Impacket Remote code execution (RCE) on Windows from Linux

Impacket is a collection of Python classes and functions for working with various Windows network protocols. It is a centerpiece of many different pentesting tools. Impacket can work with plain, NTLM and Kerberos authentications, fully supporting passing-the-hash (PTH) attacks and more. https://github.com/SecureAuthCorp/impacket Method Port Used psexec.py tcp/445 dcomexec.py tcp/135, tcp/445, Read more…

Connect to Windows Remote Management (WinRM) using Evil WinRM

Windows Remote Management (WinRM) is the Microsoft implementation of WS-Management Protocol, a standard Simple Object Access Protocol (SOAP)-based, firewall-friendly protocol that allows hardware and operating systems, from different vendors, to interoperate. https://docs.microsoft.com/en-us/windows/win32/winrm/portal WinRM is a command-line tool that is used for the following tasks: Remotely communicate and interface with hosts Read more…

ColdFusion 8 FCKeditor CurrentFolder directory traversal / File Upload / RCE – CVE-2009-2265

Multiple vendor applications that utilize FCKeditor could allow a remote attacker to traverse directories on the system and upload arbitrary files. A remote attacker could exploit this vulnerability using directory traversal sequences in the CurrentFolder parameter to several connector modules to view arbitrary files or upload malicous executable files on Read more…

Drupal 7.x Module Services – Remote Code Execution

Drupal has an insecure use of unserialize(). The exploitation of the vulnerability allowed for privilege escalation, SQL injection and, finally, remote code execution. (https://www.ambionics.io/blog/drupal-services-module-rce) We will use Exploit db code to exploit this vulnerability. (https://www.exploit-db.com/exploits/41564) Exploit 1. Determine the version of drupal. For this we can access CHANGELOG.txt from the Read more…