Wei Chen
cab2daf4ed
Add Winsock2 API for Metasploit::Framework::Compiler::Windows
2018-05-24 11:57:41 -05:00
rmdavy
e82cb8351f
Add files via upload
...
New Location for files needed to build badodt file
2018-05-24 09:45:38 +01:00
follower
57bb7fd819
Add correct filename for `/etc/group`
...
AFAICT the correct filename is the singular form `group` not `groups` (e.g. [see](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Introduction_To_System_Administration/s3-acctspgrps-group.html ) & [see](https://linux.die.net/man/5/group )).
Rather than just correcting the filename in place I'm adding the correct form because when even [official Red Hat documentation](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.3_release_notes/bug_fixes_authentication_and_interoperability#idm140113937457168 ) sometimes gets it wrong, maybe one day someone will get lucky with the misspelling.
2018-05-22 00:12:20 +12:00
Tim W
88ab836e15
Land #9987 , AF_PACKET chocobo_root exploit
2018-05-21 17:05:53 +08:00
bwatters-r7
294b263159
Land #9966 , Add Reliable Datagram Sockets (RDS) Privilege Escalation exploit
...
Merge branch 'land-9966' into upstream-master
2018-05-18 17:06:04 -05:00
Brent Cook
eadb464a75
add licenses
2018-05-17 21:21:37 -05:00
Wei Chen
e5c763f6bf
Add support for stdio.h, stdlib.h, and String.h
2018-05-17 14:40:49 -05:00
Tim W
6594cbb5cc
Land #9947 , AF_PACKET packet_set_ring exploit
2018-05-17 18:43:52 +08:00
Brendan Coles
4322e56c71
Recompile pre-compiled exploit executable (stripped, no DEBUG)
2018-05-17 09:43:07 +00:00
Brent Cook
da07113194
Land #10007 , add C interface for building Windows shell code (metasm-backed)
2018-05-16 22:58:32 -05:00
Tim W
ce5b24eda0
fork early and cleanup files in module
2018-05-17 00:32:01 +08:00
Tim W
ed5f2bffa9
Land #9919 , add libuser roothelper privilege escalation exploit
2018-05-12 17:11:21 +08:00
Wei Chen
6cd59faa69
Namespace update
2018-05-11 10:27:54 -05:00
Wei Chen
76865732c8
Namespace update
2018-05-11 10:26:59 -05:00
Wei Chen
82c8138de0
Update naming and license
2018-05-11 10:08:16 -05:00
Wei Chen
caf07116db
Add compiler support capable of including headers.
...
This is basically a wrapper for metasm, but supports built-in
headers so that as an user, I don't have manually do this
every time I compile something with metasm.
2018-05-10 00:33:01 -05:00
Brendan Coles
5ae9b0185d
Add AF_PACKET chocobo_root Privilege Escalation exploit
2018-05-07 07:11:07 +00:00
bwatters-r7
ce5be387c4
Land #8795 , Added CVE-2016-0040 Windows Privilege Escalation
...
Merge branch 'land-8795' into upstream-master
2018-05-03 16:33:53 -05:00
bwatters-r7
729461e448
Re-add compiled Binary
2018-05-03 15:50:15 -05:00
bwatters-r7
16432efd8f
Remove binary file
2018-05-03 14:45:58 -05:00
Brendan Coles
3a688451b6
Add Reliable Datagram Sockets (RDS) Privilege Escalation
2018-05-03 12:51:21 +00:00
Brendan Coles
f7504dd9d5
Add AF_PACKET packet_set_ring Privilege Escalation exploit
2018-04-28 01:40:17 +00:00
Brendan Coles
00583caadf
Add Libuser roothelper Privilege Escalation exploit
2018-04-23 17:49:11 +00:00
h00die
2914ebf631
lpe ufo
2018-04-17 20:39:59 -04:00
bwatters-r7
0faf2f4e04
Land # 8007, Added NTDSgrab module to metasploit.
...
