what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 338 RSS Feed

Files from hyp3rlinx

Email addressprivate
Websitehyp3rlinx.altervista.org
First Active2015-04-28
Last Active2024-02-19
View User Profile
Microsoft Windows Defender / Backdoor_JS.Relvelshe.A Detection / Mitigation Bypass
Posted Feb 19, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as it was mitigated. However, adding a simple javascript try catch error statement and eval'ing the hex string, it executes as of the time of this post.

tags | exploit, javascript, proof of concept
systems | windows
SHA-256 | 7ab1d57cbbb29f8168521971a747af06eab9ef184d9f61ee316413db3f71e0c9
Microsoft Windows Defender / Trojan.Win32/Powessere.G VBScript Detection Bypass
Posted Feb 19, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher found yet another third trivial bypass. Previously, the researcher disclosed 3 bypasses using rundll32 javascript, but this example leverages the VBSCRIPT and ActiveX engines.

tags | exploit, javascript, activex
systems | windows
SHA-256 | 59fee3164e2fd340144dd80b39280328ebce07f8d7f86686261fc6d4a98c71eb
Microsoft Windows Defender / Detection Bypass Part 3
Posted Feb 19, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher has found yet another third trivial bypass.

tags | exploit
systems | windows
SHA-256 | 09eed6afe6c6a0d197c6fce088deb76b497d50bef2a85bdfb38c66cb355c03b0
Windows Defender Detection Mitigation Bypass
Posted Feb 12, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass.

tags | exploit
systems | windows
SHA-256 | e971dc3b534b295048fd3f54dd5db062074da676f542175f826bc2b31edb7eb1
WyreStorm Apollo VX20 Incorrect Access Control
Posted Feb 12, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

An issue was discovered on WyreStorm Apollo VX20 versions prior to 1.3.58. Remote attackers can restart the device via a /device/reboot HTTP GET request.

tags | exploit, remote, web
advisories | CVE-2024-25736
SHA-256 | 71ed0ed4b76f256b8bd1404c82d84f6ea9cb5e1dc7d524c924f1e48e87fda240
WyreStorm Apollo VX20 Credential Disclosure
Posted Feb 12, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

WyreStorm Apollo VX20 versions prior to 1.3.58 suffer from a cleartext credential disclosure vulnerability when accessing /device/config with an HTTP GET.

tags | exploit, web
advisories | CVE-2024-25735
SHA-256 | a6feae36b231357c01d0981614dd1286ff4a68f77ee073b39519e2b9ab1fa9aa
WyreStorm Apollo VX20 Account Enumeration
Posted Feb 12, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

An issue was discovered on WyreStorm Apollo VX20 devices prior to version 1.3.58. The TELNET service prompts for a password only after a valid username is entered. Attackers who can reach the Apollo VX20 Telnet service can determine valid accounts allowing for account discovery.

tags | exploit
advisories | CVE-2024-25734
SHA-256 | 0b5b3f6f63dbbe4ccb26f4481406f14577c20d109b328e3475a09901003f0751
IBM i Access Client Solutions Remote Credential Theft
Posted Feb 9, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

IBM i Access Client Solutions (ACS) versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 suffer from a remote credential theft vulnerability.

tags | exploit, remote
advisories | CVE-2024-22318
SHA-256 | 964bea5b3a06403a9b60507182c010125d6a43a4aeb3c4908a6fba63b7df0c99
RansomLord Anti-Ransomware Exploit Tool 2
Posted Jan 2, 2024
Authored by hyp3rlinx, malvuln | Site malvuln.com

RansomLord is a proof-of-concept tool that automates the creation of PE files, used to compromise ransomware pre-encryption. This tool uses dll hijacking to defeat ransomware by placing PE files in the x32 or x64 directories where the program is run from.

Changes: This version now intercepts and terminates malware tested from 43 different threat groups, adding Wagner, Hakbit, Paradise, Jaff, DoubleZero, Blacksnake, Darkbit, Vohuk, Medusa and Phobus. Two noteworthy additions mitigate wipers Wagner and DoubleZero that are supposedly used against entities in the Ukraine conflict. Updated the x32/x64 DLLs to exploit ten more vulnerable ransomwares. Added -s Security information flag section.
tags | tool, encryption
SHA-256 | 3d0954a58224a8f54be67a55a09030ed0b5de5923f0fb95816b6be7924a22000
Microsoft Windows PowerShell Code Execution / Event Log Bypass
Posted Dec 28, 2023
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Prior work from this researcher disclosed how PowerShell executes unintended files or BASE64 code when processing specially crafted filenames. This research builds on their PSTrojanFile work, adding a PS command line single quote bypass and PS event logging failure. On Windows CL tab, completing a filename uses double quotes that can be leveraged to trigger arbitrary code execution. However, if the filename got wrapped in single quotes it failed, that is until now.

tags | exploit, arbitrary, code execution
systems | windows
SHA-256 | 135e14fd69533eeb6ad57b35ae864360f36364f43f82818935023a4f7ee929ca
Microsoft Defender Anti-Malware PowerShell API Arbitrary Code Execution
Posted Dec 8, 2023
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Defender API and PowerShell APIs suffer from an arbitrary code execution due to a flaw in powershell not handling user provided input that contains a semicolon.

tags | exploit, arbitrary, code execution
SHA-256 | fe92bef621155fd9c83158e63e2b87c27bed041ce6cc8df753d8ab75d5fcd6af
RansomLord Anti-Ransomware Exploit Tool 1.0
Posted Jul 31, 2023
Authored by hyp3rlinx, malvuln | Site malvuln.com

