WinRM VBS Remote Code Execution

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit...

Microsoft SQL Server Payload Execution via SQL injection

No description provided by source. $Id: mssqlpayloadsqli.rb 11730 2011-02-08 23:31:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

Microsoft SQL Server Payload Execution

No description provided by source. $Id: mssqlpayload.rb 11392 2010-12-21 20:36:34Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...

PowerShell XP 3.0.1 - Buffer Overflow 0day

No description provided by source. !/usr/bin/python vuln finders : kmkz, zadyree, hellpast author : m101 site : http://binholic.blogspot.com/ Exploit Title: PowerShell XP 3.0.1 0day Date: 11/12/2010 Author: m101 Software Link: http://www.softpedia.com/progDownload/PowerShell-XP-Download-22529.htm...

Antak WebShell - A webshell which utilizes PowerShell

Antak is a webshell written in C.Net which utilizes powershell. Antak is a part of Nishang and updates could be found here: https://github.com/samratashok/nishang Use this shell as a normal powershell console. Each command is executed in a new process, keep this in mind while using commands like...

New Ransomware Malware takes Advantage of Windows PowerShell

Ransomware is one of the most blatant and obvious money making schemes for cybercriminals and it was most likely to be known when last year Cryptolocker ransomware targeted millions of computers worldwide. Recently, security researchers at the Antivirus firm TrendLabs have unearthed another...

Cuckoo Sandbox v1.1 - Automated Malware Analysis

Cuckoo Sandbox is a malware analysis system. It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment. Cuckoo generates a handful of differen...

How To Export Windows Event Logs

Purpose When submitting a support case for technical assistance, it is sometimes necessary to upload relevant Windows event logs in addition to the Veeam logs. Event logs exported using default settings can be missing important information. This article describes three different methods of...

Tips for Advanced Scheduling

Purpose This article provides information about advanced scheduling techniques in Veeam Backup & Replication. Solution Scenario 1: Granular Scheduling This advanced scheduling technique allows for a job to be scheduled to run at different times each day. By configuring the job to run "Periodicall...

HP Data Protector Backup Client Service Remote Code Execution Exploit

Exploit for windows platform in category remote exploits require 'msf/core' class Metasploit3 'HP Data Protector Backup Client Service Remote Code Execution', 'Description' = %q This module abuses the Backup Client Service OmniInet.exe to achieve remote code execution. The vulnerability exists in...

Hyper-V Guest processing skipped (check guest OS VSS state and integration components version)

Challenge Guest VMs will fail to engage VSS when Application-Aware Processing is enabled, generating the error: Error Guest processing skipped check guest OS VSS state and integration components version System.Exception Solution Most Common Solution At the time this article was written in 2014,...

Windows Command Shell Upgrade (Powershell)

This Metasploit module executes Powershell to upgrade a Windows Shell session to a full Meterpreter session. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/powershell' class...

Windows Command Shell Upgrade (Powershell)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/powershell' class Metasploit3 'Windows Command Shell Upgrade Powershell', 'Description' = %q This module executes Powershell t...

Powershell Base64 Command Encoder

This encodes the command as a base64 encoded command for powershell. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework include Msf::Post::Windows class MetasploitModule 'Powershell Base64 Command Encoder', 'Description'...

Windows Command Shell, Reverse TCP (via Powershell)

Connect back and create a command shell via Powershell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 1588 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions...

Windows Command Shell Upgrade (Powershell)

This module executes Powershell to upgrade a Windows Shell session to a full Meterpreter session. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Command Shell Upgrade Powershell',...

Windows Management Instrumentation (WMI) Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require 'rex' class Metasploit3...

Windows Management Instrumentation (WMI) Remote Command Execution

This Metasploit module executes powershell on the remote host using the current user credentials or those supplied. Instead of using PSEXEC over TCP port 445 we use the WMIC command to start a Remote Procedure Call on TCP port 135 and an ephemeral port. Set ReverseListenerComm to tunnel traffic...

Microsoft Windows Authenticated Powershell Command Execution

This module uses a valid administrator username and password to execute a powershell payload using a similar technique to the "psexec" utility provided by SysInternals. The payload is encoded in base64 and executed from the commandline using the -encodedcommand flag. Using this method, the payloa...

Graphical Interface for Powershell Scripts: PoshSec Framework

The PoshSec Framework is a tool that is designed to provide a graphical interface for powershell scripts, funcions, modules and cmdlets The PoshSec Framework is not merely a defense tool. It can be used for offense, defense, and even system administration. The whole idea is to give people a tool...