exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 340 RSS Feed

Files from hyp3rlinx

Email addressprivate
Websitehyp3rlinx.altervista.org
First Active2015-04-28
Last Active2024-05-31
View User Profile
RansomLord Anti-Ransomware Exploit Tool 3.1
Posted May 31, 2024
Authored by hyp3rlinx, malvuln | Site malvuln.com

RansomLord is a proof-of-concept tool that automates the creation of PE files, used to compromise ransomware pre-encryption. This tool uses dll hijacking to defeat ransomware by placing PE files in the x32 or x64 directories where the program is run from.

Changes: Stability enhancements. Updated some export functions for the x32 exploit DLL. Added -r flag to output a Sigma rule for detecting RansomLord activity using Windows event log.
tags | tool, encryption
SHA-256 | 647494bda466e645768d6f7d1cd051097aee319f88018d1a80547d8d538c98db
RansomLord Anti-Ransomware Exploit Tool 3
Posted May 9, 2024
Authored by hyp3rlinx, malvuln | Site malvuln.com

RansomLord generated PE files are saved in x32 and x64 directories and need to be placed in directories where programs execute. The goal of the project is to exploit vulnerabilities inherent in certain strains of ransomware by deploying exploits that defend the network! The DLLs may also provide additional coverage against generic and info stealer malwares.

Changes: This version now intercepts and terminates malware tested from 49 different threat groups. Added StopCrypt, RisePro, RuRansom, MoneyMessage, CryptoFortress and Onyx. Windows event IOC log now includes the SHA256 hash plus full path of the intercepted malware.
tags | tool
SHA-256 | ef2191f83e9ff1d18ac9614bac588bc60c2d30481f853513caeecc6ed52d5e14
Microsoft Windows Defender / Backdoor_JS.Relvelshe.A Detection / Mitigation Bypass
Posted Feb 19, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as it was mitigated. However, adding a simple javascript try catch error statement and eval'ing the hex string, it executes as of the time of this post.

tags | exploit, javascript, proof of concept
systems | windows
SHA-256 | 7ab1d57cbbb29f8168521971a747af06eab9ef184d9f61ee316413db3f71e0c9
Microsoft Windows Defender / Trojan.Win32/Powessere.G VBScript Detection Bypass
Posted Feb 19, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher found yet another third trivial bypass. Previously, the researcher disclosed 3 bypasses using rundll32 javascript, but this example leverages the VBSCRIPT and ActiveX engines.

tags | exploit, javascript, activex
systems | windows
SHA-256 | 59fee3164e2fd340144dd80b39280328ebce07f8d7f86686261fc6d4a98c71eb
Microsoft Windows Defender / Detection Bypass Part 3
Posted Feb 19, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher has found yet another third trivial bypass.

tags | exploit
systems | windows
SHA-256 | 09eed6afe6c6a0d197c6fce088deb76b497d50bef2a85bdfb38c66cb355c03b0
Windows Defender Detection Mitigation Bypass
Posted Feb 12, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass.

tags | exploit
systems | windows
SHA-256 | e971dc3b534b295048fd3f54dd5db062074da676f542175f826bc2b31edb7eb1
WyreStorm Apollo VX20 Incorrect Access Control
Posted Feb 12, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

An issue was discovered on WyreStorm Apollo VX20 versions prior to 1.3.58. Remote attackers can restart the device via a /device/reboot HTTP GET request.

tags | exploit, remote, web
advisories | CVE-2024-25736
SHA-256 | 71ed0ed4b76f256b8bd1404c82d84f6ea9cb5e1dc7d524c924f1e48e87fda240
WyreStorm Apollo VX20 Credential Disclosure
Posted Feb 12, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

WyreStorm Apollo VX20 versions prior to 1.3.58 suffer from a cleartext credential disclosure vulnerability when accessing /device/config with an HTTP GET.

tags | exploit, web
advisories | CVE-2024-25735
SHA-256 | a6feae36b231357c01d0981614dd1286ff4a68f77ee073b39519e2b9ab1fa9aa
WyreStorm Apollo VX20 Account Enumeration
Posted Feb 12, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

