28 matches found
New Actor DarkHydrus Targets Middle East with Open-Source Phishing
Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign, mounted by a newly-named threat group known as DarkHydrus. In a twist on the norm, the group is leveraging the open-source Phishery tool to carry out its dark work. T...
Eclipse Equinox OSGi Console Command Execution
Exploit Eclipse Equinox OSGi Open Service Gateway initiative console 'fork' command to execute arbitrary commands on the remote system. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' class...
EAPHammer - Targeted Evil Twin Attacks Against WPA2-Enterprise Networks [Indirect Wireless Pivots Using Hostile Portal Attacks]
EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wirele...
Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government
Introduction FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy, a popular remote access tool RAT that has been used for...
Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government
Introduction FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy, a popular remote access tool RAT that has been used for...
Powershell Payload Execution Exploit
Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/post/windows/services' require 'msf/core/post/windows/powershell' require...
Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection Vulnerability
Exploit for windows platform in category remote exploits Exploit Title: Sysaid Helpdesk Software Unauthenticated SQLi Date: 28.11.2015 Exploit Author: hland Vendor Homepage: https://www.sysaid.com/ Version: v14.4.32 b25 Tested on: Windows 7, Windows 10 Blog post:...
MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/exploit/exe' class...