Windows Management Instrumentation (WMI) Remote Command Execution

This Metasploit module executes powershell on the remote host using the current user credentials or those supplied. Instead of using PSEXEC over TCP port 445 we use the WMIC command to start a Remote Procedure Call on TCP port 135 and an ephemeral port. Set ReverseListenerComm to tunnel traffic...

Microsoft Windows Authenticated Powershell Command Execution

This module uses a valid administrator username and password to execute a powershell payload using a similar technique to the "psexec" utility provided by SysInternals. The payload is encoded in base64 and executed from the commandline using the -encodedcommand flag. Using this method, the payloa...

Graphical Interface for Powershell Scripts: PoshSec Framework

The PoshSec Framework is a tool that is designed to provide a graphical interface for powershell scripts, funcions, modules and cmdlets The PoshSec Framework is not merely a defense tool. It can be used for offense, defense, and even system administration. The whole idea is to give people a tool...

[PoshSec Framework v0.2] Graphical Interface for Powershell scripts

The PoshSec Framework is a tool that is designed to provide a graphical interface for powershell scripts, functions, modules, and cmdlets. It allows the community to write scripts that can interact with the interface by providing alerts, and output directly from their powershell scripts. This...

Windows Management Instrumentation (WMI) Remote Command Execution

This module executes powershell on the remote host using the current user credentials or those supplied. Instead of using PSEXEC over TCP port 445 we use the WMIC command to start a Remote Procedure Call on TCP port 135 and an ephemeral port. Set ReverseListenerComm to tunnel traffic through that...

Oracle Endeca Server Remote Command Execution

This module exploits a command injection vulnerability on the Oracle Endeca Server 7.4.0. The vulnerability exists on the createDataStore method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the 7.5.5.1 branch. In addition, t...

[Nishang v0.3.0] The PowerShell for Penetration Testing released (introducing Powerpreter)

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests. Powerpreter is a powershell module...

MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/exploit/exe' class...

Powershell Payload Web Delivery Vulnerability

This Metasploit module quickly fires up a web server that serves the payload in powershell. The provided command will start powershell and then download and execute the payload. The IEX command can also be extracted to execute directly from powershell. The main purpose of this module is to quickl...

Powershell Payload Web Delivery

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Powershell Payload Web Delivery',...

[SET v5.2] The Social-Engineer Toolkit "Urban Camping"

The Social-Engineer Toolkit SET version 5.2 codename “Urban Camping” has been released. This version adds a complete rewrite of the PowerShell injection techniques within SET and incorporates an automatic process downgrade attack detailed here:...

Microsoft Windows Authenticated Powershell Command Execution

This Metasploit module uses a valid administrator username and password to execute a powershell payload using a similar technique to the "psexec" utility provided by SysInternals. The payload is encoded in base64 and executed from the commandline using the -encodedcommand flag. Using this method,...

Microsoft Windows Authenticated Powershell Command Execution

-- coding: binary -- This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/exploit/powershel...

How to Locate and Collect VSS/VIX Log Files From Guest OS

Purpose This article documents how to locate and gather guest-level log files associated with Application-Aware Processing or VM Guest OS File Indexing. While investigating issues related to Guest Processing, additional logs must be collected from the Guest OS of the VM that is failing either tas...

[Nishang v.0.2.7] PowerShell for Penetration Testing

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests.It contains many interesting script...

[SET v5.1] The Social-Engineer Toolkit codename “Name of the Doctor”

The Social-Engineer Toolkit SET version 5.1 codename “ Name of the Doctor ” has been released. This version adds a complete rewrite of the MSSQL Bruter as well as a new attack vector utilizing the PSExec functionality within Metasploit. The MSSQL Bruter now incorporates UDP port 1434 quick...

Veeam ONE Fails to Collect Performance Data from a Hyper-V Host

Challenge Veeam ONE fails to collect performance data from one or multiple Hyper-V hosts despite being able to collect infrastructure and topology data. This issue may occur with or without an alarm being triggered. When an alarm is triggered, it will display the message: Performance data...

[SET Version 5.0] The Social-Engineer Toolkit "The Wild West"

Social-Engineer Toolkit SET v5.0 codename: The Wild West is a culmination of six months of development, bug squashing, and user feedback. New with this version includes a completely redesigned multiprocessing web server that handles non-rfc compliant HTTP information. The builtin SET web server...

Tips for DAG Exchange Backup and Replication in vSphere

vSphere Snapshot Improvements This article was initially written when vSphere 5 snapshot operations were known and expected to cause small amounts of I/O stun to a VM's guest OS. Improvements in the latter vSphere versions, including significant changes to snapshot operation methodology in vSpher...

[SET v4.7] The Social-Engineer Toolkit

The Social-Engineer Toolkit SET version 4.7 codename “ Headshot ” has been released. This version of SET introduces the ability to specify multi-powershell injection which allows you to specify as many ports as you want and SET will automatically inject PowerShell onto the system on all of the...