Merge branch 'land-8007' into upstream-master
2018-04-03 15:56:37 -05:00
Tim W
c5039251a2
add CVE-2016-4655
...
rebase
2018-04-03 14:58:57 +08:00
William Vu
862a3ff74d
Land #9618 , pipe auditing improvements
2018-03-26 17:01:48 -05:00
h00die
6b0691a91a
cve-2017-16995
2018-03-23 21:09:56 -04:00
Auxilus
6e9a4916f5
scanner update
2018-03-13 00:23:18 +05:30
Auxilus
2b7364a637
Add wordlist
2018-03-09 21:46:07 +05:30
Auxilus
1342284dc9
Add wordlist
2018-03-09 21:38:59 +05:30
Matthew Kienow
8453bc7f01
Correct metasploit heart banner filename
2018-03-02 17:23:34 -05:00
Matthew Kienow
952c112f4a
Add metasploit heart banners
2018-03-01 15:18:58 -05:00
Tim W
a01f0f3023
fix #9366 , fix osx x64 stage location
2018-02-20 13:50:44 +08:00
h00die
285b329ee1
Land #9422 abrt race condition priv esc on linux
2018-02-11 11:58:39 -05:00
Matthew Kienow
2eca3b925b
Land #9491 , remove extra HTML from doc templates
2018-02-02 18:15:02 -05:00
Brent Cook
955bb5e38a
remove extra HTML from doc markdown templates
2018-02-02 17:02:23 -06:00
Brent Cook
0a3fe0c608
fix html escaping for UTF-8 module metadata
2018-02-02 16:35:50 -06:00
h00die
7cb0a118c1
Land #9399 a linux priv esc against apport and abrt
2018-02-01 21:54:54 -05:00
Brent Cook
aae77fc1a4
Land #9349 , GoAhead LD_PRELOAD CGI Module
2018-01-22 23:10:36 -06:00
Matthew Kienow
035cdb1bca
Add v5 under construction banner
2018-01-17 17:24:28 -06:00
Brendan Coles
5e11d36351
Add ABRT raceabrt Privilege Escalation module
2018-01-16 14:52:33 +00:00
Brendan Coles
2f3e3b486a
Use cross-compiled exploit
2018-01-13 05:44:42 +00:00
Brendan Coles
8bbffd20cd
Add Apport chroot Privilege Escalation exploit
2018-01-12 07:25:35 +00:00
dmohanty-r7
a5fa63405f
Land #9206 , Add Xplico RCE exploit module
2018-01-03 16:02:51 -06:00
HD Moore
0b9fbe5a63
Resolve a bug in reverse_tcp and segfaults across payloads
2017-12-29 14:18:55 -06:00
HD Moore
ab8886e25c
Updated payloads and addition of payload stubs
2017-12-28 16:21:37 -06:00
Jon Hart
d4bc98c13f
Merge branch 'upstream-master' into feature/mqtt-login
2017-12-22 08:07:40 -08:00
William Vu
caae33b417
Land #9170 , Linux UDF for mysql_udf_payload
2017-12-21 20:48:24 -06:00
Jon Hart
37ae5e1303
Add admin as a default unix passwd
2017-12-20 18:44:21 -08:00
HD Moore
e73ae9e1a4
Remove the useless findsock wrapper
2017-12-18 22:09:35 -06:00
HD Moore
a44010deb1
WIP for GoAhead LD_PRELOAD
2017-12-18 10:51:47 -06:00
Yorick Koster
942e44ceae
Added local copies of the static content
2017-12-02 10:14:14 +01:00
Mehmet İnce
86e47589b0
Add xplico remote code execution
2017-11-14 09:30:57 +03:00
bwatters-r7
5a07be9b96
Land #9041 , Add LPE on Windows using CVE-2017-8464
2017-11-08 10:09:03 -06:00
bwatters-r7
4abe8ff0d9
recompile binaries
2017-11-08 09:33:48 -06:00
bwatters-r7
9b24ed8406
Removed binaries for recompile
2017-11-08 09:26:40 -06:00
Spencer McIntyre
c2578c1487
Refactor GetProcessSid to remove do while FALSE
2017-11-07 19:11:24 -05:00
h00die
697031eb36
mysql UDF now multi
2017-11-03 05:26:05 -04:00
bwatters-r7
294230c455
Land #8509 , add Winsxs bypass for UAC
2017-10-11 16:24:52 -05:00
bwatters-r7
fd963245a4
Recompiled old binaries that used
...
external/source/exploits/bypassuac_injection/dll/src/Exploit.cpp
to make sure the changes don't break them later.
