exploit the possibilities
Showing 1 - 12 of 12 RSS Feed

Files from redtimmysec

First Active2019-03-26
Last Active2020-06-16
Pulse Secure Client For Windows Local Privilege Escalation
Posted Jun 16, 2020
Authored by Marco Ortisi, redtimmysec, Giuseppe Cali | Site redtimmy.com

Red Timmy Sec has discovered that Pulse Secure Client for Windows suffers from a local privilege escalation vulnerability in the PulseSecureService.exe service.

tags | advisory, local
systems | windows
advisories | CVE-2020-13162
MD5 | 660c4ebfc56db61522849dc8876a9d7d
Apache Tomcat CVE-2020-9484 Proof Of Concept
Posted Jun 3, 2020
Authored by redtimmysec, masahiro331

Apache Tomcat is affected by a Java deserialization vulnerability if the PersistentManager is configured as session manager. Successful exploitation requires the attacker to be able to upload an arbitrary file to the server. This archive includes a write up and proof of concept code from multiple researchers.

tags | exploit, java, arbitrary, proof of concept
advisories | CVE-2020-9484
MD5 | a4290abd849a9bb4c118b840fc087ac9
MicroStrategy Intelligence Server And Web 10.4 XSS / Disclosure / SSRF / Code Execution
Posted Apr 2, 2020
Authored by redtimmysec | Site redtimmy.com

MicroStrategy Intelligence Server and Web version 10.4 suffers from remote code execution, cross site scripting, server-side request forgery, and information disclosure vulnerabilities.

tags | exploit, remote, web, vulnerability, code execution, xss, info disclosure
advisories | CVE-2020-11450, CVE-2020-11451, CVE-2020-11452, CVE-2020-11453, CVE-2020-11454
MD5 | d7196c7b2e9d5315f3c161ae1a25fb32
Oce Colorwave 500 CSRF / XSS / Authentication Bypass
Posted Mar 19, 2020
Authored by Marco Ortisi, redtimmysec, Giuseppe Cali

Oce Colorwave 500 printer suffers from authentication bypass, cross site request forgery, and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, bypass, csrf
advisories | CVE-2020-10667, CVE-2020-10668, CVE-2020-10669, CVE-2020-10670, CVE-2020-10671
MD5 | 51d2962185d7ad115ac770a057370202
Richsploit RichFaces Exploitation Toolkit
Posted Mar 9, 2020
Authored by redtimmysec

This tool can be used to exploit vulnerable versions of RichFaces. It has payloads for 4 vulnerabilities that have been identified, which can lead to remote code execution via java deserialization and EL injection.

tags | exploit, tool, java, remote, vulnerability, code execution
advisories | CVE-2013-2165, CVE-2015-0279, CVE-2018-14667
MD5 | dbe44bcd30e854ad24e9361d53b24ebb
Running Encrypted ELF Binaries In Memory
Posted Mar 4, 2020
Authored by Marco Ortisi, redtimmysec

Whitepaper called Blue Team vs. Red Team: How to run your encrypted binaries in memory and go undetected. This paper discusses the golden frieza project.

tags | paper
MD5 | 52ec6510fb7651a2bf2d2fba030f87b6
Golden Frieza
Posted Mar 3, 2020
Authored by redtimmysec

Imagine finding yourself in a "hostile" environment, one where you cannot run exploits, tools, and applications without worrying about prying eyes spying on you, be they a legitimate system administrator, a colleague sharing an access with you or a software solution that scans the machine you are logged in to for malicious files. Your binary should live in encrypted form in the filesystem so that no static analysis would be possible even if identified and copied somewhere else. It should be only decrypted on the fly in memory when executed, so preventing dynamic analysis too, unless the decryption key is known. To experiment with such an idea Red Timmy Sec have created the "golden frieza" project.

tags | tool
systems | unix
MD5 | 366f23cd679fa95715eb2ce109400d3f
SerialTweaker 1.1
Posted Feb 28, 2020
Authored by Stefan Broeder, redtimmysec

SerialTweaker is a tool that can be used to load a serialized object, change its contents, and reserialize it to a new serialized object with modified fields inside.

tags | tool
systems | unix
MD5 | d914f07f0f241842bdd179051467fe46
Web Application Firewall Bypass Via Bluecoat Device
Posted Feb 17, 2020
Authored by redtimmysec

Whitepaper called Web Application Firewall Bypass via Bluecoat Device.

tags | paper, web
MD5 | 8188e75fa2146b581bd080778464328c
EnumJavaLibs Java Classpath Enumerator
Posted Feb 14, 2020
Authored by redtimmysec | Site github.com

EnumJavaLibs is a tool that can be used to discover which libraries are loaded (i.e. available on the classpath) by a remote Java application when it supports deserialization.

tags | tool, java, remote, scanner
systems | unix
MD5 | c37f21f6e2c425db8730da6e925ee89a
OAMbuster Multi-Threaded CVE-2018-2879 Scanner
Posted Apr 17, 2019
Authored by redtimmysec | Site github.com

OAMbuster is a multi-threaded exploit for CVE-2018-2879.

tags | exploit
advisories | CVE-2018-2879
MD5 | a5480934f4725f4bb9ea858e71092e45
JMX RMI - Multiple Applications RCE
Posted Mar 26, 2019
Authored by redtimmysec

This whitepaper discusses highlights of findings related to remote code execution leveraging JMX/RMI.

tags | paper, remote, code execution
advisories | CVE-2018-11247, CVE-2018-8016, CVE-2019-7727
MD5 | 6ff134ecb65e85ce3c03348a2f8cc3e1
Page 1 of 1
Back1Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    3 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close