2634 Commits

Author	SHA1	Message	Date
Ashley Donaldson	fbc291bc22	Tested on various other Fedora's	2021-05-04 14:18:16 +10:00
Ashley Donaldson	0435e281d9	Updated CVE-2021-3156 documentation to reflect code changes.	2021-05-03 16:45:50 +10:00
Ashley Donaldson	b1d2c39c98	Added second CentOS 7 exploit	2021-04-30 18:30:19 +10:00
Ashley Donaldson	124d157a1c	Added CVE-2021-3156 exploits for CentOS 7 and 8	2021-04-30 17:25:59 +10:00
Ashley Donaldson	79152cafe6	Added support for Ubuntu 14.04.3 for CVE-2021-3156	2021-04-29 20:48:51 +10:00
Ashley Donaldson	0ee1d5fbe3	Ensure exploit is compatible with both python3 and python2	2021-04-29 18:52:56 +10:00
Ashley Donaldson	9d9d3ce061	Added Ubuntu 16.04-specific exploit script to CVE-2021-3156 module ... The generic approach used for other targets doesn't work for 16.04, as that one relies on tcache bins, which are not present in glibc 2.23.	2021-04-29 18:28:13 +10:00
Ashley Donaldson	fcd17ed3b1	Port sudoedit exploit to Python ... It's assumed that Python is more likely to be present on the target system than gcc, so is better as a dependency.	2021-04-29 13:17:32 +10:00
bwatters	11b12e4c63	Land #14869, Add Windows post module for gathering Exchange mailboxes ... Merge branch 'land-14869' into upstream-master	2021-03-26 15:08:06 -05:00
sophosyaniv	87580c1340	randomize output delimiters	2021-03-25 20:15:34 -07:00
bwatters	2c1869f9df	Land #14907, Add exploit for CVE-2021-1732 ... Merge branch 'land-14907' into upstream-master	2021-03-18 14:29:59 -05:00
Spencer McIntyre	f3df076067	Only upgrade the token of EProcess was found	2021-03-16 15:20:44 -04:00
Spencer McIntyre	c11900b9ab	Add support for Windows 2004 & 20H2	2021-03-15 17:28:38 -04:00
Spencer McIntyre	2e3d98a36a	Move the DLL injection code into a reusable function	2021-03-15 11:47:02 -04:00
Grant Willcox	89ce1c5229	Quick update to make the backdoor a bit stealthier by removing the extra Payload Success! message that wasn't needed	2021-03-14 00:00:17 -06:00
Grant Willcox	4f2e299d8f	Update the exploit to use Python as its payload since this is a lot more flexible, allows Meterpreter, returns a shell faster, and we are already injecting into and executing a Python file	2021-03-14 00:00:06 -06:00
Grant Willcox	7d6e636114	Initial upload of exploit code for CVE-2021-21978	2021-03-13 23:59:47 -06:00
Spencer McIntyre	f0a9a1deb3	Add the initial exploit for CVE-2021-1732	2021-03-12 17:30:22 -05:00
Spencer McIntyre	58be5b6add	Regenerate a functioning YSoSerial data set	2021-03-11 12:09:29 -06:00
sophosyaniv	1405d19fde	Add files via upload ... add exchange.ps1	2021-03-09 11:37:42 -08:00
Grant Willcox	f327d30e08	First attempt at CVE-2020-7200 module, with RuboCopped module	2021-03-02 16:38:19 -06:00
bwatters	18f6245637	Land #14648, Process Herpaderping evasion module ... Merge branch 'land-14648' into upstream-master	2021-02-24 11:39:47 -06:00
Christophe De La Fuente	ab9dd177b7	Add kernel file version check to avoid BSOD on Win10 x86	2021-02-15 21:10:10 +01:00
Spencer McIntyre	b9dd1b927b	Randomize the path to the library that's loaded	2021-02-10 08:45:52 -05:00
h00die	60cf48c94b	move cve-2020-29583 to a better file	2021-02-05 17:43:34 -05:00
Spencer McIntyre	117cdc4fd7	Populate module metadata and cleanup files	2021-02-03 18:16:13 -05:00
Spencer McIntyre	a00f165b6b	Clean the C code and fix the exploitation environment	2021-02-03 18:16:13 -05:00
Spencer McIntyre	b9413b4103	Update the exploit C code to allocate it's own PTY	2021-02-03 18:16:13 -05:00
Spencer McIntyre	13dd9ac10e	Initial work on CVE-2021-3156	2021-02-03 18:16:13 -05:00
Christophe De La Fuente	eaa550fa97	Changes compiler subsystem to window	2021-02-02 17:57:52 +01:00
Christophe De La Fuente	4b3379a821	Remove CRT library from the Template	2021-01-28 19:59:46 +01:00
Christophe De La Fuente	8af5ee8a32	Add Process Herpaderping evasion module and binaries	2021-01-22 18:33:10 +01:00
h00die	c3a58f93ec	cve-2020-29583	2021-01-18 09:52:09 -05:00
h00die	ea4cade5c8	cve-2020-29583	2021-01-18 09:49:53 -05:00
Christophe De La Fuente	c8819259ae	Land #14414, CVE-2020-1337 - patch bypass for CVE-2020-1048	2021-01-15 19:13:14 +01:00
Spencer McIntyre	0bc05ae2e8	Land #14606, Add banner celebrating the awesome teams who joined us in the 2020 ctf	2021-01-13 10:53:57 -05:00
Spencer McIntyre	33bd712e0a	Land #14585, Create module for CVE-2020-17136: Cloud Filter Arbitrary File Creation EoP	2021-01-11 17:16:40 -05:00
bwatters	50e115b414	Cleanup and edits per review from Christophe ... Removed unused method from ps script Cleaned up some code in the module Added removal instructions to the documentation	2021-01-11 16:02:58 -06:00
bwatters	b4a8f364b3	Add banner celebrating the awesome teams who joined us in the 2020 ... Metasploit CTF. (Except the one team with an F-bomb in it)	2021-01-11 11:09:38 -06:00
Grant Willcox	3072391d00	Make second round of review edits to fix Spencer's comments	2021-01-08 12:50:52 -06:00
bwatters	5e5d7b1abb	Update to execute_string to avoid the issue where an arbitrary ... length comment is required for the exploit to work.	2021-01-06 17:08:22 -06:00
Christophe De La Fuente	17c393f101	Land #14046, Adding juicypotato-like privilege escalation exploit for windows	2021-01-06 16:02:05 +01:00
Christophe De La Fuente	bf7627b33e	Adding DLL's	2021-01-06 15:59:08 +01:00
Grant Willcox	839daf93e9	Update the compiled DLL and redo a lot of the module to get it into its first ready state using a different DLL hijack I found during research	2021-01-05 16:12:08 -06:00
Grant Willcox	668eeae4e1	Initial push of code	2021-01-04 12:04:38 -06:00
bwatters	7f4fac4548	Fix powershell issues and add comment because it is apparently magic	2020-12-16 13:57:02 -06:00
Christophe De La Fuente	33ef352f89	Add dll ... Compiled with Visual Studio Express 2013 with Platform Toolset v120	2020-12-15 12:42:06 +01:00
Grant Willcox	9376accc05	Land #14410, Add synchronization to the DLL payload template	2020-12-04 16:08:18 -06:00
h00die	15b5a811e4	update check external scripts and wordpress files	2020-11-21 11:52:18 -05:00
bwatters	810898e97b	Rough attempt at CVE-2020-1337 ... Non-functional	2020-11-20 17:36:19 -06:00