SysAid Help Desk Software 14.4.32 b25 - SQL Injection (Metasploit)

SysAid Help Desk Software 14.4.32 b25 - SQL Injection Metasploit Exploit Title: Sysaid Helpdesk Software Unauthenticated SQLi Date: 28.11.2015 Exploit Author: hland Vendor Homepage: https://www.sysaid.com/ Version: v14.4.32 b25 Tested on: Windows 7, Windows 10 Blog post:...

Powercat - Netcat: The Powershell Version

Installation powercat is a powershell function. First you need to load the function before you can execute it. You can put one of the below commands into your powershell profile so powercat is automatically loaded when powershell starts. Load The Function From Downloaded .ps1 File: . .\powercat.p...

Windows Local Privilege Escalation: PowerUp

PowerUp is a powershell tool to assist with local privilege escalation on Windows systems. It contains several methods to identify and abuse vulnerable services, as well as DLL hijacking opportunities, vulnerable registry settings, and escalation opportunities. The privesc/powerup/allchecks modul...

PowerShell Incident Response: Psrecon

Psrecon is an open source script that you can use to gather data from a remote Windows host using PowerShell v2 or later, organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushe...

Remote execution of a PowerShell script fails when the VeeamBackup SQL database is on a remote SQL Server.

Challenge When using a PowerShell script that is intended to remotely execute a command upon the Veeam server, it may fail if the SQL instance that Veeam Backup & Replication is configured to use is on a different server. This KB article applies only if the following two statements are true. 1. A...

ManageEngine EventLog Analyzer - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine EventLog Analyzer Remote Code Execution', 'Description' = %q This module exploits a SQL query functionality in...

CrackMapExec - A swiss army knife for pentesting Windows/Active Directory environments

CrackMapExec is your one-stop-shop for pentesting Windows/Active Directory environments! From enumerating logged on users and spidering SMB shares to executing psexec style attacks and auto-injecting Mimikatz into memory using Powershell! The biggest improvements over the above tools are: Pure...

Powershell Netcat: PowerCat

powercat is a powershell function. First you need to load the function before you can execute it. You can put one of the below commands into your powershell profile so powercat is automatically loaded when powershell starts. What’s netcat anyway ? netcat often abbreviated to nc is a computer...

Windows Multiple - Registry Only Persistence Exploit

Exploit for windows platform in category local exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/powershell' require 'msf/core/post/file' class Metasploit4 'Windows...

Windows Escalate UAC Protection Bypass (ScriptHost Vulnerability) Exploit

Usage Info msf use exploit/windows/local/bypassuacvbs msf exploitbypassuacvbs show targets ...targets... msf exploitbypassuacvbs set TARGET msf exploitbypassuacvbs show options ...show and set options... msf exploitbypassuacvbs exploit This module requires Metasploit: http://metasploit.com/downlo...

Empire: a PowerShell post-exploitation Agent tools-vulnerability warning-the black bar safety net

Empire is a purely PowerShell post-exploitation Agent tools, it is built on cryptography, secure communications and flexible architecture. Empire realize the need to powershell. exe you can run a PowerShell proxy function. Rapid deployment post-exploit module, from the keyboard recorder to...

Empire - PowerShell Post-Exploitation Agent

Empire is a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz,...

Mozilla Maintenance Service Log File Overwrite Elevation of Privilege Exploit

Exploit for windows platform in category local exploits Source: https://code.google.com/p/google-security-research/issues/detail?id=427&can=1 Mozilla Maintenance Service: Log File Overwrite Elevation of Privilege Platform: Windows Version: Mozilla Firefox 38.0.5 Class: Elevation of Privilege...

Mozilla - Maintenance Service Log File Overwrite Privilege Escalation

Source: https://code.google.com/p/google-security-research/issues/detail?id=427&can=1 Mozilla Maintenance Service: Log File Overwrite Elevation of Privilege Platform: Windows Version: Mozilla Firefox 38.0.5 Class: Elevation of Privilege Summary: The maintenance service creates a log file in a use...

Required Group Policy Preference Actions for Microsoft Security Bulletin MS14-025

US-CERT is aware of continued exploitation of insecurely stored passwords in Group Policy Preferences, due to incomplete implementations of Microsoft Security Bulletin MS14-025. Systems may still be vulnerable to exploitation if administrators have not cleared all previously stored passwords from...

Inveigh - A Windows PowerShell LLMNR/NBNS spoofer with challenge/response capture over HTTP/SMB

Inveigh is a Windows PowerShell LLMNR/NBNS spoofer designed to assist penetration testers that find themselves limited to a Windows system. This can commonly occur while performing phishing attacks, USB drive attacks, VLAN pivoting, or simply being restricted to a Windows system as part of client...

VNC Keyboard Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/proto/rfb' class Metasploit3 'VNC Keyboard Remote Code Execution', 'Description' = %q This module exploits VNC servers by sending virtual...

VNC Keyboard - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/proto/rfb' class Metasploit3 'VNC Keyboard Remote Code Execution', 'Description' = %q This module exploits VNC servers by sending virtual...

VNC Keyboard Remote Code Execution

This module exploits VNC servers by sending virtual keyboard keys and executing a payload. On Windows systems a command prompt is opened and a PowerShell or CMDStager payload is typed and executed. On Unix/Linux systems a xterm terminal is opened and a payload is typed and executed. This module...

Malicious Microsoft Office Documents: Generate-Macro

This script will generate malicious Microsoft Excel Documents that contain VBA macros. This script will prompt you for an IP address and port you will receive your shell at this address and port and the name of the malicious document. From there, the script will then prompt you to choose from a...