what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files from aushack

First Active2017-12-30
Last Active2024-09-01
MS09-020 IIS6 WebDAV Unicode Authentication Bypass
Posted Sep 1, 2024
Authored by Efrain Torres, aushack | Site metasploit.com

This Metasploit module attempts to to bypass authentication using the WebDAV IIS6 Unicode vulnerability discovered by Kingcope. The vulnerability appears to be exploitable where WebDAV is enabled on the IIS6 server, and any protected folder requires either Basic, Digest or NTLM authentication.

tags | exploit
advisories | CVE-2009-1122, CVE-2009-1535
SHA-256 | 5012479314892cd881dad187059b4c650acb9e753aec5bd911756919ebc31af4
Cisco IOS HTTP Unauthorized Administrative Access
Posted Sep 1, 2024
Authored by H D Moore, aushack | Site metasploit.com

This Metasploit module exploits a vulnerability in the Cisco IOS HTTP Server. By sending a GET request for "/level/num/exec/..", where num is between 16 and 99, it is possible to bypass authentication and obtain full system control. IOS 11.3 -> 12.2 are reportedly vulnerable. This Metasploit module tested successfully against a Cisco 1600 Router IOS v11.3(11d).

tags | exploit, web
systems | cisco, ios
advisories | CVE-2001-0537
SHA-256 | f47c8e7887760a5e15e7ecfe81baff6ced2ddb34267bcb19aff00e68bad4084e
Varnish Cache CLI Login Utility
Posted Aug 31, 2024
Authored by h00die, aushack | Site metasploit.com

This Metasploit module attempts to login to the Varnish Cache (varnishd) CLI instance using a bruteforce list of passwords.

tags | exploit
advisories | CVE-2009-2936
SHA-256 | 8e3762c08b09fcbd9c54cc1f7bc026ff226ffde59424745f6b3b8190cd4dfb6c
Tomcat UTF-8 Directory Traversal
Posted Aug 31, 2024
Authored by ruggine, aushack | Site metasploit.com

This Metasploit module tests whether a directory traversal vulnerability is present in versions of Apache Tomcat 4.1.0 - 4.1.37, 5.5.0 - 5.5.26 and 6.0.0 - 6.0.16 under specific and non-default installations. The connector must have allowLinking set to true and URIEncoding set to UTF-8. Furthermore, the vulnerability actually occurs within Java and not Tomcat; the server must use Java versions prior to Sun 1.4.2_19, 1.5.0_17, 6u11 - or prior IBM Java 5.0 SR9, 1.4.2 SR13, SE 6 SR4 releases. This Metasploit module has only been tested against RedHat 9 running Tomcat 6.0.16 and Sun JRE 1.5.0-05. You may wish to change FILE (hosts,sensitive files), MAXDIRS and RPORT depending on your environment.

tags | exploit, java
systems | linux, redhat
advisories | CVE-2008-2938
SHA-256 | 074505843e22daa8b105c810b3e9494a29fe2f2609c3910af390ea2827e231d0
TrendMicro OfficeScanNT Listener Traversal Arbitrary File Access
Posted Aug 31, 2024
Authored by aushack, Anshul Pandey | Site metasploit.com

This Metasploit module tests for directory traversal vulnerability in the UpdateAgent function in the OfficeScanNT Listener (TmListen.exe) service in Trend Micro OfficeScan. This allows remote attackers to read arbitrary files as SYSTEM via dot dot sequences in an HTTP request.

tags | exploit, remote, web, arbitrary
advisories | CVE-2008-2439
SHA-256 | f9f4a1cffb076eaa8de5b999f9dcbffa5aea4de87901e76b8a98aeaadfed7549
Cisco IOS HTTP GET /%% Request Denial of Service
Posted Aug 31, 2024
Authored by aushack | Site metasploit.com

This Metasploit module triggers a Denial of Service condition in the Cisco IOS HTTP server. By sending a GET request for "/%%", the device becomes unresponsive. IOS 11.1 through 12.1 are reportedly vulnerable. This module tested successfully against a Cisco 1600 Router IOS v11.2(18)P.

tags | exploit, web, denial of service
systems | cisco, ios
advisories | CVE-2000-0380
SHA-256 | dc39510366736d85c7a14577002a973c7089c8dcc345300bb523a6451e277efe
MS02-063 PPTP Malformed Control Data Kernel Denial of Service
Posted Aug 31, 2024
Authored by aushack | Site metasploit.com

This Metasploit module exploits a kernel based overflow when sending abnormal PPTP Control Data packets to Microsoft Windows 2000 SP0-3 and XP SP0-1 based PPTP RAS servers (Remote Access Services). Kernel memory is overwritten resulting in a BSOD. Code execution may be possible however this module is only a DoS.

tags | exploit, remote, overflow, kernel, code execution
systems | windows, 2k
advisories | CVE-2002-1214
SHA-256 | f6b900c41ad128f7eb0865eabc39ca4b0dca932339d32bf7d9c3aab93b77cce7
Kentico CMS 12.0.14 Remote Command Execution
Posted May 6, 2020
Authored by aushack, Manoj Cherukuri, Justin LeMay | Site metasploit.com

This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML input is passed to an insecure .NET deserialize call which allows for remote command execution.

tags | exploit, remote
advisories | CVE-2019-10068
SHA-256 | 5b68d0d542ef6100308fe77d235af8615fef5ce550885eedaeb120ad41bc9f6f
PHP Laravel Framework Token Unserialize Remote Command Execution
Posted Jul 15, 2019
Authored by aushack, Stale Pettersen | Site metasploit.com

This Metasploit module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x up to 5.6.29. Remote command execution is possible via a correctly formatted HTTP X-XSRF-TOKEN header, due to an insecure unserialize call of the decrypt method in Illuminate/Encryption/Encrypter.php. Authentication is not required, however exploitation requires knowledge of the Laravel APP_KEY. Similar vulnerabilities appear to exist within Laravel cookie tokens based on the code fix. In some cases the APP_KEY is leaked which allows for discovery and exploitation.

tags | exploit, remote, web, php, vulnerability
advisories | CVE-2017-16894, CVE-2018-15133
SHA-256 | 89a708ff133e6615ee3040a41d60178a5e2e6c21344ec723424eb420b1cc5b8c
HP Mercury LoadRunner Agent magentproc.exe Remote Command Execution
Posted Dec 30, 2017
Authored by temp66, aushack | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in HP LoadRunner before 9.50 and also HP Performance Center before 9.50. HP LoadRunner 12.53 and other versions are also most likely vulnerable if the (non-default) SSL option is turned off. By sending a specially crafted packet, an attacker can execute commands remotely. The service is vulnerable provided the Secure Channel feature is disabled (default).

tags | exploit, remote
advisories | CVE-2010-1549
SHA-256 | 0bfa24b3a3de55a83f6e1af498795fa6d0ddf8b35ad4a3fdfc280bd24cc80dd2
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close