Twenty Year Anniversary
Showing 1 - 19 of 19 RSS Feed

Files from bannedit

Email addressbannedit at blacksecurity.org
First Active2006-07-24
Last Active2014-04-29
Adobe Flash Player Type Confusion Remote Code Execution
Posted Apr 29, 2014
Authored by bannedit, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a type confusion vulnerability found in the ActiveX component of Adobe Flash Player. This vulnerability was found exploited in the wild in November 2013. This Metasploit module has been tested successfully on IE 6 to IE 10 with Flash 11.7, 11.8 and 11.9 prior to 11.9.900.170 over Windows XP SP3 and Windows 7 SP1.

tags | exploit, activex
systems | windows, xp, 7
advisories | CVE-2013-5331
MD5 | 711da7fb2ca640490f5dd63b766555f1
Foxit Reader 3.0 Open Execute Action Stack Based Buffer Overflow
Posted May 22, 2012
Authored by bannedit, Francisco Falcon | Site metasploit.com

This Metasploit module exploits a buffer overflow in Foxit Reader 3.0 builds 1301 and earlier. Due to the way Foxit Reader handles the input from an "Launch" action, it is possible to cause a stack-based buffer overflow, allowing an attacker to gain arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution
advisories | OSVDB-55614
MD5 | dd101f060050f721d607dcf105579673
Citrix Gateway ActiveX Control Stack Based Buffer Overflow
Posted Aug 31, 2011
Authored by Michal Trojnara, bannedit, sinn3r | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in the Citrix Gateway ActiveX control. Exploitation of this vulnerability requires user interaction. The victim must click a button in a dialog to begin a scan. This is typical interaction that users should be accustom to. Exploitation results in code execution with the privileges of the user who browsed to the exploit page.

tags | exploit, overflow, code execution, activex
advisories | CVE-2011-2882, OSVDB-74191
MD5 | dd06a69385b4a6dda9da52e1d1bf7648
Apache Struts < 2.2.0 Remote Command Execution
Posted Aug 19, 2011
Authored by Meder Kydyraliev, bannedit | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions < 2.2.0. This issue is caused by a failure to properly handle unicode characters in OGNL extensive expressions passed to the web server. By sending a specially crafted request to the Struts application it is possible to bypass the "#" restriction on ParameterInterceptors by using OGNL context variables. Bypassing this restriction allows for the execution of arbitrary Java code.

tags | exploit, java, remote, web, arbitrary
advisories | CVE-2010-1870, OSVDB-66280
MD5 | bde580196763354b6003c3f35f903357
CA Arcserve D2D GWT RPC Credential Information Disclosure
Posted Aug 2, 2011
Authored by rgod, bannedit | Site metasploit.com

This Metasploit module exploits an information disclosure vulnerability in the CA Arcserve D2D r15 web server. The information disclosure can be triggered by sending a specially crafted RPC request to the homepage servlet. This causes CA Arcserve to disclosure the username and password in cleartext used for authentication. This username and password pair are Windows credentials with Administrator access.

tags | exploit, web, info disclosure
systems | windows
MD5 | 0b3e57fdf9cc8197eceff782cca7cb6f
IBM Tivoli Endpoint Manager POST Query Buffer Overflow
Posted Jun 12, 2011
Authored by bannedit, Jeremy Brown | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in the way IBM Tivoli Endpoint Manager versions 3.7.1, 4.1, 4.1.1, 4.3.1 handles long POST query arguments. This issue can be triggered by sending a specially crafted HTTP POST request to the service (lcfd.exe) listening on TCP port 9495. To trigger this issue authorization is required. This exploit makes use of a second vulnerability, a hardcoded account (tivoli/boss) is used to bypass the authorization restriction.

tags | exploit, web, overflow, tcp
advisories | CVE-2011-1220, OSVDB-72713, OSVDB-72751
MD5 | f4e153a01dd05f0e3c4c1173454eb40f
Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute
Posted Jun 7, 2011
Authored by bannedit | Site metasploit.com

This Metasploit module exploits a vulnerability in the Cisco AnyConnect VPN client vpnweb.ocx ActiveX control. This control is typically used to install the VPN client. An attacker can set the 'url' property which is where the control tries to locate the files needed to install the client. The control tries to download two files from the site specified within the 'url' property. One of these files it will be stored in a temporary directory and executed.

tags | exploit, activex
systems | cisco
advisories | CVE-2011-2039, OSVDB-72714
MD5 | 1b27d8b0751a48bb18313420f6d1338d
GoldenFTP PASS Stack Buffer Overflow
Posted Jun 3, 2011
Authored by bannedit | Site metasploit.com

This Metasploit module exploits a vulnerability in the Golden FTP service. This Metasploit module uses the PASS command to trigger the overflow.

tags | exploit, overflow
advisories | CVE-2006-6576, OSVDB-35951
MD5 | 445a68fff4aa3f355f344ccd902762ef
Zend Server Java Bridge Arbitrary Java Code Execution
Posted Apr 6, 2011
Authored by bannedit | Site metasploit.com

This Metasploit module takes advantage of a trust relationship issue within the Zend Server Java Bridge. The Java Bridge is responsible for handling interactions between PHP and Java code within Zend Server. When Java code is encountered Zend Server communicates with the Java Bridge. The Java Bridge then handles the java code and creates the objects within the Java Virtual Machine. This interaction however, does not require any sort of authentication. This leaves the JVM wide open to remote attackers. Sending specially crafted data to the Java Bridge results in the execution of arbitrary java code.

