exploit the possibilities
Showing 1 - 25 of 44 RSS Feed

Files from xistence

Email addressprivate
First Active2011-06-24
Last Active2015-10-14
View User Profile
X11 Keyboard Command Injection
Posted Oct 14, 2015
Authored by xistence | Site metasploit.com

This Metasploit module exploits open X11 servers by connecting and registering a virtual keyboard. The virtual keyboard is used to open an xterm or gnome terminal and type and execute the specified payload.

tags | exploit
SHA-256 | f1b0dc8c62d80ca9fecd0a8689754ee2bccc3af0a2306d4d4f393a3664ca9d0f
ManageEngine ServiceDesk Plus 9.1 Build 9110 Path Traversal
Posted Oct 6, 2015
Authored by xistence

ManageEngine ServiceDesk Plus versions 9.1 build 9110 and below suffer from a path traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | f8c2df4202c241dffb8fdf7f5b2b23f85c16dc7b6036aaef2466f7f1c632fa98
ManageEngine EventLog Analyzer Remote Code Execution
Posted Sep 28, 2015
Authored by xistence | Site metasploit.com

This Metasploit module exploits a SQL query functionality in ManageEngine EventLog Analyzer v10.6 build 10060 and previous versions. Every authenticated user, including the default "guest" account can execute SQL queries directly on the underlying Postgres database server. The queries are executed as the "postgres" user which has full privileges and thus is able to write files to disk. This way a JSP payload can be uploaded and executed with SYSTEM privileges on the web server. This Metasploit module has been tested successfully on ManageEngine EventLog Analyzer 10.0 (build 10003) over Windows 7 SP1.

tags | exploit, web
systems | windows
SHA-256 | 883715a7f63b19f3be245204a59084b8ad642d1866b7fdd2c6b33080b2dcb675
ManageEngine OpManager Remote Code Execution
Posted Sep 17, 2015
Authored by xistence | Site metasploit.com

This Metasploit module exploits a default credential vulnerability in ManageEngine OpManager, where a default hidden account "IntegrationUser" with administrator privileges exists. The account has a default password of "plugin" which can not be reset through the user interface. By log-in and abusing the default administrator's SQL query functionality, it's possible to write a WAR payload to disk and trigger an automatic deployment of this payload. This Metasploit module has been tested successfully on OpManager v11.5 and v11.6 for Windows.

tags | exploit
systems | windows
SHA-256 | a79de46e68665e018fab0af3d172ef7ef23237f7ecabbe88fc9626f647f5e3fb
ManageEngine EventLog Analyzer 10.6 Build 10060 SQL Query Execution
Posted Sep 16, 2015
Authored by xistence

ManageEngine EventLog Analyzer version 10.6 build 10060 suffers from a SQL query execution vulnerability.

tags | exploit, sql injection
SHA-256 | e43184b3c2e6936208082a4f3f3c97ec7847e32991323e490bc64eafefc58612
ManageEngine OpManager 11.5 Hardcoded Credential / SQL Bypass
Posted Sep 16, 2015
Authored by xistence

ManageEngine OpManager versions 11.5 and below suffer from SQL query protection bypass and has hard-coded credentials.

tags | exploit
SHA-256 | 14e7eded55b53f71e7a0c1efbb36f40694306d92477d8cda6fe7cfc83868d93e
VNC Keyboard Remote Code Execution
Posted Jul 13, 2015
Authored by xistence | Site metasploit.com

This Metasploit module exploits VNC servers by sending virtual keyboard keys and executing a payload. On Windows systems a command prompt is opened and a PowerShell or CMDStager payload is typed and executed. On Unix/Linux systems a xterm terminal is opened and a payload is typed and executed.

tags | exploit
systems | linux, windows, unix
SHA-256 | 9bf59eca313c1a1ef5835749a4982092d4f8e4d66c21afc1744d5db633d85ded
Western Digital Arkeia Remote Code Execution
Posted Jul 13, 2015
Authored by xistence | Site metasploit.com

This Metasploit module exploits a code execution flaw in Western Digital Arkeia version 11.0.12 and below. The vulnerability exists in the 'arkeiad' daemon listening on TCP port 617. Because there are insufficient checks on the authentication of all clients, this can be bypassed. Using the ARKFS_EXEC_CMD operation it's possible to execute arbitrary commands with root or SYSTEM privileges. The daemon is installed on both the Arkeia server as well on all the backup clients. The module has been successfully tested on Windows, Linux, OSX, FreeBSD and OpenBSD.

