metasploit-framework

Redouane NIBOUCHA 37f1fdd47b Add module docs, add Ubuntu 22.04 offsets, update check method	2022-07-22 03:30:03 +02:00
..
badodt	Add files via upload	2018-05-24 09:45:38 +01:00
batik_svg	Permissions	2012-06-06 20:05:29 -05:00
capcom_sys_exec	Add LPE exploit module for the capcom driver flaw	2016-09-27 22:37:45 +10:00
capture/http	File.exists? must die	2016-04-21 00:47:07 -04:00
cve-2010-0094	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
cve-2010-0840/vuln	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
cve-2010-3563	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
cve-2010-3904	Add Reliable Datagram Sockets (RDS) Privilege Escalation	2018-05-03 12:51:21 +00:00
cve-2010-4452	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
cve-2011-3544	Allows for Loot and Tasks to be imported from an MSF ZIP.	2011-12-05 22:30:34 -05:00
cve-2012-0217	Use @iZsh's exploit	2018-12-21 15:40:01 +00:00
cve-2012-5076	fixing bperry comments	2012-11-11 20:18:19 +01:00
cve-2012-5076_2	Added new module for cve-2012-5076	2013-01-17 21:27:47 +01:00
cve-2012-5088	Added module for CVE-2012-5088	2013-01-17 21:14:49 +01:00
cve-2013-0074	Small fix to interface	2013-11-22 17:02:08 -06:00
cve-2013-0422	cve and references available	2013-01-11 00:54:53 +01:00
cve-2013-0431	added security level bypass	2013-02-20 17:50:47 +01:00
cve-2013-1300	Use signed binary	2014-05-02 14:45:14 +01:00
cve-2013-1488	Add module for CVE-2013-1488	2013-06-07 13:38:41 -05:00
cve-2013-1493	Added module for CVE-2013-1493	2013-03-26 22:30:18 +01:00
cve-2013-2460	Make fixes proposed by review and clean	2013-06-25 12:58:00 -05:00
cve-2013-3660	ppr_flatten_rec update, RDI submodule, and refactor	2013-11-27 20:44:18 +10:00
cve-2013-3881	Add binary compiled on vs2013	2014-02-10 13:52:27 -06:00
cve-2014-1610	Use msf branded djvu	2014-02-01 00:37:28 +00:00
cve-2015-1318	Use cross-compiled exploit	2018-01-13 05:44:42 +00:00
cve-2015-3315	Add ABRT raceabrt Privilege Escalation module	2018-01-16 14:52:33 +00:00
cve-2015-5287	Add sosreport-rhel7.py	2019-04-20 11:56:01 +00:00
cve-2016-0051	refactor ms16-016 code	2016-07-05 20:50:43 -05:00
cve-2016-0189	add exploit for cve-2016-0189	2016-08-01 13:26:35 -05:00
cve-2016-6415	CVE-2016-6415 Cisco - sendpacket.raw	2016-09-29 22:24:55 -05:00
cve-2017-7308	Recompile pre-compiled exploit executable (stripped, no DEBUG)	2018-05-17 09:43:07 +00:00
cve-2017-8464	recompile binaries	2017-11-08 09:33:48 -06:00
cve-2017-16995	Add in compiled version of the exploit to meet Rapid7 compliance guidelines on having Rapid7 employees submit compiled binaries only	2020-10-23 16:01:00 -05:00
cve-2017-1000112	Fix ufo_privilege_escalation	2018-07-08 11:05:30 +00:00
cve-2018-8897	Combine the modules and update the binaries	2018-07-27 11:08:04 -05:00
cve-2018-18955	Add musl-cross cross-compiled executables	2018-11-25 00:53:55 +00:00
cve-2018-1000001	Add glibc 'realpath()' Privilege Escalation exploit	2018-05-26 21:25:59 +00:00
cve-2019-1322	Randomize container name	2019-12-12 07:48:01 -06:00
cve-2020-0668	Working through mountpoint issues	2020-04-21 09:54:45 -05:00
cve-2020-1313	First attempt at CVE-2020-1313	2020-09-18 15:39:12 -05:00
cve-2021-3490	Update exploit code to use & after the command to execute as root so it executes in the background and doesn't hang Metasploit. Also update the logic of the code to check the response from executing the exploit and respond accordingly and update the documentation to match	2021-08-31 15:07:37 -05:00
cve-2022-0995	Update c source with argc check and CRASH notes for module	2022-04-20 17:37:48 -05:00
CVE-2008-6508	Permissions.	2012-06-28 11:42:37 -05:00
CVE-2010-0232	Remove genericity, x64 and renamed stuff	2013-11-14 12:22:53 +10:00
CVE-2010-0842	Fix my screwup in winscp for servicename	2012-02-21 20:31:52 -06:00
CVE-2010-1240	Add an R in /Info for the trailer dictionary to make it readable	2014-11-05 22:28:37 -06:00
CVE-2011-2882	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
CVE-2011-3400	Permissions	2012-06-12 15:20:25 -05:00
CVE-2012-0013	Permissions	2012-06-12 15:20:25 -05:00
CVE-2012-1535	Add Main.swf from `593363c`	2013-07-29 21:53:40 -05:00
CVE-2012-2516	added chm templates	2012-10-10 19:21:47 +02:00
CVE-2012-4681	changed dir names according to CVE	2012-08-28 16:33:01 +02:00
CVE-2012-6636	add ndkstager to data/exploits	2018-10-05 15:10:21 +08:00
CVE-2013-0109	Final changes before PR	2013-12-15 01:12:49 +00:00
CVE-2013-0634	Beautify and fix both ruby an AS	2014-04-17 23:32:29 -05:00
CVE-2013-2465	Change directory names	2013-08-15 22:52:42 -05:00
CVE-2013-3906	Initial commit of CVE-2013-3906	2013-11-19 23:10:32 -06:00
