infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
45,291 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

195 Commits (1c21ec588ac406ca307bad9fef1c9e2dd5ec3086)

Author SHA1 Message Date
Shelby Pace bc87643ea3
Land #10482, Add Network Manager VPNC Privesc 2018-08-30 08:49:38 -07:00
Tim W f295b22290
Land #10313, add linux autostart persistence module 2018-08-20 03:19:57 -07:00
Tim W e5ef254155
Land #10320, add module for persistence in /etc/rc.local 2018-08-19 00:33:19 -07:00
Tim W 65fcdcfd2f
Land #9884, add linux ufo priv esc module 2018-08-02 02:56:27 -07:00
Tim W 691d8f2c41
Land #9753, Linux BPF sign extension local privesc 2018-07-18 11:05:32 -07:00
bwatters-r7 0a19221af2
Land #10101, Add glibc 'realpath()' Privilege Escalation exploit 2018-06-12 14:43:57 -07:00
Chris Higgins 5f469efacf
Land #10092, Cleanup linux/local/recvmmsg_priv_esc 2018-06-04 15:37:57 -07:00
Tim W 016ee4d460
Land #9987, AF_PACKET chocobo_root exploit 2018-05-21 15:22:51 -07:00
bwatters-r7 81368bef7a
Land #9966, Add Reliable Datagram Sockets (RDS) Privilege Escalation exploit 
Merge branch 'land-9966' into upstream-master
 2018-05-21 17:01:36 -05:00
Tim W bacab0507b
Land #9947, AF_PACKET packet_set_ring exploit 2018-05-17 08:16:34 -07:00
Tim W 1de1b04c4f
Land #9919, add libuser roothelper privilege escalation exploit 2018-05-15 11:58:14 -07:00
Brent Cook 3b7d2c8177
Land #9853, Update Linux sock_sendpage local exploit module 2018-04-26 16:06:10 -07:00
bwatters-r7 a44bcff2d8
Land #9756, Add lastore-daemon D-Bus Privilege Escalation exploit 
Merge branch 'land-9756' into upstream-master
 2018-04-23 11:21:10 -07:00
h00die 37cb2d77e7
Land #9422 abrt race condition priv esc on linux 2018-02-12 11:55:21 -06:00
Pearce Barry 6c3168c541
Land #9536, Add Ubuntu notes to documentation 2018-02-12 11:55:19 -06:00
Pearce Barry 73bcec5d11
Land #9408, Add Juju-run Agent Privilege Escalation module (CVE-2017-9232) 2018-02-12 11:55:19 -06:00
h00die 090f7c8bd6
Land #9467 linux priv esc against glibc origin 2018-02-12 11:55:19 -06:00
h00die cd7187023c
Land #9469 linux local exploit for glibc ld audit 2018-02-12 11:55:18 -06:00
h00die 016af01fd8
Land #9399 a linux priv esc against apport and abrt 2018-02-02 11:32:29 -06:00
Brent Cook 520e890520
Land #8581, VMware Workstation ALSA Config File Local Privilege Escalation 2018-01-03 21:35:57 -06:00
Brendan Coles c153788424 Remove sleeps 2017-12-30 15:20:56 +00:00
James Barnett 7e9d0b3e9b
Fix permissions in docker priv_esc module 
The previous command didn't give the original user enough permissions
to execute the payload. This was resulting in permission denied
and preventing me from getting a root shell.

Fixes #8937
 2017-09-07 16:48:02 -05:00
h00die a40429158f 40% done 2017-08-28 20:17:58 -04:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
g0tmi1k 4720d1a31e OCD fixes - Spaces 2017-07-14 08:46:59 +01:00
Brendan Coles e20169c428 Disable VMware hint popups 2017-06-20 11:39:57 +00:00
Brendan Coles 668aa4edaf Use WfsDelay 2017-06-20 08:56:33 +00:00
Brendan Coles 4f6eab102f Code cleanup 2017-06-20 00:55:33 +00:00
Brendan Coles 1bd7a0ea2a Replace tabs with spaces 2017-06-20 00:06:50 +00:00
Brendan Coles cf8cf564b2 Add VMware Workstation ALSA Config File Privesc module 2017-06-18 11:16:25 +00:00
h00die 361cc2dbeb fix newline issue and service call 2017-05-30 22:37:26 -04:00
h00die f98b40d038 adds check on service writing before running it 2017-05-30 22:14:49 -04:00
William Vu b794bfe5db
Land #8335, rank fixes for the msftidy god 2017-05-07 21:20:33 -05:00
Bryan Chu 88bef00f61 Add more ranks, remove module warnings 
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables

../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart

../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
 2017-05-07 15:41:26 -04:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
Brent Cook a60e5789ed update mettle->meterpreter references in modules 2017-04-26 17:55:10 -05:00
bwatters-r7 64c06a512e
Land #8020, ntfs-3g local privilege escalation 2017-04-04 09:48:15 -05:00
Bryan Chu 151ed16c02 Re-ranking files 
../exec_shellcode.rb
Rank Great -> Excellent

../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent

../hp_smhstart.rb
Rank Average -> Normal
 2017-04-02 18:33:46 -04:00
h00die e80b8cb373 move sploit.c out to data folder 2017-03-31 20:51:33 -04:00
Bryan Chu 5e31a32771 Add missing ranks 
../exec_shellcode.rb
Rank = Great
This exploit is missing autodetection and version checks,
but should be ranked Great due to high number of possible targets

../cfme_manageiq_evm_upload_exec.rb
Rank = Great
This exploit implements a check to assess target availability,
and the vulnerability does not require any user action

../dlink_dcs_930l_authenticated_remote_command_execution
Rank = Excellent
Exploit utilizes command injection

../efw_chpasswd_exec
Rank = Excellent
Exploit utilizes command injection

../foreman_openstack_satellite_code_exec
Rank = Excellent
Exploit utilizes code injection

../nginx_chunked_size
Rank = Great
Exploit has explicit targets with nginx version auto-detection

../tp_link_sc2020n_authenticated_telnet_injection
Rank = Excellent
See dlink_dcs_930l_authenticated_remote_command_execution,
exploit uses OS Command Injection

../hp_smhstart
Rank = Average
Must be specific user to exploit, no autodetection,
specific versions only
 2017-03-31 02:39:44 -04:00
h00die fb5e090f15 fixes from jvoisin 2017-02-28 20:09:26 -05:00
h00die e3e607a552 reword description 2017-02-26 15:24:22 -05:00
h00die 0c353841ab forgot add fixes for travis 2017-02-25 23:25:36 -05:00
h00die a8609f5c66 ntfs-3g lpe 2017-02-25 23:09:22 -05:00
Brent Cook ff2b8dcf99
Revert "Land #7605, Mysql privilege escalation, CVE-2016-6664" - premature merge 
This reverts commit 92a1c1ece4, reversing
changes made to 9b16cdf602.
 2017-01-22 19:16:33 -06:00
x2020 6f70323460 Minor misspelling mistakes and corrected the check of the mysqld process 2016-11-25 19:03:23 +00:00
x2020 1119dc4abe Targets set to automatic 
removed targets and set only automatic
the targets weren't used so there's no funcionallity loss
 2016-11-25 17:35:28 +00:00
x2020 acfd214195 Mysql privilege escalation 
Documentation, compiled binary and final implementation.
Completed the documentation, added the missing compiled binary and a
final and tested implementation of the module.
 2016-11-19 11:24:29 +00:00
Brent Cook 59f3c9e769
Land #7579, rename netfilter_priv_esc to rename netfilter_priv_esc_ipv4 2016-11-21 17:59:29 -06:00