the original cloud security
Showing 1 - 4 of 4 RSS Feed

Files from RageLtMan

First Active2013-07-13
Last Active2016-11-17
Authenticated WMI Exec Via Powershell
Posted Nov 17, 2016
Authored by RageLtMan | Site metasploit.com

This Metasploit module uses WMI execution to launch a payload instance on a remote machine. In order to avoid AV detection, all execution is performed in memory via psh-net encoded payload. Persistence option can be set to keep the payload looping while a handler is present to receive it. By default the module runs as the current process owner. The module can be configured with credentials for the remote host with which to launch the process.

tags | exploit, remote
MD5 | c1279e25862f96c8698755708c8a395d
Powershell Payload Execution
Posted Oct 10, 2016
Authored by Matt Andreko, RageLtMan | Site metasploit.com

This Metasploit module generates a dynamic executable on the session host using .NET templates. Code is pulled from C

tags | exploit
systems | windows
MD5 | 0dcc3eb75c6e975b2168fec769526fd5
Ruby On Rails ActionPack Inline ERB Code Execution
Posted Jul 9, 2016
Authored by RageLtMan | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in the inline request processor of the Ruby on Rails ActionPack component. This vulnerability allows an attacker to process ERB to the inline JSON processor, which is then rendered, permitting full RCE within the runtime, without logging an error condition.

tags | exploit, remote, code execution, ruby
advisories | CVE-2016-2098
MD5 | 23217c482c48d5e43f21337fc1f8cd50
Microsoft Windows Authenticated Powershell Command Execution
Posted Jul 13, 2013
Authored by RageLtMan, Royce Davis | Site metasploit.com

This Metasploit module uses a valid administrator username and password to execute a powershell payload using a similar technique to the "psexec" utility provided by SysInternals. The payload is encoded in base64 and executed from the commandline using the -encodedcommand flag. Using this method, the payload is never written to disk, and given that each payload is unique, is less prone to signature based detection. Since executing shellcode in .NET requires the use of system resources from unmanaged memory space, the .NET (PSH) architecture must match that of the payload. Lastly, a persist option is provided to execute the payload in a while loop in order to maintain a form of persistence. In the event of a sandbox observing PSH execution, a delay and other obfuscation may be added to avoid detection. In order to avoid interactive process notifications for the current user, the psh payload has been reduced in size and wrapped in a powershell invocation which hides the process entirely.

tags | exploit, shellcode
advisories | CVE-1999-0504, OSVDB-3106
MD5 | 3b897cd7979e8037aa0601cb769fd7dd
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close