Powershell Exec, Windows shellcode stage, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/powershell/x64/custom/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show optio...

Powershell Exec, Windows shellcode stage, Reverse UDP Stager with UUID Support

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/powershell/custom/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION msf...

Powershell Exec, Windows shellcode stage, Windows x64 Bind TCP Stager

Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/custom/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options...

ForceAdmin - Create Infinite UAC Prompts Forcing A User To Run As Admin

ForceAdmin is a c payload builder, creating infinate UAC pop-ups until the user allows the program to be ran. The inputted commands are ran via powershell calling cmd.exe and should be using the batch syntax. Why use? Well some users have UAC set to always show, so UAC bypass techniques are not...

Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers

As many as three disparate but related campaigns between March and Jun 2022 have been found to deliver a variety of malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners onto compromised systems. "The actors use PowerShell, .NET assemblies, and HTA and VBS files to spread...

ModernLoader delivers multiple stealers, cryptominers and RATs

By Vanja Svajcer Cisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering a variety of threats, including the ModernLoader bot, RedLine information-stealer and cryptocurrency-mining malware to victims. The actors use PowerShell, .NET assemblies,...

Microsoft Exchange Server ChainedSerializationBinder RCE

This module exploits vulnerabilities within the ChainedSerializationBinder as used in Exchange Server 2019 CU10, Exchange Server 2019 CU11, Exchange Server 2016 CU21, and Exchange Server 2016 CU22 all prior to Mar22SU. Note that authentication is required to exploit these vulnerabilities. Module...

Tenable Nessus Agent < 8.3.4 / 10.x < 10.1.4 Multiple Vulnerabilities (TNS-2022-17) (TNS-2022-13)

According to its self-reported version, the Tenable Nessus agent running on the remote host is prior to 8.3.4 or 10.x prior to 10.1.4. It is, therefore, affected by multiple vulnerabilities: - An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes...

[R1] Nessus Agent Version 8.3.4 Fixes Multiple Vulnerabilities

R1 Nessus Agent Version 8.3.4 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 08/24/2022 - 12:18 Custom audit files bring tremendous power and flexibility when assessing the configuration of your assets. Two separate vulnerabilities that utilize this custom Audit functionality were identified,...

Exploit for CVE-2021-34527

PrintNightmare CVE-2021-34527 This version of the PrintNigh...

Microsoft Exchange Server ChainedSerializationBinder Remote Code Execution Exploit

This Metasploit module exploits vulnerabilities within the ChainedSerializationBinder as used in Exchange Server 2019 CU10, Exchange Server 2019 CU11, Exchange Server 2016 CU21, and Exchange Server 2016 CU22 all prior to Mar22SU. Note that authentication is required to exploit these...

Exploit for Improper Certificate Validation in Microsoft

CVE-2022-26923-Powershell-POC A powershell poc to load and aut...

Hoaxshell - An Unconventional Windows Reverse Shell, Currently Undetected By Microsoft Defender And Various Other AV Solutions, Solely Based On Http(S) Traffic

hoaxshell is an unconventional Windows reverse shell, currently undetected by Microsoft Defender and possibly other AV solutions as it is solely based on https traffic. The tool is easy to use, it generates it's own PowerShell payload and it supports encryption ssl. So far, it has been tested on...

Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware

Russian state-sponsored actors are continuing to strike Ukrainian entities with information-stealing malware as part of what's suspected to be an espionage operation. Symantec, a division of Broadcom Software, attributed the malicious campaign to a threat actor tracked Shuckworm, also known as...

Powershell Code Arbitary Execution Builder FUD Exploit

A desired powershell.ps1 hides the payload with special methods. It allows it to run secretly on the installed computer. Bypasses all modern antivirus protections. Completely FUD...

#StopRansomware: MedusaLocker

Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce multifactor authentication. Note: this joint Cybersecurity Advisory CSA is part of an...

Tenable Nessus 8.x < 8.15.6 Multiple Vulnerabilities (TNS-2022-16)

According to its self-reported version, the Tenable Nessus application running on the remote host is 8.x prior to 8.15.6. It is, therefore, affected by multiple vulnerabilities, including: - An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes...

PowerShell Functions Remote Code Execution

PowerShell functions may be used to exploit remote code execution vulnerabilities. A remote attacker can exploit this vulnerabilities by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the affected system...

Zoho Password Manager Pro XML-RPC Java Deserialization Exploit

This Metasploit module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain remote command execution as the SYSTEM user. This...

CVE-2022-31180

Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the escape or escapeAll functions with the interpolation option set to true. The result is that if ...