Brent Cook
6fb0a06672
add pastebin IoT credentials
2017-08-25 08:57:20 -05:00
Brent Cook
d2e6af1845
sort|uniq
2017-08-25 08:54:49 -05:00
Brent Cook
605330faf6
Land #8842 , add linux/aarch64/shell_reverse_tcp
2017-08-21 15:44:28 -05:00
Brent Cook
e734a7923a
Land #8267 , Handle multiple entries in PSModulePath
2017-08-20 17:44:30 -05:00
Brent Cook
d5a5321a8c
Merge remote-tracking branch 'upstream/pr/8299' into land-8267-
2017-08-20 17:43:56 -05:00
h00die
dc358dd087
unknow to unknown
2017-08-18 11:33:48 -04:00
Tim
8b4ccc66c7
add linux/aarch64/shell_reverse_tcp
2017-08-17 18:55:37 +08:00
Yorick Koster
81500f7336
Updated Mutex code, reduce the number of times the payload is executed
2017-08-03 10:26:55 -05:00
Yorick Koster
c3bc27385e
Added source code for DLL template
2017-08-02 15:47:22 -05:00
Yorick Koster
46ec04dd15
Removed This PC ItemID & increased timeout in WaitForSingleObject
...
Remove the This PC ItemID to bypass (some) AV.
Timeout for WaitForSingleObject is set to 2,5s. After this timeout a
mutex is released allowed a new payload to be executed.
2017-08-02 15:47:22 -05:00
Yorick Koster
e6e94bad4b
Replace CreateEvent with CreateMutex/WaitForSingleObject
...
Time out is set to 1500 ms to prevent running the payload multiple times
2017-08-02 15:47:22 -05:00
Yorick Koster
e51e1d9638
Added new DLL templates to prevent crashing of Explorer
2017-08-02 15:47:21 -05:00
Brent Cook
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
Pearce Barry
bc3b883758
Add docs, fix typo, add missing report mixin to avoid error.
2017-06-05 13:49:59 -05:00
Brent Cook
a01a2ead1a
Land #8467 , Samba CVE-2017-7494 Improvements
2017-05-30 00:15:03 -05:00
HD Moore
38491fd7ba
Rename payloads with os+libc, shrink array inits
2017-05-27 19:50:31 -05:00
HD Moore
b7b0c26f4a
Reduce minimum GLIBC versions where we can
2017-05-27 19:28:41 -05:00
HD Moore
184c8f50f1
Rework the Samba exploit & payload model to be magic.
2017-05-27 17:03:01 -05:00
William Webb
d4ba28a20b
Land #8457 , Update multi/fileformat/office_word_macro to allow custom templates
2017-05-26 15:09:23 -05:00
wchen-r7
ee13195760
Update office_word_macro exploit to support template injection
2017-05-25 15:53:45 -05:00
HD Moore
0520d7cf76
First crack at Samba CVE-2017-7494
2017-05-24 19:42:04 -05:00
HD Moore
afc804fa03
Quick Ghostscript module based on the public PoC
2017-04-28 09:56:52 -05:00
anhilo
f3d6a8c456
split PSModulePath in multi strings with ';'
...
1、allows the HTA window to be invisible
2017-04-26 11:01:59 +08:00
wchen-r7
5bbb4d755a
Land #8254 , Add CVE-2017-0199 - Office Word HTA Module
2017-04-24 16:05:00 -05:00
Brandon Knight
c724f0e05d
Handle multiple entries in PSModulePath
...
This commit handles the case where more than one entry exists in
the PSModulePath environment variable. The updated code will loop
through each entry in the PSModulePath checking for the presence of
powershell.exe. When one is encountered it will execute the payload
and exit the for loop.
2017-04-19 11:22:38 -04:00
nixawk
637098466c
Hidden black flash windows / Close HTA windows
2017-04-16 22:53:17 -05:00
nixawk
a9df917257
Fix rtf info author
2017-04-14 21:16:39 -05:00
nixawk
8c662562d3
add CVE-2017-0199 format
2017-04-14 13:22:32 -05:00
bwatters-r7
64c06a512e
Land #8020 , ntfs-3g local privilege escalation
2017-04-04 09:48:15 -05:00
h00die
e80b8cb373
move sploit.c out to data folder
2017-03-31 20:51:33 -04:00
Pearce Barry
c00b9ca1e5
Land #8175 , Get into the DANGER ZOOOOOOONE
2017-03-31 14:31:22 -05:00
HD Moore
b5771b0f72
Get into the DANGER ZOOOOOOONE
2017-03-31 12:26:42 -05:00
dmohanty-r7
1ce7bf3938
Land #8126 , Add SolarWind LEM Default SSH Pass/RCE
2017-03-31 11:21:32 -05:00
Mehmet Ince
e9f816272d
Adding solarwinds lem default ssh credentials to the wordlist
2017-03-24 13:24:05 +03:00
Jon P
4628dfe16b
Remove old banner + rubygems requirements
2017-03-13 17:36:21 +01:00
Jon P
c9a5190726
Patching "undefined method empty?" errors + "encoding error"
2017-03-13 17:32:56 +01:00
Jon P
e8257122b3
Creation of a sub-module for modules/auxiliary/crawler/msfcrawler
...
Catching links in comments
2017-03-13 17:18:39 +01:00
wchen-r7
6965a00b45
Resolve #8023 , Support backward compatibility for Office macro
...
Resolve #8023
2017-02-27 13:02:41 -06:00
William Webb
83cc28a091
Land #7972 , Microsoft Office Word Macro Generator OS X Edition
2017-02-21 13:26:42 -06:00
Brent Cook
2c570b6709
Land #7942 , Microsoft SQL Server Clr Stored Procedure Payload Execution
2017-02-17 17:28:54 -06:00
wchen-r7
3d269b46ad
Support OS X for Microsoft Office macro exploit
2017-02-16 12:28:11 -06:00
OJ
2d834a3f5a
Finalise module, and add supporting binaries
2017-02-10 12:56:40 +10:00
bwatters-r7
272d1845fa
Land #7934 , Add exploit module for OpenOffice with a malicious macro
2017-02-09 13:42:58 -06:00
wchen-r7
047a9b17cf
Completed version of openoffice_document_macro
2017-02-08 16:29:40 -06:00
wchen-r7
cefbee2df4
Add PoC for OpenOffice macro module
2017-02-07 10:12:23 -06:00
wchen-r7
ccaa783a31
Add Microsoft Office Word Macro exploit
2017-02-02 17:44:55 -06:00
William Webb
fb74b2d8f3
initial commit of finished product
2017-01-20 11:01:36 -06:00
bwatters_r7
4035dd7485
Land #7796 , Improve zip module windows script fallback
2017-01-17 10:59:04 -06:00
Brent Cook
24f7959805
add binary for futex_requeue
2017-01-11 13:25:30 -06:00
Brent Cook
2585c8c8b5
Land #7461 , convert futex_requeue (towelroot) module to use targetting and core_loadlib
2017-01-11 13:24:25 -06:00