64c06a512e
Land #8020 , ntfs-3g local privilege escalation
2017-04-04 09:48:15 -05:00
e80b8cb373
move sploit.c out to data folder
2017-03-31 20:51:33 -04:00
6965a00b45
Resolve #8023 , Support backward compatibility for Office macro
...
Resolve #8023
2017-02-27 13:02:41 -06:00
3d269b46ad
Support OS X for Microsoft Office macro exploit
2017-02-16 12:28:11 -06:00
272d1845fa
Land #7934 , Add exploit module for OpenOffice with a malicious macro
2017-02-09 13:42:58 -06:00
047a9b17cf
Completed version of openoffice_document_macro
2017-02-08 16:29:40 -06:00
cefbee2df4
Add PoC for OpenOffice macro module
2017-02-07 10:12:23 -06:00
ccaa783a31
Add Microsoft Office Word Macro exploit
2017-02-02 17:44:55 -06:00
fb74b2d8f3
initial commit of finished product
2017-01-20 11:01:36 -06:00
24f7959805
add binary for futex_requeue
2017-01-11 13:25:30 -06:00
2585c8c8b5
Land #7461 , convert futex_requeue (towelroot) module to use targetting and core_loadlib
2017-01-11 13:24:25 -06:00
2652f347fa
add module binary
2016-12-22 03:25:10 -06:00
e6d4c0001c
hide debug printing
2016-12-20 00:52:11 +08:00
1dae206fde
Land #7379 , Linux Kernel BPF Priv Esc (CVE-2016-4557)
2016-11-11 16:50:20 -06:00
268a72f210
Land #7193 Office DLL hijack module
2016-11-08 23:15:27 -06:00
3c1f642c7b
Moved PPSX to data/exploits folder
2016-11-08 16:04:46 +01:00
31b593ac67
Land #7402 , Add Linux local privilege escalation via overlayfs
2016-11-01 12:46:40 -05:00
d918e25bde
Land #7439 , Add Ghostscript support to ImageMagick Exploit
2016-10-28 17:07:13 -05:00
43fd0a8813
Land #7436 , Put Rex-exploitation Gem Back
2016-10-18 16:03:54 -05:00
0d1fe20ae5
revamped
2016-10-15 20:57:31 -04:00
9fbe1ddd9d
Land #7384 , CVE-2016-6415 - Cisco IKE Information Disclosure
2016-10-14 08:41:34 -05:00
9b15899d91
Add PS template
2016-10-13 17:40:15 -05:00
6f4f2bfa5f
Add PS target and remove MIFF
2016-10-13 17:39:55 -05:00
7894d5b2c1
Revert "Revert "use the new rex-exploitation gem""
...
This reverts commit f3166070ba
2016-10-11 17:40:43 -05:00
d1a11f46e8
Land #7418 , Linux recvmmsg Priv Esc (CVE-2014-0038)
2016-10-09 18:37:52 -05:00
2dfebe586e
working cve-2014-0038
2016-10-08 23:58:09 -04:00
f3166070ba
Revert "use the new rex-exploitation gem"
...
This reverts commit 52f6265d2e
2016-10-08 21:55:16 -05:00
52f6265d2e
use the new rex-exploitation gem
...
use the new rex-exploitation gem instead of the packaged in lbirary code
cleans up a huge ammount of space in framework
MS-1709
2016-10-05 09:05:27 -05:00
27cf5c65c4
working module
2016-10-04 23:21:53 -04:00
7368b995f2
CVE-2016-6415 Cisco - sendpacket.raw
2016-09-29 22:24:55 -05:00
c036c258a9
cve-2016-4557
2016-09-29 05:23:12 -04:00
0e82ced082
Add LPE exploit module for the capcom driver flaw
...
This commit includes:
* RDI binary that abuses the SMEP bypass and userland function pointer
invocation that is provided by the driver.
* Related metasploit module.
* Associated make.build to build from command line.
* Updated command line build file.
This also includes the beginnings of a new set of functions that help
with the management/automation of kernel-related work on Windows for
local priv esc exploits.
2016-09-27 22:37:45 +10:00
23e5556a4c
binary drops work!
2016-09-24 21:31:00 -04:00
21e6211e8d
add exploit for cve-2016-0189
2016-08-01 13:26:35 -05:00
322fc11225
Fix whitespace
2016-07-27 12:37:14 -05:00
dbe31766af
Update CVE-2016-0099 Powershell
2016-07-27 12:35:43 -05:00
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e02167b1d9596c7
2016-07-15 12:00:31 -05:00
8f928c6ca1
Land #7006 , Add MS16-032 Local Priv Esc Exploit
2016-07-12 15:22:35 -05:00
621f3fa5a9
Change naming style
2016-07-12 15:18:18 -05:00
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
b4b3a84fa5
refactor ms16-016 code
2016-07-05 20:50:43 -05:00
df1a9bee13
Move ps1, Use Env var, Fix license, New Cleanup
...
MS16-032 ps1 moved to external file. This ps1 will now detect windir
to find cmd.exe. The module now also detects windir to find
powershell.exe. The license is now BSD_LICENSE, and the required
copyright has been moved to the ps1. The previous optional cleanup stage
is now standard. The optional 'W_PATH' assignment is corrected to
select the user's variable unless 'W_PATH' is nil.
2016-06-22 09:25:48 -04:00
ab27c1b701
Merge pull request #6940 from samvartaka/master
...
Exploit for previously unknown stack buffer overflow in Poison Ivy versions 2.1.x (possibly present in older versions too)
2016-06-08 11:25:51 -05:00
5260031991
Modifications based on suggestions by @wchen-r7
2016-06-08 01:17:15 +02:00
9128ba3e57
Add popen() vuln to ImageMagick exploit
...
So... we've actually been sitting on this vuln for a while now. Now that
the cat's out of the bag [1], I'm updating the module. :)
Thanks to @hdm for his sharp eye. ;x
[1] http://permalink.gmane.org/gmane.comp.security.oss.general/19669
2016-06-02 11:35:37 -05:00
2bac46097f
Remove url() for MVG
...
Technically unnecessary here.
2016-05-05 14:18:42 -05:00
334c432901
Force https://localhost for SVG and MVG
...
https: is all that's needed to trigger the bug, but we don't want wget
and curl to gripe. localhost should be a safe host to request.
2016-05-05 14:18:42 -05:00
decd770a0b
Encode the entire SVG string
...
Because why not? Not like people care about what's around the command.
2016-05-05 14:18:42 -05:00
232cc114de
Change placeholder text to something useful
...
A la Shellshock. :)
2016-05-05 14:18:42 -05:00
5c04db7a09
Add ImageMagick exploit
2016-05-05 14:18:42 -05:00
bwatters-r7
h00die
wchen-r7
William Webb
Brent Cook
Tim
Pearce Barry
scriptjunkie
Yorick Koster
dmohanty-r7
William Vu
David Maloney
nixawk
OJ
khr0x40sh
samvartaka