Windows Command Shell Upgrade (Powershell)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/powershell' class Metasploit3 'Windows Command Shell Upgrade Powershell', 'Description' = %q This module executes Powershell t...

Powershell Base64 Command Encoder

This encodes the command as a base64 encoded command for powershell. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework include Msf::Post::Windows class MetasploitModule 'Powershell Base64 Command Encoder', 'Description'...

Windows Command Shell, Reverse TCP (via Powershell)

Connect back and create a command shell via Powershell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 1588 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions...

Windows Command Shell Upgrade (Powershell)

This module executes Powershell to upgrade a Windows Shell session to a full Meterpreter session. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Command Shell Upgrade Powershell',...

Windows Management Instrumentation (WMI) Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require 'rex' class Metasploit3...

Windows Management Instrumentation (WMI) Remote Command Execution

This Metasploit module executes powershell on the remote host using the current user credentials or those supplied. Instead of using PSEXEC over TCP port 445 we use the WMIC command to start a Remote Procedure Call on TCP port 135 and an ephemeral port. Set ReverseListenerComm to tunnel traffic...

Microsoft Windows Authenticated Powershell Command Execution

This module uses a valid administrator username and password to execute a powershell payload using a similar technique to the "psexec" utility provided by SysInternals. The payload is encoded in base64 and executed from the commandline using the -encodedcommand flag. Using this method, the payloa...

Graphical Interface for Powershell Scripts: PoshSec Framework

The PoshSec Framework is a tool that is designed to provide a graphical interface for powershell scripts, funcions, modules and cmdlets The PoshSec Framework is not merely a defense tool. It can be used for offense, defense, and even system administration. The whole idea is to give people a tool...

[PoshSec Framework v0.2] Graphical Interface for Powershell scripts

The PoshSec Framework is a tool that is designed to provide a graphical interface for powershell scripts, functions, modules, and cmdlets. It allows the community to write scripts that can interact with the interface by providing alerts, and output directly from their powershell scripts. This...

Windows Management Instrumentation (WMI) Remote Command Execution

This module executes powershell on the remote host using the current user credentials or those supplied. Instead of using PSEXEC over TCP port 445 we use the WMIC command to start a Remote Procedure Call on TCP port 135 and an ephemeral port. Set ReverseListenerComm to tunnel traffic through that...

Oracle Endeca Server Remote Command Execution

This module exploits a command injection vulnerability on the Oracle Endeca Server 7.4.0. The vulnerability exists on the createDataStore method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the 7.5.5.1 branch. In addition, t...

MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/exploit/exe' class...

Powershell Payload Web Delivery Vulnerability

This Metasploit module quickly fires up a web server that serves the payload in powershell. The provided command will start powershell and then download and execute the payload. The IEX command can also be extracted to execute directly from powershell. The main purpose of this module is to quickl...

Powershell Payload Web Delivery

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Powershell Payload Web Delivery',...

Microsoft Windows Authenticated Powershell Command Execution

-- coding: binary -- This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/exploit/powershel...

Microsoft Windows Authenticated Powershell Command Execution

This Metasploit module uses a valid administrator username and password to execute a powershell payload using a similar technique to the "psexec" utility provided by SysInternals. The payload is encoded in base64 and executed from the commandline using the -encodedcommand flag. Using this method,...

[Nishang v.0.2.7] PowerShell for Penetration Testing

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests.It contains many interesting script...

[SET v5.1] The Social-Engineer Toolkit codename “Name of the Doctor”

The Social-Engineer Toolkit SET version 5.1 codename “ Name of the Doctor ” has been released. This version adds a complete rewrite of the MSSQL Bruter as well as a new attack vector utilizing the PSExec functionality within Metasploit. The MSSQL Bruter now incorporates UDP port 1434 quick...

Tips for DAG Exchange Backup and Replication in vSphere

vSphere Snapshot Improvements This article was initially written when vSphere 5 snapshot operations were known and expected to cause small amounts of I/O stun to a VM's guest OS. Improvements in the latter vSphere versions, including significant changes to snapshot operation methodology in vSpher...

PsExec via Current User Token

This module uploads an executable file to the victim system, creates a share containing that executable, creates a remote service on each target system using a UNC path to that file, and finally starts the services. The result is similar to psexec but with the added benefit of using the session's...