William Vu
e34c37042a
Readd block_hidden_bind_tcp.asm
...
Because stager_hidden_bind_tcp.asm includes it.
2014-12-22 11:13:07 -06:00
Peregrino Gris
c0fa8c0e3f
Add stager for hidden bind shell payload
2014-12-22 17:21:11 +01:00
HD Moore
e3943682a2
Improves linux/armle payloads, lands #3315
2014-12-13 18:27:14 -06:00
Michael Schierl
e8728943ec
Shave off two more bytes for HTTP(s) stagers
2014-12-13 11:49:30 -06:00
Michael Schierl
69c938f65a
More shellcode golf
2014-12-13 11:49:15 -06:00
jvazquez-r7
7772da5e3f
Change paths, add makefile and compile
2014-11-30 21:06:11 -06:00
jvazquez-r7
b6306ef7a2
Move C source to exploits folder
2014-11-30 20:42:53 -06:00
Joe Vennix
7a3fb12124
Add an OSX privilege escalation from Google's Project Zero.
2014-11-25 12:34:16 -06:00
Mark Schloesser
9e7f6728d0
update the single sources with s/SHELLARG/ARGV0/
2014-11-19 22:22:08 +01:00
mschloesser-r7
a5aa6b2e78
add source for linux/armle/shell_bind_tcp
2014-11-19 21:53:23 +01:00
mschloesser-r7
ebc70138f6
add source for linux/armle/shell_bind_tcp
2014-11-19 21:53:23 +01:00
mschloesser-r7
8331de2265
add source for linux/armle/shell_reverse_tcp
2014-11-19 21:53:23 +01:00
jvazquez-r7
f43a6e9be0
Use PDWORD_PTR and DWORD_PTR
2014-10-31 17:35:50 -05:00
jvazquez-r7
6154b7d55f
Fix style again
2014-10-31 12:51:48 -05:00
jvazquez-r7
203af90a44
Fix style
2014-10-31 12:50:23 -05:00
jvazquez-r7
0c23733722
Use hungarian notation
2014-10-31 12:47:50 -05:00
jvazquez-r7
8e547e27b3
Use correct types
2014-10-31 12:37:21 -05:00
OJ
cbd616bbf5
A few sneaky style changes, but no functional ones
...
Changes were purely for style, and Juan was happy to let me make them
as part of the merge.
2014-10-31 09:08:11 +10:00
jvazquez-r7
6574db5dbb
Fix the 64 bits code
2014-10-30 17:01:59 -05:00
jvazquez-r7
03a84a1de3
Search the AccessToken
2014-10-30 12:17:03 -05:00
OJ
908094c3d3
Remove debug, treat warnings as errors
2014-10-28 09:04:02 +10:00
OJ
0a03b2dd48
Final code tidy
2014-10-28 08:59:33 +10:00
OJ
6f3b373f01
More code tidy and unifying of stuff
2014-10-28 08:37:49 +10:00
OJ
0e761575c8
More code tidying, reduced x64/x86 duplication
2014-10-28 08:09:18 +10:00
OJ
062eff8ede
Fix project settings, make files, start tidying of code
2014-10-28 07:58:19 +10:00
Spencer McIntyre
d6a63ccc5e
Remove unnecessary C debugging code for the exploit
2014-10-27 11:24:23 -04:00
Spencer McIntyre
46b1abac4a
More robust check routine for cve-2014-4113
2014-10-27 11:19:12 -04:00
jvazquez-r7
4406972b46
Do version checking minor cleanup
2014-10-27 09:32:42 -05:00
jvazquez-r7
0aaebc7872
Make GetPtiCurrent USER32 independent
2014-10-26 18:51:02 -05:00
jvazquez-r7
34697a2240
Delete 'callback3' also from 32 bits version
2014-10-26 17:28:35 -05:00
Spencer McIntyre
7416c00416
Initial addition of x64 target for cve-2014-4113
2014-10-26 16:54:42 -04:00
jvazquez-r7
d8eaf3dd65
Add exploit source code
2014-10-23 18:59:58 -05:00
Spencer McIntyre
3181d4e080
Add zsh completion definitions for utilities
2014-09-27 20:12:02 -04:00
HD Moore
8cca4d7795
Fix the makefile to use the right directory
...
Reported by severos on IRC, the current output
class is in the right place, but the makefile
was broken.
2014-08-03 13:38:15 -05:00
sinn3r
ce5d3b12e7
Land #3403 - MS13-097 Registry Symlink IE Sandbox Escape
2014-06-26 13:48:28 -05:00
sinn3r
0b6f7e4483
Land #3404 - MS14-009 .NET Deployment Service IE Sandbox Escape
2014-06-26 11:45:47 -05:00
Meatballs
25ed68af6e
Land #3017 , Windows x86 Shell Hidden Bind
...
A bind shellcode that responds as 'closed' unless the client matches the
AHOST ip.
2014-06-08 13:49:49 +01:00
Meatballs
bf1a665259
Land #2657 , Dynamic generation of windows service executable functions
...
Allows a user to specify non service executables as EXE::Template as
long as the file has enough size to store the payload.
2014-06-07 13:28:20 +01:00
jvazquez-r7
443f9f175c
Update IE11Sandbox exploit source
2014-06-03 09:58:07 -05:00
jvazquez-r7
372a12b966
Restore make.msbuild permissions
2014-06-03 09:07:34 -05:00
jvazquez-r7
98a06b3d72
Restore make.msbuild
2014-06-03 09:05:26 -05:00
jvazquez-r7
f918bcc631
Use powershell instead of mshta
2014-06-03 09:01:56 -05:00
jvazquez-r7
f6862cd130
Land @OJ's updated meterpreter binaries
2014-05-30 20:27:28 -05:00
OJ
d2b8706bd6
Include meterpreter bins, add Sandbox builds
...
This commit contains the binaries that are needed for Juan's sandbox
escape functionality (ie. the updated old libloader code). It also
contains rebuilt binaries for all meterpreter plugins.
I've also added command line build scripts for the sandbox escapes
and added that to the "exploits" build.
2014-05-31 08:12:34 +10:00
jvazquez-r7
c1368dbb4c
Use %windir%
2014-05-30 09:06:41 -05:00
jvazquez-r7
75777cb3f9
Add IE11SandboxEscapes source
2014-05-29 11:38:43 -05:00
Florian Gaultier
bb4e9e2d4d
correct error in block service_change_description
2014-05-13 16:04:39 +02:00
Florian Gaultier
6332957bd2
Try to add SERVICE_DESCRIPTION options to psexec, but it doesn't seem to work...
2014-05-13 16:04:39 +02:00
Florian Gaultier
bdbb70ab71
up block_service_stopped.asm
2014-05-13 16:04:39 +02:00
Florian Gaultier
e269c1e4f1
Improve service_block with service_stopped block to cleanly terminate service
2014-05-13 16:04:38 +02:00