exploit the possibilities
Showing 1 - 4 of 4 RSS Feed

Files from Justin Steven

First Active2016-09-22
Last Active2021-01-29
Metasploit Framework 6.0.11 Command Injection
Posted Jan 29, 2021
Authored by Justin Steven

Metasploit Framework version 6.0.11 msfvenom APK template command injection exploit.

tags | exploit
advisories | CVE-2020-7384
MD5 | ce36ed561470b74e683b1ec17a2437bb
Rapid7 Metasploit Framework msfvenom APK Template Command Injection
Posted Nov 10, 2020
Authored by Justin Steven | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Metasploit Framework's msfvenom payload generator when using a crafted APK file as an Android payload template. Affected includes Metasploit Framework versions 6.0.11 and below and Metasploit Pro versions 4.18.0 and below.

tags | exploit
advisories | CVE-2020-7384
MD5 | 695d70bbd2e49f70ab302feba13c9124
Metasploit Web UI Static secret_key_base Value
Posted Sep 24, 2016
Authored by joernchen, Justin Steven | Site metasploit.com

This Metasploit module exploits the Web UI for Metasploit Community, Express and Pro where one of a certain set of Weekly Releases have been applied. These Weekly Releases introduced a static secret_key_base value. Knowledge of the static secret_key_base value allows for deserialization of a crafted Ruby Object, achieving code execution. This Metasploit module is based on exploits/multi/http/rails_secret_deserialization.

tags | exploit, web, code execution, ruby
MD5 | 346aa14307013225d55de3662f17f41d
Metasploit Web UI Diagnostic Console Command Execution
Posted Sep 22, 2016
Authored by Justin Steven | Site metasploit.com

This Metasploit module exploits the "diagnostic console" feature in the Metasploit Web UI to obtain a reverse shell. The diagnostic console is able to be enabled or disabled by an administrator on Metasploit Pro and by an authenticated user on Metasploit Express and Metasploit Community. When enabled, the diagnostic console provides access to msfconsole via the web interface. An authenticated user can then use the console to execute shell commands. NOTE: Valid credentials are required for this module. Tested against: Metasploit Community 4.1.0, Metasploit Community 4.8.2, Metasploit Community 4.12.0

tags | exploit, web, shell
MD5 | f55eac7067e3f61f0a0d73859d65082b
Page 1 of 1
Back1Next

File Archive:

February 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    33 Files
  • 2
    Feb 2nd
    30 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    8 Files
  • 5
    Feb 5th
    11 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    1 Files
  • 8
    Feb 8th
    37 Files
  • 9
    Feb 9th
    15 Files
  • 10
    Feb 10th
    11 Files
  • 11
    Feb 11th
    26 Files
  • 12
    Feb 12th
    8 Files
  • 13
    Feb 13th
    1 Files
  • 14
    Feb 14th
    1 Files
  • 15
    Feb 15th
    9 Files
  • 16
    Feb 16th
    33 Files
  • 17
    Feb 17th
    6 Files
  • 18
    Feb 18th
    10 Files
  • 19
    Feb 19th
    20 Files
  • 20
    Feb 20th
    1 Files
  • 21
    Feb 21st
    1 Files
  • 22
    Feb 22nd
    17 Files
  • 23
    Feb 23rd
    15 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    28 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close