exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files from Gary O'Leary-Steele

Email addressgaryo at sec-1.com
First Active2002-08-13
Last Active2013-01-25
Movable Type 4.2x / 4.3x Web Upgrade Remote Code Execution
Posted Jan 25, 2013
Authored by Gary O'Leary-Steele, Nick Blundell, Kacper Nowak | Site metasploit.com

This Metasploit module can be used to execute a payload on MoveableType (MT) that exposes a CGI script, mt-upgrade.cgi (usually at /mt/mt-upgrade.cgi), that is used during installation and updating of the platform. This allows for code injection.

tags | exploit, cgi
advisories | CVE-2012-6315, CVE-2013-0209
SHA-256 | 9f1569dcdb5b14c9f7ccc437f947a2040582d389fc39d6d3e38a34b0a7f83d25
Splunk Search Remote Code Execution
Posted Dec 23, 2011
Authored by Gary O'Leary-Steele, juan vazquez | Site metasploit.com

This Metasploit module abuses a command execution vulnerability within the web based interface of Splunk 4.2 to 4.2.4. The vulnerability exists within the 'mappy' search command which allows to run python code. To exploit this vulnerability a valid Splunk user with the admin role is required. Unfortunately, Splunk uses a default credential of 'admin:changeme' for admin access, which is used to leverage our attack. The Splunk Web interface runs as SYSTEM on Windows and as root on Linux by default.

tags | exploit, web, root, python
systems | linux, windows
advisories | CVE-2011-4642, OSVDB-77695
SHA-256 | 4cec15e9c8252677e5cd1bb453f1bd43e0c2eb409d8162a5ce458bb290116509
Splunk Remote Root Command Execution / Directory Traversal
Posted Dec 15, 2011
Authored by Gary O'Leary-Steele | Site sec-1.com

Sec-1 Labs performed a product security analysis of Splunk and discovered remote command execution as a privileged user, a directory traversal vulnerability, failure to protect itself from brute force attacks and information disclosure issues. Versions 4.2.2, 4.2.3 and 4.2.4 were tested. This archive contains an advisory and an exploit.

tags | exploit, remote, info disclosure
systems | linux
advisories | CVE-2011-4642, CVE-2011-4643, CVE-2011-4644
SHA-256 | 9cc7b90d467527ef440024994f447af75a7361359080cde790f375729dc79e38
unicode-fun.txt
Posted Sep 11, 2008
Authored by Gary O'Leary-Steele | Site sec-1.com

Ruby Script to generate URL encoded Unicode UTF-8 URL.

tags | web, ruby
SHA-256 | 3716b2b24def26545bf37991157e555c96d9f13dc08744a8b8168ccd6d3bd237
mailmarshall-password.txt
Posted Jul 18, 2007
Authored by Gary O'Leary-Steele | Site sec-1.com

The MailMarshal Spam Quarantine version 6.2.0.x HTTP interface password reset facility is vulnerable to a SQL buffer truncation attack. The vulnerability could be exploited to reset and retrieve any user account. The attacker would require prior knowledge of the users email address.

tags | advisory, web
advisories | CVE-2007-3796
SHA-256 | 413e168c92dfcc339ecd500754b6e240ebd1b59e709f687e96ac02bb9c73e549
BTA_CensoredRelease.pdf
Posted Jul 7, 2007
Authored by Gary O'Leary-Steele | Site sec-1.com

Paper called Buffer Truncation Abuse in Microsoft SQL Server Based Applications. This paper is designed to document an attack technique Sec-1 recently adopted during the course of their application assessments.

tags | paper
SHA-256 | 0dc61a947fb649824bb61b36cc116d9966deabfa346db9f73a35a69ce0e03ecf
automagic.zip
Posted Nov 30, 2005
Authored by Gary O'Leary-Steele | Site sec-1.com

The Automagic SQL Injector is part of the Sec-1 Exploit Arsenal provided as part of the Applied Hacking & Intrusion Prevention training courses. In a nutshell it's an automated SQL injection tool designed to help save time on pen tests. It is only designed to work with vanilla Microsoft SQL injection holes where errors are returned.

