de25a6c23c
Add metadata
2015-09-02 18:32:45 -05:00
8f70ec8256
Fix Disclosure date
2015-09-02 18:21:36 -05:00
b912e3ce65
Add exploit template
2015-09-02 17:28:35 -05:00
4090c2c8ea
Land #5880 , adds ScriptHost UAC bypass for Win7/2008
2015-09-02 14:14:18 -05:00
582cc795ac
Remove newlines
2015-09-02 19:42:04 +01:00
8f25a006a8
Change to automatic target
2015-09-02 09:13:25 +01:00
4275a65407
Update local exploit checks to follow the guidelines.
...
Please see wiki "How to write a check() method" to learn how
these checkcodes are determined.
2015-09-01 23:26:45 -05:00
27775fbe58
Restrict to 7 and 2k8
2015-09-01 22:23:37 +01:00
da4b360202
Fix typo
2015-08-26 15:29:34 -05:00
5d0ed797a3
Update DLL
2015-08-26 15:15:32 -05:00
dd529013f6
Update ruby side
2015-08-26 15:12:09 -05:00
b1ef560264
Merge payload_inject 64-bit inject fix from @Meatballs1
2015-08-24 09:26:00 -05:00
1c91b126f1
X64 compat for payload_inject
2015-08-23 22:03:57 +01:00
228087dced
Initial working scripthost bypass uac
2015-08-23 20:16:15 +01:00
45c7e4760a
Support x64 payloads
2015-08-20 02:09:58 -05:00
6f31183904
Fix VSS Persistance to check integrity level
2015-08-01 23:13:05 +01:00
a6a8117e46
Revert "Land #5777 , fix #4558 vss_persistence"
...
This reverts commit ba4b2fbbeaaffc86bfd9
2015-08-01 22:35:24 +01:00
1ec960d8f9
Make the time to write flush configurable
2015-07-31 16:43:43 -05:00
bf6975c01a
Fix #4558 by restoring the old wmicexec
2015-07-27 14:04:10 -05:00
e355e56539
Add check
2015-07-02 10:54:44 +02:00
56c3102603
That's what you get for making edits on github.com..
2015-07-01 17:51:57 +02:00
4847fb9830
Add a neater powershell command
2015-07-01 17:47:47 +02:00
822a46fee6
Merge branch 'master' of github:dmaasland/metasploit-framework
2015-07-01 17:47:33 +02:00
4f72df3202
Create a neater powershell command
2015-07-01 17:47:08 +02:00
ffe710af2d
Update registry_persistence.rb
...
Omg spaces
2015-07-01 17:21:12 +02:00
26e3ec0a5f
Add a switch for creating a cleanup rc file
2015-07-01 17:06:16 +02:00
20708ebc82
Add a check to prevent accidental deletion of existing registry keys
2015-07-01 16:45:03 +02:00
2e48bae71c
fixes
2015-07-01 16:15:13 +02:00
335487afa0
fixes
2015-07-01 16:09:55 +02:00
d0845b8c66
msftidy fix
2015-07-01 12:50:34 +02:00
a3db6c6ae3
Msftidy fix
2015-07-01 12:47:10 +02:00
bd94f50fb0
add registry_persistence.rb
2015-07-01 12:26:46 +02:00
7ccc86d338
Use cmd_exec
2015-06-26 11:54:19 -05:00
2206a6af73
Support older targets x86 for MS15-051
2015-06-25 09:33:15 +10:00
a149fb5710
Land #5554 , @g0tmi1k's persistence improvements
...
age aborts
age aborts
2015-06-24 14:37:25 -05:00
e7e8135acd
Clean up module
2015-06-24 14:35:10 -05:00
dedfca163d
Change check()
2015-06-22 15:05:12 -05:00
efece12b40
Minor clean ups for ruby strings and check method
2015-06-21 16:07:44 -04:00
0b55a889d3
persistence - better ruby/msf fu
2015-06-18 21:10:16 +01:00
a3debe1621
persistence - more options, more verbose
...
...and less bugs!
+ Able to define the EXE payload filename
+ Able to setup a handler job
+ Able to execute persistence payload after installing
+ Performs various checks (should be more stable now)
+ Will display various warnings if your doing something 'different'
+ Added various verbose messages during the process
2015-06-17 13:57:06 +01:00
a6467f49ec
Update description
2015-06-03 22:17:25 +10:00
455a3b6b9d
Add butchered version of CVE-2015-1701
2015-06-03 21:48:23 +10:00
d03ee5667b
Remove assigned but unused local vars
2015-06-01 16:45:36 -05:00
7133f0a68e
Fix typo in author's name
2015-06-01 16:45:09 -05:00
5bceeb4f27
Land #5349 , @h0ng10's module for CVE-2015-2219 Lenovo System Update Local Privilege Escalation
2015-05-22 17:14:20 -05:00
3aa1ffb4f5
Do minor code cleanup
2015-05-22 16:20:36 -05:00
d99eedb1e4
Adding begin...ensure block
2015-05-17 20:48:11 +02:00
acb053a2a7
CloseHandle cleanup
2015-05-17 20:39:10 +02:00
e075495a5b
string concatenation, clear \ handling
2015-05-15 06:51:42 +02:00
94d39c5c75
remove hard coded pipe name
2015-05-15 06:35:55 +02:00
bb4f5da6d9
replace client.sys.config.getenv with get_env
2015-05-15 06:33:57 +02:00
bba261a1cf
Initial version
2015-05-15 00:36:03 +02:00
f423306b6f
Various post-commit fixups
...
