BoomER : Framework For Exploiting Local Vulnerabilities

BoomER is an open source framework, developed in Python. The tool is focused on post-exploitation, with a main objective, the detection and exploitation of local vulnerabilities, as well as the collection of information from a system, such as the installed applications they have.

The framework allows the extension by third parties, through the development of modules, for it the developers must follow certain guidelines, among which the following stand out:

  • Type of inheritance
  • Methods or functions to be implemented
  • Required or new parameters
  • Module name
  • Location of the module within the framework

We wanted to give the tool a relationship with Metasploit, as it is the reference framework for pentesters, so from BoomER it is possible to open sessions in Metasploit.

To use BoomER, you should use command line, it is very similar to the tools that currently exist for the detection and exploitation of vulnerabilities, which helps to reduce the learning curve.

Also Read – Seth : Perform A MitM Attack & Extract Clear Text Credentials From RDP Connections

An example for DLL injection:

Our own meterpreter (based on Metasploit):

R K

Recent Posts

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

4 hours ago

MODeflattener – Miasm’s OLLVM Deflattener

MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…

4 hours ago

My Awesome List : Tools And Their Functions

"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…

4 hours ago

Chrome Browser Exploitation, Part 3 : Analyzing And Exploiting CVE-2018-17463

CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…

4 hours ago

Chrome Browser Exploitation, Part 1 : Introduction To V8 And JavaScript Internals

The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…

5 hours ago

Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…

7 hours ago