AutoRDPwn - The Shadow Attack Framework

AutoRDPwn - The Shadow Attack Framework #Powershell #Hacking #Windows

AutoRDPwn is a script created in Powershell and designed to automate the Shadow attack on Microsoft Windows computers. This vulnerability allows a remote attacker to view his victim’s desktop without his consent, and even control it on request. For its correct operation, it is necessary to comply with the requirements described in the user guide.

Requirements Powershell 5.0 or higher

Changes

Vers…

View On WordPress

SMBv1 != Super Mario Brothers 1

https://www.bleepingcomputer.com/news/security/malware-creates-cryptominer-botnet-using-eternalblue-and-mimikatz/ This latest threat seems to be a slap in the face to slow to evolve organizations, and inattentive security teams everywhere. This malware is a hodge-podge of attacks which have been used for at least 3 years, largely taking advantage of SMBv1. This protocol came out around 1990... yes almost 30 years ago... and it is still being used in organizations. Microsoft has even responded by turning it off in Windows 10, but it is still prevalent enough for attackers to create botnets and completely own (Pwn) entire systems. Even after WannaCry some people are slow to respond. Along with SMB attacks come SQL exploits, and Mimikatz's pass the hash taking advantage of NTLM (which is also out of date and replaced). This attack seems to be focused on organizations who put business/finance first and security last. Then the malware drops it's payload with powershell and gets the crypto jacking started. Most of the attack is through common exploits and known code (https://github.com/Kevin-Robertson/Invoke-TheHash/blob/master/Invoke-SMBClient.ps1) another powershell script gets all the WMI information, and then drops the Trojan TrojanSpy.Win32.BEAHNY.THCACAI, a reverse shell is created and finally the crypto mining software is loaded. Every single part of this attack is avoidable by proper security practices. Keeping protocols up to date, reducing access to powershell, and using signed scripts would help.

Finished Reading: Kevin-Robertson/Invoke-TheHash

http://ift.tt/2hMG80a via Read it Later (January 03, 2017 at 11:47PM )

AutoRDPwn v4.5 - The Shadow Attack Framework

AutoRDPwn v4.5 - The Shadow Attack Framework #PWN #ATTACK #SHADOW #GOOGLE #MICROSOFT

AutoRDPwn is a script created in Powershell and designed to automate the Shadow attack on Microsoft Windows computers. This vulnerability allows a remote attacker to view his victim’s desktop without his consent, and even control it on request. For its correct operation, it is necessary to comply with the requirements described in the user guide.

Requirements Powershell 5.0 or higher

Changes

Vers…

View On WordPress