Jon Hart
d4bc98c13f
Merge branch 'upstream-master' into feature/mqtt-login
2017-12-22 08:07:40 -08:00
William Vu
caae33b417
Land #9170 , Linux UDF for mysql_udf_payload
2017-12-21 20:48:24 -06:00
Jon Hart
37ae5e1303
Add admin as a default unix passwd
2017-12-20 18:44:21 -08:00
Yorick Koster
942e44ceae
Added local copies of the static content
2017-12-02 10:14:14 +01:00
bwatters-r7
5a07be9b96
Land #9041 , Add LPE on Windows using CVE-2017-8464
2017-11-08 10:09:03 -06:00
bwatters-r7
4abe8ff0d9
recompile binaries
2017-11-08 09:33:48 -06:00
bwatters-r7
9b24ed8406
Removed binaries for recompile
2017-11-08 09:26:40 -06:00
Spencer McIntyre
c2578c1487
Refactor GetProcessSid to remove do while FALSE
2017-11-07 19:11:24 -05:00
h00die
697031eb36
mysql UDF now multi
2017-11-03 05:26:05 -04:00
bwatters-r7
294230c455
Land #8509 , add Winsxs bypass for UAC
2017-10-11 16:24:52 -05:00
bwatters-r7
fd963245a4
Recompiled old binaries that used
...
external/source/exploits/bypassuac_injection/dll/src/Exploit.cpp
to make sure the changes don't break them later.
2017-10-10 11:28:49 -05:00
bwatters-r7
c63d5fb4fb
Recompiled binaries
2017-10-09 12:44:58 -05:00
bwatters-r7
0bf948e906
Removed binary files before recompiling
2017-10-09 11:35:41 -05:00
bwatters-r7
7df18e378d
Fix conflicts in PR 8509 by mergeing to master
2017-10-09 10:30:21 -05:00
Spencer McIntyre
3f6f70f820
Move the cve-2017-8464 source to external/source
2017-10-08 13:58:51 -04:00
Spencer McIntyre
d0ebfa1950
Change the template technicque to work as an LPE
2017-10-05 10:30:28 -04:00
Spencer McIntyre
949633e816
Cleanup cve-2017-8464 template and build script
2017-10-02 15:18:13 -04:00
james
831b148ac6
Fix consistency issue in 'r7-metasploit' banner
...
This has bugged me for a while, finally fixing it.
2017-09-15 22:19:00 -05:00
Brent Cook
6fb0a06672
add pastebin IoT credentials
2017-08-25 08:57:20 -05:00
Brent Cook
d2e6af1845
sort|uniq
2017-08-25 08:54:49 -05:00
Brent Cook
605330faf6
Land #8842 , add linux/aarch64/shell_reverse_tcp
2017-08-21 15:44:28 -05:00
Brent Cook
e734a7923a
Land #8267 , Handle multiple entries in PSModulePath
2017-08-20 17:44:30 -05:00
Brent Cook
d5a5321a8c
Merge remote-tracking branch 'upstream/pr/8299' into land-8267-
2017-08-20 17:43:56 -05:00
h00die
dc358dd087
unknow to unknown
2017-08-18 11:33:48 -04:00
Tim
8b4ccc66c7
add linux/aarch64/shell_reverse_tcp
2017-08-17 18:55:37 +08:00
Yorick Koster
81500f7336
Updated Mutex code, reduce the number of times the payload is executed
2017-08-03 10:26:55 -05:00
Yorick Koster
c3bc27385e
Added source code for DLL template
2017-08-02 15:47:22 -05:00
Yorick Koster
46ec04dd15
Removed This PC ItemID & increased timeout in WaitForSingleObject
...
Remove the This PC ItemID to bypass (some) AV.
Timeout for WaitForSingleObject is set to 2,5s. After this timeout a
mutex is released allowed a new payload to be executed.
2017-08-02 15:47:22 -05:00
Yorick Koster
e6e94bad4b
Replace CreateEvent with CreateMutex/WaitForSingleObject
...
Time out is set to 1500 ms to prevent running the payload multiple times
2017-08-02 15:47:22 -05:00
Yorick Koster
e51e1d9638
Added new DLL templates to prevent crashing of Explorer
2017-08-02 15:47:21 -05:00
Brent Cook
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
Pearce Barry
bc3b883758
Add docs, fix typo, add missing report mixin to avoid error.
2017-06-05 13:49:59 -05:00
L3cr0f
6a3fc618a4
Add bypassuac_injection_winsxs.rb module
2017-06-03 12:59:50 +02:00
Brent Cook
a01a2ead1a
Land #8467 , Samba CVE-2017-7494 Improvements
2017-05-30 00:15:03 -05:00
HD Moore
38491fd7ba
Rename payloads with os+libc, shrink array inits
2017-05-27 19:50:31 -05:00
HD Moore
b7b0c26f4a
Reduce minimum GLIBC versions where we can
2017-05-27 19:28:41 -05:00
HD Moore
184c8f50f1
Rework the Samba exploit & payload model to be magic.
2017-05-27 17:03:01 -05:00
William Webb
d4ba28a20b
Land #8457 , Update multi/fileformat/office_word_macro to allow custom templates
2017-05-26 15:09:23 -05:00
wchen-r7
ee13195760
Update office_word_macro exploit to support template injection
2017-05-25 15:53:45 -05:00
HD Moore
0520d7cf76
First crack at Samba CVE-2017-7494
2017-05-24 19:42:04 -05:00
HD Moore
afc804fa03
Quick Ghostscript module based on the public PoC
2017-04-28 09:56:52 -05:00
anhilo
f3d6a8c456
split PSModulePath in multi strings with ';'
...
1、allows the HTA window to be invisible
2017-04-26 11:01:59 +08:00
wchen-r7
5bbb4d755a
Land #8254 , Add CVE-2017-0199 - Office Word HTA Module
2017-04-24 16:05:00 -05:00
Brandon Knight
c724f0e05d
Handle multiple entries in PSModulePath
...
This commit handles the case where more than one entry exists in
the PSModulePath environment variable. The updated code will loop
through each entry in the PSModulePath checking for the presence of
powershell.exe. When one is encountered it will execute the payload
and exit the for loop.
2017-04-19 11:22:38 -04:00
nixawk
637098466c
Hidden black flash windows / Close HTA windows
2017-04-16 22:53:17 -05:00
nixawk
a9df917257
Fix rtf info author
2017-04-14 21:16:39 -05:00
nixawk
8c662562d3
add CVE-2017-0199 format
2017-04-14 13:22:32 -05:00
bwatters-r7
64c06a512e
Land #8020 , ntfs-3g local privilege escalation
2017-04-04 09:48:15 -05:00
h00die
e80b8cb373
move sploit.c out to data folder
2017-03-31 20:51:33 -04:00
Pearce Barry
c00b9ca1e5
Land #8175 , Get into the DANGER ZOOOOOOONE
2017-03-31 14:31:22 -05:00