tags | exploit, java, remote, arbitrary, php
advisories | OSVDB-71420
MD5 | b1d37db5aa5ea125fe2e79f0f2de4563
Adobe Flash Player AVM Bytecode Verification
Posted Mar 23, 2011
Authored by bannedit | Site metasploit.com

This Metasploit module exploits a vulnerability in AVM2 action script virtual machine used in Adobe Flash Player versions 9.0 through 10. The AVM fails to properly verify bytecode streams prior to executing it. This can cause uninitialized memory to be executed. Utilizing heap spraying techniques to control the uninitialized memory region it is possible to execute arbitrary code. Typically Flash Player is not used as a standalone application. Often, SWF files are embedded in other file formats or specifically loaded via a web browser. Malcode was discovered in the wild which embedded a malformed SWF file within an Excel spreadsheet. This exploit is based off the byte stream found within that malcode sample.

tags | exploit, web, arbitrary
advisories | CVE-2011-0609
MD5 | ebac5f8deeda180b8034790847e030d2
RealNetworks RealPlayer CDDA URI Initialization Vulnerability
Posted Mar 18, 2011
Authored by bannedit, sinn3r | Site metasploit.com

This Metasploit module exploits a initialization flaw within RealPlayer 11/11.1 and RealPlayer SP 1.0 - 1.1.4. An abnormally long CDDA URI causes an object initialization failure. However, this failure is improperly handled and uninitialized memory executed.

tags | exploit
advisories | CVE-2010-3747, OSVDB-68673
MD5 | 3671bcb022920b2148b1db02aab585e4
Foxit PDF Reader 4.2 Javascript File Write
Posted Mar 14, 2011
Authored by Chris Evans, bannedit | Site metasploit.com

This Metasploit module exploits an unsafe Javascript API implemented in Foxit PDF Reader version 4.2. The createDataObject() Javascript API function allows for writing arbitrary files to the file system. This issue was fixed in version 4.3.1.0218. Note: This exploit uses the All Users directory currently, which required administrator privileges to write to. This means an administrative user has to open the file to be successful. Kind of lame but thats how it goes sometimes in the world of file write bugs.

tags | exploit, arbitrary, javascript
advisories | OSVDB-71104
MD5 | 0a5eec385cb35fcdc29d85f762cafb84
Command Stager Web Test
Posted Feb 17, 2010
Authored by bannedit | Site metasploit.com

This Metasploit module tests the command stager mixin against a shell.jsp application installed on an Apache Tomcat server.

tags | exploit, shell
MD5 | ada76d6bfbb9d95a55fb2653d4f77994
Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
Posted Dec 31, 2009
Authored by bannedit, jduck | Site metasploit.com

This exploit takes advantage of a stack based overflow. Once the stack corruption has occurred it is possible to overwrite a pointer which is later used for a memcpy. This gives us a write anything anywhere condition similar to a format string vulnerability.

tags | exploit, overflow
advisories | CVE-2006-2502
MD5 | 1ded0732305630bb2eb948c2bb1027bc
Timbuktu <= 8.6.6 PlughNTCommand Named Pipe Buffer Overflow
Posted Dec 31, 2009
Authored by bannedit | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in Timbuktu Pro version <= 8.6.6 in a pretty novel way. This exploit requires two connections. The first connection is used to leak stack data using the buffer overflow to overwrite the nNumberOfBytesToWrite argument. By supplying a large value for this argument it is possible to cause Timbuktu to reply to the initial request with leaked stack data. Using this data allows for reliable exploitation of the buffer overflow vulnerability. Props to Infamous41d for helping in finding this exploitation path. The second connection utilizes the data from the data leak to accurately exploit the stack based buffer overflow vulnerability. TODO: hdm suggested using meterpreter's migration capability and restarting the process for multishot exploitation.

tags | exploit, overflow
advisories | CVE-2009-1394
MD5 | df028563116486eee817e5533ceb5895
HP OpenView NNM 7.53, 7.51 OVAS.EXE Pre-Authentication SEH Overflow
Posted Dec 31, 2009
Authored by Mati Aharoni, bannedit | Site metasploit.com

This Metasploit module exploits a stack overflow in HP OpenView Network Node Manager versions 7.53 and earlier. Specifically this vulnerability is caused by a failure to properly handle user supplied input within the HTTP request including headers and the actual URL GET request. Exploitation is tricky due to character restrictions. It was necessary to utilize a egghunter shellcode which was alphanumeric encoded by muts in the original exploit. If you plan on using exploit this for a remote shell, you will likely want to migrate to a different process as soon as possible. Any connections get reset after a short period of time. This is probably some timeout handling code that causes this.

tags | exploit, remote, web, overflow, shell, shellcode
advisories | CVE-2008-1697
MD5 | bb54d696766c058bd0726f076ef8a3a5
sendicmp-append.txt
Posted Dec 7, 2007
Authored by bannedit | Site blacksecurity.org

Send ICMP nasty garbage append file logrotate exploit that makes use of sing.

tags | exploit
MD5 | 7c51557fd6fef68a600ffda4cccc400d
bitchx-heap.txt
Posted Aug 28, 2007
Authored by bannedit | Site blacksecurity.org

BitchX version 1.1 Final remote heap overflow exploit that binds a TCP shell to port 4444.

tags | exploit, remote, overflow, shell, tcp
MD5 | 050200b6730c3625547c6df0bcc8ca77
bl4ck_cyrus-imapd.tgz
Posted Jul 24, 2006
Authored by bannedit | Site blacksecurity.org

Functioning cyrus-imapd pop3d exploit that will bypass VA Randomization. Written in Ruby.

tags | exploit, ruby
MD5 | f84801fcc93afb13ad40576388598633
Page 1 of 1
Back1Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    24 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close