MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption

This module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematical error where a DWORD is subtracted in...

WMI Exec

A similar approach to psexec but executing commands through WMI. !/usr/bin/env python3 Copyright c 2003-2018 CORE Security Technologies This software is provided under under a slightly modified version of the Apache Software License. See the accompanying LICENSE file for more information. import...

Powershell Remoting Remote Command Execution

This module uses Powershell Remoting TCP 47001 to inject payloads on target machines. If RHOSTS are specified, it will try to resolve the IPs to hostnames, otherwise use a HOSTFILE to supply a list of known hostnames. This module requires Metasploit: https://metasploit.com/download Current source...

Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB)

No description provided by source. $Id: ms07029msdnszonename.rb 10503 2010-09-28 15:23:14Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...

MS07-029 Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB)

This module exploits a stack buffer overflow in the RPC interface of the Microsoft DNS service. The vulnerability is triggered when a long zone name parameter is supplied that contains escaped octal strings. This module is capable of bypassing NX/DEP protection on Windows 2003 SP1/SP2. This modul...

Ubuntu Update for samba vulnerability USN-893-1

Ubuntu Update for Linux kernel vulnerabilities USN-893-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN8931.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for samba vulnerability USN-893-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Microsoft Windows - 'WRITE_ANDX' SMB Command Handling Kernel Denial of Service (Metasploit)

require 'msf/core' module Msf module Exploits module Test class BugTest 'test exploit', 'Description' = "tests", 'Author' = 'tests', 'License' = MSFLICENSE, 'Version' = '$Revision: 0 $', 'Arch' = 'x86', 'Payload' = 'Space' = 1000 , 'Targets' = 'Windows VISTA', 'Platform' = 'win' , , 'DefaultTarge...

MS Windows WRITE_ANDX SMB command handling Kernel DoS (meta)

Exploit for unknown platform in category dos / poc ============================================================ MS Windows WRITEANDX SMB command handling Kernel DoS meta ============================================================ require 'msf/core' module Msf module Exploits module Test class...

[SECURITY] [DSA 701-1] New samba packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 701-1 [email protected] http://www.debian.org/security/ Martin Schulze March 31st, 2005 http://www.debian.org/security/faq -...