IBM WebSphere (RCE) - Metasploit Module

This module exploits a vulnerability in IBM's WebSphere Application Server identified by CVE-2015-7450. An unsafe deserialization call of unauthenticated Java objects exists to the Apache Commons Collections (ACC) library, which allows remote arbitrary code execution.

Undetectable Metasploit WAR

A possible attack path during a penetration test is having access to the administrative console of a JAVA Application Server (like WAS, JBOSS and Tomcat) installed on a Windows server with default or guessable (e.g. through brute-force) administrative credentials.

The idea was to upload a Metasploit generated WAR application in order to successfully compromise the server, but the outcome was not the expected...

Knock and Pass: Kerberos Exploitation

Almost a year after the critical vulnerability MS14-068 lot of guides and tutorials have written how to trick the Domain Controller in order to retrieve the Golden ticket impersonating a simple user as a user with "high level" privileges.

The purpose of this post is not to teach you or to re/present how to exploit a DC in order to retrieve the Kerberos ticket because there are hundreds well written posts about the specific exploitation but a general guide of how to configure a Linux machine in order to generate a valid Kerberos ticket without assigning your host machine into the Domain Controller.

Bypass UAC and AV on Windows 7

It's being a long time since I wrote my last tutorial, so I'm coming back folks with a new one that implements some basic penetration techniques like msfconsole and introducing a couple of amazing tools for our purpose such as Shellter.

Some intro about Shellter.

Shellter is a dynamic shellcode injection tool, and probably the first dynamic PE infector ever created. It can be used in order to inject shellcode into native Windows applications (currently 32-bit apps only).

The shellcode can be something yours or something generated through a framework, such as Metasploit.

Previous Tutorials

[+] Dump memory / Volatile memory

[+] Exploitation Ubuntu - Windows Services

[+] Crack Hashes using Hashcat

[+] Create Wordlists using Crunch

[+] Crack Hashes using Rainbow Tables

[+] Crack Passwords using John the Ripper