Jump to content

Dviros

Active Members
  • Posts

    9
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Dviros's Achievements

Newbie

Newbie (1/14)

  1. I agree. Once I have the time I''ll try to obfuscate it :)
  2. Correct. This is something that I didn't overcome yet - there is an Eternalblue exploit based on PS, however, it wasn't stable enough. Here's the VT scan (detected by 14 AV's): https://www.virustotal.com/#/file/e1b8cff9071ea0863d8fcae4aabcd41300612e551bf4773f946e7a67c053fa92/detection In any case, I recommend on compiling the python exploit in pyinstaller as a standalone.
  3. Hey guys, Excalibur is a payload for scanning and exploiting Eternalblue affected machines automatically. You can view it here: https://github.com/Dviros/Excalibur
  4. Dviros

    [PAYLOAD] AVKill

    Also, here's my syntax: (I cannot paste it over here) https://pastebin.com/G8PAJLxG
  5. Dviros

    [PAYLOAD] AVKill

    Hi, What about AV's that are running as SYSTEM? It cannot be killed even when running as an admin.
  6. @PoSHMagiC0de Thanks for the comprehensive explanation. For the copying of the CSV file, I will just modify your SMB script to collect it. For the execution of the script, I've tried at first to import the module and then to execute it in the same command (import-module ACLight.psm1; start-aclight), however, due to the relative location of the scripts, it can't be found. So I've contacted the developer and asked him for a single PS1 script. This may be the answer. As for the EXE, that's an agreeable approach - copy to %temp%, unzip (found it better in terms of integrity keeping) the EXE and execute it. Thanks man. I'll be happy to assist with the .NET dll.
  7. Dear @PoSHMagiC0de, Thanks a lot for your payload! I want to add my own scripts, that may need to include "import-module" type of code (for example, https://github.com/CyberArkLabs/ACLight). 1. How to I do it? 2. Is it possible to run EXE files as well? Thanks again Dvir
  8. Yeah, that's exactly what I wrote. It just fires up altogether. I've noticed that on some machines it works and on the other not, so I may relate this to the specific driver or the port itself. will post the code soon. Thanks!
  9. Hi! I've been working with my Bash Bunny for the past week and everything was good. Today it stopped working properly and completely disregard the delays I've set in my payload (even 5000 delay gets executed instantly). I've used the Bash Bunny Updater and it's the same. Also, different payloads are acting the same. Any idea? Thanks
×
×
  • Create New...