Showing 1 - 4 of 4

Files from Casey Smith

First Active	2016-03-03
Last Active	2024-08-31

Regsvr32.exe (.sct) Command Delivery Server: Posted Aug 31, 2024; Authored by Rob Fuller, Casey Smith, Trenton Ivey | Site metasploit.com; This Metasploit module uses the Regsvr32.exe Application Whitelisting Bypass technique as a way to run a command on a target system. The major advantage of this technique is that you can execute a static command on the target system and dynamically and remotely change the command that will actually run (by changing the value of CMD). This is useful when combined with persistence methods (e.g., a recurring scheduled task) or when flexibility is needed through the use of a single command (e.g., as Rubber Ducky payload).; tags | exploit; SHA-256 | b38a0c6bd7238b711d56e09e8d7f960cf22df4c8b1d22e3cb898eff7556125c0; Download | Favorite | View

Windows Escalate UAC Protection Bypass Via Dot Net Profiler: Posted Nov 19, 2019; Authored by Stefan Kanthak, Casey Smith, bwatters-r7 | Site metasploit.com; Microsoft Windows allows for the automatic loading of a profiling COM object during the launch of a CLR process based on certain environment variables ostensibly to monitor execution. In this case, the authors abuse the profiler by pointing to a payload DLL that will be launched as the profiling thread. This thread will run at the permission level of the calling process, so an auto-elevating process will launch the DLL with elevated permissions. In this case, they use gpedit.msc as the auto-elevated CLR process, but others would work, too.; tags | exploit; systems | windows; SHA-256 | dca3da70d2a2d1b66b1779e541ee7478df88bc4ec265fa33d2fffcb756920230; Download | Favorite | View

Regsvr32.exe (.sct) Application Whitelisting Bypass Server: Posted Jun 16, 2016; Authored by Casey Smith, Trenton Ivey | Site metasploit.com; This Metasploit module simplifies the Regsvr32.exe Application Whitelisting Bypass technique. The module creates a web server that hosts an .sct file. When the user types the provided regsvr32 command on a system, regsvr32 will request the .sct file and then execute the included PowerShell command. This command then downloads and executes the specified payload (similar to the web_delivery module with PSH). Both web requests (i.e., the .sct file and PowerShell download and execute) can occur on the same port.; tags | exploit, web; SHA-256 | 653e52256863e298ea027d1fbc2e93563d971499a730d085d1bbd98fa0c2ab72; Download | Favorite | View

AppLocker Execution Prevention Bypass: Posted Mar 3, 2016; Authored by OJ Reeves, Casey Smith | Site metasploit.com; This Metasploit module will generate a .NET service executable on the target and utilise InstallUtil to run the payload bypassing the AppLocker protection. Currently only the InstallUtil method is provided, but future methods can be added easily.; tags | exploit; SHA-256 | 9e35d2c51bee68e833236242c3adb8dc69a463ea689029ae6f66814719a27cca; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days