what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed

Files from Gary O'Leary-Steele

Email addressgaryo at sec-1.com
First Active2002-08-13
Last Active2013-01-25
Movable Type 4.2x / 4.3x Web Upgrade Remote Code Execution
Posted Jan 25, 2013
Authored by Gary O'Leary-Steele, Nick Blundell, Kacper Nowak | Site metasploit.com

This Metasploit module can be used to execute a payload on MoveableType (MT) that exposes a CGI script, mt-upgrade.cgi (usually at /mt/mt-upgrade.cgi), that is used during installation and updating of the platform. This allows for code injection.

tags | exploit, cgi
advisories | CVE-2012-6315, CVE-2013-0209
MD5 | c41c453aaf7b8b6c299726ebe11660bc
Splunk Search Remote Code Execution
Posted Dec 23, 2011
Authored by Gary O'Leary-Steele, juan vazquez | Site metasploit.com

This Metasploit module abuses a command execution vulnerability within the web based interface of Splunk 4.2 to 4.2.4. The vulnerability exists within the 'mappy' search command which allows to run python code. To exploit this vulnerability a valid Splunk user with the admin role is required. Unfortunately, Splunk uses a default credential of 'admin:changeme' for admin access, which is used to leverage our attack. The Splunk Web interface runs as SYSTEM on Windows and as root on Linux by default.

tags | exploit, web, root, python
systems | linux, windows
advisories | CVE-2011-4642, OSVDB-77695
MD5 | 294cfa16c9506b36e2aaf7e1e00192ff
Splunk Remote Root Command Execution / Directory Traversal
Posted Dec 15, 2011
Authored by Gary O'Leary-Steele | Site sec-1.com

Sec-1 Labs performed a product security analysis of Splunk and discovered remote command execution as a privileged user, a directory traversal vulnerability, failure to protect itself from brute force attacks and information disclosure issues. Versions 4.2.2, 4.2.3 and 4.2.4 were tested. This archive contains an advisory and an exploit.

tags | exploit, remote, info disclosure
systems | linux
advisories | CVE-2011-4642, CVE-2011-4643, CVE-2011-4644
MD5 | 7e59f2dc72f57a7160906a20c3bb2ae6
unicode-fun.txt
Posted Sep 11, 2008
Authored by Gary O'Leary-Steele | Site sec-1.com

Ruby Script to generate URL encoded Unicode UTF-8 URL.

tags | web, ruby
MD5 | e24f08221794bf016d8296477ded5427
mailmarshall-password.txt
Posted Jul 18, 2007
Authored by Gary O'Leary-Steele | Site sec-1.com

The MailMarshal Spam Quarantine version 6.2.0.x HTTP interface password reset facility is vulnerable to a SQL buffer truncation attack. The vulnerability could be exploited to reset and retrieve any user account. The attacker would require prior knowledge of the users email address.

tags | advisory, web
advisories | CVE-2007-3796
MD5 | 1195fa7209354574609552bc888ef297
BTA_CensoredRelease.pdf
Posted Jul 7, 2007
Authored by Gary O'Leary-Steele | Site sec-1.com

Paper called Buffer Truncation Abuse in Microsoft SQL Server Based Applications. This paper is designed to document an attack technique Sec-1 recently adopted during the course of their application assessments.

tags | paper
MD5 | 7a82345431b0de38382f36430441fbbe
automagic.zip
Posted Nov 30, 2005
Authored by Gary O'Leary-Steele | Site sec-1.com

The Automagic SQL Injector is part of the Sec-1 Exploit Arsenal provided as part of the Applied Hacking & Intrusion Prevention training courses. In a nutshell it's an automated SQL injection tool designed to help save time on pen tests. It is only designed to work with vanilla Microsoft SQL injection holes where errors are returned.

tags | tool, scanner, sql injection
systems | unix
MD5 | e0a4e2669ec52d212d73d0864492dd78
sec-1-Collarboration.txt
Posted Oct 15, 2005
Authored by Gary O'Leary-Steele | Site sec-1.com

