what you don't know can hurt you
Showing 1 - 8 of 8 RSS Feed

Files from h0ng10

First Active2012-09-05
Last Active2015-05-23
Lenovo System Update Privilege Escalation
Posted May 23, 2015
Authored by h0ng10, Sofiane Talmat, Micahel Milvich | Site metasploit.com

The named pipe, \SUPipeServer, can be accessed by normal users to interact with the System update service. The service provides the possibility to execute arbitrary commands as SYSTEM if a valid security token is provided. This token can be generated by calling the GetSystemInfoData function in the DLL tvsutil.dll. Please, note that the System Update is stopped by default but can be started/stopped calling the Executable ConfigService.exe.

tags | exploit, arbitrary
advisories | CVE-2015-2219
MD5 | 6f8796f984b1e70db704a2fb3eacf997
TWiki Debugenableplugins Remote Code Execution
Posted Mar 19, 2015
Authored by h0ng10, Netanel Rubin | Site metasploit.com

TWiki versions 4.0.x through 6.0.0 contain a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution.

tags | exploit, remote, perl, code execution
advisories | CVE-2014-7236
MD5 | 861350151f1243072a1bf5d32e992c39
iPass Mobile Client Service Privilege Escalation
Posted Mar 18, 2015
Authored by h0ng10 | Site metasploit.com

The named pipe, \IPEFSYSPCPIPE, can be accessed by normal users to interact with the iPass service. The service provides a LaunchAppSysMode command which allows to execute arbitrary commands as SYSTEM.

tags | exploit, arbitrary
MD5 | fe1a824ff14683cf09491a2478f9e50f
WordPress Pixabay Images PHP Code Upload
Posted Feb 4, 2015
Authored by h0ng10 | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in the WordPress plugin Pixabay Images version 2.3.6. The plugin does not check the host of a provided download URL which can be used to store and execute malicious PHP code on the system.

tags | exploit, php, vulnerability
MD5 | 9d5215e29109a12adab7c06ea8e47e74
ManageEngine Eventlog Analyzer Arbitrary File Upload
Posted Sep 12, 2014
Authored by h0ng10 | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in ManageEngine Eventlog Analyzer. The vulnerability exists in the agentUpload servlet which accepts unauthenticated file uploads and handles zip file contents in a insecure way. By combining both weaknesses a remote attacker can achieve remote code execution. This Metasploit module has been tested successfully on versions v7.0 - v9.9 b9002 in Windows and Linux. Versions between 7.0 and < 8.1 are only exploitable via EAR deployment in the JBoss server, while versions 8.1+ are only exploitable via a JSP upload.

tags | exploit, remote, code execution, file upload
systems | linux, windows
advisories | CVE-2014-6037
MD5 | 8b051d5cd2483e4cadda4747053a23e2
Adobe IndesignServer 5.5 SOAP Server Arbitrary Script Execution
Posted Dec 6, 2012
Authored by juan vazquez, h0ng10 | Site metasploit.com

This Metasploit module abuses the "RunScript" procedure provided by the SOAP interface of Adobe InDesign Server, to execute arbitrary vbscript (Windows) or applescript(OSX). The exploit drops the payload on the server and must be removed manually.

tags | exploit, arbitrary
systems | windows, apple
advisories | OSVDB-87548
MD5 | 2ba77dcd03b81ca9f84ca962368ed69a
Network Shutdown Module 3.21 Remote PHP Code Injection
Posted Nov 29, 2012
Authored by sinn3r, h0ng10 | Site metasploit.com

This Metasploit module exploits a vulnerability in lib/dbtools.inc which uses unsanitized user input inside a eval() call. Additionally the base64 encoded user credentials are extracted from the database of the application. Please note that in order to be able to steal credentials, the vulnerable service must have at least one USV module (an entry in the "nodes" table in mgedb.db).

tags | exploit
advisories | OSVDB-83199
MD5 | b9d7c9e575b61b01ae81c51b7ed1e571
JBoss DeploymentFileRepository WAR Deployment
Posted Sep 5, 2012
Authored by Patrick Hof, Jens Liebchen, h0ng10 | Site metasploit.com

This Metasploit module can be used to execute a payload on JBoss servers that have an exposed HTTPAdaptor's JMX Invoker exposed on the "JMXInvokerServlet". By invoking the methods provided by jboss.admin:DeploymentFileRepository a stager is deployed to finally upload the selected payload to the target. The DeploymentFileRepository methods are only available on Jboss 4.x and 5.x.

tags | exploit
advisories | CVE-2007-1036, OSVDB-33744
MD5 | 440b6d7a412efddd6180d40db230fd1c
Page 1 of 1
Back1Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close