what you don't know can hurt you
Showing 1 - 25 of 181 RSS Feed

Files from sinn3r

Email addressx90.sinner at gmail.com
First Active2009-12-13
Last Active2020-04-16
Microsoft Windows Unquoted Service Path Privilege Escalation
Posted Apr 16, 2020
Authored by h00die, sinn3r | Site metasploit.com

This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths: C:\program.exe, and C:\program files\hello.exe, and then execute all of them. To some software developers, this is an unexpected behavior, which becomes a security problem if an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM. Some software such as OpenVPN 2.1.1, OpenSSH Server 5, and others have the same problem.

tags | exploit
systems | windows
MD5 | 651248f88c9a58a75f48fa67abb2c31a
Bludit Directory Traversal Image File Upload
Posted Nov 12, 2019
Authored by sinn3r, christasa | Site metasploit.com

This Metasploit module exploits a vulnerability in Bludit. A remote user could abuse the uuid parameter in the image upload feature in order to save a malicious payload anywhere onto the server, and then use a custom .htaccess file to bypass the file extension check to finally get remote code execution.

tags | exploit, remote, code execution
advisories | CVE-2019-16113
MD5 | 44b13fc33bc85981452f45311edc6929
Total.js CMS 12 Widget JavaScript Code Injection
Posted Oct 21, 2019
Authored by sinn3r, Riccardo Krauter | Site metasploit.com

This Metasploit module exploits a vulnerability in Total.js CMS. The issue is that a user with admin permission can embed a malicious JavaScript payload in a widget, which is evaluated server side, and gain remote code execution.

tags | exploit, remote, javascript, code execution
advisories | CVE-2019-15954
MD5 | 1764c2113b6babdc9f9a58ffd2bc284f
Generic Zip Slip Traversal
Posted Sep 12, 2019
Authored by sinn3r, Snyk | Site metasploit.com

This is a generic arbitrary file overwrite technique, which typically results in remote command execution. This targets a simple yet widespread vulnerability that has been seen affecting a variety of popular products including HP, Amazon, Apache, Cisco, etc. The idea is that often archive extraction libraries have no mitigations against directory traversal attacks. If an application uses it, there is a risk when opening an archive that is maliciously modified, and results in the embedded payload to be written to an arbitrary location (such as a web root), and results in remote code execution.

tags | exploit, remote, web, arbitrary, root, code execution
systems | cisco
MD5 | ff948c64df1f6f021439eaa12e78eb94
Apache Tomcat CGIServlet enableCmdLineArguments Remote Code Execution
Posted Jul 2, 2019
Authored by sinn3r, Yakov Shafranovich | Site metasploit.com

This Metasploit module exploits a vulnerability in Apache Tomcat's CGIServlet component. When the enableCmdLineArguments setting is set to true, a remote user can abuse this to execute system commands, and gain remote code execution.

tags | exploit, remote, code execution
advisories | CVE-2019-0232
MD5 | 0d433a42b85642288aa8f83ab3ac6eb8
Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal
Posted Jun 19, 2019
Authored by mr_me, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Cisco Prime Infrastructure. The issue is that the TarArchive Java class the HA Health Monitor component uses does not check for any directory traversals while unpacking a Tar file, which can be abused by a remote user to leverage the UploadServlet class to upload a JSP payload to the Apache Tomcat's web apps directory, and gain arbitrary remote code execution. Note that authentication is not required to exploit this vulnerability.

tags | exploit, java, remote, web, arbitrary, code execution
systems | cisco
advisories | CVE-2019-1821
MD5 | 6a669bb3bf795d44702236698b246f05
Cisco Prime Infrastructure Runrshell Privilege Escalation
Posted Jun 19, 2019
Authored by sinn3r, Pedro Ribeiro | Site metasploit.com

This Metasploit modules exploits a vulnerability in Cisco Prime Infrastructure's runrshell binary. The runrshell binary is meant to execute a shell script as root, but can be abused to inject extra commands in the argument, allowing you to execute anything as root.

tags | exploit, shell, root
systems | cisco
MD5 | ae94bd035bf58e74d4a44904a3f67d25
Oracle Application Testing Suite WebLogic Server Administration Console War Deployment
Posted May 24, 2019
Authored by mr_me, sinn3r | Site metasploit.com

This Metasploit module abuses a feature in WebLogic Server's Administration Console to install a malicious Java application in order to gain remote code execution. Authentication is required, however by default, Oracle ships with a "oats" account that you could log in with, which grants you administrator access.

tags | exploit, java, remote, code execution
advisories | CVE-2007-2699
MD5 | 9a7a35420a7e1068748a47c0e1281e01
Ruby On Rails DoubleTap Development Mode secret_key_base Remote Code Execution
Posted May 1, 2019
Authored by sinn3r, mpgn, ooooooo_q | Site metasploit.com

This Metasploit module exploits a vulnerability in Ruby on Rails. In development mode, a Rails application would use its name as the secret_key_base, and can be easily extracted by visiting an invalid resource for a path. As a result, this allows a remote user to create and deliver a signed serialized payload, load it by the application, and gain remote code execution.

