Windows SYSTEM Escalation Via KiTrap0D
This Metasploit module will create a new session with SYSTEM privileges via the KiTrap0D exploit by Tavis Ormandy. If the session in use is already elevated then the exploit will not run. The module...
View ArticleSeagate Business NAS 2014.00319 Remote Code Execution
Seagate Business NAS versions 2014.00319 and below suffer from a pre-authentication remote code execution vulnerability.
View ArticleSeagate Business NAS Unauthenticated Remote Command Execution
Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability...
View ArticleMicrosoft Windows ClientCopyImage Improper Object Handling
This Metasploit module exploits improper object handling in the win32k.sys kernel mode driver. This Metasploit module has been tested on vulnerable builds of Windows 7 x64 and x86, and Windows 2008 R2...
View ArticleAppLocker Execution Prevention Bypass
This Metasploit module will generate a .NET service executable on the target and utilise InstallUtil to run the payload bypassing the AppLocker protection. Currently only the InstallUtil method is...
View ArticleWindows Capcom.sys Kernel Execution Exploit (x64 only)
This Metasploit module abuses the Capcom.sys kernel driver's function that allows for an arbitrary function to be executed in the kernel from user land. This function purposely disables SMEP prior to...
View ArticleWindows Escalate UAC Protection Bypass
This Metasploit module will bypass Windows UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows Event Viewer...
View ArticleMicrosoft SQL Server Clr Stored Procedure Payload Execution
This Metasploit module executes an arbitrary native payload on a Microsoft SQL server by loading a custom SQL CLR Assembly into the target SQL installation, and calling it directly with a...
View ArticleWindows Escalate UAC Protection Bypass (Via COM Handler Hijack)
This Metasploit module will bypass Windows UAC by creating COM handler registry entries in the HKCU hive. When certain high integrity processes are loaded, these registry entries are referenced...
View ArticleBlueKeep RDP Remote Windows Kernel Use-After-Free
The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause a use-after-free. With a controllable data/size...
View Article
