Showing 1 - 3 of 3

Files from Michal Sajdak

Email address	michal.sajdak at securitum.pl
First Active	2011-07-28
Last Active	2024-09-01

SSH Username Enumeration: Posted Sep 1, 2024; Authored by Michal Sajdak, wvu, Qualys, Dariusz Tytko, kenkeiras | Site metasploit.com; This Metasploit module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The default action sends a malformed (corrupted) SSH_MSG_USERAUTH_REQUEST packet using public key authentication (must be enabled) to enumerate users. On some versions of OpenSSH under some configurations, OpenSSH will return a "permission denied" error for an invalid user faster than for a valid user, creating an opportunity for a timing attack to enumerate users. Testing note: invalid users were logged, while valid users were not. YMMV.; tags | exploit; advisories | CVE-2003-0190, CVE-2006-5229, CVE-2016-6210, CVE-2018-15473; SHA-256 | 1ffbd9886232ee7c1bbcfa4f8a71da9745e371936b0cb186036866d08b29bde5; Download | Favorite | View

HP LaserJet Credential Disclosure / Missing Authentication: Posted Aug 6, 2013; Authored by Michal Sajdak; Multiple HP LaserJet printers have hidden URLs hardcoded in the firmware that fail to authenticate access and disclose sensitive data including the administrative password.; tags | exploit, info disclosure; SHA-256 | eab87d2d11e284bc6bc8876cb5065c89364d012be92697502305eb5701ada6c2; Download | Favorite | View

Cisco SQL Injection / Privilege Escalation: Posted Jul 28, 2011; Authored by Michal Sajdak | Site securitum.pl; Cisco suffers from privilege escalation and remote SQL injection vulnerabilities.; tags | advisory, remote, vulnerability, sql injection; systems | cisco; SHA-256 | 25407353caf6aca542808b9d27be690ffb02e2d5aac3225f07064d6caa0b06dd; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days