593ac67
Land #7402, Add Linux local privilege escalation via overlayfs 2016-11-01 12:46:40 -05:00
dmohanty-r7 d918e25bde
Land #7439, Add Ghostscript support to ImageMagick Exploit 2016-10-28 17:07:13 -05:00
Pearce Barry 43fd0a8813
Land #7436, Put Rex-exploitation Gem Back 2016-10-18 16:03:54 -05:00
h00die 0d1fe20ae5 revamped 2016-10-15 20:57:31 -04:00
Brent Cook 741c4b8916 updated android payload gem, removed unused extension jar 2016-10-14 09:59:06 -05:00
Brent Cook 9fbe1ddd9d
Land #7384, CVE-2016-6415 - Cisco IKE Information Disclosure 2016-10-14 08:41:34 -05:00
William Vu 9b15899d91 Add PS template 2016-10-13 17:40:15 -05:00
William Vu 6f4f2bfa5f Add PS target and remove MIFF 2016-10-13 17:39:55 -05:00
David Maloney 7894d5b2c1 Revert "Revert "use the new rex-exploitation gem"" 
This reverts commit f3166070ba.
 2016-10-11 17:40:43 -05:00
Pearce Barry d1a11f46e8
Land #7418, Linux recvmmsg Priv Esc (CVE-2014-0038) 2016-10-09 18:37:52 -05:00
h00die 2dfebe586e working cve-2014-0038 2016-10-08 23:58:09 -04:00
Brent Cook f3166070ba
Revert "use the new rex-exploitation gem" 
This reverts commit 52f6265d2e.
 2016-10-08 21:55:16 -05:00
William Vu 3b3185069f
Land #7408, Mirai botnet wordlists 2016-10-06 10:07:20 -05:00
Tonimir Kisasondi 83548a0dde added mirai user/pass to unhash set 2016-10-05 22:24:11 +02:00
Tonimir Kisasondi 7ce73be936 Add linux.mirai wordlists 2016-10-05 17:57:08 +02:00
David Maloney 52f6265d2e use the new rex-exploitation gem 
use the new rex-exploitation gem instead of the packaged in lbirary code
cleans up a huge ammount of space in framework

MS-1709
 2016-10-05 09:05:27 -05:00
h00die 27cf5c65c4 working module 2016-10-04 23:21:53 -04:00
David Maloney af4f3e7a0d use templates from the gem for psh 
use the templates now contained within the magical
gem of rex-powershell

7309
MS-2106
 2016-10-04 14:14:25 -05:00
mach-0 dcc77fda5b Add back accidentally-deleted nasm comment. 2016-10-03 23:47:13 -05:00
mach-0 eff85e4118 Just remove DT_HASH. 2016-10-03 23:43:19 -05:00
mach-0 8828060886 Fix linux x64 elf-so template. 
Previously the elf-so would crash when loaded with LD_PRELOAD,
due to not enough room for the symbol table.
 2016-10-03 23:24:31 -05:00
nixawk 7368b995f2 CVE-2016-6415 Cisco - sendpacket.raw 2016-09-29 22:24:55 -05:00
h00die c036c258a9 cve-2016-4557 2016-09-29 05:23:12 -04:00
OJ 0e82ced082
Add LPE exploit module for the capcom driver flaw 
This commit includes:

* RDI binary that abuses the SMEP bypass and userland function pointer
  invocation that is provided by the driver.
* Related metasploit module.
* Associated make.build to build from command line.
* Updated command line build file.

This also includes the beginnings of a new set of functions that help
with the management/automation of kernel-related work on Windows for
local priv esc exploits.
 2016-09-27 22:37:45 +10:00
Pearce Barry 6382fffc75
Land #7326, Linux Kernel Netfilter Privesc 2016-09-26 12:38:50 -05:00
h00die 23e5556a4c binary drops work! 2016-09-24 21:31:00 -04:00
Joshua J. Drake dbf66f27d5 Add a browser-based exploit module for CVE-2015-3864 2016-09-23 11:14:31 -05:00
Adam Muntner 726079c6e7 diffed with fuzzdb 
https://github.com/fuzzdb-project/fuzzdb/blob/master/discovery/predictable-filepaths/webservers-appservers/SAP.txt
 2016-09-21 00:20:46 -04:00
dmohanty-r7 4c4f2e45d6
Land #7283, add jsp payload generator 2016-09-16 14:37:59 -05:00
Tim 6cb331e74d
Land 7281, add vagrant default password to wordlist 2016-09-07 13:01:01 +01:00
Tim 96f81b4817
add root:vagrant to root_userpass 2016-09-07 12:59:12 +01:00
Christian Mehlmauer c6012e7947
add jsp payload generator 2016-09-06 22:17:21 +02:00
Pearce Barry 9d5a276e91
Fix recent metasploit-framework.gemspec conflict. 2016-09-06 13:10:28 -05:00
wchen-r7 23a5d737fc Add password "vagrant" to wordlists 
The password "vagrant" is often used in Metasploitable3.
 2016-09-06 12:36:02 -05:00
Brendan 83160b7e49
Land #7173, Add post module to compress (zip) a file or directory 2016-08-24 09:38:04 -05:00
wchen-r7 e154aafaaa On Error Resume Next for zip.vbs 2016-08-17 17:08:38 -05:00
David Maloney 8bece28d00
remove *scan bins as well 
all *scan bins need to be removed as the rex-bin_tools
gem will now handle these and put them in PATH

MS-1691
 2016-08-15 14:04:00 -05:00
wchen-r7 8f7d0eae0c Fix #7155 - Add post module to compress (zip) a file or directory 
Fix #7155
 2016-08-02 14:44:58 -05:00
William Webb 21e6211e8d add exploit for cve-2016-0189 2016-08-01 13:26:35 -05:00
Brent Cook d1f65b27b8
Land #7151, Improve CVE-2016-0099 reliability 2016-07-29 09:22:11 -05:00
Brendan ee40c9d809
Land #6625, Send base64ed shellcode and decode with certutil (Actually MSXML) 2016-07-28 13:01:05 -07:00
wchen-r7 322fc11225 Fix whitespace 2016-07-27 12:37:14 -05:00
wchen-r7 dbe31766af Update CVE-2016-0099 Powershell 2016-07-27 12:35:43 -05:00