jvazquez-r7
11c6f3fdca
Do reliable resolution of kernel32
2015-03-29 15:52:13 -05:00
jvazquez-r7
f84a46df63
Add module for CVE-2015-0313
2015-03-27 18:51:13 -05:00
rwhitcroft
dab4333867
updated asm in block
2015-03-18 16:07:46 -04:00
jvazquez-r7
bb81107e51
Land #4927 , @wchen-r7's exploit for Flash PCRE CVE-2015-0318
2015-03-13 23:58:05 -05:00
sinn3r
2a25e2b2e1
Update Main.as
2015-03-13 11:40:16 -05:00
sinn3r
0ee0a0da1c
This seems to work
2015-03-13 04:43:06 -05:00
sinn3r
0c3329f69e
Back on track
2015-03-12 15:26:55 -05:00
HD Moore
b604599c8e
Fix comments
2015-03-11 21:32:35 -05:00
HD Moore
479a9cc1a9
Fix missing stack variables & remove old comment
2015-03-11 21:23:27 -05:00
HD Moore
7e3b4017f0
Rename and resynced with master, ready for refactoring
2015-03-11 14:36:27 -05:00
HD Moore
ea1bc69e2e
Merge branch 'master' into feature/add-reverse_winhttp-stagers
2015-03-11 14:29:34 -05:00
sinn3r
43b90610b1
Temp
2015-03-11 13:53:34 -05:00
sinn3r
2a9d6e64e2
Starting point for CVE-2015-0318
2015-03-11 09:58:41 -05:00
Borja Merino
991e72a4fa
HTTP stager based on WinHttp
2015-03-10 13:40:16 -05:00
jvazquez-r7
14c3848493
Delete useless comment
2015-03-09 16:59:10 -05:00
jvazquez-r7
cb72b26874
Add module for CVE-2014-0311
2015-03-09 16:52:23 -05:00
William Vu
b223dbdfcf
Nuke external LORCON code from orbit
2015-02-26 14:52:01 -06:00
Brent Cook
5297ebc1a1
Merge branch 'master' into land-1396-http_proxy_pstore
...
Bring things back to the future
2015-02-20 08:50:17 -06:00
Brent Cook
4da28324e7
expound on java signer build instructions
2015-02-12 16:13:08 -06:00
Brent Cook
af405eeb7d
Land #4287 , @timwr's exploit form CVS-2014-3153
2015-02-09 10:33:14 -06:00
jvazquez-r7
aa7f7d4d81
Add DLL source code
2015-02-01 19:59:10 -06:00
Brent Cook
89e5a2b892
disable -no-thumb, doesn't work with latest NDK?
2015-01-30 09:36:21 -06:00
William Vu
8f54e4d611
Implement "-" for msfconsole -r from stdin
...
More predictable than /dev/stdin, which is usually a symlink to
/proc/self/fd/0 or /dev/fd/0, but the feature is not guaranteed to be
present.
This isn't *terribly* useful, but it can be. -x is recommended, but it
doesn't allow for ERB directives. This is mostly for hax.
2015-01-29 19:26:56 -06:00
Brent Cook
47cd5a3e59
Land #4562 , wchen-r7's Win8 NtApphelpCacheControl privilege escalation
2015-01-15 13:52:07 -06:00
sinn3r
7e1b8a1c83
Not needed anymore
2015-01-09 19:05:44 -06:00
sinn3r
c79589509c
Old comment
2015-01-09 19:04:50 -06:00
sinn3r
74e8e057dd
Use RDL
2015-01-09 19:02:08 -06:00
sinn3r
f998bfc246
Update exploit.cpp
2015-01-08 21:37:13 -06:00
sinn3r
eea6ccee1f
Source
2015-01-08 18:43:29 -06:00
OJ
844460dd87
Update bypass UAC to work on 8.1 and 2012
...
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.
I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
2015-01-08 15:39:19 +10:00
Borja Merino
9791acd0bf
Add stager ipknock shellcode (PR 2)
2014-12-27 22:03:45 +01:00
William Vu
e34c37042a
Readd block_hidden_bind_tcp.asm
...
Because stager_hidden_bind_tcp.asm includes it.
2014-12-22 11:13:07 -06:00
Peregrino Gris
c0fa8c0e3f
Add stager for hidden bind shell payload
2014-12-22 17:21:11 +01:00
HD Moore
e3943682a2
Improves linux/armle payloads, lands #3315
2014-12-13 18:27:14 -06:00
Michael Schierl
e8728943ec
Shave off two more bytes for HTTP(s) stagers
2014-12-13 11:49:30 -06:00
Michael Schierl
69c938f65a
More shellcode golf
2014-12-13 11:49:15 -06:00
Tim
5c50a07c0f
futex_requeue
2014-12-01 03:49:22 +00:00
jvazquez-r7
7772da5e3f
Change paths, add makefile and compile
2014-11-30 21:06:11 -06:00
jvazquez-r7
b6306ef7a2
Move C source to exploits folder
2014-11-30 20:42:53 -06:00
Joe Vennix
7a3fb12124
Add an OSX privilege escalation from Google's Project Zero.
2014-11-25 12:34:16 -06:00
Mark Schloesser
9e7f6728d0
update the single sources with s/SHELLARG/ARGV0/
2014-11-19 22:22:08 +01:00
mschloesser-r7
a5aa6b2e78
add source for linux/armle/shell_bind_tcp
2014-11-19 21:53:23 +01:00
mschloesser-r7
ebc70138f6
add source for linux/armle/shell_bind_tcp
2014-11-19 21:53:23 +01:00
mschloesser-r7
8331de2265
add source for linux/armle/shell_reverse_tcp
2014-11-19 21:53:23 +01:00
jvazquez-r7
f43a6e9be0
Use PDWORD_PTR and DWORD_PTR
2014-10-31 17:35:50 -05:00
jvazquez-r7
6154b7d55f
Fix style again
2014-10-31 12:51:48 -05:00
jvazquez-r7
203af90a44
Fix style
2014-10-31 12:50:23 -05:00
jvazquez-r7
0c23733722
Use hungarian notation
2014-10-31 12:47:50 -05:00
jvazquez-r7
8e547e27b3
Use correct types
2014-10-31 12:37:21 -05:00
OJ
cbd616bbf5
A few sneaky style changes, but no functional ones
...
Changes were purely for style, and Juan was happy to let me make them
as part of the merge.
2014-10-31 09:08:11 +10:00