what you don't know can hurt you
Showing 1 - 25 of 25 RSS Feed

Files from Jacob Baines

First Active2016-10-21
Last Active2021-11-17
GitLab 13.10.2 Remote Code Execution
Posted Nov 17, 2021
Authored by Jacob Baines

GitLab version 13.10.2 remote code execution exploit that provides a reverse shell.

tags | exploit, remote, shell, code execution
advisories | CVE-2021-22204, CVE-2021-22205
MD5 | a203e85e39e4798bc3ada54cb3cc7271
SonicWall SMA 10.2.1.0-17sv Password Reset
Posted Oct 20, 2021
Authored by Jacob Baines

SonicWall SMA version 10.2.1.0-17sv suffers from a remote password reset vulnerability.

tags | exploit, remote
advisories | CVE-2021-20034
MD5 | fc825fd8b67124f85d0945de3adb5652
Lexmark Driver Privilege Escalation
Posted Aug 12, 2021
Authored by Jacob Baines, Shelby Pace, Grant Willcox | Site metasploit.com

Various Lexmark Universal Printer drivers as listed at advisory TE953 allow low-privileged authenticated users to elevate their privileges to SYSTEM on affected Windows systems by modifying the XML file at C:\ProgramData\<driver name>\Universal Color Laser.gdl to replace the DLL path to unires.dll with a malicious DLL path. When C:\Windows\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs is then used to add the printer to the affected system, PrintIsolationHost.exe, a Windows process running as NT AUTHORITY\SYSTEM, will inspect the C:\ProgramData\<driver name>\Universal Color Laser.gdl file and will load the malicious DLL from the path specified in the file. This which will result in the malicious DLL executing as NT AUTHORITY\SYSTEM. Once this module is finished, it will use the prnmngr.vbs script to remove the printer it added.

tags | exploit
systems | windows
advisories | CVE-2021-35449
MD5 | fa589c6c0ea85ac7dbfa21e40d851085
Canon TR150 Driver 3.71.2.10 Privilege Escalation
Posted Aug 11, 2021
Authored by Jacob Baines, Shelby Pace | Site metasploit.com

Canon TR150 print drivers versions 3.71.2.10 and below allow local users to read/write files within the "CanonBJ" directory and its subdirectories. By overwriting the DLL at C:\ProgramData\CanonBJ\IJPrinter\CNMWINDOWS\Canon TR150 series\LanguageModules\040C\CNMurGE.dll with a malicious DLL at the right time whilst running the C:\Windows\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs script to install a new printer, a timing issue can be exploited to cause the PrintIsolationHost.exe program, which runs as NT AUTHORITY\SYSTEM, to successfully load the malicious DLL. Successful exploitation will grant attackers code execution as the NT AUTHORITY\SYSTEM user. This Metasploit module leverages the prnmngr.vbs script to add and delete printers. Multiple runs of this module may be required given successful exploitation is time-sensitive.

tags | exploit, local, code execution
systems | windows
advisories | CVE-2021-38085
MD5 | b54013c8b14ce15b29f5eb5b487ecde4
Cisco IP Phone 11.7 Denial Of Service
Posted Apr 17, 2020
Authored by Jacob Baines

Cisco IP Phone version 11.7 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
systems | cisco
advisories | CVE-2020-3161
MD5 | 9ae93c7c36b4741bda68dc135166ed33
Amcrest Dahua NVR Camera IP2M-841 Denial Of Service
Posted Apr 8, 2020
Authored by Jacob Baines

Amcrest Dahua NVR Camera IP2M-841 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
advisories | CVE-2020-5735
MD5 | 3556d5d7ccbd2a91e3b55bc6f8dcd782
Grandstream UCM6200 Series CTI Interface SQL Injection
Posted Mar 31, 2020
Authored by Jacob Baines

Grandstream UCM6200 Series CTI Interface versions 1.0.20.20 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2020-5726
MD5 | 25480670d4330e8172e282e366c594c9
Grandstream UCM6200 Series WebSocket 1.0.20.20 SQL Injection
Posted Mar 31, 2020
Authored by Jacob Baines

Grandstream UCM6200 Series WebSocket versions 1.0.20.20 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2020-5725
MD5 | 545b395172a3e3ed085d75066a84b498
UCM6202 1.0.18.13 Remote Command Injection
Posted Mar 24, 2020
Authored by Jacob Baines

UCM6202 version 1.0.18.13 suffers from a remote command injection vulnerability.

tags | exploit, remote
advisories | CVE-2020-5722
MD5 | 7d50b84e68d6c850d1dcfb7448b659db
Barco WePresent file_transfer.cgi Command Injection
Posted Jan 14, 2020
Authored by Jacob Baines | Site metasploit.com

This Metasploit module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the file_transfer.cgi endpoint.

tags | exploit, remote, web, cgi
advisories | CVE-2019-3929
MD5 | 9bf16d3b24df38008118d2a86f469b2e
MikroTik RouterOS 6.45.6 DNS Cache Poisoning
Posted Oct 31, 2019
Authored by Jacob Baines

MikroTik RouterOS version 6.45.6 DNS cache poisoning exploit.

tags | exploit
advisories | CVE-2019-3978
MD5 | e135b8c4724b9accdba996b0b01d3ef2
Amcrest Cameras 2.520.AC00.18.R Unauthenticated Audio Streaming
Posted Jul 30, 2019
Authored by Jacob Baines