CVE-2013-5045	Use powershell instead of mshta	2014-06-03 09:01:56 -05:00
CVE-2013-5331	Add module for CVE-2013-5331	2014-04-27 10:40:46 -05:00
CVE-2014-0038	Cleanup linux/local/recvmmsg_priv_esc module	2018-05-24 17:56:07 +00:00
CVE-2014-0257	Do test	2014-06-03 09:52:01 -05:00
CVE-2014-0322	Add module for CVE-2014-0322	2014-04-15 17:55:24 -05:00
CVE-2014-0497	Add module for CVE-2014-0497	2014-05-03 20:04:46 -05:00
CVE-2014-0515	Delete debug	2015-06-11 17:39:36 -05:00
CVE-2014-0556	Update CVE-2014-0556	2015-06-04 18:23:50 -05:00
CVE-2014-0569	Unset debug flag	2015-06-09 11:36:09 -05:00
CVE-2014-2630	working exploit	2020-04-19 15:19:19 -04:00
CVE-2014-4113	Use PDWORD_PTR and DWORD_PTR	2014-10-31 17:35:50 -05:00
CVE-2014-4114/template	Add ppsx template	2014-10-16 17:55:22 -05:00
CVE-2014-4404	Change paths, add makefile and compile	2014-11-30 21:06:11 -06:00
CVE-2014-6352/template_run_as_admin	Add module for CVE-2014-6352	2014-11-12 01:10:49 -06:00
CVE-2014-8440	Make last code cleanup	2015-06-09 16:01:57 -05:00
CVE-2015-0016	Update DLL	2015-08-26 15:15:32 -05:00
CVE-2015-0311	Add more targets	2015-06-04 12:11:53 -05:00
CVE-2015-0313	Allow more search space	2015-06-10 12:26:53 -05:00
CVE-2015-0318	This seems to work	2015-03-13 04:43:06 -05:00
CVE-2015-0336	Add support for Windows 8.1/Firefox	2015-06-03 22:46:04 -05:00
CVE-2015-0359	Disable debug	2015-06-10 14:07:18 -05:00
CVE-2015-1130	python 3 compatibility	2019-02-13 22:20:29 +01:00
CVE-2015-1328	revamped	2016-10-15 20:57:31 -04:00
CVE-2015-1701	Update exploit binaries for ms15-051	2015-06-25 09:33:15 +10:00
CVE-2015-2426	Clean template code	2015-09-12 13:43:05 -05:00
CVE-2015-3090	Add module for CVE-2015-3090	2015-06-18 12:36:14 -05:00
CVE-2015-3105	Add module for CVE-2015-3105	2015-06-25 13:35:01 -05:00
CVE-2015-3113	Add module for CVE-2015-3113	2015-07-01 13:13:57 -05:00
CVE-2015-3673	Remove sleep(), clean up WritableDir usage.	2015-07-05 18:59:00 -05:00
CVE-2015-5119	Update swf	2015-07-15 18:35:41 -05:00
CVE-2015-5122	Add support for Windows 10(10240) to CVE-2015-5122	2019-06-01 14:44:30 +09:00
CVE-2015-8103	Add Jenkins CLI Java serialization exploit module	2015-12-11 14:57:10 -06:00
CVE-2015-8660	working module	2016-10-04 23:21:53 -04:00
CVE-2016-0040	Re-add compiled Binary	2018-05-03 15:50:15 -05:00
CVE-2016-0099	Add a random sentinel to close channel when terminates (#1 )	2020-01-25 23:30:49 +01:00
CVE-2016-4117	initial import, CVE-2016-4117 OSX exploit	2018-12-21 02:54:35 -06:00
CVE-2016-4557	Fix bpf_priv_esc module	2018-12-12 17:23:12 +00:00
CVE-2016-4655	add DEBUG exploit binary	2018-10-22 19:51:21 +08:00
CVE-2016-4669	remove debug logging from the kernel exploit	2020-07-30 18:10:26 +08:00
CVE-2016-4997	binary drops work!	2016-09-24 21:31:00 -04:00
CVE-2016-8655	Update AF_PACKET chocobo_root Privilege Escalation module	2020-01-19 11:51:01 +00:00
CVE-2017-0358	move sploit.c out to data folder	2017-03-31 20:51:33 -04:00
CVE-2017-7494	Rename payloads with os+libc, shrink array inits	2017-05-27 19:50:31 -05:00
CVE-2017-8291	Quick Ghostscript module based on the public PoC	2017-04-28 09:56:52 -05:00
CVE-2017-13861	add exploit binary	2019-06-02 10:19:24 +08:00
CVE-2017-16666	Add xplico remote code execution	2017-11-14 09:30:57 +03:00
CVE-2017-17562	Resolve a bug in reverse_tcp and segfaults across payloads	2017-12-29 14:18:55 -06:00
CVE-2017-1000353	add poc	2020-09-11 12:00:16 -05:00
CVE-2018-0824	Remove duplicated files	2018-10-23 12:31:18 -05:00
CVE-2018-4233	move int64.js and utils.js to javascript_utils folder	2020-09-01 16:14:31 +08:00
CVE-2018-4237	add binary	2018-11-20 15:59:23 +08:00
CVE-2018-4404	add binaries	2018-11-15 08:46:24 +08:00
CVE-2018-5333	Add rds_atomic_free_op_null_pointer_deref_priv_esc (CVE-2018-5333)	2020-01-18 08:34:52 +00:00
CVE-2018-8120	addressed suggestions	2018-10-12 14:35:42 -05:00
CVE-2018-8440	Inject Payload to Memory First	2018-09-19 21:13:49 -05:00
CVE-2018-8453	Add cve-2018-8453 exploit module	2019-07-09 07:15:13 -05:00
CVE-2018-9948	Cleanup for foxit_reader_uaf	2018-09-05 21:47:57 -05:00
CVE-2018-16858	reduced file size	2019-04-16 09:06:44 -05:00
CVE-2018-19276	add xml erb file	2019-12-02 08:44:37 -06:00
CVE-2019-0808	Recompile DLL and alter vcxproj file to automatically place generated DLL in right folder	2020-05-06 16:33:01 -05:00
CVE-2019-0841	move source to external/source directory	2019-07-09 09:08:28 -05:00
CVE-2019-1458	Recompile the exploit.dll DLL for CVE-2019-1458 as per Rapid7 policies	2020-10-15 10:58:56 -05:00
CVE-2019-2215	Initial commit of CVE-2019-2215 Android Binder Use-After-Free	2019-10-17 18:48:49 +08:00
