sinn3r
b90639fd66
Land #4726 , X360 Software actvx buffer overflow
2015-02-17 11:41:23 -06:00
jvazquez-r7
1f4fdb5d18
Update from master
2015-02-10 10:47:17 -06:00
jvazquez-r7
511f637b31
Call CollectGarbage
2015-02-09 14:44:31 -06:00
Brent Cook
af405eeb7d
Land #4287 , @timwr's exploit form CVS-2014-3153
2015-02-09 10:33:14 -06:00
Brent Cook
0e4f3b0e80
added built data/exploits/CVE-2014-3153.elf
2015-02-09 09:50:31 -06:00
jvazquez-r7
a46a53acaf
Provide more space for the payload
2015-02-06 14:49:49 -06:00
jvazquez-r7
414349972f
Fix comment
2015-02-06 11:34:20 -06:00
jvazquez-r7
b5e230f838
Add javascript exploit
2015-02-06 11:04:59 -06:00
jvazquez-r7
aa7f7d4d81
Add DLL source code
2015-02-01 19:59:10 -06:00
jvazquez-r7
d211488e5d
Add Initial version
2015-02-01 19:47:58 -06:00
jvazquez-r7
f9dccda75d
Delete unused files
2015-01-22 18:00:31 -06:00
sinn3r
74e8e057dd
Use RDL
2015-01-09 19:02:08 -06:00
sinn3r
fce564cde2
Meh, not the debug build. Should be the release build.
2015-01-08 22:06:07 -06:00
sinn3r
14c54cbc22
Update DLL
2015-01-08 21:36:02 -06:00
sinn3r
d3738f0d1a
Add DLL
2015-01-08 17:17:55 -06:00
jvazquez-r7
7a2c9c4c0d
Land #4263 , @jvennix-r7's OSX Mavericks root privilege escalation
...
* Msf module for the Ian Beer exploit
2014-11-30 21:13:07 -06:00
jvazquez-r7
7772da5e3f
Change paths, add makefile and compile
2014-11-30 21:06:11 -06:00
Meatballs
f5f32fac06
Add token fiddling from nishang
2014-11-28 23:02:59 +00:00
Meatballs
48a5123607
Merge remote-tracking branch 'upstream/master' into pr4233_powerdump
2014-11-27 20:08:11 +00:00
Joe Vennix
7a3fb12124
Add an OSX privilege escalation from Google's Project Zero.
2014-11-25 12:34:16 -06:00
Peter Marszalik
830af7f95e
identified instances of tabs vs spaces in the original
...
identified 16 instances in the original code where tab was used vs spaces. updated to keep consistent.
2014-11-25 12:17:43 -06:00
Peter Marszalik
705bd42b41
tab to space change - line 296
2014-11-22 14:48:44 -06:00
Peter Marszalik
900aa9cd6b
powerdump.ps1 bug - corrupt hash fix
...
Fixed the bug where the hashes are not being extracted correctly when LM is disabled and history is enabled.
Rather than relying on length, LM and NT headers are checked. Four bytes at 0xa0 show if LM exists and four bytes at 0xac show if NT exists. Details on this known issue can be found in the following whitepaper from blackhat:
https://media.blackhat.com/bh-us-12/Briefings/Reynolds/BH_US_12_Reynods_Stamp_Out_Hash_WP.pdf
2014-11-18 23:10:57 -06:00
jvazquez-r7
c35dc2e6b3
Add module for CVE-2014-6352
2014-11-12 01:10:49 -06:00
sinn3r
c2391bf011
Add an R in /Info for the trailer dictionary to make it readable
2014-11-05 22:28:37 -06:00
sinn3r
1b2554bc0d
Add a default template for CVE-2010-1240 PDF exploit
2014-11-05 17:08:38 -06:00
jvazquez-r7
f43a6e9be0
Use PDWORD_PTR and DWORD_PTR
2014-10-31 17:35:50 -05:00
jvazquez-r7
8e547e27b3
Use correct types
2014-10-31 12:37:21 -05:00
jvazquez-r7
6574db5dbb
Fix the 64 bits code
2014-10-30 17:01:59 -05:00
jvazquez-r7
03a84a1de3
Search the AccessToken
2014-10-30 12:17:03 -05:00
OJ
908094c3d3
Remove debug, treat warnings as errors
2014-10-28 09:04:02 +10:00
OJ
0a03b2dd48
Final code tidy
2014-10-28 08:59:33 +10:00
jvazquez-r7
042d29b1d6
Compile binaries in house
2014-10-27 12:18:33 -05:00
jvazquez-r7
4406972b46
Do version checking minor cleanup
2014-10-27 09:32:42 -05:00
jvazquez-r7
0aaebc7872
Make GetPtiCurrent USER32 independent
2014-10-26 18:51:02 -05:00
jvazquez-r7
34697a2240
Delete 'callback3' also from 32 bits version
2014-10-26 17:28:35 -05:00
Spencer McIntyre
7416c00416
Initial addition of x64 target for cve-2014-4113
2014-10-26 16:54:42 -04:00
jvazquez-r7
a75186d770
Add module for CVE-2014-4113
2014-10-23 18:51:30 -05:00
jvazquez-r7
bf8dce574a
Add ppsx template
2014-10-16 17:55:22 -05:00
Joe Vennix
7793ed4fea
Add some common UXSS scripts.
2014-09-09 02:31:27 -05:00
sinn3r
ce5d3b12e7
Land #3403 - MS13-097 Registry Symlink IE Sandbox Escape
2014-06-26 13:48:28 -05:00
jvazquez-r7
b8a2cf776b
Do test
2014-06-03 09:52:01 -05:00
jvazquez-r7
05ed2340dc
Use powershell
2014-06-03 09:29:04 -05:00
jvazquez-r7
f918bcc631
Use powershell instead of mshta
2014-06-03 09:01:56 -05:00
jvazquez-r7
1dbd36a3dd
Check for the .NET dfsvc and use %windir%
2014-05-30 09:02:43 -05:00
jvazquez-r7
e145298c13
Add module for CVE-2014-0257
2014-05-29 11:45:19 -05:00
jvazquez-r7
6e122e683a
Add module for CVE-2013-5045
2014-05-29 11:42:54 -05:00
jvazquez-r7
5fd732d24a
Add module for CVE-2014-0515
2014-05-07 17:13:16 -05:00
sinn3r
6bfc9a8aa0
Land #3333 - Adobe Flash Player Integer Underflow Remote Code Execution
2014-05-05 10:39:26 -05:00
OJ
7e37939bf2
Land #3090 - Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
2014-05-04 16:41:17 +10:00