 Alan Foster
|
5b3fde7735
|
Rubocop recently landed modules
|
2021-02-16 15:08:08 +00:00 |
|
|
William Vu
|
a6f7c0c0de
|
Backport miscellaneous fixes to my modules
|
2020-08-14 13:40:23 -05:00 |
|
|
William Vu
|
0bcc473ded
|
Rename option to HOSTINFO_NAME and update doc
|
2020-05-01 12:59:01 -05:00 |
|
|
William Vu
|
c27269105e
|
Rename CmdStager to psh_invokewebrequest
|
2020-05-01 12:31:53 -05:00 |
|
|
William Vu
|
1364b08c4f
|
Make host info name configurable as an option
Though it has to be recognized by the server.
|
2020-05-01 12:19:12 -05:00 |
|
|
William Vu
|
96f802585a
|
Update dropper payload to stageless
We're using Invoke-WebRequest now. Or anything similar.
|
2020-05-01 12:19:12 -05:00 |
|
|
William Vu
|
9adaa08ddd
|
Use new PowerShell Invoke-WebRequest CmdStager
|
2020-05-01 12:19:12 -05:00 |
|
|
William Vu
|
9bfecbc2aa
|
Print the responses if found but don't bail
The responses aren't always in sync, causing unexpected failures.
|
2020-05-01 12:19:12 -05:00 |
|
|
William Vu
|
bb034acd7c
|
Note reason for SERVICE_RESOURCE_LOSS
|
2020-05-01 12:19:12 -05:00 |
|
|
William Vu
|
309475259a
|
Remove doubled-up command prefix from dropper
The library prefixes "cmd /c" automatically.
|
2020-05-01 12:19:12 -05:00 |
|
|
William Vu
|
84061881b8
|
Clarify module description
|
2020-05-01 12:19:12 -05:00 |
|
|
William Vu
|
9d601b50c2
|
Note how we trigger the deserialization vuln
|
2020-05-01 12:19:12 -05:00 |
|
|
William Vu
|
efab4f04f7
|
Add Veeam ONE Agent .NET deserialization exploit
|
2020-05-01 12:19:12 -05:00 |
|