Commit Graph

208 Commits (d3045814a20b01f9baf97fe573d8077c84793e91)

Author SHA1 Message Date
sinn3r 5c0664fb3b
Land #3292 - Mac OS X NFS Mount Privilege Escalation Exploit 2014-04-24 13:43:20 -05:00
Joe Vennix 143aede19c
Add osx nfs_mount module. 2014-04-23 02:32:42 -05:00
jvazquez-r7 acb12a8bef Beautify and fix both ruby an AS 2014-04-17 23:32:29 -05:00
jvazquez-r7 91d9f9ea7f Update from master 2014-04-17 15:32:49 -05:00
jvazquez-r7 749e141fc8 Do first clean up 2014-04-17 15:31:56 -05:00
jvazquez-r7 abd76c5000 Add module for CVE-2014-0322 2014-04-15 17:55:24 -05:00
Spencer McIntyre 85197dffe6 MS14-017 Word RTF listoverridecount memory corruption 2014-04-08 14:44:20 -04:00
Tod Beardsley 6309c4a193
Metasploit LLC transferred assets to Rapid7
The license texts should reflect this.
2014-03-13 09:47:52 -05:00
Meatballs a87f604c98
Merge remote-tracking branch 'upstream/master' into mediawiki 2014-02-10 21:43:56 +00:00
jvazquez-r7 78e1683f2d Add binary compiled on vs2013 2014-02-10 13:52:27 -06:00
Spencer McIntyre 01f41a209c Remove the DLL and add make.msbuild for easier compiling. 2014-02-07 10:05:05 -05:00
Spencer McIntyre cc32c877a9 Add CVE-2013-3881 win32k Null Page exploit 2014-02-06 17:23:38 -05:00
Meatballs 486a9d5e19
Use msf branded djvu 2014-02-01 00:37:28 +00:00
dukeBarman 766c408d86 Add CVE-2013-0634: Adobe Flash Player 11.5 memory corruption 2014-01-18 11:07:11 -05:00
OJ 0c82817445 Final changes before PR 2013-12-15 01:12:49 +00:00
OJ db29af0f97 First batch of submodule refactorings 2013-12-15 01:12:48 +00:00
Meatballs 3d1646d18e Exit process when complete 2013-12-15 01:12:47 +00:00
Meatballs c6623b380a Initial commit 2013-12-15 01:12:45 +00:00
OJ defc0ebe5c
ppr_flatten_rec update, RDI submodule, and refactor
This commit contains a few changes for the ppr_flatten_rec local windows
exploit. First, the exploit binary itself:

* Updated to use the RDI submodule.
* Updated to build with VS2013.
* Updated to generate a binary called `ppr_flatten_rc.x86.dll`.
* Invocation of the exploit requires address of the payload to run.

Second, the module in MSF behaved a little strange. I expected it to create
a new session with system privs and leave the existing session alone. This
wasn't the case. It used to create an instance of notepad, migrate the
_existing_ session to it, and run the exploit from there. This behaviour
didn't seem to be consistent with other local exploits. The changes
include:

* Existing session is now left alone, only used as a proxy.
* New notepad instance has exploit reflectively loaded.
* New notepad instance has payload directly injected.
* Exploit invocation takes the payload address as a parameter.
* A wait is added as the exploit is slow to run (nature of the exploit).
* Payloads are executed on successful exploit.
2013-11-27 20:44:18 +10:00
jvazquez-r7 6cb63cdad6
Land #2679, @wchen-r7's exploit for cve-2013-3906 2013-11-25 22:04:26 -06:00
jvazquez-r7 25eb13cb3c Small fix to interface 2013-11-22 17:02:08 -06:00
jvazquez-r7 136c18c070 Add binary objects for MS13-022 2013-11-22 16:45:07 -06:00
sinn3r 94e13a0b8a Initial commit of CVE-2013-3906 2013-11-19 23:10:32 -06:00
OJ 506a4d9e67
Remove genericity, x64 and renamed stuff
As per discussion on the github issue, the following changes were made:

