exploit the possibilities
Showing 1 - 4 of 4 RSS Feed

Files from Imran Dawoodjee

Email addressimrandawoodjee.infosec at gmail.com
First Active2018-11-27
Last Active2020-09-11
DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation
Posted Sep 11, 2020
Authored by Imran Dawoodjee, Shay Ber | Site metasploit.com

This Metasploit module exploits a feature in the DNS service of Windows Server. Users of the DnsAdmins group can set the ServerLevelPluginDll value using dnscmd.exe to create a registry key at HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters\ named ServerLevelPluginDll that can be made to point to an arbitrary DLL.

tags | exploit, arbitrary, registry
systems | windows
MD5 | a9fb3457e349592a8a89e98cdf5e1403
Apache Solr 8.3.0 Velocity Template Remote Code Execution
Posted Apr 3, 2020
Authored by Imran Dawoodjee, JAS502N, s00py, AleWong | Site metasploit.com

This Metasploit module exploits a vulnerability in Apache Solr versions 8.3.0 and below which allows remote code execution via a custom Velocity template. Currently, this module only supports Solr basic authentication. From the Tenable advisory: An attacker could target a vulnerable Apache Solr instance by first identifying a list of Solr core names. Once the core names have been identified, an attacker can send a specially crafted HTTP POST request to the Config API to toggle the params resource loader value for the Velocity Response Writer in the solrconfig.xml file to true. Enabling this parameter would allow an attacker to use the Velocity template parameter in a specially crafted Solr request, leading to remote code execution.

tags | exploit, remote, web, code execution
advisories | CVE-2019-17558
MD5 | b5dc475b45fed04ef8882d4f1ad70e5d
RARLAB WinRAR ACE Format Input Validation Remote Code Execution
Posted Apr 24, 2019
Authored by Imran Dawoodjee, Nadav Grossman | Site metasploit.com

In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path. This module will attempt to extract a payload to the startup folder of the current user. It is limited such that we can only go back one folder. Therefore, for this exploit to work properly, the user must extract the supplied RAR file from one folder within the user profile folder (e.g. Desktop or Downloads). User restart is required to gain a shell.

tags | exploit, shell
advisories | CVE-2018-20250
MD5 | e92db51f5e14f0fddb4670c8372f4da6
Netgear Unauthenticated Remote Command Execution
Posted Nov 27, 2018
Authored by Imran Dawoodjee, Daming Dominic Chen | Site metasploit.com

Netgear WN604 versions before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 versions before 3.5.5.0 allow remote attackers to execute arbitrary commands.

tags | exploit, remote, arbitrary
advisories | CVE-2016-1555
MD5 | b9cff3334bed0cc1ee0698b28ae6a4c8
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    7 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close