Showing 1 - 5 of 5

Files from Justin Steven

First Active	2016-09-22
Last Active	2021-05-12

ExifTool DjVu ANT Perl Injection: Posted May 12, 2021; Authored by Justin Steven, William Bowling | Site metasploit.com; This Metasploit module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command using Perl backticks. The DjVu image can be embedded in a wrapper image using the HasselbladExif EXIF field.; tags | exploit, shell, perl; advisories | CVE-2021-22204; SHA-256 | 6faaab2f2450fabd11bd922db38c56424cff69369eb7b6d4c402f570e3a96b13; Download | Favorite | View

Metasploit Framework 6.0.11 Command Injection: Posted Jan 29, 2021; Authored by Justin Steven; Metasploit Framework version 6.0.11 msfvenom APK template command injection exploit.; tags | exploit; advisories | CVE-2020-7384; SHA-256 | 0d9c5f7dc903dd1d7e2dd33b50690e3be7b460458dacf13578f2a28fa5ba3ec3; Download | Favorite | View

Rapid7 Metasploit Framework msfvenom APK Template Command Injection: Posted Nov 10, 2020; Authored by Justin Steven | Site metasploit.com; This Metasploit module exploits a command injection vulnerability in Metasploit Framework's msfvenom payload generator when using a crafted APK file as an Android payload template. Affected includes Metasploit Framework versions 6.0.11 and below and Metasploit Pro versions 4.18.0 and below.; tags | exploit; advisories | CVE-2020-7384; SHA-256 | 47170fa2c6f60c3fc00bcf7d141f9846d5a4832fd8d4f861bb23346abf01ef02; Download | Favorite | View

Metasploit Web UI Static secret_key_base Value: Posted Sep 24, 2016; Authored by joernchen, Justin Steven | Site metasploit.com; This Metasploit module exploits the Web UI for Metasploit Community, Express and Pro where one of a certain set of Weekly Releases have been applied. These Weekly Releases introduced a static secret_key_base value. Knowledge of the static secret_key_base value allows for deserialization of a crafted Ruby Object, achieving code execution. This Metasploit module is based on exploits/multi/http/rails_secret_deserialization.; tags | exploit, web, code execution, ruby; SHA-256 | 0aed762884874a2a56109540ad0db42b6eefad643e2cf8d5c9179b0f1d8783a6; Download | Favorite | View

Metasploit Web UI Diagnostic Console Command Execution: Posted Sep 22, 2016; Authored by Justin Steven | Site metasploit.com; This Metasploit module exploits the "diagnostic console" feature in the Metasploit Web UI to obtain a reverse shell. The diagnostic console is able to be enabled or disabled by an administrator on Metasploit Pro and by an authenticated user on Metasploit Express and Metasploit Community. When enabled, the diagnostic console provides access to msfconsole via the web interface. An authenticated user can then use the console to execute shell commands. NOTE: Valid credentials are required for this module. Tested against: Metasploit Community 4.1.0, Metasploit Community 4.8.2, Metasploit Community 4.12.0; tags | exploit, web, shell; SHA-256 | 4f3bb48177d573f2d188fe4a2e93543cd54f1257e65865784c469730b1b9051b; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days