* Project renamed from elevate to kitrap0d, implying that this is not
  intended to be a generic local priv esc exploit container.
* Container DLL no longer generic, always calls the kitrap0d exploit.
* Removal of all x64 code and project configurations.
* Invocation of the exploit changed so that the address of the payload
  is passed in to the exploit entry point. The exploit is now responsible
  for executing the payload if the exploit is successful. This removes
  the possibility of the payload getting executed when the exploit fails.
* Source moved to the appropriate CVE folder.
* Binary moved to the appropriate CVE folder.
* Little bit of source rejigging to tidy things up.
2013-11-14 12:22:53 +10:00
Tab Assassin 2e8d19edcf Retab all the things (except external/) 2013-09-30 13:47:53 -05:00
jvazquez-r7 94125a434b Add module for ZDI-13-205 2013-09-04 15:57:22 -05:00
jvazquez-r7 795ad70eab Change directory names 2013-08-15 22:52:42 -05:00
jvazquez-r7 cc5804f5f3 Add Port for OSVDB 96277 2013-08-15 18:34:51 -05:00
Tod Beardsley 9f5f191a6b Add Main.swf from 593363c 2013-07-29 21:53:40 -05:00
jvazquez-r7 c7361043ae up to date 2013-07-17 11:47:06 -05:00
jvazquez-r7 11f8b351c0 Merge branch 'nvidia' of https://github.com/Meatballs1/metasploit-framework 2013-07-17 11:44:42 -05:00
Meatballs 22601e6cc7 Exit process when complete 2013-07-06 09:27:27 +01:00
Meatballs 66c2b79177 Initial commit 2013-07-05 19:48:27 +01:00
jvazquez-r7 72f19181d1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-01 16:38:19 -05:00
jvazquez-r7 a4d353fcb3 Clean a little more the VS project 2013-06-29 15:15:27 -05:00
jvazquez-r7 6878534d4b Clean Visual Studio Project 2013-06-29 09:20:40 -05:00
jvazquez-r7 7725937461 Add Module for cve-2013-3660 2013-06-28 18:18:21 -05:00
jvazquez-r7 3c1af8217b Land #2011, @matthiaskaiser's exploit for cve-2013-2460 2013-06-26 14:35:22 -05:00
jvazquez-r7 81a2d9d1d5 Merge branch 'module_java_jre17_provider_skeleton' of https://github.com/matthiaskaiser/metasploit-framework 2013-06-26 14:32:59 -05:00
jvazquez-r7 d25e1ba44e Make fixes proposed by review and clean 2013-06-25 12:58:00 -05:00
jvazquez-r7 1ade467ac9 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-25 11:10:43 -05:00
jvazquez-r7 b32513b1b8 Fix CVE-2013-2171 with @jlee-r7 feedback 2013-06-25 10:40:55 -05:00
jvazquez-r7 3244013b1f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-25 09:48:20 -05:00
sinn3r 6780566a54 Add CVE-2013-2171: FreeBSD 9 Address Space Manipulation Module 2013-06-24 11:50:21 -05:00
Matthias Kaiser 8a96b7f9f2 added Java7u21 RCE module
Click2Play bypass doesn't seem to work anymore.
2013-06-24 02:04:38 -04:00
jvazquez-r7 9d0047ff74 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-07 16:44:52 -05:00
jvazquez-r7 7090d4609b Add module for CVE-2013-1488 2013-06-07 13:38:41 -05:00
jvazquez-r7 d5cf6c1fbc Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-23 12:37:54 -05:00
sinn3r 81ad280107 Landing #1856 - CVE-2013-0758 Firefox <= 17.0.1 + Flash RCE
Chained exploit using CVE-2013-0758 and CVE-2013-0757
2013-05-23 12:21:10 -05:00
Joe Vennix 4d5c4f68cb Initial commit, works on three OSes, but automatic mode fails. 2013-05-15 23:32:02 -05:00