All Activity

Introduction This is a collection of Cobalt Strike Aggressor scripts I developed and tested while I was a Red Team member for Locked Shields 2021. Initial Access Initial Access consists of techniques that use various entry vectors to gain their initial foothold within a network. initial-access-cmd/initial-access-cmd.cna: Certutil Web Delivery (Custom): Provides a CMD one-liner to deliver a custom executable via Certutil Certutil Web Delivery (Stageless): Provides a CMD one-liner to deliver a stageless Cobalt Strike payload via Certutil Bitsadmin Web Delivery (Stageless): Provides a CMD one-liner to deliver a stageless Cobalt Strike payload via Bitsadmin Regsvr32 Web Delivery (Stageless): Provides a CMD one-liner to deliver a stageless Cobalt Strike payload via Regsvr32 MSHTA Web Delivery (Stageless): Provides a CMD one-liner to deliver a stageless Cobalt Strike payload via MSHTA Rundll32 Web Delivery (Stageless): Provides a CMD one-liner to deliver a stageless Cobalt Strike payload via Rundll32 initial-access-powershell/initial-access-powershell.cna: Pure Powershell Web Delivery (Stageless): Provides a PowerShell one-liner to deliver (in-memory) a stageless Cobalt Strike PoweShell payload Artifact Powershell Web Delivery (Stageless): Provides a PowerShell one-liner to deliver (in-memory) a PowerShell scripts which embeds a stageless Cobalt Strike payload initial-access-python/initial-access-python.cna: Python 2 Web Delivery: Provides a Python 2 one-liner to deliver a stageless Cobalt Strike payload (it assumes the following path for Python 2: c:\Python27\pythonw.exe) Python 3 Web Delivery: Provides a Python 3.9 one-liner to deliver a stageless Cobalt Strike payload (it assumes the following path for Python 3.9: C:\Python39\pythonw.exe) Persistence Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. persistence-sharpersist/persistence-sharpersist.cna: * Startup Folder (Upload executable) [Reboot]: Installs persistence for all users by uploading an executable to the startup folder [Requires administrator privileges] Startup Folder (Upload executable) [Reboot]: Installs persistence for the current user by uploading an executable to the startup folder * Windows Service (Powershell command) [Reboot]: Installs persistence for all users by creating a Windows service launching a PowerShell command [Requires administrator privileges] * Windows Service (Upload executable) [Reboot]: Installs persistence for all users by uploading an executable and creating a Windows service launching it [Requires administrator privileges] * Scheduled Task (Powershell command) [Logon/Hourly]: Installs persistence for all users by creating a Scheduled Task launching a PowerShell command [Requires administrator privileges] * Scheduled Task (Upload executable) [Logon/Hourly]: Installs persistence for all users by uploading an executable and creating a Scheduled Task launching it [Requires administrator privileges] Scheduled Task (Powershell command) [Logon/Hourly]: Installs persistence for the current user by creating a Scheduled Task launching a PowerShell command Scheduled Task (Upload executable) [Logon/Hourly]: Installs persistence for the current user by uploading an executable and creating a Scheduled Task launching it * Registry (Powershell command) [Logon]: Installs persistence for all users by adding a PowerShell command to an autorun registry key [Requires administrator privileges] * Registry (Upload executable) [Logon]: Installs persistence for all users by uploading an executable and adding it to an autorun registry key [Requires administrator privileges] Registry (Powershell command) [Logon]: Installs persistence for the current user by adding a PowerShell command to an autorun registry key [Requires administrator privileges] Registry (Upload executable) [Logon]: Installs persistence for the current user by uploading an executable and adding it to an autorun registry key * Sticky Keys (CMD): Launches a CMD prompt in case of sticky keys or other accessibility tools (e.g., Narrator, Magnifier) execution * Sticky Keys (Beacon): Launches a Cobalt Strike beacon in case of sticky keys or other accessibility tools (e.g., Narrator, Magnifier) execution Defense Evasion Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. evasion-disable-defender/evasion-disable-defender.cna: * Disable AV/Firewall: Disables Windows Defender [Requires administrator privileges] * Add Exclusions (Auto): Automatically adds a list of paths and executables to the Windows Defender exclusions [Requires administrator privileges] * Add Exclusions (Custom): Adds a custom path and executable to the Windows Defender exclusions [Requires administrator privileges] * Add Exclusions (Extensions): Adds a custom file extension to the Windows Defender exclusions [Requires administrator privileges] * Remove Definitions: Removes Windows Defender definitions [Requires administrator privileges] evasion-disable-edr/evasion-disable-edr.cna * Kill EDRs: Tries to automatically kill all EDRs/AVs [Requires administrator privileges] * Kill EDR (Custom): Tries to kill a custom EDR/AV [Requires administrator privileges] Download [hide][Hidden Content]]

