YKWriter

YKWriter 🔑💾 YKWriter is a lightweight Windows Forms utili...

Windows Persistence via UserInitMprLogonScript

This module establishes persistence by setting the UserInitMprLogonScript value in HKCU\Environment. During user logon, userinit.exe checks this value and executes the specified command or binary. The module writes a payload executable to disk and points UserInitMprLogonScript to that payload...

Windows Registry Persistence via Userinit

This module will install a payload that is executed during user logon. It writes a payload executable to disk and modifies the Userinit registry value in "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" to append the payload path, causing it to execute when any user logs in. Module...

Exploit for Path Traversal in Rarlab Winrar

WinRAR Path Traversal Exploit CVE-2025-8088 - Multi-Depth Pa...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2025-53770 SharePoint Vulnerability Scanner 100% hacked t...

Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection

Our Threat Hunting team discusses Earth Preta’s latest technique, in which the APT group leverages MAVInject and Setup Factory to deploy payloads, bypass ESET antivirus, and maintain control over compromised systems...

PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit

BYOSI - Bring-Your-Own-Script-Interpreter - Leveraging the abuse of trusted applications, one is able to deliver a compatible script interpreter for a Windows, Mac, or Linux system as well as malicious source code in the form of the specific script interpreter of choice. Once both the malicious...

Black Basta-Linked Attackers Target Users with SystemBC Malware

An ongoing social engineering campaign with alleged links to the Black Basta ransomware group has been linked to "multiple intrusion attempts" with the goal of conducting credential theft and deploying a malware dropper called SystemBC. "The initial lure being utilized by the threat actors remain...

Exploit for Special Element Injection in Google Android

EvilDroid: Automated Exploit for CVE-2024-0044 EvilDroid...

Malvertising Campaign Leads to Execution of Oyster Backdoor

The following analysts contributed to this blog: Thomas Elkins, Daniel Thiede, Josh Lockwood, Tyler McGraw, and Sasha Kovalev. Executive Summary Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and...

Metasploit Weekly Wrap-Up 01/19/24

Unicode your way to a php payload and three modules to add to your playbook for Ansible Our own jheysel-r7 added an exploit leveraging the fascinating tool of php filter chaining to prepend a payload using encoding conversion characters and h00die et. al. have come through and added 3 new Ansible...

Ansible Agent Payload Deployer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ansible Agent Payload Deployer', 'Description' = %q This exploit module creates an ansible module for deployment to nodes in the network. It...

Lucee Scheduled Job v1.0 - Command Execution Exploit

Exploit Title: Lucee Scheduled Job v1.0 - Command Execution Exploit Author: Alexander Philiotis Vendor Homepage: https://www.lucee.org/ Software Link: https://download.lucee.org/ Version: All versions with scheduled jobs enabled Tested on: Linux - Debian, Lubuntu & Windows 10 Ref :...

Remote Control Collection RCE

This module utilizes the Remote Control Server's, part of the Remote Control Collection by Steppschuh, protocol to deploy a payload and run it from the server. This module will only deploy a payload if the server is set without a password default. Tested against 3.1.1.12, current at the time of...

Mobile Mouse RCE

This module utilizes the Mobile Mouse Server by RPA Technologies, Inc protocol to deploy a payload and run it from the server. This module will only deploy a payload if the server is set without a password default. Tested against 3.6.0.4, current at the time of module writing Module Options msf u...

Unified Remote Authentication Bypass / Code Execution Exploit

This Metasploit module utilizes the Unified Remote remote control protocol to type out and deploy a payload. The remote control protocol can be configured to have no passwords, a group password, or individual user accounts. If the web page is accessible, the access control is set to no password f...

Rapid7 Metasploit 安全漏洞

Rapid7 Metasploit is a suite of penetration testing software from the US-based Rapid7. A security vulnerability exists in Metasploit version 3.11.0.248350, which originates from a module that utilizes the Unified Remote Telecontrol Protocol to enter and deploy payloads.The telecontrol protocol ca...

Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud

LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign. "It runs an anonymous mining operation by the use of proxy pools, which hide the wallet addresses," CrowdStrike said in a new report. "It...

Malware Loader ‘Brushaloader’ Grows More Menacing

The tenacious loader malware called Brushaloader is growing more menacing, showing no signs of abatement despite best efforts by security professionals. First identified in June 2018, the Brushaloader malware is now more pervasive, stealthy and growing in popularity faster than ever before. New...

Atheme IRC Services 7.0.5 Denial Of Service

!/usr/bin/python3 Monday, January 13, 2013 . . | || || | || \ / | / \ / | |/ \ / \ | || || |\ // // | \ / /\ /||/|| / |||| // / http://www.zempirians.com 00100011 01101100 01100101 01100111 01101001 01101111 01101110 -= Atheme - IRC Services Daemon =- Proof of Concept, Denial of Service T E A...