Sec-1 has identified an exploitable buffer overflow within Collaboration Data Objects (Cdosys.dll and Cdoex.dll). The vulnerability exists when event sinks are used within Microsoft Exchange 2000 or Microsoft Mail services to parse e-mail content. Several Content Security packages were identified to be vulnerable/exploitable.

tags | advisory, overflow
advisories | CVE-2005-1987
MD5 | 214c9052233e0677ed44775fe3507f2a
sec-1-GFI-MailSecurity.txt
Posted Oct 13, 2005
Authored by Gary O'Leary-Steele | Site sec-1.com

Sec-1 has identified an exploitable Buffer Overflow within the HTTP management interface of GFI MailSecurity 8.1. By sending large strings within several areas of the HTTP request (such as a large 'Host' or 'Accept' header) critical portions of memory are overwritten. Verification of this vulnerability can be achieved through the use of a HTTP fuzzer, such as @stake webproxy. Successful exploitation could allow an attacker to gain administrative control of the targeted host.

tags | advisory, web, overflow, fuzzer
MD5 | e7e879d96868a5f38533947ffba9af3d
CDObo.txt
Posted Oct 12, 2005
Authored by Gary O'Leary-Steele | Site sec-1.com

Sec-1 has identified an exploitable Buffer Overflow within Collaboration Data Objects (Cdosys.dll and Cdoex.dll). The vulnerability exists when event sinks are used within Microsoft Exchange 2000 or Microsoft Mail services to parse e-mail content. Several Content Security packages were identified to be vulnerable/exploitable.

tags | advisory, overflow
advisories | CVE-2005-1987
MD5 | 90980caac6ac6153635ef2b9c186b012
rsaHeap.txt
Posted Aug 7, 2005
Authored by Gary O'Leary-Steele | Site sec-1.com

The RSA SecurID Web Agent suffers from a heap overflows. Versions 5, 5.2, and 5.3 are affected.

tags | advisory, web, overflow
MD5 | 7cd43196d1428f1b38820e869046d04d
cainAbel.txt
Posted Mar 22, 2005
Authored by Gary O'Leary-Steele | Site sec-1.com

Cain and Abel PSK sniffer version 2.65 is susceptible to a heap overflow that allows for arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
MD5 | bcf2b1c2d7d45d3df2010026d230a1ba
HelpMe2.pl
Posted Aug 13, 2002
Authored by Gary O'Leary-Steele | Site Sec-1.com

Exploit code for Winhlp32.exe remote buffer overflow vulnerability. Calls WinExec SW_HIDE and executes supplied command. Tested against Windows 2000 Professional SP2. Written for Kernel32.dll version 5.0.2195.2778.

tags | exploit, remote, overflow
systems | windows, 2k
MD5 | 3d9b0b9443e634977c358e53e06c4108
HelpMe.pl
Posted Aug 13, 2002
Authored by Gary O'Leary-Steele | Site Sec-1.com

Exploit code for Winhlp32.exe remote buffer overflow vulnerability. Calls WinExec SW_HIDE and executes supplied command. Tested against Windows 2000 Professional SP2. Written for Kernel32.dll version 5.0.2195.4272.

tags | exploit, remote, overflow
systems | windows, 2k
MD5 | 1a8e8b5b527b3d3bf230966975a8248c
Page 1 of 1
Back1Next

File Archive:

May 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    14 Files
  • 2
    May 2nd
    3 Files
  • 3
    May 3rd
    1 Files
  • 4
    May 4th
    18 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    21 Files
  • 7
    May 7th
    15 Files
  • 8
    May 8th
    19 Files
  • 9
    May 9th
    1 Files
  • 10
    May 10th
    2 Files
  • 11
    May 11th
    18 Files
  • 12
    May 12th
    39 Files
  • 13
    May 13th
    15 Files
  • 14
    May 14th
    17 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    2 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    21 Files
  • 20
    May 20th
    15 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    6 Files
  • 23
    May 23rd
    1 Files
  • 24
    May 24th
    1 Files
  • 25
    May 25th
    2 Files
  • 26
    May 26th
    23 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close