This Metasploit module exploits a remote code execution in the web panel of Phoenix Exploit Kit via the geoip.php. The Phoenix Exploit Kit is a popular commercial crimeware tool that probes the browser of the visitor for the presence of outdated and insecure versions of browser plugins like Java, and Adobe Flash and Reader which then silently installs malware.
aad984f8708901b83c5d2147e19d13750c153fefe31400973769c9a1fcdedf8c
This Metasploit module exploits a buffer overflow vulnerability found in the PUT command of the PCMAN FTP server version 2.0.7. This requires authentication but by default anonymous credentials are enabled.
860df3259810620f34c556a18da76a197f8c3e0724e8476d20abc5f9f70ce870
This Metasploit module exploits a remote code execution vulnerability in PHP Utility Belt, which is a set of tools for PHP developers and should not be installed in a production environment, since this application runs arbitrary PHP code as an intended functionality.
2e8528e3811c7d93f83ce9f7eaaa80a6321b298dc7b5c63c52212036dbd43291
This Metasploit module exploits a remote command execution on the Legend Perl IRC Bot . This bot has been used as a payload in the Shellshock spam last October 2014. This particular bot has functionalities like NMAP scanning, TCP, HTTP, SQL, and UDP flooding, the ability to remove system logs, and ability to gain root, and VNC scanning. Kevin Stevens, a Senior Threat Researcher at Damballa has uploaded this script to VirusTotal with a md5 of 11a9f1589472efa719827079c3d13f76.
0cc139b4c6b9c45be686acca2dd23b5b8721a770d99f66699d03a8dd546d9d45
This Metasploit module allows remote command execution on an IRC Bot developed by xdh. This perl bot was caught by Conor Patrick with his shellshock honeypot server and is categorized by Markus Zanke as an fBot (Fire & Forget - DDoS Bot). Matt Thayer also found this script which has a description of LinuxNet perlbot. The bot answers only based on the servername and nickname in the IRC message which is configured on the perl script thus you need to be an operator on the IRC network to spoof it and in order to exploit this bot or have at least the same ip to the config.
dcceeba8df965c1937cb0d548603d7c0459697a03cebe3401045655277b8c71c
This Metasploit module exploits a remote code execution vulnerability in phpFileManager 0.9.8 which is a filesystem management tool on a single file.
6deaa42854a12bc36ae3c7e06620c542ad37b9dff69c0ee0a7ea8a418934ad50
BisonWare BisonFTP Server version 3.5 is prone to an overflow condition. This Metasploit module exploits a buffer overflow vulnerability in said application.
ad92db3f8a0dd8f3d603187873cbcc879f069b52034b56d5481e2bd22b4892dd
This Metasploit module exploits Th3 MMA mma.php Backdoor which allows an arbitrary file upload that leads to arbitrary code execution. This backdoor also echoes the Linux kernel version or operating system version because of the php_uname() function.
a6cc00b9d3f5414b03d4d4a58644c38267378b49d138c71d6af4288198c8112c
This Metasploit module exploits the CnC web panel of Zemra Botnet which contains a backdoor inside its leaked source code. Zemra is a crimeware bot that can be used to conduct DDoS attacks and is detected by Symantec as Backdoor.Zemra.
bba4847d938e70eaa639f5ffbd593428a114739a4c9d9e43f69cba60825e2b73
This Metasploit module exploits unauthenticated simple web backdoor shells by leveraging the common backdoor shell's CMD parameter to execute commands. The SecLists project of Daniel Miessler and Jason Haddix has a lot of samples for these kind of backdoor shells which is categorized under Payloads.
96b4d85b82093a7747d2255737fa73cdfabac010e4e6a0f9042ac20b0cd78d73
PCMan FTP Server version 2.0.7 suffers from a directory traversal vulnerability.
e377ce572fb44bf79adeccd6d80f6e799f096b1c0279f26b2d558839516a13bd
BisonWare BisonFTP version 3.5 suffers from a directory traversal vulnerability.
1575080d2288468ab9940c569c8d1809df7eea9a1a1378d054311901e42a6d5b
This Metasploit module allows remote command execution on the w3tw0rk / Pitbul IRC Bot.
a66d2214cda0b74148ccafd0385d0e911312b00a6a8e83f79d778d3df8c97ac7
PCMan FTP Server version 2.0.7 PUT command buffer overflow exploit that spawns a bindshell on tcp/9988.
079e0b6e1b52360946c41880b50c6c8953ec9da37460c0897e1787cb1c5cd5bc
RealTimes (Realplayer) versions 18.0.1.6 and below suffer from a desktop service trusted path privilege escalation vulnerability.
a464f6ef7f8e5ab701f2dd718de925bb0e3201cd2c1a94efc90b3b217d06f0bc
DreamBox DM500s suffers from a cross site scripting vulnerability.
1fb8f30202be86e4f413656dff4cb65aee9c8bc5f7089efa996a8a1f7afdfbb2
Simple proof of concept tool to leverage remote code execution on the Legend perl IRC bot.
7ed64a03ba8a28e4a3162e46f413835566f71dbc30233138782e899686ac85d9
Proof of concept exploit for the Pitbull and w3tw0rk IRC bots that takes over the owner of a bot which then allows for remote code execution.
25d37202a1a216b2b3b0ea44f8cc962fb754a7bbee64d6160acc06a8185d216a
Backup File Finder is a discovery module for Recon-NG that checks hosts for exposed backup files. The default configuration searches for wp-config.php files which contain WordPress database configuration information.
e2a1b50ffde6e78f47fb1689941867580a665c3ad6ca97dc73fe66d832856946
Interesting File Finder is a discovery module for Recon-NG framework which checks hosts for interesting files in predictable locations.
ba1e26712709fcad3a38f2e0d4785244718cd606547b70a24fcd141746e55868
This is a Webwiz Rich Text Editor file upload page discovery module for Recon-NG.
865eb4c812edca67575bd0f50b8854c158f04d5a59f498bb0dcc994a35bcecf6
GenericRestaurantMenu is a discovery module for Recon-NG that looks for Menu Categories Editor page vulnerabilities including SQL injection.
f943a5ee2c3e7871721b443d21b01ae5f16ce393bf8c4fcfe241ffc0046144ff
This is a vulnerability checking script for Recon-NG that looks for hosts with a Dot Net Nuke fcklinkgallery page that allows for a remote shell upload.
ed7c15cc25a3447557533bfd64be83d545b106112fe7ad39f81e52e6935755c3
This Metasploit module allows remote command execution on the PHP IRC bot pbot by abusing the usage of eval() in the implementation of the .php command. In order to work, the data to connect to the IRC server and channel where find pbot must be provided. The module has been successfully tested on the version of pbot analyzed by Jay Turla, and published on Infosec Institute, running over Ubuntu 10.04 and Windows XP SP3.
af5927c4e9d6a607a05e48844259bb81f722ee9404fcdab77834d99f0a04d614