what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-1999-0504

Status Candidate

Overview

A Windows NT local user or administrator account has a default, null, blank, or missing password.

Related Files

Powershell Remoting Remote Command Execution
Posted Mar 24, 2015
Authored by Ben Campbell | Site metasploit.com

This Metasploit module uses Powershell Remoting (TCP 47001) to inject payloads on target machines. If RHOSTS are specified it will try to resolve the IPs to hostnames, otherwise use a HOSTFILE to supply a list of known hostnames.

tags | exploit, tcp
advisories | CVE-1999-0504, OSVDB-3106
SHA-256 | 81d95a12d4da050bcc3d10140dea8044b0356300805672102af4206ac0964126
Windows Management Instrumentation (WMI) Remote Command Execution
Posted Oct 23, 2013
Authored by Ben Campbell | Site metasploit.com

This Metasploit module executes powershell on the remote host using the current user credentials or those supplied. Instead of using PSEXEC over TCP port 445 we use the WMIC command to start a Remote Procedure Call on TCP port 135 and an ephemeral port. Set ReverseListenerComm to tunnel traffic through that session. The result is similar to psexec but with the added benefit of using the session's current authentication token instead of having to know a password or hash. We do not get feedback from the WMIC command so there are no indicators of success or failure. The remote host must be configured to allow remote Windows Management Instrumentation.

tags | exploit, remote, tcp
systems | windows
advisories | CVE-1999-0504, OSVDB-3106
SHA-256 | 62ddec099dce84f039f9c1e73d6d0a966bff9197effb670f8a09f3099afdb20a
Microsoft Windows Authenticated Powershell Command Execution
Posted Jul 13, 2013
Authored by RageLtMan, Royce Davis | Site metasploit.com

This Metasploit module uses a valid administrator username and password to execute a powershell payload using a similar technique to the "psexec" utility provided by SysInternals. The payload is encoded in base64 and executed from the commandline using the -encodedcommand flag. Using this method, the payload is never written to disk, and given that each payload is unique, is less prone to signature based detection. Since executing shellcode in .NET requires the use of system resources from unmanaged memory space, the .NET (PSH) architecture must match that of the payload. Lastly, a persist option is provided to execute the payload in a while loop in order to maintain a form of persistence. In the event of a sandbox observing PSH execution, a delay and other obfuscation may be added to avoid detection. In order to avoid interactive process notifications for the current user, the psh payload has been reduced in size and wrapped in a powershell invocation which hides the process entirely.

tags | exploit, shellcode
advisories | CVE-1999-0504, OSVDB-3106
SHA-256 | b0c0d56f17bcccf9a854df5ee2b60da13d6ac2e471086b300b676e73683ee4ec
Psexec Via Current User Token
Posted Aug 3, 2012
Authored by Jabra, egypt | Site metasploit.com

This Metasploit module uploads an executable file to the victim system, creates a share containing that executable, creates a remote service on each target system using a UNC path to that file, and finally starts the service(s). The result is similar to psexec but with the added benefit of using the session's current authentication token instead of having to know a password or hash.

tags | exploit, remote
advisories | CVE-1999-0504, OSVDB-3106
SHA-256 | 1266e769e519a09d7281cc5e6e4bf971bf2865f98a66227eb701a97be346b69f
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close