exploit the possibilities
Showing 1 - 6 of 6 RSS Feed

Files from RageLtMan

First Active2013-07-13
Last Active2022-01-24
UniFi Network Application Unauthenticated Log4Shell Remote Code Execution
Posted Jan 24, 2022
Authored by Spencer McIntyre, RageLtMan, Nicholas Anastasi | Site metasploit.com

The Ubiquiti UniFi Network Application versions 5.13.29 through 6.5.53 are affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server via the remember field of a POST request to the /api/login endpoint that will cause the server to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the server application. This Metasploit module will start an LDAP server that the target will need to connect to.

tags | exploit, java
advisories | CVE-2021-44228
SHA-256 | 371aff703a1c6ed83abe19b12644a1663d1052646d88c385fcca8a64bc63db21
VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution
Posted Jan 20, 2022
Authored by Spencer McIntyre, RageLtMan, jbaines-r7, w3bd3vil | Site metasploit.com

VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the root user in the case of the Linux virtual appliance and SYSTEM on Windows. This Metasploit module will start an LDAP server that the target will need to connect to. This exploit uses the logon page vector.

tags | exploit, java, root
systems | linux, windows
advisories | CVE-2021-44228
SHA-256 | a640959afe63b432e9f52c735f5ef2799a3bab57bd19790c2fcebb608d3e3a86
Authenticated WMI Exec Via Powershell
Posted Nov 17, 2016
Authored by RageLtMan | Site metasploit.com

This Metasploit module uses WMI execution to launch a payload instance on a remote machine. In order to avoid AV detection, all execution is performed in memory via psh-net encoded payload. Persistence option can be set to keep the payload looping while a handler is present to receive it. By default the module runs as the current process owner. The module can be configured with credentials for the remote host with which to launch the process.

tags | exploit, remote
SHA-256 | 69e871d16e65feb44748c1777776eaa7515e2ac4ea1c947a9dde02de854fdd98
Powershell Payload Execution
Posted Oct 10, 2016
Authored by Matt Andreko, RageLtMan | Site metasploit.com

This Metasploit module generates a dynamic executable on the session host using .NET templates. Code is pulled from C

tags | exploit
systems | windows
SHA-256 | fcf65c7f029885fe4e910e2efc9d90b8c8921d15f952cc9d31ba4da520bdb1f0
Ruby On Rails ActionPack Inline ERB Code Execution
Posted Jul 9, 2016
Authored by RageLtMan | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in the inline request processor of the Ruby on Rails ActionPack component. This vulnerability allows an attacker to process ERB to the inline JSON processor, which is then rendered, permitting full RCE within the runtime, without logging an error condition.

tags | exploit, remote, code execution, ruby
advisories | CVE-2016-2098
SHA-256 | d2de2c6b1bb4cb5ee53de8e0c3f1d39c69fd1da76899559c6c2efabc0fe0d5bb
Microsoft Windows Authenticated Powershell Command Execution
Posted Jul 13, 2013
Authored by RageLtMan, Royce Davis | Site metasploit.com

This Metasploit module uses a valid administrator username and password to execute a powershell payload using a similar technique to the "psexec" utility provided by SysInternals. The payload is encoded in base64 and executed from the commandline using the -encodedcommand flag. Using this method, the payload is never written to disk, and given that each payload is unique, is less prone to signature based detection. Since executing shellcode in .NET requires the use of system resources from unmanaged memory space, the .NET (PSH) architecture must match that of the payload. Lastly, a persist option is provided to execute the payload in a while loop in order to maintain a form of persistence. In the event of a sandbox observing PSH execution, a delay and other obfuscation may be added to avoid detection. In order to avoid interactive process notifications for the current user, the psh payload has been reduced in size and wrapped in a powershell invocation which hides the process entirely.

tags | exploit, shellcode
advisories | CVE-1999-0504, OSVDB-3106
SHA-256 | b0c0d56f17bcccf9a854df5ee2b60da13d6ac2e471086b300b676e73683ee4ec
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close