tags | tool, scanner, sql injection
systems | unix
SHA-256 | 10f67d639127d49c2a17f2bd7836c65a6de0e65c95f62f7cba4c1eabba63e69d
sec-1-Collarboration.txt
Posted Oct 15, 2005
Authored by Gary O'Leary-Steele | Site sec-1.com

Sec-1 has identified an exploitable buffer overflow within Collaboration Data Objects (Cdosys.dll and Cdoex.dll). The vulnerability exists when event sinks are used within Microsoft Exchange 2000 or Microsoft Mail services to parse e-mail content. Several Content Security packages were identified to be vulnerable/exploitable.

tags | advisory, overflow
advisories | CVE-2005-1987
SHA-256 | 9f4f941c51cdd9e0d26f660aabaaad96258464fb7cea45f0278841f2584003a0
sec-1-GFI-MailSecurity.txt
Posted Oct 13, 2005
Authored by Gary O'Leary-Steele | Site sec-1.com

Sec-1 has identified an exploitable Buffer Overflow within the HTTP management interface of GFI MailSecurity 8.1. By sending large strings within several areas of the HTTP request (such as a large 'Host' or 'Accept' header) critical portions of memory are overwritten. Verification of this vulnerability can be achieved through the use of a HTTP fuzzer, such as @stake webproxy. Successful exploitation could allow an attacker to gain administrative control of the targeted host.

tags | advisory, web, overflow, fuzzer
SHA-256 | 4300d283bb084186da283e56ddae0e40446b1e8a04f555832a86566d3489b5db
CDObo.txt
Posted Oct 12, 2005
Authored by Gary O'Leary-Steele | Site sec-1.com

Sec-1 has identified an exploitable Buffer Overflow within Collaboration Data Objects (Cdosys.dll and Cdoex.dll). The vulnerability exists when event sinks are used within Microsoft Exchange 2000 or Microsoft Mail services to parse e-mail content. Several Content Security packages were identified to be vulnerable/exploitable.

tags | advisory, overflow
advisories | CVE-2005-1987
SHA-256 | 26ed9986f1acd0482d2a4dccf8225ecf63c139f2483c559189427de3f59962e6
rsaHeap.txt
Posted Aug 7, 2005
Authored by Gary O'Leary-Steele | Site sec-1.com

The RSA SecurID Web Agent suffers from a heap overflows. Versions 5, 5.2, and 5.3 are affected.

tags | advisory, web, overflow
SHA-256 | e010b40af665d69382ab4aebc8c25938d3ad8941470fa0cf633f41bb5fe578ef
cainAbel.txt
Posted Mar 22, 2005
Authored by Gary O'Leary-Steele | Site sec-1.com

Cain and Abel PSK sniffer version 2.65 is susceptible to a heap overflow that allows for arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
SHA-256 | bd34e21df4190627608dceac0bc6fb975ca0ca3a606a471084d205aecfedffde
HelpMe2.pl
Posted Aug 13, 2002
Authored by Gary O'Leary-Steele | Site Sec-1.com

Exploit code for Winhlp32.exe remote buffer overflow vulnerability. Calls WinExec SW_HIDE and executes supplied command. Tested against Windows 2000 Professional SP2. Written for Kernel32.dll version 5.0.2195.2778.

tags | exploit, remote, overflow
systems | windows
SHA-256 | adce750ea8ea7636a6d8425b52fcab60b5dd38ae71c75e61d280d5b11e225141
HelpMe.pl
Posted Aug 13, 2002
Authored by Gary O'Leary-Steele | Site Sec-1.com

Exploit code for Winhlp32.exe remote buffer overflow vulnerability. Calls WinExec SW_HIDE and executes supplied command. Tested against Windows 2000 Professional SP2. Written for Kernel32.dll version 5.0.2195.4272.

tags | exploit, remote, overflow
systems | windows
SHA-256 | d51b5844b984733f335e621404e81da9ba3972f55afab24141b4eeba7aef7f17
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close