RansomLord is a proof-of-concept tool that automates the creation of PE files, used to compromise ransomware pre-encryption. This tool uses dll hijacking to defeat ransomware.

tags | tool, encryption
SHA-256 | be0ca518deef51df0a96636cca863c555649559f4b5ef25817a684ecfa1b4b9a
Microsoft Windows PowerShell Remote Command Execution
Posted Jun 8, 2023
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This python script mints a .ps1 file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell. This is an updated exploit to work with Python3.

tags | exploit, python
systems | windows
SHA-256 | 4213f6f37e107f80de8ae921a759ed1c060b04954405f63904e79423474d16ca
RSA NetWitness Endpoint EDR Agent 12.x Incorrect Access Control / Code Execution
Posted Mar 24, 2023
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

RSA NetWitness Endpoint EDR Agent version 12.x suffers from incorrect access controls that allow for code execution. It allows local users to stop the Endpoint Windows agent from sending the events to a SIEM or make the agent run user-supplied commands.

tags | exploit, local, code execution
systems | windows
advisories | CVE-2022-47529
SHA-256 | 333a8ac7961133a2011484d388d8eb8b73eb8c6c85cc5b1e9b6f99f2c14747db
Microsoft Windows Contact File Remote Code Execution
Posted Feb 20, 2023
Authored by hyp3rlinx, j00sean | Site hyp3rlinx.altervista.org

This advisory ties together older research on a contact file handling flaw on Microsoft Windows as well as recent research discovered that uses the same methodologies.

tags | advisory
systems | windows
advisories | CVE-2022-44666
SHA-256 | bd483c57b86b3adc56157efdf3dd779e6e9b6a498c944d78ee46fe9d56a01c00
Microsoft Windows Defender / Detection Bypass
Posted Jan 11, 2022
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows Defender suffers from a detection bypass vulnerability due to a sub-par mitigation priorly adopted.

tags | exploit, bypass
systems | windows
SHA-256 | b5337b4ff0ded5ddda0becffc0c9002fdf3288c10396de61b829b2dacbf22ab9
Microsoft Windows .Reg File Dialog Spoofing / Mitigation Bypass
Posted Jan 11, 2022
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows suffers from a registration file dialog spoofing vulnerability and their last fix to this issue can be bypassed.

tags | exploit, spoof
systems | windows
SHA-256 | 3d0c712557e8ea256ea96f38c4729251ae893ca640831654a5a638e72b4d841e
Microsoft Internet Explorer Active-X Control Security Bypass
Posted Dec 6, 2021
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Internet Explorer suffers from an active-x related bypass vulnerability. Microsoft will not address the issue as it is end of life.

tags | exploit, activex, bypass
SHA-256 | fa22daaea0233f0b687f938d605627bbae7fbc5bb28632e8d17422cd0cf0af81
Microsoft Windows cmd.exe Stack Buffer Overflow
Posted Sep 16, 2021
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows cmd.exe suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
SHA-256 | c0c6e1e6e941a667fff8d2e3a59cb00e4f436bf4e75ed0004cb71c6091fe1a0f
Recon Informer 1.3
Posted Feb 16, 2021
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.

Changes: Added -t flag to process packets from specific inbound IP address of interest. Added timestamp for detection results in console output window. Couple of bug fixes.
tags | tool
systems | linux, windows, unix
SHA-256 | 7f97a6b15e928a7250bd0474cc2f213abf8cc02a26b7e424d31838675907162f
Windows File Enumeration Intel Gathering Tool 2.2
Posted Nov 9, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

NtFileSins.py is a Windows file enumeration intel gathering tool.

Changes: Searches target user dir on first pass, unless the -d flag is used.Added .dat, .tmp file extension checks.
tags | exploit, tool
systems | windows
SHA-256 | cd7f7668a2bd1ab454e0856174991064837bd101596c5b6b4aca04e244ce7d70
Recon Informer 1.2
Posted Oct 6, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.

Changes: Fixed minor window title bug and removed a module.
tags | tool
systems | linux, windows, unix
SHA-256 | 631fc764a07667ba55ccff741ea4c5d703fb716cdd19dbee4f7067779fe7db39
CloudMe 1.11.2 Buffer Overflow
Posted Sep 29, 2020
Authored by hyp3rlinx, Bobby Cooke

CloudMe version 1.11.2 exploit that uses MSVCRT.System to create a new user (boku:0v3R9000!) and add the new user to the Administrators group. A requirement of successful exploitation is the CloudMe.exe process must be running as administrator.

tags | exploit, overflow
advisories | CVE-2018-6892
SHA-256 | fa72c3ffb403b1cf08f01966de80e025ee648636329bef78008faa0a5aee32e9
Mantis Bug Tracker 2.3.0 Remote Code Execution
Posted Sep 18, 2020
Authored by hyp3rlinx, Nikolas Geiselman, permanull

Mantis Bug Tracker version 2.3.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-7615, CVE-2019-15715
SHA-256 | c5bd41082422ed338ccc46ee3ad8d43820a3a1cd833484f28da741205e12c069
Microsoft Windows Finger Security Bypass / C2 Channel
Posted Sep 14, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows TCPIP Finger Command finger.exe that ships with the OS, can be used as a file downloader and makeshift C2 channel. Legitimate use of Windows Finger Command is to send Finger Protocol queries to remote Finger daemons to retrieve user information. However, the finger client can also save the remote server response to disk using the command line redirection operator.

tags | exploit, remote, protocol
systems | windows
SHA-256 | 3babc6b7fe4a8f47b91663b7687243b54fb3e6f50d737c19a25a59347d22cb67
Page 1 of 14
Back12345Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close