what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files from Joshua D. Abraham

Email addressjabra at ccs.neu.edu
First Active2005-12-03
Last Active2011-08-04
Sun/Oracle GlassFish Server Authenticated Code Execution
Posted Aug 4, 2011
Authored by Joshua D. Abraham, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module logs in to an GlassFish Server 3.1 (Open Source or Commercial) instance using a default credential, uploads, and executes commands via deploying a malicious WAR. On Glassfish 2.x, 3.0 and Sun Java System Application Server 9.x this module will try to bypass authentication instead by sending lowercase HTTP verbs.

tags | exploit, java, web
advisories | CVE-2011-0807
SHA-256 | 4035b3ff0884c803d4786b07e2e9bd10c14e0d67c4f6962ff8749b9e5761b58e
Axis2 Upload Exec (via REST)
Posted Dec 1, 2010
Authored by Joshua D. Abraham | Site metasploit.com

This Metasploit module logs in to an Axis2 Web Admin Module instance using a specific user/pass and uploads and executes commands via deploying a malicious web service by using REST.

tags | exploit, web
advisories | CVE-2010-0219
SHA-256 | 51902f7e6af771ea7983f5300fc1027caf680459a29103bb46b1f0994f2206fc
Axis2 / SAP BusinessObjects dswsbobje Upload Exec
Posted Nov 16, 2010
Authored by Joshua D. Abraham | Site metasploit.com

This Metasploit module logins to an Axis2 Web Admin Module instance using a specific user/pass and uploads and executes commands via deploying a malicious web service by using SOAP.

tags | exploit, web
advisories | CVE-2010-0219
SHA-256 | d25079aca4be2ff7c1b9c1e7d10524631a0690cd4f3947fe48034950306d88a5
Rapid7 Security Advisory 37
Posted Oct 15, 2010
Authored by H D Moore, Rapid7, Joshua D. Abraham, Will Vandevanter | Site rapid7.com

Rapid7 Security Advisory - The SAP BusinessObjects product contains a module (dswsbobje.war) which deploys Axis2 with an administrator account which is configured with a static password. As a result, anyone with access to the Axis2 port can gain full access to the machine via arbitrary remote code execution. This requires the attacker to upload a malicious web service and to restart the instance of Tomcat. This issue may apply to other products and vendors that embed the Axis2 component. The username is "admin" and the password is "axis2", this is also the default for standalone Axis2 installations.

tags | exploit, remote, web, arbitrary, code execution
advisories | CVE-2010-0219
SHA-256 | 226db62066f2c56c87818ee78e4d00164861cd9e8d34858c75dc772b294bbff8
Adobe Doc.media.newPlayer Use After Free Vulnerability
Posted Dec 31, 2009
Authored by H D Moore, Joshua D. Abraham, Pusscat, jduck | Site metasploit.com

This Metasploit module exploits a use after free vulnerability in Adobe Reader and Adobe Acrobat Professional versions up to and including 9.2.

tags | exploit
advisories | CVE-2009-4324
SHA-256 | db8a3aadb83130b870e5a70ed5ba3a3aafb3ba7ade242ba5744bcd8251b74f40
Adobe FlateDecode Stream Predictor 02 Integer Overflow
Posted Dec 31, 2009
Authored by Joshua D. Abraham, jduck | Site metasploit.com

This Metasploit module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2.

tags | exploit, overflow
advisories | CVE-2009-3459
SHA-256 | 328118791df64b5b6d6ab27dc8882d52301e5fc9ac482a046dc54015346ec0ee
pbnj-2.04.tar.gz
Posted Nov 17, 2006
Authored by Joshua D. Abraham | Site pbnj.sf.net

PBNJ is a suite of tools to monitor changes on a network over time. It does this by checking for changes on the target machine(s), which includes the details about the services running on them as well as the service state. PBNJ parses the data from a scan and stores it in a database. PBNJ uses Nmap to perform scans.

Changes: Small fixes, updates to man pages, and some enhancements.
tags | tool, scanner
systems | unix
SHA-256 | 3df88ea306bd47401766d69f32e5cd1fdc1f015e6a06c66a7fa7aba7dfd0f3b9
pbnj-2.02.tar.gz
Posted Aug 27, 2006
Authored by Joshua D. Abraham | Site pbnj.sf.net

PBNJ is a network tool that can be used to give an overview of a machine or multiple machines and includes the details about the services running on them. PBNJ is different from other tools because it is based on using a scan from nmap parsed to amap. PBNJ parses the data from a scan and outputs to a CSV format file for each ip address scanned.

Changes: Small fixes.
tags | tool, scanner
systems | unix
SHA-256 | 049a9f586b4707aff0a492cad8f02a71961bad6ad152a39c316a46a75b3594ba
pbnj-1.14.tar.gz
Posted May 22, 2006
Authored by Joshua D. Abraham | Site pbnj.sf.net

PBNJ is a network tool that can be used to give an overview of a machine or multiple machines and includes the details about the services running on them. PBNJ is different from other tools because it is based on using a scan from nmap parsed to amap. PBNJ parses the data from a scan and outputs to a CSV format file for each ip address scanned.

Changes: Fixed bug that crashed PBNJ after scanning a machine with no ports open, Fixed --nodiff banner bug, Added --delim option to allow custom delimination, various other enhancements.
tags | tool, scanner
systems | unix
SHA-256 | 5b9b16feef9c73ca2c84610cef13be1f63d81790e0ac6de5dfb1b8f395860710
pbnj-1.12.tar.gz
Posted Dec 28, 2005
Authored by Joshua D. Abraham | Site pbnj.sf.net

PBNJ is a network tool that can be used to give an overview of a machine or multiple machines and includes the details about the services running on them. PBNJ is different from other tools because it is based on using a scan from nmap parsed to amap. PBNJ parses the data from a scan and outputs to a CSV format file for each ip address scanned.

Changes: Fixed to work with nmap 3.95.
tags | tool, scanner
systems | unix
SHA-256 | 7dfa75fbdc954a4750794868a286fdaeb24b761326de9ab0329d2dafc49a9f1a
pbnj-1.10.tar.bz2
Posted Dec 3, 2005
Authored by Joshua D. Abraham | Site pbnj.sf.net

PBNJ is a network tool that can be used to give an overview of a machine or multiple machines and includes the details about the services running on them. PBNJ is different from other tools because it is based on using a scan from nmap parsed to amap. PBNJ parses the data from a scan and outputs to a CSV format file for each ip address scanned.

tags | tool, scanner
systems | unix
SHA-256 | d75cad2daadc7fb0d9557d8ab4ba0d92ff4bb341606471f81dd36e99e6420cc3
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close