The Malicious Macro Generator!

PenTestIT RSS Feed I'm sure you remember my older post about the malicious office document generator and the office exploitation toolkit. Just a refresher - Luckystrike is the open source script that helps you create malicious Microsoft Office documents using PowerShell and MicroSploit is an open...

Automate Getting Domain Admin Using Empire: DeathStar

DeathStar is a Python script that uses Empire’s RESTful API to automate gaining Domain Admin rights in Active Directory environments using a variety of techinques. Installation Currently, for Death Star to work you’re going to have to install byt3bl33d3r’s fork of Empire until this pull request...

Internet Download Manager 6.28 Build 17 - Local Buffer Overflow (SEH Unicode)

Internet Download Manager 6.28 Build 17 - Local Buffer Overflow SEH Unicode !/usr/bin/python Exploit Title: Internet Download Manager 6.28 Build 17 - 'Find file' SEH Buffer Overflow Unicode Date: 14-06-2017 Exploit Author: f3ci Tested on: Windows 7 SP1 x86 How to exploit: Open IDM - Downloads -...

Tomabo MP4 Converter 3.19.15 - Denial of Service Exploit

Exploit for windows platform in category dos / poc !/usr/bin/python Exploit Title: Tomabo MP4 Converter DOS Date: 13/08/17 Exploit Author: Andy Bowden Vendor Homepage: http://www.tomabo.com/ Software Link: http://www.tomabo.com/mp4-converter/index.html Version: 3.19.15 Tested on: Windows 7 x86 CV...

Tomabo MP4 Converter 3.19.15 - Denial of Service

Tomabo MP4 Converter 3.19.15 - Denial of Service !/usr/bin/python Exploit Title: Tomabo MP4 Converter DOS Date: 13/08/17 Exploit Author: Andy Bowden Vendor Homepage: http://www.tomabo.com/ Software Link: http://www.tomabo.com/mp4-converter/index.html Version: 3.19.15 Tested on: Windows 7 x86 CVE ...

Tomabo MP4 Converter 3.19.15 - Denial of Service

!/usr/bin/python Exploit Title: Tomabo MP4 Converter DOS Date: 13/08/17 Exploit Author: Andy Bowden Vendor Homepage: http://www.tomabo.com/ Software Link: http://www.tomabo.com/mp4-converter/index.html Version: 3.19.15 Tested on: Windows 7 x86 CVE : None Generate a .m3u file using the python scri...

Microsoft Windows - .LNK Shortcut File Code Execution

Microsoft Windows - .LNK Shortcut File Code Execution !/usr/bin/python -- coding: utf-8 -- Title : CVE-2017-8464 | LNK Remote Code Execution Vulnerability CVE : 2017-8464 Authors : ykoster, nixawk Notice : Only for educational purposes. Support : python2 import struct def generateSHELLLINKHEADER:...

Microsoft Windows - '.LNK' Shortcut File Code Execution

!/usr/bin/python -- coding: utf-8 -- Title : CVE-2017-8464 | LNK Remote Code Execution Vulnerability CVE : 2017-8464 Authors : ykoster, nixawk Notice : Only for educational purposes. Support : python2 import struct def generateSHELLLINKHEADER: | | | | | | | | | | | | | | | | | | | | | | | | | | |...

XSStrike v1.2 - Fuzz, Crawl and Bruteforce Parameters for XSS

XSStrike is a python script designed to detect and exploit XSS vulnerabilites. A list of features XSStrike has to offer: Fuzzes a parameter and builds a suitable payload Bruteforces paramteres with payloads Has an inbuilt crawler like functionality Can reverse engineer the rules of a WAF/Filter...

Hash Buster - A Script Which Scraps Online Hash Crackers to Find Cleartext of a Hash (MD5, SHA1, SHA2)

Hash Buster is a python script which uses several online hash crackers to find the clear text of a hash in less than 5 seconds. Features of Hash Buster: Detects hash MD5 Support SHA1 Support SHA2 Support Adding more APIs for SHA1 and SHA2 More hash types will be added on demand Installing and Usi...

Unravelling .NET with the Help of WinDBG

This blog was authored by Paul Rascagneres and Warren Mercer.Introduction.NET is an increasingly important component of the Microsoft ecosystem providing a shared framework for interoperability between different languages and hardware platforms. Many Microsoft tools, such as PowerShell, and other...

Counter Strike: Condition Zero - '.BSP' Map File Code Execution

!/usr/bin/env python Counter Strike: Condition Zero BSP map exploit By @DigitalCold Jun 11, 2017 E-DB Note: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42325.zip bsp-exploit-source.zip from binascii import hexlify, unhexlify from struct import pack, unpack...

http-vuln-cve2017-8917 NSE Script

An SQL Injection vulnerability affecting Joomla! 3.7.x before 3.7.1 allows for unauthenticated users to execute arbitrary SQL commands. This vulnerability was caused by a new component, comfields, which was introduced in version 3.7. This component is publicly accessible, which means this can be...

VMware vSphere Data Protection 5.x/6.x - Java Deserialization

!/usr/bin/env python import socket import sys import ssl def getHeader: return '\x4a\x52\x4d\x49\x00\x02\x4b' def payload: cmd = sys.argv4 cmdlen = lencmd data2 =...

Run HTTP Flood DDoS Attacks: Wreckuests

Stress Testing: Run HTTP Flood DDoS Attacks Wreckuests is a script, which allows you to run DDoS attacks with HTTP-floodGET/POST. It’s written in pure Python and uses proxy-servers as “bots”. This script is published for educational purposes only! Features Cache bypass with random ?abcd=efg...

TerraMaster F2-420 NAS TOS 3.0.30 - Root Remote Code Execution

Source: https://www.evilsocket.net/2017/05/30/Terramaster-NAS-Unauthenticated-RCE-as-root/ !/usr/bin/python coding: utf8 Exploit: Unauthenticated RCE as root. Vendor: TerraMaster Product: TOS import sys import requests def upload address, port, filename, path = '/usr/www/' : url =...

DokuWiki Proof Of Concept Shell Upload

c@kali:/src/napalm2.2/modules$ cat shell-dokuwiki.py !/usr/bin/env python shell-dokuwiki.py - module to upload shell, based on previous version created 28.04.2017. Bug 'feature' is exploitable only when you will have a valid credentials. for this proof-of-concept you'll also need host with...

Apple MacOS NSUnarchiver Heap Corruption(CVE-2017-2523)

Via NSUnarchiver we can read NSBuiltinCharacterSet with a controlled serialized state. It reads a controlled int using decodeValueOfObjCType:"i" then either passes it to CFCharacterSetGetPredefined or uses it directly to manipulate NSBuiltinSetTable. Neither path has any bounds checking and the...

Microsoft Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)

!/usr/bin/python from impacket import smb, ntlm from struct import pack import sys import socket ''' EternalBlue exploit for Windows 8 and 2012 by sleepya The exploit might FAIL and CRASH a target system depended on what is overwritten The exploit support only x64 target EDB Note: Shellcode - x64...

NETATTACK 2 - An Advanced Wireless Network Scan and Attack Script

NETATTACK 2 is a python script that scans and attacks local and wireless networks. Everything is super easy because of the GUI that makes it unnecessary to remember commands and parameters. FUNCTIONS SCAN-FUNCTIONS Scan for Wi-Fi networks Scan for local hosts in your network ATTACK-FUNCTIONS...