tags | exploit, remote, code execution, ruby
advisories | CVE-2019-5420
MD5 | af50d1f86ede2ddcb95a3900ee62a058
Axis Network Camera Remote Command Execution
Posted Jul 26, 2018
Authored by sinn3r, Chris Lee, wvu, Matthew Kienow, Or Peles, Jacob Robles, Shelby Pace, Cale Black, Brent Cook | Site metasploit.com

This Metasploit module exploits an authentication bypass in .srv functionality and a command injection in parhand to execute code as the root user.

tags | exploit, root
advisories | CVE-2018-10660, CVE-2018-10661, CVE-2018-10662
MD5 | 66359d0727b130b0477a2848942c2518
Ayukov NFTP FTP Client Buffer Overflow
Posted Jan 5, 2018
Authored by sinn3r, Daniel Teixeira, Berk Cem Goksel | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability against Ayukov NFTPD FTP Client 2.0 and earlier. By responding with a long string of data for the SYST request, it is possible to cause a denial-of-service condition on the FTP client, or arbitrary remote code execution under the context of the user if successfully exploited.

tags | exploit, remote, overflow, arbitrary, code execution
advisories | CVE-2017-15222
MD5 | 586e39e9c2691a57d4f738d9226a1a4f
Nitro Pro PDF Reader 11.0.3.173 Remote Code Execution
Posted Aug 2, 2017
Authored by mr_me, sinn3r, Brendan Coles | Site metasploit.com

This Metasploit module exploits an unsafe Javascript API implemented in Nitro and Nitro Pro PDF Reader version 11. The saveAs() Javascript API function allows for writing arbitrary files to the file system. Additionally, the launchURL() function allows an attacker to execute local files on the file system and bypass the security dialog Note: This is 100% reliable.

tags | exploit, arbitrary, local, javascript
advisories | CVE-2017-7442
MD5 | 18ea66b3d4ade909dbf22fe503cf7764
Windows Browser Example Exploit
Posted Jul 15, 2017
Authored by sinn3r | Site metasploit.com

This template covers IE8/9/10, and uses the user-agent HTTP header to detect the browser version. Please note IE8 and newer may emulate an older IE version in compatibility mode, in that case the module won't be able to detect the browser correctly. This is an example Metasploit module to be used for exploit development.

tags | exploit, web
MD5 | faa8b809be83a6b1aea60f69ecb52ffc
Microsoft Office Word Malicious Hta Execution
Posted Apr 24, 2017
Authored by Haifei Li, Didier Stevens, sinn3r, Nixawk, ryHanson, vysec, wdormann | Site metasploit.com

This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how an olelink object can make a http(s) request, and execute hta code in response. This bug was originally seen being exploited in the wild starting in Oct 2016. This Metasploit module was created by reversing a public malware sample.

tags | exploit, web, code execution
advisories | CVE-2017-0199
MD5 | 22d66842eeda59c2f386116bd2c8a720
Github Enterprise Default Session Secret And Deserialization
Posted Mar 27, 2017
Authored by sinn3r, iblue | Site metasploit.com

This Metasploit module exploits two security issues in Github Enterprise, version 2.8.0 - 2.8.6. The first is that the session management uses a hard-coded secret value, which can be abused to sign a serialized malicious Ruby object. The second problem is due to the use of unsafe deserialization, which allows the malicious Ruby object to be loaded, and results in arbitrary remote code execution. This exploit was tested against version 2.8.0.

tags | exploit, remote, arbitrary, code execution, ruby
MD5 | ca3b7f3ca2be9221feac2054c941ad33
Apache OpenOffice Text Document Malicious Macro Execution
Posted Feb 10, 2017
Authored by sinn3r | Site metasploit.com

This Metasploit module generates an Apache OpenOffice Text Document with a malicious macro in it. To exploit successfully, the targeted user must adjust the security level in Macro Security to either Medium or Low. If set to Medium, a prompt is presented to the user to enable or disable the macro. If set to Low, the macro can automatically run without any warning. The module also works against LibreOffice.

tags | exploit
MD5 | 79e465107cfd91f5c5020df4f837616e
Microsoft Office Word Malicious Macro Execution
Posted Feb 8, 2017
Authored by sinn3r | Site metasploit.com

This Metasploit module generates a macro-enabled Microsoft Office Word document. The comments metadata in the data is injected with a Base64 encoded payload, which will be decoded by the macro and execute as a Windows executable. For a successful attack, the victim is required to manually enable macro execution.

tags | exploit
systems | windows
MD5 | c1a49f79dbc7ac2992732441a08b8995
Cisco Firepower Management Console 6.0 Post Authentication UserAdd
Posted Jan 12, 2017
Authored by Matt, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Cisco Firepower Management Console. The management system contains a configuration flaw that allows the www user to execute the useradd binary, which can be abused to create backdoor accounts. Authentication is required to exploit this vulnerability.

tags | exploit
systems | cisco
advisories | CVE-2016-6433
MD5 | 846d8ff8181fafdfacf01ebb0af1bdb5
Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection
Posted May 17, 2016
Authored by sinn3r, Brandon Perry | Site metasploit.com

