Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Post-exploitation exploitation #611

Merged
merged 17 commits into from
Jul 17, 2012
Merged

Post-exploitation exploitation #611

merged 17 commits into from
Jul 17, 2012

Commits on Jun 13, 2012

  1. Make the Exploit::Local class useful 

    This commit is the main infrastructure needed to run exploits in a local
context, gluing the Exploit and Post module classes together.
    @egypt
    egypt committed Jun 13, 2012
    Configuration menu
    Copy the full SHA
    5717f52 View commit details
    Browse the repository at this point in the history

  2. Allow tab-completing SESSION on exploits as well

    @egypt
    egypt committed Jun 13, 2012
    Configuration menu
    Copy the full SHA
    8707df3 View commit details
    Browse the repository at this point in the history

  3. Add a post-exploitation exploit for suid nmap 

    Tested on Ubuntu with nmap 6.00 and nmap 5.00
    @egypt
    egypt committed Jun 13, 2012
    Configuration menu
    Copy the full SHA
    0e8fb0f View commit details
    Browse the repository at this point in the history

  4. Port ms10-092 to the new Exploit::Local format

    @egypt
    egypt committed Jun 13, 2012
    Configuration menu
    Copy the full SHA
    9f78a9e View commit details
    Browse the repository at this point in the history

  5. Fix NoMethodError when post mods call super from setup

    @egypt
    egypt committed Jun 13, 2012
    Configuration menu
    Copy the full SHA
    2e4231d View commit details
    Browse the repository at this point in the history

  6. Axe some copy-pasta

    @egypt
    egypt committed Jun 13, 2012
    Configuration menu
    Copy the full SHA
    1fbe574 View commit details
    Browse the repository at this point in the history

  7. Add expand_path and upload_file methods

    @egypt
    egypt committed Jun 13, 2012
    Configuration menu
    Copy the full SHA
    d2d37f7 View commit details
    Browse the repository at this point in the history

  8. No need to alter time out

    @egypt
    egypt committed Jun 13, 2012
    Configuration menu
    Copy the full SHA
    c39a42d View commit details
    Browse the repository at this point in the history

Commits on Jun 21, 2012

  1. Merge branch 'rapid7' into omg-post-exploits

    @egypt
    egypt committed Jun 21, 2012
    Configuration menu
    Copy the full SHA
    815d80a View commit details
    Browse the repository at this point in the history

Commits on Jun 22, 2012

  1. Add the first bits of a sock_sendpage exploit 

    This can currently build an executable that creates a socket, opens a
temporary file, truncates that file with ftruncate(2) and calls
sendfile. Still needs to mmap NULL and figure out ring0 shellcode.

Baby steps.
    @egypt
    egypt committed Jun 22, 2012
    Configuration menu
    Copy the full SHA
    fd8b163 View commit details
    Browse the repository at this point in the history

  2. More progress on syscall wrappers 

    Something is still broken, my socket() is returning EAFNOSUPPORT whereas
what looks like the same syscall in wunderbar_emporium's exploit.c is
returning a socket. Similarly, my __mmap2() is returning EFAULT when
trying to map anything, not just NULL.
    @egypt
    egypt committed Jun 22, 2012
    Configuration menu
    Copy the full SHA
    6913440 View commit details
    Browse the repository at this point in the history

Commits on Jul 8, 2012

  1. Merge remote branch 'rapid7/master' into omg-post-exploits

    @egypt
    egypt committed Jul 8, 2012
    Configuration menu
    Copy the full SHA
    6d6b4bf View commit details
    Browse the repository at this point in the history

Commits on Jul 9, 2012

  1. Add an xxd decoder

    @egypt
    egypt committed Jul 9, 2012
    Configuration menu
    Copy the full SHA
    c82037d View commit details
    Browse the repository at this point in the history

  2. Fix logic fail

    @egypt
    egypt committed Jul 9, 2012
    Configuration menu
    Copy the full SHA
    8d91867 View commit details
    Browse the repository at this point in the history

Commits on Jul 16, 2012

  1. Add an exploit for sock_sendpage 

    Unfortunately, adds a dep on bionic for runtime compilation.

Gets ring0, sets the (res)uid to 0 and jumps to the payload.  Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into.  Single payloads work fine, though.

Also cleans up and improves local exploits' ability to compile C.

[SEERM rapid7#3038]
    @egypt
    egypt committed Jul 16, 2012
    Configuration menu
    Copy the full SHA
    7091d1c View commit details
    Browse the repository at this point in the history

  2. Merge branch 'master' into omg-post-exploits

    @egypt
    egypt committed Jul 16, 2012
    Configuration menu
    Copy the full SHA
    efe478f View commit details
    Browse the repository at this point in the history

Commits on Jul 17, 2012

  1. Add a require for File in Common

    @egypt
    egypt committed Jul 17, 2012
    Configuration menu
    Copy the full SHA
    6b0196e View commit details
    Browse the repository at this point in the history