what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from amisto0x07

GE Proficy CIMPLICITY gefebt.exe Remote Code Execution

Posted Feb 28, 2014

Authored by juan vazquez, Z0mb1E, amisto0x07 | Site metasploit.com

This Metasploit module abuses the gefebt.exe component in GE Proficy CIMPLICITY, reachable through the CIMPLICIY CimWebServer. The vulnerable component allows to execute remote BCL files in shared resources. An attacker can abuse this behaviour to execute a malicious BCL and drop an arbitrary EXE. The last one can be executed remotely through the WebView server. This Metasploit module has been tested successfully in GE Proficy CIMPLICITY 7.5 with the embedded CimWebServer. This Metasploit module starts a WebDAV server to provide the malicious BCL files. When the target hasn't the WebClient service enabled, an external SMB service is necessary.

tags | exploit, remote, arbitrary

advisories | CVE-2014-0750

SHA-256 | b26303cb1fa471041439c64a8b439bb47d11b4fd3e3adb2f2cd74c8afe861e4f

Download | Favorite | View

Advantech/Broadwin HMI/SCADA RPC Remote Code Execution

Posted Feb 6, 2012

Authored by Z0mb1E, amisto0x07

Advantech/Broadwin HMI/SCADA WebAccess 6.x.x/7.x.x universal network RPC exploit that creates an executable file and launches the process on the affected system. webaccess.universal.exploit.rar@z%uxp!@#uzstxy! is the password for the archive.

tags | exploit

SHA-256 | 30250336db22255112ee2602bb7c0251730d7ecc01eae9a4930d37a1e06e24be

Download | Favorite | View