MS17-010-EternalBlue---Windows-7-Exploitation

MS17-010 EternalBlue - Windows 7 Exploitation Technical doc...

EternalBlueExploitation

Eternal Blue Exploitation Description For this project, I expl...

Malicious code in hashdump (npm)

The package hashdump was found to contain malicious code...

MAL-2025-22255 Malicious code in hashdump (npm)

The package hashdump was found to contain malicious code...

Metasploit Wrap-Up 05/17/2024

LDAP Authentication Improvements This week, in Metasploit v6.4.9, the team has added multiple improvements for LDAP related attacks. Two improvements relating to authentication is the new support for Signing and Channel Binding. Microsoft has been making changes to harden the communications to...

Metasploit Weekly Wrap-Up

Throw another log file on the fire Our own Stephen Fewer authored a module targeting CVE-2023-26360 affecting ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier. The vulnerability allows multiple paths to code execution, but our module works by leveraging a...

LinPwn - Interactive Post Exploitation Tool

LinPwn is a interactive tool created to assist you in post exploitation enumeration and privilege escalation. Connection Set your IP and port you want it to connect to in the Connection class. Place the LinPwn binary on the target machine. Run nc -lvp PORT on your machine and then run LinPwn on t...

John the Ripper Windows Password Cracker (Fast Mode)

This module uses John the Ripper to identify weak passwords that have been acquired as hashed files loot or raw LANMAN/NTLM hashes hashdump. The goal of this module is to find trivial passwords in a short amount of time. To crack complex passwords or use large wordlists, John the Ripper should be...

John the Ripper Password Cracker (Fast Mode)

This module uses John the Ripper to identify weak passwords that have been acquired as hashed files loot or raw LANMAN/NTLM hashes hashdump. The goal of this module is to find trivial passwords in a short amount of time. To crack complex passwords or use large wordlists, John the Ripper should be...

Koadic - COM Command & Control Framework (JScript RAT)

Koadic, or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host a.k.a. JScript/VBScript, with compatibility in t...

Koadic C3 COM Command & Control – JScript RAT

Koadic, or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host a.k.a. JScript/VBScript, with compatibility in t...

Koadic: An Advanced Windows JScript/VBScript RAT!

PenTestIT RSS Feed All of us know that post-exploitation we need some mechanism to maintain access on the target. One of the most common methods is by installing a trojan. I have tried to maintain a list of similar tools on the malware sources page on this blog. Now, there is a new entrant which...

Gladius - Easy mode from Responder to Credentials

Gladius provides an automated method for cracking credentials from various sources during an engagement. We currently crack hashes from Responder, secretsdump.py, and smarthashdump. Install pip install watchdog git clone https://www.github.com/praetorian-inc/gladius cd gladius git clone...

MSSQL Password Hashdump

This module extracts the usernames and encrypted password hashes from a MSSQL server and stores them for later cracking. This module also saves information about the server version and table names, which can be used to seed the wordlist. This module requires Metasploit:...

Trivial Password Flaw Leaves MySQL Databases Exposed

There is a trivially exploitable vulnerability in MySQL that enables an attacker to gain root access to the database server. The bug, which recently was patched, stems from an error in the way that MySQL and MariaDB handle passwords, giving an attacker a chance of getting root access by supplying...

John the Ripper Oracle Password Cracker (Fast Mode)

This module uses John the Ripper to identify weak passwords that have been acquired from the oraclehashdump module. Passwords that have been successfully cracked are then saved as proper credentials...

Postgres Password Hashdump

This module extracts the usernames and encrypted password hashes from a Postgres server and stores them for later cracking. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Postgres Password...

Oracle Password Hashdump

This module dumps the usernames and password hashes from Oracle given the proper Credentials and SID. These are then stored as creds for later cracking using auxiliary/analyze/jtroraclefast. This module supports Oracle DB versions 8i, 9i, 10g, 11g, and 12c. This module requires Metasploit:...

MYSQL Password Hashdump

This module extracts the usernames and encrypted password hashes from a MySQL server and stores them for later cracking. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MYSQL Password Hashdump'...