Privilege Escalation

pyinstaller is vulnerable to privilege escalation. When the library is used for Windows software in 'onefile' mode by a privileged user with default "TempPath" as C:\Windows\Temp, the function wmkdir does not enforce restricted permissions in Windows. The vulnerability is exploitable only after t...

cork (>=0.1.0 <=0.2.0), dvc (>=0.8.2 <=0.8.6) +12 more potentially affected by CVE-2019-16784 via pyinstaller (>=3.0.0 <=3.5.0)

pyinstaller PYPI version =3.0.0, =0.1.0, =0.8.2, =1.0.0.dev0, =2019.6.5, =0.1.22, =0.9.94, =0.0.1, =0.4.0, =0.1.0, =1.0.1, =0.2.0, =0.7.1 Source cves: CVE-2019-16784 Source advisory: OSV:GHSA-7FCJ-PQ9J-WH2R...

Local Privilege Escalation in PyInstaller

Impact Local Privilege Escalation in all Windows software frozen by PyInstaller in "onefile" mode. The vulnerability is present only on Windows and in this particular case: If a software frozen by PyInstaller in "onefile" mode is launched by a privileged user who has his/her "TempPath" resolving ...

GHSA-7FCJ-PQ9J-WH2R Local Privilege Escalation in PyInstaller

Impact Local Privilege Escalation in all Windows software frozen by PyInstaller in "onefile" mode. The vulnerability is present only on Windows and in this particular case: If a software frozen by PyInstaller in "onefile" mode is launched by a privileged user who has his/her "TempPath" resolving ...

CVE-2019-16784

In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user at least more than the current one which have his "TempPath" resolving to a world...

CVE-2019-16784

In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user at least more than the current one which have his "TempPath" resolving to a world...

cork (>=0.1.0 <=0.2.0), dvc (>=0.8.2 <=0.8.6) +12 more potentially affected by CVE-2019-16784 via pyinstaller (>=3.0.0 <=3.5.0)

pyinstaller PYPI version =3.0.0, =0.1.0, =0.8.2, =1.0.0.dev0, =2019.6.5, =0.1.22, =0.9.94, =0.0.1, =0.4.0, =0.1.0, =1.0.1, =0.2.0, =0.7.1 Source cves: CVE-2019-16784 Source advisory: OSV:PYSEC-2020-175...

Privilege escalation

In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user at least more than the current one which have his "TempPath" resolving to a world...

PYSEC-2020-175

In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user at least more than the current one which have his "TempPath" resolving to a world...

PYSEC-2020-194

In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user at least more than the current one which have his "TempPath" resolving to a world...

CVE-2019-16784 Local Privilege Escalation present only on the Windows version of PyInstaller

In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user at least more than the current one which have his "TempPath" resolving to a world...

CVE-2019-16784

CVE-2019-16784 : On Windows, PyInstaller in "onefile" mode is vulnerable to local privilege escalation prior to version 3.6 when a privileged process launches it with a World-writable TempPath (e.g., C:\Windows\Temp) and the attacker can trigger a restart after their exploit. The issue affects so...

AbsoluteZero - Python APT Backdoor

This project is a Python APT backdoor, optimized for Red Team Post Exploitation Tool, it can generate binary payload or pure python source. The final stub uses polymorphic encryption to give a first obfuscation layer to itself. Deployment AbsoluteZero is a complete software written in Python 2.7...

Grok-backdoor - Backdoor With Ngrok Tunnel Support

Grok-backdoor is a simple python based backdoor, it uses Ngrok tunnel for the communication. Ngrok-backdoor can generate windows, linux and mac binaries using Pyinstaller. Disclaimer: All the code provided on this repository is for educational/research purposes only. Any actions and/or activities...

Simple IOC and Incident Response Scanner: Loki

LOKI is a free and simple IOC scanner, a complete rewrite of main analysis modules of our full featured APT Scanner THOR. IOC stands for „Indicators of Compromise“. These indicators can be derived from published incident reports, forensic analyses or malware sample collections in your Lab. LOKI...

Powershell-RAT - Python Based Backdoor That Uses Gmail To Exfiltrate Data Through Attachment

Python based backdoor that uses Gmail to exfiltrate data as an e-mail attachment. This RAT will help someone during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment. Note: This...

Excalibur - An Eternalblue exploit payload based Powershell

Excalibur is an Eternalblue exploit based "Powershell" for the Bashbunny project. It's purpose is to reflect on how a "simple" USB drive can execute the 7 cyber kill chain. Excalibur may be used only for demostrations purposes only, and the developers are not responsible to any misuse or illeagal...

NorkNork - Powershell Empire Persistence Finder

This script was designed to identify Powershell Empire persistence payloads on Windows systems. It currently supports checks for these persistence methods: Scheduled Tasks Auto-run WMI subscriptions Security Support provider Ease of Access Center backdoors Machine account password disable INSTALL...

DropboxC2C - A Post-Exploitation Agent Which Uses Dropbox Infrastructure For Command And Control Operations

DropboxC2C is a post-exploitation agent which uses Dropbox Infrastructure for command and control operations. DO NOT USE THIS FOR MALICIOUS PURPOSES. THE AUTHOR IS NOT RESPONSIBLE FOR ANY MISUSE OF THIS PROGRAM. Structure main.py - The "server" part which manages all the agents. agent.py - The...

Winpayloads - Undetectable Windows Payload Generation

Winpaylods is a payload generator tool that uses metasploits meterpreter shellcode, injects the users ip and port into the shellcode and writes a python file that executes the shellcode using ctypes. This is then aes encrypted and compiled to a Windows Executable using pyinstaller. Main features:...