208 matches found
CB TAU Threat Intelligence Notification: Sodinokibi Ransomware
Sodinokibi otherwise known as Sodin or REvil is a ransomware variant that has recently been observed evolving its delivery techniques, leveraging fake antivirus software and PowerShell droppers. This malware appears to be related to GandCrab and is likely a result of their operation closing up...
Windows/x86 - bitsadmin Download and Execute Shellcode (210 Bytes)
/ ; Windows/x86 - bitsadmin Download and Execute http://192.168.10.10/evil.exe c:\evil.exe Shellcode 210 Bytes ; Shellcode Title : bitsadmin download and execute ; Shellcode Author : Joseph McDonagh ; Date June 26, 2019 ; Shellcode Length 210 ; However, if the application you are exploiting alrea...
A use cve-2017-11882 and cve-2018-0802 combination of vulnerability a malicious document analysis-vulnerability warning-the black bar safety net
! Recently intercepted an extension doc word document to attack the samples, which format is actually RTF format. By analyzing the document composition the use of a cve-2017-11882 and cve-2018-0802 vulnerability, and use the embedded excel object is used to trigger the vulnerability. The release ...
Cmd and Conquer: De-DOSfuscation with flare-qdb
When Daniel Bohannon released his excellent DOSfuscation paper, I was fascinated to see how tricks I used as a systems engineer could help attackers evade detection. I didn’t have much to contribute to this conversation until I had to analyze a hideously obfuscated batch file as part of my job on...
Threat Analysis: Recent Attack Technique Leveraging cmd.exe and PowerShell Demonstrates How Attackers Are Using Trusted Microsoft Applications for Malicious Behavior
An attack leveraging cmd.exe and PowerShell was recently investigated by Cb ThreatSight analysts. Our initial investigation discovered that a batch file was executed on the targeted system. This batch file then invoked PowerShell with a base64 encoded command. Decoding the command revealed a seri...
CVE-2018-7304
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation...
CVE-2018-7304
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation...
CVE-2018-7304
CVE-2018-7304 affects Tiki Wiki CMS Groupware (Tiki) version 17.1. The vulnerability arises because the application does not validate user input containing special characters in CSV fields, enabling CSV Injection that can trigger commands on the victim’s machine (for example, an input payload lik...
HP Connected Backup 8.6/8.8.6 - Local Privilege Escalation
Tested on HP Connected Backup version 8.8.2.0 on Windows 7 x64 import os import sys import time import requests from bs4 import BeautifulSoup def sendrequestbody: url="http://localhost:16386/" headers = "Content-Type": "text/xml; charset=utf-8", 'SOAPAction': '""', "Set-Cookie":...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution
Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows host is affect...
Windows Escalate UAC Protection Bypass (Via COM Handler Hijack) Exploit
This Metasploit module will bypass Windows UAC by creating COM handler registry entries in the HKCU hive. When certain high integrity processes are loaded, these registry entries are referenced resulting in the process loading user-controlled DLLs. These DLLs contain the payloads that result in...
Windows Escalate UAC Protection Bypass (Via COM Handler Hijack)
This module will bypass Windows UAC by creating COM handler registry entries in the HKCU hive. When certain high integrity processes are loaded, these registry entries are referenced resulting in the process loading user-controlled DLLs. These DLLs contain the payloads that result in elevated...
Source game remote code execution vulnerability analysis-vulnerability warning-the black bar safety net
Valve's Source SDK contains a buffer overflow vulnerability, which results in the client and server can execute arbitrary code. This vulnerability in the shot and the player when triggered, which can lead to load a specific ragdoll modelragdoll model. A plurality of Source game in 2017 6 November...
FTPGetter 5.89.0.85 Buffer Overflow
!/usr/bin/python Exploit Title: FTPGetter 5.89.0.85 Remote SEH Buffer Overflow Date: 07/14/2017 Exploit Author: Paul Purcell Contact: ptpxploit at gmail Vendor Homepage: https://www.ftpgetter.com/ Vulnerable Version Download: Available for 30 days here: https://ufile.io/2celn I can upload again...
Serviio Media Server checkStreamUrl Command Execution Exploit
This Metasploit module exploits an unauthenticated remote command execution vulnerability in the console component of Serviio Media Server versions 1.4 to 1.8 on Windows operating systems. The console service on port 23423 by default exposes a REST API which which does not require authentication...
Serviio Media Server - checkStreamUrl Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule /Restlet-Framework/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager def initializeinfo = superupdateinfoinfo, 'Name' =...
Serviio Media Server checkStreamUrl Command Execution
This module exploits an unauthenticated remote command execution vulnerability in the console component of Serviio Media Server versions 1.4 to 1.8 on Windows operating systems. The console service on port 23423 by default exposes a REST API which which does not require authentication. The 'actio...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution Exploit
Serviio PRO DLNA Media Streaming Server version 1.8.0.0 PRO, 1.7.1, 1.7.0, and 1.6.1 suffers from a REST API arbitrary code execution vulnerability. !/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution Vendor: Petr Nejedly | Six Lines Ltd Product web...
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution
!/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1 Summary: Serviio is a free media server. It allows you to stream your...
Microsoft Windows taskschd.msc Privilege Escalation Vulnerability
Microsoft Windows taskschd.msc local SYSTEM privilege escalation exploit. Microsoft Windows 'taskschd.msc' Local SYSTEM Privilege Escalation Todor Donev https://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Disclaimer: This or previous programs is for Educational purpose ONLY...