what you don't know can hurt you
Showing 1 - 11 of 11 RSS Feed

Files from Jacob Robles

First Active2018-03-29
Last Active2020-02-04
SMB DOUBLEPULSAR Remote Code Execution
Posted Feb 4, 2020
Authored by Luke Jennings, wvu, Shadow Brokers, Equation Group, zerosum0x0, Jacob Robles | Site metasploit.com

This Metasploit module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB as popularly deployed by ETERNALBLUE. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant.

tags | exploit, code execution
advisories | CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148
SHA-256 | cf5398db6da1a49ffbf7822090a6afa83e60a3b163c1dbfa4962e518d4e655f6
DOUBLEPULSAR Payload Execution / Neutralization
Posted Oct 1, 2019
Authored by Luke Jennings, wvu, Shadow Brokers, Equation Group, zerosum0x0, Jacob Robles | Site metasploit.com

This Metasploit module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB as popularly deployed by ETERNALBLUE. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant.

tags | exploit, code execution
advisories | CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148
SHA-256 | 28ae33e9b8acc6b5e5cf2cd7d546782a77c489178bc2073d4ed3ffe0a56a2291
Microsoft Windows NtUserSetWindowFNID Win32k User Callback
Posted Jul 16, 2019
Authored by ze0r, Jacob Robles, Kaspersky Lab | Site metasploit.com

An elevation of privilege vulnerability exists in Microsoft Windows when the Win32k component fails to properly handle objects in memory. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This Metasploit module is tested against Windows 10 v1703 x86.

tags | exploit, x86
systems | windows
advisories | CVE-2018-8453
SHA-256 | b12d041b74805140215567e34bac24168770da5ed39aeeca4562c66332b7d517
Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF
Posted Apr 11, 2019
Authored by Jacob Robles, Khanh Viet Pham, An Trinh | Site metasploit.com

This Metasploit module exploits an XML external entity vulnerability and a server side request forgery to get unauthenticated code execution on Zimbra Collaboration Suite. The XML external entity vulnerability in the Autodiscover Servlet is used to read a Zimbra configuration file that contains an LDAP password for the zimbra account. The zimbra credentials are then used to get a user authentication cookie with an AuthRequest message. Using the user cookie, a server side request forgery in the Proxy Servlet is used to proxy an AuthRequest with the zimbra credentials to the admin port to retrieve an admin cookie. After gaining an admin cookie the Client Upload servlet is used to upload a JSP webshell that can be triggered from the web server to get command execution on the host. The issues reportedly affect Zimbra Collaboration Suite v8.5 to v8.7.11. This module was tested with Zimbra Release 8.7.1.GA.1670.UBUNTU16.64 UBUNTU16_64 FOSS edition.

tags | exploit, web, code execution
advisories | CVE-2019-9621, CVE-2019-9670
SHA-256 | 811a4794f58646f39b0ef372b6e8f37324c45d3730bba6e1b7ae12049671f517
Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
Posted Sep 22, 2018
Authored by Jacob Robles, bwatters-r7, SandboxEscaper, asoto-r7 | Site metasploit.com

On vulnerable versions of Windows the alpc endpoint method SchRpcSetSecurity implemented by the task scheduler service can be used to write arbitrary DACLs to .job files located in c:\windows\tasks because the scheduler does not use impersonation when checking this location. Since users can create files in the c:\windows\tasks folder, a hardlink can be created to a file the user has read access to. After creating a hardlink, the vulnerability can be triggered to set the DACL on the linked file. WARNING: The PrintConfig.dll (%windir%\system32\driverstor\filerepository\prnms003*) on the target host will be overwritten when the exploit runs. This Metasploit module has been tested against Windows 10 Pro x64.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2018-8440
SHA-256 | c95cd7c1a2ed4a550a27c66b7fcad45a1a61d5951227bc43830a853f611b7cd1
Foxit PDF Reader 9.0.1.1049 Pointer Overwrite Use-After-Free
Posted Aug 24, 2018
Authored by mr_me, saelo, Jacob Robles, bit from meepwnn | Site metasploit.com

Foxit PDF Reader version 9.0.1.1049 has a use-after-free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A ROP chain can be constructed that will execute when Foxit Reader performs the UAF.

tags | exploit, vulnerability
advisories | CVE-2018-9948, CVE-2018-9958
SHA-256 | 328a4999829d5eb3b12ffaeb666a27977fb72410e1a96f44c840761020615f82
Oracle Weblogic Server Deserialization Remote Code Execution
Posted Aug 10, 2018
Authored by Jacob Robles, brianwrf | Site metasploit.com

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object to the interface to execute code on vulnerable hosts.

tags | exploit
advisories | CVE-2018-2628
SHA-256 | 3b706831a95e7ec9767cb60c343331abe8d92f1382ece3a3f50c5943e25d0275
Axis Network Camera Remote Command Execution
Posted Jul 26, 2018
Authored by sinn3r, Chris Lee, wvu, Matthew Kienow, Or Peles, Jacob Robles, Shelby Pace, Cale Black, Brent Cook | Site metasploit.com

This Metasploit module exploits an authentication bypass in .srv functionality and a command injection in parhand to execute code as the root user.

tags | exploit, root
advisories | CVE-2018-10660, CVE-2018-10661, CVE-2018-10662
SHA-256 | c10f9b22f833b812b5b5320ea587dedf77fe8a60a4a58ddec5548a2ea5fb202d
CMS Made Simple 2.2.5 Authenticated Remote Command Execution
Posted Jul 19, 2018
Authored by Jacob Robles, Mustafa Hasen | Site metasploit.com

CMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory.

tags | exploit, php
advisories | CVE-2018-1000094
SHA-256 | 665002696e6aa2586a51b8816a8a1e2a503f1bc489989a9294e0d3632c5224f2
phpMyAdmin Authenticated Remote Code Execution
Posted Jul 12, 2018
Authored by Jacob Robles, ChaMd5, Henry Huang | Site metasploit.com

phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1.

tags | exploit, local, php, file inclusion
advisories | CVE-2018-12613
SHA-256 | dae18ef3348cf3077fd1fd7c0054e8bcb0185fb7e809a95ee03722cd6aacb0d5
GitStack 2.3.10 Unsanitized Argument Remote Code Execution
Posted Mar 29, 2018
Authored by Kacper Szurek, Jacob Robles | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability that exists in GitStack versions through 2.3.10, caused by an unsanitized argument being passed to an exec function call. This Metasploit module has been tested on GitStack version 2.3.10.

tags | exploit, remote, code execution
advisories | CVE-2018-5955
SHA-256 | cab234e294c5341ce9967a663c67c38cbd0d00a9c7657d94c2711d9cf5ea275f
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close