Apache Solr versions 6.0.0 through 8.11.2 and versions 9.0.0 up to 9.4.1 are affected by an unrestricted file upload vulnerability which can result in remote code execution in the context of the user running Apache Solr. When Apache Solr creates a Collection, it will use a specific directory as the classpath and load some classes from it. The backup function of the Collection can export malicious class files uploaded by attackers to the directory, allowing Solr to load custom classes and create arbitrary Java code. Execution can further bypass the Java sandbox configured by Solr, ultimately causing arbitrary command execution.View the full article

Relate Learning and Teaching System versions prior to 2024.1 suffers from a server-side template injection vulnerability that leads to remote code execution. This particular finding targets the Batch-Issue Exam Tickets function.View the full article

Death-RAT v0.3 Beta PREVIEW DOWNLOAD: upload.ee: [hide][Hidden Content]]

Nginx versions 1.25.5 and below appear to have a host header filtering validation bug that could possibly be used for malice.View the full article

Unlock PDF Restrictions Easily with PDF Password Remover: Print, Copy, and Convert Protected PDF Files! Many PDF files cannot be printed or converted due to protection measures. PDF Password Remover is a shareware tool designed to eliminate restrictions from protected PDF files. Key features of PDF Password Remover include two work methods to remove owner password protection directly and user password protection with a required user password. After removing the PDF password, you can copy content from the decrypted PDF and use it wherever you want. Additionally, the tool allows you to convert the previously restricted PDF document into various editable formats such as MS Word, Excel, and images using other PDF converters. Prior to removing the password from a protected PDF, users lack the authority to print the document. Once the password and restrictions are removed, the PDF file can be printed as a normal document. Screenshots: Link: [hide][Hidden Content]] Mirror: [hide][Hidden Content]] Virus Total: [Hidden Content] *Note These tools were not analyzed so they should be used in a secure environment such as a virtual machine or RDP, never on your personal computer.

ManageEngine Patch Manager Plus Professional (License) » Patch Windows, Mac & Linux endpoints » 3rd party patch management » Server application patch management » Service pack deployment » Patch management reports » Role based administration » Two factor authentication [Hidden Content] [hide][Hidden Content]] Password: level23hacktools.com

Acunetix Premium - v24.3.2 15 APR 2024 IMPROVEMENTS Replaced an expiring Invicti Signing Code Certificate for Windows binaries [Hidden Content] [hide][Hidden Content]] Password: level23hacktools.com

Burp Suite Professional v2024.3.1.2 + BurpBounty_Pro 2.8.0 + JDK 22 NOTE - Run this version With Java SE JDK 22 Released Monday, 15 April 2024 This release upgrades Burp's built-in browser to Chromium 123.0.6312.122 for Windows and Linux, and 123.0.6312.123 for Mac. For more information, see the Chromium release notes. [Hidden Content] [Hidden Content]

A remote SQL injection vulnerability exists in FortiNet FortiClient EMS (Endpoint Management Server) versions 7.2.0 through 7.2.2 and 7.0.1 through 7.0.10. FortiClient EMS serves as an endpoint management solution tailored for enterprises, offering a centralized platform for overseeing enrolled endpoints. The SQL injection vulnerability is due to user controller strings which can be sent directly into database queries. FcmDaemon.exe is the main service responsible for communicating with enrolled clients. By default it listens on port 8013 and communicates with FCTDas.exe which is responsible for translating requests and sending them to the database. In the message header of a specific request sent between the two services, the FCTUID parameter is vulnerable to SQL injection. It can be used to enable the xp_cmdshell which can then be used to obtain unauthenticated remote code execution in the context of NT AUTHORITY\SYSTEM. Upgrading to either 7.2.3, 7.0.11 or above is recommended by FortiNet. It should be noted that in order to be vulnerable, at least one endpoint needs to be enrolled / managed by FortiClient EMS for the necessary vulnerable services to be available.View the full article

GitKraken GitLens versions prior to 14.0.0 allow an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10.View the full article

This Metasploit module creates a vsix file which can be installed in Visual Studio Code as an extension. At activation/install, the extension will execute a shell or two. Tested against VSCode 1.87.2 on Ubuntu 22.04.View the full article

A remote code execution vulnerability in Gambio online webshop versions 4.9.2.0 and below allows remote attackers to run arbitrary commands via an unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization flaw, which ultimately allows an attacker to execute remote code on affected systems. The insecure deserialization vulnerability in Gambio poses a significant risk to affected systems. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.View the full article