An issue was discovered on WyreStorm Apollo VX20 devices prior to version 1.3.58. The TELNET service prompts for a password only after a valid username is entered. Attackers who can reach the Apollo VX20 Telnet service can determine valid accounts allowing for account discovery.

tags | exploit
advisories | CVE-2024-25734
SHA-256 | 0b5b3f6f63dbbe4ccb26f4481406f14577c20d109b328e3475a09901003f0751
IBM i Access Client Solutions Remote Credential Theft
Posted Feb 9, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

IBM i Access Client Solutions (ACS) versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 suffer from a remote credential theft vulnerability.

tags | exploit, remote
advisories | CVE-2024-22318
SHA-256 | 964bea5b3a06403a9b60507182c010125d6a43a4aeb3c4908a6fba63b7df0c99
RansomLord Anti-Ransomware Exploit Tool 2
Posted Jan 2, 2024
Authored by hyp3rlinx, malvuln | Site malvuln.com

RansomLord generated PE files are saved in x32 and x64 directories and need to be placed in directories where programs execute. The goal of the project is to exploit vulnerabilities inherent in certain strains of ransomware by deploying exploits that defend the network! The DLLs may also provide additional coverage against generic and info stealer malwares.

Changes: This version now intercepts and terminates malware tested from 43 different threat groups, adding Wagner, Hakbit, Paradise, Jaff, DoubleZero, Blacksnake, Darkbit, Vohuk, Medusa and Phobus. Two noteworthy additions mitigate wipers Wagner and DoubleZero that are supposedly used against entities in the Ukraine conflict. Updated the x32/x64 DLLs to exploit ten more vulnerable ransomwares. Added -s Security information flag section.
tags | tool, encryption
SHA-256 | 3d0954a58224a8f54be67a55a09030ed0b5de5923f0fb95816b6be7924a22000
Microsoft Windows PowerShell Code Execution / Event Log Bypass
Posted Dec 28, 2023
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Prior work from this researcher disclosed how PowerShell executes unintended files or BASE64 code when processing specially crafted filenames. This research builds on their PSTrojanFile work, adding a PS command line single quote bypass and PS event logging failure. On Windows CL tab, completing a filename uses double quotes that can be leveraged to trigger arbitrary code execution. However, if the filename got wrapped in single quotes it failed, that is until now.

tags | exploit, arbitrary, code execution
systems | windows
SHA-256 | 135e14fd69533eeb6ad57b35ae864360f36364f43f82818935023a4f7ee929ca
Microsoft Defender Anti-Malware PowerShell API Arbitrary Code Execution
Posted Dec 8, 2023
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Defender API and PowerShell APIs suffer from an arbitrary code execution due to a flaw in powershell not handling user provided input that contains a semicolon.

tags | exploit, arbitrary, code execution
SHA-256 | fe92bef621155fd9c83158e63e2b87c27bed041ce6cc8df753d8ab75d5fcd6af
RansomLord Anti-Ransomware Exploit Tool 1.0
Posted Jul 31, 2023
Authored by hyp3rlinx, malvuln | Site malvuln.com

RansomLord generated PE files are saved in x32 and x64 directories and need to be placed in directories where programs execute. The goal of the project is to exploit vulnerabilities inherent in certain strains of ransomware by deploying exploits that defend the network! The DLLs may also provide additional coverage against generic and info stealer malwares.

tags | tool, encryption
SHA-256 | be0ca518deef51df0a96636cca863c555649559f4b5ef25817a684ecfa1b4b9a
Microsoft Windows PowerShell Remote Command Execution
Posted Jun 8, 2023
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This python script mints a .ps1 file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell. This is an updated exploit to work with Python3.

tags | exploit, python
systems | windows
SHA-256 | 4213f6f37e107f80de8ae921a759ed1c060b04954405f63904e79423474d16ca
RSA NetWitness Endpoint EDR Agent 12.x Incorrect Access Control / Code Execution
Posted Mar 24, 2023
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