2017-10-10 11:28:49 -05:00
bwatters-r7
c63d5fb4fb
Recompiled binaries
2017-10-09 12:44:58 -05:00
bwatters-r7
0bf948e906
Removed binary files before recompiling
2017-10-09 11:35:41 -05:00
bwatters-r7
7df18e378d
Fix conflicts in PR 8509 by mergeing to master
2017-10-09 10:30:21 -05:00
Spencer McIntyre
3f6f70f820
Move the cve-2017-8464 source to external/source
2017-10-08 13:58:51 -04:00
Spencer McIntyre
d0ebfa1950
Change the template technicque to work as an LPE
2017-10-05 10:30:28 -04:00
Spencer McIntyre
949633e816
Cleanup cve-2017-8464 template and build script
2017-10-02 15:18:13 -04:00
james
831b148ac6
Fix consistency issue in 'r7-metasploit' banner
...
This has bugged me for a while, finally fixing it.
2017-09-15 22:19:00 -05:00
Kirk Swidowski
2ee94ca3d9
made changes based on PR feedback.
2017-09-01 16:49:17 -07:00
Kirk Swidowski
b7fc990d17
moved project to the source directory.
2017-09-01 16:09:53 -07:00
Brent Cook
6fb0a06672
add pastebin IoT credentials
2017-08-25 08:57:20 -05:00
Brent Cook
d2e6af1845
sort|uniq
2017-08-25 08:54:49 -05:00
Brent Cook
605330faf6
Land #8842 , add linux/aarch64/shell_reverse_tcp
2017-08-21 15:44:28 -05:00
Brent Cook
e734a7923a
Land #8267 , Handle multiple entries in PSModulePath
2017-08-20 17:44:30 -05:00
Brent Cook
d5a5321a8c
Merge remote-tracking branch 'upstream/pr/8299' into land-8267-
2017-08-20 17:43:56 -05:00
h00die
dc358dd087
unknow to unknown
2017-08-18 11:33:48 -04:00
Tim
8b4ccc66c7
add linux/aarch64/shell_reverse_tcp
2017-08-17 18:55:37 +08:00
Kirk R. Swidowski
cad266d469
added source code for CVE-2016-0040
2017-08-11 15:54:01 -04:00
Kirk R. Swidowski
33d3fd20a1
added CVE-2016-0040 privilege escalation exploit.
2017-08-03 19:12:32 -04:00
Yorick Koster
81500f7336
Updated Mutex code, reduce the number of times the payload is executed
2017-08-03 10:26:55 -05:00
Yorick Koster
c3bc27385e
Added source code for DLL template
2017-08-02 15:47:22 -05:00
Yorick Koster
46ec04dd15
Removed This PC ItemID & increased timeout in WaitForSingleObject
...
Remove the This PC ItemID to bypass (some) AV.
Timeout for WaitForSingleObject is set to 2,5s. After this timeout a
mutex is released allowed a new payload to be executed.
2017-08-02 15:47:22 -05:00
Yorick Koster
e6e94bad4b
Replace CreateEvent with CreateMutex/WaitForSingleObject
...
Time out is set to 1500 ms to prevent running the payload multiple times
2017-08-02 15:47:22 -05:00
Yorick Koster
e51e1d9638
Added new DLL templates to prevent crashing of Explorer
2017-08-02 15:47:21 -05:00
Brent Cook
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
Pearce Barry
bc3b883758
Add docs, fix typo, add missing report mixin to avoid error.
2017-06-05 13:49:59 -05:00
L3cr0f
6a3fc618a4
Add bypassuac_injection_winsxs.rb module
2017-06-03 12:59:50 +02:00
Brent Cook
a01a2ead1a
Land #8467 , Samba CVE-2017-7494 Improvements
2017-05-30 00:15:03 -05:00
HD Moore
38491fd7ba
Rename payloads with os+libc, shrink array inits
2017-05-27 19:50:31 -05:00
HD Moore
b7b0c26f4a
Reduce minimum GLIBC versions where we can
2017-05-27 19:28:41 -05:00
HD Moore
184c8f50f1
Rework the Samba exploit & payload model to be magic.
