Exploit for CVE-2017-0144

💀 EternalBlue MS17-010 Exploitation Research Controlled r...

CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub

The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and medium-sized businesses SMBs in Europe, Asia, Africa, and South America, while also likely working as an affiliate for RansomHub. "CosmicBeetle replaced its previously...

noorfes.com Cross Site Scripting vulnerability OBB-1281479

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

uzagorju.com Cross Site Scripting vulnerability OBB-1226358

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploit for CVE-2017-0144

PoC exploit for CVE-2017-0144 Eternalblue-Doublepulsar. The target product/service is Windows operating system, specifically the SMB Server Message Block protocol. The vulnerability class/vector is a remote code execution RCE vulnerability, which allows an attacker to execute arbitrary code on th...

rch2000.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1099114 Security Researcher g0bl1nsec Helped patch 3768 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting rch2000.com website and i...

url.hqhl.net Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1087920 Security Researcher g0bl1nsec Helped patch 3735 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting url.hqhl.net website and...

SMB DOUBLEPULSAR Remote Code Execution Exploit

This Metasploit module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB as popularly deployed by ETERNALBLUE. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant. This...

SMB DOUBLEPULSAR Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMB DOUBLEPULSAR Remote Code Execution', 'Description' = %q This module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR...

SMB DOUBLEPULSAR Remote Code Execution

This module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB as popularly deployed by ETERNALBLUE. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant. This module require...

Security Bulletin: Multiple vulnerabilities in Cloud Pak System

Summary There are vulnerabilities in Cloud Pak System previously known as PureApplication System. It applies to Cloud Pak System, Software, and Service. Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2019-4096 DESCRIPTION: IBM Pure Application System uses a...

DOUBLEPULSAR - Payload Execution and Neutralization Exploit

This Metasploit module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB as popularly deployed by ETERNALBLUE. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant. This...

DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DOUBLEPULSAR Payload Execution and Neutralization', 'Description' = %q This module executes a Metasploit payload against the Equation Group's...

DOUBLEPULSAR Payload Execution / Neutralization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DOUBLEPULSAR Payload Execution and Neutralization', 'Description' = %q This module executes a Metasploit payload against the Equation Group's...

Exploit for CVE-2017-0144

Based on the provided code and analysis, here is a summary of the findings: Classification: The repository is an offensive tool for exploiting vulnerabilities, specifically targeting the Windows operating system. Primary Target: The primary target is the Windows operating system, with a focus on...

EternalBlue Exploit Used in Retefe Banking Trojan Campaign

Criminals behind the Retefe banking Trojan have added a new component to their malware that uses the NSA exploit EternalBlue. The update makes Retefe the latest malware family to adopt the SMBv1 attack against a patched Windows vulnerability, and could signal an emerging trend, said researchers a...

Eternal - An internet scanner for Eternal Blue [exploit CVE-2017-0144]

Eternal scanner is a network scanner for Eternal Blue exploit CVE-2017-0144. Requirements masscan metasploit-framework How to Install git clone https://github.com/peterpt/eternalscanner.git cd eternalscanner && ./escan OR ./escan -h to change scanner speed Install Requirements apt-get install...

Exploit for CVE-2017-0144

PoC exploit for CVE-2017-0144 and CVE-2017-0145, also known as E...

Windows SMB PsImpersonateClient null token vulnerability

Added: 07/13/2017 CVE: CVE-2017-0144 BID: 96704 Background Server Message Block SMB is the protocol used by Microsoft Windows computers to communicate over a network. Problem A remote attacker can execute arbitrary commands with SYSTEM privileges by overwriting the token to a null value and forci...

Microsoft Windows - Uncredentialed SMB RCE (MS17-010) Exploit

This Metasploit module uses information disclosure to determine if MS17-010 has been patched or not. Specifically, it connects to the IPC$ tree and attempts a transaction on FID 0. If the status returned is "STATUSINSUFFSERVERRESOURCES", the machine does not have the MS17-010 patch. This Metasplo...