This Metasploit module exploits a vulnerability found in Dell SonicWALL Scrutinizer. The methodDetail parameter in exporters.php allows an attacker to write arbitrary files to the file system with an SQL Injection attack, and gain remote code execution under the context of SYSTEM for Windows, or as Apache for Linux. Authentication is required to exploit this vulnerability, but this module uses the default admin:admin credential.

tags | exploit, remote, arbitrary, php, code execution, sql injection
systems | linux, windows
advisories | CVE-2014-4977
MD5 | 8789e5d66263a2ca19993abe27381b2b
ManageEngine Desktop Central 9 FileUploadServlet ConnectionId
Posted Dec 14, 2015
Authored by sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in ManageEngine Desktop Central 9. When uploading a 7z file, the FileUploadServlet class does not check the user-controlled ConnectionId parameter in the FileUploadServlet class. This allows a remote attacker to inject a null bye at the end of the value to create a malicious file with an arbitrary file type, and then place it under a directory that allows server-side scripts to run, which results in remote code execution under the context of SYSTEM. Please note that by default, some ManageEngine Desktop Central versions run on port 8020, but older ones run on port 8040. Also, using this exploit will leave debugging information produced by FileUploadServlet in file rdslog0.txt. This exploit was successfully tested on version 9, build 90109 and build 91084.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2015-8249
MD5 | f5df3d5e194fca9be98f8610c715334c
Atlassian HipChat for Jira Plugin Velocity Template Injection
Posted Dec 4, 2015
Authored by sinn3r, Chris Wood | Site metasploit.com

Atlassian Hipchat is a web service for internal instant messaging. A plugin is available for Jira that allows team collaboration at real time. A message can be used to inject Java code into a Velocity template, and gain code execution as Jira. Authentication is required to exploit this vulnerability, and you must make sure the account you're using isn't protected by captcha. By default, Java payload will be used because it is cross-platform, but you can also specify which native payload you want (Linux or Windows). HipChat for Jira plugin versions between 1.3.2 and 6.30.0 are affected. Jira versions between 6.3.5 and 6.4.10 are also affected by default, because they were bundled with a vulnerable copy of HipChat. When using the check command, if you supply a valid username and password, the module will be able to trigger the bug and check more accurately. If not, it falls back to passive, which can only tell if the target is running on a Jira version that is bundled with a vulnerable copy of Hipchat by default, which is less reliable. This vulnerability was originally discovered internally by Atlassian.

tags | exploit, java, web, code execution
systems | linux, windows
advisories | CVE-2015-5603
MD5 | a54781f03c289243bbf8ac03e090245a
Oracle BeeHive 2 Code Execution
Posted Dec 3, 2015
Authored by mr_me, sinn3r, 1c239c43f521145fa8385d64a9c32243 | Site metasploit.com

This Metasploit module exploits a vulnerability found in Oracle BeeHive. The processEvaluation method found in voice-servlet can be abused to write a malicious file onto the target machine, and gain remote arbitrary code execution under the context of SYSTEM.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2010-4417
MD5 | 5321a69c2ebeac5dc0f2c49f8b4fd827
Oracle BeeHive 2 Arbitrary File Upload
Posted Dec 3, 2015
Authored by mr_me, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Oracle BeeHive. The prepareAudioToPlay method found in voice-servlet can be abused to write a malicious file onto the target machine, and gain remote arbitrary code execution under the context of SYSTEM. Authentication is not required to exploit this vulnerability.

tags | exploit, remote, arbitrary, code execution
MD5 | 1f1f12c14e043d34f839956dce879e1e
MS15-100 Microsoft Windows Media Center MCL Code Execution
Posted Sep 15, 2015
Authored by sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability in Windows Media Center. By supplying an UNC path in the *.mcl file, a remote file will be automatically downloaded, which can result in arbitrary code execution.

tags | exploit, remote, arbitrary, code execution
systems | windows
advisories | CVE-2015-2509
MD5 | 42f8383a2becd76d10dc54cd2e1549fc
Adobe Flash opaqueBackground Use After Free
Posted Jul 13, 2015
Authored by sinn3r, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public on its July 2015 data leak, was described as an Use After Free while handling the opaqueBackground property 7 setter of the flash.display.DisplayObject class. This Metasploit module is an early release tested on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.203, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.194, Windows 7 SP1 (32-bit), IE9 and Adobe Flash Flash 18.0.0.203, Windows 7 SP1 (32-bit), Firefox + Adobe Flash 18.0.0.194, windows 8.1, Firefox and Adobe Flash 18.0.0.203, Windows 8.1, Firefox and Adobe Flash 18.0.0.160, and Windows 8.1, Firefox and Adobe Flash 18.0.0.194

tags | exploit
systems | windows, 7
advisories | CVE-2015-5122
MD5 | 46fe95b7200053c30eae55ca1369b78f
Page 1 of 8
Back12345Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    1 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    27 Files
  • 11
    Aug 11th
    8 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close