RSA NetWitness Endpoint EDR Agent version 12.x suffers from incorrect access controls that allow for code execution. It allows local users to stop the Endpoint Windows agent from sending the events to a SIEM or make the agent run user-supplied commands.

tags | exploit, local, code execution
systems | windows
advisories | CVE-2022-47529
SHA-256 | 333a8ac7961133a2011484d388d8eb8b73eb8c6c85cc5b1e9b6f99f2c14747db
Microsoft Windows Contact File Remote Code Execution
Posted Feb 20, 2023
Authored by hyp3rlinx, j00sean | Site hyp3rlinx.altervista.org

This advisory ties together older research on a contact file handling flaw on Microsoft Windows as well as recent research discovered that uses the same methodologies.

tags | advisory
systems | windows
advisories | CVE-2022-44666
SHA-256 | bd483c57b86b3adc56157efdf3dd779e6e9b6a498c944d78ee46fe9d56a01c00
Microsoft Windows Defender / Detection Bypass
Posted Jan 11, 2022
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows Defender suffers from a detection bypass vulnerability due to a sub-par mitigation priorly adopted.

tags | exploit, bypass
systems | windows
SHA-256 | b5337b4ff0ded5ddda0becffc0c9002fdf3288c10396de61b829b2dacbf22ab9
Microsoft Windows .Reg File Dialog Spoofing / Mitigation Bypass
Posted Jan 11, 2022
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows suffers from a registration file dialog spoofing vulnerability and their last fix to this issue can be bypassed.

tags | exploit, spoof
systems | windows
SHA-256 | 3d0c712557e8ea256ea96f38c4729251ae893ca640831654a5a638e72b4d841e
Microsoft Internet Explorer Active-X Control Security Bypass
Posted Dec 6, 2021
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Internet Explorer suffers from an active-x related bypass vulnerability. Microsoft will not address the issue as it is end of life.

tags | exploit, activex, bypass
SHA-256 | fa22daaea0233f0b687f938d605627bbae7fbc5bb28632e8d17422cd0cf0af81
Microsoft Windows cmd.exe Stack Buffer Overflow
Posted Sep 16, 2021
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows cmd.exe suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
SHA-256 | c0c6e1e6e941a667fff8d2e3a59cb00e4f436bf4e75ed0004cb71c6091fe1a0f
Recon Informer 1.3
Posted Feb 16, 2021
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.

Changes: Added -t flag to process packets from specific inbound IP address of interest. Added timestamp for detection results in console output window. Couple of bug fixes.
tags | tool
systems | linux, windows, unix
SHA-256 | 7f97a6b15e928a7250bd0474cc2f213abf8cc02a26b7e424d31838675907162f
Windows File Enumeration Intel Gathering Tool 2.2
Posted Nov 9, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

NtFileSins.py is a Windows file enumeration intel gathering tool.

Changes: Searches target user dir on first pass, unless the -d flag is used.Added .dat, .tmp file extension checks.
tags | exploit, tool
systems | windows
SHA-256 | cd7f7668a2bd1ab454e0856174991064837bd101596c5b6b4aca04e244ce7d70
Recon Informer 1.2
Posted Oct 6, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.

Changes: Fixed minor window title bug and removed a module.
tags | tool
systems | linux, windows, unix
SHA-256 | 631fc764a07667ba55ccff741ea4c5d703fb716cdd19dbee4f7067779fe7db39
CloudMe 1.11.2 Buffer Overflow
Posted Sep 29, 2020
Authored by hyp3rlinx, Bobby Cooke

CloudMe version 1.11.2 exploit that uses MSVCRT.System to create a new user (boku:0v3R9000!) and add the new user to the Administrators group. A requirement of successful exploitation is the CloudMe.exe process must be running as administrator.

tags | exploit, overflow
advisories | CVE-2018-6892
SHA-256 | fa72c3ffb403b1cf08f01966de80e025ee648636329bef78008faa0a5aee32e9
Page 1 of 14
Back12345Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close