610 matches found
Microsoft Exchange Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Exchange Privilege Escalation Exploit', 'Description' = %q This module exploits a privilege escalation vulnerability found in Microsoft...
Netlogon Weak Cryptographic Authentication
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'windowserror' class MetasploitModule 'Netlogon Weak Cryptographic Authentication', 'Description' = %q A vulnerability exists within the Netlogon authentication...
Active Directory Certificate Services (ADCS) Privilege Escalation (Certifried)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Active Directory Certificate Services ADCS privilege escalation Certifried', 'Description' = %q This module exploits a privilege escalation...
HP ProCurve SNAC Domain Controller Credential Dumper
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'HP ProCurve SNAC Domain Controller Credential Dumper', 'Description' = %q This module will extract Domain Controller...
AD CS Certificate Template Management
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AD CS Certificate Template Management', 'Description' = %q This module can create, read, update, and delete AD CS certificate templates from a...
New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data
The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints. The use of credential harvesting in connection with a ransomware infection marks an unusual twist, and one that could have cascadi...
CVE-2024-38876
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 All versions, Omnivise T3000 Domain Controller R9.2 All versions, Omnivise T3000 Product Data Management PDM R9.2 All versions, Omnivise T3000 R8.2 SP3 All versions, Omnivise T3000 R8.2 SP4 All versions, Omnivise T3000...
The vulnerabilities of the components such as Omnivise T3000 Application Server, Omnivise T3000 Domain Controller, Omnivise T3000 Network Intrusion Detection System (NIDS), Omnivise T3000 Product Data Management (PDM), Omnivise T3000 Security Server, Omnivise T3000 Terminal Server, Omnivise T3000 Thin Client, and Omnivise T3000 Whitelisting Server, along with their software-defined hardware platforms for process management and monitoring in the Siemens Omnivise T3000 system, allow attackers to disclose protected information and enhance their privileges.
The vulnerabilities of the Omnivise T3000 Application Server, Omnivise T3000 Domain Controller, Omnivise T3000 Network Intrusion Detection System NIDS, Omnivise T3000 Product Data Management PDM, Omnivise T3000 Security Server, Omnivise T3000 Terminal Server, Omnivise T3000 Thin Client, and...
Desktops Do Not Register using XenDesktop and Provisioning Server
When using XenDesktop with Provisioning Service, the desktops do not register. Note : XenDesktop might try starting all the machines in your desktop group on the VDA Event Viewer: Under Application: Desktop Service - Failed to start WCF services. Exception Log on Failure due to unknown user name...
PT-2024-5380 · Omnivise · Omnivise T3000 Terminal Server +5
Name of the Vulnerable Software and Affected Versions: Omnivise T3000 Application Server R9.2 All versions Omnivise T3000 Domain Controller R9.2 All versions Omnivise T3000 Product Data Management PDM R9.2 All versions Omnivise T3000 R8.2 SP3 All versions Omnivise T3000 R8.2 SP4 All versions...
May 14, 2024—KB5037836 (Security-only update)
May 14, 2024—KB5037836 Security-only update End of support information Windows Server 2008 SP2 Extended Security Updates ESU third and final year ended on January 10, 2023. Additionally, Extended Security Updates on Azure only support ended on January 9, 2024. For more information, see Extended...
Shadow Credentials
This module can read and write the necessary LDAP attributes to configure a particular account with a Key Credential Link. This allows weaponising write access to a user account by adding a certificate that can subsequently be used to authenticate. In order for this to succeed, the authenticated...
March 12, 2024—KB5035885 (Monthly Rollup)
March 12, 2024—KB5035885 Monthly Rollup IMPORTANT If you plan to install this update on a domain controller DC, we highly recommend that you install update KB5037426 instead March 22, 2024. This out-of-band update addresses a known issue that affects the Local Security Authority Subsystem Service...
Exploit for CVE-2021-42278
This is a Python script for exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate a Domain Administrator DA from a standard domain user. The script uses the Impacket library to interact with the Active Directory. The script has several components: 1. samtheadmin.py: This is the main script...
SharpShares - Multithreaded C# .NET Assembly To Enumerate Accessible Network Shares In A Domain
Multithreaded C .NET Assembly to enumerate accessible network shares in a domain Built upon djhohnstein's SharpShares project .\SharpShares.exe help Usage: SharpShares.exe /threads:50 /ldap:servers /ou:"OU=Special Servers,DC=example,DC=local" /filter:SYSVOL,NETLOGON,IPC$,PRINT$ /verbose...
PT-2024-1126 · Microsoft · Lsass +1
Name of the Vulnerable Software and Affected Versions: Microsoft Local Security Authority Subsystem Service affected versions not specified Description: The issue is related to a lack of protection for service data in the Local Security Authority Subsystem Service LSASS of the Windows operating...
Linux VDA shows gray screen then disappears when LDAP server is unreachable
One of Windows domain controllers is down. When user logon Linux VDA, gray screen takes about 1 minutes, then ICA session disappears...
Find Users Without Pre-Auth Required (ASREP-roast)
This module searches for AD users without pre-auth required. Two different approaches are provided: - Brute force of usernames does not require a user account; should not lock out accounts - LDAP lookup requires an AD user account Module Options msf use auxiliary/gather/asrep msf auxiliaryasrep...
samba: "rpcecho" development server allows denial of service via sleep() call on AD DC
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...
samba: "rpcecho" development server allows denial of service via sleep() call on AD DC
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...