CVE-2019-5736	Last additions and improvements	2021-06-30 11:02:11 +02:00
CVE-2019-8513	add exploit binary	2019-04-21 16:02:10 +08:00
CVE-2019-8565	Add CVE-2019-8565 OSX Feedback Assistant local root exploit	2019-05-07 04:30:47 +08:00
CVE-2019-9848	@LoadLow Marks the generated ODT file readonly	2019-08-18 18:36:31 +02:00
CVE-2019-12477	Implement on_request_uri	2019-06-25 23:47:19 -05:00
CVE-2019-13272	Update CVE-2019-13272 pre-compiled exploit	2020-05-11 13:36:41 +00:00
CVE-2020-0787	Recompile everything so we don't have the messagebox calls	2020-06-11 00:18:45 -05:00
CVE-2020-0796	Add the x64 LPE exploit for CVE-2020-0796	2020-04-02 17:22:00 -04:00
CVE-2020-1048	Update binaries	2020-09-16 11:41:02 -05:00
CVE-2020-1054	Add dll	2020-12-15 12:42:06 +01:00
CVE-2020-1337	Cleanup and edits per review from Christophe	2021-01-11 16:02:58 -06:00
CVE-2020-2555	add PoC	2020-05-04 11:08:38 -05:00
CVE-2020-2883	add poc code	2020-06-02 14:29:02 -05:00
CVE-2020-7457	Add CVE-2020-7457 exploit.c	2020-07-26 08:04:37 +00:00
CVE-2020-9839	Recompiled binary exploit file to match source	2020-09-04 15:46:52 -05:00
CVE-2020-9850	add exploit binaries	2020-09-01 17:14:21 +08:00
CVE-2020-17136	Make second round of review edits to fix Spencer's comments	2021-01-08 12:50:52 -06:00
CVE-2021-3156	Tested on various other Fedora's	2021-05-04 14:18:16 +10:00
CVE-2021-3493	Add support for aarch64 Ubuntu versions	2021-12-01 14:54:48 -06:00
CVE-2021-4034	Remove unneeded files	2022-02-18 16:33:39 -06:00
CVE-2021-21551	Add targeting for Windows 10 v21H1	2021-05-18 12:56:02 -04:00
CVE-2021-22204	Add CVE-2021-22204 ExifTool ANT perl injection	2021-05-11 12:02:12 +10:00
CVE-2021-22555	Add PoC for CVE-2021-22555 Netfilter Priv Escalation	2021-10-04 16:48:23 +01:00
CVE-2021-38648	Update the Python exploit code to fix a bug	2021-11-02 10:10:18 -04:00
CVE-2021-40444	Remove the Not_Hosted target	2021-12-08 17:22:44 -05:00
CVE-2021-40449	Make adjustments to dllmain.c from reviews and recompile the DLL again	2021-11-09 10:49:14 -06:00
CVE-2021-44228	First "working" 2021-44228 exploit module state	2021-12-29 09:10:07 -05:00
CVE-2022-0847	add binaries for pre-compiled option	2022-03-10 08:50:48 -06:00
CVE-2022-21882	One exploit for CVE-2021-1732 and CVE-2022-21882	2022-02-18 15:23:38 -05:00
CVE-2022-26904	Update data to fix more things found during review process	2022-04-05 12:48:11 -05:00
CVE-2022-34918	Add module docs, add Ubuntu 22.04 offsets, update check method	2022-07-22 03:30:03 +02:00
dell_protect	Pulled offsets out of dll into module. Auto-find lsass.exe when pid is 0	2021-12-18 10:56:46 -08:00
docx	Data files moved. Updated to use Rex::zip and Msf::Exploit::FILEFORMAT	2013-02-04 13:37:09 +01:00
drunkpotato	Adding DLL's	2021-01-06 15:59:08 +01:00
edb-35948	Call CollectGarbage	2015-02-09 14:44:31 -06:00
firefox_smil_uaf	initial commit of finished product	2017-01-20 11:01:36 -06:00
ghostscript	Add Ghostscript failed restore exploit	2018-09-05 19:56:32 -05:00
hpe_sim_76_amf_deserialization	First attempt at CVE-2020-7200 module, with RuboCopped module	2021-03-02 16:38:19 -06:00
imagemagick	Add PS template	2016-10-13 17:40:15 -05:00
java_signed_applet	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
javascript_utils	move int64.js and utils.js to javascript_utils folder	2020-09-01 16:14:31 +08:00
jre7u17	Added module for Java 7u17 sandboxy bypass	2013-04-20 01:43:13 -05:00
juicypotato	build: recompile dlls	2019-01-12 04:02:34 +01:00
ldap	Native LDAP infrastructure to support log4shell	2021-12-16 18:47:52 -05:00
mssql	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
mysql	updated windows udf files and documentation	2018-08-07 14:50:47 -04:00
ntapphelpcachecontrol	Use RDL	2015-01-09 19:02:08 -06:00
office_word_macro	Update office_word_macro exploit to support template injection	2017-05-25 15:53:45 -05:00
openoffice_document_macro	Completed version of openoffice_document_macro	2017-02-08 16:29:40 -06:00
osx	Add auto-accept to osx/enum_keychain.	2015-09-07 21:17:49 -05:00
persistence_service	Fix additional path space issues	2018-12-17 07:00:23 -06:00
pfsense_clickjacking	Added local copies of the static content	2017-12-02 10:14:14 +01:00
php	Revert "Land #6812 , remove broken OSVDB references"	2016-07-15 12:00:31 -05:00
poison_ivy_c2	Modifications based on suggestions by @wchen-r7	2016-06-08 01:17:15 +02:00
postgres	Fixes #3988 . Adds a command execution module for PostgreSQL by uploading a UDF library and adding sys_exec() as a temporary function. Requires the target to be Windows, uses Bernardo Damele A. G.'s binaries.	2011-03-23 19:36:07 +00:00
powershell	fix ssl connection on Windows Server 2012	2021-11-30 06:30:59 +00:00
