This Metasploit module retrieves the client unattend file from Windows Deployment Services RPC service and parses out the stored credentials. Tested against Windows 2008 R2 x64 and Windows 2003 x86.
0c3608ed8e91cd81229126b5a544cf3c0daccefc7901b1b5255f67bbdbafd3f7This Metasploit module can be used to discover Memcached servers which expose the unrestricted UDP port 11211. A basic "stats" request is executed to check if an amplification attack is possible against a third party.
cb5539054159e5bd7eb5991e8ba1abaed61e1b1644670a36b4815d24c61a9cabThis Metasploit module uses a dictionary to brute force valid TFTP image names from a TFTP server.
6284438cb9f0c3958553eb9816c55a7cf74d98495f046bb70da9516475a8eee5This Metasploit modules exploits a directory traversal vulnerability in IpSwitch WhatsUp Golds TFTP service.
f52a92979e0cd2467ac4d0bd611f2176dc90cd4fd1fa2d4a2be6f245808683efThis Metasploit modules exploits a directory traversal vulnerability in NetDecision 4.2 TFTP service.
82ebd3972f559a0e67b990abcd101f061a85f5f36f1cdddb753037f361b6431dThis Metasploit module attempts to retrieve the sid from the Oracle XML DB httpd server, utilizing Pete Finnigans default oracle password list.
6768cbd384e045ee9eb89dff4980271590e814f7a058b80be52dccb74ecb3753This Metasploit module attempts to bruteforce the SID on the Oracle application server iSQL*Plus login pages. It does this by testing Oracle error responses returned in the HTTP response. Incorrect username/pass with a correct SID will produce an Oracle ORA-01017 error. Works against Oracle 9.2, 10.1 and 10.2 iSQL*Plus. This Metasploit module will attempt to fingerprint the version and automatically select the correct POST request.
43ed00b533fa9fa67f34d41215d2bfb5042a798ae610c8ddddbae41d921c2719This Metasploit module uses a list of well known default authentication credentials to discover easily guessed accounts.
85f12c55152d0a12362d7deb3df43c629ee82af38be615769540464cfb044259This Metasploit module simply queries the TNS listener for the Oracle SID. With Oracle 9.2.0.8 and above the listener will be protected and the SID will have to be bruteforced or guessed.
2273dce8943255197fa66720b7e61a0d28b70df18000893f99a9a0d469d033e9This Metasploit module checks the server for vulnerabilities like TNS Poison. Module sends a server a packet with command to register new TNS Listener and checks for a response indicating an error. If the registration is errored, the target is not vulnerable. Otherwise, the target is vulnerable to malicious registrations.
1b8872d062add8e7a4b00ea686271b84b00f02fe96b8ce046075018735518eaeDetect UDP endpoints with UDP amplification vulnerabilities.
4b266aac321033bf9bd912f59c5fbdf160afa5b657e7351b0616cbfb0a87e10bThis Metasploit module detects VxWorks and the IPnet IP stack, along with devices vulnerable to CVE-2019-12258.
6f4e528ea0cb7372e3bdf497488748f966e28e300b72e0d74701650b47070ef8A vulnerability in Internet Key Exchange version 1 (IKEv1) packet processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information.
cb133e8ec1ab0a1c2ef2e261014a4116110c288c8c180ccb796a35046f0cc70eThis Metasploit module queries the etcd API to recursively retrieve all of the stored key value pairs. Etcd by default does not utilize authentication.
da0dd53b50d563c3f71695c1da8416749c3880fd22812664e9eff0cc429005b2This Metasploit modules exploits the VMware Server Directory Traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files. Common VMware server ports 80/8222 and 443/8333 SSL. If you want to download the entire VM, check out the gueststealer tool.
bf4996e1f6f3d4417cdbcd16d228ae272229ab37892c242643b5db9693969a42This Metasploit module attempts to authenticate to the VMWare HTTP service for VmWare Server, ESX, and ESXI.
da7e0e93abb5ebe43d5c6d76481044fac0402a4036288f4f48749e34aeff12c0This Metasploit modules exploits a directory traversal vulnerability in VMWare Update Manager on port 9084. Versions affected by this vulnerability: vCenter Update Manager 4.1 prior to Update 2, vCenter Update Manager 4 Update 4.
141792b0109b73b145e21b04ca6c1e0cd9cb9dfc495904452e3a23caf4459da8This Metasploit module will log into the Web API of VMWare and try to enumerate all the user accounts. If the VMware instance is connected to one or more domains, it will try to enumerate domain users as well.
d10a7b82ed49ee2e3f3284fa2dbc014b623970ce48d7078b155f4fac81c4d3f2This Metasploit module implements the DLSw information disclosure retrieval. There is a bug in Ciscos DLSw implementation affecting 12.x and 15.x trains that allows an unauthenticated remote attacker to retrieve the partial contents of packets traversing a Cisco router with DLSw configured and active.
8c127ae0566989988fb9b4c5ab25a9378faa865c70eef591a422e2cb3549b141This Metasploit module checks the provided hosts for the CVE-2023-21554 vulnerability by sending a MSMQ message with an altered DataLength field within the SRMPEnvelopeHeader that overflows the given buffer. On patched systems, the error is caught and no response is sent back. On vulnerable systems, the integer wraps around and depending on the length could cause an out-of-bounds write. In the context of this module a response is sent back, which indicates that the system is vulnerable.
a0cddadb1a675fdce4af377d71ed784a8906286c13da03dac1d38aa7dce5ef6bThis Metasploit module fetches AFP server information, including server name, network address, supported AFP versions, signature, machine type, and server flags.
fa285f0ece1b7557f8c6693480b99cb497d29fa7e9f0adb133487c6bccde6227This Metasploit module attempts to bruteforce authentication credentials for AFP.
08a96f7a9493b11973088749a53772c1d786c20f9886a639955d223a3f7e1a8eThis Metasploit module extracts password hashes from certain Brocade load balancer devices.
5cbdba0bb04c033d9c526c329c2e09d17f583abda5d43ad80845391c96b3f1c6This Metasploit module will use LanManager/psProcessUsername OID values to enumerate local user accounts on a Windows/Solaris system via SNMP .
ea7e658a877335353b7554a19e204e70c7a6d7f897b1ed37e96aba9e0a2437d3This Metasploit module allows enumeration of files previously printed. It provides details as filename, client, timestamp and username information. The default community used is "public".
9711647b0a492a0e8b2bc64b1066906eeb3b80f413bd74b6566a58e6680c1af7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed