exploit the possibilities
Showing 1 - 10 of 10 RSS Feed

Files from Ben Campbell

Email addresseat_meatballs at hotmail.co.uk
First Active2012-08-07
Last Active2015-09-04
Windows Escalate UAC Protection Bypass
Posted Sep 4, 2015
Authored by Ben Campbell, vozzie | Site metasploit.com

This Metasploit module will bypass Windows UAC by utilizing the missing .manifest on the script host cscript/wscript.exe binaries.

tags | exploit
systems | windows
MD5 | 984a5488ea8448b27d0c57a54b08cbf2
Windows Run Command As User
Posted Mar 30, 2015
Authored by Ben Campbell, Kx499 | Site metasploit.com

This Metasploit module will login with the specified username/password and execute the supplied command as a hidden process. Output is not returned by default. Unless targetting a local user either set the DOMAIN, or specify a UPN user format (e.g. user@domain). This uses the CreateProcessWithLogonW WinAPI function. A custom command line can be sent instead of uploading an executable. APPLICAITON_NAME and COMMAND_LINE are passed to lpApplicationName and lpCommandLine respectively. See the MSDN documentation for how these two values interact.

tags | exploit, local
MD5 | 7d3f40f88e66db3180d5a532980b66df
Powershell Remoting Remote Command Execution
Posted Mar 24, 2015
Authored by Ben Campbell | Site metasploit.com

This Metasploit module uses Powershell Remoting (TCP 47001) to inject payloads on target machines. If RHOSTS are specified it will try to resolve the IPs to hostnames, otherwise use a HOSTFILE to supply a list of known hostnames.

tags | exploit, tcp
advisories | CVE-1999-0504, OSVDB-3106
MD5 | 2d8ac665c8660326f92ec5020b93848c
Windows Escalate UAC Protection Bypass (In Memory Injection)
Posted Mar 5, 2014
Authored by David Kennedy, Ben Campbell, mitnick, mubix | Site metasploit.com

This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off. This Metasploit module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead of three separate binaries in the standard technique. However, it requires the correct architecture to be selected, (use x64 for SYSWOW64 systems also).

tags | exploit, shell
systems | windows
MD5 | 9f6c9e7bd21e11fecd6f20bbb622ea44
Windows Command Shell Upgrade (Powershell)
Posted Feb 11, 2014
Authored by Ben Campbell | Site metasploit.com

This Metasploit module executes Powershell to upgrade a Windows Shell session to a full Meterpreter session.

tags | exploit, shell
systems | windows
MD5 | 9f008a7702543f886d13283ecad77077
Windows Management Instrumentation (WMI) Remote Command Execution
Posted Oct 23, 2013
Authored by Ben Campbell | Site metasploit.com

This Metasploit module executes powershell on the remote host using the current user credentials or those supplied. Instead of using PSEXEC over TCP port 445 we use the WMIC command to start a Remote Procedure Call on TCP port 135 and an ephemeral port. Set ReverseListenerComm to tunnel traffic through that session. The result is similar to psexec but with the added benefit of using the session's current authentication token instead of having to know a password or hash. We do not get feedback from the WMIC command so there are no indicators of success or failure. The remote host must be configured to allow remote Windows Management Instrumentation.

tags | exploit, remote, tcp
systems | windows
advisories | CVE-1999-0504, OSVDB-3106
MD5 | fe5237b8e9c2a480e368f41b8248f79e
IKE and AuthIP IPsec Keyring Modules Service (IKEEXT) Missing DLL
Posted Sep 6, 2013
Authored by Ben Campbell | Site metasploit.com

This Metasploit module exploits a missing DLL loaded by the 'IKE and AuthIP Keyring Modules' (IKEEXT) service which runs as SYSTEM, and starts automatically in default installations of Vista-Win8. It requires an insecure bin path to plant the DLL payload.

tags | exploit
MD5 | 97052ce8d751cac293afcd1f030f7be5
Powershell Payload Web Delivery
Posted Jul 25, 2013
Authored by Ben Campbell, Christopher Campbell | Site metasploit.com

This Metasploit module quickly fires up a web server that serves the payload in powershell. The provided command will start powershell and then download and execute the payload. The IEX command can also be extracted to execute directly from powershell. The main purpose of this module is to quickly establish a session on a target machine when the attacker has to manually type in the command himself, e.g. RDP Session, Local Access or maybe Remote Command Exec. This attack vector does not write to disk so is unlikely to trigger AV solutions and will allow to attempt local privilege escalations supplied by meterpreter etc. You could also try your luck with social engineering. Ensure the payload architecture matches the target computer or use SYSWOW64 powershell.exe to execute x86 payloads on x64 machines.

tags | exploit, remote, web, x86, local
MD5 | 430aaebf868e9484d75294b7d275f3d8
Windows AlwaysInstallElevated MSI
Posted Nov 29, 2012
Authored by Parvez Anwar, Ben Campbell | Site metasploit.com

This Metasploit module checks the AlwaysInstallElevated registry keys which dictate if .MSI files should be installed with elevated privileges (NT AUTHORITY\SYSTEM). The default MSI file is data/exploits/exec_payload.msi with the WiX source file under external/source/exploits/exec_payload_msi/exec_payload.wxs. This MSI simply executes payload.exe within the same folder. The MSI may not execute successfully successive times, but may be able to get around this by regenerating the MSI. MSI can be rebuilt from the source using the WIX tool with the following commands: candle exec_payload.wxs light exec_payload.wixobj.

tags | exploit, registry
MD5 | 7f54f3f19b96a153e20a2549365a851b
Ubisoft uplay 2.0.3 Active X Control Arbitrary Code Execution
Posted Aug 7, 2012
Authored by Tavis Ormandy, Richard Hicks, phillips321, Ben Campbell | Site metasploit.com

The uplay ActiveX component allows an attacker to execute any command line action. User must sign in, unless auto-sign in is enabled and uplay is not already running. Due to the way the malicious executable is served (WebDAV), the module must be run on port 80, so please ensure you have proper privileges. Ubisoft released patch 2.04 as of Mon 20th July.

tags | exploit, activex
advisories | OSVDB-84402
MD5 | d11a8dbcc1ac1eb4891e9236623d06ea
Page 1 of 1

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    27 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    0 Files
  • 10
    May 10th
    0 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By