proxyshell	Work off of the system mailbox	2021-08-27 14:32:26 -04:00
psnuffle	Fix typo	2018-07-17 12:59:00 -05:00
pxexploit	Adds scriptjunkie's multilingual admin fie for pxexploit	2011-12-23 12:24:45 -06:00
R7_2015_17	Add missing stream.raw for hp_sitescope_dns_tool	2016-03-15 11:06:06 -05:00
redis	Add doc and enhance the module.	2019-07-20 00:17:57 +08:00
roothelper	Add Libuser roothelper Privilege Escalation exploit	2018-04-23 17:49:11 +00:00
rottenpotato	Recompile binaries and prep for VS2013 compiles	2018-10-04 16:21:23 -05:00
scripthost_uac_bypass	Initial working scripthost bypass uac	2015-08-23 20:16:15 +01:00
splunk	Cleanup of #1062	2012-12-07 11:55:48 +01:00
tokenmagic	Addressed comments	2021-05-14 17:46:26 -05:00
tpwn	Move tpwn source to external/source/exploits	2015-08-17 18:27:47 -05:00
uso_trigger	Add Uso dll	2020-04-23 15:18:22 -05:00
uxss	Add some common UXSS scripts.	2014-09-09 02:31:27 -05:00
vmware_view_planner_4_6_uploadlog_rce	Quick update to make the backdoor a bit stealthier by removing the extra Payload Success! message that wasn't needed	2021-03-14 00:00:17 -06:00
wifi	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
cve-2010-2883.ttf	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
cve-2013-0758.swf	Initial commit, works on three OSes, but automatic mode fails.	2013-05-15 23:32:02 -05:00
cve-2014-1761.rtf	MS14-017 Word RTF listoverridecount memory corruption	2014-04-08 14:44:20 -04:00
cve-2017-0199.rtf	Fix rtf info author	2017-04-14 21:16:39 -05:00
CVE-2007-3314.dat	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
CVE-2008-0320.doc	Permissions	2012-06-06 20:05:29 -05:00
CVE-2008-5353.jar	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
CVE-2008-5499.swf	Permission change, ignore	2012-04-23 13:42:18 -05:00
CVE-2009-3867.jar	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
CVE-2009-3869.jar	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
CVE-2010-0480.avi	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
CVE-2010-0822.xls	Consolidation of the Axis2 Deployer Exploits	2011-11-22 08:47:53 -08:00
CVE-2010-1297.swf	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
CVE-2010-3275.amv	Added Crash file for CVE-2010-3275 (VLC AMV file)	2011-03-25 21:01:30 +00:00
CVE-2010-3654.swf	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
CVE-2011-0105.xlb	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
CVE-2011-0257.mov	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
CVE-2011-0609.swf	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
CVE-2011-0611.swf	Added swf trigger file	2011-04-16 02:08:03 +00:00
CVE-2011-2110.swf	Permissions fix	2012-06-21 15:39:17 -05:00
CVE-2012-0507.jar	Permissions fix for exploit jar file	2012-04-02 09:27:35 -05:00
CVE-2012-0754.swf	Permisssions (ignore)	2012-03-08 16:16:13 -06:00
CVE-2012-0779.swf	Permissions	2012-06-25 00:36:39 -05:00
CVE-2012-1723.jar	Better handle of module cache when db_connect is run manually	2012-07-10 23:56:48 -05:00
CVE-2013-2171.bin	Fix CVE-2013-2171 with @jlee-r7 feedback	2013-06-25 10:40:55 -05:00
CVE-2013-6282.so	add module binary	2016-12-22 03:25:10 -06:00
CVE-2014-0980.pui	Implemented Recommended Changes	2015-03-17 16:39:56 -04:00
CVE-2014-3153.so	add binary for futex_requeue	2017-01-11 13:25:30 -06:00
evasion_shellcode.js	improve windows_defender_js_hta :	2018-10-11 17:38:47 +02:00
exec_payload.msi	added build exec_payload.msi	2012-11-28 21:51:01 +01:00
google_proxystylesheet.xml	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
hta_evasion.hta	improve windows_defender_js_hta :	2018-10-11 17:38:47 +02:00
iceweasel_macosx.icns	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
iphone_libtiff.bin	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
modicon_ladder.apx	Permissions fix for modicon_ladder.apx	2012-04-12 14:26:27 -05:00
mp4player.as	Permisssions (ignore)	2012-03-08 16:16:13 -06:00
mp4player.fla	Add source code to the player	2012-03-08 15:23:10 -06:00
mp4player.swf	Test out new player code	2012-03-08 15:05:12 -06:00
msfJavaToolkit.jar	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
office_ole_multiple_dll_hijack.ppsx	Moved PPSX to data/exploits folder	2016-11-08 16:04:46 +01:00
pricedown.eot	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
QTJavaExploit.class	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
runcalc.hlp	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
s4u_persistence.xml	rename the xml template for s4u	2013-02-18 15:25:03 +01:00
shockwave_rcsl.dir	Permission changes (to sync)	2011-11-10 19:48:32 -06:00
word_msdtjs.docx	fix chmod 644	2022-05-30 22:11:35 +04:00

