Uses information disclosure to determine if MS17-010 has been patched or not. Specifically, it connects to the IPC$ tree and attempts a transaction on FID 0. If the status returned is "STATUS_INSUFF_SERVER_RESOURCES", the machine does not have the MS17-010 patch. If the machine is missing the MS17-010 patch, the module will check for an existing DoublePulsar (ring 0 shellcode/malware) infection. This Metasploit module does not require valid SMB credentials in default server configurations. It can log on as the user "\" and connect to IPC$.
7da47a7e8285d0a6b8ee0d6e5384264f78b38a3863420fbdc47ecf044ace7dde
This Metasploit module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for RDP. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant.
f0ef0fcf7c306ca7fdaac1b457a5965fc0fb4660b034334c65eb4de1b10073d7
This Metasploit module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB as popularly deployed by ETERNALBLUE. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant.
cf5398db6da1a49ffbf7822090a6afa83e60a3b163c1dbfa4962e518d4e655f6
This Metasploit module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB as popularly deployed by ETERNALBLUE. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant.
28ae33e9b8acc6b5e5cf2cd7d546782a77c489178bc2073d4ed3ffe0a56a2291
/opt/sgi/sgimc/bin/vx, a setuid binary on SGI Tempo systems, allows for privilege escalation.
c32b2f12effe553e70e04d4889e25819691bd3ba3e5cc606cab0fa53442de067
Moab suffers from an insecure message signing authentication bypass vulnerability. All versions up to 8 can be affected depending on the configuration.
85a019a8c4de29f5f84586a14f07c354e859db1b6a19ccec9cbb5d70e45cbcea
Apinit and aprun are utilities used to schedule tasks on Cray supercomputers. Apinit runs as a service on compute nodes and aprun is used to communicate with these nodes. The apinit service does not safely validate messages supplied to it through the use of aprun. Users of Cray systems are able to exploit this weakness in order to execute commands on the compute nodes of a Cray supercomputer as arbitrary users, including root (UID 0).
35dc2988dfa5b20f94f03cac3407ffef1d10ffa10d1fe9bd41390ba183fc8f33
Incognito is a tool for manipulating windows access tokens and is intended for use by penetration testers, security consultants and system administrators.
5f9d0055d62788b46aef7bd2f7dfdf9bd0dc129a2629983a18937bdacc378f28
This whitepaper discusses the security exposures that can occur due to the manner in which access tokens are implemented in the Microsoft Windows Operating System. A brief overview of the intended function, design and implementation of Windows access tokens is given, followed by a discussion of the relevant security consequences of their design. More specific technical details are then given on how the features of Windows access tokens can be used to perform powerful post-exploitation functions during penetration testing, along with a basic methodology for including an assessment of the vulnerabilities exposed through tokens in a standard penetration test.
f23fe0277430389cbdd97c8c16d8eedd6520a0745f8fdc08b7c96f87a6131bf1