This Metasploit module exploits two vulnerabilities in Palo Alto Networks PAN-OS that allow an unauthenticated attacker to create arbitrarily named files and execute shell commands. Configuration requirements are PAN-OS with GlobalProtect Gateway or GlobalProtect Portal enabled and telemetry collection on (default). Multiple versions are affected. Payloads may take up to one hour to execute, depending on how often the telemetry service is set to run.View the full article

Palo Alto PAN-OS versions prior to 11.1.2-h3 command injection and arbitrary file creation exploit.View the full article

LRMS PHP version 1.0 suffers from remote shell upload and multiple remote SQL injection vulnerabilities.View the full article

Dreamehome versions 2.1.5 and below suffer from multiple broken authorization vulnerabilities.View the full article

[Hidden Content] Telegram Channel: @databasefromstorm My telegram: @BrowzData

i want to see the rest

[hide][Hidden Content]]

Content: CinaRAT VirusRat v8.0 Beta InfinityRAT - Cracked DalethRAT 1.0 Nitr0 Z3us DiamondRAT WOLFRAT v2.1 Lime-Worm-0.5.8D Viral-Rat 1.0 By Sameed CobianRAT v1.0.40.7 LuxNETRAT v1.1.0.4 Cracked Vayne Rat RDP Multi Tool - \_edBy \[\_PCR\_\] NingaliNET v1.1.0.0 - cracked XpertRAT v3.0.10 By Abronsius HichamRAT v0.9d Black Worm 6 EagleRAT v2.5 LuminosityLink+builder MegaRAT 1.5 Beta AsyncRat Release Last Version Rottie3RAT (compiled by arsium) PentagonRAT cybergate\_v3.4.2.2 full private DarkTrack+Alien+4.1 Insidious SpyNote Cracked By B0u3Zizi ARES RAT V1.2.1 SpyMAX V2 Screenshots: Link: [hide][Hidden Content]] Mirror: [hide][Hidden Content]] Virus Total: [Hidden Content] *Note These tools were not analyzed so they should be used in a secure environment such as a virtual machine or RDP, never on your personal computer.

Master the Art of Espionage with the Ultimate Stealer Tool Pack Unleash digital mayhem with the **Ultimate Stealer Tool Pack**—a collection of cutting-edge crypters, keyloggers, and RATs designed to infiltrate, steal, and disrupt. Explore tools like the 007 keylogger, Chrome Crypter 4.9, and the elusive Silent-Crypto-Miner-Builder. Delve into the dark side of cybersecurity and wield these powerful instruments for covert operations. Elevate your game with this arsenal of cyber weaponry—crafted for those who dare to delve into the shadows of digital espionage. Unlock the tools now. **Featured in this pack:** * 0 Crypter * 007 keylogger * 888\_RAT\_1.0.8\_O\_Cracked by Artist * 888-Rat-v1.2.6-Cracked-By-Qasim-Haxor * 1337 Steam ACC Stealer Private * 2020 Crypter * Advance Keylogger & Stealer * Anonymous Keylogger * Ardamax Keylogger remover * ATT Worm Cracked * Aurora Worm v1 - Cracked by RoN1N * Black Worm 6 * Black Worm Creator v2.1 * Blue Botnet Bot Builder * Brata-RAT * Byte Crypter V3 * Carb0n Crypter 1.7 * Chrome Crypter 4.9 * CyberBot - Worm V1.0.4 * Darkwar Crypter * Digital Keylogger v3.3 * Discord Token Stealer - FTP * Emisarry Keylogger * Grieve Crypter 2012 * Hackhound Crypter * High Life Crypter * Hitlogger Checker * IHC-Hotmail-Brute-&-Inboxer-IPV6 * Infinity Crypter v2 * Instagram-Social-Tool-v3-0-By-Cyber-Data-CRACKED * Kasos Keylogger - Builder * Lime-Worm-0.5.8D * Metamask-Checker-by-CodeGangland * Moon Crypter * no$crypter * OwnZ Crypter 3.5.9 * Psomasweb Public Rinajel Crypter * Quest Crypter * REDLINE-STEALER-V20.2-Cracked-Edition * Refract's Crypter * Saddam Crypter * Sikandar Crypter * Silent Keylogger v1.6 PublicVersion By BUNNN * Silent-Crypto-Miner-Builder * Steam Gold Stealer v1.5 Cracked * Steam Stealer 1.0 by ghstoy * Steam Stealer by till7 * Unknow Crypter Private * Wormins RAT 1.5.3 By Worm System Screenshots: Link: [hide][Hidden Content]] Mirror: [hide][Hidden Content]] *Note These tools were not analyzed so they should be used in a secure environment such as a virtual machine or RDP, never on your personal computer.

SofaWiki version 3.9.2 suffers from a remote shell upload vulnerability.View the full article

Laravel Framework version 11 suffers from a credential disclosure vulnerability.View the full article