a60e5789ed
update mettle->meterpreter references in modules
2017-04-26 17:55:10 -05:00
64c06a512e
Land #8020 , ntfs-3g local privilege escalation
2017-04-04 09:48:15 -05:00
151ed16c02
Re-ranking files
...
../exec_shellcode.rb
Rank Great -> Excellent
../cfme_manageiq_evm_upload_exec.rb
Rank Great -> Excellent
../hp_smhstart.rb
Rank Average -> Normal
2017-04-02 18:33:46 -04:00
e80b8cb373
move sploit.c out to data folder
2017-03-31 20:51:33 -04:00
5e31a32771
Add missing ranks
...
../exec_shellcode.rb
Rank = Great
This exploit is missing autodetection and version checks,
but should be ranked Great due to high number of possible targets
../cfme_manageiq_evm_upload_exec.rb
Rank = Great
This exploit implements a check to assess target availability,
and the vulnerability does not require any user action
../dlink_dcs_930l_authenticated_remote_command_execution
Rank = Excellent
Exploit utilizes command injection
../efw_chpasswd_exec
Rank = Excellent
Exploit utilizes command injection
../foreman_openstack_satellite_code_exec
Rank = Excellent
Exploit utilizes code injection
../nginx_chunked_size
Rank = Great
Exploit has explicit targets with nginx version auto-detection
../tp_link_sc2020n_authenticated_telnet_injection
Rank = Excellent
See dlink_dcs_930l_authenticated_remote_command_execution,
exploit uses OS Command Injection
../hp_smhstart
Rank = Average
Must be specific user to exploit, no autodetection,
specific versions only
2017-03-31 02:39:44 -04:00
fb5e090f15
fixes from jvoisin
2017-02-28 20:09:26 -05:00
e3e607a552
reword description
2017-02-26 15:24:22 -05:00
0c353841ab
forgot add fixes for travis
2017-02-25 23:25:36 -05:00
a8609f5c66
ntfs-3g lpe
2017-02-25 23:09:22 -05:00
ff2b8dcf99
Revert "Land #7605 , Mysql privilege escalation, CVE-2016-6664" - premature merge
...
This reverts commit 92a1c1ece49b16cdf602
2017-01-22 19:16:33 -06:00
6f70323460
Minor misspelling mistakes and corrected the check of the mysqld process
2016-11-25 19:03:23 +00:00
1119dc4abe
Targets set to automatic
...
removed targets and set only automatic
the targets weren't used so there's no funcionallity loss
2016-11-25 17:35:28 +00:00
acfd214195
Mysql privilege escalation
...
Documentation, compiled binary and final implementation.
Completed the documentation, added the missing compiled binary and a
final and tested implementation of the module.
2016-11-19 11:24:29 +00:00
59f3c9e769
Land #7579 , rename netfilter_priv_esc to rename netfilter_priv_esc_ipv4
2016-11-21 17:59:29 -06:00
005d34991b
update architecture
2016-11-20 19:09:33 -06:00
f313389be4
Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch
2016-11-20 19:08:56 -06:00
cfd31e32c6
renaming per @bwatters-r7 comment in #7491
2016-11-18 13:52:09 -05:00
9eb9d612ca
Minor typo fixups.
2016-11-11 16:54:16 -06:00
1dae206fde
Land #7379 , Linux Kernel BPF Priv Esc (CVE-2016-4557)
2016-11-11 16:50:20 -06:00
eca4b73aab
Land #7499 , check method for pkexec exploit
2016-11-03 10:59:06 -05:00
1c746c0f93
Prefer CheckCode::Detected
2016-11-03 11:14:48 +01:00
2cdff0f414
Fix check method
2016-11-03 11:14:48 +01:00
31b593ac67
Land #7402 , Add Linux local privilege escalation via overlayfs
2016-11-01 12:46:40 -05:00
3c56f1e1f7
Remove commented x64 arch from sock_sendpage
2016-11-01 01:29:11 +10:00
1d617ae389
Implement first pass of architecture/platform refactor
2016-10-28 07:16:05 +10:00
23ab4f1fc1
Remove one last tab
2016-10-27 12:32:40 +02:00
d9f07183bd
Please h00die ;)
2016-10-27 12:18:33 +02:00
2ac54f5028
Add a check for the linux pkexec module
2016-10-27 10:28:13 +02:00
0d1fe20ae5
revamped
2016-10-15 20:57:31 -04:00
12493d5c06
moved c code to external sources
2016-10-13 20:37:03 -04:00
7b84e961ed
Minor output correction.
2016-10-09 19:01:06 -05:00
7e6facd87f
added wrong file
2016-10-09 09:49:58 -04:00
2c4a069e32
prepend fork fix
2016-10-09 09:40:44 -04:00
2dfebe586e
working cve-2014-0038
2016-10-08 23:58:09 -04:00
27cf5c65c4
working module
2016-10-04 23:21:53 -04:00
75bea08e0e
changing branches
2016-10-04 21:08:12 -04:00
e6daef62b4
egypt
2016-10-03 20:24:59 -04:00
7b0a8784aa
additional doc updates
2016-09-29 19:02:16 -04:00
bac4a25b2c
compile or nill
2016-09-29 06:15:17 -04:00
4fac5271ae
slight cleanup
2016-09-29 05:51:13 -04:00
c036c258a9
cve-2016-4557
2016-09-29 05:23:12 -04:00
2272e15ca2
Remove some anti-patterns, in the same spirit than #7372
2016-09-29 00:15:01 +02:00
988471b860
Land #7372 , useless use of cat fix
...
Obligatory: modules/exploits/linux/local/kloxo_lxsuexec.rb.
2016-09-28 16:37:11 -05:00
3033c16da6
Add missing rank
2016-09-28 16:37:04 -05:00
b46073b34a
Replace `cat` with Ruby's `read_file`
...
Thanks to wvu-r7 for the comment
2016-09-28 23:22:19 +02:00
45ee59581b
Fix inverted logic in Docker exploit
...
Positive condition should be tested first, imo. Confusing otherwise. My
bad, though.
Credit to @fslavin-r7.
2016-09-28 15:36:09 -05:00
dbb2abeda1
Remove the `cat $FILE | grep $PATTERN` anti-pattern
...
The `kloxo_lxsuexec.rb` and `netfilter_pvi_esc.rb` exploits
were using the infamous `cat+grep` anti-pattern, this commit
replaces it with `cat` and Ruby's `.include?` method.
2016-09-28 13:41:25 +02:00
6382fffc75
Land #7326 , Linux Kernel Netfilter Privesc
2016-09-26 12:38:50 -05:00
23e5556a4c
binary drops work!
2016-09-24 21:31:00 -04:00
7646771dec
refactored for live compile or drop binary
2016-09-22 20:07:07 -04:00
Brent Cook
bwatters-r7
Bryan Chu
h00die
x2020
Pearce Barry
William Vu
William Webb
OJ
Julien (jvoisin) Voisin
jvoisin