28 matches found
wsa_exploits
...
Microsoft Windows Script Host 5.812 File Generator
Microsoft Windows Script Host version 5.812 .vbs file generation tool that can be used to establish persistence on Windows systems...
Malicious Windows Script Host Script File (.wsf)
This module creates a Windows Script Host WSH Windows Script File .wsf. Module Options msf use exploit/windows/fileformat/windowsscripthostwsf msf exploitwindowsscripthostwsf show targets ...targets... msf exploitwindowsscripthostwsf set TARGET msf exploitwindowsscripthostwsf show options ...show...
📄 Malicious Windows Script Host Script File
This Metasploit module creates a Windows Script Host WSH Windows Script File .wsf. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Windows Script Host Script File .wsf', 'Description'...
Cobalt-Strike-Aggressor-Scripts
This repository is an offensive tool for Cobalt Strike Aggressor Scripts. It is a collection of PowerShell scripts that aggregate various UAC bypass methods, including the MS16-032, MS16-135, and WScript bypass attacks. The scripts are designed to be used with the Cobalt Strike framework to perfo...
Malicious Windows Script Host VBScript (.vbs) File
This module creates a Windows Script Host WSH VBScript .vbs file. Module Options msf use exploit/windows/fileformat/windowsscripthostvbscript msf exploitwindowsscripthostvbscript show targets ...targets... msf exploitwindowsscripthostvbscript set TARGET msf exploitwindowsscripthostvbscript show...
📄 Malicious Windows Script Host VBScript File
This Metasploit module creates a Windows Script Host WSH VBScript .vbs file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Windows Script Host VBScript .vbs File', 'Description' = %...
"Windows Script Host must be enabled for the duration of setup process"
Challenge While attempting to Install or Upgrade Veeam Backup & Replication, the installer displays the message: Windows Script Host must be enabled for the duration of setup process, Refer to KB4699 for more information https:// www.veeam.com/kb4699. Cause This message is displayed when the...
Ukraine's CERT Thwarts APT28's Cyberattack on Critical Energy Infrastructure
The Computer Emergency Response Team of Ukraine CERT-UA on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country. The intrusion, per the agency, started with a phishing email containing a link to a malicious ZIP archive that activates th...
PT-2023-16680 · Typora · Typora
Name of the Vulnerable Software and Affected Versions: Typora versions 1.5.5 and earlier Description: A critical issue was found in the WSH JScript Handler component, leading to code injection. The manipulation requires a local attack approach. The issue has been publicly disclosed and may be...
Detecting Fileless Attacks with Enterprise EDR’s AMSI Visibility
If this year’s 2020 Cybersecurity Outlook Report taught us anything, it’s that defenders are seeing an increasing amount of defense evasion techniques in their environments. It’s crucial for security teams to have the granular visibility they need to spot malicious attacker behavior, however...
Disable Risky Windows Features: Hardentools
Hardentools is a collection of simple utilities designed to disable a number of “features” exposed by operating systems Microsoft Windows, for now, and primary consumer applications. These features, commonly thought for Enterprise customers, are generally useless to regular users and rather pose ...
Koadic C3 COM Command & Control – JScript RAT
Koadic, or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host a.k.a. JScript/VBScript, with compatibility in t...
Koadic: An Advanced Windows JScript/VBScript RAT!
PenTestIT RSS Feed All of us know that post-exploitation we need some mechanism to maintain access on the target. One of the most common methods is by installing a trojan. I have tried to maintain a list of similar tools on the malware sources page on this blog. Now, there is a new entrant which...
VBScript 5.8.7600.16385 / 5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read Exploit
Exploit for windows platform in category dos / poc !-- Source: http://blog.skylined.nl/20161108001.html Synopsis A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to run such a script in any...
VBScript RegExpComp::PnodeParse Out-Of-Bounds Read
Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the sixth entry in that series. The below information is available in more detail on my blog at http://blog.skylined.nl/20161108001.html. There you can find a repro th...
VBScript 5.8.7600.16385/5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read
!-- Source: http://blog.skylined.nl/20161108001.html Synopsis A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to run such a script in any application that embeds the VBScript engine may be able t...
VBScript CRegExp::Execute Uninitialized Memory Use
Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the fifth entry in that series. The below information is available in more detail on my blog at http://blog.skylined.nl/20161107001.html. There you can find a repro th...
Microsoft Windows Script Host 5.1/5.5 GetObject() File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1718/info It is possible for an outside attacker to view known files on a remote system if the target user visits a website or opens an email containing a specially formed script containing the JScript function 'GetObject...
CVE-2008-5823
CVE-2008-5823 describes a denial-of-service vulnerability in Microsoft Money 2006 related to an ActiveX control (prtstb06.dll). When the control is used with Windows Script Host/WScript on Windows Vista, supplying a zero Startup property value can trigger an access violation and crash the applica...