2017-05-27 17:03:01 -05:00
William Webb
d4ba28a20b
Land #8457 , Update multi/fileformat/office_word_macro to allow custom templates
2017-05-26 15:09:23 -05:00
wchen-r7
ee13195760
Update office_word_macro exploit to support template injection
2017-05-25 15:53:45 -05:00
HD Moore
0520d7cf76
First crack at Samba CVE-2017-7494
2017-05-24 19:42:04 -05:00
HD Moore
afc804fa03
Quick Ghostscript module based on the public PoC
2017-04-28 09:56:52 -05:00
anhilo
f3d6a8c456
split PSModulePath in multi strings with ';'
...
1、allows the HTA window to be invisible
2017-04-26 11:01:59 +08:00
wchen-r7
5bbb4d755a
Land #8254 , Add CVE-2017-0199 - Office Word HTA Module
2017-04-24 16:05:00 -05:00
Brandon Knight
c724f0e05d
Handle multiple entries in PSModulePath
...
This commit handles the case where more than one entry exists in
the PSModulePath environment variable. The updated code will loop
through each entry in the PSModulePath checking for the presence of
powershell.exe. When one is encountered it will execute the payload
and exit the for loop.
2017-04-19 11:22:38 -04:00
nixawk
637098466c
Hidden black flash windows / Close HTA windows
2017-04-16 22:53:17 -05:00
nixawk
a9df917257
Fix rtf info author
2017-04-14 21:16:39 -05:00
nixawk
8c662562d3
add CVE-2017-0199 format
2017-04-14 13:22:32 -05:00
Koen Riepe
437d9b6f02
Fixed newline error in powershell script.
2017-04-05 12:38:38 +02:00
bwatters-r7
64c06a512e
Land #8020 , ntfs-3g local privilege escalation
2017-04-04 09:48:15 -05:00
h00die
e80b8cb373
move sploit.c out to data folder
2017-03-31 20:51:33 -04:00
Pearce Barry
c00b9ca1e5
Land #8175 , Get into the DANGER ZOOOOOOONE
2017-03-31 14:31:22 -05:00
HD Moore
b5771b0f72
Get into the DANGER ZOOOOOOONE
2017-03-31 12:26:42 -05:00
dmohanty-r7
1ce7bf3938
Land #8126 , Add SolarWind LEM Default SSH Pass/RCE
2017-03-31 11:21:32 -05:00
Mehmet Ince
e9f816272d
Adding solarwinds lem default ssh credentials to the wordlist
2017-03-24 13:24:05 +03:00
Jon P
4628dfe16b
Remove old banner + rubygems requirements
2017-03-13 17:36:21 +01:00
Jon P
c9a5190726
Patching "undefined method empty?" errors + "encoding error"
2017-03-13 17:32:56 +01:00
Jon P
e8257122b3
Creation of a sub-module for modules/auxiliary/crawler/msfcrawler
...
Catching links in comments
2017-03-13 17:18:39 +01:00
Koen Riepe
2fb42ff019
Fixed an issue in the powershell script
2017-03-07 13:56:18 +01:00
wchen-r7
6965a00b45
Resolve #8023 , Support backward compatibility for Office macro
...
Resolve #8023
2017-02-27 13:02:41 -06:00
Koen Riepe
0fa0fe3bf8
Added NTDSgrab module to metasploit.
