Skip to content

yatt-ze/Agent-Tesla-Exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
README.md
README.md
 
 
agentPWN.py
agentPWN.py
 
 

Repository files navigation

Agent-Tesla-Exploit

Exploits the Datatables demo unsanatized get paramerters to query database and run code remotly

Currently:

  • Grabs Victims
  • Grabs Victim Passwords
  • Exposes Panel Config
  • Basic Shell

How to use the RCE on your own

The file WebServer/server_side/scripts/server processing has 4 get paramerters:

  • table : Database Table
  • primary : Database Primary Key
  • clmns : Columns as sanatized array & optional formatter
  • where: SQL Where statment encoded in base64

To use, query WebServer/server_side/scripts/server processing with vaild table and primary paramerters (i use passwords and password_id) and clmns as the sanatized version of:

[array("db" => "[Vailed Column]", "dt" => "username","formatter" => "exec")]

and the where paramerter to the base64 equlivant of:

1=1 UNION SELECT "[your command here]"

About

Agent Tesla Spyware C2 Exploit [PATCHED]

Resources

Readme
Activity

Stars

26 stars

Watchers

3 watching

Forks

21 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages