Exploit the possiblities
Showing 1 - 21 of 21 RSS Feed

Files from bwall

Email addressprivate
First Active2012-06-11
Last Active2014-06-06
View User Profile
Madness Pro 1.14 SQL Injection
Posted Jun 6, 2014
Authored by bwall

Madness Pro versions 1.14 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | f190c6d4cfaf0e7af5638e4a9fb5e73b
Madness Pro 1.14 Cross Site Scripting
Posted Jun 6, 2014
Authored by bwall

Madness Pro versions 1.14 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 8e5a20a7ca70275146d362b152deb713
TORQUE Resource Manager 2.5.13 Buffer Overflow
Posted May 30, 2014
Authored by bwall

TORQUE Resource Manager versions 2.5.x through 2.5.13 suffer from a stack buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2014-0749
MD5 | 470b1d1a56ee44f68d79e62d8c5debbf
Herpes Net 3.0 SQL Injection
Posted Mar 9, 2014
Authored by bwall

Proof of concept exploit that extracts a database from a Herpes Net version 3.0 bot panel.

tags | exploit, proof of concept
MD5 | 5a394a6c70ad562b92f0f1f3ee8401e3
Dexter (CasinoLoader) SQL Injection
Posted Feb 15, 2014
Authored by bwall | Site metasploit.com

This Metasploit module exploits a vulnerability found in the command and control panel used to control Dexter (Point of Sale malware). This is done by accessing the PHP page used by bots to report in (gateway.php) which does not sanitize input. Input is encrypted and encoded, but the key is supplied by the bot connecting. The 'page' parameter is used in this case. The command and control panel designates a location to upload files, and can be used as a reliable location to write a PHP shell. Authentication is not needed to exploit this vulnerability.

tags | exploit, shell, php
MD5 | 3d3503192a5fefe905fdb8be6fd7aab8
Dexter CasinoLoader SQL Injection
Posted Feb 14, 2014
Authored by bwall

Proof of concept SQL injection exploit for the panel in Dexter CasinoLoader. It exploits the gateway for bots to connect in, which sanitizes none of its input. This version of the exploit just dumps database data, and can create a GEXF file to make a graph in Gephi.

tags | exploit, sql injection, proof of concept
MD5 | 27f6db88604434b092c8e19bef8326b7
Bitbot C2 Panel Cross Site Scripting / SQL Injection
Posted Aug 21, 2013
Authored by bwall

Bitbot C2 Panel suffers from cross site scripting and remote SQL injection vulnerabilities in gate2.php.

tags | exploit, remote, php, vulnerability, xss, sql injection
MD5 | 0f4dc4726704e210ced0dadbe089357b
Carberp Web Panel C2 Backdoor Remote PHP Code Execution
Posted Jun 30, 2013
Authored by Luis Santana, bwall, Steven K | Site metasploit.com

This Metasploit module exploits backdoors that can be sighted all over the leaked source code of the Carberp botnet C2 Web Panel.

tags | exploit, web
MD5 | 5980f13b254ff37b493422740671301a
STUNSHELL Web Shell PHP Eval
Posted Mar 29, 2013
Authored by bwall | Site metasploit.com

This Metasploit module exploits unauthenticated versions of the "STUNSHELL" web shell. This Metasploit module works when safe mode is enabled on the web server. This shell is widely used in automated RFI payloads.

tags | exploit, web, shell
MD5 | 14fe20dbc0bd59c275dc99df677548aa
STUNSHELL Web Shell Remote Code Execution
Posted Mar 29, 2013
Authored by bwall | Site metasploit.com

This Metasploit module exploits unauthenticated versions of the "STUNSHELL" web shell. This Metasploit module works when safe mode is disabled on the web server. This shell is widely used in automated RFI payloads.

tags | exploit, web, shell
MD5 | f26790bb1fd499aae352a4ad6c8754a0
v0pCr3w Web Shell Remote Code Execution
Posted Mar 28, 2013
Authored by bwall | Site metasploit.com

This Metasploit module exploits a lack of authentication in the shell developed by v0pCr3w and is widely reused in automated RFI payloads. This Metasploit module takes advantage of the shell's various methods to execute commands.

tags | exploit, shell
MD5 | 67c771e91a9f65359e28a15940a7500f
Ra1NX PHP Bot Authentication Bypass Remote Code Execution
Posted Mar 25, 2013
Authored by bwall | Site metasploit.com

This Metasploit module allows remote command execution on the PHP IRC bot Ra1NX by using the public call feature in private message to covertly bypass the authentication system.

tags | exploit, remote, php
MD5 | 4e926047266653b04e377ab7fa565454
WordPress Archin Theme Unauthenticated Configuration Access
Posted Sep 30, 2012
Authored by bwall

Archin WordPress theme version 3.2 suffers from an unauthenticated configuration access vulnerability.

tags | exploit
MD5 | dda7a46e8d46019bada27cf8be3eeb72
PHP IRC Bot pbot eval() Remote Code Execution
Posted Aug 8, 2012
Authored by Evilcry, juan vazquez, bwall, Jay Turla | Site metasploit.com

This Metasploit module allows remote command execution on the PHP IRC bot pbot by abusing the usage of eval() in the implementation of the .php command. In order to work, the data to connect to the IRC server and channel where find pbot must be provided. The module has been successfully tested on the version of pbot analyzed by Jay Turla, and published on Infosec Institute, running over Ubuntu 10.04 and Windows XP SP3.

tags | exploit, remote, php
systems | linux, windows, xp, ubuntu
MD5 | b4302c2d8b8f5eacb2c614d506570e68
pBot Remote Code Execution
Posted Jul 31, 2012
Authored by bwall

This perl script attacks pBot by leveraging a hidden .eval command to delete and kill the bot.

tags | exploit, perl
MD5 | c1cdb50ab422a8f2053d5be0a1f8b058
Transferable State Attack On Iterated Hashing Functions
Posted Jul 29, 2012
Authored by bwall

This paper describes an attack of the iterated use of hashing functions used as key stretching algorithms where the state of a hash can be transferred to the next hash function.

tags | paper
MD5 | 474d91d129e29f695036dc70ede0344a
Password Safe Cracker
Posted Jul 19, 2012
Authored by bwall | Site github.com

This cracker was created to brute force master passwords for the Password Safe tool at http://passwordsafe.sourceforge.net/.

tags | web, cracker
systems | unix
MD5 | 08dbe5a2e29c718634ef92fff27b3af9
Site5 WordPress Theme Email Spoofing
Posted Jul 15, 2012
Authored by bwall

Multiple Site5 WordPress themes suffer from an email spoofing vulnerability.

tags | exploit, spoof
MD5 | 8ee788e01e90d38fc925f3f852e0a77c
Proper Password Hashing
Posted Jun 28, 2012
Authored by bwall, drone | Site ballastsec.blogspot.com

Ballast Security felt the need to write this paper as almost countless services that we trust with our passwords are handling them irresponsibly. This is a good read for anyone who needs to store password hashes.

tags | paper
MD5 | 6df883bde172ed66055c7172fa4ff6ba
Insecurity Of Poorly Designed Remote File Inclusion Payloads Part 2
Posted Jun 25, 2012
Authored by bwall | Site firebwall.com

This whitepaper discusses the insecurity of poorly designed remote file inclusion payloads. This is part two.

tags | paper, remote, file inclusion
MD5 | db334ed835af32fbdea7852b6b5cba1e
Insecurity Of Poorly Design Remote File Inclusion Payloads Part 1
Posted Jun 11, 2012
Authored by bwall | Site firebwall.com

This whitepaper discusses the insecurity of poorly designed remote file inclusion payloads. This is part one.

tags | paper, remote, file inclusion
MD5 | 47573a79c58e0172417ac4842b970cb0
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    1 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close