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150 , @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys
Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192 , @joevennix's module for Safari CVE-2015-1126
Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in
Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016 ,
add SSL Labs scanner
Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101 , Add Directory Traversal for GoAhead Web Server
Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158 , OWA internal IP disclosure scanner
Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159 , WordPress Mobile Edition Plugin File Read Vuln
Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924 , @m-1-k-3's DLink CVE-2015-1187 exploit
Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131 , WordPress Slideshow Upload
Edited modules/exploits/windows/local/run_as.rb first landed in #4649 ,
improve post/windows/manage/run_as and as an exploit
(These results courtesy of a delightful git alias, here:
```
cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"
```
So that's kind of fun.
2015-05-06 11:39:15 -05:00
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
352e170624
more failure reasons
2015-04-16 22:04:11 +02:00
ba6548db75
be consistent about naming
2015-04-16 21:44:56 +02:00
ef8c0aac69
Land #5020 , spelling fixes for some modules
2015-03-28 00:36:04 -05:00
9cfafdd8b8
Land #4649 , improve post/windows/manage/run_as and as an exploit
2015-03-27 17:31:30 -05:00
f129347b51
Filed vs Failed fix
2015-03-27 11:28:50 -07:00
49a6057f74
Grammaring harder
2015-03-24 11:10:36 -05:00
0c2ed21e90
Land #4318 , Lateral movement through PSRemoting
2015-03-20 11:39:35 -05:00
23d8479683
Fix typo
2015-03-20 11:39:00 -05:00
0da79edb9c
Add a print_status to let the user know the module is over
...
If I have to run the module as a job, sometimes I can't tell if
the module has finished running or not.
2015-03-20 11:35:18 -05:00
6ceab3d02d
Add a DisclosureDate
2015-03-18 23:51:18 +00:00
1ead57a80d
Land #4928 , @h0ng10's local exploit for iPass Mobile Client
2015-03-13 16:58:45 -05:00
9894a3dc54
Change module filename
2015-03-13 16:53:17 -05:00
b4de3ce42b
Do minor cleanup
2015-03-13 16:52:26 -05:00
b0e730d5ae
Typo
2015-03-13 20:41:14 +01:00
726f01b8cc
Initial version
2015-03-13 20:33:45 +01:00
c6cb1e840d
Fixes persistence module by revering changes to the value returned by the write_script_to_target function, which screws up the path that is used for startup. Currently an escaped path "C://Users//..." is being used instead of using windows standards "C:\Users\...".
2015-03-10 10:26:03 +01:00
ff73b4d51a
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/local/pxeexploit.rb.
2015-02-24 05:19:48 -06:00
aa8a82f44f
Update MS15-001 reference
2015-02-21 08:39:21 -06:00
e40772efe2
Fixed open device issue for non-priv users
...
Fixed the open_device call to work for users without Administrator
privileges
2015-02-18 12:44:58 -05:00
e78d08e20d
Fix up titles, descriptions
2015-02-12 12:11:40 -06:00
309159d876
Land #4753 , updated ms14_070_tcpip_ioctl info
2015-02-12 09:57:29 -06:00
8ab469d3bd
Update ms14-070 module information and references
2015-02-12 09:51:01 -05:00
b894050bba
Fix local/pxeexploit datastore
2015-02-11 12:19:56 -06:00
4e0a62cb3a
Land #4664 , MS14-070 Server 2003 tcpip.sys priv esc
2015-02-05 18:49:15 -05:00
a359fe9acc
Minor fixup on the ms14-070 module description
2015-02-05 18:41:58 -05:00
dc13446536
Forgot to comment ret instruction
2015-02-05 14:09:01 -05:00
5a39ba32f6
Make the ret instruction for token stealing optional
2015-02-05 14:00:38 -05:00
dabc163076
Modify the shellcode stub to save the process
2015-02-05 13:54:52 -05:00
c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM
2015-02-05 12:36:47 -06:00
aebf5056ac
Dont compare a string to an integer
2015-02-04 16:55:43 -05:00
d211488e5d
Add Initial version
2015-02-01 19:47:58 -06:00
6c529f8f6b
Addressed feedback from @OJ and @zeroSteiner
2015-01-29 11:57:03 -05:00
064ca2d02e
Updated version checking
2015-01-28 18:25:30 -05:00
37c08128dc
Add in MS14-070 Priv Escalation for Windows 2003
2015-01-28 13:24:39 -05:00
c9ca85fba8
Bail out as SYSTEM
2015-01-27 17:23:57 +00:00
b7e9c69f72
Fix x64 injection
2015-01-27 16:34:06 +00:00
215a590940
Refactor and fixes for post module
2015-01-27 16:14:59 +00:00
ea25869312
Refactor to common module
2015-01-27 10:47:02 +00:00
93537765d0
Add TODO
2015-01-26 15:59:22 +00:00
5ae65a723f
Initial
2015-01-26 15:57:52 +00:00
a2a1a90678
Land #4316 , Meatballs1 streamlines payload execution for exploits/windows/local/wmi
...
also fixes a typo bug in WMIC
2015-01-16 11:16:22 -06:00
c1e604f201
Land #4562 : wchen-r7's CVE addition
2015-01-15 14:34:37 -06:00
47cd5a3e59
Land #4562 , wchen-r7's Win8 NtApphelpCacheControl privilege escalation
2015-01-15 13:52:07 -06:00
09eaf80a90
Add CVE
2015-01-15 13:22:00 -06:00
34bbc5be90
print error message about limitation
2015-01-11 20:12:40 -06:00
46d1616994
Hello ARCH_X86_64
2015-01-10 06:16:22 -06:00
jvazquez-r7
HD Moore
Meatballs
wchen-r7
Brent Cook
Donny Maasland
Spencer McIntyre
William Vu
g0tmi1k
OJ
James Lee
Hans-Martin Münch (h0ng10)
Tod Beardsley
Christian Mehlmauer
C-P
Sigurd Jervelund Hansen
Jay Smith