Amcrest Cameras version 2.520.AC00.18.R suffers from an authentication bypass vulnerability allowing an attacker to retrieve audio streams.

tags | exploit, bypass
advisories | CVE-2019-3948
MD5 | 8612b160c1fb7480704eed525558eeef
Barco/AWIND OEM Presentation Platform Unauthenticated Remote Command Injection
Posted May 3, 2019
Authored by Jacob Baines

Barco/AWIND OEM presentation platform suffers from an unauthenticated command injection vulnerability. Products affected include Crestron AM-100 1.6.0.2, Crestron AM-101 2.7.0.1, Barco wePresent WiPG-1000P 2.3.0.10, Barco wePresent WiPG-1600W before 2.4.1.19, Extron ShareLink 200/250 2.0.3.4, Teq AV IT WIPS710 1.1.0.7, InFocus LiteShow3 1.0.16, InFocus LiteShow4 2.0.0.7, Optoma WPS-Pro 1.0.0.5, Blackbox HD WPS 1.0.0.5, and SHARP PN-L703WA 1.4.2.3.

tags | exploit
advisories | CVE-2019-3929
MD5 | 4d985d246a0892ab456ea517663812bd
QNAP Netatalk Authentication Bypass
Posted Apr 5, 2019
Authored by Jacob Baines

QNAP Netatalk versions prior to 3.1.12 suffer from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-1160
MD5 | 466729fbd6889b0af635389fd5324792
Oracle Weblogic Server Deserialization RMI UnicastRef Remote Code Execution
Posted Apr 2, 2019
Authored by Jacob Baines, Aaron Soto, Andres Rodriguez | Site metasploit.com

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (sun.rmi.server.UnicastRef) to the interface to execute code on vulnerable hosts.

tags | exploit
advisories | CVE-2017-3248
MD5 | de51f5ac510e0d7edb164eb71a9896d6
Oracle Weblogic Server Deserialization MarshalledObject Remote Code Execution
Posted Apr 1, 2019
Authored by Jacob Baines, Aaron Soto, Andres Rodriguez | Site metasploit.com

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (weblogic.corba.utils.MarshalledObject) to the interface to execute code on vulnerable hosts.

tags | exploit
advisories | CVE-2016-3510
MD5 | 73d8d9705d5c9f614936a80d2fffaf41
MikroTik RouterOS Firewall / NAT Bypass
Posted Feb 21, 2019
Authored by Jacob Baines

MikroTik RouterOS versions prior to 6.43.12 (stable) and 6.42.12 (long-term) firewall and NAT bypass exploit.

tags | exploit
advisories | CVE-2019-3924
MD5 | e0d598bbd700882e76a6d03ab552473e
Indusoft Web Studio 8.1 SP2 Remote Code Execution
Posted Feb 11, 2019
Authored by Jacob Baines

Indusoft Web Studio version 8.1 SP2 suffers from a remote code execution vulnerability.

tags | exploit, remote, web, code execution
advisories | CVE-2019-6543, CVE-2019-6545
MD5 | cada8abc8cc2c69b59c84d5039d2b6f7
Netatalk Authentication Bypass
Posted Dec 21, 2018
Authored by Jacob Baines

Netatalk versions prior to 3.1.12 suffer from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-1160
MD5 | 30d0e7f2211e526a52779581144b7331
Mikrotik RouterOS Remote Root
Posted Oct 10, 2018
Authored by Jacob Baines

Mikrotik RouterOS versions 6.x suffer from a remote root code execution vulnerability.

tags | exploit, remote, root, code execution
advisories | CVE-2018-14847
MD5 | 65309fd018c6146c4490eff9ff55b2f5
NUUO NVRMini2 3.8 Buffer Overflow
Posted Sep 19, 2018
Authored by Jacob Baines

NUUO NVRMini2 version 3.8 cgi_system buffer overflow exploit.

tags | exploit, overflow
MD5 | 08097a106baa047edbd143cdc755dca7
HP Jetdirect Path Traversal Arbitrary Code Execution
Posted Aug 27, 2018
Authored by Jacob Baines | Site metasploit.com

This Metasploit module exploits a path traversal via Jetdirect to gain arbitrary code execution by writing a shell script that is loaded on startup to /etc/profile.d. Then, the printer is restarted using SNMP. A large amount of printers are impacted.

tags | exploit, arbitrary, shell, code execution
advisories | CVE-2017-2741
MD5 | 330fb84840e2b0a7602e2d3e4c2701b5
HP PageWide / OfficeJet Pro Printers Arbitrary Code Execution
Posted Jun 14, 2017
Authored by Jacob Baines

HP PageWide and OfficeJet Pro printers suffer from an arbitrary code execution vulnerability.

tags | exploit, arbitrary, code execution
advisories | CVE-2017-2741
MD5 | a8e3c5652705c68dd39f5cc06033ff1e
Apache OpenMeetings 3.1.0 Remote Code Execution
Posted Nov 14, 2016
Authored by Jacob Baines

Apache OpenMeetings version 3.1.0 is vulnerable to remote code execution via an RMI deserialization attack.

tags | advisory, remote, code execution
advisories | CVE-2016-8736
MD5 | aebc5023a62e65d9e1ffb4480fe9bd85
MiCasa VeraLite Remote Code Execution
Posted Oct 21, 2016
Authored by Jacob Baines

MiCasa VeraLite suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2013-4863, CVE-2016-6255
MD5 | 0b347cd7344f30162bd59665dcdd9208
Page 1 of 1
Back1Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    13 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    19 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close