awsassets Goto Github PK

ms17-010

MS17-010

ms17-011

An EternalBlue exploit implementation in pure go

msbuildapicaller

MSBuild Without MSBuild.exe

mscan

C#域渗透扫描工具，方便一键自动化、全方位的信息收集及扫描域提权漏洞。

msdat

MSDAT: Microsoft SQL Database Attacking Tool

msdos

MS-DOS Source Code 1.X and 2.0

msdt_pwn

follina

mse

Malware sample exchange system and API intended for Anti-Virus companies and researchers.

mse-player

HTML5 zero latency player for Flussonic

msfdb-list

msflib

A golang library designed to interact with Metasploit

msfmania

Python AV Evasion Tools

msgpack

msgpack.org[Go] MessagePack encoding for Golang

msilshellcodeinject

C# port of @mattifestation Invoke-ShellcodeMSIL.ps1

msldap

LDAP library for auditing MS AD

mslnk

Create Microsoft .LNK files with Go

msmailprobe

Office 365 and Exchange Enumeration

msmap

Msmap is a Memory WebShell Generator.

msolspray

A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.

msolspray-1

A Python implementation of dafthack's MSOLSpray. A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.

msprobe

Finding all things on-prem Microsoft for password spraying and enumeration.

msrpc-to-attack

A repository that maps commonly used attacks using MSRPC protocols to ATT&CK

msrpcbruteforce

Simple tool to perform bruteforce and dictionary attacks to MS-RPC services

mssql-fileless-rootkit-warsqlkit

Bildiğiniz üzere uzun zamandır MSSQL üzerine çalışmalar yapmaktayım. Bu yazımda uzun zamandır uğraştığım bir konuyu ele alacağım, MSSQL Rootkit. Bildiğiniz üzere şimdiye kadar MS-SQL için anlatılan post-exploitation işlemlerinin büyük çoğunluğu “xp_cmdshell” ve “sp_OACreate” stored procedure’lerini kullanarak anlatılır. Peki xp_cmdshell ve sp_OACreate stored procedure’lerinin olmadığı bir MSSQL sunucusunun “sa” hesabını ele geçirmişsek, o sisteme girmekten vaz mı geçeceğiz? Tabii ki vazgeçmememiz gerekiyor. Bu makale “sa” hesabının yakalandığı ve “xp_cmdshell”, “sp_OACreate”, “sp_OAMethod” vb. prosedürlerin hiç birinin çalışmadığı bir senaryo düşünülerek kaleme alınmıştır.

mssql_backdoor

mssql_sql_bypass_wiki

MSSQL注入提权,bypass的一些总结

mssqlproxy

mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse

mssqlx

Database client library, proxy for any master slave, master master structures. Lightweight, performant and auto balancing in mind.

mstsc-path-traversal

mstsc.exe Path Traversal to RCE POC

mstsc.js

A pure Node.js Microsoft Remote Desktop Protocol (RDP) Client