How to install metasploit inside Win10 WSL and use some python scripts to exploit vulnerable Win2k through 2k16 machines.
willgenovese.com/exploiting-with-eternalromance-using-metapsloit-installed-inside-win10-wsl/
Have fun scanning before DigitialOcean releases their public notice:
1-Click users potentially remotely exploitable unless they have changed the debian-sys-maint password {MySQL, PHPMyAdmin,LAMP, LEMP, WordPress, OwnCloud}
In the MySQL Debian/Ubuntu packaging, there is an additional MySQL user being created: debian-sys-maint.
Any Droplet created from this common image shares the same password for the MySQL debian-sys-maint user.
Affected Versions:
Ubuntu 14.04
Ubuntu 16.04
Ubuntu 17.10
Debian 7
Debian 8
Not Affected:
Debian 9
It’s been a fun 15 years, nothing’s changed since our inception , the industry still sucks and is full of greedy fucks selling bullshit, 0days still dropping because of shitty code, celebrities still getting exposed, and the government treats still treats hackers like terrorists with obscenely high sentences. So here’s to another year of pwning, eventually they’ll get it right.
The build brings new changes targeting previously exploited dll-hijacking and uac bypass method vulnerabilities.
cliconfg.exe – can no longer be used as target for autoelevation as MS changed it manifest to autoelevate=false.
mmc.exe – event viewer console fixed, dll hijacking no longer works.
fake IIS inetmgr.exe launch from inetsrv appinfo hardcoded directory fixed too – Windows will not allow you to run & autoelevate anything except legit InetMgr.exe from system32\inetsrv directory.
Bypasses alot of the methods used by UACme that is posted in my ::Wiki::
Attacking AM/OOK systems that implement rolling codes.
http://andrewmohawk.com/2016/02/05/bypassing-rolling-code-systems/
Listing of common Windows commands that attackers intruding into a network use in order to collect information and/or to spread malware infection within the network. http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html
Eset released their annual report “Windows exploitation in 2015” a comprehensive overview of various aspects of defensive and offensive technologies in Microsoft Windows, Internet Explorer, Google Chrome, and EMET.
Vovnenko and his lawyers agreed to a plea agreement where Vovnenko took the rap, agreeing that he could face a sentence of 20 years imprisonment and $250,000 fine. Because he also faced the charge of Aggravated Identity Theft, there is an additional two year mandatory minimum sentence that cannot run concurrently with any other sentence. Sentencing in this case is set to May 2, 2016.
::SRC::
well as far as fund to support the server we have none, we do this as a hobby,not a job, we dont get piad, we like what we do we like to present the latest tools in internet hacking/security.. unfortunately the guy who has been hosting us for the past year isnt able to make the payments on the server, he wanted to at least host some othes sites to have the server pay for itself.. so in the next few weeks we might be up and down depending if we can get reliable hosting.. if not we might have to drop the files and go to a free host… so if you can help support us or know anyone who needs some cheap hosting packages please email me. also looking for some html coders to help setup the new hosting page…
You are from the area.
We love our country, but fear our government.