exploit the possibilities
Showing 1 - 23 of 23 RSS Feed

Files from joev

Email addressjvennix at rapid7.com
First Active2013-08-26
Last Active2016-01-25
Android ADB Debug Server Remote Payload Execution
Posted Jan 25, 2016
Authored by joev | Site metasploit.com

This Metasploit module writes and spawns a native payload on an android device that is listening for adb debug messages.

tags | exploit
MD5 | d77551f4825f1ed6b1e204c89bc09c85
Safari User-Assisted Applescript Exec Attack
Posted Oct 23, 2015
Authored by joev | Site metasploit.com

In versions of Mac OS X before 10.11.1, the applescript:// URL scheme is provided, which opens the provided script in the Applescript Editor. Pressing cmd-R in the Editor executes the code without any additional confirmation from the user. By getting the user to press cmd-R in Safari, and by hooking the cmd-key keypress event, a user can be tricked into running arbitrary Applescript code. Gatekeeper should be disabled from Security and Privacy in order to avoid the unidentified Developer prompt.

tags | exploit, arbitrary
systems | apple, osx
advisories | CVE-2015-7007
MD5 | 89e9bb2d3aa0c450f7ded6ee07b500b6
Apple OS X Entitlements Rootpipe Privilege Escalation
Posted Aug 28, 2015
Authored by joev, Emil Kvarnhammar | Site metasploit.com

This Metasploit module exploits the rootpipe vulnerability and bypasses Apple's initial fix for the issue by injecting code into a process with the 'admin.writeconfig' entitlement.

tags | exploit
systems | apple
advisories | CVE-2015-3673
MD5 | 3e7e7490deb126e286d6313171297750
Firefox PDF.js Privileged Javascript Injection
Posted Aug 23, 2015
Authored by temp66, joev, Marius Mlynski | Site metasploit.com

This Metasploit module gains remote code execution on Firefox 35-36 by abusing a privilege escalation bug in resource:// URIs. PDF.js is used to exploit the bug. This exploit requires the user to click anywhere on the page to trigger the vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2015-0816
MD5 | f07c2d5529a681674044368478b7d5f9
Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation
Posted Jul 23, 2015
Authored by Stefan Esser, joev | Site metasploit.com

In Apple OS X 10.10.4 and prior, the DYLD_PRINT_TO_FILE environment variable is used for redirecting logging data to a file instead of stderr. Due to a design error, this feature can be abused by a local attacker to write arbitrary files as root via restricted, SUID-root binaries.

tags | exploit, arbitrary, local, root
systems | apple, osx
MD5 | 1bb7a893f98b4f5275a6230249ded0ae
Mac OS X Rootpipe Privilege Escalation
Posted Apr 10, 2015
Authored by joev, wvu, Emil Kvarnhammar | Site metasploit.com

This Metasploit module exploits a hidden backdoor API in Apple's Admin framework on Mac OS X to escalate privileges to root, dubbed Rootpipe. Tested on Yosemite 10.10.2 and should work on previous versions. The patch for this issue was not backported to older releases. Note: you must run this exploit as an admin user to escalate to root.

tags | exploit, root
systems | apple, osx
advisories | CVE-2015-1130
MD5 | d58bceb05b3e631e2ed1aa2d3f0b76f8
Firefox Proxy Prototype Privileged Javascript Injection
Posted Mar 24, 2015
Authored by joev | Site metasploit.com

This exploit gains remote code execution on Firefox 31-34 by abusing a bug in the XPConnect component and gaining a reference to the privileged chrome:// window. This exploit requires the user to click anywhere on the page to trigger the vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2014-8636
MD5 | 28b276d4e4041da22c574c95f45d4e2e
Javascript Injection For Eval-Based Unpackers
Posted Feb 19, 2015
Authored by joev | Site metasploit.com

This Metasploit module generates a Javascript file that executes arbitrary code when an eval-based unpacker is run on it. Works against js-beautify's P_A_C_K_E_R unpacker.

tags | exploit, arbitrary, javascript
MD5 | aa5a02de3ff662a29dec25c941017dce
Mac OS X IOKit Keyboard Driver Root Privilege Escalation
Posted Dec 2, 2014
Authored by joev, Ian Beer | Site metasploit.com

A heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 10.10. By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass. Tested on Mavericks 10.9.5, and should work on previous versions. The issue has been patched silently in Yosemite.

tags | exploit, overflow, kernel
systems | apple, osx
advisories | CVE-2014-4404
MD5 | 456a9ca66b1cb8d70b22b73cb2510cf9
Samsung Galaxy KNOX Android Browser Remote Code Execution
Posted Nov 18, 2014
Authored by joev, Andre Moulu | Site metasploit.com

This Metasploit module exploits a vulnerability that exists in the KNOX security component of the Samsung Galaxy firmware that allows a remote webpage to install an APK with arbitrary permissions by abusing the 'smdm://' protocol handler registered by the KNOX component. The vulnerability has been confirmed in the Samsung Galaxy S4, S5, Note 3, and Ace 4.

tags | exploit, remote, arbitrary, protocol
MD5 | 9f057a9c3dab36565bdf001f5df0f7d1
Mac OS X VMWare Fusion Root Privilege Escalation
Posted Sep 25, 2014
Authored by mubix, joev, Stephane Chazelas, juken | Site metasploit.com

This abuses the bug in bash environment variables (CVE-2014-6271) to get a suid binary inside of VMWare Fusion to launch our payload as root.

tags | exploit, root, bash
advisories | CVE-2014-6271
MD5 | f5f9b29d43a8fed2b9e5c43663ec5254
GDB Server Remote Payload Execution
Posted Sep 8, 2014
Authored by joev | Site metasploit.com

This Metasploit module attempts to execute an arbitrary payload on a loose gdbserver service.

tags | exploit, arbitrary
MD5 | e25640b7bb4226ee00bd92549eaa2fee
Firefox WebIDL Privileged Javascript Injection
Posted Aug 27, 2014
Authored by joev, Marius Mlynski | Site metasploit.com

This exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox's Javascript APIs.

tags | exploit, remote, javascript, vulnerability, code execution
advisories | CVE-2014-1510, CVE-2014-1511
MD5 | cd3bc27615aee1fe6d9023c93754e0ee
Firefox toString console.time Privileged Javascript Injection
Posted Aug 18, 2014
Authored by moz_bug_r_a4, joev, Cody Crews | Site metasploit.com

This Metasploit module gains remote code execution on Firefox 15-22 by abusing two separate Javascript-related vulnerabilities to ultimately inject malicious Javascript code into a context running with chrome:// privileges.

tags | exploit, remote, javascript, vulnerability, code execution
advisories | CVE-2013-1670, CVE-2013-1710
MD5 | 161163ea27bfe8bf6f13a8d33a2731a7
Adobe Reader for Android addJavascriptInterface Exploit
Posted Jun 16, 2014
Authored by Yorick Koster, joev | Site metasploit.com

Adobe Reader versions less than 11.2.0 exposes insecure native interfaces to untrusted javascript in a PDF. This Metasploit module embeds the browser exploit from android/webview_addjavascriptinterface into a PDF to get a command shell on vulnerable versions of Reader.

tags | exploit, shell, javascript
advisories | CVE-2014-0514
MD5 | 7adbb95817e1fbb6dfec43a3d5132ee8
Mac OS X NFS Mount Privilege Escalation
Posted Apr 25, 2014
Authored by joev, Kenzley Alphonse | Site metasploit.com

This exploit leverage a stack overflow vulnerability to escalate privileges. The vulnerable function nfs_convert_old_nfs_args does not verify the size of a user-provided argument before copying it to the stack. As a result by passing a large size, a local user can overwrite the stack with arbitrary content. Mac OS X Lion Kernel versions equal to and below xnu-1699.32.7 except xnu-1699.24.8 are affected.

tags | exploit, overflow, arbitrary, kernel, local
systems | apple, osx
MD5 | 5e92458e6004639f97065439cc18b2ba
IBM Server RAID Manager Browser Edition Blind SQL Injection
Posted Apr 23, 2014
Authored by joev

IBM Server RAID Manager Browser Edition version 1.2 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d1aad21b7bfee6eed821deeaea43c26f
Firefox Exec Shellcode From Privileged Javascript Shell
Posted Mar 13, 2014
Authored by joev | Site metasploit.com

