/Agent-Tesla-Exploit

Agent Tesla C2 Exploit

Primary LanguagePython

Agent-Tesla-Exploit

Exploits the Datatables demo unsanatized get paramerters to query database and run code remotly

Currently:

  • Grabs Victims
  • Grabs Victim Passwords
  • Exposes Panel Config
  • Basic Shell

How to use the RCE on your own

The file WebServer/server_side/scripts/server processing has 4 get paramerters:

  • table : Database Table
  • primary : Database Primary Key
  • clmns : Columns as sanatized array & optional formatter
  • where: SQL Where statment encoded in base64

To use, query WebServer/server_side/scripts/server processing with vaild table and primary paramerters (i use passwords and password_id) and clmns as the sanatized version of:

[array("db" => "[Vailed Column]", "dt" => "username","formatter" => "exec")]

and the where paramerter to the base64 equlivant of:

1=1 UNION SELECT "[your command here]"