exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

Files from Zach Hanley

First Active2022-10-19
Last Active2024-02-02
Fortra GoAnywhere MFT Unauthenticated Remote Code Execution
Posted Feb 2, 2024
Authored by James Horseman, Zach Hanley, sfewer-r7 | Site metasploit.com

This Metasploit module exploits a vulnerability in Fortra GoAnywhere MFT that allows an unauthenticated attacker to create a new administrator account. This can be leveraged to upload a JSP payload and achieve RCE. GoAnywhere MFT versions 6.x from 6.0.1, and 7.x before 7.4.1 are vulnerable.

tags | exploit
advisories | CVE-2024-0204
SHA-256 | 035ed04146400771edc30f7f2428017890a815d0e2f43a4345934b3f301ed59e
GoAnywhere MFT Authentication Bypass
Posted Jan 24, 2024
Authored by James Horseman, Zach Hanley, Horizon3 Attack Team | Site github.com

GoAnywhere MFT authentication bypass proof of concept exploit.

tags | exploit, proof of concept
advisories | CVE-2024-0204
SHA-256 | cc18afe3ce13ec7ab1ac673b6370a4830af2b4f40a635675ad5b2e4d8c6adfca
Lexmark Device Embedded Web Server Remote Code Execution
Posted Sep 19, 2023
Authored by jheysel-r7, James Horseman, Zach Hanley | Site metasploit.com

An unauthenticated remote code execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19. The vulnerability is only exposed if, when setting up the printer or device, the user selects "Set up Later" when asked if they would like to add an Admin user. If no Admin user is created, the endpoint /cgi-bin/fax_change_faxtrace_settings is accessible without authentication. The endpoint allows the user to configure a number of different fax settings. A number of the configurable parameters on the page fail to be sanitized properly before being used in a bash eval statement, allowing for an unauthenticated user to run arbitrary commands.

tags | exploit, remote, arbitrary, cgi, code execution, bash
advisories | CVE-2023-26067, CVE-2023-26068
SHA-256 | 55b25ea44278a5136992f906756ff24cc7e2991ab7847a6388c6522fffc7a70a
Ivanti Sentry Authentication Bypass / Remote Code Execution
Posted Sep 13, 2023
Authored by jheysel-r7, James Horseman, Zach Hanley | Site metasploit.com

This Metasploit module exploits an authentication bypass in Ivanti Sentry which exposes API functionality which allows for code execution in the context of the root user.

tags | exploit, root, code execution
advisories | CVE-2023-38035
SHA-256 | ea4bf146aae20e6532518f5f14a0339f6c32348de42b3b15936e869ed48d8e04
PaperCut MF/NG Authentication Bypass / Remote Code Execution
Posted Apr 25, 2023
Authored by James Horseman, Zach Hanley, Horizon3 Attack Team | Site github.com

PaperCut MF/NG proof of concept exploit that uses an authentication bypass vulnerability chained with abuse of built-in scripting functionality to execute code.

tags | exploit, proof of concept, bypass
advisories | CVE-2023-27350
SHA-256 | e01888c501e68b969faf6f9f0762260b9738e28e6c41609aee12cd8f6079824b
Fortinet FortiNAC keyUpload.jsp Arbitrary File Write
Posted Mar 15, 2023
Authored by jheysel-r7, Zach Hanley, Gwendal Guegniaud | Site metasploit.com

This Metasploit module uploads a payload to the /tmp directory in addition to a cron job to /etc/cron.d which executes the payload in the context of the root user. The core vulnerability is an arbitrary file write issue in /configWizard/keyUpload.jsp which is accessible remotely and without authentication. When you send the vulnerable endpoint a ZIP file, it will extract an attacker controlled file to a directory of the attackers choice on the target system. This issue is exploitable on FortiNAC versions 9.4 prior to 9.4.1, FortiNAC versions 9.2 prior to 9.2.6, FortiNAC versions 9.1 prior to 9.1.8, all versions of FortiNAC 8.8, all versions of FortiNAC 8.7, all versions of FortiNAC 8.6, all versions of FortiNAC 8.5, and all versions of FortiNAC 8.3.

tags | exploit, arbitrary, root
advisories | CVE-2022-39952
SHA-256 | b72056fdc9840a37268bab3325c1941ddb0082c5918cf14fec39001b268b461d
Fortinet FortiOS / FortiProxy / FortiSwitchManager Authentication Bypass
Posted Oct 19, 2022
Authored by Heyder Andrade, Zach Hanley | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in the Fortinet FortiOS, FortiProxy, and FortiSwitchManager API to gain access to a chosen account and then adds an SSH key to the authorized_keys file of the chosen account, allowing you to login to the system with the chosen account. Successful exploitation results in remote code execution.

tags | exploit, remote, code execution, bypass
advisories | CVE-2022-40684
SHA-256 | 818eeb4d404c8cde2ab69451948a6037ca08bef60e2be65eb6fe9ed9d7ef0e7d
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close