This module connects to the remote domain controller host and attempts to determine by requesting a specially crafted packet, if the target is vulnerable to CVE-2020-1472 based on the inspection of the target's response.
This module connects to the remote host and attempts to determine by sending specially crafted requests, if the target is vulnerable or not to CVE-2024-0204 based on the inspection of the target's response. If the target is vulnerable, the module will create a new admin user in the target system using the provided credentials. If no credentials are provided, it will generate a random one. Also, the new admin credentials will be added as an identity.
This module connects to a remote target via any exposed DCE RPC endpoints and fingerprints them to determine if the machine appears to be compromised by the Conficker worm. The module is able to detect B, C and D variants of the worm.
This module connects to the remote host and attempts to determine by sending specially crafted requests, if the target is vulnerable to CVE-2022-26138 based on the inspection of the target's response. If the target is vunerable, the module will output the cookie obtained in the authentication process.
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre
This module allow to set a short name 8.3 of a file when you don't have write privileges to the directory where the file is located.The vulnerability exists due to NtfsSetShortNameInfo does not properly impose security restrictions in NTFS Set Short Name, which leads to security restrictions bypass and privilege escalation. SETTING THE STAGE. Log in as a normal user in the target machine, and create a txt file in root accepting the UAC prompts for the administrator, verify that you can write to this file, next pass the path to the file to the checker's TARGET_FILE_PATH argument, create the agent as normal user and use the checker, if the machine is vulnerable the ShortName of the file will be changed and displayed albeit you has no permission to do it in this folder
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. It must be executed on an agent with root privileges only for linux system.
Windows ZIP extraction bug (CVE-2022-41049) lets attackers craft ZIP files, which evade warnings on attempts to execute packaged files, even if ZIP file was downloaded from the Internet. The "Mark Of The Web" is not transferred from the Zipped File into the Unzipped File if the target is vulnerable.
The vulnerability relates to the use of Windows .URL files to execute a remote binary via a UNC path. When the targeted user opens or previews the .URL file (for example, from an email), the system attempts to access the specified path (for example, a WebDAV or SMB share), resulting in the execution of arbitrary code.
This module exploits a vulnerability in Microsoft Management Console (MMC). This module runs a malicious web server on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web server. The Microsoft Management Console contains a security flaw that allows remote code execution via malicious .msc files with embedded ActiveX control. An attacker sends a crafted .msc file with embedded ActiveX containing a link to a malicious server. The server executes a script to fetch a PowerShell file ultimately deploying an agent.