what you don't know can hurt you
Showing 1 - 25 of 28 RSS Feed

Files from Craig Freyman

Email addressprivate
First Active2011-01-14
Last Active2021-03-09
View User Profile
Golden FTP Server 4.70 Buffer Overflow
Posted Mar 9, 2021
Authored by Craig Freyman, Gerardo Iglesias Galvan, 1F98D

Golden FTP Server version 4.70 PASS buffer overflow exploit.

tags | exploit, overflow
advisories | CVE-2006-6576
SHA-256 | 16159dc816f140941e09c862768fbfab9dfff7504f561762b8f4cadfc2699872
BigAnt Server 2.97 Buffer Overflow
Posted Apr 11, 2013
Authored by Craig Freyman

BigAnt Server version 2.97 DDNF username buffer overflow exploit with DEP and ASLR bypass. Binds a shell to port 4444.

tags | exploit, overflow, shell
SHA-256 | b114dd8d646dddbf65d73b849faaedfb56e723603110598c6f7794f930cfb69f
ActFax 5.01 RAW Server Buffer Overflow
Posted Mar 26, 2013
Authored by corelanc0d3r, Craig Freyman, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in ActFax Server 5.01 RAW server. The RAW Server can be used to transfer fax messages without any underlying protocols. To note significant fields in the fax being transferred, like the fax number or the recipient, ActFax data fields can be used. This Metasploit module exploits a buffer overflow in the handling of the @F506 fields due to the insecure usage of strcpy. This Metasploit module has been tested successfully on ActFax 5.01 over Windows XP SP3 (English).

tags | exploit, overflow, protocol
systems | windows
advisories | OSVDB-89944
SHA-256 | d87e539151a571a848fa3efe35cc969a0ff60645c93035d902d039cfcf31fbc7
ActFax 5.01 RAW Server Buffer Overflow
Posted Feb 6, 2013
Authored by corelanc0d3r, Craig Freyman | Site metasploit.com

This Metasploit module exploits a vulnerability in ActFax Server 5.01 RAW server. The RAW Server can be used to transfer fax messages to the fax server without any underlying protocols. To note significant fields in the fax being transfered, like fax number and recipient, you can use ActFax data fields. @F506,@F605, and @F000 are all data fields that are vulnerable. This has been fixed in a beta version which will not be pushed to release until May 2013.

tags | exploit, protocol
SHA-256 | 4a69b08e3f25832796905f1a619e884a1be0ddff4a7741e5aa998ad429b5daae
BlazeDVD 6.1 PLF Exploit DEP/ASLR Bypass
Posted Dec 30, 2012
Authored by LiquidWorm, Craig Freyman | Site metasploit.com

This Metasploit module updates an existing MSF module originally written for BlazeDVD 5.1. The new module will bypass DEP and ASLR on version 6. The original vulnerability is due to the handling of specially crafted PLF files. Exploiting this allows us to execute arbitrary code running under the context of the user.

tags | exploit, arbitrary, bypass
advisories | CVE-2006-6199, OSVDB-30770
SHA-256 | ff5bd458d53d97905de67393897725bc2fc0ec2f6c59ecc21e7e6504016b8953
Sysax FTP Automation Server 5.33 Privilege Escalation
Posted Nov 5, 2012
Authored by Craig Freyman

Sysax FTP Automation Server version 5.33 suffers from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | 9da75d5d121541879919ac465b91055fed3c2f21871f370c68a97149904b4bfa
ActiveFax (ActFax) 4.3 Client Importer Buffer Overflow
Posted Sep 7, 2012
Authored by Craig Freyman, juan vazquez, Brandon Perry | Site metasploit.com

This Metasploit module exploits a vulnerability in ActiveFax Server. The vulnerability is a stack based buffer overflow in the "Import Users from File" function, due to the insecure usage of strcpy while parsing the csv formatted file. The module creates a .exp file that must be imported with ActiveFax Server. The module has been tested successfully on ActFax Server 4.32 over Windows XP SP3 and Windows 7 SP1. In the Windows XP case, when ActFax runs as a service, it will execute as SYSTEM.

tags | exploit, overflow
systems | windows
SHA-256 | c647f83637014a447ae0a445b73bc78e1347958b1328e0f0cc2af4bc0585b90a
ActFax 4.31 Local Privilege Escalation
Posted Aug 29, 2012
Authored by Craig Freyman

ActFax version 4.31 local privilege escalation exploit that spawns cmd.exe.

tags | exploit, local
SHA-256 | 697ffa7fdf16ff3683bbf980a8167a2982f5b6f043569821203b066d92d2311c
Sysax Multi Server 5.64 Buffer Overflow
Posted Jul 29, 2012
Authored by Craig Freyman, Matt Andreko | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.64. This issue was fixed in 5.66. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP SP3, and Server 2003 SP1-SP2.

tags | exploit, web, overflow
SHA-256 | 121e5304fc0c68efcbe91a4bd17f067fad4fef74c609ee089fb5929981de2e57
Sysax 5.62 Admin Interface Local Buffer Overflow
Posted Jun 20, 2012
Authored by Craig Freyman

Sysax versions 5.62 ad below administrative interface local buffer overflow exploit that binds a shell to port 4444.

tags | exploit, overflow, shell, local
SHA-256 | 7efb7cd16bdaabc3ae5c671cbe33491c4a4f524a9fb6e3dd1b168c19d3339372
Sysax 5.60 Create SSL Certificate Buffer Overflow
Posted Jun 4, 2012
Authored by Craig Freyman

Sysax versions 5.60 and below suffer from a buffer overflow vulnerability when creating an SSL certificate.

