Top 9 Best Tool for Penetration Tester
We have filled the world of hackers with infinite fantasy and fear, but with the rise of technology and security in the field of progress, hacking technology has become increasingly common. In fact, network...
Category: Metasploit
Dlink DIR-850L UnAuthenticated OS Command Execution
Dlink DIR-850L UnAuthenticated OS Command Execution The vulnerabilities have been reported as part of Hack2Win competition, for more information about Hack2Win – Hack2Win – https://blogs.securiteam.com/index.php/archives/3310. The vulnerabilities found in D-Link 850L are: Remote Command Execution...
peinjector – MITM PE file infector
peinjector The executable file format on the Windows platform is PE COFF. The peinjector provides different ways to infect these files with custom payloads without changing the original functionality. It creates patches, which are...
Install Metasploit Framework on any Android devices
Install Metasploit Framework on any Android devices Requirement: Termux Android 5.0 or later Internet connection How to Open Termux, type command $ apt update $ apt upgrade Install wget $ apt install wget Download metasploit.sh script $ wget https://github.com/Auxilus/Auxilus.github.io/blob/master/metasploit.sh Run metasploit.sh script...
SpyNoteShell: backdooring apks files & persisten meterpreter session
SpyNoteShell Simple Python tool for backdooring apks files (with meterpreter or shell of Metasploit) Install Requirement apktool python signapk Metasploit Framework Java SDK Java Download git clone https://github.com/H0nus/SpyNoteShell.git ADDITIONAL FILES: SpyNoteShell.cna – This is the...
BackToMe: create payloads for Linux, Windows and OSX
BackToMe Little framework made in python to create payloads for Linux, Windows, and OSX with the unique handler. INFOS This little framework is intended to help pentesters/red teamers in creating FUD payloads with unique...
persistent-androidpayload: metasploit android persistent payload
Make metasploit android payload persistent Add AlarmManager Make service restart on destroy How-to just download release version, unpack android.zip under “data” folder of metasploit-framework’s root directory or compile Compile To compile JavaPayload for Metasploit...
Windows Exploitation: Backdoor on the fly with bdfproxy
What is Backdoor Factory? 1. What is Patching? “A patch is a piece of software designed to update a computer program or its supporting data, to fix or improve it.[1] This includes fixing security...
Metasploit: Autohide Android payload icon after running
On this post, I want to introduce a small tip when you create an android payload with Metasploit. How to autohide Android payload icon after running Update Metasploit to latest version apt-get update apt-get...
Metasploit Plugins: Add some useful plugin to Metasploit Framework
Metasploit Plugins Plugins for Metasploit Framework. Currently, only the Pentest plugin is being maintained due to changes in Metasploit Framework that limit what gems can be loaded when the framework starts. Installation git clone https://github.com/darkoperator/Metasploit-Plugins.git...
unauthenticated OS command injection vulnerability in vulnerable Netgear DGN1000
netgear_dgn1000_setup_unauth_exec The module netgear_dgn1000_setup_unauth_exec exploits an unauthenticated OS command injection vulnerability in vulnerable Netgear DGN1000 with firmware versions up to 1.1.00.48 in addition to DGN2000v1 models, all firmware versions. The vulnerability occurs in within the syscmd fuction...
Metasploit module to exploit Microsoft Office DDE Command Execution Vulnerability
dde_delivery This module generates an DDE command to place within a word document, that when executed, will retrieve a HTA payload via HTTP from an web server. Currently have not figured out how to...
Stækka Metasploit – Extenting Metasploit
Stækka Metasploit – Extending Metasploit This MSF plugin extends Metasploit for some missing features and modules allowing interaction with other/custom exploits/ways of getting shell access. The current focus here is Linux/Unix support. Core features...
[Metasploit] CVE-2017-9805: Apache Struts 2 REST Plugin XStream RCE
What is Apache Struts 2 REST Plugin XStream RCE (CVE-2017-9805)? Apache Struts released the latest security bulletin, Apache Struts 2.5.x REST plug-in there is a high-risk vulnerability in the implementation of the remote code,...
