Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploitation-Using-Metasploit-

Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploit...

HTB-Blue-Writeup

Blue — EternalBlue MS17-010 Platform: TryHackMe OS:...

Vuln_Exploitation_MegaQuagga_Pentest

Vulnerability Exploitation — MegaQuagga Penetration Test Repor...

chrome-exploit-simulator

Ethical Hacking — Simulateur Exploit Web Présentation Ce...

Exploit for CVE-2017-0144

EternalBlue Exploit Demonstration MS17-010 Cybersecurity la...

Exploit for Code Injection in Rejetto Http_File_Server

Optimum --- Optimum – Hack The Box Writeup Overview I...

Windows Registry Run Persistence

This Metasploit module is a Windows persistence module designed to maintain access to a compromised system after a successful exploitation and an active Meterpreter session has been obtained...

Exploit for CVE-2020-1472

Domain-Controller-DC-Exploitation-with-Metasploit-Impacket End...

XAMPP 8.2.4 - Unquoted Path Vulnerability

Exploit Title: XAMPP 8.2.4 - Unquoted Path Exploit Author: Andrey Stoykov Version: 8.2.4 Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.2.4/xampp-windows-x64-8.2.4-0-VS16-installer.exe Tested on: Windows Server 2022 Blog: http://msecureltd.blogspot.com/ Steps to...

XAMPP 8.2.4 Unquoted Service Path

Exploit Title: XAMPP 8.2.4 - Unquoted Path Date: 07/2023 Exploit Author: Andrey Stoykov Version: 8.2.4 Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.2.4/xampp-windows-x64-8.2.4-0-VS16-installer.exe Tested on: Windows Server 2022 Blog: http://msecureltd.blogspot.com...

Nagios XI Autodiscovery Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI Autodiscovery Webshell Upload', 'Description' = %q This module exploits a path traversal issue in Nagios XI before version 5.8.5...

Nagios XI Autodiscovery Webshell Upload

This module exploits a path traversal issue in Nagios XI before version 5.8.5 CVE-2021-37343. The path traversal allows a remote and authenticated administrator to upload a PHP web shell and execute code as www-data. The module achieves this by creating an autodiscovery job with an id field...

Metasploit Tips and Tricks for HaXmas 2020

For this year's HaXmas, we're giving the gift of Metasploit knowledge! We'll cover a mix of old, new, or recently improved features that you can incorporate into your workflows. Some of our readers may already know these tips and tricks for using Metasploit, but for the others who aren't aware of...

Python-Rootkit - Python Remote Administration Tool (RAT) To Gain Meterpreter Session

This is a full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse httpsMetasploit connection to your listening machine. ViRu5 life cycle Bypass all anti-virus. Inject a malicious powershell script into memory...

Microsoft Windows LNK File Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LNK Code Execution Vulnerability', 'Description' = %q This module exploits a vulnerability in the handling of Windows Shortcut files .LNK that...

Multi Manage Network Route via Meterpreter Session

This module manages session routing via an existing Meterpreter session. It enables other modules to 'pivot' through a compromised host when connecting to the named NETWORK and SUBMASK. Autoadd will search a session for valid subnets from the routing table and interface list then add routes to...

Venom - Metasploit Shellcode Generator / Compiler / Listenner

The script will use msfvenom metasploit to generate shellcode in diferent formats c | python | ruby | dll | msi | hta-psh , injects the shellcode generated into one funtion example: python "the python funtion will execute the shellcode in ram" and uses compilers like: gcc gnu cross compiler or...

Windows Gather Active Directory Users

This module will enumerate user accounts in the default Active Domain AD directory and stores them in the database. If GROUPMEMBER is set to the DN of a group, this will list the members of that group by performing a recursive/nested search i.e. it will list users who are members of groups that a...

Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow 'schlamperei.x86.dll' (MS13-053) (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/post/windows/reflectivedllinjection' require 'rex' class Metasploit3 'Windows NTUserMessageCall Win32k Kernel Pool Overflow...

[BeEF] Fake Browser Update Exploitation

How to use BeEF Framework for fake browser update exploitation. Fake Browser Update : - In BeEF Framework there is a new feature available in social-engineering called Clippy using this feature we are sending the fake Update notification and if user click on that so obviously he is going to insta...