There are exploitation frameworks and then there is Metasploit. Though it has a few modules targeted towards embedded devices, it is your “general purpose” framework. If you are looking at a comprehensive embedded devices/router exploitation framework you now have RouterSploit!
Close on the heels of my earlier post about MicroSploit, the Microsoft Office Exploitation Toolkit, that was on the *NIX platform, this post is about Luckystrike, a malicious Microsoft Office malicious document generator on Microsoft’s very own Windows platform.
My last post about WordPress security was WPSeku, the simple WordPress security scanner. This post is about WPXF, short for the WordPress Exploit Framework, which will help you go one step further and perform penetration tests on WordPress powered websites.
This is a short post about MicroSploit, an open source toolkit that helps you create custom office platform based backdoors using the Metasploit framework and the different payloads it supports.
It is a simple bash script that uses command line inputs and Zenity for creating GTK+ dialog boxes to accept additional input. As of now, MicroSploit supports the creation of backdoors for the following platforms:
- MS12-027 MSCOMCTL ActiveX Buffer Overflow
- Microsoft Office Word Malicious Macro Execution on Windows
- Microsoft Office Word Malicious Macro Execution on Mac OS X (Python)
- Apache OpenOffice Text Document Malicious Macro Execution on Windows (PSH)
- Apache OpenOffice Text Document Malicious Macro Execution on Linux/OSX (Python)
The toolkit is Metasploit v4.14.0-dev compliant and since this is all done via Metaspoit, the following payloads are supported:
All in all this version, code named “Mario Bros” is easy to use and supported on operating systems such as Kali Linux, Parrot Security OS and BackBox out of the box. You will have to install the necessary tools for this to work on your OS. This tool can also be customized to run other Metasploit supported client side attacks related to Adobe, and other software’s easily.
Start by checking out the GIT repository, browse to the directory created and run the following to access the tool:
chmod +x Microsploit && ./Microsploit
This short post is about Invoke-Phant0m, which “walks” thread stacks of the Event Log Service process (specifically svchost.exe), identifies them and kills Event Log Service Threads. This will render the system unable to collect system logs, while the Event Log Service appears to be running.
Invoke-Phant0m is an open source Microsoft Windows based event log killer in PowerShell that can help you hide your activities on a server post-exploitation. The only problem I see with this script is that it needs Administrative privileges to execute, but post exploitation this wont be true as you already might have those privileges or gain them and then run this script. A few more PowerShell related projects from the PenTestIT blog can be found here. It’s really encouraging to see PowerShell being used in so many projects and maybe tomorrow it will be added to other frameworks such as Nishang, etc.
You can get Invoke-Phant0m.ps1 from it’s GitHub page here.
There are a lot of open source WordPress security scanners out there right now and WPSeku is one more of them. Since it’s release about a month ago, it has a few static cross-site scripting, local file inclusion and SQL injection strings which it tries to leverage while scanning a website.
A problem with remote web application vulnerability scanners is that sometimes they have false positives. The only way to get good results is by launching an actual exploit, which if not treated with caution can lead to problems with the web application itself. This is where pyfiscan comes into picture and helps you perform a non-intrusive vulnerability scan on your own web application.