badodt

Add files via upload

2018-05-24 09:45:38 +01:00

batik_svg

Permissions

2012-06-06 20:05:29 -05:00

capcom_sys_exec

Add LPE exploit module for the capcom driver flaw

2016-09-27 22:37:45 +10:00

capture/http

File.exists? must die

2016-04-21 00:47:07 -04:00

cve-2010-0094

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

cve-2010-0840/vuln

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

cve-2010-3563

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

cve-2010-3904

Add Reliable Datagram Sockets (RDS) Privilege Escalation

2018-05-03 12:51:21 +00:00

cve-2010-4452

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

cve-2011-3544

Allows for Loot and Tasks to be imported from an MSF ZIP.

2011-12-05 22:30:34 -05:00

cve-2012-0217

Use @iZsh's exploit

2018-12-21 15:40:01 +00:00

cve-2012-5076

fixing bperry comments

2012-11-11 20:18:19 +01:00

cve-2012-5076_2

Added new module for cve-2012-5076

2013-01-17 21:27:47 +01:00

cve-2012-5088

Added module for CVE-2012-5088

2013-01-17 21:14:49 +01:00

cve-2013-0074

Small fix to interface

2013-11-22 17:02:08 -06:00

cve-2013-0422

cve and references available

2013-01-11 00:54:53 +01:00

cve-2013-0431

added security level bypass

2013-02-20 17:50:47 +01:00

cve-2013-1300

Use signed binary

2014-05-02 14:45:14 +01:00

cve-2013-1488

Add module for CVE-2013-1488

2013-06-07 13:38:41 -05:00

cve-2013-1493

Added module for CVE-2013-1493

2013-03-26 22:30:18 +01:00

cve-2013-2460

Make fixes proposed by review and clean

2013-06-25 12:58:00 -05:00

cve-2013-3660

ppr_flatten_rec update, RDI submodule, and refactor

2013-11-27 20:44:18 +10:00

cve-2013-3881

Add binary compiled on vs2013

2014-02-10 13:52:27 -06:00

cve-2014-1610

Use msf branded djvu

2014-02-01 00:37:28 +00:00

cve-2015-1318

Use cross-compiled exploit

2018-01-13 05:44:42 +00:00

cve-2015-3315

Add ABRT raceabrt Privilege Escalation module

2018-01-16 14:52:33 +00:00

cve-2015-5287

Add sosreport-rhel7.py

2019-04-20 11:56:01 +00:00

cve-2016-0051

refactor ms16-016 code

2016-07-05 20:50:43 -05:00

cve-2016-0189

add exploit for cve-2016-0189

2016-08-01 13:26:35 -05:00

cve-2016-6415

CVE-2016-6415 Cisco - sendpacket.raw

2016-09-29 22:24:55 -05:00

cve-2017-7308

Recompile pre-compiled exploit executable (stripped, no DEBUG)

2018-05-17 09:43:07 +00:00

cve-2017-8464

recompile binaries

2017-11-08 09:33:48 -06:00

cve-2017-16995

Add in compiled version of the exploit to meet Rapid7 compliance guidelines on having Rapid7 employees submit compiled binaries only

2020-10-23 16:01:00 -05:00

cve-2017-1000112

Fix ufo_privilege_escalation

2018-07-08 11:05:30 +00:00

cve-2018-8897

Combine the modules and update the binaries

2018-07-27 11:08:04 -05:00

cve-2018-18955

Add musl-cross cross-compiled executables

2018-11-25 00:53:55 +00:00

cve-2018-1000001

Add glibc 'realpath()' Privilege Escalation exploit

2018-05-26 21:25:59 +00:00

cve-2019-1322

Randomize container name

2019-12-12 07:48:01 -06:00

cve-2020-0668

Working through mountpoint issues

2020-04-21 09:54:45 -05:00

cve-2020-1313

First attempt at CVE-2020-1313

2020-09-18 15:39:12 -05:00

cve-2021-3490

Update exploit code to use & after the command to execute as root so it executes in the background and doesn't hang Metasploit. Also update the logic of the code to check the response from executing the exploit and respond accordingly and update the documentation to match

2021-08-31 15:07:37 -05:00

cve-2022-0995

Update c source with argc check and CRASH notes for module

2022-04-20 17:37:48 -05:00

CVE-2008-6508

Permissions.

