what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files from Tod Beardsley

Email addresstodb at planb-security.net
First Active2003-06-24
Last Active2024-09-01
FTP Authentication Scanner
Posted Sep 1, 2024
Authored by Tod Beardsley | Site metasploit.com

This Metasploit module will test FTP logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

tags | exploit
advisories | CVE-1999-0502
SHA-256 | 65e04ec1ca6df75366ef90e58cffc41dcbaf3395a13653f08ad81ab38759c904
Koyo DirectLogic PLC Password Brute Force Utility
Posted Aug 31, 2024
Authored by Tod Beardsley, K. Reid Wightman | Site metasploit.com

This Metasploit module attempts to authenticate to a locked Koyo DirectLogic PLC. The PLC uses a restrictive passcode, which can be A0000000 through A9999999. The "A" prefix can also be changed by the administrator to any other character, which can be set through the PREFIX option of this module. This Metasploit module is based on the original koyobrute.rb Basecamp module from DigitalBond.

tags | exploit
SHA-256 | aec78b92195bf4c9c28e103cf974f233901b700547dfefd61da7b7042b020860
Oracle ISQLPlus SID Check
Posted Aug 31, 2024
Authored by Tod Beardsley, CG | Site metasploit.com

This Metasploit module attempts to bruteforce the SID on the Oracle application server iSQL*Plus login pages. It does this by testing Oracle error responses returned in the HTTP response. Incorrect username/pass with a correct SID will produce an Oracle ORA-01017 error. Works against Oracle 9.2, 10.1 and 10.2 iSQL*Plus. This Metasploit module will attempt to fingerprint the version and automatically select the correct POST request.

tags | exploit, web
SHA-256 | 43ed00b533fa9fa67f34d41215d2bfb5042a798ae610c8ddddbae41d921c2719
Allen-Bradley/Rockwell Automation EtherNet/IP CIP Commands
Posted Aug 31, 2024
Authored by Tod Beardsley, Ruben Santamarta, K. Reid Wightman | Site metasploit.com

The EtherNet/IP CIP protocol allows a number of unauthenticated commands to a PLC which implements the protocol. This Metasploit module implements the CPU STOP command, as well as the ability to crash the Ethernet card in an affected device. This Metasploit module is based on the original ethernetip-multi.rb Basecamp module from DigitalBond.

tags | exploit, protocol
SHA-256 | 887d7ca941da90893389c8d56d690e8e44325dff76f8eba61e9b105f62a0c3e5
Schneider Modicon Ladder Logic Upload/Download
Posted Aug 31, 2024
Authored by Tod Beardsley, K. Reid Wightman | Site metasploit.com

The Schneider Modicon with Unity series of PLCs use Modbus function code 90 (0x5a) to send and receive ladder logic. The protocol is unauthenticated, and allows a rogue host to retrieve the existing logic and to upload new logic. Two modes are supported: "SEND" and "RECV," which behave as one might expect -- use set mode ACTIONAME to use either mode of operation. In either mode, FILENAME must be set to a valid path to an existing file (for SENDing) or a new file (for RECVing), and the directory must already exist. The default, modicon_ladder.apx is a blank ladder logic file which can be used for testing. This Metasploit module is based on the original modiconstux.rb Basecamp module from DigitalBond.

tags | exploit, protocol
SHA-256 | e5568f7609da41c1b5a99aaa7d319bbcc02872f0370b9fe227d271b21a9b5d97
Schneider Modicon Remote START/STOP Command
Posted Aug 31, 2024
Authored by Tod Beardsley, K. Reid Wightman | Site metasploit.com

The Schneider Modicon with Unity series of PLCs use Modbus function code 90 (0x5a) to perform administrative commands without authentication. This Metasploit module allows a remote user to change the state of the PLC between STOP and RUN, allowing an attacker to end process control by the PLC. This Metasploit module is based on the original modiconstop.rb Basecamp module from DigitalBond.

tags | exploit, remote
SHA-256 | b1ab2b6cc51066fbc4e2694146c089e9ffe0bd212d9fdf2475b47cf4afabb543
Schneider Modicon Quantum Password Recovery
Posted Aug 31, 2024
Authored by Tod Beardsley, K. Reid Wightman | Site metasploit.com

The Schneider Modicon Quantum series of Ethernet cards store usernames and passwords for the system in files that may be retrieved via backdoor access. This Metasploit module is based on the original modiconpass.rb Basecamp module from DigitalBond.

tags | exploit
SHA-256 | c8e98263aef5c597ea77667625a93e2b0b4a28b1287956030c4b4e2bdb3f8294
Oracle RDBMS Login Utility
Posted Aug 31, 2024
Authored by Patrik Karlsson, Tod Beardsley | Site metasploit.com

This Metasploit module attempts to authenticate against an Oracle RDBMS instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Due to a bug in nmap versions 6.50-7.80 may not work.

tags | exploit
advisories | CVE-1999-0502
SHA-256 | 935c3cc284b489b3842030b9f0161273d8c501d3709235f70534870951e06649
Samsung Internet Browser SOP Bypass
Posted Aug 31, 2024
Authored by Tod Beardsley, Jeffrey Martin, Dhiraj Mishra | Site metasploit.com

This Metasploit module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up.