tags | exploit, arbitrary, root, tcp, code execution
systems | linux, windows, freebsd, openbsd, apple
SHA-256 | 7b4c0df3265eff7d8bf05b564fe0ba2fea10cec409923415d3a6df2a68832eed
Western Digital Arkeia 11.0.13 Remote Code Execution
Posted Jul 13, 2015
Authored by xistence

Western Digital Arkeia versions 11.0.12 and below suffer from a ARKFS_EXEC_CMD remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | c31b0bd4a25c328dd90904d7ce8a18f9b755d3576b99e652d4481882d665cadc
SePortal 2.5 SQL Injection / Remote Code Execution
Posted Mar 28, 2014
Authored by xistence, jsass | Site metasploit.com

This Metasploit module exploits a vulnerability found in SePortal version 2.5. When logging in as any non-admin user, it's possible to retrieve the admin session from the database through SQL injection. The SQL injection vulnerability exists in the "staticpages.php" page. This hash can be used to take over the admin user session. After logging in, the "/admin/downloads.php" page will be used to upload arbitrary code.

tags | exploit, arbitrary, php, sql injection
advisories | CVE-2008-5191, OSVDB-46567
SHA-256 | 523ae89437abd95ee2b8adbfe4b6eb79e71f45e8218d4bcec51f35af6aab99d6
Quantum DXi V1000 SSH Private Key Exposure
Posted Mar 20, 2014
Authored by xistence | Site metasploit.com

Quantum ships a public/private key pair on DXi V1000 2.2.1 appliances that allows passwordless authentication to any other DXi box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root.

tags | exploit, remote, root
SHA-256 | c044490578edb32019383826af35b916fee53306c749cd979607ab19079e339f
Array Networks vAPV / vxAG Code Execution
Posted Mar 20, 2014
Authored by xistence | Site metasploit.com

This Metasploit module exploits a default hardcoded private SSH key or default hardcoded login and password in the vAPV 8.3.2.17 and vxAG 9.2.0.34 appliances made by Array Networks. After logged in as the unprivileged user, it's possible to modify the world writable file /ca/bin/monitor.sh with our arbitrary code. Execution of the arbitrary code is possible by using the backend tool, running setuid, to turn the debug monitoring on. This makes it possible to trigger our payload with root privileges.

tags | exploit, arbitrary, root
SHA-256 | 1fae43950316e011335dde728dbaad51c106df55957d6f35e6a4c67a1ed197aa
Loadbalancer.org Enterprise VA SSH Private Key Exposure
Posted Mar 19, 2014
Authored by xistence | Site metasploit.com

Loadbalancer.org ships a public/private key pair on Enterprise virtual appliances version 7.5.2 that allows passwordless authentication to any other LB Enterprise box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root.

tags | exploit, remote, root
SHA-256 | 1d3d72cce85f2a6161145afa314bf22dc05277449623eed73522cb834e16903a
Quantum vmPRO Backdoor Command
Posted Mar 19, 2014
Authored by xistence | Site metasploit.com

This Metasploit module abuses a backdoor command in vmPRO 3.1.2. Any user, even without admin privileges, can get access to the restricted SSH shell. By using the hidden backdoor "shell-escape" command it's possible to drop to a real root bash shell.

tags | exploit, shell, root, bash
SHA-256 | bf8c7b893ced9c9f3bf296ad67951d4d007c88f1b2dea9ebce269ae5b6149708
Array Networks vxAG / xAPV Privilege Escalation
Posted Mar 18, 2014
Authored by xistence

Array Networks vxAG version 9.2.0.34 and vAPV version 8.3.2.17 appliances suffer from poor permissions, default and weak user credentials, and ssh key handling issues.

tags | exploit
SHA-256 | 424281c262881d13818d8b421e2b8079d01b94b35e76add57e3557344aa28c2f
Quantum vmPRO 3.1.2 Root Shell
Posted Mar 18, 2014
Authored by xistence

Quantum vmPRO versions 3.1.2 and below suffer from a remote shell backdoor command that lets anyone ssh in and escalate to root.

