Brent Cook
a01a2ead1a
Land #8467 , Samba CVE-2017-7494 Improvements
2017-05-30 00:15:03 -05:00
HD Moore
38491fd7ba
Rename payloads with os+libc, shrink array inits
2017-05-27 19:50:31 -05:00
HD Moore
b7b0c26f4a
Reduce minimum GLIBC versions where we can
2017-05-27 19:28:41 -05:00
HD Moore
184c8f50f1
Rework the Samba exploit & payload model to be magic.
2017-05-27 17:03:01 -05:00
wchen-r7
ee13195760
Update office_word_macro exploit to support template injection
2017-05-25 15:53:45 -05:00
HD Moore
afc804fa03
Quick Ghostscript module based on the public PoC
2017-04-28 09:56:52 -05:00
nixawk
a9df917257
Fix rtf info author
2017-04-14 21:16:39 -05:00
nixawk
8c662562d3
add CVE-2017-0199 format
2017-04-14 13:22:32 -05:00
bwatters-r7
64c06a512e
Land #8020 , ntfs-3g local privilege escalation
2017-04-04 09:48:15 -05:00
h00die
e80b8cb373
move sploit.c out to data folder
2017-03-31 20:51:33 -04:00
wchen-r7
6965a00b45
Resolve #8023 , Support backward compatibility for Office macro
...
Resolve #8023
2017-02-27 13:02:41 -06:00
wchen-r7
3d269b46ad
Support OS X for Microsoft Office macro exploit
2017-02-16 12:28:11 -06:00
bwatters-r7
272d1845fa
Land #7934 , Add exploit module for OpenOffice with a malicious macro
2017-02-09 13:42:58 -06:00
wchen-r7
047a9b17cf
Completed version of openoffice_document_macro
2017-02-08 16:29:40 -06:00
wchen-r7
cefbee2df4
Add PoC for OpenOffice macro module
2017-02-07 10:12:23 -06:00
wchen-r7
ccaa783a31
Add Microsoft Office Word Macro exploit
2017-02-02 17:44:55 -06:00
William Webb
fb74b2d8f3
initial commit of finished product
2017-01-20 11:01:36 -06:00
Brent Cook
24f7959805
add binary for futex_requeue
2017-01-11 13:25:30 -06:00
Brent Cook
2585c8c8b5
Land #7461 , convert futex_requeue (towelroot) module to use targetting and core_loadlib
2017-01-11 13:24:25 -06:00
Brent Cook
2652f347fa
add module binary
2016-12-22 03:25:10 -06:00
Tim
e6d4c0001c
hide debug printing
2016-12-20 00:52:11 +08:00
Pearce Barry
1dae206fde
Land #7379 , Linux Kernel BPF Priv Esc (CVE-2016-4557)
2016-11-11 16:50:20 -06:00
scriptjunkie
268a72f210
Land #7193 Office DLL hijack module
2016-11-08 23:15:27 -06:00
Yorick Koster
3c1f642c7b
Moved PPSX to data/exploits folder
2016-11-08 16:04:46 +01:00
William Webb
31b593ac67
Land #7402 , Add Linux local privilege escalation via overlayfs
2016-11-01 12:46:40 -05:00
dmohanty-r7
d918e25bde
Land #7439 , Add Ghostscript support to ImageMagick Exploit
2016-10-28 17:07:13 -05:00
Pearce Barry
43fd0a8813
Land #7436 , Put Rex-exploitation Gem Back
2016-10-18 16:03:54 -05:00
h00die
0d1fe20ae5
revamped
2016-10-15 20:57:31 -04:00
Brent Cook
9fbe1ddd9d
Land #7384 , CVE-2016-6415 - Cisco IKE Information Disclosure
2016-10-14 08:41:34 -05:00
William Vu
9b15899d91
Add PS template
2016-10-13 17:40:15 -05:00
William Vu
6f4f2bfa5f
Add PS target and remove MIFF
2016-10-13 17:39:55 -05:00
David Maloney
7894d5b2c1
Revert "Revert "use the new rex-exploitation gem""
...
This reverts commit f3166070ba
.
2016-10-11 17:40:43 -05:00
Pearce Barry
d1a11f46e8
Land #7418 , Linux recvmmsg Priv Esc (CVE-2014-0038)
2016-10-09 18:37:52 -05:00
h00die
2dfebe586e
working cve-2014-0038
2016-10-08 23:58:09 -04:00
Brent Cook
f3166070ba
Revert "use the new rex-exploitation gem"
...
This reverts commit 52f6265d2e
.
2016-10-08 21:55:16 -05:00
David Maloney
52f6265d2e
use the new rex-exploitation gem
...
use the new rex-exploitation gem instead of the packaged in lbirary code
cleans up a huge ammount of space in framework
MS-1709
2016-10-05 09:05:27 -05:00
h00die
27cf5c65c4
working module
2016-10-04 23:21:53 -04:00
nixawk
7368b995f2
CVE-2016-6415 Cisco - sendpacket.raw
2016-09-29 22:24:55 -05:00
h00die
c036c258a9
cve-2016-4557
2016-09-29 05:23:12 -04:00
OJ
0e82ced082
Add LPE exploit module for the capcom driver flaw
...
This commit includes:
* RDI binary that abuses the SMEP bypass and userland function pointer
invocation that is provided by the driver.
* Related metasploit module.
* Associated make.build to build from command line.
* Updated command line build file.
This also includes the beginnings of a new set of functions that help
with the management/automation of kernel-related work on Windows for
local priv esc exploits.
2016-09-27 22:37:45 +10:00
h00die
23e5556a4c
binary drops work!
2016-09-24 21:31:00 -04:00
William Webb
21e6211e8d
add exploit for cve-2016-0189
2016-08-01 13:26:35 -05:00
wchen-r7
322fc11225
Fix whitespace
2016-07-27 12:37:14 -05:00
wchen-r7
dbe31766af
Update CVE-2016-0099 Powershell
2016-07-27 12:35:43 -05:00
Brent Cook
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e0216
, reversing
changes made to 7b1d9596c7
.
2016-07-15 12:00:31 -05:00
wchen-r7
8f928c6ca1
Land #7006 , Add MS16-032 Local Priv Esc Exploit
2016-07-12 15:22:35 -05:00
wchen-r7
621f3fa5a9
Change naming style
2016-07-12 15:18:18 -05:00
Brent Cook
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
William Webb
b4b3a84fa5
refactor ms16-016 code
2016-07-05 20:50:43 -05:00
khr0x40sh
df1a9bee13
Move ps1, Use Env var, Fix license, New Cleanup
...
MS16-032 ps1 moved to external file. This ps1 will now detect windir
to find cmd.exe. The module now also detects windir to find
powershell.exe. The license is now BSD_LICENSE, and the required
copyright has been moved to the ps1. The previous optional cleanup stage
is now standard. The optional 'W_PATH' assignment is corrected to
select the user's variable unless 'W_PATH' is nil.
2016-06-22 09:25:48 -04:00