what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

Files from Antti

First Active2014-04-10
Last Active2024-08-31
Microsoft SQL Server SUSER_SNAME Windows Domain Account Enumeration
Posted Aug 31, 2024
Authored by Antti, nullbind | Site metasploit.com

This Metasploit module can be used to bruteforce RIDs associated with the domain of the SQL Server using the SUSER_SNAME function. This is similar to the smb_lookupsid module, but executed through SQL Server queries as any user with the PUBLIC role (everyone). Information that can be enumerated includes Windows domain users, groups, and computer accounts. Enumerated accounts can then be used in online dictionary attacks.

tags | exploit
systems | windows
SHA-256 | 27cf597af1be43509aa67248838da643e3d83e1bedf784ccf8ec336af6526352
Microsoft SQL Server SQL Injection NTLM Stealer
Posted Aug 31, 2024
Authored by Antti, nullbind | Site metasploit.com

This Metasploit module can be used to help capture or relay the LM/NTLM credentials of the account running the remote SQL Server service. The module will use the SQL injection from GET_PATH to connect to the target SQL Server instance and execute the native "xp_dirtree" or stored procedure. The stored procedures will then force the service account to authenticate to the system defined in the SMBProxy option. In order for the attack to be successful, the SMB capture or relay module must be running on the system defined as the SMBProxy. The database account used to connect to the database should only require the "PUBLIC" role to execute. Successful execution of this attack usually results in local administrative access to the Windows system. Specifically, this works great for relaying credentials between two SQL Servers using a shared service account to get shells. However, if the relay fails, then the LM hash can be reversed using the Halflm rainbow tables and john the ripper.

tags | exploit, remote, shell, local, sql injection
systems | windows
SHA-256 | 07d8028c67f4c74422fce026d3e4f7c8c01787a332652cb8847f7c5bc5571deb
Microsoft SQL Server SQL Injection SUSER_SNAME Windows Domain Account Enumeration
Posted Aug 31, 2024
Authored by Antti, nullbind | Site metasploit.com

This Metasploit module can be used to bruteforce RIDs associated with the domain of the SQL Server using the SUSER_SNAME function via Error Based SQL injection. This is similar to the smb_lookupsid module, but executed through SQL Server queries as any user with the PUBLIC role (everyone). Information that can be enumerated includes Windows domain users, groups, and computer accounts. Enumerated accounts can then be used in online dictionary attacks. The syntax for injection URLs is: /testing.asp?id=1+and+1=[SQLi];--.

tags | exploit, sql injection, asp
systems | windows
SHA-256 | 0e0cd7442b34141ce286901bcc638f36f8b80933c0544ac4a91ea1079c35aa1f
OpenSSL Heartbeat (Heartbleed) Client Memory Exposure
Posted Aug 31, 2024
Authored by H D Moore, Neel Mehta, Matti, Riku, Antti | Site metasploit.com

This Metasploit module provides a fake SSL service that is intended to leak memory from client systems as they connect. This Metasploit module is hardcoded for using the AES-128-CBC-SHA1 cipher.

tags | exploit
advisories | CVE-2014-0160
SHA-256 | 67d783fbcd4cde982f17f891681bce4e4ca4da2877dd80a91e898f0fdbf606ee
OpenSSL Heartbeat (Heartbleed) Information Leak
Posted Apr 10, 2014
Authored by Neel Mehta, juan vazquez, Christian Mehlmauer, wvu, Jared Stafford, Matti, Riku, Antti, FiloSottile | Site metasploit.com

This Metasploit module implements the OpenSSL Heartbleed attack. The problem exists in the handling of heartbeat requests, where a fake length can be used to leak memory data in the response. Services that support STARTTLS may also be vulnerable.

tags | exploit
advisories | CVE-2014-0160
SHA-256 | 81d080e43dc83f3e3ee46722a1679f1f403475e40beef0b849082092202ffa5c
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close