what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

Files from FireFart

Email addressprivate
First Active2012-01-02
Last Active2018-04-26
View User Profile
Drupal Drupalgeddon 2 Forms API Property Injection
Posted Apr 26, 2018
Authored by FireFart, wvu, Nixawk, a2u, Jasper Mattsson | Site metasploit.com

This Metasploit module exploits a Drupal property injection in the Forms API. Drupal versions 6.x, less than 7.58, 8.2.x, less than 8.3.9, less than 8.4.6, and less than 8.5.1 are vulnerable.

tags | exploit
advisories | CVE-2018-7600
SHA-256 | d8e06fe66e7a7c70257d472a150741719f1392fb6c548c25bee9d61d4f3a78cd
Download | Favorite | View
Microsoft IIS WebDav ScStoragePathFromUrl Overflow
Posted May 11, 2017
Authored by Dominic Chell, FireFart, Zhiniang Peng, Chen Wu, zcgonvh, Rich Whitcroft | Site metasploit.com

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. Original exploit by Zhiniang Peng and Chen Wu.

tags | exploit, remote, web, overflow, arbitrary
systems | windows
advisories | CVE-2017-7269
SHA-256 | dd14beacc3e87b7064dc160534d469a79690ec06c3cb5fdddd8acbce04733db8
Download | Favorite | View
Piwik Superuser Plugin Upload
Posted Feb 14, 2017
Authored by FireFart | Site metasploit.com

This Metasploit module will generate a plugin, pack the payload into it and upload it to a server running Piwik. Superuser Credentials are required to run this module. This Metasploit module does not work against Piwik 1 as there is no option to upload custom plugins. Tested with Piwik 2.14.0, 2.16.0, 2.17.1 and 3.0.1.

tags | exploit
SHA-256 | 71146a4e8085f48e4ba2d27e1f4312199e856feabcaf67fd03fb8887053cef9c
Download | Favorite | View
Linux Kernel Dirty COW PTRACE_POKEDATA Privilege Escalation
Posted Nov 28, 2016
Authored by FireFart

This exploit uses the pokemon exploit as a base and automatically generates a new passwd line. The original /etc/passwd is then backed up to /tmp/passwd.bak and overwritten with the new line. The user will be prompted for the new password when the binary is run. After running the exploit you should be able to login with the newly created user.

tags | exploit
advisories | CVE-2016-5195
SHA-256 | 302fbe1148d6c5d32476fb30dc9d34045ceec15d40ea123d00c14f4b7996e6b7
Download | Favorite | View
WordPress Pingback Port Scanner
Posted Dec 14, 2012
Authored by FireFart

WordPress version 3.5 has the XML-RPC interface enabled by default. This tool uses the Pingback API to perform portscanning.

tags | tool, scanner
systems | unix
SHA-256 | 4e148f46aa9ea85dd8ac723066ebdb2a21047032dde632464b55d619c9359123
Download | Favorite | View
HashCollision Denial Of Service Proof Of Concept 6.0
Posted Jan 16, 2012
Authored by FireFart

HashCollision denial of service proof of concept exploit written in Python. It generates the payload on the fly and sends it to the server.

Changes: Added Javapayloadgenerator.
tags | exploit, denial of service, proof of concept, python
systems | unix
advisories | CVE-2011-4885
SHA-256 | 01da1f50ab5e7ffaf8680f1bf9bdef32b70eecac7583949ac5a2e2840b4e971a
Download | Favorite | View
HashCollision PHP Denial Of Service Proof Of Concept 5.0
Posted Jan 13, 2012
Authored by FireFart

HashCollision denial of service proof of concept exploit written in Python. It generates the payload on the fly and sends it to the server.

Changes: Allow definition of max payload size as a parameter.
tags | exploit, denial of service, proof of concept, python
advisories | CVE-2011-4885
SHA-256 | 9ea223d1751dc755d5ba16393c4065f1bda060687cfe5211724fcb29a994c2c5
Download | Favorite | View
PHP 5.3.x Hash Collision Proof Of Concept Code
Posted Jan 2, 2012
Authored by FireFart

PHP 5.3.x hash collision denial of service proof of concept exploit written in Python. It generates the payload on the fly and sends it to the server.

tags | exploit, denial of service, php, proof of concept, python
advisories | CVE-2011-4885
SHA-256 | a40ed8e7683bd70412b64514013eea3551071db4f39c244052a9d36f89460954
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close