tags | exploit, remote, shell, root
SHA-256 | 86021585379df42396f7ae8a9afbc5718765133267144a1045108c43792f706f
Quantum DXi V1000 2.2.1 SSH Key / Root User
Posted Mar 17, 2014
Authored by xistence

Quantum DXi V1000 versions 2.2.1 and below come with a static private ssh key for the root account that allows you to ssh in as root to any appliance. They also have a static password set for the root user.

tags | exploit, root
SHA-256 | 877f1687fa1556a8f78682df032fd2305a2fabba64799e8617ecfc6cb1533e4f
Loadbalancer.org Enterprise VA 7.5.2 Static SSH Key
Posted Mar 17, 2014
Authored by xistence

Loadbalancer.org Enterprise VA versions 7.5.2 and below come with a static public and private key installed for their appliances. When the keys are regenerated, it fails to remove the public key from the authorized_keys2 file, allowing anyone to use the private default key for access.

tags | exploit
SHA-256 | 2f4dfccf5655e5fdfa8f9af30faf107520d3182be78d7c99cf82b293f0d969cd
Pandora FMS 5.0RC1 Remote Code Execution
Posted Feb 7, 2014
Authored by xistence | Site metasploit.com

This Metasploit module exploits a vulnerability found in Pandora FMS 5.0RC1 and lower. It will leverage an unauthenticated command injection in the Anyterm service on port 8023. Commands are executed as the user "pandora". In Pandora FMS 4.1 and 5.0RC1 the user "artica" is not assigned a password by default, which makes it possible to su to this user from the "pandora" user. The "artica" user has access to sudo without a password, which makes it possible to escalate privileges to root. However, Pandora FMS 4.0 and lower force a password for the "artica" user during installation.

tags | exploit, root
SHA-256 | 5ce709b214027d220be47c845fc61a9f62d0ec60d713cac5ac400ec912b76982
Pandora FMS 5.0RC1 Code Execution
Posted Jan 29, 2014
Authored by xistence

Pandora FMS versions 5.0RC1 and below suffer from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | 2ba4bc2c2183c5acbae565b860f5f9eabe987ba0a399d204e52fc3e2151facf0
A10 Networks Loadbalancer Directory Traversal
Posted Jan 28, 2014
Authored by xistence

A10 Networks Loadbalancer versions (Soft)AX 2.6.1-GR1-P5 and below and 2.7.0 build 217 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | cd1d7881579b65ddec9b55be9bc64a68cfb6ab226deae42efa4a82f9439a111f
ManageEngine Support Center Plus 7916 Directory Traversal
Posted Jan 28, 2014
Authored by xistence

ManageEngine Support Center Plus versions 7916 and below suffer from a directory traversal vulnerability.

tags | exploit
SHA-256 | 7f3d4cf2f0f2823e532afe04ee4652f5b01e45dec6270e68523714952b7cd42b
Aanval 7.1 Build 70151 SQL Injection / Cross Site Scripting
Posted Oct 3, 2013
Authored by xistence

Aanval version 7.1 build 70151 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 25c6581c50e70623be4df653e794e6218f92804314f2bd7664a2d6b31e5a06b5
ZeroShell 2.0 RC3 Command Injection / Cross Site Scripting
Posted Oct 3, 2013
Authored by xistence

ZeroShell version 2.0 RC3 suffers from command injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c6b7a171ee0acfbc63038e7082d14a3c678fc1589e9e4db140b10e4c2c32b948
Astium Remote Code Execution
Posted Sep 26, 2013
Authored by xistence | Site metasploit.com

This Metasploit module exploits vulnerabilities found in Astium astium-confweb-2.1-25399 RPM and lower. A SQL Injection vulnerability is used to achieve authentication bypass and gain admin access. From an admin session arbitrary PHP code upload is possible. It is used to add the final PHP payload to "/usr/local/astium/web/php/config.php" and execute the "sudo /sbin/service astcfgd reload" command to reload the configuration and achieve remote root code execution.

tags | exploit, remote, web, arbitrary, local, root, php, vulnerability, code execution, sql injection
advisories | OSVDB-88860
SHA-256 | 16cd8b04690fc28db1b8c5c9afdb81554208e84689604fe813314bc4a6e8d476
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close