tags | exploit, bypass
advisories | CVE-2017-17692
SHA-256 | d84c00616d548716b9414d5a60ebf17fd0c1065bb413ce49d1a747e954c01fc0
Juniper JunOS Malformed TCP Option
Posted Aug 31, 2024
Authored by Tod Beardsley | Site metasploit.com

This Metasploit module exploits a denial of service vulnerability in Juniper Networks JunOS router operating system. By sending a TCP packet with TCP option 101 set, an attacker can cause an affected router to reboot.

tags | exploit, denial of service, tcp
systems | juniper
SHA-256 | 08cdfbd242df275e59eddfc4bc6b02c08584e7f50c6f6577a3ecd7ea5c272711
Ruby on Rails JSON Processor Floating Point Heap Overflow Denial of Service
Posted Aug 31, 2024
Authored by Tod Beardsley, Charlie Somerville, joev | Site metasploit.com

When Ruby attempts to convert a string representation of a large floating point decimal number to its floating point equivalent, a heap-based buffer overflow can be triggered. This Metasploit module has been tested successfully on a Ruby on Rails application using Ruby version 1.9.3-p448 with WebRick and Thin web servers, where the Rails application crashes with a segfault error. Other versions of Ruby are reported to be affected.

tags | exploit, web, overflow, ruby
advisories | CVE-2013-4164
SHA-256 | 2d1198655520ca701328d30ac959c34844102b92bdc9874522f9945cc8f352d4
Oracle MySQL UDF Payload Execution
Posted Dec 22, 2017
Authored by Tod Beardsley, Bernardo Damele, h00die | Site metasploit.com

This Metasploit module creates and enables a custom UDF (user defined function) on the target host via the SELECT ... into DUMPFILE method of binary injection. On default Microsoft Windows installations of MySQL versions 5.5.9 and below, directory write permissions not enforced, and the MySQL service runs as LocalSystem. NOTE: This Metasploit module will leave a payload executable on the target system when the attack is finished, as well as the UDF DLL, and will define or redefine sys_eval() and sys_exec() functions.

tags | exploit
systems | windows
SHA-256 | e271ecc64a4930d48b45420b13646e62bddc742c830913aff948fcd6de464829
Samsung Internet Browser SOP Bypass
Posted Dec 20, 2017
Authored by Tod Beardsley, Jeffrey Martin, Dhiraj Mishra

This Metasploit module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up.

tags | exploit, bypass
advisories | CVE-2017-17692
SHA-256 | 453452b6c39fc4137d17372c00e57358247a6b6b2880964c69ec6f1e59572af4
Ceragon FibeAir IP-10 SSH Private Key Exposure
Posted Apr 2, 2015
Authored by H D Moore, Tod Beardsley | Site metasploit.com

This Metasploit module exploits the fact that Ceragon ships a public/private key pair on FibeAir IP-10 devices that allows passwordless authentication to any other IP-10 device. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "mateidu" user.

tags | exploit, remote
advisories | CVE-2015-0936
SHA-256 | 3ffda87a127eecead37db406771d24d73a3f8fb62c5608cc9113f96992bf3bc3
Ceragon FibeAir IP-10 SSH Private Key Exposure
Posted Apr 2, 2015
Authored by Tod Beardsley

Ceragon FibeAir IP-10 suffers from an SSH private key exposure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2015-0936
SHA-256 | 768dfecfdbbc1cece9dc248bd3f46e0b6f857da272a00ca6029519bf8127e833
InfoSec Southwest 2015 Call For Papers
Posted Dec 8, 2014
Authored by Tod Beardsley | Site 2015.infosecsouthwest.com

The InfoSec Southwest 2015 Call For Papers has been announced. The conference will be held April 11th through April 12th, 2015 in Austin, Texas.

tags | paper, conference
SHA-256 | 5f14ffe6e76678c0e63364b8dddcbf079f37ac0b1175373472a9f801fa2f74c6
InfoSec Southwest 2014 Call For Papers
Posted Dec 20, 2013
Authored by Tod Beardsley | Site 2014.infosecsouthwest.com

The InfoSec Southwest 2014 Call For Papers has been announced. The conference will be held April 4th through April 6th, 2014 in Austin, Texas.

tags | paper, conference
SHA-256 | 339a930fc5b597160bf708c5dda8c237525d45a61ee405ab1c0dbb30e4ec22a5
InfoSec Southwest 2013 Call For Papers
Posted Jan 6, 2013
Authored by Tod Beardsley | Site infosecsouthwest.com

The InfoSec Southwest 2013 Call For Papers has been announced. The conference will be held April 19th through April 21st, 2013 in Austin, Texas.

tags | paper, conference
SHA-256 | 51ec6c86768fa02faf2fab8106b35205cc39eec539f4ba9056a46a2481c3fcc3
snacktime.tgz
Posted Jun 24, 2003
Authored by Tod Beardsley | Site planb-security.net

Remote OS fingerprinting tool written in Perl that analyzes the retransmission timeout lengths of a TCP handshake to detect remote operating systems.

tags | tool, remote, scanner, perl, tcp
systems | unix
SHA-256 | dc7fea5649186770394de79bc8fc28fa6fed9514e07f2a48476faa5d4e2dd950
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close