There has been lots of recent press relating to DLL hijacking. I have tested this out and created a video demonstration to help clear this up as slightly confusing. This is a client side exploit so the user must browse the SMB share or the HTTP server. There is no so called patch from Microsoft […]
A nice little client side exploit here. Download the very latest Quicktime version from Apple.com 22.214.171.124 (3rd Sept 2010) and check for updates to ensure you have the latest version….It is fully exploitable!. Within Metasploit it creates a webserver that the client must browse to, once the client browses it exploits a vulnerability within Quicktime. […]
Token kidnapping returns! You may remember back in 2009 a token kidnapping issue was discovered and exploited by Cesar Cerrudo. This allowed you to impersonate a service in use running as a higher service account (network service to system) and compromise the server. This was patched by Microsoft in April 2009 – MS09-012. Cesar is […]
Great little client side exploit. It exploits a vulnerability in the LNK process and uses Webdav to run the exploit. Patch released (August 2nd 2010) MS10-046 – CVE-2010-2568 http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx Affected Operating Systems: Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 […]
One of my most used and favourite tools on any infrastructure test. Keimpx is a fantastic little tool which allows the spraying of Windows password hashes to a host or a list of multiple hosts to test for valid credentials. Once it finds a valid match it offers the ability to gain a reverse shell to the remote host.
Tool by BL4CK to bypass VNC authentication. This is now patched in the latest VNC version, but I do come across quite a few tests running vulnerable versions such as 4.1.1. You can download the VNC bypass tool by BL4CK below. https://www.commonexploits.com/downloads/BL4CK-vncviewer-authbypass.zip MD5: 130702b01ae05baa2741d52aef630ba9
Target system Windows XP SP3 running Adobe Acrobat PDF Reader V9. Metasploit is packed with great PDF exploits. Most A.V pick this up (but not all). Also try the web URL PDF exploits that work by just browsing to a URL. Just shows how important it is to update things like PDF, Java etc into […]
This is a great little exploit to use. Works on Windows 7, Windows 2008 SP1 and all the way back to Windows XP. This was released around November 2009 and Microsoft released the patch around Feb 2010 (Ms10-015). Most AV scanners pick this up now, but did have a good few months of fun with […]