what you don't know can hurt you
Showing 1 - 4 of 4 RSS Feed

Files from Imran Dawoodjee

Email addressimrandawoodjee.infosec at gmail.com
First Active2018-11-27
Last Active2020-09-11
DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation
Posted Sep 11, 2020
Authored by Imran Dawoodjee, Shay Ber | Site metasploit.com

This Metasploit module exploits a feature in the DNS service of Windows Server. Users of the DnsAdmins group can set the ServerLevelPluginDll value using dnscmd.exe to create a registry key at HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters\ named ServerLevelPluginDll that can be made to point to an arbitrary DLL.

tags | exploit, arbitrary, registry
systems | windows
MD5 | a9fb3457e349592a8a89e98cdf5e1403
Apache Solr 8.3.0 Velocity Template Remote Code Execution
Posted Apr 3, 2020
Authored by Imran Dawoodjee, JAS502N, s00py, AleWong | Site metasploit.com

This Metasploit module exploits a vulnerability in Apache Solr versions 8.3.0 and below which allows remote code execution via a custom Velocity template. Currently, this module only supports Solr basic authentication. From the Tenable advisory: An attacker could target a vulnerable Apache Solr instance by first identifying a list of Solr core names. Once the core names have been identified, an attacker can send a specially crafted HTTP POST request to the Config API to toggle the params resource loader value for the Velocity Response Writer in the solrconfig.xml file to true. Enabling this parameter would allow an attacker to use the Velocity template parameter in a specially crafted Solr request, leading to remote code execution.

tags | exploit, remote, web, code execution
advisories | CVE-2019-17558
MD5 | b5dc475b45fed04ef8882d4f1ad70e5d
RARLAB WinRAR ACE Format Input Validation Remote Code Execution
Posted Apr 24, 2019
Authored by Imran Dawoodjee, Nadav Grossman | Site metasploit.com

In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path. This module will attempt to extract a payload to the startup folder of the current user. It is limited such that we can only go back one folder. Therefore, for this exploit to work properly, the user must extract the supplied RAR file from one folder within the user profile folder (e.g. Desktop or Downloads). User restart is required to gain a shell.

tags | exploit, shell
advisories | CVE-2018-20250
MD5 | e92db51f5e14f0fddb4670c8372f4da6
Netgear Unauthenticated Remote Command Execution
Posted Nov 27, 2018
Authored by Imran Dawoodjee, Daming Dominic Chen | Site metasploit.com

Netgear WN604 versions before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 versions before 3.5.5.0 allow remote attackers to execute arbitrary commands.

tags | exploit, remote, arbitrary
advisories | CVE-2016-1555
MD5 | b9cff3334bed0cc1ee0698b28ae6a4c8
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close