Commit Graph

437 Commits (970fe2956e2be78606ed9b7c508364917686e506)

Author SHA1 Message Date
Spencer McIntyre 949633e816 Cleanup cve-2017-8464 template and build script 2017-10-02 15:18:13 -04:00
h00die dc358dd087 unknow to unknown 2017-08-18 11:33:48 -04:00
Yorick Koster 81500f7336 Updated Mutex code, reduce the number of times the payload is executed 2017-08-03 10:26:55 -05:00
Yorick Koster c3bc27385e Added source code for DLL template 2017-08-02 15:47:22 -05:00
Yorick Koster 46ec04dd15 Removed This PC ItemID & increased timeout in WaitForSingleObject
Remove the This PC ItemID to bypass (some) AV.

Timeout for WaitForSingleObject is set to 2,5s. After this timeout a
mutex is released allowed a new payload to be executed.
2017-08-02 15:47:22 -05:00
Yorick Koster e6e94bad4b Replace CreateEvent with CreateMutex/WaitForSingleObject
Time out is set to 1500 ms to prevent running the payload multiple times
2017-08-02 15:47:22 -05:00
Yorick Koster e51e1d9638 Added new DLL templates to prevent crashing of Explorer 2017-08-02 15:47:21 -05:00
Brent Cook a01a2ead1a
Land #8467, Samba CVE-2017-7494 Improvements 2017-05-30 00:15:03 -05:00
HD Moore 38491fd7ba Rename payloads with os+libc, shrink array inits 2017-05-27 19:50:31 -05:00
HD Moore b7b0c26f4a Reduce minimum GLIBC versions where we can 2017-05-27 19:28:41 -05:00
HD Moore 184c8f50f1 Rework the Samba exploit & payload model to be magic. 2017-05-27 17:03:01 -05:00
wchen-r7 ee13195760 Update office_word_macro exploit to support template injection 2017-05-25 15:53:45 -05:00
HD Moore afc804fa03 Quick Ghostscript module based on the public PoC 2017-04-28 09:56:52 -05:00
nixawk a9df917257 Fix rtf info author 2017-04-14 21:16:39 -05:00
nixawk 8c662562d3 add CVE-2017-0199 format 2017-04-14 13:22:32 -05:00
bwatters-r7 64c06a512e
Land #8020, ntfs-3g local privilege escalation 2017-04-04 09:48:15 -05:00
h00die e80b8cb373 move sploit.c out to data folder 2017-03-31 20:51:33 -04:00
wchen-r7 6965a00b45 Resolve #8023, Support backward compatibility for Office macro
Resolve #8023
2017-02-27 13:02:41 -06:00
wchen-r7 3d269b46ad Support OS X for Microsoft Office macro exploit 2017-02-16 12:28:11 -06:00
bwatters-r7 272d1845fa
Land #7934, Add exploit module for OpenOffice with a malicious macro 2017-02-09 13:42:58 -06:00
wchen-r7 047a9b17cf Completed version of openoffice_document_macro 2017-02-08 16:29:40 -06:00
wchen-r7 cefbee2df4 Add PoC for OpenOffice macro module 2017-02-07 10:12:23 -06:00
wchen-r7 ccaa783a31 Add Microsoft Office Word Macro exploit 2017-02-02 17:44:55 -06:00
William Webb fb74b2d8f3
initial commit of finished product 2017-01-20 11:01:36 -06:00
Brent Cook 24f7959805
add binary for futex_requeue 2017-01-11 13:25:30 -06:00
Brent Cook 2585c8c8b5
Land #7461, convert futex_requeue (towelroot) module to use targetting and core_loadlib 2017-01-11 13:24:25 -06:00
Brent Cook 2652f347fa add module binary 2016-12-22 03:25:10 -06:00
Tim e6d4c0001c
hide debug printing 2016-12-20 00:52:11 +08:00
Pearce Barry 1dae206fde
Land #7379, Linux Kernel BPF Priv Esc (CVE-2016-4557) 2016-11-11 16:50:20 -06:00
scriptjunkie 268a72f210
Land #7193 Office DLL hijack module 2016-11-08 23:15:27 -06:00
Yorick Koster 3c1f642c7b Moved PPSX to data/exploits folder 2016-11-08 16:04:46 +01:00
William Webb 31b593ac67
Land #7402, Add Linux local privilege escalation via overlayfs 2016-11-01 12:46:40 -05:00
dmohanty-r7 d918e25bde
Land #7439, Add Ghostscript support to ImageMagick Exploit 2016-10-28 17:07:13 -05:00
Pearce Barry 43fd0a8813
Land #7436, Put Rex-exploitation Gem Back 2016-10-18 16:03:54 -05:00
h00die 0d1fe20ae5 revamped 2016-10-15 20:57:31 -04:00
Brent Cook 9fbe1ddd9d
Land #7384, CVE-2016-6415 - Cisco IKE Information Disclosure 2016-10-14 08:41:34 -05:00
William Vu 9b15899d91 Add PS template 2016-10-13 17:40:15 -05:00
William Vu 6f4f2bfa5f Add PS target and remove MIFF 2016-10-13 17:39:55 -05:00
David Maloney 7894d5b2c1 Revert "Revert "use the new rex-exploitation gem""
This reverts commit f3166070ba.
2016-10-11 17:40:43 -05:00
Pearce Barry d1a11f46e8
Land #7418, Linux recvmmsg Priv Esc (CVE-2014-0038) 2016-10-09 18:37:52 -05:00
h00die 2dfebe586e working cve-2014-0038 2016-10-08 23:58:09 -04:00
Brent Cook f3166070ba
Revert "use the new rex-exploitation gem"
This reverts commit 52f6265d2e.
2016-10-08 21:55:16 -05:00
David Maloney 52f6265d2e use the new rex-exploitation gem
use the new rex-exploitation gem instead of the packaged in lbirary code
cleans up a huge ammount of space in framework

MS-1709
2016-10-05 09:05:27 -05:00
h00die 27cf5c65c4 working module 2016-10-04 23:21:53 -04:00
nixawk 7368b995f2 CVE-2016-6415 Cisco - sendpacket.raw 2016-09-29 22:24:55 -05:00
h00die c036c258a9 cve-2016-4557 2016-09-29 05:23:12 -04:00
OJ 0e82ced082
Add LPE exploit module for the capcom driver flaw
This commit includes:

* RDI binary that abuses the SMEP bypass and userland function pointer
  invocation that is provided by the driver.
* Related metasploit module.
* Associated make.build to build from command line.
* Updated command line build file.

This also includes the beginnings of a new set of functions that help
with the management/automation of kernel-related work on Windows for
local priv esc exploits.
2016-09-27 22:37:45 +10:00
h00die 23e5556a4c binary drops work! 2016-09-24 21:31:00 -04:00
William Webb 21e6211e8d add exploit for cve-2016-0189 2016-08-01 13:26:35 -05:00
wchen-r7 322fc11225 Fix whitespace 2016-07-27 12:37:14 -05:00