2012-06-28 11:42:37 -05:00

CVE-2010-0232

Remove genericity, x64 and renamed stuff

2013-11-14 12:22:53 +10:00

CVE-2010-0842

Fix my screwup in winscp for servicename

2012-02-21 20:31:52 -06:00

CVE-2010-1240

Add an R in /Info for the trailer dictionary to make it readable

2014-11-05 22:28:37 -06:00

CVE-2011-2882

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

CVE-2011-3400

Permissions

2012-06-12 15:20:25 -05:00

CVE-2012-0013

Permissions

2012-06-12 15:20:25 -05:00

CVE-2012-1535

Add Main.swf from 593363c

2013-07-29 21:53:40 -05:00

CVE-2012-2516

added chm templates

2012-10-10 19:21:47 +02:00

CVE-2012-4681

changed dir names according to CVE

2012-08-28 16:33:01 +02:00

CVE-2012-6636

add ndkstager to data/exploits

2018-10-05 15:10:21 +08:00

CVE-2013-0109

Final changes before PR

2013-12-15 01:12:49 +00:00

CVE-2013-0634

Beautify and fix both ruby an AS

2014-04-17 23:32:29 -05:00

CVE-2013-2465

Change directory names

2013-08-15 22:52:42 -05:00

CVE-2013-3906

Initial commit of CVE-2013-3906

2013-11-19 23:10:32 -06:00

CVE-2013-5045

Use powershell instead of mshta

2014-06-03 09:01:56 -05:00

CVE-2013-5331

Add module for CVE-2013-5331

2014-04-27 10:40:46 -05:00

CVE-2014-0038

Cleanup linux/local/recvmmsg_priv_esc module

2018-05-24 17:56:07 +00:00

CVE-2014-0257

Do test

2014-06-03 09:52:01 -05:00

CVE-2014-0322

Add module for CVE-2014-0322

2014-04-15 17:55:24 -05:00

CVE-2014-0497

Add module for CVE-2014-0497

2014-05-03 20:04:46 -05:00

CVE-2014-0515

Delete debug

2015-06-11 17:39:36 -05:00

CVE-2014-0556

Update CVE-2014-0556

2015-06-04 18:23:50 -05:00

CVE-2014-0569

Unset debug flag

2015-06-09 11:36:09 -05:00

CVE-2014-2630

working exploit

2020-04-19 15:19:19 -04:00

CVE-2014-4113

Use PDWORD_PTR and DWORD_PTR

2014-10-31 17:35:50 -05:00

CVE-2014-4114/template

Add ppsx template

2014-10-16 17:55:22 -05:00

CVE-2014-4404

Change paths, add makefile and compile

2014-11-30 21:06:11 -06:00

CVE-2014-6352/template_run_as_admin

Add module for CVE-2014-6352

2014-11-12 01:10:49 -06:00

CVE-2014-8440

Make last code cleanup

2015-06-09 16:01:57 -05:00

CVE-2015-0016

Update DLL

2015-08-26 15:15:32 -05:00

CVE-2015-0311

Add more targets

2015-06-04 12:11:53 -05:00

CVE-2015-0313

Allow more search space

2015-06-10 12:26:53 -05:00

CVE-2015-0318

This seems to work

2015-03-13 04:43:06 -05:00

CVE-2015-0336

Add support for Windows 8.1/Firefox

2015-06-03 22:46:04 -05:00

CVE-2015-0359

Disable debug

2015-06-10 14:07:18 -05:00

CVE-2015-1130

python 3 compatibility

2019-02-13 22:20:29 +01:00

CVE-2015-1328

revamped

2016-10-15 20:57:31 -04:00

CVE-2015-1701

Update exploit binaries for ms15-051

2015-06-25 09:33:15 +10:00

CVE-2015-2426

Clean template code

2015-09-12 13:43:05 -05:00

CVE-2015-3090

Add module for CVE-2015-3090

2015-06-18 12:36:14 -05:00

CVE-2015-3105

Add module for CVE-2015-3105

2015-06-25 13:35:01 -05:00

CVE-2015-3113

Add module for CVE-2015-3113

2015-07-01 13:13:57 -05:00

CVE-2015-3673

Remove sleep(), clean up WritableDir usage.

2015-07-05 18:59:00 -05:00

CVE-2015-5119

Update swf

2015-07-15 18:35:41 -05:00

CVE-2015-5122

Add support for Windows 10(10240) to CVE-2015-5122

2019-06-01 14:44:30 +09:00

CVE-2015-8103

Add Jenkins CLI Java serialization exploit module

2015-12-11 14:57:10 -06:00

CVE-2015-8660

working module

2016-10-04 23:21:53 -04:00

CVE-2016-0040

Re-add compiled Binary

2018-05-03 15:50:15 -05:00

CVE-2016-0099

Add a random sentinel to close channel when terminates (#1 )

2020-01-25 23:30:49 +01:00

CVE-2016-4117

initial import, CVE-2016-4117 OSX exploit

2018-12-21 02:54:35 -06:00

CVE-2016-4557

Fix bpf_priv_esc module

2018-12-12 17:23:12 +00:00

CVE-2016-4655

add DEBUG exploit binary

2018-10-22 19:51:21 +08:00

CVE-2016-4669

remove debug logging from the kernel exploit

2020-07-30 18:10:26 +08:00

CVE-2016-4997

binary drops work!

2016-09-24 21:31:00 -04:00

CVE-2016-8655

Update AF_PACKET chocobo_root Privilege Escalation module

2020-01-19 11:51:01 +00:00

CVE-2017-0358

move sploit.c out to data folder

2017-03-31 20:51:33 -04:00

CVE-2017-7494

Rename payloads with os+libc, shrink array inits

2017-05-27 19:50:31 -05:00

CVE-2017-8291

Quick Ghostscript module based on the public PoC

2017-04-28 09:56:52 -05:00

CVE-2017-13861

add exploit binary

2019-06-02 10:19:24 +08:00

CVE-2017-16666

Add xplico remote code execution

2017-11-14 09:30:57 +03:00

CVE-2017-17562

Resolve a bug in reverse_tcp and segfaults across payloads

2017-12-29 14:18:55 -06:00

CVE-2017-1000353

add poc

2020-09-11 12:00:16 -05:00

CVE-2018-0824

Remove duplicated files

2018-10-23 12:31:18 -05:00

CVE-2018-4233

move int64.js and utils.js to javascript_utils folder

2020-09-01 16:14:31 +08:00

CVE-2018-4237

add binary

2018-11-20 15:59:23 +08:00

CVE-2018-4404

add binaries

2018-11-15 08:46:24 +08:00

CVE-2018-5333

Add rds_atomic_free_op_null_pointer_deref_priv_esc (CVE-2018-5333)

2020-01-18 08:34:52 +00:00

CVE-2018-8120

addressed suggestions

2018-10-12 14:35:42 -05:00

CVE-2018-8440

Inject Payload to Memory First

2018-09-19 21:13:49 -05:00

CVE-2018-8453

Add cve-2018-8453 exploit module

2019-07-09 07:15:13 -05:00

CVE-2018-9948

Cleanup for foxit_reader_uaf

2018-09-05 21:47:57 -05:00

CVE-2018-16858

reduced file size

2019-04-16 09:06:44 -05:00

CVE-2018-19276

add xml erb file

2019-12-02 08:44:37 -06:00

CVE-2019-0808

Recompile DLL and alter vcxproj file to automatically place generated DLL in right folder

