Microsoft Windows 7 10 2008 2012 R2 (x86x64) - Local Privilege Escalation (MS16-032) (PowerShell)

Microsoft Windows 7 10 2008 2012 R2 x86x64 - Local Privilege Escalation MS16-032 PowerShell function Invoke-MS16-032 https://googleprojectzero.blogspot.co.uk/2016/03/exploiting-leaked-thread-handle.html .DESCRIPTION Author: Ruben Boonen @FuzzySec Blog: http://www.fuzzysecurity.com/ License: BSD...

Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64) - Local Privilege Escalation (MS16-032) (PowerShell)

function Invoke-MS16-032 https://googleprojectzero.blogspot.co.uk/2016/03/exploiting-leaked-thread-handle.html .DESCRIPTION Author: Ruben Boonen @FuzzySec Blog: http://www.fuzzysecurity.com/ License: BSD 3-Clause Required Dependencies: PowerShell v2+ Optional Dependencies: None .EXAMPLE C:\PS...

Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (Pow

Exploit for windows platform in category local exploits function Invoke-MS16-032 https://googleprojectzero.blogspot.co.uk/2016/03/exploiting-leaked-thread-handle.html .DESCRIPTION Author: Ruben Boonen @FuzzySec Blog: http://www.fuzzysecurity.com/ License: BSD 3-Clause Required Dependencies:...

Regsvr32.exe (.sct) Application Whitelisting Bypass Server

This module simplifies the Regsvr32.exe Application Whitelisting Bypass technique. The module creates a web server that hosts an .sct file. When the user types the provided regsvr32 command on a system, regsvr32 will request the .sct file and then execute the included PowerShell command. This...

Ranger - Tool To Access And Interact With Remote Microsoft Windows Based Systems

A tool to support security professionals access and interact with remote Microsoft Windows based systems. This project was conceptualized with the thought process, we did not invent the bow or the arrow, just a more efficient way of using it. Ranger is a command-line driven attack and penetration...

DET - Data Exfiltration Toolkit

DET is provided AS IS, is a proof of concept to perform Data Exfiltration using either single or multiple channels at the same time. The idea was to create a generic toolkit to plug any kind of protocol/service. Slides DET has been presented at BSides Ljubljana on the 9th of March 2016 and the...

Brosec - An interactive reference tool to help security professionals utilize useful payloads and commands

Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful yet sometimes complex payloads and commands that are often used during work as infosec practitioners. An example of one of Brosec's most popular use cases is the ability to generate on the fly...

Pentestly - Python and Powershell internal Penetration Testing Framework

Pentestly is a combination of expanding Python tools for use in penetration tests. The goal is to utilize a familiar user interface while making contributions to the framework easy with the power of Python. Blog post: Pentestly Framework: When Pentesting Meets Python and Powershell Author:...

PowerWare Ransomware Uses PowerShell for Fileless Infections

Attackers are not through testing the limits of what they can do with new features in ransomware samples. That latest found in the wild is called PowerWare and it was discovered a week ago targeting a company in the healthcare industry, researchers at Carbon Black told Threatpost. What sets...

Authenticated WMI Exec via Powershell

This module uses WMI execution to launch a payload instance on a remote machine. In order to avoid AV detection, all execution is performed in memory via psh-net encoded payload. Persistence option can be set to keep the payload looping while a handler is present to receive it. By default the...

Greater Visibility Through PowerShell Logging

UPDATE Feb. 29: This post has been updated with new configuration recommendations due to the Feb. 24 rerelease of PowerShell 5, and now includes a link to a parsing script that users may find valuable. Introduction Mandiant is continuously investigating attacks that leverage PowerShell throughout...

p0wnedShell - PowerShell Runspace Post Exploitation Toolkit

p0wnedShell is an offensive PowerShell host application written in C that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment .NET. It has a lot of offensive PowerShell modules and binaries included to make the process of Post...

Veeam Backup & Replication add-on for Kaseya compatibility with Veeam Backup & Replication 9.x

The Kaseya plug-in for Veeam Backup & Replication was discontinued in 2019 and is no longer available nor supported by Veeam. Challenge Veeam Backup & Replication add-on for Kaseya needs to support Veeam Backup & Replication 9.x monitoring. Cause The names of Veeam Backup & Replication services...

Windows 2008 GPP exploit-vulnerability warning-the black bar safety net

The test environment Windows 7 ordinary members of the domain Windows 2008 domain controller The first deployment of the GPP, here my deployment strategy is to the domain members are added to a test user, the password is test123 ! Add a local user ! Then came the Group Policy Management ! Will th...

Microsoft Windows PowerShell Script Information Disclosure

An information disclosure exploitation can be executed via a malicious Microsoft Windows PowerShell script. Successful exploitation would allow a remote attacker to copy restricted files with privileged information from the affected system...

Uncovering Active PowerShell Data Stealing Campaigns

Loved by administrators, Windows PowerShell enables users to effectively perform automation and administrative tasks on local and remote systems. However, its power, ease of use, and widespread use has also made it attractive to attackers. Researchers first began demonstrating attacks involving...

USBTracker - Script to track USB devices events and artifacts in a Windows OS

USBTracker is a quick & dirty coded incident response and forensics Python script to dump USB related information and artifacts from a Windows OS vista and later. Special recommandations USBTracker read some protected log files and needs to be run with administrator permissions. The most simple w...

Offensive Powershell Console: PSPunch

PSPunch combines some of the best projects in the infosec powershell community into a self contained executable. It’s designed to evade antivirus and Incident Response teams. 1. It doesn’t rely on powershell.exe. Instead it calls powershell directly through the dotNet framework. 2. The modules th...

Sysaid Helpdesk Software 14.4.32 b25 - SQL 注入

No description provided by source. Exploit Title: Sysaid Helpdesk Software Unauthenticated SQLi Date: 28.11.2015 Exploit Author: hland Vendor Homepage: https://www.sysaid.com/ Version: v14.4.32 b25 Tested on: Windows 7, Windows 10 Blog post:...

Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection Vulnerability

Exploit for windows platform in category remote exploits Exploit Title: Sysaid Helpdesk Software Unauthenticated SQLi Date: 28.11.2015 Exploit Author: hland Vendor Homepage: https://www.sysaid.com/ Version: v14.4.32 b25 Tested on: Windows 7, Windows 10 Blog post:...