auto-enrolment GPO installing CA certificate over http

Description If the certificate auto-enrollment GPO is enabled on domain members both in Samba's smb.conf and using Windows GPME tool, a CA certificate may be fetched using a plain HTTP connection and installed in the member computer's trust store. This may give an attacker a chance to intercept t...

HTTPS Fetch, Windows shellcode stage, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/custom/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid s...

HTTP Fetch, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/dllinject/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show options ...show and...

📄 Metasploit Web Delivery PHP Proof of Concept

This project presents an advanced proof of concept that emulates the behavior of Metasploit's multi/script/webdelivery module using PHP. The goal is to demonstrate how script-based payload delivery works in a modular and extensible way, without relying directly on Metasploit. The script launches ...

MeterPwrShell - Automated Tool That Generate The Perfect Powershell Payload

Automated Tool That Generate A Powershell Oneliner That Can Create Meterpreter Shell On Metasploit,Bypass AMSI,Bypass Firewall,Bypass UAC,And Bypass Any AVs. This tool is powered by Metasploit-Framework and amsi.fail Notes NEVER UPLOAD THE PAYLOAD THAT GENERATED BY THIS PROGRAM TO ANY ONLINE...

UK’s Largest Mobile Carrier Relies on AWS and Imperva FlexProtect for Web Delivery and 360-Degree Application Protection

In today’s highly-competitive telecommunications market, the website is integral to successful and fast customer service. Downtime due to intrusion, data breach, or DDoS attack is intolerable. It’s why ten of the largest global telecommunications providers have chosen Imperva, including BT mobile...

PostgreSQL COPY FROM PROGRAM Command Execution Exploit

Installations running Postgres 9.3 and above have functionality which allows for the superuser and users with 'pgexecuteserverprogram' to pipe to and from an external program using COPY. This allows arbitrary command execution as though you have console access. This module attempts to create a ne...

HTTP/2 Will be Automatically Enabled by Default on the Akamai Intelligent Edge Platform

Users demand digital experiences that are fast, secure and visually engaging. To deliver on user expectations, companies craft web experiences that are richer and more interactive with the goal of driving more engagement. The result is increasingly complex websites that are comprised of high...

PasteJacker - Add PasteJacking To Web-Delivery Attacks

The main purpose of the tool is automating PasteJacking/Clipboard poisoning/whatever you name it attack with collecting all the known tricks used in this attack in one place and one automated job as after searching I found there's no tool doing this job the right way. Now while this attack depend...

SharpShooter - Payload Generation Framework

SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code. SharpShooter is capable of creating payloads in a variety of formats, including HTA, JS, VBS and WSF. It leverages James Forshaw's DotNetToJavaScript tool to invoke methods from the...

Payload Generation Framework: SharpShooter

SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code. SharpShooter is capable of creating payloads in a variety of formats, including HTA, JS, VBS and WSF. It leverages James Forshaw’s DotNetToJavaScript tool to invoke methods from the...

Executing Meterpreter on Windows 10 and Bypassing Antivirus

One of my Labs colleagues recently published an article on the Coalfire Blog about executing an obfuscated PowerShell payload using Invoke-CradleCrafter. This was very useful, as Windows Defender has upped its game lately and is now blocking Metasploits Web Delivery module. I wanted to demonstrat...

Hwacha - Deploy Payloads To *Nix Systems En Masse

Hwacha is a tool to quickly execute payloads on Nix based systems. Easily collect artifacts or execute shellcode on an entire subnet of systems for which credentials are obtained. $python hwacha.py &&&& && && && &&&&&&&&&&&& && && && Created by Esteban Rodriguez /\ &&&&&& && &&&&&&&&&& && Web:...

One-Liners That Aids in Penetration Testing Operations: One-Lin3r

One-Lin3r is simple and light-weight framework inspired by the web-delivery module in Metasploit. It consists of various one-liners that aids in penetration testing operations: Reverser : Give it IP & port and it returns a reverse shell liner ready for copy & paste. Dropper : Give it an...

Cobalt Strike Scripted Web Delivery Remote Code Execution

Certain evasion tools obfuscate scripts in order to circumvent inspection by security software. An attacker could use such evasion methods in order to execute arbitrary code on the target, using it to download and execute a malicious payload...

Script Web Delivery

This module quickly fires up a web server that serves a payload. The module will provide a command to be run on the target machine based on the selected target. The provided command will download and execute a payload using either a specified scripting language interpreter or "squiblydoo" via...

Malicious Debian Package Generator: kimi

Malicious Debian Package generator Script to generate malicious debian packages debain trojans. Kimi is a script which generates Malicious debian package for metasploit which consists of bash file. the bash file is deployed into “/usr/local/bin/” directory. Backdoor gets executed just when victim...

Powershell Payload Web Delivery Vulnerability

This Metasploit module quickly fires up a web server that serves the payload in powershell. The provided command will start powershell and then download and execute the payload. The IEX command can also be extracted to execute directly from powershell. The main purpose of this module is to quickl...

Powershell Payload Web Delivery

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Powershell Payload Web Delivery',...

Vulnerability: Arbitrary File Access & DoS in Crystal Reports

Dear List, Impervatm's Applidcation Defense Center has recently discovered a vulnerability in Business Objects' Crystal Reports Web Delivery Modules. This vulnerability may lead to arbitrary file access and denial of service. Following are the advisory's details...