Email address | private |
---|---|
Website | hyp3rlinx.altervista.org |
First Active | 2015-04-28 |
Last Active | 2021-02-16 |
Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.
143d9d98889ba812fb5ecda85828e081
NtFileSins.py is a Windows file enumeration intel gathering tool.
fa7b79d046994c4fd18ec24f8250ec70
Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.
01e3fdb17ce9ebb4bdd944a17576de40
CloudMe version 1.11.2 exploit that uses MSVCRT.System to create a new user (boku:0v3R9000!) and add the new user to the Administrators group. A requirement of successful exploitation is the CloudMe.exe process must be running as administrator.
ee00ae19cbee8ea397dcd21d71b0c0f1
Mantis Bug Tracker version 2.3.0 suffers from a remote code execution vulnerability.
b8224e074922b7417247b27948ca6d30
Microsoft Windows TCPIP Finger Command finger.exe that ships with the OS, can be used as a file downloader and makeshift C2 channel. Legitimate use of Windows Finger Command is to send Finger Protocol queries to remote Finger daemons to retrieve user information. However, the finger client can also save the remote server response to disk using the command line redirection operator.
cf1c7a658300820f34037e5d7395ac66
Ericom Access Server allows attackers to initiate SSRF requests making outbound connections to arbitrary hosts and TCP ports. Attackers, who can reach the AccessNow server can target internal systems that are behind firewalls that are typically not accessible. This can also be used to target third-party systems from the AccessNow server itself. Version 9.2.0 is affected.
00835b7add7f159a6244efac16d7a915
Microsoft Windows mshta.exe allows processing of XML external entities which can result in local data-theft and or program reconnaissance upon opening specially crafted HTA files.
3d485c03f4489132e6fd1b36a2775fe9
HFS Http File Server version 2.3m build 300 suffers from a remote buffer overflow vulnerability that can lead to a denial of service.
ff26db6a52d5ae8326efc24dc1754c44
WinGate version 9.4.1.5998 suffers from an insecure permissions vulnerability that allows for privilege escalation.
cca9ea7f3d456df0c0e3a3e30fed3922
Avaya IP Office versions 9.1.8.0 through 11 suffer from an insecure transit vulnerability that allows for password disclosure.
aa4f9f8d14cf8ae3c1ea713bab3c17d0
CloudMe version 1.11.2 SEH / DEP / ASLR buffer overflow exploit. The original discovery of this vulnerability was by hyp3rlinx.
62c80dd1e9581b652dabe5cf2a673f5e
CloudMe version 1.11.2 buffer overflow proof of concept exploit. Original vulnerability discovered by hyp3rlinx.
124ecdef95f7d0d5092f5fed68a5792c
Neowise CarbonFTP version 1.4 suffers from an insecure proprietary password encryption implementation. Second version of this exploit that is updated to work with Python 3.
e7c69cbdc42341fad6f120be67f23e92
netABuse is a scanner that identifies systems susceptible to a Microsoft Windows insufficient authentication logic flaw.
d75527e08e33928b159bc5d35176ca86
The Windows "net use" network logon type-3 command does not prompt for authentication when the built-in Administrator account is enabled and both remote and originating systems suffer from password reuse. This also works as "standard" user but unfortunately we do not gain high integrity privileges. However, it opens the door and increases the attack surface if the box we laterally move to has other vulnerabilities present.
1cbbf18780d337b8641e53ba2ce0d1e4
Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.
cb8d3c18e04a60fd39e205fae7a0cd88
The HP System Event service "HPMSGSVC.exe" will load an arbitrary EXE and execute it with SYSTEM integrity. HPMSGSVC.exe runs a background process that delivers push notifications. The problem is that the HP Message Service will load and execute any arbitrary executable named "Program.exe" if it is found in the user's c:\ drive.
f834d687f26c92b81b101ce2b5ee2732
NTCrackPipe is a basic local Windows account cracking tool.
b1b672393c20d81e400b6bcc390614e2
Neowise CarbonFTP version 1.4 suffers from an insecure proprietary password encryption implementation.
aecef434c516d728f44dde372d426274
Trend Micro Security can potentially allow an attacker to use a malicious program to escalate privileges to SYSTEM integrity and obtain persistence on a vulnerable system.
d94d6061aaad9782bb11838c46318d2c
Trend Micro Maximum Security is vulnerable to arbitrary code execution as it allows for creation of registry key to target a process running as SYSTEM. This can allow a malware to gain elevated privileges to take over and shutdown services that require SYSTEM privileges like Trend Micros "Asmp" service "coreServiceShell.exe" which does not allow Administrators to tamper with them. This could allow an attacker or malware to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. Note administrator privileges are required to exploit this vulnerability.
8141cd4c6867deb8b0509555a9e089df
Microsoft Windows VCF cards do not properly sanitize email addresses allowing for HTML injection. A corrupt VCF card can cause all the users currently opened files and applications to be closed and their session to be terminated without requiring any accompanying attacker supplied code.
a8bf3c22b7586fb9aed156a323afff1c
Microsoft Windows suffers from a .group file code execution vulnerability that leverages the URL field.
c14d7dd530c485214547e0c84c47d3fd
Microsoft Windows Media Center suffers from an XML external entity injection vulnerability. This vulnerability was originally released back on December 4, 2016, yet remains unfixed.
08852a95d58030559d7cf597ca2a27de