Here is a collection of coding samples, tools, and misc. other things that we have written over the past. All source code published on this website is considered copyrighted material and licensed under the FreeBSD licensing agreement found here: http://www.freebsd.org/copyright/freebsd-license.html. At the tail of of this page you can find the full copyright disclosure.
BypassUAC – Attack that allows you to bypass Windows UAC in Windows Vista and Windows 7 both on x86 and x64 operating systems. This issue has still not been patched to-date and can still be exploited on the most recent operating systems.
Download BypassUAC here.
EgressBuster – Simple port knocking tool that uses a client/server model for identifying open ports within a network. This is useful for finding egress points within the network.
PowerShell_PoC – zip file containing a number of powershell samples including SAM database dumping, reverse shells, bind shells, all natively written in PowerShell
Download PowerShell_PoC here.
Metasploit_Modules – These are a mixture of Metasploit modules we have written in the past. Most of these have already been incorporated into the framework.
Encrypted_http_shell.zip – Contained source code and complied binaries of a server client reverse shell that communicates natively on HTTP channels. This shell also leverages a static AES encryption key for encrypted transport of the data.
Simple_py_shell – This is a simple reverse shell written in Python.
F5 BIG-IP Remote Root Authentication Bypass Vulnerability
MySQL Remote Root Authentication Bypass
Egress Buster Reverse Shell – Brute force egress ports until one if found and execute a reverse shell
PyBuild is a tool for automating the pyinstaller method for compiling python code into an executable. This works on Windows, Linux, and OSX (pe and elf formats)
Another simple reverse shell written in Python (BSIDESLV and Defcon 20 Demo)
SQL Brute force tool that brute forces MSSQL with wordlist. Second file adds local administrator on machine and re-enabled xp_cmdshell stored procedure
PyInjector is a quick python script to inject shellcode straight into memory. This is often used as an AV evasion technique to circumvent security controls. Initial post found here and credit here: http://www.debasish.in/2012_04_01_archive.html
The Dell Drac and Chassis Scanner for Default Credentials v0.1a is a script that will scan CIDR notations looking for default installations of Dell DRAC and Chassis implementations. By default, dell DRAC and Chassis management servers ship with default credentials of root/calvin. By using this, you can interface with the console which has an operating system loaded on it. Mount a virtual media device remotely (an iso), reboot the server and compromise the underlying operating system. Step by step tutorial here:
Copyright 2012 TrustedSec, LLC. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY TRUSTEDSEC, LLC “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL TRUSTEDSEC, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The views and conclusions contained in the software and documentation are those of the authors and should not be interpreted as representing official policies, either expressed or implied, of TRUSTEDSEC, LLC.