2017-02-24 10:15:13 +01:00
William Webb
83cc28a091
Land #7972 , Microsoft Office Word Macro Generator OS X Edition
2017-02-21 13:26:42 -06:00
Brent Cook
2c570b6709
Land #7942 , Microsoft SQL Server Clr Stored Procedure Payload Execution
2017-02-17 17:28:54 -06:00
wchen-r7
3d269b46ad
Support OS X for Microsoft Office macro exploit
2017-02-16 12:28:11 -06:00
OJ
2d834a3f5a
Finalise module, and add supporting binaries
2017-02-10 12:56:40 +10:00
bwatters-r7
272d1845fa
Land #7934 , Add exploit module for OpenOffice with a malicious macro
2017-02-09 13:42:58 -06:00
wchen-r7
047a9b17cf
Completed version of openoffice_document_macro
2017-02-08 16:29:40 -06:00
wchen-r7
cefbee2df4
Add PoC for OpenOffice macro module
2017-02-07 10:12:23 -06:00
wchen-r7
ccaa783a31
Add Microsoft Office Word Macro exploit
2017-02-02 17:44:55 -06:00
William Webb
fb74b2d8f3
initial commit of finished product
2017-01-20 11:01:36 -06:00
bwatters_r7
4035dd7485
Land #7796 , Improve zip module windows script fallback
2017-01-17 10:59:04 -06:00
Brent Cook
24f7959805
add binary for futex_requeue
2017-01-11 13:25:30 -06:00
Brent Cook
2585c8c8b5
Land #7461 , convert futex_requeue (towelroot) module to use targetting and core_loadlib
2017-01-11 13:24:25 -06:00
Brent Cook
31f85b905a
add comments
2017-01-07 12:50:11 -06:00
Brent Cook
cdcf4cce7d
improve zip module windows script fallback
...
- handle non-English locales
- wait more reliably, handle network paths where FS info gets stale
- use absolute paths correctly
2017-01-07 12:27:03 -06:00
Brent Cook
2652f347fa
add module binary
2016-12-22 03:25:10 -06:00
Tim
e6d4c0001c
hide debug printing
2016-12-20 00:52:11 +08:00
Pearce Barry
1dae206fde
Land #7379 , Linux Kernel BPF Priv Esc (CVE-2016-4557)
2016-11-11 16:50:20 -06:00
scriptjunkie
268a72f210
Land #7193 Office DLL hijack module
2016-11-08 23:15:27 -06:00
Yorick Koster
3c1f642c7b
Moved PPSX to data/exploits folder
2016-11-08 16:04:46 +01:00
William Webb
31b593ac67
Land #7402 , Add Linux local privilege escalation via overlayfs
2016-11-01 12:46:40 -05:00
dmohanty-r7
d918e25bde
Land #7439 , Add Ghostscript support to ImageMagick Exploit
2016-10-28 17:07:13 -05:00
Pearce Barry
43fd0a8813
Land #7436 , Put Rex-exploitation Gem Back
2016-10-18 16:03:54 -05:00
h00die
0d1fe20ae5
revamped
2016-10-15 20:57:31 -04:00
Brent Cook
741c4b8916
updated android payload gem, removed unused extension jar
2016-10-14 09:59:06 -05:00
Brent Cook
9fbe1ddd9d
Land #7384 , CVE-2016-6415 - Cisco IKE Information Disclosure
2016-10-14 08:41:34 -05:00
William Vu
9b15899d91
Add PS template
2016-10-13 17:40:15 -05:00
William Vu
6f4f2bfa5f
Add PS target and remove MIFF
2016-10-13 17:39:55 -05:00
David Maloney
7894d5b2c1
Revert "Revert "use the new rex-exploitation gem""
...
This reverts commit f3166070ba
.
2016-10-11 17:40:43 -05:00
Pearce Barry
d1a11f46e8
Land #7418 , Linux recvmmsg Priv Esc (CVE-2014-0038)
2016-10-09 18:37:52 -05:00
h00die
2dfebe586e
working cve-2014-0038
2016-10-08 23:58:09 -04:00
Brent Cook
f3166070ba
Revert "use the new rex-exploitation gem"
...
This reverts commit 52f6265d2e
.
2016-10-08 21:55:16 -05:00
William Vu
3b3185069f
Land #7408 , Mirai botnet wordlists
2016-10-06 10:07:20 -05:00
Tonimir Kisasondi
83548a0dde
added mirai user/pass to unhash set
2016-10-05 22:24:11 +02:00
Tonimir Kisasondi
7ce73be936
Add linux.mirai wordlists
2016-10-05 17:57:08 +02:00
David Maloney
52f6265d2e
use the new rex-exploitation gem
...
use the new rex-exploitation gem instead of the packaged in lbirary code
cleans up a huge ammount of space in framework
MS-1709
2016-10-05 09:05:27 -05:00
h00die
27cf5c65c4
working module
2016-10-04 23:21:53 -04:00