HTTP Fetch, Windows Reverse HTTP Stager (winhttp)

Fetch and execute an x86 payload from an HTTP server. Tunnel communication over HTTP Windows winhttp Module Options msf use payload/cmd/windows/http/x86/meterpreter/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf payloadreversewinhttp...

ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access

A recently patched security flaw in Microsoft Windows Server Update Services WSUS has been exploited by threat actors to distribute a malware known as ShadowPad. "The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access," AhnLab Security Intelligence...

Linux Distros Unpatched Vulnerability : CVE-2024-23444

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing...

Pentest-and-Development-Tips

Pentest-and-Development-Tips A collection of pentest and development tips Author: 3gstudent Click on me to view the English version 声明 以下技巧不应用于非法用途 --- Tips 1. 手动端口探测 nmap的-sV可以探测出服务版本，但有些情况下必须手动探测去验证 使用Wireshark获取响应包未免大材小用，可通过nc简单判断 eg. 对于8001端口，nc连接上去，随便输入一个字符串，得到了以下结果： $ nc -vv localhost 8001...

📄 AndroMouse Server 8.0 Remote Code Execution

AndroMouse Server version 8.0 proof of concept that exploits an unauthenticated UDP interface to simulate mouse/keyboard actions and execute malicious commands via certutil. Exploit Title: AndroMouse Server 8.0 - Remote Code Execution Date: 03/07/25 Exploit Author: Chokri Hammedi Vendor Homepage:...

CVE-2024-23444

It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command...

CVE-2022-48222

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full...

CVE-2024-35288

Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. CertUtil is run in a conhost.exe window, and there is a mechanism allowing CTRL+o to launch cmd.exe as NT AUTHORITY\SYSTEM...

CVE-2024-35288

Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. CertUtil is run in a conhost.exe window, and there is a mechanism allowing CTRL+o to launch cmd.exe as NT AUTHORITY\SYSTEM...

CVE-2024-35288

Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. CertUtil is run in a conhost.exe window, and there is a mechanism allowing CTRL+o to launch cmd.exe as NT AUTHORITY\SYSTEM...

CVE-2024-35288

CVE-2024-35288 affects Nitro PDF Pro, specifically versions prior to 13.70.8.82 and 14.x prior to 14.26.1.0. The root cause is unsafe custom actions in the MSI installer when in repair mode, enabling Local Privilege Escalation. CertUtil runs in a conhost.exe window, and there is a mechanism allow...

BIT-ELASTICSEARCH-2024-23444 Elasticsearch elasticsearch-certutil csr fails to encrypt private key

It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command...

GHSA-5V8F-XX9M-WJ44 Elasticsearch stores private key on disk unencrypted

It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command...

CVE-2024-23444

It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command...

UBUNTU-CVE-2024-23444

It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command...

CVE-2024-23444

CVE-2024-23444 affects Elastic Elasticsearch where the elasticsearch-certutil tool, used with the csr option to generate CSRs, stores the generated private key on disk unencrypted even when --pass is provided. IBM bulletin references confirm exploitation could lead to private-key exposure in affe...

Elasticsearch 8.13.0/7.17.23 Security Update (ESA-2024-12)

Elasticsearch elasticsearch-certutil csr fails to encrypt private key ESA-2024-12 It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is...

HTTP Fetch, Windows Meterpreter Shell, Reverse HTTP Inline (x64)

Fetch and execute an x64 payload from an HTTP server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/http/x64/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf...

HTTP Fetch, Windows Meterpreter Shell, Bind Named Pipe Inline (x64)

Fetch and execute an x64 payload from an HTTP server. Connect to victim and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/http/x64/meterpreterbindnamedpipe msf payloadmeterpreterbindnamedpipe show actions ...actions... msf...

HTTP Fetch, Windows Meterpreter Shell, Bind TCP Inline (x64)

Fetch and execute an x64 payload from an HTTP server. Connect to victim and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/http/x64/meterpreterbindtcp msf payloadmeterpreterbindtcp show actions ...actions... msf payloadmeterpreterbindtcp se...