bwatters
|
8e1391f098
|
Land #15216, Fix targeting for CVE-2021-21551
Merge branch 'land-15216' into upstream-master
|
2021-05-21 14:56:08 -05:00 |
Spencer McIntyre
|
56388cd696
|
Land #15146, Add support for extra OSes for CVE-2021-3156 (Baron Samedit)
|
2021-05-18 18:02:30 -04:00 |
Spencer McIntyre
|
78d47b11f2
|
Add targeting for Windows 10 v21H1
|
2021-05-18 12:56:02 -04:00 |
Spencer McIntyre
|
c5b022e2f2
|
Fix Windows 10 versioning by using ranges
|
2021-05-18 10:28:27 -04:00 |
h00die
|
19df33ee78
|
update wordpress plugins and themes
|
2021-05-15 09:42:01 -04:00 |
Jack Heysel
|
eb4573164b
|
Addressed comments
|
2021-05-14 17:46:26 -05:00 |
Jack Heysel
|
e29dce4f08
|
Removed comments from powershell script
|
2021-05-14 17:45:42 -05:00 |
Jack Heysel
|
5640dac24d
|
Fixed sc command, updated check method, moved tokenmagic.ps1
|
2021-05-14 17:44:07 -05:00 |
Jack Heysel
|
ca637be0c9
|
Fixed powershell script, updated authors
|
2021-05-14 17:44:06 -05:00 |
Jack Heysel
|
1eab94cc26
|
beta draft
|
2021-05-14 17:43:44 -05:00 |
bwatters
|
8792febcf8
|
Land #15190, Add Exploit For CVE-2021-21551 (Dell DBUtil_2_3 IOCTL)
Merge branch 'land-15190' into upstream-master
|
2021-05-14 13:55:12 -05:00 |
Spencer McIntyre
|
d990e884af
|
Add and test even more targets
|
2021-05-13 17:27:58 -04:00 |
Spencer McIntyre
|
eb89550f85
|
Clear up some target offset discrepancies
|
2021-05-13 16:06:15 -04:00 |
Spencer McIntyre
|
7d841a0f79
|
Add a target for Windows 7 x64
|
2021-05-13 14:24:15 -04:00 |
Spencer McIntyre
|
4825407d21
|
Add a target for Windows 8.1 x64
|
2021-05-13 12:56:47 -04:00 |
Spencer McIntyre
|
8a1341060d
|
Fix a couple of errors from not cleaning up
|
2021-05-13 12:34:14 -04:00 |
Spencer McIntyre
|
ff2516a7f2
|
Update CVE-2021-1732 to reduce code reuse
|
2021-05-12 16:41:43 -04:00 |
Spencer McIntyre
|
477749f77f
|
Refactor the code to be reusable and add docs
|
2021-05-12 16:36:17 -04:00 |
Spencer McIntyre
|
d3de52da59
|
The exploit is now functional for Win10 v1803-20H2
|
2021-05-12 16:14:59 -04:00 |
Justin Steven
|
fa73c0af3e
|
Add CVE-2021-22204 ExifTool ANT perl injection
|
2021-05-11 12:02:12 +10:00 |
Ashley Donaldson
|
fbc291bc22
|
Tested on various other Fedora's
|
2021-05-04 14:18:16 +10:00 |
Ashley Donaldson
|
0435e281d9
|
Updated CVE-2021-3156 documentation to reflect code changes.
|
2021-05-03 16:45:50 +10:00 |
Ashley Donaldson
|
b1d2c39c98
|
Added second CentOS 7 exploit
|
2021-04-30 18:30:19 +10:00 |
Ashley Donaldson
|
124d157a1c
|
Added CVE-2021-3156 exploits for CentOS 7 and 8
|
2021-04-30 17:25:59 +10:00 |
Ashley Donaldson
|
79152cafe6
|
Added support for Ubuntu 14.04.3 for CVE-2021-3156
|
2021-04-29 20:48:51 +10:00 |
Ashley Donaldson
|
0ee1d5fbe3
|
Ensure exploit is compatible with both python3 and python2
|
2021-04-29 18:52:56 +10:00 |
Ashley Donaldson
|
9d9d3ce061
|
Added Ubuntu 16.04-specific exploit script to CVE-2021-3156 module
The generic approach used for other targets doesn't work for 16.04, as that one relies on tcache bins, which are not present in glibc 2.23.
