exploit the possibilities
Showing 1 - 14 of 14 RSS Feed

Files from Brett Moore

Email addressbrett.moore at insomniasec.com
First Active2008-05-02
Last Active2013-11-09
Symantec Altiris DS SQL Injection
Posted Nov 9, 2013
Authored by Brett Moore, 3v0lver | Site metasploit.com

This Metasploit module exploits a SQL injection flaw in Symantec Altiris Deployment Solution 6.8 to 6.9.164. The vulnerability exists on axengine.exe which fails to adequately sanitize numeric input fields in "UpdateComputer" notification Requests. In order to spawn a shell, several SQL injections are required in close succession, first to enable xp_cmdshell, then retrieve the payload via TFTP and finally execute it. The module also has the capability to disable or enable local application authentication. In order to work the target system must have a tftp client available.

tags | exploit, shell, local, sql injection
advisories | CVE-2008-2286, OSVDB-45313
MD5 | fbc8e9de3a15e490b610219fdc5e698a
LFI With PHPInfo Assistance
Posted Sep 6, 2011
Authored by Brett Moore | Site insomniasec.com

Whitepaper explaining how PHPInfo can be used to assist with the exploitation of LFI vulnerabilities on PHP when combined with the file upload handling feature that is enabled by default.

tags | paper, php, vulnerability, file upload
MD5 | 454c805f04937f25900ebcce27432d3b
Insomnia Security Vulnerability Advisory 100216.1
Posted Feb 16, 2010
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - A flaw exists with the handling of malformed URL's passed through the ShellExeute() API in Microsoft Windows. The vulnerability does not directly cause an issue within Windows itself however, applications that call the flawed API may be vulnerable to various attacks, one of which is shown in this report.

tags | advisory
systems | windows
MD5 | cef9d9b7a11b9089ed9c3dfdd224c72a
Insomnia Security Vulnerability Advisory ISVA-081209.1
Posted Dec 10, 2008
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - A vulnerability was found in the way that webdav requests are cached and then later retrieved by Internet Explorer. This results in the use of uninitialized memory which under the right situation can lead to command execution.

tags | advisory
MD5 | bac6b8f0af3d3c8a07a00f3b1369b5fd
ISVA-081020.1.txt
Posted Oct 21, 2008
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - The Altiris Deployment Server Agent in Altiris Deployment Server 6.X suffers from a privilege escalation vulnerability.

tags | advisory
MD5 | d107639aa7179964c90abf5e021bddc2
ISVA-080910.1.txt
Posted Sep 10, 2008
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - Microsoft Office OneNote suffers from a URL handling vulnerability.

tags | advisory
MD5 | ddc8f621352ec7a37eb5b9e91442b17b
PuttyHijackV1.0.rar
Posted Aug 1, 2008
Authored by Brett Moore | Site insomniasec.com

PuttyHijack is a proof of concept tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers. The injected DLL installs some hooks and creates a socket for a callback connection that is then used for input/output redirection. It does not kill the current connection, and will cleanly uninject if the socket or process is stopped.

tags | exploit, proof of concept
systems | windows
MD5 | 03b47e35a515d93ba711dea00d84ba5d
ISVA-080709.1.txt
Posted Jul 10, 2008
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - Microsoft SQL Server contains a buffer overflow that can be reached by causing the server to attempt a database restore from a corrupt back file.

tags | advisory, overflow
MD5 | dec075832fea7950517fec9d1cce7d25
iDEFENSE Security Advisory 2008-07-08.1
Posted Jul 10, 2008
Authored by iDefense Labs, Brett Moore | Site idefense.com

iDefense Security Advisory 07.08.08 - Remote exploitation of an integer underflow vulnerability within Microsoft Corp.'s SQL Server could allow a remote attacker to execute arbitrary code with the privileges of the SQL Server. The vulnerability exists within the code responsible for parsing a stored backup file. A 32-bit integer value, representing the size of a record, is taken from the file and used to calculate the number of bytes to read into a heap buffer. This calculation can underflow, which leads to insufficient memory being allocated. The buffer is subsequently overfilled leading to an exploitable condition. iDefense confirmed the existence of this vulnerability in Microsoft SQL Server 2005 Service Pack 2 Hot Fix 4. Additional tests against SQL Server 2005 without any updates suggest it is also vulnerable. Previous versions are also suspected to be vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2008-0107, CVE-2008-0106, CVE-2008-0086
MD5 | 8b9cc4e45c191c51974cb00c251a4d03
ISVA-080516.2.txt
Posted May 20, 2008
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request to this port that will result in the encrypted domain credentials being returned. Versions 6.8.x and 6.9.x are affected.

tags | advisory
MD5 | 780baeb8dc7fa177ef07a78d25804d7b
ISVA-080516.1.txt
Posted May 20, 2008
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request that will result in the exploitation of a SQL Injection vulnerability. This leads to database access under the context of the Deployment server, which typically then allows, command execution under the context of the SQL Server. Versions 6.8.x and 6.9.x are affected.

tags | advisory, sql injection
MD5 | 6f30c4c0ca4cc9eecc602ed5ee3612ee
Zero Day Initiative Advisory 08-025
Posted May 15, 2008
Authored by Tipping Point, Brett Moore | Site zerodayinitiative.com

A vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe service listening by default on TCP port 402. The service allows a remote client to request encrypted domain credentials without authentication. The encryption lacks a salt allowing an attacker with a local installation of Altiris Deployment Solution to easily decrypt the credentials.

tags | advisory, remote, local, tcp
MD5 | 42547c174484950e72118580181d31aa
Zero Day Initiative Advisory 08-024
Posted May 15, 2008
Authored by Tipping Point, Brett Moore | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe process listening by default on TCP port 402. A lack of proper sanitation while parsing requests allows for a remote attacker to inject arbitrary SQL statements into the database. Exploitation of this vulnerability can result in arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
MD5 | de3d63236f721885f9df12222483b76e
Access-Through-Access.pdf
Posted May 2, 2008
Authored by Brett Moore | Site insomniasec.com

Access Through Access - A whitepaper that has aggregated various material regarding how to exploit Microsoft Access during a penetration test.

tags | paper
MD5 | 1511fb8b161bbf68d08ff934a1f1f114
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    8 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    4 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close