Meta Sploit Telegram (MS-TL) : Unleashing Remote Control Capabilities Through Telegram

Explore the cutting-edge capabilities of Meta Sploit Telegram (MS-TL), a powerful Telegram bot designed for remote PC control. This article guides you through the installation process and demonstrates how to effectively commandeer computers via simple Telegram commands. Unlock the potential of MS-TL and transform your approach to remote system management. Installing First, you should install Its_Hub …

Flagger – A Powerful CLI Tool For Crafting CTF Exploits

Discover the power of Flagger, a streamlined command-line interface tool designed for cybersecurity enthusiasts and professionals alike. Crafted specifically for Capture The Flag (CTF) competitions, Flagger integrates seamlessly with pwntools to facilitate the development of effective exploits. Whether handling HTTP requests or managing custom scripts, Flagger is your go-to tool to enhance your CTF arsenal. …

BackupCreds – Mastering Credential Dumping In Windows

BackupCreds presents a groundbreaking method for security professionals to exploit SeTrustedCredmanAccessPrivilege, enabling the dumping of stored credentials in Windows environments. This article delves into the intricate process of leveraging elevated shells for credential extraction, offering a step-by-step guide on accessing and manipulating the Windows Credential Manager. Discover how BackupCreds transforms security testing and vulnerability assessments …

NTLM Relay Gat – Automating Exploitation Of NTLM Relay Vulnerabilities

NTLM Relay Gat revolutionizes the approach to exploiting NTLM relay vulnerabilities by automating the use of the Impacket suite’s ntlmrelayx.py tool. Designed for both novices and experienced cybersecurity professionals, this tool streamlines the process of identifying and exploiting weaknesses in network security. With its user-friendly interface and powerful features, NTLM Relay Gat serves as a …

Shelter : Mastering In-Memory Payload Encryption With Advanced ROP Techniques

Shelter is a completely weaponized sleep obfuscation technique that allows to fully encrypt your in-memory payload making an extensive use of ROP. This crate comes with the following characteristics: Content Usage Import this crate into your project by adding the following line to your cargo.toml: Then, compile your project on –release mode. The main functionality of this crate …

LooneyPwner: Exploiting the glibc ‘Looney Tunables’ Flaw in Linux

Exploit tool for CVE-2023-4911, targeting the ‘Looney Tunables’ glibc vulnerability in various Linux distributions. LooneyPwner is a proof-of-concept (PoC) exploit tool targeting the critical buffer overflow vulnerability, nicknamed “Looney Tunables,” found in the GNU C Library (glibc). This flaw, officially tracked as CVE-2023-4911, is present in various Linux distributions, posing significant risks, including unauthorized data …

Aladdin: Advanced .NET Payload Generation and Execution Techniques

Aladdin is a payload generation technique based on the work of James Forshaw (@tiraniddo) that allows the deseriallization of a .NET payload and execution in memory. The original vector was documented on https://www.tiraniddo.dev/2017/07/dg-on-windows-10-s-executing-arbitrary.html. By spawning the process AddInProcess.exe with arguments /guid:32a91b0f-30cd-4c75-be79-ccbd6345de99 and /pid:, the process will start a named pipe under \\.\pipe\32a91b0f-30cd-4c75-be79-ccbd6345de99 and will wait for a .NET Remoting object. If we generate …

Exploiting CVE-2023-49103: A Python Script for Rapid phpinfo() Detection

PoC for the CVE-2023-49103 Overview This Python script is designed to efficiently process a large list of URLs to check for the presence of phpinfo() output. It uses multi-threading to handle a large number of URLs concurrently, significantly speeding up the process. The script also features a real-time progress bar to visually track the progress. Requirements Installation …

Padre: A Powerful Tool for Exploiting Padding Oracle Attacks

Padre is a sophisticated and efficient software tool specifically engineered to leverage the inherent weaknesses in CBC mode encryption through the exploitation of Padding Oracle vulnerabilities. The system incorporates concurrent operations to optimize the process of decryption and encryption of user-defined data. Additionally, it includes an automated mechanism to identify padding oracles and cipher block …

LightsOut: Disabling AMSI & ETW with an Obfuscated DLL

LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing all WinAPI functions used, xor encoding strings, and utilizing basic sandbox checks. Mingw-w64 is used to compile the obfuscated C code into a DLL that can be loaded into any process where AMSI …