This Metasploit module allows execution of native payloads from a privileged Firefox Javascript shell. It puts the specified payload into memory, adds the necessary protection flags, and calls it. Useful for upgrading a Firefox javascript shell to a Meterpreter session without touching the disk.

tags | exploit, shell, javascript
MD5 | d41a7beebd334541e6643cd39ede1caf
Safari User-Assisted Download / Run Attack
Posted Mar 7, 2014
Authored by joev | Site metasploit.com

This Metasploit module abuses some Safari functionality to force the download of a zipped .app OSX application containing our payload. The app is then invoked using a custom URL scheme. At this point, the user is presented with Gatekeeper's prompt: "APP_NAME" is an application downloaded from the internet. Are you sure you want to open it? If the user clicks "Open", the app and its payload are executed. If the user has the "Only allow applications downloaded from Mac App Store and identified developers (on by default on OS 10.8+), the user will see an error dialog containing "can't be opened because it is from an unidentified developer." To work around this issue, you will need to manually build and sign an OSX app containing your payload with a custom URL handler called "openurl". You can put newlines and unicode in your APP_NAME, although you must be careful not to create a prompt that is too tall, or the user will not be able to click the buttons, and will have to either logout or kill the CoreServicesUIAgent process.

tags | exploit
systems | apple
MD5 | e26d07823608dd721f37562ddec1ab79
Android Browser / WebView addJavascriptInterface Code Execution
Posted Feb 7, 2014
Authored by jduck, joev | Site metasploit.com

This Metasploit module exploits a privilege escalation issue in Android versions prior 4.2's WebView component that arises when untrusted Javascript code is executed by a WebView that has one or more Interfaces added to it. The untrusted Javascript code can call into the Java Reflection APIs exposed by the Interface and execute arbitrary commands. Some distributions of the Android Browser app have an addJavascriptInterface call tacked on, and thus are vulnerable to RCE. The Browser app in the Google APIs 4.1.2 release of Android is known to be vulnerable. A secondary attack vector involves the WebViews embedded inside a large number of Android applications. Ad integrations are perhaps the worst offender here. If you can MITM the WebView's HTTP connection, or if you can get a persistent XSS into the page displayed in the WebView, then you can inject the html/js served by this module and get a shell. Note: Adding a .js to the URL will return plain javascript (no HTML markup).

tags | exploit, web, arbitrary, shell, javascript
MD5 | b1f0b039cf8acfc93ca30fa9147f1966
Linksys WRT110 Remote Command Execution
Posted Oct 8, 2013
Authored by juan vazquez, Craig Young, joev | Site metasploit.com

The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.

tags | exploit, web
advisories | CVE-2013-3568
MD5 | 1ca8f7625acdc9ee3909e6ec2684b65a
Nodejs js-yaml load() Code Execution
Posted Sep 25, 2013
Authored by joev | Site metasploit.com

For node.js applications that parse user-supplied YAML input using the load() function from the 'js-yaml' package versions below 2.0.5, specifying a self-executing function allows us to execute arbitrary javascript code. This Metasploit module demonstrates that behavior.

tags | exploit, arbitrary, javascript
advisories | CVE-2013-4660
MD5 | 13ebdbf55dfc348a60df26ecc83b7575
Mac OS X Sudo Password Bypass
Posted Aug 26, 2013
Authored by Todd C. Miller, juan vazquez, joev | Site metasploit.com

This Metasploit module gains a session with root permissions on versions of OS X with sudo binary vulnerable to CVE-2013-1775. Tested working on Mac OS 10.7-10.8.4, and possibly lower versions. If your session belongs to a user with Administrative Privileges (the user is in the sudoers file and is in the "admin group"), and the user has ever run the "sudo" command, it is possible to become the super user by running `sudo -k` and then resetting the system clock to 01-01-1970. This Metasploit module will fail silently if the user is not an admin or if the user has never run the sudo command.

tags | exploit, root
systems | apple, osx
advisories | CVE-2013-1775, OSVDB-90677
MD5 | c576a86d9ee4a93abc0dde1445edcab8
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    14 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close