exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Ransom.Conti MVID-2022-0580 Code Execution
Posted May 4, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code to control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32". If not, we grab our process ID and terminate. We do not need to rely on hash signature or third-party products, the malware vulnerability will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 9cc7ba098e7d73f1ba5a406536afb6daff209000bfc578d3f4921cd931a7e23f

Related Files

Ransom.Conti MVID-2022-0606 Code Execution
Posted May 16, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 416d676d2dba2bc714a0f32899777fc4ac6ccc2dee1d321fbce06785689158e1
Ransom.Conti MVID-2022-0605 Code Execution
Posted May 16, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | f795b475d29adfdf8b620a90005e0f383bdd74c416a7b0a03d67e03d43a0cbc0
Ransom.Conti MVID-2022-0604 Code Execution
Posted May 16, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 4d905cb2862459d4fecc48e165734150e7824debee83563d1c97370c68c37f49
Ransom.Conti MVID-2022-0603 Code Execution
Posted May 16, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 0ce9d83fdb3abb054ddf70fa9d218732ae0b6e0c7a630b1391d656e794fc6b19
Ransom.Conti MVID-2022-0602 Code Execution
Posted May 16, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 9ba5c2eaaec9a657238330273ff40e343857a13f4d7407516463e0e13b810726
Ransom.Conti MVID-2022-0601 Code Execution
Posted May 16, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 5f702738bda0d77ea713340e950f9f2bd08db678fa6f2ebafafefa803ec45bc0
Ransom.Conti MVID-2022-0592 Code Execution
Posted May 9, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit DLL will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 52f6486bf24b541e770aac1c5ed3c3b2261c89fb9688a718a0b779cbf5c4f7d6
Conti.Ransom MVID-2022-0579 Code Execution
Posted May 4, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and loads a DLL named "wow64log.dll" in Windows\System32. Therefore, we can drop our own DLL to intercept and terminate the malware pre-encryption. The exploit DLL will simply display a Win32API message box and call exit(). Our Conti.Ransom exploit DLL must export the "InterlockedExchange" function or it fails with an error. We do not need to rely on hash signature or third-party products, the malware vulnerability will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | aa9ce885d596135e2fe0d53ecbaf0150134e9b1069abbd9201051712bdcaffad
Backdoor.Win32.Burbul.b MVID-2021-0093 Anonymous Login
Posted Feb 16, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Burbul.b malware has an ftp service that allows for anonymous login.

tags | exploit
systems | windows
SHA-256 | eacd817de5297bfb135a0355f799bafec34151bbf8e3f6ea6560cc32d694a5b8
Backdoor.Win32.Indexer.a MVID-2021-0092 Denial Of Service
Posted Feb 16, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Indexer.a malware suffers from a denial of service vulnerability.

tags | exploit, denial of service
systems | windows
SHA-256 | d48a8459e1ba4c181989347d8c267adcf50e5532c2ce2473ef00b11baab6e68f
Backdoor.Win32.Indexer.a MVID-2021-0091 Hardcoded Credentials
Posted Feb 16, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Indexer.a malware has a backdoor with weak hardcoded credentials.

tags | exploit
systems | windows
SHA-256 | 75d07c22ee885ccdb973aa8ca9f378855c5b303ddbc339cb577013a21100e03a
Backdoor.Win32.Bifrose.ahvb MVID-2021-0090 Insecure Permissions
Posted Feb 16, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Bifrose.ahvb malware suffers from an insecure permissions vulnerability.

tags | exploit
systems | windows
SHA-256 | bb9f15193f65ac95f44d88b0e2811648f4d5f5e78134baf5e273c723603eb732
Backdoor.Win32.Azbreg.aant MVID-2021-0089 Insecure Permissions
Posted Feb 16, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Azbreg.aant malware suffers from an insecure permissions vulnerability.

tags | exploit
systems | windows
SHA-256 | 3f3b586377091c5728cc4ed6050e6e4d141deb1e6711e3fc59e9739723b01122
Trojan-Spy.Win32.WinSpy.wlt MVID-2021-0087 Insecure Permissions
Posted Feb 16, 2021
Authored by malvuln | Site malvuln.com