tags | exploit, overflow
SHA-256 | 25b09a6e92ff4d9c00a80eaae87713ec5fe32db0a7d9c1c488dd9ed1a7a31810
Sysax Multi Server 5.57 Directory Traversal
Posted Apr 4, 2012
Authored by Craig Freyman

Sysax Multi Server versions 5.57 and below remote directory traversal tool that requires authentication.

tags | exploit, remote
SHA-256 | a7afbf931d01a29f94a41708a24d2f4c3bf1d3ead791e9f5fb51183c4d5fa32b
Sysax 5.53 SSH Username Buffer Overflow
Posted Mar 5, 2012
Authored by sinn3r, Craig Freyman | Site metasploit.com

This Metasploit module exploits a vulnerability found in Sysax's SSH service. By supplying a long username, the SSH server will copy that data on the stack without any proper bounds checking, therefore allowing remote code execution under the context of the user. Please note that previous versions (before 5.53) are also affected by this bug.

tags | exploit, remote, code execution
advisories | OSVDB-79689
SHA-256 | 4c79bc67dd01aa9c6f086a33e5e924a0b8feec60ac0ce68bacb83a81e643b256
Sysax 5.53 SSH Username Buffer Overflow Exploit
Posted Feb 27, 2012
Authored by Craig Freyman

Sysax Multi Server versions 5.53 and below SSH username buffer overflow pre-authentication remote code execution exploit with egghunter shellcode that binds a shell to port 4444.

tags | exploit, remote, overflow, shell, shellcode, code execution
SHA-256 | 1a9e244ba23211e8a0745f4370e9f10d0e94ad75ca261b64e8e40b6e0606839f
Sysax Multi Server 5.53 SFTP Post Auth SEH Exploit
Posted Feb 27, 2012
Authored by Craig Freyman

Sysax Multi Server version 5.53 SFTP post authentication SEH exploit with egghunter shellcode that binds a shell to port 4444.

tags | exploit, shell, shellcode
SHA-256 | e3ee80f9e583422dca0ef40fef6b1c192c1da12311e53628b885e95e7f419bbe
Sysax Multi Server 5.52 Buffer Overflow
Posted Feb 10, 2012
Authored by Craig Freyman

Sysax Multi Server version 5.52 and below file rename buffer overflow exploit with egghunter shellcode that spawns a shell on port 4444.

tags | exploit, overflow, shell, shellcode
SHA-256 | fd8d36251f2ddc9fcea601c55652a9a591bf0d2d18d9d9b24252773e06529a61
Campaign Enterprise 11.0.421 SQL Injection
Posted Jan 31, 2012
Authored by Craig Freyman

Campaign Enterprise version 11.0.421 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a6e7c8d4760e5b9abb987effc8b747e80986605d0bf70dbc3709453031e5931f
Sysax Multi Server 5.50 Create Folder Buffer Overflow
Posted Jan 26, 2012
Authored by Craig Freyman | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.50. This issue was fixed in 5.52. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP and 2003.

tags | exploit, web, overflow
SHA-256 | 9c89a9721eaaf34e5b28601af5c5497ccf1f5855860d05b1399eb663bcde037c
Sysax Multi Server 5.50 Buffer Overflow
Posted Jan 18, 2012
Authored by Craig Freyman

Sysax Multi Server version 5.50 create folder buffer overflow exploit with bindshell code for port 4444.

tags | exploit, overflow
SHA-256 | adb60108b3c26535f2e749d1b39e34638903b0dd0688adf1d5ebfc97c819ccc6
LiteServe 2.81 PASV Denial Of Service
Posted Aug 9, 2011
Authored by Craig Freyman

LiteServe version 2.81 PASV command denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | 89b6d6faac955e184cd85ccfc79310989e93b57a0df944fdc49e8e88b5853864
Omnicom Alpha 4.0e LPD Server Denial Of Service
Posted Aug 3, 2011
Authored by Craig Freyman

Proof of concept denial of service exploit for the Omnicom Alpha 4.0e LPD server.

tags | exploit, denial of service, proof of concept
SHA-256 | dfd3fb9fa47baf1676b3b04b31dd595cde00348d26967d6b63543109cf5e6f78
Ciscokits 1.0 TFTP Denial Of Service
Posted Jul 24, 2011
Authored by Craig Freyman

Ciscokits version 1.0 TFTP long filename denial of service exploit.

tags | exploit, denial of service
SHA-256 | 383be13aeec64ac2315d8b82ed84ca0e439ee47189bc18beae7f9010d78dd05e
FreeFloat FTP 1.0 Any Non Implemented Command Buffer Overflow
Posted Jul 20, 2011
Authored by Craig Freyman

FreeFloat FTP version 1.0 any non implemented command buffer overflow exploit.

tags | exploit, overflow
SHA-256 | ac83615e8ea562e1c12cf0b82fac72d7376e0499e575ecd08be1d32ca60d543b
Freefloat FTP 1.0 ABOR Buffer Overflow
Posted Jul 19, 2011
Authored by Craig Freyman

Freefloat FTP version 1.0 ABOR buffer overflow exploit.

tags | exploit, overflow
SHA-256 | ed6030ce0ac47529c658ba9a8d96fc59ceb9c74bd6e8956329ac0b799483e7a1
Solar FTP 2.1.1 PASV Buffer Overflow
Posted Jul 13, 2011
Authored by Craig Freyman, Gerardo Iglesias Galvan

Solar FTP version 2.1.1 PASV command proof of concept buffer overflow exploit.

tags | exploit, overflow, proof of concept
SHA-256 | 405bdb9768449daa84eab553c38b35bcdcd0fd1d975c84e819ed936fbfaa7748
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close