2020-05-06 16:33:01 -05:00

CVE-2019-0841

move source to external/source directory

2019-07-09 09:08:28 -05:00

CVE-2019-1458

Recompile the exploit.dll DLL for CVE-2019-1458 as per Rapid7 policies

2020-10-15 10:58:56 -05:00

CVE-2019-2215

Initial commit of CVE-2019-2215 Android Binder Use-After-Free

2019-10-17 18:48:49 +08:00

CVE-2019-5736

Last additions and improvements

2021-06-30 11:02:11 +02:00

CVE-2019-8513

add exploit binary

2019-04-21 16:02:10 +08:00

CVE-2019-8565

Add CVE-2019-8565 OSX Feedback Assistant local root exploit

2019-05-07 04:30:47 +08:00

CVE-2019-9848

@LoadLow Marks the generated ODT file readonly

2019-08-18 18:36:31 +02:00

CVE-2019-12477

Implement on_request_uri

2019-06-25 23:47:19 -05:00

CVE-2019-13272

Update CVE-2019-13272 pre-compiled exploit

2020-05-11 13:36:41 +00:00

CVE-2020-0787

Recompile everything so we don't have the messagebox calls

2020-06-11 00:18:45 -05:00

CVE-2020-0796

Add the x64 LPE exploit for CVE-2020-0796

2020-04-02 17:22:00 -04:00

CVE-2020-1048

Update binaries

2020-09-16 11:41:02 -05:00

CVE-2020-1054

Add dll

2020-12-15 12:42:06 +01:00

CVE-2020-1337

Cleanup and edits per review from Christophe

2021-01-11 16:02:58 -06:00

CVE-2020-2555

add PoC

2020-05-04 11:08:38 -05:00

CVE-2020-2883

add poc code

2020-06-02 14:29:02 -05:00

CVE-2020-7457

Add CVE-2020-7457 exploit.c

2020-07-26 08:04:37 +00:00

CVE-2020-9839

Recompiled binary exploit file to match source

2020-09-04 15:46:52 -05:00

CVE-2020-9850

add exploit binaries

2020-09-01 17:14:21 +08:00

CVE-2020-17136

Make second round of review edits to fix Spencer's comments

2021-01-08 12:50:52 -06:00

CVE-2021-3156

Tested on various other Fedora's

2021-05-04 14:18:16 +10:00

CVE-2021-3493

Add support for aarch64 Ubuntu versions

2021-12-01 14:54:48 -06:00

CVE-2021-4034

Remove unneeded files

2022-02-18 16:33:39 -06:00

CVE-2021-21551

Add targeting for Windows 10 v21H1

2021-05-18 12:56:02 -04:00

CVE-2021-22204

Add CVE-2021-22204 ExifTool ANT perl injection

2021-05-11 12:02:12 +10:00

CVE-2021-22555

Add PoC for CVE-2021-22555 Netfilter Priv Escalation

2021-10-04 16:48:23 +01:00

CVE-2021-38648

Update the Python exploit code to fix a bug

2021-11-02 10:10:18 -04:00

CVE-2021-40444

Remove the Not_Hosted target

2021-12-08 17:22:44 -05:00

CVE-2021-40449

Make adjustments to dllmain.c from reviews and recompile the DLL again

2021-11-09 10:49:14 -06:00

CVE-2021-44228

First "working" 2021-44228 exploit module state

2021-12-29 09:10:07 -05:00

CVE-2022-0847

add binaries for pre-compiled option

2022-03-10 08:50:48 -06:00

CVE-2022-21882

One exploit for CVE-2021-1732 and CVE-2022-21882

2022-02-18 15:23:38 -05:00

CVE-2022-26904

Update data to fix more things found during review process

2022-04-05 12:48:11 -05:00

CVE-2022-34918

Add module docs, add Ubuntu 22.04 offsets, update check method

2022-07-22 03:30:03 +02:00

dell_protect

Pulled offsets out of dll into module. Auto-find lsass.exe when pid is 0

2021-12-18 10:56:46 -08:00

docx

Data files moved. Updated to use Rex::zip and Msf::Exploit::FILEFORMAT

2013-02-04 13:37:09 +01:00

drunkpotato

Adding DLL's

2021-01-06 15:59:08 +01:00

edb-35948

Call CollectGarbage

2015-02-09 14:44:31 -06:00

firefox_smil_uaf

initial commit of finished product

2017-01-20 11:01:36 -06:00

ghostscript

Add Ghostscript failed restore exploit

2018-09-05 19:56:32 -05:00

hpe_sim_76_amf_deserialization

First attempt at CVE-2020-7200 module, with RuboCopped module

2021-03-02 16:38:19 -06:00

imagemagick

Add PS template

2016-10-13 17:40:15 -05:00

java_signed_applet

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

javascript_utils

move int64.js and utils.js to javascript_utils folder

2020-09-01 16:14:31 +08:00

jre7u17

Added module for Java 7u17 sandboxy bypass

2013-04-20 01:43:13 -05:00

juicypotato

build: recompile dlls

2019-01-12 04:02:34 +01:00

ldap

Native LDAP infrastructure to support log4shell

2021-12-16 18:47:52 -05:00

mssql

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

mysql

updated windows udf files and documentation

2018-08-07 14:50:47 -04:00

ntapphelpcachecontrol

Use RDL

2015-01-09 19:02:08 -06:00

office_word_macro

Update office_word_macro exploit to support template injection

2017-05-25 15:53:45 -05:00

openoffice_document_macro

Completed version of openoffice_document_macro

2017-02-08 16:29:40 -06:00

osx

Add auto-accept to osx/enum_keychain.

