exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files from Brett Moore

Email addressbrett.moore at insomniasec.com
First Active2008-05-02
Last Active2013-11-09
Symantec Altiris DS SQL Injection
Posted Nov 9, 2013
Authored by Brett Moore, 3v0lver | Site metasploit.com

This Metasploit module exploits a SQL injection flaw in Symantec Altiris Deployment Solution 6.8 to 6.9.164. The vulnerability exists on axengine.exe which fails to adequately sanitize numeric input fields in "UpdateComputer" notification Requests. In order to spawn a shell, several SQL injections are required in close succession, first to enable xp_cmdshell, then retrieve the payload via TFTP and finally execute it. The module also has the capability to disable or enable local application authentication. In order to work the target system must have a tftp client available.

tags | exploit, shell, local, sql injection
advisories | CVE-2008-2286, OSVDB-45313
SHA-256 | 0e3a942ab280498a695c23461a8d0a229e06c84edd64ed4f0b821529fe187516
LFI With PHPInfo Assistance
Posted Sep 6, 2011
Authored by Brett Moore | Site insomniasec.com

Whitepaper explaining how PHPInfo can be used to assist with the exploitation of LFI vulnerabilities on PHP when combined with the file upload handling feature that is enabled by default.

tags | paper, php, vulnerability, file upload
SHA-256 | 92bd4aa1033b11a08dc24bd0ba5f07564ee1566f2fbf0f928b88447e2d7d2b8a
Insomnia Security Vulnerability Advisory 100216.1
Posted Feb 16, 2010
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - A flaw exists with the handling of malformed URL's passed through the ShellExeute() API in Microsoft Windows. The vulnerability does not directly cause an issue within Windows itself however, applications that call the flawed API may be vulnerable to various attacks, one of which is shown in this report.

tags | advisory
systems | windows
SHA-256 | 39f5ed63255f91f74bafeb10491b25db0ff238ff227c677e96fd690e0beceae1
Insomnia Security Vulnerability Advisory ISVA-081209.1
Posted Dec 10, 2008
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - A vulnerability was found in the way that webdav requests are cached and then later retrieved by Internet Explorer. This results in the use of uninitialized memory which under the right situation can lead to command execution.

tags | advisory
SHA-256 | 0ebee2503764c3f44cce43818618fb05a3255230042be4a70fb22d4b93f6b573
ISVA-081020.1.txt
Posted Oct 21, 2008
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - The Altiris Deployment Server Agent in Altiris Deployment Server 6.X suffers from a privilege escalation vulnerability.

tags | advisory
SHA-256 | ad4df9326b88cc8114e907561c055aaa21aa5a4cccfa765a54aeb3b200530a40
ISVA-080910.1.txt
Posted Sep 10, 2008
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - Microsoft Office OneNote suffers from a URL handling vulnerability.

tags | advisory
SHA-256 | cd5c05fc129fad5e01ad13fafee248da86bca40d183785e3fddc3dc796468b18
PuttyHijackV1.0.rar
Posted Aug 1, 2008
Authored by Brett Moore | Site insomniasec.com

PuttyHijack is a proof of concept tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers. The injected DLL installs some hooks and creates a socket for a callback connection that is then used for input/output redirection. It does not kill the current connection, and will cleanly uninject if the socket or process is stopped.

tags | exploit, proof of concept
systems | windows
SHA-256 | 76638a2bf29bf449a398893790d01602a562f5a3b12f15a2683f50a4e6412ef4
ISVA-080709.1.txt
Posted Jul 10, 2008
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - Microsoft SQL Server contains a buffer overflow that can be reached by causing the server to attempt a database restore from a corrupt back file.

tags | advisory, overflow
SHA-256 | 5a50603e65e5b46c0ff831ce59e84e01f0f7a9d8c6723e48eb9d86453a08b703
iDEFENSE Security Advisory 2008-07-08.1
Posted Jul 10, 2008
Authored by iDefense Labs, Brett Moore | Site idefense.com

iDefense Security Advisory 07.08.08 - Remote exploitation of an integer underflow vulnerability within Microsoft Corp.'s SQL Server could allow a remote attacker to execute arbitrary code with the privileges of the SQL Server. The vulnerability exists within the code responsible for parsing a stored backup file. A 32-bit integer value, representing the size of a record, is taken from the file and used to calculate the number of bytes to read into a heap buffer. This calculation can underflow, which leads to insufficient memory being allocated. The buffer is subsequently overfilled leading to an exploitable condition. iDefense confirmed the existence of this vulnerability in Microsoft SQL Server 2005 Service Pack 2 Hot Fix 4. Additional tests against SQL Server 2005 without any updates suggest it is also vulnerable. Previous versions are also suspected to be vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2008-0107, CVE-2008-0106, CVE-2008-0086
SHA-256 | fe9c3148cb2d757ad46ba64750e372614bfc507af907dfccd2670469cfd270b0
ISVA-080516.2.txt
Posted May 20, 2008
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request to this port that will result in the encrypted domain credentials being returned. Versions 6.8.x and 6.9.x are affected.

tags | advisory
SHA-256 | 234df1762e5efb593ef96dd70a17ec44fe21692085b54ea3770decbd5d36aeb3
ISVA-080516.1.txt
Posted May 20, 2008
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request that will result in the exploitation of a SQL Injection vulnerability. This leads to database access under the context of the Deployment server, which typically then allows, command execution under the context of the SQL Server. Versions 6.8.x and 6.9.x are affected.

tags | advisory, sql injection
SHA-256 | 326d2fd0343a50acde785461329cd29f99ec31a55cf0fdeda6e4172d09fb8bbf
Zero Day Initiative Advisory 08-025
Posted May 15, 2008
Authored by Tipping Point, Brett Moore | Site zerodayinitiative.com

A vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe service listening by default on TCP port 402. The service allows a remote client to request encrypted domain credentials without authentication. The encryption lacks a salt allowing an attacker with a local installation of Altiris Deployment Solution to easily decrypt the credentials.

tags | advisory, remote, local, tcp
SHA-256 | 7c57c51d7eb9485092b9733dd77580432e2148547cf273f9c09f17ffd9ef013f
Zero Day Initiative Advisory 08-024
Posted May 15, 2008
Authored by Tipping Point, Brett Moore | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe process listening by default on TCP port 402. A lack of proper sanitation while parsing requests allows for a remote attacker to inject arbitrary SQL statements into the database. Exploitation of this vulnerability can result in arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
SHA-256 | 148cb7d61bc722442ed25c93f163d9d66beaac36d1c62b2941df3e85f1a14b9d
Access-Through-Access.pdf
Posted May 2, 2008
Authored by Brett Moore | Site insomniasec.com

Access Through Access - A whitepaper that has aggregated various material regarding how to exploit Microsoft Access during a penetration test.

tags | paper
SHA-256 | acaaf07911fd3af0f81cc2e11aac7c5e782cc6b509d97994fcf2f209c11ba94e
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close