HTB-Blue-Writeup

Blue — EternalBlue MS17-010 Platform: TryHackMe OS:...

chrome-exploit-simulator

Ethical Hacking — Simulateur Exploit Web Présentation Ce...

Exploit for CVE-2020-1472

Domain-Controller-DC-Exploitation-with-Metasploit-Impacket End...

XAMPP 8.2.4 - Unquoted Path Vulnerability

Exploit Title: XAMPP 8.2.4 - Unquoted Path Exploit Author: Andrey Stoykov Version: 8.2.4 Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.2.4/xampp-windows-x64-8.2.4-0-VS16-installer.exe Tested on: Windows Server 2022 Blog: http://msecureltd.blogspot.com/ Steps to...

XAMPP 8.2.4 Unquoted Service Path

Exploit Title: XAMPP 8.2.4 - Unquoted Path Date: 07/2023 Exploit Author: Andrey Stoykov Version: 8.2.4 Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.2.4/xampp-windows-x64-8.2.4-0-VS16-installer.exe Tested on: Windows Server 2022 Blog: http://msecureltd.blogspot.com...

Nagios XI Autodiscovery Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI Autodiscovery Webshell Upload', 'Description' = %q This module exploits a path traversal issue in Nagios XI before version 5.8.5...

Nagios XI Autodiscovery Webshell Upload

This module exploits a path traversal issue in Nagios XI before version 5.8.5 CVE-2021-37343. The path traversal allows a remote and authenticated administrator to upload a PHP web shell and execute code as www-data. The module achieves this by creating an autodiscovery job with an id field...

Metasploit Tips and Tricks for HaXmas 2020

For this year's HaXmas, we're giving the gift of Metasploit knowledge! We'll cover a mix of old, new, or recently improved features that you can incorporate into your workflows. Some of our readers may already know these tips and tricks for using Metasploit, but for the others who aren't aware of...

Python-Rootkit - Python Remote Administration Tool (RAT) To Gain Meterpreter Session

This is a full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse httpsMetasploit connection to your listening machine. ViRu5 life cycle Bypass all anti-virus. Inject a malicious powershell script into memory...

Multi Manage Network Route via Meterpreter Session

This module manages session routing via an existing Meterpreter session. It enables other modules to 'pivot' through a compromised host when connecting to the named NETWORK and SUBMASK. Autoadd will search a session for valid subnets from the routing table and interface list then add routes to...

Venom - Metasploit Shellcode Generator / Compiler / Listenner

The script will use msfvenom metasploit to generate shellcode in diferent formats c | python | ruby | dll | msi | hta-psh , injects the shellcode generated into one funtion example: python "the python funtion will execute the shellcode in ram" and uses compilers like: gcc gnu cross compiler or...

Windows Gather Active Directory Users

This module will enumerate user accounts in the default Active Domain AD directory and stores them in the database. If GROUPMEMBER is set to the DN of a group, this will list the members of that group by performing a recursive/nested search i.e. it will list users who are members of groups that a...

Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow 'schlamperei.x86.dll' (MS13-053) (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/post/windows/reflectivedllinjection' require 'rex' class Metasploit3 'Windows NTUserMessageCall Win32k Kernel Pool Overflow...

[BeEF] Fake Browser Update Exploitation

How to use BeEF Framework for fake browser update exploitation. Fake Browser Update : - In BeEF Framework there is a new feature available in social-engineering called Clippy using this feature we are sending the fake Update notification and if user click on that so obviously he is going to insta...

Multi Gather Run Console Resource File

This module will read console commands from a resource file and execute the commands in the specified Meterpreter session. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Gather Run Conso...

Oracle WebLogic IIS connector JSESSIONID - Remote Overflow

!/usr/bin/perl No point in keeping this private anymore! ksOSe - 02/16/2009 - CVE-2008-5457 Tested on w2k sp4 and w2k3 R2 sp2 no NX cohelet framework-3.2 ./msfcli multi/handler PAYLOAD=windows/reflectivemeterpreter/reversetcp LHOST=10.10.10.1 LPORT=80 E Please wait while we load the module tree...