Trojan-Spy.Win32.WinSpy.wlt malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | ee41322d396b9353808b98f8ec6e507cafd8ed0f4d9af3255a6d5ef01f3a21ac
Backdoor.Win32.Cabrotor.21 MVID-2021-0088 Insecure Permissions
Posted Feb 16, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Cabrotor.21 malware suffers from an insecure permissions vulnerability.

tags | exploit
systems | windows
SHA-256 | c2d956f1d6f57c163208002771f8edd75cfc357f0d3a375becbe49cd2f96dd97
Backdoor.Win32.Cafeini.08.b MVID-2021-0086 Missing Authentication
Posted Feb 15, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Cafeini.08.b malware suffers from a missing authentication vulnerability.

tags | exploit
systems | windows
SHA-256 | 42b334aea82507140ecc84d70e3e827069455b64df4111d0bb8d29ceb5e02d14
Backdoor.Win32.Backlash.101 MVID-2021-0085 Missing Authentication
Posted Feb 13, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Backlash.101 malware suffers from a missing authentication vulnerability.

tags | exploit
systems | windows
SHA-256 | 63843432e1b6f0a7fb44c3fb0f691735a6fa62d448888ba7c921659dbfa6b183
Backdoor.Win32.BackAttack.18 MVID-2021-0084 Missing Authentication
Posted Feb 11, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.BackAttack.18 malware suffers from a missing authentication vulnerability that can allow for remote screenshots, system restart, and more.

tags | exploit, remote
systems | windows
SHA-256 | f1d1181c7b20a45dade4acd19939dbe503d5a1101652d99916a11ccf32e27c23
Backdoor.Win32.Augudor.a MVID-2021-0083 Code Execution
Posted Feb 11, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Augudor.a malware suffers from a code execution vulnerability.

tags | exploit, code execution
systems | windows
SHA-256 | 9ea94d39200a50f8a70a8edc2d711b64cd27c932ffce9d43b1f8d33b414ae1d7
Backdoor.Win32.Aphexdoor.LiteSock MVID-2021-0082 Buffer Overflow
Posted Feb 10, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Aphexdoor.LiteSock malware suffers from a buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
SHA-256 | 8b6ccade23d3ec6d18ecf166c4a5516158a541bd323da2a669ba9d7a232ab203
Backdoor.Win32.NetTerrorist MVID-2021-0081 Authentication Bypass / Code Execution
Posted Feb 9, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.NetTerrorist malware suffers from bypass and code execution vulnerabilities.

tags | exploit, vulnerability, code execution
systems | windows
SHA-256 | a84e847103256104dc3efdecf379b465270c3106e0b1b1c48f64df43bc8e92b7
Trojan.Win32.Cafelom.bu MVID-2021-0080 Heap Corruption
Posted Feb 9, 2021
Authored by malvuln | Site malvuln.com

Trojan.Win32.Cafelom.bu malware suffers from a heap corruption vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | c495636b818cd7c3b7660d9376094f54b60fc76dab0d98070462b30ed384dc61
Backdoor.Win32.Wollf.15 MVID-2021-0079 Missing Authentication
Posted Feb 8, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Wollf.15 malware suffers from a missing authentication vulnerability.

tags | exploit
systems | windows
SHA-256 | c41d4e61e238652534263ff190da9b31485a2ea670fba91accb2732c0271f2be
Trojan-Spy.Win32.WinSpy.vwl MVID-2021-0078 Insecure Permissions
Posted Feb 8, 2021
Authored by malvuln | Site malvuln.com

Trojan-Spy.Win32.WinSpy.vwl malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | 026c6b0c349e86e43c5a43835c5941f5db65347448416bb24177660d2b517527
Trojan-Spy.Win32.WebCenter.a MVID-2021-0077 Information Disclosure
Posted Feb 8, 2021
Authored by malvuln | Site malvuln.com

Trojan-Spy.Win32.WebCenter.a malware suffers from an information leakage vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | bbe687c0905aad324c811b55eb6f7b45bbca79de22771d469b8334329c6242a8
Page 1 of 4
Back1234Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close