From XSS to RCE 2.5 – Black Hat Europe Arsenal 2017
- Python (2.7.*, model 2.7.11 was once used for construction and demo)
- Msfconsole (available by the use of setting variables)
- Netcat (nc)
- cURL (curl) [NEW]
- PyGame (apt-get set up python-pygame) [NEW]
- Chrome (14 Nov 2017) – This must nonetheless paintings.
- Firefox (04 Nov 2017) – Examined are living at Black Hat Arsenal 2017
- WordPress ^(
- Higher WP Safety 3.5.3 ^(
- Not obligatory: WPSEO ^(
- Joomla ^(
- SecurityCheck 2.8.9 ^(
- Audio: Incorporates remixed audio notifications.
- Exploits: Incorporates DirtyCow (DCOW) privilege escalation exploits.
- Joomla_Backdoor: Incorporates a pattern Joomla extension backdoor which may also be uploaded as an administrator and therefore used to execute arbitrary instructions at the gadget with gadget($_GET[‘c’]).
- Shells: Incorporates the PHP shells to inject, together with a reasonably changed model of pentestmonkey’s shell that connects again by the use of wget.
Evolved By means of
- Hans-Michael Varbaek
- Sense of Safety
- MaXe / InterN0T