Commit Graph

11 Commits (19ab71aa43a3c726e4280bd6b5851202b27bb54d)

Author SHA1 Message Date
OJ 062eff8ede Fix project settings, make files, start tidying of code 2014-10-28 07:58:19 +10:00
jvazquez-r7 d8eaf3dd65 Add exploit source code 2014-10-23 18:59:58 -05:00
OJ d2b8706bd6
Include meterpreter bins, add Sandbox builds
This commit contains the binaries that are needed for Juan's sandbox
escape functionality (ie. the updated old libloader code). It also
contains rebuilt binaries for all meterpreter plugins.

I've also added command line build scripts for the sandbox escapes
and added that to the "exploits" build.
2014-05-31 08:12:34 +10:00
kyuzo 41720428e4 Refactoring exploit and adding build files for dll. 2014-03-12 10:25:52 +00:00
Meatballs 2a6258be15
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
Conflicts:
	external/source/exploits/make.bat
2014-02-28 20:26:24 +00:00
OJ 10829299f5 Add make support for command line builds 2014-02-26 16:40:54 +10:00
OJ d37774e12d Remove ARM config, add build to make for all exploits 2014-02-26 10:57:15 +10:00
Spencer McIntyre 01f41a209c Remove the DLL and add make.msbuild for easier compiling. 2014-02-07 10:05:05 -05:00
OJ e22b4ba88c Add make script for nvidia nvsvc 2013-12-15 01:12:49 +00:00
OJ defc0ebe5c
ppr_flatten_rec update, RDI submodule, and refactor
This commit contains a few changes for the ppr_flatten_rec local windows
exploit. First, the exploit binary itself:

* Updated to use the RDI submodule.
* Updated to build with VS2013.
* Updated to generate a binary called `ppr_flatten_rc.x86.dll`.
* Invocation of the exploit requires address of the payload to run.

Second, the module in MSF behaved a little strange. I expected it to create
a new session with system privs and leave the existing session alone. This
wasn't the case. It used to create an instance of notepad, migrate the
_existing_ session to it, and run the exploit from there. This behaviour
didn't seem to be consistent with other local exploits. The changes
include:

* Existing session is now left alone, only used as a proxy.
* New notepad instance has exploit reflectively loaded.
* New notepad instance has payload directly injected.
* Exploit invocation takes the payload address as a parameter.
* A wait is added as the exploit is slow to run (nature of the exploit).
* Payloads are executed on successful exploit.
2013-11-27 20:44:18 +10:00
OJ 468654d2b5 Add RDI submodule, port Kitrap0d
This commit is the first in a series that will move all the exploits that use RDI
over to the R7 fork. The RDI source will be in a single known location and each
exploit will have to work from that location.

The kitrap0d exploit has been migrated over to use this submodule so that there's
one example of how it's done for future contributions to follow.
2013-11-27 16:04:41 +10:00