SpoolSploit
SpoolSploit is a collection of Windows print spooler exploits containerized with other utilities for practical exploitation. A couple of highly effective methods would be relaying machine account credentials to escalate privileges and execute malicious DLLs on endpoints with full system access.
https://github.com/BeetleChunks/SpoolSploit
#ad #spooler #rpc
SpoolSploit is a collection of Windows print spooler exploits containerized with other utilities for practical exploitation. A couple of highly effective methods would be relaying machine account credentials to escalate privileges and execute malicious DLLs on endpoints with full system access.
https://github.com/BeetleChunks/SpoolSploit
#ad #spooler #rpc
GitHub
GitHub - BeetleChunks/SpoolSploit: A collection of Windows print spooler exploits containerized with other utilities for practical…
A collection of Windows print spooler exploits containerized with other utilities for practical exploitation. - BeetleChunks/SpoolSploit
Forwarded from Волосатый бублик
#ad #rpc #ntlm #privesc
[ Coercer ]
atricle: https://github.com/p0dalirius/windows-coerced-authentication-methods
There is currently 15 known methods in 5 protocols.
tool: https://github.com/p0dalirius/Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
[ Coercer ]
atricle: https://github.com/p0dalirius/windows-coerced-authentication-methods
There is currently 15 known methods in 5 protocols.
tool: https://github.com/p0dalirius/Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
👍2👎1
🦛 PetitPotam: Local Privilege Escalation
Now PetitPotato can elevate to SYSTEM on the latest windows.
My test version is 10.0.20348.1547
https://github.com/wh0amitz/PetitPotato/
#windows #privesc #rpc #petitpotam
Now PetitPotato can elevate to SYSTEM on the latest windows.
My test version is 10.0.20348.1547
https://github.com/wh0amitz/PetitPotato/
#windows #privesc #rpc #petitpotam
👍8
Office Injector - Invokes an RPC method in OfficeClickToRun service that will inject a DLL into a suspended process running as NT AUTHORITY\SYSTEM launched by the task scheduler service, thus achieving privilege escalation from administrator to SYSTEM.
Shim Injector - Writes an undocumented shim data structure into the memory of another process that causes apphelp.dll to apply the “Inject Dll” fix on the process without registering a new SDB file on the system, or even writing such file to disk.
DefCon Presentation
🔗 Source:
https://github.com/deepinstinct/ShimMe
#windows #office #rpc #inject #lpe
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥11👍5
🔔Call and Register — Relay Attack on WinReg RPC Client
A critical vulnerability (CVE-2024-43532) has been identified in Microsoft’s Remote Registry client. This flaw allows attackers to exploit insecure fallback mechanisms in the WinReg client, enabling them to relay authentication details and make unauthorized certificate requests through Active Directory Certificate Services (ADCS).
🔗 Research:
https://www.akamai.com/blog/security-research/winreg-relay-vulnerability
🔗 RPC Visibility Tool:
https://github.com/akamai/akamai-security-research/tree/main/rpc_toolkit/rpc_visibility
🔗 PoC:
https://github.com/akamai/akamai-security-research/tree/main/PoCs/cve-2024-43532
#ad #adcs #rpc #ntlm #relay #etw #advapi
A critical vulnerability (CVE-2024-43532) has been identified in Microsoft’s Remote Registry client. This flaw allows attackers to exploit insecure fallback mechanisms in the WinReg client, enabling them to relay authentication details and make unauthorized certificate requests through Active Directory Certificate Services (ADCS).
🔗 Research:
https://www.akamai.com/blog/security-research/winreg-relay-vulnerability
🔗 RPC Visibility Tool:
https://github.com/akamai/akamai-security-research/tree/main/rpc_toolkit/rpc_visibility
🔗 PoC:
https://github.com/akamai/akamai-security-research/tree/main/PoCs/cve-2024-43532
#ad #adcs #rpc #ntlm #relay #etw #advapi
1🔥9👍6❤2
🔍 NauthNRPC
A Python tool that introduces a new method for gathering domain information, including the enumeration of domain users. The tool leverages auth-level = 1 (No authentication) against the MS-NRPC (Netlogon) interface on domain controllers. All that's required is the domain controller's IP address, and the entire process can be completed without providing any credentials.
🔗 Research:
https://securelist.com/no-auth-domain-information-enumeration/112629/
🔗 Source:
https://github.com/sud0Ru/NauthNRPC
#ad #enum #netlogon #rpc
A Python tool that introduces a new method for gathering domain information, including the enumeration of domain users. The tool leverages auth-level = 1 (No authentication) against the MS-NRPC (Netlogon) interface on domain controllers. All that's required is the domain controller's IP address, and the entire process can be completed without providing any credentials.
🔗 Research:
https://securelist.com/no-auth-domain-information-enumeration/112629/
🔗 Source:
https://github.com/sud0Ru/NauthNRPC
#ad #enum #netlogon #rpc
4🔥26👍6❤1
🔥 MS-RPC-Fuzzer
PowerShell-based fuzzer that automates MS-RPC vulnerability research by dynamically creating RPC clients and fuzzing procedures with random inputs. Visualizes results through Neo4j graphs to help researchers identify potentially vulnerable RPC services.
🔗 Research:
https://www.incendium.rocks/posts/Automating-MS-RPC-Vulnerability-Research/
🔗 Source:
https://github.com/warpnet/MS-RPC-Fuzzer
#rpc #fuzzing #windows #vulnerability #research
PowerShell-based fuzzer that automates MS-RPC vulnerability research by dynamically creating RPC clients and fuzzing procedures with random inputs. Visualizes results through Neo4j graphs to help researchers identify potentially vulnerable RPC services.
🔗 Research:
https://www.incendium.rocks/posts/Automating-MS-RPC-Vulnerability-Research/
🔗 Source:
https://github.com/warpnet/MS-RPC-Fuzzer
#rpc #fuzzing #windows #vulnerability #research
2🔥15👍1