|
2021-04-29 18:28:13 +10:00 |
Ashley Donaldson
|
fcd17ed3b1
|
Port sudoedit exploit to Python
It's assumed that Python is more likely to be present on the target system
than gcc, so is better as a dependency.
|
2021-04-29 13:17:32 +10:00 |
bwatters
|
11b12e4c63
|
Land #14869, Add Windows post module for gathering Exchange mailboxes
Merge branch 'land-14869' into upstream-master
|
2021-03-26 15:08:06 -05:00 |
sophosyaniv
|
87580c1340
|
randomize output delimiters
|
2021-03-25 20:15:34 -07:00 |
bwatters
|
2c1869f9df
|
Land #14907, Add exploit for CVE-2021-1732
Merge branch 'land-14907' into upstream-master
|
2021-03-18 14:29:59 -05:00 |
Spencer McIntyre
|
f3df076067
|
Only upgrade the token of EProcess was found
|
2021-03-16 15:20:44 -04:00 |
Spencer McIntyre
|
c11900b9ab
|
Add support for Windows 2004 & 20H2
|
2021-03-15 17:28:38 -04:00 |
Spencer McIntyre
|
2e3d98a36a
|
Move the DLL injection code into a reusable function
|
2021-03-15 11:47:02 -04:00 |
Grant Willcox
|
89ce1c5229
|
Quick update to make the backdoor a bit stealthier by removing the extra Payload Success! message that wasn't needed
|
2021-03-14 00:00:17 -06:00 |
Grant Willcox
|
4f2e299d8f
|
Update the exploit to use Python as its payload since this is a lot more flexible, allows Meterpreter, returns a shell faster, and we are already injecting into and executing a Python file
|
2021-03-14 00:00:06 -06:00 |
Grant Willcox
|
7d6e636114
|
Initial upload of exploit code for CVE-2021-21978
|
2021-03-13 23:59:47 -06:00 |
Spencer McIntyre
|
f0a9a1deb3
|
Add the initial exploit for CVE-2021-1732
|
2021-03-12 17:30:22 -05:00 |
Spencer McIntyre
|
58be5b6add
|
Regenerate a functioning YSoSerial data set
|
2021-03-11 12:09:29 -06:00 |
sophosyaniv
|
1405d19fde
|
Add files via upload
add exchange.ps1
|
2021-03-09 11:37:42 -08:00 |
Grant Willcox
|
f327d30e08
|
First attempt at CVE-2020-7200 module, with RuboCopped module
|
2021-03-02 16:38:19 -06:00 |
bwatters
|
18f6245637
|
Land #14648, Process Herpaderping evasion module
Merge branch 'land-14648' into upstream-master
|
2021-02-24 11:39:47 -06:00 |
Christophe De La Fuente
|
ab9dd177b7
|
Add kernel file version check to avoid BSOD on Win10 x86
|
2021-02-15 21:10:10 +01:00 |
Spencer McIntyre
|
b9dd1b927b
|
Randomize the path to the library that's loaded
|
2021-02-10 08:45:52 -05:00 |
h00die
|
60cf48c94b
|
move cve-2020-29583 to a better file
|
2021-02-05 17:43:34 -05:00 |
Spencer McIntyre
|
117cdc4fd7
|
Populate module metadata and cleanup files
|
2021-02-03 18:16:13 -05:00 |
Spencer McIntyre
|
a00f165b6b
|
Clean the C code and fix the exploitation environment
|
2021-02-03 18:16:13 -05:00 |
Spencer McIntyre
|
b9413b4103
|
Update the exploit C code to allocate it's own PTY
|
2021-02-03 18:16:13 -05:00 |
Spencer McIntyre
|
13dd9ac10e
|
Initial work on CVE-2021-3156
|
2021-02-03 18:16:13 -05:00 |
Christophe De La Fuente
|
eaa550fa97
|
Changes compiler subsystem to window
|
2021-02-02 17:57:52 +01:00 |