CVE-2016-10033: WordPress 4.6 RCE Vulnerability
WordPress (WP) is a free and open source CMS for managing a website, blog, and other content on the Internet that was first released on May 27, 2003. Today, WordPress...
Category: Metasploit
Exploiting Apache Struts S2-045 (CVE-2017-5638) vulnerability with Metasploit
Apache Struts is an open source project maintained by the Apache Software Foundation, an open source MVC framework for creating enterprise Java Web applications, offering two versions of the framework...
Exploit Windows machine MS-17-010 is easy like ms08_067
Shadow Brokers shocked the world once again leaked a confidential document, which contains a number of beautifully Windows remote exploits that can cover a large number of Windows servers, Windows...
Windows Exploitation: Backdoor on the fly with bdfproxy
What is Backdoor Factory? 1. What is Patching? “A patch is a piece of software designed to update a computer program or its supporting data, to fix or improve it.[1]...
AutoRun Script on Metasploit Framework
In Metasploit it supports an interesting feature called AutoRunScript. This feature can enable users to specify the module operation by creating the .rc file pre-registered automatically during operation Exploit. It...
Install Metasploit on Windows 10
Source github
Upgrade shell session to meterpreter session on Metasploit
Sometimes, I can get only shell session on your target by exploting some vulerabiliy. With shell session, you can execute commands that OS system support as ipconfig, systeminfo, tasklist, taskill…...
An Introduction to Metasploit Meterpreter Backdoor
What is Meterpreter? Meterpreter is an extension module in the Metasploit framework that is used as an attack after a successful overflow. The attack returns a control channel after the...
Metasploitable3: Brute Force SMB Share and get shell
Introduce SMB: Short for Server Message Block, SMB is a common network communications method used on Microsoft operating systems allowing those computers to communicate with other SMB computers. Linux and...
WMAP: Web Vulnerability Scan on Metasploit
Introduce The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its best-known sub-project is the open...
Dumping and Cracking the local user accounts from the SAM database
Let’s talk about the hash crack through post / hashdump and john (john the ripper) of the Metasploit module. Once the meterpreter shell is injected and driven into the target...
Penetration-Testing-Toolkit: A web interface to automate Penetration Testing
Penetration Testing Toolkit A web interface to automate Scanning, Generating metasploit payload, Network Testing,Exploring CMS,Information Gathering,DNS Queries,IP Tools,Domain tools and much more. Features Includes web interface for different tools for...
Metasploitable3: SSH Bruteforce & get Remote Shell
Description The SSH server on the remote host accepts a publicly known static SSH private key for authentication. A remote attacker can log in to this host using this publicly...
Metasploitable3: Exploiting Axis2 vulerability
Introduction Apache Axis2™ is a Web Services / SOAP / WSDL engine, the successor to the widely used Apache Axis SOAP stack. There are two implementations of the Apache Axis2...
Exploit Windows using PowerShell attack
msf > use exploit/windows/misc/hta_server This module hosts an HTML Application (HTA) that when opened will run a payload via Powershell. When a user navigates to the HTA file they will...
