Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

daringneophyte #1

Open
amagrupp opened this issue Apr 18, 2019 · 4 comments
Open

daringneophyte #1

amagrupp opened this issue Apr 18, 2019 · 4 comments

Comments

@amagrupp
Copy link

daringneophyte

where to get, how to use?
Need the most detailed information. Help
@peterpt
Copy link
Owner

peterpt commented Apr 18, 2019
edited
Loading

I believe that daringneophyte is the payload generated with the fuzzbunch package (using pc_prep) in conjuction with the java framework in the original package .
While using fuzzbunch you can use a normal payload generated with metaploit , with this one the payload must be generated by the framework itself witch will connect to the framework using the live replay session .
However i am not sure because i never test that option .
Daringneophyte with use a normal reverse_shell instead the normal meterpreter payloads witch have a lot of functions .

@amagrupp
Copy link
Author

maybe you are right but how to exploit Daringneophyte

Do I have a dll output?
where are they going?
write me a mail, can we figure it out?
mail amagrupp@gmail.com

@amagrupp
Copy link
Author

I believe that daringneophyte is the payload generated with the fuzzbunch package (using pc_prep) in conjuction with the java framework in the original package .
While using fuzzbunch you can use a normal payload generated with metaploit , with this one the payload must be generated by the framework itself witch will connect to the framework using the live replay session .
However i am not sure because i never test that option .
Daringneophyte with use a normal reverse_shell instead the normal meterpreter payloads witch have a lot of functions .

Thanks

@peterpt
Copy link
Owner

peterpt commented Apr 26, 2019

After inspecting a bit better fuzzbunch , it looks that Daringneophyte is not a simple payload but various payloads merged in 1 single dll .
dane

In this image it shows fuzzbunch using multiples dlls in his library to create a single payload , now how it will inject it into target i have no idea .
However in fuzzbunch package there is an exe for danecfg , witch is used by fuzzbunch to generate this payload .
This exe to configure the Dane payload is located in the "Storage" Folder inside fuzzbunch package .
My guess is that these multi stage payloads will trigger some vulnerability not detected yet by microsoft .
The Dane payload is +- 100Kb of size , witch is a very big size to be allocated in an smb vulnerability groom space .
Usually the normal metasploit payloads used in fuzzbunch are a few Kb and not much bigger because they can not find space in target smb process to inject and run it .
Again , i have no time or patience to test this .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peterpt @amagrupp