2015-09-07 21:17:49 -05:00

persistence_service

Fix additional path space issues

2018-12-17 07:00:23 -06:00

pfsense_clickjacking

Added local copies of the static content

2017-12-02 10:14:14 +01:00

php

Revert "Land #6812 , remove broken OSVDB references"

2016-07-15 12:00:31 -05:00

poison_ivy_c2

Modifications based on suggestions by @wchen-r7

2016-06-08 01:17:15 +02:00

postgres

Fixes #3988 . Adds a command execution module for PostgreSQL by uploading a UDF library and adding sys_exec() as a temporary function. Requires the target to be Windows, uses Bernardo Damele A. G.'s binaries.

2011-03-23 19:36:07 +00:00

powershell

fix ssl connection on Windows Server 2012

2021-11-30 06:30:59 +00:00

proxyshell

Work off of the system mailbox

2021-08-27 14:32:26 -04:00

psnuffle

Fix typo

2018-07-17 12:59:00 -05:00

pxexploit

Adds scriptjunkie's multilingual admin fie for pxexploit

2011-12-23 12:24:45 -06:00

R7_2015_17

Add missing stream.raw for hp_sitescope_dns_tool

2016-03-15 11:06:06 -05:00

redis

Add doc and enhance the module.

2019-07-20 00:17:57 +08:00

roothelper

Add Libuser roothelper Privilege Escalation exploit

2018-04-23 17:49:11 +00:00

rottenpotato

Recompile binaries and prep for VS2013 compiles

2018-10-04 16:21:23 -05:00

scripthost_uac_bypass

Initial working scripthost bypass uac

2015-08-23 20:16:15 +01:00

splunk

Cleanup of #1062

2012-12-07 11:55:48 +01:00

tokenmagic

Addressed comments

2021-05-14 17:46:26 -05:00

tpwn

Move tpwn source to external/source/exploits

2015-08-17 18:27:47 -05:00

uso_trigger

Add Uso dll

2020-04-23 15:18:22 -05:00

uxss

Add some common UXSS scripts.

2014-09-09 02:31:27 -05:00

vmware_view_planner_4_6_uploadlog_rce

Quick update to make the backdoor a bit stealthier by removing the extra Payload Success! message that wasn't needed

2021-03-14 00:00:17 -06:00

wifi

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

cve-2010-2883.ttf

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

cve-2013-0758.swf

Initial commit, works on three OSes, but automatic mode fails.

2013-05-15 23:32:02 -05:00

cve-2014-1761.rtf

MS14-017 Word RTF listoverridecount memory corruption

2014-04-08 14:44:20 -04:00

cve-2017-0199.rtf

Fix rtf info author

2017-04-14 21:16:39 -05:00

CVE-2007-3314.dat

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

CVE-2008-0320.doc

Permissions

2012-06-06 20:05:29 -05:00

CVE-2008-5353.jar

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

CVE-2008-5499.swf

Permission change, ignore

2012-04-23 13:42:18 -05:00

CVE-2009-3867.jar

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

CVE-2009-3869.jar

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

CVE-2010-0480.avi

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

CVE-2010-0822.xls

Consolidation of the Axis2 Deployer Exploits

2011-11-22 08:47:53 -08:00

CVE-2010-1297.swf

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

CVE-2010-3275.amv

Added Crash file for CVE-2010-3275 (VLC AMV file)

2011-03-25 21:01:30 +00:00

CVE-2010-3654.swf

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

CVE-2011-0105.xlb

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

CVE-2011-0257.mov

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

CVE-2011-0609.swf

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

CVE-2011-0611.swf

Added swf trigger file

2011-04-16 02:08:03 +00:00

CVE-2011-2110.swf

Permissions fix

2012-06-21 15:39:17 -05:00

CVE-2012-0507.jar

Permissions fix for exploit jar file

2012-04-02 09:27:35 -05:00

CVE-2012-0754.swf

Permisssions (ignore)

2012-03-08 16:16:13 -06:00

CVE-2012-0779.swf

Permissions

2012-06-25 00:36:39 -05:00

CVE-2012-1723.jar

Better handle of module cache when db_connect is run manually

2012-07-10 23:56:48 -05:00

CVE-2013-2171.bin

Fix CVE-2013-2171 with @jlee-r7 feedback

2013-06-25 10:40:55 -05:00

CVE-2013-6282.so

add module binary

2016-12-22 03:25:10 -06:00

CVE-2014-0980.pui

Implemented Recommended Changes

2015-03-17 16:39:56 -04:00

CVE-2014-3153.so

add binary for futex_requeue

2017-01-11 13:25:30 -06:00

evasion_shellcode.js

improve windows_defender_js_hta :

2018-10-11 17:38:47 +02:00

exec_payload.msi

added build exec_payload.msi

2012-11-28 21:51:01 +01:00

google_proxystylesheet.xml

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

hta_evasion.hta

improve windows_defender_js_hta :

2018-10-11 17:38:47 +02:00

iceweasel_macosx.icns

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

iphone_libtiff.bin

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

modicon_ladder.apx

Permissions fix for modicon_ladder.apx

2012-04-12 14:26:27 -05:00

mp4player.as

Permisssions (ignore)

2012-03-08 16:16:13 -06:00

mp4player.fla

Add source code to the player

2012-03-08 15:23:10 -06:00

mp4player.swf

Test out new player code

2012-03-08 15:05:12 -06:00

msfJavaToolkit.jar

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

office_ole_multiple_dll_hijack.ppsx

Moved PPSX to data/exploits folder

2016-11-08 16:04:46 +01:00

pricedown.eot

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

QTJavaExploit.class

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

runcalc.hlp

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

s4u_persistence.xml

rename the xml template for s4u

2013-02-18 15:25:03 +01:00

shockwave_rcsl.dir

Permission changes (to sync)

2011-11-10 19:48:32 -06:00

word_msdtjs.docx

fix chmod 644

2022-05-30 22:11:35 +04:00