Commit Graph

1075 Commits (3b21de390661675fc6d47dbce293e37bd128e56c)

Author SHA1 Message Date
Brent Cook 5297ebc1a1 Merge branch 'master' into land-1396-http_proxy_pstore
Bring things back to the future
2015-02-20 08:50:17 -06:00
Brent Cook 4da28324e7 expound on java signer build instructions 2015-02-12 16:13:08 -06:00
Brent Cook af405eeb7d
Land #4287, @timwr's exploit form CVS-2014-3153 2015-02-09 10:33:14 -06:00
jvazquez-r7 aa7f7d4d81 Add DLL source code 2015-02-01 19:59:10 -06:00
Brent Cook 89e5a2b892 disable -no-thumb, doesn't work with latest NDK? 2015-01-30 09:36:21 -06:00
William Vu 8f54e4d611
Implement "-" for msfconsole -r from stdin
More predictable than /dev/stdin, which is usually a symlink to
/proc/self/fd/0 or /dev/fd/0, but the feature is not guaranteed to be
present.

This isn't *terribly* useful, but it can be. -x is recommended, but it
doesn't allow for ERB directives. This is mostly for hax.
2015-01-29 19:26:56 -06:00
Brent Cook 47cd5a3e59
Land #4562, wchen-r7's Win8 NtApphelpCacheControl privilege escalation 2015-01-15 13:52:07 -06:00
sinn3r 7e1b8a1c83 Not needed anymore 2015-01-09 19:05:44 -06:00
sinn3r c79589509c Old comment 2015-01-09 19:04:50 -06:00
sinn3r 74e8e057dd Use RDL 2015-01-09 19:02:08 -06:00
sinn3r f998bfc246 Update exploit.cpp 2015-01-08 21:37:13 -06:00
sinn3r eea6ccee1f Source 2015-01-08 18:43:29 -06:00
OJ 844460dd87
Update bypass UAC to work on 8.1 and 2012
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.

I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
2015-01-08 15:39:19 +10:00
Borja Merino 9791acd0bf Add stager ipknock shellcode (PR 2) 2014-12-27 22:03:45 +01:00
William Vu e34c37042a
Readd block_hidden_bind_tcp.asm
Because stager_hidden_bind_tcp.asm includes it.
2014-12-22 11:13:07 -06:00
Peregrino Gris c0fa8c0e3f Add stager for hidden bind shell payload 2014-12-22 17:21:11 +01:00
HD Moore e3943682a2
Improves linux/armle payloads, lands #3315 2014-12-13 18:27:14 -06:00
Michael Schierl e8728943ec Shave off two more bytes for HTTP(s) stagers 2014-12-13 11:49:30 -06:00
Michael Schierl 69c938f65a More shellcode golf 2014-12-13 11:49:15 -06:00
Tim 5c50a07c0f futex_requeue 2014-12-01 03:49:22 +00:00
jvazquez-r7 7772da5e3f Change paths, add makefile and compile 2014-11-30 21:06:11 -06:00
jvazquez-r7 b6306ef7a2 Move C source to exploits folder 2014-11-30 20:42:53 -06:00
Joe Vennix 7a3fb12124
Add an OSX privilege escalation from Google's Project Zero. 2014-11-25 12:34:16 -06:00
Mark Schloesser 9e7f6728d0 update the single sources with s/SHELLARG/ARGV0/ 2014-11-19 22:22:08 +01:00
mschloesser-r7 a5aa6b2e78 add source for linux/armle/shell_bind_tcp 2014-11-19 21:53:23 +01:00
mschloesser-r7 ebc70138f6 add source for linux/armle/shell_bind_tcp 2014-11-19 21:53:23 +01:00
mschloesser-r7 8331de2265 add source for linux/armle/shell_reverse_tcp 2014-11-19 21:53:23 +01:00
jvazquez-r7 f43a6e9be0 Use PDWORD_PTR and DWORD_PTR 2014-10-31 17:35:50 -05:00
jvazquez-r7 6154b7d55f Fix style again 2014-10-31 12:51:48 -05:00
jvazquez-r7 203af90a44 Fix style 2014-10-31 12:50:23 -05:00
jvazquez-r7 0c23733722 Use hungarian notation 2014-10-31 12:47:50 -05:00
jvazquez-r7 8e547e27b3 Use correct types 2014-10-31 12:37:21 -05:00
OJ cbd616bbf5 A few sneaky style changes, but no functional ones
Changes were purely for style, and Juan was happy to let me make them
as part of the merge.
2014-10-31 09:08:11 +10:00
jvazquez-r7 6574db5dbb Fix the 64 bits code 2014-10-30 17:01:59 -05:00
jvazquez-r7 03a84a1de3 Search the AccessToken 2014-10-30 12:17:03 -05:00
OJ 908094c3d3 Remove debug, treat warnings as errors 2014-10-28 09:04:02 +10:00
OJ 0a03b2dd48 Final code tidy 2014-10-28 08:59:33 +10:00
OJ 6f3b373f01 More code tidy and unifying of stuff 2014-10-28 08:37:49 +10:00
OJ 0e761575c8 More code tidying, reduced x64/x86 duplication 2014-10-28 08:09:18 +10:00
OJ 062eff8ede Fix project settings, make files, start tidying of code 2014-10-28 07:58:19 +10:00
Spencer McIntyre d6a63ccc5e Remove unnecessary C debugging code for the exploit 2014-10-27 11:24:23 -04:00
Spencer McIntyre 46b1abac4a More robust check routine for cve-2014-4113 2014-10-27 11:19:12 -04:00
jvazquez-r7 4406972b46 Do version checking minor cleanup 2014-10-27 09:32:42 -05:00
jvazquez-r7 0aaebc7872 Make GetPtiCurrent USER32 independent 2014-10-26 18:51:02 -05:00
jvazquez-r7 34697a2240 Delete 'callback3' also from 32 bits version 2014-10-26 17:28:35 -05:00
Spencer McIntyre 7416c00416 Initial addition of x64 target for cve-2014-4113 2014-10-26 16:54:42 -04:00
jvazquez-r7 d8eaf3dd65 Add exploit source code 2014-10-23 18:59:58 -05:00
Spencer McIntyre 3181d4e080 Add zsh completion definitions for utilities 2014-09-27 20:12:02 -04:00
HD Moore 8cca4d7795 Fix the makefile to use the right directory
Reported by severos on IRC, the current output
class is in the right place, but the makefile
was broken.
2014-08-03 13:38:15 -05:00
sinn3r ce5d3b12e7
Land #3403 - MS13-097 Registry Symlink IE Sandbox Escape 2014-06-26 13:48:28 -05:00