Lucene search
K

56 matches found

Rapid7 Blog
Rapid7 Blog
added 2023/05/05 6:48 p.m.123 views

Metasploit Weekly Wrap-Up

Throw another log file on the fire Our own Stephen Fewer authored a module targeting CVE-2023-26360 affecting ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier. The vulnerability allows multiple paths to code execution, but our module works by leveraging a...

10CVSS8.3AI score0.97339EPSS
Exploits23
0day.today
0day.today
added 2023/02/03 12:0 a.m.403 views

Lenovo Diagnostics Driver Memory Access Exploit

This Metasploit module demonstrates how an incorrect access control for the Lenovo Diagnostics Driver allows a low-privileged user the ability to issue device IOCTLs to perform arbitrary physical/virtual memory reads and writes. This module requires Metasploit: https://metasploit.com/download...

7.8CVSS7.8AI score0.04284EPSS
Exploits4
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/11/03 6:53 a.m.27 views

DCOM abuse and lateral movement with Cobalt Strike

Introduction When researching lateral movement techniques I came across a post from Raphael Mudge of Cobalt Strike fame. He details scripting an Aggressor Script for Matt Nelson’s MMC20.Application Lateral Movement technique. Reading that post spurred me to make my own DCOM based lateral movement...

7.5AI score
Exploits0
Kitploit
Kitploit
added 2021/07/14 12:30 p.m.197 views

Injector - Complete Arsenal Of Memory Injection And Other Techniques For Red-Teaming In Windows

Complete Arsenal of Memory injection and other techniques for red-teaming in Windows What does Injector do? Process injection support for shellcode located at remote server as well as local storage. Just specify the shellcode file and it will do the rest. It will by default inject into notepad.ex...

8.5AI score
Exploits0References1
Kitploit
Kitploit
added 2021/06/19 9:30 p.m.187 views

FalconEye - Real-time detection software for Windows process injections

FalconEye is a windows endpoint detection software for real-time process injections. It is a kernel-mode driver that aims to catch process injections as they are happening real-time. Since FalconEye runs in kernel mode, it provides a stronger and reliable defense against process injection...

7.5AI score
Exploits0References11
Packet Storm
Packet Storm
added 2021/05/17 12:0 a.m.217 views

Microsoft Windows TokenMagic Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Privilege Escalation via TokenMagic UAC Bypass', 'Description' = %q This module leverages a UAC bypass TokenMagic in order to spawn a...

0.5AI score
Exploits0
Kitploit
Kitploit
added 2021/02/06 8:30 p.m.171 views

ExecuteAssembly - Load/Inject .NET Assemblies

ExecuteAssembly is an alternative of CS execute-assembly, built with C/C++ and it can be used to Load/Inject .NET assemblies by; reusing the host spawnto process loaded CLR Modules/AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI,...

7AI score
Exploits0References8
0day.today
0day.today
added 2021/01/07 12:0 a.m.41 views

NTLM BITS SYSTEM Token Impersonation Exploit

This Metasploit module exploit BITS behavior which tries to connect to the local Windows Remote Management server WinRM every times it starts. The module launches a fake WinRM server which listen on port 5985 and triggers BITS. When BITS starts, it tries to authenticate to the Rogue WinRM server,...

7.3AI score
Exploits0
Metasploit
Metasploit
added 2021/01/06 5:41 p.m.235 views

SYSTEM token impersonation through NTLM bits authentication on missing WinRM Service.

This module exploit BITS behavior which tries to connect to the local Windows Remote Management server WinRM every times it starts. The module launches a fake WinRM server which listen on port 5985 and triggers BITS. When BITS starts, it tries to authenticate to the Rogue WinRM server, which allo...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/06 12:0 a.m.284 views

NTLM BITS SYSTEM Token Impersonation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/reflectivedllinjection' class MetasploitModule 'SYSTEM token impersonation through NTLM bits authentication on missing WinRM Service.',...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/12/15 12:0 a.m.113 views

Microsoft Windows DrawIconEx Local Privilege Escalation Exploit

This Metasploit module exploits CVE-2020-1054, an out of bounds write reachable from DrawIconEx within win32k. The out of bounds write can be used to overwrite the pvbits of a SURFOBJ. By utilizing this vulnerability to execute controlled writes to kernel memory, an attacker can gain arbitrary co...

7.8CVSS9AI score0.52778EPSS
Exploits5
Malwarebytes
Malwarebytes
added 2020/07/21 3:0 p.m.5324 views

Chinese APT group targets India and Hong Kong using new variant of MgBot malware

This blog post was authored by Hossein Jazi and Jérôme Segura On July 2, we found an archive file with an embedded document pretending to be from the government of India. This file used template injection to drop a malicious template which loaded a variant of Cobalt Strike. One day later, the sam...

9.3CVSS8.8AI score0.99966EPSS
Exploits21
Kitploit
Kitploit
added 2020/01/25 8:30 p.m.96 views

Memhunter - Live Hunting Of Code Injection Techniques

Memhunter is an endpoint sensor tool that is specialized in detecing resident malware, improving the threat hunter analysis process and remediation times. The tool detects and reports memory-resident malware living on endpoint processes. Memhunter detects known malicious memory injection...

7.7AI score
Exploits0References1
Kitploit
Kitploit
added 2019/01/14 8:39 p.m.167 views

Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)

PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2018/07/28 10:33 p.m.222 views

sRDI - Shellcode Implementation Of Reflective DLL Injection

sRDI allows for the conversion of DLL files to position independent shellcode. Functionality is accomplished via two components: C project which compiles a PE loader implementation RDI to shellcode Conversion code which attaches the DLL, RDI, and user data together with a bootstrap This project i...

8AI score
Exploits0References1
0day.today
0day.today
added 2018/05/04 12:0 a.m.90 views

Windows WMI Recieve Notification Exploit

This Metasploit module exploits an uninitialized stack variable in the WMI subsystem of ntoskrnl. This Metasploit module has been tested on vulnerable builds of Windows 7 SP0 x64 and Windows 7 SP1 x64. This module requires Metasploit: http://metasploit.com/download Current source:...

7.2CVSS0.24554EPSS
Exploits10
Metasploit
Metasploit
added 2018/02/23 2:3 a.m.18 views

Reflective DLL Injection, Windows x86 Bind Named Pipe Stager

Inject a DLL via a reflective loader. Listen for a pipe connection Windows x86 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 349 include Msf::Payload::Stager include...

1.1AI score
Exploits0
Metasploit
Metasploit
added 2018/01/23 7:0 a.m.8 views

Reflective DLL Injection, Reverse UDP Stager with UUID Support

Inject a DLL via a reflective loader. Connect back to the attacker with UUID Support This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 312 include Msf::Payload::Stager include...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2017/10/12 12:0 a.m.57 views

Windows Escalate UAC Protection Bypass (In Memory Injection) Abusing WinSXS

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' class MetasploitModule 'Windows Escalate UAC Protection Bypass In Memory Injection abusing WinSXS', 'Description' = %q This module will...

0.3AI score
Exploits0
Metasploit
Metasploit
added 2017/06/03 10:59 a.m.90 views

Windows Escalate UAC Protection Bypass (In Memory Injection) abusing WinSXS

This module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off by abusing the way "WinSxS" works in Windows systems. This module uses the Reflective DLL Injection technique to drop only th...

7.8AI score
Exploits0
Rows per page
Query Builder