infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
47,149 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

856 Commits (af3d2045fb357b079e386b587727ccc4b6d36169)

Author SHA1 Message Date
Wei Chen 3e33a6f0a4 Update moduel boxoft_wav_to_mp3 2018-07-02 14:00:33 -05:00
Shelby Pace 54fce378fa
added target versions to documentation 2018-07-02 09:20:17 -05:00
Shelby Pace 3b5555542c
add exploit module and documentation 2018-06-29 15:17:12 -05:00
Jacob Robles bc18389284
Updated Document and Module 
Update the documentation based on analysis of the vulnerability.
Slight modifications to the exploit module as well to reduce the
size of the generated file and reduce bad characters.
 2018-02-01 10:05:50 -06:00
Jacob Robles 656bb7f567
Modified DupScout Fileformat Exploit 2018-01-30 09:12:05 -06:00
Daniel Teixeira 4cd5801e6f
Dup Scout Import Command Buffer Overflow 2018-01-24 20:47:46 +00:00
bwatters-r7 3922844650
ninja style changes 2018-01-23 16:34:49 -06:00
Daniel Teixeira aa9b5e4419
Sync Breeze Enterprise Import Command 2018-01-15 20:46:40 +00:00
Wei Chen b99663fb6c
Bring #9282 up to date with upstream-master 2017-12-13 13:16:30 -06:00
Austin 5a81f8091d
change some options for somethinf for sensible 2017-12-07 14:44:36 -05:00
Austin 335cc13cab
remove option, advanced Message seems to break it. 2017-12-07 14:17:14 -05:00
Austin 7bdc99a153
Fix HANDLER + some default options! 2017-12-07 13:53:39 -05:00
Austin 09aa433fdc
Add MESSAGE field for "obfuscation" 2017-12-07 08:04:31 -05:00
Austin 8bb6a8f47c
Rename office_dde_delivery to office_dde_delivery.rb 2017-12-06 22:40:37 -05:00
Austin 9d11c60d88
Office DDE Payload Delivery 
Generate / Inject existing RTF files with DDE Payloads!
 2017-12-06 21:41:00 -05:00
William Webb adba277be0
axe errant spaces at EOL 2017-12-04 16:57:48 -08:00
William Webb 69b01d26bb
Land #9226, Microsoft Office OLE object memory corruption 2017-12-04 16:50:27 -08:00
Austin b96dac28d5
fix info segment 2017-12-04 16:42:41 -05:00
Austin c788e4e540
Update office_ms17_11882.rb 2017-12-01 11:36:03 -05:00
Austin 7df46b33e8
disassembly ASM 2017-12-01 08:03:56 -05:00
Austin 2544b4d8db
Change target name 2017-11-28 21:39:04 -05:00
Austin cb7f173811
Update office_ms17_11882.rb 2017-11-28 21:36:25 -05:00
Austin 960893b99d
change default payload 2017-11-22 06:36:46 -05:00
Austin 275f70e77e
better saving 2017-11-21 19:34:04 -05:00
Austin db4c0fcca9
spelling 2017-11-21 19:02:14 -05:00
Austin fcea6fd8d4
actually create new file ;-; 2017-11-21 15:00:06 -05:00
Austin 39a4d193a1
Create office_ms17_11882.rb 2017-11-21 14:47:02 -05:00
William Vu b7c604f941
Land #9189, s/patrick/aushack/g 2017-11-08 10:27:03 -06:00
Patrick Webster 2f6da89674 Change author name to nick. 2017-11-09 03:00:24 +11:00
Spencer McIntyre 70033e2b94 Enable the payload handler by default 2017-11-02 12:31:54 -04:00
Spencer McIntyre e4d99a14b6 Fix EXITFUNC back to process for the RCE too 2017-10-05 11:38:08 -04:00
Spencer McIntyre 825ad940e6 Update the advanced option names and a typo 2017-10-05 10:16:31 -04:00
Spencer McIntyre 482ce005fd Update the advanced option names and a typo 2017-10-05 10:11:00 -04:00
Spencer McIntyre f2f48cbc8f Update the CVE-2017-8464 module 2017-09-30 18:25:16 -04:00
Pearce Barry 8de6fa79c1
Tweakz, yo. 2017-09-22 18:49:09 -05:00
h00die 30f833f684 80 pages left 2017-09-13 22:03:34 -04:00
Brent Cook 367c760927
window move is now directly in the template 2017-08-20 17:48:59 -05:00
Brent Cook e734a7923a
Land #8267, Handle multiple entries in PSModulePath 2017-08-20 17:44:30 -05:00
Brent Cook da3ca9eb90 update some documentation 2017-08-03 17:09:44 -05:00
Brent Cook ddd841c0a8 code style cleanup + add automatic targeting based on payload 2017-08-03 00:27:54 -05:00
Brent Cook b62429f6fa handle drive letters specified like E: nicely 2017-08-03 00:27:22 -05:00
Yorick Koster 46ec04dd15 Removed This PC ItemID & increased timeout in WaitForSingleObject 
Remove the This PC ItemID to bypass (some) AV.

Timeout for WaitForSingleObject is set to 2,5s. After this timeout a
mutex is released allowed a new payload to be executed.
 2017-08-02 15:47:22 -05:00
Yorick Koster e51e1d9638 Added new DLL templates to prevent crashing of Explorer 2017-08-02 15:47:21 -05:00
Yorick Koster 3229320ba9 Code review feedback from @nixawk 2017-08-02 15:46:51 -05:00
Yorick Koster 565a3355be CVE-2017-8464 LNK Remote Code Execution Vulnerability 
This module exploits a vulnerability in the handling of Windows
Shortcut files (.LNK) that contain a dynamic icon, loaded from a
malicious DLL.

This vulnerability is a variant of MS15-020 (CVE-2015-0096). The
created LNK file is similar except in an additional
SpecialFolderDataBlock is included. The folder ID set in this
SpecialFolderDataBlock is set to the Control Panel. This is enought to
bypass the CPL whitelist. This bypass can be used to trick Windows into
loading an arbitrary DLL file.
 2017-08-02 15:46:30 -05:00
mr_me bf4dce19fb I added the SSD advisory 2017-07-24 14:25:10 -07:00
mr_me b099196172 deregistered SSL, added the HTA dodgy try/catch feature 2017-07-24 10:28:03 -07:00
mr_me 17b28388e9 Added the advisory, opps 2017-07-24 10:09:21 -07:00
mr_me 14ca2ed325 Added a icon loading trick by Brendan 2017-07-24 10:06:20 -07:00
mr_me b2a002adc0 Brendan is an evil genius\! 2017-07-24 09:58:23 -07:00